search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dma: bump man page date
[dragonfly.git] / contrib / sendmail-8.14 / sendmail / srvrsmtp.c
blob514a5e6310b8579f22f987d24cd6becbbd0a488a
1 /*
2 * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers.
3 * All rights reserved.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
11 *
12 */
13
14 #include <sendmail.h>
15 #if MILTER
16 # include <libmilter/mfapi.h>
17 # include <libmilter/mfdef.h>
18 #endif /* MILTER */
19
20 SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.967 2007/10/01 16:22:14 ca Exp $")
21
22 #include <sm/time.h>
23 #include <sm/fdset.h>
24
25 #if SASL || STARTTLS
26 # include "sfsasl.h"
27 #endif /* SASL || STARTTLS */
28 #if SASL
29 # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1)
30 static int saslmechs __P((sasl_conn_t *, char **));
31 #endif /* SASL */
32 #if STARTTLS
33 # include <sysexits.h>
34
35 static SSL_CTX *srv_ctx = NULL; /* TLS server context */
36 static SSL *srv_ssl = NULL; /* per connection context */
37
38 static bool tls_ok_srv = false;
39
40 # define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \
41 bitset(SRV_VRFY_CLT, features))
42 #endif /* STARTTLS */
43
44 #if _FFR_DM_ONE
45 static bool NotFirstDelivery = false;
46 #endif /* _FFR_DM_ONE */
47
48 /* server features */
49 #define SRV_NONE 0x0000 /* none... */
50 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
51 #define SRV_VRFY_CLT 0x0002 /* request a cert */
52 #define SRV_OFFER_AUTH 0x0004 /* offer AUTH */
53 #define SRV_OFFER_ETRN 0x0008 /* offer ETRN */
54 #define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */
55 #define SRV_OFFER_EXPN 0x0020 /* offer EXPN */
56 #define SRV_OFFER_VERB 0x0040 /* offer VERB */
57 #define SRV_OFFER_DSN 0x0080 /* offer DSN */
58 #if PIPELINING
59 # define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */
60 # if _FFR_NO_PIPE
61 # define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */
62 # endif /* _FFR_NO_PIPE */
63 #endif /* PIPELINING */
64 #define SRV_REQ_AUTH 0x0400 /* require AUTH */
65 #define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */
66 #define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */
67
68 static unsigned int srvfeatures __P((ENVELOPE *, char *, unsigned int));
69
70 #define STOP_ATTACK ((time_t) -1)
71 static time_t checksmtpattack __P((volatile unsigned int *, unsigned int,
72 bool, char *, ENVELOPE *));
73 static void printvrfyaddr __P((ADDRESS *, bool, bool));
74 static char *skipword __P((char *volatile, char *));
75 static void setup_smtpd_io __P((void));
76
77 #if SASL
78 # if SASL >= 20000
79 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
80 char *_remoteip, char *_localip,
81 char *_auth_id, sasl_ssf_t *_ext_ssf));
82
83 # define RESET_SASLCONN \
84 do \
85 { \
86 result = reset_saslconn(&conn, AuthRealm, remoteip, \
87 localip, auth_id, &ext_ssf); \
88 if (result != SASL_OK) \
89 sasl_ok = false; \
90 } while (0)
91
92 # else /* SASL >= 20000 */
93 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
94 struct sockaddr_in *_saddr_r,
95 struct sockaddr_in *_saddr_l,
96 sasl_external_properties_t *_ext_ssf));
97 # define RESET_SASLCONN \
98 do \
99 { \
100 result = reset_saslconn(&conn, AuthRealm, &saddr_r, \
101 &saddr_l, &ext_ssf); \
102 if (result != SASL_OK) \
103 sasl_ok = false; \
104 } while (0)
105
106 # endif /* SASL >= 20000 */
107 #endif /* SASL */
108
109 extern ENVELOPE BlankEnvelope;
110
111 #define NBADRCPTS \
112 do \
113 { \
114 char buf[16]; \
115 (void) sm_snprintf(buf, sizeof(buf), "%d", \
116 BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
117 ? n_badrcpts - 1 : n_badrcpts); \
118 macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
119 } while (0)
120
121 #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
122 (s)++
123
124 /*
125 ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
126 **
127 ** Parameters:
128 ** e -- the envelope
129 ** addr_st -- address (RCPT only)
130 ** p -- read buffer
131 ** delimptr -- current position in read buffer
132 ** which -- MAIL/RCPT
133 ** args -- arguments (output)
134 ** esmtp_args -- function to process a single ESMTP argument
135 **
136 ** Returns:
137 ** none
138 */
139
140 void
141 parse_esmtp_args(e, addr_st, p, delimptr, which, args, esmtp_args)
142 ENVELOPE *e;
143 ADDRESS *addr_st;
144 char *p;
145 char *delimptr;
146 char *which;
147 char *args[];
148 esmtp_args_F esmtp_args;
149 {
150 int argno;
151
152 argno = 0;
153 if (args != NULL)
154 args[argno++] = p;
155 p = delimptr;
156 while (p != NULL && *p != '\0')
157 {
158 char *kp;
159 char *vp = NULL;
160 char *equal = NULL;
161
162 /* locate the beginning of the keyword */
163 SKIP_SPACE(p);
164 if (*p == '\0')
165 break;
166 kp = p;
167
168 /* skip to the value portion */
169 while ((isascii(*p) && isalnum(*p)) || *p == '-')
170 p++;
171 if (*p == '=')
172 {
173 equal = p;
174 *p++ = '\0';
175 vp = p;
176
177 /* skip to the end of the value */
178 while (*p != '\0' && *p != ' ' &&
179 !(isascii(*p) && iscntrl(*p)) &&
180 *p != '=')
181 p++;
182 }
183
184 if (*p != '\0')
185 *p++ = '\0';
186
187 if (tTd(19, 1))
188 sm_dprintf("%s: got arg %s=\"%s\"\n", which, kp,
189 vp == NULL ? "<null>" : vp);
190
191 esmtp_args(addr_st, kp, vp, e);
192 if (equal != NULL)
193 *equal = '=';
194 if (args != NULL)
195 args[argno] = kp;
196 argno++;
197 if (argno >= MAXSMTPARGS - 1)
198 usrerr("501 5.5.4 Too many parameters");
199 if (Errors > 0)
200 break;
201 }
202 if (args != NULL)
203 args[argno] = NULL;
204 }
205
206 /*
207 ** SMTP -- run the SMTP protocol.
208 **
209 ** Parameters:
210 ** nullserver -- if non-NULL, rejection message for
211 ** (almost) all SMTP commands.
212 ** d_flags -- daemon flags
213 ** e -- the envelope.
214 **
215 ** Returns:
216 ** never.
217 **
218 ** Side Effects:
219 ** Reads commands from the input channel and processes them.
220 */
221
222 /*
223 ** Notice: The smtp server doesn't have a session context like the client
224 ** side has (mci). Therefore some data (session oriented) is allocated
225 ** or assigned to the "wrong" structure (esp. STARTTLS, AUTH).
226 ** This should be fixed in a successor version.
227 */
228
229 struct cmd
230 {
231 char *cmd_name; /* command name */
232 int cmd_code; /* internal code, see below */
233 };
234
235 /* values for cmd_code */
236 #define CMDERROR 0 /* bad command */
237 #define CMDMAIL 1 /* mail -- designate sender */
238 #define CMDRCPT 2 /* rcpt -- designate recipient */
239 #define CMDDATA 3 /* data -- send message text */
240 #define CMDRSET 4 /* rset -- reset state */
241 #define CMDVRFY 5 /* vrfy -- verify address */
242 #define CMDEXPN 6 /* expn -- expand address */
243 #define CMDNOOP 7 /* noop -- do nothing */
244 #define CMDQUIT 8 /* quit -- close connection and die */
245 #define CMDHELO 9 /* helo -- be polite */
246 #define CMDHELP 10 /* help -- give usage info */
247 #define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */
248 #define CMDETRN 12 /* etrn -- flush queue */
249 #if SASL
250 # define CMDAUTH 13 /* auth -- SASL authenticate */
251 #endif /* SASL */
252 #if STARTTLS
253 # define CMDSTLS 14 /* STARTTLS -- start TLS session */
254 #endif /* STARTTLS */
255 /* non-standard commands */
256 #define CMDVERB 17 /* verb -- go into verbose mode */
257 /* unimplemented commands from RFC 821 */
258 #define CMDUNIMPL 19 /* unimplemented rfc821 commands */
259 /* use this to catch and log "door handle" attempts on your system */
260 #define CMDLOGBOGUS 23 /* bogus command that should be logged */
261 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
262 #define CMDDBGQSHOW 24 /* showq -- show send queue */
263 #define CMDDBGDEBUG 25 /* debug -- set debug mode */
264
265 /*
266 ** Note: If you change this list, remember to update 'helpfile'
267 */
268
269 static struct cmd CmdTab[] =
270 {
271 { "mail", CMDMAIL },
272 { "rcpt", CMDRCPT },
273 { "data", CMDDATA },
274 { "rset", CMDRSET },
275 { "vrfy", CMDVRFY },
276 { "expn", CMDEXPN },
277 { "help", CMDHELP },
278 { "noop", CMDNOOP },
279 { "quit", CMDQUIT },
280 { "helo", CMDHELO },
281 { "ehlo", CMDEHLO },
282 { "etrn", CMDETRN },
283 { "verb", CMDVERB },
284 { "send", CMDUNIMPL },
285 { "saml", CMDUNIMPL },
286 { "soml", CMDUNIMPL },
287 { "turn", CMDUNIMPL },
288 #if SASL
289 { "auth", CMDAUTH, },
290 #endif /* SASL */
291 #if STARTTLS
292 { "starttls", CMDSTLS, },
293 #endif /* STARTTLS */
294 /* remaining commands are here only to trap and log attempts to use them */
295 { "showq", CMDDBGQSHOW },
296 { "debug", CMDDBGDEBUG },
297 { "wiz", CMDLOGBOGUS },
298
299 { NULL, CMDERROR }
300 };
301
302 static char *CurSmtpClient; /* who's at the other end of channel */
303
304 #ifndef MAXBADCOMMANDS
305 # define MAXBADCOMMANDS 25 /* maximum number of bad commands */
306 #endif /* ! MAXBADCOMMANDS */
307 #ifndef MAXHELOCOMMANDS
308 # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */
309 #endif /* ! MAXHELOCOMMANDS */
310 #ifndef MAXVRFYCOMMANDS
311 # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */
312 #endif /* ! MAXVRFYCOMMANDS */
313 #ifndef MAXETRNCOMMANDS
314 # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */
315 #endif /* ! MAXETRNCOMMANDS */
316 #ifndef MAXTIMEOUT
317 # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */
318 #endif /* ! MAXTIMEOUT */
319
320 /*
321 ** Maximum shift value to compute timeout for bad commands.
322 ** This introduces an upper limit of 2^MAXSHIFT for the timeout.
323 */
324
325 #ifndef MAXSHIFT
326 # define MAXSHIFT 8
327 #endif /* ! MAXSHIFT */
328 #if MAXSHIFT > 31
329 ERROR _MAXSHIFT > 31 is invalid
330 #endif /* MAXSHIFT */
331
332
333 #if MAXBADCOMMANDS > 0
334 # define STOP_IF_ATTACK(r) do \
335 { \
336 if ((r) == STOP_ATTACK) \
337 goto stopattack; \
338 } while (0)
339
340 #else /* MAXBADCOMMANDS > 0 */
341 # define STOP_IF_ATTACK(r) r
342 #endif /* MAXBADCOMMANDS > 0 */
343
344
345 #if SM_HEAP_CHECK
346 static SM_DEBUG_T DebugLeakSmtp = SM_DEBUG_INITIALIZER("leak_smtp",
347 "@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $");
348 #endif /* SM_HEAP_CHECK */
349
350 typedef struct
351 {
352 bool sm_gotmail; /* mail command received */
353 unsigned int sm_nrcpts; /* number of successful RCPT commands */
354 bool sm_discard;
355 #if MILTER
356 bool sm_milterize;
357 bool sm_milterlist; /* any filters in the list? */
358 milters_T sm_milters;
359
360 /* e_nrcpts from envelope before recipient() call */
361 unsigned int sm_e_nrcpts_orig;
362 #endif /* MILTER */
363 char *sm_quarmsg; /* carry quarantining across messages */
364 } SMTP_T;
365
366 static bool smtp_data __P((SMTP_T *, ENVELOPE *));
367
368 #define MSG_TEMPFAIL "451 4.3.2 Please try again later"
369
370 #if MILTER
371 # define MILTER_ABORT(e) milter_abort((e))
372
373 # define MILTER_REPLY(str) \
374 { \
375 int savelogusrerrs = LogUsrErrs; \
376 \
377 milter_cmd_fail = true; \
378 switch (state) \
379 { \
380 case SMFIR_SHUTDOWN: \
381 if (MilterLogLevel > 3) \
382 { \
383 sm_syslog(LOG_INFO, e->e_id, \
384 "Milter: %s=%s, reject=421, errormode=4", \
385 str, addr); \
386 LogUsrErrs = false; \
387 } \
388 { \
389 bool tsave = QuickAbort; \
390 \
391 QuickAbort = false; \
392 usrerr("421 4.3.0 closing connection"); \
393 QuickAbort = tsave; \
394 e->e_sendqueue = NULL; \
395 goto doquit; \
396 } \
397 break; \
398 case SMFIR_REPLYCODE: \
399 if (MilterLogLevel > 3) \
400 { \
401 sm_syslog(LOG_INFO, e->e_id, \
402 "Milter: %s=%s, reject=%s", \
403 str, addr, response); \
404 LogUsrErrs = false; \
405 } \
406 if (strncmp(response, "421 ", 4) == 0 \
407 || strncmp(response, "421-", 4) == 0) \
408 { \
409 bool tsave = QuickAbort; \
410 \
411 QuickAbort = false; \
412 usrerr(response); \
413 QuickAbort = tsave; \
414 e->e_sendqueue = NULL; \
415 goto doquit; \
416 } \
417 else \
418 usrerr(response); \
419 break; \
420 \
421 case SMFIR_REJECT: \
422 if (MilterLogLevel > 3) \
423 { \
424 sm_syslog(LOG_INFO, e->e_id, \
425 "Milter: %s=%s, reject=550 5.7.1 Command rejected", \
426 str, addr); \
427 LogUsrErrs = false; \
428 } \
429 usrerr("550 5.7.1 Command rejected"); \
430 break; \
431 \
432 case SMFIR_DISCARD: \
433 if (MilterLogLevel > 3) \
434 sm_syslog(LOG_INFO, e->e_id, \
435 "Milter: %s=%s, discard", \
436 str, addr); \
437 e->e_flags |= EF_DISCARD; \
438 milter_cmd_fail = false; \
439 break; \
440 \
441 case SMFIR_TEMPFAIL: \
442 if (MilterLogLevel > 3) \
443 { \
444 sm_syslog(LOG_INFO, e->e_id, \
445 "Milter: %s=%s, reject=%s", \
446 str, addr, MSG_TEMPFAIL); \
447 LogUsrErrs = false; \
448 } \
449 usrerr(MSG_TEMPFAIL); \
450 break; \
451 default: \
452 milter_cmd_fail = false; \
453 break; \
454 } \
455 LogUsrErrs = savelogusrerrs; \
456 if (response != NULL) \
457 sm_free(response); /* XXX */ \
458 }
459
460 #else /* MILTER */
461 # define MILTER_ABORT(e)
462 #endif /* MILTER */
463
464 /* clear all SMTP state (for HELO/EHLO/RSET) */
465 #define CLEAR_STATE(cmd) \
466 do \
467 { \
468 /* abort milter filters */ \
469 MILTER_ABORT(e); \
470 \
471 if (smtp.sm_nrcpts > 0) \
472 { \
473 logundelrcpts(e, cmd, 10, false); \
474 smtp.sm_nrcpts = 0; \
475 macdefine(&e->e_macro, A_PERM, \
476 macid("{nrcpts}"), "0"); \
477 } \
478 \
479 e->e_sendqueue = NULL; \
480 e->e_flags |= EF_CLRQUEUE; \
481 \
482 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \
483 logsender(e, NULL); \
484 e->e_flags &= ~EF_LOGSENDER; \
485 \
486 /* clean up a bit */ \
487 smtp.sm_gotmail = false; \
488 SuprErrs = true; \
489 dropenvelope(e, true, false); \
490 sm_rpool_free(e->e_rpool); \
491 e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \
492 CurEnv = e; \
493 e->e_features = features; \
494 \
495 /* put back discard bit */ \
496 if (smtp.sm_discard) \
497 e->e_flags |= EF_DISCARD; \
498 \
499 /* restore connection quarantining */ \
500 if (smtp.sm_quarmsg == NULL) \
501 { \
502 e->e_quarmsg = NULL; \
503 macdefine(&e->e_macro, A_PERM, \
504 macid("{quarantine}"), ""); \
505 } \
506 else \
507 { \
508 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
509 smtp.sm_quarmsg); \
510 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
511 e->e_quarmsg); \
512 } \
513 } while (0)
514
515 /* sleep to flatten out connection load */
516 #define MIN_DELAY_LOG 15 /* wait before logging this again */
517
518 /* is it worth setting the process title for 1s? */
519 #define DELAY_CONN(cmd) \
520 if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \
521 { \
522 time_t dnow; \
523 \
524 sm_setproctitle(true, e, \
525 "%s: %s: delaying %s: load average: %d", \
526 qid_printname(e), CurSmtpClient, \
527 cmd, DelayLA); \
528 if (LogLevel > 8 && (dnow = curtime()) > log_delay) \
529 { \
530 sm_syslog(LOG_INFO, e->e_id, \
531 "delaying=%s, load average=%d >= %d", \
532 cmd, CurrentLA, DelayLA); \
533 log_delay = dnow + MIN_DELAY_LOG; \
534 } \
535 (void) sleep(1); \
536 sm_setproctitle(true, e, "%s %s: %.80s", \
537 qid_printname(e), CurSmtpClient, inp); \
538 }
539
540 static bool SevenBitInput_Saved; /* saved version of SevenBitInput */
541
542 void
543 smtp(nullserver, d_flags, e)
544 char *volatile nullserver;
545 BITMAP256 d_flags;
546 register ENVELOPE *volatile e;
547 {
548 register char *volatile p;
549 register struct cmd *volatile c = NULL;
550 char *cmd;
551 auto ADDRESS *vrfyqueue;
552 ADDRESS *a;
553 volatile bool gothello; /* helo command received */
554 bool vrfy; /* set if this is a vrfy command */
555 char *volatile protocol; /* sending protocol */
556 char *volatile sendinghost; /* sending hostname */
557 char *volatile peerhostname; /* name of SMTP peer or "localhost" */
558 auto char *delimptr;
559 char *id;
560 volatile unsigned int n_badcmds = 0; /* count of bad commands */
561 volatile unsigned int n_badrcpts = 0; /* number of rejected RCPT */
562 volatile unsigned int n_verifies = 0; /* count of VRFY/EXPN */
563 volatile unsigned int n_etrn = 0; /* count of ETRN */
564 volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */
565 volatile unsigned int n_helo = 0; /* count of HELO/EHLO */
566 bool ok;
567 volatile bool first;
568 volatile bool tempfail = false;
569 volatile time_t wt; /* timeout after too many commands */
570 volatile time_t previous; /* time after checksmtpattack() */
571 volatile bool lognullconnection = true;
572 register char *q;
573 SMTP_T smtp;
574 char *addr;
575 char *greetcode = "220";
576 char *hostname; /* my hostname ($j) */
577 QUEUE_CHAR *new;
578 char *args[MAXSMTPARGS];
579 char inp[MAXINPLINE];
580 #if MAXINPLINE < MAXLINE
581 ERROR _MAXINPLINE must NOT be less than _MAXLINE: MAXINPLINE < MAXLINE
582 #endif /* MAXINPLINE < MAXLINE */
583 char cmdbuf[MAXLINE];
584 #if SASL
585 sasl_conn_t *conn;
586 volatile bool sasl_ok;
587 volatile unsigned int n_auth = 0; /* count of AUTH commands */
588 bool ismore;
589 int result;
590 volatile int authenticating;
591 char *user;
592 char *in, *out2;
593 # if SASL >= 20000
594 char *auth_id = NULL;
595 const char *out;
596 sasl_ssf_t ext_ssf;
597 char localip[60], remoteip[60];
598 # else /* SASL >= 20000 */
599 char *out;
600 const char *errstr;
601 sasl_external_properties_t ext_ssf;
602 struct sockaddr_in saddr_l;
603 struct sockaddr_in saddr_r;
604 # endif /* SASL >= 20000 */
605 sasl_security_properties_t ssp;
606 sasl_ssf_t *ssf;
607 unsigned int inlen, out2len;
608 unsigned int outlen;
609 char *volatile auth_type;
610 char *mechlist;
611 volatile unsigned int n_mechs;
612 unsigned int len;
613 #else /* SASL */
614 #endif /* SASL */
615 int r;
616 #if STARTTLS
617 int rfd, wfd;
618 volatile bool tls_active = false;
619 volatile bool smtps = bitnset(D_SMTPS, d_flags);
620 bool saveQuickAbort;
621 bool saveSuprErrs;
622 time_t tlsstart;
623 #endif /* STARTTLS */
624 volatile unsigned int features;
625 #if PIPELINING
626 # if _FFR_NO_PIPE
627 int np_log = 0;
628 # endif /* _FFR_NO_PIPE */
629 #endif /* PIPELINING */
630 volatile time_t log_delay = (time_t) 0;
631 #if MILTER
632 volatile bool milter_cmd_done, milter_cmd_safe;
633 volatile bool milter_rcpt_added, milter_cmd_fail;
634 ADDRESS addr_st;
635 # define p_addr_st &addr_st
636 #else /* MILTER */
637 # define p_addr_st NULL
638 #endif /* MILTER */
639 size_t inplen;
640
641 SevenBitInput_Saved = SevenBitInput;
642 smtp.sm_nrcpts = 0;
643 #if MILTER
644 smtp.sm_milterize = (nullserver == NULL);
645 smtp.sm_milterlist = false;
646 addr = NULL;
647 #endif /* MILTER */
648
649 /* setup I/O fd correctly for the SMTP server */
650 setup_smtpd_io();
651
652 #if SM_HEAP_CHECK
653 if (sm_debug_active(&DebugLeakSmtp, 1))
654 {
655 sm_heap_newgroup();
656 sm_dprintf("smtp() heap group #%d\n", sm_heap_group());
657 }
658 #endif /* SM_HEAP_CHECK */
659
660 /* XXX the rpool should be set when e is initialized in main() */
661 e->e_rpool = sm_rpool_new_x(NULL);
662 e->e_macro.mac_rpool = e->e_rpool;
663
664 settime(e);
665 sm_getla();
666 peerhostname = RealHostName;
667 if (peerhostname == NULL)
668 peerhostname = "localhost";
669 CurHostName = peerhostname;
670 CurSmtpClient = macvalue('_', e);
671 if (CurSmtpClient == NULL)
672 CurSmtpClient = CurHostName;
673
674 /* check_relay may have set discard bit, save for later */
675 smtp.sm_discard = bitset(EF_DISCARD, e->e_flags);
676
677 #if PIPELINING
678 /* auto-flush output when reading input */
679 (void) sm_io_autoflush(InChannel, OutChannel);
680 #endif /* PIPELINING */
681
682 sm_setproctitle(true, e, "server %s startup", CurSmtpClient);
683
684 /* Set default features for server. */
685 features = ((bitset(PRIV_NOETRN, PrivacyFlags) ||
686 bitnset(D_NOETRN, d_flags)) ? SRV_NONE : SRV_OFFER_ETRN)
687 | (bitnset(D_AUTHREQ, d_flags) ? SRV_REQ_AUTH : SRV_NONE)
688 | (bitset(PRIV_NOEXPN, PrivacyFlags) ? SRV_NONE
689 : (SRV_OFFER_EXPN
690 | (bitset(PRIV_NOVERB, PrivacyFlags)
691 ? SRV_NONE : SRV_OFFER_VERB)))
692 | ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors)
693 ? SRV_NONE : SRV_OFFER_DSN)
694 #if SASL
695 | (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH)
696 | (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC
697 : SRV_NONE)
698 #endif /* SASL */
699 #if PIPELINING
700 | SRV_OFFER_PIPE
701 #endif /* PIPELINING */
702 #if STARTTLS
703 | (bitnset(D_NOTLS, d_flags) ? SRV_NONE : SRV_OFFER_TLS)
704 | (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE
705 : SRV_VRFY_CLT)
706 #endif /* STARTTLS */
707 ;
708 if (nullserver == NULL)
709 {
710 features = srvfeatures(e, CurSmtpClient, features);
711 if (bitset(SRV_TMP_FAIL, features))
712 {
713 if (LogLevel > 4)
714 sm_syslog(LOG_ERR, NOQID,
715 "ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled",
716 CurSmtpClient);
717 nullserver = "450 4.3.0 Please try again later.";
718 }
719 else
720 {
721 #if PIPELINING
722 # if _FFR_NO_PIPE
723 if (bitset(SRV_NO_PIPE, features))
724 {
725 /* for consistency */
726 features &= ~SRV_OFFER_PIPE;
727 }
728 # endif /* _FFR_NO_PIPE */
729 #endif /* PIPELINING */
730 #if SASL
731 if (bitset(SRV_REQ_SEC, features))
732 SASLOpts |= SASL_SEC_NOPLAINTEXT;
733 else
734 SASLOpts &= ~SASL_SEC_NOPLAINTEXT;
735 #endif /* SASL */
736 }
737 }
738 else if (strncmp(nullserver, "421 ", 4) == 0)
739 {
740 message(nullserver);
741 goto doquit;
742 }
743
744 e->e_features = features;
745 hostname = macvalue('j', e);
746 #if SASL
747 if (AuthRealm == NULL)
748 AuthRealm = hostname;
749 sasl_ok = bitset(SRV_OFFER_AUTH, features);
750 n_mechs = 0;
751 authenticating = SASL_NOT_AUTH;
752
753 /* SASL server new connection */
754 if (sasl_ok)
755 {
756 # if SASL >= 20000
757 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL,
758 NULL, 0, &conn);
759 # elif SASL > 10505
760 /* use empty realm: only works in SASL > 1.5.5 */
761 result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn);
762 # else /* SASL >= 20000 */
763 /* use no realm -> realm is set to hostname by SASL lib */
764 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, 0,
765 &conn);
766 # endif /* SASL >= 20000 */
767 sasl_ok = result == SASL_OK;
768 if (!sasl_ok)
769 {
770 if (LogLevel > 9)
771 sm_syslog(LOG_WARNING, NOQID,
772 "AUTH error: sasl_server_new failed=%d",
773 result);
774 }
775 }
776 if (sasl_ok)
777 {
778 /*
779 ** SASL set properties for sasl
780 ** set local/remote IP
781 ** XXX Cyrus SASL v1 only supports IPv4
782 **
783 ** XXX where exactly are these used/required?
784 ** Kerberos_v4
785 */
786
787 # if SASL >= 20000
788 localip[0] = remoteip[0] = '\0';
789 # if NETINET || NETINET6
790 in = macvalue(macid("{daemon_family}"), e);
791 if (in != NULL && (
792 # if NETINET6
793 strcmp(in, "inet6") == 0 ||
794 # endif /* NETINET6 */
795 strcmp(in, "inet") == 0))
796 {
797 SOCKADDR_LEN_T addrsize;
798 SOCKADDR saddr_l;
799 SOCKADDR saddr_r;
800
801 addrsize = sizeof(saddr_r);
802 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
803 NULL),
804 (struct sockaddr *) &saddr_r,
805 &addrsize) == 0)
806 {
807 if (iptostring(&saddr_r, addrsize,
808 remoteip, sizeof(remoteip)))
809 {
810 sasl_setprop(conn, SASL_IPREMOTEPORT,
811 remoteip);
812 }
813 addrsize = sizeof(saddr_l);
814 if (getsockname(sm_io_getinfo(InChannel,
815 SM_IO_WHAT_FD,
816 NULL),
817 (struct sockaddr *) &saddr_l,
818 &addrsize) == 0)
819 {
820 if (iptostring(&saddr_l, addrsize,
821 localip,
822 sizeof(localip)))
823 {
824 sasl_setprop(conn,
825 SASL_IPLOCALPORT,
826 localip);
827 }
828 }
829 }
830 }
831 # endif /* NETINET || NETINET6 */
832 # else /* SASL >= 20000 */
833 # if NETINET
834 in = macvalue(macid("{daemon_family}"), e);
835 if (in != NULL && strcmp(in, "inet") == 0)
836 {
837 SOCKADDR_LEN_T addrsize;
838
839 addrsize = sizeof(struct sockaddr_in);
840 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
841 NULL),
842 (struct sockaddr *)&saddr_r,
843 &addrsize) == 0)
844 {
845 sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r);
846 addrsize = sizeof(struct sockaddr_in);
847 if (getsockname(sm_io_getinfo(InChannel,
848 SM_IO_WHAT_FD,
849 NULL),
850 (struct sockaddr *)&saddr_l,
851 &addrsize) == 0)
852 sasl_setprop(conn, SASL_IP_LOCAL,
853 &saddr_l);
854 }
855 }
856 # endif /* NETINET */
857 # endif /* SASL >= 20000 */
858
859 auth_type = NULL;
860 mechlist = NULL;
861 user = NULL;
862 # if 0
863 macdefine(&BlankEnvelope.e_macro, A_PERM,
864 macid("{auth_author}"), NULL);
865 # endif /* 0 */
866
867 /* set properties */
868 (void) memset(&ssp, '\0', sizeof(ssp));
869
870 /* XXX should these be options settable via .cf ? */
871 /* ssp.min_ssf = 0; is default due to memset() */
872 {
873 ssp.max_ssf = MaxSLBits;
874 ssp.maxbufsize = MAXOUTLEN;
875 }
876 ssp.security_flags = SASLOpts & SASL_SEC_MASK;
877 sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
878
879 if (sasl_ok)
880 {
881 /*
882 ** external security strength factor;
883 ** currently we have none so zero
884 */
885
886 # if SASL >= 20000
887 ext_ssf = 0;
888 auth_id = NULL;
889 sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL,
890 &ext_ssf) == SASL_OK) &&
891 (sasl_setprop(conn, SASL_AUTH_EXTERNAL,
892 auth_id) == SASL_OK));
893 # else /* SASL >= 20000 */
894 ext_ssf.ssf = 0;
895 ext_ssf.auth_id = NULL;
896 sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
897 &ext_ssf) == SASL_OK;
898 # endif /* SASL >= 20000 */
899 }
900 if (sasl_ok)
901 n_mechs = saslmechs(conn, &mechlist);
902 }
903 #endif /* SASL */
904
905 #if STARTTLS
906 #endif /* STARTTLS */
907
908 #if MILTER
909 if (smtp.sm_milterize)
910 {
911 char state;
912
913 /* initialize mail filter connection */
914 smtp.sm_milterlist = milter_init(e, &state, &smtp.sm_milters);
915 switch (state)
916 {
917 case SMFIR_REJECT:
918 if (MilterLogLevel > 3)
919 sm_syslog(LOG_INFO, e->e_id,
920 "Milter: initialization failed, rejecting commands");
921 greetcode = "554";
922 nullserver = "Command rejected";
923 smtp.sm_milterize = false;
924 break;
925
926 case SMFIR_TEMPFAIL:
927 if (MilterLogLevel > 3)
928 sm_syslog(LOG_INFO, e->e_id,
929 "Milter: initialization failed, temp failing commands");
930 tempfail = true;
931 smtp.sm_milterize = false;
932 break;
933
934 case SMFIR_SHUTDOWN:
935 if (MilterLogLevel > 3)
936 sm_syslog(LOG_INFO, e->e_id,
937 "Milter: initialization failed, closing connection");
938 tempfail = true;
939 smtp.sm_milterize = false;
940 message("421 4.7.0 %s closing connection",
941 MyHostName);
942
943 /* arrange to ignore send list */
944 e->e_sendqueue = NULL;
945 goto doquit;
946 }
947 }
948
949 if (smtp.sm_milterlist && smtp.sm_milterize &&
950 !bitset(EF_DISCARD, e->e_flags))
951 {
952 char state;
953 char *response;
954
955 q = macvalue(macid("{client_name}"), e);
956 SM_ASSERT(q != NULL || OpMode == MD_SMTP);
957 if (q == NULL)
958 q = "localhost";
959 response = milter_connect(q, RealHostAddr, e, &state);
960 switch (state)
961 {
962 case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */
963 case SMFIR_REJECT:
964 if (MilterLogLevel > 3)
965 sm_syslog(LOG_INFO, e->e_id,
966 "Milter: connect: host=%s, addr=%s, rejecting commands",
967 peerhostname,
968 anynet_ntoa(&RealHostAddr));
969 greetcode = "554";
970 nullserver = "Command rejected";
971 smtp.sm_milterize = false;
972 break;
973
974 case SMFIR_TEMPFAIL:
975 if (MilterLogLevel > 3)
976 sm_syslog(LOG_INFO, e->e_id,
977 "Milter: connect: host=%s, addr=%s, temp failing commands",
978 peerhostname,
979 anynet_ntoa(&RealHostAddr));
980 tempfail = true;
981 smtp.sm_milterize = false;
982 break;
983
984 case SMFIR_SHUTDOWN:
985 if (MilterLogLevel > 3)
986 sm_syslog(LOG_INFO, e->e_id,
987 "Milter: connect: host=%s, addr=%s, shutdown",
988 peerhostname,
989 anynet_ntoa(&RealHostAddr));
990 tempfail = true;
991 smtp.sm_milterize = false;
992 message("421 4.7.0 %s closing connection",
993 MyHostName);
994
995 /* arrange to ignore send list */
996 e->e_sendqueue = NULL;
997 goto doquit;
998 }
999 if (response != NULL)
1000 sm_free(response); /* XXX */
1001 }
1002 #endif /* MILTER */
1003
1004 /*
1005 ** Broken proxies and SMTP slammers
1006 ** push data without waiting, catch them
1007 */
1008
1009 if (
1010 #if STARTTLS
1011 !smtps &&
1012 #endif /* STARTTLS */
1013 *greetcode == '2' && nullserver == NULL)
1014 {
1015 time_t msecs = 0;
1016 char **pvp;
1017 char pvpbuf[PSBUFSIZE];
1018
1019 /* Ask the rulesets how long to pause */
1020 pvp = NULL;
1021 r = rscap("greet_pause", peerhostname,
1022 anynet_ntoa(&RealHostAddr), e,
1023 &pvp, pvpbuf, sizeof(pvpbuf));
1024 if (r == EX_OK && pvp != NULL && pvp[0] != NULL &&
1025 (pvp[0][0] & 0377) == CANONNET && pvp[1] != NULL)
1026 {
1027 msecs = strtol(pvp[1], NULL, 10);
1028 }
1029
1030 if (msecs > 0)
1031 {
1032 int fd;
1033 fd_set readfds;
1034 struct timeval timeout;
1035 struct timeval bp, ep, tp; /* {begin,end,total}pause */
1036 int eoftest;
1037
1038 /* pause for a moment */
1039 timeout.tv_sec = msecs / 1000;
1040 timeout.tv_usec = (msecs % 1000) * 1000;
1041
1042 /* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */
1043 if (timeout.tv_sec >= 300)
1044 {
1045 timeout.tv_sec = 300;
1046 timeout.tv_usec = 0;
1047 }
1048
1049 /* check if data is on the socket during the pause */
1050 fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
1051 FD_ZERO(&readfds);
1052 SM_FD_SET(fd, &readfds);
1053 gettimeofday(&bp, NULL);
1054 if (select(fd + 1, FDSET_CAST &readfds,
1055 NULL, NULL, &timeout) > 0 &&
1056 FD_ISSET(fd, &readfds) &&
1057 (eoftest = sm_io_getc(InChannel, SM_TIME_DEFAULT))
1058 != SM_IO_EOF)
1059 {
1060 sm_io_ungetc(InChannel, SM_TIME_DEFAULT,
1061 eoftest);
1062 gettimeofday(&ep, NULL);
1063 timersub(&ep, &bp, &tp);
1064 greetcode = "554";
1065 nullserver = "Command rejected";
1066 sm_syslog(LOG_INFO, e->e_id,
1067 "rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds",
1068 peerhostname,
1069 anynet_ntoa(&RealHostAddr),
1070 (int) tp.tv_sec +
1071 (tp.tv_usec >= 500000 ? 1 : 0)
1072 );
1073 }
1074 }
1075 }
1076
1077 #if STARTTLS
1078 /* If this an smtps connection, start TLS now */
1079 if (smtps)
1080 {
1081 Errors = 0;
1082 goto starttls;
1083 }
1084
1085 greeting:
1086
1087 #endif /* STARTTLS */
1088
1089 /* output the first line, inserting "ESMTP" as second word */
1090 if (*greetcode == '5')
1091 (void) sm_snprintf(inp, sizeof(inp),
1092 "%s not accepting messages", hostname);
1093 else
1094 expand(SmtpGreeting, inp, sizeof(inp), e);
1095
1096 p = strchr(inp, '\n');
1097 if (p != NULL)
1098 *p++ = '\0';
1099 id = strchr(inp, ' ');
1100 if (id == NULL)
1101 id = &inp[strlen(inp)];
1102 if (p == NULL)
1103 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
1104 "%s %%.*s ESMTP%%s", greetcode);
1105 else
1106 (void) sm_snprintf(cmdbuf, sizeof(cmdbuf),
1107 "%s-%%.*s ESMTP%%s", greetcode);
1108 message(cmdbuf, (int) (id - inp), inp, id);
1109
1110 /* output remaining lines */
1111 while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL)
1112 {
1113 *p++ = '\0';
1114 if (isascii(*id) && isspace(*id))
1115 id++;
1116 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, "-%s");
1117 message(cmdbuf, id);
1118 }
1119 if (id != NULL)
1120 {
1121 if (isascii(*id) && isspace(*id))
1122 id++;
1123 (void) sm_strlcpyn(cmdbuf, sizeof(cmdbuf), 2, greetcode, " %s");
1124 message(cmdbuf, id);
1125 }
1126
1127 protocol = NULL;
1128 sendinghost = macvalue('s', e);
1129
1130 /* If quarantining by a connect/ehlo action, save between messages */
1131 if (e->e_quarmsg == NULL)
1132 smtp.sm_quarmsg = NULL;
1133 else
1134 smtp.sm_quarmsg = newstr(e->e_quarmsg);
1135
1136 /* sendinghost's storage must outlive the current envelope */
1137 if (sendinghost != NULL)
1138 sendinghost = sm_strdup_x(sendinghost);
1139 first = true;
1140 gothello = false;
1141 smtp.sm_gotmail = false;
1142 for (;;)
1143 {
1144 SM_TRY
1145 {
1146 QuickAbort = false;
1147 HoldErrs = false;
1148 SuprErrs = false;
1149 LogUsrErrs = false;
1150 OnlyOneError = true;
1151 e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS);
1152 #if MILTER
1153 milter_cmd_fail = false;
1154 #endif /* MILTER */
1155
1156 /* setup for the read */
1157 e->e_to = NULL;
1158 Errors = 0;
1159 FileName = NULL;
1160 (void) sm_io_flush(smioout, SM_TIME_DEFAULT);
1161
1162 /* read the input line */
1163 SmtpPhase = "server cmd read";
1164 sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
1165
1166 /* handle errors */
1167 if (sm_io_error(OutChannel) ||
1168 (p = sfgets(inp, sizeof(inp), InChannel,
1169 TimeOuts.to_nextcommand, SmtpPhase)) == NULL)
1170 {
1171 char *d;
1172
1173 d = macvalue(macid("{daemon_name}"), e);
1174 if (d == NULL)
1175 d = "stdin";
1176 /* end of file, just die */
1177 disconnect(1, e);
1178
1179 #if MILTER
1180 /* close out milter filters */
1181 milter_quit(e);
1182 #endif /* MILTER */
1183
1184 message("421 4.4.1 %s Lost input channel from %s",
1185 MyHostName, CurSmtpClient);
1186 if (LogLevel > (smtp.sm_gotmail ? 1 : 19))
1187 sm_syslog(LOG_NOTICE, e->e_id,
1188 "lost input channel from %s to %s after %s",
1189 CurSmtpClient, d,
1190 (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
1191 /*
1192 ** If have not accepted mail (DATA), do not bounce
1193 ** bad addresses back to sender.
1194 */
1195
1196 if (bitset(EF_CLRQUEUE, e->e_flags))
1197 e->e_sendqueue = NULL;
1198 goto doquit;
1199 }
1200
1201 /* also used by "proxy" check below */
1202 inplen = strlen(inp);
1203 #if SASL
1204 /*
1205 ** SMTP AUTH requires accepting any length,
1206 ** at least for challenge/response. However, not imposing
1207 ** a limit is a bad idea (denial of service).
1208 */
1209
1210 if (authenticating != SASL_PROC_AUTH
1211 && sm_strncasecmp(inp, "AUTH ", 5) != 0
1212 && inplen > MAXLINE)
1213 {
1214 message("421 4.7.0 %s Command too long, possible attack %s",
1215 MyHostName, CurSmtpClient);
1216 sm_syslog(LOG_INFO, e->e_id,
1217 "%s: SMTP violation, input too long: %lu",
1218 CurSmtpClient, (unsigned long) inplen);
1219 goto doquit;
1220 }
1221 #endif /* SASL */
1222
1223 if (first)
1224 {
1225 size_t cmdlen;
1226 int idx;
1227 char *http_cmd;
1228 static char *http_cmds[] = { "GET", "POST",
1229 "CONNECT", "USER", NULL };
1230
1231 for (idx = 0; (http_cmd = http_cmds[idx]) != NULL;
1232 idx++)
1233 {
1234 cmdlen = strlen(http_cmd);
1235 if (cmdlen < inplen &&
1236 sm_strncasecmp(inp, http_cmd, cmdlen) == 0 &&
1237 isascii(inp[cmdlen]) && isspace(inp[cmdlen]))
1238 {
1239 /* Open proxy, drop it */
1240 message("421 4.7.0 %s Rejecting open proxy %s",
1241 MyHostName, CurSmtpClient);
1242 sm_syslog(LOG_INFO, e->e_id,
1243 "%s: probable open proxy: command=%.40s",
1244 CurSmtpClient, inp);
1245 goto doquit;
1246 }
1247 }
1248 first = false;
1249 }
1250
1251 /* clean up end of line */
1252 fixcrlf(inp, true);
1253
1254 #if PIPELINING
1255 # if _FFR_NO_PIPE
1256 /*
1257 ** if there is more input and pipelining is disabled:
1258 ** delay ... (and maybe discard the input?)
1259 ** XXX this doesn't really work, at least in tests using
1260 ** telnet SM_IO_IS_READABLE only returns 1 if there were
1261 ** more than 2 input lines available.
1262 */
1263
1264 if (bitset(SRV_NO_PIPE, features) &&
1265 sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0)
1266 {
1267 if (++np_log < 3)
1268 sm_syslog(LOG_INFO, NOQID,
1269 "unauthorized PIPELINING, sleeping");
1270 sleep(1);
1271 }
1272
1273 # endif /* _FFR_NO_PIPE */
1274 #endif /* PIPELINING */
1275
1276 #if SASL
1277 if (authenticating == SASL_PROC_AUTH)
1278 {
1279 # if 0
1280 if (*inp == '\0')
1281 {
1282 authenticating = SASL_NOT_AUTH;
1283 message("501 5.5.2 missing input");
1284 RESET_SASLCONN;
1285 continue;
1286 }
1287 # endif /* 0 */
1288 if (*inp == '*' && *(inp + 1) == '\0')
1289 {
1290 authenticating = SASL_NOT_AUTH;
1291
1292 /* RFC 2554 4. */
1293 message("501 5.0.0 AUTH aborted");
1294 RESET_SASLCONN;
1295 continue;
1296 }
1297
1298 /* could this be shorter? XXX */
1299 # if SASL >= 20000
1300 in = xalloc(strlen(inp) + 1);
1301 result = sasl_decode64(inp, strlen(inp), in,
1302 strlen(inp), &inlen);
1303 # else /* SASL >= 20000 */
1304 out = xalloc(strlen(inp));
1305 result = sasl_decode64(inp, strlen(inp), out, &outlen);
1306 # endif /* SASL >= 20000 */
1307 if (result != SASL_OK)
1308 {
1309 authenticating = SASL_NOT_AUTH;
1310
1311 /* RFC 2554 4. */
1312 message("501 5.5.4 cannot decode AUTH parameter %s",
1313 inp);
1314 # if SASL >= 20000
1315 sm_free(in);
1316 # endif /* SASL >= 20000 */
1317 RESET_SASLCONN;
1318 continue;
1319 }
1320
1321 # if SASL >= 20000
1322 result = sasl_server_step(conn, in, inlen,
1323 &out, &outlen);
1324 sm_free(in);
1325 # else /* SASL >= 20000 */
1326 result = sasl_server_step(conn, out, outlen,
1327 &out, &outlen, &errstr);
1328 # endif /* SASL >= 20000 */
1329
1330 /* get an OK if we're done */
1331 if (result == SASL_OK)
1332 {
1333 authenticated:
1334 message("235 2.0.0 OK Authenticated");
1335 authenticating = SASL_IS_AUTH;
1336 macdefine(&BlankEnvelope.e_macro, A_TEMP,
1337 macid("{auth_type}"), auth_type);
1338
1339 # if SASL >= 20000
1340 user = macvalue(macid("{auth_authen}"), e);
1341
1342 /* get security strength (features) */
1343 result = sasl_getprop(conn, SASL_SSF,
1344 (const void **) &ssf);
1345 # else /* SASL >= 20000 */
1346 result = sasl_getprop(conn, SASL_USERNAME,
1347 (void **)&user);
1348 if (result != SASL_OK)
1349 {
1350 user = "";
1351 macdefine(&BlankEnvelope.e_macro,
1352 A_PERM,
1353 macid("{auth_authen}"), NULL);
1354 }
1355 else
1356 {
1357 macdefine(&BlankEnvelope.e_macro,
1358 A_TEMP,
1359 macid("{auth_authen}"),
1360 xtextify(user, "<>\")"));
1361 }
1362
1363 # if 0
1364 /* get realm? */
1365 sasl_getprop(conn, SASL_REALM, (void **) &data);
1366 # endif /* 0 */
1367
1368 /* get security strength (features) */
1369 result = sasl_getprop(conn, SASL_SSF,
1370 (void **) &ssf);
1371 # endif /* SASL >= 20000 */
1372 if (result != SASL_OK)
1373 {
1374 macdefine(&BlankEnvelope.e_macro,
1375 A_PERM,
1376 macid("{auth_ssf}"), "0");
1377 ssf = NULL;
1378 }
1379 else
1380 {
1381 char pbuf[8];
1382
1383 (void) sm_snprintf(pbuf, sizeof(pbuf),
1384 "%u", *ssf);
1385 macdefine(&BlankEnvelope.e_macro,
1386 A_TEMP,
1387 macid("{auth_ssf}"), pbuf);
1388 if (tTd(95, 8))
1389 sm_dprintf("AUTH auth_ssf: %u\n",
1390 *ssf);
1391 }
1392
1393 /*
1394 ** Only switch to encrypted connection
1395 ** if a security layer has been negotiated
1396 */
1397
1398 if (ssf != NULL && *ssf > 0)
1399 {
1400 int tmo;
1401
1402 /*
1403 ** Convert I/O layer to use SASL.
1404 ** If the call fails, the connection
1405 ** is aborted.
1406 */
1407
1408 tmo = TimeOuts.to_datablock * 1000;
1409 if (sfdcsasl(&InChannel, &OutChannel,
1410 conn, tmo) == 0)
1411 {
1412 /* restart dialogue */
1413 n_helo = 0;
1414 # if PIPELINING
1415 (void) sm_io_autoflush(InChannel,
1416 OutChannel);
1417 # endif /* PIPELINING */
1418 }
1419 else
1420 syserr("503 5.3.3 SASL TLS failed");
1421 }
1422
1423 /* NULL pointer ok since it's our function */
1424 if (LogLevel > 8)
1425 sm_syslog(LOG_INFO, NOQID,
1426 "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
1427 CurSmtpClient,
1428 shortenstring(user, 128),
1429 auth_type, *ssf);
1430 }
1431 else if (result == SASL_CONTINUE)
1432 {
1433 len = ENC64LEN(outlen);
1434 out2 = xalloc(len);
1435 result = sasl_encode64(out, outlen, out2, len,
1436 &out2len);
1437 if (result != SASL_OK)
1438 {
1439 /* correct code? XXX */
1440 /* 454 Temp. authentication failure */
1441 message("454 4.5.4 Internal error: unable to encode64");
1442 if (LogLevel > 5)
1443 sm_syslog(LOG_WARNING, e->e_id,
1444 "AUTH encode64 error [%d for \"%s\"]",
1445 result, out);
1446 /* start over? */
1447 authenticating = SASL_NOT_AUTH;
1448 }
1449 else
1450 {
1451 message("334 %s", out2);
1452 if (tTd(95, 2))
1453 sm_dprintf("AUTH continue: msg='%s' len=%u\n",
1454 out2, out2len);
1455 }
1456 # if SASL >= 20000
1457 sm_free(out2);
1458 # endif /* SASL >= 20000 */
1459 }
1460 else
1461 {
1462 /* not SASL_OK or SASL_CONT */
1463 message("535 5.7.0 authentication failed");
1464 if (LogLevel > 9)
1465 sm_syslog(LOG_WARNING, e->e_id,
1466 "AUTH failure (%s): %s (%d) %s",
1467 auth_type,
1468 sasl_errstring(result, NULL,
1469 NULL),
1470 result,
1471 # if SASL >= 20000
1472 sasl_errdetail(conn));
1473 # else /* SASL >= 20000 */
1474 errstr == NULL ? "" : errstr);
1475 # endif /* SASL >= 20000 */
1476 RESET_SASLCONN;
1477 authenticating = SASL_NOT_AUTH;
1478 }
1479 }
1480 else
1481 {
1482 /* don't want to do any of this if authenticating */
1483 #endif /* SASL */
1484
1485 /* echo command to transcript */
1486 if (e->e_xfp != NULL)
1487 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
1488 "<<< %s\n", inp);
1489
1490 if (LogLevel > 14)
1491 sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp);
1492
1493 /* break off command */
1494 for (p = inp; isascii(*p) && isspace(*p); p++)
1495 continue;
1496 cmd = cmdbuf;
1497 while (*p != '\0' &&
1498 !(isascii(*p) && isspace(*p)) &&
1499 cmd < &cmdbuf[sizeof(cmdbuf) - 2])
1500 *cmd++ = *p++;
1501 *cmd = '\0';
1502
1503 /* throw away leading whitespace */
1504 SKIP_SPACE(p);
1505
1506 /* decode command */
1507 for (c = CmdTab; c->cmd_name != NULL; c++)
1508 {
1509 if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0)
1510 break;
1511 }
1512
1513 /* reset errors */
1514 errno = 0;
1515
1516 /* check whether a "non-null" command has been used */
1517 switch (c->cmd_code)
1518 {
1519 #if SASL
1520 case CMDAUTH:
1521 /* avoid information leak; take first two words? */
1522 q = "AUTH";
1523 break;
1524 #endif /* SASL */
1525
1526 case CMDMAIL:
1527 case CMDEXPN:
1528 case CMDVRFY:
1529 case CMDETRN:
1530 lognullconnection = false;
1531 /* FALLTHROUGH */
1532 default:
1533 q = inp;
1534 break;
1535 }
1536
1537 if (e->e_id == NULL)
1538 sm_setproctitle(true, e, "%s: %.80s",
1539 CurSmtpClient, q);
1540 else
1541 sm_setproctitle(true, e, "%s %s: %.80s",
1542 qid_printname(e),
1543 CurSmtpClient, q);
1544
1545 /*
1546 ** Process command.
1547 **
1548 ** If we are running as a null server, return 550
1549 ** to almost everything.
1550 */
1551
1552 if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags))
1553 {
1554 switch (c->cmd_code)
1555 {
1556 case CMDQUIT:
1557 case CMDHELO:
1558 case CMDEHLO:
1559 case CMDNOOP:
1560 case CMDRSET:
1561 case CMDERROR:
1562 /* process normally */
1563 break;
1564
1565 case CMDETRN:
1566 if (bitnset(D_ETRNONLY, d_flags) &&
1567 nullserver == NULL)
1568 break;
1569 DELAY_CONN("ETRN");
1570 /* FALLTHROUGH */
1571
1572 default:
1573 #if MAXBADCOMMANDS > 0
1574 /* theoretically this could overflow */
1575 if (nullserver != NULL &&
1576 ++n_badcmds > MAXBADCOMMANDS)
1577 {
1578 message("421 4.7.0 %s Too many bad commands; closing connection",
1579 MyHostName);
1580
1581 /* arrange to ignore send list */
1582 e->e_sendqueue = NULL;
1583 goto doquit;
1584 }
1585 #endif /* MAXBADCOMMANDS > 0 */
1586 if (nullserver != NULL)
1587 {
1588 if (ISSMTPREPLY(nullserver))
1589 usrerr(nullserver);
1590 else
1591 usrerr("550 5.0.0 %s",
1592 nullserver);
1593 }
1594 else
1595 usrerr("452 4.4.5 Insufficient disk space; try again later");
1596 continue;
1597 }
1598 }
1599
1600 switch (c->cmd_code)
1601 {
1602 #if SASL
1603 case CMDAUTH: /* sasl */
1604 DELAY_CONN("AUTH");
1605 if (!sasl_ok || n_mechs <= 0)
1606 {
1607 message("503 5.3.3 AUTH not available");
1608 break;
1609 }
1610 if (authenticating == SASL_IS_AUTH)
1611 {
1612 message("503 5.5.0 Already Authenticated");
1613 break;
1614 }
1615 if (smtp.sm_gotmail)
1616 {
1617 message("503 5.5.0 AUTH not permitted during a mail transaction");
1618 break;
1619 }
1620 if (tempfail)
1621 {
1622 if (LogLevel > 9)
1623 sm_syslog(LOG_INFO, e->e_id,
1624 "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
1625 p, CurSmtpClient);
1626 usrerr("454 4.3.0 Please try again later");
1627 break;
1628 }
1629
1630 ismore = false;
1631
1632 /* crude way to avoid crack attempts */
1633 STOP_IF_ATTACK(checksmtpattack(&n_auth, n_mechs + 1,
1634 true, "AUTH", e));
1635
1636 /* make sure mechanism (p) is a valid string */
1637 for (q = p; *q != '\0' && isascii(*q); q++)
1638 {
1639 if (isspace(*q))
1640 {
1641 *q = '\0';
1642 while (*++q != '\0' &&
1643 isascii(*q) && isspace(*q))
1644 continue;
1645 *(q - 1) = '\0';
1646 ismore = (*q != '\0');
1647 break;
1648 }
1649 }
1650
1651 if (*p == '\0')
1652 {
1653 message("501 5.5.2 AUTH mechanism must be specified");
1654 break;
1655 }
1656
1657 /* check whether mechanism is available */
1658 if (iteminlist(p, mechlist, " ") == NULL)
1659 {
1660 message("504 5.3.3 AUTH mechanism %.32s not available",
1661 p);
1662 break;
1663 }
1664
1665 /*
1666 ** RFC 2554 4.
1667 ** Unlike a zero-length client answer to a
1668 ** 334 reply, a zero- length initial response
1669 ** is sent as a single equals sign ("=").
1670 */
1671
1672 if (ismore && *q == '=' && *(q + 1) == '\0')
1673 {
1674 /* will be free()d, don't use in=""; */
1675 in = xalloc(1);
1676 *in = '\0';
1677 inlen = 0;
1678 }
1679 else if (ismore)
1680 {
1681 /* could this be shorter? XXX */
1682 # if SASL >= 20000
1683 in = xalloc(strlen(q) + 1);
1684 result = sasl_decode64(q, strlen(q), in,
1685 strlen(q), &inlen);
1686 # else /* SASL >= 20000 */
1687 in = sm_rpool_malloc(e->e_rpool, strlen(q));
1688 result = sasl_decode64(q, strlen(q), in,
1689 &inlen);
1690 # endif /* SASL >= 20000 */
1691 if (result != SASL_OK)
1692 {
1693 message("501 5.5.4 cannot BASE64 decode '%s'",
1694 q);
1695 if (LogLevel > 5)
1696 sm_syslog(LOG_WARNING, e->e_id,
1697 "AUTH decode64 error [%d for \"%s\"]",
1698 result, q);
1699 /* start over? */
1700 authenticating = SASL_NOT_AUTH;
1701 # if SASL >= 20000
1702 sm_free(in);
1703 # endif /* SASL >= 20000 */
1704 in = NULL;
1705 inlen = 0;
1706 break;
1707 }
1708 }
1709 else
1710 {
1711 in = NULL;
1712 inlen = 0;
1713 }
1714
1715 /* see if that auth type exists */
1716 # if SASL >= 20000
1717 result = sasl_server_start(conn, p, in, inlen,
1718 &out, &outlen);
1719 if (in != NULL)
1720 sm_free(in);
1721 # else /* SASL >= 20000 */
1722 result = sasl_server_start(conn, p, in, inlen,
1723 &out, &outlen, &errstr);
1724 # endif /* SASL >= 20000 */
1725
1726 if (result != SASL_OK && result != SASL_CONTINUE)
1727 {
1728 message("535 5.7.0 authentication failed");
1729 if (LogLevel > 9)
1730 sm_syslog(LOG_ERR, e->e_id,
1731 "AUTH failure (%s): %s (%d) %s",
1732 p,
1733 sasl_errstring(result, NULL,
1734 NULL),
1735 result,
1736 # if SASL >= 20000
1737 sasl_errdetail(conn));
1738 # else /* SASL >= 20000 */
1739 errstr);
1740 # endif /* SASL >= 20000 */
1741 RESET_SASLCONN;
1742 break;
1743 }
1744 auth_type = newstr(p);
1745
1746 if (result == SASL_OK)
1747 {
1748 /* ugly, but same code */
1749 goto authenticated;
1750 /* authenticated by the initial response */
1751 }
1752
1753 /* len is at least 2 */
1754 len = ENC64LEN(outlen);
1755 out2 = xalloc(len);
1756 result = sasl_encode64(out, outlen, out2, len,
1757 &out2len);
1758
1759 if (result != SASL_OK)
1760 {
1761 message("454 4.5.4 Temporary authentication failure");
1762 if (LogLevel > 5)
1763 sm_syslog(LOG_WARNING, e->e_id,
1764 "AUTH encode64 error [%d for \"%s\"]",
1765 result, out);
1766
1767 /* start over? */
1768 authenticating = SASL_NOT_AUTH;
1769 RESET_SASLCONN;
1770 }
1771 else
1772 {
1773 message("334 %s", out2);
1774 authenticating = SASL_PROC_AUTH;
1775 }
1776 # if SASL >= 20000
1777 sm_free(out2);
1778 # endif /* SASL >= 20000 */
1779 break;
1780 #endif /* SASL */
1781
1782 #if STARTTLS
1783 case CMDSTLS: /* starttls */
1784 DELAY_CONN("STARTTLS");
1785 if (*p != '\0')
1786 {
1787 message("501 5.5.2 Syntax error (no parameters allowed)");
1788 break;
1789 }
1790 if (!bitset(SRV_OFFER_TLS, features))
1791 {
1792 message("503 5.5.0 TLS not available");
1793 break;
1794 }
1795 if (!tls_ok_srv)
1796 {
1797 message("454 4.3.3 TLS not available after start");
1798 break;
1799 }
1800 if (smtp.sm_gotmail)
1801 {
1802 message("503 5.5.0 TLS not permitted during a mail transaction");
1803 break;
1804 }
1805 if (tempfail)
1806 {
1807 if (LogLevel > 9)
1808 sm_syslog(LOG_INFO, e->e_id,
1809 "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
1810 p, CurSmtpClient);
1811 usrerr("454 4.7.0 Please try again later");
1812 break;
1813 }
1814 starttls:
1815 # if TLS_NO_RSA
1816 /*
1817 ** XXX do we need a temp key ?
1818 */
1819 # else /* TLS_NO_RSA */
1820 # endif /* TLS_NO_RSA */
1821
1822 # if TLS_VRFY_PER_CTX
1823 /*
1824 ** Note: this sets the verification globally
1825 ** (per SSL_CTX)
1826 ** it's ok since it applies only to one transaction
1827 */
1828
1829 TLS_VERIFY_CLIENT();
1830 # endif /* TLS_VRFY_PER_CTX */
1831
1832 if (srv_ssl != NULL)
1833 SSL_clear(srv_ssl);
1834 else if ((srv_ssl = SSL_new(srv_ctx)) == NULL)
1835 {
1836 message("454 4.3.3 TLS not available: error generating SSL handle");
1837 if (LogLevel > 8)
1838 tlslogerr("server");
1839 goto tls_done;
1840 }
1841
1842 # if !TLS_VRFY_PER_CTX
1843 /*
1844 ** this could be used if it were possible to set
1845 ** verification per SSL (connection)
1846 ** not just per SSL_CTX (global)
1847 */
1848
1849 TLS_VERIFY_CLIENT();
1850 # endif /* !TLS_VRFY_PER_CTX */
1851
1852 rfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
1853 wfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
1854
1855 if (rfd < 0 || wfd < 0 ||
1856 SSL_set_rfd(srv_ssl, rfd) <= 0 ||
1857 SSL_set_wfd(srv_ssl, wfd) <= 0)
1858 {
1859 message("454 4.3.3 TLS not available: error set fd");
1860 SSL_free(srv_ssl);
1861 srv_ssl = NULL;
1862 goto tls_done;
1863 }
1864 if (!smtps)
1865 message("220 2.0.0 Ready to start TLS");
1866 # if PIPELINING
1867 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
1868 # endif /* PIPELINING */
1869
1870 SSL_set_accept_state(srv_ssl);
1871
1872 # define SSL_ACC(s) SSL_accept(s)
1873
1874 tlsstart = curtime();
1875 ssl_retry:
1876 if ((r = SSL_ACC(srv_ssl)) <= 0)
1877 {
1878 int i, ssl_err;
1879
1880 ssl_err = SSL_get_error(srv_ssl, r);
1881 i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
1882 TimeOuts.to_starttls, ssl_err,
1883 "server");
1884 if (i > 0)
1885 goto ssl_retry;
1886
1887 if (LogLevel > 5)
1888 {
1889 sm_syslog(LOG_WARNING, NOQID,
1890 "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
1891 r, ssl_err, errno, i);
1892 if (LogLevel > 8)
1893 tlslogerr("server");
1894 }
1895 tls_ok_srv = false;
1896 SSL_free(srv_ssl);
1897 srv_ssl = NULL;
1898
1899 /*
1900 ** according to the next draft of
1901 ** RFC 2487 the connection should be dropped
1902 */
1903
1904 /* arrange to ignore any current send list */
1905 e->e_sendqueue = NULL;
1906 goto doquit;
1907 }
1908
1909 /* ignore return code for now, it's in {verify} */
1910 (void) tls_get_info(srv_ssl, true,
1911 CurSmtpClient,
1912 &BlankEnvelope.e_macro,
1913 bitset(SRV_VRFY_CLT, features));
1914
1915 /*
1916 ** call Stls_client to find out whether
1917 ** to accept the connection from the client
1918 */
1919
1920 saveQuickAbort = QuickAbort;
1921 saveSuprErrs = SuprErrs;
1922 SuprErrs = true;
1923 QuickAbort = false;
1924 if (rscheck("tls_client",
1925 macvalue(macid("{verify}"), e),
1926 "STARTTLS", e,
1927 RSF_RMCOMM|RSF_COUNT,
1928 5, NULL, NOQID, NULL) != EX_OK ||
1929 Errors > 0)
1930 {
1931 extern char MsgBuf[];
1932
1933 if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf))
1934 nullserver = newstr(MsgBuf);
1935 else
1936 nullserver = "503 5.7.0 Authentication required.";
1937 }
1938 QuickAbort = saveQuickAbort;
1939 SuprErrs = saveSuprErrs;
1940
1941 tls_ok_srv = false; /* don't offer STARTTLS again */
1942 n_helo = 0;
1943 # if SASL
1944 if (sasl_ok)
1945 {
1946 int cipher_bits;
1947 bool verified;
1948 char *s, *v, *c;
1949
1950 s = macvalue(macid("{cipher_bits}"), e);
1951 v = macvalue(macid("{verify}"), e);
1952 c = macvalue(macid("{cert_subject}"), e);
1953 verified = (v != NULL && strcmp(v, "OK") == 0);
1954 if (s != NULL && (cipher_bits = atoi(s)) > 0)
1955 {
1956 # if SASL >= 20000
1957 ext_ssf = cipher_bits;
1958 auth_id = verified ? c : NULL;
1959 sasl_ok = ((sasl_setprop(conn,
1960 SASL_SSF_EXTERNAL,
1961 &ext_ssf) == SASL_OK) &&
1962 (sasl_setprop(conn,
1963 SASL_AUTH_EXTERNAL,
1964 auth_id) == SASL_OK));
1965 # else /* SASL >= 20000 */
1966 ext_ssf.ssf = cipher_bits;
1967 ext_ssf.auth_id = verified ? c : NULL;
1968 sasl_ok = sasl_setprop(conn,
1969 SASL_SSF_EXTERNAL,
1970 &ext_ssf) == SASL_OK;
1971 # endif /* SASL >= 20000 */
1972 mechlist = NULL;
1973 if (sasl_ok)
1974 n_mechs = saslmechs(conn,
1975 &mechlist);
1976 }
1977 }
1978 # endif /* SASL */
1979
1980 /* switch to secure connection */
1981 if (sfdctls(&InChannel, &OutChannel, srv_ssl) == 0)
1982 {
1983 tls_active = true;
1984 # if PIPELINING
1985 (void) sm_io_autoflush(InChannel, OutChannel);
1986 # endif /* PIPELINING */
1987 }
1988 else
1989 {
1990 /*
1991 ** XXX this is an internal error
1992 ** how to deal with it?
1993 ** we can't generate an error message
1994 ** since the other side switched to an
1995 ** encrypted layer, but we could not...
1996 ** just "hang up"?
1997 */
1998
1999 nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer";
2000 syserr("STARTTLS: can't switch to encrypted layer");
2001 }
2002 tls_done:
2003 if (smtps)
2004 {
2005 if (tls_active)
2006 goto greeting;
2007 else
2008 goto doquit;
2009 }
2010 break;
2011 #endif /* STARTTLS */
2012
2013 case CMDHELO: /* hello -- introduce yourself */
2014 case CMDEHLO: /* extended hello */
2015 DELAY_CONN("EHLO");
2016 if (c->cmd_code == CMDEHLO)
2017 {
2018 protocol = "ESMTP";
2019 SmtpPhase = "server EHLO";
2020 }
2021 else
2022 {
2023 protocol = "SMTP";
2024 SmtpPhase = "server HELO";
2025 }
2026
2027 /* avoid denial-of-service */
2028 STOP_IF_ATTACK(checksmtpattack(&n_helo, MAXHELOCOMMANDS,
2029 true, "HELO/EHLO", e));
2030
2031 #if 0
2032 /* RFC2821 4.1.4 allows duplicate HELO/EHLO */
2033 /* check for duplicate HELO/EHLO per RFC 1651 4.2 */
2034 if (gothello)
2035 {
2036 usrerr("503 %s Duplicate HELO/EHLO",
2037 MyHostName);
2038 break;
2039 }
2040 #endif /* 0 */
2041
2042 /* check for valid domain name (re 1123 5.2.5) */
2043 if (*p == '\0' && !AllowBogusHELO)
2044 {
2045 usrerr("501 %s requires domain address",
2046 cmdbuf);
2047 break;
2048 }
2049
2050 /* check for long domain name (hides Received: info) */
2051 if (strlen(p) > MAXNAME)
2052 {
2053 usrerr("501 Invalid domain name");
2054 if (LogLevel > 9)
2055 sm_syslog(LOG_INFO, CurEnv->e_id,
2056 "invalid domain name (too long) from %s",
2057 CurSmtpClient);
2058 break;
2059 }
2060
2061 ok = true;
2062 for (q = p; *q != '\0'; q++)
2063 {
2064 if (!isascii(*q))
2065 break;
2066 if (isalnum(*q))
2067 continue;
2068 if (isspace(*q))
2069 {
2070 *q = '\0';
2071
2072 /* only complain if strict check */
2073 ok = AllowBogusHELO;
2074
2075 /* allow trailing whitespace */
2076 while (!ok && *++q != '\0' &&
2077 isspace(*q))
2078 ;
2079 if (*q == '\0')
2080 ok = true;
2081 break;
2082 }
2083 if (strchr("[].-_#:", *q) == NULL)
2084 break;
2085 }
2086
2087 if (*q == '\0' && ok)
2088 {
2089 q = "pleased to meet you";
2090 sendinghost = sm_strdup_x(p);
2091 }
2092 else if (!AllowBogusHELO)
2093 {
2094 usrerr("501 Invalid domain name");
2095 if (LogLevel > 9)
2096 sm_syslog(LOG_INFO, CurEnv->e_id,
2097 "invalid domain name (%s) from %.100s",
2098 p, CurSmtpClient);
2099 break;
2100 }
2101 else
2102 {
2103 q = "accepting invalid domain name";
2104 }
2105
2106 if (gothello || smtp.sm_gotmail)
2107 CLEAR_STATE(cmdbuf);
2108
2109 #if MILTER
2110 if (smtp.sm_milterlist && smtp.sm_milterize &&
2111 !bitset(EF_DISCARD, e->e_flags))
2112 {
2113 char state;
2114 char *response;
2115
2116 response = milter_helo(p, e, &state);
2117 switch (state)
2118 {
2119 case SMFIR_REJECT:
2120 if (MilterLogLevel > 3)
2121 sm_syslog(LOG_INFO, e->e_id,
2122 "Milter: helo=%s, reject=Command rejected",
2123 p);
2124 nullserver = "Command rejected";
2125 smtp.sm_milterize = false;
2126 break;
2127
2128 case SMFIR_TEMPFAIL:
2129 if (MilterLogLevel > 3)
2130 sm_syslog(LOG_INFO, e->e_id,
2131 "Milter: helo=%s, reject=%s",
2132 p, MSG_TEMPFAIL);
2133 tempfail = true;
2134 smtp.sm_milterize = false;
2135 break;
2136
2137 case SMFIR_REPLYCODE:
2138 if (MilterLogLevel > 3)
2139 sm_syslog(LOG_INFO, e->e_id,
2140 "Milter: helo=%s, reject=%s",
2141 p, response);
2142 if (strncmp(response, "421 ", 4) != 0
2143 && strncmp(response, "421-", 4) != 0)
2144 {
2145 nullserver = newstr(response);
2146 smtp.sm_milterize = false;
2147 break;
2148 }
2149 /* FALLTHROUGH */
2150
2151 case SMFIR_SHUTDOWN:
2152 if (MilterLogLevel > 3 &&
2153 response == NULL)
2154 sm_syslog(LOG_INFO, e->e_id,
2155 "Milter: helo=%s, reject=421 4.7.0 %s closing connection",
2156 p, MyHostName);
2157 tempfail = true;
2158 smtp.sm_milterize = false;
2159 if (response != NULL)
2160 usrerr(response);
2161 else
2162 message("421 4.7.0 %s closing connection",
2163 MyHostName);
2164 /* arrange to ignore send list */
2165 e->e_sendqueue = NULL;
2166 lognullconnection = false;
2167 goto doquit;
2168 }
2169 if (response != NULL)
2170 sm_free(response);
2171
2172 /*
2173 ** If quarantining by a connect/ehlo action,
2174 ** save between messages
2175 */
2176
2177 if (smtp.sm_quarmsg == NULL &&
2178 e->e_quarmsg != NULL)
2179 smtp.sm_quarmsg = newstr(e->e_quarmsg);
2180 }
2181 #endif /* MILTER */
2182 gothello = true;
2183
2184 /* print HELO response message */
2185 if (c->cmd_code != CMDEHLO)
2186 {
2187 message("250 %s Hello %s, %s",
2188 MyHostName, CurSmtpClient, q);
2189 break;
2190 }
2191
2192 message("250-%s Hello %s, %s",
2193 MyHostName, CurSmtpClient, q);
2194
2195 /* offer ENHSC even for nullserver */
2196 if (nullserver != NULL)
2197 {
2198 message("250 ENHANCEDSTATUSCODES");
2199 break;
2200 }
2201
2202 /*
2203 ** print EHLO features list
2204 **
2205 ** Note: If you change this list,
2206 ** remember to update 'helpfile'
2207 */
2208
2209 message("250-ENHANCEDSTATUSCODES");
2210 #if PIPELINING
2211 if (bitset(SRV_OFFER_PIPE, features))
2212 message("250-PIPELINING");
2213 #endif /* PIPELINING */
2214 if (bitset(SRV_OFFER_EXPN, features))
2215 {
2216 message("250-EXPN");
2217 if (bitset(SRV_OFFER_VERB, features))
2218 message("250-VERB");
2219 }
2220 #if MIME8TO7
2221 message("250-8BITMIME");
2222 #endif /* MIME8TO7 */
2223 if (MaxMessageSize > 0)
2224 message("250-SIZE %ld", MaxMessageSize);
2225 else
2226 message("250-SIZE");
2227 #if DSN
2228 if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features))
2229 message("250-DSN");
2230 #endif /* DSN */
2231 if (bitset(SRV_OFFER_ETRN, features))
2232 message("250-ETRN");
2233 #if SASL
2234 if (sasl_ok && mechlist != NULL && *mechlist != '\0')
2235 message("250-AUTH %s", mechlist);
2236 #endif /* SASL */
2237 #if STARTTLS
2238 if (tls_ok_srv &&
2239 bitset(SRV_OFFER_TLS, features))
2240 message("250-STARTTLS");
2241 #endif /* STARTTLS */
2242 if (DeliverByMin > 0)
2243 message("250-DELIVERBY %ld",
2244 (long) DeliverByMin);
2245 else if (DeliverByMin == 0)
2246 message("250-DELIVERBY");
2247
2248 /* < 0: no deliver-by */
2249
2250 message("250 HELP");
2251 break;
2252
2253 case CMDMAIL: /* mail -- designate sender */
2254 SmtpPhase = "server MAIL";
2255 DELAY_CONN("MAIL");
2256
2257 /* check for validity of this command */
2258 if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
2259 {
2260 usrerr("503 5.0.0 Polite people say HELO first");
2261 break;
2262 }
2263 if (smtp.sm_gotmail)
2264 {
2265 usrerr("503 5.5.0 Sender already specified");
2266 break;
2267 }
2268 #if SASL
2269 if (bitset(SRV_REQ_AUTH, features) &&
2270 authenticating != SASL_IS_AUTH)
2271 {
2272 usrerr("530 5.7.0 Authentication required");
2273 break;
2274 }
2275 #endif /* SASL */
2276
2277 p = skipword(p, "from");
2278 if (p == NULL)
2279 break;
2280 if (tempfail)
2281 {
2282 if (LogLevel > 9)
2283 sm_syslog(LOG_INFO, e->e_id,
2284 "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
2285 p, CurSmtpClient);
2286 usrerr(MSG_TEMPFAIL);
2287 break;
2288 }
2289
2290 /* make sure we know who the sending host is */
2291 if (sendinghost == NULL)
2292 sendinghost = peerhostname;
2293
2294
2295 #if SM_HEAP_CHECK
2296 if (sm_debug_active(&DebugLeakSmtp, 1))
2297 {
2298 sm_heap_newgroup();
2299 sm_dprintf("smtp() heap group #%d\n",
2300 sm_heap_group());
2301 }
2302 #endif /* SM_HEAP_CHECK */
2303
2304 if (Errors > 0)
2305 goto undo_no_pm;
2306 if (!gothello)
2307 {
2308 auth_warning(e, "%s didn't use HELO protocol",
2309 CurSmtpClient);
2310 }
2311 #ifdef PICKY_HELO_CHECK
2312 if (sm_strcasecmp(sendinghost, peerhostname) != 0 &&
2313 (sm_strcasecmp(peerhostname, "localhost") != 0 ||
2314 sm_strcasecmp(sendinghost, MyHostName) != 0))
2315 {
2316 auth_warning(e, "Host %s claimed to be %s",
2317 CurSmtpClient, sendinghost);
2318 }
2319 #endif /* PICKY_HELO_CHECK */
2320
2321 if (protocol == NULL)
2322 protocol = "SMTP";
2323 macdefine(&e->e_macro, A_PERM, 'r', protocol);
2324 macdefine(&e->e_macro, A_PERM, 's', sendinghost);
2325
2326 if (Errors > 0)
2327 goto undo_no_pm;
2328 smtp.sm_nrcpts = 0;
2329 n_badrcpts = 0;
2330 macdefine(&e->e_macro, A_PERM, macid("{ntries}"), "0");
2331 macdefine(&e->e_macro, A_PERM, macid("{nrcpts}"), "0");
2332 macdefine(&e->e_macro, A_PERM, macid("{nbadrcpts}"),
2333 "0");
2334 e->e_flags |= EF_CLRQUEUE;
2335 sm_setproctitle(true, e, "%s %s: %.80s",
2336 qid_printname(e),
2337 CurSmtpClient, inp);
2338
2339 /* do the processing */
2340 SM_TRY
2341 {
2342 extern char *FullName;
2343
2344 QuickAbort = true;
2345 SM_FREE_CLR(FullName);
2346
2347 /* must parse sender first */
2348 delimptr = NULL;
2349 setsender(p, e, &delimptr, ' ', false);
2350 if (delimptr != NULL && *delimptr != '\0')
2351 *delimptr++ = '\0';
2352 if (Errors > 0)
2353 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2354
2355 /* Successfully set e_from, allow logging */
2356 e->e_flags |= EF_LOGSENDER;
2357
2358 /* put resulting triple from parseaddr() into macros */
2359 if (e->e_from.q_mailer != NULL)
2360 macdefine(&e->e_macro, A_PERM,
2361 macid("{mail_mailer}"),
2362 e->e_from.q_mailer->m_name);
2363 else
2364 macdefine(&e->e_macro, A_PERM,
2365 macid("{mail_mailer}"), NULL);
2366 if (e->e_from.q_host != NULL)
2367 macdefine(&e->e_macro, A_PERM,
2368 macid("{mail_host}"),
2369 e->e_from.q_host);
2370 else
2371 macdefine(&e->e_macro, A_PERM,
2372 macid("{mail_host}"), "localhost");
2373 if (e->e_from.q_user != NULL)
2374 macdefine(&e->e_macro, A_PERM,
2375 macid("{mail_addr}"),
2376 e->e_from.q_user);
2377 else
2378 macdefine(&e->e_macro, A_PERM,
2379 macid("{mail_addr}"), NULL);
2380 if (Errors > 0)
2381 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2382
2383 /* check for possible spoofing */
2384 if (RealUid != 0 && OpMode == MD_SMTP &&
2385 !wordinclass(RealUserName, 't') &&
2386 (!bitnset(M_LOCALMAILER,
2387 e->e_from.q_mailer->m_flags) ||
2388 strcmp(e->e_from.q_user, RealUserName) != 0))
2389 {
2390 auth_warning(e, "%s owned process doing -bs",
2391 RealUserName);
2392 }
2393
2394 /* reset to default value */
2395 SevenBitInput = SevenBitInput_Saved;
2396
2397 /* now parse ESMTP arguments */
2398 e->e_msgsize = 0;
2399 addr = p;
2400 parse_esmtp_args(e, NULL, p, delimptr, "MAIL", args,
2401 mail_esmtp_args);
2402 if (Errors > 0)
2403 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2404
2405 #if SASL
2406 # if _FFR_AUTH_PASSING
2407 /* set the default AUTH= if the sender didn't */
2408 if (e->e_auth_param == NULL)
2409 {
2410 /* XXX only do this for an MSA? */
2411 e->e_auth_param = macvalue(macid("{auth_authen}"),
2412 e);
2413 if (e->e_auth_param == NULL)
2414 e->e_auth_param = "<>";
2415
2416 /*
2417 ** XXX should we invoke Strust_auth now?
2418 ** authorizing as the client that just
2419 ** authenticated, so we'll trust implicitly
2420 */
2421 }
2422 # endif /* _FFR_AUTH_PASSING */
2423 #endif /* SASL */
2424
2425 /* do config file checking of the sender */
2426 macdefine(&e->e_macro, A_PERM,
2427 macid("{addr_type}"), "e s");
2428 #if _FFR_MAIL_MACRO
2429 /* make the "real" sender address available */
2430 macdefine(&e->e_macro, A_TEMP, macid("{mail_from}"),
2431 e->e_from.q_paddr);
2432 #endif /* _FFR_MAIL_MACRO */
2433 if (rscheck("check_mail", addr,
2434 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2435 NULL, e->e_id, NULL) != EX_OK ||
2436 Errors > 0)
2437 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2438 macdefine(&e->e_macro, A_PERM,
2439 macid("{addr_type}"), NULL);
2440
2441 if (MaxMessageSize > 0 &&
2442 (e->e_msgsize > MaxMessageSize ||
2443 e->e_msgsize < 0))
2444 {
2445 usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
2446 MaxMessageSize);
2447 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2448 }
2449
2450 /*
2451 ** XXX always check whether there is at least one fs
2452 ** with enough space?
2453 ** However, this may not help much: the queue group
2454 ** selection may later on select a FS that hasn't
2455 ** enough space.
2456 */
2457
2458 if ((NumFileSys == 1 || NumQueue == 1) &&
2459 !enoughdiskspace(e->e_msgsize, e)
2460 #if _FFR_ANY_FREE_FS
2461 && !filesys_free(e->e_msgsize)
2462 #endif /* _FFR_ANY_FREE_FS */
2463 )
2464 {
2465 /*
2466 ** We perform this test again when the
2467 ** queue directory is selected, in collect.
2468 */
2469
2470 usrerr("452 4.4.5 Insufficient disk space; try again later");
2471 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2472 }
2473 if (Errors > 0)
2474 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2475
2476 LogUsrErrs = true;
2477 #if MILTER
2478 if (smtp.sm_milterlist && smtp.sm_milterize &&
2479 !bitset(EF_DISCARD, e->e_flags))
2480 {
2481 char state;
2482 char *response;
2483
2484 response = milter_envfrom(args, e, &state);
2485 MILTER_REPLY("from");
2486 }
2487 #endif /* MILTER */
2488 if (Errors > 0)
2489 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2490
2491 message("250 2.1.0 Sender ok");
2492 smtp.sm_gotmail = true;
2493 }
2494 SM_EXCEPT(exc, "[!F]*")
2495 {
2496 /*
2497 ** An error occurred while processing a MAIL command.
2498 ** Jump to the common error handling code.
2499 */
2500
2501 sm_exc_free(exc);
2502 goto undo_no_pm;
2503 }
2504 SM_END_TRY
2505 break;
2506
2507 undo_no_pm:
2508 e->e_flags &= ~EF_PM_NOTIFY;
2509 undo:
2510 break;
2511
2512 case CMDRCPT: /* rcpt -- designate recipient */
2513 DELAY_CONN("RCPT");
2514 macdefine(&e->e_macro, A_PERM,
2515 macid("{rcpt_mailer}"), NULL);
2516 macdefine(&e->e_macro, A_PERM,
2517 macid("{rcpt_host}"), NULL);
2518 macdefine(&e->e_macro, A_PERM,
2519 macid("{rcpt_addr}"), NULL);
2520 #if MILTER
2521 (void) memset(&addr_st, '\0', sizeof(addr_st));
2522 a = NULL;
2523 milter_rcpt_added = false;
2524 smtp.sm_e_nrcpts_orig = e->e_nrcpts;
2525 #endif
2526 if (BadRcptThrottle > 0 &&
2527 n_badrcpts >= BadRcptThrottle)
2528 {
2529 if (LogLevel > 5 &&
2530 n_badrcpts == BadRcptThrottle)
2531 {
2532 sm_syslog(LOG_INFO, e->e_id,
2533 "%s: Possible SMTP RCPT flood, throttling.",
2534 CurSmtpClient);
2535
2536 /* To avoid duplicated message */
2537 n_badrcpts++;
2538 }
2539 NBADRCPTS;
2540
2541 /*
2542 ** Don't use exponential backoff for now.
2543 ** Some servers will open more connections
2544 ** and actually overload the receiver even
2545 ** more.
2546 */
2547
2548 (void) sleep(1);
2549 }
2550 if (!smtp.sm_gotmail)
2551 {
2552 usrerr("503 5.0.0 Need MAIL before RCPT");
2553 break;
2554 }
2555 SmtpPhase = "server RCPT";
2556 SM_TRY
2557 {
2558 QuickAbort = true;
2559 LogUsrErrs = true;
2560
2561 /* limit flooding of our machine */
2562 if (MaxRcptPerMsg > 0 &&
2563 smtp.sm_nrcpts >= MaxRcptPerMsg)
2564 {
2565 /* sleep(1); / * slow down? */
2566 usrerr("452 4.5.3 Too many recipients");
2567 goto rcpt_done;
2568 }
2569
2570 if (e->e_sendmode != SM_DELIVER
2571 #if _FFR_DM_ONE
2572 && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode)
2573 #endif /* _FFR_DM_ONE */
2574 )
2575 e->e_flags |= EF_VRFYONLY;
2576
2577 #if MILTER
2578 /*
2579 ** Do not expand recipients at RCPT time (in the call
2580 ** to recipient()) if a milter can delete or reject
2581 ** a RCPT. If they are expanded, it is impossible
2582 ** for removefromlist() to figure out the expanded
2583 ** members of the original recipient and mark them
2584 ** as QS_DONTSEND.
2585 */
2586
2587 if (!(smtp.sm_milterlist && smtp.sm_milterize &&
2588 !bitset(EF_DISCARD, e->e_flags)) &&
2589 (smtp.sm_milters.mis_flags &
2590 (MIS_FL_DEL_RCPT|MIS_FL_REJ_RCPT)) != 0)
2591 e->e_flags |= EF_VRFYONLY;
2592 milter_cmd_done = false;
2593 milter_cmd_safe = false;
2594 #endif /* MILTER */
2595
2596 p = skipword(p, "to");
2597 if (p == NULL)
2598 goto rcpt_done;
2599 macdefine(&e->e_macro, A_PERM,
2600 macid("{addr_type}"), "e r");
2601 a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr,
2602 e, true);
2603 macdefine(&e->e_macro, A_PERM,
2604 macid("{addr_type}"), NULL);
2605 if (Errors > 0)
2606 goto rcpt_done;
2607 if (a == NULL)
2608 {
2609 usrerr("501 5.0.0 Missing recipient");
2610 goto rcpt_done;
2611 }
2612
2613 if (delimptr != NULL && *delimptr != '\0')
2614 *delimptr++ = '\0';
2615
2616 /* put resulting triple from parseaddr() into macros */
2617 if (a->q_mailer != NULL)
2618 macdefine(&e->e_macro, A_PERM,
2619 macid("{rcpt_mailer}"),
2620 a->q_mailer->m_name);
2621 else
2622 macdefine(&e->e_macro, A_PERM,
2623 macid("{rcpt_mailer}"), NULL);
2624 if (a->q_host != NULL)
2625 macdefine(&e->e_macro, A_PERM,
2626 macid("{rcpt_host}"), a->q_host);
2627 else
2628 macdefine(&e->e_macro, A_PERM,
2629 macid("{rcpt_host}"), "localhost");
2630 if (a->q_user != NULL)
2631 macdefine(&e->e_macro, A_PERM,
2632 macid("{rcpt_addr}"), a->q_user);
2633 else
2634 macdefine(&e->e_macro, A_PERM,
2635 macid("{rcpt_addr}"), NULL);
2636 if (Errors > 0)
2637 goto rcpt_done;
2638
2639 /* now parse ESMTP arguments */
2640 addr = p;
2641 parse_esmtp_args(e, a, p, delimptr, "RCPT", args,
2642 rcpt_esmtp_args);
2643 if (Errors > 0)
2644 goto rcpt_done;
2645
2646 #if MILTER
2647 /*
2648 ** rscheck() can trigger an "exception"
2649 ** in which case the execution continues at
2650 ** SM_EXCEPT(exc, "[!F]*")
2651 ** This means milter_cmd_safe is not set
2652 ** and hence milter is not invoked.
2653 ** Would it be "safe" to change that, i.e., use
2654 ** milter_cmd_safe = true;
2655 ** here so a milter is informed (if requested)
2656 ** about RCPTs that are rejected by check_rcpt?
2657 */
2658 # if _FFR_MILTER_CHECK_REJECTIONS_TOO
2659 milter_cmd_safe = true;
2660 # endif
2661 #endif
2662
2663 /* do config file checking of the recipient */
2664 macdefine(&e->e_macro, A_PERM,
2665 macid("{addr_type}"), "e r");
2666 if (rscheck("check_rcpt", addr,
2667 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2668 NULL, e->e_id, p_addr_st) != EX_OK ||
2669 Errors > 0)
2670 goto rcpt_done;
2671 macdefine(&e->e_macro, A_PERM,
2672 macid("{addr_type}"), NULL);
2673
2674 /* If discarding, don't bother to verify user */
2675 if (bitset(EF_DISCARD, e->e_flags))
2676 a->q_state = QS_VERIFIED;
2677 #if MILTER
2678 milter_cmd_safe = true;
2679 #endif
2680
2681 /* save in recipient list after ESMTP mods */
2682 a = recipient(a, &e->e_sendqueue, 0, e);
2683 /* may trigger exception... */
2684
2685 #if MILTER
2686 milter_rcpt_added = true;
2687 #endif
2688
2689 if(!(Errors > 0) && QS_IS_BADADDR(a->q_state))
2690 {
2691 /* punt -- should keep message in ADDRESS.... */
2692 usrerr("550 5.1.1 Addressee unknown");
2693 }
2694
2695 #if MILTER
2696 rcpt_done:
2697 if (smtp.sm_milterlist && smtp.sm_milterize &&
2698 !bitset(EF_DISCARD, e->e_flags))
2699 {
2700 char state;
2701 char *response;
2702
2703 /* how to get the error codes? */
2704 if (Errors > 0)
2705 {
2706 macdefine(&e->e_macro, A_PERM,
2707 macid("{rcpt_mailer}"),
2708 "error");
2709 if (a != NULL &&
2710 a->q_status != NULL &&
2711 a->q_rstatus != NULL)
2712 {
2713 macdefine(&e->e_macro, A_PERM,
2714 macid("{rcpt_host}"),
2715 a->q_status);
2716 macdefine(&e->e_macro, A_PERM,
2717 macid("{rcpt_addr}"),
2718 a->q_rstatus);
2719 }
2720 else
2721 {
2722 if (addr_st.q_host != NULL)
2723 macdefine(&e->e_macro,
2724 A_PERM,
2725 macid("{rcpt_host}"),
2726 addr_st.q_host);
2727 if (addr_st.q_user != NULL)
2728 macdefine(&e->e_macro,
2729 A_PERM,
2730 macid("{rcpt_addr}"),
2731 addr_st.q_user);
2732 }
2733 }
2734
2735 response = milter_envrcpt(args, e, &state,
2736 Errors > 0);
2737 milter_cmd_done = true;
2738 MILTER_REPLY("to");
2739 }
2740 #endif /* MILTER */
2741
2742 /* no errors during parsing, but might be a duplicate */
2743 e->e_to = a->q_paddr;
2744 if (!(Errors > 0) && !QS_IS_BADADDR(a->q_state))
2745 {
2746 if (smtp.sm_nrcpts == 0)
2747 initsys(e);
2748 message("250 2.1.5 Recipient ok%s",
2749 QS_IS_QUEUEUP(a->q_state) ?
2750 " (will queue)" : "");
2751 smtp.sm_nrcpts++;
2752 }
2753
2754 /* Is this needed? */
2755 #if !MILTER
2756 rcpt_done:
2757 #endif /* !MILTER */
2758 macdefine(&e->e_macro, A_PERM,
2759 macid("{rcpt_mailer}"), NULL);
2760 macdefine(&e->e_macro, A_PERM,
2761 macid("{rcpt_host}"), NULL);
2762 macdefine(&e->e_macro, A_PERM,
2763 macid("{rcpt_addr}"), NULL);
2764 macdefine(&e->e_macro, A_PERM,
2765 macid("{dsn_notify}"), NULL);
2766
2767 if (Errors > 0)
2768 {
2769 ++n_badrcpts;
2770 NBADRCPTS;
2771 }
2772 }
2773 SM_EXCEPT(exc, "[!F]*")
2774 {
2775 /* An exception occurred while processing RCPT */
2776 e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY);
2777 ++n_badrcpts;
2778 NBADRCPTS;
2779 #if MILTER
2780 if (smtp.sm_milterlist && smtp.sm_milterize &&
2781 !bitset(EF_DISCARD, e->e_flags) &&
2782 !milter_cmd_done && milter_cmd_safe)
2783 {
2784 char state;
2785 char *response;
2786
2787 macdefine(&e->e_macro, A_PERM,
2788 macid("{rcpt_mailer}"), "error");
2789
2790 /* how to get the error codes? */
2791 if (addr_st.q_host != NULL)
2792 macdefine(&e->e_macro, A_PERM,
2793 macid("{rcpt_host}"),
2794 addr_st.q_host);
2795 else if (a != NULL && a->q_status != NULL)
2796 macdefine(&e->e_macro, A_PERM,
2797 macid("{rcpt_host}"),
2798 a->q_status);
2799
2800 if (addr_st.q_user != NULL)
2801 macdefine(&e->e_macro, A_PERM,
2802 macid("{rcpt_addr}"),
2803 addr_st.q_user);
2804 else if (a != NULL && a->q_rstatus != NULL)
2805 macdefine(&e->e_macro, A_PERM,
2806 macid("{rcpt_addr}"),
2807 a->q_rstatus);
2808
2809 response = milter_envrcpt(args, e, &state,
2810 true);
2811 milter_cmd_done = true;
2812 MILTER_REPLY("to");
2813 macdefine(&e->e_macro, A_PERM,
2814 macid("{rcpt_mailer}"), NULL);
2815 macdefine(&e->e_macro, A_PERM,
2816 macid("{rcpt_host}"), NULL);
2817 macdefine(&e->e_macro, A_PERM,
2818 macid("{rcpt_addr}"), NULL);
2819 }
2820 if (smtp.sm_milterlist && smtp.sm_milterize &&
2821 milter_rcpt_added && milter_cmd_done &&
2822 milter_cmd_fail)
2823 {
2824 (void) removefromlist(addr, &e->e_sendqueue, e);
2825 milter_cmd_fail = false;
2826 if (smtp.sm_e_nrcpts_orig < e->e_nrcpts)
2827 e->e_nrcpts = smtp.sm_e_nrcpts_orig;
2828 }
2829 #endif /* MILTER */
2830 }
2831 SM_END_TRY
2832 break;
2833
2834 case CMDDATA: /* data -- text of mail */
2835 DELAY_CONN("DATA");
2836 if (!smtp_data(&smtp, e))
2837 goto doquit;
2838 break;
2839
2840 case CMDRSET: /* rset -- reset state */
2841 if (tTd(94, 100))
2842 message("451 4.0.0 Test failure");
2843 else
2844 message("250 2.0.0 Reset state");
2845 CLEAR_STATE(cmdbuf);
2846 break;
2847
2848 case CMDVRFY: /* vrfy -- verify address */
2849 case CMDEXPN: /* expn -- expand address */
2850 vrfy = c->cmd_code == CMDVRFY;
2851 DELAY_CONN(vrfy ? "VRFY" : "EXPN");
2852 if (tempfail)
2853 {
2854 if (LogLevel > 9)
2855 sm_syslog(LOG_INFO, e->e_id,
2856 "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
2857 vrfy ? "VRFY" : "EXPN",
2858 p, CurSmtpClient);
2859
2860 /* RFC 821 doesn't allow 4xy reply code */
2861 usrerr("550 5.7.1 Please try again later");
2862 break;
2863 }
2864 wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS,
2865 false, vrfy ? "VRFY" : "EXPN", e);
2866 STOP_IF_ATTACK(wt);
2867 previous = curtime();
2868 if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) ||
2869 (!vrfy && !bitset(SRV_OFFER_EXPN, features)))
2870 {
2871 if (vrfy)
2872 message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
2873 else
2874 message("502 5.7.0 Sorry, we do not allow this operation");
2875 if (LogLevel > 5)
2876 sm_syslog(LOG_INFO, e->e_id,
2877 "%s: %s [rejected]",
2878 CurSmtpClient,
2879 shortenstring(inp, MAXSHORTSTR));
2880 break;
2881 }
2882 else if (!gothello &&
2883 bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO,
2884 PrivacyFlags))
2885 {
2886 usrerr("503 5.0.0 I demand that you introduce yourself first");
2887 break;
2888 }
2889 if (Errors > 0)
2890 break;
2891 if (LogLevel > 5)
2892 sm_syslog(LOG_INFO, e->e_id, "%s: %s",
2893 CurSmtpClient,
2894 shortenstring(inp, MAXSHORTSTR));
2895 SM_TRY
2896 {
2897 QuickAbort = true;
2898 vrfyqueue = NULL;
2899 if (vrfy)
2900 e->e_flags |= EF_VRFYONLY;
2901 while (*p != '\0' && isascii(*p) && isspace(*p))
2902 p++;
2903 if (*p == '\0')
2904 {
2905 usrerr("501 5.5.2 Argument required");
2906 }
2907 else
2908 {
2909 /* do config file checking of the address */
2910 if (rscheck(vrfy ? "check_vrfy" : "check_expn",
2911 p, NULL, e, RSF_RMCOMM,
2912 3, NULL, NOQID, NULL) != EX_OK ||
2913 Errors > 0)
2914 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2915 (void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
2916 }
2917 if (wt > 0)
2918 {
2919 time_t t;
2920
2921 t = wt - (curtime() - previous);
2922 if (t > 0)
2923 (void) sleep(t);
2924 }
2925 if (Errors > 0)
2926 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2927 if (vrfyqueue == NULL)
2928 {
2929 usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN");
2930 }
2931 while (vrfyqueue != NULL)
2932 {
2933 if (!QS_IS_UNDELIVERED(vrfyqueue->q_state))
2934 {
2935 vrfyqueue = vrfyqueue->q_next;
2936 continue;
2937 }
2938
2939 /* see if there is more in the vrfy list */
2940 a = vrfyqueue;
2941 while ((a = a->q_next) != NULL &&
2942 (!QS_IS_UNDELIVERED(a->q_state)))
2943 continue;
2944 printvrfyaddr(vrfyqueue, a == NULL, vrfy);
2945 vrfyqueue = a;
2946 }
2947 }
2948 SM_EXCEPT(exc, "[!F]*")
2949 {
2950 /*
2951 ** An exception occurred while processing VRFY/EXPN
2952 */
2953
2954 sm_exc_free(exc);
2955 goto undo;
2956 }
2957 SM_END_TRY
2958 break;
2959
2960 case CMDETRN: /* etrn -- force queue flush */
2961 DELAY_CONN("ETRN");
2962
2963 /* Don't leak queue information via debug flags */
2964 if (!bitset(SRV_OFFER_ETRN, features) || UseMSP ||
2965 (RealUid != 0 && RealUid != TrustedUid &&
2966 OpMode == MD_SMTP))
2967 {
2968 /* different message for MSA ? */
2969 message("502 5.7.0 Sorry, we do not allow this operation");
2970 if (LogLevel > 5)
2971 sm_syslog(LOG_INFO, e->e_id,
2972 "%s: %s [rejected]",
2973 CurSmtpClient,
2974 shortenstring(inp, MAXSHORTSTR));
2975 break;
2976 }
2977 if (tempfail)
2978 {
2979 if (LogLevel > 9)
2980 sm_syslog(LOG_INFO, e->e_id,
2981 "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
2982 p, CurSmtpClient);
2983 usrerr(MSG_TEMPFAIL);
2984 break;
2985 }
2986
2987 if (strlen(p) <= 0)
2988 {
2989 usrerr("500 5.5.2 Parameter required");
2990 break;
2991 }
2992
2993 /* crude way to avoid denial-of-service attacks */
2994 STOP_IF_ATTACK(checksmtpattack(&n_etrn, MAXETRNCOMMANDS,
2995 true, "ETRN", e));
2996
2997 /*
2998 ** Do config file checking of the parameter.
2999 ** Even though we have srv_features now, we still
3000 ** need this ruleset because the former is called
3001 ** when the connection has been established, while
3002 ** this ruleset is called when the command is
3003 ** actually issued and therefore has all information
3004 ** available to make a decision.
3005 */
3006
3007 if (rscheck("check_etrn", p, NULL, e,
3008 RSF_RMCOMM, 3, NULL, NOQID, NULL)
3009 != EX_OK ||
3010 Errors > 0)
3011 break;
3012
3013 if (LogLevel > 5)
3014 sm_syslog(LOG_INFO, e->e_id,
3015 "%s: ETRN %s", CurSmtpClient,
3016 shortenstring(p, MAXSHORTSTR));
3017
3018 id = p;
3019 if (*id == '#')
3020 {
3021 int i, qgrp;
3022
3023 id++;
3024 qgrp = name2qid(id);
3025 if (!ISVALIDQGRP(qgrp))
3026 {
3027 usrerr("459 4.5.4 Queue %s unknown",
3028 id);
3029 break;
3030 }
3031 for (i = 0; i < NumQueue && Queue[i] != NULL;
3032 i++)
3033 Queue[i]->qg_nextrun = (time_t) -1;
3034 Queue[qgrp]->qg_nextrun = 0;
3035 ok = run_work_group(Queue[qgrp]->qg_wgrp,
3036 RWG_FORK|RWG_FORCE);
3037 if (ok && Errors == 0)
3038 message("250 2.0.0 Queuing for queue group %s started", id);
3039 break;
3040 }
3041
3042 if (*id == '@')
3043 id++;
3044 else
3045 *--id = '@';
3046
3047 new = (QUEUE_CHAR *) sm_malloc(sizeof(QUEUE_CHAR));
3048 if (new == NULL)
3049 {
3050 syserr("500 5.5.0 ETRN out of memory");
3051 break;
3052 }
3053 new->queue_match = id;
3054 new->queue_negate = false;
3055 new->queue_next = NULL;
3056 QueueLimitRecipient = new;
3057 ok = runqueue(true, false, false, true);
3058 sm_free(QueueLimitRecipient); /* XXX */
3059 QueueLimitRecipient = NULL;
3060 if (ok && Errors == 0)
3061 message("250 2.0.0 Queuing for node %s started", p);
3062 break;
3063
3064 case CMDHELP: /* help -- give user info */
3065 DELAY_CONN("HELP");
3066 help(p, e);
3067 break;
3068
3069 case CMDNOOP: /* noop -- do nothing */
3070 DELAY_CONN("NOOP");
3071 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
3072 true, "NOOP", e));
3073 message("250 2.0.0 OK");
3074 break;
3075
3076 case CMDQUIT: /* quit -- leave mail */
3077 message("221 2.0.0 %s closing connection", MyHostName);
3078 #if PIPELINING
3079 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
3080 #endif /* PIPELINING */
3081
3082 if (smtp.sm_nrcpts > 0)
3083 logundelrcpts(e, "aborted by sender", 9, false);
3084
3085 /* arrange to ignore any current send list */
3086 e->e_sendqueue = NULL;
3087
3088 #if STARTTLS
3089 /* shutdown TLS connection */
3090 if (tls_active)
3091 {
3092 (void) endtls(srv_ssl, "server");
3093 tls_active = false;
3094 }
3095 #endif /* STARTTLS */
3096 #if SASL
3097 if (authenticating == SASL_IS_AUTH)
3098 {
3099 sasl_dispose(&conn);
3100 authenticating = SASL_NOT_AUTH;
3101 /* XXX sasl_done(); this is a child */
3102 }
3103 #endif /* SASL */
3104
3105 doquit:
3106 /* avoid future 050 messages */
3107 disconnect(1, e);
3108
3109 #if MILTER
3110 /* close out milter filters */
3111 milter_quit(e);
3112 #endif /* MILTER */
3113
3114 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
3115 logsender(e, NULL);
3116 e->e_flags &= ~EF_LOGSENDER;
3117
3118 if (lognullconnection && LogLevel > 5 &&
3119 nullserver == NULL)
3120 {
3121 char *d;
3122
3123 d = macvalue(macid("{daemon_name}"), e);
3124 if (d == NULL)
3125 d = "stdin";
3126
3127 /*
3128 ** even though this id is "bogus", it makes
3129 ** it simpler to "grep" related events, e.g.,
3130 ** timeouts for the same connection.
3131 */
3132
3133 sm_syslog(LOG_INFO, e->e_id,
3134 "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
3135 CurSmtpClient, d);
3136 }
3137 if (tTd(93, 100))
3138 {
3139 /* return to handle next connection */
3140 return;
3141 }
3142 finis(true, true, ExitStat);
3143 /* NOTREACHED */
3144
3145 /* just to avoid bogus warning from some compilers */
3146 exit(EX_OSERR);
3147
3148 case CMDVERB: /* set verbose mode */
3149 DELAY_CONN("VERB");
3150 if (!bitset(SRV_OFFER_EXPN, features) ||
3151 !bitset(SRV_OFFER_VERB, features))
3152 {
3153 /* this would give out the same info */
3154 message("502 5.7.0 Verbose unavailable");
3155 break;
3156 }
3157 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
3158 true, "VERB", e));
3159 Verbose = 1;
3160 set_delivery_mode(SM_DELIVER, e);
3161 message("250 2.0.0 Verbose mode");
3162 break;
3163
3164 #if SMTPDEBUG
3165 case CMDDBGQSHOW: /* show queues */
3166 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
3167 "Send Queue=");
3168 printaddr(smioout, e->e_sendqueue, true);
3169 break;
3170
3171 case CMDDBGDEBUG: /* set debug mode */
3172 tTsetup(tTdvect, sizeof(tTdvect), "0-99.1");
3173 tTflag(p);
3174 message("200 2.0.0 Debug set");
3175 break;
3176
3177 #else /* SMTPDEBUG */
3178 case CMDDBGQSHOW: /* show queues */
3179 case CMDDBGDEBUG: /* set debug mode */
3180 #endif /* SMTPDEBUG */
3181 case CMDLOGBOGUS: /* bogus command */
3182 DELAY_CONN("Bogus");
3183 if (LogLevel > 0)
3184 sm_syslog(LOG_CRIT, e->e_id,
3185 "\"%s\" command from %s (%.100s)",
3186 c->cmd_name, CurSmtpClient,
3187 anynet_ntoa(&RealHostAddr));
3188 /* FALLTHROUGH */
3189
3190 case CMDERROR: /* unknown command */
3191 #if MAXBADCOMMANDS > 0
3192 if (++n_badcmds > MAXBADCOMMANDS)
3193 {
3194 stopattack:
3195 message("421 4.7.0 %s Too many bad commands; closing connection",
3196 MyHostName);
3197
3198 /* arrange to ignore any current send list */
3199 e->e_sendqueue = NULL;
3200 goto doquit;
3201 }
3202 #endif /* MAXBADCOMMANDS > 0 */
3203
3204 #if MILTER && SMFI_VERSION > 2
3205 if (smtp.sm_milterlist && smtp.sm_milterize &&
3206 !bitset(EF_DISCARD, e->e_flags))
3207 {
3208 char state;
3209 char *response;
3210
3211 if (MilterLogLevel > 9)
3212 sm_syslog(LOG_INFO, e->e_id,
3213 "Sending \"%s\" to Milter", inp);
3214 response = milter_unknown(inp, e, &state);
3215 MILTER_REPLY("unknown");
3216 if (state == SMFIR_REPLYCODE ||
3217 state == SMFIR_REJECT ||
3218 state == SMFIR_TEMPFAIL ||
3219 state == SMFIR_SHUTDOWN)
3220 {
3221 /* MILTER_REPLY already gave an error */
3222 break;
3223 }
3224 }
3225 #endif /* MILTER && SMFI_VERSION > 2 */
3226
3227 usrerr("500 5.5.1 Command unrecognized: \"%s\"",
3228 shortenstring(inp, MAXSHORTSTR));
3229 break;
3230
3231 case CMDUNIMPL:
3232 DELAY_CONN("Unimpl");
3233 usrerr("502 5.5.1 Command not implemented: \"%s\"",
3234 shortenstring(inp, MAXSHORTSTR));
3235 break;
3236
3237 default:
3238 DELAY_CONN("default");
3239 errno = 0;
3240 syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code);
3241 break;
3242 }
3243 #if SASL
3244 }
3245 #endif /* SASL */
3246 }
3247 SM_EXCEPT(exc, "[!F]*")
3248 {
3249 /*
3250 ** The only possible exception is "E:mta.quickabort".
3251 ** There is nothing to do except fall through and loop.
3252 */
3253 }
3254 SM_END_TRY
3255 }
3256 }
3257 /*
3258 ** SMTP_DATA -- implement the SMTP DATA command.
3259 **
3260 ** Parameters:
3261 ** smtp -- status of SMTP connection.
3262 ** e -- envelope.
3263 **
3264 ** Returns:
3265 ** true iff SMTP session can continue.
3266 **
3267 ** Side Effects:
3268 ** possibly sends message.
3269 */
3270
3271 static bool
3272 smtp_data(smtp, e)
3273 SMTP_T *smtp;
3274 ENVELOPE *e;
3275 {
3276 #if MILTER
3277 bool milteraccept;
3278 #endif /* MILTER */
3279 bool aborting;
3280 bool doublequeue;
3281 bool rv = true;
3282 ADDRESS *a;
3283 ENVELOPE *ee;
3284 char *id;
3285 char *oldid;
3286 unsigned int features;
3287 char buf[32];
3288
3289 SmtpPhase = "server DATA";
3290 if (!smtp->sm_gotmail)
3291 {
3292 usrerr("503 5.0.0 Need MAIL command");
3293 return true;
3294 }
3295 else if (smtp->sm_nrcpts <= 0)
3296 {
3297 usrerr("503 5.0.0 Need RCPT (recipient)");
3298 return true;
3299 }
3300 (void) sm_snprintf(buf, sizeof(buf), "%u", smtp->sm_nrcpts);
3301 if (rscheck("check_data", buf, NULL, e,
3302 RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL,
3303 e->e_id, NULL) != EX_OK)
3304 return true;
3305
3306 #if MILTER && SMFI_VERSION > 3
3307 if (smtp->sm_milterlist && smtp->sm_milterize &&
3308 !bitset(EF_DISCARD, e->e_flags))
3309 {
3310 char state;
3311 char *response;
3312 int savelogusrerrs = LogUsrErrs;
3313
3314 response = milter_data_cmd(e, &state);
3315 switch (state)
3316 {
3317 case SMFIR_REPLYCODE:
3318 if (MilterLogLevel > 3)
3319 {
3320 sm_syslog(LOG_INFO, e->e_id,
3321 "Milter: cmd=data, reject=%s",
3322 response);
3323 LogUsrErrs = false;
3324 }
3325 usrerr(response);
3326 if (strncmp(response, "421 ", 4) == 0
3327 || strncmp(response, "421-", 4) == 0)
3328 {
3329 e->e_sendqueue = NULL;
3330 return false;
3331 }
3332 return true;
3333
3334 case SMFIR_REJECT:
3335 if (MilterLogLevel > 3)
3336 {
3337 sm_syslog(LOG_INFO, e->e_id,
3338 "Milter: cmd=data, reject=550 5.7.1 Command rejected");
3339 LogUsrErrs = false;
3340 }
3341 usrerr("550 5.7.1 Command rejected");
3342 return true;
3343
3344 case SMFIR_DISCARD:
3345 if (MilterLogLevel > 3)
3346 sm_syslog(LOG_INFO, e->e_id,
3347 "Milter: cmd=data, discard");
3348 e->e_flags |= EF_DISCARD;
3349 break;
3350
3351 case SMFIR_TEMPFAIL:
3352 if (MilterLogLevel > 3)
3353 {
3354 sm_syslog(LOG_INFO, e->e_id,
3355 "Milter: cmd=data, reject=%s",
3356 MSG_TEMPFAIL);
3357 LogUsrErrs = false;
3358 }
3359 usrerr(MSG_TEMPFAIL);
3360 return true;
3361
3362 case SMFIR_SHUTDOWN:
3363 if (MilterLogLevel > 3)
3364 {
3365 sm_syslog(LOG_INFO, e->e_id,
3366 "Milter: cmd=data, reject=421 4.7.0 %s closing connection",
3367 MyHostName);
3368 LogUsrErrs = false;
3369 }
3370 usrerr("421 4.7.0 %s closing connection", MyHostName);
3371 e->e_sendqueue = NULL;
3372 return false;
3373 }
3374 LogUsrErrs = savelogusrerrs;
3375 if (response != NULL)
3376 sm_free(response); /* XXX */
3377 }
3378 #endif /* MILTER && SMFI_VERSION > 3 */
3379
3380 /* put back discard bit */
3381 if (smtp->sm_discard)
3382 e->e_flags |= EF_DISCARD;
3383
3384 /* check to see if we need to re-expand aliases */
3385 /* also reset QS_BADADDR on already-diagnosted addrs */
3386 doublequeue = false;
3387 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3388 {
3389 if (QS_IS_VERIFIED(a->q_state) &&
3390 !bitset(EF_DISCARD, e->e_flags))
3391 {
3392 /* need to re-expand aliases */
3393 doublequeue = true;
3394 }
3395 if (QS_IS_BADADDR(a->q_state))
3396 {
3397 /* make this "go away" */
3398 a->q_state = QS_DONTSEND;
3399 }
3400 }
3401
3402 /* collect the text of the message */
3403 SmtpPhase = "collect";
3404 buffer_errors();
3405
3406 collect(InChannel, true, NULL, e, true);
3407
3408 /* redefine message size */
3409 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize);
3410 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3411
3412 /* rscheck() will set Errors or EF_DISCARD if it trips */
3413 (void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT,
3414 3, NULL, e->e_id, NULL);
3415
3416 #if MILTER
3417 milteraccept = true;
3418 if (smtp->sm_milterlist && smtp->sm_milterize &&
3419 Errors <= 0 &&
3420 !bitset(EF_DISCARD, e->e_flags))
3421 {
3422 char state;
3423 char *response;
3424
3425 response = milter_data(e, &state);
3426 switch (state)
3427 {
3428 case SMFIR_REPLYCODE:
3429 if (MilterLogLevel > 3)
3430 sm_syslog(LOG_INFO, e->e_id,
3431 "Milter: data, reject=%s",
3432 response);
3433 milteraccept = false;
3434 usrerr(response);
3435 break;
3436
3437 case SMFIR_REJECT:
3438 milteraccept = false;
3439 if (MilterLogLevel > 3)
3440 sm_syslog(LOG_INFO, e->e_id,
3441 "Milter: data, reject=554 5.7.1 Command rejected");
3442 usrerr("554 5.7.1 Command rejected");
3443 break;
3444
3445 case SMFIR_DISCARD:
3446 if (MilterLogLevel > 3)
3447 sm_syslog(LOG_INFO, e->e_id,
3448 "Milter: data, discard");
3449 milteraccept = false;
3450 e->e_flags |= EF_DISCARD;
3451 break;
3452
3453 case SMFIR_TEMPFAIL:
3454 if (MilterLogLevel > 3)
3455 sm_syslog(LOG_INFO, e->e_id,
3456 "Milter: data, reject=%s",
3457 MSG_TEMPFAIL);
3458 milteraccept = false;
3459 usrerr(MSG_TEMPFAIL);
3460 break;
3461
3462 case SMFIR_SHUTDOWN:
3463 if (MilterLogLevel > 3)
3464 sm_syslog(LOG_INFO, e->e_id,
3465 "Milter: data, reject=421 4.7.0 %s closing connection",
3466 MyHostName);
3467 milteraccept = false;
3468 usrerr("421 4.7.0 %s closing connection", MyHostName);
3469 rv = false;
3470 break;
3471 }
3472 if (response != NULL)
3473 sm_free(response);
3474 }
3475
3476 /* Milter may have changed message size */
3477 (void) sm_snprintf(buf, sizeof(buf), "%ld", e->e_msgsize);
3478 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3479
3480 /* abort message filters that didn't get the body & log msg is OK */
3481 if (smtp->sm_milterlist && smtp->sm_milterize)
3482 {
3483 milter_abort(e);
3484 if (milteraccept && MilterLogLevel > 9)
3485 sm_syslog(LOG_INFO, e->e_id, "Milter accept: message");
3486 }
3487
3488 /*
3489 ** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or
3490 ** milter accepted message, sync it now
3491 **
3492 ** XXX This is almost a copy of the code in collect(): put it into
3493 ** a function that is called from both places?
3494 */
3495
3496 if (milteraccept && SuperSafe == SAFE_REALLY_POSTMILTER)
3497 {
3498 int afd;
3499 SM_FILE_T *volatile df;
3500 char *dfname;
3501
3502 df = e->e_dfp;
3503 dfname = queuename(e, DATAFL_LETTER);
3504 if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0
3505 && errno != EINVAL)
3506 {
3507 int save_errno;
3508
3509 save_errno = errno;
3510 if (save_errno == EEXIST)
3511 {
3512 struct stat st;
3513 int dfd;
3514
3515 if (stat(dfname, &st) < 0)
3516 st.st_size = -1;
3517 errno = EEXIST;
3518 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
3519 dfname, (long) st.st_size);
3520 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
3521 if (dfd >= 0)
3522 dumpfd(dfd, true, true);
3523 }
3524 errno = save_errno;
3525 dferror(df, "bfcommit", e);
3526 flush_errors(true);
3527 finis(save_errno != EEXIST, true, ExitStat);
3528 }
3529 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
3530 {
3531 dferror(df, "sm_io_getinfo", e);
3532 flush_errors(true);
3533 finis(true, true, ExitStat);
3534 /* NOTREACHED */
3535 }
3536 else if (fsync(afd) < 0)
3537 {
3538 dferror(df, "fsync", e);
3539 flush_errors(true);
3540 finis(true, true, ExitStat);
3541 /* NOTREACHED */
3542 }
3543 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
3544 {
3545 dferror(df, "sm_io_close", e);
3546 flush_errors(true);
3547 finis(true, true, ExitStat);
3548 /* NOTREACHED */
3549 }
3550
3551 /* Now reopen the df file */
3552 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
3553 SM_IO_RDONLY, NULL);
3554 if (e->e_dfp == NULL)
3555 {
3556 /* we haven't acked receipt yet, so just chuck this */
3557 syserr("@Cannot reopen %s", dfname);
3558 finis(true, true, ExitStat);
3559 /* NOTREACHED */
3560 }
3561 }
3562 #endif /* MILTER */
3563
3564 /* Check if quarantining stats should be updated */
3565 if (e->e_quarmsg != NULL)
3566 markstats(e, NULL, STATS_QUARANTINE);
3567
3568 /*
3569 ** If a header/body check (header checks or milter)
3570 ** set EF_DISCARD, don't queueup the message --
3571 ** that would lose the EF_DISCARD bit and deliver
3572 ** the message.
3573 */
3574
3575 if (bitset(EF_DISCARD, e->e_flags))
3576 doublequeue = false;
3577
3578 aborting = Errors > 0;
3579 if (!(aborting || bitset(EF_DISCARD, e->e_flags)) &&
3580 (QueueMode == QM_QUARANTINE || e->e_quarmsg == NULL) &&
3581 !split_by_recipient(e))
3582 aborting = bitset(EF_FATALERRS, e->e_flags);
3583
3584 if (aborting)
3585 {
3586 ADDRESS *q;
3587
3588 /* Log who the mail would have gone to */
3589 logundelrcpts(e, e->e_message, 8, false);
3590
3591 /*
3592 ** If something above refused the message, we still haven't
3593 ** accepted responsibility for it. Don't send DSNs.
3594 */
3595
3596 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
3597 q->q_flags &= ~Q_PINGFLAGS;
3598
3599 flush_errors(true);
3600 buffer_errors();
3601 goto abortmessage;
3602 }
3603
3604 /* from now on, we have to operate silently */
3605 buffer_errors();
3606
3607 #if 0
3608 /*
3609 ** Clear message, it may contain an error from the SMTP dialogue.
3610 ** This error must not show up in the queue.
3611 ** Some error message should show up, e.g., alias database
3612 ** not available, but others shouldn't, e.g., from check_rcpt.
3613 */
3614
3615 e->e_message = NULL;
3616 #endif /* 0 */
3617
3618 /*
3619 ** Arrange to send to everyone.
3620 ** If sending to multiple people, mail back
3621 ** errors rather than reporting directly.
3622 ** In any case, don't mail back errors for
3623 ** anything that has happened up to
3624 ** now (the other end will do this).
3625 ** Truncate our transcript -- the mail has gotten
3626 ** to us successfully, and if we have
3627 ** to mail this back, it will be easier
3628 ** on the reader.
3629 ** Then send to everyone.
3630 ** Finally give a reply code. If an error has
3631 ** already been given, don't mail a
3632 ** message back.
3633 ** We goose error returns by clearing error bit.
3634 */
3635
3636 SmtpPhase = "delivery";
3637 (void) sm_io_setinfo(e->e_xfp, SM_BF_TRUNCATE, NULL);
3638 id = e->e_id;
3639
3640 #if NAMED_BIND
3641 _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
3642 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
3643 #endif /* NAMED_BIND */
3644
3645 for (ee = e; ee != NULL; ee = ee->e_sibling)
3646 {
3647 /* make sure we actually do delivery */
3648 ee->e_flags &= ~EF_CLRQUEUE;
3649
3650 /* from now on, operate silently */
3651 ee->e_errormode = EM_MAIL;
3652
3653 if (doublequeue)
3654 {
3655 /* make sure it is in the queue */
3656 queueup(ee, false, true);
3657 }
3658 else
3659 {
3660 int mode;
3661
3662 /* send to all recipients */
3663 mode = SM_DEFAULT;
3664 #if _FFR_DM_ONE
3665 if (SM_DM_ONE == e->e_sendmode)
3666 {
3667 if (NotFirstDelivery)
3668 {
3669 mode = SM_QUEUE;
3670 e->e_sendmode = SM_QUEUE;
3671 }
3672 else
3673 {
3674 mode = SM_FORK;
3675 NotFirstDelivery = true;
3676 }
3677 }
3678 #endif /* _FFR_DM_ONE */
3679 sendall(ee, mode);
3680 }
3681 ee->e_to = NULL;
3682 }
3683
3684 /* put back id for SMTP logging in putoutmsg() */
3685 oldid = CurEnv->e_id;
3686 CurEnv->e_id = id;
3687
3688 /* issue success message */
3689 #if _FFR_MSG_ACCEPT
3690 if (MessageAccept != NULL && *MessageAccept != '\0')
3691 {
3692 char msg[MAXLINE];
3693
3694 expand(MessageAccept, msg, sizeof(msg), e);
3695 message("250 2.0.0 %s", msg);
3696 }
3697 else
3698 #endif /* _FFR_MSG_ACCEPT */
3699 message("250 2.0.0 %s Message accepted for delivery", id);
3700 CurEnv->e_id = oldid;
3701
3702 /* if we just queued, poke it */
3703 if (doublequeue)
3704 {
3705 bool anything_to_send = false;
3706
3707 sm_getla();
3708 for (ee = e; ee != NULL; ee = ee->e_sibling)
3709 {
3710 if (WILL_BE_QUEUED(ee->e_sendmode))
3711 continue;
3712 if (shouldqueue(ee->e_msgpriority, ee->e_ctime))
3713 {
3714 ee->e_sendmode = SM_QUEUE;
3715 continue;
3716 }
3717 else if (QueueMode != QM_QUARANTINE &&
3718 ee->e_quarmsg != NULL)
3719 {
3720 ee->e_sendmode = SM_QUEUE;
3721 continue;
3722 }
3723 anything_to_send = true;
3724
3725 /* close all the queue files */
3726 closexscript(ee);
3727 if (ee->e_dfp != NULL)
3728 {
3729 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
3730 ee->e_dfp = NULL;
3731 }
3732 unlockqueue(ee);
3733 }
3734 if (anything_to_send)
3735 {
3736 #if PIPELINING
3737 /*
3738 ** XXX if we don't do this, we get 250 twice
3739 ** because it is also flushed in the child.
3740 */
3741
3742 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
3743 #endif /* PIPELINING */
3744 (void) doworklist(e, true, true);
3745 }
3746 }
3747
3748 abortmessage:
3749 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
3750 logsender(e, NULL);
3751 e->e_flags &= ~EF_LOGSENDER;
3752
3753 /* clean up a bit */
3754 smtp->sm_gotmail = false;
3755
3756 /*
3757 ** Call dropenvelope if and only if the envelope is *not*
3758 ** being processed by the child process forked by doworklist().
3759 */
3760
3761 if (aborting || bitset(EF_DISCARD, e->e_flags))
3762 dropenvelope(e, true, false);
3763 else
3764 {
3765 for (ee = e; ee != NULL; ee = ee->e_sibling)
3766 {
3767 if (!doublequeue &&
3768 QueueMode != QM_QUARANTINE &&
3769 ee->e_quarmsg != NULL)
3770 {
3771 dropenvelope(ee, true, false);
3772 continue;
3773 }
3774 if (WILL_BE_QUEUED(ee->e_sendmode))
3775 dropenvelope(ee, true, false);
3776 }
3777 }
3778 sm_rpool_free(e->e_rpool);
3779
3780 /*
3781 ** At this point, e == &MainEnvelope, but if we did splitting,
3782 ** then CurEnv may point to an envelope structure that was just
3783 ** freed with the rpool. So reset CurEnv *before* calling
3784 ** newenvelope.
3785 */
3786
3787 CurEnv = e;
3788 features = e->e_features;
3789 newenvelope(e, e, sm_rpool_new_x(NULL));
3790 e->e_flags = BlankEnvelope.e_flags;
3791 e->e_features = features;
3792
3793 /* restore connection quarantining */
3794 if (smtp->sm_quarmsg == NULL)
3795 {
3796 e->e_quarmsg = NULL;
3797 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
3798 }
3799 else
3800 {
3801 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, smtp->sm_quarmsg);
3802 macdefine(&e->e_macro, A_PERM,
3803 macid("{quarantine}"), e->e_quarmsg);
3804 }
3805 return rv;
3806 }
3807 /*
3808 ** LOGUNDELRCPTS -- log undelivered (or all) recipients.
3809 **
3810 ** Parameters:
3811 ** e -- envelope.
3812 ** msg -- message for Stat=
3813 ** level -- log level.
3814 ** all -- log all recipients.
3815 **
3816 ** Returns:
3817 ** none.
3818 **
3819 ** Side Effects:
3820 ** logs undelivered (or all) recipients
3821 */
3822
3823 void
3824 logundelrcpts(e, msg, level, all)
3825 ENVELOPE *e;
3826 char *msg;
3827 int level;
3828 bool all;
3829 {
3830 ADDRESS *a;
3831
3832 if (LogLevel <= level || msg == NULL || *msg == '\0')
3833 return;
3834
3835 /* Clear $h so relay= doesn't get mislogged by logdelivery() */
3836 macdefine(&e->e_macro, A_PERM, 'h', NULL);
3837
3838 /* Log who the mail would have gone to */
3839 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3840 {
3841 if (!QS_IS_UNDELIVERED(a->q_state) && !all)
3842 continue;
3843 e->e_to = a->q_paddr;
3844 logdelivery(NULL, NULL, a->q_status, msg, NULL,
3845 (time_t) 0, e);
3846 }
3847 e->e_to = NULL;
3848 }
3849 /*
3850 ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition
3851 **
3852 ** Parameters:
3853 ** pcounter -- pointer to a counter for this command.
3854 ** maxcount -- maximum value for this counter before we
3855 ** slow down.
3856 ** waitnow -- sleep now (in this routine)?
3857 ** cname -- command name for logging.
3858 ** e -- the current envelope.
3859 **
3860 ** Returns:
3861 ** time to wait,
3862 ** STOP_ATTACK if twice as many commands as allowed and
3863 ** MaxChildren > 0.
3864 **
3865 ** Side Effects:
3866 ** Slows down if we seem to be under attack.
3867 */
3868
3869 static time_t
3870 checksmtpattack(pcounter, maxcount, waitnow, cname, e)
3871 volatile unsigned int *pcounter;
3872 unsigned int maxcount;
3873 bool waitnow;
3874 char *cname;
3875 ENVELOPE *e;
3876 {
3877 if (maxcount <= 0) /* no limit */
3878 return (time_t) 0;
3879
3880 if (++(*pcounter) >= maxcount)
3881 {
3882 unsigned int shift;
3883 time_t s;
3884
3885 if (*pcounter == maxcount && LogLevel > 5)
3886 {
3887 sm_syslog(LOG_INFO, e->e_id,
3888 "%s: possible SMTP attack: command=%.40s, count=%u",
3889 CurSmtpClient, cname, *pcounter);
3890 }
3891 shift = *pcounter - maxcount;
3892 s = 1 << shift;
3893 if (shift > MAXSHIFT || s >= MAXTIMEOUT || s <= 0)
3894 s = MAXTIMEOUT;
3895
3896 #define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \
3897 ? STOP_ATTACK : (time_t) s)
3898
3899 /* sleep at least 1 second before returning */
3900 (void) sleep(*pcounter / maxcount);
3901 s -= *pcounter / maxcount;
3902 if (s >= MAXTIMEOUT || s < 0)
3903 s = MAXTIMEOUT;
3904 if (waitnow && s > 0)
3905 {
3906 (void) sleep(s);
3907 return IS_ATTACK(0);
3908 }
3909 return IS_ATTACK(s);
3910 }
3911 return (time_t) 0;
3912 }
3913 /*
3914 ** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server
3915 **
3916 ** Parameters:
3917 ** none.
3918 **
3919 ** Returns:
3920 ** nothing.
3921 **
3922 ** Side Effects:
3923 ** may change I/O fd.
3924 */
3925
3926 static void
3927 setup_smtpd_io()
3928 {
3929 int inchfd, outchfd, outfd;
3930
3931 inchfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
3932 outchfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
3933 outfd = sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL);
3934 if (outchfd != outfd)
3935 {
3936 /* arrange for debugging output to go to remote host */
3937 (void) dup2(outchfd, outfd);
3938 }
3939
3940 /*
3941 ** if InChannel and OutChannel are stdin/stdout
3942 ** and connected to ttys
3943 ** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT,
3944 ** then "chain" them together.
3945 */
3946
3947 if (inchfd == STDIN_FILENO && outchfd == STDOUT_FILENO &&
3948 isatty(inchfd) && isatty(outchfd))
3949 {
3950 int inmode, outmode;
3951
3952 inmode = fcntl(inchfd, F_GETFL, 0);
3953 if (inmode == -1)
3954 {
3955 if (LogLevel > 11)
3956 sm_syslog(LOG_INFO, NOQID,
3957 "fcntl(inchfd, F_GETFL) failed: %s",
3958 sm_errstring(errno));
3959 return;
3960 }
3961 outmode = fcntl(outchfd, F_GETFL, 0);
3962 if (outmode == -1)
3963 {
3964 if (LogLevel > 11)
3965 sm_syslog(LOG_INFO, NOQID,
3966 "fcntl(outchfd, F_GETFL) failed: %s",
3967 sm_errstring(errno));
3968 return;
3969 }
3970 if (bitset(O_NONBLOCK, inmode) ||
3971 bitset(O_NONBLOCK, outmode) ||
3972 fcntl(inchfd, F_SETFL, inmode | O_NONBLOCK) == -1)
3973 return;
3974 outmode = fcntl(outchfd, F_GETFL, 0);
3975 if (outmode != -1 && bitset(O_NONBLOCK, outmode))
3976 {
3977 /* changing InChannel also changes OutChannel */
3978 sm_io_automode(OutChannel, InChannel);
3979 if (tTd(97, 4) && LogLevel > 9)
3980 sm_syslog(LOG_INFO, NOQID,
3981 "set automode for I (%d)/O (%d) in SMTP server",
3982 inchfd, outchfd);
3983 }
3984
3985 /* undo change of inchfd */
3986 (void) fcntl(inchfd, F_SETFL, inmode);
3987 }
3988 }
3989 /*
3990 ** SKIPWORD -- skip a fixed word.
3991 **
3992 ** Parameters:
3993 ** p -- place to start looking.
3994 ** w -- word to skip.
3995 **
3996 ** Returns:
3997 ** p following w.
3998 ** NULL on error.
3999 **
4000 ** Side Effects:
4001 ** clobbers the p data area.
4002 */
4003
4004 static char *
4005 skipword(p, w)
4006 register char *volatile p;
4007 char *w;
4008 {
4009 register char *q;
4010 char *firstp = p;
4011
4012 /* find beginning of word */
4013 SKIP_SPACE(p);
4014 q = p;
4015
4016 /* find end of word */
4017 while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p)))
4018 p++;
4019 while (isascii(*p) && isspace(*p))
4020 *p++ = '\0';
4021 if (*p != ':')
4022 {
4023 syntax:
4024 usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
4025 shortenstring(firstp, MAXSHORTSTR));
4026 return NULL;
4027 }
4028 *p++ = '\0';
4029 SKIP_SPACE(p);
4030
4031 if (*p == '\0')
4032 goto syntax;
4033
4034 /* see if the input word matches desired word */
4035 if (sm_strcasecmp(q, w))
4036 goto syntax;
4037
4038 return p;
4039 }
4040
4041 /*
4042 ** RESET_MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4043 **
4044 ** Parameters:
4045 ** e -- the envelope.
4046 **
4047 ** Returns:
4048 ** none.
4049 */
4050
4051 void
4052 reset_mail_esmtp_args(e)
4053 ENVELOPE *e;
4054 {
4055 /* "size": no reset */
4056
4057 /* "body" */
4058 SevenBitInput = SevenBitInput_Saved;
4059 e->e_bodytype = NULL;
4060
4061 /* "envid" */
4062 e->e_envid = NULL;
4063 macdefine(&e->e_macro, A_PERM, macid("{dsn_envid}"), NULL);
4064
4065 /* "ret" */
4066 e->e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN);
4067 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), NULL);
4068
4069 #if SASL
4070 /* "auth" */
4071 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"), NULL);
4072 e->e_auth_param = "";
4073 # if _FFR_AUTH_PASSING
4074 macdefine(&BlankEnvelope.e_macro, A_PERM,
4075 macid("{auth_author}"), NULL);
4076 # endif /* _FFR_AUTH_PASSING */
4077 #endif /* SASL */
4078
4079 /* "by" */
4080 e->e_deliver_by = 0;
4081 e->e_dlvr_flag = 0;
4082 }
4083
4084 /*
4085 ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4086 **
4087 ** Parameters:
4088 ** a -- address (unused, for compatibility with rcpt_esmtp_args)
4089 ** kp -- the parameter key.
4090 ** vp -- the value of that parameter.
4091 ** e -- the envelope.
4092 **
4093 ** Returns:
4094 ** none.
4095 */
4096
4097 void
4098 mail_esmtp_args(a, kp, vp, e)
4099 ADDRESS *a;
4100 char *kp;
4101 char *vp;
4102 ENVELOPE *e;
4103 {
4104 if (sm_strcasecmp(kp, "size") == 0)
4105 {
4106 if (vp == NULL)
4107 {
4108 usrerr("501 5.5.2 SIZE requires a value");
4109 /* NOTREACHED */
4110 }
4111 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), vp);
4112 errno = 0;
4113 e->e_msgsize = strtol(vp, (char **) NULL, 10);
4114 if (e->e_msgsize == LONG_MAX && errno == ERANGE)
4115 {
4116 usrerr("552 5.2.3 Message size exceeds maximum value");
4117 /* NOTREACHED */
4118 }
4119 if (e->e_msgsize < 0)
4120 {
4121 usrerr("552 5.2.3 Message size invalid");
4122 /* NOTREACHED */
4123 }
4124 }
4125 else if (sm_strcasecmp(kp, "body") == 0)
4126 {
4127 if (vp == NULL)
4128 {
4129 usrerr("501 5.5.2 BODY requires a value");
4130 /* NOTREACHED */
4131 }
4132 else if (sm_strcasecmp(vp, "8bitmime") == 0)
4133 {
4134 SevenBitInput = false;
4135 }
4136 else if (sm_strcasecmp(vp, "7bit") == 0)
4137 {
4138 SevenBitInput = true;
4139 }
4140 else
4141 {
4142 usrerr("501 5.5.4 Unknown BODY type %s", vp);
4143 /* NOTREACHED */
4144 }
4145 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, vp);
4146 }
4147 else if (sm_strcasecmp(kp, "envid") == 0)
4148 {
4149 if (!bitset(SRV_OFFER_DSN, e->e_features))
4150 {
4151 usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
4152 /* NOTREACHED */
4153 }
4154 if (vp == NULL)
4155 {
4156 usrerr("501 5.5.2 ENVID requires a value");
4157 /* NOTREACHED */
4158 }
4159 if (!xtextok(vp))
4160 {
4161 usrerr("501 5.5.4 Syntax error in ENVID parameter value");
4162 /* NOTREACHED */
4163 }
4164 if (e->e_envid != NULL)
4165 {
4166 usrerr("501 5.5.0 Duplicate ENVID parameter");
4167 /* NOTREACHED */
4168 }
4169 e->e_envid = sm_rpool_strdup_x(e->e_rpool, vp);
4170 macdefine(&e->e_macro, A_PERM,
4171 macid("{dsn_envid}"), e->e_envid);
4172 }
4173 else if (sm_strcasecmp(kp, "ret") == 0)
4174 {
4175 if (!bitset(SRV_OFFER_DSN, e->e_features))
4176 {
4177 usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
4178 /* NOTREACHED */
4179 }
4180 if (vp == NULL)
4181 {
4182 usrerr("501 5.5.2 RET requires a value");
4183 /* NOTREACHED */
4184 }
4185 if (bitset(EF_RET_PARAM, e->e_flags))
4186 {
4187 usrerr("501 5.5.0 Duplicate RET parameter");
4188 /* NOTREACHED */
4189 }
4190 e->e_flags |= EF_RET_PARAM;
4191 if (sm_strcasecmp(vp, "hdrs") == 0)
4192 e->e_flags |= EF_NO_BODY_RETN;
4193 else if (sm_strcasecmp(vp, "full") != 0)
4194 {
4195 usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp);
4196 /* NOTREACHED */
4197 }
4198 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), vp);
4199 }
4200 #if SASL
4201 else if (sm_strcasecmp(kp, "auth") == 0)
4202 {
4203 int len;
4204 char *q;
4205 char *auth_param; /* the value of the AUTH=x */
4206 bool saveQuickAbort = QuickAbort;
4207 bool saveSuprErrs = SuprErrs;
4208 bool saveExitStat = ExitStat;
4209
4210 if (vp == NULL)
4211 {
4212 usrerr("501 5.5.2 AUTH= requires a value");
4213 /* NOTREACHED */
4214 }
4215 if (e->e_auth_param != NULL)
4216 {
4217 usrerr("501 5.5.0 Duplicate AUTH parameter");
4218 /* NOTREACHED */
4219 }
4220 if ((q = strchr(vp, ' ')) != NULL)
4221 len = q - vp + 1;
4222 else
4223 len = strlen(vp) + 1;
4224 auth_param = xalloc(len);
4225 (void) sm_strlcpy(auth_param, vp, len);
4226 if (!xtextok(auth_param))
4227 {
4228 usrerr("501 5.5.4 Syntax error in AUTH parameter value");
4229 /* just a warning? */
4230 /* NOTREACHED */
4231 }
4232
4233 /* XXX define this always or only if trusted? */
4234 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"),
4235 auth_param);
4236
4237 /*
4238 ** call Strust_auth to find out whether
4239 ** auth_param is acceptable (trusted)
4240 ** we shouldn't trust it if not authenticated
4241 ** (required by RFC, leave it to ruleset?)
4242 */
4243
4244 SuprErrs = true;
4245 QuickAbort = false;
4246 if (strcmp(auth_param, "<>") != 0 &&
4247 (rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM,
4248 9, NULL, NOQID, NULL) != EX_OK || Errors > 0))
4249 {
4250 if (tTd(95, 8))
4251 {
4252 q = e->e_auth_param;
4253 sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
4254 auth_param, (q == NULL) ? "" : q);
4255 }
4256
4257 /* not trusted */
4258 e->e_auth_param = "<>";
4259 # if _FFR_AUTH_PASSING
4260 macdefine(&BlankEnvelope.e_macro, A_PERM,
4261 macid("{auth_author}"), NULL);
4262 # endif /* _FFR_AUTH_PASSING */
4263 }
4264 else
4265 {
4266 if (tTd(95, 8))
4267 sm_dprintf("auth=\"%.100s\" trusted\n", auth_param);
4268 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool,
4269 auth_param);
4270 }
4271 sm_free(auth_param); /* XXX */
4272
4273 /* reset values */
4274 Errors = 0;
4275 QuickAbort = saveQuickAbort;
4276 SuprErrs = saveSuprErrs;
4277 ExitStat = saveExitStat;
4278 }
4279 #endif /* SASL */
4280 #define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?')
4281
4282 /*
4283 ** "by" is only accepted if DeliverByMin >= 0.
4284 ** We maybe could add this to the list of server_features.
4285 */
4286
4287 else if (sm_strcasecmp(kp, "by") == 0 && DeliverByMin >= 0)
4288 {
4289 char *s;
4290
4291 if (vp == NULL)
4292 {
4293 usrerr("501 5.5.2 BY= requires a value");
4294 /* NOTREACHED */
4295 }
4296 errno = 0;
4297 e->e_deliver_by = strtol(vp, &s, 10);
4298 if (e->e_deliver_by == LONG_MIN ||
4299 e->e_deliver_by == LONG_MAX ||
4300 e->e_deliver_by > 999999999l ||
4301 e->e_deliver_by < -999999999l)
4302 {
4303 usrerr("501 5.5.2 BY=%s out of range", vp);
4304 /* NOTREACHED */
4305 }
4306 if (s == NULL || *s != ';')
4307 {
4308 usrerr("501 5.5.2 BY= missing ';'");
4309 /* NOTREACHED */
4310 }
4311 e->e_dlvr_flag = 0;
4312 ++s; /* XXX: spaces allowed? */
4313 SKIP_SPACE(s);
4314 switch (tolower(*s))
4315 {
4316 case 'n':
4317 e->e_dlvr_flag = DLVR_NOTIFY;
4318 break;
4319 case 'r':
4320 e->e_dlvr_flag = DLVR_RETURN;
4321 if (e->e_deliver_by <= 0)
4322 {
4323 usrerr("501 5.5.4 mode R requires BY time > 0");
4324 /* NOTREACHED */
4325 }
4326 if (DeliverByMin > 0 && e->e_deliver_by > 0 &&
4327 e->e_deliver_by < DeliverByMin)
4328 {
4329 usrerr("555 5.5.2 time %ld less than %ld",
4330 e->e_deliver_by, (long) DeliverByMin);
4331 /* NOTREACHED */
4332 }
4333 break;
4334 default:
4335 usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s));
4336 /* NOTREACHED */
4337 }
4338 ++s; /* XXX: spaces allowed? */
4339 SKIP_SPACE(s);
4340 switch (tolower(*s))
4341 {
4342 case 't':
4343 e->e_dlvr_flag |= DLVR_TRACE;
4344 break;
4345 case '\0':
4346 break;
4347 default:
4348 usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s));
4349 /* NOTREACHED */
4350 }
4351
4352 /* XXX: check whether more characters follow? */
4353 }
4354 else
4355 {
4356 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4357 /* NOTREACHED */
4358 }
4359 }
4360
4361 /*
4362 ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line
4363 **
4364 ** Parameters:
4365 ** a -- the address corresponding to the To: parameter.
4366 ** kp -- the parameter key.
4367 ** vp -- the value of that parameter.
4368 ** e -- the envelope.
4369 **
4370 ** Returns:
4371 ** none.
4372 */
4373
4374 void
4375 rcpt_esmtp_args(a, kp, vp, e)
4376 ADDRESS *a;
4377 char *kp;
4378 char *vp;
4379 ENVELOPE *e;
4380 {
4381 if (sm_strcasecmp(kp, "notify") == 0)
4382 {
4383 char *p;
4384
4385 if (!bitset(SRV_OFFER_DSN, e->e_features))
4386 {
4387 usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
4388 /* NOTREACHED */
4389 }
4390 if (vp == NULL)
4391 {
4392 usrerr("501 5.5.2 NOTIFY requires a value");
4393 /* NOTREACHED */
4394 }
4395 a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY);
4396 a->q_flags |= QHASNOTIFY;
4397 macdefine(&e->e_macro, A_TEMP, macid("{dsn_notify}"), vp);
4398
4399 if (sm_strcasecmp(vp, "never") == 0)
4400 return;
4401 for (p = vp; p != NULL; vp = p)
4402 {
4403 char *s;
4404
4405 s = p = strchr(p, ',');
4406 if (p != NULL)
4407 *p++ = '\0';
4408 if (sm_strcasecmp(vp, "success") == 0)
4409 a->q_flags |= QPINGONSUCCESS;
4410 else if (sm_strcasecmp(vp, "failure") == 0)
4411 a->q_flags |= QPINGONFAILURE;
4412 else if (sm_strcasecmp(vp, "delay") == 0)
4413 a->q_flags |= QPINGONDELAY;
4414 else
4415 {
4416 usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY",
4417 vp);
4418 /* NOTREACHED */
4419 }
4420 if (s != NULL)
4421 *s = ',';
4422 }
4423 }
4424 else if (sm_strcasecmp(kp, "orcpt") == 0)
4425 {
4426 if (!bitset(SRV_OFFER_DSN, e->e_features))
4427 {
4428 usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
4429 /* NOTREACHED */
4430 }
4431 if (vp == NULL)
4432 {
4433 usrerr("501 5.5.2 ORCPT requires a value");
4434 /* NOTREACHED */
4435 }
4436 if (strchr(vp, ';') == NULL || !xtextok(vp))
4437 {
4438 usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
4439 /* NOTREACHED */
4440 }
4441 if (a->q_orcpt != NULL)
4442 {
4443 usrerr("501 5.5.0 Duplicate ORCPT parameter");
4444 /* NOTREACHED */
4445 }
4446 a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp);
4447 }
4448 else
4449 {
4450 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4451 /* NOTREACHED */
4452 }
4453 }
4454 /*
4455 ** PRINTVRFYADDR -- print an entry in the verify queue
4456 **
4457 ** Parameters:
4458 ** a -- the address to print.
4459 ** last -- set if this is the last one.
4460 ** vrfy -- set if this is a VRFY command.
4461 **
4462 ** Returns:
4463 ** none.
4464 **
4465 ** Side Effects:
4466 ** Prints the appropriate 250 codes.
4467 */
4468 #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */
4469
4470 static void
4471 printvrfyaddr(a, last, vrfy)
4472 register ADDRESS *a;
4473 bool last;
4474 bool vrfy;
4475 {
4476 char fmtbuf[30];
4477
4478 if (vrfy && a->q_mailer != NULL &&
4479 !bitnset(M_VRFY250, a->q_mailer->m_flags))
4480 (void) sm_strlcpy(fmtbuf, "252", sizeof(fmtbuf));
4481 else
4482 (void) sm_strlcpy(fmtbuf, "250", sizeof(fmtbuf));
4483 fmtbuf[3] = last ? ' ' : '-';
4484 (void) sm_strlcpy(&fmtbuf[4], "2.1.5 ", sizeof(fmtbuf) - 4);
4485 if (a->q_fullname == NULL)
4486 {
4487 if ((a->q_mailer == NULL ||
4488 a->q_mailer->m_addrtype == NULL ||
4489 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4490 strchr(a->q_user, '@') == NULL)
4491 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s@%s>",
4492 sizeof(fmtbuf) - OFFF);
4493 else
4494 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s>",
4495 sizeof(fmtbuf) - OFFF);
4496 message(fmtbuf, a->q_user, MyHostName);
4497 }
4498 else
4499 {
4500 if ((a->q_mailer == NULL ||
4501 a->q_mailer->m_addrtype == NULL ||
4502 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4503 strchr(a->q_user, '@') == NULL)
4504 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s@%s>",
4505 sizeof(fmtbuf) - OFFF);
4506 else
4507 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s>",
4508 sizeof(fmtbuf) - OFFF);
4509 message(fmtbuf, a->q_fullname, a->q_user, MyHostName);
4510 }
4511 }
4512
4513 #if SASL
4514 /*
4515 ** SASLMECHS -- get list of possible AUTH mechanisms
4516 **
4517 ** Parameters:
4518 ** conn -- SASL connection info.
4519 ** mechlist -- output parameter for list of mechanisms.
4520 **
4521 ** Returns:
4522 ** number of mechs.
4523 */
4524
4525 static int
4526 saslmechs(conn, mechlist)
4527 sasl_conn_t *conn;
4528 char **mechlist;
4529 {
4530 int len, num, result;
4531
4532 /* "user" is currently unused */
4533 # if SASL >= 20000
4534 result = sasl_listmech(conn, NULL,
4535 "", " ", "", (const char **) mechlist,
4536 (unsigned int *)&len, &num);
4537 # else /* SASL >= 20000 */
4538 result = sasl_listmech(conn, "user", /* XXX */
4539 "", " ", "", mechlist,
4540 (unsigned int *)&len, (unsigned int *)&num);
4541 # endif /* SASL >= 20000 */
4542 if (result != SASL_OK)
4543 {
4544 if (LogLevel > 9)
4545 sm_syslog(LOG_WARNING, NOQID,
4546 "AUTH error: listmech=%d, num=%d",
4547 result, num);
4548 num = 0;
4549 }
4550 if (num > 0)
4551 {
4552 if (LogLevel > 11)
4553 sm_syslog(LOG_INFO, NOQID,
4554 "AUTH: available mech=%s, allowed mech=%s",
4555 *mechlist, AuthMechanisms);
4556 *mechlist = intersect(AuthMechanisms, *mechlist, NULL);
4557 }
4558 else
4559 {
4560 *mechlist = NULL; /* be paranoid... */
4561 if (result == SASL_OK && LogLevel > 9)
4562 sm_syslog(LOG_WARNING, NOQID,
4563 "AUTH warning: no mechanisms");
4564 }
4565 return num;
4566 }
4567
4568 # if SASL >= 20000
4569 /*
4570 ** PROXY_POLICY -- define proxy policy for AUTH
4571 **
4572 ** Parameters:
4573 ** conn -- unused.
4574 ** context -- unused.
4575 ** requested_user -- authorization identity.
4576 ** rlen -- authorization identity length.
4577 ** auth_identity -- authentication identity.
4578 ** alen -- authentication identity length.
4579 ** def_realm -- default user realm.
4580 ** urlen -- user realm length.
4581 ** propctx -- unused.
4582 **
4583 ** Returns:
4584 ** ok?
4585 **
4586 ** Side Effects:
4587 ** sets {auth_authen} macro.
4588 */
4589
4590 int
4591 proxy_policy(conn, context, requested_user, rlen, auth_identity, alen,
4592 def_realm, urlen, propctx)
4593 sasl_conn_t *conn;
4594 void *context;
4595 const char *requested_user;
4596 unsigned rlen;
4597 const char *auth_identity;
4598 unsigned alen;
4599 const char *def_realm;
4600 unsigned urlen;
4601 struct propctx *propctx;
4602 {
4603 if (auth_identity == NULL)
4604 return SASL_FAIL;
4605
4606 macdefine(&BlankEnvelope.e_macro, A_TEMP,
4607 macid("{auth_authen}"), (char *) auth_identity);
4608
4609 return SASL_OK;
4610 }
4611 # else /* SASL >= 20000 */
4612
4613 /*
4614 ** PROXY_POLICY -- define proxy policy for AUTH
4615 **
4616 ** Parameters:
4617 ** context -- unused.
4618 ** auth_identity -- authentication identity.
4619 ** requested_user -- authorization identity.
4620 ** user -- allowed user (output).
4621 ** errstr -- possible error string (output).
4622 **
4623 ** Returns:
4624 ** ok?
4625 */
4626
4627 int
4628 proxy_policy(context, auth_identity, requested_user, user, errstr)
4629 void *context;
4630 const char *auth_identity;
4631 const char *requested_user;
4632 const char **user;
4633 const char **errstr;
4634 {
4635 if (user == NULL || auth_identity == NULL)
4636 return SASL_FAIL;
4637 *user = newstr(auth_identity);
4638 return SASL_OK;
4639 }
4640 # endif /* SASL >= 20000 */
4641 #endif /* SASL */
4642
4643 #if STARTTLS
4644 /*
4645 ** INITSRVTLS -- initialize server side TLS
4646 **
4647 ** Parameters:
4648 ** tls_ok -- should tls initialization be done?
4649 **
4650 ** Returns:
4651 ** succeeded?
4652 **
4653 ** Side Effects:
4654 ** sets tls_ok_srv which is a static variable in this module.
4655 ** Do NOT remove assignments to it!
4656 */
4657
4658 bool
4659 initsrvtls(tls_ok)
4660 bool tls_ok;
4661 {
4662 if (!tls_ok)
4663 return false;
4664
4665 /* do NOT remove assignment */
4666 tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile,
4667 SrvKeyFile, CACertPath, CACertFile, DHParams);
4668 return tls_ok_srv;
4669 }
4670 #endif /* STARTTLS */
4671 /*
4672 ** SRVFEATURES -- get features for SMTP server
4673 **
4674 ** Parameters:
4675 ** e -- envelope (should be session context).
4676 ** clientname -- name of client.
4677 ** features -- default features for this invocation.
4678 **
4679 ** Returns:
4680 ** server features.
4681 */
4682
4683 /* table with options: it uses just one character, how about strings? */
4684 static struct
4685 {
4686 char srvf_opt;
4687 unsigned int srvf_flag;
4688 } srv_feat_table[] =
4689 {
4690 { 'A', SRV_OFFER_AUTH },
4691 { 'B', SRV_OFFER_VERB },
4692 { 'C', SRV_REQ_SEC },
4693 { 'D', SRV_OFFER_DSN },
4694 { 'E', SRV_OFFER_ETRN },
4695 { 'L', SRV_REQ_AUTH },
4696 #if PIPELINING
4697 # if _FFR_NO_PIPE
4698 { 'N', SRV_NO_PIPE },
4699 # endif /* _FFR_NO_PIPE */
4700 { 'P', SRV_OFFER_PIPE },
4701 #endif /* PIPELINING */
4702 { 'R', SRV_VRFY_CLT }, /* same as V; not documented */
4703 { 'S', SRV_OFFER_TLS },
4704 /* { 'T', SRV_TMP_FAIL }, */
4705 { 'V', SRV_VRFY_CLT },
4706 { 'X', SRV_OFFER_EXPN },
4707 /* { 'Y', SRV_OFFER_VRFY }, */
4708 { '\0', SRV_NONE }
4709 };
4710
4711 static unsigned int
4712 srvfeatures(e, clientname, features)
4713 ENVELOPE *e;
4714 char *clientname;
4715 unsigned int features;
4716 {
4717 int r, i, j;
4718 char **pvp, c, opt;
4719 char pvpbuf[PSBUFSIZE];
4720
4721 pvp = NULL;
4722 r = rscap("srv_features", clientname, "", e, &pvp, pvpbuf,
4723 sizeof(pvpbuf));
4724 if (r != EX_OK)
4725 return features;
4726 if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
4727 return features;
4728 if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
4729 return SRV_TMP_FAIL;
4730
4731 /*
4732 ** General rule (see sendmail.h, d_flags):
4733 ** lower case: required/offered, upper case: Not required/available
4734 **
4735 ** Since we can change some features per daemon, we have both
4736 ** cases here: turn on/off a feature.
4737 */
4738
4739 for (i = 1; pvp[i] != NULL; i++)
4740 {
4741 c = pvp[i][0];
4742 j = 0;
4743 for (;;)
4744 {
4745 if ((opt = srv_feat_table[j].srvf_opt) == '\0')
4746 {
4747 if (LogLevel > 9)
4748 sm_syslog(LOG_WARNING, e->e_id,
4749 "srvfeatures: unknown feature %s",
4750 pvp[i]);
4751 break;
4752 }
4753 if (c == opt)
4754 {
4755 features &= ~(srv_feat_table[j].srvf_flag);
4756 break;
4757 }
4758 if (c == tolower(opt))
4759 {
4760 features |= srv_feat_table[j].srvf_flag;
4761 break;
4762 }
4763 ++j;
4764 }
4765 }
4766 return features;
4767 }
4768
4769 /*
4770 ** HELP -- implement the HELP command.
4771 **
4772 ** Parameters:
4773 ** topic -- the topic we want help for.
4774 ** e -- envelope.
4775 **
4776 ** Returns:
4777 ** none.
4778 **
4779 ** Side Effects:
4780 ** outputs the help file to message output.
4781 */
4782 #define HELPVSTR "#vers "
4783 #define HELPVERSION 2
4784
4785 void
4786 help(topic, e)
4787 char *topic;
4788 ENVELOPE *e;
4789 {
4790 register SM_FILE_T *hf;
4791 register char *p;
4792 int len;
4793 bool noinfo;
4794 bool first = true;
4795 long sff = SFF_OPENASROOT|SFF_REGONLY;
4796 char buf[MAXLINE];
4797 char inp[MAXLINE];
4798 static int foundvers = -1;
4799 extern char Version[];
4800
4801 if (DontLockReadFiles)
4802 sff |= SFF_NOLOCK;
4803 if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))
4804 sff |= SFF_SAFEDIRPATH;
4805
4806 if (HelpFile == NULL ||
4807 (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL)
4808 {
4809 /* no help */
4810 errno = 0;
4811 message("502 5.3.0 Sendmail %s -- HELP not implemented",
4812 Version);
4813 return;
4814 }
4815
4816 if (topic == NULL || *topic == '\0')
4817 {
4818 topic = "smtp";
4819 noinfo = false;
4820 }
4821 else
4822 {
4823 makelower(topic);
4824 noinfo = true;
4825 }
4826
4827 len = strlen(topic);
4828
4829 while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL)
4830 {
4831 if (buf[0] == '#')
4832 {
4833 if (foundvers < 0 &&
4834 strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0)
4835 {
4836 int h;
4837
4838 if (sm_io_sscanf(buf + strlen(HELPVSTR), "%d",
4839 &h) == 1)
4840 foundvers = h;
4841 }
4842 continue;
4843 }
4844 if (strncmp(buf, topic, len) == 0)
4845 {
4846 if (first)
4847 {
4848 first = false;
4849
4850 /* print version if no/old vers# in file */
4851 if (foundvers < 2 && !noinfo)
4852 message("214-2.0.0 This is Sendmail version %s", Version);
4853 }
4854 p = strpbrk(buf, " \t");
4855 if (p == NULL)
4856 p = buf + strlen(buf) - 1;
4857 else
4858 p++;
4859 fixcrlf(p, true);
4860 if (foundvers >= 2)
4861 {
4862 char *lbp;
4863 int lbs = sizeof(buf) - (p - buf);
4864
4865 lbp = translate_dollars(p, p, &lbs);
4866 expand(lbp, inp, sizeof(inp), e);
4867 if (p != lbp)
4868 sm_free(lbp);
4869 p = inp;
4870 }
4871 message("214-2.0.0 %s", p);
4872 noinfo = false;
4873 }
4874 }
4875
4876 if (noinfo)
4877 message("504 5.3.0 HELP topic \"%.10s\" unknown", topic);
4878 else
4879 message("214 2.0.0 End of HELP info");
4880
4881 if (foundvers != 0 && foundvers < HELPVERSION)
4882 {
4883 if (LogLevel > 1)
4884 sm_syslog(LOG_WARNING, e->e_id,
4885 "%s too old (require version %d)",
4886 HelpFile, HELPVERSION);
4887
4888 /* avoid log next time */
4889 foundvers = 0;
4890 }
4891
4892 (void) sm_io_close(hf, SM_TIME_DEFAULT);
4893 }
4894
4895 #if SASL
4896 /*
4897 ** RESET_SASLCONN -- reset SASL connection data
4898 **
4899 ** Parameters:
4900 ** conn -- SASL connection context
4901 ** hostname -- host name
4902 ** various connection data
4903 **
4904 ** Returns:
4905 ** SASL result
4906 */
4907
4908 static int
4909 reset_saslconn(sasl_conn_t **conn, char *hostname,
4910 # if SASL >= 20000
4911 char *remoteip, char *localip,
4912 char *auth_id, sasl_ssf_t * ext_ssf)
4913 # else /* SASL >= 20000 */
4914 struct sockaddr_in *saddr_r, struct sockaddr_in *saddr_l,
4915 sasl_external_properties_t * ext_ssf)
4916 # endif /* SASL >= 20000 */
4917 {
4918 int result;
4919
4920 sasl_dispose(conn);
4921 # if SASL >= 20000
4922 result = sasl_server_new("smtp", hostname, NULL, NULL, NULL,
4923 NULL, 0, conn);
4924 # elif SASL > 10505
4925 /* use empty realm: only works in SASL > 1.5.5 */
4926 result = sasl_server_new("smtp", hostname, "", NULL, 0, conn);
4927 # else /* SASL >= 20000 */
4928 /* use no realm -> realm is set to hostname by SASL lib */
4929 result = sasl_server_new("smtp", hostname, NULL, NULL, 0,
4930 conn);
4931 # endif /* SASL >= 20000 */
4932 if (result != SASL_OK)
4933 return result;
4934
4935 # if SASL >= 20000
4936 # if NETINET || NETINET6
4937 if (remoteip != NULL && *remoteip != '\0')
4938 result = sasl_setprop(*conn, SASL_IPREMOTEPORT, remoteip);
4939 if (result != SASL_OK)
4940 return result;
4941
4942 if (localip != NULL && *localip != '\0')
4943 result = sasl_setprop(*conn, SASL_IPLOCALPORT, localip);
4944 if (result != SASL_OK)
4945 return result;
4946 # endif /* NETINET || NETINET6 */
4947
4948 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4949 if (result != SASL_OK)
4950 return result;
4951
4952 result = sasl_setprop(*conn, SASL_AUTH_EXTERNAL, auth_id);
4953 if (result != SASL_OK)
4954 return result;
4955 # else /* SASL >= 20000 */
4956 # if NETINET
4957 if (saddr_r != NULL)
4958 result = sasl_setprop(*conn, SASL_IP_REMOTE, saddr_r);
4959 if (result != SASL_OK)
4960 return result;
4961
4962 if (saddr_l != NULL)
4963 result = sasl_setprop(*conn, SASL_IP_LOCAL, saddr_l);
4964 if (result != SASL_OK)
4965 return result;
4966 # endif /* NETINET */
4967
4968 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4969 if (result != SASL_OK)
4970 return result;
4971 # endif /* SASL >= 20000 */
4972 return SASL_OK;
4973 }
4974 #endif /* SASL */
DragonFly BSD