1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)savemail.c 8.28 (Berkeley) 03/11/94"; 11 #endif /* not lint */ 12 13 # include "sendmail.h" 14 # include <pwd.h> 15 16 /* 17 ** SAVEMAIL -- Save mail on error 18 ** 19 ** If mailing back errors, mail it back to the originator 20 ** together with an error message; otherwise, just put it in 21 ** dead.letter in the user's home directory (if he exists on 22 ** this machine). 23 ** 24 ** Parameters: 25 ** e -- the envelope containing the message in error. 26 ** 27 ** Returns: 28 ** none 29 ** 30 ** Side Effects: 31 ** Saves the letter, by writing or mailing it back to the 32 ** sender, or by putting it in dead.letter in her home 33 ** directory. 34 */ 35 36 /* defines for state machine */ 37 # define ESM_REPORT 0 /* report to sender's terminal */ 38 # define ESM_MAIL 1 /* mail back to sender */ 39 # define ESM_QUIET 2 /* messages have already been returned */ 40 # define ESM_DEADLETTER 3 /* save in ~/dead.letter */ 41 # define ESM_POSTMASTER 4 /* return to postmaster */ 42 # define ESM_USRTMP 5 /* save in /usr/tmp/dead.letter */ 43 # define ESM_PANIC 6 /* leave the locked queue/transcript files */ 44 # define ESM_DONE 7 /* the message is successfully delivered */ 45 46 # ifndef _PATH_VARTMP 47 # define _PATH_VARTMP "/usr/tmp/" 48 # endif 49 50 51 savemail(e) 52 register ENVELOPE *e; 53 { 54 register struct passwd *pw; 55 register FILE *fp; 56 int state; 57 auto ADDRESS *q = NULL; 58 register char *p; 59 MCI mcibuf; 60 char buf[MAXLINE+1]; 61 extern struct passwd *getpwnam(); 62 extern char *ttypath(); 63 typedef int (*fnptr)(); 64 extern bool writable(); 65 66 if (tTd(6, 1)) 67 { 68 printf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n e_from=", 69 e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id, 70 ExitStat); 71 printaddr(&e->e_from, FALSE); 72 } 73 74 if (e->e_id == NULL) 75 { 76 /* can't return a message with no id */ 77 return; 78 } 79 80 /* 81 ** In the unhappy event we don't know who to return the mail 82 ** to, make someone up. 83 */ 84 85 if (e->e_from.q_paddr == NULL) 86 { 87 e->e_sender = "Postmaster"; 88 if (parseaddr(e->e_sender, &e->e_from, 89 RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL) 90 { 91 syserr("553 Cannot parse Postmaster!"); 92 ExitStat = EX_SOFTWARE; 93 finis(); 94 } 95 } 96 e->e_to = NULL; 97 98 /* 99 ** Basic state machine. 100 ** 101 ** This machine runs through the following states: 102 ** 103 ** ESM_QUIET Errors have already been printed iff the 104 ** sender is local. 105 ** ESM_REPORT Report directly to the sender's terminal. 106 ** ESM_MAIL Mail response to the sender. 107 ** ESM_DEADLETTER Save response in ~/dead.letter. 108 ** ESM_POSTMASTER Mail response to the postmaster. 109 ** ESM_PANIC Save response anywhere possible. 110 */ 111 112 /* determine starting state */ 113 switch (e->e_errormode) 114 { 115 case EM_WRITE: 116 state = ESM_REPORT; 117 break; 118 119 case EM_BERKNET: 120 /* mail back, but return o.k. exit status */ 121 ExitStat = EX_OK; 122 123 /* fall through.... */ 124 125 case EM_MAIL: 126 state = ESM_MAIL; 127 break; 128 129 case EM_PRINT: 130 case '\0': 131 state = ESM_QUIET; 132 break; 133 134 case EM_QUIET: 135 /* no need to return anything at all */ 136 return; 137 138 default: 139 syserr("554 savemail: bogus errormode x%x\n", e->e_errormode); 140 state = ESM_MAIL; 141 break; 142 } 143 144 /* if this is already an error response, send to postmaster */ 145 if (bitset(EF_RESPONSE, e->e_flags)) 146 { 147 if (e->e_parent != NULL && 148 bitset(EF_RESPONSE, e->e_parent->e_flags)) 149 { 150 /* got an error sending a response -- can it */ 151 return; 152 } 153 state = ESM_POSTMASTER; 154 } 155 156 while (state != ESM_DONE) 157 { 158 if (tTd(6, 5)) 159 printf(" state %d\n", state); 160 161 switch (state) 162 { 163 case ESM_QUIET: 164 if (e->e_from.q_mailer == LocalMailer) 165 state = ESM_DEADLETTER; 166 else 167 state = ESM_MAIL; 168 break; 169 170 case ESM_REPORT: 171 172 /* 173 ** If the user is still logged in on the same terminal, 174 ** then write the error messages back to hir (sic). 175 */ 176 177 p = ttypath(); 178 if (p == NULL || freopen(p, "w", stdout) == NULL) 179 { 180 state = ESM_MAIL; 181 break; 182 } 183 184 expand("\201n", buf, &buf[sizeof buf - 1], e); 185 printf("\r\nMessage from %s...\r\n", buf); 186 printf("Errors occurred while sending mail.\r\n"); 187 if (e->e_xfp != NULL) 188 { 189 (void) fflush(e->e_xfp); 190 fp = fopen(queuename(e, 'x'), "r"); 191 } 192 else 193 fp = NULL; 194 if (fp == NULL) 195 { 196 syserr("Cannot open %s", queuename(e, 'x')); 197 printf("Transcript of session is unavailable.\r\n"); 198 } 199 else 200 { 201 printf("Transcript follows:\r\n"); 202 while (fgets(buf, sizeof buf, fp) != NULL && 203 !ferror(stdout)) 204 fputs(buf, stdout); 205 (void) xfclose(fp, "savemail transcript", e->e_id); 206 } 207 printf("Original message will be saved in dead.letter.\r\n"); 208 state = ESM_DEADLETTER; 209 break; 210 211 case ESM_MAIL: 212 /* 213 ** If mailing back, do it. 214 ** Throw away all further output. Don't alias, 215 ** since this could cause loops, e.g., if joe 216 ** mails to joe@x, and for some reason the network 217 ** for @x is down, then the response gets sent to 218 ** joe@x, which gives a response, etc. Also force 219 ** the mail to be delivered even if a version of 220 ** it has already been sent to the sender. 221 ** 222 ** If this is a configuration or local software 223 ** error, send to the local postmaster as well, 224 ** since the originator can't do anything 225 ** about it anyway. Note that this is a full 226 ** copy of the message (intentionally) so that 227 ** the Postmaster can forward things along. 228 */ 229 230 if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE) 231 { 232 (void) sendtolist("postmaster", 233 NULLADDR, &e->e_errorqueue, e); 234 } 235 if (strcmp(e->e_from.q_paddr, "<>") != 0) 236 { 237 (void) sendtolist(e->e_from.q_paddr, 238 NULLADDR, &e->e_errorqueue, e); 239 } 240 241 /* 242 ** Deliver a non-delivery report to the 243 ** Postmaster-designate (not necessarily 244 ** Postmaster). This does not include the 245 ** body of the message, for privacy reasons. 246 ** You really shouldn't need this. 247 */ 248 249 e->e_flags |= EF_PM_NOTIFY; 250 251 /* check to see if there are any good addresses */ 252 for (q = e->e_errorqueue; q != NULL; q = q->q_next) 253 if (!bitset(QBADADDR|QDONTSEND, q->q_flags)) 254 break; 255 if (q == NULL) 256 { 257 /* this is an error-error */ 258 state = ESM_POSTMASTER; 259 break; 260 } 261 if (returntosender(e->e_message, e->e_errorqueue, 262 (e->e_class >= 0), e) == 0) 263 { 264 state = ESM_DONE; 265 break; 266 } 267 268 /* didn't work -- return to postmaster */ 269 state = ESM_POSTMASTER; 270 break; 271 272 case ESM_POSTMASTER: 273 /* 274 ** Similar to previous case, but to system postmaster. 275 */ 276 277 q = NULL; 278 if (sendtolist("postmaster", NULL, &q, e) <= 0) 279 { 280 syserr("553 cannot parse postmaster!"); 281 ExitStat = EX_SOFTWARE; 282 state = ESM_USRTMP; 283 break; 284 } 285 if (returntosender(e->e_message, 286 q, (e->e_class >= 0), e) == 0) 287 { 288 state = ESM_DONE; 289 break; 290 } 291 292 /* didn't work -- last resort */ 293 state = ESM_USRTMP; 294 break; 295 296 case ESM_DEADLETTER: 297 /* 298 ** Save the message in dead.letter. 299 ** If we weren't mailing back, and the user is 300 ** local, we should save the message in 301 ** ~/dead.letter so that the poor person doesn't 302 ** have to type it over again -- and we all know 303 ** what poor typists UNIX users are. 304 */ 305 306 p = NULL; 307 if (e->e_from.q_mailer == LocalMailer) 308 { 309 if (e->e_from.q_home != NULL) 310 p = e->e_from.q_home; 311 else if ((pw = getpwnam(e->e_from.q_user)) != NULL) 312 p = pw->pw_dir; 313 } 314 if (p == NULL) 315 { 316 /* no local directory */ 317 state = ESM_MAIL; 318 break; 319 } 320 if (e->e_dfp != NULL) 321 { 322 bool oldverb = Verbose; 323 324 /* we have a home directory; open dead.letter */ 325 define('z', p, e); 326 expand("\201z/dead.letter", buf, &buf[sizeof buf - 1], e); 327 Verbose = TRUE; 328 message("Saving message in %s", buf); 329 Verbose = oldverb; 330 e->e_to = buf; 331 q = NULL; 332 (void) sendtolist(buf, &e->e_from, &q, e); 333 if (q != NULL && 334 !bitset(QBADADDR, q->q_flags) && 335 deliver(e, q) == 0) 336 state = ESM_DONE; 337 else 338 state = ESM_MAIL; 339 } 340 else 341 { 342 /* no data file -- try mailing back */ 343 state = ESM_MAIL; 344 } 345 break; 346 347 case ESM_USRTMP: 348 /* 349 ** Log the mail in /usr/tmp/dead.letter. 350 */ 351 352 if (e->e_class < 0) 353 { 354 state = ESM_DONE; 355 break; 356 } 357 358 strcpy(buf, _PATH_VARTMP); 359 strcat(buf, "dead.letter"); 360 if (!writable(buf, NULLADDR, SFF_NOSLINK)) 361 { 362 state = ESM_PANIC; 363 break; 364 } 365 fp = dfopen(buf, O_WRONLY|O_CREAT|O_APPEND, FileMode); 366 if (fp == NULL) 367 { 368 state = ESM_PANIC; 369 break; 370 } 371 372 bzero(&mcibuf, sizeof mcibuf); 373 mcibuf.mci_out = fp; 374 mcibuf.mci_mailer = FileMailer; 375 if (bitnset(M_7BITS, FileMailer->m_flags)) 376 mcibuf.mci_flags |= MCIF_7BIT; 377 378 putfromline(&mcibuf, e); 379 (*e->e_puthdr)(&mcibuf, e); 380 putline("\n", &mcibuf); 381 (*e->e_putbody)(&mcibuf, e, NULL); 382 putline("\n", &mcibuf); 383 (void) fflush(fp); 384 state = ferror(fp) ? ESM_PANIC : ESM_DONE; 385 (void) xfclose(fp, "savemail", "/usr/tmp/dead.letter"); 386 break; 387 388 default: 389 syserr("554 savemail: unknown state %d", state); 390 391 /* fall through ... */ 392 393 case ESM_PANIC: 394 /* leave the locked queue & transcript files around */ 395 syserr("!554 savemail: cannot save rejected email anywhere"); 396 } 397 } 398 } 399 /* 400 ** RETURNTOSENDER -- return a message to the sender with an error. 401 ** 402 ** Parameters: 403 ** msg -- the explanatory message. 404 ** returnq -- the queue of people to send the message to. 405 ** sendbody -- if TRUE, also send back the body of the 406 ** message; otherwise just send the header. 407 ** e -- the current envelope. 408 ** 409 ** Returns: 410 ** zero -- if everything went ok. 411 ** else -- some error. 412 ** 413 ** Side Effects: 414 ** Returns the current message to the sender via 415 ** mail. 416 */ 417 418 static bool SendBody; 419 420 #define MAXRETURNS 6 /* max depth of returning messages */ 421 #define ERRORFUDGE 100 /* nominal size of error message text */ 422 423 returntosender(msg, returnq, sendbody, e) 424 char *msg; 425 ADDRESS *returnq; 426 bool sendbody; 427 register ENVELOPE *e; 428 { 429 char buf[MAXNAME]; 430 extern putheader(), errbody(); 431 register ENVELOPE *ee; 432 ENVELOPE *oldcur = CurEnv; 433 ENVELOPE errenvelope; 434 static int returndepth; 435 register ADDRESS *q; 436 437 if (returnq == NULL) 438 return (-1); 439 440 if (msg == NULL) 441 msg = "Unable to deliver mail"; 442 443 if (tTd(6, 1)) 444 { 445 printf("Return To Sender: msg=\"%s\", depth=%d, e=%x, returnq=", 446 msg, returndepth, e); 447 printaddr(returnq, TRUE); 448 } 449 450 if (++returndepth >= MAXRETURNS) 451 { 452 if (returndepth != MAXRETURNS) 453 syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr); 454 /* don't "unrecurse" and fake a clean exit */ 455 /* returndepth--; */ 456 return (0); 457 } 458 459 SendBody = sendbody; 460 define('g', e->e_from.q_paddr, e); 461 define('u', NULL, e); 462 ee = newenvelope(&errenvelope, e); 463 define('a', "\201b", ee); 464 define('r', "internal", ee); 465 define('s', "localhost", ee); 466 define('_', "localhost", ee); 467 ee->e_puthdr = putheader; 468 ee->e_putbody = errbody; 469 ee->e_flags |= EF_RESPONSE|EF_METOO; 470 if (!bitset(EF_OLDSTYLE, e->e_flags)) 471 ee->e_flags &= ~EF_OLDSTYLE; 472 ee->e_sendqueue = returnq; 473 ee->e_msgsize = ERRORFUDGE; 474 if (!NoReturn) 475 ee->e_msgsize += e->e_msgsize; 476 initsys(ee); 477 for (q = returnq; q != NULL; q = q->q_next) 478 { 479 if (bitset(QBADADDR, q->q_flags)) 480 continue; 481 482 if (!bitset(QDONTSEND, q->q_flags)) 483 ee->e_nrcpts++; 484 485 if (!DontPruneRoutes && pruneroute(q->q_paddr)) 486 parseaddr(q->q_paddr, q, RF_COPYPARSE, '\0', NULL, e); 487 488 if (q->q_alias == NULL) 489 addheader("To", q->q_paddr, ee); 490 } 491 492 # ifdef LOG 493 if (LogLevel > 5) 494 syslog(LOG_INFO, "%s: %s: return to sender: %s", 495 e->e_id, ee->e_id, msg); 496 # endif 497 498 (void) sprintf(buf, "Returned mail: %s", msg); 499 addheader("Subject", buf, ee); 500 if (SendMIMEErrors) 501 { 502 addheader("MIME-Version", "1.0", ee); 503 (void) sprintf(buf, "%s.%ld/%s", 504 ee->e_id, curtime(), MyHostName); 505 ee->e_msgboundary = newstr(buf); 506 (void) sprintf(buf, "multipart/mixed; boundary=\"%s\"", 507 ee->e_msgboundary); 508 addheader("Content-Type", buf, ee); 509 } 510 511 /* fake up an address header for the from person */ 512 expand("\201n", buf, &buf[sizeof buf - 1], e); 513 if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL) 514 { 515 syserr("553 Can't parse myself!"); 516 ExitStat = EX_SOFTWARE; 517 returndepth--; 518 return (-1); 519 } 520 ee->e_sender = ee->e_from.q_paddr; 521 522 /* push state into submessage */ 523 CurEnv = ee; 524 define('f', "\201n", ee); 525 define('x', "Mail Delivery Subsystem", ee); 526 eatheader(ee, TRUE); 527 528 /* mark statistics */ 529 markstats(ee, NULLADDR); 530 531 /* actually deliver the error message */ 532 sendall(ee, SM_DEFAULT); 533 534 /* restore state */ 535 dropenvelope(ee); 536 CurEnv = oldcur; 537 returndepth--; 538 539 /* should check for delivery errors here */ 540 return (0); 541 } 542 /* 543 ** ERRBODY -- output the body of an error message. 544 ** 545 ** Typically this is a copy of the transcript plus a copy of the 546 ** original offending message. 547 ** 548 ** Parameters: 549 ** mci -- the mailer connection information. 550 ** e -- the envelope we are working in. 551 ** 552 ** Returns: 553 ** none 554 ** 555 ** Side Effects: 556 ** Outputs the body of an error message. 557 */ 558 559 errbody(mci, e) 560 register MCI *mci; 561 register ENVELOPE *e; 562 { 563 register FILE *xfile; 564 char *p; 565 register ADDRESS *q; 566 bool printheader; 567 char buf[MAXLINE]; 568 569 if (e->e_parent == NULL) 570 { 571 syserr("errbody: null parent"); 572 putline(" ----- Original message lost -----\n", mci); 573 return; 574 } 575 576 /* 577 ** Output MIME header. 578 */ 579 580 if (e->e_msgboundary != NULL) 581 { 582 putline("This is a MIME-encapsulated message", mci); 583 putline("", mci); 584 (void) sprintf(buf, "--%s", e->e_msgboundary); 585 putline(buf, mci); 586 putline("", mci); 587 } 588 589 /* 590 ** Output introductory information. 591 */ 592 593 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) 594 if (bitset(QBADADDR, q->q_flags)) 595 break; 596 if (q == NULL && 597 !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags)) 598 { 599 putline(" **********************************************", 600 mci); 601 putline(" ** THIS IS A WARNING MESSAGE ONLY **", 602 mci); 603 putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **", 604 mci); 605 putline(" **********************************************", 606 mci); 607 putline("", mci); 608 } 609 sprintf(buf, "The original message was received at %s", 610 arpadate(ctime(&e->e_parent->e_ctime))); 611 putline(buf, mci); 612 expand("from \201_", buf, &buf[sizeof buf - 1], e->e_parent); 613 putline(buf, mci); 614 putline("", mci); 615 616 /* 617 ** Output error message header (if specified and available). 618 */ 619 620 if (ErrMsgFile != NULL) 621 { 622 if (*ErrMsgFile == '/') 623 { 624 xfile = fopen(ErrMsgFile, "r"); 625 if (xfile != NULL) 626 { 627 while (fgets(buf, sizeof buf, xfile) != NULL) 628 { 629 expand(buf, buf, &buf[sizeof buf - 1], e); 630 putline(buf, mci); 631 } 632 (void) fclose(xfile); 633 putline("\n", mci); 634 } 635 } 636 else 637 { 638 expand(ErrMsgFile, buf, &buf[sizeof buf - 1], e); 639 putline(buf, mci); 640 putline("", mci); 641 } 642 } 643 644 /* 645 ** Output message introduction 646 */ 647 648 printheader = TRUE; 649 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) 650 { 651 if (bitset(QBADADDR|QREPORT, q->q_flags)) 652 { 653 if (printheader) 654 { 655 putline(" ----- The following addresses had delivery problems -----", 656 mci); 657 printheader = FALSE; 658 } 659 strcpy(buf, q->q_paddr); 660 if (bitset(QBADADDR, q->q_flags)) 661 strcat(buf, " (unrecoverable error)"); 662 else 663 strcat(buf, " (transient failure)"); 664 putline(buf, mci); 665 if (q->q_alias != NULL) 666 { 667 strcpy(buf, " (expanded from: "); 668 strcat(buf, q->q_alias->q_paddr); 669 strcat(buf, ")"); 670 putline(buf, mci); 671 } 672 } 673 } 674 if (!printheader) 675 putline("\n", mci); 676 677 /* 678 ** Output transcript of errors 679 */ 680 681 (void) fflush(stdout); 682 p = queuename(e->e_parent, 'x'); 683 if ((xfile = fopen(p, "r")) == NULL) 684 { 685 syserr("Cannot open %s", p); 686 putline(" ----- Transcript of session is unavailable -----\n", mci); 687 } 688 else 689 { 690 putline(" ----- Transcript of session follows -----\n", mci); 691 if (e->e_xfp != NULL) 692 (void) fflush(e->e_xfp); 693 while (fgets(buf, sizeof buf, xfile) != NULL) 694 putline(buf, mci); 695 (void) xfclose(xfile, "errbody xscript", p); 696 } 697 errno = 0; 698 699 /* 700 ** Output text of original message 701 */ 702 703 if (NoReturn) 704 SendBody = FALSE; 705 putline("", mci); 706 if (e->e_parent->e_df != NULL) 707 { 708 if (SendBody) 709 putline(" ----- Original message follows -----\n", mci); 710 else 711 putline(" ----- Message header follows -----\n", mci); 712 (void) fflush(mci->mci_out); 713 714 if (e->e_msgboundary != NULL) 715 { 716 putline("", mci); 717 (void) sprintf(buf, "--%s", e->e_msgboundary); 718 putline(buf, mci); 719 putline("Content-Type: message/rfc822", mci); 720 putline("", mci); 721 } 722 putheader(mci, e->e_parent); 723 putline("", mci); 724 if (SendBody) 725 putbody(mci, e->e_parent, e->e_msgboundary); 726 else 727 putline(" ----- Message body suppressed -----", mci); 728 } 729 else 730 { 731 putline(" ----- No message was collected -----\n", mci); 732 } 733 734 if (e->e_msgboundary != NULL) 735 { 736 putline("", mci); 737 (void) sprintf(buf, "--%s--", e->e_msgboundary); 738 putline(buf, mci); 739 } 740 putline("", mci); 741 742 /* 743 ** Cleanup and exit 744 */ 745 746 if (errno != 0) 747 syserr("errbody: I/O error"); 748 } 749 /* 750 ** PRUNEROUTE -- prune an RFC-822 source route 751 ** 752 ** Trims down a source route to the last internet-registered hop. 753 ** This is encouraged by RFC 1123 section 5.3.3. 754 ** 755 ** Parameters: 756 ** addr -- the address 757 ** 758 ** Returns: 759 ** TRUE -- address was modified 760 ** FALSE -- address could not be pruned 761 ** 762 ** Side Effects: 763 ** modifies addr in-place 764 */ 765 766 pruneroute(addr) 767 char *addr; 768 { 769 #if NAMED_BIND 770 char *start, *at, *comma; 771 char c; 772 int rcode; 773 char hostbuf[BUFSIZ]; 774 char *mxhosts[MAXMXHOSTS + 1]; 775 776 /* check to see if this is really a route-addr */ 777 if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>') 778 return FALSE; 779 start = strchr(addr, ':'); 780 at = strrchr(addr, '@'); 781 if (start == NULL || at == NULL || at < start) 782 return FALSE; 783 784 /* slice off the angle brackets */ 785 strcpy(hostbuf, at + 1); 786 hostbuf[strlen(hostbuf) - 1] = '\0'; 787 788 while (start) 789 { 790 if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0) 791 { 792 strcpy(addr + 1, start + 1); 793 return TRUE; 794 } 795 c = *start; 796 *start = '\0'; 797 comma = strrchr(addr, ','); 798 if (comma && comma[1] == '@') 799 strcpy(hostbuf, comma + 2); 800 else 801 comma = 0; 802 *start = c; 803 start = comma; 804 } 805 #endif 806 return FALSE; 807 } 808