1 /*
2 * Copyright (c) 1998-2008 Sendmail, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #include <sendmail.h>
15 #include <sm/time.h>
16
17 SM_RCSID("@(#)$Id: deliver.c,v 8.1020 2009/12/18 17:08:01 ca Exp $")
18
19 #if HASSETUSERCONTEXT
20 # include <login_cap.h>
21 #endif /* HASSETUSERCONTEXT */
22
23 #if NETINET || NETINET6
24 # include <arpa/inet.h>
25 #endif /* NETINET || NETINET6 */
26
27 #if STARTTLS || SASL
28 # include "sfsasl.h"
29 #endif /* STARTTLS || SASL */
30
31 static int deliver __P((ENVELOPE *, ADDRESS *));
32 static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
33 static void mailfiletimeout __P((int));
34 static void endwaittimeout __P((int));
35 static int parse_hostsignature __P((char *, char **, MAILER *));
36 static void sendenvelope __P((ENVELOPE *, int));
37 static int coloncmp __P((const char *, const char *));
38
39 #if STARTTLS
40 static int starttls __P((MAILER *, MCI *, ENVELOPE *));
41 static int endtlsclt __P((MCI *));
42 #endif /* STARTTLS */
43 # if STARTTLS || SASL
44 static bool iscltflgset __P((ENVELOPE *, int));
45 # endif /* STARTTLS || SASL */
46
47 /*
48 ** SENDALL -- actually send all the messages.
49 **
50 ** Parameters:
51 ** e -- the envelope to send.
52 ** mode -- the delivery mode to use. If SM_DEFAULT, use
53 ** the current e->e_sendmode.
54 **
55 ** Returns:
56 ** none.
57 **
58 ** Side Effects:
59 ** Scans the send lists and sends everything it finds.
60 ** Delivers any appropriate error messages.
61 ** If we are running in a non-interactive mode, takes the
62 ** appropriate action.
63 */
64
65 void
sendall(e,mode)66 sendall(e, mode)
67 ENVELOPE *e;
68 int mode;
69 {
70 register ADDRESS *q;
71 char *owner;
72 int otherowners;
73 int save_errno;
74 register ENVELOPE *ee;
75 ENVELOPE *splitenv = NULL;
76 int oldverbose = Verbose;
77 bool somedeliveries = false, expensive = false;
78 pid_t pid;
79
80 /*
81 ** If this message is to be discarded, don't bother sending
82 ** the message at all.
83 */
84
85 if (bitset(EF_DISCARD, e->e_flags))
86 {
87 if (tTd(13, 1))
88 sm_dprintf("sendall: discarding id %s\n", e->e_id);
89 e->e_flags |= EF_CLRQUEUE;
90 if (LogLevel > 9)
91 logundelrcpts(e, "discarded", 9, true);
92 else if (LogLevel > 4)
93 sm_syslog(LOG_INFO, e->e_id, "discarded");
94 markstats(e, NULL, STATS_REJECT);
95 return;
96 }
97
98 /*
99 ** If we have had global, fatal errors, don't bother sending
100 ** the message at all if we are in SMTP mode. Local errors
101 ** (e.g., a single address failing) will still cause the other
102 ** addresses to be sent.
103 */
104
105 if (bitset(EF_FATALERRS, e->e_flags) &&
106 (OpMode == MD_SMTP || OpMode == MD_DAEMON))
107 {
108 e->e_flags |= EF_CLRQUEUE;
109 return;
110 }
111
112 /* determine actual delivery mode */
113 if (mode == SM_DEFAULT)
114 {
115 mode = e->e_sendmode;
116 if (mode != SM_VERIFY && mode != SM_DEFER &&
117 shouldqueue(e->e_msgpriority, e->e_ctime))
118 mode = SM_QUEUE;
119 }
120
121 if (tTd(13, 1))
122 {
123 sm_dprintf("\n===== SENDALL: mode %c, id %s, e_from ",
124 mode, e->e_id);
125 printaddr(sm_debug_file(), &e->e_from, false);
126 sm_dprintf("\te_flags = ");
127 printenvflags(e);
128 sm_dprintf("sendqueue:\n");
129 printaddr(sm_debug_file(), e->e_sendqueue, true);
130 }
131
132 /*
133 ** Do any preprocessing necessary for the mode we are running.
134 ** Check to make sure the hop count is reasonable.
135 ** Delete sends to the sender in mailing lists.
136 */
137
138 CurEnv = e;
139 if (tTd(62, 1))
140 checkfds(NULL);
141
142 if (e->e_hopcount > MaxHopCount)
143 {
144 char *recip;
145
146 if (e->e_sendqueue != NULL &&
147 e->e_sendqueue->q_paddr != NULL)
148 recip = e->e_sendqueue->q_paddr;
149 else
150 recip = "(nobody)";
151
152 errno = 0;
153 queueup(e, WILL_BE_QUEUED(mode), false);
154 e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE;
155 ExitStat = EX_UNAVAILABLE;
156 syserr("554 5.4.6 Too many hops %d (%d max): from %s via %s, to %s",
157 e->e_hopcount, MaxHopCount, e->e_from.q_paddr,
158 RealHostName == NULL ? "localhost" : RealHostName,
159 recip);
160 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
161 {
162 if (QS_IS_DEAD(q->q_state))
163 continue;
164 q->q_state = QS_BADADDR;
165 q->q_status = "5.4.6";
166 q->q_rstatus = "554 5.4.6 Too many hops";
167 }
168 return;
169 }
170
171 /*
172 ** Do sender deletion.
173 **
174 ** If the sender should be queued up, skip this.
175 ** This can happen if the name server is hosed when you
176 ** are trying to send mail. The result is that the sender
177 ** is instantiated in the queue as a recipient.
178 */
179
180 if (!bitset(EF_METOO, e->e_flags) &&
181 !QS_IS_QUEUEUP(e->e_from.q_state))
182 {
183 if (tTd(13, 5))
184 {
185 sm_dprintf("sendall: QS_SENDER ");
186 printaddr(sm_debug_file(), &e->e_from, false);
187 }
188 e->e_from.q_state = QS_SENDER;
189 (void) recipient(&e->e_from, &e->e_sendqueue, 0, e);
190 }
191
192 /*
193 ** Handle alias owners.
194 **
195 ** We scan up the q_alias chain looking for owners.
196 ** We discard owners that are the same as the return path.
197 */
198
199 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
200 {
201 register struct address *a;
202
203 for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias)
204 continue;
205 if (a != NULL)
206 q->q_owner = a->q_owner;
207
208 if (q->q_owner != NULL &&
209 !QS_IS_DEAD(q->q_state) &&
210 strcmp(q->q_owner, e->e_from.q_paddr) == 0)
211 q->q_owner = NULL;
212 }
213
214 if (tTd(13, 25))
215 {
216 sm_dprintf("\nAfter first owner pass, sendq =\n");
217 printaddr(sm_debug_file(), e->e_sendqueue, true);
218 }
219
220 owner = "";
221 otherowners = 1;
222 while (owner != NULL && otherowners > 0)
223 {
224 if (tTd(13, 28))
225 sm_dprintf("owner = \"%s\", otherowners = %d\n",
226 owner, otherowners);
227 owner = NULL;
228 otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0;
229
230 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
231 {
232 if (tTd(13, 30))
233 {
234 sm_dprintf("Checking ");
235 printaddr(sm_debug_file(), q, false);
236 }
237 if (QS_IS_DEAD(q->q_state))
238 {
239 if (tTd(13, 30))
240 sm_dprintf(" ... QS_IS_DEAD\n");
241 continue;
242 }
243 if (tTd(13, 29) && !tTd(13, 30))
244 {
245 sm_dprintf("Checking ");
246 printaddr(sm_debug_file(), q, false);
247 }
248
249 if (q->q_owner != NULL)
250 {
251 if (owner == NULL)
252 {
253 if (tTd(13, 40))
254 sm_dprintf(" ... First owner = \"%s\"\n",
255 q->q_owner);
256 owner = q->q_owner;
257 }
258 else if (owner != q->q_owner)
259 {
260 if (strcmp(owner, q->q_owner) == 0)
261 {
262 if (tTd(13, 40))
263 sm_dprintf(" ... Same owner = \"%s\"\n",
264 owner);
265
266 /* make future comparisons cheap */
267 q->q_owner = owner;
268 }
269 else
270 {
271 if (tTd(13, 40))
272 sm_dprintf(" ... Another owner \"%s\"\n",
273 q->q_owner);
274 otherowners++;
275 }
276 owner = q->q_owner;
277 }
278 else if (tTd(13, 40))
279 sm_dprintf(" ... Same owner = \"%s\"\n",
280 owner);
281 }
282 else
283 {
284 if (tTd(13, 40))
285 sm_dprintf(" ... Null owner\n");
286 otherowners++;
287 }
288
289 if (QS_IS_BADADDR(q->q_state))
290 {
291 if (tTd(13, 30))
292 sm_dprintf(" ... QS_IS_BADADDR\n");
293 continue;
294 }
295
296 if (QS_IS_QUEUEUP(q->q_state))
297 {
298 MAILER *m = q->q_mailer;
299
300 /*
301 ** If we have temporary address failures
302 ** (e.g., dns failure) and a fallback MX is
303 ** set, send directly to the fallback MX host.
304 */
305
306 if (FallbackMX != NULL &&
307 !wordinclass(FallbackMX, 'w') &&
308 mode != SM_VERIFY &&
309 !bitnset(M_NOMX, m->m_flags) &&
310 strcmp(m->m_mailer, "[IPC]") == 0 &&
311 m->m_argv[0] != NULL &&
312 strcmp(m->m_argv[0], "TCP") == 0)
313 {
314 int len;
315 char *p;
316
317 if (tTd(13, 30))
318 sm_dprintf(" ... FallbackMX\n");
319
320 len = strlen(FallbackMX) + 1;
321 p = sm_rpool_malloc_x(e->e_rpool, len);
322 (void) sm_strlcpy(p, FallbackMX, len);
323 q->q_state = QS_OK;
324 q->q_host = p;
325 }
326 else
327 {
328 if (tTd(13, 30))
329 sm_dprintf(" ... QS_IS_QUEUEUP\n");
330 continue;
331 }
332 }
333
334 /*
335 ** If this mailer is expensive, and if we don't
336 ** want to make connections now, just mark these
337 ** addresses and return. This is useful if we
338 ** want to batch connections to reduce load. This
339 ** will cause the messages to be queued up, and a
340 ** daemon will come along to send the messages later.
341 */
342
343 if (NoConnect && !Verbose &&
344 bitnset(M_EXPENSIVE, q->q_mailer->m_flags))
345 {
346 if (tTd(13, 30))
347 sm_dprintf(" ... expensive\n");
348 q->q_state = QS_QUEUEUP;
349 expensive = true;
350 }
351 else if (bitnset(M_HOLD, q->q_mailer->m_flags) &&
352 QueueLimitId == NULL &&
353 QueueLimitSender == NULL &&
354 QueueLimitRecipient == NULL)
355 {
356 if (tTd(13, 30))
357 sm_dprintf(" ... hold\n");
358 q->q_state = QS_QUEUEUP;
359 expensive = true;
360 }
361 else if (QueueMode != QM_QUARANTINE &&
362 e->e_quarmsg != NULL)
363 {
364 if (tTd(13, 30))
365 sm_dprintf(" ... quarantine: %s\n",
366 e->e_quarmsg);
367 q->q_state = QS_QUEUEUP;
368 expensive = true;
369 }
370 else
371 {
372 if (tTd(13, 30))
373 sm_dprintf(" ... deliverable\n");
374 somedeliveries = true;
375 }
376 }
377
378 if (owner != NULL && otherowners > 0)
379 {
380 /*
381 ** Split this envelope into two.
382 */
383
384 ee = (ENVELOPE *) sm_rpool_malloc_x(e->e_rpool,
385 sizeof(*ee));
386 STRUCTCOPY(*e, *ee);
387 ee->e_message = NULL;
388 ee->e_id = NULL;
389 assign_queueid(ee);
390
391 if (tTd(13, 1))
392 sm_dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n",
393 e->e_id, ee->e_id, owner,
394 otherowners);
395
396 ee->e_header = copyheader(e->e_header, ee->e_rpool);
397 ee->e_sendqueue = copyqueue(e->e_sendqueue,
398 ee->e_rpool);
399 ee->e_errorqueue = copyqueue(e->e_errorqueue,
400 ee->e_rpool);
401 ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM);
402 ee->e_flags |= EF_NORECEIPT;
403 setsender(owner, ee, NULL, '\0', true);
404 if (tTd(13, 5))
405 {
406 sm_dprintf("sendall(split): QS_SENDER ");
407 printaddr(sm_debug_file(), &ee->e_from, false);
408 }
409 ee->e_from.q_state = QS_SENDER;
410 ee->e_dfp = NULL;
411 ee->e_lockfp = NULL;
412 ee->e_xfp = NULL;
413 ee->e_qgrp = e->e_qgrp;
414 ee->e_qdir = e->e_qdir;
415 ee->e_errormode = EM_MAIL;
416 ee->e_sibling = splitenv;
417 ee->e_statmsg = NULL;
418 if (e->e_quarmsg != NULL)
419 ee->e_quarmsg = sm_rpool_strdup_x(ee->e_rpool,
420 e->e_quarmsg);
421 splitenv = ee;
422
423 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
424 {
425 if (q->q_owner == owner)
426 {
427 q->q_state = QS_CLONED;
428 if (tTd(13, 6))
429 sm_dprintf("\t... stripping %s from original envelope\n",
430 q->q_paddr);
431 }
432 }
433 for (q = ee->e_sendqueue; q != NULL; q = q->q_next)
434 {
435 if (q->q_owner != owner)
436 {
437 q->q_state = QS_CLONED;
438 if (tTd(13, 6))
439 sm_dprintf("\t... dropping %s from cloned envelope\n",
440 q->q_paddr);
441 }
442 else
443 {
444 /* clear DSN parameters */
445 q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS);
446 q->q_flags |= DefaultNotify & ~QPINGONSUCCESS;
447 if (tTd(13, 6))
448 sm_dprintf("\t... moving %s to cloned envelope\n",
449 q->q_paddr);
450 }
451 }
452
453 if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags))
454 dup_queue_file(e, ee, DATAFL_LETTER);
455
456 /*
457 ** Give the split envelope access to the parent
458 ** transcript file for errors obtained while
459 ** processing the recipients (done before the
460 ** envelope splitting).
461 */
462
463 if (e->e_xfp != NULL)
464 ee->e_xfp = sm_io_dup(e->e_xfp);
465
466 /* failed to dup e->e_xfp, start a new transcript */
467 if (ee->e_xfp == NULL)
468 openxscript(ee);
469
470 if (mode != SM_VERIFY && LogLevel > 4)
471 sm_syslog(LOG_INFO, e->e_id,
472 "%s: clone: owner=%s",
473 ee->e_id, owner);
474 }
475 }
476
477 if (owner != NULL)
478 {
479 setsender(owner, e, NULL, '\0', true);
480 if (tTd(13, 5))
481 {
482 sm_dprintf("sendall(owner): QS_SENDER ");
483 printaddr(sm_debug_file(), &e->e_from, false);
484 }
485 e->e_from.q_state = QS_SENDER;
486 e->e_errormode = EM_MAIL;
487 e->e_flags |= EF_NORECEIPT;
488 e->e_flags &= ~EF_FATALERRS;
489 }
490
491 /* if nothing to be delivered, just queue up everything */
492 if (!somedeliveries && !WILL_BE_QUEUED(mode) &&
493 mode != SM_VERIFY)
494 {
495 time_t now;
496
497 if (tTd(13, 29))
498 sm_dprintf("No deliveries: auto-queueing\n");
499 mode = SM_QUEUE;
500 now = curtime();
501
502 /* treat this as a delivery in terms of counting tries */
503 e->e_dtime = now;
504 if (!expensive)
505 e->e_ntries++;
506 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
507 {
508 ee->e_dtime = now;
509 if (!expensive)
510 ee->e_ntries++;
511 }
512 }
513
514 if ((WILL_BE_QUEUED(mode) || mode == SM_FORK ||
515 (mode != SM_VERIFY &&
516 (SuperSafe == SAFE_REALLY ||
517 SuperSafe == SAFE_REALLY_POSTMILTER))) &&
518 (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL))
519 {
520 bool msync;
521
522 /*
523 ** Be sure everything is instantiated in the queue.
524 ** Split envelopes first in case the machine crashes.
525 ** If the original were done first, we may lose
526 ** recipients.
527 */
528
529 #if !HASFLOCK
530 msync = false;
531 #else /* !HASFLOCK */
532 msync = mode == SM_FORK;
533 #endif /* !HASFLOCK */
534
535 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
536 queueup(ee, WILL_BE_QUEUED(mode), msync);
537 queueup(e, WILL_BE_QUEUED(mode), msync);
538 }
539
540 if (tTd(62, 10))
541 checkfds("after envelope splitting");
542
543 /*
544 ** If we belong in background, fork now.
545 */
546
547 if (tTd(13, 20))
548 {
549 sm_dprintf("sendall: final mode = %c\n", mode);
550 if (tTd(13, 21))
551 {
552 sm_dprintf("\n================ Final Send Queue(s) =====================\n");
553 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n",
554 e->e_id, e->e_from.q_paddr);
555 printaddr(sm_debug_file(), e->e_sendqueue, true);
556 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
557 {
558 sm_dprintf("\n *** Envelope %s, e_from=%s ***\n",
559 ee->e_id, ee->e_from.q_paddr);
560 printaddr(sm_debug_file(), ee->e_sendqueue, true);
561 }
562 sm_dprintf("==========================================================\n\n");
563 }
564 }
565 switch (mode)
566 {
567 case SM_VERIFY:
568 Verbose = 2;
569 break;
570
571 case SM_QUEUE:
572 case SM_DEFER:
573 #if HASFLOCK
574 queueonly:
575 #endif /* HASFLOCK */
576 if (e->e_nrcpts > 0)
577 e->e_flags |= EF_INQUEUE;
578 (void) dropenvelope(e, splitenv != NULL, true);
579 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
580 {
581 if (ee->e_nrcpts > 0)
582 ee->e_flags |= EF_INQUEUE;
583 (void) dropenvelope(ee, false, true);
584 }
585 return;
586
587 case SM_FORK:
588 if (e->e_xfp != NULL)
589 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
590
591 #if !HASFLOCK
592 /*
593 ** Since fcntl locking has the interesting semantic that
594 ** the lock is owned by a process, not by an open file
595 ** descriptor, we have to flush this to the queue, and
596 ** then restart from scratch in the child.
597 */
598
599 {
600 /* save id for future use */
601 char *qid = e->e_id;
602
603 /* now drop the envelope in the parent */
604 e->e_flags |= EF_INQUEUE;
605 (void) dropenvelope(e, splitenv != NULL, false);
606
607 /* arrange to reacquire lock after fork */
608 e->e_id = qid;
609 }
610
611 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
612 {
613 /* save id for future use */
614 char *qid = ee->e_id;
615
616 /* drop envelope in parent */
617 ee->e_flags |= EF_INQUEUE;
618 (void) dropenvelope(ee, false, false);
619
620 /* and save qid for reacquisition */
621 ee->e_id = qid;
622 }
623
624 #endif /* !HASFLOCK */
625
626 /*
627 ** Since the delivery may happen in a child and the parent
628 ** does not wait, the parent may close the maps thereby
629 ** removing any shared memory used by the map. Therefore,
630 ** close the maps now so the child will dynamically open
631 ** them if necessary.
632 */
633
634 closemaps(false);
635
636 pid = fork();
637 if (pid < 0)
638 {
639 syserr("deliver: fork 1");
640 #if HASFLOCK
641 goto queueonly;
642 #else /* HASFLOCK */
643 e->e_id = NULL;
644 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
645 ee->e_id = NULL;
646 return;
647 #endif /* HASFLOCK */
648 }
649 else if (pid > 0)
650 {
651 #if HASFLOCK
652 /* be sure we leave the temp files to our child */
653 /* close any random open files in the envelope */
654 closexscript(e);
655 if (e->e_dfp != NULL)
656 (void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
657 e->e_dfp = NULL;
658 e->e_flags &= ~EF_HAS_DF;
659
660 /* can't call unlockqueue to avoid unlink of xfp */
661 if (e->e_lockfp != NULL)
662 (void) sm_io_close(e->e_lockfp, SM_TIME_DEFAULT);
663 else
664 syserr("%s: sendall: null lockfp", e->e_id);
665 e->e_lockfp = NULL;
666 #endif /* HASFLOCK */
667
668 /* make sure the parent doesn't own the envelope */
669 e->e_id = NULL;
670
671 #if USE_DOUBLE_FORK
672 /* catch intermediate zombie */
673 (void) waitfor(pid);
674 #endif /* USE_DOUBLE_FORK */
675 return;
676 }
677
678 /* Reset global flags */
679 RestartRequest = NULL;
680 RestartWorkGroup = false;
681 ShutdownRequest = NULL;
682 PendingSignal = 0;
683
684 /*
685 ** Initialize exception stack and default exception
686 ** handler for child process.
687 */
688
689 sm_exc_newthread(fatal_error);
690
691 /*
692 ** Since we have accepted responsbility for the message,
693 ** change the SIGTERM handler. intsig() (the old handler)
694 ** would remove the envelope if this was a command line
695 ** message submission.
696 */
697
698 (void) sm_signal(SIGTERM, SIG_DFL);
699
700 #if USE_DOUBLE_FORK
701 /* double fork to avoid zombies */
702 pid = fork();
703 if (pid > 0)
704 exit(EX_OK);
705 save_errno = errno;
706 #endif /* USE_DOUBLE_FORK */
707
708 CurrentPid = getpid();
709
710 /* be sure we are immune from the terminal */
711 disconnect(2, e);
712 clearstats();
713
714 /* prevent parent from waiting if there was an error */
715 if (pid < 0)
716 {
717 errno = save_errno;
718 syserr("deliver: fork 2");
719 #if HASFLOCK
720 e->e_flags |= EF_INQUEUE;
721 #else /* HASFLOCK */
722 e->e_id = NULL;
723 #endif /* HASFLOCK */
724 finis(true, true, ExitStat);
725 }
726
727 /* be sure to give error messages in child */
728 QuickAbort = false;
729
730 /*
731 ** Close any cached connections.
732 **
733 ** We don't send the QUIT protocol because the parent
734 ** still knows about the connection.
735 **
736 ** This should only happen when delivering an error
737 ** message.
738 */
739
740 mci_flush(false, NULL);
741
742 #if HASFLOCK
743 break;
744 #else /* HASFLOCK */
745
746 /*
747 ** Now reacquire and run the various queue files.
748 */
749
750 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
751 {
752 ENVELOPE *sibling = ee->e_sibling;
753
754 (void) dowork(ee->e_qgrp, ee->e_qdir, ee->e_id,
755 false, false, ee);
756 ee->e_sibling = sibling;
757 }
758 (void) dowork(e->e_qgrp, e->e_qdir, e->e_id,
759 false, false, e);
760 finis(true, true, ExitStat);
761 #endif /* HASFLOCK */
762 }
763
764 sendenvelope(e, mode);
765 (void) dropenvelope(e, true, true);
766 for (ee = splitenv; ee != NULL; ee = ee->e_sibling)
767 {
768 CurEnv = ee;
769 if (mode != SM_VERIFY)
770 openxscript(ee);
771 sendenvelope(ee, mode);
772 (void) dropenvelope(ee, true, true);
773 }
774 CurEnv = e;
775
776 Verbose = oldverbose;
777 if (mode == SM_FORK)
778 finis(true, true, ExitStat);
779 }
780
781 static void
sendenvelope(e,mode)782 sendenvelope(e, mode)
783 register ENVELOPE *e;
784 int mode;
785 {
786 register ADDRESS *q;
787 bool didany;
788
789 if (tTd(13, 10))
790 sm_dprintf("sendenvelope(%s) e_flags=0x%lx\n",
791 e->e_id == NULL ? "[NOQUEUE]" : e->e_id,
792 e->e_flags);
793 if (LogLevel > 80)
794 sm_syslog(LOG_DEBUG, e->e_id,
795 "sendenvelope, flags=0x%lx",
796 e->e_flags);
797
798 /*
799 ** If we have had global, fatal errors, don't bother sending
800 ** the message at all if we are in SMTP mode. Local errors
801 ** (e.g., a single address failing) will still cause the other
802 ** addresses to be sent.
803 */
804
805 if (bitset(EF_FATALERRS, e->e_flags) &&
806 (OpMode == MD_SMTP || OpMode == MD_DAEMON))
807 {
808 e->e_flags |= EF_CLRQUEUE;
809 return;
810 }
811
812 /*
813 ** Don't attempt deliveries if we want to bounce now
814 ** or if deliver-by time is exceeded.
815 */
816
817 if (!bitset(EF_RESPONSE, e->e_flags) &&
818 (TimeOuts.to_q_return[e->e_timeoutclass] == NOW ||
819 (IS_DLVR_RETURN(e) && e->e_deliver_by > 0 &&
820 curtime() > e->e_ctime + e->e_deliver_by)))
821 return;
822
823 /*
824 ** Run through the list and send everything.
825 **
826 ** Set EF_GLOBALERRS so that error messages during delivery
827 ** result in returned mail.
828 */
829
830 e->e_nsent = 0;
831 e->e_flags |= EF_GLOBALERRS;
832
833 macdefine(&e->e_macro, A_PERM, macid("{envid}"), e->e_envid);
834 macdefine(&e->e_macro, A_PERM, macid("{bodytype}"), e->e_bodytype);
835 didany = false;
836
837 if (!bitset(EF_SPLIT, e->e_flags))
838 {
839 ENVELOPE *oldsib;
840 ENVELOPE *ee;
841
842 /*
843 ** Save old sibling and set it to NULL to avoid
844 ** queueing up the same envelopes again.
845 ** This requires that envelopes in that list have
846 ** been take care of before (or at some other place).
847 */
848
849 oldsib = e->e_sibling;
850 e->e_sibling = NULL;
851 if (!split_by_recipient(e) &&
852 bitset(EF_FATALERRS, e->e_flags))
853 {
854 if (OpMode == MD_SMTP || OpMode == MD_DAEMON)
855 e->e_flags |= EF_CLRQUEUE;
856 return;
857 }
858 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
859 queueup(ee, false, true);
860
861 /* clean up */
862 for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
863 {
864 /* now unlock the job */
865 closexscript(ee);
866 unlockqueue(ee);
867
868 /* this envelope is marked unused */
869 if (ee->e_dfp != NULL)
870 {
871 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
872 ee->e_dfp = NULL;
873 }
874 ee->e_id = NULL;
875 ee->e_flags &= ~EF_HAS_DF;
876 }
877 e->e_sibling = oldsib;
878 }
879
880 /* now run through the queue */
881 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
882 {
883 #if XDEBUG
884 char wbuf[MAXNAME + 20];
885
886 (void) sm_snprintf(wbuf, sizeof(wbuf), "sendall(%.*s)",
887 MAXNAME, q->q_paddr);
888 checkfd012(wbuf);
889 #endif /* XDEBUG */
890 if (mode == SM_VERIFY)
891 {
892 e->e_to = q->q_paddr;
893 if (QS_IS_SENDABLE(q->q_state))
894 {
895 if (q->q_host != NULL && q->q_host[0] != '\0')
896 message("deliverable: mailer %s, host %s, user %s",
897 q->q_mailer->m_name,
898 q->q_host,
899 q->q_user);
900 else
901 message("deliverable: mailer %s, user %s",
902 q->q_mailer->m_name,
903 q->q_user);
904 }
905 }
906 else if (QS_IS_OK(q->q_state))
907 {
908 /*
909 ** Checkpoint the send list every few addresses
910 */
911
912 if (CheckpointInterval > 0 &&
913 e->e_nsent >= CheckpointInterval)
914 {
915 queueup(e, false, false);
916 e->e_nsent = 0;
917 }
918 (void) deliver(e, q);
919 didany = true;
920 }
921 }
922 if (didany)
923 {
924 e->e_dtime = curtime();
925 e->e_ntries++;
926 }
927
928 #if XDEBUG
929 checkfd012("end of sendenvelope");
930 #endif /* XDEBUG */
931 }
932
933 #if REQUIRES_DIR_FSYNC
934 /*
935 ** SYNC_DIR -- fsync a directory based on a filename
936 **
937 ** Parameters:
938 ** filename -- path of file
939 ** panic -- panic?
940 **
941 ** Returns:
942 ** none
943 */
944
945 void
sync_dir(filename,panic)946 sync_dir(filename, panic)
947 char *filename;
948 bool panic;
949 {
950 int dirfd;
951 char *dirp;
952 char dir[MAXPATHLEN];
953
954 if (!RequiresDirfsync)
955 return;
956
957 /* filesystems which require the directory be synced */
958 dirp = strrchr(filename, '/');
959 if (dirp != NULL)
960 {
961 if (sm_strlcpy(dir, filename, sizeof(dir)) >= sizeof(dir))
962 return;
963 dir[dirp - filename] = '\0';
964 dirp = dir;
965 }
966 else
967 dirp = ".";
968 dirfd = open(dirp, O_RDONLY, 0700);
969 if (tTd(40,32))
970 sm_syslog(LOG_INFO, NOQID, "sync_dir: %s: fsync(%d)",
971 dirp, dirfd);
972 if (dirfd >= 0)
973 {
974 if (fsync(dirfd) < 0)
975 {
976 if (panic)
977 syserr("!sync_dir: cannot fsync directory %s",
978 dirp);
979 else if (LogLevel > 1)
980 sm_syslog(LOG_ERR, NOQID,
981 "sync_dir: cannot fsync directory %s: %s",
982 dirp, sm_errstring(errno));
983 }
984 (void) close(dirfd);
985 }
986 }
987 #endif /* REQUIRES_DIR_FSYNC */
988 /*
989 ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue
990 **
991 ** Parameters:
992 ** e -- the existing envelope
993 ** ee -- the new envelope
994 ** type -- the queue file type (e.g., DATAFL_LETTER)
995 **
996 ** Returns:
997 ** none
998 */
999
1000 static void
dup_queue_file(e,ee,type)1001 dup_queue_file(e, ee, type)
1002 ENVELOPE *e, *ee;
1003 int type;
1004 {
1005 char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN];
1006
1007 ee->e_dfp = NULL;
1008 ee->e_xfp = NULL;
1009
1010 /*
1011 ** Make sure both are in the same directory.
1012 */
1013
1014 (void) sm_strlcpy(f1buf, queuename(e, type), sizeof(f1buf));
1015 (void) sm_strlcpy(f2buf, queuename(ee, type), sizeof(f2buf));
1016
1017 /* Force the df to disk if it's not there yet */
1018 if (type == DATAFL_LETTER && e->e_dfp != NULL &&
1019 sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
1020 errno != EINVAL)
1021 {
1022 syserr("!dup_queue_file: can't commit %s", f1buf);
1023 /* NOTREACHED */
1024 }
1025
1026 if (link(f1buf, f2buf) < 0)
1027 {
1028 int save_errno = errno;
1029
1030 syserr("sendall: link(%s, %s)", f1buf, f2buf);
1031 if (save_errno == EEXIST)
1032 {
1033 if (unlink(f2buf) < 0)
1034 {
1035 syserr("!sendall: unlink(%s): permanent",
1036 f2buf);
1037 /* NOTREACHED */
1038 }
1039 if (link(f1buf, f2buf) < 0)
1040 {
1041 syserr("!sendall: link(%s, %s): permanent",
1042 f1buf, f2buf);
1043 /* NOTREACHED */
1044 }
1045 }
1046 }
1047 SYNC_DIR(f2buf, true);
1048 }
1049 /*
1050 ** DOFORK -- do a fork, retrying a couple of times on failure.
1051 **
1052 ** This MUST be a macro, since after a vfork we are running
1053 ** two processes on the same stack!!!
1054 **
1055 ** Parameters:
1056 ** none.
1057 **
1058 ** Returns:
1059 ** From a macro??? You've got to be kidding!
1060 **
1061 ** Side Effects:
1062 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
1063 ** pid of child in parent, zero in child.
1064 ** -1 on unrecoverable error.
1065 **
1066 ** Notes:
1067 ** I'm awfully sorry this looks so awful. That's
1068 ** vfork for you.....
1069 */
1070
1071 #define NFORKTRIES 5
1072
1073 #ifndef FORK
1074 # define FORK fork
1075 #endif /* ! FORK */
1076
1077 #define DOFORK(fORKfN) \
1078 {\
1079 register int i;\
1080 \
1081 for (i = NFORKTRIES; --i >= 0; )\
1082 {\
1083 pid = fORKfN();\
1084 if (pid >= 0)\
1085 break;\
1086 if (i > 0)\
1087 (void) sleep((unsigned) NFORKTRIES - i);\
1088 }\
1089 }
1090 /*
1091 ** DOFORK -- simple fork interface to DOFORK.
1092 **
1093 ** Parameters:
1094 ** none.
1095 **
1096 ** Returns:
1097 ** pid of child in parent.
1098 ** zero in child.
1099 ** -1 on error.
1100 **
1101 ** Side Effects:
1102 ** returns twice, once in parent and once in child.
1103 */
1104
1105 pid_t
dofork()1106 dofork()
1107 {
1108 register pid_t pid = -1;
1109
1110 DOFORK(fork);
1111 return pid;
1112 }
1113
1114 /*
1115 ** COLONCMP -- compare host-signatures up to first ':' or EOS
1116 **
1117 ** This takes two strings which happen to be host-signatures and
1118 ** compares them. If the lowest preference portions of the MX-RR's
1119 ** match (up to ':' or EOS, whichever is first), then we have
1120 ** match. This is used for coattail-piggybacking messages during
1121 ** message delivery.
1122 ** If the signatures are the same up to the first ':' the remainder of
1123 ** the signatures are then compared with a normal strcmp(). This saves
1124 ** re-examining the first part of the signatures.
1125 **
1126 ** Parameters:
1127 ** a - first host-signature
1128 ** b - second host-signature
1129 **
1130 ** Returns:
1131 ** HS_MATCH_NO -- no "match".
1132 ** HS_MATCH_FIRST -- "match" for the first MX preference
1133 ** (up to the first colon (':')).
1134 ** HS_MATCH_FULL -- match for the entire MX record.
1135 **
1136 ** Side Effects:
1137 ** none.
1138 */
1139
1140 #define HS_MATCH_NO 0
1141 #define HS_MATCH_FIRST 1
1142 #define HS_MATCH_FULL 2
1143
1144 static int
coloncmp(a,b)1145 coloncmp(a, b)
1146 register const char *a;
1147 register const char *b;
1148 {
1149 int ret = HS_MATCH_NO;
1150 int braclev = 0;
1151
1152 while (*a == *b++)
1153 {
1154 /* Need to account for IPv6 bracketed addresses */
1155 if (*a == '[')
1156 braclev++;
1157 else if (*a == ']' && braclev > 0)
1158 braclev--;
1159 else if (*a == ':' && braclev <= 0)
1160 {
1161 ret = HS_MATCH_FIRST;
1162 a++;
1163 break;
1164 }
1165 else if (*a == '\0')
1166 return HS_MATCH_FULL; /* a full match */
1167 a++;
1168 }
1169 if (ret == HS_MATCH_NO &&
1170 braclev <= 0 &&
1171 ((*a == '\0' && *(b - 1) == ':') ||
1172 (*a == ':' && *(b - 1) == '\0')))
1173 return HS_MATCH_FIRST;
1174 if (ret == HS_MATCH_FIRST && strcmp(a, b) == 0)
1175 return HS_MATCH_FULL;
1176
1177 return ret;
1178 }
1179
1180 /*
1181 ** SHOULD_TRY_FBSH -- Should try FallbackSmartHost?
1182 **
1183 ** Parameters:
1184 ** e -- envelope
1185 ** tried_fallbacksmarthost -- has been tried already? (in/out)
1186 ** hostbuf -- buffer for hostname (expand FallbackSmartHost) (out)
1187 ** hbsz -- size of hostbuf
1188 ** status -- current delivery status
1189 **
1190 ** Returns:
1191 ** true iff FallbackSmartHost should be tried.
1192 */
1193
1194 static bool should_try_fbsh __P((ENVELOPE *, bool *, char *, size_t, int));
1195
1196 static bool
should_try_fbsh(e,tried_fallbacksmarthost,hostbuf,hbsz,status)1197 should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status)
1198 ENVELOPE *e;
1199 bool *tried_fallbacksmarthost;
1200 char *hostbuf;
1201 size_t hbsz;
1202 int status;
1203 {
1204 /*
1205 ** If the host was not found or a temporary failure occurred
1206 ** and a FallbackSmartHost is defined (and we have not yet
1207 ** tried it), then make one last try with it as the host.
1208 */
1209
1210 if ((status == EX_NOHOST || status == EX_TEMPFAIL) &&
1211 FallbackSmartHost != NULL && !*tried_fallbacksmarthost)
1212 {
1213 *tried_fallbacksmarthost = true;
1214 expand(FallbackSmartHost, hostbuf, hbsz, e);
1215 if (!wordinclass(hostbuf, 'w'))
1216 {
1217 if (tTd(11, 1))
1218 sm_dprintf("one last try with FallbackSmartHost %s\n",
1219 hostbuf);
1220 return true;
1221 }
1222 }
1223 return false;
1224 }
1225 /*
1226 ** DELIVER -- Deliver a message to a list of addresses.
1227 **
1228 ** This routine delivers to everyone on the same host as the
1229 ** user on the head of the list. It is clever about mailers
1230 ** that don't handle multiple users. It is NOT guaranteed
1231 ** that it will deliver to all these addresses however -- so
1232 ** deliver should be called once for each address on the
1233 ** list.
1234 ** Deliver tries to be as opportunistic as possible about piggybacking
1235 ** messages. Some definitions to make understanding easier follow below.
1236 ** Piggybacking occurs when an existing connection to a mail host can
1237 ** be used to send the same message to more than one recipient at the
1238 ** same time. So "no piggybacking" means one message for one recipient
1239 ** per connection. "Intentional piggybacking" happens when the
1240 ** recipients' host address (not the mail host address) is used to
1241 ** attempt piggybacking. Recipients with the same host address
1242 ** have the same mail host. "Coincidental piggybacking" relies on
1243 ** piggybacking based on all the mail host addresses in the MX-RR. This
1244 ** is "coincidental" in the fact it could not be predicted until the
1245 ** MX Resource Records for the hosts were obtained and examined. For
1246 ** example (preference order and equivalence is important, not values):
1247 ** domain1 IN MX 10 mxhost-A
1248 ** IN MX 20 mxhost-B
1249 ** domain2 IN MX 4 mxhost-A
1250 ** IN MX 8 mxhost-B
1251 ** Domain1 and domain2 can piggyback the same message to mxhost-A or
1252 ** mxhost-B (if mxhost-A cannot be reached).
1253 ** "Coattail piggybacking" relaxes the strictness of "coincidental
1254 ** piggybacking" in the hope that most significant (lowest value)
1255 ** MX preference host(s) can create more piggybacking. For example
1256 ** (again, preference order and equivalence is important, not values):
1257 ** domain3 IN MX 100 mxhost-C
1258 ** IN MX 100 mxhost-D
1259 ** IN MX 200 mxhost-E
1260 ** domain4 IN MX 50 mxhost-C
1261 ** IN MX 50 mxhost-D
1262 ** IN MX 80 mxhost-F
1263 ** A message for domain3 and domain4 can piggyback to mxhost-C if mxhost-C
1264 ** is available. Same with mxhost-D because in both RR's the preference
1265 ** value is the same as mxhost-C, respectively.
1266 ** So deliver attempts coattail piggybacking when possible. If the
1267 ** first MX preference level hosts cannot be used then the piggybacking
1268 ** reverts to coincidental piggybacking. Using the above example you
1269 ** cannot deliver to mxhost-F for domain3 regardless of preference value.
1270 ** ("Coattail" from "riding on the coattails of your predecessor" meaning
1271 ** gaining benefit from a predecessor effort with no or little addition
1272 ** effort. The predecessor here being the preceding MX RR).
1273 **
1274 ** Parameters:
1275 ** e -- the envelope to deliver.
1276 ** firstto -- head of the address list to deliver to.
1277 **
1278 ** Returns:
1279 ** zero -- successfully delivered.
1280 ** else -- some failure, see ExitStat for more info.
1281 **
1282 ** Side Effects:
1283 ** The standard input is passed off to someone.
1284 */
1285
1286 static int
deliver(e,firstto)1287 deliver(e, firstto)
1288 register ENVELOPE *e;
1289 ADDRESS *firstto;
1290 {
1291 char *host; /* host being sent to */
1292 char *user; /* user being sent to */
1293 char **pvp;
1294 register char **mvp;
1295 register char *p;
1296 register MAILER *m; /* mailer for this recipient */
1297 ADDRESS *volatile ctladdr;
1298 #if HASSETUSERCONTEXT
1299 ADDRESS *volatile contextaddr = NULL;
1300 #endif /* HASSETUSERCONTEXT */
1301 register MCI *volatile mci;
1302 register ADDRESS *SM_NONVOLATILE to = firstto;
1303 volatile bool clever = false; /* running user smtp to this mailer */
1304 ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */
1305 int rcode; /* response code */
1306 SM_NONVOLATILE int lmtp_rcode = EX_OK;
1307 SM_NONVOLATILE int nummxhosts = 0; /* number of MX hosts available */
1308 SM_NONVOLATILE int hostnum = 0; /* current MX host index */
1309 char *firstsig; /* signature of firstto */
1310 volatile pid_t pid = -1;
1311 char *volatile curhost;
1312 SM_NONVOLATILE unsigned short port = 0;
1313 SM_NONVOLATILE time_t enough = 0;
1314 #if NETUNIX
1315 char *SM_NONVOLATILE mux_path = NULL; /* path to UNIX domain socket */
1316 #endif /* NETUNIX */
1317 time_t xstart;
1318 bool suidwarn;
1319 bool anyok; /* at least one address was OK */
1320 SM_NONVOLATILE bool goodmxfound = false; /* at least one MX was OK */
1321 bool ovr;
1322 bool quarantine;
1323 int strsize;
1324 int rcptcount;
1325 int ret;
1326 static int tobufsize = 0;
1327 static char *tobuf = NULL;
1328 char *rpath; /* translated return path */
1329 int mpvect[2];
1330 int rpvect[2];
1331 char *mxhosts[MAXMXHOSTS + 1];
1332 char *pv[MAXPV + 1];
1333 char buf[MAXNAME + 1];
1334 char cbuf[MAXPATHLEN];
1335
1336 errno = 0;
1337 SM_REQUIRE(firstto != NULL); /* same as to */
1338 if (!QS_IS_OK(to->q_state))
1339 return 0;
1340
1341 suidwarn = geteuid() == 0;
1342
1343 SM_REQUIRE(e != NULL);
1344 m = to->q_mailer;
1345 host = to->q_host;
1346 CurEnv = e; /* just in case */
1347 e->e_statmsg = NULL;
1348 SmtpError[0] = '\0';
1349 xstart = curtime();
1350
1351 if (tTd(10, 1))
1352 sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n",
1353 e->e_id, m->m_name, host, to->q_user);
1354 if (tTd(10, 100))
1355 printopenfds(false);
1356
1357 /*
1358 ** Clear {client_*} macros if this is a bounce message to
1359 ** prevent rejection by check_compat ruleset.
1360 */
1361
1362 if (bitset(EF_RESPONSE, e->e_flags))
1363 {
1364 macdefine(&e->e_macro, A_PERM, macid("{client_name}"), "");
1365 macdefine(&e->e_macro, A_PERM, macid("{client_ptr}"), "");
1366 macdefine(&e->e_macro, A_PERM, macid("{client_addr}"), "");
1367 macdefine(&e->e_macro, A_PERM, macid("{client_port}"), "");
1368 macdefine(&e->e_macro, A_PERM, macid("{client_resolve}"), "");
1369 }
1370
1371 SM_TRY
1372 {
1373 ADDRESS *skip_back = NULL;
1374
1375 /*
1376 ** Do initial argv setup.
1377 ** Insert the mailer name. Notice that $x expansion is
1378 ** NOT done on the mailer name. Then, if the mailer has
1379 ** a picky -f flag, we insert it as appropriate. This
1380 ** code does not check for 'pv' overflow; this places a
1381 ** manifest lower limit of 4 for MAXPV.
1382 ** The from address rewrite is expected to make
1383 ** the address relative to the other end.
1384 */
1385
1386 /* rewrite from address, using rewriting rules */
1387 rcode = EX_OK;
1388 SM_ASSERT(e->e_from.q_mailer != NULL);
1389 if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags))
1390 p = e->e_sender;
1391 else
1392 p = e->e_from.q_paddr;
1393 rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e);
1394 if (strlen(rpath) > MAXNAME)
1395 {
1396 rpath = shortenstring(rpath, MAXSHORTSTR);
1397
1398 /* avoid bogus errno */
1399 errno = 0;
1400 syserr("remotename: huge return path %s", rpath);
1401 }
1402 rpath = sm_rpool_strdup_x(e->e_rpool, rpath);
1403 macdefine(&e->e_macro, A_PERM, 'g', rpath);
1404 macdefine(&e->e_macro, A_PERM, 'h', host);
1405 Errors = 0;
1406 pvp = pv;
1407 *pvp++ = m->m_argv[0];
1408
1409 /* ignore long term host status information if mailer flag W is set */
1410 if (bitnset(M_NOHOSTSTAT, m->m_flags))
1411 IgnoreHostStatus = true;
1412
1413 /* insert -f or -r flag as appropriate */
1414 if (FromFlag &&
1415 (bitnset(M_FOPT, m->m_flags) ||
1416 bitnset(M_ROPT, m->m_flags)))
1417 {
1418 if (bitnset(M_FOPT, m->m_flags))
1419 *pvp++ = "-f";
1420 else
1421 *pvp++ = "-r";
1422 *pvp++ = rpath;
1423 }
1424
1425 /*
1426 ** Append the other fixed parts of the argv. These run
1427 ** up to the first entry containing "$u". There can only
1428 ** be one of these, and there are only a few more slots
1429 ** in the pv after it.
1430 */
1431
1432 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
1433 {
1434 /* can't use strchr here because of sign extension problems */
1435 while (*p != '\0')
1436 {
1437 if ((*p++ & 0377) == MACROEXPAND)
1438 {
1439 if (*p == 'u')
1440 break;
1441 }
1442 }
1443
1444 if (*p != '\0')
1445 break;
1446
1447 /* this entry is safe -- go ahead and process it */
1448 expand(*mvp, buf, sizeof(buf), e);
1449 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
1450 if (pvp >= &pv[MAXPV - 3])
1451 {
1452 syserr("554 5.3.5 Too many parameters to %s before $u",
1453 pv[0]);
1454 rcode = -1;
1455 goto cleanup;
1456 }
1457 }
1458
1459 /*
1460 ** If we have no substitution for the user name in the argument
1461 ** list, we know that we must supply the names otherwise -- and
1462 ** SMTP is the answer!!
1463 */
1464
1465 if (*mvp == NULL)
1466 {
1467 /* running LMTP or SMTP */
1468 clever = true;
1469 *pvp = NULL;
1470 }
1471 else if (bitnset(M_LMTP, m->m_flags))
1472 {
1473 /* not running LMTP */
1474 sm_syslog(LOG_ERR, NULL,
1475 "Warning: mailer %s: LMTP flag (F=z) turned off",
1476 m->m_name);
1477 clrbitn(M_LMTP, m->m_flags);
1478 }
1479
1480 /*
1481 ** At this point *mvp points to the argument with $u. We
1482 ** run through our address list and append all the addresses
1483 ** we can. If we run out of space, do not fret! We can
1484 ** always send another copy later.
1485 */
1486
1487 e->e_to = NULL;
1488 strsize = 2;
1489 rcptcount = 0;
1490 ctladdr = NULL;
1491 if (firstto->q_signature == NULL)
1492 firstto->q_signature = hostsignature(firstto->q_mailer,
1493 firstto->q_host);
1494 firstsig = firstto->q_signature;
1495
1496 for (; to != NULL; to = to->q_next)
1497 {
1498 /* avoid sending multiple recipients to dumb mailers */
1499 if (tochain != NULL && !bitnset(M_MUSER, m->m_flags))
1500 break;
1501
1502 /* if already sent or not for this host, don't send */
1503 if (!QS_IS_OK(to->q_state)) /* already sent; look at next */
1504 continue;
1505
1506 /*
1507 ** Must be same mailer to keep grouping rcpts.
1508 ** If mailers don't match: continue; sendqueue is not
1509 ** sorted by mailers, so don't break;
1510 */
1511
1512 if (to->q_mailer != firstto->q_mailer)
1513 continue;
1514
1515 if (to->q_signature == NULL) /* for safety */
1516 to->q_signature = hostsignature(to->q_mailer,
1517 to->q_host);
1518
1519 /*
1520 ** This is for coincidental and tailcoat piggybacking messages
1521 ** to the same mail host. While the signatures are identical
1522 ** (that's the MX-RR's are identical) we can do coincidental
1523 ** piggybacking. We try hard for coattail piggybacking
1524 ** with the same mail host when the next recipient has the
1525 ** same host at lowest preference. It may be that this
1526 ** won't work out, so 'skip_back' is maintained if a backup
1527 ** to coincidental piggybacking or full signature must happen.
1528 */
1529
1530 ret = firstto == to ? HS_MATCH_FULL :
1531 coloncmp(to->q_signature, firstsig);
1532 if (ret == HS_MATCH_FULL)
1533 skip_back = to;
1534 else if (ret == HS_MATCH_NO)
1535 break;
1536
1537 if (!clever)
1538 {
1539 /* avoid overflowing tobuf */
1540 strsize += strlen(to->q_paddr) + 1;
1541 if (strsize > TOBUFSIZE)
1542 break;
1543 }
1544
1545 if (++rcptcount > to->q_mailer->m_maxrcpt)
1546 break;
1547
1548 if (tTd(10, 1))
1549 {
1550 sm_dprintf("\nsend to ");
1551 printaddr(sm_debug_file(), to, false);
1552 }
1553
1554 /* compute effective uid/gid when sending */
1555 if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags))
1556 # if HASSETUSERCONTEXT
1557 contextaddr = ctladdr = getctladdr(to);
1558 # else /* HASSETUSERCONTEXT */
1559 ctladdr = getctladdr(to);
1560 # endif /* HASSETUSERCONTEXT */
1561
1562 if (tTd(10, 2))
1563 {
1564 sm_dprintf("ctladdr=");
1565 printaddr(sm_debug_file(), ctladdr, false);
1566 }
1567
1568 user = to->q_user;
1569 e->e_to = to->q_paddr;
1570
1571 /*
1572 ** Check to see that these people are allowed to
1573 ** talk to each other.
1574 ** Check also for overflow of e_msgsize.
1575 */
1576
1577 if (m->m_maxsize != 0 &&
1578 (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0))
1579 {
1580 e->e_flags |= EF_NO_BODY_RETN;
1581 if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags))
1582 to->q_status = "5.2.3";
1583 else
1584 to->q_status = "5.3.4";
1585
1586 /* set to->q_rstatus = NULL; or to the following? */
1587 usrerrenh(to->q_status,
1588 "552 Message is too large; %ld bytes max",
1589 m->m_maxsize);
1590 markfailure(e, to, NULL, EX_UNAVAILABLE, false);
1591 giveresponse(EX_UNAVAILABLE, to->q_status, m,
1592 NULL, ctladdr, xstart, e, to);
1593 continue;
1594 }
1595 SM_SET_H_ERRNO(0);
1596 ovr = true;
1597
1598 /* do config file checking of compatibility */
1599 quarantine = (e->e_quarmsg != NULL);
1600 rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr,
1601 e, RSF_RMCOMM|RSF_COUNT, 3, NULL,
1602 e->e_id, NULL);
1603 if (rcode == EX_OK)
1604 {
1605 /* do in-code checking if not discarding */
1606 if (!bitset(EF_DISCARD, e->e_flags))
1607 {
1608 rcode = checkcompat(to, e);
1609 ovr = false;
1610 }
1611 }
1612 if (rcode != EX_OK)
1613 {
1614 markfailure(e, to, NULL, rcode, ovr);
1615 giveresponse(rcode, to->q_status, m,
1616 NULL, ctladdr, xstart, e, to);
1617 continue;
1618 }
1619 if (!quarantine && e->e_quarmsg != NULL)
1620 {
1621 /*
1622 ** check_compat or checkcompat() has tried
1623 ** to quarantine but that isn't supported.
1624 ** Revert the attempt.
1625 */
1626
1627 e->e_quarmsg = NULL;
1628 macdefine(&e->e_macro, A_PERM,
1629 macid("{quarantine}"), "");
1630 }
1631 if (bitset(EF_DISCARD, e->e_flags))
1632 {
1633 if (tTd(10, 5))
1634 {
1635 sm_dprintf("deliver: discarding recipient ");
1636 printaddr(sm_debug_file(), to, false);
1637 }
1638
1639 /* pretend the message was sent */
1640 /* XXX should we log something here? */
1641 to->q_state = QS_DISCARDED;
1642
1643 /*
1644 ** Remove discard bit to prevent discard of
1645 ** future recipients. This is safe because the
1646 ** true "global discard" has been handled before
1647 ** we get here.
1648 */
1649
1650 e->e_flags &= ~EF_DISCARD;
1651 continue;
1652 }
1653
1654 /*
1655 ** Strip quote bits from names if the mailer is dumb
1656 ** about them.
1657 */
1658
1659 if (bitnset(M_STRIPQ, m->m_flags))
1660 {
1661 stripquotes(user);
1662 stripquotes(host);
1663 }
1664
1665 /*
1666 ** Strip all leading backslashes if requested and the
1667 ** next character is alphanumerical (the latter can
1668 ** probably relaxed a bit, see RFC2821).
1669 */
1670
1671 if (bitnset(M_STRIPBACKSL, m->m_flags) && user[0] == '\\')
1672 stripbackslash(user);
1673
1674 /* hack attack -- delivermail compatibility */
1675 if (m == ProgMailer && *user == '|')
1676 user++;
1677
1678 /*
1679 ** If an error message has already been given, don't
1680 ** bother to send to this address.
1681 **
1682 ** >>>>>>>>>> This clause assumes that the local mailer
1683 ** >> NOTE >> cannot do any further aliasing; that
1684 ** >>>>>>>>>> function is subsumed by sendmail.
1685 */
1686
1687 if (!QS_IS_OK(to->q_state))
1688 continue;
1689
1690 /*
1691 ** See if this user name is "special".
1692 ** If the user name has a slash in it, assume that this
1693 ** is a file -- send it off without further ado. Note
1694 ** that this type of addresses is not processed along
1695 ** with the others, so we fudge on the To person.
1696 */
1697
1698 if (strcmp(m->m_mailer, "[FILE]") == 0)
1699 {
1700 macdefine(&e->e_macro, A_PERM, 'u', user);
1701 p = to->q_home;
1702 if (p == NULL && ctladdr != NULL)
1703 p = ctladdr->q_home;
1704 macdefine(&e->e_macro, A_PERM, 'z', p);
1705 expand(m->m_argv[1], buf, sizeof(buf), e);
1706 if (strlen(buf) > 0)
1707 rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e);
1708 else
1709 {
1710 syserr("empty filename specification for mailer %s",
1711 m->m_name);
1712 rcode = EX_CONFIG;
1713 }
1714 giveresponse(rcode, to->q_status, m, NULL,
1715 ctladdr, xstart, e, to);
1716 markfailure(e, to, NULL, rcode, true);
1717 e->e_nsent++;
1718 if (rcode == EX_OK)
1719 {
1720 to->q_state = QS_SENT;
1721 if (bitnset(M_LOCALMAILER, m->m_flags) &&
1722 bitset(QPINGONSUCCESS, to->q_flags))
1723 {
1724 to->q_flags |= QDELIVERED;
1725 to->q_status = "2.1.5";
1726 (void) sm_io_fprintf(e->e_xfp,
1727 SM_TIME_DEFAULT,
1728 "%s... Successfully delivered\n",
1729 to->q_paddr);
1730 }
1731 }
1732 to->q_statdate = curtime();
1733 markstats(e, to, STATS_NORMAL);
1734 continue;
1735 }
1736
1737 /*
1738 ** Address is verified -- add this user to mailer
1739 ** argv, and add it to the print list of recipients.
1740 */
1741
1742 /* link together the chain of recipients */
1743 to->q_tchain = tochain;
1744 tochain = to;
1745 e->e_to = "[CHAIN]";
1746
1747 macdefine(&e->e_macro, A_PERM, 'u', user); /* to user */
1748 p = to->q_home;
1749 if (p == NULL && ctladdr != NULL)
1750 p = ctladdr->q_home;
1751 macdefine(&e->e_macro, A_PERM, 'z', p); /* user's home */
1752
1753 /* set the ${dsn_notify} macro if applicable */
1754 if (bitset(QHASNOTIFY, to->q_flags))
1755 {
1756 char notify[MAXLINE];
1757
1758 notify[0] = '\0';
1759 if (bitset(QPINGONSUCCESS, to->q_flags))
1760 (void) sm_strlcat(notify, "SUCCESS,",
1761 sizeof(notify));
1762 if (bitset(QPINGONFAILURE, to->q_flags))
1763 (void) sm_strlcat(notify, "FAILURE,",
1764 sizeof(notify));
1765 if (bitset(QPINGONDELAY, to->q_flags))
1766 (void) sm_strlcat(notify, "DELAY,",
1767 sizeof(notify));
1768
1769 /* Set to NEVER or drop trailing comma */
1770 if (notify[0] == '\0')
1771 (void) sm_strlcat(notify, "NEVER",
1772 sizeof(notify));
1773 else
1774 notify[strlen(notify) - 1] = '\0';
1775
1776 macdefine(&e->e_macro, A_TEMP,
1777 macid("{dsn_notify}"), notify);
1778 }
1779 else
1780 macdefine(&e->e_macro, A_PERM,
1781 macid("{dsn_notify}"), NULL);
1782
1783 /*
1784 ** Expand out this user into argument list.
1785 */
1786
1787 if (!clever)
1788 {
1789 expand(*mvp, buf, sizeof(buf), e);
1790 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
1791 if (pvp >= &pv[MAXPV - 2])
1792 {
1793 /* allow some space for trailing parms */
1794 break;
1795 }
1796 }
1797 }
1798
1799 /* see if any addresses still exist */
1800 if (tochain == NULL)
1801 {
1802 rcode = 0;
1803 goto cleanup;
1804 }
1805
1806 /* print out messages as full list */
1807 strsize = 1;
1808 for (to = tochain; to != NULL; to = to->q_tchain)
1809 strsize += strlen(to->q_paddr) + 1;
1810 if (strsize < TOBUFSIZE)
1811 strsize = TOBUFSIZE;
1812 if (strsize > tobufsize)
1813 {
1814 SM_FREE_CLR(tobuf);
1815 tobuf = sm_pmalloc_x(strsize);
1816 tobufsize = strsize;
1817 }
1818 p = tobuf;
1819 *p = '\0';
1820 for (to = tochain; to != NULL; to = to->q_tchain)
1821 {
1822 (void) sm_strlcpyn(p, tobufsize - (p - tobuf), 2,
1823 ",", to->q_paddr);
1824 p += strlen(p);
1825 }
1826 e->e_to = tobuf + 1;
1827
1828 /*
1829 ** Fill out any parameters after the $u parameter.
1830 */
1831
1832 if (!clever)
1833 {
1834 while (*++mvp != NULL)
1835 {
1836 expand(*mvp, buf, sizeof(buf), e);
1837 *pvp++ = sm_rpool_strdup_x(e->e_rpool, buf);
1838 if (pvp >= &pv[MAXPV])
1839 syserr("554 5.3.0 deliver: pv overflow after $u for %s",
1840 pv[0]);
1841 }
1842 }
1843 *pvp++ = NULL;
1844
1845 /*
1846 ** Call the mailer.
1847 ** The argument vector gets built, pipes
1848 ** are created as necessary, and we fork & exec as
1849 ** appropriate.
1850 ** If we are running SMTP, we just need to clean up.
1851 */
1852
1853 /* XXX this seems a bit wierd */
1854 if (ctladdr == NULL && m != ProgMailer && m != FileMailer &&
1855 bitset(QGOODUID, e->e_from.q_flags))
1856 ctladdr = &e->e_from;
1857
1858 #if NAMED_BIND
1859 if (ConfigLevel < 2)
1860 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
1861 #endif /* NAMED_BIND */
1862
1863 if (tTd(11, 1))
1864 {
1865 sm_dprintf("openmailer:");
1866 printav(sm_debug_file(), pv);
1867 }
1868 errno = 0;
1869 SM_SET_H_ERRNO(0);
1870 CurHostName = NULL;
1871
1872 /*
1873 ** Deal with the special case of mail handled through an IPC
1874 ** connection.
1875 ** In this case we don't actually fork. We must be
1876 ** running SMTP for this to work. We will return a
1877 ** zero pid to indicate that we are running IPC.
1878 ** We also handle a debug version that just talks to stdin/out.
1879 */
1880
1881 curhost = NULL;
1882 SmtpPhase = NULL;
1883 mci = NULL;
1884
1885 #if XDEBUG
1886 {
1887 char wbuf[MAXLINE];
1888
1889 /* make absolutely certain 0, 1, and 2 are in use */
1890 (void) sm_snprintf(wbuf, sizeof(wbuf), "%s... openmailer(%s)",
1891 shortenstring(e->e_to, MAXSHORTSTR),
1892 m->m_name);
1893 checkfd012(wbuf);
1894 }
1895 #endif /* XDEBUG */
1896
1897 /* check for 8-bit available */
1898 if (bitset(EF_HAS8BIT, e->e_flags) &&
1899 bitnset(M_7BITS, m->m_flags) &&
1900 (bitset(EF_DONT_MIME, e->e_flags) ||
1901 !(bitset(MM_MIME8BIT, MimeMode) ||
1902 (bitset(EF_IS_MIME, e->e_flags) &&
1903 bitset(MM_CVTMIME, MimeMode)))))
1904 {
1905 e->e_status = "5.6.3";
1906 usrerrenh(e->e_status,
1907 "554 Cannot send 8-bit data to 7-bit destination");
1908 rcode = EX_DATAERR;
1909 goto give_up;
1910 }
1911
1912 if (tTd(62, 8))
1913 checkfds("before delivery");
1914
1915 /* check for Local Person Communication -- not for mortals!!! */
1916 if (strcmp(m->m_mailer, "[LPC]") == 0)
1917 {
1918 if (clever)
1919 {
1920 /* flush any expired connections */
1921 (void) mci_scan(NULL);
1922
1923 /* try to get a cached connection or just a slot */
1924 mci = mci_get(m->m_name, m);
1925 if (mci->mci_host == NULL)
1926 mci->mci_host = m->m_name;
1927 CurHostName = mci->mci_host;
1928 if (mci->mci_state != MCIS_CLOSED)
1929 {
1930 message("Using cached SMTP/LPC connection for %s...",
1931 m->m_name);
1932 mci->mci_deliveries++;
1933 goto do_transfer;
1934 }
1935 }
1936 else
1937 {
1938 mci = mci_new(e->e_rpool);
1939 }
1940 mci->mci_in = smioin;
1941 mci->mci_out = smioout;
1942 mci->mci_mailer = m;
1943 mci->mci_host = m->m_name;
1944 if (clever)
1945 {
1946 mci->mci_state = MCIS_OPENING;
1947 mci_cache(mci);
1948 }
1949 else
1950 mci->mci_state = MCIS_OPEN;
1951 }
1952 else if (strcmp(m->m_mailer, "[IPC]") == 0)
1953 {
1954 register int i;
1955
1956 if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0')
1957 {
1958 syserr("null destination for %s mailer", m->m_mailer);
1959 rcode = EX_CONFIG;
1960 goto give_up;
1961 }
1962
1963 # if NETUNIX
1964 if (strcmp(pv[0], "FILE") == 0)
1965 {
1966 curhost = CurHostName = "localhost";
1967 mux_path = pv[1];
1968 }
1969 else
1970 # endif /* NETUNIX */
1971 {
1972 CurHostName = pv[1];
1973 curhost = hostsignature(m, pv[1]);
1974 }
1975
1976 if (curhost == NULL || curhost[0] == '\0')
1977 {
1978 syserr("null host signature for %s", pv[1]);
1979 rcode = EX_CONFIG;
1980 goto give_up;
1981 }
1982
1983 if (!clever)
1984 {
1985 syserr("554 5.3.5 non-clever IPC");
1986 rcode = EX_CONFIG;
1987 goto give_up;
1988 }
1989 if (pv[2] != NULL
1990 # if NETUNIX
1991 && mux_path == NULL
1992 # endif /* NETUNIX */
1993 )
1994 {
1995 port = htons((unsigned short) atoi(pv[2]));
1996 if (port == 0)
1997 {
1998 # ifdef NO_GETSERVBYNAME
1999 syserr("Invalid port number: %s", pv[2]);
2000 # else /* NO_GETSERVBYNAME */
2001 struct servent *sp = getservbyname(pv[2], "tcp");
2002
2003 if (sp == NULL)
2004 syserr("Service %s unknown", pv[2]);
2005 else
2006 port = sp->s_port;
2007 # endif /* NO_GETSERVBYNAME */
2008 }
2009 }
2010
2011 nummxhosts = parse_hostsignature(curhost, mxhosts, m);
2012 if (TimeOuts.to_aconnect > 0)
2013 enough = curtime() + TimeOuts.to_aconnect;
2014 tryhost:
2015 while (hostnum < nummxhosts)
2016 {
2017 char sep = ':';
2018 char *endp;
2019 static char hostbuf[MAXNAME + 1];
2020 bool tried_fallbacksmarthost = false;
2021
2022 # if NETINET6
2023 if (*mxhosts[hostnum] == '[')
2024 {
2025 endp = strchr(mxhosts[hostnum] + 1, ']');
2026 if (endp != NULL)
2027 endp = strpbrk(endp + 1, ":,");
2028 }
2029 else
2030 endp = strpbrk(mxhosts[hostnum], ":,");
2031 # else /* NETINET6 */
2032 endp = strpbrk(mxhosts[hostnum], ":,");
2033 # endif /* NETINET6 */
2034 if (endp != NULL)
2035 {
2036 sep = *endp;
2037 *endp = '\0';
2038 }
2039
2040 if (hostnum == 1 && skip_back != NULL)
2041 {
2042 /*
2043 ** Coattail piggybacking is no longer an
2044 ** option with the mail host next to be tried
2045 ** no longer the lowest MX preference
2046 ** (hostnum == 1 meaning we're on the second
2047 ** preference). We do not try to coattail
2048 ** piggyback more than the first MX preference.
2049 ** Revert 'tochain' to last location for
2050 ** coincidental piggybacking. This works this
2051 ** easily because the q_tchain kept getting
2052 ** added to the top of the linked list.
2053 */
2054
2055 tochain = skip_back;
2056 }
2057
2058 if (*mxhosts[hostnum] == '\0')
2059 {
2060 syserr("deliver: null host name in signature");
2061 hostnum++;
2062 if (endp != NULL)
2063 *endp = sep;
2064 continue;
2065 }
2066 (void) sm_strlcpy(hostbuf, mxhosts[hostnum],
2067 sizeof(hostbuf));
2068 hostnum++;
2069 if (endp != NULL)
2070 *endp = sep;
2071
2072 one_last_try:
2073 /* see if we already know that this host is fried */
2074 CurHostName = hostbuf;
2075 mci = mci_get(hostbuf, m);
2076 if (mci->mci_state != MCIS_CLOSED)
2077 {
2078 char *type;
2079
2080 if (tTd(11, 1))
2081 {
2082 sm_dprintf("openmailer: ");
2083 mci_dump(sm_debug_file(), mci, false);
2084 }
2085 CurHostName = mci->mci_host;
2086 if (bitnset(M_LMTP, m->m_flags))
2087 type = "L";
2088 else if (bitset(MCIF_ESMTP, mci->mci_flags))
2089 type = "ES";
2090 else
2091 type = "S";
2092 message("Using cached %sMTP connection to %s via %s...",
2093 type, hostbuf, m->m_name);
2094 mci->mci_deliveries++;
2095 break;
2096 }
2097 mci->mci_mailer = m;
2098 if (mci->mci_exitstat != EX_OK)
2099 {
2100 if (mci->mci_exitstat == EX_TEMPFAIL)
2101 goodmxfound = true;
2102
2103 /* Try FallbackSmartHost? */
2104 if (should_try_fbsh(e, &tried_fallbacksmarthost,
2105 hostbuf, sizeof(hostbuf),
2106 mci->mci_exitstat))
2107 goto one_last_try;
2108
2109 continue;
2110 }
2111
2112 if (mci_lock_host(mci) != EX_OK)
2113 {
2114 mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL);
2115 goodmxfound = true;
2116 continue;
2117 }
2118
2119 /* try the connection */
2120 sm_setproctitle(true, e, "%s %s: %s",
2121 qid_printname(e),
2122 hostbuf, "user open");
2123 # if NETUNIX
2124 if (mux_path != NULL)
2125 {
2126 message("Connecting to %s via %s...",
2127 mux_path, m->m_name);
2128 i = makeconnection_ds((char *) mux_path, mci);
2129 }
2130 else
2131 # endif /* NETUNIX */
2132 {
2133 if (port == 0)
2134 message("Connecting to %s via %s...",
2135 hostbuf, m->m_name);
2136 else
2137 message("Connecting to %s port %d via %s...",
2138 hostbuf, ntohs(port),
2139 m->m_name);
2140 i = makeconnection(hostbuf, port, mci, e,
2141 enough);
2142 }
2143 mci->mci_errno = errno;
2144 mci->mci_lastuse = curtime();
2145 mci->mci_deliveries = 0;
2146 mci->mci_exitstat = i;
2147 # if NAMED_BIND
2148 mci->mci_herrno = h_errno;
2149 # endif /* NAMED_BIND */
2150
2151 /*
2152 ** Have we tried long enough to get a connection?
2153 ** If yes, skip to the fallback MX hosts
2154 ** (if existent).
2155 */
2156
2157 if (enough > 0 && mci->mci_lastuse >= enough)
2158 {
2159 int h;
2160 # if NAMED_BIND
2161 extern int NumFallbackMXHosts;
2162 # else /* NAMED_BIND */
2163 const int NumFallbackMXHosts = 0;
2164 # endif /* NAMED_BIND */
2165
2166 if (hostnum < nummxhosts && LogLevel > 9)
2167 sm_syslog(LOG_INFO, e->e_id,
2168 "Timeout.to_aconnect occurred before exhausting all addresses");
2169
2170 /* turn off timeout if fallback available */
2171 if (NumFallbackMXHosts > 0)
2172 enough = 0;
2173
2174 /* skip to a fallback MX host */
2175 h = nummxhosts - NumFallbackMXHosts;
2176 if (hostnum < h)
2177 hostnum = h;
2178 }
2179 if (i == EX_OK)
2180 {
2181 goodmxfound = true;
2182 markstats(e, firstto, STATS_CONNECT);
2183 mci->mci_state = MCIS_OPENING;
2184 mci_cache(mci);
2185 if (TrafficLogFile != NULL)
2186 (void) sm_io_fprintf(TrafficLogFile,
2187 SM_TIME_DEFAULT,
2188 "%05d === CONNECT %s\n",
2189 (int) CurrentPid,
2190 hostbuf);
2191 break;
2192 }
2193 else
2194 {
2195 /* Try FallbackSmartHost? */
2196 if (should_try_fbsh(e, &tried_fallbacksmarthost,
2197 hostbuf, sizeof(hostbuf), i))
2198 goto one_last_try;
2199
2200 if (tTd(11, 1))
2201 sm_dprintf("openmailer: makeconnection => stat=%d, errno=%d\n",
2202 i, errno);
2203 if (i == EX_TEMPFAIL)
2204 goodmxfound = true;
2205 mci_unlock_host(mci);
2206 }
2207
2208 /* enter status of this host */
2209 setstat(i);
2210
2211 /* should print some message here for -v mode */
2212 }
2213 if (mci == NULL)
2214 {
2215 syserr("deliver: no host name");
2216 rcode = EX_SOFTWARE;
2217 goto give_up;
2218 }
2219 mci->mci_pid = 0;
2220 }
2221 else
2222 {
2223 /* flush any expired connections */
2224 (void) mci_scan(NULL);
2225 mci = NULL;
2226
2227 if (bitnset(M_LMTP, m->m_flags))
2228 {
2229 /* try to get a cached connection */
2230 mci = mci_get(m->m_name, m);
2231 if (mci->mci_host == NULL)
2232 mci->mci_host = m->m_name;
2233 CurHostName = mci->mci_host;
2234 if (mci->mci_state != MCIS_CLOSED)
2235 {
2236 message("Using cached LMTP connection for %s...",
2237 m->m_name);
2238 mci->mci_deliveries++;
2239 goto do_transfer;
2240 }
2241 }
2242
2243 /* announce the connection to verbose listeners */
2244 if (host == NULL || host[0] == '\0')
2245 message("Connecting to %s...", m->m_name);
2246 else
2247 message("Connecting to %s via %s...", host, m->m_name);
2248 if (TrafficLogFile != NULL)
2249 {
2250 char **av;
2251
2252 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
2253 "%05d === EXEC", (int) CurrentPid);
2254 for (av = pv; *av != NULL; av++)
2255 (void) sm_io_fprintf(TrafficLogFile,
2256 SM_TIME_DEFAULT, " %s",
2257 *av);
2258 (void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
2259 "\n");
2260 }
2261
2262 #if XDEBUG
2263 checkfd012("before creating mail pipe");
2264 #endif /* XDEBUG */
2265
2266 /* create a pipe to shove the mail through */
2267 if (pipe(mpvect) < 0)
2268 {
2269 syserr("%s... openmailer(%s): pipe (to mailer)",
2270 shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
2271 if (tTd(11, 1))
2272 sm_dprintf("openmailer: NULL\n");
2273 rcode = EX_OSERR;
2274 goto give_up;
2275 }
2276
2277 #if XDEBUG
2278 /* make sure we didn't get one of the standard I/O files */
2279 if (mpvect[0] < 3 || mpvect[1] < 3)
2280 {
2281 syserr("%s... openmailer(%s): bogus mpvect %d %d",
2282 shortenstring(e->e_to, MAXSHORTSTR), m->m_name,
2283 mpvect[0], mpvect[1]);
2284 printopenfds(true);
2285 if (tTd(11, 1))
2286 sm_dprintf("openmailer: NULL\n");
2287 rcode = EX_OSERR;
2288 goto give_up;
2289 }
2290
2291 /* make sure system call isn't dead meat */
2292 checkfdopen(mpvect[0], "mpvect[0]");
2293 checkfdopen(mpvect[1], "mpvect[1]");
2294 if (mpvect[0] == mpvect[1] ||
2295 (e->e_lockfp != NULL &&
2296 (mpvect[0] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD,
2297 NULL) ||
2298 mpvect[1] == sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD,
2299 NULL))))
2300 {
2301 if (e->e_lockfp == NULL)
2302 syserr("%s... openmailer(%s): overlapping mpvect %d %d",
2303 shortenstring(e->e_to, MAXSHORTSTR),
2304 m->m_name, mpvect[0], mpvect[1]);
2305 else
2306 syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d",
2307 shortenstring(e->e_to, MAXSHORTSTR),
2308 m->m_name, mpvect[0], mpvect[1],
2309 sm_io_getinfo(e->e_lockfp,
2310 SM_IO_WHAT_FD, NULL));
2311 }
2312 #endif /* XDEBUG */
2313
2314 /* create a return pipe */
2315 if (pipe(rpvect) < 0)
2316 {
2317 syserr("%s... openmailer(%s): pipe (from mailer)",
2318 shortenstring(e->e_to, MAXSHORTSTR),
2319 m->m_name);
2320 (void) close(mpvect[0]);
2321 (void) close(mpvect[1]);
2322 if (tTd(11, 1))
2323 sm_dprintf("openmailer: NULL\n");
2324 rcode = EX_OSERR;
2325 goto give_up;
2326 }
2327 #if XDEBUG
2328 checkfdopen(rpvect[0], "rpvect[0]");
2329 checkfdopen(rpvect[1], "rpvect[1]");
2330 #endif /* XDEBUG */
2331
2332 /*
2333 ** Actually fork the mailer process.
2334 ** DOFORK is clever about retrying.
2335 **
2336 ** Dispose of SIGCHLD signal catchers that may be laying
2337 ** around so that endmailer will get it.
2338 */
2339
2340 if (e->e_xfp != NULL) /* for debugging */
2341 (void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);
2342 (void) sm_io_flush(smioout, SM_TIME_DEFAULT);
2343 (void) sm_signal(SIGCHLD, SIG_DFL);
2344
2345
2346 DOFORK(FORK);
2347 /* pid is set by DOFORK */
2348
2349 if (pid < 0)
2350 {
2351 /* failure */
2352 syserr("%s... openmailer(%s): cannot fork",
2353 shortenstring(e->e_to, MAXSHORTSTR), m->m_name);
2354 (void) close(mpvect[0]);
2355 (void) close(mpvect[1]);
2356 (void) close(rpvect[0]);
2357 (void) close(rpvect[1]);
2358 if (tTd(11, 1))
2359 sm_dprintf("openmailer: NULL\n");
2360 rcode = EX_OSERR;
2361 goto give_up;
2362 }
2363 else if (pid == 0)
2364 {
2365 int save_errno;
2366 int sff;
2367 int new_euid = NO_UID;
2368 int new_ruid = NO_UID;
2369 int new_gid = NO_GID;
2370 char *user = NULL;
2371 struct stat stb;
2372 extern int DtableSize;
2373
2374 CurrentPid = getpid();
2375
2376 /* clear the events to turn off SIGALRMs */
2377 sm_clear_events();
2378
2379 /* Reset global flags */
2380 RestartRequest = NULL;
2381 RestartWorkGroup = false;
2382 ShutdownRequest = NULL;
2383 PendingSignal = 0;
2384
2385 if (e->e_lockfp != NULL)
2386 (void) close(sm_io_getinfo(e->e_lockfp,
2387 SM_IO_WHAT_FD,
2388 NULL));
2389
2390 /* child -- set up input & exec mailer */
2391 (void) sm_signal(SIGALRM, sm_signal_noop);
2392 (void) sm_signal(SIGCHLD, SIG_DFL);
2393 (void) sm_signal(SIGHUP, SIG_IGN);
2394 (void) sm_signal(SIGINT, SIG_IGN);
2395 (void) sm_signal(SIGTERM, SIG_DFL);
2396 # ifdef SIGUSR1
2397 (void) sm_signal(SIGUSR1, sm_signal_noop);
2398 # endif /* SIGUSR1 */
2399
2400 if (m != FileMailer || stat(tochain->q_user, &stb) < 0)
2401 stb.st_mode = 0;
2402
2403 # if HASSETUSERCONTEXT
2404 /*
2405 ** Set user resources.
2406 */
2407
2408 if (contextaddr != NULL)
2409 {
2410 int sucflags;
2411 struct passwd *pwd;
2412
2413 if (contextaddr->q_ruser != NULL)
2414 pwd = sm_getpwnam(contextaddr->q_ruser);
2415 else
2416 pwd = sm_getpwnam(contextaddr->q_user);
2417 sucflags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
2418 #ifdef LOGIN_SETMAC
2419 sucflags |= LOGIN_SETMAC;
2420 #endif /* LOGIN_SETMAC */
2421 if (pwd != NULL &&
2422 setusercontext(NULL, pwd, pwd->pw_uid,
2423 sucflags) == -1 &&
2424 suidwarn)
2425 {
2426 syserr("openmailer: setusercontext() failed");
2427 exit(EX_TEMPFAIL);
2428 }
2429 }
2430 # endif /* HASSETUSERCONTEXT */
2431
2432 #if HASNICE
2433 /* tweak niceness */
2434 if (m->m_nice != 0)
2435 (void) nice(m->m_nice);
2436 #endif /* HASNICE */
2437
2438 /* reset group id */
2439 if (bitnset(M_SPECIFIC_UID, m->m_flags))
2440 {
2441 if (m->m_gid == NO_GID)
2442 new_gid = RunAsGid;
2443 else
2444 new_gid = m->m_gid;
2445 }
2446 else if (bitset(S_ISGID, stb.st_mode))
2447 new_gid = stb.st_gid;
2448 else if (ctladdr != NULL && ctladdr->q_gid != 0)
2449 {
2450 if (!DontInitGroups)
2451 {
2452 user = ctladdr->q_ruser;
2453 if (user == NULL)
2454 user = ctladdr->q_user;
2455
2456 if (initgroups(user,
2457 ctladdr->q_gid) == -1
2458 && suidwarn)
2459 {
2460 syserr("openmailer: initgroups(%s, %d) failed",
2461 user, ctladdr->q_gid);
2462 exit(EX_TEMPFAIL);
2463 }
2464 }
2465 else
2466 {
2467 GIDSET_T gidset[1];
2468
2469 gidset[0] = ctladdr->q_gid;
2470 if (setgroups(1, gidset) == -1
2471 && suidwarn)
2472 {
2473 syserr("openmailer: setgroups() failed");
2474 exit(EX_TEMPFAIL);
2475 }
2476 }
2477 new_gid = ctladdr->q_gid;
2478 }
2479 else
2480 {
2481 if (!DontInitGroups)
2482 {
2483 user = DefUser;
2484 if (initgroups(DefUser, DefGid) == -1 &&
2485 suidwarn)
2486 {
2487 syserr("openmailer: initgroups(%s, %d) failed",
2488 DefUser, DefGid);
2489 exit(EX_TEMPFAIL);
2490 }
2491 }
2492 else
2493 {
2494 GIDSET_T gidset[1];
2495
2496 gidset[0] = DefGid;
2497 if (setgroups(1, gidset) == -1
2498 && suidwarn)
2499 {
2500 syserr("openmailer: setgroups() failed");
2501 exit(EX_TEMPFAIL);
2502 }
2503 }
2504 if (m->m_gid == NO_GID)
2505 new_gid = DefGid;
2506 else
2507 new_gid = m->m_gid;
2508 }
2509 if (new_gid != NO_GID)
2510 {
2511 if (RunAsUid != 0 &&
2512 bitnset(M_SPECIFIC_UID, m->m_flags) &&
2513 new_gid != getgid() &&
2514 new_gid != getegid())
2515 {
2516 /* Only root can change the gid */
2517 syserr("openmailer: insufficient privileges to change gid, RunAsUid=%d, new_gid=%d, gid=%d, egid=%d",
2518 (int) RunAsUid, (int) new_gid,
2519 (int) getgid(), (int) getegid());
2520 exit(EX_TEMPFAIL);
2521 }
2522
2523 if (setgid(new_gid) < 0 && suidwarn)
2524 {
2525 syserr("openmailer: setgid(%ld) failed",
2526 (long) new_gid);
2527 exit(EX_TEMPFAIL);
2528 }
2529 }
2530
2531 /* change root to some "safe" directory */
2532 if (m->m_rootdir != NULL)
2533 {
2534 expand(m->m_rootdir, cbuf, sizeof(cbuf), e);
2535 if (tTd(11, 20))
2536 sm_dprintf("openmailer: chroot %s\n",
2537 cbuf);
2538 if (chroot(cbuf) < 0)
2539 {
2540 syserr("openmailer: Cannot chroot(%s)",
2541 cbuf);
2542 exit(EX_TEMPFAIL);
2543 }
2544 if (chdir("/") < 0)
2545 {
2546 syserr("openmailer: cannot chdir(/)");
2547 exit(EX_TEMPFAIL);
2548 }
2549 }
2550
2551 /* reset user id */
2552 endpwent();
2553 sm_mbdb_terminate();
2554 if (bitnset(M_SPECIFIC_UID, m->m_flags))
2555 {
2556 if (m->m_uid == NO_UID)
2557 new_euid = RunAsUid;
2558 else
2559 new_euid = m->m_uid;
2560
2561 /*
2562 ** Undo the effects of the uid change in main
2563 ** for signal handling. The real uid may
2564 ** be used by mailer in adding a "From "
2565 ** line.
2566 */
2567
2568 if (RealUid != 0 && RealUid != getuid())
2569 {
2570 # if MAILER_SETUID_METHOD == USE_SETEUID
2571 # if HASSETREUID
2572 if (setreuid(RealUid, geteuid()) < 0)
2573 {
2574 syserr("openmailer: setreuid(%d, %d) failed",
2575 (int) RealUid, (int) geteuid());
2576 exit(EX_OSERR);
2577 }
2578 # endif /* HASSETREUID */
2579 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
2580 # if MAILER_SETUID_METHOD == USE_SETREUID
2581 new_ruid = RealUid;
2582 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
2583 }
2584 }
2585 else if (bitset(S_ISUID, stb.st_mode))
2586 new_ruid = stb.st_uid;
2587 else if (ctladdr != NULL && ctladdr->q_uid != 0)
2588 new_ruid = ctladdr->q_uid;
2589 else if (m->m_uid != NO_UID)
2590 new_ruid = m->m_uid;
2591 else
2592 new_ruid = DefUid;
2593
2594 # if _FFR_USE_SETLOGIN
2595 /* run disconnected from terminal and set login name */
2596 if (setsid() >= 0 &&
2597 ctladdr != NULL && ctladdr->q_uid != 0 &&
2598 new_euid == ctladdr->q_uid)
2599 {
2600 struct passwd *pwd;
2601
2602 pwd = sm_getpwuid(ctladdr->q_uid);
2603 if (pwd != NULL && suidwarn)
2604 (void) setlogin(pwd->pw_name);
2605 endpwent();
2606 }
2607 # endif /* _FFR_USE_SETLOGIN */
2608
2609 if (new_euid != NO_UID)
2610 {
2611 if (RunAsUid != 0 && new_euid != RunAsUid)
2612 {
2613 /* Only root can change the uid */
2614 syserr("openmailer: insufficient privileges to change uid, new_euid=%d, RunAsUid=%d",
2615 (int) new_euid, (int) RunAsUid);
2616 exit(EX_TEMPFAIL);
2617 }
2618
2619 vendor_set_uid(new_euid);
2620 # if MAILER_SETUID_METHOD == USE_SETEUID
2621 if (seteuid(new_euid) < 0 && suidwarn)
2622 {
2623 syserr("openmailer: seteuid(%ld) failed",
2624 (long) new_euid);
2625 exit(EX_TEMPFAIL);
2626 }
2627 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
2628 # if MAILER_SETUID_METHOD == USE_SETREUID
2629 if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
2630 {
2631 syserr("openmailer: setreuid(%ld, %ld) failed",
2632 (long) new_ruid, (long) new_euid);
2633 exit(EX_TEMPFAIL);
2634 }
2635 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
2636 # if MAILER_SETUID_METHOD == USE_SETUID
2637 if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
2638 {
2639 syserr("openmailer: setuid(%ld) failed",
2640 (long) new_euid);
2641 exit(EX_TEMPFAIL);
2642 }
2643 # endif /* MAILER_SETUID_METHOD == USE_SETUID */
2644 }
2645 else if (new_ruid != NO_UID)
2646 {
2647 vendor_set_uid(new_ruid);
2648 if (setuid(new_ruid) < 0 && suidwarn)
2649 {
2650 syserr("openmailer: setuid(%ld) failed",
2651 (long) new_ruid);
2652 exit(EX_TEMPFAIL);
2653 }
2654 }
2655
2656 if (tTd(11, 2))
2657 sm_dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n",
2658 (int) getuid(), (int) geteuid(),
2659 (int) getgid(), (int) getegid());
2660
2661 /* move into some "safe" directory */
2662 if (m->m_execdir != NULL)
2663 {
2664 char *q;
2665
2666 for (p = m->m_execdir; p != NULL; p = q)
2667 {
2668 q = strchr(p, ':');
2669 if (q != NULL)
2670 *q = '\0';
2671 expand(p, cbuf, sizeof(cbuf), e);
2672 if (q != NULL)
2673 *q++ = ':';
2674 if (tTd(11, 20))
2675 sm_dprintf("openmailer: trydir %s\n",
2676 cbuf);
2677 if (cbuf[0] != '\0' &&
2678 chdir(cbuf) >= 0)
2679 break;
2680 }
2681 }
2682
2683 /* Check safety of program to be run */
2684 sff = SFF_ROOTOK|SFF_EXECOK;
2685 if (!bitnset(DBS_RUNWRITABLEPROGRAM,
2686 DontBlameSendmail))
2687 sff |= SFF_NOGWFILES|SFF_NOWWFILES;
2688 if (bitnset(DBS_RUNPROGRAMINUNSAFEDIRPATH,
2689 DontBlameSendmail))
2690 sff |= SFF_NOPATHCHECK;
2691 else
2692 sff |= SFF_SAFEDIRPATH;
2693 ret = safefile(m->m_mailer, getuid(), getgid(),
2694 user, sff, 0, NULL);
2695 if (ret != 0)
2696 sm_syslog(LOG_INFO, e->e_id,
2697 "Warning: program %s unsafe: %s",
2698 m->m_mailer, sm_errstring(ret));
2699
2700 /* arrange to filter std & diag output of command */
2701 (void) close(rpvect[0]);
2702 if (dup2(rpvect[1], STDOUT_FILENO) < 0)
2703 {
2704 syserr("%s... openmailer(%s): cannot dup pipe %d for stdout",
2705 shortenstring(e->e_to, MAXSHORTSTR),
2706 m->m_name, rpvect[1]);
2707 _exit(EX_OSERR);
2708 }
2709 (void) close(rpvect[1]);
2710
2711 if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0)
2712 {
2713 syserr("%s... openmailer(%s): cannot dup stdout for stderr",
2714 shortenstring(e->e_to, MAXSHORTSTR),
2715 m->m_name);
2716 _exit(EX_OSERR);
2717 }
2718
2719 /* arrange to get standard input */
2720 (void) close(mpvect[1]);
2721 if (dup2(mpvect[0], STDIN_FILENO) < 0)
2722 {
2723 syserr("%s... openmailer(%s): cannot dup pipe %d for stdin",
2724 shortenstring(e->e_to, MAXSHORTSTR),
2725 m->m_name, mpvect[0]);
2726 _exit(EX_OSERR);
2727 }
2728 (void) close(mpvect[0]);
2729
2730 /* arrange for all the files to be closed */
2731 sm_close_on_exec(STDERR_FILENO + 1, DtableSize);
2732
2733 # if !_FFR_USE_SETLOGIN
2734 /* run disconnected from terminal */
2735 (void) setsid();
2736 # endif /* !_FFR_USE_SETLOGIN */
2737
2738 /* try to execute the mailer */
2739 (void) execve(m->m_mailer, (ARGV_T) pv,
2740 (ARGV_T) UserEnviron);
2741 save_errno = errno;
2742 syserr("Cannot exec %s", m->m_mailer);
2743 if (bitnset(M_LOCALMAILER, m->m_flags) ||
2744 transienterror(save_errno))
2745 _exit(EX_OSERR);
2746 _exit(EX_UNAVAILABLE);
2747 }
2748
2749 /*
2750 ** Set up return value.
2751 */
2752
2753 if (mci == NULL)
2754 {
2755 if (clever)
2756 {
2757 /*
2758 ** Allocate from general heap, not
2759 ** envelope rpool, because this mci
2760 ** is going to be cached.
2761 */
2762
2763 mci = mci_new(NULL);
2764 }
2765 else
2766 {
2767 /*
2768 ** Prevent a storage leak by allocating
2769 ** this from the envelope rpool.
2770 */
2771
2772 mci = mci_new(e->e_rpool);
2773 }
2774 }
2775 mci->mci_mailer = m;
2776 if (clever)
2777 {
2778 mci->mci_state = MCIS_OPENING;
2779 mci_cache(mci);
2780 }
2781 else
2782 {
2783 mci->mci_state = MCIS_OPEN;
2784 }
2785 mci->mci_pid = pid;
2786 (void) close(mpvect[0]);
2787 mci->mci_out = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
2788 (void *) &(mpvect[1]), SM_IO_WRONLY_B,
2789 NULL);
2790 if (mci->mci_out == NULL)
2791 {
2792 syserr("deliver: cannot create mailer output channel, fd=%d",
2793 mpvect[1]);
2794 (void) close(mpvect[1]);
2795 (void) close(rpvect[0]);
2796 (void) close(rpvect[1]);
2797 rcode = EX_OSERR;
2798 goto give_up;
2799 }
2800
2801 (void) close(rpvect[1]);
2802 mci->mci_in = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
2803 (void *) &(rpvect[0]), SM_IO_RDONLY_B,
2804 NULL);
2805 if (mci->mci_in == NULL)
2806 {
2807 syserr("deliver: cannot create mailer input channel, fd=%d",
2808 mpvect[1]);
2809 (void) close(rpvect[0]);
2810 (void) sm_io_close(mci->mci_out, SM_TIME_DEFAULT);
2811 mci->mci_out = NULL;
2812 rcode = EX_OSERR;
2813 goto give_up;
2814 }
2815 }
2816
2817 /*
2818 ** If we are in SMTP opening state, send initial protocol.
2819 */
2820
2821 if (bitnset(M_7BITS, m->m_flags) &&
2822 (!clever || mci->mci_state == MCIS_OPENING))
2823 mci->mci_flags |= MCIF_7BIT;
2824 if (clever && mci->mci_state != MCIS_CLOSED)
2825 {
2826 # if STARTTLS || SASL
2827 int dotpos;
2828 char *srvname;
2829 extern SOCKADDR CurHostAddr;
2830 # endif /* STARTTLS || SASL */
2831
2832 # if SASL
2833 # define DONE_AUTH(f) bitset(MCIF_AUTHACT, f)
2834 # endif /* SASL */
2835 # if STARTTLS
2836 # define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f)
2837 # endif /* STARTTLS */
2838 # define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f)
2839 # define SET_HELO(f) f |= MCIF_ONLY_EHLO
2840 # define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO
2841
2842 # if STARTTLS || SASL
2843 /* don't use CurHostName, it is changed in many places */
2844 if (mci->mci_host != NULL)
2845 {
2846 srvname = mci->mci_host;
2847 dotpos = strlen(srvname) - 1;
2848 if (dotpos >= 0)
2849 {
2850 if (srvname[dotpos] == '.')
2851 srvname[dotpos] = '\0';
2852 else
2853 dotpos = -1;
2854 }
2855 }
2856 else if (mci->mci_mailer != NULL)
2857 {
2858 srvname = mci->mci_mailer->m_name;
2859 dotpos = -1;
2860 }
2861 else
2862 {
2863 srvname = "local";
2864 dotpos = -1;
2865 }
2866
2867 /* don't set {server_name} to NULL or "": see getauth() */
2868 macdefine(&mci->mci_macro, A_TEMP, macid("{server_name}"),
2869 srvname);
2870
2871 /* CurHostAddr is set by makeconnection() and mci_get() */
2872 if (CurHostAddr.sa.sa_family != 0)
2873 {
2874 macdefine(&mci->mci_macro, A_TEMP,
2875 macid("{server_addr}"),
2876 anynet_ntoa(&CurHostAddr));
2877 }
2878 else if (mci->mci_mailer != NULL)
2879 {
2880 /* mailer name is unique, use it as address */
2881 macdefine(&mci->mci_macro, A_PERM,
2882 macid("{server_addr}"),
2883 mci->mci_mailer->m_name);
2884 }
2885 else
2886 {
2887 /* don't set it to NULL or "": see getauth() */
2888 macdefine(&mci->mci_macro, A_PERM,
2889 macid("{server_addr}"), "0");
2890 }
2891
2892 /* undo change of srvname (mci->mci_host) */
2893 if (dotpos >= 0)
2894 srvname[dotpos] = '.';
2895
2896 reconnect: /* after switching to an encrypted connection */
2897 # endif /* STARTTLS || SASL */
2898
2899 /* set the current connection information */
2900 e->e_mci = mci;
2901 # if SASL
2902 mci->mci_saslcap = NULL;
2903 # endif /* SASL */
2904 smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags));
2905 CLR_HELO(mci->mci_flags);
2906
2907 if (IS_DLVR_RETURN(e))
2908 {
2909 /*
2910 ** Check whether other side can deliver e-mail
2911 ** fast enough
2912 */
2913
2914 if (!bitset(MCIF_DLVR_BY, mci->mci_flags))
2915 {
2916 e->e_status = "5.4.7";
2917 usrerrenh(e->e_status,
2918 "554 Server does not support Deliver By");
2919 rcode = EX_UNAVAILABLE;
2920 goto give_up;
2921 }
2922 if (e->e_deliver_by > 0 &&
2923 e->e_deliver_by - (curtime() - e->e_ctime) <
2924 mci->mci_min_by)
2925 {
2926 e->e_status = "5.4.7";
2927 usrerrenh(e->e_status,
2928 "554 Message can't be delivered in time; %ld < %ld",
2929 e->e_deliver_by - (curtime() - e->e_ctime),
2930 mci->mci_min_by);
2931 rcode = EX_UNAVAILABLE;
2932 goto give_up;
2933 }
2934 }
2935
2936 # if STARTTLS
2937 /* first TLS then AUTH to provide a security layer */
2938 if (mci->mci_state != MCIS_CLOSED &&
2939 !DONE_STARTTLS(mci->mci_flags))
2940 {
2941 int olderrors;
2942 bool usetls;
2943 bool saveQuickAbort = QuickAbort;
2944 bool saveSuprErrs = SuprErrs;
2945 char *host = NULL;
2946
2947 rcode = EX_OK;
2948 usetls = bitset(MCIF_TLS, mci->mci_flags);
2949 if (usetls)
2950 usetls = !iscltflgset(e, D_NOTLS);
2951
2952 host = macvalue(macid("{server_name}"), e);
2953 if (usetls)
2954 {
2955 olderrors = Errors;
2956 QuickAbort = false;
2957 SuprErrs = true;
2958 if (rscheck("try_tls", host, NULL, e,
2959 RSF_RMCOMM, 7, host, NOQID, NULL)
2960 != EX_OK
2961 || Errors > olderrors)
2962 {
2963 usetls = false;
2964 }
2965 SuprErrs = saveSuprErrs;
2966 QuickAbort = saveQuickAbort;
2967 }
2968
2969 if (usetls)
2970 {
2971 if ((rcode = starttls(m, mci, e)) == EX_OK)
2972 {
2973 /* start again without STARTTLS */
2974 mci->mci_flags |= MCIF_TLSACT;
2975 }
2976 else
2977 {
2978 char *s;
2979
2980 /*
2981 ** TLS negotiation failed, what to do?
2982 ** fall back to unencrypted connection
2983 ** or abort? How to decide?
2984 ** set a macro and call a ruleset.
2985 */
2986
2987 mci->mci_flags &= ~MCIF_TLS;
2988 switch (rcode)
2989 {
2990 case EX_TEMPFAIL:
2991 s = "TEMP";
2992 break;
2993 case EX_USAGE:
2994 s = "USAGE";
2995 break;
2996 case EX_PROTOCOL:
2997 s = "PROTOCOL";
2998 break;
2999 case EX_SOFTWARE:
3000 s = "SOFTWARE";
3001 break;
3002 case EX_UNAVAILABLE:
3003 s = "NONE";
3004 break;
3005
3006 /* everything else is a failure */
3007 default:
3008 s = "FAILURE";
3009 rcode = EX_TEMPFAIL;
3010 }
3011 macdefine(&e->e_macro, A_PERM,
3012 macid("{verify}"), s);
3013 }
3014 }
3015 else
3016 macdefine(&e->e_macro, A_PERM,
3017 macid("{verify}"), "NONE");
3018 olderrors = Errors;
3019 QuickAbort = false;
3020 SuprErrs = true;
3021
3022 /*
3023 ** rcode == EX_SOFTWARE is special:
3024 ** the TLS negotiation failed
3025 ** we have to drop the connection no matter what
3026 ** However, we call tls_server to give it the chance
3027 ** to log the problem and return an appropriate
3028 ** error code.
3029 */
3030
3031 if (rscheck("tls_server",
3032 macvalue(macid("{verify}"), e),
3033 NULL, e, RSF_RMCOMM|RSF_COUNT, 5,
3034 host, NOQID, NULL) != EX_OK ||
3035 Errors > olderrors ||
3036 rcode == EX_SOFTWARE)
3037 {
3038 char enhsc[ENHSCLEN];
3039 extern char MsgBuf[];
3040
3041 if (ISSMTPCODE(MsgBuf) &&
3042 extenhsc(MsgBuf + 4, ' ', enhsc) > 0)
3043 {
3044 p = sm_rpool_strdup_x(e->e_rpool,
3045 MsgBuf);
3046 }
3047 else
3048 {
3049 p = "403 4.7.0 server not authenticated.";
3050 (void) sm_strlcpy(enhsc, "4.7.0",
3051 sizeof(enhsc));
3052 }
3053 SuprErrs = saveSuprErrs;
3054 QuickAbort = saveQuickAbort;
3055
3056 if (rcode == EX_SOFTWARE)
3057 {
3058 /* drop the connection */
3059 mci->mci_state = MCIS_QUITING;
3060 if (mci->mci_in != NULL)
3061 {
3062 (void) sm_io_close(mci->mci_in,
3063 SM_TIME_DEFAULT);
3064 mci->mci_in = NULL;
3065 }
3066 mci->mci_flags &= ~MCIF_TLSACT;
3067 (void) endmailer(mci, e, pv);
3068 }
3069 else
3070 {
3071 /* abort transfer */
3072 smtpquit(m, mci, e);
3073 }
3074
3075 /* avoid bogus error msg */
3076 mci->mci_errno = 0;
3077
3078 /* temp or permanent failure? */
3079 rcode = (*p == '4') ? EX_TEMPFAIL
3080 : EX_UNAVAILABLE;
3081 mci_setstat(mci, rcode, enhsc, p);
3082
3083 /*
3084 ** hack to get the error message into
3085 ** the envelope (done in giveresponse())
3086 */
3087
3088 (void) sm_strlcpy(SmtpError, p,
3089 sizeof(SmtpError));
3090 }
3091 else if (mci->mci_state == MCIS_CLOSED)
3092 {
3093 /* connection close caused by 421 */
3094 mci->mci_errno = 0;
3095 rcode = EX_TEMPFAIL;
3096 mci_setstat(mci, rcode, NULL, "421");
3097 }
3098 else
3099 rcode = 0;
3100
3101 QuickAbort = saveQuickAbort;
3102 SuprErrs = saveSuprErrs;
3103 if (DONE_STARTTLS(mci->mci_flags) &&
3104 mci->mci_state != MCIS_CLOSED)
3105 {
3106 SET_HELO(mci->mci_flags);
3107 mci->mci_flags &= ~MCIF_EXTENS;
3108 goto reconnect;
3109 }
3110 }
3111 # endif /* STARTTLS */
3112 # if SASL
3113 /* if other server supports authentication let's authenticate */
3114 if (mci->mci_state != MCIS_CLOSED &&
3115 mci->mci_saslcap != NULL &&
3116 !DONE_AUTH(mci->mci_flags) && !iscltflgset(e, D_NOAUTH))
3117 {
3118 /* Should we require some minimum authentication? */
3119 if ((ret = smtpauth(m, mci, e)) == EX_OK)
3120 {
3121 int result;
3122 sasl_ssf_t *ssf = NULL;
3123
3124 /* Get security strength (features) */
3125 result = sasl_getprop(mci->mci_conn, SASL_SSF,
3126 # if SASL >= 20000
3127 (const void **) &ssf);
3128 # else /* SASL >= 20000 */
3129 (void **) &ssf);
3130 # endif /* SASL >= 20000 */
3131
3132 /* XXX authid? */
3133 if (LogLevel > 9)
3134 sm_syslog(LOG_INFO, NOQID,
3135 "AUTH=client, relay=%.100s, mech=%.16s, bits=%d",
3136 mci->mci_host,
3137 macvalue(macid("{auth_type}"), e),
3138 result == SASL_OK ? *ssf : 0);
3139
3140 /*
3141 ** Only switch to encrypted connection
3142 ** if a security layer has been negotiated
3143 */
3144
3145 if (result == SASL_OK && *ssf > 0)
3146 {
3147 int tmo;
3148
3149 /*
3150 ** Convert I/O layer to use SASL.
3151 ** If the call fails, the connection
3152 ** is aborted.
3153 */
3154
3155 tmo = DATA_PROGRESS_TIMEOUT * 1000;
3156 if (sfdcsasl(&mci->mci_in,
3157 &mci->mci_out,
3158 mci->mci_conn, tmo) == 0)
3159 {
3160 mci->mci_flags &= ~MCIF_EXTENS;
3161 mci->mci_flags |= MCIF_AUTHACT|
3162 MCIF_ONLY_EHLO;
3163 goto reconnect;
3164 }
3165 syserr("AUTH TLS switch failed in client");
3166 }
3167 /* else? XXX */
3168 mci->mci_flags |= MCIF_AUTHACT;
3169
3170 }
3171 else if (ret == EX_TEMPFAIL)
3172 {
3173 if (LogLevel > 8)
3174 sm_syslog(LOG_ERR, NOQID,
3175 "AUTH=client, relay=%.100s, temporary failure, connection abort",
3176 mci->mci_host);
3177 smtpquit(m, mci, e);
3178
3179 /* avoid bogus error msg */
3180 mci->mci_errno = 0;
3181 rcode = EX_TEMPFAIL;
3182 mci_setstat(mci, rcode, "4.3.0", p);
3183
3184 /*
3185 ** hack to get the error message into
3186 ** the envelope (done in giveresponse())
3187 */
3188
3189 (void) sm_strlcpy(SmtpError,
3190 "Temporary AUTH failure",
3191 sizeof(SmtpError));
3192 }
3193 }
3194 # endif /* SASL */
3195 }
3196
3197
3198 do_transfer:
3199 /* clear out per-message flags from connection structure */
3200 mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7);
3201
3202 if (bitset(EF_HAS8BIT, e->e_flags) &&
3203 !bitset(EF_DONT_MIME, e->e_flags) &&
3204 bitnset(M_7BITS, m->m_flags))
3205 mci->mci_flags |= MCIF_CVT8TO7;
3206
3207 #if MIME7TO8
3208 if (bitnset(M_MAKE8BIT, m->m_flags) &&
3209 !bitset(MCIF_7BIT, mci->mci_flags) &&
3210 (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL &&
3211 (sm_strcasecmp(p, "quoted-printable") == 0 ||
3212 sm_strcasecmp(p, "base64") == 0) &&
3213 (p = hvalue("Content-Type", e->e_header)) != NULL)
3214 {
3215 /* may want to convert 7 -> 8 */
3216 /* XXX should really parse it here -- and use a class XXX */
3217 if (sm_strncasecmp(p, "text/plain", 10) == 0 &&
3218 (p[10] == '\0' || p[10] == ' ' || p[10] == ';'))
3219 mci->mci_flags |= MCIF_CVT7TO8;
3220 }
3221 #endif /* MIME7TO8 */
3222
3223 if (tTd(11, 1))
3224 {
3225 sm_dprintf("openmailer: ");
3226 mci_dump(sm_debug_file(), mci, false);
3227 }
3228
3229 #if _FFR_CLIENT_SIZE
3230 /*
3231 ** See if we know the maximum size and
3232 ** abort if the message is too big.
3233 **
3234 ** NOTE: _FFR_CLIENT_SIZE is untested.
3235 */
3236
3237 if (bitset(MCIF_SIZE, mci->mci_flags) &&
3238 mci->mci_maxsize > 0 &&
3239 e->e_msgsize > mci->mci_maxsize)
3240 {
3241 e->e_flags |= EF_NO_BODY_RETN;
3242 if (bitnset(M_LOCALMAILER, m->m_flags))
3243 e->e_status = "5.2.3";
3244 else
3245 e->e_status = "5.3.4";
3246
3247 usrerrenh(e->e_status,
3248 "552 Message is too large; %ld bytes max",
3249 mci->mci_maxsize);
3250 rcode = EX_DATAERR;
3251
3252 /* Need an e_message for error */
3253 (void) sm_snprintf(SmtpError, sizeof(SmtpError),
3254 "Message is too large; %ld bytes max",
3255 mci->mci_maxsize);
3256 goto give_up;
3257 }
3258 #endif /* _FFR_CLIENT_SIZE */
3259
3260 if (mci->mci_state != MCIS_OPEN)
3261 {
3262 /* couldn't open the mailer */
3263 rcode = mci->mci_exitstat;
3264 errno = mci->mci_errno;
3265 SM_SET_H_ERRNO(mci->mci_herrno);
3266 if (rcode == EX_OK)
3267 {
3268 /* shouldn't happen */
3269 syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s",
3270 (unsigned long) mci, rcode, errno,
3271 mci->mci_state, firstsig);
3272 mci_dump_all(smioout, true);
3273 rcode = EX_SOFTWARE;
3274 }
3275 else if (nummxhosts > hostnum)
3276 {
3277 /* try next MX site */
3278 goto tryhost;
3279 }
3280 }
3281 else if (!clever)
3282 {
3283 bool ok;
3284
3285 /*
3286 ** Format and send message.
3287 */
3288
3289 rcode = EX_OK;
3290 errno = 0;
3291 ok = putfromline(mci, e);
3292 if (ok)
3293 ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
3294 if (ok)
3295 ok = (*e->e_putbody)(mci, e, NULL);
3296 if (ok && bitset(MCIF_INLONGLINE, mci->mci_flags))
3297 ok = putline("", mci);
3298
3299 /*
3300 ** Ignore an I/O error that was caused by EPIPE.
3301 ** Some broken mailers don't read the entire body
3302 ** but just exit() thus causing an I/O error.
3303 */
3304
3305 if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE))
3306 ok = true;
3307
3308 /* (always) get the exit status */
3309 rcode = endmailer(mci, e, pv);
3310 if (!ok)
3311 rcode = EX_TEMPFAIL;
3312 if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0')
3313 {
3314 /*
3315 ** Need an e_message for mailq display.
3316 ** We set SmtpError as
3317 */
3318
3319 (void) sm_snprintf(SmtpError, sizeof(SmtpError),
3320 "%s mailer (%s) exited with EX_TEMPFAIL",
3321 m->m_name, m->m_mailer);
3322 }
3323 }
3324 else
3325 {
3326 /*
3327 ** Send the MAIL FROM: protocol
3328 */
3329
3330 /* XXX this isn't pipelined... */
3331 rcode = smtpmailfrom(m, mci, e);
3332 if (rcode == EX_OK)
3333 {
3334 register int i;
3335 # if PIPELINING
3336 ADDRESS *volatile pchain;
3337 # endif /* PIPELINING */
3338
3339 /* send the recipient list */
3340 tobuf[0] = '\0';
3341 mci->mci_retryrcpt = false;
3342 mci->mci_tolist = tobuf;
3343 # if PIPELINING
3344 pchain = NULL;
3345 mci->mci_nextaddr = NULL;
3346 # endif /* PIPELINING */
3347
3348 for (to = tochain; to != NULL; to = to->q_tchain)
3349 {
3350 if (!QS_IS_UNMARKED(to->q_state))
3351 continue;
3352
3353 /* mark recipient state as "ok so far" */
3354 to->q_state = QS_OK;
3355 e->e_to = to->q_paddr;
3356 # if STARTTLS
3357 i = rscheck("tls_rcpt", to->q_user, NULL, e,
3358 RSF_RMCOMM|RSF_COUNT, 3,
3359 mci->mci_host, e->e_id, NULL);
3360 if (i != EX_OK)
3361 {
3362 markfailure(e, to, mci, i, false);
3363 giveresponse(i, to->q_status, m, mci,
3364 ctladdr, xstart, e, to);
3365 if (i == EX_TEMPFAIL)
3366 {
3367 mci->mci_retryrcpt = true;
3368 to->q_state = QS_RETRY;
3369 }
3370 continue;
3371 }
3372 # endif /* STARTTLS */
3373
3374 i = smtprcpt(to, m, mci, e, ctladdr, xstart);
3375 # if PIPELINING
3376 if (i == EX_OK &&
3377 bitset(MCIF_PIPELINED, mci->mci_flags))
3378 {
3379 /*
3380 ** Add new element to list of
3381 ** recipients for pipelining.
3382 */
3383
3384 to->q_pchain = NULL;
3385 if (mci->mci_nextaddr == NULL)
3386 mci->mci_nextaddr = to;
3387 if (pchain == NULL)
3388 pchain = to;
3389 else
3390 {
3391 pchain->q_pchain = to;
3392 pchain = pchain->q_pchain;
3393 }
3394 }
3395 # endif /* PIPELINING */
3396 if (i != EX_OK)
3397 {
3398 markfailure(e, to, mci, i, false);
3399 giveresponse(i, to->q_status, m, mci,
3400 ctladdr, xstart, e, to);
3401 if (i == EX_TEMPFAIL)
3402 to->q_state = QS_RETRY;
3403 }
3404 }
3405
3406 /* No recipients in list and no missing responses? */
3407 if (tobuf[0] == '\0'
3408 # if PIPELINING
3409 && bitset(MCIF_PIPELINED, mci->mci_flags)
3410 && mci->mci_nextaddr == NULL
3411 # endif /* PIPELINING */
3412 )
3413 {
3414 rcode = EX_OK;
3415 e->e_to = NULL;
3416 if (bitset(MCIF_CACHED, mci->mci_flags))
3417 smtprset(m, mci, e);
3418 }
3419 else
3420 {
3421 e->e_to = tobuf + 1;
3422 rcode = smtpdata(m, mci, e, ctladdr, xstart);
3423 }
3424 }
3425 if (rcode == EX_TEMPFAIL && nummxhosts > hostnum)
3426 {
3427 /* try next MX site */
3428 goto tryhost;
3429 }
3430 }
3431 #if NAMED_BIND
3432 if (ConfigLevel < 2)
3433 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
3434 #endif /* NAMED_BIND */
3435
3436 if (tTd(62, 1))
3437 checkfds("after delivery");
3438
3439 /*
3440 ** Do final status disposal.
3441 ** We check for something in tobuf for the SMTP case.
3442 ** If we got a temporary failure, arrange to queue the
3443 ** addressees.
3444 */
3445
3446 give_up:
3447 if (bitnset(M_LMTP, m->m_flags))
3448 {
3449 lmtp_rcode = rcode;
3450 tobuf[0] = '\0';
3451 anyok = false;
3452 strsize = 0;
3453 }
3454 else
3455 anyok = rcode == EX_OK;
3456
3457 for (to = tochain; to != NULL; to = to->q_tchain)
3458 {
3459 /* see if address already marked */
3460 if (!QS_IS_OK(to->q_state))
3461 continue;
3462
3463 /* if running LMTP, get the status for each address */
3464 if (bitnset(M_LMTP, m->m_flags))
3465 {
3466 if (lmtp_rcode == EX_OK)
3467 rcode = smtpgetstat(m, mci, e);
3468 if (rcode == EX_OK)
3469 {
3470 strsize += sm_strlcat2(tobuf + strsize, ",",
3471 to->q_paddr,
3472 tobufsize - strsize);
3473 SM_ASSERT(strsize < tobufsize);
3474 anyok = true;
3475 }
3476 else
3477 {
3478 e->e_to = to->q_paddr;
3479 markfailure(e, to, mci, rcode, true);
3480 giveresponse(rcode, to->q_status, m, mci,
3481 ctladdr, xstart, e, to);
3482 e->e_to = tobuf + 1;
3483 continue;
3484 }
3485 }
3486 else
3487 {
3488 /* mark bad addresses */
3489 if (rcode != EX_OK)
3490 {
3491 if (goodmxfound && rcode == EX_NOHOST)
3492 rcode = EX_TEMPFAIL;
3493 markfailure(e, to, mci, rcode, true);
3494 continue;
3495 }
3496 }
3497
3498 /* successful delivery */
3499 to->q_state = QS_SENT;
3500 to->q_statdate = curtime();
3501 e->e_nsent++;
3502
3503 /*
3504 ** Checkpoint the send list every few addresses
3505 */
3506
3507 if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval)
3508 {
3509 queueup(e, false, false);
3510 e->e_nsent = 0;
3511 }
3512
3513 if (bitnset(M_LOCALMAILER, m->m_flags) &&
3514 bitset(QPINGONSUCCESS, to->q_flags))
3515 {
3516 to->q_flags |= QDELIVERED;
3517 to->q_status = "2.1.5";
3518 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
3519 "%s... Successfully delivered\n",
3520 to->q_paddr);
3521 }
3522 else if (bitset(QPINGONSUCCESS, to->q_flags) &&
3523 bitset(QPRIMARY, to->q_flags) &&
3524 !bitset(MCIF_DSN, mci->mci_flags))
3525 {
3526 to->q_flags |= QRELAYED;
3527 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
3528 "%s... relayed; expect no further notifications\n",
3529 to->q_paddr);
3530 }
3531 else if (IS_DLVR_NOTIFY(e) &&
3532 !bitset(MCIF_DLVR_BY, mci->mci_flags) &&
3533 bitset(QPRIMARY, to->q_flags) &&
3534 (!bitset(QHASNOTIFY, to->q_flags) ||
3535 bitset(QPINGONSUCCESS, to->q_flags) ||
3536 bitset(QPINGONFAILURE, to->q_flags) ||
3537 bitset(QPINGONDELAY, to->q_flags)))
3538 {
3539 /* RFC 2852, 4.1.4.2: no NOTIFY, or not NEVER */
3540 to->q_flags |= QBYNRELAY;
3541 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
3542 "%s... Deliver-by notify: relayed\n",
3543 to->q_paddr);
3544 }
3545 else if (IS_DLVR_TRACE(e) &&
3546 (!bitset(QHASNOTIFY, to->q_flags) ||
3547 bitset(QPINGONSUCCESS, to->q_flags) ||
3548 bitset(QPINGONFAILURE, to->q_flags) ||
3549 bitset(QPINGONDELAY, to->q_flags)) &&
3550 bitset(QPRIMARY, to->q_flags))
3551 {
3552 /* RFC 2852, 4.1.4: no NOTIFY, or not NEVER */
3553 to->q_flags |= QBYTRACE;
3554 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
3555 "%s... Deliver-By trace: relayed\n",
3556 to->q_paddr);
3557 }
3558 }
3559
3560 if (bitnset(M_LMTP, m->m_flags))
3561 {
3562 /*
3563 ** Global information applies to the last recipient only;
3564 ** clear it out to avoid bogus errors.
3565 */
3566
3567 rcode = EX_OK;
3568 e->e_statmsg = NULL;
3569
3570 /* reset the mci state for the next transaction */
3571 if (mci != NULL &&
3572 (mci->mci_state == MCIS_MAIL ||
3573 mci->mci_state == MCIS_RCPT ||
3574 mci->mci_state == MCIS_DATA))
3575 {
3576 mci->mci_state = MCIS_OPEN;
3577 SmtpPhase = mci->mci_phase = "idle";
3578 sm_setproctitle(true, e, "%s: %s", CurHostName,
3579 mci->mci_phase);
3580 }
3581 }
3582
3583 if (tobuf[0] != '\0')
3584 {
3585 giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e, tochain);
3586 #if 0
3587 /*
3588 ** This code is disabled for now because I am not
3589 ** sure that copying status from the first recipient
3590 ** to all non-status'ed recipients is a good idea.
3591 */
3592
3593 if (tochain->q_message != NULL &&
3594 !bitnset(M_LMTP, m->m_flags) && rcode != EX_OK)
3595 {
3596 for (to = tochain->q_tchain; to != NULL;
3597 to = to->q_tchain)
3598 {
3599 /* see if address already marked */
3600 if (QS_IS_QUEUEUP(to->q_state) &&
3601 to->q_message == NULL)
3602 to->q_message = sm_rpool_strdup_x(e->e_rpool,
3603 tochain->q_message);
3604 }
3605 }
3606 #endif /* 0 */
3607 }
3608 if (anyok)
3609 markstats(e, tochain, STATS_NORMAL);
3610 mci_store_persistent(mci);
3611
3612 /* Some recipients were tempfailed, try them on the next host */
3613 if (mci != NULL && mci->mci_retryrcpt && nummxhosts > hostnum)
3614 {
3615 /* try next MX site */
3616 goto tryhost;
3617 }
3618
3619 /* now close the connection */
3620 if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED &&
3621 !bitset(MCIF_CACHED, mci->mci_flags))
3622 smtpquit(m, mci, e);
3623
3624 cleanup: ;
3625 }
3626 SM_FINALLY
3627 {
3628 /*
3629 ** Restore state and return.
3630 */
3631 #if XDEBUG
3632 char wbuf[MAXLINE];
3633
3634 /* make absolutely certain 0, 1, and 2 are in use */
3635 (void) sm_snprintf(wbuf, sizeof(wbuf),
3636 "%s... end of deliver(%s)",
3637 e->e_to == NULL ? "NO-TO-LIST"
3638 : shortenstring(e->e_to,
3639 MAXSHORTSTR),
3640 m->m_name);
3641 checkfd012(wbuf);
3642 #endif /* XDEBUG */
3643
3644 errno = 0;
3645
3646 /*
3647 ** It was originally necessary to set macro 'g' to NULL
3648 ** because it previously pointed to an auto buffer.
3649 ** We don't do this any more, so this may be unnecessary.
3650 */
3651
3652 macdefine(&e->e_macro, A_PERM, 'g', (char *) NULL);
3653 e->e_to = NULL;
3654 }
3655 SM_END_TRY
3656 return rcode;
3657 }
3658
3659 /*
3660 ** MARKFAILURE -- mark a failure on a specific address.
3661 **
3662 ** Parameters:
3663 ** e -- the envelope we are sending.
3664 ** q -- the address to mark.
3665 ** mci -- mailer connection information.
3666 ** rcode -- the code signifying the particular failure.
3667 ** ovr -- override an existing code?
3668 **
3669 ** Returns:
3670 ** none.
3671 **
3672 ** Side Effects:
3673 ** marks the address (and possibly the envelope) with the
3674 ** failure so that an error will be returned or
3675 ** the message will be queued, as appropriate.
3676 */
3677
3678 void
markfailure(e,q,mci,rcode,ovr)3679 markfailure(e, q, mci, rcode, ovr)
3680 register ENVELOPE *e;
3681 register ADDRESS *q;
3682 register MCI *mci;
3683 int rcode;
3684 bool ovr;
3685 {
3686 int save_errno = errno;
3687 char *status = NULL;
3688 char *rstatus = NULL;
3689
3690 switch (rcode)
3691 {
3692 case EX_OK:
3693 break;
3694
3695 case EX_TEMPFAIL:
3696 case EX_IOERR:
3697 case EX_OSERR:
3698 q->q_state = QS_QUEUEUP;
3699 break;
3700
3701 default:
3702 q->q_state = QS_BADADDR;
3703 break;
3704 }
3705
3706 /* find most specific error code possible */
3707 if (mci != NULL && mci->mci_status != NULL)
3708 {
3709 status = sm_rpool_strdup_x(e->e_rpool, mci->mci_status);
3710 if (mci->mci_rstatus != NULL)
3711 rstatus = sm_rpool_strdup_x(e->e_rpool,
3712 mci->mci_rstatus);
3713 else
3714 rstatus = NULL;
3715 }
3716 else if (e->e_status != NULL)
3717 {
3718 status = e->e_status;
3719 rstatus = NULL;
3720 }
3721 else
3722 {
3723 switch (rcode)
3724 {
3725 case EX_USAGE:
3726 status = "5.5.4";
3727 break;
3728
3729 case EX_DATAERR:
3730 status = "5.5.2";
3731 break;
3732
3733 case EX_NOUSER:
3734 status = "5.1.1";
3735