1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * %sccs.include.redist.c% 7 */ 8 9 #ifndef lint 10 static char sccsid[] = "@(#)savemail.c 8.26 (Berkeley) 03/04/94"; 11 #endif /* not lint */ 12 13 # include "sendmail.h" 14 # include <pwd.h> 15 16 /* 17 ** SAVEMAIL -- Save mail on error 18 ** 19 ** If mailing back errors, mail it back to the originator 20 ** together with an error message; otherwise, just put it in 21 ** dead.letter in the user's home directory (if he exists on 22 ** this machine). 23 ** 24 ** Parameters: 25 ** e -- the envelope containing the message in error. 26 ** 27 ** Returns: 28 ** none 29 ** 30 ** Side Effects: 31 ** Saves the letter, by writing or mailing it back to the 32 ** sender, or by putting it in dead.letter in her home 33 ** directory. 34 */ 35 36 /* defines for state machine */ 37 # define ESM_REPORT 0 /* report to sender's terminal */ 38 # define ESM_MAIL 1 /* mail back to sender */ 39 # define ESM_QUIET 2 /* messages have already been returned */ 40 # define ESM_DEADLETTER 3 /* save in ~/dead.letter */ 41 # define ESM_POSTMASTER 4 /* return to postmaster */ 42 # define ESM_USRTMP 5 /* save in /usr/tmp/dead.letter */ 43 # define ESM_PANIC 6 /* leave the locked queue/transcript files */ 44 # define ESM_DONE 7 /* the message is successfully delivered */ 45 46 # ifndef _PATH_VARTMP 47 # define _PATH_VARTMP "/usr/tmp/" 48 # endif 49 50 51 savemail(e) 52 register ENVELOPE *e; 53 { 54 register struct passwd *pw; 55 register FILE *fp; 56 int state; 57 auto ADDRESS *q = NULL; 58 register char *p; 59 MCI mcibuf; 60 char buf[MAXLINE+1]; 61 extern struct passwd *getpwnam(); 62 extern char *ttypath(); 63 typedef int (*fnptr)(); 64 extern bool writable(); 65 66 if (tTd(6, 1)) 67 { 68 printf("\nsavemail, errormode = %c, id = %s\n e_from=", 69 e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id); 70 printaddr(&e->e_from, FALSE); 71 } 72 73 if (e->e_id == NULL) 74 { 75 /* can't return a message with no id */ 76 return; 77 } 78 79 /* 80 ** In the unhappy event we don't know who to return the mail 81 ** to, make someone up. 82 */ 83 84 if (e->e_from.q_paddr == NULL) 85 { 86 e->e_sender = "Postmaster"; 87 if (parseaddr(e->e_sender, &e->e_from, 88 RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL) 89 { 90 syserr("553 Cannot parse Postmaster!"); 91 ExitStat = EX_SOFTWARE; 92 finis(); 93 } 94 } 95 e->e_to = NULL; 96 97 /* 98 ** Basic state machine. 99 ** 100 ** This machine runs through the following states: 101 ** 102 ** ESM_QUIET Errors have already been printed iff the 103 ** sender is local. 104 ** ESM_REPORT Report directly to the sender's terminal. 105 ** ESM_MAIL Mail response to the sender. 106 ** ESM_DEADLETTER Save response in ~/dead.letter. 107 ** ESM_POSTMASTER Mail response to the postmaster. 108 ** ESM_PANIC Save response anywhere possible. 109 */ 110 111 /* determine starting state */ 112 switch (e->e_errormode) 113 { 114 case EM_WRITE: 115 state = ESM_REPORT; 116 break; 117 118 case EM_BERKNET: 119 /* mail back, but return o.k. exit status */ 120 ExitStat = EX_OK; 121 122 /* fall through.... */ 123 124 case EM_MAIL: 125 state = ESM_MAIL; 126 break; 127 128 case EM_PRINT: 129 case '\0': 130 state = ESM_QUIET; 131 break; 132 133 case EM_QUIET: 134 /* no need to return anything at all */ 135 return; 136 137 default: 138 syserr("554 savemail: bogus errormode x%x\n", e->e_errormode); 139 state = ESM_MAIL; 140 break; 141 } 142 143 /* if this is already an error response, send to postmaster */ 144 if (bitset(EF_RESPONSE, e->e_flags)) 145 { 146 if (e->e_parent != NULL && 147 bitset(EF_RESPONSE, e->e_parent->e_flags)) 148 { 149 /* got an error sending a response -- can it */ 150 return; 151 } 152 state = ESM_POSTMASTER; 153 } 154 155 while (state != ESM_DONE) 156 { 157 if (tTd(6, 5)) 158 printf(" state %d\n", state); 159 160 switch (state) 161 { 162 case ESM_QUIET: 163 if (e->e_from.q_mailer == LocalMailer) 164 state = ESM_DEADLETTER; 165 else 166 state = ESM_MAIL; 167 break; 168 169 case ESM_REPORT: 170 171 /* 172 ** If the user is still logged in on the same terminal, 173 ** then write the error messages back to hir (sic). 174 */ 175 176 p = ttypath(); 177 if (p == NULL || freopen(p, "w", stdout) == NULL) 178 { 179 state = ESM_MAIL; 180 break; 181 } 182 183 expand("\201n", buf, &buf[sizeof buf - 1], e); 184 printf("\r\nMessage from %s...\r\n", buf); 185 printf("Errors occurred while sending mail.\r\n"); 186 if (e->e_xfp != NULL) 187 { 188 (void) fflush(e->e_xfp); 189 fp = fopen(queuename(e, 'x'), "r"); 190 } 191 else 192 fp = NULL; 193 if (fp == NULL) 194 { 195 syserr("Cannot open %s", queuename(e, 'x')); 196 printf("Transcript of session is unavailable.\r\n"); 197 } 198 else 199 { 200 printf("Transcript follows:\r\n"); 201 while (fgets(buf, sizeof buf, fp) != NULL && 202 !ferror(stdout)) 203 fputs(buf, stdout); 204 (void) xfclose(fp, "savemail transcript", e->e_id); 205 } 206 printf("Original message will be saved in dead.letter.\r\n"); 207 state = ESM_DEADLETTER; 208 break; 209 210 case ESM_MAIL: 211 /* 212 ** If mailing back, do it. 213 ** Throw away all further output. Don't alias, 214 ** since this could cause loops, e.g., if joe 215 ** mails to joe@x, and for some reason the network 216 ** for @x is down, then the response gets sent to 217 ** joe@x, which gives a response, etc. Also force 218 ** the mail to be delivered even if a version of 219 ** it has already been sent to the sender. 220 ** 221 ** If this is a configuration or local software 222 ** error, send to the local postmaster as well, 223 ** since the originator can't do anything 224 ** about it anyway. Note that this is a full 225 ** copy of the message (intentionally) so that 226 ** the Postmaster can forward things along. 227 */ 228 229 if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE) 230 { 231 (void) sendtolist("postmaster", 232 NULLADDR, &e->e_errorqueue, e); 233 } 234 if (strcmp(e->e_from.q_paddr, "<>") != 0) 235 { 236 (void) sendtolist(e->e_from.q_paddr, 237 NULLADDR, &e->e_errorqueue, e); 238 } 239 240 /* 241 ** Deliver a non-delivery report to the 242 ** Postmaster-designate (not necessarily 243 ** Postmaster). This does not include the 244 ** body of the message, for privacy reasons. 245 ** You really shouldn't need this. 246 */ 247 248 e->e_flags |= EF_PM_NOTIFY; 249 250 /* check to see if there are any good addresses */ 251 for (q = e->e_errorqueue; q != NULL; q = q->q_next) 252 if (!bitset(QBADADDR|QDONTSEND, q->q_flags)) 253 break; 254 if (q == NULL) 255 { 256 /* this is an error-error */ 257 state = ESM_POSTMASTER; 258 break; 259 } 260 if (returntosender(e->e_message, e->e_errorqueue, 261 (e->e_class >= 0), e) == 0) 262 { 263 state = ESM_DONE; 264 break; 265 } 266 267 /* didn't work -- return to postmaster */ 268 state = ESM_POSTMASTER; 269 break; 270 271 case ESM_POSTMASTER: 272 /* 273 ** Similar to previous case, but to system postmaster. 274 */ 275 276 q = NULL; 277 if (sendtolist("postmaster", NULL, &q, e) <= 0) 278 { 279 syserr("553 cannot parse postmaster!"); 280 ExitStat = EX_SOFTWARE; 281 state = ESM_USRTMP; 282 break; 283 } 284 if (returntosender(e->e_message, 285 q, (e->e_class >= 0), e) == 0) 286 { 287 state = ESM_DONE; 288 break; 289 } 290 291 /* didn't work -- last resort */ 292 state = ESM_USRTMP; 293 break; 294 295 case ESM_DEADLETTER: 296 /* 297 ** Save the message in dead.letter. 298 ** If we weren't mailing back, and the user is 299 ** local, we should save the message in 300 ** ~/dead.letter so that the poor person doesn't 301 ** have to type it over again -- and we all know 302 ** what poor typists UNIX users are. 303 */ 304 305 p = NULL; 306 if (e->e_from.q_mailer == LocalMailer) 307 { 308 if (e->e_from.q_home != NULL) 309 p = e->e_from.q_home; 310 else if ((pw = getpwnam(e->e_from.q_user)) != NULL) 311 p = pw->pw_dir; 312 } 313 if (p == NULL) 314 { 315 /* no local directory */ 316 state = ESM_MAIL; 317 break; 318 } 319 if (e->e_dfp != NULL) 320 { 321 bool oldverb = Verbose; 322 323 /* we have a home directory; open dead.letter */ 324 define('z', p, e); 325 expand("\201z/dead.letter", buf, &buf[sizeof buf - 1], e); 326 Verbose = TRUE; 327 message("Saving message in %s", buf); 328 Verbose = oldverb; 329 e->e_to = buf; 330 q = NULL; 331 (void) sendtolist(buf, &e->e_from, &q, e); 332 if (q != NULL && 333 !bitset(QBADADDR, q->q_flags) && 334 deliver(e, q) == 0) 335 state = ESM_DONE; 336 else 337 state = ESM_MAIL; 338 } 339 else 340 { 341 /* no data file -- try mailing back */ 342 state = ESM_MAIL; 343 } 344 break; 345 346 case ESM_USRTMP: 347 /* 348 ** Log the mail in /usr/tmp/dead.letter. 349 */ 350 351 if (e->e_class < 0) 352 { 353 state = ESM_DONE; 354 break; 355 } 356 357 strcpy(buf, _PATH_VARTMP); 358 strcat(buf, "dead.letter"); 359 if (!writable(buf, NULLADDR, SFF_NOSLINK)) 360 { 361 state = ESM_PANIC; 362 break; 363 } 364 fp = dfopen(buf, O_WRONLY|O_CREAT|O_APPEND, FileMode); 365 if (fp == NULL) 366 { 367 state = ESM_PANIC; 368 break; 369 } 370 371 bzero(&mcibuf, sizeof mcibuf); 372 mcibuf.mci_out = fp; 373 mcibuf.mci_mailer = FileMailer; 374 if (bitnset(M_7BITS, FileMailer->m_flags)) 375 mcibuf.mci_flags |= MCIF_7BIT; 376 377 putfromline(&mcibuf, e); 378 (*e->e_puthdr)(&mcibuf, e); 379 putline("\n", &mcibuf); 380 (*e->e_putbody)(&mcibuf, e, NULL); 381 putline("\n", &mcibuf); 382 (void) fflush(fp); 383 state = ferror(fp) ? ESM_PANIC : ESM_DONE; 384 (void) xfclose(fp, "savemail", "/usr/tmp/dead.letter"); 385 break; 386 387 default: 388 syserr("554 savemail: unknown state %d", state); 389 390 /* fall through ... */ 391 392 case ESM_PANIC: 393 /* leave the locked queue & transcript files around */ 394 syserr("!554 savemail: cannot save rejected email anywhere"); 395 } 396 } 397 } 398 /* 399 ** RETURNTOSENDER -- return a message to the sender with an error. 400 ** 401 ** Parameters: 402 ** msg -- the explanatory message. 403 ** returnq -- the queue of people to send the message to. 404 ** sendbody -- if TRUE, also send back the body of the 405 ** message; otherwise just send the header. 406 ** e -- the current envelope. 407 ** 408 ** Returns: 409 ** zero -- if everything went ok. 410 ** else -- some error. 411 ** 412 ** Side Effects: 413 ** Returns the current message to the sender via 414 ** mail. 415 */ 416 417 static bool SendBody; 418 419 #define MAXRETURNS 6 /* max depth of returning messages */ 420 #define ERRORFUDGE 100 /* nominal size of error message text */ 421 422 returntosender(msg, returnq, sendbody, e) 423 char *msg; 424 ADDRESS *returnq; 425 bool sendbody; 426 register ENVELOPE *e; 427 { 428 char buf[MAXNAME]; 429 extern putheader(), errbody(); 430 register ENVELOPE *ee; 431 ENVELOPE *oldcur = CurEnv; 432 ENVELOPE errenvelope; 433 static int returndepth; 434 register ADDRESS *q; 435 436 if (returnq == NULL) 437 return (-1); 438 439 if (msg == NULL) 440 msg = "Unable to deliver mail"; 441 442 if (tTd(6, 1)) 443 { 444 printf("Return To Sender: msg=\"%s\", depth=%d, e=%x, returnq=", 445 msg, returndepth, e); 446 printaddr(returnq, TRUE); 447 } 448 449 if (++returndepth >= MAXRETURNS) 450 { 451 if (returndepth != MAXRETURNS) 452 syserr("554 returntosender: infinite recursion on %s", returnq->q_paddr); 453 /* don't "unrecurse" and fake a clean exit */ 454 /* returndepth--; */ 455 return (0); 456 } 457 458 SendBody = sendbody; 459 define('g', e->e_from.q_paddr, e); 460 define('u', NULL, e); 461 ee = newenvelope(&errenvelope, e); 462 define('a', "\201b", ee); 463 define('r', "internal", ee); 464 define('s', "localhost", ee); 465 define('_', "localhost", ee); 466 ee->e_puthdr = putheader; 467 ee->e_putbody = errbody; 468 ee->e_flags |= EF_RESPONSE|EF_METOO; 469 if (!bitset(EF_OLDSTYLE, e->e_flags)) 470 ee->e_flags &= ~EF_OLDSTYLE; 471 ee->e_sendqueue = returnq; 472 ee->e_msgsize = ERRORFUDGE; 473 if (!NoReturn) 474 ee->e_msgsize += e->e_msgsize; 475 initsys(ee); 476 for (q = returnq; q != NULL; q = q->q_next) 477 { 478 if (bitset(QBADADDR, q->q_flags)) 479 continue; 480 481 if (!bitset(QDONTSEND, q->q_flags)) 482 ee->e_nrcpts++; 483 484 if (!DontPruneRoutes && pruneroute(q->q_paddr)) 485 parseaddr(q->q_paddr, q, RF_COPYPARSE, '\0', NULL, e); 486 487 if (q->q_alias == NULL) 488 addheader("To", q->q_paddr, ee); 489 } 490 491 # ifdef LOG 492 if (LogLevel > 5) 493 syslog(LOG_INFO, "%s: %s: return to sender: %s", 494 e->e_id, ee->e_id, msg); 495 # endif 496 497 (void) sprintf(buf, "Returned mail: %s", msg); 498 addheader("Subject", buf, ee); 499 if (SendMIMEErrors) 500 { 501 addheader("MIME-Version", "1.0", ee); 502 (void) sprintf(buf, "%s.%ld/%s", 503 ee->e_id, curtime(), MyHostName); 504 ee->e_msgboundary = newstr(buf); 505 (void) sprintf(buf, "multipart/mixed; boundary=\"%s\"", 506 ee->e_msgboundary); 507 addheader("Content-Type", buf, ee); 508 } 509 510 /* fake up an address header for the from person */ 511 expand("\201n", buf, &buf[sizeof buf - 1], e); 512 if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL) 513 { 514 syserr("553 Can't parse myself!"); 515 ExitStat = EX_SOFTWARE; 516 returndepth--; 517 return (-1); 518 } 519 ee->e_sender = ee->e_from.q_paddr; 520 521 /* push state into submessage */ 522 CurEnv = ee; 523 define('f', "\201n", ee); 524 define('x', "Mail Delivery Subsystem", ee); 525 eatheader(ee, TRUE); 526 527 /* mark statistics */ 528 markstats(ee, NULLADDR); 529 530 /* actually deliver the error message */ 531 sendall(ee, SM_DEFAULT); 532 533 /* restore state */ 534 dropenvelope(ee); 535 CurEnv = oldcur; 536 returndepth--; 537 538 /* should check for delivery errors here */ 539 return (0); 540 } 541 /* 542 ** ERRBODY -- output the body of an error message. 543 ** 544 ** Typically this is a copy of the transcript plus a copy of the 545 ** original offending message. 546 ** 547 ** Parameters: 548 ** mci -- the mailer connection information. 549 ** e -- the envelope we are working in. 550 ** 551 ** Returns: 552 ** none 553 ** 554 ** Side Effects: 555 ** Outputs the body of an error message. 556 */ 557 558 errbody(mci, e) 559 register MCI *mci; 560 register ENVELOPE *e; 561 { 562 register FILE *xfile; 563 char *p; 564 register ADDRESS *q; 565 bool printheader; 566 char buf[MAXLINE]; 567 568 if (e->e_parent == NULL) 569 { 570 syserr("errbody: null parent"); 571 putline(" ----- Original message lost -----\n", mci); 572 return; 573 } 574 575 /* 576 ** Output MIME header. 577 */ 578 579 if (e->e_msgboundary != NULL) 580 { 581 putline("This is a MIME-encapsulated message", mci); 582 putline("", mci); 583 (void) sprintf(buf, "--%s", e->e_msgboundary); 584 putline(buf, mci); 585 putline("", mci); 586 } 587 588 /* 589 ** Output introductory information. 590 */ 591 592 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) 593 if (bitset(QBADADDR, q->q_flags)) 594 break; 595 if (q == NULL && 596 !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags)) 597 { 598 putline(" **********************************************", 599 mci); 600 putline(" ** THIS IS A WARNING MESSAGE ONLY **", 601 mci); 602 putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **", 603 mci); 604 putline(" **********************************************", 605 mci); 606 putline("", mci); 607 } 608 sprintf(buf, "The original message was received at %s", 609 arpadate(ctime(&e->e_parent->e_ctime))); 610 putline(buf, mci); 611 expand("from \201_", buf, &buf[sizeof buf - 1], e->e_parent); 612 putline(buf, mci); 613 putline("", mci); 614 615 /* 616 ** Output error message header (if specified and available). 617 */ 618 619 if (ErrMsgFile != NULL) 620 { 621 if (*ErrMsgFile == '/') 622 { 623 xfile = fopen(ErrMsgFile, "r"); 624 if (xfile != NULL) 625 { 626 while (fgets(buf, sizeof buf, xfile) != NULL) 627 { 628 expand(buf, buf, &buf[sizeof buf - 1], e); 629 putline(buf, mci); 630 } 631 (void) fclose(xfile); 632 putline("\n", mci); 633 } 634 } 635 else 636 { 637 expand(ErrMsgFile, buf, &buf[sizeof buf - 1], e); 638 putline(buf, mci); 639 putline("", mci); 640 } 641 } 642 643 /* 644 ** Output message introduction 645 */ 646 647 printheader = TRUE; 648 for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) 649 { 650 if (bitset(QBADADDR|QREPORT, q->q_flags)) 651 { 652 if (printheader) 653 { 654 putline(" ----- The following addresses had delivery problems -----", 655 mci); 656 printheader = FALSE; 657 } 658 strcpy(buf, q->q_paddr); 659 if (bitset(QBADADDR, q->q_flags)) 660 strcat(buf, " (unrecoverable error)"); 661 else 662 strcat(buf, " (transient failure)"); 663 putline(buf, mci); 664 if (q->q_alias != NULL) 665 { 666 strcpy(buf, " (expanded from: "); 667 strcat(buf, q->q_alias->q_paddr); 668 strcat(buf, ")"); 669 putline(buf, mci); 670 } 671 } 672 } 673 if (!printheader) 674 putline("\n", mci); 675 676 /* 677 ** Output transcript of errors 678 */ 679 680 (void) fflush(stdout); 681 p = queuename(e->e_parent, 'x'); 682 if ((xfile = fopen(p, "r")) == NULL) 683 { 684 syserr("Cannot open %s", p); 685 putline(" ----- Transcript of session is unavailable -----\n", mci); 686 } 687 else 688 { 689 putline(" ----- Transcript of session follows -----\n", mci); 690 if (e->e_xfp != NULL) 691 (void) fflush(e->e_xfp); 692 while (fgets(buf, sizeof buf, xfile) != NULL) 693 putline(buf, mci); 694 (void) xfclose(xfile, "errbody xscript", p); 695 } 696 errno = 0; 697 698 /* 699 ** Output text of original message 700 */ 701 702 if (NoReturn) 703 SendBody = FALSE; 704 putline("", mci); 705 if (e->e_parent->e_df != NULL) 706 { 707 if (SendBody) 708 putline(" ----- Original message follows -----\n", mci); 709 else 710 putline(" ----- Message header follows -----\n", mci); 711 (void) fflush(mci->mci_out); 712 713 if (e->e_msgboundary != NULL) 714 { 715 putline("", mci); 716 (void) sprintf(buf, "--%s", e->e_msgboundary); 717 putline(buf, mci); 718 putline("Content-Type: message/rfc822", mci); 719 putline("", mci); 720 } 721 putheader(mci, e->e_parent); 722 putline("", mci); 723 if (SendBody) 724 putbody(mci, e->e_parent, e->e_msgboundary); 725 else 726 putline(" ----- Message body suppressed -----", mci); 727 } 728 else 729 { 730 putline(" ----- No message was collected -----\n", mci); 731 } 732 733 if (e->e_msgboundary != NULL) 734 { 735 putline("", mci); 736 (void) sprintf(buf, "--%s--", e->e_msgboundary); 737 putline(buf, mci); 738 } 739 putline("", mci); 740 741 /* 742 ** Cleanup and exit 743 */ 744 745 if (errno != 0) 746 syserr("errbody: I/O error"); 747 } 748 /* 749 ** PRUNEROUTE -- prune an RFC-822 source route 750 ** 751 ** Trims down a source route to the last internet-registered hop. 752 ** This is encouraged by RFC 1123 section 5.3.3. 753 ** 754 ** Parameters: 755 ** addr -- the address 756 ** 757 ** Returns: 758 ** TRUE -- address was modified 759 ** FALSE -- address could not be pruned 760 ** 761 ** Side Effects: 762 ** modifies addr in-place 763 */ 764 765 pruneroute(addr) 766 char *addr; 767 { 768 #ifdef NAMED_BIND 769 char *start, *at, *comma; 770 char c; 771 int rcode; 772 char hostbuf[BUFSIZ]; 773 char *mxhosts[MAXMXHOSTS + 1]; 774 775 /* check to see if this is really a route-addr */ 776 if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>') 777 return FALSE; 778 start = strchr(addr, ':'); 779 at = strrchr(addr, '@'); 780 if (start == NULL || at == NULL || at < start) 781 return FALSE; 782 783 /* slice off the angle brackets */ 784 strcpy(hostbuf, at + 1); 785 hostbuf[strlen(hostbuf) - 1] = '\0'; 786 787 while (start) 788 { 789 if (getmxrr(hostbuf, mxhosts, FALSE, &rcode) > 0) 790 { 791 strcpy(addr + 1, start + 1); 792 return TRUE; 793 } 794 c = *start; 795 *start = '\0'; 796 comma = strrchr(addr, ','); 797 if (comma && comma[1] == '@') 798 strcpy(hostbuf, comma + 2); 799 else 800 comma = 0; 801 *start = c; 802 start = comma; 803 } 804 #endif 805 return FALSE; 806 } 807