/*
* Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*
*/
#include <sendmail.h>
SM_RCSID("@(#)$Id: savemail.c,v 8.314 2009/12/18 17:08:01 ca Exp $")
static bool pruneroute __P((char *));
/*
** SAVEMAIL -- Save mail on error
**
** If mailing back errors, mail it back to the originator
** together with an error message; otherwise, just put it in
** dead.letter in the user's home directory (if he exists on
** this machine).
**
** Parameters:
** e -- the envelope containing the message in error.
** sendbody -- if true, also send back the body of the
** message; otherwise just send the header.
**
** Returns:
** true if savemail panic'ed, (i.e., the data file should
** be preserved by dropenvelope())
**
** Side Effects:
** Saves the letter, by writing or mailing it back to the
** sender, or by putting it in dead.letter in her home
** directory.
*/
/* defines for state machine */
bool
register ENVELOPE *e;
bool sendbody;
{
bool panic = false;
int state;
register char *p;
int flags;
long sff;
{
sm_dprintf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n e_from=",
ExitStat);
}
{
/* can't return a message with no id */
return panic;
}
/*
** In the unhappy event we don't know who to return the mail
** to, make someone up.
*/
{
e->e_sender = "Postmaster";
{
syserr("553 5.3.5 Cannot parse Postmaster!");
finis(true, true, EX_SOFTWARE);
}
}
/*
** Basic state machine.
**
** This machine runs through the following states:
**
** ESM_QUIET Errors have already been printed iff the
** sender is local.
** ESM_REPORT Report directly to the sender's terminal.
** ESM_MAIL Mail response to the sender.
** ESM_DEADLETTER Save response in ~/dead.letter.
** ESM_POSTMASTER Mail response to the postmaster.
** ESM_DEADLETTERDROP
** If DeadLetterDrop set, save it there.
** ESM_PANIC Save response anywhere possible.
*/
/* determine starting state */
switch (e->e_errormode)
{
case EM_WRITE:
state = ESM_REPORT;
break;
case EM_BERKNET:
case EM_MAIL:
break;
case EM_PRINT:
case '\0':
break;
case EM_QUIET:
/* no need to return anything at all */
return panic;
default:
syserr("554 5.3.0 savemail: bogus errormode x%x",
e->e_errormode);
break;
}
/* if this is already an error response, send to postmaster */
{
{
/* got an error sending a response -- can it */
return panic;
}
}
{
switch (state)
{
case ESM_QUIET:
else
break;
case ESM_REPORT:
/*
** If the user is still logged in on the same terminal,
** then write the error messages back to hir (sic).
*/
#if USE_TTYPATH
p = ttypath();
#else /* USE_TTYPATH */
p = NULL;
#endif /* USE_TTYPATH */
p, SM_IO_WRONLY, NULL,
{
break;
}
"\r\nMessage from %s...\r\n", buf);
"Errors occurred while sending mail.\r\n");
{
"Transcript follows:\r\n");
(void) sm_io_fputs(smioout,
buf);
}
else
{
syserr("Cannot open %s",
queuename(e, XSCRPT_LETTER));
"Transcript of session is unavailable.\r\n");
}
"Original message will be saved in dead.letter.\r\n");
break;
case ESM_MAIL:
/*
** If mailing back, do it.
** Throw away all further output. Don't alias,
** since this could cause loops, e.g., if joe
** mails to joe@x, and for some reason the network
** for @x is down, then the response gets sent to
** joe@x, which gives a response, etc. Also force
** the mail to be delivered even if a version of
** it has already been sent to the sender.
**
** If this is a configuration or local software
** error, send to the local postmaster as well,
** since the originator can't do anything
** about it anyway. Note that this is a full
** copy of the message (intentionally) so that
** the Postmaster can forward things along.
*/
{
&e->e_errorqueue, 0, e);
}
{
{
break;
}
if (!DontPruneRoutes)
(void) pruneroute(from);
&e->e_errorqueue, 0, e);
}
/*
** Deliver a non-delivery report to the
** Postmaster-designate (not necessarily
** Postmaster). This does not include the
** body of the message, for privacy reasons.
** You really shouldn't need this.
*/
e->e_flags |= EF_PM_NOTIFY;
/* check to see if there are any good addresses */
{
if (QS_IS_SENDABLE(q->q_state))
break;
}
if (q == NULL)
{
/* this is an error-error */
break;
}
: RTSF_NO_BODY,
e) == 0)
{
break;
}
/* didn't work -- return to postmaster */
break;
case ESM_POSTMASTER:
/*
** Similar to previous case, but to system postmaster.
*/
q = NULL;
/*
** Just drop it on the floor if DoubleBounceAddr
** expands to an empty string.
*/
if (*buf == '\0')
{
break;
}
{
break;
}
if (sendbody)
flags |= RTSF_SEND_BODY;
{
break;
}
/* didn't work -- last resort */
break;
case ESM_DEADLETTER:
/*
** Save the message in dead.letter.
** If we weren't mailing back, and the user is
** local, we should save the message in
** ~/dead.letter so that the poor person doesn't
** have to type it over again -- and we all know
** what poor typists UNIX users are.
*/
p = NULL;
{
== EX_OK &&
p = user.mbdb_homedir;
}
{
/* no local directory or no data file */
break;
}
/* we have a home directory; write dead.letter */
/* get the sender for the UnixFromLine */
p = macvalue('g', e);
if (RealUid == 0)
sff |= SFF_ROOTOK;
{
Verbose = 1;
if (Verbose > 0)
break;
}
break;
case ESM_DEADLETTERDROP:
/*
** Log the mail in DeadLetterDrop file.
*/
if (e->e_class < 0)
{
break;
}
DeadLetterDrop == NULL ||
DeadLetterDrop[0] == '\0')
{
break;
}
{
break;
}
/* get the sender for the UnixFromLine */
p = macvalue('g', e);
if (!putfromline(&mcibuf, e) ||
M87F_OUTER) ||
sm_io_error(fp) ||
else
{
Verbose = 1;
if (Verbose > 0)
message("Saved message in %s",
if (LogLevel > 3)
"Saved message in %s",
}
break;
default:
/* FALLTHROUGH */
case ESM_PANIC:
/* leave the locked queue & transcript files around */
loseqfile(e, "savemail panic");
panic = true;
errno = 0;
syserr("554 savemail: cannot save rejected email anywhere");
break;
}
}
return panic;
}
/*
** RETURNTOSENDER -- return a message to the sender with an error.
**
** Parameters:
** msg -- the explanatory message.
** returnq -- the queue of people to send the message to.
** flags -- flags tweaking the operation:
** RTSF_SENDBODY -- include body of message (otherwise
** just send the header).
** RTSF_PMBOUNCE -- this is a postmaster bounce.
** e -- the current envelope.
**
** Returns:
** zero -- if everything went ok.
** else -- some error.
**
** Side Effects:
** Returns the current message to the sender via mail.
*/
int
char *msg;
int flags;
register ENVELOPE *e;
{
static int returndepth = 0;
register ADDRESS *q;
char *p;
return -1;
msg = "Unable to deliver mail";
{
sm_dprintf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%p, returnq=",
msg, returndepth, e);
{
sm_dprintf("Sendq=");
}
}
if (++returndepth >= MAXRETURNS)
{
if (returndepth != MAXRETURNS)
syserr("554 5.3.0 returntosender: infinite recursion on %s",
/* don't "unrecurse" and fake a clean exit */
/* returndepth--; */
return 0;
}
/* initialize error envelope */
{
/*
** If we can't convert to MIME and we don't pass
** 8-bit, we can't send the body.
*/
flags &= ~RTSF_SEND_BODY;
}
else
if (!setnewqueue(ee))
{
syserr("554 5.3.0 returntosender: cannot select queue for %s",
returndepth--;
return -1;
}
#if NAMED_BIND
#endif /* NAMED_BIND */
{
if (QS_IS_BADADDR(q->q_state))
continue;
q->q_flags |= QPINGONFAILURE;
if (!QS_IS_DEAD(q->q_state))
}
if (LogLevel > 5)
{
p = "return to sender";
p = "sender notify";
p = "postmaster notify";
else
p = "DSN";
}
if (SendMIMEErrors)
{
#if DSN
#else /* DSN */
#endif /* DSN */
ee->e_msgboundary);
p = NULL;
p = "8bit";
if (p != NULL)
}
{
p = "warning-timeout";
}
{
p = "postmaster-warning";
}
{
p = "return-receipt";
}
{
"Postmaster notify: see transcript for details");
p = "postmaster-notification";
}
else
{
"Returned mail: see transcript for details");
p = "failure";
}
/* fake up an address header for the from person */
{
syserr("553 5.3.5 Can't parse myself!");
returndepth--;
return -1;
}
/* push state into submessage */
/* mark statistics */
/* actually deliver the error message */
/* restore state */
(void) dropenvelope(ee, true, false);
returndepth--;
/* check for delivery errors */
return 0;
{
if (QS_IS_ATTEMPTED(q->q_state))
return 0;
}
return -1;
}
/*
** ERRBODY -- output the body of an error message.
**
** Typically this is a copy of the transcript plus a copy of the
** original offending message.
**
** Parameters:
** mci -- the mailer connection information.
** e -- the envelope we are working in.
** separator -- any possible MIME separator (unused).
**
** Returns:
** true iff body was written successfully
**
** Side Effects:
** Outputs the body of an error message.
*/
/* ARGSUSED2 */
static bool
register ENVELOPE *e;
char *separator;
{
bool printheader;
bool sendbody;
bool pm_notify;
int save_errno;
char *p;
{
goto writeerr;
}
{
syserr("errbody: null parent");
goto writeerr;
return true;
}
/*
** Output MIME header.
*/
if (e->e_msgboundary != NULL)
{
goto writeerr;
}
/*
** Output introductory information.
*/
pm_notify = false;
pm_notify = true;
else
{
{
if (QS_IS_BADADDR(q->q_state))
break;
}
}
{
if (!putline(" **********************************************",
mci) ||
!putline(" ** THIS IS A WARNING MESSAGE ONLY **",
mci) ||
!putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **",
mci) ||
!putline(" **********************************************",
mci) ||
goto writeerr;
}
"The original message was received at %s",
goto writeerr;
goto writeerr;
/* include id in postmaster copies */
{
goto writeerr;
}
goto writeerr;
/*
** Output error message header (if specified and available).
*/
if (ErrMsgFile != NULL &&
{
if (*ErrMsgFile == '/')
{
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
sff |= SFF_SAFEDIRPATH;
{
{
int lbs;
bool putok;
char *lbp;
if (!putok)
goto writeerr;
}
goto writeerr;
}
}
else
{
goto writeerr;
}
}
/*
** Output message introduction
*/
/* permanent fatal errors */
printheader = true;
{
if (!QS_IS_BADADDR(q->q_state) ||
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had permanent fatal errors -----",
mci))
goto writeerr;
printheader = false;
}
sizeof(buf));
goto writeerr;
{
" (reason: %s)",
MAXSHORTSTR));
goto writeerr;
}
{
" (expanded from: %s)",
MAXSHORTSTR));
goto writeerr;
}
}
goto writeerr;
/* transient non-fatal errors */
printheader = true;
{
if (QS_IS_BADADDR(q->q_state) ||
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had transient non-fatal errors -----",
mci))
goto writeerr;
printheader = false;
}
sizeof(buf));
goto writeerr;
{
" (expanded from: %s)",
MAXSHORTSTR));
goto writeerr;
}
}
goto writeerr;
/* successful delivery notifications */
printheader = true;
{
if (QS_IS_BADADDR(q->q_state) ||
continue;
p = "Deliver-By notify: relayed";
p = "Deliver-By trace: relayed";
continue;
p = "relayed to non-DSN-aware mailer";
{
p = "successfully delivered to mailing list";
else
p = "successfully delivered to mailbox";
}
p = "expanded by alias";
else
continue;
if (printheader)
{
if (!putline(" ----- The following addresses had successful delivery notifications -----",
mci))
goto writeerr;
printheader = false;
}
goto writeerr;
{
" (expanded from: %s)",
MAXSHORTSTR));
goto writeerr;
}
}
goto writeerr;
/*
** Output transcript of errors
*/
{
if (!putline(" ----- Transcript of session is unavailable -----\n",
mci))
goto writeerr;
}
else
{
printheader = true;
{
mci))
goto writeerr;
printheader = false;
goto writeerr;
}
}
errno = 0;
#if DSN
/*
** Output machine-readable version.
*/
if (e->e_msgboundary != NULL)
{
goto writeerr;
/*
** Output per-message information.
*/
/* original envelope id from MAIL FROM: line */
{
"Original-Envelope-Id: %.800s",
goto writeerr;
}
/* Reporting-MTA: is us (required) */
"Reporting-MTA: dns; %.800s", MyHostName);
goto writeerr;
/* DSN-Gateway: not relevant since we are not translating */
/* Received-From-MTA: shows where we got this message from */
if (RealHostName != NULL)
{
/* XXX use $s for type? */
p = "dns";
"Received-From-MTA: %s; %.800s",
p, RealHostName);
goto writeerr;
}
/* Arrival-Date: -- when it arrived here */
goto writeerr;
/* Deliver-By-Date: -- when it should have been delivered */
if (IS_DLVR_BY(e->e_parent))
{
"Deliver-By-Date: ",
goto writeerr;
}
/*
** Output per-address information.
*/
{
char *action;
if (QS_IS_BADADDR(q->q_state))
{
/* RFC 1891, 6.2.6 (b) */
continue;
action = "failed";
}
continue;
{
action = "delivered (to mailing list)";
else
action = "delivered (to mailbox)";
}
action = "relayed (to non-DSN-aware mailer)";
action = "expanded (to multi-recipient alias)";
action = "delayed";
action = "relayed (Deliver-By trace mode)";
action = "delayed (Deliver-By notify mode)";
action = "relayed (Deliver-By notify mode)";
else
continue;
goto writeerr;
/* Original-Recipient: -- passed from on high */
{
"Original-Recipient: %.800s",
q->q_orcpt);
goto writeerr;
}
/* Figure out actual recipient */
actual[0] = '\0';
if (q->q_user[0] != '\0')
{
p = q->q_mailer->m_addrtype;
else
p = "rfc822";
if (sm_strcasecmp(p, "rfc822") == 0 &&
{
(void) sm_snprintf(actual,
sizeof(actual),
"%s; %.700s@%.100s",
p, q->q_user,
}
else
{
(void) sm_snprintf(actual,
sizeof(actual),
"%s; %.800s",
p, q->q_user);
}
}
/* Final-Recipient: -- the name from the RCPT command */
if (q->q_finalrcpt == NULL)
{
/* should never happen */
"returntosender: q_finalrcpt is NULL");
/* try to fall back to the actual recipient */
if (actual[0] != '\0')
actual);
}
if (q->q_finalrcpt != NULL)
{
"Final-Recipient: %s",
q->q_finalrcpt);
goto writeerr;
}
/* X-Actual-Recipient: -- the real problem address */
if (actual[0] != '\0' &&
q->q_finalrcpt != NULL &&
{
"X-Actual-Recipient: %s",
actual);
goto writeerr;
}
/* Action: -- what happened? */
action);
goto writeerr;
/* Status: -- what _really_ happened? */
p = q->q_status;
else if (QS_IS_BADADDR(q->q_state))
p = "5.0.0";
else if (QS_IS_QUEUEUP(q->q_state))
p = "4.0.0";
else
p = "2.0.0";
goto writeerr;
/* Remote-MTA: -- who was I talking to? */
{
p = "dns";
"Remote-MTA: %s; %.800s",
p, q->q_statmta);
if (*p == '.')
*p = '\0';
goto writeerr;
}
/* Diagnostic-Code: -- actual result from other end */
{
p = "smtp";
"Diagnostic-Code: %s; %.800s",
p, q->q_rstatus);
goto writeerr;
}
/* Last-Attempt-Date: -- fine granularity */
if (q->q_statdate == (time_t) 0L)
q->q_statdate = curtime();
"Last-Attempt-Date: ",
goto writeerr;
/* Will-Retry-Until: -- for delayed messages only */
if (QS_IS_QUEUEUP(q->q_state))
{
"Will-Retry-Until: ",
goto writeerr;
}
}
}
#endif /* DSN */
/*
** Output text of original message
*/
goto writeerr;
{
if (e->e_msgboundary == NULL)
{
if (!putline(
? " ----- Original message follows -----\n"
: " ----- Message header follows -----\n",
mci))
{
goto writeerr;
}
}
else
{
e->e_msgboundary);
goto writeerr;
: "text/rfc822-headers");
goto writeerr;
p = hvalue("Content-Transfer-Encoding",
p = NULL;
if (p == NULL &&
p = "8bit";
if (p != NULL)
{
"Content-Transfer-Encoding: %s",
p);
goto writeerr;
}
}
goto writeerr;
save_errno = errno;
goto writeerr;
errno = save_errno;
if (sendbody)
{
goto writeerr;
}
else if (e->e_msgboundary == NULL)
{
!putline(" ----- Message body suppressed -----",
mci))
{
goto writeerr;
}
}
}
else if (e->e_msgboundary == NULL)
{
goto writeerr;
}
if (e->e_msgboundary != NULL)
{
"--");
goto writeerr;
}
goto writeerr;
/*
** Cleanup and exit
*/
if (errno != 0)
{
syserr("errbody: I/O error");
return false;
}
return true;
}
/*
** SMTPTODSN -- convert SMTP to DSN status code
**
** Parameters:
** smtpstat -- the smtp status code (e.g., 550).
**
** Returns:
** The DSN version of the status code.
**
** Storage Management:
** smtptodsn() returns a pointer to a character string literal,
** which will remain valid forever, and thus does not need to
** be copied. Current code relies on this property.
*/
char *
int smtpstat;
{
if (smtpstat < 0)
return "4.4.2";
switch (smtpstat)
{
case 450: /* Req mail action not taken: mailbox unavailable */
return "4.2.0";
case 451: /* Req action aborted: local error in processing */
return "4.3.0";
case 452: /* Req action not taken: insufficient sys storage */
return "4.3.1";
case 500: /* Syntax error, command unrecognized */
return "5.5.2";
case 501: /* Syntax error in parameters or arguments */
return "5.5.4";
case 502: /* Command not implemented */
return "5.5.1";
case 503: /* Bad sequence of commands */
return "5.5.1";
case 504: /* Command parameter not implemented */
return "5.5.4";
case 550: /* Req mail action not taken: mailbox unavailable */
return "5.2.0";
case 551: /* User not local; please try <...> */
return "5.1.6";
case 552: /* Req mail action aborted: exceeded storage alloc */
return "5.2.2";
case 553: /* Req action not taken: mailbox name not allowed */
return "5.1.0";
case 554: /* Transaction failed */
return "5.0.0";
}
return "2.0.0";
return "4.0.0";
return "5.0.0";
}
/*
** XTEXTIFY -- take regular text and turn it into DSN-style xtext
**
** Parameters:
** t -- the text to convert.
** taboo -- additional characters that must be encoded.
**
** Returns:
** The xtext-ified version of the same string.
*/
char *
register char *t;
char *taboo;
{
register char *p;
int l;
int nbogus;
static int bplen = 0;
taboo = "";
/* figure out how long this xtext will have to be */
nbogus = l = 0;
for (p = t; *p != '\0'; p++)
{
register int c = (*p & 0xff);
/* ASCII dependence here -- this is the way the spec words it */
if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
nbogus++;
l++;
}
if (nbogus < 0)
{
/* since nbogus is ssize_t and wrapped, 2 * size_t would wrap */
syserr("!xtextify string too long");
}
if (nbogus == 0)
return t;
/* now allocate space if necessary for the new string */
if (l > bplen)
{
bp = sm_pmalloc_x(l);
bplen = l;
}
/* ok, copy the text with byte expansion */
for (p = bp; *t != '\0'; )
{
register int c = (*t++ & 0xff);
/* ASCII dependence here -- this is the way the spec words it */
if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' ||
{
*p++ = '+';
*p++ = "0123456789ABCDEF"[c >> 4];
*p++ = "0123456789ABCDEF"[c & 0xf];
}
else
*p++ = c;
}
*p = '\0';
return bp;
}
/*
** XUNTEXTIFY -- take xtext and turn it into plain text
**
** Parameters:
** t -- the xtextified text.
**
** Returns:
** The decoded text. No attempt is made to deal with
** null strings in the resulting text.
*/
char *
xuntextify(t)
register char *t;
{
register char *p;
int l;
static int bplen = 0;
/* heuristic -- if no plus sign, just return the input */
return t;
/* xtext is always longer than decoded text */
l = strlen(t);
if (l > bplen)
{
bplen = l;
}
/* ok, copy the text with byte compression */
for (p = bp; *t != '\0'; t++)
{
register int c = *t & 0xff;
if (c != '+')
{
*p++ = c;
continue;
}
c = *++t & 0xff;
{
/* error -- first digit is not hex */
usrerr("bogus xtext: +%c", c);
t--;
continue;
}
if (isdigit(c))
c -= '0';
else if (isupper(c))
c -= 'A' - 10;
else
c -= 'a' - 10;
*p = c << 4;
c = *++t & 0xff;
{
/* error -- second digit is not hex */
t--;
continue;
}
if (isdigit(c))
c -= '0';
else if (isupper(c))
c -= 'A' - 10;
else
c -= 'a' - 10;
*p++ |= c;
}
*p = '\0';
return bp;
}
/*
** XTEXTOK -- check if a string is legal xtext
**
** Xtext is used in Delivery Status Notifications. The spec was
** taken from RFC 1891, ``SMTP Service Extension for Delivery
** Status Notifications''.
**
** Parameters:
** s -- the string to check.
**
** Returns:
** true -- if 's' is legal xtext.
** false -- if it has any illegal characters in it.
*/
bool
xtextok(s)
char *s;
{
int c;
while ((c = *s++) != '\0')
{
if (c == '+')
{
c = *s++;
return false;
c = *s++;
return false;
}
else if (c < '!' || c > '~' || c == '=')
return false;
}
return true;
}
/*
** PRUNEROUTE -- prune an RFC-822 source route
**
** Trims down a source route to the last internet-registered hop.
** This is encouraged by RFC 1123 section 5.3.3.
**
** Parameters:
** addr -- the address
**
** Returns:
** true -- address was modified
** false -- address could not be pruned
**
** Side Effects:
** modifies addr in-place
*/
static bool
char *addr;
{
#if NAMED_BIND
char c;
int braclev;
int rcode;
int i;
/* check to see if this is really a route-addr */
return false;
/*
** Can't simply find the first ':' is the address might be in the
** form: "<@[IPv6:::1]:user@host>" and the first ':' in inside
** the IPv6 address.
*/
braclev = 0;
while (*start != '\0')
{
break;
else if (*start == '[')
braclev++;
braclev--;
start++;
}
return false;
return false;
/* slice off the angle brackets */
if (i >= sizeof(hostbuf))
return false;
{
{
return true;
}
c = *start;
*start = '\0';
else
*start = c;
}
#endif /* NAMED_BIND */
return false;
}