1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)savemail.c 8.28 (Berkeley) 03/11/94";
11 #endif /* not lint */
12
13 # include "sendmail.h"
14 # include <pwd.h>
15
16 /*
17 ** SAVEMAIL -- Save mail on error
18 **
19 ** If mailing back errors, mail it back to the originator
20 ** together with an error message; otherwise, just put it in
21 ** dead.letter in the user's home directory (if he exists on
22 ** this machine).
23 **
24 ** Parameters:
25 ** e -- the envelope containing the message in error.
26 **
27 ** Returns:
28 ** none
29 **
30 ** Side Effects:
31 ** Saves the letter, by writing or mailing it back to the
32 ** sender, or by putting it in dead.letter in her home
33 ** directory.
34 */
35
36 /* defines for state machine */
37 # define ESM_REPORT 0 /* report to sender's terminal */
38 # define ESM_MAIL 1 /* mail back to sender */
39 # define ESM_QUIET 2 /* messages have already been returned */
40 # define ESM_DEADLETTER 3 /* save in ~/dead.letter */
41 # define ESM_POSTMASTER 4 /* return to postmaster */
42 # define ESM_USRTMP 5 /* save in /usr/tmp/dead.letter */
43 # define ESM_PANIC 6 /* leave the locked queue/transcript files */
44 # define ESM_DONE 7 /* the message is successfully delivered */
45
46 # ifndef _PATH_VARTMP
47 # define _PATH_VARTMP "/usr/tmp/"
48 # endif
49
50
51 savemail(e)
52 register ENVELOPE *e;
53 {
54 register struct passwd *pw;
55 register FILE *fp;
56 int state;
57 auto ADDRESS *q = NULL;
58 register char *p;
59 MCI mcibuf;
60 char buf[MAXLINE+1];
61 extern struct passwd *getpwnam();
62 extern char *ttypath();
63 typedef int (*fnptr)();
64 extern bool writable();
65
66 if (tTd(6, 1))
67 {
68 printf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n e_from=",
69 e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id,
70 ExitStat);
71 printaddr(&e->e_from, FALSE);
72 }
73
74 if (e->e_id == NULL)
75 {
76 /* can't return a message with no id */
77 return;
78 }
79
80 /*
81 ** In the unhappy event we don't know who to return the mail
82 ** to, make someone up.
83 */
84
85 if (e->e_from.q_paddr == NULL)
86 {
87 e->e_sender = "Postmaster";
88 if (parseaddr(e->e_sender, &e->e_from,
89 RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL)
90 {
91 syserr("553 Cannot parse Postmaster!");
92 ExitStat = EX_SOFTWARE;
93 finis();
94 }
95 }
96 e->e_to = NULL;
97
98 /*
99 ** Basic state machine.
100 **
101 ** This machine runs through the following states:
102 **
103 ** ESM_QUIET Errors have already been printed iff the
104 ** sender is local.
105 ** ESM_REPORT Report directly to the sender's terminal.
106 ** ESM_MAIL Mail response to the sender.
107 ** ESM_DEADLETTER Save response in ~/dead.letter.
108 ** ESM_POSTMASTER Mail response to the postmaster.
109 ** ESM_PANIC Save response anywhere possible.
110 */
111
112 /* determine starting state */
113 switch (e->e_errormode)
114 {
115 case EM_WRITE:
116 state = ESM_REPORT;
117 break;
118
119 case EM_BERKNET:
120 /* mail back, but return o.k. exit status */
121 ExitStat = EX_OK;
122
123 /* fall through.... */
124
125 case EM_MAIL:
126 state = ESM_MAIL;
127 break;
128
129 case EM_PRINT:
130 case '\0':
131 state = ESM_QUIET;
132 break;
133
134 case EM_QUIET:
135 /* no need to return anything at all */
136 return;
137
138 default:
139 syserr("554 savemail: bogus errormode x%x\n", e->e_errormode);
140 state = ESM_MAIL;
141 break;
142 }
143
144 /* if this is already an error response, send to postmaster */
145 if (bitset(EF_RESPONSE, e->e_flags))
146 {
147 if (e->e_parent != NULL &&
148 bitset(EF_RESPONSE, e->e_parent->e_flags))
149 {
150 /* got an error sending a response -- can it */
151 return;
152 }
153 state = ESM_POSTMASTER;
154 }
155
156 while (state != ESM_DONE)
157 {
158 if (tTd(6, 5))
159 printf(" state %d\n", state);
160
161 switch (state)
162 {
163 case ESM_QUIET:
164 if (e->e_from.q_mailer == LocalMailer)
165 state = ESM_DEADLETTER;
166 else
167 state = ESM_MAIL;
168 break;
169
170 case ESM_REPORT:
171
172 /*
173 ** If the user is still logged in on the same terminal,
174 ** then write the error messages back to hir (sic).
175 */
176
177 p = ttypath();
178 if (p == NULL || freopen(p, "w", stdout) == NULL)
179 {
180 state = ESM_MAIL;
181 break;
182 }
183
184 expand("\201n", buf, &buf[sizeof buf - 1], e);
185 printf("\r\nMessage from %s...\r\n", buf);
186 printf("Errors occurred while sending mail.\r\n");
187 if (e->e_xfp != NULL)
188 {
189 (void) fflush(e->e_xfp);
190 fp = fopen(queuename(e, 'x'), "r");
191 }
192 else
193 fp = NULL;
194 if (fp == NULL)
195 {
196 syserr("Cannot open %s", queuename(e, 'x'));
197 printf("Transcript of session is unavailable.\r\n");
198 }
199 else
200 {
201 printf("Transcript follows:\r\n");
202 while (fgets(buf, sizeof buf, fp) != NULL &&
203 !ferror(stdout))
204 fputs(buf, stdout);
205 (void) xfclose(fp, "savemail transcript", e->e_id);
206 }
207 printf("Original message will be saved in dead.letter.\r\n");
208 state = ESM_DEADLETTER;
209 break;
210
211 case ESM_MAIL:
212 /*
213 ** If mailing back, do it.
214 ** Throw away all further output. Don't alias,
215 ** since this could cause loops, e.g., if joe
216 ** mails to joe@x, and for some reason the network
217 ** for @x is down, then the response gets sent to
218 ** joe@x, which gives a response, etc. Also force
219 ** the mail to be delivered even if a version of
220 ** it has already been sent to the sender.
221 **
222 ** If this is a configuration or local software
223 ** error, send to the local postmaster as well,
224 ** since the originator can't do anything
225 ** about it anyway. Note that this is a full
226 ** copy of the message (intentionally) so that
227 ** the Postmaster can forward things along.
228 */
229
230 if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE)
231 {
232 (void) sendtolist("postmaster",
233 NULLADDR, &e->e_errorqueue, e);
234 }
235 if (strcmp(e->e_from.q_paddr, "<>") != 0)
236 {
237 (void) sendtolist(e->e_from.q_paddr,
238 NULLADDR, &e->e_errorqueue, e);
239 }
240
241 /*
242 ** Deliver a non-delivery report to the
243 ** Postmaster-designate (not necessarily
244 ** Postmaster). This does not include the
245 ** body of the message, for privacy reasons.
246 ** You really shouldn't need this.
247 */
248
249 e->e_flags |= EF_PM_NOTIFY;
250
251 /* check to see if there are any good addresses */
252 for (q = e->e_errorqueue; q != NULL; q = q->q_next)
253 if (!bitset(QBADADDR|QDONTSEND, q->q_flags))
254 break;
255 if (q == NULL)
256 {
257 /* this is an error-error */
258 state = ESM_POSTMASTER;
259 break;
260 }
261 if (returntosender(e->e_message, e->e_errorqueue,
262 (e->e_class >= 0), e) == 0)
263 {
264 state = ESM_DONE;
265 break;
266 }
267
268 /* didn't work -- return to postmaster */
269 state = ESM_POSTMASTER;
270 break;
271
272 case ESM_POSTMASTER:
273 /*
274 ** Similar to previous case, but to system postmaster.
275 */
276
277 q = NULL;
278 if (sendtolist("postmaster", NULL, &q, e) <= 0)
279 {
280 syserr("553 cannot parse postmaster!");
281 ExitStat = EX_SOFTWARE;
282 state = ESM_USRTMP;
283 break;
284 }
285 if (returntosender(e->e_message,
286 q, (e->e_class >= 0), e) == 0)
287 {
288 state = ESM_DONE;
289 break;
290 }
291
292 /* didn't work -- last resort */
293 state = ESM_USRTMP;
294 break;
295
296 case ESM_DEADLETTER:
297 /*
298 ** Save the message in dead.letter.
299 ** If we weren't mailing back, and the user is
300 ** local, we should save the message in
301 ** ~/dead.letter so that the poor person doesn't
302 ** have to type it over again -- and we all know
303 ** what poor typists UNIX users are.
304 */
305
306 p = NULL;
307 if (e->e_from.q_mailer == LocalMailer)
308 {
309 if (e->e_from.q_home != NULL)
310 p = e->e_from.q_home;
311 else if ((pw = getpwnam(e->e_from.q_user)) != NULL)
312 p = pw->pw_dir;
313 }
314 if (p == NULL)
315 {
316 /* no local directory */
317 state = ESM_MAIL;
318 break;
319 }
320 if (e->e_dfp != NULL)
321 {
322 bool oldverb = Verbose;
323
324 /* we have a home directory; open dead.letter */
325 define('z', p, e);
326 expand("\201z/dead.letter", buf, &buf[sizeof buf - 1], e);
327 Verbose = TRUE;
328 message("Saving message in %s", buf);
329 Verbose = oldverb;
330 e->e_to = buf;
331 q = NULL;
332 (void) sendtolist(buf, &e->e_from, &q, e);
333 if (q != NULL &&
334 !bitset(QBADADDR, q->q_flags) &&
335 deliver(e, q) == 0)
336 state = ESM_DONE;
337 else
338 state = ESM_MAIL;
339 }
340 else
341 {
342 /* no data file -- try mailing back */
343 state = ESM_MAIL;
344 }
345 break;
346
347 case ESM_USRTMP:
348 /*
349 ** Log the mail in /usr/tmp/dead.letter.
350 */
351
352 if (e->e_class < 0)
353 {
354 state = ESM_DONE;
355 break;
356 }
357
358 strcpy(buf, _PATH_VARTMP);
359 strcat(buf, "dead.letter");
360 if (!writable(buf, NULLADDR, SFF_NOSLINK))
361 {
362 state = ESM_PANIC;
363 break;
364 }
365 fp = dfopen(buf, O_WRONLY|O_CREAT|O_APPEND, FileMode);
366 if (fp == NULL)
367 {
368 state = ESM_PANIC;
369 break;
370 }
371
372 bzero(&mcibuf, sizeof mcibuf);
373 mcibuf.mci_out = fp;
374 mcibuf.mci_mailer = FileMailer;
375 if (bitnset(M_7BITS, FileMailer->m_flags))
376 mcibuf.mci_flags |= MCIF_7BIT;
377
378 putfromline(&mcibuf, e);
379 (*e->e_puthdr)(&mcibuf, e);
380 putline("\n", &mcibuf);
381 (*e->e_putbody)(&mcibuf, e, NULL);
382 putline("\n", &mcibuf);
383 (void) fflush(fp);
384 state = ferror(fp) ? ESM_PANIC : ESM_DONE;
385 (void) xfclose(fp, "savemail", "/usr/tmp/dead.letter");
386 break;
387
388 default:
389 syserr("554 savemail: unknown state %d", state);
390
391 /* fall through ... */
392
393 case ESM_PANIC:
394 /* leave the locked queue & transcript files around */
395 syserr("!554 savemail: cannot save rejected email anywhere");
396 }
397 }
398 }
399 �/*
400 ** RETURNTOSENDER -- return a message to the sender with an error.
401 **
402 ** Parameters:
403 ** msg -- the explanatory message.
404 ** returnq -- the queue of people to send the message to.
405 ** sendbody -- if TRUE, also send back the body of the
406 ** message; otherwise just send the header.
407 ** e -- the current envelope.
408 **
409 ** Returns:
410 ** zero -- if everything went ok.
411 ** else -- some error.
412 **
413 ** Side Effects:
414 ** Returns the current message to the sender via
415 ** mail.
416 */
417
418 static bool SendBody;
419
420 #define MAXRETURNS 6 /* max depth of returning messages */
421 #define ERRORFUDGE 100 /* nominal size of error message text */
422
423 returntosender(msg, returnq, sendbody, e)
424 char *msg;
425 ADDRESS *returnq;
426 bool sendbody;
427 register ENVELOPE *e;
428 {
429 char buf[MAXNAME];
430 extern putheader(), errbody();
431 register ENVELOPE *ee;
432 ENVELOPE *oldcur = CurEnv;
433 ENVELOPE errenvelope;
434 static int returndepth;
435 register ADDRESS *q;
436
437 if (returnq == NULL)
438 return (-1);
439
440 if (msg == NULL)
441 msg = "Unable to deliver mail";
442
443 if (tTd(6, 1))
444 {
445 printf("Return To Sender: msg=\"%s\", depth=%d, e=%x, returnq=",
446 msg, returndepth, e);
447 printaddr(returnq, TRUE);
448 }
449
450 if (++returndepth >= MAXRETURNS)
451 {
452 if (returndepth != MAXRETURNS)
453 syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr);
454 /* don't "unrecurse" and fake a clean exit */
455 /* returndepth--; */
456 return (0);
457 }
458
459 SendBody = sendbody;
460 define('g', e->e_from.q_paddr, e);
461 define('u', NULL, e);
462 ee = newenvelope(&errenvelope, e);
463 define('a', "\201b", ee);
464 define('r', "internal", ee);
465 define('s', "localhost", ee);
466 define('_', "localhost", ee);
467 ee->e_puthdr = putheader;
468 ee->e_putbody = errbody;
469 ee->e_flags |= EF_RESPONSE|EF_METOO;
470 if (!bitset(EF_OLDSTYLE, e->e_flags))
471 ee->e_flags &= ~EF_OLDSTYLE;
472 ee->e_sendqueue = returnq;
473 ee->e_msgsize = ERRORFUDGE;
474 if (!NoReturn)
475 ee->e_msgsize += e->e_msgsize;
476 initsys(ee);
477 for (q = returnq; q != NULL; q = q->q_next)
478 {
479 if (bitset(QBADADDR, q->q_flags))
480 continue;
481
482 if (!bitset(QDONTSEND, q->q_flags))
483 ee->e_nrcpts++;
484
485 if (!DontPruneRoutes && pruneroute(q->q_paddr))
486 parseaddr(q->q_paddr, q, RF_COPYPARSE, '\0', NULL, e);
487
488 if (q->q_alias == NULL)
489 addheader("To", q->q_paddr, ee);
490 }
491
492 # ifdef LOG
493 if (LogLevel > 5)
494 syslog(LOG_INFO, "%s: %s: return to sender: %s",
495 e->e_id, ee->e_id, msg);
496 # endif
497
498 (void) sprintf(buf, "Returned mail: %s", msg);
499 addheader("Subject", buf, ee);
500 if (SendMIMEErrors)
501 {
502 addheader("MIME-Version", "1.0", ee);
503 (void) sprintf(buf, "%s.%ld/%s",
504 ee->e_id, curtime(), MyHostName);
505 ee->e_msgboundary = newstr(buf);
506 (void) sprintf(buf, "multipart/mixed; boundary=\"%s\"",
507 ee->e_msgboundary);
508 addheader("Content-Type", buf, ee);
509 }
510
511 /* fake up an address header for the from person */
512 expand("\201n", buf, &buf[sizeof buf - 1], e);
513 if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL)
514 {
515 syserr("553 Can't parse myself!");
516 ExitStat = EX_SOFTWARE;
517 returndepth--;
518 return (-1);
519 }
520 ee->e_sender = ee->e_from.q_paddr;
521
522 /* push state into submessage */
523 CurEnv = ee;
524 define('f', "\201n", ee);
525 define('x', "Mail Delivery Subsystem", ee);
526 eatheader(ee, TRUE);
527
528 /* mark statistics */
529 markstats(ee, NULLADDR);
530
531 /* actually deliver the error message */
532 sendall(ee, SM_DEFAULT);
533
534 /* restore state */
535 dropenvelope(ee);
536 CurEnv = oldcur;
537 returndepth--;
538
539 /* should check for delivery errors here */
540 return (0);
541 }
542 �/*
543 ** ERRBODY -- output the body of an error message.
544 **
545 ** Typically this is a copy of the transcript plus a copy of the
546 ** original offending message.
547 **
548 ** Parameters:
549 ** mci -- the mailer connection information.
550 ** e -- the envelope we are working in.
551 **
552 ** Returns:
553 ** none
554 **
555 ** Side Effects:
556 ** Outputs the body of an error message.
557 */
558
559 errbody(mci, e)
560 register MCI *mci;
561 register ENVELOPE *e;
562 {
563 register FILE *xfile;
564 char *p;
565 register ADDRESS *q;
566 bool printheader;
567 char buf[MAXLINE];
568
569 if (e->e_parent == NULL)
570 {
571 syserr("errbody: null parent");
572 putline(" ----- Original message lost -----\n", mci);
573 return;
574 }
575
576 /*
577 ** Output MIME header.
578 */
579
580 if (e->e_msgboundary != NULL)
581 {
582 putline("This is a MIME-encapsulated message", mci);
583 putline("", mci);
584 (void) sprintf(buf, "--%s", e->e_msgboundary);
585 putline(buf, mci);
586 putline("", mci);
587 }
588
589 /*
590 ** Output introductory information.
591 */
592
593 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
594 if (bitset(QBADADDR, q->q_flags))
595 break;
596 if (q == NULL &&
597 !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
598 {
599 putline(" **********************************************",
600 mci);
601 putline(" ** THIS IS A WARNING MESSAGE ONLY **",
602 mci);
603 putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **",
604 mci);
605 putline(" **********************************************",
606 mci);
607 putline("", mci);
608 }
609 sprintf(buf, "The original message was received at %s",
610 arpadate(ctime(&e->e_parent->e_ctime)));
611 putline(buf, mci);
612 expand("from \201_", buf, &buf[sizeof buf - 1], e->e_parent);
613 putline(buf, mci);
614 putline("", mci);
615
616 /*
617 ** Output error message header (if specified and available).
618 */
619
620 if (ErrMsgFile != NULL)
621 {
622 if (*ErrMsgFile == '/')
623 {
624 xfile = fopen(ErrMsgFile, "r");
625 if (xfile != NULL)
626 {
627 while (fgets(buf, sizeof buf, xfile) != NULL)
628 {
629 expand(buf, buf, &buf[sizeof buf - 1], e);
630 putline(buf, mci);
631 }
632 (void) fclose(xfile);
633 putline("\n", mci);
634 }
635 }
636 else
637 {
638 expand(ErrMsgFile, buf, &buf[sizeof buf - 1], e);
639 putline(buf, mci);
640 putline("", mci);
641 }
642 }
643
644 /*
645 ** Output message introduction
646 */
647
648 printheader = TRUE;
649 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next)
650 {
651 if (bitset(QBADADDR|QREPORT, q->q_flags))
652 {
653 if (printheader)
654 {
655 putline(" ----- The following addresses had delivery problems -----",
656 mci);
657 printheader = FALSE;
658 }
659 strcpy(buf, q->q_paddr);
660 if (bitset(QBADADDR, q->q_flags))
661 strcat(buf, " (unrecoverable error)");
662 else
663 strcat(buf, " (transient failure)");
664 putline(buf, mci);
665 if (q->q_alias != NULL)
666 {
667 strcpy(buf, " (expanded from: ");
668 strcat(buf, q->q_alias->q_paddr);
669 strcat(buf, ")");
670 putline(buf, mci);
671 }
672 }
673 }
674 if (!printheader)
675 putline("\n", mci);
676
677 /*
678 ** Output transcript of errors
679 */
680
681 (void) fflush(stdout);
682 p = queuename(e->e_parent, 'x');
683 if ((xfile = fopen(p, "r")) == NULL)
684 {
685 syserr("Cannot open %s", p);
686 putline(" ----- Transcript of session is unavailable -----\n", mci);
687 }
688 else
689 {
690 putline(" ----- Transcript of session follows -----\n", mci);
691 if (e->e_xfp != NULL)
692 (void) fflush(e->e_xfp);
693 while (fgets(buf, sizeof buf, xfile) != NULL)
694 putline(buf, mci);
695 (void) xfclose(xfile, "errbody xscript", p);
696 }
697 errno = 0;
698
699 /*
700 ** Output text of original message
701 */
702
703 if (NoReturn)
704 SendBody = FALSE;
705 putline("", mci);
706 if (e->e_parent->e_df != NULL)
707 {
708 if (SendBody)
709 putline(" ----- Original message follows -----\n", mci);
710 else
711 putline(" ----- Message header follows -----\n", mci);
712 (void) fflush(mci->mci_out);
713
714 if (e->e_msgboundary != NULL)
715 {
716 putline("", mci);
717 (void) sprintf(buf, "--%s", e->e_msgboundary);
718 putline(buf, mci);
719 putline("Content-Type: message/rfc822", mci);
720 putline("", mci);
721 }
722 putheader(mci, e->e_parent);
723 putline("", mci);
724 if (SendBody)
725 putbody(mci, e->e_parent, e->e_msgboundary);
726 else
727 putline(" ----- Message body suppressed -----", mci);
728 }
729 else
730 {
731 putline(" ----- No message was collected -----\n", mci);
732 }
733
734 if (e->e_msgboundary != NULL)
735 {
736 putline("", mci);
737 (void) sprintf(buf, "--%s--", e->e_msgboundary);
738 putline(buf, mci);
739 }
740 putline("", mci);
741
742 /*
743 ** Cleanup and exit
744 */
745
746 if (errno != 0)
747 syserr("errbody: I/O error");
748 }
749 �/*
750 ** PRUNEROUTE -- prune an RFC-822 source route
751 **
752 ** Trims down a source route to the last internet-registered hop.
753 ** This is encouraged by RFC 1123 section 5.3.3.
754 **
755 ** Parameters:
756 ** addr -- the address
757 **
758 ** Returns:
759 ** TRUE -- address was modified
760 ** FALSE -- address could not be pruned
761 **
762 ** Side Effects:
763 ** modifies addr in-place
764 */
765
766 pruneroute(addr)
767 char *addr;
768 {
769 #if NAMED_BIND
770 char *start, *at, *comma;
771 char c;
772 int rcode;
773 char hostbuf[BUFSIZ];
774 char *mxhosts[MAXMXHOSTS + 1];
775
776 /* check to see if this is really a route-addr */
777 if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>')
778 return FALSE;
779 start = strchr(addr, ':');
780 at = strrchr(addr, '@');
781 if (start == NULL || at == NULL || at < start)
782 return FALSE;
783
784 /* slice off the angle brackets */
785 strcpy(hostbuf, at + 1);
786 hostbuf[strlen(hostbuf) - 1] = '\0';
787
788 while (start)
789 {
790 if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0)
791 {
792 strcpy(addr + 1, start + 1);
793 return TRUE;
794 }
795 c = *start;
796 *start = '\0';
797 comma = strrchr(addr, ',');
798 if (comma && comma[1] == '@')
799 strcpy(hostbuf, comma + 2);
800 else
801 comma = 0;
802 *start = c;
803 start = comma;
804 }
805 #endif
806 return FALSE;
807 }
808