X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=sink.c;h=5e9bef9864eb80f6ae3bac880a33b582be8a1e55;hb=87bcf29364c4640edb87cc2186b965d1a564d70c;hp=cf1418723fd1ea927c96a7cf2e660f88278ef1ec;hpb=a1d1d45522cee47949ab46d2ec0a5b87e694b57c;p=~andy%2Ffetchmail diff --git a/sink.c b/sink.c index cf141872..5e9bef98 100644 --- a/sink.c +++ b/sink.c @@ -15,34 +15,23 @@ #include #include #include -#ifdef HAVE_MEMORY_H -#include -#endif /* HAVE_MEMORY_H */ -#if defined(STDC_HEADERS) #include -#endif -#if defined(HAVE_UNISTD_H) #include -#endif -#if defined(HAVE_STDARG_H) #include -#else -#include -#endif #include #include +#include "fetchmail.h" + /* for W* macros after pclose() */ #define _USE_BSD #include #include #include - -#include "fetchmail.h" #include "socket.h" #include "smtp.h" -#include "i18n.h" +#include "gettext.h" /* BSD portability hack...I know, this is an ugly place to put it */ #if !defined(SIGCHLD) && defined(SIGCLD) @@ -58,18 +47,27 @@ void smtp_close(struct query *ctl, int sayquit) if (ctl->smtp_socket != -1) { if (sayquit) - SMTP_quit(ctl->smtp_socket); + SMTP_quit(ctl->smtp_socket, ctl->smtphostmode); SockClose(ctl->smtp_socket); ctl->smtp_socket = -1; } batchcount = 0; } -int smtp_open(struct query *ctl) -/* try to open a socket to the appropriate SMTP server for this query */ +static void smtp_rset(struct query *ctl) +/* reset the mail transaction */ { - char *parsed_host = NULL; + if (SMTP_rset(ctl->smtp_socket, ctl->smtphostmode) == SM_UNRECOVERABLE) + { + /* close the bad connection. fetchmail will reconnect for the + * next mail */ + smtp_close(ctl, 0); + } +} +int smtp_setup(struct query *ctl) +/* try to open a socket to the appropriate SMTP server for this query */ +{ /* maybe it's time to close the socket in order to force delivery */ if (last_smtp_ok > 0 && time((time_t *)NULL) - last_smtp_ok > mytimeout) { @@ -105,7 +103,8 @@ int smtp_open(struct query *ctl) */ struct idlist *idp; const char *id_me = run.invisible ? ctl->server.truename : fetchmailhost; - int oldphase = phase; + int oldphase; + char *parsed_host = NULL; errno = 0; @@ -121,54 +120,49 @@ int smtp_open(struct query *ctl) for (idp = ctl->smtphunt; idp; idp = idp->next) { char *cp; -#ifdef INET6_ENABLE - char *portnum = SMTP_PORT; -#else - int portnum = SMTP_PORT; -#endif /* INET6_ENABLE */ - - xalloca(parsed_host, char *, strlen(idp->id) + 1); + const char *portnum = SMTP_PORT; ctl->smtphost = idp->id; /* remember last host tried. */ - if(ctl->smtphost[0]=='/') - ctl->listener = LMTP_MODE; - - strcpy(parsed_host, idp->id); - if ((cp = strrchr(parsed_host, '/'))) + if (ctl->smtphost[0]=='/') { - *cp++ = 0; -#ifdef INET6_ENABLE - portnum = cp; -#else - portnum = atoi(cp); -#endif /* INET6_ENABLE */ - } - - if (ctl->smtphost[0]=='/'){ + ctl->smtphostmode = LMTP_MODE; + xfree(parsed_host); if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) continue; - } else - if ((ctl->smtp_socket = SockOpen(parsed_host,portnum,NULL, - ctl->server.plugout)) == -1) + } + else + { + ctl->smtphostmode = ctl->listener; + parsed_host = xstrdup(idp->id); + if ((cp = strrchr(parsed_host, '/'))) + { + *cp++ = 0; + if (cp[0]) + portnum = cp; + } + if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); continue; + } + } /* return immediately for ODMR */ if (ctl->server.protocol == P_ODMR) { - set_timeout(0); - phase = oldphase; - return(ctl->smtp_socket); /* success */ + set_timeout(0); + phase = oldphase; + xfree(parsed_host); + return(ctl->smtp_socket); /* success */ } - /* are we doing SMTP or LMTP? */ - SMTP_setmode(ctl->listener); - /* first, probe for ESMTP */ - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_ehlo(ctl->smtp_socket, id_me, - ctl->server.esmtp_name, ctl->server.esmtp_password, - &ctl->server.esmtp_options) == SM_OK) - break; /* success */ + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_ehlo(ctl->smtp_socket, ctl->smtphostmode, id_me, + ctl->server.esmtp_name, ctl->server.esmtp_password, + &ctl->server.esmtp_options) == SM_OK) + break; /* success */ /* * RFC 1869 warns that some listeners hang up on a failed EHLO, @@ -177,70 +171,50 @@ int smtp_open(struct query *ctl) smtp_close(ctl, 0); /* if opening for ESMTP failed, try SMTP */ - if ((ctl->smtp_socket = SockOpen(parsed_host,portnum,NULL, - ctl->server.plugout)) == -1) - continue; + if (ctl->smtphost[0]=='/') + { + if ((ctl->smtp_socket = UnixOpen(ctl->smtphost))==-1) + continue; + } + else + { + if ((ctl->smtp_socket = SockOpen(parsed_host,portnum, + ctl->server.plugout, &ai1)) == -1) + { + xfree(parsed_host); + continue; + } + } - if (SMTP_ok(ctl->smtp_socket) == SM_OK && - SMTP_helo(ctl->smtp_socket, id_me) == SM_OK) + if (SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_STARTSMTP) == SM_OK && + SMTP_helo(ctl->smtp_socket, ctl->smtphostmode, id_me) == SM_OK) break; /* success */ smtp_close(ctl, 0); } set_timeout(0); phase = oldphase; - } - /* - * RFC 1123 requires that the domain name part of the - * RCPT TO address be "canonicalized", that is a FQDN - * or MX but not a CNAME. Some listeners (like exim) - * enforce this. Now that we have the actual hostname, - * compute what we should canonicalize with. - * - * make sure we do not forget to drop the /port if - * using LMTP (hmh) - */ - if (ctl->listener == LMTP_MODE && !ctl->smtpaddress) - { - if (parsed_host && parsed_host[0] != 0) - ctl->destaddr = xstrdup(parsed_host); - else - ctl->destaddr = (ctl->smtphost && ctl->smtphost[0] != '/') ? ctl->smtphost : "localhost"; - } - else - { - /* - * Here we try to find a correct domain name part for the RCPT - * TO address. If smtpaddress is set, no need to guestimate - * it. Otherwise, using ctl->smtphost as a base is a good - * base, although we may have to strip any port appended to - * communicate with SMTP servers that do not listen on the - * SMTP port. (benj) */ + /* + * RFC 1123 requires that the domain name part of the + * RCPT TO address be "canonicalized", that is a FQDN + * or MX but not a CNAME. Some listeners (like exim) + * enforce this. Now that we have the actual hostname, + * compute what we should canonicalize with. + */ + xfree(ctl->destaddr); if (ctl->smtpaddress) - ctl->destaddr = ctl->smtpaddress; - else if (ctl->smtphost && ctl->smtphost[0] != '/') - { - char * cp; - if ((cp = strchr (ctl->smtphost, '/'))) - { - /* As an alternate port for smtphost is specified, we - need to strip it from domain name. */ - char *smtpname = xmalloc(cp - ctl->smtphost + 1); - strncpy(smtpname, ctl->smtphost, cp - ctl->smtphost +1); - cp = strchr(smtpname, '/'); - *cp = 0; - ctl->destaddr = smtpname; - } - else - /* No need to strip port, domain name is smtphost. */ - ctl->destaddr = ctl->smtphost; - } + ctl->destaddr = xstrdup(ctl->smtpaddress); + /* parsed_host is smtphost without the /port */ + else if (parsed_host && parsed_host[0] != 0) + ctl->destaddr = xstrdup(parsed_host); /* No smtphost is specified or it is a UNIX socket, then use localhost as a domain part. */ else - ctl->destaddr = "localhost"; - } + ctl->destaddr = xstrdup("localhost"); + xfree(parsed_host); + } + /* end if (ctl->smtp_socket == -1) */ if (outlevel >= O_DEBUG && ctl->smtp_socket != -1) report(stdout, GT_("forwarding to %s\n"), ctl->smtphost); @@ -277,18 +251,19 @@ char *rcpt_address(struct query *ctl, const char *id, } static int send_bouncemail(struct query *ctl, struct msgblk *msg, - int userclass, char *message, + int userclass, const char *message /* should have \r\n at the end */, int nerrors, char *errors[]) /* bounce back an error report a la RFC 1892 */ { char daemon_name[15 + HOSTLEN] = "MAILER-DAEMON@"; - char boundary[BUFSIZ], *bounce_to; + char boundary[BUFSIZ]; + const char *bounce_to; int sock; static char *fqdn_of_host = NULL; const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) @@ -296,36 +271,37 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, bounce_to = (run.bouncemail ? msg->return_path : run.postmaster); - SMTP_setmode(SMTP_MODE); - /* can't just use fetchmailhost here, it might be localhost */ if (fqdn_of_host == NULL) - fqdn_of_host = host_fqdn(); - strcat(daemon_name, fqdn_of_host); + fqdn_of_host = host_fqdn(0); /* can't afford to bail out and + lose the NDN here */ + strlcat(daemon_name, fqdn_of_host, sizeof(daemon_name)); /* we need only SMTP for this purpose */ - if ((sock = SockOpen("localhost", SMTP_PORT, NULL, NULL)) == -1) + /* XXX FIXME: hardcoding localhost is nonsense if smtphost can be + * configured */ + if ((sock = SockOpen("localhost", SMTP_PORT, NULL, &ai1)) == -1) return(FALSE); - if (SMTP_ok(sock) != SM_OK) + if (SMTP_ok(sock, SMTP_MODE, TIMEOUT_STARTSMTP) != SM_OK) { SockClose(sock); return FALSE; } - if (SMTP_helo(sock, fetchmailhost) != SM_OK - || SMTP_from(sock, "<>", (char *)NULL) != SM_OK - || SMTP_rcpt(sock, bounce_to) != SM_OK - || SMTP_data(sock) != SM_OK) + if (SMTP_helo(sock, SMTP_MODE, fetchmailhost) != SM_OK + || SMTP_from(sock, SMTP_MODE, "<>", (char *)NULL) != SM_OK + || SMTP_rcpt(sock, SMTP_MODE, bounce_to) != SM_OK + || SMTP_data(sock, SMTP_MODE) != SM_OK) { - SMTP_quit(sock); + SMTP_quit(sock, SMTP_MODE); SockClose(sock); return(FALSE); } /* our first duty is to keep the sacred foo counters turning... */ snprintf(boundary, sizeof(boundary), "foo-mani-padme-hum-%ld-%ld-%ld", - (long)getpid(), (long)getppid(), time(NULL)); + (long)getpid(), (long)getppid(), (long)time(NULL)); if (outlevel >= O_VERBOSE) report(stdout, GT_("SMTP: (bounce-message body)\n")); @@ -347,10 +323,14 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, SockPrintf(sock, "--%s\r\n", boundary); SockPrintf(sock,"Content-Type: text/plain\r\n"); SockPrintf(sock, "\r\n"); - SockPrintf(sock, "This message was created automatically by mail delivery software.\r\n\r\n"); + SockPrintf(sock, "This message was created automatically by mail delivery software.\r\n"); + SockPrintf(sock, "\r\n"); SockPrintf(sock, "A message that you sent could not be delivered to one or more of its\r\n"); - SockPrintf(sock, "recipients. This is a permanent error. The following address(es) failed:\r\n"); + SockPrintf(sock, "recipients. This is a permanent error.\r\n"); + SockPrintf(sock, "\r\n"); + SockPrintf(sock, "Reason: %s", message); SockPrintf(sock, "\r\n"); + SockPrintf(sock, "The following address(es) failed:\r\n"); if (nerrors) { @@ -431,7 +411,8 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, } SockPrintf(sock, "--%s--\r\n", boundary); - if (SMTP_eom(sock) != SM_OK || SMTP_quit(sock)) + if (SMTP_eom(sock, SMTP_MODE) != SM_OK + || SMTP_quit(sock, SMTP_MODE) != SM_OK) { SockClose(sock); return(FALSE); @@ -444,27 +425,13 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, static int handle_smtp_report(struct query *ctl, struct msgblk *msg) /* handle SMTP errors based on the content of SMTP_response */ -/* return of PS_REFUSED deletes mail from the server; PS_TRANSIENT keeps it */ +/* returns either PS_REFUSED (to delete message from the server), + * or PS_TRANSIENT (keeps the message on the server) */ { int smtperr = atoi(smtp_response); char *responses[1]; - struct idlist *walk; - int found = 0; - xalloca(responses[0], char *, strlen(smtp_response)+1); - strcpy(responses[0], smtp_response); - -#ifdef __UNUSED__ - /* - * Don't do this! It can really mess you up if, for example, you're - * reporting an error with a single RCPT TO address among several; - * RSET discards the message body and it doesn't get sent to the - * valid recipients. - */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ - if (outlevel >= O_DEBUG) - report(stdout, GT_("Saved error is still %d\n"), smtperr); -#endif /* __UNUSED */ + responses[0] = xstrdup(smtp_response); /* * Note: send_bouncemail message strings are not made subject @@ -474,15 +441,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * messages, which are probably in English (none of the * MTAs I know about are internationalized). */ - for( walk = ctl->antispam; walk; walk = walk->next ) - if ( walk->val.status.num == smtperr ) - { - found=1; - break; - } - - /* if (str_find(&ctl->antispam, smtperr)) */ - if ( found ) + if (str_find(&ctl->antispam, smtperr)) { /* * SMTP listener explicitly refuses to deliver mail @@ -504,15 +463,16 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * */ if (run.spambounce) - { - char rejmsg[160]; - snprintf(rejmsg, sizeof(rejmsg), - "spam filter or virus scanner rejected message because:\r\n" - "%s\r\n", responses[0]); - - send_bouncemail(ctl, msg, XMIT_ACCEPT, - rejmsg, 1, responses); - } + { + char rejmsg[160]; + snprintf(rejmsg, sizeof(rejmsg), + "spam filter or virus scanner rejected message because:\r\n" + "%s\r\n", responses[0]); + + send_bouncemail(ctl, msg, XMIT_ACCEPT, + rejmsg, 1, responses); + } + free(responses[0]); return(PS_REFUSED); } @@ -523,7 +483,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) */ if (smtperr >= 400) report(stderr, GT_("%cMTP error: %s\n"), - ctl->listener, + ctl->smtphostmode, responses[0]); switch (smtperr) @@ -538,6 +498,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) send_bouncemail(ctl, msg, XMIT_ACCEPT, "This message was too large (SMTP error 552).\r\n", 1, responses); + free(responses[0]); return(PS_REFUSED); case 553: /* invalid sending domain */ @@ -548,21 +509,30 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * (b) we wouldn't want spammers to get confirmation that * this address is live, anyway. */ -#ifdef __DONT_FEED_THE_SPAMMERS__ - if (run.bouncemail) - send_bouncemail(ctl, msg, XMIT_ACCEPT, - "Invalid address in MAIL FROM (SMTP error 553).\r\n", - 1, responses); -#endif /* __DONT_FEED_THE_SPAMMERS__ */ + free(responses[0]); return(PS_REFUSED); + case 530: /* must issue STARTTLS error */ + /* + * Some SMTP servers insist on encrypted communication + * Let's set PS_TRANSIENT, otherwise all messages to be sent + * over such server would be blackholed - see RFC 3207. + */ + if (outlevel > O_SILENT) + report_complete(stdout, + GT_("SMTP server requires STARTTLS, keeping message.\n")); + free(responses[0]); + return(PS_TRANSIENT); + default: /* bounce non-transient errors back to the sender */ if (smtperr >= 500 && smtperr <= 599) { - send_bouncemail(ctl, msg, XMIT_ACCEPT, + if (run.bouncemail) + send_bouncemail(ctl, msg, XMIT_ACCEPT, "General SMTP/ESMTP error.\r\n", 1, responses); + free(responses[0]); return(PS_REFUSED); } /* @@ -582,6 +552,7 @@ static int handle_smtp_report(struct query *ctl, struct msgblk *msg) * these are not actual failures, we're very likely to be * able to recover on the next cycle. */ + free(responses[0]); return(PS_TRANSIENT); } } @@ -594,6 +565,8 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m { int smtperr = atoi(smtp_response); + (void)msg; + if (str_find(&ctl->antispam, smtperr)) { if (run.spambounce) @@ -603,7 +576,7 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m if (smtperr >= 400) report(stderr, GT_("%cMTP error: %s\n"), - ctl->listener, + ctl->smtphostmode, smtp_response); switch (smtperr) @@ -614,10 +587,7 @@ static int handle_smtp_report_without_bounce(struct query *ctl, struct msgblk *m return(PS_REFUSED); case 553: /* invalid sending domain */ -#ifdef __DONT_FEED_THE_SPAMMERS__ - if (run.bouncemail) - return(PS_SUCCESS); -#endif /* __DONT_FEED_THE_SPAMMERS__ */ + /* do not send bounce mail - it would feed spammers */ return(PS_REFUSED); default: @@ -637,6 +607,9 @@ int stuffline(struct query *ctl, char *buf) int n, oldphase; char *last; + if (!buf) + return -1; + /* The line may contain NUL characters. Find the last char to use * -- the real line termination is the sequence "\n\0". */ @@ -668,6 +641,7 @@ int stuffline(struct query *ctl, char *buf) if (ctl->server.base_protocol->delimited) /* server has already byte-stuffed */ { if (ctl->mda) { + /* writing to MDA, undo byte-stuffing */ ++buf; } else { /* writing to SMTP, leave the byte-stuffing in place */; @@ -675,14 +649,16 @@ int stuffline(struct query *ctl, char *buf) } else /* if (!protocol->delimited) -- not byte-stuffed already */ { - if (!ctl->mda) /* byte-stuff it */ - { - if (!ctl->bsmtp) - SockWrite(ctl->smtp_socket, buf, 1); - else - { - fwrite(buf, 1, 1, sinkfp); + /* byte-stuff it */ + if (!ctl->mda) { + if (!ctl->bsmtp) { + n = SockWrite(ctl->smtp_socket, buf, 1); + } else { + n = fwrite(buf, 1, 1, sinkfp); + if (ferror(sinkfp)) n = -1; } + if (n < 0) + return n; } } } @@ -700,9 +676,10 @@ int stuffline(struct query *ctl, char *buf) } n = 0; - if (ctl->mda || ctl->bsmtp) - n = fwrite(buf, last - buf, 1, sinkfp); - else if (ctl->smtp_socket != -1) + if (ctl->mda || ctl->bsmtp) { + n = fwrite(buf, 1, last - buf, sinkfp); + if (ferror(sinkfp)) n = -1; + } else if (ctl->smtp_socket != -1) n = SockWrite(ctl->smtp_socket, buf, last - buf); phase = oldphase; @@ -715,15 +692,26 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, /* open a BSMTP stream */ { struct idlist *idp; + int need_anglebrs; if (strcmp(ctl->bsmtp, "-") == 0) sinkfp = stdout; else sinkfp = fopen(ctl->bsmtp, "a"); + if (!sinkfp || ferror(sinkfp)) { + report(stderr, GT_("BSMTP file open failed: %s\n"), + strerror(errno)); + return(PS_BSMTP); + } + /* see the ap computation under the SMTP branch */ - fprintf(sinkfp, - "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user); + need_anglebrs = (msg->return_path[0] != '<'); + fprintf(sinkfp, + "MAIL FROM:%s%s%s", + need_anglebrs ? "<" : "", + (msg->return_path[0]) ? msg->return_path : user, + need_anglebrs ? ">" : ""); if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT)) fputs(" BODY=8BITMIME", sinkfp); @@ -742,22 +730,23 @@ static int open_bsmtp_sink(struct query *ctl, struct msgblk *msg, * enforce this. Now that we have the actual hostname, * compute what we should canonicalize with. */ - ctl->destaddr = ctl->smtpaddress ? ctl->smtpaddress : "localhost"; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup(ctl->smtpaddress ? ctl->smtpaddress : "localhost"); *bad_addresses = 0; for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) { - fprintf(sinkfp, "RCPT TO: %s\r\n", + fprintf(sinkfp, "RCPT TO:<%s>\r\n", rcpt_address (ctl, idp->id, 1)); (*good_addresses)++; } fputs("DATA\r\n", sinkfp); - if (ferror(sinkfp)) + if (fflush(sinkfp) || ferror(sinkfp)) { - report(stderr, GT_("BSMTP file open or preamble write failed\n")); + report(stderr, GT_("BSMTP preamble write failed: %s.\n"), strerror(errno)); return(PS_BSMTP); } @@ -817,7 +806,7 @@ static int is_dottedquad(const char *hostname) } static int open_smtp_sink(struct query *ctl, struct msgblk *msg, - int *good_addresses, int *bad_addresses) + int *good_addresses, int *bad_addresses /* this must be signed, to prevent endless loop in from_addresses */) /* open an SMTP stream */ { const char *ap; @@ -912,16 +901,17 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, ap = addr; } - if ((smtp_err = SMTP_from(ctl->smtp_socket, ap, options)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_from(ctl->smtp_socket, ctl->smtphostmode, + ap, options)) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(PS_TRANSIENT); } if (smtp_err != SM_OK) { - int err = handle_smtp_report(ctl, msg); + int err = handle_smtp_report(ctl, msg); /* map to PS_TRANSIENT or PS_REFUSED */ - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(err); } @@ -932,16 +922,23 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, for (idp = msg->recipients; idp; idp = idp->next) total_addresses++; #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS - xalloca(from_responses, char **, sizeof(char *) * total_addresses); + from_responses = (char **)xmalloc(sizeof(char *) * total_addresses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) { const char *address; address = rcpt_address (ctl, idp->id, 1); - if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, address)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, + address)) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); +transient: +#ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS + while (*bad_addresses) + free(from_responses[--*bad_addresses]); + free(from_responses); +#endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ return(PS_TRANSIENT); } if (smtp_err == SM_OK) @@ -956,10 +953,7 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, case PS_SUCCESS: #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS - xalloca(from_responses[*bad_addresses], - char *, - strlen(smtp_response)+1); - strcpy(from_responses[*bad_addresses], smtp_response); + from_responses[*bad_addresses] = xstrdup(smtp_response); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ (*bad_addresses)++; @@ -967,14 +961,14 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, if (outlevel >= O_VERBOSE) report(stderr, GT_("%cMTP listener doesn't like recipient address `%s'\n"), - ctl->listener, address); + ctl->smtphostmode, address); break; case PS_REFUSED: if (outlevel >= O_VERBOSE) report(stderr, GT_("%cMTP listener doesn't really like recipient address `%s'\n"), - ctl->listener, address); + ctl->smtphostmode, address); break; } } @@ -985,18 +979,26 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, * crap. If one of the recipients returned PS_TRANSIENT, * we return exactly that. */ - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ - return(PS_TRANSIENT); + smtp_rset(ctl); /* required by RFC1870 */ + goto transient; } #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS /* * This should not be necessary, because the SMTP listener itself - * should genrate a bounce for the bad address. + * should generate a bounce for the bad address. + * + * XXX FIXME 2006-01-19: is this comment true? I don't think + * it is, because the SMTP listener isn't required to accept bogus + * messages. There appears to be general SMTP<->MDA and + * responsibility confusion. */ if (*bad_addresses) send_bouncemail(ctl, msg, XMIT_RCPTBAD, "Some addresses were rejected by the MDA fetchmail forwards to.\r\n", *bad_addresses, from_responses); + while (*bad_addresses) + free(from_responses[--*bad_addresses]); + free(from_responses); #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ /* @@ -1012,10 +1014,10 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, { if (outlevel >= O_VERBOSE) report(stderr, GT_("no address matches; no postmaster set.\n")); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } - if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, + if ((smtp_err = SMTP_rcpt(ctl->smtp_socket, ctl->smtphostmode, rcpt_address (ctl, run.postmaster, 0))) == SM_UNRECOVERABLE) { smtp_close(ctl, 0); @@ -1024,7 +1026,7 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, if (smtp_err != SM_OK) { report(stderr, GT_("can't even send to %s!\n"), run.postmaster); - SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ + smtp_rset(ctl); /* required by RFC1870 */ return(PS_REFUSED); } @@ -1036,7 +1038,8 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, * Tell the listener we're ready to send data. * Some listeners (like zmailer) may return antispam errors here. */ - if ((smtp_err = SMTP_data(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_data(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(PS_TRANSIENT); @@ -1044,7 +1047,7 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, if (smtp_err != SM_OK) { int err = handle_smtp_report(ctl, msg); - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(err); } @@ -1061,14 +1064,14 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, int *good_addresses, int *bad_addresses) /* open a stream to a local MDA */ { -#ifdef HAVE_SETEUID uid_t orig_uid; -#endif /* HAVE_SETEUID */ struct idlist *idp; int length = 0, fromlen = 0, nameslen = 0; char *names = NULL, *before, *after, *from = NULL; - ctl->destaddr = "localhost"; + (void)bad_addresses; + xfree(ctl->destaddr); + ctl->destaddr = xstrdup("localhost"); for (idp = msg->recipients; idp; idp = idp->next) if (idp->val.status.mark == XMIT_ACCEPT) @@ -1086,9 +1089,9 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, */ nameslen = 0; for (idp = msg->recipients; idp; idp = idp->next) - if ((idp->val.status.mark == XMIT_ACCEPT)) + if (idp->val.status.mark == XMIT_ACCEPT) nameslen += (strlen(idp->id) + 1); /* string + ' ' */ - if ((*good_addresses == 0)) + if (*good_addresses == 0) nameslen = strlen(run.postmaster); names = (char *)xmalloc(nameslen + 1); /* account for '\0' */ @@ -1141,12 +1144,22 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, sp += 2; } - after = xmalloc(length + 1); + after = (char *)xmalloc(length + 1); /* copy mda source string to after, while expanding %[sTF] */ for (dp = after, sp = before; (*dp = *sp); dp++, sp++) { if (sp[0] != '%') continue; + if (sp > before && sp[-1] == '\'') { + report(stderr, GT_("MDA option contains single-quoted %%%c expansion.\n"), sp[1]); + report(stderr, GT_("Refusing to deliver. Check the manual and fix your mda option.\n")); + free(before); + free(after); + if (from) free(from); + if (names) free(names); + return PS_SYNTAX; + } + /* need to expand? BTW, no here overflow, because in ** the worst case (end of string) sp[1] == '\0' */ if (sp[1] == 's' || sp[1] == 'T') { @@ -1184,7 +1197,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, if (outlevel >= O_DEBUG) report(stdout, GT_("about to deliver with: %s\n"), before); -#ifdef HAVE_SETEUID /* * Arrange to run with user's permissions if we're root. * This will initialize the ownership of any files the @@ -1192,17 +1204,20 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, * under all BSDs and Linux) */ orig_uid = getuid(); - seteuid(ctl->uid); -#endif /* HAVE_SETEUID */ + if (seteuid(ctl->uid)) { + report(stderr, GT_("Cannot switch effective user id to %ld: %s\n"), (long)ctl->uid, strerror(errno)); + return PS_IOERR; + } sinkfp = popen(before, "w"); free(before); before = NULL; -#ifdef HAVE_SETEUID /* this will fail quietly if we didn't start as root */ - seteuid(orig_uid); -#endif /* HAVE_SETEUID */ + if (seteuid(orig_uid)) { + report(stderr, GT_("Cannot switch effective user id back to original %ld: %s\n"), (long)orig_uid, strerror(errno)); + return PS_IOERR; + } if (!sinkfp) { @@ -1226,6 +1241,8 @@ int open_sink(struct query *ctl, struct msgblk *msg, { *bad_addresses = *good_addresses = 0; + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + if (ctl->bsmtp) /* dump to a BSMTP batch file */ return(open_bsmtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -1233,7 +1250,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, * open a socket fails, fall through to attempt delivery via * local MDA. */ - else if (!ctl->mda && smtp_open(ctl) != -1) + else if (!ctl->mda && smtp_setup(ctl) != -1) return(open_smtp_sink(ctl, msg, good_addresses, bad_addresses)); /* @@ -1244,7 +1261,7 @@ int open_sink(struct query *ctl, struct msgblk *msg, else if (!ctl->mda) { report(stderr, GT_("%cMTP connect to %s failed\n"), - ctl->listener, + ctl->smtphostmode, ctl->smtphost ? ctl->smtphost : "localhost"); #ifndef FALLBACK_MDA @@ -1304,24 +1321,54 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) /* perform end-of-message actions on the current output sink */ { int smtp_err; - if (ctl->mda) - { - int rc; + + if (want_progress() && outlevel >= O_VERBOSE && !ctl->mda && !ctl->bsmtp) puts(""); + + if (ctl->bsmtp && sinkfp) { + int error, oerrno; + + /* implicit disk-full check here... */ + fputs(".\r\n", sinkfp); + error = ferror(sinkfp); + oerrno = errno; + if (strcmp(ctl->bsmtp, "-")) + { + if (fclose(sinkfp) == EOF) { + error = 1; + oerrno = errno; + } + sinkfp = (FILE *)NULL; + } + if (error) + { + report(stderr, + GT_("Message termination or close of BSMTP file failed: %s\n"), strerror(oerrno)); + return(FALSE); + } + } else if (ctl->mda) { + int rc = 0, e = 0, e2 = 0, err = 0; /* close the delivery pipe, we'll reopen before next message */ if (sinkfp) { + if (ferror(sinkfp)) + err = 1, e2 = errno; + if ((fflush(sinkfp))) + err = 1, e2 = errno; + + errno = 0; rc = pclose(sinkfp); + e = errno; sinkfp = (FILE *)NULL; } - else - rc = 0; deal_with_sigchld(); /* Restore SIGCHLD handling to reap zombies */ - if (rc) + if (rc || err) { - if (WIFSIGNALED(rc)) { + if (err) { + report(stderr, GT_("Error writing to MDA: %s\n"), strerror(e2)); + } else if (WIFSIGNALED(rc)) { report(stderr, GT_("MDA died of signal %d\n"), WTERMSIG(rc)); } else if (WIFEXITED(rc)) { @@ -1329,35 +1376,18 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) GT_("MDA returned nonzero status %d\n"), WEXITSTATUS(rc)); } else { report(stderr, - GT_("Strange: MDA pclose returned %d, cannot handle at %s:%d\n"), rc, __FILE__, __LINE__); + GT_("Strange: MDA pclose returned %d and errno %d/%s, cannot handle at %s:%d\n"), + rc, e, strerror(e), __FILE__, __LINE__); } return(FALSE); } } - else if (ctl->bsmtp && sinkfp) - { - int error; - - /* implicit disk-full check here... */ - fputs(".\r\n", sinkfp); - error = ferror(sinkfp); - if (strcmp(ctl->bsmtp, "-")) - { - if (fclose(sinkfp) == EOF) error = 1; - sinkfp = (FILE *)NULL; - } - if (error) - { - report(stderr, - GT_("Message termination or close of BSMTP file failed\n")); - return(FALSE); - } - } else if (forward) { /* write message terminator */ - if ((smtp_err = SMTP_eom(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_eom(ctl->smtp_socket, ctl->smtphostmode)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); return(FALSE); @@ -1366,13 +1396,13 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) { if (handle_smtp_report(ctl, msg) != PS_REFUSED) { - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(FALSE); } else { report(stderr, GT_("SMTP listener refused delivery\n")); - SMTP_rset(ctl->smtp_socket); /* stay on the safe side */ + smtp_rset(ctl); /* stay on the safe side */ return(TRUE); } } @@ -1387,11 +1417,11 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) * otherwise the message will get left in the queue and resent * to people who got it the first time. */ - if (ctl->listener == LMTP_MODE) + if (ctl->smtphostmode == LMTP_MODE) { if (lmtp_responses == 0) { - SMTP_ok(ctl->smtp_socket); + SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM); /* * According to RFC2033, 503 is the only legal response @@ -1417,32 +1447,28 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) } else { - int i, errors; + int i, errors, rc = FALSE; char **responses; /* eat the RFC2033-required responses, saving errors */ - xalloca(responses, char **, sizeof(char *) * lmtp_responses); + responses = (char **)xmalloc(sizeof(char *) * lmtp_responses); for (errors = i = 0; i < lmtp_responses; i++) { - if ((smtp_err = SMTP_ok(ctl->smtp_socket)) == SM_UNRECOVERABLE) + if ((smtp_err = SMTP_ok(ctl->smtp_socket, ctl->smtphostmode, TIMEOUT_EOM)) + == SM_UNRECOVERABLE) { smtp_close(ctl, 0); - return(FALSE); + goto unrecov; } - if (smtp_err == SM_OK) - responses[i] = (char *)NULL; - else + if (smtp_err != SM_OK) { - xalloca(responses[errors], - char *, - strlen(smtp_response)+1); - strcpy(responses[errors], smtp_response); + responses[errors] = xstrdup(smtp_response); errors++; } } if (errors == 0) - return(TRUE); /* all deliveries succeeded */ + rc = TRUE; /* all deliveries succeeded */ else /* * One or more deliveries failed. @@ -1452,9 +1478,15 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) * message from the server so it won't be * re-forwarded on subsequent poll cycles. */ - return(send_bouncemail(ctl, msg, XMIT_ACCEPT, - "LMTP partial delivery failure.\r\n", - errors, responses)); + rc = send_bouncemail(ctl, msg, XMIT_ACCEPT, + "LMTP partial delivery failure.\r\n", + errors, responses); + +unrecov: + for (i = 0; i < errors; i++) + free(responses[i]); + free(responses); + return rc; } } } @@ -1462,7 +1494,7 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) return(TRUE); } -int open_warning_by_mail(struct query *ctl, struct msgblk *msg) +int open_warning_by_mail(struct query *ctl) /* set up output sink for a mailed warning to calling user */ { int good, bad; @@ -1490,8 +1522,8 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) struct msgblk reply = {NULL, NULL, "FETCHMAIL-DAEMON@", 0, 0}; int status; - strcat(reply.return_path, ctl->smtpaddress ? ctl->smtpaddress : - fetchmailhost); + strlcat(reply.return_path, ctl->smtpaddress ? ctl->smtpaddress : + fetchmailhost, sizeof(reply.return_path)); if (!MULTIDROP(ctl)) /* send to calling user */ { @@ -1502,6 +1534,8 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) else /* send to postmaster */ status = open_sink(ctl, &reply, &good, &bad); if (status == 0) { + stuff_warning(NULL, ctl, "From: FETCHMAIL-DAEMON@%s", + ctl->smtpaddress ? ctl->smtpaddress : fetchmailhost); stuff_warning(NULL, ctl, "Date: %s", rfc822timestamp()); stuff_warning(NULL, ctl, "MIME-Version: 1.0"); stuff_warning(NULL, ctl, "Content-Transfer-Encoding: 8bit"); @@ -1514,15 +1548,7 @@ int open_warning_by_mail(struct query *ctl, struct msgblk *msg) /* if rfc2047charset is non-NULL, encode the line (that is assumed to be * a header line) as per RFC-2047 using rfc2047charset as the character * set field */ -#if defined(HAVE_STDARG_H) void stuff_warning(const char *rfc2047charset, struct query *ctl, const char *fmt, ... ) -#else -void stuff_warning(rfc2047charset, ctl, fmt, va_alist) -const char *charset; -struct query *ctl; -const char *fmt; /* printf-style format */ -va_dcl -#endif { /* make huge -- i18n can bulk up error messages a lot */ char buf[2*MSGBUFSIZE+4]; @@ -1534,11 +1560,7 @@ va_dcl * case it was a string constant. We make a virtue of that necessity * here by supporting stdargs/varargs. */ -#if defined(HAVE_STDARG_H) va_start(ap, fmt) ; -#else - va_start(ap); -#endif vsnprintf(buf, sizeof(buf) - 2, fmt, ap); va_end(ap); @@ -1559,4 +1581,18 @@ void close_warning_by_mail(struct query *ctl, struct msgblk *msg) close_sink(ctl, msg, TRUE); } +void abort_message_sink(struct query *ctl) +/* + * Forcibly close the SMTP connection and re-open. + * + * Used to abort message delivery once the DATA command has been issued. + * Required because all text after the DATA command is considered to be + * part of the message body (it is impossible to issue an SMTP command + * to abort message delivery once the DATA command has been issued). + */ +{ + smtp_close(ctl, 0); + smtp_setup(ctl); +} + /* sink.c ends here */