2 * Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: collect.c,v 8.280 2006/11/29 00:20:40 ca Exp $")
18 static void eatfrom
__P((char *volatile, ENVELOPE
*));
19 static void collect_doheader
__P((ENVELOPE
*));
20 static SM_FILE_T
*collect_dfopen
__P((ENVELOPE
*));
21 static SM_FILE_T
*collect_eoh
__P((ENVELOPE
*, int, int));
24 ** COLLECT_EOH -- end-of-header processing in collect()
26 ** Called by collect() when it encounters the blank line
27 ** separating the header from the message body, or when it
28 ** encounters EOF in a message that contains only a header.
32 ** numhdrs -- number of headers
33 ** hdrslen -- length of headers
36 ** NULL, or handle to open data file
39 ** end-of-header check ruleset is invoked.
40 ** envelope state is updated.
41 ** headers may be added and deleted.
43 ** opens the data file.
47 collect_eoh(e
, numhdrs
, hdrslen
)
55 /* call the end-of-header check ruleset */
56 (void) sm_snprintf(hnum
, sizeof(hnum
), "%d", numhdrs
);
57 (void) sm_snprintf(hsize
, sizeof(hsize
), "%d", hdrslen
);
59 sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
61 (void) rscheck("check_eoh", hnum
, hsize
, e
, RSF_UNSTRUCTURED
|RSF_COUNT
,
62 3, NULL
, e
->e_id
, NULL
);
65 ** Process the header,
66 ** select the queue, open the data file.
70 return collect_dfopen(e
);
74 ** COLLECT_DOHEADER -- process header in collect()
76 ** Called by collect() after it has finished parsing the header,
77 ** but before it selects the queue and creates the data file.
78 ** The results of processing the header will affect queue selection.
87 ** envelope state is updated.
88 ** headers may be added and deleted.
96 ** Find out some information from the headers.
97 ** Examples are who is the from person & the date.
100 eatheader(e
, true, false);
102 if (GrabTo
&& e
->e_sendqueue
== NULL
)
103 usrerr("No recipient addresses found in header");
106 ** If we have a Return-Receipt-To:, turn it into a DSN.
109 if (RrtImpliesDsn
&& hvalue("return-receipt-to", e
->e_header
) != NULL
)
113 for (q
= e
->e_sendqueue
; q
!= NULL
; q
= q
->q_next
)
114 if (!bitset(QHASNOTIFY
, q
->q_flags
))
115 q
->q_flags
|= QHASNOTIFY
|QPINGONSUCCESS
;
119 ** Add an appropriate recipient line if we have none.
122 if (hvalue("to", e
->e_header
) != NULL
||
123 hvalue("cc", e
->e_header
) != NULL
||
124 hvalue("apparently-to", e
->e_header
) != NULL
)
126 /* have a valid recipient header -- delete Bcc: headers */
127 e
->e_flags
|= EF_DELETE_BCC
;
129 else if (hvalue("bcc", e
->e_header
) == NULL
)
131 /* no valid recipient headers */
135 /* create a recipient field */
136 switch (NoRecipientAction
)
138 case NRA_ADD_APPARENTLY_TO
:
139 hdr
= "Apparently-To";
147 addheader("Bcc", " ", 0, e
, true);
150 case NRA_ADD_TO_UNDISCLOSED
:
151 addheader("To", "undisclosed-recipients:;", 0, e
, true);
157 for (q
= e
->e_sendqueue
; q
!= NULL
; q
= q
->q_next
)
159 if (q
->q_alias
!= NULL
)
162 sm_dprintf("Adding %s: %s\n",
164 addheader(hdr
, q
->q_paddr
, 0, e
, true);
171 ** COLLECT_DFOPEN -- open the message data file
173 ** Called by collect() after it has finished processing the header.
174 ** Queue selection occurs at this point, possibly based on the
175 ** envelope's recipient list and on header information.
181 ** NULL, or a pointer to an open data file,
182 ** into which the message body will be written by collect().
185 ** Calls syserr, sets EF_FATALERRS and returns NULL
186 ** if there is insufficient disk space.
187 ** Aborts process if data file could not be opened.
188 ** Otherwise, the queue is selected,
189 ** e->e_{dfino,dfdev,msgsize,flags} are updated,
190 ** and a pointer to an open data file is returned.
206 dfname
= queuename(e
, DATAFL_LETTER
);
207 if (bitset(S_IWGRP
, QueueFileMode
))
208 oldumask
= umask(002);
209 df
= bfopen(dfname
, QueueFileMode
, DataFileBufferSize
,
211 if (bitset(S_IWGRP
, QueueFileMode
))
212 (void) umask(oldumask
);
215 syserr("@Cannot create %s", dfname
);
216 e
->e_flags
|= EF_NO_BODY_RETN
;
218 finis(false, true, ExitStat
);
221 dfd
= sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
);
222 if (dfd
< 0 || fstat(dfd
, &stbuf
) < 0)
226 e
->e_dfdev
= stbuf
.st_dev
;
227 e
->e_dfino
= stbuf
.st_ino
;
229 e
->e_flags
|= EF_HAS_DF
;
234 ** COLLECT -- read & parse message header & make temp file.
236 ** Creates a temporary file name and copies the standard
237 ** input to that file. Leading UNIX-style "From" lines are
238 ** stripped off (after important information is extracted).
241 ** fp -- file to read.
242 ** smtpmode -- if set, we are running SMTP: give an RFC821
243 ** style message to say we are ready to collect
244 ** input, and never ignore a single dot to mean
246 ** hdrp -- the location to stash the header.
247 ** e -- the current envelope.
248 ** rsetsize -- reset e_msgsize?
255 ** - Data file is created and filled, and e->e_dfp is set.
256 ** - The from person may be set.
257 ** If the "enough disk space" check fails,
258 ** - syserr is called.
259 ** - e->e_dfp is NULL.
260 ** - e->e_flags & EF_FATALERRS is set.
261 ** - collect() returns.
262 ** If data file cannot be created, the process is terminated.
265 /* values for input state machine */
266 #define IS_NORM 0 /* middle of line */
267 #define IS_BOL 1 /* beginning of line */
268 #define IS_DOT 2 /* read a dot at beginning of line */
269 #define IS_DOTCR 3 /* read ".\r" at beginning of line */
270 #define IS_CR 4 /* read a carriage return */
272 /* values for message state machine */
273 #define MS_UFROM 0 /* reading Unix from line */
274 #define MS_HEADER 1 /* reading message header */
275 #define MS_BODY 2 /* reading message body */
276 #define MS_DISCARD 3 /* discarding rest of message */
279 collect(fp
, smtpmode
, hdrp
, e
, rsetsize
)
283 register ENVELOPE
*e
;
286 register SM_FILE_T
*df
;
301 unsigned char peekbuf
[8];
302 char bufbuf
[MAXLINE
];
305 ignrdot
= smtpmode
? false : IgnrDot
;
307 /* timeout for I/O functions is in milliseconds */
308 dbto
= smtpmode
? ((int) TimeOuts
.to_datablock
* 1000)
310 sm_io_setinfo(fp
, SM_IO_WHAT_TIMEOUT
, &dbto
);
313 headeronly
= hdrp
!= NULL
;
316 HasEightBits
= false;
318 buflen
= sizeof(bufbuf
);
321 mstate
= SaveFrom
? MS_HEADER
: MS_UFROM
;
324 ** Tell ARPANET to go ahead.
328 message("354 Enter mail, end with \".\" on a line by itself");
330 /* simulate an I/O timeout when used as sink */
335 sm_dprintf("collect\n");
340 ** This is done using two interleaved state machines.
341 ** The input state machine is looking for things like
342 ** hidden dots; the message state machine is handling
343 ** the larger picture (e.g., header versus body).
351 sm_dprintf("top, istate=%d, mstate=%d\n", istate
,
359 while (!sm_io_eof(fp
) && !sm_io_error(fp
))
362 c
= sm_io_getc(fp
, SM_TIME_DEFAULT
);
363 if (c
== SM_IO_EOF
&& errno
== EINTR
)
365 /* Interrupted, retry */
371 if (c
== SM_IO_EOF
&& errno
== EAGAIN
375 ** Override e_message in
376 ** usrerr() as this is the
377 ** reason for failure that
378 ** should be logged for
379 ** undelivered recipients.
389 if (TrafficLogFile
!= NULL
&& !headeronly
)
391 if (istate
== IS_BOL
)
392 (void) sm_io_fprintf(TrafficLogFile
,
397 (void) sm_io_fprintf(TrafficLogFile
,
401 (void) sm_io_putc(TrafficLogFile
,
410 HasEightBits
|= bitset(0x80, c
);
413 sm_dprintf("istate=%d, c=%c (0x%x)\n",
414 istate
, (char) c
, c
);
426 if (c
== '\n' && !ignrdot
&&
427 !bitset(EF_NL_NOT_EOL
, e
->e_flags
))
429 else if (c
== '\r' &&
430 !bitset(EF_CRLF_NOT_EOL
, e
->e_flags
))
438 OpMode
!= MD_DAEMON
&&
439 OpMode
!= MD_ARPAFTP
))
442 SM_ASSERT(pbp
< peekbuf
+
450 if (c
== '\n' && !ignrdot
)
454 /* push back the ".\rx" */
455 SM_ASSERT(pbp
< peekbuf
+
458 if (OpMode
!= MD_SMTP
&&
459 OpMode
!= MD_DAEMON
&&
460 OpMode
!= MD_ARPAFTP
)
462 SM_ASSERT(pbp
< peekbuf
+
477 (void) sm_io_ungetc(fp
, SM_TIME_DEFAULT
,
485 if (c
== '\r' && !bitset(EF_CRLF_NOT_EOL
, e
->e_flags
))
490 else if (c
== '\n' && !bitset(EF_NL_NOT_EOL
,
500 if (e
->e_msgsize
>= 0)
503 if (MaxMessageSize
> 0 &&
504 !bitset(EF_TOOBIG
, e
->e_flags
) &&
505 e
->e_msgsize
> MaxMessageSize
)
506 e
->e_flags
|= EF_TOOBIG
;
512 /* just put the character out */
513 if (!bitset(EF_TOOBIG
, e
->e_flags
))
514 (void) sm_io_putc(df
, SM_TIME_DEFAULT
,
523 SM_ASSERT(mstate
== MS_UFROM
|| mstate
== MS_HEADER
);
525 /* header -- buffer up */
526 if (bp
>= &buf
[buflen
- 2])
530 /* out of space for header */
532 if (buflen
< MEMCHUNKSIZE
)
535 buflen
+= MEMCHUNKSIZE
;
538 sm_syslog(LOG_NOTICE
, e
->e_id
,
539 "header overflow from %s during message collect",
542 e
->e_flags
|= EF_CLRQUEUE
;
543 e
->e_status
= "5.6.0";
544 usrerrenh(e
->e_status
,
545 "552 Headers too large");
548 buf
= xalloc(buflen
);
549 memmove(buf
, obuf
, bp
- obuf
);
550 bp
= &buf
[bp
- obuf
];
552 sm_free(obuf
); /* XXX */
560 MaxHeadersLength
> 0 &&
561 hdrslen
> MaxHeadersLength
)
563 sm_syslog(LOG_NOTICE
, e
->e_id
,
564 "headers too large (%d max) from %s during message collect",
568 e
->e_flags
|= EF_CLRQUEUE
;
569 e
->e_status
= "5.6.0";
570 usrerrenh(e
->e_status
,
571 "552 Headers too large (%d max)",
577 if (istate
== IS_BOL
)
584 sm_dprintf("nextstate, istate=%d, mstate=%d, line=\"%s\"\n",
585 istate
, mstate
, buf
);
591 if (strncmp(buf
, "From ", 5) == 0)
597 #endif /* ! NOTUNIX */
607 /* check for possible continuation line */
612 c
= sm_io_getc(fp
, SM_TIME_DEFAULT
);
615 if (c
== SM_IO_EOF
&& errno
== EAGAIN
619 ** Override e_message in
620 ** usrerr() as this is the
621 ** reason for failure that
622 ** should be logged for
623 ** undelivered recipients.
631 } while (c
== SM_IO_EOF
&& errno
== EINTR
);
633 (void) sm_io_ungetc(fp
, SM_TIME_DEFAULT
, c
);
634 if (c
== ' ' || c
== '\t')
636 /* yep -- defer this */
642 /* guaranteed by isheader(buf) */
643 SM_ASSERT(*(bp
- 1) != '\n' || bp
> buf
+ 1);
645 /* trim off trailing CRLF or NL */
646 if (*--bp
!= '\n' || *--bp
!= '\r')
650 if (bitset(H_EOH
, chompheader(buf
,
651 CHHDR_CHECK
| CHHDR_USER
,
667 df
= collect_eoh(e
, numhdrs
, hdrslen
);
669 e
->e_flags
|= EF_TOOBIG
;
673 /* toss blank line */
674 if ((!bitset(EF_CRLF_NOT_EOL
, e
->e_flags
) &&
675 bp
[0] == '\r' && bp
[1] == '\n') ||
676 (!bitset(EF_NL_NOT_EOL
, e
->e_flags
) &&
682 /* if not a blank separator, write it out */
683 if (!bitset(EF_TOOBIG
, e
->e_flags
))
686 (void) sm_io_putc(df
, SM_TIME_DEFAULT
,
695 if ((sm_io_eof(fp
) && smtpmode
) || sm_io_error(fp
))
700 errmsg
= "unexpected close";
702 errmsg
= sm_errstring(errno
);
704 sm_dprintf("collect: premature EOM: %s\n", errmsg
);
706 sm_syslog(LOG_WARNING
, e
->e_id
,
707 "collect: premature EOM: %s", errmsg
);
714 if (mstate
!= MS_BODY
)
716 /* no body or discard, so we never opened the data file */
717 SM_ASSERT(df
== NULL
);
718 df
= collect_eoh(e
, numhdrs
, hdrslen
);
723 /* skip next few clauses */
726 else if (sm_io_flush(df
, SM_TIME_DEFAULT
) != 0 || sm_io_error(df
))
728 dferror(df
, "sm_io_flush||sm_io_error", e
);
730 finis(true, true, ExitStat
);
733 else if (SuperSafe
== SAFE_NO
||
734 SuperSafe
== SAFE_INTERACTIVE
||
735 (SuperSafe
== SAFE_REALLY_POSTMILTER
&& smtpmode
))
737 /* skip next few clauses */
739 /* Note: updfs() is not called in this case! */
741 else if (sm_io_setinfo(df
, SM_BF_COMMIT
, NULL
) < 0 && errno
!= EINVAL
)
743 int save_errno
= errno
;
745 if (save_errno
== EEXIST
)
751 dfile
= queuename(e
, DATAFL_LETTER
);
752 if (stat(dfile
, &st
) < 0)
755 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
756 dfile
, (long) st
.st_size
);
757 dfd
= sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
);
759 dumpfd(dfd
, true, true);
762 dferror(df
, "bfcommit", e
);
764 finis(save_errno
!= EEXIST
, true, ExitStat
);
766 else if ((afd
= sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
)) < 0)
768 dferror(df
, "sm_io_getinfo", e
);
770 finis(true, true, ExitStat
);
773 else if (fsync(afd
) < 0)
775 dferror(df
, "fsync", e
);
777 finis(true, true, ExitStat
);
780 else if (sm_io_close(df
, SM_TIME_DEFAULT
) < 0)
782 dferror(df
, "sm_io_close", e
);
784 finis(true, true, ExitStat
);
789 /* everything is happily flushed to disk */
792 /* remove from available space in filesystem */
793 updfs(e
, 0, 1, "collect");
796 /* An EOF when running SMTP is an error */
798 if (inputerr
&& (OpMode
== MD_SMTP
|| OpMode
== MD_DAEMON
))
809 problem
= "unexpected close";
810 else if (sm_io_error(fp
))
811 problem
= "I/O error";
813 problem
= "read timeout";
814 if (LogLevel
> 0 && sm_io_eof(fp
))
815 sm_syslog(LOG_NOTICE
, e
->e_id
,
816 "collect: %s on connection from %.100s, sender=%s",
818 shortenstring(e
->e_from
.q_paddr
, MAXSHORTSTR
));
820 usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
822 shortenstring(e
->e_from
.q_paddr
, MAXSHORTSTR
));
824 syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
826 shortenstring(e
->e_from
.q_paddr
, MAXSHORTSTR
));
829 /* don't return an error indication */
831 e
->e_flags
&= ~EF_FATALERRS
;
832 e
->e_flags
|= EF_CLRQUEUE
;
834 /* Don't send any message notification to sender */
835 for (q
= e
->e_sendqueue
; q
!= NULL
; q
= q
->q_next
)
837 if (QS_IS_DEAD(q
->q_state
))
839 q
->q_state
= QS_FATALERR
;
842 (void) sm_io_close(df
, SM_TIME_DEFAULT
);
844 finis(true, true, ExitStat
);
848 /* Log collection information. */
849 if (bitset(EF_LOGSENDER
, e
->e_flags
) && LogLevel
> 4)
851 logsender(e
, e
->e_msgid
);
852 e
->e_flags
&= ~EF_LOGSENDER
;
855 /* check for message too large */
856 if (bitset(EF_TOOBIG
, e
->e_flags
))
858 e
->e_flags
|= EF_NO_BODY_RETN
|EF_CLRQUEUE
;
859 if (!bitset(EF_FATALERRS
, e
->e_flags
))
861 e
->e_status
= "5.2.3";
862 usrerrenh(e
->e_status
,
863 "552 Message exceeds maximum fixed size (%ld)",
866 sm_syslog(LOG_NOTICE
, e
->e_id
,
867 "message size (%ld) exceeds maximum (%ld)",
868 e
->e_msgsize
, MaxMessageSize
);
872 /* check for illegal 8-bit data */
875 e
->e_flags
|= EF_HAS8BIT
;
876 if (!bitset(MM_PASS8BIT
|MM_MIME8BIT
, MimeMode
) &&
877 !bitset(EF_IS_MIME
, e
->e_flags
))
879 e
->e_status
= "5.6.1";
880 usrerrenh(e
->e_status
, "554 Eight bit data not allowed");
885 /* if it claimed to be 8 bits, well, it lied.... */
886 if (e
->e_bodytype
!= NULL
&&
887 sm_strcasecmp(e
->e_bodytype
, "8BITMIME") == 0)
888 e
->e_bodytype
= "7BIT";
891 if (SuperSafe
== SAFE_REALLY
&& !bitset(EF_FATALERRS
, e
->e_flags
))
893 char *dfname
= queuename(e
, DATAFL_LETTER
);
894 if ((e
->e_dfp
= sm_io_open(SmFtStdio
, SM_TIME_DEFAULT
, dfname
,
895 SM_IO_RDONLY_B
, NULL
)) == NULL
)
897 /* we haven't acked receipt yet, so just chuck this */
898 syserr("@Cannot reopen %s", dfname
);
899 finis(true, true, ExitStat
);
906 /* collect statistics */
907 if (OpMode
!= MD_VERIFY
)
910 ** Recalculate e_msgpriority, it is done at in eatheader()
911 ** which is called (in 8.12) after the header is collected,
912 ** hence e_msgsize is (most likely) incorrect.
915 e
->e_msgpriority
= e
->e_msgsize
916 - e
->e_class
* WkClassFact
917 + e
->e_nrcpts
* WkRecipFact
;
918 markstats(e
, (ADDRESS
*) NULL
, STATS_NORMAL
);
923 ** DFERROR -- signal error on writing the data file.
925 ** Called by collect(). Collect() always terminates the process
926 ** immediately after calling dferror(), which means that the SMTP
927 ** session will be terminated, which means that any error message
928 ** issued by dferror must be a 421 error, as per RFC 821.
931 ** df -- the file pointer for the data file.
932 ** msg -- detailed message.
933 ** e -- the current envelope.
939 ** Gives an error message.
940 ** Arranges for following output to go elsewhere.
945 SM_FILE_T
*volatile df
;
947 register ENVELOPE
*e
;
951 dfname
= queuename(e
, DATAFL_LETTER
);
957 #else /* STAT64 > 0 */
959 #endif /* STAT64 > 0 */
963 e
->e_flags
|= EF_NO_BODY_RETN
;
967 fstat64(sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
), &st
)
968 #else /* STAT64 > 0 */
969 fstat(sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
), &st
)
970 #endif /* STAT64 > 0 */
973 (void) sm_io_reopen(SmFtStdio
, SM_TIME_DEFAULT
, dfname
,
974 SM_IO_WRONLY_B
, NULL
, df
);
976 (void) sm_io_fprintf(df
, SM_TIME_DEFAULT
,
977 "\n*** Mail could not be accepted");
979 (void) sm_io_fprintf(df
, SM_TIME_DEFAULT
,
980 "\n*** Mail of at least %llu bytes could not be accepted\n",
981 (ULONGLONG_T
) st
.st_size
);
982 (void) sm_io_fprintf(df
, SM_TIME_DEFAULT
,
983 "*** at %s due to lack of disk space for temp file.\n",
985 avail
= freediskspace(qid_printqueue(e
->e_qgrp
, e
->e_qdir
),
990 avail
*= bsize
/ 1024;
991 else if (bsize
< 1024)
992 avail
/= 1024 / bsize
;
993 (void) sm_io_fprintf(df
, SM_TIME_DEFAULT
,
994 "*** Currently, %ld kilobytes are available for mail temp files.\n",
998 /* Wrong response code; should be 421. */
999 e
->e_status
= "4.3.1";
1000 usrerrenh(e
->e_status
, "452 Out of disk space for temp file");
1002 syserr("421 4.3.1 Out of disk space for temp file");
1006 syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%d, gid=%d)",
1007 dfname
, msg
, (int) geteuid(), (int) getegid());
1008 if (sm_io_reopen(SmFtStdio
, SM_TIME_DEFAULT
, SM_PATH_DEVNULL
,
1009 SM_IO_WRONLY
, NULL
, df
) == NULL
)
1010 sm_syslog(LOG_ERR
, e
->e_id
,
1011 "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1012 sm_errstring(errno
));
1015 ** EATFROM -- chew up a UNIX style from line and process
1017 ** This does indeed make some assumptions about the format
1018 ** of UNIX messages.
1021 ** fm -- the from line.
1028 ** extracts what information it can from the header,
1029 ** such as the date.
1034 static char *DowList
[] =
1036 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1039 static char *MonthList
[] =
1041 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
1042 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1049 register ENVELOPE
*e
;
1055 sm_dprintf("eatfrom(%s)\n", fm
);
1057 /* find the date part */
1062 while (*p
!= '\0' && *p
!= ' ')
1068 /* no room for the date */
1071 if (!(isascii(*p
) && isupper(*p
)) ||
1072 p
[3] != ' ' || p
[13] != ':' || p
[16] != ':')
1075 /* we have a possible date */
1076 for (dt
= DowList
; *dt
!= NULL
; dt
++)
1077 if (strncmp(*dt
, p
, 3) == 0)
1082 for (dt
= MonthList
; *dt
!= NULL
; dt
++)
1084 if (strncmp(*dt
, &p
[4], 3) == 0)
1095 /* we have found a date */
1096 (void) sm_strlcpy(buf
, p
, sizeof(buf
));
1098 macdefine(&e
->e_macro
, A_TEMP
, 'a', q
);
1101 #endif /* ! NOTUNIX */