2 * Copyright (c) 1998-2007 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 # include <libmilter/mfapi.h>
17 # include <libmilter/mfdef.h>
20 SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.967 2007/10/01 16:22:14 ca Exp $")
27 #endif /* SASL || STARTTLS */
29 # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1)
30 static int saslmechs
__P((sasl_conn_t
*, char **));
33 # include <sysexits.h>
35 static SSL_CTX
*srv_ctx
= NULL
; /* TLS server context */
36 static SSL
*srv_ssl
= NULL
; /* per connection context */
38 static bool tls_ok_srv
= false;
40 # define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \
41 bitset(SRV_VRFY_CLT, features))
45 static bool NotFirstDelivery
= false;
46 #endif /* _FFR_DM_ONE */
49 #define SRV_NONE 0x0000 /* none... */
50 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
51 #define SRV_VRFY_CLT 0x0002 /* request a cert */
52 #define SRV_OFFER_AUTH 0x0004 /* offer AUTH */
53 #define SRV_OFFER_ETRN 0x0008 /* offer ETRN */
54 #define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */
55 #define SRV_OFFER_EXPN 0x0020 /* offer EXPN */
56 #define SRV_OFFER_VERB 0x0040 /* offer VERB */
57 #define SRV_OFFER_DSN 0x0080 /* offer DSN */
59 # define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */
61 # define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */
62 # endif /* _FFR_NO_PIPE */
63 #endif /* PIPELINING */
64 #define SRV_REQ_AUTH 0x0400 /* require AUTH */
65 #define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */
66 #define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */
68 static unsigned int srvfeatures
__P((ENVELOPE
*, char *, unsigned int));
70 #define STOP_ATTACK ((time_t) -1)
71 static time_t checksmtpattack
__P((volatile unsigned int *, unsigned int,
72 bool, char *, ENVELOPE
*));
73 static void printvrfyaddr
__P((ADDRESS
*, bool, bool));
74 static char *skipword
__P((char *volatile, char *));
75 static void setup_smtpd_io
__P((void));
79 static int reset_saslconn
__P((sasl_conn_t
**_conn
, char *_hostname
,
80 char *_remoteip
, char *_localip
,
81 char *_auth_id
, sasl_ssf_t
*_ext_ssf
));
83 # define RESET_SASLCONN \
86 result = reset_saslconn(&conn, AuthRealm, remoteip, \
87 localip, auth_id, &ext_ssf); \
88 if (result != SASL_OK) \
92 # else /* SASL >= 20000 */
93 static int reset_saslconn
__P((sasl_conn_t
**_conn
, char *_hostname
,
94 struct sockaddr_in
*_saddr_r
,
95 struct sockaddr_in
*_saddr_l
,
96 sasl_external_properties_t
*_ext_ssf
));
97 # define RESET_SASLCONN \
100 result = reset_saslconn(&conn, AuthRealm, &saddr_r, \
101 &saddr_l, &ext_ssf); \
102 if (result != SASL_OK) \
106 # endif /* SASL >= 20000 */
109 extern ENVELOPE BlankEnvelope
;
115 (void) sm_snprintf(buf, sizeof(buf), "%d", \
116 BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
117 ? n_badrcpts - 1 : n_badrcpts); \
118 macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
121 #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
125 ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
129 ** addr_st -- address (RCPT only)
131 ** delimptr -- current position in read buffer
132 ** which -- MAIL/RCPT
133 ** args -- arguments (output)
134 ** esmtp_args -- function to process a single ESMTP argument
141 parse_esmtp_args(e
, addr_st
, p
, delimptr
, which
, args
, esmtp_args
)
148 esmtp_args_F esmtp_args
;
156 while (p
!= NULL
&& *p
!= '\0')
162 /* locate the beginning of the keyword */
168 /* skip to the value portion */
169 while ((isascii(*p
) && isalnum(*p
)) || *p
== '-')
177 /* skip to the end of the value */
178 while (*p
!= '\0' && *p
!= ' ' &&
179 !(isascii(*p
) && iscntrl(*p
)) &&
188 sm_dprintf("%s: got arg %s=\"%s\"\n", which
, kp
,
189 vp
== NULL
? "<null>" : vp
);
191 esmtp_args(addr_st
, kp
, vp
, e
);
197 if (argno
>= MAXSMTPARGS
- 1)
198 usrerr("501 5.5.4 Too many parameters");
207 ** SMTP -- run the SMTP protocol.
210 ** nullserver -- if non-NULL, rejection message for
211 ** (almost) all SMTP commands.
212 ** d_flags -- daemon flags
213 ** e -- the envelope.
219 ** Reads commands from the input channel and processes them.
223 ** Notice: The smtp server doesn't have a session context like the client
224 ** side has (mci). Therefore some data (session oriented) is allocated
225 ** or assigned to the "wrong" structure (esp. STARTTLS, AUTH).
226 ** This should be fixed in a successor version.
231 char *cmd_name
; /* command name */
232 int cmd_code
; /* internal code, see below */
235 /* values for cmd_code */
236 #define CMDERROR 0 /* bad command */
237 #define CMDMAIL 1 /* mail -- designate sender */
238 #define CMDRCPT 2 /* rcpt -- designate recipient */
239 #define CMDDATA 3 /* data -- send message text */
240 #define CMDRSET 4 /* rset -- reset state */
241 #define CMDVRFY 5 /* vrfy -- verify address */
242 #define CMDEXPN 6 /* expn -- expand address */
243 #define CMDNOOP 7 /* noop -- do nothing */
244 #define CMDQUIT 8 /* quit -- close connection and die */
245 #define CMDHELO 9 /* helo -- be polite */
246 #define CMDHELP 10 /* help -- give usage info */
247 #define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */
248 #define CMDETRN 12 /* etrn -- flush queue */
250 # define CMDAUTH 13 /* auth -- SASL authenticate */
253 # define CMDSTLS 14 /* STARTTLS -- start TLS session */
254 #endif /* STARTTLS */
255 /* non-standard commands */
256 #define CMDVERB 17 /* verb -- go into verbose mode */
257 /* unimplemented commands from RFC 821 */
258 #define CMDUNIMPL 19 /* unimplemented rfc821 commands */
259 /* use this to catch and log "door handle" attempts on your system */
260 #define CMDLOGBOGUS 23 /* bogus command that should be logged */
261 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
262 #define CMDDBGQSHOW 24 /* showq -- show send queue */
263 #define CMDDBGDEBUG 25 /* debug -- set debug mode */
266 ** Note: If you change this list, remember to update 'helpfile'
269 static struct cmd CmdTab
[] =
284 { "send", CMDUNIMPL
},
285 { "saml", CMDUNIMPL
},
286 { "soml", CMDUNIMPL
},
287 { "turn", CMDUNIMPL
},
289 { "auth", CMDAUTH
, },
292 { "starttls", CMDSTLS
, },
293 #endif /* STARTTLS */
294 /* remaining commands are here only to trap and log attempts to use them */
295 { "showq", CMDDBGQSHOW
},
296 { "debug", CMDDBGDEBUG
},
297 { "wiz", CMDLOGBOGUS
},
302 static char *CurSmtpClient
; /* who's at the other end of channel */
304 #ifndef MAXBADCOMMANDS
305 # define MAXBADCOMMANDS 25 /* maximum number of bad commands */
306 #endif /* ! MAXBADCOMMANDS */
307 #ifndef MAXHELOCOMMANDS
308 # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */
309 #endif /* ! MAXHELOCOMMANDS */
310 #ifndef MAXVRFYCOMMANDS
311 # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */
312 #endif /* ! MAXVRFYCOMMANDS */
313 #ifndef MAXETRNCOMMANDS
314 # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */
315 #endif /* ! MAXETRNCOMMANDS */
317 # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */
318 #endif /* ! MAXTIMEOUT */
321 ** Maximum shift value to compute timeout for bad commands.
322 ** This introduces an upper limit of 2^MAXSHIFT for the timeout.
327 #endif /* ! MAXSHIFT */
329 ERROR _MAXSHIFT
> 31 is invalid
330 #endif /* MAXSHIFT */
333 #if MAXBADCOMMANDS > 0
334 # define STOP_IF_ATTACK(r) do \
336 if ((r) == STOP_ATTACK) \
340 #else /* MAXBADCOMMANDS > 0 */
341 # define STOP_IF_ATTACK(r) r
342 #endif /* MAXBADCOMMANDS > 0 */
346 static SM_DEBUG_T DebugLeakSmtp
= SM_DEBUG_INITIALIZER("leak_smtp",
347 "@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $");
348 #endif /* SM_HEAP_CHECK */
352 bool sm_gotmail
; /* mail command received */
353 unsigned int sm_nrcpts
; /* number of successful RCPT commands */
357 bool sm_milterlist
; /* any filters in the list? */
358 milters_T sm_milters
;
360 /* e_nrcpts from envelope before recipient() call */
361 unsigned int sm_e_nrcpts_orig
;
363 char *sm_quarmsg
; /* carry quarantining across messages */
366 static bool smtp_data
__P((SMTP_T
*, ENVELOPE
*));
368 #define MSG_TEMPFAIL "451 4.3.2 Please try again later"
371 # define MILTER_ABORT(e) milter_abort((e))
373 # define MILTER_REPLY(str) \
375 int savelogusrerrs = LogUsrErrs; \
377 milter_cmd_fail = true; \
380 case SMFIR_SHUTDOWN: \
381 if (MilterLogLevel > 3) \
383 sm_syslog(LOG_INFO, e->e_id, \
384 "Milter: %s=%s, reject=421, errormode=4", \
386 LogUsrErrs = false; \
389 bool tsave = QuickAbort; \
391 QuickAbort = false; \
392 usrerr("421 4.3.0 closing connection"); \
393 QuickAbort = tsave; \
394 e->e_sendqueue = NULL; \
398 case SMFIR_REPLYCODE: \
399 if (MilterLogLevel > 3) \
401 sm_syslog(LOG_INFO, e->e_id, \
402 "Milter: %s=%s, reject=%s", \
403 str, addr, response); \
404 LogUsrErrs = false; \
406 if (strncmp(response, "421 ", 4) == 0 \
407 || strncmp(response, "421-", 4) == 0) \
409 bool tsave = QuickAbort; \
411 QuickAbort = false; \
413 QuickAbort = tsave; \
414 e->e_sendqueue = NULL; \
422 if (MilterLogLevel > 3) \
424 sm_syslog(LOG_INFO, e->e_id, \
425 "Milter: %s=%s, reject=550 5.7.1 Command rejected", \
427 LogUsrErrs = false; \
429 usrerr("550 5.7.1 Command rejected"); \
432 case SMFIR_DISCARD: \
433 if (MilterLogLevel > 3) \
434 sm_syslog(LOG_INFO, e->e_id, \
435 "Milter: %s=%s, discard", \
437 e->e_flags |= EF_DISCARD; \
438 milter_cmd_fail = false; \
441 case SMFIR_TEMPFAIL: \
442 if (MilterLogLevel > 3) \
444 sm_syslog(LOG_INFO, e->e_id, \
445 "Milter: %s=%s, reject=%s", \
446 str, addr, MSG_TEMPFAIL); \
447 LogUsrErrs = false; \
449 usrerr(MSG_TEMPFAIL); \
452 milter_cmd_fail = false; \
455 LogUsrErrs = savelogusrerrs; \
456 if (response != NULL) \
457 sm_free(response); /* XXX */ \
461 # define MILTER_ABORT(e)
464 /* clear all SMTP state (for HELO/EHLO/RSET) */
465 #define CLEAR_STATE(cmd) \
468 /* abort milter filters */ \
471 if (smtp.sm_nrcpts > 0) \
473 logundelrcpts(e, cmd, 10, false); \
474 smtp.sm_nrcpts = 0; \
475 macdefine(&e->e_macro, A_PERM, \
476 macid("{nrcpts}"), "0"); \
479 e->e_sendqueue = NULL; \
480 e->e_flags |= EF_CLRQUEUE; \
482 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \
483 logsender(e, NULL); \
484 e->e_flags &= ~EF_LOGSENDER; \
486 /* clean up a bit */ \
487 smtp.sm_gotmail = false; \
489 dropenvelope(e, true, false); \
490 sm_rpool_free(e->e_rpool); \
491 e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \
493 e->e_features = features; \
495 /* put back discard bit */ \
496 if (smtp.sm_discard) \
497 e->e_flags |= EF_DISCARD; \
499 /* restore connection quarantining */ \
500 if (smtp.sm_quarmsg == NULL) \
502 e->e_quarmsg = NULL; \
503 macdefine(&e->e_macro, A_PERM, \
504 macid("{quarantine}"), ""); \
508 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
510 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
515 /* sleep to flatten out connection load */
516 #define MIN_DELAY_LOG 15 /* wait before logging this again */
518 /* is it worth setting the process title for 1s? */
519 #define DELAY_CONN(cmd) \
520 if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \
524 sm_setproctitle(true, e, \
525 "%s: %s: delaying %s: load average: %d", \
526 qid_printname(e), CurSmtpClient, \
528 if (LogLevel > 8 && (dnow = curtime()) > log_delay) \
530 sm_syslog(LOG_INFO, e->e_id, \
531 "delaying=%s, load average=%d >= %d", \
532 cmd, CurrentLA, DelayLA); \
533 log_delay = dnow + MIN_DELAY_LOG; \
536 sm_setproctitle(true, e, "%s %s: %.80s", \
537 qid_printname(e), CurSmtpClient, inp); \
540 static bool SevenBitInput_Saved
; /* saved version of SevenBitInput */
543 smtp(nullserver
, d_flags
, e
)
544 char *volatile nullserver
;
546 register ENVELOPE
*volatile e
;
548 register char *volatile p
;
549 register struct cmd
*volatile c
= NULL
;
551 auto ADDRESS
*vrfyqueue
;
553 volatile bool gothello
; /* helo command received */
554 bool vrfy
; /* set if this is a vrfy command */
555 char *volatile protocol
; /* sending protocol */
556 char *volatile sendinghost
; /* sending hostname */
557 char *volatile peerhostname
; /* name of SMTP peer or "localhost" */
560 volatile unsigned int n_badcmds
= 0; /* count of bad commands */
561 volatile unsigned int n_badrcpts
= 0; /* number of rejected RCPT */
562 volatile unsigned int n_verifies
= 0; /* count of VRFY/EXPN */
563 volatile unsigned int n_etrn
= 0; /* count of ETRN */
564 volatile unsigned int n_noop
= 0; /* count of NOOP/VERB/etc */
565 volatile unsigned int n_helo
= 0; /* count of HELO/EHLO */
568 volatile bool tempfail
= false;
569 volatile time_t wt
; /* timeout after too many commands */
570 volatile time_t previous
; /* time after checksmtpattack() */
571 volatile bool lognullconnection
= true;
575 char *greetcode
= "220";
576 char *hostname
; /* my hostname ($j) */
578 char *args
[MAXSMTPARGS
];
579 char inp
[MAXINPLINE
];
580 #if MAXINPLINE < MAXLINE
581 ERROR _MAXINPLINE must NOT be less than _MAXLINE
: MAXINPLINE
< MAXLINE
582 #endif /* MAXINPLINE < MAXLINE */
583 char cmdbuf
[MAXLINE
];
586 volatile bool sasl_ok
;
587 volatile unsigned int n_auth
= 0; /* count of AUTH commands */
590 volatile int authenticating
;
594 char *auth_id
= NULL
;
597 char localip
[60], remoteip
[60];
598 # else /* SASL >= 20000 */
601 sasl_external_properties_t ext_ssf
;
602 struct sockaddr_in saddr_l
;
603 struct sockaddr_in saddr_r
;
604 # endif /* SASL >= 20000 */
605 sasl_security_properties_t ssp
;
607 unsigned int inlen
, out2len
;
609 char *volatile auth_type
;
611 volatile unsigned int n_mechs
;
618 volatile bool tls_active
= false;
619 volatile bool smtps
= bitnset(D_SMTPS
, d_flags
);
623 #endif /* STARTTLS */
624 volatile unsigned int features
;
628 # endif /* _FFR_NO_PIPE */
629 #endif /* PIPELINING */
630 volatile time_t log_delay
= (time_t) 0;
632 volatile bool milter_cmd_done
, milter_cmd_safe
;
633 volatile bool milter_rcpt_added
, milter_cmd_fail
;
635 # define p_addr_st &addr_st
637 # define p_addr_st NULL
641 SevenBitInput_Saved
= SevenBitInput
;
644 smtp
.sm_milterize
= (nullserver
== NULL
);
645 smtp
.sm_milterlist
= false;
649 /* setup I/O fd correctly for the SMTP server */
653 if (sm_debug_active(&DebugLeakSmtp
, 1))
656 sm_dprintf("smtp() heap group #%d\n", sm_heap_group());
658 #endif /* SM_HEAP_CHECK */
660 /* XXX the rpool should be set when e is initialized in main() */
661 e
->e_rpool
= sm_rpool_new_x(NULL
);
662 e
->e_macro
.mac_rpool
= e
->e_rpool
;
666 peerhostname
= RealHostName
;
667 if (peerhostname
== NULL
)
668 peerhostname
= "localhost";
669 CurHostName
= peerhostname
;
670 CurSmtpClient
= macvalue('_', e
);
671 if (CurSmtpClient
== NULL
)
672 CurSmtpClient
= CurHostName
;
674 /* check_relay may have set discard bit, save for later */
675 smtp
.sm_discard
= bitset(EF_DISCARD
, e
->e_flags
);
678 /* auto-flush output when reading input */
679 (void) sm_io_autoflush(InChannel
, OutChannel
);
680 #endif /* PIPELINING */
682 sm_setproctitle(true, e
, "server %s startup", CurSmtpClient
);
684 /* Set default features for server. */
685 features
= ((bitset(PRIV_NOETRN
, PrivacyFlags
) ||
686 bitnset(D_NOETRN
, d_flags
)) ? SRV_NONE
: SRV_OFFER_ETRN
)
687 | (bitnset(D_AUTHREQ
, d_flags
) ? SRV_REQ_AUTH
: SRV_NONE
)
688 | (bitset(PRIV_NOEXPN
, PrivacyFlags
) ? SRV_NONE
690 | (bitset(PRIV_NOVERB
, PrivacyFlags
)
691 ? SRV_NONE
: SRV_OFFER_VERB
)))
692 | ((bitset(PRIV_NORECEIPTS
, PrivacyFlags
) || !SendMIMEErrors
)
693 ? SRV_NONE
: SRV_OFFER_DSN
)
695 | (bitnset(D_NOAUTH
, d_flags
) ? SRV_NONE
: SRV_OFFER_AUTH
)
696 | (bitset(SASL_SEC_NOPLAINTEXT
, SASLOpts
) ? SRV_REQ_SEC
701 #endif /* PIPELINING */
703 | (bitnset(D_NOTLS
, d_flags
) ? SRV_NONE
: SRV_OFFER_TLS
)
704 | (bitset(TLS_I_NO_VRFY
, TLS_Srv_Opts
) ? SRV_NONE
706 #endif /* STARTTLS */
708 if (nullserver
== NULL
)
710 features
= srvfeatures(e
, CurSmtpClient
, features
);
711 if (bitset(SRV_TMP_FAIL
, features
))
714 sm_syslog(LOG_ERR
, NOQID
,
715 "ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled",
717 nullserver
= "450 4.3.0 Please try again later.";
723 if (bitset(SRV_NO_PIPE
, features
))
725 /* for consistency */
726 features
&= ~SRV_OFFER_PIPE
;
728 # endif /* _FFR_NO_PIPE */
729 #endif /* PIPELINING */
731 if (bitset(SRV_REQ_SEC
, features
))
732 SASLOpts
|= SASL_SEC_NOPLAINTEXT
;
734 SASLOpts
&= ~SASL_SEC_NOPLAINTEXT
;
738 else if (strncmp(nullserver
, "421 ", 4) == 0)
744 e
->e_features
= features
;
745 hostname
= macvalue('j', e
);
747 if (AuthRealm
== NULL
)
748 AuthRealm
= hostname
;
749 sasl_ok
= bitset(SRV_OFFER_AUTH
, features
);
751 authenticating
= SASL_NOT_AUTH
;
753 /* SASL server new connection */
757 result
= sasl_server_new("smtp", AuthRealm
, NULL
, NULL
, NULL
,
760 /* use empty realm: only works in SASL > 1.5.5 */
761 result
= sasl_server_new("smtp", AuthRealm
, "", NULL
, 0, &conn
);
762 # else /* SASL >= 20000 */
763 /* use no realm -> realm is set to hostname by SASL lib */
764 result
= sasl_server_new("smtp", AuthRealm
, NULL
, NULL
, 0,
766 # endif /* SASL >= 20000 */
767 sasl_ok
= result
== SASL_OK
;
771 sm_syslog(LOG_WARNING
, NOQID
,
772 "AUTH error: sasl_server_new failed=%d",
779 ** SASL set properties for sasl
780 ** set local/remote IP
781 ** XXX Cyrus SASL v1 only supports IPv4
783 ** XXX where exactly are these used/required?
788 localip
[0] = remoteip
[0] = '\0';
789 # if NETINET || NETINET6
790 in
= macvalue(macid("{daemon_family}"), e
);
793 strcmp(in
, "inet6") == 0 ||
794 # endif /* NETINET6 */
795 strcmp(in
, "inet") == 0))
797 SOCKADDR_LEN_T addrsize
;
801 addrsize
= sizeof(saddr_r
);
802 if (getpeername(sm_io_getinfo(InChannel
, SM_IO_WHAT_FD
,
804 (struct sockaddr
*) &saddr_r
,
807 if (iptostring(&saddr_r
, addrsize
,
808 remoteip
, sizeof(remoteip
)))
810 sasl_setprop(conn
, SASL_IPREMOTEPORT
,
813 addrsize
= sizeof(saddr_l
);
814 if (getsockname(sm_io_getinfo(InChannel
,
817 (struct sockaddr
*) &saddr_l
,
820 if (iptostring(&saddr_l
, addrsize
,
831 # endif /* NETINET || NETINET6 */
832 # else /* SASL >= 20000 */
834 in
= macvalue(macid("{daemon_family}"), e
);
835 if (in
!= NULL
&& strcmp(in
, "inet") == 0)
837 SOCKADDR_LEN_T addrsize
;
839 addrsize
= sizeof(struct sockaddr_in
);
840 if (getpeername(sm_io_getinfo(InChannel
, SM_IO_WHAT_FD
,
842 (struct sockaddr
*)&saddr_r
,
845 sasl_setprop(conn
, SASL_IP_REMOTE
, &saddr_r
);
846 addrsize
= sizeof(struct sockaddr_in
);
847 if (getsockname(sm_io_getinfo(InChannel
,
850 (struct sockaddr
*)&saddr_l
,
852 sasl_setprop(conn
, SASL_IP_LOCAL
,
856 # endif /* NETINET */
857 # endif /* SASL >= 20000 */
863 macdefine(&BlankEnvelope
.e_macro
, A_PERM
,
864 macid("{auth_author}"), NULL
);
868 (void) memset(&ssp
, '\0', sizeof(ssp
));
870 /* XXX should these be options settable via .cf ? */
871 /* ssp.min_ssf = 0; is default due to memset() */
873 ssp
.max_ssf
= MaxSLBits
;
874 ssp
.maxbufsize
= MAXOUTLEN
;
876 ssp
.security_flags
= SASLOpts
& SASL_SEC_MASK
;
877 sasl_ok
= sasl_setprop(conn
, SASL_SEC_PROPS
, &ssp
) == SASL_OK
;
882 ** external security strength factor;
883 ** currently we have none so zero
889 sasl_ok
= ((sasl_setprop(conn
, SASL_SSF_EXTERNAL
,
890 &ext_ssf
) == SASL_OK
) &&
891 (sasl_setprop(conn
, SASL_AUTH_EXTERNAL
,
892 auth_id
) == SASL_OK
));
893 # else /* SASL >= 20000 */
895 ext_ssf
.auth_id
= NULL
;
896 sasl_ok
= sasl_setprop(conn
, SASL_SSF_EXTERNAL
,
897 &ext_ssf
) == SASL_OK
;
898 # endif /* SASL >= 20000 */
901 n_mechs
= saslmechs(conn
, &mechlist
);
906 #endif /* STARTTLS */
909 if (smtp
.sm_milterize
)
913 /* initialize mail filter connection */
914 smtp
.sm_milterlist
= milter_init(e
, &state
, &smtp
.sm_milters
);
918 if (MilterLogLevel
> 3)
919 sm_syslog(LOG_INFO
, e
->e_id
,
920 "Milter: initialization failed, rejecting commands");
922 nullserver
= "Command rejected";
923 smtp
.sm_milterize
= false;
927 if (MilterLogLevel
> 3)
928 sm_syslog(LOG_INFO
, e
->e_id
,
929 "Milter: initialization failed, temp failing commands");
931 smtp
.sm_milterize
= false;
935 if (MilterLogLevel
> 3)
936 sm_syslog(LOG_INFO
, e
->e_id
,
937 "Milter: initialization failed, closing connection");
939 smtp
.sm_milterize
= false;
940 message("421 4.7.0 %s closing connection",
943 /* arrange to ignore send list */
944 e
->e_sendqueue
= NULL
;
949 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
950 !bitset(EF_DISCARD
, e
->e_flags
))
955 q
= macvalue(macid("{client_name}"), e
);
956 SM_ASSERT(q
!= NULL
|| OpMode
== MD_SMTP
);
959 response
= milter_connect(q
, RealHostAddr
, e
, &state
);
962 case SMFIR_REPLYCODE
: /* REPLYCODE shouldn't happen */
964 if (MilterLogLevel
> 3)
965 sm_syslog(LOG_INFO
, e
->e_id
,
966 "Milter: connect: host=%s, addr=%s, rejecting commands",
968 anynet_ntoa(&RealHostAddr
));
970 nullserver
= "Command rejected";
971 smtp
.sm_milterize
= false;
975 if (MilterLogLevel
> 3)
976 sm_syslog(LOG_INFO
, e
->e_id
,
977 "Milter: connect: host=%s, addr=%s, temp failing commands",
979 anynet_ntoa(&RealHostAddr
));
981 smtp
.sm_milterize
= false;
985 if (MilterLogLevel
> 3)
986 sm_syslog(LOG_INFO
, e
->e_id
,
987 "Milter: connect: host=%s, addr=%s, shutdown",
989 anynet_ntoa(&RealHostAddr
));
991 smtp
.sm_milterize
= false;
992 message("421 4.7.0 %s closing connection",
995 /* arrange to ignore send list */
996 e
->e_sendqueue
= NULL
;
999 if (response
!= NULL
)
1000 sm_free(response
); /* XXX */
1005 ** Broken proxies and SMTP slammers
1006 ** push data without waiting, catch them
1012 #endif /* STARTTLS */
1013 *greetcode
== '2' && nullserver
== NULL
)
1017 char pvpbuf
[PSBUFSIZE
];
1019 /* Ask the rulesets how long to pause */
1021 r
= rscap("greet_pause", peerhostname
,
1022 anynet_ntoa(&RealHostAddr
), e
,
1023 &pvp
, pvpbuf
, sizeof(pvpbuf
));
1024 if (r
== EX_OK
&& pvp
!= NULL
&& pvp
[0] != NULL
&&
1025 (pvp
[0][0] & 0377) == CANONNET
&& pvp
[1] != NULL
)
1027 msecs
= strtol(pvp
[1], NULL
, 10);
1034 struct timeval timeout
;
1035 struct timeval bp
, ep
, tp
; /* {begin,end,total}pause */
1038 /* pause for a moment */
1039 timeout
.tv_sec
= msecs
/ 1000;
1040 timeout
.tv_usec
= (msecs
% 1000) * 1000;
1042 /* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */
1043 if (timeout
.tv_sec
>= 300)
1045 timeout
.tv_sec
= 300;
1046 timeout
.tv_usec
= 0;
1049 /* check if data is on the socket during the pause */
1050 fd
= sm_io_getinfo(InChannel
, SM_IO_WHAT_FD
, NULL
);
1052 SM_FD_SET(fd
, &readfds
);
1053 gettimeofday(&bp
, NULL
);
1054 if (select(fd
+ 1, FDSET_CAST
&readfds
,
1055 NULL
, NULL
, &timeout
) > 0 &&
1056 FD_ISSET(fd
, &readfds
) &&
1057 (eoftest
= sm_io_getc(InChannel
, SM_TIME_DEFAULT
))
1060 sm_io_ungetc(InChannel
, SM_TIME_DEFAULT
,
1062 gettimeofday(&ep
, NULL
);
1063 timersub(&ep
, &bp
, &tp
);
1065 nullserver
= "Command rejected";
1066 sm_syslog(LOG_INFO
, e
->e_id
,
1067 "rejecting commands from %s [%s] due to pre-greeting traffic after %d seconds",
1069 anynet_ntoa(&RealHostAddr
),
1071 (tp
.tv_usec
>= 500000 ? 1 : 0)
1078 /* If this an smtps connection, start TLS now */
1087 #endif /* STARTTLS */
1089 /* output the first line, inserting "ESMTP" as second word */
1090 if (*greetcode
== '5')
1091 (void) sm_snprintf(inp
, sizeof(inp
),
1092 "%s not accepting messages", hostname
);
1094 expand(SmtpGreeting
, inp
, sizeof(inp
), e
);
1096 p
= strchr(inp
, '\n');
1099 id
= strchr(inp
, ' ');
1101 id
= &inp
[strlen(inp
)];
1103 (void) sm_snprintf(cmdbuf
, sizeof(cmdbuf
),
1104 "%s %%.*s ESMTP%%s", greetcode
);
1106 (void) sm_snprintf(cmdbuf
, sizeof(cmdbuf
),
1107 "%s-%%.*s ESMTP%%s", greetcode
);
1108 message(cmdbuf
, (int) (id
- inp
), inp
, id
);
1110 /* output remaining lines */
1111 while ((id
= p
) != NULL
&& (p
= strchr(id
, '\n')) != NULL
)
1114 if (isascii(*id
) && isspace(*id
))
1116 (void) sm_strlcpyn(cmdbuf
, sizeof(cmdbuf
), 2, greetcode
, "-%s");
1117 message(cmdbuf
, id
);
1121 if (isascii(*id
) && isspace(*id
))
1123 (void) sm_strlcpyn(cmdbuf
, sizeof(cmdbuf
), 2, greetcode
, " %s");
1124 message(cmdbuf
, id
);
1128 sendinghost
= macvalue('s', e
);
1130 /* If quarantining by a connect/ehlo action, save between messages */
1131 if (e
->e_quarmsg
== NULL
)
1132 smtp
.sm_quarmsg
= NULL
;
1134 smtp
.sm_quarmsg
= newstr(e
->e_quarmsg
);
1136 /* sendinghost's storage must outlive the current envelope */
1137 if (sendinghost
!= NULL
)
1138 sendinghost
= sm_strdup_x(sendinghost
);
1141 smtp
.sm_gotmail
= false;
1150 OnlyOneError
= true;
1151 e
->e_flags
&= ~(EF_VRFYONLY
|EF_GLOBALERRS
);
1153 milter_cmd_fail
= false;
1156 /* setup for the read */
1160 (void) sm_io_flush(smioout
, SM_TIME_DEFAULT
);
1162 /* read the input line */
1163 SmtpPhase
= "server cmd read";
1164 sm_setproctitle(true, e
, "server %s cmd read", CurSmtpClient
);
1167 if (sm_io_error(OutChannel
) ||
1168 (p
= sfgets(inp
, sizeof(inp
), InChannel
,
1169 TimeOuts
.to_nextcommand
, SmtpPhase
)) == NULL
)
1173 d
= macvalue(macid("{daemon_name}"), e
);
1176 /* end of file, just die */
1180 /* close out milter filters */
1184 message("421 4.4.1 %s Lost input channel from %s",
1185 MyHostName
, CurSmtpClient
);
1186 if (LogLevel
> (smtp
.sm_gotmail
? 1 : 19))
1187 sm_syslog(LOG_NOTICE
, e
->e_id
,
1188 "lost input channel from %s to %s after %s",
1190 (c
== NULL
|| c
->cmd_name
== NULL
) ? "startup" : c
->cmd_name
);
1192 ** If have not accepted mail (DATA), do not bounce
1193 ** bad addresses back to sender.
1196 if (bitset(EF_CLRQUEUE
, e
->e_flags
))
1197 e
->e_sendqueue
= NULL
;
1201 /* also used by "proxy" check below */
1202 inplen
= strlen(inp
);
1205 ** SMTP AUTH requires accepting any length,
1206 ** at least for challenge/response. However, not imposing
1207 ** a limit is a bad idea (denial of service).
1210 if (authenticating
!= SASL_PROC_AUTH
1211 && sm_strncasecmp(inp
, "AUTH ", 5) != 0
1212 && inplen
> MAXLINE
)
1214 message("421 4.7.0 %s Command too long, possible attack %s",
1215 MyHostName
, CurSmtpClient
);
1216 sm_syslog(LOG_INFO
, e
->e_id
,
1217 "%s: SMTP violation, input too long: %lu",
1218 CurSmtpClient
, (unsigned long) inplen
);
1228 static char *http_cmds
[] = { "GET", "POST",
1229 "CONNECT", "USER", NULL
};
1231 for (idx
= 0; (http_cmd
= http_cmds
[idx
]) != NULL
;
1234 cmdlen
= strlen(http_cmd
);
1235 if (cmdlen
< inplen
&&
1236 sm_strncasecmp(inp
, http_cmd
, cmdlen
) == 0 &&
1237 isascii(inp
[cmdlen
]) && isspace(inp
[cmdlen
]))
1239 /* Open proxy, drop it */
1240 message("421 4.7.0 %s Rejecting open proxy %s",
1241 MyHostName
, CurSmtpClient
);
1242 sm_syslog(LOG_INFO
, e
->e_id
,
1243 "%s: probable open proxy: command=%.40s",
1244 CurSmtpClient
, inp
);
1251 /* clean up end of line */
1257 ** if there is more input and pipelining is disabled:
1258 ** delay ... (and maybe discard the input?)
1259 ** XXX this doesn't really work, at least in tests using
1260 ** telnet SM_IO_IS_READABLE only returns 1 if there were
1261 ** more than 2 input lines available.
1264 if (bitset(SRV_NO_PIPE
, features
) &&
1265 sm_io_getinfo(InChannel
, SM_IO_IS_READABLE
, NULL
) > 0)
1268 sm_syslog(LOG_INFO
, NOQID
,
1269 "unauthorized PIPELINING, sleeping");
1273 # endif /* _FFR_NO_PIPE */
1274 #endif /* PIPELINING */
1277 if (authenticating
== SASL_PROC_AUTH
)
1282 authenticating
= SASL_NOT_AUTH
;
1283 message("501 5.5.2 missing input");
1288 if (*inp
== '*' && *(inp
+ 1) == '\0')
1290 authenticating
= SASL_NOT_AUTH
;
1293 message("501 5.0.0 AUTH aborted");
1298 /* could this be shorter? XXX */
1300 in
= xalloc(strlen(inp
) + 1);
1301 result
= sasl_decode64(inp
, strlen(inp
), in
,
1302 strlen(inp
), &inlen
);
1303 # else /* SASL >= 20000 */
1304 out
= xalloc(strlen(inp
));
1305 result
= sasl_decode64(inp
, strlen(inp
), out
, &outlen
);
1306 # endif /* SASL >= 20000 */
1307 if (result
!= SASL_OK
)
1309 authenticating
= SASL_NOT_AUTH
;
1312 message("501 5.5.4 cannot decode AUTH parameter %s",
1316 # endif /* SASL >= 20000 */
1322 result
= sasl_server_step(conn
, in
, inlen
,
1325 # else /* SASL >= 20000 */
1326 result
= sasl_server_step(conn
, out
, outlen
,
1327 &out
, &outlen
, &errstr
);
1328 # endif /* SASL >= 20000 */
1330 /* get an OK if we're done */
1331 if (result
== SASL_OK
)
1334 message("235 2.0.0 OK Authenticated");
1335 authenticating
= SASL_IS_AUTH
;
1336 macdefine(&BlankEnvelope
.e_macro
, A_TEMP
,
1337 macid("{auth_type}"), auth_type
);
1340 user
= macvalue(macid("{auth_authen}"), e
);
1342 /* get security strength (features) */
1343 result
= sasl_getprop(conn
, SASL_SSF
,
1344 (const void **) &ssf
);
1345 # else /* SASL >= 20000 */
1346 result
= sasl_getprop(conn
, SASL_USERNAME
,
1348 if (result
!= SASL_OK
)
1351 macdefine(&BlankEnvelope
.e_macro
,
1353 macid("{auth_authen}"), NULL
);
1357 macdefine(&BlankEnvelope
.e_macro
,
1359 macid("{auth_authen}"),
1360 xtextify(user
, "<>\")"));
1365 sasl_getprop(conn
, SASL_REALM
, (void **) &data
);
1368 /* get security strength (features) */
1369 result
= sasl_getprop(conn
, SASL_SSF
,
1371 # endif /* SASL >= 20000 */
1372 if (result
!= SASL_OK
)
1374 macdefine(&BlankEnvelope
.e_macro
,
1376 macid("{auth_ssf}"), "0");
1383 (void) sm_snprintf(pbuf
, sizeof(pbuf
),
1385 macdefine(&BlankEnvelope
.e_macro
,
1387 macid("{auth_ssf}"), pbuf
);
1389 sm_dprintf("AUTH auth_ssf: %u\n",
1394 ** Only switch to encrypted connection
1395 ** if a security layer has been negotiated
1398 if (ssf
!= NULL
&& *ssf
> 0)
1403 ** Convert I/O layer to use SASL.
1404 ** If the call fails, the connection
1408 tmo
= TimeOuts
.to_datablock
* 1000;
1409 if (sfdcsasl(&InChannel
, &OutChannel
,
1412 /* restart dialogue */
1415 (void) sm_io_autoflush(InChannel
,
1417 # endif /* PIPELINING */
1420 syserr("503 5.3.3 SASL TLS failed");
1423 /* NULL pointer ok since it's our function */
1425 sm_syslog(LOG_INFO
, NOQID
,
1426 "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
1428 shortenstring(user
, 128),
1431 else if (result
== SASL_CONTINUE
)
1433 len
= ENC64LEN(outlen
);
1435 result
= sasl_encode64(out
, outlen
, out2
, len
,
1437 if (result
!= SASL_OK
)
1439 /* correct code? XXX */
1440 /* 454 Temp. authentication failure */
1441 message("454 4.5.4 Internal error: unable to encode64");
1443 sm_syslog(LOG_WARNING
, e
->e_id
,
1444 "AUTH encode64 error [%d for \"%s\"]",
1447 authenticating
= SASL_NOT_AUTH
;
1451 message("334 %s", out2
);
1453 sm_dprintf("AUTH continue: msg='%s' len=%u\n",
1458 # endif /* SASL >= 20000 */
1462 /* not SASL_OK or SASL_CONT */
1463 message("535 5.7.0 authentication failed");
1465 sm_syslog(LOG_WARNING
, e
->e_id
,
1466 "AUTH failure (%s): %s (%d) %s",
1468 sasl_errstring(result
, NULL
,
1472 sasl_errdetail(conn
));
1473 # else /* SASL >= 20000 */
1474 errstr
== NULL
? "" : errstr
);
1475 # endif /* SASL >= 20000 */
1477 authenticating
= SASL_NOT_AUTH
;
1482 /* don't want to do any of this if authenticating */
1485 /* echo command to transcript */
1486 if (e
->e_xfp
!= NULL
)
1487 (void) sm_io_fprintf(e
->e_xfp
, SM_TIME_DEFAULT
,
1491 sm_syslog(LOG_INFO
, e
->e_id
, "<-- %s", inp
);
1493 /* break off command */
1494 for (p
= inp
; isascii(*p
) && isspace(*p
); p
++)
1497 while (*p
!= '\0' &&
1498 !(isascii(*p
) && isspace(*p
)) &&
1499 cmd
< &cmdbuf
[sizeof(cmdbuf
) - 2])
1503 /* throw away leading whitespace */
1506 /* decode command */
1507 for (c
= CmdTab
; c
->cmd_name
!= NULL
; c
++)
1509 if (sm_strcasecmp(c
->cmd_name
, cmdbuf
) == 0)
1516 /* check whether a "non-null" command has been used */
1517 switch (c
->cmd_code
)
1521 /* avoid information leak; take first two words? */
1530 lognullconnection
= false;
1537 if (e
->e_id
== NULL
)
1538 sm_setproctitle(true, e
, "%s: %.80s",
1541 sm_setproctitle(true, e
, "%s %s: %.80s",
1548 ** If we are running as a null server, return 550
1549 ** to almost everything.
1552 if (nullserver
!= NULL
|| bitnset(D_ETRNONLY
, d_flags
))
1554 switch (c
->cmd_code
)
1562 /* process normally */
1566 if (bitnset(D_ETRNONLY
, d_flags
) &&
1573 #if MAXBADCOMMANDS > 0
1574 /* theoretically this could overflow */
1575 if (nullserver
!= NULL
&&
1576 ++n_badcmds
> MAXBADCOMMANDS
)
1578 message("421 4.7.0 %s Too many bad commands; closing connection",
1581 /* arrange to ignore send list */
1582 e
->e_sendqueue
= NULL
;
1585 #endif /* MAXBADCOMMANDS > 0 */
1586 if (nullserver
!= NULL
)
1588 if (ISSMTPREPLY(nullserver
))
1591 usrerr("550 5.0.0 %s",
1595 usrerr("452 4.4.5 Insufficient disk space; try again later");
1600 switch (c
->cmd_code
)
1603 case CMDAUTH
: /* sasl */
1605 if (!sasl_ok
|| n_mechs
<= 0)
1607 message("503 5.3.3 AUTH not available");
1610 if (authenticating
== SASL_IS_AUTH
)
1612 message("503 5.5.0 Already Authenticated");
1615 if (smtp
.sm_gotmail
)
1617 message("503 5.5.0 AUTH not permitted during a mail transaction");
1623 sm_syslog(LOG_INFO
, e
->e_id
,
1624 "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
1626 usrerr("454 4.3.0 Please try again later");
1632 /* crude way to avoid crack attempts */
1633 STOP_IF_ATTACK(checksmtpattack(&n_auth
, n_mechs
+ 1,
1636 /* make sure mechanism (p) is a valid string */
1637 for (q
= p
; *q
!= '\0' && isascii(*q
); q
++)
1642 while (*++q
!= '\0' &&
1643 isascii(*q
) && isspace(*q
))
1646 ismore
= (*q
!= '\0');
1653 message("501 5.5.2 AUTH mechanism must be specified");
1657 /* check whether mechanism is available */
1658 if (iteminlist(p
, mechlist
, " ") == NULL
)
1660 message("504 5.3.3 AUTH mechanism %.32s not available",
1667 ** Unlike a zero-length client answer to a
1668 ** 334 reply, a zero- length initial response
1669 ** is sent as a single equals sign ("=").
1672 if (ismore
&& *q
== '=' && *(q
+ 1) == '\0')
1674 /* will be free()d, don't use in=""; */
1681 /* could this be shorter? XXX */
1683 in
= xalloc(strlen(q
) + 1);
1684 result
= sasl_decode64(q
, strlen(q
), in
,
1686 # else /* SASL >= 20000 */
1687 in
= sm_rpool_malloc(e
->e_rpool
, strlen(q
));
1688 result
= sasl_decode64(q
, strlen(q
), in
,
1690 # endif /* SASL >= 20000 */
1691 if (result
!= SASL_OK
)
1693 message("501 5.5.4 cannot BASE64 decode '%s'",
1696 sm_syslog(LOG_WARNING
, e
->e_id
,
1697 "AUTH decode64 error [%d for \"%s\"]",
1700 authenticating
= SASL_NOT_AUTH
;
1703 # endif /* SASL >= 20000 */
1715 /* see if that auth type exists */
1717 result
= sasl_server_start(conn
, p
, in
, inlen
,
1721 # else /* SASL >= 20000 */
1722 result
= sasl_server_start(conn
, p
, in
, inlen
,
1723 &out
, &outlen
, &errstr
);
1724 # endif /* SASL >= 20000 */
1726 if (result
!= SASL_OK
&& result
!= SASL_CONTINUE
)
1728 message("535 5.7.0 authentication failed");
1730 sm_syslog(LOG_ERR
, e
->e_id
,
1731 "AUTH failure (%s): %s (%d) %s",
1733 sasl_errstring(result
, NULL
,
1737 sasl_errdetail(conn
));
1738 # else /* SASL >= 20000 */
1740 # endif /* SASL >= 20000 */
1744 auth_type
= newstr(p
);
1746 if (result
== SASL_OK
)
1748 /* ugly, but same code */
1750 /* authenticated by the initial response */
1753 /* len is at least 2 */
1754 len
= ENC64LEN(outlen
);
1756 result
= sasl_encode64(out
, outlen
, out2
, len
,
1759 if (result
!= SASL_OK
)
1761 message("454 4.5.4 Temporary authentication failure");
1763 sm_syslog(LOG_WARNING
, e
->e_id
,
1764 "AUTH encode64 error [%d for \"%s\"]",
1768 authenticating
= SASL_NOT_AUTH
;
1773 message("334 %s", out2
);
1774 authenticating
= SASL_PROC_AUTH
;
1778 # endif /* SASL >= 20000 */
1783 case CMDSTLS
: /* starttls */
1784 DELAY_CONN("STARTTLS");
1787 message("501 5.5.2 Syntax error (no parameters allowed)");
1790 if (!bitset(SRV_OFFER_TLS
, features
))
1792 message("503 5.5.0 TLS not available");
1797 message("454 4.3.3 TLS not available after start");
1800 if (smtp
.sm_gotmail
)
1802 message("503 5.5.0 TLS not permitted during a mail transaction");
1808 sm_syslog(LOG_INFO
, e
->e_id
,
1809 "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
1811 usrerr("454 4.7.0 Please try again later");
1817 ** XXX do we need a temp key ?
1819 # else /* TLS_NO_RSA */
1820 # endif /* TLS_NO_RSA */
1822 # if TLS_VRFY_PER_CTX
1824 ** Note: this sets the verification globally
1826 ** it's ok since it applies only to one transaction
1829 TLS_VERIFY_CLIENT();
1830 # endif /* TLS_VRFY_PER_CTX */
1832 if (srv_ssl
!= NULL
)
1834 else if ((srv_ssl
= SSL_new(srv_ctx
)) == NULL
)
1836 message("454 4.3.3 TLS not available: error generating SSL handle");
1838 tlslogerr("server");
1842 # if !TLS_VRFY_PER_CTX
1844 ** this could be used if it were possible to set
1845 ** verification per SSL (connection)
1846 ** not just per SSL_CTX (global)
1849 TLS_VERIFY_CLIENT();
1850 # endif /* !TLS_VRFY_PER_CTX */
1852 rfd
= sm_io_getinfo(InChannel
, SM_IO_WHAT_FD
, NULL
);
1853 wfd
= sm_io_getinfo(OutChannel
, SM_IO_WHAT_FD
, NULL
);
1855 if (rfd
< 0 || wfd
< 0 ||
1856 SSL_set_rfd(srv_ssl
, rfd
) <= 0 ||
1857 SSL_set_wfd(srv_ssl
, wfd
) <= 0)
1859 message("454 4.3.3 TLS not available: error set fd");
1865 message("220 2.0.0 Ready to start TLS");
1867 (void) sm_io_flush(OutChannel
, SM_TIME_DEFAULT
);
1868 # endif /* PIPELINING */
1870 SSL_set_accept_state(srv_ssl
);
1872 # define SSL_ACC(s) SSL_accept(s)
1874 tlsstart
= curtime();
1876 if ((r
= SSL_ACC(srv_ssl
)) <= 0)
1880 ssl_err
= SSL_get_error(srv_ssl
, r
);
1881 i
= tls_retry(srv_ssl
, rfd
, wfd
, tlsstart
,
1882 TimeOuts
.to_starttls
, ssl_err
,
1889 sm_syslog(LOG_WARNING
, NOQID
,
1890 "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
1891 r
, ssl_err
, errno
, i
);
1893 tlslogerr("server");
1900 ** according to the next draft of
1901 ** RFC 2487 the connection should be dropped
1904 /* arrange to ignore any current send list */
1905 e
->e_sendqueue
= NULL
;
1909 /* ignore return code for now, it's in {verify} */
1910 (void) tls_get_info(srv_ssl
, true,
1912 &BlankEnvelope
.e_macro
,
1913 bitset(SRV_VRFY_CLT
, features
));
1916 ** call Stls_client to find out whether
1917 ** to accept the connection from the client
1920 saveQuickAbort
= QuickAbort
;
1921 saveSuprErrs
= SuprErrs
;
1924 if (rscheck("tls_client",
1925 macvalue(macid("{verify}"), e
),
1927 RSF_RMCOMM
|RSF_COUNT
,
1928 5, NULL
, NOQID
, NULL
) != EX_OK
||
1931 extern char MsgBuf
[];
1933 if (MsgBuf
[0] != '\0' && ISSMTPREPLY(MsgBuf
))
1934 nullserver
= newstr(MsgBuf
);
1936 nullserver
= "503 5.7.0 Authentication required.";
1938 QuickAbort
= saveQuickAbort
;
1939 SuprErrs
= saveSuprErrs
;
1941 tls_ok_srv
= false; /* don't offer STARTTLS again */
1950 s
= macvalue(macid("{cipher_bits}"), e
);
1951 v
= macvalue(macid("{verify}"), e
);
1952 c
= macvalue(macid("{cert_subject}"), e
);
1953 verified
= (v
!= NULL
&& strcmp(v
, "OK") == 0);
1954 if (s
!= NULL
&& (cipher_bits
= atoi(s
)) > 0)
1957 ext_ssf
= cipher_bits
;
1958 auth_id
= verified
? c
: NULL
;
1959 sasl_ok
= ((sasl_setprop(conn
,
1961 &ext_ssf
) == SASL_OK
) &&
1964 auth_id
) == SASL_OK
));
1965 # else /* SASL >= 20000 */
1966 ext_ssf
.ssf
= cipher_bits
;
1967 ext_ssf
.auth_id
= verified
? c
: NULL
;
1968 sasl_ok
= sasl_setprop(conn
,
1970 &ext_ssf
) == SASL_OK
;
1971 # endif /* SASL >= 20000 */
1974 n_mechs
= saslmechs(conn
,
1980 /* switch to secure connection */
1981 if (sfdctls(&InChannel
, &OutChannel
, srv_ssl
) == 0)
1985 (void) sm_io_autoflush(InChannel
, OutChannel
);
1986 # endif /* PIPELINING */
1991 ** XXX this is an internal error
1992 ** how to deal with it?
1993 ** we can't generate an error message
1994 ** since the other side switched to an
1995 ** encrypted layer, but we could not...
1999 nullserver
= "454 4.3.3 TLS not available: can't switch to encrypted layer";
2000 syserr("STARTTLS: can't switch to encrypted layer");
2011 #endif /* STARTTLS */
2013 case CMDHELO
: /* hello -- introduce yourself */
2014 case CMDEHLO
: /* extended hello */
2016 if (c
->cmd_code
== CMDEHLO
)
2019 SmtpPhase
= "server EHLO";
2024 SmtpPhase
= "server HELO";
2027 /* avoid denial-of-service */
2028 STOP_IF_ATTACK(checksmtpattack(&n_helo
, MAXHELOCOMMANDS
,
2029 true, "HELO/EHLO", e
));
2032 /* RFC2821 4.1.4 allows duplicate HELO/EHLO */
2033 /* check for duplicate HELO/EHLO per RFC 1651 4.2 */
2036 usrerr("503 %s Duplicate HELO/EHLO",
2042 /* check for valid domain name (re 1123 5.2.5) */
2043 if (*p
== '\0' && !AllowBogusHELO
)
2045 usrerr("501 %s requires domain address",
2050 /* check for long domain name (hides Received: info) */
2051 if (strlen(p
) > MAXNAME
)
2053 usrerr("501 Invalid domain name");
2055 sm_syslog(LOG_INFO
, CurEnv
->e_id
,
2056 "invalid domain name (too long) from %s",
2062 for (q
= p
; *q
!= '\0'; q
++)
2072 /* only complain if strict check */
2073 ok
= AllowBogusHELO
;
2075 /* allow trailing whitespace */
2076 while (!ok
&& *++q
!= '\0' &&
2083 if (strchr("[].-_#:", *q
) == NULL
)
2087 if (*q
== '\0' && ok
)
2089 q
= "pleased to meet you";
2090 sendinghost
= sm_strdup_x(p
);
2092 else if (!AllowBogusHELO
)
2094 usrerr("501 Invalid domain name");
2096 sm_syslog(LOG_INFO
, CurEnv
->e_id
,
2097 "invalid domain name (%s) from %.100s",
2103 q
= "accepting invalid domain name";
2106 if (gothello
|| smtp
.sm_gotmail
)
2107 CLEAR_STATE(cmdbuf
);
2110 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2111 !bitset(EF_DISCARD
, e
->e_flags
))
2116 response
= milter_helo(p
, e
, &state
);
2120 if (MilterLogLevel
> 3)
2121 sm_syslog(LOG_INFO
, e
->e_id
,
2122 "Milter: helo=%s, reject=Command rejected",
2124 nullserver
= "Command rejected";
2125 smtp
.sm_milterize
= false;
2128 case SMFIR_TEMPFAIL
:
2129 if (MilterLogLevel
> 3)
2130 sm_syslog(LOG_INFO
, e
->e_id
,
2131 "Milter: helo=%s, reject=%s",
2134 smtp
.sm_milterize
= false;
2137 case SMFIR_REPLYCODE
:
2138 if (MilterLogLevel
> 3)
2139 sm_syslog(LOG_INFO
, e
->e_id
,
2140 "Milter: helo=%s, reject=%s",
2142 if (strncmp(response
, "421 ", 4) != 0
2143 && strncmp(response
, "421-", 4) != 0)
2145 nullserver
= newstr(response
);
2146 smtp
.sm_milterize
= false;
2151 case SMFIR_SHUTDOWN
:
2152 if (MilterLogLevel
> 3 &&
2154 sm_syslog(LOG_INFO
, e
->e_id
,
2155 "Milter: helo=%s, reject=421 4.7.0 %s closing connection",
2158 smtp
.sm_milterize
= false;
2159 if (response
!= NULL
)
2162 message("421 4.7.0 %s closing connection",
2164 /* arrange to ignore send list */
2165 e
->e_sendqueue
= NULL
;
2166 lognullconnection
= false;
2169 if (response
!= NULL
)
2173 ** If quarantining by a connect/ehlo action,
2174 ** save between messages
2177 if (smtp
.sm_quarmsg
== NULL
&&
2178 e
->e_quarmsg
!= NULL
)
2179 smtp
.sm_quarmsg
= newstr(e
->e_quarmsg
);
2184 /* print HELO response message */
2185 if (c
->cmd_code
!= CMDEHLO
)
2187 message("250 %s Hello %s, %s",
2188 MyHostName
, CurSmtpClient
, q
);
2192 message("250-%s Hello %s, %s",
2193 MyHostName
, CurSmtpClient
, q
);
2195 /* offer ENHSC even for nullserver */
2196 if (nullserver
!= NULL
)
2198 message("250 ENHANCEDSTATUSCODES");
2203 ** print EHLO features list
2205 ** Note: If you change this list,
2206 ** remember to update 'helpfile'
2209 message("250-ENHANCEDSTATUSCODES");
2211 if (bitset(SRV_OFFER_PIPE
, features
))
2212 message("250-PIPELINING");
2213 #endif /* PIPELINING */
2214 if (bitset(SRV_OFFER_EXPN
, features
))
2216 message("250-EXPN");
2217 if (bitset(SRV_OFFER_VERB
, features
))
2218 message("250-VERB");
2221 message("250-8BITMIME");
2222 #endif /* MIME8TO7 */
2223 if (MaxMessageSize
> 0)
2224 message("250-SIZE %ld", MaxMessageSize
);
2226 message("250-SIZE");
2228 if (SendMIMEErrors
&& bitset(SRV_OFFER_DSN
, features
))
2231 if (bitset(SRV_OFFER_ETRN
, features
))
2232 message("250-ETRN");
2234 if (sasl_ok
&& mechlist
!= NULL
&& *mechlist
!= '\0')
2235 message("250-AUTH %s", mechlist
);
2239 bitset(SRV_OFFER_TLS
, features
))
2240 message("250-STARTTLS");
2241 #endif /* STARTTLS */
2242 if (DeliverByMin
> 0)
2243 message("250-DELIVERBY %ld",
2244 (long) DeliverByMin
);
2245 else if (DeliverByMin
== 0)
2246 message("250-DELIVERBY");
2248 /* < 0: no deliver-by */
2250 message("250 HELP");
2253 case CMDMAIL
: /* mail -- designate sender */
2254 SmtpPhase
= "server MAIL";
2257 /* check for validity of this command */
2258 if (!gothello
&& bitset(PRIV_NEEDMAILHELO
, PrivacyFlags
))
2260 usrerr("503 5.0.0 Polite people say HELO first");
2263 if (smtp
.sm_gotmail
)
2265 usrerr("503 5.5.0 Sender already specified");
2269 if (bitset(SRV_REQ_AUTH
, features
) &&
2270 authenticating
!= SASL_IS_AUTH
)
2272 usrerr("530 5.7.0 Authentication required");
2277 p
= skipword(p
, "from");
2283 sm_syslog(LOG_INFO
, e
->e_id
,
2284 "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
2286 usrerr(MSG_TEMPFAIL
);
2290 /* make sure we know who the sending host is */
2291 if (sendinghost
== NULL
)
2292 sendinghost
= peerhostname
;
2296 if (sm_debug_active(&DebugLeakSmtp
, 1))
2299 sm_dprintf("smtp() heap group #%d\n",
2302 #endif /* SM_HEAP_CHECK */
2308 auth_warning(e
, "%s didn't use HELO protocol",
2311 #ifdef PICKY_HELO_CHECK
2312 if (sm_strcasecmp(sendinghost
, peerhostname
) != 0 &&
2313 (sm_strcasecmp(peerhostname
, "localhost") != 0 ||
2314 sm_strcasecmp(sendinghost
, MyHostName
) != 0))
2316 auth_warning(e
, "Host %s claimed to be %s",
2317 CurSmtpClient
, sendinghost
);
2319 #endif /* PICKY_HELO_CHECK */
2321 if (protocol
== NULL
)
2323 macdefine(&e
->e_macro
, A_PERM
, 'r', protocol
);
2324 macdefine(&e
->e_macro
, A_PERM
, 's', sendinghost
);
2330 macdefine(&e
->e_macro
, A_PERM
, macid("{ntries}"), "0");
2331 macdefine(&e
->e_macro
, A_PERM
, macid("{nrcpts}"), "0");
2332 macdefine(&e
->e_macro
, A_PERM
, macid("{nbadrcpts}"),
2334 e
->e_flags
|= EF_CLRQUEUE
;
2335 sm_setproctitle(true, e
, "%s %s: %.80s",
2337 CurSmtpClient
, inp
);
2339 /* do the processing */
2342 extern char *FullName
;
2345 SM_FREE_CLR(FullName
);
2347 /* must parse sender first */
2349 setsender(p
, e
, &delimptr
, ' ', false);
2350 if (delimptr
!= NULL
&& *delimptr
!= '\0')
2353 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2355 /* Successfully set e_from, allow logging */
2356 e
->e_flags
|= EF_LOGSENDER
;
2358 /* put resulting triple from parseaddr() into macros */
2359 if (e
->e_from
.q_mailer
!= NULL
)
2360 macdefine(&e
->e_macro
, A_PERM
,
2361 macid("{mail_mailer}"),
2362 e
->e_from
.q_mailer
->m_name
);
2364 macdefine(&e
->e_macro
, A_PERM
,
2365 macid("{mail_mailer}"), NULL
);
2366 if (e
->e_from
.q_host
!= NULL
)
2367 macdefine(&e
->e_macro
, A_PERM
,
2368 macid("{mail_host}"),
2371 macdefine(&e
->e_macro
, A_PERM
,
2372 macid("{mail_host}"), "localhost");
2373 if (e
->e_from
.q_user
!= NULL
)
2374 macdefine(&e
->e_macro
, A_PERM
,
2375 macid("{mail_addr}"),
2378 macdefine(&e
->e_macro
, A_PERM
,
2379 macid("{mail_addr}"), NULL
);
2381 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2383 /* check for possible spoofing */
2384 if (RealUid
!= 0 && OpMode
== MD_SMTP
&&
2385 !wordinclass(RealUserName
, 't') &&
2386 (!bitnset(M_LOCALMAILER
,
2387 e
->e_from
.q_mailer
->m_flags
) ||
2388 strcmp(e
->e_from
.q_user
, RealUserName
) != 0))
2390 auth_warning(e
, "%s owned process doing -bs",
2394 /* reset to default value */
2395 SevenBitInput
= SevenBitInput_Saved
;
2397 /* now parse ESMTP arguments */
2400 parse_esmtp_args(e
, NULL
, p
, delimptr
, "MAIL", args
,
2403 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2406 # if _FFR_AUTH_PASSING
2407 /* set the default AUTH= if the sender didn't */
2408 if (e
->e_auth_param
== NULL
)
2410 /* XXX only do this for an MSA? */
2411 e
->e_auth_param
= macvalue(macid("{auth_authen}"),
2413 if (e
->e_auth_param
== NULL
)
2414 e
->e_auth_param
= "<>";
2417 ** XXX should we invoke Strust_auth now?
2418 ** authorizing as the client that just
2419 ** authenticated, so we'll trust implicitly
2422 # endif /* _FFR_AUTH_PASSING */
2425 /* do config file checking of the sender */
2426 macdefine(&e
->e_macro
, A_PERM
,
2427 macid("{addr_type}"), "e s");
2429 /* make the "real" sender address available */
2430 macdefine(&e
->e_macro
, A_TEMP
, macid("{mail_from}"),
2432 #endif /* _FFR_MAIL_MACRO */
2433 if (rscheck("check_mail", addr
,
2434 NULL
, e
, RSF_RMCOMM
|RSF_COUNT
, 3,
2435 NULL
, e
->e_id
, NULL
) != EX_OK
||
2437 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2438 macdefine(&e
->e_macro
, A_PERM
,
2439 macid("{addr_type}"), NULL
);
2441 if (MaxMessageSize
> 0 &&
2442 (e
->e_msgsize
> MaxMessageSize
||
2445 usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
2447 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2451 ** XXX always check whether there is at least one fs
2452 ** with enough space?
2453 ** However, this may not help much: the queue group
2454 ** selection may later on select a FS that hasn't
2458 if ((NumFileSys
== 1 || NumQueue
== 1) &&
2459 !enoughdiskspace(e
->e_msgsize
, e
)
2460 #if _FFR_ANY_FREE_FS
2461 && !filesys_free(e
->e_msgsize
)
2462 #endif /* _FFR_ANY_FREE_FS */
2466 ** We perform this test again when the
2467 ** queue directory is selected, in collect.
2470 usrerr("452 4.4.5 Insufficient disk space; try again later");
2471 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2474 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2478 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2479 !bitset(EF_DISCARD
, e
->e_flags
))
2484 response
= milter_envfrom(args
, e
, &state
);
2485 MILTER_REPLY("from");
2489 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2491 message("250 2.1.0 Sender ok");
2492 smtp
.sm_gotmail
= true;
2494 SM_EXCEPT(exc
, "[!F]*")
2497 ** An error occurred while processing a MAIL command.
2498 ** Jump to the common error handling code.
2508 e
->e_flags
&= ~EF_PM_NOTIFY
;
2512 case CMDRCPT
: /* rcpt -- designate recipient */
2514 macdefine(&e
->e_macro
, A_PERM
,
2515 macid("{rcpt_mailer}"), NULL
);
2516 macdefine(&e
->e_macro
, A_PERM
,
2517 macid("{rcpt_host}"), NULL
);
2518 macdefine(&e
->e_macro
, A_PERM
,
2519 macid("{rcpt_addr}"), NULL
);
2521 (void) memset(&addr_st
, '\0', sizeof(addr_st
));
2523 milter_rcpt_added
= false;
2524 smtp
.sm_e_nrcpts_orig
= e
->e_nrcpts
;
2526 if (BadRcptThrottle
> 0 &&
2527 n_badrcpts
>= BadRcptThrottle
)
2530 n_badrcpts
== BadRcptThrottle
)
2532 sm_syslog(LOG_INFO
, e
->e_id
,
2533 "%s: Possible SMTP RCPT flood, throttling.",
2536 /* To avoid duplicated message */
2542 ** Don't use exponential backoff for now.
2543 ** Some servers will open more connections
2544 ** and actually overload the receiver even
2550 if (!smtp
.sm_gotmail
)
2552 usrerr("503 5.0.0 Need MAIL before RCPT");
2555 SmtpPhase
= "server RCPT";
2561 /* limit flooding of our machine */
2562 if (MaxRcptPerMsg
> 0 &&
2563 smtp
.sm_nrcpts
>= MaxRcptPerMsg
)
2565 /* sleep(1); / * slow down? */
2566 usrerr("452 4.5.3 Too many recipients");
2570 if (e
->e_sendmode
!= SM_DELIVER
2572 && (NotFirstDelivery
|| SM_DM_ONE
!= e
->e_sendmode
)
2573 #endif /* _FFR_DM_ONE */
2575 e
->e_flags
|= EF_VRFYONLY
;
2579 ** Do not expand recipients at RCPT time (in the call
2580 ** to recipient()) if a milter can delete or reject
2581 ** a RCPT. If they are expanded, it is impossible
2582 ** for removefromlist() to figure out the expanded
2583 ** members of the original recipient and mark them
2587 if (!(smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2588 !bitset(EF_DISCARD
, e
->e_flags
)) &&
2589 (smtp
.sm_milters
.mis_flags
&
2590 (MIS_FL_DEL_RCPT
|MIS_FL_REJ_RCPT
)) != 0)
2591 e
->e_flags
|= EF_VRFYONLY
;
2592 milter_cmd_done
= false;
2593 milter_cmd_safe
= false;
2596 p
= skipword(p
, "to");
2599 macdefine(&e
->e_macro
, A_PERM
,
2600 macid("{addr_type}"), "e r");
2601 a
= parseaddr(p
, NULLADDR
, RF_COPYALL
, ' ', &delimptr
,
2603 macdefine(&e
->e_macro
, A_PERM
,
2604 macid("{addr_type}"), NULL
);
2609 usrerr("501 5.0.0 Missing recipient");
2613 if (delimptr
!= NULL
&& *delimptr
!= '\0')
2616 /* put resulting triple from parseaddr() into macros */
2617 if (a
->q_mailer
!= NULL
)
2618 macdefine(&e
->e_macro
, A_PERM
,
2619 macid("{rcpt_mailer}"),
2620 a
->q_mailer
->m_name
);
2622 macdefine(&e
->e_macro
, A_PERM
,
2623 macid("{rcpt_mailer}"), NULL
);
2624 if (a
->q_host
!= NULL
)
2625 macdefine(&e
->e_macro
, A_PERM
,
2626 macid("{rcpt_host}"), a
->q_host
);
2628 macdefine(&e
->e_macro
, A_PERM
,
2629 macid("{rcpt_host}"), "localhost");
2630 if (a
->q_user
!= NULL
)
2631 macdefine(&e
->e_macro
, A_PERM
,
2632 macid("{rcpt_addr}"), a
->q_user
);
2634 macdefine(&e
->e_macro
, A_PERM
,
2635 macid("{rcpt_addr}"), NULL
);
2639 /* now parse ESMTP arguments */
2641 parse_esmtp_args(e
, a
, p
, delimptr
, "RCPT", args
,
2648 ** rscheck() can trigger an "exception"
2649 ** in which case the execution continues at
2650 ** SM_EXCEPT(exc, "[!F]*")
2651 ** This means milter_cmd_safe is not set
2652 ** and hence milter is not invoked.
2653 ** Would it be "safe" to change that, i.e., use
2654 ** milter_cmd_safe = true;
2655 ** here so a milter is informed (if requested)
2656 ** about RCPTs that are rejected by check_rcpt?
2658 # if _FFR_MILTER_CHECK_REJECTIONS_TOO
2659 milter_cmd_safe
= true;
2663 /* do config file checking of the recipient */
2664 macdefine(&e
->e_macro
, A_PERM
,
2665 macid("{addr_type}"), "e r");
2666 if (rscheck("check_rcpt", addr
,
2667 NULL
, e
, RSF_RMCOMM
|RSF_COUNT
, 3,
2668 NULL
, e
->e_id
, p_addr_st
) != EX_OK
||
2671 macdefine(&e
->e_macro
, A_PERM
,
2672 macid("{addr_type}"), NULL
);
2674 /* If discarding, don't bother to verify user */
2675 if (bitset(EF_DISCARD
, e
->e_flags
))
2676 a
->q_state
= QS_VERIFIED
;
2678 milter_cmd_safe
= true;
2681 /* save in recipient list after ESMTP mods */
2682 a
= recipient(a
, &e
->e_sendqueue
, 0, e
);
2683 /* may trigger exception... */
2686 milter_rcpt_added
= true;
2689 if(!(Errors
> 0) && QS_IS_BADADDR(a
->q_state
))
2691 /* punt -- should keep message in ADDRESS.... */
2692 usrerr("550 5.1.1 Addressee unknown");
2697 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2698 !bitset(EF_DISCARD
, e
->e_flags
))
2703 /* how to get the error codes? */
2706 macdefine(&e
->e_macro
, A_PERM
,
2707 macid("{rcpt_mailer}"),
2710 a
->q_status
!= NULL
&&
2711 a
->q_rstatus
!= NULL
)
2713 macdefine(&e
->e_macro
, A_PERM
,
2714 macid("{rcpt_host}"),
2716 macdefine(&e
->e_macro
, A_PERM
,
2717 macid("{rcpt_addr}"),
2722 if (addr_st
.q_host
!= NULL
)
2723 macdefine(&e
->e_macro
,
2725 macid("{rcpt_host}"),
2727 if (addr_st
.q_user
!= NULL
)
2728 macdefine(&e
->e_macro
,
2730 macid("{rcpt_addr}"),
2735 response
= milter_envrcpt(args
, e
, &state
,
2737 milter_cmd_done
= true;
2742 /* no errors during parsing, but might be a duplicate */
2743 e
->e_to
= a
->q_paddr
;
2744 if (!(Errors
> 0) && !QS_IS_BADADDR(a
->q_state
))
2746 if (smtp
.sm_nrcpts
== 0)
2748 message("250 2.1.5 Recipient ok%s",
2749 QS_IS_QUEUEUP(a
->q_state
) ?
2750 " (will queue)" : "");
2754 /* Is this needed? */
2757 #endif /* !MILTER */
2758 macdefine(&e
->e_macro
, A_PERM
,
2759 macid("{rcpt_mailer}"), NULL
);
2760 macdefine(&e
->e_macro
, A_PERM
,
2761 macid("{rcpt_host}"), NULL
);
2762 macdefine(&e
->e_macro
, A_PERM
,
2763 macid("{rcpt_addr}"), NULL
);
2764 macdefine(&e
->e_macro
, A_PERM
,
2765 macid("{dsn_notify}"), NULL
);
2773 SM_EXCEPT(exc
, "[!F]*")
2775 /* An exception occurred while processing RCPT */
2776 e
->e_flags
&= ~(EF_FATALERRS
|EF_PM_NOTIFY
);
2780 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2781 !bitset(EF_DISCARD
, e
->e_flags
) &&
2782 !milter_cmd_done
&& milter_cmd_safe
)
2787 macdefine(&e
->e_macro
, A_PERM
,
2788 macid("{rcpt_mailer}"), "error");
2790 /* how to get the error codes? */
2791 if (addr_st
.q_host
!= NULL
)
2792 macdefine(&e
->e_macro
, A_PERM
,
2793 macid("{rcpt_host}"),
2795 else if (a
!= NULL
&& a
->q_status
!= NULL
)
2796 macdefine(&e
->e_macro
, A_PERM
,
2797 macid("{rcpt_host}"),
2800 if (addr_st
.q_user
!= NULL
)
2801 macdefine(&e
->e_macro
, A_PERM
,
2802 macid("{rcpt_addr}"),
2804 else if (a
!= NULL
&& a
->q_rstatus
!= NULL
)
2805 macdefine(&e
->e_macro
, A_PERM
,
2806 macid("{rcpt_addr}"),
2809 response
= milter_envrcpt(args
, e
, &state
,
2811 milter_cmd_done
= true;
2813 macdefine(&e
->e_macro
, A_PERM
,
2814 macid("{rcpt_mailer}"), NULL
);
2815 macdefine(&e
->e_macro
, A_PERM
,
2816 macid("{rcpt_host}"), NULL
);
2817 macdefine(&e
->e_macro
, A_PERM
,
2818 macid("{rcpt_addr}"), NULL
);
2820 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
2821 milter_rcpt_added
&& milter_cmd_done
&&
2824 (void) removefromlist(addr
, &e
->e_sendqueue
, e
);
2825 milter_cmd_fail
= false;
2826 if (smtp
.sm_e_nrcpts_orig
< e
->e_nrcpts
)
2827 e
->e_nrcpts
= smtp
.sm_e_nrcpts_orig
;
2834 case CMDDATA
: /* data -- text of mail */
2836 if (!smtp_data(&smtp
, e
))
2840 case CMDRSET
: /* rset -- reset state */
2842 message("451 4.0.0 Test failure");
2844 message("250 2.0.0 Reset state");
2845 CLEAR_STATE(cmdbuf
);
2848 case CMDVRFY
: /* vrfy -- verify address */
2849 case CMDEXPN
: /* expn -- expand address */
2850 vrfy
= c
->cmd_code
== CMDVRFY
;
2851 DELAY_CONN(vrfy
? "VRFY" : "EXPN");
2855 sm_syslog(LOG_INFO
, e
->e_id
,
2856 "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
2857 vrfy
? "VRFY" : "EXPN",
2860 /* RFC 821 doesn't allow 4xy reply code */
2861 usrerr("550 5.7.1 Please try again later");
2864 wt
= checksmtpattack(&n_verifies
, MAXVRFYCOMMANDS
,
2865 false, vrfy
? "VRFY" : "EXPN", e
);
2867 previous
= curtime();
2868 if ((vrfy
&& bitset(PRIV_NOVRFY
, PrivacyFlags
)) ||
2869 (!vrfy
&& !bitset(SRV_OFFER_EXPN
, features
)))
2872 message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
2874 message("502 5.7.0 Sorry, we do not allow this operation");
2876 sm_syslog(LOG_INFO
, e
->e_id
,
2877 "%s: %s [rejected]",
2879 shortenstring(inp
, MAXSHORTSTR
));
2882 else if (!gothello
&&
2883 bitset(vrfy
? PRIV_NEEDVRFYHELO
: PRIV_NEEDEXPNHELO
,
2886 usrerr("503 5.0.0 I demand that you introduce yourself first");
2892 sm_syslog(LOG_INFO
, e
->e_id
, "%s: %s",
2894 shortenstring(inp
, MAXSHORTSTR
));
2900 e
->e_flags
|= EF_VRFYONLY
;
2901 while (*p
!= '\0' && isascii(*p
) && isspace(*p
))
2905 usrerr("501 5.5.2 Argument required");
2909 /* do config file checking of the address */
2910 if (rscheck(vrfy
? "check_vrfy" : "check_expn",
2911 p
, NULL
, e
, RSF_RMCOMM
,
2912 3, NULL
, NOQID
, NULL
) != EX_OK
||
2914 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2915 (void) sendtolist(p
, NULLADDR
, &vrfyqueue
, 0, e
);
2921 t
= wt
- (curtime() - previous
);
2926 sm_exc_raisenew_x(&EtypeQuickAbort
, 1);
2927 if (vrfyqueue
== NULL
)
2929 usrerr("554 5.5.2 Nothing to %s", vrfy
? "VRFY" : "EXPN");
2931 while (vrfyqueue
!= NULL
)
2933 if (!QS_IS_UNDELIVERED(vrfyqueue
->q_state
))
2935 vrfyqueue
= vrfyqueue
->q_next
;
2939 /* see if there is more in the vrfy list */
2941 while ((a
= a
->q_next
) != NULL
&&
2942 (!QS_IS_UNDELIVERED(a
->q_state
)))
2944 printvrfyaddr(vrfyqueue
, a
== NULL
, vrfy
);
2948 SM_EXCEPT(exc
, "[!F]*")
2951 ** An exception occurred while processing VRFY/EXPN
2960 case CMDETRN
: /* etrn -- force queue flush */
2963 /* Don't leak queue information via debug flags */
2964 if (!bitset(SRV_OFFER_ETRN
, features
) || UseMSP
||
2965 (RealUid
!= 0 && RealUid
!= TrustedUid
&&
2968 /* different message for MSA ? */
2969 message("502 5.7.0 Sorry, we do not allow this operation");
2971 sm_syslog(LOG_INFO
, e
->e_id
,
2972 "%s: %s [rejected]",
2974 shortenstring(inp
, MAXSHORTSTR
));
2980 sm_syslog(LOG_INFO
, e
->e_id
,
2981 "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
2983 usrerr(MSG_TEMPFAIL
);
2989 usrerr("500 5.5.2 Parameter required");
2993 /* crude way to avoid denial-of-service attacks */
2994 STOP_IF_ATTACK(checksmtpattack(&n_etrn
, MAXETRNCOMMANDS
,
2998 ** Do config file checking of the parameter.
2999 ** Even though we have srv_features now, we still
3000 ** need this ruleset because the former is called
3001 ** when the connection has been established, while
3002 ** this ruleset is called when the command is
3003 ** actually issued and therefore has all information
3004 ** available to make a decision.
3007 if (rscheck("check_etrn", p
, NULL
, e
,
3008 RSF_RMCOMM
, 3, NULL
, NOQID
, NULL
)
3014 sm_syslog(LOG_INFO
, e
->e_id
,
3015 "%s: ETRN %s", CurSmtpClient
,
3016 shortenstring(p
, MAXSHORTSTR
));
3024 qgrp
= name2qid(id
);
3025 if (!ISVALIDQGRP(qgrp
))
3027 usrerr("459 4.5.4 Queue %s unknown",
3031 for (i
= 0; i
< NumQueue
&& Queue
[i
] != NULL
;
3033 Queue
[i
]->qg_nextrun
= (time_t) -1;
3034 Queue
[qgrp
]->qg_nextrun
= 0;
3035 ok
= run_work_group(Queue
[qgrp
]->qg_wgrp
,
3036 RWG_FORK
|RWG_FORCE
);
3037 if (ok
&& Errors
== 0)
3038 message("250 2.0.0 Queuing for queue group %s started", id
);
3047 new = (QUEUE_CHAR
*) sm_malloc(sizeof(QUEUE_CHAR
));
3050 syserr("500 5.5.0 ETRN out of memory");
3053 new->queue_match
= id
;
3054 new->queue_negate
= false;
3055 new->queue_next
= NULL
;
3056 QueueLimitRecipient
= new;
3057 ok
= runqueue(true, false, false, true);
3058 sm_free(QueueLimitRecipient
); /* XXX */
3059 QueueLimitRecipient
= NULL
;
3060 if (ok
&& Errors
== 0)
3061 message("250 2.0.0 Queuing for node %s started", p
);
3064 case CMDHELP
: /* help -- give user info */
3069 case CMDNOOP
: /* noop -- do nothing */
3071 STOP_IF_ATTACK(checksmtpattack(&n_noop
, MaxNOOPCommands
,
3073 message("250 2.0.0 OK");
3076 case CMDQUIT
: /* quit -- leave mail */
3077 message("221 2.0.0 %s closing connection", MyHostName
);
3079 (void) sm_io_flush(OutChannel
, SM_TIME_DEFAULT
);
3080 #endif /* PIPELINING */
3082 if (smtp
.sm_nrcpts
> 0)
3083 logundelrcpts(e
, "aborted by sender", 9, false);
3085 /* arrange to ignore any current send list */
3086 e
->e_sendqueue
= NULL
;
3089 /* shutdown TLS connection */
3092 (void) endtls(srv_ssl
, "server");
3095 #endif /* STARTTLS */
3097 if (authenticating
== SASL_IS_AUTH
)
3099 sasl_dispose(&conn
);
3100 authenticating
= SASL_NOT_AUTH
;
3101 /* XXX sasl_done(); this is a child */
3106 /* avoid future 050 messages */
3110 /* close out milter filters */
3114 if (LogLevel
> 4 && bitset(EF_LOGSENDER
, e
->e_flags
))
3116 e
->e_flags
&= ~EF_LOGSENDER
;
3118 if (lognullconnection
&& LogLevel
> 5 &&
3123 d
= macvalue(macid("{daemon_name}"), e
);
3128 ** even though this id is "bogus", it makes
3129 ** it simpler to "grep" related events, e.g.,
3130 ** timeouts for the same connection.
3133 sm_syslog(LOG_INFO
, e
->e_id
,
3134 "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
3139 /* return to handle next connection */
3142 finis(true, true, ExitStat
);
3145 /* just to avoid bogus warning from some compilers */
3148 case CMDVERB
: /* set verbose mode */
3150 if (!bitset(SRV_OFFER_EXPN
, features
) ||
3151 !bitset(SRV_OFFER_VERB
, features
))
3153 /* this would give out the same info */
3154 message("502 5.7.0 Verbose unavailable");
3157 STOP_IF_ATTACK(checksmtpattack(&n_noop
, MaxNOOPCommands
,
3160 set_delivery_mode(SM_DELIVER
, e
);
3161 message("250 2.0.0 Verbose mode");
3165 case CMDDBGQSHOW
: /* show queues */
3166 (void) sm_io_fprintf(smioout
, SM_TIME_DEFAULT
,
3168 printaddr(smioout
, e
->e_sendqueue
, true);
3171 case CMDDBGDEBUG
: /* set debug mode */
3172 tTsetup(tTdvect
, sizeof(tTdvect
), "0-99.1");
3174 message("200 2.0.0 Debug set");
3177 #else /* SMTPDEBUG */
3178 case CMDDBGQSHOW
: /* show queues */
3179 case CMDDBGDEBUG
: /* set debug mode */
3180 #endif /* SMTPDEBUG */
3181 case CMDLOGBOGUS
: /* bogus command */
3182 DELAY_CONN("Bogus");
3184 sm_syslog(LOG_CRIT
, e
->e_id
,
3185 "\"%s\" command from %s (%.100s)",
3186 c
->cmd_name
, CurSmtpClient
,
3187 anynet_ntoa(&RealHostAddr
));
3190 case CMDERROR
: /* unknown command */
3191 #if MAXBADCOMMANDS > 0
3192 if (++n_badcmds
> MAXBADCOMMANDS
)
3195 message("421 4.7.0 %s Too many bad commands; closing connection",
3198 /* arrange to ignore any current send list */
3199 e
->e_sendqueue
= NULL
;
3202 #endif /* MAXBADCOMMANDS > 0 */
3204 #if MILTER && SMFI_VERSION > 2
3205 if (smtp
.sm_milterlist
&& smtp
.sm_milterize
&&
3206 !bitset(EF_DISCARD
, e
->e_flags
))
3211 if (MilterLogLevel
> 9)
3212 sm_syslog(LOG_INFO
, e
->e_id
,
3213 "Sending \"%s\" to Milter", inp
);
3214 response
= milter_unknown(inp
, e
, &state
);
3215 MILTER_REPLY("unknown");
3216 if (state
== SMFIR_REPLYCODE
||
3217 state
== SMFIR_REJECT
||
3218 state
== SMFIR_TEMPFAIL
||
3219 state
== SMFIR_SHUTDOWN
)
3221 /* MILTER_REPLY already gave an error */
3225 #endif /* MILTER && SMFI_VERSION > 2 */
3227 usrerr("500 5.5.1 Command unrecognized: \"%s\"",
3228 shortenstring(inp
, MAXSHORTSTR
));
3232 DELAY_CONN("Unimpl");
3233 usrerr("502 5.5.1 Command not implemented: \"%s\"",
3234 shortenstring(inp
, MAXSHORTSTR
));
3238 DELAY_CONN("default");
3240 syserr("500 5.5.0 smtp: unknown code %d", c
->cmd_code
);
3247 SM_EXCEPT(exc
, "[!F]*")
3250 ** The only possible exception is "E:mta.quickabort".
3251 ** There is nothing to do except fall through and loop.
3258 ** SMTP_DATA -- implement the SMTP DATA command.
3261 ** smtp -- status of SMTP connection.
3265 ** true iff SMTP session can continue.
3268 ** possibly sends message.
3286 unsigned int features
;
3289 SmtpPhase
= "server DATA";
3290 if (!smtp
->sm_gotmail
)
3292 usrerr("503 5.0.0 Need MAIL command");
3295 else if (smtp
->sm_nrcpts
<= 0)
3297 usrerr("503 5.0.0 Need RCPT (recipient)");
3300 (void) sm_snprintf(buf
, sizeof(buf
), "%u", smtp
->sm_nrcpts
);
3301 if (rscheck("check_data", buf
, NULL
, e
,
3302 RSF_RMCOMM
|RSF_UNSTRUCTURED
|RSF_COUNT
, 3, NULL
,
3303 e
->e_id
, NULL
) != EX_OK
)
3306 #if MILTER && SMFI_VERSION > 3
3307 if (smtp
->sm_milterlist
&& smtp
->sm_milterize
&&
3308 !bitset(EF_DISCARD
, e
->e_flags
))
3312 int savelogusrerrs
= LogUsrErrs
;
3314 response
= milter_data_cmd(e
, &state
);
3317 case SMFIR_REPLYCODE
:
3318 if (MilterLogLevel
> 3)
3320 sm_syslog(LOG_INFO
, e
->e_id
,
3321 "Milter: cmd=data, reject=%s",
3326 if (strncmp(response
, "421 ", 4) == 0
3327 || strncmp(response
, "421-", 4) == 0)
3329 e
->e_sendqueue
= NULL
;
3335 if (MilterLogLevel
> 3)
3337 sm_syslog(LOG_INFO
, e
->e_id
,
3338 "Milter: cmd=data, reject=550 5.7.1 Command rejected");
3341 usrerr("550 5.7.1 Command rejected");
3345 if (MilterLogLevel
> 3)
3346 sm_syslog(LOG_INFO
, e
->e_id
,
3347 "Milter: cmd=data, discard");
3348 e
->e_flags
|= EF_DISCARD
;
3351 case SMFIR_TEMPFAIL
:
3352 if (MilterLogLevel
> 3)
3354 sm_syslog(LOG_INFO
, e
->e_id
,
3355 "Milter: cmd=data, reject=%s",
3359 usrerr(MSG_TEMPFAIL
);
3362 case SMFIR_SHUTDOWN
:
3363 if (MilterLogLevel
> 3)
3365 sm_syslog(LOG_INFO
, e
->e_id
,
3366 "Milter: cmd=data, reject=421 4.7.0 %s closing connection",
3370 usrerr("421 4.7.0 %s closing connection", MyHostName
);
3371 e
->e_sendqueue
= NULL
;
3374 LogUsrErrs
= savelogusrerrs
;
3375 if (response
!= NULL
)
3376 sm_free(response
); /* XXX */
3378 #endif /* MILTER && SMFI_VERSION > 3 */
3380 /* put back discard bit */
3381 if (smtp
->sm_discard
)
3382 e
->e_flags
|= EF_DISCARD
;
3384 /* check to see if we need to re-expand aliases */
3385 /* also reset QS_BADADDR on already-diagnosted addrs */
3386 doublequeue
= false;
3387 for (a
= e
->e_sendqueue
; a
!= NULL
; a
= a
->q_next
)
3389 if (QS_IS_VERIFIED(a
->q_state
) &&
3390 !bitset(EF_DISCARD
, e
->e_flags
))
3392 /* need to re-expand aliases */
3395 if (QS_IS_BADADDR(a
->q_state
))
3397 /* make this "go away" */
3398 a
->q_state
= QS_DONTSEND
;
3402 /* collect the text of the message */
3403 SmtpPhase
= "collect";
3406 collect(InChannel
, true, NULL
, e
, true);
3408 /* redefine message size */
3409 (void) sm_snprintf(buf
, sizeof(buf
), "%ld", e
->e_msgsize
);
3410 macdefine(&e
->e_macro
, A_TEMP
, macid("{msg_size}"), buf
);
3412 /* rscheck() will set Errors or EF_DISCARD if it trips */
3413 (void) rscheck("check_eom", buf
, NULL
, e
, RSF_UNSTRUCTURED
|RSF_COUNT
,
3414 3, NULL
, e
->e_id
, NULL
);
3417 milteraccept
= true;
3418 if (smtp
->sm_milterlist
&& smtp
->sm_milterize
&&
3420 !bitset(EF_DISCARD
, e
->e_flags
))
3425 response
= milter_data(e
, &state
);
3428 case SMFIR_REPLYCODE
:
3429 if (MilterLogLevel
> 3)
3430 sm_syslog(LOG_INFO
, e
->e_id
,
3431 "Milter: data, reject=%s",
3433 milteraccept
= false;
3438 milteraccept
= false;
3439 if (MilterLogLevel
> 3)
3440 sm_syslog(LOG_INFO
, e
->e_id
,
3441 "Milter: data, reject=554 5.7.1 Command rejected");
3442 usrerr("554 5.7.1 Command rejected");
3446 if (MilterLogLevel
> 3)
3447 sm_syslog(LOG_INFO
, e
->e_id
,
3448 "Milter: data, discard");
3449 milteraccept
= false;
3450 e
->e_flags
|= EF_DISCARD
;
3453 case SMFIR_TEMPFAIL
:
3454 if (MilterLogLevel
> 3)
3455 sm_syslog(LOG_INFO
, e
->e_id
,
3456 "Milter: data, reject=%s",
3458 milteraccept
= false;
3459 usrerr(MSG_TEMPFAIL
);
3462 case SMFIR_SHUTDOWN
:
3463 if (MilterLogLevel
> 3)
3464 sm_syslog(LOG_INFO
, e
->e_id
,
3465 "Milter: data, reject=421 4.7.0 %s closing connection",
3467 milteraccept
= false;
3468 usrerr("421 4.7.0 %s closing connection", MyHostName
);
3472 if (response
!= NULL
)
3476 /* Milter may have changed message size */
3477 (void) sm_snprintf(buf
, sizeof(buf
), "%ld", e
->e_msgsize
);
3478 macdefine(&e
->e_macro
, A_TEMP
, macid("{msg_size}"), buf
);
3480 /* abort message filters that didn't get the body & log msg is OK */
3481 if (smtp
->sm_milterlist
&& smtp
->sm_milterize
)
3484 if (milteraccept
&& MilterLogLevel
> 9)
3485 sm_syslog(LOG_INFO
, e
->e_id
, "Milter accept: message");
3489 ** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or
3490 ** milter accepted message, sync it now
3492 ** XXX This is almost a copy of the code in collect(): put it into
3493 ** a function that is called from both places?
3496 if (milteraccept
&& SuperSafe
== SAFE_REALLY_POSTMILTER
)
3499 SM_FILE_T
*volatile df
;
3503 dfname
= queuename(e
, DATAFL_LETTER
);
3504 if (sm_io_setinfo(df
, SM_BF_COMMIT
, NULL
) < 0
3510 if (save_errno
== EEXIST
)
3515 if (stat(dfname
, &st
) < 0)
3518 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
3519 dfname
, (long) st
.st_size
);
3520 dfd
= sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
);
3522 dumpfd(dfd
, true, true);
3525 dferror(df
, "bfcommit", e
);
3527 finis(save_errno
!= EEXIST
, true, ExitStat
);
3529 else if ((afd
= sm_io_getinfo(df
, SM_IO_WHAT_FD
, NULL
)) < 0)
3531 dferror(df
, "sm_io_getinfo", e
);
3533 finis(true, true, ExitStat
);
3536 else if (fsync(afd
) < 0)
3538 dferror(df
, "fsync", e
);
3540 finis(true, true, ExitStat
);
3543 else if (sm_io_close(df
, SM_TIME_DEFAULT
) < 0)
3545 dferror(df
, "sm_io_close", e
);
3547 finis(true, true, ExitStat
);
3551 /* Now reopen the df file */
3552 e
->e_dfp
= sm_io_open(SmFtStdio
, SM_TIME_DEFAULT
, dfname
,
3553 SM_IO_RDONLY
, NULL
);
3554 if (e
->e_dfp
== NULL
)
3556 /* we haven't acked receipt yet, so just chuck this */
3557 syserr("@Cannot reopen %s", dfname
);
3558 finis(true, true, ExitStat
);
3564 /* Check if quarantining stats should be updated */
3565 if (e
->e_quarmsg
!= NULL
)
3566 markstats(e
, NULL
, STATS_QUARANTINE
);
3569 ** If a header/body check (header checks or milter)
3570 ** set EF_DISCARD, don't queueup the message --
3571 ** that would lose the EF_DISCARD bit and deliver
3575 if (bitset(EF_DISCARD
, e
->e_flags
))
3576 doublequeue
= false;
3578 aborting
= Errors
> 0;
3579 if (!(aborting
|| bitset(EF_DISCARD
, e
->e_flags
)) &&
3580 (QueueMode
== QM_QUARANTINE
|| e
->e_quarmsg
== NULL
) &&
3581 !split_by_recipient(e
))
3582 aborting
= bitset(EF_FATALERRS
, e
->e_flags
);
3588 /* Log who the mail would have gone to */
3589 logundelrcpts(e
, e
->e_message
, 8, false);
3592 ** If something above refused the message, we still haven't
3593 ** accepted responsibility for it. Don't send DSNs.
3596 for (q
= e
->e_sendqueue
; q
!= NULL
; q
= q
->q_next
)
3597 q
->q_flags
&= ~Q_PINGFLAGS
;
3604 /* from now on, we have to operate silently */
3609 ** Clear message, it may contain an error from the SMTP dialogue.
3610 ** This error must not show up in the queue.
3611 ** Some error message should show up, e.g., alias database
3612 ** not available, but others shouldn't, e.g., from check_rcpt.
3615 e
->e_message
= NULL
;
3619 ** Arrange to send to everyone.
3620 ** If sending to multiple people, mail back
3621 ** errors rather than reporting directly.
3622 ** In any case, don't mail back errors for
3623 ** anything that has happened up to
3624 ** now (the other end will do this).
3625 ** Truncate our transcript -- the mail has gotten
3626 ** to us successfully, and if we have
3627 ** to mail this back, it will be easier
3629 ** Then send to everyone.
3630 ** Finally give a reply code. If an error has
3631 ** already been given, don't mail a
3633 ** We goose error returns by clearing error bit.
3636 SmtpPhase
= "delivery";
3637 (void) sm_io_setinfo(e
->e_xfp
, SM_BF_TRUNCATE
, NULL
);
3641 _res
.retry
= TimeOuts
.res_retry
[RES_TO_FIRST
];
3642 _res
.retrans
= TimeOuts
.res_retrans
[RES_TO_FIRST
];
3643 #endif /* NAMED_BIND */
3645 for (ee
= e
; ee
!= NULL
; ee
= ee
->e_sibling
)
3647 /* make sure we actually do delivery */
3648 ee
->e_flags
&= ~EF_CLRQUEUE
;
3650 /* from now on, operate silently */
3651 ee
->e_errormode
= EM_MAIL
;
3655 /* make sure it is in the queue */
3656 queueup(ee
, false, true);
3662 /* send to all recipients */
3665 if (SM_DM_ONE
== e
->e_sendmode
)
3667 if (NotFirstDelivery
)
3670 e
->e_sendmode
= SM_QUEUE
;
3675 NotFirstDelivery
= true;
3678 #endif /* _FFR_DM_ONE */
3684 /* put back id for SMTP logging in putoutmsg() */
3685 oldid
= CurEnv
->e_id
;
3688 /* issue success message */
3690 if (MessageAccept
!= NULL
&& *MessageAccept
!= '\0')
3694 expand(MessageAccept
, msg
, sizeof(msg
), e
);
3695 message("250 2.0.0 %s", msg
);
3698 #endif /* _FFR_MSG_ACCEPT */
3699 message("250 2.0.0 %s Message accepted for delivery", id
);
3700 CurEnv
->e_id
= oldid
;
3702 /* if we just queued, poke it */
3705 bool anything_to_send
= false;
3708 for (ee
= e
; ee
!= NULL
; ee
= ee
->e_sibling
)
3710 if (WILL_BE_QUEUED(ee
->e_sendmode
))
3712 if (shouldqueue(ee
->e_msgpriority
, ee
->e_ctime
))
3714 ee
->e_sendmode
= SM_QUEUE
;
3717 else if (QueueMode
!= QM_QUARANTINE
&&
3718 ee
->e_quarmsg
!= NULL
)
3720 ee
->e_sendmode
= SM_QUEUE
;
3723 anything_to_send
= true;
3725 /* close all the queue files */
3727 if (ee
->e_dfp
!= NULL
)
3729 (void) sm_io_close(ee
->e_dfp
, SM_TIME_DEFAULT
);
3734 if (anything_to_send
)
3738 ** XXX if we don't do this, we get 250 twice
3739 ** because it is also flushed in the child.
3742 (void) sm_io_flush(OutChannel
, SM_TIME_DEFAULT
);
3743 #endif /* PIPELINING */
3744 (void) doworklist(e
, true, true);
3749 if (LogLevel
> 4 && bitset(EF_LOGSENDER
, e
->e_flags
))
3751 e
->e_flags
&= ~EF_LOGSENDER
;
3753 /* clean up a bit */
3754 smtp
->sm_gotmail
= false;
3757 ** Call dropenvelope if and only if the envelope is *not*
3758 ** being processed by the child process forked by doworklist().
3761 if (aborting
|| bitset(EF_DISCARD
, e
->e_flags
))
3762 dropenvelope(e
, true, false);
3765 for (ee
= e
; ee
!= NULL
; ee
= ee
->e_sibling
)
3768 QueueMode
!= QM_QUARANTINE
&&
3769 ee
->e_quarmsg
!= NULL
)
3771 dropenvelope(ee
, true, false);
3774 if (WILL_BE_QUEUED(ee
->e_sendmode
))
3775 dropenvelope(ee
, true, false);
3778 sm_rpool_free(e
->e_rpool
);
3781 ** At this point, e == &MainEnvelope, but if we did splitting,
3782 ** then CurEnv may point to an envelope structure that was just
3783 ** freed with the rpool. So reset CurEnv *before* calling
3788 features
= e
->e_features
;
3789 newenvelope(e
, e
, sm_rpool_new_x(NULL
));
3790 e
->e_flags
= BlankEnvelope
.e_flags
;
3791 e
->e_features
= features
;
3793 /* restore connection quarantining */
3794 if (smtp
->sm_quarmsg
== NULL
)
3796 e
->e_quarmsg
= NULL
;
3797 macdefine(&e
->e_macro
, A_PERM
, macid("{quarantine}"), "");
3801 e
->e_quarmsg
= sm_rpool_strdup_x(e
->e_rpool
, smtp
->sm_quarmsg
);
3802 macdefine(&e
->e_macro
, A_PERM
,
3803 macid("{quarantine}"), e
->e_quarmsg
);
3808 ** LOGUNDELRCPTS -- log undelivered (or all) recipients.
3812 ** msg -- message for Stat=
3813 ** level -- log level.
3814 ** all -- log all recipients.
3820 ** logs undelivered (or all) recipients
3824 logundelrcpts(e
, msg
, level
, all
)
3832 if (LogLevel
<= level
|| msg
== NULL
|| *msg
== '\0')
3835 /* Clear $h so relay= doesn't get mislogged by logdelivery() */
3836 macdefine(&e
->e_macro
, A_PERM
, 'h', NULL
);
3838 /* Log who the mail would have gone to */
3839 for (a
= e
->e_sendqueue
; a
!= NULL
; a
= a
->q_next
)
3841 if (!QS_IS_UNDELIVERED(a
->q_state
) && !all
)
3843 e
->e_to
= a
->q_paddr
;
3844 logdelivery(NULL
, NULL
, a
->q_status
, msg
, NULL
,
3850 ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition
3853 ** pcounter -- pointer to a counter for this command.
3854 ** maxcount -- maximum value for this counter before we
3856 ** waitnow -- sleep now (in this routine)?
3857 ** cname -- command name for logging.
3858 ** e -- the current envelope.
3862 ** STOP_ATTACK if twice as many commands as allowed and
3866 ** Slows down if we seem to be under attack.
3870 checksmtpattack(pcounter
, maxcount
, waitnow
, cname
, e
)
3871 volatile unsigned int *pcounter
;
3872 unsigned int maxcount
;
3877 if (maxcount
<= 0) /* no limit */
3880 if (++(*pcounter
) >= maxcount
)
3885 if (*pcounter
== maxcount
&& LogLevel
> 5)
3887 sm_syslog(LOG_INFO
, e
->e_id
,
3888 "%s: possible SMTP attack: command=%.40s, count=%u",
3889 CurSmtpClient
, cname
, *pcounter
);
3891 shift
= *pcounter
- maxcount
;
3893 if (shift
> MAXSHIFT
|| s
>= MAXTIMEOUT
|| s
<= 0)
3896 #define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \
3897 ? STOP_ATTACK : (time_t) s)
3899 /* sleep at least 1 second before returning */
3900 (void) sleep(*pcounter
/ maxcount
);
3901 s
-= *pcounter
/ maxcount
;
3902 if (s
>= MAXTIMEOUT
|| s
< 0)
3904 if (waitnow
&& s
> 0)
3907 return IS_ATTACK(0);
3909 return IS_ATTACK(s
);
3914 ** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server
3923 ** may change I/O fd.
3929 int inchfd
, outchfd
, outfd
;
3931 inchfd
= sm_io_getinfo(InChannel
, SM_IO_WHAT_FD
, NULL
);
3932 outchfd
= sm_io_getinfo(OutChannel
, SM_IO_WHAT_FD
, NULL
);
3933 outfd
= sm_io_getinfo(smioout
, SM_IO_WHAT_FD
, NULL
);
3934 if (outchfd
!= outfd
)
3936 /* arrange for debugging output to go to remote host */
3937 (void) dup2(outchfd
, outfd
);
3941 ** if InChannel and OutChannel are stdin/stdout
3942 ** and connected to ttys
3943 ** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT,
3944 ** then "chain" them together.
3947 if (inchfd
== STDIN_FILENO
&& outchfd
== STDOUT_FILENO
&&
3948 isatty(inchfd
) && isatty(outchfd
))
3950 int inmode
, outmode
;
3952 inmode
= fcntl(inchfd
, F_GETFL
, 0);
3956 sm_syslog(LOG_INFO
, NOQID
,
3957 "fcntl(inchfd, F_GETFL) failed: %s",
3958 sm_errstring(errno
));
3961 outmode
= fcntl(outchfd
, F_GETFL
, 0);
3965 sm_syslog(LOG_INFO
, NOQID
,
3966 "fcntl(outchfd, F_GETFL) failed: %s",
3967 sm_errstring(errno
));
3970 if (bitset(O_NONBLOCK
, inmode
) ||
3971 bitset(O_NONBLOCK
, outmode
) ||
3972 fcntl(inchfd
, F_SETFL
, inmode
| O_NONBLOCK
) == -1)
3974 outmode
= fcntl(outchfd
, F_GETFL
, 0);
3975 if (outmode
!= -1 && bitset(O_NONBLOCK
, outmode
))
3977 /* changing InChannel also changes OutChannel */
3978 sm_io_automode(OutChannel
, InChannel
);
3979 if (tTd(97, 4) && LogLevel
> 9)
3980 sm_syslog(LOG_INFO
, NOQID
,
3981 "set automode for I (%d)/O (%d) in SMTP server",
3985 /* undo change of inchfd */
3986 (void) fcntl(inchfd
, F_SETFL
, inmode
);
3990 ** SKIPWORD -- skip a fixed word.
3993 ** p -- place to start looking.
3994 ** w -- word to skip.
4001 ** clobbers the p data area.
4006 register char *volatile p
;
4012 /* find beginning of word */
4016 /* find end of word */
4017 while (*p
!= '\0' && *p
!= ':' && !(isascii(*p
) && isspace(*p
)))
4019 while (isascii(*p
) && isspace(*p
))
4024 usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
4025 shortenstring(firstp
, MAXSHORTSTR
));
4034 /* see if the input word matches desired word */
4035 if (sm_strcasecmp(q
, w
))
4042 ** RESET_MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4045 ** e -- the envelope.
4052 reset_mail_esmtp_args(e
)
4055 /* "size": no reset */
4058 SevenBitInput
= SevenBitInput_Saved
;
4059 e
->e_bodytype
= NULL
;
4063 macdefine(&e
->e_macro
, A_PERM
, macid("{dsn_envid}"), NULL
);
4066 e
->e_flags
&= ~(EF_RET_PARAM
|EF_NO_BODY_RETN
);
4067 macdefine(&e
->e_macro
, A_TEMP
, macid("{dsn_ret}"), NULL
);
4071 macdefine(&e
->e_macro
, A_TEMP
, macid("{auth_author}"), NULL
);
4072 e
->e_auth_param
= "";
4073 # if _FFR_AUTH_PASSING
4074 macdefine(&BlankEnvelope
.e_macro
, A_PERM
,
4075 macid("{auth_author}"), NULL
);
4076 # endif /* _FFR_AUTH_PASSING */
4080 e
->e_deliver_by
= 0;
4085 ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
4088 ** a -- address (unused, for compatibility with rcpt_esmtp_args)
4089 ** kp -- the parameter key.
4090 ** vp -- the value of that parameter.
4091 ** e -- the envelope.
4098 mail_esmtp_args(a
, kp
, vp
, e
)
4104 if (sm_strcasecmp(kp
, "size") == 0)
4108 usrerr("501 5.5.2 SIZE requires a value");
4111 macdefine(&e
->e_macro
, A_TEMP
, macid("{msg_size}"), vp
);
4113 e
->e_msgsize
= strtol(vp
, (char **) NULL
, 10);
4114 if (e
->e_msgsize
== LONG_MAX
&& errno
== ERANGE
)
4116 usrerr("552 5.2.3 Message size exceeds maximum value");
4119 if (e
->e_msgsize
< 0)
4121 usrerr("552 5.2.3 Message size invalid");
4125 else if (sm_strcasecmp(kp
, "body") == 0)
4129 usrerr("501 5.5.2 BODY requires a value");
4132 else if (sm_strcasecmp(vp
, "8bitmime") == 0)
4134 SevenBitInput
= false;
4136 else if (sm_strcasecmp(vp
, "7bit") == 0)
4138 SevenBitInput
= true;
4142 usrerr("501 5.5.4 Unknown BODY type %s", vp
);
4145 e
->e_bodytype
= sm_rpool_strdup_x(e
->e_rpool
, vp
);
4147 else if (sm_strcasecmp(kp
, "envid") == 0)
4149 if (!bitset(SRV_OFFER_DSN
, e
->e_features
))
4151 usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
4156 usrerr("501 5.5.2 ENVID requires a value");
4161 usrerr("501 5.5.4 Syntax error in ENVID parameter value");
4164 if (e
->e_envid
!= NULL
)
4166 usrerr("501 5.5.0 Duplicate ENVID parameter");
4169 e
->e_envid
= sm_rpool_strdup_x(e
->e_rpool
, vp
);
4170 macdefine(&e
->e_macro
, A_PERM
,
4171 macid("{dsn_envid}"), e
->e_envid
);
4173 else if (sm_strcasecmp(kp
, "ret") == 0)
4175 if (!bitset(SRV_OFFER_DSN
, e
->e_features
))
4177 usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
4182 usrerr("501 5.5.2 RET requires a value");
4185 if (bitset(EF_RET_PARAM
, e
->e_flags
))
4187 usrerr("501 5.5.0 Duplicate RET parameter");
4190 e
->e_flags
|= EF_RET_PARAM
;
4191 if (sm_strcasecmp(vp
, "hdrs") == 0)
4192 e
->e_flags
|= EF_NO_BODY_RETN
;
4193 else if (sm_strcasecmp(vp
, "full") != 0)
4195 usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp
);
4198 macdefine(&e
->e_macro
, A_TEMP
, macid("{dsn_ret}"), vp
);
4201 else if (sm_strcasecmp(kp
, "auth") == 0)
4205 char *auth_param
; /* the value of the AUTH=x */
4206 bool saveQuickAbort
= QuickAbort
;
4207 bool saveSuprErrs
= SuprErrs
;
4208 bool saveExitStat
= ExitStat
;
4212 usrerr("501 5.5.2 AUTH= requires a value");
4215 if (e
->e_auth_param
!= NULL
)
4217 usrerr("501 5.5.0 Duplicate AUTH parameter");
4220 if ((q
= strchr(vp
, ' ')) != NULL
)
4223 len
= strlen(vp
) + 1;
4224 auth_param
= xalloc(len
);
4225 (void) sm_strlcpy(auth_param
, vp
, len
);
4226 if (!xtextok(auth_param
))
4228 usrerr("501 5.5.4 Syntax error in AUTH parameter value");
4229 /* just a warning? */
4233 /* XXX define this always or only if trusted? */
4234 macdefine(&e
->e_macro
, A_TEMP
, macid("{auth_author}"),
4238 ** call Strust_auth to find out whether
4239 ** auth_param is acceptable (trusted)
4240 ** we shouldn't trust it if not authenticated
4241 ** (required by RFC, leave it to ruleset?)
4246 if (strcmp(auth_param
, "<>") != 0 &&
4247 (rscheck("trust_auth", auth_param
, NULL
, e
, RSF_RMCOMM
,
4248 9, NULL
, NOQID
, NULL
) != EX_OK
|| Errors
> 0))
4252 q
= e
->e_auth_param
;
4253 sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
4254 auth_param
, (q
== NULL
) ? "" : q
);
4258 e
->e_auth_param
= "<>";
4259 # if _FFR_AUTH_PASSING
4260 macdefine(&BlankEnvelope
.e_macro
, A_PERM
,
4261 macid("{auth_author}"), NULL
);
4262 # endif /* _FFR_AUTH_PASSING */
4267 sm_dprintf("auth=\"%.100s\" trusted\n", auth_param
);
4268 e
->e_auth_param
= sm_rpool_strdup_x(e
->e_rpool
,
4271 sm_free(auth_param
); /* XXX */
4275 QuickAbort
= saveQuickAbort
;
4276 SuprErrs
= saveSuprErrs
;
4277 ExitStat
= saveExitStat
;
4280 #define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?')
4283 ** "by" is only accepted if DeliverByMin >= 0.
4284 ** We maybe could add this to the list of server_features.
4287 else if (sm_strcasecmp(kp
, "by") == 0 && DeliverByMin
>= 0)
4293 usrerr("501 5.5.2 BY= requires a value");
4297 e
->e_deliver_by
= strtol(vp
, &s
, 10);
4298 if (e
->e_deliver_by
== LONG_MIN
||
4299 e
->e_deliver_by
== LONG_MAX
||
4300 e
->e_deliver_by
> 999999999l ||
4301 e
->e_deliver_by
< -999999999l)
4303 usrerr("501 5.5.2 BY=%s out of range", vp
);
4306 if (s
== NULL
|| *s
!= ';')
4308 usrerr("501 5.5.2 BY= missing ';'");
4312 ++s
; /* XXX: spaces allowed? */
4314 switch (tolower(*s
))
4317 e
->e_dlvr_flag
= DLVR_NOTIFY
;
4320 e
->e_dlvr_flag
= DLVR_RETURN
;
4321 if (e
->e_deliver_by
<= 0)
4323 usrerr("501 5.5.4 mode R requires BY time > 0");
4326 if (DeliverByMin
> 0 && e
->e_deliver_by
> 0 &&
4327 e
->e_deliver_by
< DeliverByMin
)
4329 usrerr("555 5.5.2 time %ld less than %ld",
4330 e
->e_deliver_by
, (long) DeliverByMin
);
4335 usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s
));
4338 ++s
; /* XXX: spaces allowed? */
4340 switch (tolower(*s
))
4343 e
->e_dlvr_flag
|= DLVR_TRACE
;
4348 usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s
));
4352 /* XXX: check whether more characters follow? */
4356 usrerr("555 5.5.4 %s parameter unrecognized", kp
);
4362 ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line
4365 ** a -- the address corresponding to the To: parameter.
4366 ** kp -- the parameter key.
4367 ** vp -- the value of that parameter.
4368 ** e -- the envelope.
4375 rcpt_esmtp_args(a
, kp
, vp
, e
)
4381 if (sm_strcasecmp(kp
, "notify") == 0)
4385 if (!bitset(SRV_OFFER_DSN
, e
->e_features
))
4387 usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
4392 usrerr("501 5.5.2 NOTIFY requires a value");
4395 a
->q_flags
&= ~(QPINGONSUCCESS
|QPINGONFAILURE
|QPINGONDELAY
);
4396 a
->q_flags
|= QHASNOTIFY
;
4397 macdefine(&e
->e_macro
, A_TEMP
, macid("{dsn_notify}"), vp
);
4399 if (sm_strcasecmp(vp
, "never") == 0)
4401 for (p
= vp
; p
!= NULL
; vp
= p
)
4405 s
= p
= strchr(p
, ',');
4408 if (sm_strcasecmp(vp
, "success") == 0)
4409 a
->q_flags
|= QPINGONSUCCESS
;
4410 else if (sm_strcasecmp(vp
, "failure") == 0)
4411 a
->q_flags
|= QPINGONFAILURE
;
4412 else if (sm_strcasecmp(vp
, "delay") == 0)
4413 a
->q_flags
|= QPINGONDELAY
;
4416 usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY",
4424 else if (sm_strcasecmp(kp
, "orcpt") == 0)
4426 if (!bitset(SRV_OFFER_DSN
, e
->e_features
))
4428 usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
4433 usrerr("501 5.5.2 ORCPT requires a value");
4436 if (strchr(vp
, ';') == NULL
|| !xtextok(vp
))
4438 usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
4441 if (a
->q_orcpt
!= NULL
)
4443 usrerr("501 5.5.0 Duplicate ORCPT parameter");
4446 a
->q_orcpt
= sm_rpool_strdup_x(e
->e_rpool
, vp
);
4450 usrerr("555 5.5.4 %s parameter unrecognized", kp
);
4455 ** PRINTVRFYADDR -- print an entry in the verify queue
4458 ** a -- the address to print.
4459 ** last -- set if this is the last one.
4460 ** vrfy -- set if this is a VRFY command.
4466 ** Prints the appropriate 250 codes.
4468 #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */
4471 printvrfyaddr(a
, last
, vrfy
)
4472 register ADDRESS
*a
;
4478 if (vrfy
&& a
->q_mailer
!= NULL
&&
4479 !bitnset(M_VRFY250
, a
->q_mailer
->m_flags
))
4480 (void) sm_strlcpy(fmtbuf
, "252", sizeof(fmtbuf
));
4482 (void) sm_strlcpy(fmtbuf
, "250", sizeof(fmtbuf
));
4483 fmtbuf
[3] = last
? ' ' : '-';
4484 (void) sm_strlcpy(&fmtbuf
[4], "2.1.5 ", sizeof(fmtbuf
) - 4);
4485 if (a
->q_fullname
== NULL
)
4487 if ((a
->q_mailer
== NULL
||
4488 a
->q_mailer
->m_addrtype
== NULL
||
4489 sm_strcasecmp(a
->q_mailer
->m_addrtype
, "rfc822") == 0) &&
4490 strchr(a
->q_user
, '@') == NULL
)
4491 (void) sm_strlcpy(&fmtbuf
[OFFF
], "<%s@%s>",
4492 sizeof(fmtbuf
) - OFFF
);
4494 (void) sm_strlcpy(&fmtbuf
[OFFF
], "<%s>",
4495 sizeof(fmtbuf
) - OFFF
);
4496 message(fmtbuf
, a
->q_user
, MyHostName
);
4500 if ((a
->q_mailer
== NULL
||
4501 a
->q_mailer
->m_addrtype
== NULL
||
4502 sm_strcasecmp(a
->q_mailer
->m_addrtype
, "rfc822") == 0) &&
4503 strchr(a
->q_user
, '@') == NULL
)
4504 (void) sm_strlcpy(&fmtbuf
[OFFF
], "%s <%s@%s>",
4505 sizeof(fmtbuf
) - OFFF
);
4507 (void) sm_strlcpy(&fmtbuf
[OFFF
], "%s <%s>",
4508 sizeof(fmtbuf
) - OFFF
);
4509 message(fmtbuf
, a
->q_fullname
, a
->q_user
, MyHostName
);
4515 ** SASLMECHS -- get list of possible AUTH mechanisms
4518 ** conn -- SASL connection info.
4519 ** mechlist -- output parameter for list of mechanisms.
4526 saslmechs(conn
, mechlist
)
4530 int len
, num
, result
;
4532 /* "user" is currently unused */
4534 result
= sasl_listmech(conn
, NULL
,
4535 "", " ", "", (const char **) mechlist
,
4536 (unsigned int *)&len
, &num
);
4537 # else /* SASL >= 20000 */
4538 result
= sasl_listmech(conn
, "user", /* XXX */
4539 "", " ", "", mechlist
,
4540 (unsigned int *)&len
, (unsigned int *)&num
);
4541 # endif /* SASL >= 20000 */
4542 if (result
!= SASL_OK
)
4545 sm_syslog(LOG_WARNING
, NOQID
,
4546 "AUTH error: listmech=%d, num=%d",
4553 sm_syslog(LOG_INFO
, NOQID
,
4554 "AUTH: available mech=%s, allowed mech=%s",
4555 *mechlist
, AuthMechanisms
);
4556 *mechlist
= intersect(AuthMechanisms
, *mechlist
, NULL
);
4560 *mechlist
= NULL
; /* be paranoid... */
4561 if (result
== SASL_OK
&& LogLevel
> 9)
4562 sm_syslog(LOG_WARNING
, NOQID
,
4563 "AUTH warning: no mechanisms");
4570 ** PROXY_POLICY -- define proxy policy for AUTH
4574 ** context -- unused.
4575 ** requested_user -- authorization identity.
4576 ** rlen -- authorization identity length.
4577 ** auth_identity -- authentication identity.
4578 ** alen -- authentication identity length.
4579 ** def_realm -- default user realm.
4580 ** urlen -- user realm length.
4581 ** propctx -- unused.
4587 ** sets {auth_authen} macro.
4591 proxy_policy(conn
, context
, requested_user
, rlen
, auth_identity
, alen
,
4592 def_realm
, urlen
, propctx
)
4595 const char *requested_user
;
4597 const char *auth_identity
;
4599 const char *def_realm
;
4601 struct propctx
*propctx
;
4603 if (auth_identity
== NULL
)
4606 macdefine(&BlankEnvelope
.e_macro
, A_TEMP
,
4607 macid("{auth_authen}"), (char *) auth_identity
);
4611 # else /* SASL >= 20000 */
4614 ** PROXY_POLICY -- define proxy policy for AUTH
4617 ** context -- unused.
4618 ** auth_identity -- authentication identity.
4619 ** requested_user -- authorization identity.
4620 ** user -- allowed user (output).
4621 ** errstr -- possible error string (output).
4628 proxy_policy(context
, auth_identity
, requested_user
, user
, errstr
)
4630 const char *auth_identity
;
4631 const char *requested_user
;
4633 const char **errstr
;
4635 if (user
== NULL
|| auth_identity
== NULL
)
4637 *user
= newstr(auth_identity
);
4640 # endif /* SASL >= 20000 */
4645 ** INITSRVTLS -- initialize server side TLS
4648 ** tls_ok -- should tls initialization be done?
4654 ** sets tls_ok_srv which is a static variable in this module.
4655 ** Do NOT remove assignments to it!
4665 /* do NOT remove assignment */
4666 tls_ok_srv
= inittls(&srv_ctx
, TLS_Srv_Opts
, true, SrvCertFile
,
4667 SrvKeyFile
, CACertPath
, CACertFile
, DHParams
);
4670 #endif /* STARTTLS */
4672 ** SRVFEATURES -- get features for SMTP server
4675 ** e -- envelope (should be session context).
4676 ** clientname -- name of client.
4677 ** features -- default features for this invocation.
4683 /* table with options: it uses just one character, how about strings? */
4687 unsigned int srvf_flag
;
4688 } srv_feat_table
[] =
4690 { 'A', SRV_OFFER_AUTH
},
4691 { 'B', SRV_OFFER_VERB
},
4692 { 'C', SRV_REQ_SEC
},
4693 { 'D', SRV_OFFER_DSN
},
4694 { 'E', SRV_OFFER_ETRN
},
4695 { 'L', SRV_REQ_AUTH
},
4698 { 'N', SRV_NO_PIPE
},
4699 # endif /* _FFR_NO_PIPE */
4700 { 'P', SRV_OFFER_PIPE
},
4701 #endif /* PIPELINING */
4702 { 'R', SRV_VRFY_CLT
}, /* same as V; not documented */
4703 { 'S', SRV_OFFER_TLS
},
4704 /* { 'T', SRV_TMP_FAIL }, */
4705 { 'V', SRV_VRFY_CLT
},
4706 { 'X', SRV_OFFER_EXPN
},
4707 /* { 'Y', SRV_OFFER_VRFY }, */
4712 srvfeatures(e
, clientname
, features
)
4715 unsigned int features
;
4719 char pvpbuf
[PSBUFSIZE
];
4722 r
= rscap("srv_features", clientname
, "", e
, &pvp
, pvpbuf
,
4726 if (pvp
== NULL
|| pvp
[0] == NULL
|| (pvp
[0][0] & 0377) != CANONNET
)
4728 if (pvp
[1] != NULL
&& sm_strncasecmp(pvp
[1], "temp", 4) == 0)
4729 return SRV_TMP_FAIL
;
4732 ** General rule (see sendmail.h, d_flags):
4733 ** lower case: required/offered, upper case: Not required/available
4735 ** Since we can change some features per daemon, we have both
4736 ** cases here: turn on/off a feature.
4739 for (i
= 1; pvp
[i
] != NULL
; i
++)
4745 if ((opt
= srv_feat_table
[j
].srvf_opt
) == '\0')
4748 sm_syslog(LOG_WARNING
, e
->e_id
,
4749 "srvfeatures: unknown feature %s",
4755 features
&= ~(srv_feat_table
[j
].srvf_flag
);
4758 if (c
== tolower(opt
))
4760 features
|= srv_feat_table
[j
].srvf_flag
;
4770 ** HELP -- implement the HELP command.
4773 ** topic -- the topic we want help for.
4780 ** outputs the help file to message output.
4782 #define HELPVSTR "#vers "
4783 #define HELPVERSION 2
4790 register SM_FILE_T
*hf
;
4795 long sff
= SFF_OPENASROOT
|SFF_REGONLY
;
4798 static int foundvers
= -1;
4799 extern char Version
[];
4801 if (DontLockReadFiles
)
4803 if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH
, DontBlameSendmail
))
4804 sff
|= SFF_SAFEDIRPATH
;
4806 if (HelpFile
== NULL
||
4807 (hf
= safefopen(HelpFile
, O_RDONLY
, 0444, sff
)) == NULL
)
4811 message("502 5.3.0 Sendmail %s -- HELP not implemented",
4816 if (topic
== NULL
|| *topic
== '\0')
4827 len
= strlen(topic
);
4829 while (sm_io_fgets(hf
, SM_TIME_DEFAULT
, buf
, sizeof(buf
)) != NULL
)
4833 if (foundvers
< 0 &&
4834 strncmp(buf
, HELPVSTR
, strlen(HELPVSTR
)) == 0)
4838 if (sm_io_sscanf(buf
+ strlen(HELPVSTR
), "%d",
4844 if (strncmp(buf
, topic
, len
) == 0)
4850 /* print version if no/old vers# in file */
4851 if (foundvers
< 2 && !noinfo
)
4852 message("214-2.0.0 This is Sendmail version %s", Version
);
4854 p
= strpbrk(buf
, " \t");
4856 p
= buf
+ strlen(buf
) - 1;
4863 int lbs
= sizeof(buf
) - (p
- buf
);
4865 lbp
= translate_dollars(p
, p
, &lbs
);
4866 expand(lbp
, inp
, sizeof(inp
), e
);
4871 message("214-2.0.0 %s", p
);
4877 message("504 5.3.0 HELP topic \"%.10s\" unknown", topic
);
4879 message("214 2.0.0 End of HELP info");
4881 if (foundvers
!= 0 && foundvers
< HELPVERSION
)
4884 sm_syslog(LOG_WARNING
, e
->e_id
,
4885 "%s too old (require version %d)",
4886 HelpFile
, HELPVERSION
);
4888 /* avoid log next time */
4892 (void) sm_io_close(hf
, SM_TIME_DEFAULT
);
4897 ** RESET_SASLCONN -- reset SASL connection data
4900 ** conn -- SASL connection context
4901 ** hostname -- host name
4902 ** various connection data
4909 reset_saslconn(sasl_conn_t
**conn
, char *hostname
,
4911 char *remoteip
, char *localip
,
4912 char *auth_id
, sasl_ssf_t
* ext_ssf
)
4913 # else /* SASL >= 20000 */
4914 struct sockaddr_in
*saddr_r
, struct sockaddr_in
*saddr_l
,
4915 sasl_external_properties_t
* ext_ssf
)
4916 # endif /* SASL >= 20000 */
4922 result
= sasl_server_new("smtp", hostname
, NULL
, NULL
, NULL
,
4925 /* use empty realm: only works in SASL > 1.5.5 */
4926 result
= sasl_server_new("smtp", hostname
, "", NULL
, 0, conn
);
4927 # else /* SASL >= 20000 */
4928 /* use no realm -> realm is set to hostname by SASL lib */
4929 result
= sasl_server_new("smtp", hostname
, NULL
, NULL
, 0,
4931 # endif /* SASL >= 20000 */
4932 if (result
!= SASL_OK
)
4936 # if NETINET || NETINET6
4937 if (remoteip
!= NULL
&& *remoteip
!= '\0')
4938 result
= sasl_setprop(*conn
, SASL_IPREMOTEPORT
, remoteip
);
4939 if (result
!= SASL_OK
)
4942 if (localip
!= NULL
&& *localip
!= '\0')
4943 result
= sasl_setprop(*conn
, SASL_IPLOCALPORT
, localip
);
4944 if (result
!= SASL_OK
)
4946 # endif /* NETINET || NETINET6 */
4948 result
= sasl_setprop(*conn
, SASL_SSF_EXTERNAL
, ext_ssf
);
4949 if (result
!= SASL_OK
)
4952 result
= sasl_setprop(*conn
, SASL_AUTH_EXTERNAL
, auth_id
);
4953 if (result
!= SASL_OK
)
4955 # else /* SASL >= 20000 */
4957 if (saddr_r
!= NULL
)
4958 result
= sasl_setprop(*conn
, SASL_IP_REMOTE
, saddr_r
);
4959 if (result
!= SASL_OK
)
4962 if (saddr_l
!= NULL
)
4963 result
= sasl_setprop(*conn
, SASL_IP_LOCAL
, saddr_l
);
4964 if (result
!= SASL_OK
)
4966 # endif /* NETINET */
4968 result
= sasl_setprop(*conn
, SASL_SSF_EXTERNAL
, ext_ssf
);
4969 if (result
!= SASL_OK
)
4971 # endif /* SASL >= 20000 */