X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=sink.c;h=5e9bef9864eb80f6ae3bac880a33b582be8a1e55;hb=87bcf29364c4640edb87cc2186b965d1a564d70c;hp=9a80922b706e417a2e041dbe62e952f6ba283dfd;hpb=bcc358c34513559116ad49673029eddcbf7a5bf0;p=~andy%2Ffetchmail diff --git a/sink.c b/sink.c index 9a80922b..5e9bef98 100644 --- a/sink.c +++ b/sink.c @@ -15,20 +15,9 @@ #include #include #include -#ifdef HAVE_MEMORY_H -#include -#endif /* HAVE_MEMORY_H */ -#if defined(STDC_HEADERS) #include -#endif -#if defined(HAVE_UNISTD_H) #include -#endif -#if defined(HAVE_STDARG_H) #include -#else -#include -#endif #include #include @@ -42,7 +31,7 @@ #include "socket.h" #include "smtp.h" -#include "i18n.h" +#include "gettext.h" /* BSD portability hack...I know, this is an ugly place to put it */ #if !defined(SIGCHLD) && defined(SIGCLD) @@ -58,18 +47,27 @@ void smtp_close(struct query *ctl, int sayquit) if (ctl->smtp_socket != -1) { if (sayquit) - SMTP_quit(ctl->smtp_socket); + SMTP_quit(ctl->smtp_socket, ctl->smtphostmode); SockClose(ctl->smtp_socket); ctl->smtp_socket = -1; } batchcount = 0; } -int smtp_open(struct query *ctl) -/* try to open a socket to the appropriate SMTP server for this query */ +static void smtp_rset(struct query *ctl) +/* reset the mail transaction */ { - char *parsed_host = NULL; + if (SMTP_rset(ctl->smtp_socket, ctl->smtphostmode) == SM_UNRECOVERABLE) + { + /* close the bad connection. fetchmail will reconnect for the + * next mail */ + smtp_close(ctl, 0); + } +} +int smtp_setup(struct query *ctl) +/* try to open a socket to the appropriate SMTP server for this query */ +{ /* maybe it's time to close the socket in order to force delivery */ if (last_smtp_ok > 0 && time((time_t *)NULL) - last_smtp_ok > mytimeout) { @@ -105,7 +103,8 @@ int smtp_open(struct query *ctl) */ struct idlist *idp; const char *id_me = run.invisible ? ctl->server.truename : fetchmailhost; - int oldphase = phase; + int oldphase; + char *parsed_host = NULL; errno = 0; @@ -121,46 +120,49 @@ int smtp_open(struct query *ctl) for (idp = ctl->smtphunt; idp; idp = idp->next) { char *cp; - char *portnum = SMTP_PORT; + const char *portnum = SMTP_PORT; ctl->smtphost = idp->id; /* remember last host tried. */ - if(ctl->smtphost[0]=='/') - ctl->listener = LMTP_MODE; - - parsed_host = xstrdup(idp->id); - - if ((cp = strrchr(parsed_host, '/'))) + if (ctl->smtphost[0]=='/') { - *cp++ = 0; - portnum = cp; - } - - if (ctl->smtphost[0]=='/'){ + ctl->smtphostmode = LMTP_MODE; + xfree(parsed_host); if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) continue; - } else + } + else + { + ctl->smtphostmode = ctl->listener; + parsed_host = xstrdup(idp->id); + if ((cp = strrchr(parsed_host, '/'))) + { + *cp++ = 0; + if (cp[0]) + portnum = cp; + } if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, - ctl->server.plugout)) == -1) + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); continue; + } + } /* return immediately for ODMR */ if (ctl->server.protocol == P_ODMR) { - set_timeout(0); - phase = oldphase; - xfree(parsed_host); - return(ctl->smtp_socket); /* success */ + set_timeout(0); + phase = oldphase; + xfree(parsed_host); + return(ctl->smtp_socket); /* success */ } - /* are we doing SMTP or LMTP? */ - SMTP_setmode(ctl->listener); - /* first, probe for ESMTP */ - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_ehlo(ctl->smtp_socket, id_me, - ctl->server.esmtp_name, ctl->server.esmtp_password, - &ctl->server.esmtp_options) == SM_OK) - break; /* success */ + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_ehlo(ctl->smtp_socket, ctl->smtphostmode, id_me, + ctl->server.esmtp_name, ctl->server.esmtp_password, + &ctl->server.esmtp_options) == SM_OK) + break; /* success */ /* * RFC 1869 warns that some listeners hang up on a failed EHLO, @@ -169,75 +171,54 @@ int smtp_open(struct query *ctl) smtp_close(ctl, 0); /* if opening for ESMTP failed, try SMTP */ - if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, - ctl->server.plugout)) == -1) - continue; + if (ctl->smtphost[0]=='/') + { + if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) + continue; + } + else + { + if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); + continue; + } + } - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_helo(ctl->smtp_socket, id_me) == SM_OK) + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_helo(ctl->smtp_socket, ctl->smtphostmode, id_me) == SM_OK) break; /* success */ smtp_close(ctl, 0); } set_timeout(0); phase = oldphase; - } - /* - * RFC 1123 requires that the domain name part of the - * RCPT TO address be "canonicalized", that is a FQDN - * or MX but not a CNAME. Some listeners (like exim) - * enforce this. Now that we have the actual hostname, - * compute what we should canonicalize with. - * - * make sure we do not forget to drop the /port if - * using LMTP (hmh) - */ - if (ctl->listener == LMTP_MODE && !ctl->smtpaddress) - { - if (parsed_host && parsed_host[0] != 0) - ctl->destaddr = xstrdup(parsed_host); - else - ctl->destaddr = (ctl->smtphost && ctl->smtphost[0] != '/') ? ctl->smtphost : "localhost"; - } - else - { - /* - * Here we try to find a correct domain name part for the RCPT - * TO address. If smtpaddress is set, no need to guestimate - * it. Otherwise, using ctl->smtphost as a base is a good - * base, although we may have to strip any port appended to - * communicate with SMTP servers that do not listen on the - * SMTP port. (benj) */ + /* + * RFC 1123 requires that the domain name part of the + * RCPT TO address be "canonicalized", that is a FQDN + * or MX but not a CNAME. Some listeners (like exim) + * enforce this. Now that we have the actual hostname, + * compute what we should canonicalize with. + */ + xfree(ctl->destaddr); if (ctl->smtpaddress) - ctl->destaddr = ctl->smtpaddress; - else if (ctl->smtphost && ctl->smtphost[0] != '/') - { - char * cp; - if ((cp = strchr (ctl->smtphost, '/'))) - { - /* As an alternate port for smtphost is specified, we - need to strip it from domain name. */ - char *smtpname = xmalloc(cp - ctl->smtphost + 1); - strncpy(smtpname, ctl->smtphost, cp - ctl->smtphost +1); - cp = strchr(smtpname, '/'); - *cp = 0; - ctl->destaddr = smtpname; - } - else - /* No need to strip port, domain name is smtphost. */ - ctl->destaddr = ctl->smtphost; - } + ctl->destaddr = xstrdup(ctl->smtpaddress); + /* parsed_host is smtphost without the /port */ + else if (parsed_host && parsed_host[0] != 0) + ctl->destaddr = xstrdup(parsed_host); /* No smtphost is specified or it is a UNIX socket, then use localhost as a domain part. */ else - ctl->destaddr = "localhost"; - } + ctl->destaddr = xstrdup("localhost"); + xfree(parsed_host); + } + /* end if (ctl->smtp_socket == -1) */ if (outlevel >= O_DEBUG && ctl->smtp_socket != -1) report(stdout, GT_("forwarding to %s\n"), ctl->smtphost); - xfree(parsed_host); return(ctl->smtp_socket); } @@ -270,18 +251,19 @@ char *rcpt_address(struct query *ctl, const char *id, } static int send_bouncemail(struct query *ctl, struct msgblk *msg, - int userclass, char *message, + int userclass, const char *message /* should have \r\n at the end */, int nerrors, char *errors[]) /* bounce back an error report a la RFC 1892 */ { char daemon_name[15 + HOSTLEN] = "MAILER-DAEMON@"; - char boundary[BUFSIZ], *bounce_to; + char boundary[BUFSIZ]; + const char *bounce_to; int sock; static char *fqdn_of_host = NULL; const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) @@ -289,8 +271,6 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, bounce_to = (run.bouncemail ? msg->return_path : run.postmaster); - SMTP_setmode(SMTP_MODE); - /* can't just use fetchmailhost here, it might be localhost */ if (fqdn_of_host == NULL) fqdn_of_host = host_fqdn(0); /* can't afford to bail out and @@ -300,28 +280,28 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, /* we need only SMTP for this purpose */ /* XXX FIXME: hardcoding localhost is nonsense if smtphost can be * configured */ - if ((sock = SockOpen("localhost", SMTP_PORT, NULL)) == -1) + if ((sock = SockOpen("localhost", SMTP_PORT, NULL, &ai1)) == -1) return(FALSE); - if (SMTP_ok(sock) != SM_OK) + if (SMTP_ok(sock, SMTP_MODE, TIMEOUT_STARTSMTP) != SM_OK) { SockClose(sock); return FALSE; } - if (SMTP_helo(sock, fetchmailhost) != SM_OK - || SMTP_from(sock, "<>", (char *)NULL) != SM_OK - || SMTP_rcpt(sock, bounce_to) != SM_OK - || SMTP_data(sock) != SM_OK) + if (SMTP_helo(sock, SMTP_MODE, fetchmailhost) != SM_OK + || SMTP_from(sock, SMTP_MODE, "<>", (char *)NULL) != SM_OK + || SMTP_rcpt(sock, SMTP_MODE, bounce_to) != SM_OK + || SMTP_data(sock, SMTP_MODE) != SM_OK) { - SMTP_quit(sock); + SMTP_quit(sock, SMTP_MODE); SockClose(sock); return(FALSE); } /* our first duty is to keep the sacred foo counters turning... */ snprintf(boundary, sizeof(boundary), "foo-mani-padme-hum-%ld-%ld-%ld", - (long)getpid(), (long)getppid(), time(NULL)); + (long)getpid(), (long)getppid(), (long)time(NULL)); if (outlevel >= O_VERBOSE) report(stdout, GT_("SMTP: (bounce-message body)\n")); @@ -343,10 +323,14 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, SockPrintf(sock, "--%s\r\n", boundary); SockPrintf(sock,"Content-Type: text/plain\r\n"); SockPrintf(sock, "\r\n"); - SockPrintf(sock, "This message was created automatically by mail delivery software.\r\n\r\n"); + SockPrintf(sock, "This message was created automatically by mail delivery software.\r\n"); + SockPrintf(sock, "\r\n"); SockPrintf(sock, "A message that you sent could not be delivered to one or more of its\r\n"); - SockPrintf(sock, "recipients. This is a permanent error. The following address(es) failed:\r\n"); + SockPrintf(sock, "recipients. This is a permanent error.\r\n"); SockPrintf(sock, "\r\n"); + SockPrintf(sock, "Reason: %s", message); + SockPrintf(sock, "\r\n"); + SockPrintf(sock, "The following address(es) failed:\r\n"); if (nerrors) { @@ -427,7 +411,8 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, } SockPrintf(sock, "--%s--\r\n", boundary); - if (SMTP_eom(sock) != SM_OK || SMTP_quit(sock)) + if (SMTP_eom(sock, SMTP_MODE) != SM_OK + || SMTP_quit(sock, SMTP_MODE) != SM_OK) { SockClose(sock); return(FALSE); @@ -445,23 +430,9 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) { int smtperr = atoi(smtp_response); char *responses[1]; - struct idlist *walk; - int found = 0; responses[0] = xstrdup(smtp_response); -#ifdef __UNUSED__ - /* - * Don't do this! It can really mess you up if, for example, you're - * reporting an error with a single RCPT TO address among several; - * RSET discards the message body and it doesn't get sent to the - * valid recipients. - */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ - if (outlevel >= O_DEBUG) - report(stdout, GT_("Saved error is still %d\n"), smtperr); -#endif /* __UNUSED */ - /* * Note: send_bouncemail message strings are not made subject * to gettext translation because (a) they're going to be @@ -470,15 +441,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * messages, which are probably in English (none of the * MTAs I know about are internationalized). */ - for( walk = ctl->antispam; walk; walk = walk->next ) - if ( walk->val.status.num == smtperr ) - { - found=1; - break; - } - - /* if (str_find(&ctl->antispam, smtperr)) */ - if ( found ) + if (str_find(&ctl->antispam, smtperr)) { /* * SMTP listener explicitly refuses to deliver mail @@ -520,7 +483,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) */ if (smtperr >= 400) report(stderr, GT_("%cMTP error: %s\n"), - ctl->listener, + ctl->smtphostmode, responses[0]); switch (smtperr) @@ -546,20 +509,27 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * (b) we wouldn't want spammers to get confirmation that * this address is live, anyway. */ -#ifdef __DONT_FEED_THE_SPAMMERS__ - if (run.bouncemail) - send_bouncemail(ctl, msg, XMIT_ACCEPT, - "Invalid address in MAIL FROM (SMTP error 553).\r\n", - 1, responses); -#endif /* __DONT_FEED_THE_SPAMMERS__ */ free(responses[0]); return(PS_REFUSED); + case 530: /* must issue STARTTLS error */ + /* + * Some SMTP servers insist on encrypted communication + * Let's set PS_TRANSIENT, otherwise all messages to be sent + * over such server would be blackholed - see RFC 3207. + */ + if (outlevel > O_SILENT) + report_complete(stdout, + GT_("SMTP server requires STARTTLS, keeping message.\n")); + free(responses[0]); + return(PS_TRANSIENT); + default: /* bounce non-transient errors back to the sender */ if (smtperr >= 500 && smtperr <= 599) { - send_bouncemail(ctl, msg, XMIT_ACCEPT, + if (run.bouncemail) + send_bouncemail(ctl, msg, XMIT_ACCEPT, "General SMTP/ESMTP error.\r\n", 1, responses); free(responses[0]); @@ -595,6 +565,8 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m { int smtperr = atoi(smtp_response); + (void)msg; + if (str_find(&ctl->antispam, smtperr)) { if (run.spambounce) @@ -604,7 +576,7 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m if (smtperr >= 400) report(stderr, GT_("%cMTP error: %s\n"), - ctl->listener, + ctl->smtphostmode, smtp_response); switch (smtperr) @@ -615,10 +587,7 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m return(PS_REFUSED); case 553: /* invalid sending domain */ -#ifdef __DONT_FEED_THE_SPAMMERS__ - if (run.bouncemail) - return(PS_SUCCESS); -#endif /* __DONT_FEED_THE_SPAMMERS__ */ + /* do not send bounce mail - it would feed spammers */ return(PS_REFUSED); default: @@ -638,6 +607,9 @@ int stuffline(struct query *ctl, char *buf) int n, oldphase; char *last; + if (!buf) + return -1; + /* The line may contain NUL characters. Find the last char to use * -- the real line termination is the sequence "\n\0". */ @@ -669,6 +641,7 @@ int stuffline(struct query *ctl, char *buf) if (ctl->server.base_protocol->delimited) /* server has already byte-stuffed */ { if (ctl->mda) { + /* writing to MDA, undo byte-stuffing */ ++buf; } else { /* writing to SMTP, leave the byte-stuffing in place */; @@ -676,14 +649,16 @@ int stuffline(struct query *ctl, char *buf) } else /* if (!protocol->delimited) -- not byte-stuffed already */ { - if (!ctl->mda) /* byte-stuff it */ - { - if (!ctl->bsmtp) - SockWrite(ctl->smtp_socket, buf, 1); - else - { - fwrite(buf, 1, 1, sinkfp); + /* byte-stuff it */ + if (!ctl->mda) { + if (!ctl->bsmtp) { + n = SockWrite(ctl->smtp_socket, buf, 1); + } else { + n = fwrite(buf, 1, 1, sinkfp); + if (ferror(sinkfp)) n = -1; } + if (n < 0) + return n; } } } @@ -701,9 +676,10 @@ int stuffline(struct query *ctl, char *buf) } n = 0; - if (ctl->mda || ctl->bsmtp) - n = fwrite(buf, last - buf, 1, sinkfp); - else if (ctl->smtp_socket != -1) + if (ctl->mda || ctl->bsmtp) { + n = fwrite(buf, 1, last - buf, sinkfp); + if (ferror(sinkfp)) n = -1; + } else if (ctl->smtp_socket != -1) n = SockWrite(ctl->smtp_socket, buf, last - buf); phase = oldphase; @@ -723,6 +699,12 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, else sinkfp = fopen(ctl->bsmtp, "a"); + if (!sinkfp || ferror(sinkfp)) { + report(stderr, GT_("BSMTP file open failed: %s\n"), + strerror(errno)); + return(PS_BSMTP); + } + /* see the ap computation under the SMTP branch */ need_anglebrs = (msg->return_path[0] != '<'); fprintf(sinkfp, @@ -748,7 +730,8 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, * enforce this. Now that we have the actual hostname, * compute what we should canonicalize with. */ - ctl->destaddr = ctl->smtpaddress ? ctl->smtpaddress : "localhost"; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup(ctl->smtpaddress ? ctl->smtpaddress : "localhost"); *bad_addresses = 0; for (idp = msg->recipients; idp; idp = idp->next) @@ -761,9 +744,9 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, fputs("DATA\r\n", sinkfp); - if (ferror(sinkfp)) + if (fflush(sinkfp) || ferror(sinkfp)) { - report(stderr, GT_("BSMTP file open or preamble write failed\n")); + report(stderr, GT_("BSMTP preamble write failed: %s.\n"), strerror(errno)); return(PS_BSMTP); } @@ -918,7 +901,8 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, ap = addr; } - if ((smtp_err = SMTP_from(ctl->smtp_socket, ap, options)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_from(ctl->smtp_socket, ctl->smtphostmode, + ap, options)) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(PS_TRANSIENT); @@ -927,7 +911,7 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, { int err = handle_smtp_report(ctl, msg); /* map to PS_TRANSIENT or PS_REFUSED */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(err); } @@ -938,20 +922,21 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, for (idp = msg->recipients; idp; idp = idp->next) total_addresses++; #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS - from_responses = xmalloc(sizeof(char *) * total_addresses); + from_responses = (char **)xmalloc(sizeof(char *) * total_addresses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) { const char *address; address = rcpt_address (ctl, idp->id, 1); - if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, address)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, + address)) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); transient: #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS while (*bad_addresses) - free(from_responses[*--bad_addresses]); + free(from_responses[--*bad_addresses]); free(from_responses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ return(PS_TRANSIENT); @@ -969,7 +954,6 @@ transient: case PS_SUCCESS: #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS from_responses[*bad_addresses] = xstrdup(smtp_response); - strcpy(from_responses[*bad_addresses], smtp_response); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ (*bad_addresses)++; @@ -977,14 +961,14 @@ transient: if (outlevel >= O_VERBOSE) report(stderr, GT_("%cMTP listener doesn't like recipient address `%s'\n"), - ctl->listener, address); + ctl->smtphostmode, address); break; case PS_REFUSED: if (outlevel >= O_VERBOSE) report(stderr, GT_("%cMTP listener doesn't really like recipient address `%s'\n"), - ctl->listener, address); + ctl->smtphostmode, address); break; } } @@ -995,20 +979,25 @@ transient: * crap. If one of the recipients returned PS_TRANSIENT, * we return exactly that. */ - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ goto transient; } #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS /* * This should not be necessary, because the SMTP listener itself - * should genrate a bounce for the bad address. + * should generate a bounce for the bad address. + * + * XXX FIXME 2006-01-19: is this comment true? I don't think + * it is, because the SMTP listener isn't required to accept bogus + * messages. There appears to be general SMTP<->MDA and + * responsibility confusion. */ if (*bad_addresses) send_bouncemail(ctl, msg, XMIT_RCPTBAD, "Some addresses were rejected by the MDA fetchmail forwards to.\r\n", *bad_addresses, from_responses); while (*bad_addresses) - free(from_responses[*--bad_addresses]); + free(from_responses[--*bad_addresses]); free(from_responses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ @@ -1025,10 +1014,10 @@ transient: { if (outlevel >= O_VERBOSE) report(stderr, GT_("no address matches; no postmaster set.\n")); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } - if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, rcpt_address (ctl, run.postmaster, 0))) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); @@ -1037,7 +1026,7 @@ transient: if (smtp_err != SM_OK) { report(stderr, GT_("can't even send to %s!\n"), run.postmaster); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } @@ -1049,7 +1038,8 @@ transient: * Tell the listener we're ready to send data. * Some listeners (like zmailer) may return antispam errors here. */ - if ((smtp_err = SMTP_data(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_data(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(PS_TRANSIENT); @@ -1057,7 +1047,7 @@ transient: if (smtp_err != SM_OK) { int err = handle_smtp_report(ctl, msg); - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(err); } @@ -1074,14 +1064,14 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, int *good_addresses, int *bad_addresses) /* open a stream to a local MDA */ { -#ifdef HAVE_SETEUID uid_t orig_uid; -#endif /* HAVE_SETEUID */ struct idlist *idp; int length = 0, fromlen = 0, nameslen = 0; char *names = NULL, *before, *after, *from = NULL; - ctl->destaddr = "localhost"; + (void)bad_addresses; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup("localhost"); for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) @@ -1099,9 +1089,9 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, */ nameslen = 0; for (idp = msg->recipients; idp; idp = idp->next) - if ((idp->val.status.mark == XMIT_ACCEPT)) + if (idp->val.status.mark == XMIT_ACCEPT) nameslen += (strlen(idp->id) + 1); /* string + ' ' */ - if ((*good_addresses == 0)) + if (*good_addresses == 0) nameslen = strlen(run.postmaster); names = (char *)xmalloc(nameslen + 1); /* account for '\0' */ @@ -1154,12 +1144,22 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, sp += 2; } - after = xmalloc(length + 1); + after = (char *)xmalloc(length + 1); /* copy mda source string to after, while expanding %[sTF] */ for (dp = after, sp = before; (*dp = *sp); dp++, sp++) { if (sp[0] != '%') continue; + if (sp > before && sp[-1] == '\'') { + report(stderr, GT_("MDA option contains single-quoted %%%c expansion.\n"), sp[1]); + report(stderr, GT_("Refusing to deliver. Check the manual and fix your mda option.\n")); + free(before); + free(after); + if (from) free(from); + if (names) free(names); + return PS_SYNTAX; + } + /* need to expand? BTW, no here overflow, because in ** the worst case (end of string) sp[1] == '\0' */ if (sp[1] == 's' || sp[1] == 'T') { @@ -1197,7 +1197,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, if (outlevel >= O_DEBUG) report(stdout, GT_("about to deliver with: %s\n"), before); -#ifdef HAVE_SETEUID /* * Arrange to run with user's permissions if we're root. * This will initialize the ownership of any files the @@ -1205,17 +1204,20 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, * under all BSDs and Linux) */ orig_uid = getuid(); - seteuid(ctl->uid); -#endif /* HAVE_SETEUID */ + if (seteuid(ctl->uid)) { + report(stderr, GT_("Cannot switch effective user id to %ld: %s\n"), (long)ctl->uid, strerror(errno)); + return PS_IOERR; + } sinkfp = popen(before, "w"); free(before); before = NULL; -#ifdef HAVE_SETEUID /* this will fail quietly if we didn't start as root */ - seteuid(orig_uid); -#endif /* HAVE_SETEUID */ + if (seteuid(orig_uid)) { + report(stderr, GT_("Cannot switch effective user id back to original %ld: %s\n"), (long)orig_uid, strerror(errno)); + return PS_IOERR; + } if (!sinkfp) { @@ -1239,6 +1241,8 @@ int open_sink(struct query *ctl, struct msgblk *msg, { *bad_addresses = *good_addresses = 0; + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + if (ctl->bsmtp) /* dump to a BSMTP batch file */ return(open_bsmtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -1246,7 +1250,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, * open a socket fails, fall through to attempt delivery via * local MDA. */ - else if (!ctl->mda && smtp_open(ctl) != -1) + else if (!ctl->mda && smtp_setup(ctl) != -1) return(open_smtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -1257,7 +1261,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, else if (!ctl->mda) { report(stderr, GT_("%cMTP connect to %s failed\n"), - ctl->listener, + ctl->smtphostmode, ctl->smtphost ? ctl->smtphost : "localhost"); #ifndef FALLBACK_MDA @@ -1317,24 +1321,54 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) /* perform end-of-message actions on the current output sink */ { int smtp_err; - if (ctl->mda) - { - int rc; + + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + + if (ctl->bsmtp && sinkfp) { + int error, oerrno; + + /* implicit disk-full check here... */ + fputs(".\r\n", sinkfp); + error = ferror(sinkfp); + oerrno = errno; + if (strcmp(ctl->bsmtp, "-")) + { + if (fclose(sinkfp) == EOF) { + error = 1; + oerrno = errno; + } + sinkfp = (FILE *)NULL; + } + if (error) + { + report(stderr, + GT_("Message termination or close of BSMTP file failed: %s\n"), strerror(oerrno)); + return(FALSE); + } + } else if (ctl->mda) { + int rc = 0, e = 0, e2 = 0, err = 0; /* close the delivery pipe, we'll reopen before next message */ if (sinkfp) { + if (ferror(sinkfp)) + err = 1, e2 = errno; + if ((fflush(sinkfp))) + err = 1, e2 = errno; + + errno = 0; rc = pclose(sinkfp); + e = errno; sinkfp = (FILE *)NULL; } - else - rc = 0; deal_with_sigchld(); /* Restore SIGCHLD handling to reap zombies */ - if (rc) + if (rc || err) { - if (WIFSIGNALED(rc)) { + if (err) { + report(stderr, GT_("Error writing to MDA: %s\n"), strerror(e2)); + } else if (WIFSIGNALED(rc)) { report(stderr, GT_("MDA died of signal %d\n"), WTERMSIG(rc)); } else if (WIFEXITED(rc)) { @@ -1342,35 +1376,18 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) GT_("MDA returned nonzero status %d\n"), WEXITSTATUS(rc)); } else { report(stderr, - GT_("Strange: MDA pclose returned %d, cannot handle at %s:%d\n"), rc, __FILE__, __LINE__); + GT_("Strange: MDA pclose returned %d and errno %d/%s, cannot handle at %s:%d\n"), + rc, e, strerror(e), __FILE__, __LINE__); } return(FALSE); } } - else if (ctl->bsmtp && sinkfp) - { - int error; - - /* implicit disk-full check here... */ - fputs(".\r\n", sinkfp); - error = ferror(sinkfp); - if (strcmp(ctl->bsmtp, "-")) - { - if (fclose(sinkfp) == EOF) error = 1; - sinkfp = (FILE *)NULL; - } - if (error) - { - report(stderr, - GT_("Message termination or close of BSMTP file failed\n")); - return(FALSE); - } - } else if (forward) { /* write message terminator */ - if ((smtp_err = SMTP_eom(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_eom(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(FALSE); @@ -1379,13 +1396,13 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) { if (handle_smtp_report(ctl, msg) != PS_REFUSED) { - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(FALSE); } else { report(stderr, GT_("SMTP listener refused delivery\n")); - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(TRUE); } } @@ -1400,11 +1417,11 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) * otherwise the message will get left in the queue and resent * to people who got it the first time. */ - if (ctl->listener == LMTP_MODE) + if (ctl->smtphostmode == LMTP_MODE) { if (lmtp_responses == 0) { - SMTP_ok(ctl->smtp_socket); + SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM); /* * According to RFC2033, 503 is the only legal response @@ -1434,10 +1451,11 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) char **responses; /* eat the RFC2033-required responses, saving errors */ - responses = xmalloc(sizeof(char *) * lmtp_responses); + responses = (char **)xmalloc(sizeof(char *) * lmtp_responses); for (errors = i = 0; i < lmtp_responses; i++) { - if ((smtp_err = SMTP_ok(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); goto unrecov; @@ -1476,7 +1494,7 @@ unrecov: return(TRUE); } -int open_warning_by_mail(struct query *ctl, struct msgblk *msg) +int open_warning_by_mail(struct query *ctl) /* set up output sink for a mailed warning to calling user */ { int good, bad; @@ -1530,15 +1548,7 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) /* if rfc2047charset is non-NULL, encode the line (that is assumed to be * a header line) as per RFC-2047 using rfc2047charset as the character * set field */ -#if defined(HAVE_STDARG_H) void stuff_warning(const char *rfc2047charset, struct query *ctl, const char *fmt, ... ) -#else -void stuff_warning(rfc2047charset, ctl, fmt, va_alist) -const char *charset; -struct query *ctl; -const char *fmt; /* printf-style format */ -va_dcl -#endif { /* make huge -- i18n can bulk up error messages a lot */ char buf[2*MSGBUFSIZE+4]; @@ -1550,11 +1560,7 @@ va_dcl * case it was a string constant. We make a virtue of that necessity * here by supporting stdargs/varargs. */ -#if defined(HAVE_STDARG_H) va_start(ap, fmt) ; -#else - va_start(ap); -#endif vsnprintf(buf, sizeof(buf) - 2, fmt, ap); va_end(ap); @@ -1575,4 +1581,18 @@ void close_warning_by_mail(struct query *ctl, struct msgblk *msg) close_sink(ctl, msg, TRUE); } +void abort_message_sink(struct query *ctl) +/* + * Forcibly close the SMTP connection and re-open. + * + * Used to abort message delivery once the DATA command has been issued. + * Required because all text after the DATA command is considered to be + * part of the message body (it is impossible to issue an SMTP command + * to abort message delivery once the DATA command has been issued). + */ +{ + smtp_close(ctl, 0); + smtp_setup(ctl); +} + /* sink.c ends here */