X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=sink.c;h=5d92556f01d5435ef1d9e1d847521a4b50d6b350;hb=2629c4511c68729d98acfd08637c1f00d3807f49;hp=e0b904e63c9673ec713fef948c6a76655eac0468;hpb=45bcf00ee95d474f989d5594da378116d63702be;p=~andy%2Ffetchmail diff --git a/sink.c b/sink.c index e0b904e6..5d92556f 100644 --- a/sink.c +++ b/sink.c @@ -15,7 +15,6 @@ #include #include #include -#include #ifdef HAVE_MEMORY_H #include #endif /* HAVE_MEMORY_H */ @@ -31,9 +30,16 @@ #include #endif #include -#include +#include #include "fetchmail.h" + +/* for W* macros after pclose() */ +#define _USE_BSD +#include +#include +#include + #include "socket.h" #include "smtp.h" #include "i18n.h" @@ -46,17 +52,43 @@ /* makes the open_sink()/close_sink() pair non-reentrant */ static int lmtp_responses; -int smtp_open(struct query *ctl) -/* try to open a socket to the appropriate SMTP server for this query */ +void smtp_close(struct query *ctl, int sayquit) +/* close the socket to SMTP server */ { - char *parsed_host = NULL; - - /* maybe it's time to close the socket in order to force delivery */ - if (NUM_NONZERO(ctl->batchlimit) && (ctl->smtp_socket != -1) && ++batchcount == ctl->batchlimit) + if (ctl->smtp_socket != -1) { + if (sayquit) + SMTP_quit(ctl->smtp_socket, ctl->smtphostmode); SockClose(ctl->smtp_socket); ctl->smtp_socket = -1; - batchcount = 0; + } + batchcount = 0; +} + +static void smtp_rset(struct query *ctl) +/* reset the mail transaction */ +{ + if (SMTP_rset(ctl->smtp_socket, ctl->smtphostmode) == SM_UNRECOVERABLE) + { + /* close the bad connection. fetchmail will reconnect for the + * next mail */ + smtp_close(ctl, 0); + } +} + +int smtp_setup(struct query *ctl) +/* try to open a socket to the appropriate SMTP server for this query */ +{ + /* maybe it's time to close the socket in order to force delivery */ + if (last_smtp_ok > 0 && time((time_t *)NULL) - last_smtp_ok > mytimeout) + { + smtp_close(ctl, 1); + last_smtp_ok = 0; + } + if (NUM_NONZERO(ctl->batchlimit)) { + if (batchcount == ctl->batchlimit) + smtp_close(ctl, 1); + batchcount++; } /* if no socket to any SMTP host is already set up, try to open one */ @@ -82,7 +114,8 @@ int smtp_open(struct query *ctl) */ struct idlist *idp; const char *id_me = run.invisible ? ctl->server.truename : fetchmailhost; - int oldphase = phase; + int oldphase; + char *parsed_host = NULL; errno = 0; @@ -98,92 +131,101 @@ int smtp_open(struct query *ctl) for (idp = ctl->smtphunt; idp; idp = idp->next) { char *cp; -#ifdef INET6_ENABLE - char *portnum = SMTP_PORT; -#else - int portnum = SMTP_PORT; -#endif /* INET6_ENABLE */ - - xalloca(parsed_host, char *, strlen(idp->id) + 1); + const char *portnum = SMTP_PORT; ctl->smtphost = idp->id; /* remember last host tried. */ - if(ctl->smtphost[0]=='/') - ctl->listener = LMTP_MODE; - - strcpy(parsed_host, idp->id); - if ((cp = strrchr(parsed_host, '/'))) + if (ctl->smtphost[0]=='/') { - *cp++ = 0; -#ifdef INET6_ENABLE - portnum = cp; -#else - portnum = atoi(cp); -#endif /* INET6_ENABLE */ + ctl->smtphostmode = LMTP_MODE; + xfree(parsed_host); + if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) + continue; } - - if (ctl->smtphost[0]=='/'){ - if((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) + else + { + ctl->smtphostmode = ctl->listener; + parsed_host = xstrdup(idp->id); + if ((cp = strrchr(parsed_host, '/'))) + { + *cp++ = 0; + if (cp[0]) + portnum = cp; + } + if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); continue; - } else - if ((ctl->smtp_socket = SockOpen(parsed_host,portnum,NULL, - ctl->server.plugout)) == -1) - continue; + } + } /* return immediately for ODMR */ if (ctl->server.protocol == P_ODMR) - return(ctl->smtp_socket); /* success */ - - /* are we doing SMTP or LMTP? */ - SMTP_setmode(ctl->listener); + { + set_timeout(0); + phase = oldphase; + xfree(parsed_host); + return(ctl->smtp_socket); /* success */ + } /* first, probe for ESMTP */ - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_ehlo(ctl->smtp_socket, id_me, - &ctl->server.esmtp_options) == SM_OK) - break; /* success */ + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_ehlo(ctl->smtp_socket, ctl->smtphostmode, id_me, + ctl->server.esmtp_name, ctl->server.esmtp_password, + &ctl->server.esmtp_options) == SM_OK) + break; /* success */ /* * RFC 1869 warns that some listeners hang up on a failed EHLO, * so it's safest not to assume the socket will still be good. */ - SockClose(ctl->smtp_socket); - ctl->smtp_socket = -1; + smtp_close(ctl, 0); /* if opening for ESMTP failed, try SMTP */ - if ((ctl->smtp_socket = SockOpen(parsed_host,portnum,NULL, - ctl->server.plugout)) == -1) - continue; + if (ctl->smtphost[0]=='/') + { + if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) + continue; + } + else + { + if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); + continue; + } + } - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_helo(ctl->smtp_socket, id_me) == SM_OK) + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_helo(ctl->smtp_socket, ctl->smtphostmode, id_me) == SM_OK) break; /* success */ - SockClose(ctl->smtp_socket); - ctl->smtp_socket = -1; + smtp_close(ctl, 0); } set_timeout(0); phase = oldphase; - } - /* - * RFC 1123 requires that the domain name part of the - * RCPT TO address be "canonicalized", that is a FQDN - * or MX but not a CNAME. Some listeners (like exim) - * enforce this. Now that we have the actual hostname, - * compute what we should canonicalize with. - * - * make sure we do not forget to drop the /port if - * using LMTP (hmh) - */ - if (ctl->listener == LMTP_MODE && !ctl->smtpaddress) - { - if (parsed_host && parsed_host[0] != 0) - ctl->destaddr = xstrdup(parsed_host); - else - ctl->destaddr = (ctl->smtphost && ctl->smtphost[0] != '/') ? ctl->smtphost : "localhost"; - } - else - ctl->destaddr = ctl->smtpaddress ? ctl->smtpaddress : ( ctl->smtphost && ctl->smtphost[0] != '/' ? ctl->smtphost : "localhost"); + /* + * RFC 1123 requires that the domain name part of the + * RCPT TO address be "canonicalized", that is a FQDN + * or MX but not a CNAME. Some listeners (like exim) + * enforce this. Now that we have the actual hostname, + * compute what we should canonicalize with. + */ + xfree(ctl->destaddr); + if (ctl->smtpaddress) + ctl->destaddr = xstrdup(ctl->smtpaddress); + /* parsed_host is smtphost without the /port */ + else if (parsed_host && parsed_host[0] != 0) + ctl->destaddr = xstrdup(parsed_host); + /* No smtphost is specified or it is a UNIX socket, then use + localhost as a domain part. */ + else + ctl->destaddr = xstrdup("localhost"); + xfree(parsed_host); + } + /* end if (ctl->smtp_socket == -1) */ if (outlevel >= O_DEBUG && ctl->smtp_socket != -1) report(stdout, GT_("forwarding to %s\n"), ctl->smtphost); @@ -192,52 +234,85 @@ int smtp_open(struct query *ctl) } static void sanitize(char *s) -/* replace unsafe shellchars by an _ */ +/* replace ' by _ */ { - const static char *ok_chars = " 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; char *cp; - for (cp = s; *(cp += strspn(cp, ok_chars)); /* NO INCREMENT */) + for (cp = s; (cp = strchr (cp, '\'')); cp++) *cp = '_'; } +char *rcpt_address(struct query *ctl, const char *id, + int usesmtpname) +{ + static char addr[HOSTLEN+USERNAMELEN+1]; + if (strchr(id, '@')) + { + snprintf(addr, sizeof (addr), "%s", id); + } + else if (usesmtpname && ctl->smtpname) + { + snprintf(addr, sizeof (addr), "%s", ctl->smtpname); + } + else + { + snprintf(addr, sizeof (addr), "%s@%s", id, ctl->destaddr); + } + return addr; +} + static int send_bouncemail(struct query *ctl, struct msgblk *msg, - int userclass, char *message, + int userclass, const char *message /* should have \r\n at the end */, int nerrors, char *errors[]) /* bounce back an error report a la RFC 1892 */ { - char daemon_name[18 + HOSTLEN] = "FETCHMAIL-DAEMON@"; - char boundary[BUFSIZ], *bounce_to; + char daemon_name[15 + HOSTLEN] = "MAILER-DAEMON@"; + char boundary[BUFSIZ]; + const char *bounce_to; int sock; + static char *fqdn_of_host = NULL; + const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || strcmp(msg->return_path, "<>") == 0) - return(FALSE); + if (!msg || !msg->return_path[0] || + strcmp(msg->return_path, "<>") == 0 || + strcasecmp(msg->return_path, md1) == 0 || + strncasecmp(msg->return_path, md2, strlen(md2)) == 0) + return(TRUE); bounce_to = (run.bouncemail ? msg->return_path : run.postmaster); - SMTP_setmode(SMTP_MODE); - /* can't just use fetchmailhost here, it might be localhost */ - strcat(daemon_name, host_fqdn()); + if (fqdn_of_host == NULL) + fqdn_of_host = host_fqdn(0); /* can't afford to bail out and + lose the NDN here */ + strlcat(daemon_name, fqdn_of_host, sizeof(daemon_name)); /* we need only SMTP for this purpose */ - if ((sock = SockOpen("localhost", SMTP_PORT, NULL, NULL)) == -1 - || SMTP_ok(sock) != SM_OK - || SMTP_helo(sock, fetchmailhost) != SM_OK - || SMTP_from(sock, daemon_name, (char *)NULL) != SM_OK - || SMTP_rcpt(sock, bounce_to) != SM_OK - || SMTP_data(sock) != SM_OK) + /* XXX FIXME: hardcoding localhost is nonsense if smtphost can be + * configured */ + if ((sock = SockOpen("localhost", SMTP_PORT, NULL, &ai1)) == -1) return(FALSE); + if (SMTP_ok(sock, SMTP_MODE, TIMEOUT_STARTSMTP) != SM_OK) + { + SockClose(sock); + return FALSE; + } + + if (SMTP_helo(sock, SMTP_MODE, fetchmailhost) != SM_OK + || SMTP_from(sock, SMTP_MODE, "<>", (char *)NULL) != SM_OK + || SMTP_rcpt(sock, SMTP_MODE, bounce_to) != SM_OK + || SMTP_data(sock, SMTP_MODE) != SM_OK) + { + SMTP_quit(sock, SMTP_MODE); + SockClose(sock); + return(FALSE); + } + /* our first duty is to keep the sacred foo counters turning... */ -#ifdef HAVE_SNPRINTF - snprintf(boundary, sizeof(boundary), -#else - sprintf(boundary, -#endif /* HAVE_SNPRINTF */ - "foo-mani-padme-hum-%d-%d-%ld", - (int)getpid(), (int)getppid(), time((time_t *)NULL)); + snprintf(boundary, sizeof(boundary), "foo-mani-padme-hum-%ld-%ld-%ld", + (long)getpid(), (long)getppid(), (long)time(NULL)); if (outlevel >= O_VERBOSE) report(stdout, GT_("SMTP: (bounce-message body)\n")); @@ -246,9 +321,10 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, report(stderr, GT_("mail from %s bounced to %s\n"), daemon_name, bounce_to); + /* bouncemail headers */ - SockPrintf(sock, "Return-Path: <>\r\n"); - SockPrintf(sock, "From: %s\r\n", daemon_name); + SockPrintf(sock, "Subject: Mail delivery failed: returning message to sender\r\n"); + SockPrintf(sock, "From: Mail Delivery System <%s>\r\n", daemon_name); SockPrintf(sock, "To: %s\r\n", bounce_to); SockPrintf(sock, "MIME-Version: 1.0\r\n"); SockPrintf(sock, "Content-Type: multipart/report; report-type=delivery-status;\r\n\tboundary=\"%s\"\r\n", boundary); @@ -258,20 +334,45 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, SockPrintf(sock, "--%s\r\n", boundary); SockPrintf(sock,"Content-Type: text/plain\r\n"); SockPrintf(sock, "\r\n"); - SockWrite(sock, message, strlen(message)); + SockPrintf(sock, "This message was created automatically by mail delivery software.\r\n"); + SockPrintf(sock, "\r\n"); + SockPrintf(sock, "A message that you sent could not be delivered to one or more of its\r\n"); + SockPrintf(sock, "recipients. This is a permanent error.\r\n"); SockPrintf(sock, "\r\n"); + SockPrintf(sock, "Reason: %s", message); SockPrintf(sock, "\r\n"); + SockPrintf(sock, "The following address(es) failed:\r\n"); if (nerrors) { struct idlist *idp; int nusers; + nusers = 0; + for (idp = msg->recipients; idp; idp = idp->next) + { + if (idp->val.status.mark == userclass) + { + char *error; + SockPrintf(sock, "%s\r\n", rcpt_address (ctl, idp->id, 1)); + + if (nerrors == 1) error = errors[0]; + else if (nerrors <= nusers) + { + SockPrintf(sock, "Internal error: SMTP error count doesn't match number of recipients.\r\n"); + break; + } + else error = errors[nusers++]; + + SockPrintf(sock, " SMTP error: %s\r\n\r\n", error); + } + } + /* RFC1892 part 2 -- machine-readable responses */ SockPrintf(sock, "--%s\r\n", boundary); SockPrintf(sock,"Content-Type: message/delivery-status\r\n"); SockPrintf(sock, "\r\n"); - SockPrintf(sock, "Reporting-MTA: dns; %s\r\n", fetchmailhost); + SockPrintf(sock, "Reporting-MTA: dns; %s\r\n", fqdn_of_host); nusers = 0; for (idp = msg->recipients; idp; idp = idp->next) @@ -280,15 +381,15 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, char *error; /* Minimum RFC1894 compliance + Diagnostic-Code field */ SockPrintf(sock, "\r\n"); - SockPrintf(sock, "Final-Recipient: rfc822; %s@%s\r\n", - idp->id, fetchmailhost); + SockPrintf(sock, "Final-Recipient: rfc822; %s\r\n", + rcpt_address (ctl, idp->id, 1)); SockPrintf(sock, "Last-Attempt-Date: %s\r\n", rfc822timestamp()); SockPrintf(sock, "Action: failed\r\n"); if (nerrors == 1) /* one error applies to all users */ error = errors[0]; - else if (nerrors > nusers) + else if (nerrors <= nusers) { SockPrintf(sock, "Internal error: SMTP error count doesn't match number of recipients.\r\n"); break; @@ -297,9 +398,9 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, /* errors correspond 1-1 to selected users */ error = errors[nusers++]; - if (strlen(error) > 9 && isdigit(error[4]) - && error[5] == '.' && isdigit(error[6]) - && error[7] == '.' && isdigit(error[8])) + if (strlen(error) > 9 && isdigit((unsigned char)error[4]) + && error[5] == '.' && isdigit((unsigned char)error[6]) + && error[7] == '.' && isdigit((unsigned char)error[8])) /* Enhanced status code available, use it */ SockPrintf(sock, "Status: %5.5s\r\n", &(error[4])); else @@ -314,12 +415,19 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, SockPrintf(sock, "--%s\r\n", boundary); SockPrintf(sock, "Content-Type: text/rfc822-headers\r\n"); SockPrintf(sock, "\r\n"); - SockWrite(sock, msg->headers, strlen(msg->headers)); - SockPrintf(sock, "\r\n"); + if (msg->headers) + { + SockWrite(sock, msg->headers, strlen(msg->headers)); + SockPrintf(sock, "\r\n"); + } SockPrintf(sock, "--%s--\r\n", boundary); - if (SMTP_eom(sock) != SM_OK || SMTP_quit(sock)) + if (SMTP_eom(sock, SMTP_MODE) != SM_OK + || SMTP_quit(sock, SMTP_MODE) != SM_OK) + { + SockClose(sock); return(FALSE); + } SockClose(sock); @@ -328,13 +436,13 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, static int handle_smtp_report(struct query *ctl, struct msgblk *msg) /* handle SMTP errors based on the content of SMTP_response */ -/* return of PS_REFUSED deletes mail from the server; PS_TRANSIENT keeps it */ +/* returns either PS_REFUSED (to delete message from the server), + * or PS_TRANSIENT (keeps the message on the server) */ { int smtperr = atoi(smtp_response); char *responses[1]; - xalloca(responses[0], char *, strlen(smtp_response)+1); - strcpy(responses[0], smtp_response); + responses[0] = xstrdup(smtp_response); #ifdef __UNUSED__ /* @@ -343,7 +451,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * RSET discards the message body and it doesn't get sent to the * valid recipients. */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ if (outlevel >= O_DEBUG) report(stdout, GT_("Saved error is still %d\n"), smtperr); #endif /* __UNUSED */ @@ -378,9 +486,16 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * */ if (run.spambounce) - send_bouncemail(ctl, msg, XMIT_ACCEPT, - "Our spam filter rejected this transaction.\r\n", - 1, responses); + { + char rejmsg[160]; + snprintf(rejmsg, sizeof(rejmsg), + "spam filter or virus scanner rejected message because:\r\n" + "%s\r\n", responses[0]); + + send_bouncemail(ctl, msg, XMIT_ACCEPT, + rejmsg, 1, responses); + } + free(responses[0]); return(PS_REFUSED); } @@ -391,7 +506,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) */ if (smtperr >= 400) report(stderr, GT_("%cMTP error: %s\n"), - ctl->listener, + ctl->smtphostmode, responses[0]); switch (smtperr) @@ -402,10 +517,12 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * ESMTP server. Don't try to ship the message, * and allow it to be deleted. */ - send_bouncemail(ctl, msg, XMIT_ACCEPT, + if (run.bouncemail) + send_bouncemail(ctl, msg, XMIT_ACCEPT, "This message was too large (SMTP error 552).\r\n", 1, responses); - return(run.bouncemail ? PS_REFUSED : PS_TRANSIENT); + free(responses[0]); + return(PS_REFUSED); case 553: /* invalid sending domain */ /* @@ -415,18 +532,38 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * (b) we wouldn't want spammers to get confirmation that * this address is live, anyway. */ - send_bouncemail(ctl, msg, XMIT_ACCEPT, +#ifdef __DONT_FEED_THE_SPAMMERS__ + if (run.bouncemail) + send_bouncemail(ctl, msg, XMIT_ACCEPT, "Invalid address in MAIL FROM (SMTP error 553).\r\n", 1, responses); +#endif /* __DONT_FEED_THE_SPAMMERS__ */ + free(responses[0]); return(PS_REFUSED); + case 530: /* must issue STARTTLS error */ + /* + * Some SMTP servers insist on encrypted communication + * Let's set PS_TRANSIENT, otherwise all messages to be sent + * over such server would be blackholed - see RFC 3207. + */ + if (outlevel > O_SILENT) + report_complete(stdout, + GT_("SMTP server requires STARTTLS, keeping message.\n")); + free(responses[0]); + return(PS_TRANSIENT); + default: /* bounce non-transient errors back to the sender */ if (smtperr >= 500 && smtperr <= 599) - if (send_bouncemail(ctl, msg, XMIT_ACCEPT, + { + if (run.bouncemail) + send_bouncemail(ctl, msg, XMIT_ACCEPT, "General SMTP/ESMTP error.\r\n", - 1, responses)) - return(run.bouncemail ? PS_REFUSED : PS_TRANSIENT); + 1, responses); + free(responses[0]); + return(PS_REFUSED); + } /* * We're going to end up here on 4xx errors, like: * @@ -439,11 +576,56 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * * Bouncemail *might* be appropriate here as a delay * notification (note; if we ever add this, we must make - * sure the RFC1894 Action field is "delayed" rather thwn + * sure the RFC1894 Action field is "delayed" rather than * "failed"). But it's not really necessary because * these are not actual failures, we're very likely to be * able to recover on the next cycle. */ + free(responses[0]); + return(PS_TRANSIENT); + } +} + +static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *msg) +/* handle SMTP errors based on the content of SMTP_response */ +/* atleast one PS_TRANSIENT: do not send the bounce mail, keep the mail; + * no PS_TRANSIENT, atleast one PS_SUCCESS: send the bounce mail, delete the mail; + * no PS_TRANSIENT, no PS_SUCCESS: do not send the bounce mail, delete the mail */ +{ + int smtperr = atoi(smtp_response); + + (void)msg; + + if (str_find(&ctl->antispam, smtperr)) + { + if (run.spambounce) + return(PS_SUCCESS); + return(PS_REFUSED); + } + + if (smtperr >= 400) + report(stderr, GT_("%cMTP error: %s\n"), + ctl->smtphostmode, + smtp_response); + + switch (smtperr) + { + case 552: /* message exceeds fixed maximum message size */ + if (run.bouncemail) + return(PS_SUCCESS); + return(PS_REFUSED); + + case 553: /* invalid sending domain */ +#ifdef __DONT_FEED_THE_SPAMMERS__ + if (run.bouncemail) + return(PS_SUCCESS); +#endif /* __DONT_FEED_THE_SPAMMERS__ */ + return(PS_REFUSED); + + default: + /* bounce non-transient errors back to the sender */ + if (smtperr >= 500 && smtperr <= 599) + return(PS_SUCCESS); return(PS_TRANSIENT); } } @@ -457,10 +639,13 @@ int stuffline(struct query *ctl, char *buf) int n, oldphase; char *last; + if (!buf) + return -1; + /* The line may contain NUL characters. Find the last char to use * -- the real line termination is the sequence "\n\0". */ - last = buf; + last = buf + 1; /* last[-1] must be valid! */ while ((last += strlen(last)) && (last[-1] != '\n')) last++; @@ -487,17 +672,26 @@ int stuffline(struct query *ctl, char *buf) { if (ctl->server.base_protocol->delimited) /* server has already byte-stuffed */ { - if (ctl->mda) + if (ctl->mda) { + /* writing to MDA, undo byte-stuffing */ ++buf; - else + } else { /* writing to SMTP, leave the byte-stuffing in place */; + } } else /* if (!protocol->delimited) -- not byte-stuffed already */ { - if (!ctl->mda) - SockWrite(ctl->smtp_socket, buf, 1); /* byte-stuff it */ - else - /* leave it alone */; + /* byte-stuff it */ + if (!ctl->mda) { + if (!ctl->bsmtp) { + n = SockWrite(ctl->smtp_socket, buf, 1); + } else { + n = fwrite(buf, 1, 1, sinkfp); + if (ferror(sinkfp)) n = -1; + } + if (n < 0) + return n; + } } } @@ -514,9 +708,10 @@ int stuffline(struct query *ctl, char *buf) } n = 0; - if (ctl->mda || ctl->bsmtp) + if (ctl->mda || ctl->bsmtp) { n = fwrite(buf, 1, last - buf, sinkfp); - else if (ctl->smtp_socket != -1) + if (ferror(sinkfp)) n = -1; + } else if (ctl->smtp_socket != -1) n = SockWrite(ctl->smtp_socket, buf, last - buf); phase = oldphase; @@ -529,15 +724,26 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, /* open a BSMTP stream */ { struct idlist *idp; + int need_anglebrs; if (strcmp(ctl->bsmtp, "-") == 0) sinkfp = stdout; else sinkfp = fopen(ctl->bsmtp, "a"); + if (!sinkfp || ferror(sinkfp)) { + report(stderr, GT_("BSMTP file open failed: %s\n"), + strerror(errno)); + return(PS_BSMTP); + } + /* see the ap computation under the SMTP branch */ - fprintf(sinkfp, - "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user); + need_anglebrs = (msg->return_path[0] != '<'); + fprintf(sinkfp, + "MAIL FROM:%s%s%s", + need_anglebrs ? "<" : "", + (msg->return_path[0]) ? msg->return_path : user, + need_anglebrs ? ">" : ""); if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT)) fputs(" BODY=8BITMIME", sinkfp); @@ -556,28 +762,23 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, * enforce this. Now that we have the actual hostname, * compute what we should canonicalize with. */ - ctl->destaddr = ctl->smtpaddress ? ctl->smtpaddress : "localhost"; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup(ctl->smtpaddress ? ctl->smtpaddress : "localhost"); *bad_addresses = 0; for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) { - if (ctl->smtpname) - fprintf(sinkfp, "RCPT TO: %s\r\n", ctl->smtpname); - else if (strchr(idp->id, '@')) - fprintf(sinkfp, - "RCPT TO: %s\r\n", idp->id); - else - fprintf(sinkfp, - "RCPT TO: %s@%s\r\n", idp->id, ctl->destaddr); - *good_addresses = 0; + fprintf(sinkfp, "RCPT TO:<%s>\r\n", + rcpt_address (ctl, idp->id, 1)); + (*good_addresses)++; } fputs("DATA\r\n", sinkfp); - if (ferror(sinkfp)) + if (fflush(sinkfp) || ferror(sinkfp)) { - report(stderr, GT_("BSMTP file open or preamble write failed\n")); + report(stderr, GT_("BSMTP preamble write failed: %s.\n"), strerror(errno)); return(PS_BSMTP); } @@ -587,8 +788,57 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, /* this is experimental and will be removed if double bounces are reported */ #define EXPLICIT_BOUNCE_ON_BAD_ADDRESS + +static const char *is_quad(const char *q) +/* Check if the string passed in points to what could be one quad of a + * dotted-quad IP address. Requirements are that the string is not a + * NULL pointer, begins with a period (which is skipped) or a digit + * and ends with a period or a NULL. If these requirements are met, a + * pointer to the last character (the period or the NULL character) is + * returned; otherwise NULL. + */ +{ + const char *r; + + if (!q || !*q) + return NULL; + if (*q == '.') + q++; + for(r=q;isdigit((unsigned char)*r);r++) + ; + if ( ((*r) && (*r != '.')) || ((r-q) < 1) || ((r-q)>3) ) + return NULL; + /* Make sure quad is < 255 */ + if ( (r-q) == 3) + { + if (*q > '2') + return NULL; + else if (*q == '2') + { + if (*(q+1) > '5') + return NULL; + else if (*(q+1) == '5') + { + if (*(q+2) > '5') + return NULL; + } + } + } + return r; +} + +static int is_dottedquad(const char *hostname) +/* Returns a true value if the passed in string looks like an IP + * address in dotted-quad form, and a false value otherwise. + */ + +{ + return ((hostname=is_quad(is_quad(is_quad(is_quad(hostname))))) != NULL) && + (*hostname == '\0'); +} + static int open_smtp_sink(struct query *ctl, struct msgblk *msg, - int *good_addresses, int *bad_addresses) + int *good_addresses, int *bad_addresses /* this must be signed, to prevent endless loop in from_addresses */) /* open an SMTP stream */ { const char *ap; @@ -599,6 +849,8 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, char **from_responses; #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ int total_addresses; + int force_transient_error = 0; + int smtp_err; /* * Compute ESMTP options. @@ -639,35 +891,59 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, * path equal to "@". Ghod knows why anyone does this, but * it's been reported to happen in mail from Amazon.com and * Motorola. + * + * Also, if the hostname is a dotted quad, wrap it in square brackets. + * Apparently this is required by RFC2821, section 4.1.3. */ - if (!msg->return_path[0] || (0 == strcmp(msg->return_path, "@"))) + if (!msg->return_path[0] || (msg->return_path[0] == '@')) { -#ifdef HAVE_SNPRINTF + if (strchr(ctl->remotename,'@') || strchr(ctl->remotename,'!')) + { + snprintf(addr, sizeof(addr), "%s", ctl->remotename); + } + else if (is_dottedquad(ctl->server.truename)) + { + snprintf(addr, sizeof(addr), "%s@[%s]", ctl->remotename, + ctl->server.truename); + } + else + { snprintf(addr, sizeof(addr), -#else - sprintf(addr, -#endif /* HAVE_SNPRINTF */ "%s@%s", ctl->remotename, ctl->server.truename); + } ap = addr; } else if (strchr(msg->return_path,'@') || strchr(msg->return_path,'!')) ap = msg->return_path; + /* in case Return-Path was "<>" we want to preserve that */ + else if (strcmp(msg->return_path,"<>") == 0) + ap = msg->return_path; else /* in case Return-Path existed but was local */ { -#ifdef HAVE_SNPRINTF - snprintf(addr, sizeof(addr), -#else - sprintf(addr, -#endif /* HAVE_SNPRINTF */ - "%s@%s", msg->return_path, ctl->server.truename); + if (is_dottedquad(ctl->server.truename)) + { + snprintf(addr, sizeof(addr), "%s@[%s]", msg->return_path, + ctl->server.truename); + } + else + { + snprintf(addr, sizeof(addr), "%s@%s", + msg->return_path, ctl->server.truename); + } ap = addr; } - if (SMTP_from(ctl->smtp_socket, ap, options) != SM_OK) + if ((smtp_err = SMTP_from(ctl->smtp_socket, ctl->smtphostmode, + ap, options)) == SM_UNRECOVERABLE) { - int err = handle_smtp_report(ctl, msg); + smtp_close(ctl, 0); + return(PS_TRANSIENT); + } + if (smtp_err != SM_OK) + { + int err = handle_smtp_report(ctl, msg); /* map to PS_TRANSIENT or PS_REFUSED */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(err); } @@ -678,72 +954,83 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, for (idp = msg->recipients; idp; idp = idp->next) total_addresses++; #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS - xalloca(from_responses, char **, sizeof(char *) * total_addresses); + from_responses = (char **)xmalloc(sizeof(char *) * total_addresses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) { - if (strchr(idp->id, '@')) - strcpy(addr, idp->id); - else { - if (ctl->smtpname) { -#ifdef HAVE_SNPRINTF - snprintf(addr, sizeof(addr)-1, "%s", ctl->smtpname); -#else - sprintf(addr, "%s", ctl->smtpname); -#endif /* HAVE_SNPRINTF */ - - } else { -#ifdef HAVE_SNPRINTF - snprintf(addr, sizeof(addr)-1, "%s@%s", idp->id, ctl->destaddr); -#else - sprintf(addr, "%s@%s", idp->id, ctl->destaddr); -#endif /* HAVE_SNPRINTF */ - } + const char *address; + address = rcpt_address (ctl, idp->id, 1); + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, + address)) == SM_UNRECOVERABLE) + { + smtp_close(ctl, 0); +transient: +#ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS + while (*bad_addresses) + free(from_responses[--*bad_addresses]); + free(from_responses); +#endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ + return(PS_TRANSIENT); } - if (SMTP_rcpt(ctl->smtp_socket, addr) == SM_OK) + if (smtp_err == SM_OK) (*good_addresses)++; else { -#ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS - char errbuf[POPBUFSIZE]; -#endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ - handle_smtp_report(ctl, msg); + switch (handle_smtp_report_without_bounce(ctl, msg)) + { + case PS_TRANSIENT: + force_transient_error = 1; + break; + case PS_SUCCESS: #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS -#ifdef HAVE_SNPRINTF - snprintf(errbuf, sizeof(errbuf), "%s: %s", - idp->id, smtp_response); -#else - strncpy(errbuf, idp->id, sizeof(errbuf)); - strcat(errbuf, ": "); - strcat(errbuf, smtp_response); -#endif /* HAVE_SNPRINTF */ - - xalloca(from_responses[*bad_addresses], - char *, - strlen(errbuf)+1); - strcpy(from_responses[*bad_addresses], errbuf); + from_responses[*bad_addresses] = xstrdup(smtp_response); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ - (*bad_addresses)++; - idp->val.status.mark = XMIT_RCPTBAD; - if (outlevel >= O_VERBOSE) - report(stderr, - GT_("%cMTP listener doesn't like recipient address `%s'\n"), - ctl->listener, addr); + (*bad_addresses)++; + idp->val.status.mark = XMIT_RCPTBAD; + if (outlevel >= O_VERBOSE) + report(stderr, + GT_("%cMTP listener doesn't like recipient address `%s'\n"), + ctl->smtphostmode, address); + break; + + case PS_REFUSED: + if (outlevel >= O_VERBOSE) + report(stderr, + GT_("%cMTP listener doesn't really like recipient address `%s'\n"), + ctl->smtphostmode, address); + break; + } } } + if (force_transient_error) { + /* do not risk dataloss due to overengineered multidrop + * crap. If one of the recipients returned PS_TRANSIENT, + * we return exactly that. + */ + smtp_rset(ctl); /* required by RFC1870 */ + goto transient; + } #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS /* * This should not be necessary, because the SMTP listener itself - * should genrate a bounce for the bad address. + * should generate a bounce for the bad address. + * + * XXX FIXME 2006-01-19: is this comment true? I don't think + * it is, because the SMTP listener isn't required to accept bogus + * messages. There appears to be general SMTP<->MDA and + * responsibility confusion. */ if (*bad_addresses) send_bouncemail(ctl, msg, XMIT_RCPTBAD, "Some addresses were rejected by the MDA fetchmail forwards to.\r\n", *bad_addresses, from_responses); + while (*bad_addresses) + free(from_responses[--*bad_addresses]); + free(from_responses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ /* @@ -759,24 +1046,19 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, { if (outlevel >= O_VERBOSE) report(stderr, GT_("no address matches; no postmaster set.\n")); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } - if (strchr(run.postmaster, '@')) - strncpy(addr, run.postmaster, sizeof(addr)); - else + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, + rcpt_address (ctl, run.postmaster, 0))) == SM_UNRECOVERABLE) { -#ifdef HAVE_SNPRINTF - snprintf(addr, sizeof(addr)-1, "%s@%s", run.postmaster, ctl->destaddr); -#else - sprintf(addr, "%s@%s", run.postmaster, ctl->destaddr); -#endif /* HAVE_SNPRINTF */ + smtp_close(ctl, 0); + return(PS_TRANSIENT); } - - if (SMTP_rcpt(ctl->smtp_socket, addr) != SM_OK) + if (smtp_err != SM_OK) { report(stderr, GT_("can't even send to %s!\n"), run.postmaster); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } @@ -788,12 +1070,25 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, * Tell the listener we're ready to send data. * Some listeners (like zmailer) may return antispam errors here. */ - if (SMTP_data(ctl->smtp_socket) != SM_OK) + if ((smtp_err = SMTP_data(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) + { + smtp_close(ctl, 0); + return(PS_TRANSIENT); + } + if (smtp_err != SM_OK) { - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ - return(handle_smtp_report(ctl, msg)); + int err = handle_smtp_report(ctl, msg); + smtp_rset(ctl); /* stay on the safe side */ + return(err); } + /* + * We need to stash this away in order to know how many + * response lines to expect after the LMTP end-of-message. + */ + lmtp_responses = *good_addresses; + return(PS_SUCCESS); } @@ -801,14 +1096,16 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, int *good_addresses, int *bad_addresses) /* open a stream to a local MDA */ { -#ifdef HAVE_SIGACTION - struct sigaction sa_new; -#endif /* HAVE_SIGACTION */ +#ifdef HAVE_SETEUID + uid_t orig_uid; +#endif /* HAVE_SETEUID */ struct idlist *idp; int length = 0, fromlen = 0, nameslen = 0; char *names = NULL, *before, *after, *from = NULL; - ctl->destaddr = "localhost"; + (void)bad_addresses; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup("localhost"); for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) @@ -826,9 +1123,9 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, */ nameslen = 0; for (idp = msg->recipients; idp; idp = idp->next) - if ((idp->val.status.mark == XMIT_ACCEPT)) + if (idp->val.status.mark == XMIT_ACCEPT) nameslen += (strlen(idp->id) + 1); /* string + ' ' */ - if ((*good_addresses == 0)) + if (*good_addresses == 0) nameslen = strlen(run.postmaster); names = (char *)xmalloc(nameslen + 1); /* account for '\0' */ @@ -846,7 +1143,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, names[--nameslen] = '\0'; /* chop trailing space */ } - /* sanitize names in order to contain only harmless shell chars */ sanitize(names); } @@ -855,7 +1151,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, { from = xstrdup(msg->return_path); - /* sanitize from in order to contain *only* harmless shell chars */ sanitize(from); fromlen = strlen(from); @@ -869,21 +1164,21 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, /* find length of resulting mda string */ sp = before; while ((sp = strstr(sp, "%s"))) { - length += nameslen - 2; /* subtract %s */ + length += nameslen; /* subtract %s and add '' */ sp += 2; } sp = before; while ((sp = strstr(sp, "%T"))) { - length += nameslen - 2; /* subtract %T */ + length += nameslen; /* subtract %T and add '' */ sp += 2; } sp = before; while ((sp = strstr(sp, "%F"))) { - length += fromlen - 2; /* subtract %F */ + length += fromlen; /* subtract %F and add '' */ sp += 2; } - after = xmalloc(length + 1); + after = (char *)xmalloc(length + 1); /* copy mda source string to after, while expanding %[sTF] */ for (dp = after, sp = before; (*dp = *sp); dp++, sp++) { @@ -892,13 +1187,17 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, /* need to expand? BTW, no here overflow, because in ** the worst case (end of string) sp[1] == '\0' */ if (sp[1] == 's' || sp[1] == 'T') { + *dp++ = '\''; strcpy(dp, names); dp += nameslen; + *dp++ = '\''; sp++; /* position sp over [sT] */ dp--; /* adjust dp */ } else if (sp[1] == 'F') { + *dp++ = '\''; strcpy(dp, from); dp += fromlen; + *dp++ = '\''; sp++; /* position sp over F */ dp--; /* adjust dp */ } @@ -929,7 +1228,11 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, * MDA creates properly. (The seteuid call is available * under all BSDs and Linux) */ - seteuid(ctl->uid); + orig_uid = getuid(); + if (seteuid(ctl->uid)) { + report(stderr, GT_("Cannot switch effective user id to %ld: %s\n"), (long)ctl->uid, strerror(errno)); + return PS_IOERR; + } #endif /* HAVE_SETEUID */ sinkfp = popen(before, "w"); @@ -938,7 +1241,10 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, #ifdef HAVE_SETEUID /* this will fail quietly if we didn't start as root */ - seteuid(0); + if (seteuid(orig_uid)) { + report(stderr, GT_("Cannot switch effective user id back to original %ld: %s\n"), (long)orig_uid, strerror(errno)); + return PS_IOERR; + } #endif /* HAVE_SETEUID */ if (!sinkfp) @@ -952,14 +1258,7 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, * sigchld_handler() would reap away the error status, returning * error status instead of 0 for successful completion. */ -#ifndef HAVE_SIGACTION - signal(SIGCHLD, SIG_DFL); -#else - memset (&sa_new, 0, sizeof sa_new); - sigemptyset (&sa_new.sa_mask); - sa_new.sa_handler = SIG_DFL; - sigaction (SIGCHLD, &sa_new, NULL); -#endif /* HAVE_SIGACTION */ + set_signal_handler(SIGCHLD, SIG_DFL); return(PS_SUCCESS); } @@ -970,6 +1269,8 @@ int open_sink(struct query *ctl, struct msgblk *msg, { *bad_addresses = *good_addresses = 0; + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + if (ctl->bsmtp) /* dump to a BSMTP batch file */ return(open_bsmtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -977,7 +1278,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, * open a socket fails, fall through to attempt delivery via * local MDA. */ - else if (!ctl->mda && smtp_open(ctl) != -1) + else if (!ctl->mda && smtp_setup(ctl) != -1) return(open_smtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -988,7 +1289,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, else if (!ctl->mda) { report(stderr, GT_("%cMTP connect to %s failed\n"), - ctl->listener, + ctl->smtphostmode, ctl->smtphost ? ctl->smtphost : "localhost"); #ifndef FALLBACK_MDA @@ -1005,8 +1306,11 @@ int open_sink(struct query *ctl, struct msgblk *msg, /* * User was delivering locally. We have a fallback MDA. * Latch it in place, logging the error, and fall through. + * Set stripcr as we would if MDA had been the initial transport */ ctl->mda = FALLBACK_MDA; + if (!ctl->forcecr) + ctl->stripcr = TRUE; report(stderr, GT_("can't raise the listener; falling back to %s"), FALLBACK_MDA); @@ -1016,12 +1320,6 @@ int open_sink(struct query *ctl, struct msgblk *msg, if (ctl->mda) /* must deliver through an MDA */ return(open_mda_sink(ctl, msg, good_addresses, bad_addresses)); - /* - * We need to stash this away in order to know how many - * response lines to expect after the LMTP end-of-message. - */ - lmtp_responses = *good_addresses; - return(PS_SUCCESS); } @@ -1029,7 +1327,13 @@ void release_sink(struct query *ctl) /* release the per-message output sink, whether it's a pipe or SMTP socket */ { if (ctl->bsmtp && sinkfp) - fclose(sinkfp); + { + if (strcmp(ctl->bsmtp, "-")) + { + fclose(sinkfp); + sinkfp = (FILE *)NULL; + } + } else if (ctl->mda) { if (sinkfp) @@ -1044,58 +1348,89 @@ void release_sink(struct query *ctl) int close_sink(struct query *ctl, struct msgblk *msg, flag forward) /* perform end-of-message actions on the current output sink */ { - if (ctl->mda) - { - int rc; + int smtp_err; + + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + + if (ctl->bsmtp && sinkfp) { + int error, oerrno; + + /* implicit disk-full check here... */ + fputs(".\r\n", sinkfp); + error = ferror(sinkfp); + oerrno = errno; + if (strcmp(ctl->bsmtp, "-")) + { + if (fclose(sinkfp) == EOF) { + error = 1; + oerrno = errno; + } + sinkfp = (FILE *)NULL; + } + if (error) + { + report(stderr, + GT_("Message termination or close of BSMTP file failed: %s\n"), strerror(oerrno)); + return(FALSE); + } + } else if (ctl->mda) { + int rc = 0, e = 0, e2 = 0, err = 0; /* close the delivery pipe, we'll reopen before next message */ if (sinkfp) { + if (ferror(sinkfp)) + err = 1, e2 = errno; + if ((fflush(sinkfp))) + err = 1, e2 = errno; + + errno = 0; rc = pclose(sinkfp); + e = errno; sinkfp = (FILE *)NULL; } - else - rc = 0; deal_with_sigchld(); /* Restore SIGCHLD handling to reap zombies */ - if (rc) + if (rc || err) { - report(stderr, - GT_("MDA returned nonzero status %d\n"), rc); - return(FALSE); - } - } - else if (ctl->bsmtp && sinkfp) - { - int error; + if (err) { + report(stderr, GT_("Error writing to MDA: %s\n"), strerror(e2)); + } else if (WIFSIGNALED(rc)) { + report(stderr, + GT_("MDA died of signal %d\n"), WTERMSIG(rc)); + } else if (WIFEXITED(rc)) { + report(stderr, + GT_("MDA returned nonzero status %d\n"), WEXITSTATUS(rc)); + } else { + report(stderr, + GT_("Strange: MDA pclose returned %d and errno %d/%s, cannot handle at %s:%d\n"), + rc, e, strerror(e), __FILE__, __LINE__); + } - /* implicit disk-full check here... */ - fputs(".\r\n", sinkfp); - error = ferror(sinkfp); - if (strcmp(ctl->bsmtp, "-")) - if (fclose(sinkfp) == EOF) error = 1; - if (error) - { - report(stderr, - GT_("Message termination or close of BSMTP file failed\n")); return(FALSE); } } else if (forward) { /* write message terminator */ - if (SMTP_eom(ctl->smtp_socket) != SM_OK) + if ((smtp_err = SMTP_eom(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) + { + smtp_close(ctl, 0); + return(FALSE); + } + if (smtp_err != SM_OK) { if (handle_smtp_report(ctl, msg) != PS_REFUSED) { - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(FALSE); } else { report(stderr, GT_("SMTP listener refused delivery\n")); - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(TRUE); } } @@ -1110,11 +1445,11 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) * otherwise the message will get left in the queue and resent * to people who got it the first time. */ - if (ctl->listener == LMTP_MODE) + if (ctl->smtphostmode == LMTP_MODE) { if (lmtp_responses == 0) { - SMTP_ok(ctl->smtp_socket); + SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM); /* * According to RFC2033, 503 is the only legal response @@ -1140,27 +1475,28 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) } else { - int i, errors; + int i, errors, rc = FALSE; char **responses; /* eat the RFC2033-required responses, saving errors */ - xalloca(responses, char **, sizeof(char *) * lmtp_responses); + responses = (char **)xmalloc(sizeof(char *) * lmtp_responses); for (errors = i = 0; i < lmtp_responses; i++) { - if (SMTP_ok(ctl->smtp_socket) == SM_OK) - responses[i] = (char *)NULL; - else + if ((smtp_err = SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM)) + == SM_UNRECOVERABLE) + { + smtp_close(ctl, 0); + goto unrecov; + } + if (smtp_err != SM_OK) { - xalloca(responses[errors], - char *, - strlen(smtp_response)+1); - strcpy(responses[errors], smtp_response); + responses[errors] = xstrdup(smtp_response); errors++; } } if (errors == 0) - return(TRUE); /* all deliveries succeeded */ + rc = TRUE; /* all deliveries succeeded */ else /* * One or more deliveries failed. @@ -1170,9 +1506,15 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) * message from the server so it won't be * re-forwarded on subsequent poll cycles. */ - return(send_bouncemail(ctl, msg, XMIT_ACCEPT, - "LSMTP partial delivery failure.\r\n", - errors, responses)); + rc = send_bouncemail(ctl, msg, XMIT_ACCEPT, + "LMTP partial delivery failure.\r\n", + errors, responses); + +unrecov: + for (i = 0; i < errors; i++) + free(responses[i]); + free(responses); + return rc; } } } @@ -1180,7 +1522,7 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) return(TRUE); } -int open_warning_by_mail(struct query *ctl, struct msgblk *msg) +int open_warning_by_mail(struct query *ctl) /* set up output sink for a mailed warning to calling user */ { int good, bad; @@ -1205,10 +1547,11 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) * option to ESMTP; the message length would be more trouble than * it's worth to compute. */ - struct msgblk reply = {NULL, NULL, "FETCHMAIL-DAEMON@", 0}; + struct msgblk reply = {NULL, NULL, "FETCHMAIL-DAEMON@", 0, 0}; int status; - strcat(reply.return_path, fetchmailhost); + strlcat(reply.return_path, ctl->smtpaddress ? ctl->smtpaddress : + fetchmailhost, sizeof(reply.return_path)); if (!MULTIDROP(ctl)) /* send to calling user */ { @@ -1218,21 +1561,33 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) } else /* send to postmaster */ status = open_sink(ctl, &reply, &good, &bad); - stuff_warning(ctl, "Date: %s", rfc822timestamp()); + if (status == 0) { + stuff_warning(NULL, ctl, "From: FETCHMAIL-DAEMON@%s", + ctl->smtpaddress ? ctl->smtpaddress : fetchmailhost); + stuff_warning(NULL, ctl, "Date: %s", rfc822timestamp()); + stuff_warning(NULL, ctl, "MIME-Version: 1.0"); + stuff_warning(NULL, ctl, "Content-Transfer-Encoding: 8bit"); + stuff_warning(NULL, ctl, "Content-Type: text/plain; charset=\"%s\"", iana_charset); + } return(status); } +/* format and ship a warning message line by mail */ +/* if rfc2047charset is non-NULL, encode the line (that is assumed to be + * a header line) as per RFC-2047 using rfc2047charset as the character + * set field */ #if defined(HAVE_STDARG_H) -void stuff_warning(struct query *ctl, const char *fmt, ... ) +void stuff_warning(const char *rfc2047charset, struct query *ctl, const char *fmt, ... ) #else -void stuff_warning(struct query *ctl, fmt, va_alist) +void stuff_warning(rfc2047charset, ctl, fmt, va_alist) +const char *charset; struct query *ctl; const char *fmt; /* printf-style format */ va_dcl #endif -/* format and ship a warning message line by mail */ { - char buf[POPBUFSIZE]; + /* make huge -- i18n can bulk up error messages a lot */ + char buf[2*MSGBUFSIZE+4]; va_list ap; /* @@ -1246,26 +1601,23 @@ va_dcl #else va_start(ap); #endif -#ifdef HAVE_VSNPRINTF - vsnprintf(buf, sizeof(buf), fmt, ap); -#else - vsprintf(buf, fmt, ap); -#endif + vsnprintf(buf, sizeof(buf) - 2, fmt, ap); va_end(ap); -#ifdef HAVE_SNPRINTF snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n"); -#else - strcat(buf, "\r\n"); -#endif /* HAVE_SNPRINTF */ - stuffline(ctl, buf); + /* guard against very long lines */ + buf[MSGBUFSIZE+1] = '\r'; + buf[MSGBUFSIZE+2] = '\n'; + buf[MSGBUFSIZE+3] = '\0'; + + stuffline(ctl, rfc2047charset != NULL ? rfc2047e(buf, rfc2047charset) : buf); } void close_warning_by_mail(struct query *ctl, struct msgblk *msg) /* sign and send mailed warnings */ { - stuff_warning(ctl, GT_("--\r\n\t\t\t\tThe Fetchmail Daemon\r\n")); + stuff_warning(NULL, ctl, GT_("-- \nThe Fetchmail Daemon")); close_sink(ctl, msg, TRUE); }