2 * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: recipient.c,v 8.349 2007/07/10 17:01:22 ca Exp $")
18 static void includetimeout
__P((int));
19 static ADDRESS
*self_reference
__P((ADDRESS
*));
20 static int sortexpensive
__P((ADDRESS
*, ADDRESS
*));
21 static int sortbysignature
__P((ADDRESS
*, ADDRESS
*));
22 static int sorthost
__P((ADDRESS
*, ADDRESS
*));
24 typedef int sortfn_t
__P((ADDRESS
*, ADDRESS
*));
27 ** SORTHOST -- strcmp()-like func for host portion of an ADDRESS
30 ** xx -- first ADDRESS
31 ** yy -- second ADDRESS
34 ** <0 when xx->q_host is less than yy->q_host
35 ** >0 when xx->q_host is greater than yy->q_host
44 #if _FFR_HOST_SORT_REVERSE
45 /* XXX maybe compare hostnames from the end? */
46 return sm_strrevcasecmp(xx
->q_host
, yy
->q_host
);
47 #else /* _FFR_HOST_SORT_REVERSE */
48 return sm_strcasecmp(xx
->q_host
, yy
->q_host
);
49 #endif /* _FFR_HOST_SORT_REVERSE */
53 ** SORTEXPENSIVE -- strcmp()-like func for expensive mailers
55 ** The mailer has been noted already as "expensive" for 'xx'. This
56 ** will give a result relative to 'yy'. Expensive mailers get rated
57 ** "greater than" non-expensive mailers because during the delivery phase
58 ** it will get queued -- no use it getting in the way of less expensive
59 ** recipients. We avoid an MX RR lookup when both 'xx' and 'yy' are
60 ** expensive since an MX RR lookup happens when extracted from the queue
64 ** xx -- first ADDRESS
65 ** yy -- second ADDRESS
68 ** <0 when xx->q_host is less than yy->q_host and both are
70 ** >0 when xx->q_host is greater than yy->q_host, or when
71 ** 'yy' is non-expensive
72 ** 0 when equal (by expense and q_host)
80 if (!bitnset(M_EXPENSIVE
, yy
->q_mailer
->m_flags
))
81 return 1; /* xx should go later */
82 #if _FFR_HOST_SORT_REVERSE
83 /* XXX maybe compare hostnames from the end? */
84 return sm_strrevcasecmp(xx
->q_host
, yy
->q_host
);
85 #else /* _FFR_HOST_SORT_REVERSE */
86 return sm_strcasecmp(xx
->q_host
, yy
->q_host
);
87 #endif /* _FFR_HOST_SORT_REVERSE */
91 ** SORTBYSIGNATURE -- a strcmp()-like func for q_mailer and q_host in ADDRESS
94 ** xx -- first ADDRESS
95 ** yy -- second ADDRESS
98 ** 0 when the "signature"'s are same
99 ** <0 when xx->q_signature is less than yy->q_signature
100 ** >0 when xx->q_signature is greater than yy->q_signature
103 ** May set ADDRESS pointer for q_signature if not already set.
107 sortbysignature(xx
, yy
)
113 /* Let's avoid redoing the signature over and over again */
114 if (xx
->q_signature
== NULL
)
115 xx
->q_signature
= hostsignature(xx
->q_mailer
, xx
->q_host
);
116 if (yy
->q_signature
== NULL
)
117 yy
->q_signature
= hostsignature(yy
->q_mailer
, yy
->q_host
);
118 ret
= strcmp(xx
->q_signature
, yy
->q_signature
);
121 ** If the two signatures are the same then we will return a sort
122 ** value based on 'q_user'. But note that we have reversed xx and yy
123 ** on purpose. This additional compare helps reduce the number of
124 ** sameaddr() calls and loops in recipient() for the case when
125 ** the rcpt list has been provided already in-order.
129 return strcmp(yy
->q_user
, xx
->q_user
);
135 ** SENDTOLIST -- Designate a send list.
137 ** The parameter is a comma-separated list of people to send to.
138 ** This routine arranges to send to all of them.
141 ** list -- the send list.
142 ** ctladdr -- the address template for the person to
143 ** send to -- effective uid/gid are important.
144 ** This is typically the alias that caused this
146 ** sendq -- a pointer to the head of a queue to put
147 ** these people into.
148 ** aliaslevel -- the current alias nesting depth -- to
150 ** e -- the envelope in which to add these recipients.
153 ** The number of addresses actually on the list.
156 /* q_flags bits inherited from ctladdr */
157 #define QINHERITEDBITS (QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY)
160 sendtolist(list
, ctladdr
, sendq
, aliaslevel
, e
)
165 register ENVELOPE
*e
;
168 register ADDRESS
*SM_NONVOLATILE al
; /* list of addresses to send to */
169 SM_NONVOLATILE
char delimiter
; /* the address delimiter */
170 SM_NONVOLATILE
int naddrs
;
171 SM_NONVOLATILE
int i
;
173 char *oldto
= e
->e_to
;
174 char *SM_NONVOLATILE bufp
;
175 char buf
[MAXNAME
+ 1];
179 syserr("sendtolist: null list");
185 sm_dprintf("sendto: %s\n ctladdr=", list
);
186 printaddr(sm_debug_file(), ctladdr
, false);
189 /* heuristic to determine old versus new style addresses */
190 if (ctladdr
== NULL
&&
191 (strchr(list
, ',') != NULL
|| strchr(list
, ';') != NULL
||
192 strchr(list
, '<') != NULL
|| strchr(list
, '(') != NULL
))
193 e
->e_flags
&= ~EF_OLDSTYLE
;
195 if (!bitset(EF_OLDSTYLE
, e
->e_flags
) || ctladdr
!= NULL
)
201 /* make sure we have enough space to copy the string */
202 i
= strlen(list
) + 1;
203 if (i
<= sizeof(buf
))
209 bufp
= sm_malloc_x(i
);
214 (void) sm_strlcpy(bufp
, denlstring(list
, false, true), i
);
216 macdefine(&e
->e_macro
, A_PERM
, macid("{addr_type}"), "e r");
217 for (p
= bufp
; *p
!= '\0'; )
224 /* parse the address */
225 while ((isascii(*p
) && isspace(*p
)) || *p
== ',')
228 a
= parseaddr(p
, NULLADDR
, RF_COPYALL
, delimiter
,
235 a
->q_alias
= ctladdr
;
237 /* arrange to inherit attributes from parent */
242 /* self reference test */
243 if (sameaddr(ctladdr
, a
))
247 sm_dprintf("sendtolist: QSELFREF ");
248 printaddr(sm_debug_file(), ctladdr
, false);
250 ctladdr
->q_flags
|= QSELFREF
;
253 /* check for address loops */
254 b
= self_reference(a
);
257 b
->q_flags
|= QSELFREF
;
260 sm_dprintf("sendtolist: QSELFREF ");
261 printaddr(sm_debug_file(), b
, false);
267 sm_dprintf("sendtolist: QS_DONTSEND ");
268 printaddr(sm_debug_file(), a
, false);
270 a
->q_state
= QS_DONTSEND
;
271 b
->q_flags
|= a
->q_flags
& QNOTREMOTE
;
277 if (a
->q_fullname
== NULL
)
278 a
->q_fullname
= ctladdr
->q_fullname
;
280 /* various flag bits */
281 a
->q_flags
&= ~QINHERITEDBITS
;
282 a
->q_flags
|= ctladdr
->q_flags
& QINHERITEDBITS
;
284 /* DSN recipient information */
285 a
->q_finalrcpt
= ctladdr
->q_finalrcpt
;
286 a
->q_orcpt
= ctladdr
->q_orcpt
;
292 /* arrange to send to everyone on the local send list */
295 register ADDRESS
*a
= al
;
298 a
= recipient(a
, sendq
, aliaslevel
, e
);
307 macdefine(&e
->e_macro
, A_PERM
, macid("{addr_type}"), NULL
);
315 ** REMOVEFROMLIST -- Remove addresses from a send list.
317 ** The parameter is a comma-separated list of recipients to remove.
318 ** Note that it only deletes matching addresses. If those addresses
319 ** have been expanded already in the sendq, it won't mark the
320 ** expanded recipients as QS_REMOVED.
323 ** list -- the list to remove.
324 ** sendq -- a pointer to the head of a queue to remove
325 ** these addresses from.
326 ** e -- the envelope in which to remove these recipients.
329 ** The number of addresses removed from the list.
334 removefromlist(list
, sendq
, e
)
339 SM_NONVOLATILE
char delimiter
; /* the address delimiter */
340 SM_NONVOLATILE
int naddrs
;
341 SM_NONVOLATILE
int i
;
343 char *oldto
= e
->e_to
;
344 char *SM_NONVOLATILE bufp
;
345 char buf
[MAXNAME
+ 1];
349 syserr("removefromlist: null list");
354 sm_dprintf("removefromlist: %s\n", list
);
356 /* heuristic to determine old versus new style addresses */
357 if (strchr(list
, ',') != NULL
|| strchr(list
, ';') != NULL
||
358 strchr(list
, '<') != NULL
|| strchr(list
, '(') != NULL
)
359 e
->e_flags
&= ~EF_OLDSTYLE
;
361 if (!bitset(EF_OLDSTYLE
, e
->e_flags
))
366 /* make sure we have enough space to copy the string */
367 i
= strlen(list
) + 1;
368 if (i
<= sizeof(buf
))
374 bufp
= sm_malloc_x(i
);
378 (void) sm_strlcpy(bufp
, denlstring(list
, false, true), i
);
380 #if _FFR_ADDR_TYPE_MODES
382 macdefine(&e
->e_macro
, A_PERM
, macid("{addr_type}"),
385 #endif /* _FFR_ADDR_TYPE_MODES */
386 macdefine(&e
->e_macro
, A_PERM
, macid("{addr_type}"), "e r");
387 for (p
= bufp
; *p
!= '\0'; )
389 ADDRESS a
; /* parsed address to be removed */
394 /* parse the address */
395 while ((isascii(*p
) && isspace(*p
)) || *p
== ',')
397 if (parseaddr(p
, &a
, RF_COPYALL
|RF_RM_ADDR
,
398 delimiter
, &delimptr
, e
, true) == NULL
)
404 for (pq
= sendq
; (q
= *pq
) != NULL
; pq
= &q
->q_next
)
406 if (!QS_IS_DEAD(q
->q_state
) &&
408 strcmp(q
->q_paddr
, a
.q_paddr
) == 0))
412 sm_dprintf("removefromlist: QS_REMOVED ");
413 printaddr(sm_debug_file(), &a
, false);
415 q
->q_state
= QS_REMOVED
;
427 macdefine(&e
->e_macro
, A_PERM
, macid("{addr_type}"), NULL
);
435 ** RECIPIENT -- Designate a message recipient
436 ** Saves the named person for future mailing (after some checks).
439 ** new -- the (preparsed) address header for the recipient.
440 ** sendq -- a pointer to the head of a queue to put the
441 ** recipient in. Duplicate suppression is done
443 ** aliaslevel -- the current alias nesting depth.
444 ** e -- the current envelope.
447 ** The actual address in the queue. This will be "a" if
448 ** the address is not a duplicate, else the original address.
453 recipient(new, sendq
, aliaslevel
, e
)
454 register ADDRESS
*new;
455 register ADDRESS
**sendq
;
457 register ENVELOPE
*e
;
462 register struct mailer
*m
;
465 bool quoted
; /* set if the addr has a quote bit */
468 bool initialdontsend
;
470 char buf0
[MAXNAME
+ 1]; /* unquoted image of the user name */
477 initialdontsend
= QS_IS_DEAD(new->q_state
);
478 e
->e_to
= new->q_paddr
;
482 new->q_flags
|= QPRIMARY
;
485 sm_dprintf("\nrecipient (%d): ", aliaslevel
);
486 printaddr(sm_debug_file(), new, false);
489 /* if this is primary, use it as original recipient */
490 if (new->q_alias
== NULL
)
492 if (e
->e_origrcpt
== NULL
)
493 e
->e_origrcpt
= new->q_paddr
;
494 else if (e
->e_origrcpt
!= new->q_paddr
)
498 /* find parent recipient for finalrcpt and orcpt */
499 for (q
= new; q
->q_alias
!= NULL
; q
= q
->q_alias
)
502 /* find final recipient DSN address */
503 if (new->q_finalrcpt
== NULL
&&
504 e
->e_from
.q_mailer
!= NULL
)
508 p
= e
->e_from
.q_mailer
->m_addrtype
;
511 if (sm_strcasecmp(p
, "rfc822") != 0)
513 (void) sm_snprintf(frbuf
, sizeof(frbuf
), "%s; %.800s",
514 q
->q_mailer
->m_addrtype
,
517 else if (strchr(q
->q_user
, '@') != NULL
)
519 (void) sm_snprintf(frbuf
, sizeof(frbuf
), "%s; %.800s",
522 else if (strchr(q
->q_paddr
, '@') != NULL
)
529 /* strip brackets from address */
533 b
= qp
[strlen(qp
) - 1] == '>';
535 qp
[strlen(qp
) - 1] = '\0';
538 (void) sm_snprintf(frbuf
, sizeof(frbuf
), "%s; %.800s",
543 qp
[strlen(qp
)] = '>';
547 (void) sm_snprintf(frbuf
, sizeof(frbuf
),
549 p
, q
->q_user
, MyHostName
);
551 new->q_finalrcpt
= sm_rpool_strdup_x(e
->e_rpool
, frbuf
);
555 /* set ORCPT DSN arg if not already set */
556 if (new->q_orcpt
== NULL
)
558 /* check for an existing ORCPT */
559 if (q
->q_orcpt
!= NULL
)
560 new->q_orcpt
= q
->q_orcpt
;
568 if (e
->e_from
.q_mailer
!= NULL
)
569 p
= e
->e_from
.q_mailer
->m_addrtype
;
572 (void) sm_strlcpyn(obuf
, sizeof(obuf
), 2, p
, ";");
576 /* FFR: Needs to strip comments from stdin addrs */
578 /* strip brackets from address */
581 b
= qp
[strlen(qp
) - 1] == '>';
583 qp
[strlen(qp
) - 1] = '\0';
587 p
= xtextify(denlstring(qp
, true, false), "=");
589 if (sm_strlcat(obuf
, p
, sizeof(obuf
)) >= sizeof(obuf
))
591 /* if too big, don't use it */
597 qp
[strlen(qp
)] = '>';
601 sm_rpool_strdup_x(e
->e_rpool
, obuf
);
604 #endif /* _FFR_GEN_ORCPT */
606 /* break aliasing loops */
607 if (aliaslevel
> MaxAliasRecursion
)
609 new->q_state
= QS_BADADDR
;
610 new->q_status
= "5.4.6";
611 if (new->q_alias
!= NULL
)
613 new->q_alias
->q_state
= QS_BADADDR
;
614 new->q_alias
->q_status
= "5.4.6";
616 if ((SuprErrs
|| !LogUsrErrs
) && LogLevel
> 0)
618 sm_syslog(LOG_ERR
, e
->e_id
,
619 "aliasing/forwarding loop broken: %s (%d aliases deep; %d max)",
620 FileName
!= NULL
? FileName
: "", aliaslevel
,
623 usrerrenh(new->q_status
,
624 "554 aliasing/forwarding loop broken (%d aliases deep; %d max)",
625 aliaslevel
, MaxAliasRecursion
);
630 ** Finish setting up address structure.
633 /* get unquoted user for file, program or user.name check */
634 i
= strlen(new->q_user
);
635 if (i
>= sizeof(buf0
))
638 buf
= xalloc(buflen
);
643 buflen
= sizeof(buf0
);
645 (void) sm_strlcpy(buf
, new->q_user
, buflen
);
646 for (p
= buf
; *p
!= '\0' && !quoted
; p
++)
653 /* check for direct mailing to restricted mailers */
656 if (new->q_alias
== NULL
|| UseMSP
||
657 bitset(EF_UNSAFE
, e
->e_flags
))
659 new->q_state
= QS_BADADDR
;
660 new->q_status
= "5.7.1";
661 usrerrenh(new->q_status
,
662 "550 Cannot mail directly to programs");
664 else if (bitset(QBOGUSSHELL
, new->q_alias
->q_flags
))
666 new->q_state
= QS_BADADDR
;
667 new->q_status
= "5.7.1";
668 if (new->q_alias
->q_ruser
== NULL
)
669 usrerrenh(new->q_status
,
670 "550 UID %d is an unknown user: cannot mail to programs",
671 new->q_alias
->q_uid
);
673 usrerrenh(new->q_status
,
674 "550 User %s@%s doesn't have a valid shell for mailing to programs",
675 new->q_alias
->q_ruser
, MyHostName
);
677 else if (bitset(QUNSAFEADDR
, new->q_alias
->q_flags
))
679 new->q_state
= QS_BADADDR
;
680 new->q_status
= "5.7.1";
681 new->q_rstatus
= "550 Unsafe for mailing to programs";
682 usrerrenh(new->q_status
,
683 "550 Address %s is unsafe for mailing to programs",
684 new->q_alias
->q_paddr
);
689 ** Look up this person in the recipient list.
690 ** If they are there already, return, otherwise continue.
691 ** If the list is empty, just add it. Notice the cute
692 ** hack to make from addresses suppress things correctly:
693 ** the QS_DUPLICATE state will be set in the send list.
694 ** [Please note: the emphasis is on "hack."]
700 ** If this message is going to the queue or FastSplit is set
701 ** and it is the first try and the envelope hasn't split, then we
702 ** avoid doing an MX RR lookup now because one will be done when the
703 ** message is extracted from the queue later. It can go to the queue
704 ** because all messages are going to the queue or this mailer of
705 ** the current recipient is marked expensive.
708 if (UseMSP
|| WILL_BE_QUEUED(e
->e_sendmode
) ||
709 (!bitset(EF_SPLIT
, e
->e_flags
) && e
->e_ntries
== 0 &&
712 else if (NoConnect
&& bitnset(M_EXPENSIVE
, new->q_mailer
->m_flags
))
713 sortfn
= sortexpensive
;
715 sortfn
= sortbysignature
;
717 for (pq
= sendq
; (q
= *pq
) != NULL
; pq
= &q
->q_next
)
720 ** If address is "less than" it should be inserted now.
721 ** If address is "greater than" current comparison it'll
722 ** insert later in the list; so loop again (if possible).
723 ** If address is "equal" (different equal than sameaddr()
724 ** call) then check if sameaddr() will be true.
725 ** Because this list is now sorted, it'll mean fewer
726 ** comparisons and fewer loops which is important for more
730 i
= (*sortfn
)(new, q
);
731 if (i
== 0) /* equal */
734 ** Sortbysignature() has said that the two have
735 ** equal MX RR's and the same user. Calling sameaddr()
736 ** now checks if the two hosts are as identical as the
737 ** MX RR's are (which might not be the case)
738 ** before saying these are the identical addresses.
741 if (sameaddr(q
, new) &&
742 (bitset(QRCPTOK
, q
->q_flags
) ||
743 !bitset(QPRIMARY
, q
->q_flags
)))
747 sm_dprintf("%s in sendq: ",
749 printaddr(sm_debug_file(), q
, false);
751 if (!bitset(QPRIMARY
, q
->q_flags
))
753 if (!QS_IS_DEAD(new->q_state
))
754 message("duplicate suppressed");
756 q
->q_state
= QS_DUPLICATE
;
757 q
->q_flags
|= new->q_flags
;
759 else if (bitset(QSELFREF
, q
->q_flags
)
760 || q
->q_state
== QS_REMOVED
)
763 ** If an earlier milter removed the
764 ** address, a later one can still add
768 q
->q_state
= new->q_state
;
769 q
->q_flags
|= new->q_flags
;
775 else if (i
< 0) /* less than */
783 /* pq should point to an address, never NULL */
784 SM_ASSERT(pq
!= NULL
);
786 /* add address on list */
790 ** insert before 'pq'. Only possible when at least 1
791 ** ADDRESS is in the list already.
796 *sendq
= new; /* To be the first ADDRESS */
798 (*prev
)->q_next
= new;
803 ** Place in list at current 'pq' position. Possible
804 ** when there are 0 or more ADDRESS's in the list.
811 /* added a new address: clear split flag */
812 e
->e_flags
&= ~EF_SPLIT
;
815 ** Alias the name and handle special mailer types.
821 sm_dprintf("at trylocaluser: ");
822 printaddr(sm_debug_file(), new, false);
825 if (!QS_IS_OK(new->q_state
))
827 if (QS_IS_UNDELIVERED(new->q_state
))
829 goto testselfdestruct
;
834 new->q_state
= QS_INCLUDED
;
835 if (new->q_alias
== NULL
|| UseMSP
||
836 bitset(EF_UNSAFE
, e
->e_flags
))
838 new->q_state
= QS_BADADDR
;
839 new->q_status
= "5.7.1";
840 usrerrenh(new->q_status
,
841 "550 Cannot mail directly to :include:s");
847 message("including file %s", new->q_user
);
848 ret
= include(new->q_user
, false, new,
849 sendq
, aliaslevel
, e
);
850 if (transienterror(ret
))
853 sm_syslog(LOG_ERR
, e
->e_id
,
854 "include %s: transient error: %s",
855 shortenstring(new->q_user
,
858 new->q_state
= QS_QUEUEUP
;
859 usrerr("451 4.2.4 Cannot open %s: %s",
860 shortenstring(new->q_user
,
866 new->q_state
= QS_BADADDR
;
867 new->q_status
= "5.2.4";
868 usrerrenh(new->q_status
,
869 "550 Cannot open %s: %s",
870 shortenstring(new->q_user
,
876 else if (m
== FileMailer
)
878 /* check if allowed */
879 if (new->q_alias
== NULL
|| UseMSP
||
880 bitset(EF_UNSAFE
, e
->e_flags
))
882 new->q_state
= QS_BADADDR
;
883 new->q_status
= "5.7.1";
884 usrerrenh(new->q_status
,
885 "550 Cannot mail directly to files");
887 else if (bitset(QBOGUSSHELL
, new->q_alias
->q_flags
))
889 new->q_state
= QS_BADADDR
;
890 new->q_status
= "5.7.1";
891 if (new->q_alias
->q_ruser
== NULL
)
892 usrerrenh(new->q_status
,
893 "550 UID %d is an unknown user: cannot mail to files",
894 new->q_alias
->q_uid
);
896 usrerrenh(new->q_status
,
897 "550 User %s@%s doesn't have a valid shell for mailing to files",
898 new->q_alias
->q_ruser
, MyHostName
);
900 else if (bitset(QUNSAFEADDR
, new->q_alias
->q_flags
))
902 new->q_state
= QS_BADADDR
;
903 new->q_status
= "5.7.1";
904 new->q_rstatus
= "550 Unsafe for mailing to files";
905 usrerrenh(new->q_status
,
906 "550 Address %s is unsafe for mailing to files",
907 new->q_alias
->q_paddr
);
912 if (!quoted
&& QS_IS_OK(new->q_state
) &&
913 bitnset(M_ALIASABLE
, m
->m_flags
))
914 alias(new, sendq
, aliaslevel
, e
);
917 /* if not aliased, look it up in the user database */
918 if (!bitset(QNOTREMOTE
, new->q_flags
) &&
919 QS_IS_SENDABLE(new->q_state
) &&
920 bitnset(M_CHECKUDB
, m
->m_flags
))
922 if (udbexpand(new, sendq
, aliaslevel
, e
) == EX_TEMPFAIL
)
924 new->q_state
= QS_QUEUEUP
;
925 if (e
->e_message
== NULL
)
926 e
->e_message
= sm_rpool_strdup_x(e
->e_rpool
,
927 "Deferred: user database error");
928 if (new->q_message
== NULL
)
929 new->q_message
= "Deferred: user database error";
931 sm_syslog(LOG_INFO
, e
->e_id
,
932 "deferred: udbexpand: %s",
933 sm_errstring(errno
));
934 message("queued (user database error): %s",
935 sm_errstring(errno
));
937 goto testselfdestruct
;
943 ** If we have a level two config file, then pass the name through
944 ** Ruleset 5 before sending it off. Ruleset 5 has the right
945 ** to rewrite it to another mailer. This gives us a hook
946 ** after local aliasing has been done.
951 sm_dprintf("recipient: testing local? cl=%d, rr5=%p\n\t",
952 ConfigLevel
, RewriteRules
[5]);
953 printaddr(sm_debug_file(), new, false);
955 if (ConfigLevel
>= 2 && RewriteRules
[5] != NULL
&&
956 bitnset(M_TRYRULESET5
, m
->m_flags
) &&
957 !bitset(QNOTREMOTE
, new->q_flags
) &&
958 QS_IS_OK(new->q_state
))
960 maplocaluser(new, sendq
, aliaslevel
+ 1, e
);
964 ** If it didn't get rewritten to another mailer, go ahead
968 if (QS_IS_OK(new->q_state
) &&
969 bitnset(M_HASPWENT
, m
->m_flags
))
975 /* warning -- finduser may trash buf */
976 status
= finduser(buf
, &fuzzy
, &user
);
980 new->q_state
= QS_QUEUEUP
;
981 new->q_status
= "4.5.2";
982 giveresponse(EX_TEMPFAIL
, new->q_status
, m
, NULL
,
983 new->q_alias
, (time_t) 0, e
, new);
986 new->q_state
= QS_BADADDR
;
987 new->q_status
= "5.1.1";
988 new->q_rstatus
= "550 5.1.1 User unknown";
989 giveresponse(EX_NOUSER
, new->q_status
, m
, NULL
,
990 new->q_alias
, (time_t) 0, e
, new);
995 /* name was a fuzzy match */
996 new->q_user
= sm_rpool_strdup_x(e
->e_rpool
,
998 if (findusercount
++ > 3)
1000 new->q_state
= QS_BADADDR
;
1001 new->q_status
= "5.4.6";
1002 usrerrenh(new->q_status
,
1003 "554 aliasing/forwarding loop for %s broken",
1008 /* see if it aliases */
1009 (void) sm_strlcpy(buf
, user
.mbdb_name
, buflen
);
1012 if (*user
.mbdb_homedir
== '\0')
1014 else if (strcmp(user
.mbdb_homedir
, "/") == 0)
1017 new->q_home
= sm_rpool_strdup_x(e
->e_rpool
,
1019 if (user
.mbdb_uid
!= SM_NO_UID
)
1021 new->q_uid
= user
.mbdb_uid
;
1022 new->q_gid
= user
.mbdb_gid
;
1023 new->q_flags
|= QGOODUID
;
1025 new->q_ruser
= sm_rpool_strdup_x(e
->e_rpool
,
1027 if (user
.mbdb_fullname
[0] != '\0')
1028 new->q_fullname
= sm_rpool_strdup_x(e
->e_rpool
,
1029 user
.mbdb_fullname
);
1030 if (!usershellok(user
.mbdb_name
, user
.mbdb_shell
))
1032 new->q_flags
|= QBOGUSSHELL
;
1034 if (bitset(EF_VRFYONLY
, e
->e_flags
))
1036 /* don't do any more now */
1037 new->q_state
= QS_VERIFIED
;
1040 forward(new, sendq
, aliaslevel
, e
);
1043 if (!QS_IS_DEAD(new->q_state
))
1047 new->q_flags
|= QTHISPASS
;
1050 sm_dprintf("testselfdestruct: ");
1051 printaddr(sm_debug_file(), new, false);
1054 sm_dprintf("SENDQ:\n");
1055 printaddr(sm_debug_file(), *sendq
, true);
1056 sm_dprintf("----\n");
1059 if (new->q_alias
== NULL
&& new != &e
->e_from
&&
1060 QS_IS_DEAD(new->q_state
))
1062 for (q
= *sendq
; q
!= NULL
; q
= q
->q_next
)
1064 if (!QS_IS_DEAD(q
->q_state
))
1069 new->q_state
= QS_BADADDR
;
1070 new->q_status
= "5.4.6";
1071 usrerrenh(new->q_status
,
1072 "554 aliasing/forwarding loop broken");
1077 new->q_flags
|= QTHISPASS
;
1079 sm_free(buf
); /* XXX leak if above code raises exception */
1082 ** If we are at the top level, check to see if this has
1083 ** expanded to exactly one address. If so, it can inherit
1084 ** the primaryness of the address.
1086 ** While we're at it, clear the QTHISPASS bits.
1089 if (aliaslevel
== 0)
1092 ADDRESS
*only
= NULL
;
1094 for (q
= *sendq
; q
!= NULL
; q
= q
->q_next
)
1096 if (bitset(QTHISPASS
, q
->q_flags
) &&
1097 QS_IS_SENDABLE(q
->q_state
))
1102 q
->q_flags
&= ~QTHISPASS
;
1106 /* check to see if this actually got a new owner */
1108 while ((q
= q
->q_alias
) != NULL
)
1110 if (q
->q_owner
!= NULL
)
1114 only
->q_flags
|= QPRIMARY
;
1116 else if (!initialdontsend
&& nrcpts
> 0)
1118 /* arrange for return receipt */
1119 e
->e_flags
|= EF_SENDRECEIPT
;
1120 new->q_flags
|= QEXPANDED
;
1121 if (e
->e_xfp
!= NULL
&&
1122 bitset(QPINGONSUCCESS
, new->q_flags
))
1123 (void) sm_io_fprintf(e
->e_xfp
, SM_TIME_DEFAULT
,
1124 "%s... expanded to multiple addresses\n",
1128 new->q_flags
|= QRCPTOK
;
1129 (void) sm_snprintf(buf0
, sizeof(buf0
), "%d", e
->e_nrcpts
);
1130 macdefine(&e
->e_macro
, A_TEMP
, macid("{nrcpts}"), buf0
);
1135 ** FINDUSER -- find the password entry for a user.
1137 ** This looks a lot like getpwnam, except that it may want to
1138 ** do some fancier pattern matching in /etc/passwd.
1140 ** This routine contains most of the time of many sendmail runs.
1141 ** It deserves to be optimized.
1144 ** name -- the name to match against.
1145 ** fuzzyp -- an outarg that is set to true if this entry
1146 ** was found using the fuzzy matching algorithm;
1147 ** set to false otherwise.
1148 ** user -- structure to fill in if user is found
1151 ** On success, fill in *user, set *fuzzyp and return EX_OK.
1152 ** If the user was not found, return EX_NOUSER.
1153 ** On error, return EX_TEMPFAIL or EX_OSERR.
1160 finduser(name
, fuzzyp
, user
)
1166 register struct passwd
*pw
;
1167 #endif /* MATCHGECOS */
1173 sm_dprintf("finduser(%s): ", name
);
1178 /* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
1179 for (p
= name
; *p
!= '\0'; p
++)
1180 if (!isascii(*p
) || !isdigit(*p
))
1185 sm_dprintf("failed (numeric input)\n");
1190 /* look up this login name using fast path */
1191 status
= sm_mbdb_lookup(name
, user
);
1192 if (status
!= EX_NOUSER
)
1195 sm_dprintf("%s (non-fuzzy)\n", sm_strexit(status
));
1199 /* try mapping it to lower case */
1201 for (p
= name
; *p
!= '\0'; p
++)
1203 if (isascii(*p
) && isupper(*p
))
1209 if (tryagain
&& (status
= sm_mbdb_lookup(name
, user
)) != EX_NOUSER
)
1212 sm_dprintf("%s (lower case)\n", sm_strexit(status
));
1218 /* see if fuzzy matching allowed */
1222 sm_dprintf("not found (fuzzy disabled)\n");
1226 /* search for a matching full name instead */
1227 for (p
= name
; *p
!= '\0'; p
++)
1229 if (*p
== (SpaceSub
& 0177) || *p
== '_')
1233 while ((pw
= getpwent()) != NULL
)
1235 char buf
[MAXNAME
+ 1];
1238 if (sm_strcasecmp(pw
->pw_name
, name
) == 0)
1241 sm_dprintf("found (case wrapped)\n");
1246 sm_pwfullname(pw
->pw_gecos
, pw
->pw_name
, buf
, sizeof(buf
));
1247 if (strchr(buf
, ' ') != NULL
&& sm_strcasecmp(buf
, name
) == 0)
1250 sm_dprintf("fuzzy matches %s\n", pw
->pw_name
);
1251 message("sending to login name %s", pw
->pw_name
);
1257 else if (tTd(29, 4))
1258 sm_dprintf("no fuzzy match found\n");
1259 # if DEC_OSF_BROKEN_GETPWENT /* DEC OSF/1 3.2 or earlier */
1261 # endif /* DEC_OSF_BROKEN_GETPWENT */
1264 sm_mbdb_frompw(user
, pw
);
1266 #else /* MATCHGECOS */
1268 sm_dprintf("not found (fuzzy disabled)\n");
1270 #endif /* MATCHGECOS */
1274 ** WRITABLE -- predicate returning if the file is writable.
1276 ** This routine must duplicate the algorithm in sys/fio.c.
1277 ** Unfortunately, we cannot use the access call since we
1278 ** won't necessarily be the real uid when we try to
1279 ** actually open the file.
1281 ** Notice that ANY file with ANY execute bit is automatically
1282 ** not writable. This is also enforced by mailfile.
1285 ** filename -- the file name to check.
1286 ** ctladdr -- the controlling address for this file.
1287 ** flags -- SFF_* flags to control the function.
1290 ** true -- if we will be able to write this file.
1291 ** false -- if we cannot write this file.
1298 writable(filename
, ctladdr
, flags
)
1308 sm_dprintf("writable(%s, 0x%lx)\n", filename
, flags
);
1311 ** File does exist -- check that it is writable.
1320 else if (ctladdr
!= NULL
)
1322 euid
= ctladdr
->q_uid
;
1323 egid
= ctladdr
->q_gid
;
1324 user
= ctladdr
->q_user
;
1326 else if (bitset(SFF_RUNASREALUID
, flags
))
1330 user
= RealUserName
;
1332 else if (FileMailer
!= NULL
&& !bitset(SFF_ROOTOK
, flags
))
1334 if (FileMailer
->m_uid
== NO_UID
)
1341 euid
= FileMailer
->m_uid
;
1344 if (FileMailer
->m_gid
== NO_GID
)
1347 egid
= FileMailer
->m_gid
;
1354 if (!bitset(SFF_ROOTOK
, flags
))
1364 if (geteuid() == 0 &&
1365 (ctladdr
== NULL
|| !bitset(QGOODUID
, ctladdr
->q_flags
)))
1366 flags
|= SFF_SETUIDOK
;
1368 if (!bitnset(DBS_FILEDELIVERYTOSYMLINK
, DontBlameSendmail
))
1369 flags
|= SFF_NOSLINK
;
1370 if (!bitnset(DBS_FILEDELIVERYTOHARDLINK
, DontBlameSendmail
))
1371 flags
|= SFF_NOHLINK
;
1373 errno
= safefile(filename
, euid
, egid
, user
, flags
, S_IWRITE
, NULL
);
1378 ** INCLUDE -- handle :include: specification.
1381 ** fname -- filename to include.
1382 ** forwarding -- if true, we are reading a .forward file.
1383 ** if false, it's a :include: file.
1384 ** ctladdr -- address template to use to fill in these
1385 ** addresses -- effective user/group id are
1386 ** the important things.
1387 ** sendq -- a pointer to the head of the send queue
1388 ** to put these addresses in.
1389 ** aliaslevel -- the alias nesting depth.
1390 ** e -- the current envelope.
1393 ** open error status
1396 ** reads the :include: file and sends to everyone
1397 ** listed in that file.
1400 ** If you have restricted chown (that is, you can't
1401 ** give a file away), it is reasonable to allow programs
1402 ** and files called from this :include: file to be to be
1403 ** run as the owner of the :include: file. This is bogus
1404 ** if there is any chance of someone giving away a file.
1405 ** We assume that pre-POSIX systems can give away files.
1407 ** There is an additional restriction that if you
1408 ** forward to a :include: file, it will not take on
1409 ** the ownership of the :include: file. This may not
1410 ** be necessary, but shouldn't hurt.
1413 static jmp_buf CtxIncludeTimeout
;
1416 include(fname
, forwarding
, ctladdr
, sendq
, aliaslevel
, e
)
1424 SM_FILE_T
*volatile fp
= NULL
;
1425 char *oldto
= e
->e_to
;
1426 char *oldfilename
= FileName
;
1427 int oldlinenumber
= LineNumber
;
1428 register SM_EVENT
*ev
= NULL
;
1431 volatile bool maxreached
= false;
1432 register ADDRESS
*ca
;
1433 volatile uid_t saveduid
;
1434 volatile gid_t savedgid
;
1437 char *volatile user
;
1439 volatile long sfflags
= SFF_REGONLY
;
1441 bool safechown
= false;
1442 volatile bool safedir
= false;
1447 sm_dprintf("include(%s)\n", fname
);
1449 sm_dprintf(" ruid=%d euid=%d\n",
1450 (int) getuid(), (int) geteuid());
1453 sm_dprintf("ctladdr ");
1454 printaddr(sm_debug_file(), ctladdr
, false);
1458 sm_dprintf("include: old uid = %d/%d\n",
1459 (int) getuid(), (int) geteuid());
1463 sfflags
|= SFF_MUSTOWN
|SFF_ROOTOK
;
1464 if (!bitnset(DBS_GROUPWRITABLEFORWARDFILE
, DontBlameSendmail
))
1465 sfflags
|= SFF_NOGWFILES
;
1466 if (!bitnset(DBS_WORLDWRITABLEFORWARDFILE
, DontBlameSendmail
))
1467 sfflags
|= SFF_NOWWFILES
;
1471 if (!bitnset(DBS_GROUPWRITABLEINCLUDEFILE
, DontBlameSendmail
))
1472 sfflags
|= SFF_NOGWFILES
;
1473 if (!bitnset(DBS_WORLDWRITABLEINCLUDEFILE
, DontBlameSendmail
))
1474 sfflags
|= SFF_NOWWFILES
;
1478 ** If RunAsUser set, won't be able to run programs as user
1479 ** so mark them as unsafe unless the administrator knows better.
1482 if ((geteuid() != 0 || RunAsUid
!= 0) &&
1483 !bitnset(DBS_NONROOTSAFEADDR
, DontBlameSendmail
))
1486 sm_dprintf("include: not safe (euid=%d, RunAsUid=%d)\n",
1487 (int) geteuid(), (int) RunAsUid
);
1488 ctladdr
->q_flags
|= QUNSAFEADDR
;
1491 ca
= getctladdr(ctladdr
);
1493 (ca
->q_uid
== DefUid
&& ca
->q_gid
== 0))
1505 #if MAILER_SETUID_METHOD != USE_SETUID
1506 saveduid
= geteuid();
1507 savedgid
= getegid();
1510 if (!DontInitGroups
)
1512 if (initgroups(user
, gid
) == -1)
1515 syserr("include: initgroups(%s, %d) failed",
1525 if (setgroups(1, gidset
) == -1)
1528 syserr("include: setgroups() failed");
1533 if (gid
!= 0 && setgid(gid
) < -1)
1536 syserr("setgid(%d) failure", gid
);
1541 # if MAILER_SETUID_METHOD == USE_SETEUID
1542 if (seteuid(uid
) < 0)
1545 syserr("seteuid(%d) failure (real=%d, eff=%d)",
1546 uid
, (int) getuid(), (int) geteuid());
1549 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
1550 # if MAILER_SETUID_METHOD == USE_SETREUID
1551 if (setreuid(0, uid
) < 0)
1554 syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
1555 uid
, (int) getuid(), (int) geteuid());
1558 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
1561 #endif /* MAILER_SETUID_METHOD != USE_SETUID */
1564 sm_dprintf("include: new uid = %d/%d\n",
1565 (int) getuid(), (int) geteuid());
1568 ** If home directory is remote mounted but server is down,
1569 ** this can hang or give errors; use a timeout to avoid this
1572 if (setjmp(CtxIncludeTimeout
) != 0)
1574 ctladdr
->q_state
= QS_QUEUEUP
;
1577 /* return pseudo-error code */
1578 rval
= E_SM_OPENTIMEOUT
;
1581 if (TimeOuts
.to_fileopen
> 0)
1582 ev
= sm_setevent(TimeOuts
.to_fileopen
, includetimeout
, 0);
1587 /* check for writable parent directory */
1588 p
= strrchr(fname
, '/');
1594 ret
= safedirpath(fname
, uid
, gid
, user
,
1595 sfflags
|SFF_SAFEDIRPATH
, 0, 0);
1598 /* in safe directory: relax chown & link rules */
1600 sfflags
|= SFF_NOPATHCHECK
;
1604 if (bitnset((forwarding
?
1605 DBS_FORWARDFILEINUNSAFEDIRPATH
:
1606 DBS_INCLUDEFILEINUNSAFEDIRPATH
),
1608 sfflags
|= SFF_NOPATHCHECK
;
1609 else if (bitnset((forwarding
?
1610 DBS_FORWARDFILEINGROUPWRITABLEDIRPATH
:
1611 DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH
),
1612 DontBlameSendmail
) &&
1615 setbitn(DBS_GROUPWRITABLEDIRPATHSAFE
,
1617 ret
= safedirpath(fname
, uid
, gid
, user
,
1618 sfflags
|SFF_SAFEDIRPATH
,
1620 clrbitn(DBS_GROUPWRITABLEDIRPATHSAFE
,
1623 sfflags
|= SFF_NOPATHCHECK
;
1625 sfflags
|= SFF_SAFEDIRPATH
;
1628 sfflags
|= SFF_SAFEDIRPATH
;
1629 if (ret
> E_PSEUDOBASE
&&
1630 !bitnset((forwarding
?
1631 DBS_FORWARDFILEINUNSAFEDIRPATHSAFE
:
1632 DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE
),
1636 sm_syslog(LOG_INFO
, e
->e_id
,
1637 "%s: unsafe directory path, marked unsafe",
1638 shortenstring(fname
, MAXSHORTSTR
));
1639 ctladdr
->q_flags
|= QUNSAFEADDR
;
1645 /* allow links only in unwritable directories */
1647 !bitnset((forwarding
?
1648 DBS_LINKEDFORWARDFILEINWRITABLEDIR
:
1649 DBS_LINKEDINCLUDEFILEINWRITABLEDIR
),
1651 sfflags
|= SFF_NOLINK
;
1653 rval
= safefile(fname
, uid
, gid
, user
, sfflags
, S_IREAD
, &st
);
1656 /* don't use this :include: file */
1658 sm_dprintf("include: not safe (uid=%d): %s\n",
1659 (int) uid
, sm_errstring(rval
));
1661 else if ((fp
= sm_io_open(SmFtStdio
, SM_TIME_DEFAULT
, fname
,
1662 SM_IO_RDONLY
, NULL
)) == NULL
)
1666 sm_dprintf("include: open: %s\n", sm_errstring(rval
));
1668 else if (filechanged(fname
, sm_io_getinfo(fp
,SM_IO_WHAT_FD
, NULL
), &st
))
1670 rval
= E_SM_FILECHANGE
;
1672 sm_dprintf("include: file changed after open\n");
1679 #if HASSETREUID || USESETEUID
1686 syserr("!seteuid(0) failure (real=%d, eff=%d)",
1687 (int) getuid(), (int) geteuid());
1688 # else /* USESETEUID */
1689 if (setreuid(-1, 0) < 0)
1690 syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
1691 (int) getuid(), (int) geteuid());
1692 if (setreuid(RealUid
, 0) < 0)
1693 syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
1694 (int) RealUid
, (int) getuid(),
1696 # endif /* USESETEUID */
1698 if (setgid(savedgid
) < 0)
1699 syserr("!setgid(%d) failure (real=%d eff=%d)",
1700 (int) savedgid
, (int) getgid(),
1703 #endif /* HASSETREUID || USESETEUID */
1706 sm_dprintf("include: reset uid = %d/%d\n",
1707 (int) getuid(), (int) geteuid());
1709 if (rval
== E_SM_OPENTIMEOUT
)
1710 usrerr("451 4.4.1 open timeout on %s", fname
);
1715 if (fstat(sm_io_getinfo(fp
, SM_IO_WHAT_FD
, NULL
), &st
) < 0)
1718 syserr("Cannot fstat %s!", fname
);
1719 (void) sm_io_close(fp
, SM_TIME_DEFAULT
);
1723 /* if path was writable, check to avoid file giveaway tricks */
1724 safechown
= chownsafe(sm_io_getinfo(fp
, SM_IO_WHAT_FD
, NULL
), safedir
);
1726 sm_dprintf("include: parent of %s is %s, chown is %ssafe\n",
1727 fname
, safedir
? "safe" : "dangerous",
1728 safechown
? "" : "un");
1730 /* if no controlling user or coming from an alias delivery */
1733 (ca
->q_uid
== DefUid
&& ca
->q_gid
== 0)))
1735 ctladdr
->q_uid
= st
.st_uid
;
1736 ctladdr
->q_gid
= st
.st_gid
;
1737 ctladdr
->q_flags
|= QGOODUID
;
1739 if (ca
!= NULL
&& ca
->q_uid
== st
.st_uid
)
1741 /* optimization -- avoid getpwuid if we already have info */
1742 ctladdr
->q_flags
|= ca
->q_flags
& QBOGUSSHELL
;
1743 ctladdr
->q_ruser
= ca
->q_ruser
;
1745 else if (!forwarding
)
1747 register struct passwd
*pw
;
1749 pw
= sm_getpwuid(st
.st_uid
);
1752 ctladdr
->q_uid
= st
.st_uid
;
1753 ctladdr
->q_flags
|= QBOGUSSHELL
;
1759 ctladdr
->q_ruser
= sm_rpool_strdup_x(e
->e_rpool
,
1764 sh
= "/SENDMAIL/ANY/SHELL/";
1765 if (!usershellok(pw
->pw_name
, sh
))
1768 sm_syslog(LOG_INFO
, e
->e_id
,
1769 "%s: user %s has bad shell %s, marked %s",
1770 shortenstring(fname
,
1773 safechown
? "bogus" : "unsafe");
1775 ctladdr
->q_flags
|= QBOGUSSHELL
;
1777 ctladdr
->q_flags
|= QUNSAFEADDR
;
1782 if (bitset(EF_VRFYONLY
, e
->e_flags
))
1784 /* don't do any more now */
1785 ctladdr
->q_state
= QS_VERIFIED
;
1787 (void) sm_io_close(fp
, SM_TIME_DEFAULT
);
1792 ** Check to see if some bad guy can write this file
1794 ** Group write checking could be more clever, e.g.,
1795 ** guessing as to which groups are actually safe ("sys"
1796 ** may be; "user" probably is not).
1800 if (!bitnset((forwarding
?
1801 DBS_GROUPWRITABLEFORWARDFILESAFE
:
1802 DBS_GROUPWRITABLEINCLUDEFILESAFE
),
1806 if (bitset(mode
, st
.st_mode
))
1809 sm_dprintf("include: %s is %s writable, marked unsafe\n",
1810 shortenstring(fname
, MAXSHORTSTR
),
1811 bitset(S_IWOTH
, st
.st_mode
) ? "world"
1814 sm_syslog(LOG_INFO
, e
->e_id
,
1815 "%s: %s writable %s file, marked unsafe",
1816 shortenstring(fname
, MAXSHORTSTR
),
1817 bitset(S_IWOTH
, st
.st_mode
) ? "world" : "group",
1818 forwarding
? "forward" : ":include:");
1819 ctladdr
->q_flags
|= QUNSAFEADDR
;
1822 /* read the file -- each line is a comma-separated list. */
1825 ctladdr
->q_flags
&= ~QSELFREF
;
1827 while (sm_io_fgets(fp
, SM_TIME_DEFAULT
, buf
, sizeof(buf
)) != NULL
&&
1832 if (buf
[0] == '#' || buf
[0] == '\0')
1835 /* <sp>#@# introduces a comment anywhere */
1836 /* for Japanese character sets */
1837 for (p
= buf
; (p
= strchr(++p
, '#')) != NULL
; )
1839 if (p
[1] == '@' && p
[2] == '#' &&
1840 isascii(p
[-1]) && isspace(p
[-1]) &&
1841 (p
[3] == '\0' || (isascii(p
[3]) && isspace(p
[3]))))
1844 while (p
> buf
&& isascii(p
[-1]) &&
1856 forwarding
? "forwarding" : "sending", buf
);
1857 if (forwarding
&& LogLevel
> 10)
1858 sm_syslog(LOG_INFO
, e
->e_id
,
1859 "forward %.200s => %s",
1860 oldto
, shortenstring(buf
, MAXSHORTSTR
));
1862 nincludes
+= sendtolist(buf
, ctladdr
, sendq
, aliaslevel
+ 1, e
);
1865 MaxForwardEntries
> 0 &&
1866 nincludes
>= MaxForwardEntries
)
1868 /* just stop reading and processing further entries */
1870 /* additional: (?) */
1871 ctladdr
->q_state
= QS_DONTSEND
;
1874 syserr("Attempt to forward to more than %d addresses (in %s)!",
1875 MaxForwardEntries
, fname
);
1880 if (sm_io_error(fp
) && tTd(27, 3))
1881 sm_dprintf("include: read error: %s\n", sm_errstring(errno
));
1882 if (nincludes
> 0 && !bitset(QSELFREF
, ctladdr
->q_flags
))
1884 if (aliaslevel
<= MaxAliasRecursion
||
1885 ctladdr
->q_state
!= QS_BADADDR
)
1887 ctladdr
->q_state
= QS_DONTSEND
;
1890 sm_dprintf("include: QS_DONTSEND ");
1891 printaddr(sm_debug_file(), ctladdr
, false);
1896 (void) sm_io_close(fp
, SM_TIME_DEFAULT
);
1897 FileName
= oldfilename
;
1898 LineNumber
= oldlinenumber
;
1904 includetimeout(ignore
)
1908 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
1909 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
1914 longjmp(CtxIncludeTimeout
, 1);
1918 ** SENDTOARGV -- send to an argument vector.
1921 ** argv -- argument vector to send to.
1922 ** e -- the current envelope.
1928 ** puts all addresses on the argument vector onto the
1934 register char **argv
;
1935 register ENVELOPE
*e
;
1939 while ((p
= *argv
++) != NULL
)
1940 (void) sendtolist(p
, NULLADDR
, &e
->e_sendqueue
, 0, e
);
1944 ** GETCTLADDR -- get controlling address from an address header.
1946 ** If none, get one corresponding to the effective userid.
1949 ** a -- the address to find the controller of.
1952 ** the controlling address.
1957 register ADDRESS
*a
;
1959 while (a
!= NULL
&& !bitset(QGOODUID
, a
->q_flags
))
1965 ** SELF_REFERENCE -- check to see if an address references itself
1967 ** The check is done through a chain of aliases. If it is part of
1968 ** a loop, break the loop at the "best" address, that is, the one
1969 ** that exists as a real user.
1971 ** This is to handle the case of:
1972 ** awc: Andrew.Chang
1973 ** Andrew.Chang: awc@mail.server
1974 ** which is a problem only on mail.server.
1977 ** a -- the address to check.
1980 ** The address that should be retained.
1987 ADDRESS
*b
; /* top entry in self ref loop */
1988 ADDRESS
*c
; /* entry that point to a real mail box */
1991 sm_dprintf("self_reference(%s)\n", a
->q_paddr
);
1993 for (b
= a
->q_alias
; b
!= NULL
; b
= b
->q_alias
)
2002 sm_dprintf("\t... no self ref\n");
2007 ** Pick the first address that resolved to a real mail box
2008 ** i.e has a mbdb entry. The returned value will be marked
2009 ** QSELFREF in recipient(), which in turn will disable alias()
2010 ** from marking it as QS_IS_DEAD(), which mean it will be used
2011 ** as a deliverable address.
2013 ** The 2 key thing to note here are:
2014 ** 1) we are in a recursive call sequence:
2015 ** alias->sendtolist->recipient->alias
2016 ** 2) normally, when we return back to alias(), the address
2017 ** will be marked QS_EXPANDED, since alias() assumes the
2018 ** expanded form will be used instead of the current address.
2019 ** This behaviour is turned off if the address is marked
2020 ** QSELFREF. We set QSELFREF when we return to recipient().
2027 sm_dprintf(" %s", c
->q_user
);
2028 if (bitnset(M_HASPWENT
, c
->q_mailer
->m_flags
))
2033 sm_dprintf("\t... getpwnam(%s)... ", c
->q_user
);
2034 if (sm_mbdb_lookup(c
->q_user
, &user
) == EX_OK
)
2037 sm_dprintf("found\n");
2039 /* ought to cache results here */
2046 sm_dprintf("failed\n");
2050 /* if local delivery, compare usernames */
2051 if (bitnset(M_LOCALMAILER
, c
->q_mailer
->m_flags
) &&
2052 b
->q_mailer
== c
->q_mailer
)
2055 sm_dprintf("\t... local match (%s)\n",
2069 sm_dprintf("\t... cannot break loop for \"%s\"\n", a
->q_paddr
);