/*
* Copyright (c) 1998 Sendmail, Inc. All rights reserved.
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level
* of the sendmail distribution.
*/
/*
* Copyright 1994-2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef lint
static char copyright[] =
"@(#) Copyright (c) 1990, 1993, 1994\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#pragma ident "%Z%%M% %I% %E% SMI"
#ifndef lint
#endif /* not lint */
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <ctype.h>
#include <string.h>
#include <sysexits.h>
#include <time.h>
#include <unistd.h>
#include <maillock.h>
#include <grp.h>
#ifdef __STDC__
#include <stdarg.h>
#else
#include <varargs.h>
#endif
#include <syslog.h>
#include <sysexits.h>
#include <ctype.h>
#include <sendmail/pathnames.h>
/*
** If you don't have flock, you could try using lockf instead.
*/
#ifdef LDA_USE_LOCKF
# ifdef LOCK_EX
# endif /* LOCK_EX */
#endif /* LDA_USE_LOCKF */
#ifndef LOCK_EX
#endif /* ! LOCK_EX */
#ifndef MAILER_DAEMON
#endif
typedef int bool;
#define FALSE 0
static int lmtpmode = 0;
#define FALSE 0
static void deliver(int, int, char *, bool);
static void e_to_sys(int);
static void notifybiff(char *);
static void store(char *, int);
static void usage(void);
static void vwarn();
static void mailerr(const char *, const char *, ...);
static void sigterm_handler();
static int ulen;
static int content_length;
static int sigterm_caught;
int
int argc;
char *argv[];
{
int ch;
char *from;
void dolmtp();
switch (ch) {
case '7': /* Do not advertise 8BITMIME */
break;
case 'b': /* bounce mail when over quota. */
bouncequota = TRUE;
break;
case 'd': /* Backward compatible. */
break;
case 'f':
case 'r': /* Backward compatible. */
warn("multiple -f options");
usage();
}
break;
case 'l':
lmtpmode++;
break;
case '?':
default:
usage();
}
/*
* We expect sendmail will invoke us with saved id 0
* We then do setgid and setuid defore delivery
* setgid to mail group
*/
if (lmtpmode) {
if (saved_uid != 0) {
warn("only super-user can use -l option");
}
}
if (!*argv)
usage();
/*
* If from not specified, use the name from getlogin() if the
* uid matches, otherwise, use the name from the password file
* corresponding to the uid.
*/
/*
* There is no way to distinguish the error status of one delivery
* from the rest of the deliveries. So, if we failed hard on one
* or more deliveries, but had no failures on any of the others, we
* return a hard failure. If we failed temporarily on one or more
* deliveries, we return a temporary failure regardless of the other
* failures. This results in the delivery being reattempted later
* at the expense of repeated failures and multiple deliveries.
*/
return (eval);
}
void
{
}
char *
parseaddr(s)
char *s;
{
char *p;
int len;
if (*s++ != '<')
return NULL;
p = s;
/* at-domain-list */
while (*p == '@') {
p++;
if (*p == '[') {
p++;
while (isascii(*p) &&
(isalnum(*p) || *p == '.' ||
*p == '-' || *p == ':'))
p++;
if (*p++ != ']')
return NULL;
} else {
strchr(".-_", *p))
p++;
}
if (*p == ',' && p[1] == '@')
p++;
else if (*p == ':' && p[1] != '@')
p++;
else
return NULL;
}
s = p;
/* local-part */
if (*p == '\"') {
p++;
while (*p && *p != '\"') {
if (*p == '\\') {
if (!*++p)
return NULL;
}
p++;
}
if (!*p++)
return NULL;
} else {
while (*p && *p != '@' && *p != '>') {
if (*p == '\\') {
if (!*++p)
return NULL;
} else {
if (*p <= ' ' || (*p & 128) ||
strchr("<>()[]\\,;:\"", *p))
return NULL;
}
p++;
}
}
/* @domain */
if (*p == '@') {
p++;
if (*p == '[') {
p++;
while (isascii(*p) &&
(isalnum(*p) || *p == '.' ||
*p == '-' || *p == ':'))
p++;
if (*p++ != ']')
return NULL;
} else {
strchr(".-_", *p))
p++;
}
}
if (*p++ != '>')
return NULL;
if (*p && *p != ' ')
return NULL;
len = p - s - 1;
if (*s == '\0' || len <= 0)
{
s = MAILER_DAEMON;
}
if (p == NULL) {
printf("421 4.3.0 memory exhausted\r\n");
}
p[len] = '\0';
return p;
}
char *
char *addr;
{
return "550 5.1.1 user unknown";
}
return NULL;
}
void
bool bouncequota;
{
int rcpt_num = 0;
int rcpt_alloc = 0;
char *err;
char *p;
int i;
for (;;) {
if (sigterm_caught) {
printf("451 4.3.0 shutting down\r\n");
}
}
if (p >= buf && *p == '\n')
*p-- = '\0';
if (p >= buf && *p == '\r')
*p-- = '\0';
switch (buf[0]) {
case 'd':
case 'D':
if (rcpt_num == 0) {
printf("503 5.5.1 No recipients\r\n");
continue;
}
continue;
for (i = 0; i < rcpt_num; i++) {
if (p != NULL)
*p++ = '\0';
}
goto rset;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'l':
case 'L':
{
/* check for duplicate per RFC 1651 4.2 */
if (gotlhlo)
{
printf("503 %s Duplicate LHLO\r\n",
continue;
}
if (EightBitMime)
printf("250-8BITMIME\r\n");
printf("250-ENHANCEDSTATUSCODES\r\n");
printf("250 PIPELINING\r\n");
continue;
}
goto syntaxerr;
/* NOTREACHED */
break;
case 'm':
case 'M':
if (return_path != NULL) {
printf("503 5.5.1 Nested MAIL command\r\n");
continue;
}
printf("501 5.5.4 Syntax error in parameters\r\n");
continue;
}
printf("250 2.5.0 ok\r\n");
continue;
}
goto syntaxerr;
case 'n':
case 'N':
printf("250 2.0.0 ok\r\n");
continue;
}
goto syntaxerr;
case 'q':
case 'Q':
printf("221 2.0.0 bye\r\n");
}
goto syntaxerr;
case 'r':
case 'R':
if (return_path == NULL) {
printf("503 5.5.1 Need MAIL command\r\n");
continue;
}
if (rcpt_num >= rcpt_alloc) {
rcpt_alloc += RCPT_GROW;
rcpt_addr = (char **)
rcpt_alloc * sizeof(char **));
printf("421 4.3.0 memory exhausted\r\n");
}
}
printf("501 5.5.4 Syntax error in parameters\r\n");
continue;
}
continue;
}
rcpt_num++;
printf("250 2.1.5 ok\r\n");
continue;
}
printf("250 2.0.0 ok\r\n");
rset:
while (rcpt_num > 0) {
}
if (return_path != NULL)
return_path = NULL;
continue;
}
goto syntaxerr;
case 'v':
case 'V':
printf("252 2.3.3 try RCPT to attempt delivery\r\n");
continue;
}
goto syntaxerr;
default:
printf("500 5.5.2 Syntax error\r\n");
continue;
}
}
}
static void
char *from;
int lmtprcpts;
{
int in_header_section;
int newfd;
bfd = -1;
hfd = -1;
if (bfd != -1)
if (lmtprcpts) {
printf("451 4.3.0 unable to open temporary file\r\n");
return;
} else {
}
}
if (lmtpmode) {
printf("354 go ahead\r\n");
}
if (hfd != -1)
err("unable to open temporary file");
}
content_length = 0;
line[0] = '\0';
{
int peek;
line_len++;
line_len++;
/* Check for dot-stuffing */
{
goto lmtpdot;
line_len--;
}
/* Check to see if we have the full line from fgets() */
if (line_len > 0)
{
{
if (line_len >= 2 &&
{
line_len--;
}
}
{
/* Did we just miss the CRLF? */
if (peek == '\n')
{
}
else
}
}
else
if (lmtprcpts) {
while (lmtprcpts--)
printf("451 4.3.0 temporary file write error\r\n");
return;
} else {
mailerr("451 4.3.0",
"temporary file write error");
}
}
continue;
}
if (in_header_section) {
continue; /* skip this header */
}
} else
if (lmtprcpts) {
while (lmtprcpts--)
printf("451 4.3.0 temporary file write error\r\n");
return;
} else {
mailerr("451 4.3.0",
"temporary file write error");
}
}
}
if (sigterm_caught) {
if (lmtprcpts)
while (lmtprcpts--)
printf("451 4.3.0 shutting down\r\n");
else
}
if (lmtprcpts) {
/* Got a premature EOF -- toss message and exit */
}
/* If message not newline terminated, need an extra. */
}
/* Output a newline; note, empty messages are allowed. */
if (lmtprcpts) {
while (lmtprcpts--) {
printf("451 4.3.0 temporary file write error\r\n");
}
return;
} else {
}
}
}
}
}
static void
int err_num;
bool bouncequota;
char *path;
{
#ifdef EDQUOT
} else
#endif /* EDQUOT */
}
static void
int hfd;
int bfd;
char *name;
bool bouncequota;
{
int len;
/*
* Disallow delivery to unknown names -- special mailboxes
* can be handled in the sendmail aliases file.
*/
eval = EX_TEMPFAIL;
return;
}
endpwent();
if (sigterm_caught) {
return;
}
/* mailbox may be NFS mounted, seteuid to user */
/*
* If saved_uid == 0 (root), anything is OK; this is
* as it should be. But to prevent a random user from
* calling "mail.local foo" in an attempt to hijack
* foo's mail-box, make sure src_uid == targ_uid o/w.
*/
warn("%s: wrong owner (is %d, should be %d)",
eval = EX_CANTCREAT;
return;
}
path[0] = '\0';
/*
* If the mailbox is linked or a symlink, fail. There's an obvious
* race here, that the file was replaced with a symbolic link after
* the lstat returned, but before the open. We attempt to detect
* this by comparing the original stat information and information
* returned by an fstat of the file descriptor returned by the open.
*
* NB: this is a symptom of a larger problem, that the mail spooling
* directory is writeable by the wrong users. If that directory is
* writeable, system security is compromised for other reasons, and
* it cannot be fixed here.
*
* just return. Another process may have already opened it, so we
* each mail delivery. We no longer do this, assuming that if the
* ownership or permissions were changed there was a reason.
*
* XXX
* open(2) should support flock'ing the file.
*/
/* should check lock status, but... maillock return no value */
if (sigterm_caught) {
goto err0;
}
if (mbfd != -1)
if (mbfd == -1) {
mailunlock();
goto tryagain;
}
}
goto err0;
goto err0;
} else {
if (mbfd != -1 &&
eval = EX_TEMPFAIL;
mailerr("550 5.2.0",
"%s: fstat: file changed after open", path);
goto err1;
}
}
if (mbfd == -1) {
goto err0;
}
if (sigterm_caught) {
goto err0;
}
/* Get the starting offset of the new message for biff. */
/* Copy the message into the file. */
goto err1;
}
/* Copy the message into the file. */
goto err1;
}
goto err2;
}
if (sigterm_caught) {
goto err2;
}
{
goto err2;
}
if (nr < 0) {
goto err2;
}
if (sigterm_caught) {
goto err2;
}
goto err2;
}
if (sigterm_caught) {
goto err2;
}
goto err2;
}
if (sigterm_caught) {
goto err2;
}
}
if (nr < 0) {
goto err2;
}
/* Flush to disk, don't wait for update. */
err0: mailunlock();
return;
}
/*
** Save the current size so if the close() fails below
** we can make sure no other process has changed the mailbox
** between the failed close and the re-open()/re-lock().
** If something else has changed the size, we shouldn't
** try to truncate it as we may do more harm then good
** (e.g., truncate a later message delivery).
*/
cursize = 0;
else
/* Close and check -- NFS doesn't write until the close. */
{
if (mbfd < 0 ||
cursize == 0
{
/* Don't use a bogus file */
if (mbfd >= 0)
{
mbfd = -1;
}
}
/* Attempt to truncate back to pre-write size */
goto err2;
} else
mailunlock();
if (lmtpmode) {
}
}
static void
char *msg;
{
static int f = -1;
int len;
/* Be silent if biff service not available. */
return;
return;
}
return;
}
if (addr.sin_family == 0)
return; /* did not initialize */
return;
}
!= len)
}
static void
usage()
{
err("usage: mail.local [-l] [-f from] user ...");
}
static void
/*VARARGS2*/
#ifdef __STDC__
#else
const char *hdr;
const char *fmt;
#endif
{
#ifdef __STDC__
#else
#endif
if (lmtpmode)
{
printf("\r\n");
}
else
{
}
}
static void
/*VARARGS1*/
#ifdef __STDC__
#else
const char *fmt;
#endif
{
#ifdef __STDC__
#else
#endif
}
static void
/*VARARGS1*/
#ifdef __STDC__
#else
const char *fmt;
#endif
{
#ifdef __STDC__
#else
#endif
}
static void
const char *fmt;
{
/*
* Log the message to stderr.
*
* Don't use LOG_PERROR as an openlog() flag to do this,
* it's not portable enough.
*/
/* Log the message to syslog. */
}
/*
* e_to_sys --
* Guess which errno's are temporary. Gag me.
*/
static void
int num;
{
/* Temporary failures override hard errors. */
if (eval == EX_TEMPFAIL)
return;
switch (num) /* Hopefully temporary errors. */
{
#ifdef EDQUOT
case EDQUOT: /* Disc quota exceeded */
if (bouncequota)
{
break;
}
/* FALLTHROUGH */
#endif /* EDQUOT */
#ifdef EAGAIN
case EAGAIN: /* Resource temporarily unavailable */
#endif
#ifdef EBUSY
case EBUSY: /* Device busy */
#endif
#ifdef EPROCLIM
case EPROCLIM: /* Too many processes */
#endif
#ifdef EUSERS
case EUSERS: /* Too many users */
#endif
#ifdef ECONNABORTED
case ECONNABORTED: /* Software caused connection abort */
#endif
#ifdef ECONNREFUSED
case ECONNREFUSED: /* Connection refused */
#endif
#ifdef ECONNRESET
case ECONNRESET: /* Connection reset by peer */
#endif
#ifdef EDEADLK
case EDEADLK: /* Resource deadlock avoided */
#endif
#ifdef EFBIG
case EFBIG: /* File too large */
#endif
#ifdef EHOSTDOWN
case EHOSTDOWN: /* Host is down */
#endif
#ifdef EHOSTUNREACH
case EHOSTUNREACH: /* No route to host */
#endif
#ifdef EMFILE
case EMFILE: /* Too many open files */
#endif
#ifdef ENETDOWN
case ENETDOWN: /* Network is down */
#endif
#ifdef ENETRESET
case ENETRESET: /* Network dropped connection on reset */
#endif
#ifdef ENETUNREACH
case ENETUNREACH: /* Network is unreachable */
#endif
#ifdef ENFILE
case ENFILE: /* Too many open files in system */
#endif
#ifdef ENOBUFS
case ENOBUFS: /* No buffer space available */
#endif
#ifdef ENOMEM
case ENOMEM: /* Cannot allocate memory */
#endif
#ifdef ENOSPC
case ENOSPC: /* No space left on device */
#endif
#ifdef EROFS
case EROFS: /* Read-only file system */
#endif
#ifdef ESTALE
case ESTALE: /* Stale NFS file handle */
#endif
#ifdef ETIMEDOUT
case ETIMEDOUT: /* Connection timed out */
#endif
case EWOULDBLOCK: /* Operation would block. */
#endif
eval = EX_TEMPFAIL;
break;
default:
break;
}
}