2 * \file transact.c -- transaction primitives for the fetchmail driver loop
4 * Copyright 2001 by Eric S. Raymond
5 * For license terms, see the file COPYING in this directory.
18 #include <sys/socket.h>
24 #include "fetchmail.h"
26 /** Macro to clamp the argument so it is >= INT_MIN. */
27 #define _FIX_INT_MIN(x) ((x) < INT_MIN ? INT_MIN : (x))
28 /** Macro to clamp the argument so it is <= INT_MAX. */
29 #define _FIX_INT_MAX(x) ((x) > INT_MAX ? INT_MAX : (x))
30 /** Macro to clamp the argument so it is representable as an int. */
31 #define CAST_TO_INT(x) ((int)(_FIX_INT_MIN(_FIX_INT_MAX(x))))
32 /** Macro to clamp the unsigned argument so it is representable as an int. */
33 #define UCAST_TO_INT(x) ((int)(_FIX_INT_MAX(x)))
35 /* global variables: please reinitialize them explicitly for proper
36 * working in daemon mode */
38 /* session variables initialized in init_transact() */
39 int suppress_tags = FALSE; /**< emit tags in the protocol? */
40 char tag[TAGLEN]; /**< buffer for the tag */
41 static int tagnum; /**< local counter for the tag */
42 /** Macro to generate the tag and store it in #tag. */
43 #define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag)
44 static const struct method *protocol; /**< description of the protocol used for the current poll */
45 char shroud[PASSWORDLEN*2+3]; /**< string to shroud in debug output */
47 /* session variables initialized in do_session() */
48 int mytimeout; /**< value of nonreponse timeout */
50 /* mail variables initialized in readheaders() */
51 struct msgblk msgblk; /**< stores attributes of the currently processed message */
52 static int accept_count /** count of accepted recipients */, reject_count /** count of rejected recipients */;
54 /** add given address to xmit_names if it exactly matches a full address
55 * \returns nonzero if matched */
56 static int map_address(const char *addr,/**< address to match */
57 struct query *ctl, /**< contains list of aliases */
58 struct idlist **xmit_names /**< list of recipient names */)
62 lname = idpair_find(&ctl->localnames, addr);
64 if (outlevel >= O_DEBUG)
65 report(stdout, GT_("mapped address %s to local %s\n"), addr, lname);
66 save_str(xmit_names, lname, XMIT_ACCEPT);
72 /** add given name to xmit_names if it matches declared localnames */
73 static void map_name(const char *name, struct query *ctl, struct idlist **xmit_names)
74 /** \param name name to map */
75 /** \param ctl list of permissible aliases */
76 /** \param xmit_names list of recipient names parsed out */
80 lname = idpair_find(&ctl->localnames, name);
81 if (!lname && ctl->wildcard)
84 if (lname != (char *)NULL)
86 if (outlevel >= O_DEBUG)
87 report(stdout, GT_("mapped %s to local %s\n"), name, lname);
88 save_str(xmit_names, lname, XMIT_ACCEPT);
93 static void find_server_names(const char *hdr,
95 struct idlist **xmit_names)
96 /** parse names out of a RFC822 header into an ID list */
97 /** \param hdr RFC822 header in question */
98 /** \param ctl list of permissible aliases */
99 /** \param xmit_names list of recipient names parsed out */
101 if (hdr == (char *)NULL)
107 for (cp = nxtaddr(hdr); cp != NULL; cp = nxtaddr(NULL))
112 * Handle empty address from a To: header containing only
119 * If the name of the user begins with a qmail virtual
120 * domain prefix, ignore the prefix. Doing this here
121 * means qvirtual will work either with ordinary name
122 * mapping or with a localdomains option.
124 if (ctl->server.qvirtual)
126 int sl = strlen(ctl->server.qvirtual);
128 if (!strncasecmp((char *)cp, ctl->server.qvirtual, sl))
132 if ((atsign = strchr((char *)cp, '@'))) {
135 /* try to match full address first, this takes
136 * precedence over localdomains and alias mappings */
137 if (map_address(cp, ctl, xmit_names))
141 * Does a trailing segment of the hostname match something
142 * on the localdomains list? If so, save the whole name
145 for (idp = ctl->server.localdomains; idp; idp = idp->next) {
148 rhs = atsign + (strlen(atsign) - strlen(idp->id));
150 (rhs[-1] == '.' || rhs[-1] == '@') &&
151 strcasecmp(rhs, idp->id) == 0)
153 if (outlevel >= O_DEBUG)
154 report(stdout, GT_("passed through %s matching %s\n"),
156 save_str(xmit_names, (const char *)cp, XMIT_ACCEPT);
162 /* if we matched a local domain, idp != NULL */
166 * Check to see if the right-hand part is an alias
167 * or MX equivalent of the mailserver. If it's
168 * not, skip this name. If it is, we'll keep
169 * going and try to find a mapping to a client name.
171 if (!is_host_alias(atsign+1, ctl, &ai0))
173 save_str(xmit_names, cp, XMIT_REJECT);
179 map_name(cp, ctl, xmit_names);
187 * Return zero on a syntactically invalid address, nz on a valid one.
189 * This used to be strchr(a, '.'), but it turns out that lines like this
191 * Received: from punt-1.mail.demon.net by mailstore for markb@example.com
192 * id 938765929:10:27223:2; Fri, 01 Oct 99 08:18:49 GMT
194 * are not uncommon. So now we just check that the following token is
195 * not itself an email address.
197 #define VALID_ADDRESS(a) (!strchr((a), '@'))
199 /** write \a value into \a rbuf, indexed by \a tp, if there is
200 * sufficient room left. */
201 #define RBUF_WRITE(value) do { if (tp < rbuf+sizeof(rbuf)-1) *tp++=(value); } while(0)
203 /** Try to extract real address from the Received line.
204 * If a valid Received: line is found, we return the full address in
205 * a buffer which can be parsed from nxtaddr(). This is to ensure that
206 * the local domain part of the address can be passed along in
207 * find_server_names() if it contains one.
208 * Note: We should return a dummy header containing the address
209 * which makes nxtaddr() behave correctly.
211 static char *parse_received(struct query *ctl, char *bufp)
213 char *base, *ok = (char *)NULL;
214 static char rbuf[HOSTLEN + USERNAMELEN + 4];
215 struct addrinfo *ai0;
218 * Try to extract the real envelope addressee. We look here
219 * specifically for the mailserver's Received line.
220 * Note: this will only work for sendmail, or an MTA that
221 * shares sendmail's convention for embedding the envelope
222 * address in the Received line. Sendmail itself only
223 * does this when the mail has a single recipient.
225 if (outlevel >= O_DEBUG)
226 report(stdout, GT_("analyzing Received line:\n%s"), bufp);
228 /* search for whitepace-surrounded "by" followed by valid address */
229 for (base = bufp; ; base = ok + 2)
231 if (!(ok = strstr(base, "by")))
233 else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[2]))
239 /* extract space-delimited token after "by" */
240 for (sp = ok + 2; isspace((unsigned char)*sp); sp++)
243 for (; *sp && !isspace((unsigned char)*sp); sp++)
247 /* look for valid address */
248 if (VALID_ADDRESS(rbuf))
251 ok = sp - 1; /* arrange to skip this token */
257 * If it's a DNS name of the mail server, look for the
258 * recipient name after a following "for". Otherwise
261 if (is_host_alias(rbuf, ctl, &ai0))
263 if (outlevel >= O_DEBUG)
265 GT_("line accepted, %s is an alias of the mailserver\n"), rbuf);
269 if (outlevel >= O_DEBUG)
271 GT_("line rejected, %s is not an alias of the mailserver\n"),
276 /* search for whitepace-surrounded "for" followed by xxxx@yyyy */
277 for (base = ok + 4 + strlen(rbuf); ; base = ok + 2)
279 if (!(ok = strstr(base, "for")))
281 else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[3]))
287 /* extract space-delimited token after "for" */
288 for (sp = ok + 3; isspace((unsigned char)*sp); sp++)
291 for (; !isspace((unsigned char)*sp); sp++)
295 if (strchr(rbuf, '@'))
298 ok = sp - 1; /* arrange to skip this token */
303 flag want_gt = FALSE;
306 /* char after "for" could be space or a continuation newline */
307 for (sp = ok + 4; isspace((unsigned char)*sp); sp++)
310 RBUF_WRITE(':'); /* Here is the hack. This is to be friends */
311 RBUF_WRITE(' '); /* with nxtaddr()... */
317 while (*sp == '@') /* skip routes */
318 while (*sp && *sp++ != ':')
321 && (want_gt ? (*sp != '>') : !isspace((unsigned char)*sp))
323 if (!isspace((unsigned char)*sp))
330 /* uh oh -- whitespace here can't be right! */
336 if (strlen(rbuf) <= 3) /* apparently nothing has been found */
344 if (outlevel >= O_DEBUG)
345 report(stdout, GT_("no Received address found\n"));
350 if (outlevel >= O_DEBUG) {
351 char *lf = rbuf + strlen(rbuf)-1;
353 if (outlevel >= O_DEBUG)
354 report(stdout, GT_("found Received address `%s'\n"), rbuf+2);
361 /* shared by readheaders and readbody */
362 static int sizeticker; /**< internal state variable for print_ticker() */
364 /** Print ticker based on a amount of data transferred of \a bytes.
365 * Increments \a *tickervar by \a bytes, and if it exceeds
366 * \a SIZETICKER, print a dot and reduce *tickervar by \a SIZETICKER. */
367 static void print_ticker(int *tickervar, int bytes)
370 while (*tickervar >= SIZETICKER)
377 *tickervar -= SIZETICKER;
381 /** Check if \a s is equal to a LF or CR LF sequence, followed by a NUL
382 * byte. \todo FIXME merge this with end_of_header? */
383 #define EMPTYLINE(s) (((s)[0] == '\r' && (s)[1] == '\n' && (s)[2] == '\0') \
384 || ((s)[0] == '\n' && (s)[1] == '\0'))
386 /** Check if \a s is an empty line. Accept "\r*\n" as EOH in order to be bulletproof against broken survers */
387 static int end_of_header (const char *s)
391 return (s[0] == '\n' && s[1] == '\0');
394 /** read message headers and ship to SMTP or MDA */
395 int readheaders(int sock,
400 flag *suppress_readbody)
401 /** \param sock to which the server is connected */
402 /** \param fetchlen length of message according to fetch response */
403 /** \param reallen length of message according to getsizes */
404 /** \param ctl query control record */
405 /** \param num index of message */
406 /** \param suppress_readbody output: whether call to readbody() should be supressed */
411 struct addrblk *next;
413 struct addrblk *to_addrchain = NULL;
414 struct addrblk **to_chainptr = &to_addrchain;
415 struct addrblk *resent_to_addrchain = NULL;
416 struct addrblk **resent_to_chainptr = &resent_to_addrchain;
418 char buf[MSGBUFSIZE+1];
419 int from_offs, reply_to_offs, resent_from_offs;
420 int app_from_offs, sender_offs, resent_sender_offs;
422 char *received_for, *rcv, *cp;
423 static char *delivered_to = NULL;
424 int n, oldlen, ch, remaining, skipcount;
426 int delivered_to_count;
428 flag no_local_matches = FALSE;
430 int olderrs, good_addresses, bad_addresses;
431 int retain_mail = 0, refuse_mail = 0;
432 flag already_has_return_path = FALSE;
436 msgblk.return_path[0] = '\0';
437 olderrs = ctl->errcount;
439 /* read message headers */
440 msgblk.reallen = reallen;
443 * We used to free the header block unconditionally at the end of
444 * readheaders, but it turns out that if close_sink() hits an error
445 * condition the code for sending bouncemail will actually look
446 * at the freed storage and coredump...
448 xfree(msgblk.headers);
449 free_str_list(&msgblk.recipients);
452 /* initially, no message digest */
453 memset(ctl->digest, '\0', sizeof(ctl->digest));
456 from_offs = reply_to_offs = resent_from_offs = app_from_offs =
457 sender_offs = resent_sender_offs = env_offs = -1;
461 delivered_to_count = 0;
464 for (remaining = fetchlen; remaining > 0 || protocol->delimited; )
468 line = (char *)xmalloc(sizeof(buf));
475 SockTimeout(sock, mytimeout);
476 n = SockRead(sock, buf, sizeof(buf) - 1);
484 * Smash out any NULs, they could wreak havoc later on.
485 * Some network stacks seem to generate these at random,
486 * especially (according to reports) at the beginning of the
487 * first read. NULs are illegal in RFC822 format.
489 for (sp = tp = buf; sp < buf + n; sp++)
502 * Try to gracefully handle the case where the length of a
503 * line exceeds MSGBUFSIZE.
505 if (n && buf[n-1] != '\n')
507 rline = (char *) realloc(line, linelen + 1);
514 memcpy(line + linelen - n, buf, n);
515 line[linelen] = '\0';
516 ch = ' '; /* So the next iteration starts */
520 /* lines may not be properly CRLF terminated; fix this for qmail */
521 /* we don't want to overflow the buffer here */
522 if (ctl->forcecr && buf[n-1]=='\n' && (n==1 || buf[n-2]!='\r'))
525 rline = (char *) realloc(line, linelen + 2);
532 memcpy(line + linelen - n, buf, n - 1);
533 tcp = line + linelen - 1;
537 /* n++; - not used later on */
542 rline = (char *) realloc(line, linelen + 1);
549 memcpy(line + linelen - n, buf, n + 1);
552 /* check for end of headers */
553 if (end_of_header(line))
556 if (linelen != strlen (line))
559 goto process_headers;
563 * Check for end of message immediately. If one of your folders
564 * has been mangled, the delimiter may occur directly after the
567 if (protocol->delimited && line[0] == '.' && EMPTYLINE(line+1))
569 if (suppress_readbody)
570 *suppress_readbody = TRUE;
571 goto eoh; /* above */
575 * At least one brain-dead website (netmind.com) is known to
576 * send out robotmail that's missing the RFC822 delimiter blank
577 * line before the body! Without this check fetchmail segfaults.
578 * With it, we treat such messages as spam and refuse them.
580 * Frederic Marchal reported in February 2006 that hotmail
581 * or something improperly wrapped a very long TO header
582 * (wrapped without inserting whitespace in the continuation
583 * line) and found that this code thus refused a message
584 * that should have been delivered.
586 * XXX FIXME: we should probably wrap the message up as
587 * message/rfc822 attachment and forward to postmaster (Rob
591 && !ctl->server.badheader == BHACCEPT
592 && !isspace((unsigned char)line[0])
593 && !strchr(line, ':'))
595 if (linelen != strlen (line))
597 if (outlevel > O_SILENT)
599 GT_("incorrect header line found - see manpage for bad-header option\n"));
600 if (outlevel >= O_VERBOSE)
601 report (stdout, GT_("line: %s"), line);
605 /* check for RFC822 continuations */
606 SockTimeout(sock, mytimeout);
609 (ch == ' ' || ch == '\t'); /* continuation to next line? */
611 /* write the message size dots */
612 if ((outlevel > O_SILENT && outlevel < O_VERBOSE) && linelen > 0)
614 print_ticker(&sizeticker, linelen);
618 * Decode MIME encoded headers. We MUST do this before
619 * looking at the Content-Type / Content-Transfer-Encoding
620 * headers (RFC 2046).
622 if ( ctl->mimedecode )
626 /* the line is now shorter. So we retrace back till we find
627 * our terminating combination \n\0, we move backwards to
628 * make sure that we don't catch some \n\0 stored in the
629 * decoded part of the message */
630 for (tcp = line + linelen - 1; tcp > line && (*tcp != 0 || tcp[-1] != '\n'); tcp--) { }
631 if (tcp > line) linelen = tcp - line;
635 /* skip processing if we are going to retain or refuse this mail */
636 if (retain_mail || refuse_mail)
642 /* we see an ordinary (non-header, non-message-delimiter) line */
643 if (linelen != strlen (line))
647 * The University of Washington IMAP server (the reference
648 * implementation of IMAP4 written by Mark Crispin) relies
649 * on being able to keep base-UID information in a special
650 * message at the head of the mailbox. This message should
651 * neither be deleted nor forwarded.
653 * An example for such a message is (keep this in so people
654 * find it when looking where the special code is to handle the
657 * From MAILER-DAEMON Wed Nov 23 11:38:42 2005
658 * Date: 23 Nov 2005 11:38:42 +0100
659 * From: Mail System Internal Data <MAILER-DAEMON@mail.example.org>
660 * Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
661 * Message-ID: <1132742322@mail.example.org>
662 * X-IMAP: 1132742306 0000000001
665 * This text is part of the internal format of your mail folder, and is not
666 * a real message. It is created automatically by the mail system software.
667 * If deleted, important folder data will be lost, and it will be re-created
668 * with the data reset to initial values.
670 * This message is only visible if a POP3 server that is unaware
671 * of these UWIMAP messages is used besides UWIMAP or PINE.
673 * We will just check if the first message in the mailbox has an
676 if (num == 1 && !strncasecmp(line, "X-IMAP:", 7)) {
683 * This code prevents fetchmail from becoming an accessory after
684 * the fact to upstream sendmails with the `E' option on. It also
685 * copes with certain brain-dead POP servers (like NT's) that pass
686 * through Unix from_ lines.
688 * Either of these bugs can result in a non-RFC822 line at the
689 * beginning of the headers. If fetchmail just passes it
690 * through, the client listener may think the message has *no*
691 * headers (since the first) line it sees doesn't look
692 * RFC822-conformant) and fake up a set.
694 * What the user would see in this case is bogus (synthesized)
695 * headers, followed by a blank line, followed by the >From,
696 * followed by the real headers, followed by a blank line,
699 * We forestall this lossage by tossing anything that looks
700 * like an escaped or passed-through From_ line in headers.
701 * These aren't RFC822 so our conscience is clear...
703 if (!strncasecmp(line, ">From ", 6) || !strncasecmp(line, "From ", 5))
710 * We remove all Delivered-To: headers if dropdelivered is set
711 * - special care must be taken if Delivered-To: is also used
712 * as envelope at the same time.
714 * This is to avoid false mail loops errors when delivering
715 * local messages to and from a Postfix or qmail mailserver.
717 if (ctl->dropdelivered && !strncasecmp(line, "Delivered-To:", 13))
720 ctl->server.envelope == STRING_DISABLED ||
721 !ctl->server.envelope ||
722 strcasecmp(ctl->server.envelope, "Delivered-To") ||
723 delivered_to_count != ctl->server.envskip)
727 delivered_to_count++;
732 * If we see a Status line, it may have been inserted by an MUA
733 * on the mail host, or it may have been inserted by the server
734 * program after the headers in the transaction stream. This
735 * can actually hose some new-mail notifiers such as xbuffy,
736 * which assumes any Status line came from a *local* MDA and
737 * therefore indicates that the message has been seen.
739 * Some buggy POP servers (including at least the 3.3(20)
740 * version of the one distributed with IMAP) insert empty
741 * Status lines in the transaction stream; we'll chuck those
742 * unconditionally. Nonempty ones get chucked if the user
743 * turns on the dropstatus flag.
748 if (!strncasecmp(line, "Status:", 7))
750 else if (!strncasecmp(line, "X-Mozilla-Status:", 17))
755 while (*tcp && isspace((unsigned char)*tcp)) tcp++;
756 if (!*tcp || ctl->dropstatus)
765 line = reply_hack(line, ctl->server.truename, &linelen);
768 * OK, this is messy. If we're forwarding by SMTP, it's the
769 * SMTP-receiver's job (according to RFC821, page 22, section
770 * 4.1.1) to generate a Return-Path line on final delivery.
771 * The trouble is, we've already got one because the
772 * mailserver's SMTP thought *it* was responsible for final
775 * Stash away the contents of Return-Path (as modified by reply_hack)
776 * for use in generating MAIL FROM later on, then prevent the header
777 * from being saved with the others. In effect, we strip it off here.
779 * If the SMTP server conforms to the standards, and fetchmail gets the
780 * envelope sender from the Return-Path, the new Return-Path should be
781 * exactly the same as the original one.
783 * We do *not* want to ignore empty Return-Path headers. These should
784 * be passed through as a way of indicating that a message should
785 * not trigger bounces if delivery fails. What we *do* need to do is
786 * make sure we never try to rewrite such a blank Return-Path. We
787 * handle this with a check for <> in the rewrite logic above.
789 * Also, if an email has multiple Return-Path: headers, we only
790 * read the first occurance, as some spam email has more than one
794 if ((already_has_return_path==FALSE) && !strncasecmp("Return-Path:", line, 12) && (cp = nxtaddr(line)))
796 char nulladdr[] = "<>";
797 already_has_return_path = TRUE;
798 if (cp[0]=='\0') /* nxtaddr() strips the brackets... */
800 strncpy(msgblk.return_path, cp, sizeof(msgblk.return_path));
801 msgblk.return_path[sizeof(msgblk.return_path)-1] = '\0';
811 msgblk.headers = (char *)xmalloc(oldlen + 1);
812 (void) memcpy(msgblk.headers, line, linelen);
813 msgblk.headers[oldlen] = '\0';
815 line = msgblk.headers;
822 newlen = oldlen + linelen;
823 newhdrs = (char *) realloc(msgblk.headers, newlen + 1);
824 if (newhdrs == NULL) {
828 msgblk.headers = newhdrs;
829 memcpy(msgblk.headers + oldlen, line, linelen);
830 msgblk.headers[newlen] = '\0';
832 line = msgblk.headers + oldlen;
836 /* find offsets of various special headers */
837 if (!strncasecmp("From:", line, 5))
838 from_offs = (line - msgblk.headers);
839 else if (!strncasecmp("Reply-To:", line, 9))
840 reply_to_offs = (line - msgblk.headers);
841 else if (!strncasecmp("Resent-From:", line, 12))
842 resent_from_offs = (line - msgblk.headers);
843 else if (!strncasecmp("Apparently-From:", line, 16))
844 app_from_offs = (line - msgblk.headers);
846 * Netscape 4.7 puts "Sender: zap" in mail headers. Perverse...
848 * But a literal reading of RFC822 sec. 4.4.2 supports the idea
849 * that Sender: *doesn't* have to be a working email address.
851 * The definition of the Sender header in RFC822 says, in
852 * part, "The Sender mailbox specification includes a word
853 * sequence which must correspond to a specific agent (i.e., a
854 * human user or a computer program) rather than a standard
855 * address." That implies that the contents of the Sender
856 * field don't need to be a legal email address at all So
857 * ignore any Sender or Resent-Sender lines unless they
860 * (RFC2822 says the contents of Sender must be a valid mailbox
861 * address, which is also what RFC822 4.4.4 implies.)
863 else if (!strncasecmp("Sender:", line, 7) && (strchr(line, '@') || strchr(line, '!')))
864 sender_offs = (line - msgblk.headers);
865 else if (!strncasecmp("Resent-Sender:", line, 14) && (strchr(line, '@') || strchr(line, '!')))
866 resent_sender_offs = (line - msgblk.headers);
868 /* if multidrop is on, gather addressee headers */
871 if (!strncasecmp("To:", line, 3)
872 || !strncasecmp("Cc:", line, 3)
873 || !strncasecmp("Bcc:", line, 4)
874 || !strncasecmp("Apparently-To:", line, 14))
876 *to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk));
877 (*to_chainptr)->offset = (line - msgblk.headers);
878 to_chainptr = &(*to_chainptr)->next;
882 else if (!strncasecmp("Resent-To:", line, 10)
883 || !strncasecmp("Resent-Cc:", line, 10)
884 || !strncasecmp("Resent-Bcc:", line, 11))
886 *resent_to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk));
887 (*resent_to_chainptr)->offset = (line - msgblk.headers);
888 resent_to_chainptr = &(*resent_to_chainptr)->next;
889 *resent_to_chainptr = NULL;
892 else if (ctl->server.envelope != STRING_DISABLED)
894 if (ctl->server.envelope
895 && strcasecmp(ctl->server.envelope, "Received"))
897 if (env_offs == -1 && !strncasecmp(ctl->server.envelope,
899 strlen(ctl->server.envelope)))
901 if (skipcount++ < ctl->server.envskip)
903 env_offs = (line - msgblk.headers);
906 else if (!received_for && !strncasecmp("Received:", line, 9))
908 if (skipcount++ < ctl->server.envskip)
910 received_for = parse_received(ctl, line);
925 * This is the duplicate-message killer code.
927 * When mail delivered to a multidrop mailbox on the server is
928 * addressed to multiple people on the client machine, there will
929 * be one copy left in the box for each recipient. This is not a
930 * problem if we have the actual recipient address to dispatch on
931 * (e.g. because we've mined it out of sendmail trace headers, or
932 * a qmail Delivered-To line, or a declared sender envelope line).
934 * But if we're mining addressees out of the To/Cc/Bcc fields, and
935 * if the mail is addressed to N people, each recipient will
936 * get N copies. This is bad when N > 1.
938 * Foil this by suppressing all but one copy of a message with a
939 * given set of headers.
941 * Note: This implementation only catches runs of successive
942 * messages with the same ID, but that should be good
943 * enough. A more general implementation would have to store
944 * ever-growing lists of seen message-IDs; in a long-running
945 * daemon this would turn into a memory leak even if the
946 * implementation were perfect.
948 * Don't mess with this code casually. It would be way too easy
949 * to break it in a way that blackholed mail. Better to pass
950 * the occasional duplicate than to do that...
953 * The real fix however is to insist on Delivered-To: or similar
954 * headers and require that one copy per recipient be dropped.
955 * Everything else breaks sooner or later.
957 if (MULTIDROP(ctl) && msgblk.headers)
962 MD5Update(&context, (unsigned char *)msgblk.headers, strlen(msgblk.headers));
963 MD5Final(ctl->digest, &context);
965 if (!received_for && env_offs == -1 && !delivered_to)
968 * Hmmm...can MD5 ever yield all zeroes as a hash value?
969 * If so there is a one in 18-quadrillion chance this
970 * code will incorrectly nuke the first message.
972 if (!memcmp(ctl->lastdigest, ctl->digest, DIGESTLEN))
975 memcpy(ctl->lastdigest, ctl->digest, DIGESTLEN);
979 * Hack time. If the first line of the message was blank, with no headers
980 * (this happens occasionally due to bad gatewaying software) cons up
981 * a set of fake headers.
983 * If you modify the fake header template below, be sure you don't
984 * make either From or To address @-less, otherwise the reply_hack
985 * logic will do bad things.
987 if (msgblk.headers == (char *)NULL)
989 snprintf(buf, sizeof(buf),
990 "From: FETCHMAIL-DAEMON\r\n"
992 "Subject: Headerless mail from %s's mailbox on %s\r\n",
993 user, fetchmailhost, ctl->remotename, ctl->server.truename);
994 msgblk.headers = xstrdup(buf);
998 * We can now process message headers before reading the text.
999 * In fact we have to, as this will tell us where to forward to.
1002 /* Check for MIME headers indicating possible 8-bit data */
1003 ctl->mimemsg = MimeBodyType(msgblk.headers, ctl->mimedecode);
1006 if (ctl->server.sdps && sdps_envfrom)
1008 /* We have the real envelope return-path, stored out of band by
1009 * SDPS - that's more accurate than any header is going to be.
1011 strlcpy(msgblk.return_path, sdps_envfrom, sizeof(msgblk.return_path));
1014 #endif /* SDPS_ENABLE */
1016 * If there is a Return-Path address on the message, this was
1017 * almost certainly the MAIL FROM address given the originating
1018 * sendmail. This is the best thing to use for logging the
1019 * message origin (it sets up the right behavior for bounces and
1020 * mailing lists). Otherwise, fall down to the next available
1021 * envelope address (which is the most probable real sender).
1022 * *** The order is important! ***
1023 * This is especially useful when receiving mailing list
1024 * messages in multidrop mode. if a local address doesn't
1025 * exist, the bounce message won't be returned blindly to the
1026 * author or to the list itself but rather to the list manager
1027 * (ex: specified by "Sender:") which is much less annoying. This
1028 * is true for most mailing list packages.
1030 if( !msgblk.return_path[0] ){
1032 if (resent_sender_offs >= 0 && (ap = nxtaddr(msgblk.headers + resent_sender_offs)));
1033 else if (sender_offs >= 0 && (ap = nxtaddr(msgblk.headers + sender_offs)));
1034 else if (resent_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + resent_from_offs)));
1035 else if (from_offs >= 0 && (ap = nxtaddr(msgblk.headers + from_offs)));
1036 else if (reply_to_offs >= 0 && (ap = nxtaddr(msgblk.headers + reply_to_offs)));
1037 else if (app_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + app_from_offs))) {}
1038 /* multi-line MAIL FROM addresses confuse SMTP terribly */
1039 if (ap && !strchr(ap, '\n')) {
1040 strncpy(msgblk.return_path, ap, sizeof(msgblk.return_path));
1041 msgblk.return_path[sizeof(msgblk.return_path)-1] = '\0';
1045 /* cons up a list of local recipients */
1046 msgblk.recipients = (struct idlist *)NULL;
1047 accept_count = reject_count = 0;
1048 /* is this a multidrop box? */
1052 if (ctl->server.sdps && sdps_envto)
1054 /* We have the real envelope recipient, stored out of band by
1055 * SDPS - that's more accurate than any header is going to be.
1057 find_server_names(sdps_envto, ctl, &msgblk.recipients);
1060 #endif /* SDPS_ENABLE */
1061 if (env_offs > -1) { /* We have the actual envelope addressee */
1062 if (outlevel >= O_DEBUG) {
1063 const char *tmps = msgblk.headers + env_offs;
1064 size_t l = strcspn(tmps, "\r\n");
1065 report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps);
1067 find_server_names(msgblk.headers + env_offs, ctl, &msgblk.recipients);
1069 else if (delivered_to && ctl->server.envelope != STRING_DISABLED &&
1070 ctl->server.envelope && !strcasecmp(ctl->server.envelope, "Delivered-To"))
1072 if (outlevel >= O_DEBUG) {
1073 const char *tmps = delivered_to + 2 + strlen(ctl->server.envelope);
1074 size_t l = strcspn(tmps, "\r\n");
1075 report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps);
1077 find_server_names(delivered_to, ctl, &msgblk.recipients);
1078 xfree(delivered_to);
1079 } else if (received_for) {
1081 * We have the Received for addressee.
1082 * It has to be a mailserver address, or we
1083 * wouldn't have got here.
1084 * We use find_server_names() to let local
1085 * hostnames go through.
1087 if (outlevel >= O_DEBUG) {
1088 const char *tmps = received_for + 2;
1089 size_t l = strcspn(tmps, "\r\n");
1090 report(stdout, GT_("Parsing Received names \"%-.*s\"\n"), UCAST_TO_INT(l), tmps);
1092 find_server_names(received_for, ctl, &msgblk.recipients);
1095 * We haven't extracted the envelope address.
1096 * So check all the "Resent-To" header addresses if
1097 * they exist. If and only if they don't, consider
1098 * the "To" addresses.
1100 register struct addrblk *nextptr;
1101 if (outlevel >= O_DEBUG)
1102 report(stdout, GT_("No envelope recipient found, resorting to header guessing.\n"));
1103 if (resent_to_addrchain) {
1104 /* delete the "To" chain and substitute it
1105 * with the "Resent-To" list
1107 while (to_addrchain) {
1108 nextptr = to_addrchain->next;
1110 to_addrchain = nextptr;
1112 to_addrchain = resent_to_addrchain;
1113 resent_to_addrchain = NULL;
1115 /* now look for remaining adresses */
1116 while (to_addrchain) {
1117 if (outlevel >= O_DEBUG) {
1118 const char *tmps = msgblk.headers+to_addrchain->offset;
1119 size_t l = strcspn(tmps, "\r\n");
1120 report(stdout, GT_("Guessing from header \"%-.*s\".\n"), UCAST_TO_INT(l), tmps);
1123 find_server_names(msgblk.headers+to_addrchain->offset, ctl, &msgblk.recipients);
1124 nextptr = to_addrchain->next;
1126 to_addrchain = nextptr;
1131 no_local_matches = TRUE;
1132 save_str(&msgblk.recipients, run.postmaster, XMIT_ACCEPT);
1133 if (outlevel >= O_DEBUG)
1135 GT_("no local matches, forwarding to %s\n"),
1139 else /* it's a single-drop box, use first localname */
1140 save_str(&msgblk.recipients, ctl->localnames->id, XMIT_ACCEPT);
1144 * Time to either address the message or decide we can't deliver it yet.
1146 if (ctl->errcount > olderrs) /* there were DNS errors above */
1148 if (outlevel >= O_DEBUG)
1150 GT_("forwarding and deletion suppressed due to DNS errors\n"));
1151 return(PS_TRANSIENT);
1155 /* set up stuffline() so we can deliver the message body through it */
1156 if ((n = open_sink(ctl, &msgblk,
1157 &good_addresses, &bad_addresses)) != PS_SUCCESS)
1165 * Some server/sendmail combinations cause problems when our
1166 * synthetic Received line is before the From header. Cope
1169 if ((rcv = strstr(msgblk.headers, "Received:")) == (char *)NULL)
1170 rcv = msgblk.headers;
1171 /* handle ">Received:" lines too */
1172 while (rcv > msgblk.headers && rcv[-1] != '\n')
1174 if (rcv > msgblk.headers)
1179 n = stuffline(ctl, msgblk.headers);
1182 if (!run.invisible && n != -1)
1184 /* utter any per-message Received information we need here */
1185 if (ctl->server.trueaddr) {
1189 e = getnameinfo(ctl->server.trueaddr, ctl->server.trueaddr_len,
1190 saddr, sizeof(saddr), NULL, 0,
1193 snprintf(saddr, sizeof(saddr), "(%-.*s)", (int)(sizeof(saddr) - 3), gai_strerror(e));
1194 snprintf(buf, sizeof(buf),
1195 "Received: from %s [%s]\r\n",
1196 ctl->server.truename, saddr);
1198 snprintf(buf, sizeof(buf),
1199 "Received: from %s\r\n", ctl->server.truename);
1201 n = stuffline(ctl, buf);
1205 * We SHOULD (RFC-2821 sec. 4.4/p. 53) make sure to only use
1206 * IANA registered protocol names here.
1208 snprintf(buf, sizeof(buf),
1209 "\tby %s with %s (fetchmail-%s",
1213 if (ctl->server.tracepolls)
1215 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1216 " polling %s account %s",
1217 ctl->server.pollname,
1220 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1224 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), ")\r\n");
1225 n = stuffline(ctl, buf);
1229 if (good_addresses == 0)
1231 snprintf(buf+1, sizeof(buf)-1, "for <%s> (by default); ",
1232 rcpt_address (ctl, run.postmaster, 0));
1234 else if (good_addresses == 1)
1236 for (idp = msgblk.recipients; idp; idp = idp->next)
1237 if (idp->val.status.mark == XMIT_ACCEPT)
1238 break; /* only report first address */
1240 snprintf(buf+1, sizeof(buf)-1,
1241 "for <%s>", rcpt_address (ctl, idp->id, 1));
1242 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf)-1,
1244 MULTIDROP(ctl) ? "multi-drop" : "single-drop");
1249 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s\r\n",
1251 n = stuffline(ctl, buf);
1257 n = stuffline(ctl, rcv); /* ship out rest of msgblk.headers */
1261 report(stdout, GT_("writing RFC822 msgblk.headers\n"));
1266 if (want_progress())
1269 /* write error notifications */
1270 if (no_local_matches || has_nuls || bad_addresses)
1273 char errhd[USERNAMELEN + POPBUFSIZE], *errmsg;
1276 strlcpy(errhd, "X-Fetchmail-Warning: ", sizeof(errhd));
1277 if (no_local_matches)
1279 if (reject_count != 1)
1280 strlcat(errhd, GT_("no recipient addresses matched declared local names"), sizeof(errhd));
1283 for (idp = msgblk.recipients; idp; idp = idp->next)
1284 if (idp->val.status.mark == XMIT_REJECT)
1286 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1287 GT_("recipient address %s didn't match any local name"), idp->id);
1293 if (errhd[sizeof("X-Fetchmail-Warning: ")])
1294 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; ");
1295 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1296 GT_("message has embedded NULs"));
1301 if (errhd[sizeof("X-Fetchmail-Warning: ")])
1302 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; ");
1303 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1304 GT_("SMTP listener rejected local recipient addresses: "));
1305 errlen = strlen(errhd);
1306 for (idp = msgblk.recipients; idp; idp = idp->next)
1307 if (idp->val.status.mark == XMIT_RCPTBAD)
1308 errlen += strlen(idp->id) + 2;
1310 errmsg = (char *)xmalloc(errlen + 3);
1311 strcpy(errmsg, errhd);
1312 for (idp = msgblk.recipients; idp; idp = idp->next)
1313 if (idp->val.status.mark == XMIT_RCPTBAD)
1315 strcat(errmsg, idp->id);
1317 strcat(errmsg, ", ");
1322 strcat(errmsg, "\r\n");
1324 /* ship out the error line */
1325 stuffline(ctl, errmsg);
1327 if (errmsg != errhd)
1331 /* issue the delimiter line */
1336 n = stuffline(ctl, buf);
1338 if ((size_t)n == strlen(buf))
1344 int readbody(int sock, struct query *ctl, flag forward, int len)
1345 /** read and dispose of a message body presented on \a sock */
1346 /** \param ctl query control record */
1347 /** \param sock to which the server is connected */
1348 /** \param forward TRUE to forward */
1349 /** \param len length of message */
1352 char buf[MSGBUFSIZE+4];
1354 flag issoftline = FALSE;
1357 * Pass through the text lines in the body.
1359 * Yes, this wants to be ||, not &&. The problem is that in the most
1360 * important delimited protocol, POP3, the length is not reliable.
1361 * As usual, the problem is Microsoft brain damage; see FAQ item S2.
1362 * So, for delimited protocols we need to ignore the length here and
1363 * instead drop out of the loop with a break statement when we see
1364 * the message delimiter.
1366 while (protocol->delimited || len > 0)
1368 SockTimeout(sock, mytimeout);
1369 /* XXX FIXME: for undelimited protocols that ship the size, such
1370 * as IMAP, we might want to use the count of remaining characters
1371 * instead of the buffer size -- not for fetchmail 6.3.X though */
1372 linelen = SockRead(sock, inbufp, sizeof(buf)-4-(inbufp-buf));
1379 /* write the message size dots */
1382 print_ticker(&sizeticker, linelen);
1385 /* Mike Jones, Manchester University, 2006:
1386 * "To fix IMAP MIME Messages in which fetchmail adds the remainder of
1387 * the IMAP packet including the ')' character (part of the IMAP)
1388 * Protocol causing the addition of an extra MIME boundary locally."
1390 * However, we shouldn't do this for delimited protocols:
1391 * many POP3 servers (Microsoft, qmail) goof up message sizes
1392 * so we might end truncating messages prematurely.
1394 if (!protocol->delimited && linelen > len) {
1400 /* check for end of message */
1401 if (protocol->delimited && *inbufp == '.')
1403 if (EMPTYLINE(inbufp+1))
1406 msgblk.msglen--; /* subtract the size of the dot escape */
1409 msgblk.msglen += linelen;
1411 if (ctl->mimedecode && (ctl->mimemsg & MSG_NEEDS_DECODE)) {
1412 issoftline = UnMimeBodyline(&inbufp, protocol->delimited, issoftline);
1413 if (issoftline && (sizeof(buf)-1-(inbufp-buf) < 200))
1416 * Soft linebreak, but less than 200 bytes left in
1417 * input buffer. Rather than doing a buffer overrun,
1418 * ignore the soft linebreak, NL-terminate data and
1419 * deliver what we have now.
1420 * (Who writes lines longer than 2K anyway?)
1422 *inbufp = '\n'; *(inbufp+1) = '\0';
1427 /* ship out the text line */
1428 if (forward && (!issoftline))
1433 /* guard against very long lines */
1434 buf[MSGBUFSIZE+1] = '\r';
1435 buf[MSGBUFSIZE+2] = '\n';
1436 buf[MSGBUFSIZE+3] = '\0';
1438 n = stuffline(ctl, buf);
1442 report(stdout, GT_("error writing message text\n"));
1446 else if (want_progress())
1457 void init_transact(const struct method *proto)
1458 /** initialize state for the send and receive functions */
1460 suppress_tags = FALSE;
1462 tag[0] = '\0'; /* nuke any tag hanging out from previous query */
1467 /** shroud a password in the given buffer */
1468 static void enshroud(char *buf)
1472 if (shroud[0] && (cp = strstr(buf, shroud)))
1476 sp = cp + strlen(shroud);
1484 /** assemble command in printf(3) style and send to the server */
1485 void gen_send(int sock/** socket to which server is connected */,
1486 const char *fmt /** printf-style format */,
1489 char buf [MSGBUFSIZE+1];
1492 if (protocol->tagged && !suppress_tags)
1493 snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
1498 vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
1501 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
1502 SockWrite(sock, buf, strlen(buf));
1504 if (outlevel >= O_MONITOR)
1507 buf[strlen(buf)-2] = '\0';
1508 report(stdout, "%s> %s\n", protocol->name, buf);
1512 /** get one line of input from the server */
1513 int gen_recv(int sock /** socket to which server is connected */,
1514 char *buf /** buffer to receive input */,
1515 int size /** length of buffer */)
1518 int oldphase = phase; /* we don't have to be re-entrant */
1521 phase = SERVER_WAIT;
1522 SockTimeout(sock, mytimeout);
1523 retval = SockRead(sock, buf, size);
1528 if(is_idletimeout())
1531 return(PS_IDLETIMEOUT);
1540 if (n > 0 && buf[n-1] == '\n')
1542 if (n > 0 && buf[n-1] == '\r')
1544 if (outlevel >= O_MONITOR)
1545 report(stdout, "%s< %s\n", protocol->name, buf);
1550 /** \addtogroup gen_recv_split
1552 * gen_recv_split() splits the response from a server which is too
1553 * long to fit into the buffer into multiple lines. If the prefix is
1554 * set as "MY FEATURES" and the response from the server is too long
1555 * to fit in the buffer, as in:
1557 * "MY FEATURES ABC DEF GHI JKLMNOPQRS TU VWX YZ"
1559 * Repeated calls to gen_recv_split() may return:
1561 * "MY FEATURES ABC DEF GHI"
1562 * "MY FEATURES JKLMNOPQRS"
1563 * "MY FEATURES TU VWX YZ"
1565 * A response not beginning with the prefix "MY FEATURES" will not be
1569 * - Declare a variable of type struct RecvSplit
1570 * - Call gen_recv_split_init() once
1571 * - Call gen_recv_split() in a loop, preferably with the same buffer
1572 * size as the "buf" array in struct RecvSplit
1575 static void overrun(const char *f, size_t l) __attribute__((noreturn));
1577 /** Internal error report function. If this happens, the calling site
1578 * needs to be adjusted to set a shorter prefix, or the prefix capacity
1579 * needs to be raised in struct RecvSplit. */
1580 static void overrun(const char *f, size_t l)
1582 report(stderr, GT_("Buffer too small. This is a bug in the caller of %s:%lu.\n"), f, (unsigned long)l);
1586 /** Initialize \a rs for later use by gen_recv_split. */
1587 void gen_recv_split_init (const char *prefix /** prefix to match/repeat */,
1588 struct RecvSplit *rs /** structure to be initialized */)
1590 if (strlcpy(rs->prefix, prefix, sizeof(rs->prefix)) > sizeof(rs->prefix))
1591 overrun(__FILE__, __LINE__);
1596 /** Function to split replies at blanks, and duplicate prefix.
1597 * gen_recv_split_init() must be called before this can be used. */
1598 int gen_recv_split(int sock /** socket to which server is connected */,
1599 char *buf /** buffer to receive input */,
1600 int size /** length of buffer, must be the same for all calls */,
1601 struct RecvSplit *rs /** cached information across calls */)
1604 int foundnewline = 0;
1606 int oldphase = phase; /* we don't have to be re-entrant */
1610 /* if this is not our first call, prepare the buffer */
1614 * if this condition is not met, we lose data
1615 * because the cached data does not fit into the buffer.
1616 * this cannot happen if size is the same throughout all calls.
1618 assert(strlen(rs->prefix) + strlen(rs->buf) + 1 <= (size_t)size);
1620 if ((strlcpy(buf, rs->prefix, size) >= (size_t)size)
1621 || (strlcat(buf, rs->buf, size) >= (size_t)size)) {
1622 overrun(__FILE__, __LINE__);
1626 /* clear the cache for the next call */
1631 if ((size_t)size > n) {
1634 phase = SERVER_WAIT;
1635 set_timeout(mytimeout);
1636 rr = SockRead(sock, buf + n, size - n);
1644 if (n > 0 && buf[n-1] == '\n')
1649 if (n > 0 && buf[n-1] == '\r')
1652 if (foundnewline /* we have found a complete line */
1653 || strncasecmp(buf, rs->prefix, strlen(rs->prefix)) /* mismatch in prefix */
1654 || !(p = strrchr(buf, ' ')) /* no space found in response */
1655 || p < buf + strlen(rs->prefix)) /* space is at the wrong location */
1657 if (outlevel >= O_MONITOR)
1658 report(stdout, "%s< %s\n", protocol->name, buf);
1662 /* we are ready to cache some information now. */
1664 if (strlcpy(rs->buf, p, sizeof(rs->buf)) >= sizeof(rs->buf)) {
1665 overrun(__FILE__, __LINE__);
1667 *p = '\0'; /* chop off what we've cached */
1668 if (outlevel >= O_MONITOR)
1669 report(stdout, "%s< %s\n", protocol->name, buf);
1670 if (outlevel >= O_DEBUG)
1671 report(stdout, "%s< %s%s...\n", protocol->name, rs->prefix, rs->buf);
1676 /** assemble command in printf(3) style, send to server, fetch a response */
1677 int gen_transact(int sock /** socket to which server is connected */,
1678 const char *fmt /** printf-style format */,
1682 char buf [MSGBUFSIZE+1];
1684 int oldphase = phase; /* we don't have to be re-entrant */
1686 phase = SERVER_WAIT;
1688 if (protocol->tagged && !suppress_tags)
1689 snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
1694 vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
1697 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
1698 ok = SockWrite(sock, buf, strlen(buf));
1699 if (ok == -1 || (size_t)ok != strlen(buf)) {
1700 /* short write, bail out */
1704 if (outlevel >= O_MONITOR)
1707 buf[strlen(buf)-2] = '\0';
1708 report(stdout, "%s> %s\n", protocol->name, buf);
1711 /* we presume this does its own response echoing */
1712 ok = (protocol->parse_response)(sock, buf);
1718 /* transact.c ends here */