Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
3386088d | 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* The main code for delivering a message. */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
dadff1d4 | 12 | #include <assert.h> |
059ec3d9 PH |
13 | |
14 | ||
15 | /* Data block for keeping track of subprocesses for parallel remote | |
16 | delivery. */ | |
17 | ||
18 | typedef struct pardata { | |
19 | address_item *addrlist; /* chain of addresses */ | |
20 | address_item *addr; /* next address data expected for */ | |
21 | pid_t pid; /* subprocess pid */ | |
22 | int fd; /* pipe fd for getting result from subprocess */ | |
23 | int transport_count; /* returned transport count value */ | |
24 | BOOL done; /* no more data needed */ | |
25 | uschar *msg; /* error message */ | |
26 | uschar *return_path; /* return_path for these addresses */ | |
27 | } pardata; | |
28 | ||
29 | /* Values for the process_recipients variable */ | |
30 | ||
31 | enum { RECIP_ACCEPT, RECIP_IGNORE, RECIP_DEFER, | |
32 | RECIP_FAIL, RECIP_FAIL_FILTER, RECIP_FAIL_TIMEOUT, | |
33 | RECIP_FAIL_LOOP}; | |
34 | ||
35 | /* Mutually recursive functions for marking addresses done. */ | |
36 | ||
37 | static void child_done(address_item *, uschar *); | |
38 | static void address_done(address_item *, uschar *); | |
39 | ||
40 | /* Table for turning base-62 numbers into binary */ | |
41 | ||
42 | static uschar tab62[] = | |
43 | {0,1,2,3,4,5,6,7,8,9,0,0,0,0,0,0, /* 0-9 */ | |
44 | 0,10,11,12,13,14,15,16,17,18,19,20, /* A-K */ | |
45 | 21,22,23,24,25,26,27,28,29,30,31,32, /* L-W */ | |
46 | 33,34,35, 0, 0, 0, 0, 0, /* X-Z */ | |
47 | 0,36,37,38,39,40,41,42,43,44,45,46, /* a-k */ | |
48 | 47,48,49,50,51,52,53,54,55,56,57,58, /* l-w */ | |
49 | 59,60,61}; /* x-z */ | |
50 | ||
51 | ||
52 | /************************************************* | |
53 | * Local static variables * | |
54 | *************************************************/ | |
55 | ||
56 | /* addr_duplicate is global because it needs to be seen from the Envelope-To | |
57 | writing code. */ | |
58 | ||
59 | static address_item *addr_defer = NULL; | |
60 | static address_item *addr_failed = NULL; | |
61 | static address_item *addr_fallback = NULL; | |
62 | static address_item *addr_local = NULL; | |
63 | static address_item *addr_new = NULL; | |
64 | static address_item *addr_remote = NULL; | |
65 | static address_item *addr_route = NULL; | |
66 | static address_item *addr_succeed = NULL; | |
6c1c3d1d WB |
67 | static address_item *addr_dsntmp = NULL; |
68 | static address_item *addr_senddsn = NULL; | |
059ec3d9 PH |
69 | |
70 | static FILE *message_log = NULL; | |
71 | static BOOL update_spool; | |
72 | static BOOL remove_journal; | |
73 | static int parcount = 0; | |
74 | static pardata *parlist = NULL; | |
75 | static int return_count; | |
76 | static uschar *frozen_info = US""; | |
77 | static uschar *used_return_path = NULL; | |
78 | ||
79 | static uschar spoolname[PATH_MAX]; | |
80 | ||
81 | ||
82 | ||
83 | /************************************************* | |
84 | * Make a new address item * | |
85 | *************************************************/ | |
86 | ||
87 | /* This function gets the store and initializes with default values. The | |
88 | transport_return value defaults to DEFER, so that any unexpected failure to | |
89 | deliver does not wipe out the message. The default unique string is set to a | |
90 | copy of the address, so that its domain can be lowercased. | |
91 | ||
92 | Argument: | |
93 | address the RFC822 address string | |
94 | copy force a copy of the address | |
95 | ||
96 | Returns: a pointer to an initialized address_item | |
97 | */ | |
98 | ||
99 | address_item * | |
100 | deliver_make_addr(uschar *address, BOOL copy) | |
101 | { | |
102 | address_item *addr = store_get(sizeof(address_item)); | |
103 | *addr = address_defaults; | |
104 | if (copy) address = string_copy(address); | |
105 | addr->address = address; | |
106 | addr->unique = string_copy(address); | |
107 | return addr; | |
108 | } | |
109 | ||
110 | ||
111 | ||
112 | ||
113 | /************************************************* | |
114 | * Set expansion values for an address * | |
115 | *************************************************/ | |
116 | ||
117 | /* Certain expansion variables are valid only when handling an address or | |
118 | address list. This function sets them up or clears the values, according to its | |
119 | argument. | |
120 | ||
121 | Arguments: | |
122 | addr the address in question, or NULL to clear values | |
123 | Returns: nothing | |
124 | */ | |
125 | ||
126 | void | |
127 | deliver_set_expansions(address_item *addr) | |
128 | { | |
d6c82d7b | 129 | if (!addr) |
059ec3d9 | 130 | { |
55414b25 | 131 | const uschar ***p = address_expansions; |
d6c82d7b | 132 | while (*p) **p++ = NULL; |
059ec3d9 PH |
133 | return; |
134 | } | |
135 | ||
136 | /* Exactly what gets set depends on whether there is one or more addresses, and | |
137 | what they contain. These first ones are always set, taking their values from | |
138 | the first address. */ | |
139 | ||
d6c82d7b | 140 | if (!addr->host_list) |
059ec3d9 PH |
141 | { |
142 | deliver_host = deliver_host_address = US""; | |
a7538db1 | 143 | deliver_host_port = 0; |
059ec3d9 PH |
144 | } |
145 | else | |
146 | { | |
147 | deliver_host = addr->host_list->name; | |
148 | deliver_host_address = addr->host_list->address; | |
a7538db1 | 149 | deliver_host_port = addr->host_list->port; |
059ec3d9 PH |
150 | } |
151 | ||
152 | deliver_recipients = addr; | |
d43cbe25 JH |
153 | deliver_address_data = addr->prop.address_data; |
154 | deliver_domain_data = addr->prop.domain_data; | |
155 | deliver_localpart_data = addr->prop.localpart_data; | |
059ec3d9 PH |
156 | |
157 | /* These may be unset for multiple addresses */ | |
158 | ||
159 | deliver_domain = addr->domain; | |
160 | self_hostname = addr->self_hostname; | |
161 | ||
8523533c TK |
162 | #ifdef EXPERIMENTAL_BRIGHTMAIL |
163 | bmi_deliver = 1; /* deliver by default */ | |
164 | bmi_alt_location = NULL; | |
165 | bmi_base64_verdict = NULL; | |
166 | bmi_base64_tracker_verdict = NULL; | |
167 | #endif | |
168 | ||
059ec3d9 PH |
169 | /* If there's only one address we can set everything. */ |
170 | ||
d6c82d7b | 171 | if (!addr->next) |
059ec3d9 PH |
172 | { |
173 | address_item *addr_orig; | |
174 | ||
175 | deliver_localpart = addr->local_part; | |
176 | deliver_localpart_prefix = addr->prefix; | |
177 | deliver_localpart_suffix = addr->suffix; | |
178 | ||
d6c82d7b | 179 | for (addr_orig = addr; addr_orig->parent; addr_orig = addr_orig->parent) ; |
059ec3d9 PH |
180 | deliver_domain_orig = addr_orig->domain; |
181 | ||
182 | /* Re-instate any prefix and suffix in the original local part. In all | |
183 | normal cases, the address will have a router associated with it, and we can | |
184 | choose the caseful or caseless version accordingly. However, when a system | |
185 | filter sets up a pipe, file, or autoreply delivery, no router is involved. | |
186 | In this case, though, there won't be any prefix or suffix to worry about. */ | |
187 | ||
d6c82d7b JH |
188 | deliver_localpart_orig = !addr_orig->router |
189 | ? addr_orig->local_part | |
190 | : addr_orig->router->caseful_local_part | |
191 | ? addr_orig->cc_local_part | |
192 | : addr_orig->lc_local_part; | |
059ec3d9 PH |
193 | |
194 | /* If there's a parent, make its domain and local part available, and if | |
195 | delivering to a pipe or file, or sending an autoreply, get the local | |
196 | part from the parent. For pipes and files, put the pipe or file string | |
197 | into address_pipe and address_file. */ | |
198 | ||
d6c82d7b | 199 | if (addr->parent) |
059ec3d9 PH |
200 | { |
201 | deliver_domain_parent = addr->parent->domain; | |
d6c82d7b JH |
202 | deliver_localpart_parent = !addr->parent->router |
203 | ? addr->parent->local_part | |
204 | : addr->parent->router->caseful_local_part | |
205 | ? addr->parent->cc_local_part | |
206 | : addr->parent->lc_local_part; | |
059ec3d9 PH |
207 | |
208 | /* File deliveries have their own flag because they need to be picked out | |
209 | as special more often. */ | |
210 | ||
211 | if (testflag(addr, af_pfr)) | |
212 | { | |
d6c82d7b JH |
213 | if (testflag(addr, af_file)) address_file = addr->local_part; |
214 | else if (deliver_localpart[0] == '|') address_pipe = addr->local_part; | |
059ec3d9 PH |
215 | deliver_localpart = addr->parent->local_part; |
216 | deliver_localpart_prefix = addr->parent->prefix; | |
217 | deliver_localpart_suffix = addr->parent->suffix; | |
218 | } | |
219 | } | |
8523533c TK |
220 | |
221 | #ifdef EXPERIMENTAL_BRIGHTMAIL | |
222 | /* Set expansion variables related to Brightmail AntiSpam */ | |
223 | bmi_base64_verdict = bmi_get_base64_verdict(deliver_localpart_orig, deliver_domain_orig); | |
224 | bmi_base64_tracker_verdict = bmi_get_base64_tracker_verdict(bmi_base64_verdict); | |
225 | /* get message delivery status (0 - don't deliver | 1 - deliver) */ | |
226 | bmi_deliver = bmi_get_delivery_status(bmi_base64_verdict); | |
227 | /* if message is to be delivered, get eventual alternate location */ | |
d6c82d7b | 228 | if (bmi_deliver == 1) |
8523533c | 229 | bmi_alt_location = bmi_get_alt_location(bmi_base64_verdict); |
8523533c TK |
230 | #endif |
231 | ||
059ec3d9 PH |
232 | } |
233 | ||
234 | /* For multiple addresses, don't set local part, and leave the domain and | |
f7fd3850 PH |
235 | self_hostname set only if it is the same for all of them. It is possible to |
236 | have multiple pipe and file addresses, but only when all addresses have routed | |
237 | to the same pipe or file. */ | |
059ec3d9 PH |
238 | |
239 | else | |
240 | { | |
241 | address_item *addr2; | |
f7fd3850 PH |
242 | if (testflag(addr, af_pfr)) |
243 | { | |
d6c82d7b JH |
244 | if (testflag(addr, af_file)) address_file = addr->local_part; |
245 | else if (addr->local_part[0] == '|') address_pipe = addr->local_part; | |
f7fd3850 | 246 | } |
d6c82d7b | 247 | for (addr2 = addr->next; addr2; addr2 = addr2->next) |
059ec3d9 | 248 | { |
d6c82d7b | 249 | if (deliver_domain && Ustrcmp(deliver_domain, addr2->domain) != 0) |
059ec3d9 | 250 | deliver_domain = NULL; |
d6c82d7b JH |
251 | if ( self_hostname |
252 | && ( !addr2->self_hostname | |
253 | || Ustrcmp(self_hostname, addr2->self_hostname) != 0 | |
254 | ) ) | |
059ec3d9 | 255 | self_hostname = NULL; |
d6c82d7b | 256 | if (!deliver_domain && !self_hostname) break; |
059ec3d9 PH |
257 | } |
258 | } | |
259 | } | |
260 | ||
261 | ||
262 | ||
263 | ||
264 | /************************************************* | |
265 | * Open a msglog file * | |
266 | *************************************************/ | |
267 | ||
268 | /* This function is used both for normal message logs, and for files in the | |
269 | msglog directory that are used to catch output from pipes. Try to create the | |
270 | directory if it does not exist. From release 4.21, normal message logs should | |
271 | be created when the message is received. | |
272 | ||
273 | Argument: | |
274 | filename the file name | |
275 | mode the mode required | |
276 | error used for saying what failed | |
277 | ||
278 | Returns: a file descriptor, or -1 (with errno set) | |
279 | */ | |
280 | ||
281 | static int | |
282 | open_msglog_file(uschar *filename, int mode, uschar **error) | |
283 | { | |
284 | int fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); | |
285 | ||
286 | if (fd < 0 && errno == ENOENT) | |
287 | { | |
288 | uschar temp[16]; | |
289 | sprintf(CS temp, "msglog/%s", message_subdir); | |
290 | if (message_subdir[0] == 0) temp[6] = 0; | |
291 | (void)directory_make(spool_directory, temp, MSGLOG_DIRECTORY_MODE, TRUE); | |
292 | fd = Uopen(filename, O_WRONLY|O_APPEND|O_CREAT, mode); | |
293 | } | |
294 | ||
295 | /* Set the close-on-exec flag and change the owner to the exim uid/gid (this | |
296 | function is called as root). Double check the mode, because the group setting | |
297 | doesn't always get set automatically. */ | |
298 | ||
299 | if (fd >= 0) | |
300 | { | |
ff790e47 | 301 | (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); |
059ec3d9 PH |
302 | if (fchown(fd, exim_uid, exim_gid) < 0) |
303 | { | |
304 | *error = US"chown"; | |
305 | return -1; | |
306 | } | |
307 | if (fchmod(fd, mode) < 0) | |
308 | { | |
309 | *error = US"chmod"; | |
310 | return -1; | |
311 | } | |
312 | } | |
313 | else *error = US"create"; | |
314 | ||
315 | return fd; | |
316 | } | |
317 | ||
318 | ||
319 | ||
320 | ||
321 | /************************************************* | |
322 | * Write to msglog if required * | |
323 | *************************************************/ | |
324 | ||
325 | /* Write to the message log, if configured. This function may also be called | |
326 | from transports. | |
327 | ||
328 | Arguments: | |
329 | format a string format | |
330 | ||
331 | Returns: nothing | |
332 | */ | |
333 | ||
334 | void | |
335 | deliver_msglog(const char *format, ...) | |
336 | { | |
337 | va_list ap; | |
338 | if (!message_logs) return; | |
339 | va_start(ap, format); | |
340 | vfprintf(message_log, format, ap); | |
341 | fflush(message_log); | |
342 | va_end(ap); | |
343 | } | |
344 | ||
345 | ||
346 | ||
347 | ||
348 | /************************************************* | |
349 | * Replicate status for batch * | |
350 | *************************************************/ | |
351 | ||
352 | /* When a transport handles a batch of addresses, it may treat them | |
353 | individually, or it may just put the status in the first one, and return FALSE, | |
354 | requesting that the status be copied to all the others externally. This is the | |
355 | replication function. As well as the status, it copies the transport pointer, | |
356 | which may have changed if appendfile passed the addresses on to a different | |
357 | transport. | |
358 | ||
359 | Argument: pointer to the first address in a chain | |
360 | Returns: nothing | |
361 | */ | |
362 | ||
363 | static void | |
364 | replicate_status(address_item *addr) | |
365 | { | |
366 | address_item *addr2; | |
d6c82d7b | 367 | for (addr2 = addr->next; addr2; addr2 = addr2->next) |
059ec3d9 | 368 | { |
d6c82d7b | 369 | addr2->transport = addr->transport; |
059ec3d9 | 370 | addr2->transport_return = addr->transport_return; |
d6c82d7b JH |
371 | addr2->basic_errno = addr->basic_errno; |
372 | addr2->more_errno = addr->more_errno; | |
373 | addr2->special_action = addr->special_action; | |
374 | addr2->message = addr->message; | |
375 | addr2->user_message = addr->user_message; | |
059ec3d9 PH |
376 | } |
377 | } | |
378 | ||
379 | ||
380 | ||
381 | /************************************************* | |
382 | * Compare lists of hosts * | |
383 | *************************************************/ | |
384 | ||
385 | /* This function is given two pointers to chains of host items, and it yields | |
386 | TRUE if the lists refer to the same hosts in the same order, except that | |
387 | ||
388 | (1) Multiple hosts with the same non-negative MX values are permitted to appear | |
389 | in different orders. Round-robinning nameservers can cause this to happen. | |
390 | ||
391 | (2) Multiple hosts with the same negative MX values less than MX_NONE are also | |
392 | permitted to appear in different orders. This is caused by randomizing | |
393 | hosts lists. | |
394 | ||
395 | This enables Exim to use a single SMTP transaction for sending to two entirely | |
396 | different domains that happen to end up pointing at the same hosts. | |
397 | ||
398 | Arguments: | |
399 | one points to the first host list | |
400 | two points to the second host list | |
401 | ||
402 | Returns: TRUE if the lists refer to the same host set | |
403 | */ | |
404 | ||
405 | static BOOL | |
406 | same_hosts(host_item *one, host_item *two) | |
407 | { | |
d6c82d7b | 408 | while (one && two) |
059ec3d9 PH |
409 | { |
410 | if (Ustrcmp(one->name, two->name) != 0) | |
411 | { | |
412 | int mx = one->mx; | |
413 | host_item *end_one = one; | |
414 | host_item *end_two = two; | |
415 | ||
416 | /* Batch up only if there was no MX and the list was not randomized */ | |
417 | ||
418 | if (mx == MX_NONE) return FALSE; | |
419 | ||
420 | /* Find the ends of the shortest sequence of identical MX values */ | |
421 | ||
d6c82d7b JH |
422 | while ( end_one->next && end_one->next->mx == mx |
423 | && end_two->next && end_two->next->mx == mx) | |
059ec3d9 PH |
424 | { |
425 | end_one = end_one->next; | |
426 | end_two = end_two->next; | |
427 | } | |
428 | ||
429 | /* If there aren't any duplicates, there's no match. */ | |
430 | ||
431 | if (end_one == one) return FALSE; | |
432 | ||
433 | /* For each host in the 'one' sequence, check that it appears in the 'two' | |
434 | sequence, returning FALSE if not. */ | |
435 | ||
436 | for (;;) | |
437 | { | |
438 | host_item *hi; | |
439 | for (hi = two; hi != end_two->next; hi = hi->next) | |
440 | if (Ustrcmp(one->name, hi->name) == 0) break; | |
441 | if (hi == end_two->next) return FALSE; | |
442 | if (one == end_one) break; | |
443 | one = one->next; | |
444 | } | |
445 | ||
446 | /* All the hosts in the 'one' sequence were found in the 'two' sequence. | |
447 | Ensure both are pointing at the last host, and carry on as for equality. */ | |
448 | ||
449 | two = end_two; | |
450 | } | |
451 | ||
452 | /* Hosts matched */ | |
453 | ||
454 | one = one->next; | |
455 | two = two->next; | |
456 | } | |
457 | ||
458 | /* True if both are NULL */ | |
459 | ||
460 | return (one == two); | |
461 | } | |
462 | ||
463 | ||
464 | ||
465 | /************************************************* | |
466 | * Compare header lines * | |
467 | *************************************************/ | |
468 | ||
469 | /* This function is given two pointers to chains of header items, and it yields | |
470 | TRUE if they are the same header texts in the same order. | |
471 | ||
472 | Arguments: | |
473 | one points to the first header list | |
474 | two points to the second header list | |
475 | ||
476 | Returns: TRUE if the lists refer to the same header set | |
477 | */ | |
478 | ||
479 | static BOOL | |
480 | same_headers(header_line *one, header_line *two) | |
481 | { | |
d6c82d7b | 482 | for (;; one = one->next, two = two->next) |
059ec3d9 PH |
483 | { |
484 | if (one == two) return TRUE; /* Includes the case where both NULL */ | |
d6c82d7b | 485 | if (!one || !two) return FALSE; |
059ec3d9 | 486 | if (Ustrcmp(one->text, two->text) != 0) return FALSE; |
059ec3d9 PH |
487 | } |
488 | } | |
489 | ||
490 | ||
491 | ||
492 | /************************************************* | |
493 | * Compare string settings * | |
494 | *************************************************/ | |
495 | ||
496 | /* This function is given two pointers to strings, and it returns | |
497 | TRUE if they are the same pointer, or if the two strings are the same. | |
498 | ||
499 | Arguments: | |
500 | one points to the first string | |
501 | two points to the second string | |
502 | ||
503 | Returns: TRUE or FALSE | |
504 | */ | |
505 | ||
506 | static BOOL | |
507 | same_strings(uschar *one, uschar *two) | |
508 | { | |
509 | if (one == two) return TRUE; /* Includes the case where both NULL */ | |
d6c82d7b | 510 | if (!one || !two) return FALSE; |
059ec3d9 PH |
511 | return (Ustrcmp(one, two) == 0); |
512 | } | |
513 | ||
514 | ||
515 | ||
516 | /************************************************* | |
517 | * Compare uid/gid for addresses * | |
518 | *************************************************/ | |
519 | ||
520 | /* This function is given a transport and two addresses. It yields TRUE if the | |
521 | uid/gid/initgroups settings for the two addresses are going to be the same when | |
522 | they are delivered. | |
523 | ||
524 | Arguments: | |
525 | tp the transort | |
526 | addr1 the first address | |
527 | addr2 the second address | |
528 | ||
529 | Returns: TRUE or FALSE | |
530 | */ | |
531 | ||
532 | static BOOL | |
533 | same_ugid(transport_instance *tp, address_item *addr1, address_item *addr2) | |
534 | { | |
d6c82d7b JH |
535 | if ( !tp->uid_set && !tp->expand_uid |
536 | && !tp->deliver_as_creator | |
537 | && ( testflag(addr1, af_uid_set) != testflag(addr2, af_gid_set) | |
538 | || ( testflag(addr1, af_uid_set) | |
539 | && ( addr1->uid != addr2->uid | |
540 | || testflag(addr1, af_initgroups) != testflag(addr2, af_initgroups) | |
541 | ) ) ) ) | |
542 | return FALSE; | |
059ec3d9 | 543 | |
d6c82d7b JH |
544 | if ( !tp->gid_set && !tp->expand_gid |
545 | && ( testflag(addr1, af_gid_set) != testflag(addr2, af_gid_set) | |
546 | || ( testflag(addr1, af_gid_set) | |
547 | && addr1->gid != addr2->gid | |
548 | ) ) ) | |
549 | return FALSE; | |
059ec3d9 PH |
550 | |
551 | return TRUE; | |
552 | } | |
553 | ||
554 | ||
555 | ||
556 | ||
557 | /************************************************* | |
558 | * Record that an address is complete * | |
559 | *************************************************/ | |
560 | ||
561 | /* This function records that an address is complete. This is straightforward | |
562 | for most addresses, where the unique address is just the full address with the | |
563 | domain lower cased. For homonyms (addresses that are the same as one of their | |
564 | ancestors) their are complications. Their unique addresses have \x\ prepended | |
565 | (where x = 0, 1, 2...), so that de-duplication works correctly for siblings and | |
566 | cousins. | |
567 | ||
568 | Exim used to record the unique addresses of homonyms as "complete". This, | |
569 | however, fails when the pattern of redirection varies over time (e.g. if taking | |
570 | unseen copies at only some times of day) because the prepended numbers may vary | |
571 | from one delivery run to the next. This problem is solved by never recording | |
572 | prepended unique addresses as complete. Instead, when a homonymic address has | |
573 | actually been delivered via a transport, we record its basic unique address | |
574 | followed by the name of the transport. This is checked in subsequent delivery | |
575 | runs whenever an address is routed to a transport. | |
576 | ||
577 | If the completed address is a top-level one (has no parent, which means it | |
578 | cannot be homonymic) we also add the original address to the non-recipients | |
579 | tree, so that it gets recorded in the spool file and therefore appears as | |
580 | "done" in any spool listings. The original address may differ from the unique | |
581 | address in the case of the domain. | |
582 | ||
583 | Finally, this function scans the list of duplicates, marks as done any that | |
584 | match this address, and calls child_done() for their ancestors. | |
585 | ||
586 | Arguments: | |
587 | addr address item that has been completed | |
588 | now current time as a string | |
589 | ||
590 | Returns: nothing | |
591 | */ | |
592 | ||
593 | static void | |
594 | address_done(address_item *addr, uschar *now) | |
595 | { | |
596 | address_item *dup; | |
597 | ||
598 | update_spool = TRUE; /* Ensure spool gets updated */ | |
599 | ||
600 | /* Top-level address */ | |
601 | ||
d6c82d7b | 602 | if (!addr->parent) |
059ec3d9 PH |
603 | { |
604 | tree_add_nonrecipient(addr->unique); | |
605 | tree_add_nonrecipient(addr->address); | |
606 | } | |
607 | ||
608 | /* Homonymous child address */ | |
609 | ||
610 | else if (testflag(addr, af_homonym)) | |
611 | { | |
d6c82d7b | 612 | if (addr->transport) |
059ec3d9 PH |
613 | tree_add_nonrecipient( |
614 | string_sprintf("%s/%s", addr->unique + 3, addr->transport->name)); | |
059ec3d9 PH |
615 | } |
616 | ||
617 | /* Non-homonymous child address */ | |
618 | ||
619 | else tree_add_nonrecipient(addr->unique); | |
620 | ||
621 | /* Check the list of duplicate addresses and ensure they are now marked | |
622 | done as well. */ | |
623 | ||
d6c82d7b | 624 | for (dup = addr_duplicate; dup; dup = dup->next) |
059ec3d9 PH |
625 | if (Ustrcmp(addr->unique, dup->unique) == 0) |
626 | { | |
57730b52 | 627 | tree_add_nonrecipient(dup->unique); |
059ec3d9 PH |
628 | child_done(dup, now); |
629 | } | |
059ec3d9 PH |
630 | } |
631 | ||
632 | ||
633 | ||
634 | ||
635 | /************************************************* | |
636 | * Decrease counts in parents and mark done * | |
637 | *************************************************/ | |
638 | ||
639 | /* This function is called when an address is complete. If there is a parent | |
640 | address, its count of children is decremented. If there are still other | |
641 | children outstanding, the function exits. Otherwise, if the count has become | |
642 | zero, address_done() is called to mark the parent and its duplicates complete. | |
643 | Then loop for any earlier ancestors. | |
644 | ||
645 | Arguments: | |
646 | addr points to the completed address item | |
647 | now the current time as a string, for writing to the message log | |
648 | ||
649 | Returns: nothing | |
650 | */ | |
651 | ||
652 | static void | |
653 | child_done(address_item *addr, uschar *now) | |
654 | { | |
655 | address_item *aa; | |
d6c82d7b | 656 | while (addr->parent) |
059ec3d9 PH |
657 | { |
658 | addr = addr->parent; | |
659 | if ((addr->child_count -= 1) > 0) return; /* Incomplete parent */ | |
660 | address_done(addr, now); | |
661 | ||
662 | /* Log the completion of all descendents only when there is no ancestor with | |
663 | the same original address. */ | |
664 | ||
d6c82d7b | 665 | for (aa = addr->parent; aa; aa = aa->parent) |
059ec3d9 | 666 | if (Ustrcmp(aa->address, addr->address) == 0) break; |
d6c82d7b | 667 | if (aa) continue; |
059ec3d9 PH |
668 | |
669 | deliver_msglog("%s %s: children all complete\n", now, addr->address); | |
670 | DEBUG(D_deliver) debug_printf("%s: children all complete\n", addr->address); | |
671 | } | |
672 | } | |
673 | ||
674 | ||
675 | ||
ac881e27 TF |
676 | /************************************************* |
677 | * Delivery logging support functions * | |
678 | *************************************************/ | |
679 | ||
680 | /* The LOGGING() checks in d_log_interface() are complicated for backwards | |
681 | compatibility. When outgoing interface logging was originally added, it was | |
682 | conditional on just incoming_interface (which is off by default). The | |
683 | outgoing_interface option is on by default to preserve this behaviour, but | |
684 | you can enable incoming_interface and disable outgoing_interface to get I= | |
685 | fields on incoming lines only. | |
686 | ||
687 | Arguments: | |
688 | s The log line buffer | |
689 | sizep Pointer to the buffer size | |
690 | ptrp Pointer to current index into buffer | |
691 | addr The address to be logged | |
692 | ||
693 | Returns: New value for s | |
694 | */ | |
059ec3d9 | 695 | |
67d81c10 | 696 | static uschar * |
ac881e27 | 697 | d_log_interface(uschar *s, int *sizep, int *ptrp) |
67d81c10 | 698 | { |
ac881e27 | 699 | if (LOGGING(incoming_interface) && LOGGING(outgoing_interface) |
d6c82d7b | 700 | && sending_ip_address) |
ac881e27 TF |
701 | { |
702 | s = string_append(s, sizep, ptrp, 2, US" I=[", sending_ip_address); | |
d6c82d7b JH |
703 | s = LOGGING(outgoing_port) |
704 | ? string_append(s, sizep, ptrp, 2, US"]:", | |
705 | string_sprintf("%d", sending_port)) | |
706 | : string_cat(s, sizep, ptrp, "]", 1); | |
ac881e27 TF |
707 | } |
708 | return s; | |
67d81c10 JH |
709 | } |
710 | ||
ac881e27 TF |
711 | |
712 | ||
713 | static uschar * | |
714 | d_hostlog(uschar *s, int *sizep, int *ptrp, address_item *addr) | |
715 | { | |
716 | s = string_append(s, sizep, ptrp, 5, US" H=", addr->host_used->name, | |
717 | US" [", addr->host_used->address, US"]"); | |
718 | if (LOGGING(outgoing_port)) | |
719 | s = string_append(s, sizep, ptrp, 2, US":", string_sprintf("%d", | |
720 | addr->host_used->port)); | |
721 | return d_log_interface(s, sizep, ptrp); | |
722 | } | |
723 | ||
724 | ||
725 | ||
67d81c10 JH |
726 | #ifdef SUPPORT_TLS |
727 | static uschar * | |
728 | d_tlslog(uschar * s, int * sizep, int * ptrp, address_item * addr) | |
729 | { | |
d6c82d7b | 730 | if (LOGGING(tls_cipher) && addr->cipher) |
ac881e27 | 731 | s = string_append(s, sizep, ptrp, 2, US" X=", addr->cipher); |
d6c82d7b | 732 | if (LOGGING(tls_certificate_verified) && addr->cipher) |
ac881e27 TF |
733 | s = string_append(s, sizep, ptrp, 2, US" CV=", |
734 | testflag(addr, af_cert_verified) | |
735 | ? | |
53a7196b | 736 | #ifdef EXPERIMENTAL_DANE |
ac881e27 TF |
737 | testflag(addr, af_dane_verified) |
738 | ? "dane" | |
739 | : | |
53a7196b | 740 | #endif |
ac881e27 TF |
741 | "yes" |
742 | : "no"); | |
d6c82d7b | 743 | if (LOGGING(tls_peerdn) && addr->peerdn) |
ac881e27 TF |
744 | s = string_append(s, sizep, ptrp, 3, US" DN=\"", |
745 | string_printing(addr->peerdn), US"\""); | |
746 | return s; | |
67d81c10 JH |
747 | } |
748 | #endif | |
749 | ||
a7538db1 | 750 | |
14a465c3 JH |
751 | |
752 | ||
774ef2d7 | 753 | #ifdef EXPERIMENTAL_EVENT |
b30275b8 | 754 | uschar * |
55414b25 | 755 | event_raise(uschar * action, const uschar * event, uschar * ev_data) |
a7538db1 JH |
756 | { |
757 | uschar * s; | |
758 | if (action) | |
759 | { | |
760 | DEBUG(D_deliver) | |
774ef2d7 | 761 | debug_printf("Event(%s): event_action=|%s| delivery_IP=%s\n", |
a7538db1 JH |
762 | event, |
763 | action, deliver_host_address); | |
764 | ||
774ef2d7 JH |
765 | event_name = event; |
766 | event_data = ev_data; | |
a7538db1 JH |
767 | |
768 | if (!(s = expand_string(action)) && *expand_string_message) | |
769 | log_write(0, LOG_MAIN|LOG_PANIC, | |
774ef2d7 | 770 | "failed to expand event_action %s in %s: %s\n", |
a7538db1 JH |
771 | event, transport_name, expand_string_message); |
772 | ||
774ef2d7 | 773 | event_name = event_data = NULL; |
a7538db1 JH |
774 | |
775 | /* If the expansion returns anything but an empty string, flag for | |
776 | the caller to modify his normal processing | |
777 | */ | |
778 | if (s && *s) | |
779 | { | |
780 | DEBUG(D_deliver) | |
774ef2d7 | 781 | debug_printf("Event(%s): event_action returned \"%s\"\n", event, s); |
b30275b8 | 782 | return s; |
a7538db1 JH |
783 | } |
784 | } | |
b30275b8 | 785 | return NULL; |
a7538db1 | 786 | } |
14a465c3 | 787 | |
5ef5dd52 | 788 | void |
55414b25 | 789 | msg_event_raise(const uschar * event, const address_item * addr) |
14a465c3 | 790 | { |
55414b25 | 791 | const uschar * save_domain = deliver_domain; |
14a465c3 | 792 | uschar * save_local = deliver_localpart; |
55414b25 | 793 | const uschar * save_host = deliver_host; |
5ef5dd52 JB |
794 | const uschar * save_address = deliver_host_address; |
795 | const int save_port = deliver_host_port; | |
14a465c3 JH |
796 | |
797 | if (!addr->transport) | |
798 | return; | |
799 | ||
800 | router_name = addr->router ? addr->router->name : NULL; | |
801 | transport_name = addr->transport->name; | |
802 | deliver_domain = addr->domain; | |
803 | deliver_localpart = addr->local_part; | |
c562fd30 | 804 | deliver_host = addr->host_used ? addr->host_used->name : NULL; |
14a465c3 | 805 | |
774ef2d7 | 806 | (void) event_raise(addr->transport->event_action, event, |
5ef5dd52 JB |
807 | addr->host_used |
808 | || Ustrcmp(addr->transport->driver_name, "smtp") == 0 | |
809 | || Ustrcmp(addr->transport->driver_name, "lmtp") == 0 | |
810 | ? addr->message : NULL); | |
14a465c3 | 811 | |
5ef5dd52 JB |
812 | deliver_host_port = save_port; |
813 | deliver_host_address = save_address; | |
c562fd30 | 814 | deliver_host = save_host; |
14a465c3 JH |
815 | deliver_localpart = save_local; |
816 | deliver_domain = save_domain; | |
817 | router_name = transport_name = NULL; | |
818 | } | |
774ef2d7 | 819 | #endif /*EXPERIMENTAL_EVENT*/ |
14a465c3 JH |
820 | |
821 | ||
a7538db1 | 822 | |
817d9f57 | 823 | /* If msg is NULL this is a delivery log and logchar is used. Otherwise |
67d81c10 | 824 | this is a nonstandard call; no two-character delivery flag is written |
817d9f57 JH |
825 | but sender-host and sender are prefixed and "msg" is inserted in the log line. |
826 | ||
827 | Arguments: | |
828 | flags passed to log_write() | |
829 | */ | |
e4bdf652 | 830 | void |
817d9f57 | 831 | delivery_log(int flags, address_item * addr, int logchar, uschar * msg) |
e4bdf652 JH |
832 | { |
833 | uschar *log_address; | |
834 | int size = 256; /* Used for a temporary, */ | |
835 | int ptr = 0; /* expanding buffer, for */ | |
836 | uschar *s; /* building log lines; */ | |
837 | void *reset_point; /* released afterwards. */ | |
838 | ||
e4bdf652 JH |
839 | /* Log the delivery on the main log. We use an extensible string to build up |
840 | the log line, and reset the store afterwards. Remote deliveries should always | |
841 | have a pointer to the host item that succeeded; local deliveries can have a | |
842 | pointer to a single host item in their host list, for use by the transport. */ | |
843 | ||
774ef2d7 | 844 | #ifdef EXPERIMENTAL_EVENT |
a7538db1 | 845 | /* presume no successful remote delivery */ |
783b385f | 846 | lookup_dnssec_authenticated = NULL; |
d68218c7 JH |
847 | #endif |
848 | ||
e4bdf652 | 849 | s = reset_point = store_get(size); |
e4bdf652 | 850 | |
6c6d6e48 | 851 | log_address = string_log_address(addr, LOGGING(all_parents), TRUE); |
817d9f57 JH |
852 | if (msg) |
853 | s = string_append(s, &size, &ptr, 3, host_and_ident(TRUE), US" ", log_address); | |
854 | else | |
855 | { | |
856 | s[ptr++] = logchar; | |
857 | s = string_append(s, &size, &ptr, 2, US"> ", log_address); | |
858 | } | |
e4bdf652 | 859 | |
6c6d6e48 | 860 | if (LOGGING(sender_on_delivery) || msg) |
3c8b3577 JH |
861 | s = string_append(s, &size, &ptr, 3, US" F=<", |
862 | #ifdef EXPERIMENTAL_INTERNATIONAL | |
863 | testflag(addr, af_utf8_downcvt) | |
864 | ? string_address_utf8_to_alabel(sender_address, NULL) | |
865 | : | |
866 | #endif | |
867 | sender_address, | |
868 | US">"); | |
e4bdf652 JH |
869 | |
870 | #ifdef EXPERIMENTAL_SRS | |
d43cbe25 JH |
871 | if(addr->prop.srs_sender) |
872 | s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->prop.srs_sender, US">"); | |
e4bdf652 JH |
873 | #endif |
874 | ||
875 | /* You might think that the return path must always be set for a successful | |
876 | delivery; indeed, I did for some time, until this statement crashed. The case | |
877 | when it is not set is for a delivery to /dev/null which is optimised by not | |
878 | being run at all. */ | |
879 | ||
d6c82d7b | 880 | if (used_return_path && LOGGING(return_path_on_delivery)) |
e4bdf652 JH |
881 | s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); |
882 | ||
817d9f57 JH |
883 | if (msg) |
884 | s = string_append(s, &size, &ptr, 2, US" ", msg); | |
e4bdf652 | 885 | |
817d9f57 | 886 | /* For a delivery from a system filter, there may not be a router */ |
d6c82d7b | 887 | if (addr->router) |
e4bdf652 JH |
888 | s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); |
889 | ||
890 | s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); | |
891 | ||
6c6d6e48 | 892 | if (LOGGING(delivery_size)) |
e4bdf652 JH |
893 | s = string_append(s, &size, &ptr, 2, US" S=", |
894 | string_sprintf("%d", transport_count)); | |
895 | ||
896 | /* Local delivery */ | |
897 | ||
898 | if (addr->transport->info->local) | |
899 | { | |
a7538db1 | 900 | if (addr->host_list) |
e4bdf652 | 901 | s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name); |
ac881e27 | 902 | s = d_log_interface(s, &size, &ptr); |
d6c82d7b | 903 | if (addr->shadow_message) |
e4bdf652 JH |
904 | s = string_cat(s, &size, &ptr, addr->shadow_message, |
905 | Ustrlen(addr->shadow_message)); | |
906 | } | |
907 | ||
908 | /* Remote delivery */ | |
909 | ||
910 | else | |
911 | { | |
783b385f | 912 | if (addr->host_used) |
e4bdf652 | 913 | { |
67d81c10 | 914 | s = d_hostlog(s, &size, &ptr, addr); |
e4bdf652 JH |
915 | if (continue_sequence > 1) |
916 | s = string_cat(s, &size, &ptr, US"*", 1); | |
d68218c7 | 917 | |
774ef2d7 | 918 | #ifdef EXPERIMENTAL_EVENT |
a7538db1 JH |
919 | deliver_host_address = addr->host_used->address; |
920 | deliver_host_port = addr->host_used->port; | |
029f4192 | 921 | deliver_host = addr->host_used->name; |
783b385f JH |
922 | |
923 | /* DNS lookup status */ | |
924 | lookup_dnssec_authenticated = addr->host_used->dnssec==DS_YES ? US"yes" | |
925 | : addr->host_used->dnssec==DS_NO ? US"no" | |
926 | : NULL; | |
a7538db1 | 927 | #endif |
e4bdf652 JH |
928 | } |
929 | ||
a7538db1 | 930 | #ifdef SUPPORT_TLS |
67d81c10 | 931 | s = d_tlslog(s, &size, &ptr, addr); |
a7538db1 | 932 | #endif |
e4bdf652 | 933 | |
018c60d7 | 934 | if (addr->authenticator) |
6f123593 | 935 | { |
018c60d7 JH |
936 | s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator); |
937 | if (addr->auth_id) | |
c8e2fc1e | 938 | { |
018c60d7 | 939 | s = string_append(s, &size, &ptr, 2, US":", addr->auth_id); |
6c6d6e48 | 940 | if (LOGGING(smtp_mailauth) && addr->auth_sndr) |
018c60d7 | 941 | s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr); |
c8e2fc1e | 942 | } |
6f123593 JH |
943 | } |
944 | ||
a7538db1 | 945 | #ifndef DISABLE_PRDR |
fd98a5c6 JH |
946 | if (addr->flags & af_prdr_used) |
947 | s = string_append(s, &size, &ptr, 1, US" PRDR"); | |
a7538db1 | 948 | #endif |
76f44207 WB |
949 | } |
950 | ||
951 | /* confirmation message (SMTP (host_used) and LMTP (driver_name)) */ | |
fd98a5c6 | 952 | |
d6c82d7b JH |
953 | if ( LOGGING(smtp_confirmation) |
954 | && addr->message | |
955 | && (addr->host_used || Ustrcmp(addr->transport->driver_name, "lmtp") == 0) | |
956 | ) | |
76f44207 | 957 | { |
b980ed83 | 958 | unsigned i; |
1c5b1499 | 959 | unsigned lim = big_buffer_size < 1024 ? big_buffer_size : 1024; |
76f44207 WB |
960 | uschar *p = big_buffer; |
961 | uschar *ss = addr->message; | |
962 | *p++ = '\"'; | |
b980ed83 | 963 | for (i = 0; i < lim && ss[i] != 0; i++) /* limit logged amount */ |
e4bdf652 | 964 | { |
27520a68 | 965 | if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\'; /* quote \ and " */ |
76f44207 | 966 | *p++ = ss[i]; |
e4bdf652 | 967 | } |
76f44207 WB |
968 | *p++ = '\"'; |
969 | *p = 0; | |
970 | s = string_append(s, &size, &ptr, 2, US" C=", big_buffer); | |
e4bdf652 JH |
971 | } |
972 | ||
973 | /* Time on queue and actual time taken to deliver */ | |
974 | ||
6c6d6e48 | 975 | if (LOGGING(queue_time)) |
e4bdf652 | 976 | s = string_append(s, &size, &ptr, 2, US" QT=", |
19050083 | 977 | readconf_printtime( (int) ((long)time(NULL) - (long)received_time)) ); |
e4bdf652 | 978 | |
6c6d6e48 | 979 | if (LOGGING(deliver_time)) |
e4bdf652 JH |
980 | s = string_append(s, &size, &ptr, 2, US" DT=", |
981 | readconf_printtime(addr->more_errno)); | |
e4bdf652 JH |
982 | |
983 | /* string_cat() always leaves room for the terminator. Release the | |
984 | store we used to build the line after writing it. */ | |
985 | ||
986 | s[ptr] = 0; | |
817d9f57 | 987 | log_write(0, flags, "%s", s); |
d68218c7 | 988 | |
774ef2d7 JH |
989 | #ifdef EXPERIMENTAL_EVENT |
990 | if (!msg) msg_event_raise(US"msg:delivery", addr); | |
d68218c7 | 991 | #endif |
14a465c3 | 992 | |
e4bdf652 JH |
993 | store_reset(reset_point); |
994 | return; | |
995 | } | |
996 | ||
997 | ||
998 | ||
059ec3d9 PH |
999 | /************************************************* |
1000 | * Actions at the end of handling an address * | |
1001 | *************************************************/ | |
1002 | ||
1003 | /* This is a function for processing a single address when all that can be done | |
1004 | with it has been done. | |
1005 | ||
1006 | Arguments: | |
1007 | addr points to the address block | |
1008 | result the result of the delivery attempt | |
1009 | logflags flags for log_write() (LOG_MAIN and/or LOG_PANIC) | |
1010 | driver_type indicates which type of driver (transport, or router) was last | |
1011 | to process the address | |
1012 | logchar '=' or '-' for use when logging deliveries with => or -> | |
1013 | ||
1014 | Returns: nothing | |
1015 | */ | |
1016 | ||
1017 | static void | |
1018 | post_process_one(address_item *addr, int result, int logflags, int driver_type, | |
1019 | int logchar) | |
1020 | { | |
1021 | uschar *now = tod_stamp(tod_log); | |
1022 | uschar *driver_kind = NULL; | |
1023 | uschar *driver_name = NULL; | |
1024 | uschar *log_address; | |
1025 | ||
1026 | int size = 256; /* Used for a temporary, */ | |
1027 | int ptr = 0; /* expanding buffer, for */ | |
1028 | uschar *s; /* building log lines; */ | |
1029 | void *reset_point; /* released afterwards. */ | |
1030 | ||
059ec3d9 PH |
1031 | DEBUG(D_deliver) debug_printf("post-process %s (%d)\n", addr->address, result); |
1032 | ||
1033 | /* Set up driver kind and name for logging. Disable logging if the router or | |
1034 | transport has disabled it. */ | |
1035 | ||
1036 | if (driver_type == DTYPE_TRANSPORT) | |
1037 | { | |
d6c82d7b | 1038 | if (addr->transport) |
059ec3d9 PH |
1039 | { |
1040 | driver_name = addr->transport->name; | |
1041 | driver_kind = US" transport"; | |
1042 | disable_logging = addr->transport->disable_logging; | |
1043 | } | |
1044 | else driver_kind = US"transporting"; | |
1045 | } | |
1046 | else if (driver_type == DTYPE_ROUTER) | |
1047 | { | |
d6c82d7b | 1048 | if (addr->router) |
059ec3d9 PH |
1049 | { |
1050 | driver_name = addr->router->name; | |
1051 | driver_kind = US" router"; | |
1052 | disable_logging = addr->router->disable_logging; | |
1053 | } | |
1054 | else driver_kind = US"routing"; | |
1055 | } | |
1056 | ||
1057 | /* If there's an error message set, ensure that it contains only printing | |
1058 | characters - it should, but occasionally things slip in and this at least | |
49c2d5ea PH |
1059 | stops the log format from getting wrecked. We also scan the message for an LDAP |
1060 | expansion item that has a password setting, and flatten the password. This is a | |
1061 | fudge, but I don't know a cleaner way of doing this. (If the item is badly | |
1062 | malformed, it won't ever have gone near LDAP.) */ | |
059ec3d9 | 1063 | |
d6c82d7b | 1064 | if (addr->message) |
49c2d5ea | 1065 | { |
55414b25 JH |
1066 | const uschar * s = string_printing(addr->message); |
1067 | if (s != addr->message) | |
1068 | addr->message = US s; | |
1069 | /* deconst cast ok as string_printing known to have alloc'n'copied */ | |
d6c82d7b JH |
1070 | if ( ( Ustrstr(s, "failed to expand") != NULL |
1071 | || Ustrstr(s, "expansion of ") != NULL | |
1072 | ) | |
1073 | && ( Ustrstr(s, "mysql") != NULL | |
1074 | || Ustrstr(s, "pgsql") != NULL | |
9bdd29ad | 1075 | #ifdef EXPERIMENTAL_REDIS |
d6c82d7b | 1076 | || Ustrstr(s, "redis") != NULL |
9bdd29ad | 1077 | #endif |
d6c82d7b JH |
1078 | || Ustrstr(s, "sqlite") != NULL |
1079 | || Ustrstr(s, "ldap:") != NULL | |
1080 | || Ustrstr(s, "ldapdn:") != NULL | |
1081 | || Ustrstr(s, "ldapm:") != NULL | |
1082 | ) ) | |
1083 | addr->message = string_sprintf("Temporary internal error"); | |
49c2d5ea | 1084 | } |
059ec3d9 PH |
1085 | |
1086 | /* If we used a transport that has one of the "return_output" options set, and | |
1087 | if it did in fact generate some output, then for return_output we treat the | |
1088 | message as failed if it was not already set that way, so that the output gets | |
1089 | returned to the sender, provided there is a sender to send it to. For | |
1090 | return_fail_output, do this only if the delivery failed. Otherwise we just | |
1091 | unlink the file, and remove the name so that if the delivery failed, we don't | |
1092 | try to send back an empty or unwanted file. The log_output options operate only | |
1093 | on a non-empty file. | |
1094 | ||
1095 | In any case, we close the message file, because we cannot afford to leave a | |
1096 | file-descriptor for one address while processing (maybe very many) others. */ | |
1097 | ||
d6c82d7b | 1098 | if (addr->return_file >= 0 && addr->return_filename) |
059ec3d9 PH |
1099 | { |
1100 | BOOL return_output = FALSE; | |
1101 | struct stat statbuf; | |
54fc8428 | 1102 | (void)EXIMfsync(addr->return_file); |
059ec3d9 PH |
1103 | |
1104 | /* If there is no output, do nothing. */ | |
1105 | ||
1106 | if (fstat(addr->return_file, &statbuf) == 0 && statbuf.st_size > 0) | |
1107 | { | |
1108 | transport_instance *tb = addr->transport; | |
1109 | ||
1110 | /* Handle logging options */ | |
1111 | ||
d6c82d7b JH |
1112 | if ( tb->log_output |
1113 | || result == FAIL && tb->log_fail_output | |
1114 | || result == DEFER && tb->log_defer_output | |
1115 | ) | |
059ec3d9 PH |
1116 | { |
1117 | uschar *s; | |
1118 | FILE *f = Ufopen(addr->return_filename, "rb"); | |
d6c82d7b | 1119 | if (!f) |
059ec3d9 PH |
1120 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to open %s to log output " |
1121 | "from %s transport: %s", addr->return_filename, tb->name, | |
1122 | strerror(errno)); | |
1123 | else | |
d6c82d7b | 1124 | if ((s = US Ufgets(big_buffer, big_buffer_size, f))) |
059ec3d9 PH |
1125 | { |
1126 | uschar *p = big_buffer + Ustrlen(big_buffer); | |
55414b25 | 1127 | const uschar * sp; |
059ec3d9 PH |
1128 | while (p > big_buffer && isspace(p[-1])) p--; |
1129 | *p = 0; | |
55414b25 | 1130 | sp = string_printing(big_buffer); |
059ec3d9 | 1131 | log_write(0, LOG_MAIN, "<%s>: %s transport output: %s", |
55414b25 | 1132 | addr->address, tb->name, sp); |
059ec3d9 | 1133 | } |
f1e894f3 | 1134 | (void)fclose(f); |
059ec3d9 PH |
1135 | } |
1136 | ||
1137 | /* Handle returning options, but only if there is an address to return | |
1138 | the text to. */ | |
1139 | ||
d6c82d7b | 1140 | if (sender_address[0] != 0 || addr->prop.errors_address) |
059ec3d9 PH |
1141 | if (tb->return_output) |
1142 | { | |
1143 | addr->transport_return = result = FAIL; | |
d6c82d7b | 1144 | if (addr->basic_errno == 0 && !addr->message) |
059ec3d9 PH |
1145 | addr->message = US"return message generated"; |
1146 | return_output = TRUE; | |
1147 | } | |
1148 | else | |
1149 | if (tb->return_fail_output && result == FAIL) return_output = TRUE; | |
059ec3d9 PH |
1150 | } |
1151 | ||
1152 | /* Get rid of the file unless it might be returned, but close it in | |
1153 | all cases. */ | |
1154 | ||
1155 | if (!return_output) | |
1156 | { | |
1157 | Uunlink(addr->return_filename); | |
1158 | addr->return_filename = NULL; | |
1159 | addr->return_file = -1; | |
1160 | } | |
1161 | ||
f1e894f3 | 1162 | (void)close(addr->return_file); |
059ec3d9 PH |
1163 | } |
1164 | ||
9d1c15ef | 1165 | /* The success case happens only after delivery by a transport. */ |
059ec3d9 PH |
1166 | |
1167 | if (result == OK) | |
1168 | { | |
1169 | addr->next = addr_succeed; | |
1170 | addr_succeed = addr; | |
1171 | ||
1172 | /* Call address_done() to ensure that we don't deliver to this address again, | |
1173 | and write appropriate things to the message log. If it is a child address, we | |
1174 | call child_done() to scan the ancestors and mark them complete if this is the | |
1175 | last child to complete. */ | |
1176 | ||
1177 | address_done(addr, now); | |
1178 | DEBUG(D_deliver) debug_printf("%s delivered\n", addr->address); | |
1179 | ||
d6c82d7b | 1180 | if (!addr->parent) |
059ec3d9 PH |
1181 | deliver_msglog("%s %s: %s%s succeeded\n", now, addr->address, |
1182 | driver_name, driver_kind); | |
059ec3d9 PH |
1183 | else |
1184 | { | |
1185 | deliver_msglog("%s %s <%s>: %s%s succeeded\n", now, addr->address, | |
1186 | addr->parent->address, driver_name, driver_kind); | |
1187 | child_done(addr, now); | |
1188 | } | |
1189 | ||
774ef2d7 | 1190 | /* Certificates for logging (via events) */ |
a7538db1 | 1191 | #ifdef SUPPORT_TLS |
9d1c15ef JH |
1192 | tls_out.ourcert = addr->ourcert; |
1193 | addr->ourcert = NULL; | |
1194 | tls_out.peercert = addr->peercert; | |
1195 | addr->peercert = NULL; | |
018058b2 | 1196 | |
018058b2 JH |
1197 | tls_out.cipher = addr->cipher; |
1198 | tls_out.peerdn = addr->peerdn; | |
1199 | tls_out.ocsp = addr->ocsp; | |
83b27293 JH |
1200 | # ifdef EXPERIMENTAL_DANE |
1201 | tls_out.dane_verified = testflag(addr, af_dane_verified); | |
1202 | # endif | |
a7538db1 | 1203 | #endif |
9d1c15ef | 1204 | |
817d9f57 | 1205 | delivery_log(LOG_MAIN, addr, logchar, NULL); |
9d1c15ef | 1206 | |
a7538db1 | 1207 | #ifdef SUPPORT_TLS |
790fbb71 JH |
1208 | tls_free_cert(&tls_out.ourcert); |
1209 | tls_free_cert(&tls_out.peercert); | |
018058b2 JH |
1210 | tls_out.cipher = NULL; |
1211 | tls_out.peerdn = NULL; | |
1212 | tls_out.ocsp = OCSP_NOT_REQ; | |
83b27293 JH |
1213 | # ifdef EXPERIMENTAL_DANE |
1214 | tls_out.dane_verified = FALSE; | |
1215 | # endif | |
a7538db1 | 1216 | #endif |
059ec3d9 PH |
1217 | } |
1218 | ||
1219 | ||
1220 | /* Soft failure, or local delivery process failed; freezing may be | |
1221 | requested. */ | |
1222 | ||
1223 | else if (result == DEFER || result == PANIC) | |
1224 | { | |
1225 | if (result == PANIC) logflags |= LOG_PANIC; | |
1226 | ||
1227 | /* This puts them on the chain in reverse order. Do not change this, because | |
1228 | the code for handling retries assumes that the one with the retry | |
1229 | information is last. */ | |
1230 | ||
1231 | addr->next = addr_defer; | |
1232 | addr_defer = addr; | |
1233 | ||
1234 | /* The only currently implemented special action is to freeze the | |
1235 | message. Logging of this is done later, just before the -H file is | |
1236 | updated. */ | |
1237 | ||
1238 | if (addr->special_action == SPECIAL_FREEZE) | |
1239 | { | |
1240 | deliver_freeze = TRUE; | |
1241 | deliver_frozen_at = time(NULL); | |
1242 | update_spool = TRUE; | |
1243 | } | |
1244 | ||
1245 | /* If doing a 2-stage queue run, we skip writing to either the message | |
1246 | log or the main log for SMTP defers. */ | |
1247 | ||
1248 | if (!queue_2stage || addr->basic_errno != 0) | |
1249 | { | |
1250 | uschar ss[32]; | |
1251 | ||
1252 | /* For errors of the type "retry time not reached" (also remotes skipped | |
1253 | on queue run), logging is controlled by L_retry_defer. Note that this kind | |
1254 | of error number is negative, and all the retry ones are less than any | |
1255 | others. */ | |
1256 | ||
d6c82d7b JH |
1257 | unsigned int use_log_selector = addr->basic_errno <= ERRNO_RETRY_BASE |
1258 | ? L_retry_defer : 0; | |
059ec3d9 PH |
1259 | |
1260 | /* Build up the line that is used for both the message log and the main | |
1261 | log. */ | |
1262 | ||
1263 | s = reset_point = store_get(size); | |
e4bdf652 JH |
1264 | |
1265 | /* Create the address string for logging. Must not do this earlier, because | |
1266 | an OK result may be changed to FAIL when a pipe returns text. */ | |
1267 | ||
6c6d6e48 | 1268 | log_address = string_log_address(addr, LOGGING(all_parents), result == OK); |
e4bdf652 | 1269 | |
059ec3d9 PH |
1270 | s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); |
1271 | ||
1272 | /* Either driver_name contains something and driver_kind contains | |
1273 | " router" or " transport" (note the leading space), or driver_name is | |
1274 | a null string and driver_kind contains "routing" without the leading | |
1275 | space, if all routing has been deferred. When a domain has been held, | |
1276 | so nothing has been done at all, both variables contain null strings. */ | |
1277 | ||
d6c82d7b | 1278 | if (driver_name) |
059ec3d9 | 1279 | { |
d6c82d7b | 1280 | if (driver_kind[1] == 't' && addr->router) |
059ec3d9 PH |
1281 | s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); |
1282 | Ustrcpy(ss, " ?="); | |
1283 | ss[1] = toupper(driver_kind[1]); | |
1284 | s = string_append(s, &size, &ptr, 2, ss, driver_name); | |
1285 | } | |
d6c82d7b JH |
1286 | else if (driver_kind) |
1287 | s = string_append(s, &size, &ptr, 2, US" ", driver_kind); | |
059ec3d9 PH |
1288 | |
1289 | sprintf(CS ss, " defer (%d)", addr->basic_errno); | |
1290 | s = string_cat(s, &size, &ptr, ss, Ustrlen(ss)); | |
1291 | ||
1292 | if (addr->basic_errno > 0) | |
1293 | s = string_append(s, &size, &ptr, 2, US": ", | |
1294 | US strerror(addr->basic_errno)); | |
1295 | ||
c562fd30 | 1296 | if (addr->host_used) |
1a47b633 | 1297 | { |
c562fd30 JH |
1298 | s = string_append(s, &size, &ptr, 5, |
1299 | US" H=", addr->host_used->name, | |
1300 | US" [", addr->host_used->address, US"]"); | |
1a47b633 JH |
1301 | if (LOGGING(outgoing_port)) |
1302 | { | |
1303 | int port = addr->host_used->port; | |
1304 | s = string_append(s, &size, &ptr, 2, | |
1305 | US":", port == PORT_NONE ? US"25" : string_sprintf("%d", port)); | |
1306 | } | |
1307 | } | |
c562fd30 | 1308 | |
d6c82d7b | 1309 | if (addr->message) |
059ec3d9 PH |
1310 | s = string_append(s, &size, &ptr, 2, US": ", addr->message); |
1311 | ||
1312 | s[ptr] = 0; | |
1313 | ||
1314 | /* Log the deferment in the message log, but don't clutter it | |
1315 | up with retry-time defers after the first delivery attempt. */ | |
1316 | ||
1317 | if (deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE) | |
1318 | deliver_msglog("%s %s\n", now, s); | |
1319 | ||
1320 | /* Write the main log and reset the store */ | |
1321 | ||
1322 | log_write(use_log_selector, logflags, "== %s", s); | |
1323 | store_reset(reset_point); | |
1324 | } | |
1325 | } | |
1326 | ||
1327 | ||
1328 | /* Hard failure. If there is an address to which an error message can be sent, | |
1329 | put this address on the failed list. If not, put it on the deferred list and | |
1330 | freeze the mail message for human attention. The latter action can also be | |
1331 | explicitly requested by a router or transport. */ | |
1332 | ||
1333 | else | |
1334 | { | |
1335 | /* If this is a delivery error, or a message for which no replies are | |
1336 | wanted, and the message's age is greater than ignore_bounce_errors_after, | |
1337 | force the af_ignore_error flag. This will cause the address to be discarded | |
1338 | later (with a log entry). */ | |
1339 | ||
1340 | if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) | |
1341 | setflag(addr, af_ignore_error); | |
1342 | ||
1343 | /* Freeze the message if requested, or if this is a bounce message (or other | |
652e1b65 PH |
1344 | message with null sender) and this address does not have its own errors |
1345 | address. However, don't freeze if errors are being ignored. The actual code | |
1346 | to ignore occurs later, instead of sending a message. Logging of freezing | |
1347 | occurs later, just before writing the -H file. */ | |
059ec3d9 | 1348 | |
d6c82d7b JH |
1349 | if ( !testflag(addr, af_ignore_error) |
1350 | && ( addr->special_action == SPECIAL_FREEZE | |
1351 | || (sender_address[0] == 0 && !addr->prop.errors_address) | |
1352 | ) ) | |
059ec3d9 | 1353 | { |
d6c82d7b JH |
1354 | frozen_info = addr->special_action == SPECIAL_FREEZE |
1355 | ? US"" | |
1356 | : sender_local && !local_error_message | |
1357 | ? US" (message created with -f <>)" | |
1358 | : US" (delivery error message)"; | |
059ec3d9 PH |
1359 | deliver_freeze = TRUE; |
1360 | deliver_frozen_at = time(NULL); | |
1361 | update_spool = TRUE; | |
1362 | ||
1363 | /* The address is put on the defer rather than the failed queue, because | |
1364 | the message is being retained. */ | |
1365 | ||
1366 | addr->next = addr_defer; | |
1367 | addr_defer = addr; | |
1368 | } | |
1369 | ||
1370 | /* Don't put the address on the nonrecipients tree yet; wait until an | |
1371 | error message has been successfully sent. */ | |
1372 | ||
1373 | else | |
1374 | { | |
1375 | addr->next = addr_failed; | |
1376 | addr_failed = addr; | |
1377 | } | |
1378 | ||
1379 | /* Build up the log line for the message and main logs */ | |
1380 | ||
1381 | s = reset_point = store_get(size); | |
e4bdf652 JH |
1382 | |
1383 | /* Create the address string for logging. Must not do this earlier, because | |
1384 | an OK result may be changed to FAIL when a pipe returns text. */ | |
1385 | ||
6c6d6e48 | 1386 | log_address = string_log_address(addr, LOGGING(all_parents), result == OK); |
e4bdf652 | 1387 | |
059ec3d9 PH |
1388 | s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); |
1389 | ||
6c6d6e48 | 1390 | if (LOGGING(sender_on_delivery)) |
059ec3d9 PH |
1391 | s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); |
1392 | ||
1393 | /* Return path may not be set if no delivery actually happened */ | |
1394 | ||
d6c82d7b | 1395 | if (used_return_path && LOGGING(return_path_on_delivery)) |
059ec3d9 | 1396 | s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); |
059ec3d9 | 1397 | |
d6c82d7b | 1398 | if (addr->router) |
059ec3d9 | 1399 | s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); |
d6c82d7b | 1400 | if (addr->transport) |
059ec3d9 PH |
1401 | s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); |
1402 | ||
d6c82d7b | 1403 | if (addr->host_used) |
67d81c10 JH |
1404 | s = d_hostlog(s, &size, &ptr, addr); |
1405 | ||
a7538db1 | 1406 | #ifdef SUPPORT_TLS |
67d81c10 | 1407 | s = d_tlslog(s, &size, &ptr, addr); |
a7538db1 | 1408 | #endif |
059ec3d9 PH |
1409 | |
1410 | if (addr->basic_errno > 0) | |
1411 | s = string_append(s, &size, &ptr, 2, US": ", | |
1412 | US strerror(addr->basic_errno)); | |
1413 | ||
d6c82d7b | 1414 | if (addr->message) |
059ec3d9 PH |
1415 | s = string_append(s, &size, &ptr, 2, US": ", addr->message); |
1416 | ||
1417 | s[ptr] = 0; | |
1418 | ||
1419 | /* Do the logging. For the message log, "routing failed" for those cases, | |
1420 | just to make it clearer. */ | |
1421 | ||
d6c82d7b | 1422 | if (driver_name) |
059ec3d9 | 1423 | deliver_msglog("%s %s\n", now, s); |
d6c82d7b JH |
1424 | else |
1425 | deliver_msglog("%s %s failed for %s\n", now, driver_kind, s); | |
059ec3d9 PH |
1426 | |
1427 | log_write(0, LOG_MAIN, "** %s", s); | |
14a465c3 | 1428 | |
774ef2d7 JH |
1429 | #ifdef EXPERIMENTAL_EVENT |
1430 | msg_event_raise(US"msg:fail:delivery", addr); | |
14a465c3 JH |
1431 | #endif |
1432 | ||
059ec3d9 PH |
1433 | store_reset(reset_point); |
1434 | } | |
1435 | ||
1436 | /* Ensure logging is turned on again in all cases */ | |
1437 | ||
1438 | disable_logging = FALSE; | |
1439 | } | |
1440 | ||
1441 | ||
1442 | ||
1443 | ||
1444 | /************************************************* | |
1445 | * Address-independent error * | |
1446 | *************************************************/ | |
1447 | ||
1448 | /* This function is called when there's an error that is not dependent on a | |
1449 | particular address, such as an expansion string failure. It puts the error into | |
1450 | all the addresses in a batch, logs the incident on the main and panic logs, and | |
1451 | clears the expansions. It is mostly called from local_deliver(), but can be | |
1452 | called for a remote delivery via findugid(). | |
1453 | ||
1454 | Arguments: | |
1455 | logit TRUE if (MAIN+PANIC) logging required | |
1456 | addr the first of the chain of addresses | |
1457 | code the error code | |
1458 | format format string for error message, or NULL if already set in addr | |
1459 | ... arguments for the format | |
1460 | ||
1461 | Returns: nothing | |
1462 | */ | |
1463 | ||
1464 | static void | |
1465 | common_error(BOOL logit, address_item *addr, int code, uschar *format, ...) | |
1466 | { | |
1467 | address_item *addr2; | |
1468 | addr->basic_errno = code; | |
1469 | ||
d6c82d7b | 1470 | if (format) |
059ec3d9 PH |
1471 | { |
1472 | va_list ap; | |
1473 | uschar buffer[512]; | |
1474 | va_start(ap, format); | |
1475 | if (!string_vformat(buffer, sizeof(buffer), CS format, ap)) | |
1476 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, | |
81f91683 | 1477 | "common_error expansion was longer than " SIZE_T_FMT, sizeof(buffer)); |
059ec3d9 PH |
1478 | va_end(ap); |
1479 | addr->message = string_copy(buffer); | |
1480 | } | |
1481 | ||
d6c82d7b | 1482 | for (addr2 = addr->next; addr2; addr2 = addr2->next) |
059ec3d9 PH |
1483 | { |
1484 | addr2->basic_errno = code; | |
1485 | addr2->message = addr->message; | |
1486 | } | |
1487 | ||
1488 | if (logit) log_write(0, LOG_MAIN|LOG_PANIC, "%s", addr->message); | |
1489 | deliver_set_expansions(NULL); | |
1490 | } | |
1491 | ||
1492 | ||
1493 | ||
1494 | ||
1495 | /************************************************* | |
1496 | * Check a "never users" list * | |
1497 | *************************************************/ | |
1498 | ||
1499 | /* This function is called to check whether a uid is on one of the two "never | |
1500 | users" lists. | |
1501 | ||
1502 | Arguments: | |
1503 | uid the uid to be checked | |
1504 | nusers the list to be scanned; the first item in the list is the count | |
1505 | ||
1506 | Returns: TRUE if the uid is on the list | |
1507 | */ | |
1508 | ||
1509 | static BOOL | |
1510 | check_never_users(uid_t uid, uid_t *nusers) | |
1511 | { | |
1512 | int i; | |
d6c82d7b | 1513 | if (!nusers) return FALSE; |
059ec3d9 PH |
1514 | for (i = 1; i <= (int)(nusers[0]); i++) if (nusers[i] == uid) return TRUE; |
1515 | return FALSE; | |
1516 | } | |
1517 | ||
1518 | ||
1519 | ||
1520 | /************************************************* | |
1521 | * Find uid and gid for a transport * | |
1522 | *************************************************/ | |
1523 | ||
1524 | /* This function is called for both local and remote deliveries, to find the | |
1525 | uid/gid under which to run the delivery. The values are taken preferentially | |
1526 | from the transport (either explicit or deliver_as_creator), then from the | |
1527 | address (i.e. the router), and if nothing is set, the exim uid/gid are used. If | |
1528 | the resulting uid is on the "never_users" or the "fixed_never_users" list, a | |
1529 | panic error is logged, and the function fails (which normally leads to delivery | |
1530 | deferral). | |
1531 | ||
1532 | Arguments: | |
1533 | addr the address (possibly a chain) | |
1534 | tp the transport | |
1535 | uidp pointer to uid field | |
1536 | gidp pointer to gid field | |
1537 | igfp pointer to the use_initgroups field | |
1538 | ||
1539 | Returns: FALSE if failed - error has been set in address(es) | |
1540 | */ | |
1541 | ||
1542 | static BOOL | |
1543 | findugid(address_item *addr, transport_instance *tp, uid_t *uidp, gid_t *gidp, | |
1544 | BOOL *igfp) | |
1545 | { | |
d6c82d7b | 1546 | uschar *nuname; |
059ec3d9 PH |
1547 | BOOL gid_set = FALSE; |
1548 | ||
1549 | /* Default initgroups flag comes from the transport */ | |
1550 | ||
1551 | *igfp = tp->initgroups; | |
1552 | ||
1553 | /* First see if there's a gid on the transport, either fixed or expandable. | |
1554 | The expanding function always logs failure itself. */ | |
1555 | ||
1556 | if (tp->gid_set) | |
1557 | { | |
1558 | *gidp = tp->gid; | |
1559 | gid_set = TRUE; | |
1560 | } | |
d6c82d7b | 1561 | else if (tp->expand_gid) |
059ec3d9 | 1562 | { |
d6c82d7b JH |
1563 | if (!route_find_expanded_group(tp->expand_gid, tp->name, US"transport", gidp, |
1564 | &(addr->message))) | |
059ec3d9 PH |
1565 | { |
1566 | common_error(FALSE, addr, ERRNO_GIDFAIL, NULL); | |
1567 | return FALSE; | |
1568 | } | |
d6c82d7b | 1569 | gid_set = TRUE; |
059ec3d9 PH |
1570 | } |
1571 | ||
911f6fde PH |
1572 | /* If the transport did not set a group, see if the router did. */ |
1573 | ||
1574 | if (!gid_set && testflag(addr, af_gid_set)) | |
1575 | { | |
1576 | *gidp = addr->gid; | |
1577 | gid_set = TRUE; | |
1578 | } | |
1579 | ||
059ec3d9 PH |
1580 | /* Pick up a uid from the transport if one is set. */ |
1581 | ||
1582 | if (tp->uid_set) *uidp = tp->uid; | |
1583 | ||
1584 | /* Otherwise, try for an expandable uid field. If it ends up as a numeric id, | |
1585 | it does not provide a passwd value from which a gid can be taken. */ | |
1586 | ||
d6c82d7b | 1587 | else if (tp->expand_uid) |
059ec3d9 PH |
1588 | { |
1589 | struct passwd *pw; | |
1590 | if (!route_find_expanded_user(tp->expand_uid, tp->name, US"transport", &pw, | |
1591 | uidp, &(addr->message))) | |
1592 | { | |
1593 | common_error(FALSE, addr, ERRNO_UIDFAIL, NULL); | |
1594 | return FALSE; | |
1595 | } | |
d6c82d7b | 1596 | if (!gid_set && pw) |
059ec3d9 PH |
1597 | { |
1598 | *gidp = pw->pw_gid; | |
1599 | gid_set = TRUE; | |
1600 | } | |
1601 | } | |
1602 | ||
1603 | /* If the transport doesn't set the uid, test the deliver_as_creator flag. */ | |
1604 | ||
1605 | else if (tp->deliver_as_creator) | |
1606 | { | |
1607 | *uidp = originator_uid; | |
1608 | if (!gid_set) | |
1609 | { | |
1610 | *gidp = originator_gid; | |
1611 | gid_set = TRUE; | |
1612 | } | |
1613 | } | |
1614 | ||
911f6fde PH |
1615 | /* Otherwise see if the address specifies the uid and if so, take it and its |
1616 | initgroups flag. */ | |
059ec3d9 PH |
1617 | |
1618 | else if (testflag(addr, af_uid_set)) | |
1619 | { | |
1620 | *uidp = addr->uid; | |
1621 | *igfp = testflag(addr, af_initgroups); | |
059ec3d9 PH |
1622 | } |
1623 | ||
1624 | /* Nothing has specified the uid - default to the Exim user, and group if the | |
1625 | gid is not set. */ | |
1626 | ||
1627 | else | |
1628 | { | |
1629 | *uidp = exim_uid; | |
1630 | if (!gid_set) | |
1631 | { | |
1632 | *gidp = exim_gid; | |
1633 | gid_set = TRUE; | |
1634 | } | |
1635 | } | |
1636 | ||
911f6fde PH |
1637 | /* If no gid is set, it is a disaster. We default to the Exim gid only if |
1638 | defaulting to the Exim uid. In other words, if the configuration has specified | |
1639 | a uid, it must also provide a gid. */ | |
059ec3d9 PH |
1640 | |
1641 | if (!gid_set) | |
1642 | { | |
1643 | common_error(TRUE, addr, ERRNO_GIDFAIL, US"User set without group for " | |
1644 | "%s transport", tp->name); | |
1645 | return FALSE; | |
1646 | } | |
1647 | ||
1648 | /* Check that the uid is not on the lists of banned uids that may not be used | |
1649 | for delivery processes. */ | |
1650 | ||
d6c82d7b JH |
1651 | nuname = check_never_users(*uidp, never_users) |
1652 | ? US"never_users" | |
1653 | : check_never_users(*uidp, fixed_never_users) | |
1654 | ? US"fixed_never_users" | |
1655 | : NULL; | |
1656 | if (nuname) | |
059ec3d9 PH |
1657 | { |
1658 | common_error(TRUE, addr, ERRNO_UIDFAIL, US"User %ld set for %s transport " | |
1659 | "is on the %s list", (long int)(*uidp), tp->name, nuname); | |
1660 | return FALSE; | |
1661 | } | |
1662 | ||
1663 | /* All is well */ | |
1664 | ||
1665 | return TRUE; | |
1666 | } | |
1667 | ||
1668 | ||
1669 | ||
1670 | ||
1671 | /************************************************* | |
1672 | * Check the size of a message for a transport * | |
1673 | *************************************************/ | |
1674 | ||
1675 | /* Checks that the message isn't too big for the selected transport. | |
1676 | This is called only when it is known that the limit is set. | |
1677 | ||
1678 | Arguments: | |
1679 | tp the transport | |
1680 | addr the (first) address being delivered | |
1681 | ||
1682 | Returns: OK | |
1683 | DEFER expansion failed or did not yield an integer | |
1684 | FAIL message too big | |
1685 | */ | |
1686 | ||
1687 | int | |
1688 | check_message_size(transport_instance *tp, address_item *addr) | |
1689 | { | |
1690 | int rc = OK; | |
1691 | int size_limit; | |
1692 | ||
1693 | deliver_set_expansions(addr); | |
d45b1de8 | 1694 | size_limit = expand_string_integer(tp->message_size_limit, TRUE); |
059ec3d9 PH |
1695 | deliver_set_expansions(NULL); |
1696 | ||
d6c82d7b | 1697 | if (expand_string_message) |
059ec3d9 PH |
1698 | { |
1699 | rc = DEFER; | |
d6c82d7b JH |
1700 | addr->message = size_limit == -1 |
1701 | ? string_sprintf("failed to expand message_size_limit " | |
1702 | "in %s transport: %s", tp->name, expand_string_message) | |
1703 | : string_sprintf("invalid message_size_limit " | |
059ec3d9 PH |
1704 | "in %s transport: %s", tp->name, expand_string_message); |
1705 | } | |
1706 | else if (size_limit > 0 && message_size > size_limit) | |
1707 | { | |
1708 | rc = FAIL; | |
1709 | addr->message = | |
1710 | string_sprintf("message is too big (transport limit = %d)", | |
1711 | size_limit); | |
1712 | } | |
1713 | ||
1714 | return rc; | |
1715 | } | |
1716 | ||
1717 | ||
1718 | ||
1719 | /************************************************* | |
1720 | * Transport-time check for a previous delivery * | |
1721 | *************************************************/ | |
1722 | ||
1723 | /* Check that this base address hasn't previously been delivered to its routed | |
c2c19e9d PH |
1724 | transport. If it has been delivered, mark it done. The check is necessary at |
1725 | delivery time in order to handle homonymic addresses correctly in cases where | |
1726 | the pattern of redirection changes between delivery attempts (so the unique | |
1727 | fields change). Non-homonymic previous delivery is detected earlier, at routing | |
1728 | time (which saves unnecessary routing). | |
1729 | ||
1730 | Arguments: | |
1731 | addr the address item | |
1732 | testing TRUE if testing wanted only, without side effects | |
059ec3d9 | 1733 | |
059ec3d9 PH |
1734 | Returns: TRUE if previously delivered by the transport |
1735 | */ | |
1736 | ||
1737 | static BOOL | |
c2c19e9d | 1738 | previously_transported(address_item *addr, BOOL testing) |
059ec3d9 PH |
1739 | { |
1740 | (void)string_format(big_buffer, big_buffer_size, "%s/%s", | |
1741 | addr->unique + (testflag(addr, af_homonym)? 3:0), addr->transport->name); | |
1742 | ||
1743 | if (tree_search(tree_nonrecipients, big_buffer) != 0) | |
1744 | { | |
1745 | DEBUG(D_deliver|D_route|D_transport) | |
1746 | debug_printf("%s was previously delivered (%s transport): discarded\n", | |
1747 | addr->address, addr->transport->name); | |
c2c19e9d | 1748 | if (!testing) child_done(addr, tod_stamp(tod_log)); |
059ec3d9 PH |
1749 | return TRUE; |
1750 | } | |
1751 | ||
1752 | return FALSE; | |
1753 | } | |
1754 | ||
1755 | ||
1756 | ||
064a94c9 PH |
1757 | /****************************************************** |
1758 | * Check for a given header in a header string * | |
1759 | ******************************************************/ | |
1760 | ||
1761 | /* This function is used when generating quota warnings. The configuration may | |
1762 | specify any header lines it likes in quota_warn_message. If certain of them are | |
1763 | missing, defaults are inserted, so we need to be able to test for the presence | |
1764 | of a given header. | |
1765 | ||
1766 | Arguments: | |
1767 | hdr the required header name | |
1768 | hstring the header string | |
1769 | ||
1770 | Returns: TRUE the header is in the string | |
1771 | FALSE the header is not in the string | |
1772 | */ | |
1773 | ||
1774 | static BOOL | |
1775 | contains_header(uschar *hdr, uschar *hstring) | |
1776 | { | |
1777 | int len = Ustrlen(hdr); | |
1778 | uschar *p = hstring; | |
1779 | while (*p != 0) | |
1780 | { | |
1781 | if (strncmpic(p, hdr, len) == 0) | |
1782 | { | |
1783 | p += len; | |
1784 | while (*p == ' ' || *p == '\t') p++; | |
1785 | if (*p == ':') return TRUE; | |
1786 | } | |
1787 | while (*p != 0 && *p != '\n') p++; | |
1788 | if (*p == '\n') p++; | |
1789 | } | |
1790 | return FALSE; | |
1791 | } | |
1792 | ||
1793 | ||
1794 | ||
059ec3d9 PH |
1795 | |
1796 | /************************************************* | |
1797 | * Perform a local delivery * | |
1798 | *************************************************/ | |
1799 | ||
1800 | /* Each local delivery is performed in a separate process which sets its | |
1801 | uid and gid as specified. This is a safer way than simply changing and | |
1802 | restoring using seteuid(); there is a body of opinion that seteuid() cannot be | |
1803 | used safely. From release 4, Exim no longer makes any use of it. Besides, not | |
1804 | all systems have seteuid(). | |
1805 | ||
1806 | If the uid/gid are specified in the transport_instance, they are used; the | |
1807 | transport initialization must ensure that either both or neither are set. | |
1808 | Otherwise, the values associated with the address are used. If neither are set, | |
1809 | it is a configuration error. | |
1810 | ||
1811 | The transport or the address may specify a home directory (transport over- | |
1812 | rides), and if they do, this is set as $home. If neither have set a working | |
1813 | directory, this value is used for that as well. Otherwise $home is left unset | |
1814 | and the cwd is set to "/" - a directory that should be accessible to all users. | |
1815 | ||
1816 | Using a separate process makes it more complicated to get error information | |
1817 | back. We use a pipe to pass the return code and also an error code and error | |
1818 | text string back to the parent process. | |
1819 | ||
1820 | Arguments: | |
1821 | addr points to an address block for this delivery; for "normal" local | |
1822 | deliveries this is the only address to be delivered, but for | |
1823 | pseudo-remote deliveries (e.g. by batch SMTP to a file or pipe) | |
1824 | a number of addresses can be handled simultaneously, and in this | |
1825 | case addr will point to a chain of addresses with the same | |
1826 | characteristics. | |
1827 | ||
1828 | shadowing TRUE if running a shadow transport; this causes output from pipes | |
1829 | to be ignored. | |
1830 | ||
1831 | Returns: nothing | |
1832 | */ | |
1833 | ||
1834 | static void | |
1835 | deliver_local(address_item *addr, BOOL shadowing) | |
1836 | { | |
1837 | BOOL use_initgroups; | |
1838 | uid_t uid; | |
1839 | gid_t gid; | |
1840 | int status, len, rc; | |
1841 | int pfd[2]; | |
1842 | pid_t pid; | |
1843 | uschar *working_directory; | |
1844 | address_item *addr2; | |
1845 | transport_instance *tp = addr->transport; | |
1846 | ||
1847 | /* Set up the return path from the errors or sender address. If the transport | |
1848 | has its own return path setting, expand it and replace the existing value. */ | |
1849 | ||
d6c82d7b | 1850 | if(addr->prop.errors_address) |
d43cbe25 | 1851 | return_path = addr->prop.errors_address; |
384152a6 | 1852 | #ifdef EXPERIMENTAL_SRS |
d6c82d7b | 1853 | else if (addr->prop.srs_sender) |
d43cbe25 | 1854 | return_path = addr->prop.srs_sender; |
384152a6 TK |
1855 | #endif |
1856 | else | |
1857 | return_path = sender_address; | |
059ec3d9 | 1858 | |
d6c82d7b | 1859 | if (tp->return_path) |
059ec3d9 PH |
1860 | { |
1861 | uschar *new_return_path = expand_string(tp->return_path); | |
d6c82d7b | 1862 | if (!new_return_path) |
059ec3d9 PH |
1863 | { |
1864 | if (!expand_string_forcedfail) | |
1865 | { | |
1866 | common_error(TRUE, addr, ERRNO_EXPANDFAIL, | |
1867 | US"Failed to expand return path \"%s\" in %s transport: %s", | |
1868 | tp->return_path, tp->name, expand_string_message); | |
1869 | return; | |
1870 | } | |
1871 | } | |
1872 | else return_path = new_return_path; | |
1873 | } | |
1874 | ||
1875 | /* For local deliveries, one at a time, the value used for logging can just be | |
1876 | set directly, once and for all. */ | |
1877 | ||
1878 | used_return_path = return_path; | |
1879 | ||
1880 | /* Sort out the uid, gid, and initgroups flag. If an error occurs, the message | |
1881 | gets put into the address(es), and the expansions are unset, so we can just | |
1882 | return. */ | |
1883 | ||
1884 | if (!findugid(addr, tp, &uid, &gid, &use_initgroups)) return; | |
1885 | ||
5418e93b PH |
1886 | /* See if either the transport or the address specifies a home directory. A |
1887 | home directory set in the address may already be expanded; a flag is set to | |
1888 | indicate that. In other cases we must expand it. */ | |
059ec3d9 | 1889 | |
d6c82d7b JH |
1890 | if ( (deliver_home = tp->home_dir) /* Set in transport, or */ |
1891 | || ( (deliver_home = addr->home_dir) /* Set in address and */ | |
1892 | && !testflag(addr, af_home_expanded) /* not expanded */ | |
1893 | ) ) | |
059ec3d9 PH |
1894 | { |
1895 | uschar *rawhome = deliver_home; | |
1896 | deliver_home = NULL; /* in case it contains $home */ | |
d6c82d7b | 1897 | if (!(deliver_home = expand_string(rawhome))) |
059ec3d9 PH |
1898 | { |
1899 | common_error(TRUE, addr, ERRNO_EXPANDFAIL, US"home directory \"%s\" failed " | |
1900 | "to expand for %s transport: %s", rawhome, tp->name, | |
1901 | expand_string_message); | |
1902 | return; | |
1903 | } | |
1904 | if (*deliver_home != '/') | |
1905 | { | |
1906 | common_error(TRUE, addr, ERRNO_NOTABSOLUTE, US"home directory path \"%s\" " | |
1907 | "is not absolute for %s transport", deliver_home, tp->name); | |
1908 | return; | |
1909 | } | |
1910 | } | |
1911 | ||
5418e93b PH |
1912 | /* See if either the transport or the address specifies a current directory, |
1913 | and if so, expand it. If nothing is set, use the home directory, unless it is | |
1914 | also unset in which case use "/", which is assumed to be a directory to which | |
1915 | all users have access. It is necessary to be in a visible directory for some | |
1916 | operating systems when running pipes, as some commands (e.g. "rm" under Solaris | |
1917 | 2.5) require this. */ | |
1918 | ||
d6c82d7b JH |
1919 | working_directory = tp->current_dir ? tp->current_dir : addr->current_dir; |
1920 | if (working_directory) | |
059ec3d9 PH |
1921 | { |
1922 | uschar *raw = working_directory; | |
d6c82d7b | 1923 | if (!(working_directory = expand_string(raw))) |
059ec3d9 PH |
1924 | { |
1925 | common_error(TRUE, addr, ERRNO_EXPANDFAIL, US"current directory \"%s\" " | |
1926 | "failed to expand for %s transport: %s", raw, tp->name, | |
1927 | expand_string_message); | |
1928 | return; | |
1929 | } | |
1930 | if (*working_directory != '/') | |
1931 | { | |
1932 | common_error(TRUE, addr, ERRNO_NOTABSOLUTE, US"current directory path " | |
1933 | "\"%s\" is not absolute for %s transport", working_directory, tp->name); | |
1934 | return; | |
1935 | } | |
1936 | } | |
d6c82d7b | 1937 | else working_directory = deliver_home ? deliver_home : US"/"; |
059ec3d9 PH |
1938 | |
1939 | /* If one of the return_output flags is set on the transport, create and open a | |
1940 | file in the message log directory for the transport to write its output onto. | |
1941 | This is mainly used by pipe transports. The file needs to be unique to the | |
1942 | address. This feature is not available for shadow transports. */ | |
1943 | ||
d6c82d7b JH |
1944 | if ( !shadowing |
1945 | && ( tp->return_output || tp->return_fail_output | |
ec0eb1a3 | 1946 | || tp->log_output || tp->log_fail_output || tp->log_defer_output |
d6c82d7b | 1947 | ) ) |
059ec3d9 PH |
1948 | { |
1949 | uschar *error; | |
1950 | addr->return_filename = | |
1951 | string_sprintf("%s/msglog/%s/%s-%d-%d", spool_directory, message_subdir, | |
1952 | message_id, getpid(), return_count++); | |
1953 | addr->return_file = open_msglog_file(addr->return_filename, 0400, &error); | |
1954 | if (addr->return_file < 0) | |
1955 | { | |
1956 | common_error(TRUE, addr, errno, US"Unable to %s file for %s transport " | |
1957 | "to return message: %s", error, tp->name, strerror(errno)); | |
1958 | return; | |
1959 | } | |
1960 | } | |
1961 | ||
1962 | /* Create the pipe for inter-process communication. */ | |
1963 | ||
1964 | if (pipe(pfd) != 0) | |
1965 | { | |
1966 | common_error(TRUE, addr, ERRNO_PIPEFAIL, US"Creation of pipe failed: %s", | |
1967 | strerror(errno)); | |
1968 | return; | |
1969 | } | |
1970 | ||
1971 | /* Now fork the process to do the real work in the subprocess, but first | |
1972 | ensure that all cached resources are freed so that the subprocess starts with | |
1973 | a clean slate and doesn't interfere with the parent process. */ | |
1974 | ||
1975 | search_tidyup(); | |
1976 | ||
1977 | if ((pid = fork()) == 0) | |
1978 | { | |
1979 | BOOL replicate = TRUE; | |
1980 | ||
1981 | /* Prevent core dumps, as we don't want them in users' home directories. | |
1982 | HP-UX doesn't have RLIMIT_CORE; I don't know how to do this in that | |
1983 | system. Some experimental/developing systems (e.g. GNU/Hurd) may define | |
1984 | RLIMIT_CORE but not support it in setrlimit(). For such systems, do not | |
a29e5231 PP |
1985 | complain if the error is "not supported". |
1986 | ||
1987 | There are two scenarios where changing the max limit has an effect. In one, | |
1988 | the user is using a .forward and invoking a command of their choice via pipe; | |
1989 | for these, we do need the max limit to be 0 unless the admin chooses to | |
1990 | permit an increased limit. In the other, the command is invoked directly by | |
1991 | the transport and is under administrator control, thus being able to raise | |
1992 | the limit aids in debugging. So there's no general always-right answer. | |
1993 | ||
1994 | Thus we inhibit core-dumps completely but let individual transports, while | |
1995 | still root, re-raise the limits back up to aid debugging. We make the | |
1996 | default be no core-dumps -- few enough people can use core dumps in | |
1997 | diagnosis that it's reasonable to make them something that has to be explicitly requested. | |
1998 | */ | |
059ec3d9 | 1999 | |
a7538db1 | 2000 | #ifdef RLIMIT_CORE |
059ec3d9 PH |
2001 | struct rlimit rl; |
2002 | rl.rlim_cur = 0; | |
2003 | rl.rlim_max = 0; | |
2004 | if (setrlimit(RLIMIT_CORE, &rl) < 0) | |
2005 | { | |
a7538db1 | 2006 | # ifdef SETRLIMIT_NOT_SUPPORTED |
059ec3d9 | 2007 | if (errno != ENOSYS && errno != ENOTSUP) |
a7538db1 | 2008 | # endif |
059ec3d9 PH |
2009 | log_write(0, LOG_MAIN|LOG_PANIC, "setrlimit(RLIMIT_CORE) failed: %s", |
2010 | strerror(errno)); | |
2011 | } | |
a7538db1 | 2012 | #endif |
059ec3d9 PH |
2013 | |
2014 | /* Reset the random number generator, so different processes don't all | |
2015 | have the same sequence. */ | |
2016 | ||
2017 | random_seed = 0; | |
2018 | ||
2019 | /* If the transport has a setup entry, call this first, while still | |
2020 | privileged. (Appendfile uses this to expand quota, for example, while | |
2021 | able to read private files.) */ | |
2022 | ||
d6c82d7b | 2023 | if (addr->transport->setup) |
929ba01c | 2024 | switch((addr->transport->setup)(addr->transport, addr, NULL, uid, gid, |
059ec3d9 PH |
2025 | &(addr->message))) |
2026 | { | |
2027 | case DEFER: | |
d6c82d7b JH |
2028 | addr->transport_return = DEFER; |
2029 | goto PASS_BACK; | |
059ec3d9 PH |
2030 | |
2031 | case FAIL: | |
d6c82d7b JH |
2032 | addr->transport_return = PANIC; |
2033 | goto PASS_BACK; | |
059ec3d9 | 2034 | } |
059ec3d9 PH |
2035 | |
2036 | /* Ignore SIGINT and SIGTERM during delivery. Also ignore SIGUSR1, as | |
2037 | when the process becomes unprivileged, it won't be able to write to the | |
2038 | process log. SIGHUP is ignored throughout exim, except when it is being | |
2039 | run as a daemon. */ | |
2040 | ||
2041 | signal(SIGINT, SIG_IGN); | |
2042 | signal(SIGTERM, SIG_IGN); | |
2043 | signal(SIGUSR1, SIG_IGN); | |
2044 | ||
2045 | /* Close the unwanted half of the pipe, and set close-on-exec for the other | |
2046 | half - for transports that exec things (e.g. pipe). Then set the required | |
2047 | gid/uid. */ | |
2048 | ||
f1e894f3 | 2049 | (void)close(pfd[pipe_read]); |
ff790e47 | 2050 | (void)fcntl(pfd[pipe_write], F_SETFD, fcntl(pfd[pipe_write], F_GETFD) | |
059ec3d9 PH |
2051 | FD_CLOEXEC); |
2052 | exim_setugid(uid, gid, use_initgroups, | |
2053 | string_sprintf("local delivery to %s <%s> transport=%s", addr->local_part, | |
2054 | addr->address, addr->transport->name)); | |
2055 | ||
2056 | DEBUG(D_deliver) | |
2057 | { | |
2058 | address_item *batched; | |
2059 | debug_printf(" home=%s current=%s\n", deliver_home, working_directory); | |
d6c82d7b | 2060 | for (batched = addr->next; batched; batched = batched->next) |
059ec3d9 PH |
2061 | debug_printf("additional batched address: %s\n", batched->address); |
2062 | } | |
2063 | ||
2064 | /* Set an appropriate working directory. */ | |
2065 | ||
2066 | if (Uchdir(working_directory) < 0) | |
2067 | { | |
2068 | addr->transport_return = DEFER; | |
2069 | addr->basic_errno = errno; | |
2070 | addr->message = string_sprintf("failed to chdir to %s", working_directory); | |
2071 | } | |
2072 | ||
2073 | /* If successful, call the transport */ | |
2074 | ||
2075 | else | |
2076 | { | |
2077 | BOOL ok = TRUE; | |
2078 | set_process_info("delivering %s to %s using %s", message_id, | |
2079 | addr->local_part, addr->transport->name); | |
2080 | ||
2a47f028 JH |
2081 | /* Setting this global in the subprocess means we need never clear it */ |
2082 | transport_name = addr->transport->name; | |
2083 | ||
059ec3d9 PH |
2084 | /* If a transport filter has been specified, set up its argument list. |
2085 | Any errors will get put into the address, and FALSE yielded. */ | |
2086 | ||
d6c82d7b | 2087 | if (addr->transport->filter_command) |
059ec3d9 PH |
2088 | { |
2089 | ok = transport_set_up_command(&transport_filter_argv, | |
2090 | addr->transport->filter_command, | |
2091 | TRUE, PANIC, addr, US"transport filter", NULL); | |
2092 | transport_filter_timeout = addr->transport->filter_timeout; | |
2093 | } | |
2094 | else transport_filter_argv = NULL; | |
2095 | ||
2096 | if (ok) | |
2097 | { | |
2098 | debug_print_string(addr->transport->debug_string); | |
2099 | replicate = !(addr->transport->info->code)(addr->transport, addr); | |
2100 | } | |
2101 | } | |
2102 | ||
2103 | /* Pass the results back down the pipe. If necessary, first replicate the | |
2104 | status in the top address to the others in the batch. The label is the | |
2105 | subject of a goto when a call to the transport's setup function fails. We | |
2106 | pass the pointer to the transport back in case it got changed as a result of | |
2107 | file_format in appendfile. */ | |
2108 | ||
2109 | PASS_BACK: | |
2110 | ||
2111 | if (replicate) replicate_status(addr); | |
d6c82d7b | 2112 | for (addr2 = addr; addr2; addr2 = addr2->next) |
059ec3d9 PH |
2113 | { |
2114 | int i; | |
2115 | int local_part_length = Ustrlen(addr2->local_part); | |
2116 | uschar *s; | |
1ac6b2e7 | 2117 | int ret; |
059ec3d9 | 2118 | |
d6c82d7b JH |
2119 | if( (ret = write(pfd[pipe_write], &addr2->transport_return, sizeof(int))) != sizeof(int) |
2120 | || (ret = write(pfd[pipe_write], &transport_count, sizeof(transport_count))) != sizeof(transport_count) | |
2121 | || (ret = write(pfd[pipe_write], &addr2->flags, sizeof(addr2->flags))) != sizeof(addr2->flags) | |
2122 | || (ret = write(pfd[pipe_write], &addr2->basic_errno, sizeof(int))) != sizeof(int) | |
2123 | || (ret = write(pfd[pipe_write], &addr2->more_errno, sizeof(int))) != sizeof(int) | |
2124 | || (ret = write(pfd[pipe_write], &addr2->special_action, sizeof(int))) != sizeof(int) | |
2125 | || (ret = write(pfd[pipe_write], &addr2->transport, | |
1ac6b2e7 | 2126 | sizeof(transport_instance *))) != sizeof(transport_instance *) |
059ec3d9 PH |
2127 | |
2128 | /* For a file delivery, pass back the local part, in case the original | |
2129 | was only part of the final delivery path. This gives more complete | |
2130 | logging. */ | |
2131 | ||
1ac6b2e7 | 2132 | || (testflag(addr2, af_file) |
d6c82d7b | 2133 | && ( (ret = write(pfd[pipe_write], &local_part_length, sizeof(int))) != sizeof(int) |
1ac6b2e7 JH |
2134 | || (ret = write(pfd[pipe_write], addr2->local_part, local_part_length)) != local_part_length |
2135 | ) | |
2136 | ) | |
2137 | ) | |
2138 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", | |
2139 | ret == -1 ? strerror(errno) : "short write"); | |
059ec3d9 PH |
2140 | |
2141 | /* Now any messages */ | |
2142 | ||
2143 | for (i = 0, s = addr2->message; i < 2; i++, s = addr2->user_message) | |
2144 | { | |
d6c82d7b JH |
2145 | int message_length = s ? Ustrlen(s) + 1 : 0; |
2146 | if( (ret = write(pfd[pipe_write], &message_length, sizeof(int))) != sizeof(int) | |
2147 | || message_length > 0 && (ret = write(pfd[pipe_write], s, message_length)) != message_length | |
1ac6b2e7 JH |
2148 | ) |
2149 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", | |
2150 | ret == -1 ? strerror(errno) : "short write"); | |
059ec3d9 PH |
2151 | } |
2152 | } | |
2153 | ||
2154 | /* OK, this process is now done. Free any cached resources that it opened, | |
2155 | and close the pipe we were writing down before exiting. */ | |
2156 | ||
f1e894f3 | 2157 | (void)close(pfd[pipe_write]); |
059ec3d9 PH |
2158 | search_tidyup(); |
2159 | exit(EXIT_SUCCESS); | |
2160 | } | |
2161 | ||
2162 | /* Back in the main process: panic if the fork did not succeed. This seems | |
2163 | better than returning an error - if forking is failing it is probably best | |
2164 | not to try other deliveries for this message. */ | |
2165 | ||
2166 | if (pid < 0) | |
2167 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Fork failed for local delivery to %s", | |
2168 | addr->address); | |
2169 | ||
2170 | /* Read the pipe to get the delivery status codes and error messages. Our copy | |
2171 | of the writing end must be closed first, as otherwise read() won't return zero | |
2172 | on an empty pipe. We check that a status exists for each address before | |
2173 | overwriting the address structure. If data is missing, the default DEFER status | |
2174 | will remain. Afterwards, close the reading end. */ | |
2175 | ||
f1e894f3 | 2176 | (void)close(pfd[pipe_write]); |
059ec3d9 | 2177 | |
d6c82d7b | 2178 | for (addr2 = addr; addr2; addr2 = addr2->next) |
059ec3d9 | 2179 | { |
d6c82d7b | 2180 | len = read(pfd[pipe_read], &status, sizeof(int)); |
059ec3d9 PH |
2181 | if (len > 0) |
2182 | { | |
2183 | int i; | |
2184 | uschar **sptr; | |
2185 | ||
2186 | addr2->transport_return = status; | |
d6c82d7b | 2187 | len = read(pfd[pipe_read], &transport_count, |
059ec3d9 | 2188 | sizeof(transport_count)); |
d6c82d7b JH |
2189 | len = read(pfd[pipe_read], &addr2->flags, sizeof(addr2->flags)); |
2190 | len = read(pfd[pipe_read], &addr2->basic_errno, sizeof(int)); | |
2191 | len = read(pfd[pipe_read], &addr2->more_errno, sizeof(int)); | |
2192 | len = read(pfd[pipe_read], &addr2->special_action, sizeof(int)); | |
2193 | len = read(pfd[pipe_read], &addr2->transport, | |
059ec3d9 PH |
2194 | sizeof(transport_instance *)); |
2195 | ||
2196 | if (testflag(addr2, af_file)) | |
2197 | { | |
2198 | int local_part_length; | |
d6c82d7b JH |
2199 | len = read(pfd[pipe_read], &local_part_length, sizeof(int)); |
2200 | len = read(pfd[pipe_read], big_buffer, local_part_length); | |
059ec3d9 PH |
2201 | big_buffer[local_part_length] = 0; |
2202 | addr2->local_part = string_copy(big_buffer); | |
2203 | } | |
2204 | ||
d6c82d7b | 2205 | for (i = 0, sptr = &addr2->message; i < 2; i++, sptr = &addr2->user_message) |
059ec3d9 PH |
2206 | { |
2207 | int message_length; | |
d6c82d7b | 2208 | len = read(pfd[pipe_read], &message_length, sizeof(int)); |
059ec3d9 PH |
2209 | if (message_length > 0) |
2210 | { | |
d6c82d7b | 2211 | len = read(pfd[pipe_read], big_buffer, message_length); |
059ec3d9 PH |
2212 | if (len > 0) *sptr = string_copy(big_buffer); |
2213 | } | |
2214 | } | |
2215 | } | |
2216 | ||
2217 | else | |
2218 | { | |
2219 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to read delivery status for %s " | |
2220 | "from delivery subprocess", addr2->unique); | |
2221 | break; | |
2222 | } | |
2223 | } | |
2224 | ||
f1e894f3 | 2225 | (void)close(pfd[pipe_read]); |
059ec3d9 PH |
2226 | |
2227 | /* Unless shadowing, write all successful addresses immediately to the journal | |
2228 | file, to ensure they are recorded asap. For homonymic addresses, use the base | |
2229 | address plus the transport name. Failure to write the journal is panic-worthy, | |
2230 | but don't stop, as it may prove possible subsequently to update the spool file | |
2231 | in order to record the delivery. */ | |
2232 | ||
2233 | if (!shadowing) | |
2234 | { | |
d6c82d7b JH |
2235 | for (addr2 = addr; addr2; addr2 = addr2->next) |
2236 | if (addr2->transport_return == OK) | |
2237 | { | |
2238 | if (testflag(addr2, af_homonym)) | |
2239 | sprintf(CS big_buffer, "%.500s/%s\n", addr2->unique + 3, tp->name); | |
2240 | else | |
2241 | sprintf(CS big_buffer, "%.500s\n", addr2->unique); | |
059ec3d9 | 2242 | |
d6c82d7b JH |
2243 | /* In the test harness, wait just a bit to let the subprocess finish off |
2244 | any debug output etc first. */ | |
059ec3d9 | 2245 | |
d6c82d7b | 2246 | if (running_in_test_harness) millisleep(300); |
059ec3d9 | 2247 | |
d6c82d7b JH |
2248 | DEBUG(D_deliver) debug_printf("journalling %s", big_buffer); |
2249 | len = Ustrlen(big_buffer); | |
2250 | if (write(journal_fd, big_buffer, len) != len) | |
2251 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to update journal for %s: %s", | |
2252 | big_buffer, strerror(errno)); | |
2253 | } | |
059ec3d9 PH |
2254 | |
2255 | /* Ensure the journal file is pushed out to disk. */ | |
2256 | ||
54fc8428 | 2257 | if (EXIMfsync(journal_fd) < 0) |
059ec3d9 PH |
2258 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s", |
2259 | strerror(errno)); | |
2260 | } | |
2261 | ||
2262 | /* Wait for the process to finish. If it terminates with a non-zero code, | |
2263 | freeze the message (except for SIGTERM, SIGKILL and SIGQUIT), but leave the | |
2264 | status values of all the addresses as they are. Take care to handle the case | |
2265 | when the subprocess doesn't seem to exist. This has been seen on one system | |
2266 | when Exim was called from an MUA that set SIGCHLD to SIG_IGN. When that | |
2267 | happens, wait() doesn't recognize the termination of child processes. Exim now | |
2268 | resets SIGCHLD to SIG_DFL, but this code should still be robust. */ | |
2269 | ||
2270 | while ((rc = wait(&status)) != pid) | |
059ec3d9 PH |
2271 | if (rc < 0 && errno == ECHILD) /* Process has vanished */ |
2272 | { | |
2273 | log_write(0, LOG_MAIN, "%s transport process vanished unexpectedly", | |
2274 | addr->transport->driver_name); | |
2275 | status = 0; | |
2276 | break; | |
2277 | } | |
059ec3d9 PH |
2278 | |
2279 | if ((status & 0xffff) != 0) | |
2280 | { | |
2281 | int msb = (status >> 8) & 255; | |
2282 | int lsb = status & 255; | |
2283 | int code = (msb == 0)? (lsb & 0x7f) : msb; | |
2284 | if (msb != 0 || (code != SIGTERM && code != SIGKILL && code != SIGQUIT)) | |
2285 | addr->special_action = SPECIAL_FREEZE; | |
2286 | log_write(0, LOG_MAIN|LOG_PANIC, "%s transport process returned non-zero " | |
2287 | "status 0x%04x: %s %d", | |
2288 | addr->transport->driver_name, | |
2289 | status, | |
d6c82d7b | 2290 | msb == 0 ? "terminated by signal" : "exit code", |
059ec3d9 PH |
2291 | code); |
2292 | } | |
2293 | ||
2294 | /* If SPECIAL_WARN is set in the top address, send a warning message. */ | |
2295 | ||
d6c82d7b | 2296 | if (addr->special_action == SPECIAL_WARN && addr->transport->warn_message) |
059ec3d9 PH |
2297 | { |
2298 | int fd; | |
2299 | uschar *warn_message; | |
d6c82d7b | 2300 | pid_t pid; |
059ec3d9 PH |
2301 | |
2302 | DEBUG(D_deliver) debug_printf("Warning message requested by transport\n"); | |
2303 | ||
d6c82d7b | 2304 | if (!(warn_message = expand_string(addr->transport->warn_message))) |
059ec3d9 PH |
2305 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to expand \"%s\" (warning " |
2306 | "message for %s transport): %s", addr->transport->warn_message, | |
2307 | addr->transport->name, expand_string_message); | |
d6c82d7b JH |
2308 | |
2309 | else if ((pid = child_open_exim(&fd)) > 0) | |
059ec3d9 | 2310 | { |
d6c82d7b JH |
2311 | FILE *f = fdopen(fd, "wb"); |
2312 | if (errors_reply_to && !contains_header(US"Reply-To", warn_message)) | |
2313 | fprintf(f, "Reply-To: %s\n", errors_reply_to); | |
2314 | fprintf(f, "Auto-Submitted: auto-replied\n"); | |
2315 | if (!contains_header(US"From", warn_message)) | |
2316 | moan_write_from(f); | |
2317 | fprintf(f, "%s", CS warn_message); | |
059ec3d9 | 2318 | |
d6c82d7b | 2319 | /* Close and wait for child process to complete, without a timeout. */ |
059ec3d9 | 2320 | |
d6c82d7b JH |
2321 | (void)fclose(f); |
2322 | (void)child_close(pid, 0); | |
059ec3d9 PH |
2323 | } |
2324 | ||
2325 | addr->special_action = SPECIAL_NONE; | |
2326 | } | |
2327 | } | |
2328 | ||
2329 | ||
2330 | ||
fa41615d | 2331 | |
3070ceee JH |
2332 | /* Check transport for the given concurrency limit. Return TRUE if over |
2333 | the limit (or an expansion failure), else FALSE and if there was a limit, | |
2334 | the key for the hints database used for the concurrency count. */ | |
fa41615d | 2335 | |
3070ceee JH |
2336 | static BOOL |
2337 | tpt_parallel_check(transport_instance * tp, address_item * addr, uschar ** key) | |
fa41615d | 2338 | { |
3070ceee JH |
2339 | unsigned max_parallel; |
2340 | ||
2341 | if (!tp->max_parallel) return FALSE; | |
2342 | ||
2343 | max_parallel = (unsigned) expand_string_integer(tp->max_parallel, TRUE); | |
2344 | if (expand_string_message) | |
2345 | { | |
2346 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to expand max_parallel option " | |
2347 | "in %s transport (%s): %s", tp->name, addr->address, | |
2348 | expand_string_message); | |
2349 | return TRUE; | |
2350 | } | |
2351 | ||
2352 | if (max_parallel > 0) | |
2353 | { | |
2354 | uschar * serialize_key = string_sprintf("tpt-serialize-%s", tp->name); | |
2355 | if (!enq_start(serialize_key, max_parallel)) | |
2356 | { | |
2357 | address_item * next; | |
2358 | DEBUG(D_transport) | |
2359 | debug_printf("skipping tpt %s because concurrency limit %u reached\n", | |
2360 | tp->name, max_parallel); | |
2361 | do | |
2362 | { | |
2363 | next = addr->next; | |
2364 | addr->message = US"concurrency limit reached for transport"; | |
2365 | addr->basic_errno = ERRNO_TRETRY; | |
2366 | post_process_one(addr, DEFER, LOG_MAIN, DTYPE_TRANSPORT, 0); | |
2367 | } while ((addr = next)); | |
2368 | return TRUE; | |
2369 | } | |
2370 | *key = serialize_key; | |
2371 | } | |
2372 | return FALSE; | |
fa41615d JH |
2373 | } |
2374 | ||
2375 | ||
2376 | ||
059ec3d9 PH |
2377 | /************************************************* |
2378 | * Do local deliveries * | |
2379 | *************************************************/ | |
2380 | ||
2381 | /* This function processes the list of addresses in addr_local. True local | |
2382 | deliveries are always done one address at a time. However, local deliveries can | |
2383 | be batched up in some cases. Typically this is when writing batched SMTP output | |
2384 | files for use by some external transport mechanism, or when running local | |
2385 | deliveries over LMTP. | |
2386 | ||
2387 | Arguments: None | |
2388 | Returns: Nothing | |
2389 | */ | |
2390 | ||
2391 | static void | |
2392 | do_local_deliveries(void) | |
2393 | { | |
2394 | open_db dbblock; | |
2395 | open_db *dbm_file = NULL; | |
2396 | time_t now = time(NULL); | |
2397 | ||
2398 | /* Loop until we have exhausted the supply of local deliveries */ | |
2399 | ||
d6c82d7b | 2400 | while (addr_local) |
059ec3d9 PH |
2401 | { |
2402 | time_t delivery_start; | |
2403 | int deliver_time; | |
2404 | address_item *addr2, *addr3, *nextaddr; | |
2405 | int logflags = LOG_MAIN; | |
2406 | int logchar = dont_deliver? '*' : '='; | |
2407 | transport_instance *tp; | |
fa41615d | 2408 | uschar * serialize_key = NULL; |
059ec3d9 PH |
2409 | |
2410 | /* Pick the first undelivered address off the chain */ | |
2411 | ||
2412 | address_item *addr = addr_local; | |
2413 | addr_local = addr->next; | |
2414 | addr->next = NULL; | |
2415 | ||
2416 | DEBUG(D_deliver|D_transport) | |
2417 | debug_printf("--------> %s <--------\n", addr->address); | |
2418 | ||
2419 | /* An internal disaster if there is no transport. Should not occur! */ | |
2420 | ||
d6c82d7b | 2421 | if (!(tp = addr->transport)) |
059ec3d9 PH |
2422 | { |
2423 | logflags |= LOG_PANIC; | |
2424 | disable_logging = FALSE; /* Jic */ | |
d6c82d7b JH |
2425 | addr->message = addr->router |
2426 | ? string_sprintf("No transport set by %s router", addr->router->name) | |
2427 | : string_sprintf("No transport set by system filter"); | |
059ec3d9 PH |
2428 | post_process_one(addr, DEFER, logflags, DTYPE_TRANSPORT, 0); |
2429 | continue; | |
2430 | } | |
2431 | ||
2432 | /* Check that this base address hasn't previously been delivered to this | |
2433 | transport. The check is necessary at this point to handle homonymic addresses | |
2434 | correctly in cases where the pattern of redirection changes between delivery | |
2435 | attempts. Non-homonymic previous delivery is detected earlier, at routing | |
2436 | time. */ | |
2437 | ||
c2c19e9d | 2438 | if (previously_transported(addr, FALSE)) continue; |
059ec3d9 PH |
2439 | |
2440 | /* There are weird cases where logging is disabled */ | |
2441 | ||
2442 | disable_logging = tp->disable_logging; | |
2443 | ||
f7fd3850 PH |
2444 | /* Check for batched addresses and possible amalgamation. Skip all the work |
2445 | if either batch_max <= 1 or there aren't any other addresses for local | |
2446 | delivery. */ | |
059ec3d9 | 2447 | |
d6c82d7b | 2448 | if (tp->batch_max > 1 && addr_local) |
059ec3d9 PH |
2449 | { |
2450 | int batch_count = 1; | |
2451 | BOOL uses_dom = readconf_depends((driver_instance *)tp, US"domain"); | |
d6c82d7b JH |
2452 | BOOL uses_lp = ( testflag(addr, af_pfr) |
2453 | && (testflag(addr, af_file) || addr->local_part[0] == '|') | |
2454 | ) | |
2455 | || readconf_depends((driver_instance *)tp, US"local_part"); | |
059ec3d9 PH |
2456 | uschar *batch_id = NULL; |
2457 | address_item **anchor = &addr_local; | |
2458 | address_item *last = addr; | |
2459 | address_item *next; | |
2460 | ||
2461 | /* Expand the batch_id string for comparison with other addresses. | |
2462 | Expansion failure suppresses batching. */ | |
2463 | ||
d6c82d7b | 2464 | if (tp->batch_id) |
059ec3d9 PH |
2465 | { |
2466 | deliver_set_expansions(addr); | |
2467 | batch_id = expand_string(tp->batch_id); | |
2468 | deliver_set_expansions(NULL); | |
d6c82d7b | 2469 | if (!batch_id) |
059ec3d9 PH |
2470 | { |
2471 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to expand batch_id option " | |
2472 | "in %s transport (%s): %s", tp->name, addr->address, | |
2473 | expand_string_message); | |
2474 | batch_count = tp->batch_max; | |
2475 | } | |
2476 | } | |
2477 | ||
2478 | /* Until we reach the batch_max limit, pick off addresses which have the | |
2479 | same characteristics. These are: | |
2480 | ||
2481 | same transport | |
7816e254 | 2482 | not previously delivered (see comment about 50 lines above) |
059ec3d9 | 2483 | same local part if the transport's configuration contains $local_part |
f7fd3850 | 2484 | or if this is a file or pipe delivery from a redirection |
059ec3d9 PH |
2485 | same domain if the transport's configuration contains $domain |
2486 | same errors address | |
2487 | same additional headers | |
2488 | same headers to be removed | |
2489 | same uid/gid for running the transport | |
2490 | same first host if a host list is set | |
2491 | */ | |
2492 | ||
d6c82d7b | 2493 | while ((next = *anchor) && batch_count < tp->batch_max) |
059ec3d9 PH |
2494 | { |
2495 | BOOL ok = | |
d6c82d7b JH |
2496 | tp == next->transport |
2497 | && !previously_transported(next, TRUE) | |
2498 | && (addr->flags & (af_pfr|af_file)) == (next->flags & (af_pfr|af_file)) | |
2499 | && (!uses_lp || Ustrcmp(next->local_part, addr->local_part) == 0) | |
2500 | && (!uses_dom || Ustrcmp(next->domain, addr->domain) == 0) | |
2501 | && same_strings(next->prop.errors_address, addr->prop.errors_address) | |
2502 | && same_headers(next->prop.extra_headers, addr->prop.extra_headers) | |
2503 | && same_strings(next->prop.remove_headers, addr->prop.remove_headers) | |
2504 | && same_ugid(tp, addr, next) | |
2505 | && ( !addr->host_list && !next->host_list | |
2506 | || addr->host_list | |
2507 | && next->host_list | |
2508 | && Ustrcmp(addr->host_list->name, next->host_list->name) == 0 | |
2509 | ); | |
059ec3d9 PH |
2510 | |
2511 | /* If the transport has a batch_id setting, batch_id will be non-NULL | |
2512 | from the expansion outside the loop. Expand for this address and compare. | |
2513 | Expansion failure makes this address ineligible for batching. */ | |
2514 | ||
d6c82d7b | 2515 | if (ok && batch_id) |
059ec3d9 PH |
2516 | { |
2517 | uschar *bid; | |
2518 | address_item *save_nextnext = next->next; | |
2519 | next->next = NULL; /* Expansion for a single address */ | |
2520 | deliver_set_expansions(next); | |
2521 | next->next = save_nextnext; | |
2522 | bid = expand_string(tp->batch_id); | |
2523 | deliver_set_expansions(NULL); | |
d6c82d7b | 2524 | if (!bid) |
059ec3d9 PH |
2525 | { |
2526 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to expand batch_id option " | |
2527 | "in %s transport (%s): %s", tp->name, next->address, | |
2528 | expand_string_message); | |
2529 | ok = FALSE; | |
2530 | } | |
2531 | else ok = (Ustrcmp(batch_id, bid) == 0); | |
2532 | } | |
2533 | ||
2534 | /* Take address into batch if OK. */ | |
2535 | ||
2536 | if (ok) | |
2537 | { | |
2538 | *anchor = next->next; /* Include the address */ | |
2539 | next->next = NULL; | |
2540 | last->next = next; | |
2541 | last = next; | |
2542 | batch_count++; | |
2543 | } | |
fa41615d | 2544 | else anchor = &next->next; /* Skip the address */ |
059ec3d9 PH |
2545 | } |
2546 | } | |
2547 | ||
2548 | /* We now have one or more addresses that can be delivered in a batch. Check | |
2549 | whether the transport is prepared to accept a message of this size. If not, | |
2550 | fail them all forthwith. If the expansion fails, or does not yield an | |
2551 | integer, defer delivery. */ | |
2552 | ||
d6c82d7b | 2553 | if (tp->message_size_limit) |
059ec3d9 PH |
2554 | { |
2555 | int rc = check_message_size(tp, addr); | |
2556 | if (rc != OK) | |
2557 | { | |
2558 | replicate_status(addr); | |
d6c82d7b | 2559 | while (addr) |
059ec3d9 PH |
2560 | { |
2561 | addr2 = addr->next; | |
2562 | post_process_one(addr, rc, logflags, DTYPE_TRANSPORT, 0); | |
2563 | addr = addr2; | |
2564 | } | |
2565 | continue; /* With next batch of addresses */ | |
2566 | } | |
2567 | } | |
2568 | ||
2569 | /* If we are not running the queue, or if forcing, all deliveries will be | |
2570 | attempted. Otherwise, we must respect the retry times for each address. Even | |
2571 | when not doing this, we need to set up the retry key string, and determine | |
2572 | whether a retry record exists, because after a successful delivery, a delete | |
2573 | retry item must be set up. Keep the retry database open only for the duration | |
2574 | of these checks, rather than for all local deliveries, because some local | |
2575 | deliveries (e.g. to pipes) can take a substantial time. */ | |
2576 | ||
d6c82d7b | 2577 | if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE))) |
059ec3d9 PH |
2578 | { |
2579 | DEBUG(D_deliver|D_retry|D_hints_lookup) | |
2580 | debug_printf("no retry data available\n"); | |
2581 | } | |
2582 | ||
2583 | addr2 = addr; | |
2584 | addr3 = NULL; | |
d6c82d7b | 2585 | while (addr2) |
059ec3d9 PH |
2586 | { |
2587 | BOOL ok = TRUE; /* to deliver this address */ | |
2588 | uschar *retry_key; | |
2589 | ||
2590 | /* Set up the retry key to include the domain or not, and change its | |
2591 | leading character from "R" to "T". Must make a copy before doing this, | |
2592 | because the old key may be pointed to from a "delete" retry item after | |
2593 | a routing delay. */ | |
2594 | ||
2595 | retry_key = string_copy( | |
d6c82d7b | 2596 | tp->retry_use_local_part ? addr2->address_retry_key : |
059ec3d9 PH |
2597 | addr2->domain_retry_key); |
2598 | *retry_key = 'T'; | |
2599 | ||
2600 | /* Inspect the retry data. If there is no hints file, delivery happens. */ | |
2601 | ||
d6c82d7b | 2602 | if (dbm_file) |
059ec3d9 PH |
2603 | { |
2604 | dbdata_retry *retry_record = dbfn_read(dbm_file, retry_key); | |
2605 | ||
2606 | /* If there is no retry record, delivery happens. If there is, | |
2607 | remember it exists so it can be deleted after a successful delivery. */ | |
2608 | ||
d6c82d7b | 2609 | if (retry_record) |
059ec3d9 PH |
2610 | { |
2611 | setflag(addr2, af_lt_retry_exists); | |
2612 | ||
2613 | /* A retry record exists for this address. If queue running and not | |
2614 | forcing, inspect its contents. If the record is too old, or if its | |
2615 | retry time has come, or if it has passed its cutoff time, delivery | |
2616 | will go ahead. */ | |
2617 | ||
2618 | DEBUG(D_retry) | |
2619 | { | |
ea49d0e1 PH |
2620 | debug_printf("retry record exists: age=%s ", |
2621 | readconf_printtime(now - retry_record->time_stamp)); | |
2622 | debug_printf("(max %s)\n", readconf_printtime(retry_data_expire)); | |
2623 | debug_printf(" time to retry = %s expired = %d\n", | |
2624 | readconf_printtime(retry_record->next_try - now), | |
2625 | retry_record->expired); | |
059ec3d9 PH |
2626 | } |
2627 | ||
2628 | if (queue_running && !deliver_force) | |
2629 | { | |
d6c82d7b JH |
2630 | ok = (now - retry_record->time_stamp > retry_data_expire) |
2631 | || (now >= retry_record->next_try) | |
2632 | || retry_record->expired; | |
059ec3d9 PH |
2633 | |
2634 | /* If we haven't reached the retry time, there is one more check | |
1ddeb334 | 2635 | to do, which is for the ultimate address timeout. */ |
059ec3d9 PH |
2636 | |
2637 | if (!ok) | |
ba9af0af TF |
2638 | ok = retry_ultimate_address_timeout(retry_key, addr2->domain, |
2639 | retry_record, now); | |
059ec3d9 PH |
2640 | } |
2641 | } | |
2642 | else DEBUG(D_retry) debug_printf("no retry record exists\n"); | |
2643 | } | |
2644 | ||
2645 | /* This address is to be delivered. Leave it on the chain. */ | |
2646 | ||
2647 | if (ok) | |
2648 | { | |
2649 | addr3 = addr2; | |
2650 | addr2 = addr2->next; | |
2651 | } | |
2652 | ||
2653 | /* This address is to be deferred. Take it out of the chain, and | |
2654 | post-process it as complete. Must take it out of the chain first, | |
2655 | because post processing puts it on another chain. */ | |
2656 | ||
2657 | else | |
2658 | { | |
2659 | address_item *this = addr2; | |
2660 | this->message = US"Retry time not yet reached"; | |
2661 | this->basic_errno = ERRNO_LRETRY; | |
d6c82d7b JH |
2662 | addr2 = addr3 ? (addr3->next = addr2->next) |
2663 | : (addr = addr2->next); | |
059ec3d9 PH |
2664 | post_process_one(this, DEFER, logflags, DTYPE_TRANSPORT, 0); |
2665 | } | |
2666 | } | |
2667 | ||
d6c82d7b | 2668 | if (dbm_file) dbfn_close(dbm_file); |
059ec3d9 PH |
2669 | |
2670 | /* If there are no addresses left on the chain, they all deferred. Loop | |
2671 | for the next set of addresses. */ | |
2672 | ||
d6c82d7b | 2673 | if (!addr) continue; |
059ec3d9 | 2674 | |
fa41615d JH |
2675 | /* If the transport is limited for parallellism, enforce that here. |
2676 | We use a hints DB entry, incremented here and decremented after | |
2677 | the transport (and any shadow transport) completes. */ | |
2678 | ||
3070ceee | 2679 | if (tpt_parallel_check(tp, addr, &serialize_key)) |
fa41615d | 2680 | { |
fa41615d JH |
2681 | if (expand_string_message) |
2682 | { | |
2683 | logflags |= LOG_PANIC; | |
3070ceee JH |
2684 | do |
2685 | { | |
2686 | addr = addr->next; | |
fa41615d | 2687 | post_process_one(addr, DEFER, logflags, DTYPE_TRANSPORT, 0); |
3070ceee | 2688 | } while ((addr = addr2)); |
fa41615d | 2689 | } |
3070ceee | 2690 | continue; /* Loop for the next set of addresses. */ |
fa41615d JH |
2691 | } |
2692 | ||
2693 | ||
059ec3d9 PH |
2694 | /* So, finally, we do have some addresses that can be passed to the |
2695 | transport. Before doing so, set up variables that are relevant to a | |
2696 | single delivery. */ | |
2697 | ||
2698 | deliver_set_expansions(addr); | |
2699 | delivery_start = time(NULL); | |
2700 | deliver_local(addr, FALSE); | |
2701 | deliver_time = (int)(time(NULL) - delivery_start); | |
2702 | ||
2703 | /* If a shadow transport (which must perforce be another local transport), is | |
2704 | defined, and its condition is met, we must pass the message to the shadow | |
2705 | too, but only those addresses that succeeded. We do this by making a new | |
2706 | chain of addresses - also to keep the original chain uncontaminated. We must | |
2707 | use a chain rather than doing it one by one, because the shadow transport may | |
2708 | batch. | |
2709 | ||
2710 | NOTE: if the condition fails because of a lookup defer, there is nothing we | |
2711 | can do! */ | |
2712 | ||
d6c82d7b JH |
2713 | if ( tp->shadow |
2714 | && ( !tp->shadow_condition | |
2715 | || expand_check_condition(tp->shadow_condition, tp->name, US"transport") | |
2716 | ) ) | |
059ec3d9 PH |
2717 | { |
2718 | transport_instance *stp; | |
2719 | address_item *shadow_addr = NULL; | |
2720 | address_item **last = &shadow_addr; | |
2721 | ||
d6c82d7b | 2722 | for (stp = transports; stp; stp = stp->next) |
059ec3d9 PH |
2723 | if (Ustrcmp(stp->name, tp->shadow) == 0) break; |
2724 | ||
d6c82d7b | 2725 | if (!stp) |
059ec3d9 PH |
2726 | log_write(0, LOG_MAIN|LOG_PANIC, "shadow transport \"%s\" not found ", |
2727 | tp->shadow); | |
2728 | ||
2729 | /* Pick off the addresses that have succeeded, and make clones. Put into | |
2730 | the shadow_message field a pointer to the shadow_message field of the real | |
2731 | address. */ | |
2732 | ||
d6c82d7b JH |
2733 | else for (addr2 = addr; addr2; addr2 = addr2->next) |
2734 | if (addr2->transport_return == OK) | |
2735 | { | |
2736 | addr3 = store_get(sizeof(address_item)); | |
2737 | *addr3 = *addr2; | |
2738 | addr3->next = NULL; | |
2739 | addr3->shadow_message = (uschar *) &(addr2->shadow_message); | |
2740 | addr3->transport = stp; | |
2741 | addr3->transport_return = DEFER; | |
2742 | addr3->return_filename = NULL; | |
2743 | addr3->return_file = -1; | |
2744 | *last = addr3; | |
2745 | last = &(addr3->next); | |
2746 | } | |
059ec3d9 PH |
2747 | |
2748 | /* If we found any addresses to shadow, run the delivery, and stick any | |
2749 | message back into the shadow_message field in the original. */ | |
2750 | ||
d6c82d7b | 2751 | if (shadow_addr) |
059ec3d9 PH |
2752 | { |
2753 | int save_count = transport_count; | |
2754 | ||
2755 | DEBUG(D_deliver|D_transport) | |
2756 | debug_printf(">>>>>>>>>>>>>>>> Shadow delivery >>>>>>>>>>>>>>>>\n"); | |
2757 | deliver_local(shadow_addr, TRUE); | |
2758 | ||
d6c82d7b | 2759 | for(; shadow_addr; shadow_addr = shadow_addr->next) |
059ec3d9 PH |
2760 | { |
2761 | int sresult = shadow_addr->transport_return; | |
d6c82d7b JH |
2762 | *(uschar **)shadow_addr->shadow_message = |
2763 | sresult == OK | |
2764 | ? string_sprintf(" ST=%s", stp->name) | |
2765 | : string_sprintf(" ST=%s (%s%s%s)", stp->name, | |
2766 | shadow_addr->basic_errno <= 0 | |
2767 | ? US"" | |
2768 | : US strerror(shadow_addr->basic_errno), | |
2769 | shadow_addr->basic_errno <= 0 || !shadow_addr->message | |
2770 | ? US"" | |
2771 | : US": ", | |
2772 | shadow_addr->message | |
2773 | ? shadow_addr->message | |
2774 | : shadow_addr->basic_errno <= 0 | |
2775 | ? US"unknown error" | |
2776 | : US""); | |
059ec3d9 PH |
2777 | |
2778 | DEBUG(D_deliver|D_transport) | |
2779 | debug_printf("%s shadow transport returned %s for %s\n", | |
2780 | stp->name, | |
d6c82d7b JH |
2781 | sresult == OK ? "OK" : |
2782 | sresult == DEFER ? "DEFER" : | |
2783 | sresult == FAIL ? "FAIL" : | |
2784 | sresult == PANIC ? "PANIC" : "?", | |
059ec3d9 PH |
2785 | shadow_addr->address); |
2786 | } | |
2787 | ||
2788 | DEBUG(D_deliver|D_transport) | |
2789 | debug_printf(">>>>>>>>>>>>>>>> End shadow delivery >>>>>>>>>>>>>>>>\n"); | |
2790 | ||
2791 | transport_count = save_count; /* Restore original transport count */ | |
2792 | } | |
2793 | } | |
2794 | ||
2795 | /* Cancel the expansions that were set up for the delivery. */ | |
2796 | ||
2797 | deliver_set_expansions(NULL); | |
2798 | ||
fa41615d JH |
2799 | /* If the transport was parallelism-limited, decrement the hints DB record. */ |
2800 | ||
2801 | if (serialize_key) enq_end(serialize_key); | |
2802 | ||
059ec3d9 PH |
2803 | /* Now we can process the results of the real transport. We must take each |
2804 | address off the chain first, because post_process_one() puts it on another | |
2805 | chain. */ | |
2806 | ||
d6c82d7b | 2807 | for (addr2 = addr; addr2; addr2 = nextaddr) |
059ec3d9 PH |
2808 | { |
2809 | int result = addr2->transport_return; | |
2810 | nextaddr = addr2->next; | |
2811 | ||
2812 | DEBUG(D_deliver|D_transport) | |
2813 | debug_printf("%s transport returned %s for %s\n", | |
2814 | tp->name, | |
d6c82d7b JH |
2815 | result == OK ? "OK" : |
2816 | result == DEFER ? "DEFER" : | |
2817 | result == FAIL ? "FAIL" : | |
2818 | result == PANIC ? "PANIC" : "?", | |
059ec3d9 PH |
2819 | addr2->address); |
2820 | ||
2821 | /* If there is a retry_record, or if delivery is deferred, build a retry | |
2822 | item for setting a new retry time or deleting the old retry record from | |
2823 | the database. These items are handled all together after all addresses | |
2824 | have been handled (so the database is open just for a short time for | |
2825 | updating). */ | |
2826 | ||
2827 | if (result == DEFER || testflag(addr2, af_lt_retry_exists)) | |
2828 | { | |
d6c82d7b JH |
2829 | int flags = result == DEFER ? 0 : rf_delete; |
2830 | uschar *retry_key = string_copy(tp->retry_use_local_part | |
2831 | ? addr2->address_retry_key : addr2->domain_retry_key); | |
059ec3d9 PH |
2832 | *retry_key = 'T'; |
2833 | retry_add_item(addr2, retry_key, flags); | |
2834 | } | |
2835 | ||
2836 | /* Done with this address */ | |
2837 | ||
2838 | if (result == OK) addr2->more_errno = deliver_time; | |
2839 | post_process_one(addr2, result, logflags, DTYPE_TRANSPORT, logchar); | |
2840 | ||
2841 | /* If a pipe delivery generated text to be sent back, the result may be | |
2842 | changed to FAIL, and we must copy this for subsequent addresses in the | |
2843 | batch. */ | |
2844 | ||
2845 | if (addr2->transport_return != result) | |
2846 | { | |
d6c82d7b | 2847 | for (addr3 = nextaddr; addr3; addr3 = addr3->next) |
059ec3d9 PH |
2848 | { |
2849 | addr3->transport_return = addr2->transport_return; | |
2850 | addr3->basic_errno = addr2->basic_errno; | |
2851 | addr3->message = addr2->message; | |
2852 | } | |
2853 | result = addr2->transport_return; | |
2854 | } | |
2855 | ||
2856 | /* Whether or not the result was changed to FAIL, we need to copy the | |
2857 | return_file value from the first address into all the addresses of the | |
2858 | batch, so they are all listed in the error message. */ | |
2859 | ||
2860 | addr2->return_file = addr->return_file; | |
2861 | ||
2862 | /* Change log character for recording successful deliveries. */ | |
2863 | ||
2864 | if (result == OK) logchar = '-'; | |
2865 | } | |
2866 | } /* Loop back for next batch of addresses */ | |
2867 | } | |
2868 | ||
2869 | ||
2870 | ||
2871 | ||
2872 | /************************************************* | |
2873 | * Sort remote deliveries * | |
2874 | *************************************************/ | |
2875 | ||
2876 | /* This function is called if remote_sort_domains is set. It arranges that the | |
2877 | chain of addresses for remote deliveries is ordered according to the strings | |
2878 | specified. Try to make this shuffling reasonably efficient by handling | |
2879 | sequences of addresses rather than just single ones. | |
2880 | ||
2881 | Arguments: None | |
2882 | Returns: Nothing | |
2883 | */ | |
2884 | ||
2885 | static void | |
2886 | sort_remote_deliveries(void) | |
2887 | { | |
2888 | int sep = 0; | |
2889 | address_item **aptr = &addr_remote; | |
55414b25 | 2890 | const uschar *listptr = remote_sort_domains; |
059ec3d9 PH |
2891 | uschar *pattern; |
2892 | uschar patbuf[256]; | |
2893 | ||
d6c82d7b JH |
2894 | while ( *aptr |
2895 | && (pattern = string_nextinlist(&listptr, &sep, patbuf, sizeof(patbuf))) | |
2896 | ) | |
059ec3d9 PH |
2897 | { |
2898 | address_item *moved = NULL; | |
2899 | address_item **bptr = &moved; | |
2900 | ||
d6c82d7b | 2901 | while (*aptr) |
059ec3d9 PH |
2902 | { |
2903 | address_item **next; | |
2904 | deliver_domain = (*aptr)->domain; /* set $domain */ | |
55414b25 | 2905 | if (match_isinlist(deliver_domain, (const uschar **)&pattern, UCHAR_MAX+1, |
059ec3d9 PH |
2906 | &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK) |
2907 | { | |
d6c82d7b | 2908 | aptr = &(*aptr)->next; |
059ec3d9 PH |
2909 | continue; |
2910 | } | |
2911 | ||
d6c82d7b JH |
2912 | next = &(*aptr)->next; |
2913 | while ( *next | |
2914 | && (deliver_domain = (*next)->domain, /* Set $domain */ | |
55414b25 | 2915 | match_isinlist(deliver_domain, (const uschar **)&pattern, UCHAR_MAX+1, |
d6c82d7b JH |
2916 | &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL)) != OK |
2917 | ) | |
2918 | next = &(*next)->next; | |
059ec3d9 PH |
2919 | |
2920 | /* If the batch of non-matchers is at the end, add on any that were | |
2921 | extracted further up the chain, and end this iteration. Otherwise, | |
2922 | extract them from the chain and hang on the moved chain. */ | |
2923 | ||
d6c82d7b | 2924 | if (!*next) |
059ec3d9 PH |
2925 | { |
2926 | *next = moved; | |
2927 | break; | |
2928 | } | |
2929 | ||
2930 | *bptr = *aptr; | |
2931 | *aptr = *next; | |
2932 | *next = NULL; | |
2933 | bptr = next; | |
d6c82d7b | 2934 | aptr = &(*aptr)->next; |
059ec3d9 PH |
2935 | } |
2936 | ||
2937 | /* If the loop ended because the final address matched, *aptr will | |
2938 | be NULL. Add on to the end any extracted non-matching addresses. If | |
2939 | *aptr is not NULL, the loop ended via "break" when *next is null, that | |
2940 | is, there was a string of non-matching addresses at the end. In this | |
2941 | case the extracted addresses have already been added on the end. */ | |
2942 | ||
d6c82d7b | 2943 | if (!*aptr) *aptr = moved; |
059ec3d9 PH |
2944 | } |
2945 | ||
2946 | DEBUG(D_deliver) | |
2947 | { | |
2948 | address_item *addr; | |
2949 | debug_printf("remote addresses after sorting:\n"); | |
d6c82d7b | 2950 | for (addr = addr_remote; addr; addr = addr->next) |
059ec3d9 PH |
2951 | debug_printf(" %s\n", addr->address); |
2952 | } | |
2953 | } | |
2954 | ||
2955 | ||
2956 | ||
2957 | /************************************************* | |
2958 | * Read from pipe for remote delivery subprocess * | |
2959 | *************************************************/ | |
2960 | ||
2961 | /* This function is called when the subprocess is complete, but can also be | |
2962 | called before it is complete, in order to empty a pipe that is full (to prevent | |
2963 | deadlock). It must therefore keep track of its progress in the parlist data | |
2964 | block. | |
2965 | ||
2966 | We read the pipe to get the delivery status codes and a possible error message | |
2967 | for each address, optionally preceded by unusability data for the hosts and | |
2968 | also by optional retry data. | |
2969 | ||
2970 | Read in large chunks into the big buffer and then scan through, interpreting | |
2971 | the data therein. In most cases, only a single read will be necessary. No | |
1c5466b9 PH |
2972 | individual item will ever be anywhere near 2500 bytes in length, so by ensuring |
2973 | that we read the next chunk when there is less than 2500 bytes left in the | |
2974 | non-final chunk, we can assume each item is complete in the buffer before | |
2975 | handling it. Each item is written using a single write(), which is atomic for | |
2976 | small items (less than PIPE_BUF, which seems to be at least 512 in any Unix and | |
2977 | often bigger) so even if we are reading while the subprocess is still going, we | |
2978 | should never have only a partial item in the buffer. | |
059ec3d9 PH |
2979 | |
2980 | Argument: | |
2981 | poffset the offset of the parlist item | |
2982 | eop TRUE if the process has completed | |
2983 | ||
2984 | Returns: TRUE if the terminating 'Z' item has been read, | |
2985 | or there has been a disaster (i.e. no more data needed); | |
2986 | FALSE otherwise | |
2987 | */ | |
2988 | ||
2989 | static BOOL | |
2990 | par_read_pipe(int poffset, BOOL eop) | |
2991 | { | |
2992 | host_item *h; | |
2993 | pardata *p = parlist + poffset; | |
2994 | address_item *addrlist = p->addrlist; | |
2995 | address_item *addr = p->addr; | |
2996 | pid_t pid = p->pid; | |
2997 | int fd = p->fd; | |
2998 | uschar *endptr = big_buffer; | |
2999 | uschar *ptr = endptr; | |
3000 | uschar *msg = p->msg; | |
3001 | BOOL done = p->done; | |
3002 | BOOL unfinished = TRUE; | |
bd21a787 WB |
3003 | /* minimum size to read is header size including id, subid and length */ |
3004 | int required = PIPE_HEADER_SIZE; | |
059ec3d9 PH |
3005 | |
3006 | /* Loop through all items, reading from the pipe when necessary. The pipe | |
3007 | is set up to be non-blocking, but there are two different Unix mechanisms in | |
3008 | use. Exim uses O_NONBLOCK if it is defined. This returns 0 for end of file, | |
3009 | and EAGAIN for no more data. If O_NONBLOCK is not defined, Exim uses O_NDELAY, | |
3010 | which returns 0 for both end of file and no more data. We distinguish the | |
3011 | two cases by taking 0 as end of file only when we know the process has | |
3012 | completed. | |
3013 | ||
3014 | Each separate item is written to the pipe in a single write(), and as they are | |
3015 | all short items, the writes will all be atomic and we should never find | |
8e669ac1 PH |
3016 | ourselves in the position of having read an incomplete item. "Short" in this |
3017 | case can mean up to about 1K in the case when there is a long error message | |
1c5466b9 | 3018 | associated with an address. */ |
059ec3d9 PH |
3019 | |
3020 | DEBUG(D_deliver) debug_printf("reading pipe for subprocess %d (%s)\n", | |
3021 | (int)p->pid, eop? "ended" : "not ended"); | |
3022 | ||
3023 | while (!done) | |
3024 | { | |
3025 | retry_item *r, **rp; | |
3026 | int remaining = endptr - ptr; | |
bd21a787 WB |
3027 | uschar header[PIPE_HEADER_SIZE + 1]; |
3028 | uschar id, subid; | |
3029 | uschar *endc; | |
059ec3d9 PH |
3030 | |
3031 | /* Read (first time) or top up the chars in the buffer if necessary. | |
3032 | There will be only one read if we get all the available data (i.e. don't | |
3033 | fill the buffer completely). */ | |
3034 | ||
bd21a787 | 3035 | if (remaining < required && unfinished) |
059ec3d9 PH |
3036 | { |
3037 | int len; | |
3038 | int available = big_buffer_size - remaining; | |
3039 | ||
3040 | if (remaining > 0) memmove(big_buffer, ptr, remaining); | |
3041 | ||
3042 | ptr = big_buffer; | |
3043 | endptr = big_buffer + remaining; | |
3044 | len = read(fd, endptr, available); | |
3045 | ||
3046 | DEBUG(D_deliver) debug_printf("read() yielded %d\n", len); | |
3047 | ||
3048 | /* If the result is EAGAIN and the process is not complete, just | |
3049 | stop reading any more and process what we have already. */ | |
3050 | ||
3051 | if (len < 0) | |
3052 | { | |
3053 | if (!eop && errno == EAGAIN) len = 0; else | |
3054 | { | |
3055 | msg = string_sprintf("failed to read pipe from transport process " | |
3056 | "%d for transport %s: %s", pid, addr->transport->driver_name, | |
3057 | strerror(errno)); | |
3058 | break; | |
3059 | } | |
3060 | } | |
3061 | ||
3062 | /* If the length is zero (eof or no-more-data), just process what we | |
3063 | already have. Note that if the process is still running and we have | |
3064 | read all the data in the pipe (but less that "available") then we | |
3065 | won't read any more, as "unfinished" will get set FALSE. */ | |
3066 | ||
3067 | endptr += len; | |
bd21a787 | 3068 | remaining += len; |
059ec3d9 PH |
3069 | unfinished = len == available; |
3070 | } | |
3071 | ||
3072 | /* If we are at the end of the available data, exit the loop. */ | |
059ec3d9 PH |
3073 | if (ptr >= endptr) break; |
3074 | ||
bd21a787 WB |
3075 | /* copy and read header */ |
3076 | memcpy(header, ptr, PIPE_HEADER_SIZE); | |
94431adb | 3077 | header[PIPE_HEADER_SIZE] = '\0'; |
bd21a787 WB |
3078 | id = header[0]; |
3079 | subid = header[1]; | |
3080 | required = Ustrtol(header + 2, &endc, 10) + PIPE_HEADER_SIZE; /* header + data */ | |
3081 | if (*endc) | |
3082 | { | |
3083 | msg = string_sprintf("failed to read pipe from transport process " | |
3084 | "%d for transport %s: error reading size from header", pid, addr->transport->driver_name); | |
3085 | done = TRUE; | |
3086 | break; | |
3087 | } | |
3088 | ||
3089 | DEBUG(D_deliver) | |
94431adb | 3090 | debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n", |
bd21a787 WB |
3091 | id, subid, header+2, required, remaining, unfinished); |
3092 | ||
3093 | /* is there room for the dataset we want to read ? */ | |
3094 | if (required > big_buffer_size - PIPE_HEADER_SIZE) | |
3095 | { | |
3096 | msg = string_sprintf("failed to read pipe from transport process " | |
3097 | "%d for transport %s: big_buffer too small! required size=%d buffer size=%d", pid, addr->transport->driver_name, | |
3098 | required, big_buffer_size - PIPE_HEADER_SIZE); | |
3099 | done = TRUE; | |
3100 | break; | |
3101 | } | |
3102 | ||
94431adb | 3103 | /* we wrote all datasets with atomic write() calls |
bd21a787 | 3104 | remaining < required only happens if big_buffer was too small |
94431adb | 3105 | to get all available data from pipe. unfinished has to be true |
bd21a787 WB |
3106 | as well. */ |
3107 | if (remaining < required) | |
8fa0a4d4 | 3108 | { |
bd21a787 WB |
3109 | if (unfinished) |
3110 | continue; | |
8fa0a4d4 | 3111 | msg = string_sprintf("failed to read pipe from transport process " |
94431adb | 3112 | "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", |
8fa0a4d4 JH |
3113 | pid, addr->transport->driver_name, required, remaining); |
3114 | done = TRUE; | |
3115 | break; | |
3116 | } | |
bd21a787 WB |
3117 | |
3118 | /* step behind the header */ | |
3119 | ptr += PIPE_HEADER_SIZE; | |
94431adb | 3120 | |
059ec3d9 PH |
3121 | /* Handle each possible type of item, assuming the complete item is |
3122 | available in store. */ | |
3123 | ||
bd21a787 | 3124 | switch (id) |
059ec3d9 PH |
3125 | { |
3126 | /* Host items exist only if any hosts were marked unusable. Match | |
3127 | up by checking the IP address. */ | |
3128 | ||
3129 | case 'H': | |
d6c82d7b | 3130 | for (h = addrlist->host_list; h; h = h->next) |
059ec3d9 | 3131 | { |
d6c82d7b | 3132 | if (!h->address || Ustrcmp(h->address, ptr+2) != 0) continue; |
059ec3d9 PH |
3133 | h->status = ptr[0]; |
3134 | h->why = ptr[1]; | |
3135 | } | |
3136 | ptr += 2; | |
3137 | while (*ptr++); | |
3138 | break; | |
3139 | ||
3140 | /* Retry items are sent in a preceding R item for each address. This is | |
3141 | kept separate to keep each message short enough to guarantee it won't | |
3142 | be split in the pipe. Hopefully, in the majority of cases, there won't in | |
3143 | fact be any retry items at all. | |
3144 | ||
3145 | The complete set of retry items might include an item to delete a | |
3146 | routing retry if there was a previous routing delay. However, routing | |
3147 | retries are also used when a remote transport identifies an address error. | |
3148 | In that case, there may also be an "add" item for the same key. Arrange | |
3149 | that a "delete" item is dropped in favour of an "add" item. */ | |
3150 | ||
3151 | case 'R': | |
d6c82d7b | 3152 | if (!addr) goto ADDR_MISMATCH; |
059ec3d9 PH |
3153 | |
3154 | DEBUG(D_deliver|D_retry) | |
3155 | debug_printf("reading retry information for %s from subprocess\n", | |
3156 | ptr+1); | |
3157 | ||
3158 | /* Cut out any "delete" items on the list. */ | |
3159 | ||
d6c82d7b | 3160 | for (rp = &(addr->retries); (r = *rp); rp = &r->next) |
059ec3d9 PH |
3161 | if (Ustrcmp(r->key, ptr+1) == 0) /* Found item with same key */ |
3162 | { | |
3163 | if ((r->flags & rf_delete) == 0) break; /* It was not "delete" */ | |
3164 | *rp = r->next; /* Excise a delete item */ | |
3165 | DEBUG(D_deliver|D_retry) | |
3166 | debug_printf(" existing delete item dropped\n"); | |
3167 | } | |
059ec3d9 PH |
3168 | |
3169 | /* We want to add a delete item only if there is no non-delete item; | |
3170 | however we still have to step ptr through the data. */ | |
3171 | ||
d6c82d7b | 3172 | if (!r || (*ptr & rf_delete) == 0) |
059ec3d9 PH |
3173 | { |
3174 | r = store_get(sizeof(retry_item)); | |
3175 | r->next = addr->retries; | |
3176 | addr->retries = r; | |
3177 | r->flags = *ptr++; | |
3178 | r->key = string_copy(ptr); | |
3179 | while (*ptr++); | |
3180 | memcpy(&(r->basic_errno), ptr, sizeof(r->basic_errno)); | |
3181 | ptr += sizeof(r->basic_errno); | |
3182 | memcpy(&(r->more_errno), ptr, sizeof(r->more_errno)); | |
3183 | ptr += sizeof(r->more_errno); | |
3184 | r->message = (*ptr)? string_copy(ptr) : NULL; | |
3185 | DEBUG(D_deliver|D_retry) | |
3186 | debug_printf(" added %s item\n", | |
3187 | ((r->flags & rf_delete) == 0)? "retry" : "delete"); | |
3188 | } | |
3189 | ||
3190 | else | |
3191 | { | |
3192 | DEBUG(D_deliver|D_retry) | |
3193 | debug_printf(" delete item not added: non-delete item exists\n"); | |
3194 | ptr++; | |
3195 | while(*ptr++); | |
3196 | ptr += sizeof(r->basic_errno) + sizeof(r->more_errno); | |
3197 | } | |
3198 | ||
3199 | while(*ptr++); | |
3200 | break; | |
3201 | ||
3202 | /* Put the amount of data written into the parlist block */ | |
3203 | ||
3204 | case 'S': | |
3205 | memcpy(&(p->transport_count), ptr, sizeof(transport_count)); | |
3206 | ptr += sizeof(transport_count); | |
3207 | break; | |
3208 | ||
3209 | /* Address items are in the order of items on the address chain. We | |
3210 | remember the current address value in case this function is called | |
3211 | several times to empty the pipe in stages. Information about delivery | |
3212 | over TLS is sent in a preceding X item for each address. We don't put | |
3213 | it in with the other info, in order to keep each message short enough to | |
3214 | guarantee it won't be split in the pipe. */ | |
3215 | ||
a7538db1 | 3216 | #ifdef SUPPORT_TLS |
059ec3d9 | 3217 | case 'X': |
d6c82d7b | 3218 | if (!addr) goto ADDR_MISMATCH; /* Below, in 'A' handler */ |
bd21a787 | 3219 | switch (subid) |
9d1c15ef JH |
3220 | { |
3221 | case '1': | |
3222 | addr->cipher = NULL; | |
3223 | addr->peerdn = NULL; | |
3224 | ||
3225 | if (*ptr) | |
3226 | addr->cipher = string_copy(ptr); | |
3227 | while (*ptr++); | |
3228 | if (*ptr) | |
9d1c15ef | 3229 | addr->peerdn = string_copy(ptr); |
9d1c15ef JH |
3230 | break; |
3231 | ||
3232 | case '2': | |
9d1c15ef JH |
3233 | if (*ptr) |
3234 | (void) tls_import_cert(ptr, &addr->peercert); | |
152e7604 JH |
3235 | else |
3236 | addr->peercert = NULL; | |
9d1c15ef JH |
3237 | break; |
3238 | ||
3239 | case '3': | |
9d1c15ef JH |
3240 | if (*ptr) |
3241 | (void) tls_import_cert(ptr, &addr->ourcert); | |
152e7604 JH |
3242 | else |
3243 | addr->ourcert = NULL; | |
9d1c15ef | 3244 | break; |
018058b2 | 3245 | |
a7538db1 | 3246 | # ifndef DISABLE_OCSP |
018058b2 JH |
3247 | case '4': |
3248 | addr->ocsp = OCSP_NOT_REQ; | |
3249 | if (*ptr) | |
3250 | addr->ocsp = *ptr - '0'; | |
3251 | break; | |
a7538db1 | 3252 | # endif |
9d1c15ef | 3253 | } |
059ec3d9 PH |
3254 | while (*ptr++); |
3255 | break; | |
a7538db1 | 3256 | #endif /*SUPPORT_TLS*/ |
059ec3d9 | 3257 | |
6f123593 | 3258 | case 'C': /* client authenticator information */ |
bd21a787 | 3259 | switch (subid) |
9d1c15ef JH |
3260 | { |
3261 | case '1': | |
3262 | addr->authenticator = (*ptr)? string_copy(ptr) : NULL; | |
3263 | break; | |
3264 | case '2': | |
3265 | addr->auth_id = (*ptr)? string_copy(ptr) : NULL; | |
3266 | break; | |
3267 | case '3': | |
3268 | addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL; | |
3269 | break; | |
3270 | } | |
6f123593 JH |
3271 | while (*ptr++); |
3272 | break; | |
3273 | ||
8ccd00b1 | 3274 | #ifndef DISABLE_PRDR |
fd98a5c6 | 3275 | case 'P': |
8ccd00b1 JH |
3276 | addr->flags |= af_prdr_used; |
3277 | break; | |
fd98a5c6 JH |
3278 | #endif |
3279 | ||
6c1c3d1d | 3280 | case 'D': |
d6c82d7b | 3281 | if (!addr) goto ADDR_MISMATCH; |
6c1c3d1d WB |
3282 | memcpy(&(addr->dsn_aware), ptr, sizeof(addr->dsn_aware)); |
3283 | ptr += sizeof(addr->dsn_aware); | |
3284 | DEBUG(D_deliver) debug_printf("DSN read: addr->dsn_aware = %d\n", addr->dsn_aware); | |
3285 | break; | |
6c1c3d1d | 3286 | |
059ec3d9 | 3287 | case 'A': |
d6c82d7b | 3288 | if (!addr) |
059ec3d9 PH |
3289 | { |
3290 | ADDR_MISMATCH: | |
3291 | msg = string_sprintf("address count mismatch for data read from pipe " | |
3292 | "for transport process %d for transport %s", pid, | |
3293 | addrlist->transport->driver_name); | |
3294 | done = TRUE; | |
3295 | break; | |
3296 | } | |
3297 | ||
895fbaf2 | 3298 | switch (subid) |
059ec3d9 | 3299 | { |
895fbaf2 JH |
3300 | #ifdef EXPERIMENTAL_DSN_INFO |
3301 | case '1': /* must arrive before A0, and applies to that addr */ | |
3302 | /* Two strings: smtp_greeting and helo_response */ | |
3303 | addr->smtp_greeting = string_copy(ptr); | |
3304 | while(*ptr++); | |
3305 | addr->helo_response = string_copy(ptr); | |
3306 | while(*ptr++); | |
3307 | break; | |
3308 | #endif | |
059ec3d9 | 3309 | |
895fbaf2 JH |
3310 | case '0': |
3311 | addr->transport_return = *ptr++; | |
3312 | addr->special_action = *ptr++; | |
3313 | memcpy(&(addr->basic_errno), ptr, sizeof(addr->basic_errno)); | |
3314 | ptr += sizeof(addr->basic_errno); | |
3315 | memcpy(&(addr->more_errno), ptr, sizeof(addr->more_errno)); | |
3316 | ptr += sizeof(addr->more_errno); | |
3317 | memcpy(&(addr->flags), ptr, sizeof(addr->flags)); | |
3318 | ptr += sizeof(addr->flags); | |
3319 | addr->message = (*ptr)? string_copy(ptr) : NULL; | |
3320 | while(*ptr++); | |
3321 | addr->user_message = (*ptr)? string_copy(ptr) : NULL; | |
3322 | while(*ptr++); | |
059ec3d9 | 3323 | |
895fbaf2 JH |
3324 | /* Always two strings for host information, followed by the port number and DNSSEC mark */ |
3325 | ||
3326 | if (*ptr != 0) | |
3327 | { | |
3328 | h = store_get(sizeof(host_item)); | |
3329 | h->name = string_copy(ptr); | |
3330 | while (*ptr++); | |
3331 | h->address = string_copy(ptr); | |
3332 | while(*ptr++); | |
3333 | memcpy(&(h->port), ptr, sizeof(h->port)); | |
3334 | ptr += sizeof(h->port); | |
3335 | h->dnssec = *ptr == '2' ? DS_YES | |
3336 | : *ptr == '1' ? DS_NO | |
3337 | : DS_UNK; | |
3338 | ptr++; | |
3339 | addr->host_used = h; | |
3340 | } | |
3341 | else ptr++; | |
3342 | ||
3343 | /* Finished with this address */ | |
3344 | ||
3345 | addr = addr->next; | |
3346 | break; | |
3347 | } | |
059ec3d9 PH |
3348 | break; |
3349 | ||
aeaf5db3 JH |
3350 | /* Local interface address/port */ |
3351 | case 'I': | |
3352 | if (*ptr) sending_ip_address = string_copy(ptr); | |
3353 | while (*ptr++) ; | |
93a6fce2 | 3354 | if (*ptr) sending_port = atoi(CS ptr); |
aeaf5db3 JH |
3355 | while (*ptr++) ; |
3356 | break; | |
3357 | ||
059ec3d9 PH |
3358 | /* Z marks the logical end of the data. It is followed by '0' if |
3359 | continue_transport was NULL at the end of transporting, otherwise '1'. | |
3360 | We need to know when it becomes NULL during a delivery down a passed SMTP | |
3361 | channel so that we don't try to pass anything more down it. Of course, for | |
3362 | most normal messages it will remain NULL all the time. */ | |
3363 | ||
3364 | case 'Z': | |
3365 | if (*ptr == '0') | |
3366 | { | |
3367 | continue_transport = NULL; | |
3368 | continue_hostname = NULL; | |
3369 | } | |
3370 | done = TRUE; | |
bd21a787 | 3371 | DEBUG(D_deliver) debug_printf("Z0%c item read\n", *ptr); |
059ec3d9 PH |
3372 | break; |
3373 | ||
3374 | /* Anything else is a disaster. */ | |
3375 | ||
3376 | default: | |
3377 | msg = string_sprintf("malformed data (%d) read from pipe for transport " | |
3378 | "process %d for transport %s", ptr[-1], pid, | |
3379 | addr->transport->driver_name); | |
3380 | done = TRUE; | |
3381 | break; | |
3382 | } | |
3383 | } | |
3384 | ||
3385 | /* The done flag is inspected externally, to determine whether or not to | |
3386 | call the function again when the process finishes. */ | |
3387 | ||
3388 | p->done = done; | |
3389 | ||
3390 | /* If the process hadn't finished, and we haven't seen the end of the data | |
3391 | or suffered a disaster, update the rest of the state, and return FALSE to | |
3392 | indicate "not finished". */ | |
3393 | ||
3394 | if (!eop && !done) | |
3395 | { | |
3396 | p->addr = addr; | |
3397 | p->msg = msg; | |
3398 | return FALSE; | |
3399 | } | |
3400 | ||
3401 | /* Close our end of the pipe, to prevent deadlock if the far end is still | |
3402 | pushing stuff into it. */ | |
3403 | ||
f1e894f3 | 3404 | (void)close(fd); |
059ec3d9 PH |
3405 | p->fd = -1; |
3406 | ||
3407 | /* If we have finished without error, but haven't had data for every address, | |
3408 | something is wrong. */ | |
3409 | ||
d6c82d7b | 3410 | if (!msg && addr) |
059ec3d9 PH |
3411 | msg = string_sprintf("insufficient address data read from pipe " |
3412 | "for transport process %d for transport %s", pid, | |
3413 | addr->transport->driver_name); | |
3414 | ||
3415 | /* If an error message is set, something has gone wrong in getting back | |
3416 | the delivery data. Put the message into each address and freeze it. */ | |
3417 | ||
d6c82d7b JH |
3418 | if (msg) |
3419 | for (addr = addrlist; addr; addr = addr->next) | |
059ec3d9 PH |
3420 | { |
3421 | addr->transport_return = DEFER; | |
3422 | addr->special_action = SPECIAL_FREEZE; | |
3423 | addr->message = msg; | |
3424 | } | |
059ec3d9 PH |
3425 | |
3426 | /* Return TRUE to indicate we have got all we need from this process, even | |
3427 | if it hasn't actually finished yet. */ | |
3428 | ||
3429 | return TRUE; | |
3430 | } | |
3431 | ||
3432 | ||
3433 | ||
3434 | /************************************************* | |
3435 | * Post-process a set of remote addresses * | |
3436 | *************************************************/ | |
3437 | ||
3438 | /* Do what has to be done immediately after a remote delivery for each set of | |
3439 | addresses, then re-write the spool if necessary. Note that post_process_one | |
3440 | puts the address on an appropriate queue; hence we must fish off the next | |
3441 | one first. This function is also called if there is a problem with setting | |
3442 | up a subprocess to do a remote delivery in parallel. In this case, the final | |
3443 | argument contains a message, and the action must be forced to DEFER. | |
3444 | ||
3445 | Argument: | |
3446 | addr pointer to chain of address items | |
3447 | logflags flags for logging | |
3448 | msg NULL for normal cases; -> error message for unexpected problems | |
3449 | fallback TRUE if processing fallback hosts | |
3450 | ||
3451 | Returns: nothing | |
3452 | */ | |
3453 | ||
3454 | static void | |
3455 | remote_post_process(address_item *addr, int logflags, uschar *msg, | |
3456 | BOOL fallback) | |
3457 | { | |
3458 | host_item *h; | |
3459 | ||
3460 | /* If any host addresses were found to be unusable, add them to the unusable | |
3461 | tree so that subsequent deliveries don't try them. */ | |
3462 | ||
d6c82d7b JH |
3463 | for (h = addr->host_list; h; h = h->next) |
3464 | if (h->address) | |
3465 | if (h->status >= hstatus_unusable) tree_add_unusable(h); | |
059ec3d9 PH |
3466 | |
3467 | /* Now handle each address on the chain. The transport has placed '=' or '-' | |
3468 | into the special_action field for each successful delivery. */ | |
3469 | ||
d6c82d7b | 3470 | while (addr) |
059ec3d9 PH |
3471 | { |
3472 | address_item *next = addr->next; | |
3473 | ||
3474 | /* If msg == NULL (normal processing) and the result is DEFER and we are | |
3475 | processing the main hosts and there are fallback hosts available, put the | |
3476 | address on the list for fallback delivery. */ | |
3477 | ||
d6c82d7b JH |
3478 | if ( addr->transport_return == DEFER |
3479 | && addr->fallback_hosts | |
3480 | && !fallback | |
3481 | && !msg | |
3482 | ) | |
059ec3d9 PH |
3483 | { |
3484 | addr->host_list = addr->fallback_hosts; | |
3485 | addr->next = addr_fallback; | |
3486 | addr_fallback = addr; | |
3487 | DEBUG(D_deliver) debug_printf("%s queued for fallback host(s)\n", addr->address); | |
3488 | } | |
3489 | ||
3490 | /* If msg is set (=> unexpected problem), set it in the address before | |
3491 | doing the ordinary post processing. */ | |
3492 | ||
3493 | else | |
3494 | { | |
d6c82d7b | 3495 | if (msg) |
059ec3d9 PH |
3496 | { |
3497 | addr->message = msg; | |
3498 | addr->transport_return = DEFER; | |
3499 | } | |
3500 | (void)post_process_one(addr, addr->transport_return, logflags, | |
3501 | DTYPE_TRANSPORT, addr->special_action); | |
3502 | } | |
3503 | ||
3504 | /* Next address */ | |
3505 | ||
3506 | addr = next; | |
3507 | } | |
3508 | ||
3509 | /* If we have just delivered down a passed SMTP channel, and that was | |
3510 | the last address, the channel will have been closed down. Now that | |
3511 | we have logged that delivery, set continue_sequence to 1 so that | |
3512 | any subsequent deliveries don't get "*" incorrectly logged. */ | |
3513 | ||
d6c82d7b | 3514 | if (!continue_transport) continue_sequence = 1; |
059ec3d9 PH |
3515 | } |
3516 | ||
3517 | ||
3518 | ||
3519 | /************************************************* | |
3520 | * Wait for one remote delivery subprocess * | |
3521 | *************************************************/ | |
3522 | ||
3523 | /* This function is called while doing remote deliveries when either the | |
3524 | maximum number of processes exist and we need one to complete so that another | |
3525 | can be created, or when waiting for the last ones to complete. It must wait for | |
3526 | the completion of one subprocess, empty the control block slot, and return a | |
3527 | pointer to the address chain. | |
3528 | ||
3529 | Arguments: none | |
3530 | Returns: pointer to the chain of addresses handled by the process; | |
3531 | NULL if no subprocess found - this is an unexpected error | |
3532 | */ | |
3533 | ||
3534 | static address_item * | |
3535 | par_wait(void) | |
3536 | { | |
3537 | int poffset, status; | |
3538 | address_item *addr, *addrlist; | |
3539 | pid_t pid; | |
3540 | ||
3541 | set_process_info("delivering %s: waiting for a remote delivery subprocess " | |
3542 | "to finish", message_id); | |
3543 | ||
3544 | /* Loop until either a subprocess completes, or there are no subprocesses in | |
3545 | existence - in which case give an error return. We cannot proceed just by | |
3546 | waiting for a completion, because a subprocess may have filled up its pipe, and | |
3547 | be waiting for it to be emptied. Therefore, if no processes have finished, we | |
3548 | wait for one of the pipes to acquire some data by calling select(), with a | |
3549 | timeout just in case. | |
3550 | ||
3551 | The simple approach is just to iterate after reading data from a ready pipe. | |
3552 | This leads to non-ideal behaviour when the subprocess has written its final Z | |
3553 | item, closed the pipe, and is in the process of exiting (the common case). A | |
3554 | call to waitpid() yields nothing completed, but select() shows the pipe ready - | |
3555 | reading it yields EOF, so you end up with busy-waiting until the subprocess has | |
3556 | actually finished. | |
3557 | ||
3558 | To avoid this, if all the data that is needed has been read from a subprocess | |
3559 | after select(), an explicit wait() for it is done. We know that all it is doing | |
3560 | is writing to the pipe and then exiting, so the wait should not be long. | |
3561 | ||
3562 | The non-blocking waitpid() is to some extent just insurance; if we could | |
3563 | reliably detect end-of-file on the pipe, we could always know when to do a | |
3564 | blocking wait() for a completed process. However, because some systems use | |
3565 | NDELAY, which doesn't distinguish between EOF and pipe empty, it is easier to | |
3566 | use code that functions without the need to recognize EOF. | |
3567 | ||
3568 | There's a double loop here just in case we end up with a process that is not in | |
3569 | the list of remote delivery processes. Something has obviously gone wrong if | |
3570 | this is the case. (For example, a process that is incorrectly left over from | |
3571 | routing or local deliveries might be found.) The damage can be minimized by | |
3572 | looping back and looking for another process. If there aren't any, the error | |
3573 | return will happen. */ | |
3574 | ||
3575 | for (;;) /* Normally we do not repeat this loop */ | |
3576 | { | |
3577 | while ((pid = waitpid(-1, &status, WNOHANG)) <= 0) | |
3578 | { | |
3579 | struct timeval tv; | |
3580 | fd_set select_pipes; | |
3581 | int maxpipe, readycount; | |
3582 | ||
3583 | /* A return value of -1 can mean several things. If errno != ECHILD, it | |
3584 | either means invalid options (which we discount), or that this process was | |
3585 | interrupted by a signal. Just loop to try the waitpid() again. | |
3586 | ||
3587 | If errno == ECHILD, waitpid() is telling us that there are no subprocesses | |
3588 | in existence. This should never happen, and is an unexpected error. | |
3589 | However, there is a nasty complication when running under Linux. If "strace | |
3590 | -f" is being used under Linux to trace this process and its children, | |
3591 | subprocesses are "stolen" from their parents and become the children of the | |
3592 | tracing process. A general wait such as the one we've just obeyed returns | |
3593 | as if there are no children while subprocesses are running. Once a | |
3594 | subprocess completes, it is restored to the parent, and waitpid(-1) finds | |
3595 | it. Thanks to Joachim Wieland for finding all this out and suggesting a | |
3596 | palliative. | |
3597 | ||
3598 | This does not happen using "truss" on Solaris, nor (I think) with other | |
3599 | tracing facilities on other OS. It seems to be specific to Linux. | |
3600 | ||
3601 | What we do to get round this is to use kill() to see if any of our | |
3602 | subprocesses are still in existence. If kill() gives an OK return, we know | |
3603 | it must be for one of our processes - it can't be for a re-use of the pid, | |
3604 | because if our process had finished, waitpid() would have found it. If any | |
3605 | of our subprocesses are in existence, we proceed to use select() as if | |
3606 | waitpid() had returned zero. I think this is safe. */ | |
3607 | ||
3608 | if (pid < 0) | |
3609 | { | |
3610 | if (errno != ECHILD) continue; /* Repeats the waitpid() */ | |
3611 | ||
3612 | DEBUG(D_deliver) | |
3613 | debug_printf("waitpid() returned -1/ECHILD: checking explicitly " | |
3614 | "for process existence\n"); | |
3615 | ||
3616 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
3617 | { | |
3618 | if ((pid = parlist[poffset].pid) != 0 && kill(pid, 0) == 0) | |
3619 | { | |
3620 | DEBUG(D_deliver) debug_printf("process %d still exists: assume " | |
3621 | "stolen by strace\n", (int)pid); | |
3622 | break; /* With poffset set */ | |
3623 | } | |
3624 | } | |
3625 | ||
3626 | if (poffset >= remote_max_parallel) | |
3627 | { | |
3628 | DEBUG(D_deliver) debug_printf("*** no delivery children found\n"); | |
3629 | return NULL; /* This is the error return */ | |
3630 | } | |
3631 | } | |
3632 | ||
3633 | /* A pid value greater than 0 breaks the "while" loop. A negative value has | |
3634 | been handled above. A return value of zero means that there is at least one | |
3635 | subprocess, but there are no completed subprocesses. See if any pipes are | |
3636 | ready with any data for reading. */ | |
3637 | ||
3638 | DEBUG(D_deliver) debug_printf("selecting on subprocess pipes\n"); | |
3639 | ||
3640 | maxpipe = 0; | |
3641 | FD_ZERO(&select_pipes); | |
3642 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
3643 | { | |
3644 | if (parlist[poffset].pid != 0) | |
3645 | { | |
3646 | int fd = parlist[poffset].fd; | |
3647 | FD_SET(fd, &select_pipes); | |
3648 | if (fd > maxpipe) maxpipe = fd; | |
3649 | } | |
3650 | } | |
3651 | ||
3652 | /* Stick in a 60-second timeout, just in case. */ | |
3653 | ||
3654 | tv.tv_sec = 60; | |
3655 | tv.tv_usec = 0; | |
3656 | ||
3657 | readycount = select(maxpipe + 1, (SELECT_ARG2_TYPE *)&select_pipes, | |
3658 | NULL, NULL, &tv); | |
3659 | ||
3660 | /* Scan through the pipes and read any that are ready; use the count | |
3661 | returned by select() to stop when there are no more. Select() can return | |
3662 | with no processes (e.g. if interrupted). This shouldn't matter. | |
3663 | ||
3664 | If par_read_pipe() returns TRUE, it means that either the terminating Z was | |
3665 | read, or there was a disaster. In either case, we are finished with this | |
3666 | process. Do an explicit wait() for the process and break the main loop if | |
3667 | it succeeds. | |
3668 | ||
3669 | It turns out that we have to deal with the case of an interrupted system | |
3670 | call, which can happen on some operating systems if the signal handling is | |
3671 | set up to do that by default. */ | |
3672 | ||
3673 | for (poffset = 0; | |
3674 | readycount > 0 && poffset < remote_max_parallel; | |
3675 | poffset++) | |
3676 | { | |
d6c82d7b JH |
3677 | if ( (pid = parlist[poffset].pid) != 0 |
3678 | && FD_ISSET(parlist[poffset].fd, &select_pipes) | |
3679 | ) | |
059ec3d9 PH |
3680 | { |
3681 | readycount--; | |
3682 | if (par_read_pipe(poffset, FALSE)) /* Finished with this pipe */ | |
3683 | { | |
3684 | for (;;) /* Loop for signals */ | |
3685 | { | |
3686 | pid_t endedpid = waitpid(pid, &status, 0); | |
3687 | if (endedpid == pid) goto PROCESS_DONE; | |
3688 | if (endedpid != (pid_t)(-1) || errno != EINTR) | |
3689 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Unexpected error return " | |
3690 | "%d (errno = %d) from waitpid() for process %d", | |
3691 | (int)endedpid, errno, (int)pid); | |
3692 | } | |
3693 | } | |
3694 | } | |
3695 | } | |
3696 | ||
3697 | /* Now go back and look for a completed subprocess again. */ | |
3698 | } | |
3699 | ||
3700 | /* A completed process was detected by the non-blocking waitpid(). Find the | |
3701 | data block that corresponds to this subprocess. */ | |
3702 | ||
3703 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
3704 | if (pid == parlist[poffset].pid) break; | |
3705 | ||
3706 | /* Found the data block; this is a known remote delivery process. We don't | |
3707 | need to repeat the outer loop. This should be what normally happens. */ | |
3708 | ||
3709 | if (poffset < remote_max_parallel) break; | |
3710 | ||
3711 | /* This situation is an error, but it's probably better to carry on looking | |
3712 | for another process than to give up (as we used to do). */ | |
3713 | ||
3714 | log_write(0, LOG_MAIN|LOG_PANIC, "Process %d finished: not found in remote " | |
3715 | "transport process list", pid); | |
3716 | } /* End of the "for" loop */ | |
3717 | ||
3718 | /* Come here when all the data was completely read after a select(), and | |
3719 | the process in pid has been wait()ed for. */ | |
3720 | ||
3721 | PROCESS_DONE: | |
3722 | ||
3723 | DEBUG(D_deliver) | |
3724 | { | |
3725 | if (status == 0) | |
3726 | debug_printf("remote delivery process %d ended\n", (int)pid); | |
3727 | else | |
3728 | debug_printf("remote delivery process %d ended: status=%04x\n", (int)pid, | |
3729 | status); | |
3730 | } | |
3731 | ||
3732 | set_process_info("delivering %s", message_id); | |
3733 | ||
3734 | /* Get the chain of processed addresses */ | |
3735 | ||
3736 | addrlist = parlist[poffset].addrlist; | |
3737 | ||
3738 | /* If the process did not finish cleanly, record an error and freeze (except | |
3739 | for SIGTERM, SIGKILL and SIGQUIT), and also ensure the journal is not removed, | |
3740 | in case the delivery did actually happen. */ | |
3741 | ||
3742 | if ((status & 0xffff) != 0) | |
3743 | { | |
3744 | uschar *msg; | |
3745 | int msb = (status >> 8) & 255; | |
3746 | int lsb = status & 255; | |
3747 | int code = (msb == 0)? (lsb & 0x7f) : msb; | |
3748 | ||
3749 | msg = string_sprintf("%s transport process returned non-zero status 0x%04x: " | |
3750 | "%s %d", | |
3751 | addrlist->transport->driver_name, | |
3752 | status, | |
3753 | (msb == 0)? "terminated by signal" : "exit code", | |
3754 | code); | |
3755 | ||
3756 | if (msb != 0 || (code != SIGTERM && code != SIGKILL && code != SIGQUIT)) | |
3757 | addrlist->special_action = SPECIAL_FREEZE; | |
3758 | ||
d6c82d7b | 3759 | for (addr = addrlist; addr; addr = addr->next) |
059ec3d9 PH |
3760 | { |
3761 | addr->transport_return = DEFER; | |
3762 | addr->message = msg; | |
3763 | } | |
3764 | ||
3765 | remove_journal = FALSE; | |
3766 | } | |
3767 | ||
3768 | /* Else complete reading the pipe to get the result of the delivery, if all | |
3769 | the data has not yet been obtained. */ | |
3770 | ||
3771 | else if (!parlist[poffset].done) (void)par_read_pipe(poffset, TRUE); | |
3772 | ||
3773 | /* Put the data count and return path into globals, mark the data slot unused, | |
3774 | decrement the count of subprocesses, and return the address chain. */ | |
3775 | ||
3776 | transport_count = parlist[poffset].transport_count; | |
3777 | used_return_path = parlist[poffset].return_path; | |
3778 | parlist[poffset].pid = 0; | |
3779 | parcount--; | |
3780 | return addrlist; | |
3781 | } | |
3782 | ||
3783 | ||
3784 | ||
3785 | /************************************************* | |
3786 | * Wait for subprocesses and post-process * | |
3787 | *************************************************/ | |
3788 | ||
3789 | /* This function waits for subprocesses until the number that are still running | |
3790 | is below a given threshold. For each complete subprocess, the addresses are | |
3791 | post-processed. If we can't find a running process, there is some shambles. | |
3792 | Better not bomb out, as that might lead to multiple copies of the message. Just | |
3793 | log and proceed as if all done. | |
3794 | ||
3795 | Arguments: | |
3796 | max maximum number of subprocesses to leave running | |
3797 | fallback TRUE if processing fallback hosts | |
3798 | ||
3799 | Returns: nothing | |
3800 | */ | |
3801 | ||
3802 | static void | |
3803 | par_reduce(int max, BOOL fallback) | |
3804 | { | |
3805 | while (parcount > max) | |
3806 | { | |
3807 | address_item *doneaddr = par_wait(); | |
d6c82d7b | 3808 | if (!doneaddr) |
059ec3d9 PH |
3809 | { |
3810 | log_write(0, LOG_MAIN|LOG_PANIC, | |
3811 | "remote delivery process count got out of step"); | |
3812 | parcount = 0; | |
3813 | } | |
fa41615d JH |
3814 | else |
3815 | { | |
3816 | transport_instance * tp = doneaddr->transport; | |
3817 | if (tp->max_parallel) | |
3818 | enq_end(string_sprintf("tpt-serialize-%s", tp->name)); | |
3819 | ||
3820 | remote_post_process(doneaddr, LOG_MAIN, NULL, fallback); | |
3821 | } | |
059ec3d9 PH |
3822 | } |
3823 | } | |
3824 | ||
3825 | ||
3826 | ||
3827 | ||
1ac6b2e7 | 3828 | static void |
bd21a787 | 3829 | rmt_dlv_checked_write(int fd, char id, char subid, void * buf, int size) |
1ac6b2e7 | 3830 | { |
bd21a787 WB |
3831 | uschar writebuffer[PIPE_HEADER_SIZE + BIG_BUFFER_SIZE]; |
3832 | int header_length; | |
3833 | ||
3834 | /* we assume that size can't get larger then BIG_BUFFER_SIZE which currently is set to 16k */ | |
3835 | /* complain to log if someone tries with buffer sizes we can't handle*/ | |
3836 | ||
3837 | if (size > 99999) | |
d6c82d7b | 3838 | { |
94431adb | 3839 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
bd21a787 WB |
3840 | "Failed writing transport result to pipe: can't handle buffers > 99999 bytes. truncating!\n"); |
3841 | size = 99999; | |
d6c82d7b | 3842 | } |
bd21a787 WB |
3843 | |
3844 | /* to keep the write() atomic we build header in writebuffer and copy buf behind */ | |
3845 | /* two write() calls would increase the complexity of reading from pipe */ | |
3846 | ||
3847 | /* convert size to human readable string prepended by id and subid */ | |
b75960c8 | 3848 | header_length = snprintf(CS writebuffer, PIPE_HEADER_SIZE+1, "%c%c%05d", id, subid, size); |
bd21a787 | 3849 | if (header_length != PIPE_HEADER_SIZE) |
d6c82d7b | 3850 | { |
bd21a787 WB |
3851 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "header snprintf failed\n"); |
3852 | writebuffer[0] = '\0'; | |
d6c82d7b | 3853 | } |
bd21a787 | 3854 | |
94431adb | 3855 | DEBUG(D_deliver) debug_printf("header write id:%c,subid:%c,size:%d,final:%s\n", |
bd21a787 WB |
3856 | id, subid, size, writebuffer); |
3857 | ||
3858 | if (buf && size > 0) | |
3859 | memcpy(writebuffer + PIPE_HEADER_SIZE, buf, size); | |
3860 | ||
3861 | size += PIPE_HEADER_SIZE; | |
3862 | int ret = write(fd, writebuffer, size); | |
1ac6b2e7 JH |
3863 | if(ret != size) |
3864 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n", | |
3865 | ret == -1 ? strerror(errno) : "short write"); | |
3866 | } | |
3867 | ||
059ec3d9 PH |
3868 | /************************************************* |
3869 | * Do remote deliveries * | |
3870 | *************************************************/ | |
3871 | ||
3872 | /* This function is called to process the addresses in addr_remote. We must | |
3873 | pick off the queue all addresses that have the same transport, remote | |
3874 | destination, and errors address, and hand them to the transport in one go, | |
3875 | subject to some configured limitations. If this is a run to continue delivering | |
3876 | to an existing delivery channel, skip all but those addresses that can go to | |
3877 | that channel. The skipped addresses just get deferred. | |
3878 | ||
3879 | If mua_wrapper is set, all addresses must be able to be sent in a single | |
3880 | transaction. If not, this function yields FALSE. | |
3881 | ||
3882 | In Exim 4, remote deliveries are always done in separate processes, even | |
3883 | if remote_max_parallel = 1 or if there's only one delivery to do. The reason | |
3884 | is so that the base process can retain privilege. This makes the | |
3885 | implementation of fallback transports feasible (though not initially done.) | |
3886 | ||
3887 | We create up to the configured number of subprocesses, each of which passes | |
3888 | back the delivery state via a pipe. (However, when sending down an existing | |
3889 | connection, remote_max_parallel is forced to 1.) | |
3890 | ||
3891 | Arguments: | |
3892 | fallback TRUE if processing fallback hosts | |
3893 | ||
3894 | Returns: TRUE normally | |
3895 | FALSE if mua_wrapper is set and the addresses cannot all be sent | |
3896 | in one transaction | |
3897 | */ | |
3898 | ||
3899 | static BOOL | |
3900 | do_remote_deliveries(BOOL fallback) | |
3901 | { | |
3902 | int parmax; | |
3903 | int delivery_count; | |
3904 | int poffset; | |
3905 | ||
3906 | parcount = 0; /* Number of executing subprocesses */ | |
3907 | ||
3908 | /* When sending down an existing channel, only do one delivery at a time. | |
3909 | We use a local variable (parmax) to hold the maximum number of processes; | |
3910 | this gets reduced from remote_max_parallel if we can't create enough pipes. */ | |
3911 | ||
d6c82d7b | 3912 | if (continue_transport) remote_max_parallel = 1; |
059ec3d9 PH |
3913 | parmax = remote_max_parallel; |
3914 | ||
3915 | /* If the data for keeping a list of processes hasn't yet been | |
3916 | set up, do so. */ | |
3917 | ||
d6c82d7b | 3918 | if (!parlist) |
059ec3d9 PH |
3919 | { |
3920 | parlist = store_get(remote_max_parallel * sizeof(pardata)); | |
3921 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
3922 | parlist[poffset].pid = 0; | |
3923 | } | |
3924 | ||
3925 | /* Now loop for each remote delivery */ | |
3926 | ||
d6c82d7b | 3927 | for (delivery_count = 0; addr_remote; delivery_count++) |
059ec3d9 PH |
3928 | { |
3929 | pid_t pid; | |
3930 | uid_t uid; | |
3931 | gid_t gid; | |
3932 | int pfd[2]; | |
3933 | int address_count = 1; | |
3934 | int address_count_max; | |
3935 | BOOL multi_domain; | |
3936 | BOOL use_initgroups; | |
3937 | BOOL pipe_done = FALSE; | |
3938 | transport_instance *tp; | |
3939 | address_item **anchor = &addr_remote; | |
3940 | address_item *addr = addr_remote; | |
3941 | address_item *last = addr; | |
3942 | address_item *next; | |
d6c82d7b | 3943 | uschar * panicmsg; |
fa41615d | 3944 | uschar * serialize_key = NULL; |
059ec3d9 PH |
3945 | |
3946 | /* Pull the first address right off the list. */ | |
3947 | ||
3948 | addr_remote = addr->next; | |
3949 | addr->next = NULL; | |
3950 | ||
3951 | DEBUG(D_deliver|D_transport) | |
3952 | debug_printf("--------> %s <--------\n", addr->address); | |
3953 | ||
3954 | /* If no transport has been set, there has been a big screw-up somewhere. */ | |
3955 | ||
d6c82d7b | 3956 | if (!(tp = addr->transport)) |
059ec3d9 PH |
3957 | { |
3958 | disable_logging = FALSE; /* Jic */ | |
d6c82d7b JH |
3959 | panicmsg = US"No transport set by router"; |
3960 | goto panic_continue; | |
059ec3d9 PH |
3961 | } |
3962 | ||
3963 | /* Check that this base address hasn't previously been delivered to this | |
3964 | transport. The check is necessary at this point to handle homonymic addresses | |
3965 | correctly in cases where the pattern of redirection changes between delivery | |
3966 | attempts. Non-homonymic previous delivery is detected earlier, at routing | |
3967 | time. */ | |
3968 | ||
c2c19e9d | 3969 | if (previously_transported(addr, FALSE)) continue; |
059ec3d9 PH |
3970 | |
3971 | /* Force failure if the message is too big. */ | |
3972 | ||
d6c82d7b | 3973 | if (tp->message_size_limit) |
059ec3d9 PH |
3974 | { |
3975 | int rc = check_message_size(tp, addr); | |
3976 | if (rc != OK) | |
3977 | { | |
3978 | addr->transport_return = rc; | |
3979 | remote_post_process(addr, LOG_MAIN, NULL, fallback); | |
3980 | continue; | |
3981 | } | |
3982 | } | |
3983 | ||
3984 | /* Get the flag which specifies whether the transport can handle different | |
506900af JH |
3985 | domains that nevertheless resolve to the same set of hosts. If it needs |
3986 | expanding, get variables set: $address_data, $domain_data, $localpart_data, | |
3987 | $host, $host_address, $host_port. */ | |
3988 | if (tp->expand_multi_domain) | |
3989 | deliver_set_expansions(addr); | |
3990 | ||
3991 | if (exp_bool(addr, US"transport", tp->name, D_transport, | |
3992 | US"multi_domain", tp->multi_domain, tp->expand_multi_domain, | |
3993 | &multi_domain) != OK) | |
3994 | { | |
3995 | deliver_set_expansions(NULL); | |
d6c82d7b JH |
3996 | panicmsg = addr->message; |
3997 | goto panic_continue; | |
506900af | 3998 | } |
059ec3d9 PH |
3999 | |
4000 | /* Get the maximum it can handle in one envelope, with zero meaning | |
4001 | unlimited, which is forced for the MUA wrapper case. */ | |
4002 | ||
4003 | address_count_max = tp->max_addresses; | |
4004 | if (address_count_max == 0 || mua_wrapper) address_count_max = 999999; | |
4005 | ||
4006 | ||
4007 | /************************************************************************/ | |
4008 | /***** This is slightly experimental code, but should be safe. *****/ | |
4009 | ||
4010 | /* The address_count_max value is the maximum number of addresses that the | |
4011 | transport can send in one envelope. However, the transport must be capable of | |
4012 | dealing with any number of addresses. If the number it gets exceeds its | |
4013 | envelope limitation, it must send multiple copies of the message. This can be | |
4014 | done over a single connection for SMTP, so uses less resources than making | |
4015 | multiple connections. On the other hand, if remote_max_parallel is greater | |
4016 | than one, it is perhaps a good idea to use parallel processing to move the | |
4017 | message faster, even if that results in multiple simultaneous connections to | |
4018 | the same host. | |
4019 | ||
4020 | How can we come to some compromise between these two ideals? What we do is to | |
4021 | limit the number of addresses passed to a single instance of a transport to | |
4022 | the greater of (a) its address limit (rcpt_max for SMTP) and (b) the total | |
4023 | number of addresses routed to remote transports divided by | |
4024 | remote_max_parallel. For example, if the message has 100 remote recipients, | |
4025 | remote max parallel is 2, and rcpt_max is 10, we'd never send more than 50 at | |
4026 | once. But if rcpt_max is 100, we could send up to 100. | |
4027 | ||
4028 | Of course, not all the remotely addresses in a message are going to go to the | |
4029 | same set of hosts (except in smarthost configurations), so this is just a | |
4030 | heuristic way of dividing up the work. | |
4031 | ||
4032 | Furthermore (1), because this may not be wanted in some cases, and also to | |
4033 | cope with really pathological cases, there is also a limit to the number of | |
4034 | messages that are sent over one connection. This is the same limit that is | |
4035 | used when sending several different messages over the same connection. | |
4036 | Continue_sequence is set when in this situation, to the number sent so | |
4037 | far, including this message. | |
4038 | ||
4039 | Furthermore (2), when somebody explicitly sets the maximum value to 1, it | |
4040 | is probably because they are using VERP, in which case they want to pass only | |
4041 | one address at a time to the transport, in order to be able to use | |
4042 | $local_part and $domain in constructing a new return path. We could test for | |
4043 | the use of these variables, but as it is so likely they will be used when the | |
4044 | maximum is 1, we don't bother. Just leave the value alone. */ | |
4045 | ||
d6c82d7b JH |
4046 | if ( address_count_max != 1 |
4047 | && address_count_max < remote_delivery_count/remote_max_parallel | |
4048 | ) | |
059ec3d9 PH |
4049 | { |
4050 | int new_max = remote_delivery_count/remote_max_parallel; | |
4051 | int message_max = tp->connection_max_messages; | |
4052 | if (connection_max_messages >= 0) message_max = connection_max_messages; | |
4053 | message_max -= continue_sequence - 1; | |
4054 | if (message_max > 0 && new_max > address_count_max * message_max) | |
4055 | new_max = address_count_max * message_max; | |
4056 | address_count_max = new_max; | |
4057 | } | |
4058 | ||
4059 | /************************************************************************/ | |
4060 | ||
4061 | ||
4062 | /* Pick off all addresses which have the same transport, errors address, | |
4063 | destination, and extra headers. In some cases they point to the same host | |
4064 | list, but we also need to check for identical host lists generated from | |
4065 | entirely different domains. The host list pointers can be NULL in the case | |
4066 | where the hosts are defined in the transport. There is also a configured | |
4067 | maximum limit of addresses that can be handled at once (see comments above | |
506900af JH |
4068 | for how it is computed). |
4069 | If the transport does not handle multiple domains, enforce that also, | |
4070 | and if it might need a per-address check for this, re-evaluate it. | |
4071 | */ | |
059ec3d9 | 4072 | |
d6c82d7b | 4073 | while ((next = *anchor) && address_count < address_count_max) |
059ec3d9 | 4074 | { |
506900af JH |
4075 | BOOL md; |
4076 | if ( (multi_domain || Ustrcmp(next->domain, addr->domain) == 0) | |
4077 | && tp == next->transport | |
4078 | && same_hosts(next->host_list, addr->host_list) | |
d43cbe25 JH |
4079 | && same_strings(next->prop.errors_address, addr->prop.errors_address) |
4080 | && same_headers(next->prop.extra_headers, addr->prop.extra_headers) | |
506900af | 4081 | && same_ugid(tp, next, addr) |
d43cbe25 JH |
4082 | && ( next->prop.remove_headers == addr->prop.remove_headers |
4083 | || ( next->prop.remove_headers | |
4084 | && addr->prop.remove_headers | |
4085 | && Ustrcmp(next->prop.remove_headers, addr->prop.remove_headers) == 0 | |
506900af JH |
4086 | ) ) |
4087 | && ( !multi_domain | |
4088 | || ( ( | |
4089 | !tp->expand_multi_domain || (deliver_set_expansions(next), 1), | |
4090 | exp_bool(addr, | |
4091 | US"transport", next->transport->name, D_transport, | |
4092 | US"multi_domain", next->transport->multi_domain, | |
4093 | next->transport->expand_multi_domain, &md) == OK | |
4094 | ) | |
4095 | && md | |
4096 | ) ) ) | |
059ec3d9 PH |
4097 | { |
4098 | *anchor = next->next; | |
4099 | next->next = NULL; | |
4100 | next->first = addr; /* remember top one (for retry processing) */ | |
4101 | last->next = next; | |
4102 | last = next; | |
4103 | address_count++; | |
4104 | } | |
4105 | else anchor = &(next->next); | |
506900af | 4106 | deliver_set_expansions(NULL); |
059ec3d9 PH |
4107 | } |
4108 | ||
4109 | /* If we are acting as an MUA wrapper, all addresses must go in a single | |
4110 | transaction. If not, put them back on the chain and yield FALSE. */ | |
4111 | ||
d6c82d7b | 4112 | if (mua_wrapper && addr_remote) |
059ec3d9 PH |
4113 | { |
4114 | last->next = addr_remote; | |
4115 | addr_remote = addr; | |
4116 | return FALSE; | |
4117 | } | |
4118 | ||
fa41615d JH |
4119 | /* If the transport is limited for parallellism, enforce that here. |
4120 | The hints DB entry is decremented in par_reduce(), when we reap the | |
4121 | transport process. */ | |
4122 | ||
3070ceee JH |
4123 | if (tpt_parallel_check(tp, addr, &serialize_key)) |
4124 | if ((panicmsg = expand_string_message)) | |
fa41615d | 4125 | goto panic_continue; |
3070ceee JH |
4126 | else |
4127 | continue; /* Loop for the next set of addresses. */ | |
fa41615d | 4128 | |
059ec3d9 PH |
4129 | /* Set up the expansion variables for this set of addresses */ |
4130 | ||
4131 | deliver_set_expansions(addr); | |
4132 | ||
018c60d7 JH |
4133 | /* Ensure any transport-set auth info is fresh */ |
4134 | addr->authenticator = addr->auth_id = addr->auth_sndr = NULL; | |
4135 | ||
059ec3d9 PH |
4136 | /* Compute the return path, expanding a new one if required. The old one |
4137 | must be set first, as it might be referred to in the expansion. */ | |
4138 | ||
d6c82d7b | 4139 | if(addr->prop.errors_address) |
d43cbe25 | 4140 | return_path = addr->prop.errors_address; |
384152a6 | 4141 | #ifdef EXPERIMENTAL_SRS |
d6c82d7b | 4142 | else if(addr->prop.srs_sender) |
d43cbe25 | 4143 | return_path = addr->prop.srs_sender; |
384152a6 TK |
4144 | #endif |
4145 | else | |
4146 | return_path = sender_address; | |
059ec3d9 | 4147 | |
d6c82d7b | 4148 | if (tp->return_path) |
059ec3d9 PH |
4149 | { |
4150 | uschar *new_return_path = expand_string(tp->return_path); | |
d6c82d7b JH |
4151 | if (new_return_path) |
4152 | return_path = new_return_path; | |
4153 | else if (!expand_string_forcedfail) | |
059ec3d9 | 4154 | { |
d6c82d7b JH |
4155 | panicmsg = string_sprintf("Failed to expand return path \"%s\": %s", |
4156 | tp->return_path, expand_string_message); | |
fa41615d | 4157 | goto enq_continue; |
059ec3d9 | 4158 | } |
059ec3d9 PH |
4159 | } |
4160 | ||
929ba01c PH |
4161 | /* Find the uid, gid, and use_initgroups setting for this transport. Failure |
4162 | logs and sets up error messages, so we just post-process and continue with | |
4163 | the next address. */ | |
4164 | ||
4165 | if (!findugid(addr, tp, &uid, &gid, &use_initgroups)) | |
4166 | { | |
d6c82d7b | 4167 | panicmsg = NULL; |
fa41615d | 4168 | goto enq_continue; |
929ba01c PH |
4169 | } |
4170 | ||
059ec3d9 PH |
4171 | /* If this transport has a setup function, call it now so that it gets |
4172 | run in this process and not in any subprocess. That way, the results of | |
929ba01c PH |
4173 | any setup that are retained by the transport can be reusable. One of the |
4174 | things the setup does is to set the fallback host lists in the addresses. | |
4175 | That is why it is called at this point, before the continue delivery | |
4176 | processing, because that might use the fallback hosts. */ | |
059ec3d9 | 4177 | |
d6c82d7b | 4178 | if (tp->setup) |
929ba01c | 4179 | (void)((tp->setup)(addr->transport, addr, NULL, uid, gid, NULL)); |
059ec3d9 PH |
4180 | |
4181 | /* If this is a run to continue delivery down an already-established | |
4182 | channel, check that this set of addresses matches the transport and | |
4183 | the channel. If it does not, defer the addresses. If a host list exists, | |
4184 | we must check that the continue host is on the list. Otherwise, the | |
4185 | host is set in the transport. */ | |
4186 | ||
4187 | continue_more = FALSE; /* In case got set for the last lot */ | |
d6c82d7b | 4188 | if (continue_transport) |
059ec3d9 PH |
4189 | { |
4190 | BOOL ok = Ustrcmp(continue_transport, tp->name) == 0; | |
d6c82d7b | 4191 | if (ok && addr->host_list) |
059ec3d9 PH |
4192 | { |
4193 | host_item *h; | |
4194 | ok = FALSE; | |
d6c82d7b | 4195 | for (h = addr->host_list; h; h = h->next) |
059ec3d9 PH |
4196 | if (Ustrcmp(h->name, continue_hostname) == 0) |
4197 | { ok = TRUE; break; } | |
059ec3d9 PH |
4198 | } |
4199 | ||
4200 | /* Addresses not suitable; defer or queue for fallback hosts (which | |
4201 | might be the continue host) and skip to next address. */ | |
4202 | ||
4203 | if (!ok) | |
4204 | { | |
4205 | DEBUG(D_deliver) debug_printf("not suitable for continue_transport\n"); | |
fa41615d | 4206 | if (serialize_key) enq_end(serialize_key); |
059ec3d9 | 4207 | |
d6c82d7b | 4208 | if (addr->fallback_hosts && !fallback) |
059ec3d9 | 4209 | { |
fa41615d | 4210 | for (next = addr; ; next = next->next) |
059ec3d9 PH |
4211 | { |
4212 | next->host_list = next->fallback_hosts; | |
4213 | DEBUG(D_deliver) debug_printf("%s queued for fallback host(s)\n", next->address); | |
d6c82d7b | 4214 | if (!next->next) break; |
059ec3d9 PH |
4215 | } |
4216 | next->next = addr_fallback; | |
4217 | addr_fallback = addr; | |
4218 | } | |
4219 | ||
4220 | else | |
3070ceee JH |
4221 | { |
4222 | while (next->next) next = next->next; | |
4223 | next->next = addr_defer; | |
4224 | addr_defer = addr; | |
4225 | } | |
059ec3d9 PH |
4226 | |
4227 | continue; | |
4228 | } | |
4229 | ||
4230 | /* Set a flag indicating whether there are further addresses that list | |
4231 | the continued host. This tells the transport to leave the channel open, | |
4232 | but not to pass it to another delivery process. */ | |
4233 | ||
d6c82d7b | 4234 | for (next = addr_remote; next; next = next->next) |
059ec3d9 PH |
4235 | { |
4236 | host_item *h; | |
d6c82d7b | 4237 | for (h = next->host_list; h; h = h->next) |
059ec3d9 PH |
4238 | if (Ustrcmp(h->name, continue_hostname) == 0) |
4239 | { continue_more = TRUE; break; } | |
059ec3d9 PH |
4240 | } |
4241 | } | |
4242 | ||
4243 | /* The transports set up the process info themselves as they may connect | |
4244 | to more than one remote machine. They also have to set up the filter | |
4245 | arguments, if required, so that the host name and address are available | |
4246 | for expansion. */ | |
4247 | ||
4248 | transport_filter_argv = NULL; | |
4249 | ||
059ec3d9 PH |
4250 | /* Create the pipe for inter-process communication. If pipe creation |
4251 | fails, it is probably because the value of remote_max_parallel is so | |
4252 | large that too many file descriptors for pipes have been created. Arrange | |
4253 | to wait for a process to finish, and then try again. If we still can't | |
4254 | create a pipe when all processes have finished, break the retry loop. */ | |
4255 | ||
4256 | while (!pipe_done) | |
4257 | { | |
4258 | if (pipe(pfd) == 0) pipe_done = TRUE; | |
4259 | else if (parcount > 0) parmax = parcount; | |
4260 | else break; | |
4261 | ||
4262 | /* We need to make the reading end of the pipe non-blocking. There are | |
4263 | two different options for this. Exim is cunningly (I hope!) coded so | |
4264 | that it can use either of them, though it prefers O_NONBLOCK, which | |
4265 | distinguishes between EOF and no-more-data. */ | |
4266 | ||
a7538db1 | 4267 | #ifdef O_NONBLOCK |
ff790e47 | 4268 | (void)fcntl(pfd[pipe_read], F_SETFL, O_NONBLOCK); |
a7538db1 | 4269 | #else |
ff790e47 | 4270 | (void)fcntl(pfd[pipe_read], F_SETFL, O_NDELAY); |
a7538db1 | 4271 | #endif |
059ec3d9 PH |
4272 | |
4273 | /* If the maximum number of subprocesses already exist, wait for a process | |
4274 | to finish. If we ran out of file descriptors, parmax will have been reduced | |
4275 | from its initial value of remote_max_parallel. */ | |
4276 | ||
4277 | par_reduce(parmax - 1, fallback); | |
4278 | } | |
4279 | ||
4280 | /* If we failed to create a pipe and there were no processes to wait | |
4281 | for, we have to give up on this one. Do this outside the above loop | |
4282 | so that we can continue the main loop. */ | |
4283 | ||
4284 | if (!pipe_done) | |
4285 | { | |
d6c82d7b | 4286 | panicmsg = string_sprintf("unable to create pipe: %s", strerror(errno)); |
fa41615d | 4287 | goto enq_continue; |
059ec3d9 PH |
4288 | } |
4289 | ||
4290 | /* Find a free slot in the pardata list. Must do this after the possible | |
4291 | waiting for processes to finish, because a terminating process will free | |
4292 | up a slot. */ | |
4293 | ||
4294 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
d6c82d7b JH |
4295 | if (parlist[poffset].pid == 0) |
4296 | break; | |
059ec3d9 PH |
4297 | |
4298 | /* If there isn't one, there has been a horrible disaster. */ | |
4299 | ||
4300 | if (poffset >= remote_max_parallel) | |
4301 | { | |
f1e894f3 PH |
4302 | (void)close(pfd[pipe_write]); |
4303 | (void)close(pfd[pipe_read]); | |
d6c82d7b | 4304 | panicmsg = US"Unexpectedly no free subprocess slot"; |
fa41615d | 4305 | goto enq_continue; |
059ec3d9 PH |
4306 | } |
4307 | ||
4308 | /* Now fork a subprocess to do the remote delivery, but before doing so, | |
4309 | ensure that any cached resourses are released so as not to interfere with | |
4310 | what happens in the subprocess. */ | |
4311 | ||
4312 | search_tidyup(); | |
4313 | ||
4314 | if ((pid = fork()) == 0) | |
4315 | { | |
4316 | int fd = pfd[pipe_write]; | |
4317 | host_item *h; | |
4318 | ||
2a47f028 JH |
4319 | /* Setting this global in the subprocess means we need never clear it */ |
4320 | transport_name = tp->name; | |
059ec3d9 | 4321 | |
2a47f028 | 4322 | /* There are weird circumstances in which logging is disabled */ |
059ec3d9 PH |
4323 | disable_logging = tp->disable_logging; |
4324 | ||
4325 | /* Show pids on debug output if parallelism possible */ | |
4326 | ||
d6c82d7b | 4327 | if (parmax > 1 && (parcount > 0 || addr_remote)) |
059ec3d9 PH |
4328 | { |
4329 | DEBUG(D_any|D_v) debug_selector |= D_pid; | |
4330 | DEBUG(D_deliver) debug_printf("Remote delivery process started\n"); | |
4331 | } | |
4332 | ||
4333 | /* Reset the random number generator, so different processes don't all | |
4334 | have the same sequence. In the test harness we want different, but | |
4335 | predictable settings for each delivery process, so do something explicit | |
4336 | here rather they rely on the fixed reset in the random number function. */ | |
4337 | ||
4338 | random_seed = running_in_test_harness? 42 + 2*delivery_count : 0; | |
4339 | ||
4340 | /* Set close-on-exec on the pipe so that it doesn't get passed on to | |
4341 | a new process that may be forked to do another delivery down the same | |
4342 | SMTP connection. */ | |
4343 | ||
ff790e47 | 4344 | (void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); |
059ec3d9 PH |
4345 | |
4346 | /* Close open file descriptors for the pipes of other processes | |
4347 | that are running in parallel. */ | |
4348 | ||
4349 | for (poffset = 0; poffset < remote_max_parallel; poffset++) | |
f1e894f3 | 4350 | if (parlist[poffset].pid != 0) (void)close(parlist[poffset].fd); |
059ec3d9 PH |
4351 | |
4352 | /* This process has inherited a copy of the file descriptor | |
4353 | for the data file, but its file pointer is shared with all the | |
4354 | other processes running in parallel. Therefore, we have to re-open | |
4355 | the file in order to get a new file descriptor with its own | |
4356 | file pointer. We don't need to lock it, as the lock is held by | |
4357 | the parent process. There doesn't seem to be any way of doing | |
4358 | a dup-with-new-file-pointer. */ | |
4359 | ||
f1e894f3 | 4360 | (void)close(deliver_datafile); |
059ec3d9 PH |
4361 | sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, |
4362 | message_id); | |
4363 | deliver_datafile = Uopen(spoolname, O_RDWR | O_APPEND, 0); | |
4364 | ||
4365 | if (deliver_datafile < 0) | |
4366 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to reopen %s for remote " | |
4367 | "parallel delivery: %s", spoolname, strerror(errno)); | |
4368 | ||
4369 | /* Set the close-on-exec flag */ | |
4370 | ||
ff790e47 | 4371 | (void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) | |
059ec3d9 PH |
4372 | FD_CLOEXEC); |
4373 | ||
4374 | /* Set the uid/gid of this process; bombs out on failure. */ | |
4375 | ||
4376 | exim_setugid(uid, gid, use_initgroups, | |
4377 | string_sprintf("remote delivery to %s with transport=%s", | |
4378 | addr->address, tp->name)); | |
4379 | ||
4380 | /* Close the unwanted half of this process' pipe, set the process state, | |
4381 | and run the transport. Afterwards, transport_count will contain the number | |
4382 | of bytes written. */ | |
4383 | ||
f1e894f3 | 4384 | (void)close(pfd[pipe_read]); |
059ec3d9 PH |
4385 | set_process_info("delivering %s using %s", message_id, tp->name); |
4386 | debug_print_string(tp->debug_string); | |
4387 | if (!(tp->info->code)(addr->transport, addr)) replicate_status(addr); | |
4388 | ||
4389 | set_process_info("delivering %s (just run %s for %s%s in subprocess)", | |
d6c82d7b | 4390 | message_id, tp->name, addr->address, addr->next ? ", ..." : ""); |
059ec3d9 PH |
4391 | |
4392 | /* Ensure any cached resources that we used are now released */ | |
4393 | ||
4394 | search_tidyup(); | |
4395 | ||
4396 | /* Pass the result back down the pipe. This is a lot more information | |
4397 | than is needed for a local delivery. We have to send back the error | |
4398 | status for each address, the usability status for each host that is | |
4399 | flagged as unusable, and all the retry items. When TLS is in use, we | |
4400 | send also the cipher and peerdn information. Each type of information | |
4401 | is flagged by an identifying byte, and is then in a fixed format (with | |
4402 | strings terminated by zeros), and there is a final terminator at the | |
4403 | end. The host information and retry information is all attached to | |
4404 | the first address, so that gets sent at the start. */ | |
4405 | ||
4406 | /* Host unusability information: for most success cases this will | |
4407 | be null. */ | |
4408 | ||
d6c82d7b | 4409 | for (h = addr->host_list; h; h = h->next) |
059ec3d9 | 4410 | { |
d6c82d7b | 4411 | if (!h->address || h->status < hstatus_unusable) continue; |
bd21a787 WB |
4412 | sprintf(CS big_buffer, "%c%c%s", h->status, h->why, h->address); |
4413 | rmt_dlv_checked_write(fd, 'H', '0', big_buffer, Ustrlen(big_buffer+2) + 3); | |
059ec3d9 PH |
4414 | } |
4415 | ||
4416 | /* The number of bytes written. This is the same for each address. Even | |
4417 | if we sent several copies of the message down the same connection, the | |
4418 | size of each one is the same, and it's that value we have got because | |
4419 | transport_count gets reset before calling transport_write_message(). */ | |
4420 | ||
bd21a787 WB |
4421 | memcpy(big_buffer, &transport_count, sizeof(transport_count)); |
4422 | rmt_dlv_checked_write(fd, 'S', '0', big_buffer, sizeof(transport_count)); | |
059ec3d9 | 4423 | |
6f123593 JH |
4424 | /* Information about what happened to each address. Four item types are |
4425 | used: an optional 'X' item first, for TLS information, then an optional "C" | |
4426 | item for any client-auth info followed by 'R' items for any retry settings, | |
4427 | and finally an 'A' item for the remaining data. */ | |
059ec3d9 | 4428 | |
d6c82d7b | 4429 | for(; addr; addr = addr->next) |
059ec3d9 PH |
4430 | { |
4431 | uschar *ptr; | |
4432 | retry_item *r; | |
4433 | ||
4434 | /* The certificate verification status goes into the flags */ | |
817d9f57 | 4435 | if (tls_out.certificate_verified) setflag(addr, af_cert_verified); |
a0a2d1ee | 4436 | #ifdef EXPERIMENTAL_DANE |
53a7196b | 4437 | if (tls_out.dane_verified) setflag(addr, af_dane_verified); |
a0a2d1ee | 4438 | #endif |
059ec3d9 PH |
4439 | |
4440 | /* Use an X item only if there's something to send */ | |
a7538db1 | 4441 | #ifdef SUPPORT_TLS |
9d1c15ef | 4442 | if (addr->cipher) |
059ec3d9 PH |
4443 | { |
4444 | ptr = big_buffer; | |
bd21a787 | 4445 | sprintf(CS ptr, "%.128s", addr->cipher); |
059ec3d9 | 4446 | while(*ptr++); |
9d1c15ef JH |
4447 | if (!addr->peerdn) |
4448 | *ptr++ = 0; | |
4449 | else | |
059ec3d9 PH |
4450 | { |
4451 | sprintf(CS ptr, "%.512s", addr->peerdn); | |
4452 | while(*ptr++); | |
4453 | } | |
9d1c15ef | 4454 | |
bd21a787 | 4455 | rmt_dlv_checked_write(fd, 'X', '1', big_buffer, ptr - big_buffer); |
059ec3d9 | 4456 | } |
9d1c15ef JH |
4457 | if (addr->peercert) |
4458 | { | |
4459 | ptr = big_buffer; | |
9d1c15ef JH |
4460 | if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert)) |
4461 | while(*ptr++); | |
4462 | else | |
4463 | *ptr++ = 0; | |
bd21a787 | 4464 | rmt_dlv_checked_write(fd, 'X', '2', big_buffer, ptr - big_buffer); |
9d1c15ef JH |
4465 | } |
4466 | if (addr->ourcert) | |
4467 | { | |
4468 | ptr = big_buffer; | |
9d1c15ef JH |
4469 | if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert)) |
4470 | while(*ptr++); | |
4471 | else | |
4472 | *ptr++ = 0; | |
bd21a787 | 4473 | rmt_dlv_checked_write(fd, 'X', '3', big_buffer, ptr - big_buffer); |
9d1c15ef | 4474 | } |
a7538db1 | 4475 | # ifndef DISABLE_OCSP |
018058b2 JH |
4476 | if (addr->ocsp > OCSP_NOT_REQ) |
4477 | { | |
4478 | ptr = big_buffer; | |
bd21a787 | 4479 | sprintf(CS ptr, "%c", addr->ocsp + '0'); |
018058b2 | 4480 | while(*ptr++); |
bd21a787 | 4481 | rmt_dlv_checked_write(fd, 'X', '4', big_buffer, ptr - big_buffer); |
018058b2 | 4482 | } |
a7538db1 JH |
4483 | # endif |
4484 | #endif /*SUPPORT_TLS*/ | |
059ec3d9 | 4485 | |
6f123593 JH |
4486 | if (client_authenticator) |
4487 | { | |
4488 | ptr = big_buffer; | |
bd21a787 | 4489 | sprintf(CS big_buffer, "%.64s", client_authenticator); |
6f123593 | 4490 | while(*ptr++); |
bd21a787 | 4491 | rmt_dlv_checked_write(fd, 'C', '1', big_buffer, ptr - big_buffer); |
6f123593 JH |
4492 | } |
4493 | if (client_authenticated_id) | |
4494 | { | |
4495 | ptr = big_buffer; | |
bd21a787 | 4496 | sprintf(CS big_buffer, "%.64s", client_authenticated_id); |
6f123593 | 4497 | while(*ptr++); |
bd21a787 | 4498 | rmt_dlv_checked_write(fd, 'C', '2', big_buffer, ptr - big_buffer); |
6f123593 | 4499 | } |
c8e2fc1e JH |
4500 | if (client_authenticated_sender) |
4501 | { | |
4502 | ptr = big_buffer; | |
bd21a787 | 4503 | sprintf(CS big_buffer, "%.64s", client_authenticated_sender); |
c8e2fc1e | 4504 | while(*ptr++); |
bd21a787 | 4505 | rmt_dlv_checked_write(fd, 'C', '3', big_buffer, ptr - big_buffer); |
c8e2fc1e | 4506 | } |
6f123593 | 4507 | |
a7538db1 | 4508 | #ifndef DISABLE_PRDR |
783b385f | 4509 | if (addr->flags & af_prdr_used) |
bd21a787 | 4510 | rmt_dlv_checked_write(fd, 'P', '0', NULL, 0); |
b75960c8 | 4511 | #endif |
fd98a5c6 | 4512 | |
bd21a787 WB |
4513 | memcpy(big_buffer, &addr->dsn_aware, sizeof(addr->dsn_aware)); |
4514 | rmt_dlv_checked_write(fd, 'D', '0', big_buffer, sizeof(addr->dsn_aware)); | |
6c1c3d1d | 4515 | DEBUG(D_deliver) debug_printf("DSN write: addr->dsn_aware = %d\n", addr->dsn_aware); |
6c1c3d1d | 4516 | |
059ec3d9 PH |
4517 | /* Retry information: for most success cases this will be null. */ |
4518 | ||
d6c82d7b | 4519 | for (r = addr->retries; r; r = r->next) |
059ec3d9 | 4520 | { |
bd21a787 | 4521 | sprintf(CS big_buffer, "%c%.500s", r->flags, r->key); |
059ec3d9 PH |
4522 | ptr = big_buffer + Ustrlen(big_buffer+2) + 3; |
4523 | memcpy(ptr, &(r->basic_errno), sizeof(r->basic_errno)); | |
4524 | ptr += sizeof(r->basic_errno); | |
4525 | memcpy(ptr, &(r->more_errno), sizeof(r->more_errno)); | |
4526 | ptr += sizeof(r->more_errno); | |
d6c82d7b | 4527 | if (!r->message) *ptr++ = 0; else |
059ec3d9 PH |
4528 | { |
4529 | sprintf(CS ptr, "%.512s", r->message); | |
4530 | while(*ptr++); | |
4531 | } | |
bd21a787 | 4532 | rmt_dlv_checked_write(fd, 'R', '0', big_buffer, ptr - big_buffer); |
059ec3d9 PH |
4533 | } |
4534 | ||
895fbaf2 JH |
4535 | #ifdef EXPERIMENTAL_DSN_INFO |
4536 | /*um, are they really per-addr? Other per-conn stuff is not (auth, tls). But host_used is! */ | |
4537 | if (addr->smtp_greeting) | |
4538 | { | |
4539 | ptr = big_buffer; | |
4540 | DEBUG(D_deliver) debug_printf("smtp_greeting '%s'\n", addr->smtp_greeting); | |
4541 | sprintf(CS ptr, "%.128s", addr->smtp_greeting); | |
4542 | while(*ptr++); | |
4543 | if (addr->helo_response) | |
4544 | { | |
4545 | DEBUG(D_deliver) debug_printf("helo_response '%s'\n", addr->helo_response); | |
4546 | sprintf(CS ptr, "%.128s", addr->helo_response); | |
4547 | while(*ptr++); | |
4548 | } | |
4549 | else | |
4550 | *ptr++ = '\0'; | |
4551 | rmt_dlv_checked_write(fd, 'A', '1', big_buffer, ptr - big_buffer); | |
4552 | } | |
4553 | #endif | |
4554 | ||
4555 | /* The rest of the information goes in an 'A0' item. */ | |
059ec3d9 | 4556 | |
bd21a787 | 4557 | sprintf(CS big_buffer, "%c%c", addr->transport_return, |
059ec3d9 | 4558 | addr->special_action); |
895fbaf2 | 4559 | ptr = big_buffer + 2; |
059ec3d9 PH |
4560 | memcpy(ptr, &(addr->basic_errno), sizeof(addr->basic_errno)); |
4561 | ptr += sizeof(addr->basic_errno); | |
4562 | memcpy(ptr, &(addr->more_errno), sizeof(addr->more_errno)); | |
4563 | ptr += sizeof(addr->more_errno); | |
4564 | memcpy(ptr, &(addr->flags), sizeof(addr->flags)); | |
4565 | ptr += sizeof(addr->flags); | |
4566 | ||
d6c82d7b | 4567 | if (!addr->message) *ptr++ = 0; else |
059ec3d9 PH |
4568 | { |
4569 | sprintf(CS ptr, "%.1024s", addr->message); | |
4570 | while(*ptr++); | |
4571 | } | |
4572 | ||
d6c82d7b | 4573 | if (!addr->user_message) *ptr++ = 0; else |
059ec3d9 PH |
4574 | { |
4575 | sprintf(CS ptr, "%.1024s", addr->user_message); | |
4576 | while(*ptr++); | |
4577 | } | |
4578 | ||
d6c82d7b | 4579 | if (!addr->host_used) *ptr++ = 0; else |
059ec3d9 PH |
4580 | { |
4581 | sprintf(CS ptr, "%.256s", addr->host_used->name); | |
4582 | while(*ptr++); | |
4583 | sprintf(CS ptr, "%.64s", addr->host_used->address); | |
4584 | while(*ptr++); | |
4585 | memcpy(ptr, &(addr->host_used->port), sizeof(addr->host_used->port)); | |
4586 | ptr += sizeof(addr->host_used->port); | |
783b385f JH |
4587 | |
4588 | /* DNS lookup status */ | |
4589 | *ptr++ = addr->host_used->dnssec==DS_YES ? '2' | |
4590 | : addr->host_used->dnssec==DS_NO ? '1' : '0'; | |
4591 | ||
059ec3d9 | 4592 | } |
bd21a787 | 4593 | rmt_dlv_checked_write(fd, 'A', '0', big_buffer, ptr - big_buffer); |
059ec3d9 PH |
4594 | } |
4595 | ||
aeaf5db3 | 4596 | /* Local interface address/port */ |
895fbaf2 JH |
4597 | #ifdef EXPERIMENTAL_DSN_INFO |
4598 | if (sending_ip_address) | |
4599 | #else | |
6c6d6e48 | 4600 | if (LOGGING(incoming_interface) && sending_ip_address) |
895fbaf2 | 4601 | #endif |
aeaf5db3 JH |
4602 | { |
4603 | uschar * ptr = big_buffer; | |
4604 | sprintf(CS ptr, "%.128s", sending_ip_address); | |
4605 | while(*ptr++); | |
4606 | sprintf(CS ptr, "%d", sending_port); | |
4607 | while(*ptr++); | |
4608 | ||
4609 | rmt_dlv_checked_write(fd, 'I', '0', big_buffer, ptr - big_buffer); | |
4610 | } | |
4611 | ||
059ec3d9 PH |
4612 | /* Add termination flag, close the pipe, and that's it. The character |
4613 | after 'Z' indicates whether continue_transport is now NULL or not. | |
4614 | A change from non-NULL to NULL indicates a problem with a continuing | |
4615 | connection. */ | |
4616 | ||
d6c82d7b | 4617 | big_buffer[0] = continue_transport ? '1' : '0'; |
bd21a787 | 4618 | rmt_dlv_checked_write(fd, 'Z', '0', big_buffer, 1); |
f1e894f3 | 4619 | (void)close(fd); |
059ec3d9 PH |
4620 | exit(EXIT_SUCCESS); |
4621 | } | |
4622 | ||
4623 | /* Back in the mainline: close the unwanted half of the pipe. */ | |
4624 | ||
f1e894f3 | 4625 | (void)close(pfd[pipe_write]); |
059ec3d9 PH |
4626 | |
4627 | /* Fork failed; defer with error message */ | |
4628 | ||
4629 | if (pid < 0) | |
4630 | { | |
f1e894f3 | 4631 | (void)close(pfd[pipe_read]); |
d6c82d7b JH |
4632 | panicmsg = string_sprintf("fork failed for remote delivery to %s: %s", |
4633 | addr->domain, strerror(errno)); | |
fa41615d | 4634 | goto enq_continue; |
059ec3d9 PH |
4635 | } |
4636 | ||
4637 | /* Fork succeeded; increment the count, and remember relevant data for | |
4638 | when the process finishes. */ | |
4639 | ||
4640 | parcount++; | |
4641 | parlist[poffset].addrlist = parlist[poffset].addr = addr; | |
4642 | parlist[poffset].pid = pid; | |
4643 | parlist[poffset].fd = pfd[pipe_read]; | |
4644 | parlist[poffset].done = FALSE; | |
4645 | parlist[poffset].msg = NULL; | |
4646 | parlist[poffset].return_path = return_path; | |
4647 | ||
4648 | /* If the process we've just started is sending a message down an existing | |
4649 | channel, wait for it now. This ensures that only one such process runs at | |
4650 | once, whatever the value of remote_max parallel. Otherwise, we might try to | |
4651 | send two or more messages simultaneously down the same channel. This could | |
4652 | happen if there are different domains that include the same host in otherwise | |
4653 | different host lists. | |
4654 | ||
4655 | Also, if the transport closes down the channel, this information gets back | |
4656 | (continue_transport gets set to NULL) before we consider any other addresses | |
4657 | in this message. */ | |
4658 | ||
d6c82d7b | 4659 | if (continue_transport) par_reduce(0, fallback); |
059ec3d9 PH |
4660 | |
4661 | /* Otherwise, if we are running in the test harness, wait a bit, to let the | |
4662 | newly created process get going before we create another process. This should | |
4663 | ensure repeatability in the tests. We only need to wait a tad. */ | |
4664 | ||
4665 | else if (running_in_test_harness) millisleep(500); | |
d6c82d7b JH |
4666 | |
4667 | continue; | |
4668 | ||
fa41615d JH |
4669 | enq_continue: |
4670 | if (serialize_key) enq_end(serialize_key); | |
d6c82d7b JH |
4671 | panic_continue: |
4672 | remote_post_process(addr, LOG_MAIN|LOG_PANIC, panicmsg, fallback); | |
4673 | continue; | |
059ec3d9 PH |
4674 | } |
4675 | ||
4676 | /* Reached the end of the list of addresses. Wait for all the subprocesses that | |
4677 | are still running and post-process their addresses. */ | |
4678 | ||
4679 | par_reduce(0, fallback); | |
4680 | return TRUE; | |
4681 | } | |
4682 | ||
4683 | ||
4684 | ||
4685 | ||
4686 | /************************************************* | |
4687 | * Split an address into local part and domain * | |
4688 | *************************************************/ | |
4689 | ||
4690 | /* This function initializes an address for routing by splitting it up into a | |
4691 | local part and a domain. The local part is set up twice - once in its original | |
4692 | casing, and once in lower case, and it is dequoted. We also do the "percent | |
4693 | hack" for configured domains. This may lead to a DEFER result if a lookup | |
4694 | defers. When a percent-hacking takes place, we insert a copy of the original | |
4695 | address as a new parent of this address, as if we have had a redirection. | |
4696 | ||
4697 | Argument: | |
4698 | addr points to an addr_item block containing the address | |
4699 | ||
4700 | Returns: OK | |
4701 | DEFER - could not determine if domain is %-hackable | |
4702 | */ | |
4703 | ||
4704 | int | |
4705 | deliver_split_address(address_item *addr) | |
4706 | { | |
4707 | uschar *address = addr->address; | |
4708 | uschar *domain = Ustrrchr(address, '@'); | |
4709 | uschar *t; | |
4710 | int len = domain - address; | |
4711 | ||
4712 | addr->domain = string_copylc(domain+1); /* Domains are always caseless */ | |
4713 | ||
4714 | /* The implication in the RFCs (though I can't say I've seen it spelled out | |
4715 | explicitly) is that quoting should be removed from local parts at the point | |
4716 | where they are locally interpreted. [The new draft "821" is more explicit on | |
4717 | this, Jan 1999.] We know the syntax is valid, so this can be done by simply | |
4718 | removing quoting backslashes and any unquoted doublequotes. */ | |
4719 | ||
4720 | t = addr->cc_local_part = store_get(len+1); | |
4721 | while(len-- > 0) | |
4722 | { | |
4723 | register int c = *address++; | |
4724 | if (c == '\"') continue; | |
4725 | if (c == '\\') | |
4726 | { | |
4727 | *t++ = *address++; | |
4728 | len--; | |
4729 | } | |
4730 | else *t++ = c; | |
4731 | } | |
4732 | *t = 0; | |
4733 | ||
4734 | /* We do the percent hack only for those domains that are listed in | |
4735 | percent_hack_domains. A loop is required, to copy with multiple %-hacks. */ | |
4736 | ||
d6c82d7b | 4737 | if (percent_hack_domains) |
059ec3d9 PH |
4738 | { |
4739 | int rc; | |
4740 | uschar *new_address = NULL; | |
4741 | uschar *local_part = addr->cc_local_part; | |
4742 | ||
4743 | deliver_domain = addr->domain; /* set $domain */ | |
4744 | ||
d6c82d7b JH |
4745 | while ( (rc = match_isinlist(deliver_domain, (const uschar **)&percent_hack_domains, 0, |
4746 | &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL)) | |
4747 | == OK | |
4748 | && (t = Ustrrchr(local_part, '%')) != NULL | |
4749 | ) | |
059ec3d9 PH |
4750 | { |
4751 | new_address = string_copy(local_part); | |
4752 | new_address[t - local_part] = '@'; | |
4753 | deliver_domain = string_copylc(t+1); | |
4754 | local_part = string_copyn(local_part, t - local_part); | |
4755 | } | |
4756 | ||
4757 | if (rc == DEFER) return DEFER; /* lookup deferred */ | |
4758 | ||
4759 | /* If hackery happened, set up new parent and alter the current address. */ | |
4760 | ||
d6c82d7b | 4761 | if (new_address) |
059ec3d9 PH |
4762 | { |
4763 | address_item *new_parent = store_get(sizeof(address_item)); | |
4764 | *new_parent = *addr; | |
4765 | addr->parent = new_parent; | |
4766 | addr->address = new_address; | |
4767 | addr->unique = string_copy(new_address); | |
4768 | addr->domain = deliver_domain; | |
4769 | addr->cc_local_part = local_part; | |
4770 | DEBUG(D_deliver) debug_printf("%%-hack changed address to: %s\n", | |
4771 | addr->address); | |
4772 | } | |
4773 | } | |
4774 | ||
4775 | /* Create the lowercased version of the final local part, and make that the | |
4776 | default one to be used. */ | |
4777 | ||
4778 | addr->local_part = addr->lc_local_part = string_copylc(addr->cc_local_part); | |
4779 | return OK; | |
4780 | } | |
4781 | ||
4782 | ||
4783 | ||
4784 | ||
4785 | /************************************************* | |
4786 | * Get next error message text * | |
4787 | *************************************************/ | |
4788 | ||
4789 | /* If f is not NULL, read the next "paragraph", from a customized error message | |
4790 | text file, terminated by a line containing ****, and expand it. | |
4791 | ||
4792 | Arguments: | |
4793 | f NULL or a file to read from | |
4794 | which string indicating which string (for errors) | |
4795 | ||
4796 | Returns: NULL or an expanded string | |
4797 | */ | |
4798 | ||
4799 | static uschar * | |
4800 | next_emf(FILE *f, uschar *which) | |
4801 | { | |
4802 | int size = 256; | |
4803 | int ptr = 0; | |
4804 | uschar *para, *yield; | |
4805 | uschar buffer[256]; | |
4806 | ||
d6c82d7b | 4807 | if (!f) return NULL; |
059ec3d9 | 4808 | |
d6c82d7b JH |
4809 | if (!Ufgets(buffer, sizeof(buffer), f) || Ustrcmp(buffer, "****\n") == 0) |
4810 | return NULL; | |
059ec3d9 PH |
4811 | |
4812 | para = store_get(size); | |
4813 | for (;;) | |
4814 | { | |
4815 | para = string_cat(para, &size, &ptr, buffer, Ustrlen(buffer)); | |
d6c82d7b JH |
4816 | if (!Ufgets(buffer, sizeof(buffer), f) || Ustrcmp(buffer, "****\n") == 0) |
4817 | break; | |
059ec3d9 PH |
4818 | } |
4819 | para[ptr] = 0; | |
4820 | ||
d6c82d7b JH |
4821 | if ((yield = expand_string(para))) |
4822 | return yield; | |
059ec3d9 PH |
4823 | |
4824 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to expand string from " | |
4825 | "bounce_message_file or warn_message_file (%s): %s", which, | |
4826 | expand_string_message); | |
4827 | return NULL; | |
4828 | } | |
4829 | ||
4830 | ||
4831 | ||
4832 | ||
4833 | /************************************************* | |
4834 | * Close down a passed transport channel * | |
4835 | *************************************************/ | |
4836 | ||
4837 | /* This function is called when a passed transport channel cannot be used. | |
4838 | It attempts to close it down tidily. The yield is always DELIVER_NOT_ATTEMPTED | |
4839 | so that the function call can be the argument of a "return" statement. | |
4840 | ||
4841 | Arguments: None | |
4842 | Returns: DELIVER_NOT_ATTEMPTED | |
4843 | */ | |
4844 | ||
4845 | static int | |
4846 | continue_closedown(void) | |
4847 | { | |
d6c82d7b | 4848 | if (continue_transport) |
059ec3d9 PH |
4849 | { |
4850 | transport_instance *t; | |
d6c82d7b | 4851 | for (t = transports; t; t = t->next) |
059ec3d9 PH |
4852 | if (Ustrcmp(t->name, continue_transport) == 0) |
4853 | { | |
d6c82d7b | 4854 | if (t->info->closedown) (t->info->closedown)(t); |
059ec3d9 PH |
4855 | break; |
4856 | } | |
059ec3d9 PH |
4857 | } |
4858 | return DELIVER_NOT_ATTEMPTED; | |
4859 | } | |
4860 | ||
4861 | ||
4862 | ||
4863 | ||
4864 | /************************************************* | |
4865 | * Print address information * | |
4866 | *************************************************/ | |
4867 | ||
4868 | /* This function is called to output an address, or information about an | |
4869 | address, for bounce or defer messages. If the hide_child flag is set, all we | |
4870 | output is the original ancestor address. | |
4871 | ||
4872 | Arguments: | |
4873 | addr points to the address | |
4874 | f the FILE to print to | |
4875 | si an initial string | |
4876 | sc a continuation string for before "generated" | |
4877 | se an end string | |
4878 | ||
4879 | Returns: TRUE if the address is not hidden | |
4880 | */ | |
4881 | ||
4882 | static BOOL | |
4883 | print_address_information(address_item *addr, FILE *f, uschar *si, uschar *sc, | |
4884 | uschar *se) | |
4885 | { | |
4886 | BOOL yield = TRUE; | |
4887 | uschar *printed = US""; | |
4888 | address_item *ancestor = addr; | |
d6c82d7b | 4889 | while (ancestor->parent) ancestor = ancestor->parent; |
059ec3d9 PH |
4890 | |
4891 | fprintf(f, "%s", CS si); | |
4892 | ||
d6c82d7b | 4893 | if (addr->parent && testflag(addr, af_hide_child)) |
059ec3d9 PH |
4894 | { |
4895 | printed = US"an undisclosed address"; | |
4896 | yield = FALSE; | |
4897 | } | |
d6c82d7b | 4898 | else if (!testflag(addr, af_pfr) || !addr->parent) |
059ec3d9 PH |
4899 | printed = addr->address; |
4900 | ||
4901 | else | |
4902 | { | |
4903 | uschar *s = addr->address; | |
4904 | uschar *ss; | |
4905 | ||
4906 | if (addr->address[0] == '>') { ss = US"mail"; s++; } | |
4907 | else if (addr->address[0] == '|') ss = US"pipe"; | |
4908 | else ss = US"save"; | |
4909 | ||
4910 | fprintf(f, "%s to %s%sgenerated by ", ss, s, sc); | |
4911 | printed = addr->parent->address; | |
4912 | } | |
4913 | ||
4914 | fprintf(f, "%s", CS string_printing(printed)); | |
4915 | ||
4916 | if (ancestor != addr) | |
4917 | { | |
d6c82d7b JH |
4918 | uschar *original = ancestor->onetime_parent; |
4919 | if (!original) original= ancestor->address; | |
059ec3d9 PH |
4920 | if (strcmpic(original, printed) != 0) |
4921 | fprintf(f, "%s(%sgenerated from %s)", sc, | |
d6c82d7b | 4922 | ancestor != addr->parent ? "ultimately " : "", |
059ec3d9 PH |
4923 | string_printing(original)); |
4924 | } | |
4925 | ||
c562fd30 JH |
4926 | if (addr->host_used) |
4927 | fprintf(f, "\n host %s [%s]", | |
4928 | addr->host_used->name, addr->host_used->address); | |
4929 | ||
059ec3d9 PH |
4930 | fprintf(f, "%s", CS se); |
4931 | return yield; | |
4932 | } | |
4933 | ||
4934 | ||
4935 | ||
4936 | ||
4937 | ||
059ec3d9 PH |
4938 | /************************************************* |
4939 | * Print error for an address * | |
4940 | *************************************************/ | |
4941 | ||
4942 | /* This function is called to print the error information out of an address for | |
4943 | a bounce or a warning message. It tries to format the message reasonably by | |
4944 | introducing newlines. All lines are indented by 4; the initial printing | |
4945 | position must be set before calling. | |
4946 | ||
447d236c | 4947 | This function used always to print the error. Nowadays we want to restrict it |
75def545 PH |
4948 | to cases such as LMTP/SMTP errors from a remote host, and errors from :fail: |
4949 | and filter "fail". We no longer pass other information willy-nilly in bounce | |
4950 | and warning messages. Text in user_message is always output; text in message | |
4951 | only if the af_pass_message flag is set. | |
447d236c | 4952 | |
059ec3d9 | 4953 | Arguments: |
447d236c | 4954 | addr the address |
059ec3d9 | 4955 | f the FILE to print on |
75def545 | 4956 | t some leading text |
059ec3d9 PH |
4957 | |
4958 | Returns: nothing | |
4959 | */ | |
4960 | ||
4961 | static void | |
447d236c | 4962 | print_address_error(address_item *addr, FILE *f, uschar *t) |
059ec3d9 | 4963 | { |
447d236c | 4964 | int count = Ustrlen(t); |
75def545 | 4965 | uschar *s = testflag(addr, af_pass_message)? addr->message : NULL; |
447d236c | 4966 | |
0ba0ee97 JH |
4967 | if (!s && !(s = addr->user_message)) |
4968 | return; | |
447d236c PH |
4969 | |
4970 | fprintf(f, "\n %s", t); | |
4971 | ||
0ba0ee97 | 4972 | while (*s) |
447d236c PH |
4973 | if (*s == '\\' && s[1] == 'n') |
4974 | { | |
4975 | fprintf(f, "\n "); | |
4976 | s += 2; | |
4977 | count = 0; | |
4978 | } | |
4979 | else | |
059ec3d9 | 4980 | { |
447d236c PH |
4981 | fputc(*s, f); |
4982 | count++; | |
4983 | if (*s++ == ':' && isspace(*s) && count > 45) | |
059ec3d9 | 4984 | { |
447d236c | 4985 | fprintf(f, "\n "); /* sic (because space follows) */ |
059ec3d9 PH |
4986 | count = 0; |
4987 | } | |
059ec3d9 | 4988 | } |
059ec3d9 PH |
4989 | } |
4990 | ||
4991 | ||
21bc4865 WB |
4992 | /*********************************************************** |
4993 | * Print Diagnostic-Code for an address * | |
4994 | ************************************************************/ | |
4995 | ||
4996 | /* This function is called to print the error information out of an address for | |
4997 | a bounce or a warning message. It tries to format the message reasonably as | |
4998 | required by RFC 3461 by adding a space after each newline | |
4999 | ||
ca410e79 WB |
5000 | it uses the same logic as print_address_error() above. if af_pass_message is true |
5001 | and addr->message is set it uses the remote host answer. if not addr->user_message | |
5002 | is used instead if available. | |
21bc4865 WB |
5003 | |
5004 | Arguments: | |
5005 | addr the address | |
5006 | f the FILE to print on | |
5007 | ||
5008 | Returns: nothing | |
5009 | */ | |
5010 | ||
5011 | static void | |
5012 | print_dsn_diagnostic_code(const address_item *addr, FILE *f) | |
5013 | { | |
ca410e79 | 5014 | uschar *s = testflag(addr, af_pass_message) ? addr->message : NULL; |
21bc4865 | 5015 | |
ca410e79 WB |
5016 | /* af_pass_message and addr->message set ? print remote host answer */ |
5017 | if (s) | |
5018 | { | |
5019 | DEBUG(D_deliver) | |
5020 | debug_printf("DSN Diagnostic-Code: addr->message = %s\n", addr->message); | |
447d236c | 5021 | |
ca410e79 WB |
5022 | /* search first ": ". we assume to find the remote-MTA answer there */ |
5023 | if (!(s = Ustrstr(addr->message, ": "))) | |
5024 | return; /* not found, bail out */ | |
5025 | s += 2; /* skip ": " */ | |
5026 | fprintf(f, "Diagnostic-Code: smtp; "); | |
5027 | } | |
ca410e79 | 5028 | /* no message available. do nothing */ |
9031f51a | 5029 | else return; |
21bc4865 | 5030 | |
21bc4865 WB |
5031 | while (*s) |
5032 | if (*s == '\\' && s[1] == 'n') | |
5033 | { | |
5034 | fputs("\n ", f); /* as defined in RFC 3461 */ | |
5035 | s += 2; | |
5036 | } | |
5037 | else | |
5038 | fputc(*s++, f); | |
5039 | ||
5040 | fputc('\n', f); | |
5041 | } | |
447d236c PH |
5042 | |
5043 | ||
d7174846 PH |
5044 | /************************************************* |
5045 | * Check list of addresses for duplication * | |
5046 | *************************************************/ | |
5047 | ||
5048 | /* This function was introduced when the test for duplicate addresses that are | |
5049 | not pipes, files, or autoreplies was moved from the middle of routing to when | |
5050 | routing was complete. That was to fix obscure cases when the routing history | |
dbcef0ea PH |
5051 | affects the subsequent routing of identical addresses. This function is called |
5052 | after routing, to check that the final routed addresses are not duplicates. | |
d7174846 | 5053 | |
dbcef0ea PH |
5054 | If we detect a duplicate, we remember what it is a duplicate of. Note that |
5055 | pipe, file, and autoreply de-duplication is handled during routing, so we must | |
5056 | leave such "addresses" alone here, as otherwise they will incorrectly be | |
5057 | discarded. | |
d7174846 PH |
5058 | |
5059 | Argument: address of list anchor | |
5060 | Returns: nothing | |
5061 | */ | |
5062 | ||
5063 | static void | |
5064 | do_duplicate_check(address_item **anchor) | |
5065 | { | |
5066 | address_item *addr; | |
d6c82d7b | 5067 | while ((addr = *anchor)) |
d7174846 PH |
5068 | { |
5069 | tree_node *tnode; | |
5070 | if (testflag(addr, af_pfr)) | |
5071 | { | |
5072 | anchor = &(addr->next); | |
5073 | } | |
d6c82d7b | 5074 | else if ((tnode = tree_search(tree_duplicates, addr->unique))) |
d7174846 PH |
5075 | { |
5076 | DEBUG(D_deliver|D_route) | |
5077 | debug_printf("%s is a duplicate address: discarded\n", addr->unique); | |
5078 | *anchor = addr->next; | |
5079 | addr->dupof = tnode->data.ptr; | |
5080 | addr->next = addr_duplicate; | |
5081 | addr_duplicate = addr; | |
5082 | } | |
5083 | else | |
5084 | { | |
5085 | tree_add_duplicate(addr->unique, addr); | |
5086 | anchor = &(addr->next); | |
5087 | } | |
5088 | } | |
5089 | } | |
5090 | ||
5091 | ||
5092 | ||
059ec3d9 PH |
5093 | |
5094 | /************************************************* | |
5095 | * Deliver one message * | |
5096 | *************************************************/ | |
5097 | ||
5098 | /* This is the function which is called when a message is to be delivered. It | |
5099 | is passed the id of the message. It is possible that the message no longer | |
5100 | exists, if some other process has delivered it, and it is also possible that | |
5101 | the message is being worked on by another process, in which case the data file | |
5102 | will be locked. | |
5103 | ||
5104 | If no delivery is attempted for any of the above reasons, the function returns | |
5105 | DELIVER_NOT_ATTEMPTED. | |
5106 | ||
5107 | If the give_up flag is set true, do not attempt any deliveries, but instead | |
5108 | fail all outstanding addresses and return the message to the sender (or | |
5109 | whoever). | |
5110 | ||
5111 | A delivery operation has a process all to itself; we never deliver more than | |
5112 | one message in the same process. Therefore we needn't worry too much about | |
5113 | store leakage. | |
5114 | ||
5115 | Arguments: | |
5116 | id the id of the message to be delivered | |
5117 | forced TRUE if delivery was forced by an administrator; this overrides | |
5118 | retry delays and causes a delivery to be tried regardless | |
5119 | give_up TRUE if an administrator has requested that delivery attempts | |
5120 | be abandoned | |
5121 | ||
5122 | Returns: When the global variable mua_wrapper is FALSE: | |
5123 | DELIVER_ATTEMPTED_NORMAL if a delivery attempt was made | |
5124 | DELIVER_NOT_ATTEMPTED otherwise (see comment above) | |
5125 | When the global variable mua_wrapper is TRUE: | |
5126 | DELIVER_MUA_SUCCEEDED if delivery succeeded | |
5127 | DELIVER_MUA_FAILED if delivery failed | |
5128 | DELIVER_NOT_ATTEMPTED if not attempted (should not occur) | |
5129 | */ | |
5130 | ||
5131 | int | |
5132 | deliver_message(uschar *id, BOOL forced, BOOL give_up) | |
5133 | { | |
5134 | int i, rc; | |
5135 | int final_yield = DELIVER_ATTEMPTED_NORMAL; | |
5136 | time_t now = time(NULL); | |
5137 | address_item *addr_last = NULL; | |
5138 | uschar *filter_message = NULL; | |
5139 | FILE *jread; | |
5140 | int process_recipients = RECIP_ACCEPT; | |
5141 | open_db dbblock; | |
5142 | open_db *dbm_file; | |
faa05a93 | 5143 | extern int acl_where; |
059ec3d9 | 5144 | |
d6c82d7b JH |
5145 | uschar *info = queue_run_pid == (pid_t)0 |
5146 | ? string_sprintf("delivering %s", id) | |
5147 | : string_sprintf("delivering %s (queue run pid %d)", id, queue_run_pid); | |
059ec3d9 PH |
5148 | |
5149 | /* If the D_process_info bit is on, set_process_info() will output debugging | |
5150 | information. If not, we want to show this initial information if D_deliver or | |
5151 | D_queue_run is set or in verbose mode. */ | |
5152 | ||
5153 | set_process_info("%s", info); | |
5154 | ||
d6c82d7b JH |
5155 | if ( !(debug_selector & D_process_info) |
5156 | && (debug_selector & (D_deliver|D_queue_run|D_v)) | |
5157 | ) | |
059ec3d9 PH |
5158 | debug_printf("%s\n", info); |
5159 | ||
5160 | /* Ensure that we catch any subprocesses that are created. Although Exim | |
5161 | sets SIG_DFL as its initial default, some routes through the code end up | |
5162 | here with it set to SIG_IGN - cases where a non-synchronous delivery process | |
5163 | has been forked, but no re-exec has been done. We use sigaction rather than | |
5164 | plain signal() on those OS where SA_NOCLDWAIT exists, because we want to be | |
5165 | sure it is turned off. (There was a problem on AIX with this.) */ | |
5166 | ||
5167 | #ifdef SA_NOCLDWAIT | |
5168 | { | |
5169 | struct sigaction act; | |
5170 | act.sa_handler = SIG_DFL; | |
5171 | sigemptyset(&(act.sa_mask)); | |
5172 | act.sa_flags = 0; | |
5173 | sigaction(SIGCHLD, &act, NULL); | |
5174 | } | |
5175 | #else | |
5176 | signal(SIGCHLD, SIG_DFL); | |
5177 | #endif | |
5178 | ||
5179 | /* Make the forcing flag available for routers and transports, set up the | |
5180 | global message id field, and initialize the count for returned files and the | |
5181 | message size. This use of strcpy() is OK because the length id is checked when | |
5182 | it is obtained from a command line (the -M or -q options), and otherwise it is | |
5183 | known to be a valid message id. */ | |
5184 | ||
5185 | Ustrcpy(message_id, id); | |
5186 | deliver_force = forced; | |
5187 | return_count = 0; | |
5188 | message_size = 0; | |
5189 | ||
5190 | /* Initialize some flags */ | |
5191 | ||
5192 | update_spool = FALSE; | |
5193 | remove_journal = TRUE; | |
5194 | ||
faa05a93 JH |
5195 | /* Set a known context for any ACLs we call via expansions */ |
5196 | acl_where = ACL_WHERE_DELIVERY; | |
5197 | ||
059ec3d9 PH |
5198 | /* Reset the random number generator, so that if several delivery processes are |
5199 | started from a queue runner that has already used random numbers (for sorting), | |
5200 | they don't all get the same sequence. */ | |
5201 | ||
5202 | random_seed = 0; | |
5203 | ||
5204 | /* Open and lock the message's data file. Exim locks on this one because the | |
5205 | header file may get replaced as it is re-written during the delivery process. | |
5206 | Any failures cause messages to be written to the log, except for missing files | |
5207 | while queue running - another process probably completed delivery. As part of | |
5208 | opening the data file, message_subdir gets set. */ | |
5209 | ||
5210 | if (!spool_open_datafile(id)) | |
5211 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5212 | ||
5213 | /* The value of message_size at this point has been set to the data length, | |
5214 | plus one for the blank line that notionally precedes the data. */ | |
5215 | ||
5216 | /* Now read the contents of the header file, which will set up the headers in | |
5217 | store, and also the list of recipients and the tree of non-recipients and | |
5218 | assorted flags. It updates message_size. If there is a reading or format error, | |
5219 | give up; if the message has been around for sufficiently long, remove it. */ | |
5220 | ||
5221 | sprintf(CS spoolname, "%s-H", id); | |
5222 | if ((rc = spool_read_header(spoolname, TRUE, TRUE)) != spool_read_OK) | |
5223 | { | |
5224 | if (errno == ERRNO_SPOOLFORMAT) | |
5225 | { | |
5226 | struct stat statbuf; | |
5227 | sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir, | |
5228 | spoolname); | |
5229 | if (Ustat(big_buffer, &statbuf) == 0) | |
b1c749bb PH |
5230 | log_write(0, LOG_MAIN, "Format error in spool file %s: " |
5231 | "size=" OFF_T_FMT, spoolname, statbuf.st_size); | |
059ec3d9 PH |
5232 | else log_write(0, LOG_MAIN, "Format error in spool file %s", spoolname); |
5233 | } | |
5234 | else | |
5235 | log_write(0, LOG_MAIN, "Error reading spool file %s: %s", spoolname, | |
5236 | strerror(errno)); | |
5237 | ||
5238 | /* If we managed to read the envelope data, received_time contains the | |
5239 | time the message was received. Otherwise, we can calculate it from the | |
5240 | message id. */ | |
5241 | ||
5242 | if (rc != spool_read_hdrerror) | |
5243 | { | |
5244 | received_time = 0; | |
5245 | for (i = 0; i < 6; i++) | |
5246 | received_time = received_time * BASE_62 + tab62[id[i] - '0']; | |
5247 | } | |
5248 | ||
5249 | /* If we've had this malformed message too long, sling it. */ | |
5250 | ||
5251 | if (now - received_time > keep_malformed) | |
5252 | { | |
5253 | sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, id); | |
5254 | Uunlink(spoolname); | |
5255 | sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); | |
5256 | Uunlink(spoolname); | |
5257 | sprintf(CS spoolname, "%s/input/%s/%s-H", spool_directory, message_subdir, id); | |
5258 | Uunlink(spoolname); | |
5259 | sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); | |
5260 | Uunlink(spoolname); | |
5261 | log_write(0, LOG_MAIN, "Message removed because older than %s", | |
5262 | readconf_printtime(keep_malformed)); | |
5263 | } | |
5264 | ||
f1e894f3 | 5265 | (void)close(deliver_datafile); |
059ec3d9 PH |
5266 | deliver_datafile = -1; |
5267 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5268 | } | |
5269 | ||
5270 | /* The spool header file has been read. Look to see if there is an existing | |
5271 | journal file for this message. If there is, it means that a previous delivery | |
5272 | attempt crashed (program or host) before it could update the spool header file. | |
5273 | Read the list of delivered addresses from the journal and add them to the | |
5274 | nonrecipients tree. Then update the spool file. We can leave the journal in | |
5275 | existence, as it will get further successful deliveries added to it in this | |
5276 | run, and it will be deleted if this function gets to its end successfully. | |
5277 | Otherwise it might be needed again. */ | |
5278 | ||
5279 | sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); | |
5280 | jread = Ufopen(spoolname, "rb"); | |
d6c82d7b | 5281 | if (jread) |
059ec3d9 | 5282 | { |
d6c82d7b | 5283 | while (Ufgets(big_buffer, big_buffer_size, jread)) |
059ec3d9 PH |
5284 | { |
5285 | int n = Ustrlen(big_buffer); | |
5286 | big_buffer[n-1] = 0; | |
5287 | tree_add_nonrecipient(big_buffer); | |
5288 | DEBUG(D_deliver) debug_printf("Previously delivered address %s taken from " | |
5289 | "journal file\n", big_buffer); | |
5290 | } | |
f1e894f3 | 5291 | (void)fclose(jread); |
059ec3d9 PH |
5292 | /* Panic-dies on error */ |
5293 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
5294 | } | |
5295 | else if (errno != ENOENT) | |
5296 | { | |
5297 | log_write(0, LOG_MAIN|LOG_PANIC, "attempt to open journal for reading gave: " | |
5298 | "%s", strerror(errno)); | |
5299 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5300 | } | |
5301 | ||
5302 | /* A null recipients list indicates some kind of disaster. */ | |
5303 | ||
d6c82d7b | 5304 | if (!recipients_list) |
059ec3d9 | 5305 | { |
f1e894f3 | 5306 | (void)close(deliver_datafile); |
059ec3d9 PH |
5307 | deliver_datafile = -1; |
5308 | log_write(0, LOG_MAIN, "Spool error: no recipients for %s", spoolname); | |
5309 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5310 | } | |
5311 | ||
5312 | ||
5313 | /* Handle a message that is frozen. There are a number of different things that | |
5314 | can happen, but in the default situation, unless forced, no delivery is | |
5315 | attempted. */ | |
5316 | ||
5317 | if (deliver_freeze) | |
5318 | { | |
a7538db1 | 5319 | #ifdef SUPPORT_MOVE_FROZEN_MESSAGES |
059ec3d9 PH |
5320 | /* Moving to another directory removes the message from Exim's view. Other |
5321 | tools must be used to deal with it. Logging of this action happens in | |
5322 | spool_move_message() and its subfunctions. */ | |
5323 | ||
d6c82d7b JH |
5324 | if ( move_frozen_messages |
5325 | && spool_move_message(id, message_subdir, US"", US"F") | |
5326 | ) | |
059ec3d9 | 5327 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ |
a7538db1 | 5328 | #endif |
059ec3d9 PH |
5329 | |
5330 | /* For all frozen messages (bounces or not), timeout_frozen_after sets the | |
5331 | maximum time to keep messages that are frozen. Thaw if we reach it, with a | |
5332 | flag causing all recipients to be failed. The time is the age of the | |
5333 | message, not the time since freezing. */ | |
5334 | ||
5335 | if (timeout_frozen_after > 0 && message_age >= timeout_frozen_after) | |
5336 | { | |
5337 | log_write(0, LOG_MAIN, "cancelled by timeout_frozen_after"); | |
5338 | process_recipients = RECIP_FAIL_TIMEOUT; | |
5339 | } | |
5340 | ||
5341 | /* For bounce messages (and others with no sender), thaw if the error message | |
5342 | ignore timer is exceeded. The message will be discarded if this delivery | |
5343 | fails. */ | |
5344 | ||
5345 | else if (sender_address[0] == 0 && message_age >= ignore_bounce_errors_after) | |
5346 | { | |
5347 | log_write(0, LOG_MAIN, "Unfrozen by errmsg timer"); | |
5348 | } | |
5349 | ||
ef213c3b PH |
5350 | /* If this is a bounce message, or there's no auto thaw, or we haven't |
5351 | reached the auto thaw time yet, and this delivery is not forced by an admin | |
5352 | user, do not attempt delivery of this message. Note that forced is set for | |
5353 | continuing messages down the same channel, in order to skip load checking and | |
5354 | ignore hold domains, but we don't want unfreezing in that case. */ | |
059ec3d9 PH |
5355 | |
5356 | else | |
5357 | { | |
d6c82d7b JH |
5358 | if ( ( sender_address[0] == 0 |
5359 | || auto_thaw <= 0 | |
5360 | || now <= deliver_frozen_at + auto_thaw | |
5361 | ) | |
5362 | && ( !forced || !deliver_force_thaw | |
5363 | || !admin_user || continue_hostname | |
5364 | ) ) | |
059ec3d9 | 5365 | { |
f1e894f3 | 5366 | (void)close(deliver_datafile); |
059ec3d9 PH |
5367 | deliver_datafile = -1; |
5368 | log_write(L_skip_delivery, LOG_MAIN, "Message is frozen"); | |
5369 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5370 | } | |
5371 | ||
5372 | /* If delivery was forced (by an admin user), assume a manual thaw. | |
5373 | Otherwise it's an auto thaw. */ | |
5374 | ||
5375 | if (forced) | |
5376 | { | |
5377 | deliver_manual_thaw = TRUE; | |
5378 | log_write(0, LOG_MAIN, "Unfrozen by forced delivery"); | |
5379 | } | |
5380 | else log_write(0, LOG_MAIN, "Unfrozen by auto-thaw"); | |
5381 | } | |
5382 | ||
5383 | /* We get here if any of the rules for unfreezing have triggered. */ | |
5384 | ||
5385 | deliver_freeze = FALSE; | |
5386 | update_spool = TRUE; | |
5387 | } | |
5388 | ||
5389 | ||
5390 | /* Open the message log file if we are using them. This records details of | |
5391 | deliveries, deferments, and failures for the benefit of the mail administrator. | |
5392 | The log is not used by exim itself to track the progress of a message; that is | |
5393 | done by rewriting the header spool file. */ | |
5394 | ||
5395 | if (message_logs) | |
5396 | { | |
5397 | uschar *error; | |
5398 | int fd; | |
5399 | ||
5400 | sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, id); | |
5401 | fd = open_msglog_file(spoolname, SPOOL_MODE, &error); | |
5402 | ||
5403 | if (fd < 0) | |
5404 | { | |
5405 | log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't %s message log %s: %s", error, | |
5406 | spoolname, strerror(errno)); | |
5407 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5408 | } | |
5409 | ||
5410 | /* Make a C stream out of it. */ | |
5411 | ||
d6c82d7b | 5412 | if (!(message_log = fdopen(fd, "a"))) |
059ec3d9 PH |
5413 | { |
5414 | log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't fdopen message log %s: %s", | |
5415 | spoolname, strerror(errno)); | |
5416 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5417 | } | |
5418 | } | |
5419 | ||
5420 | ||
5421 | /* If asked to give up on a message, log who did it, and set the action for all | |
5422 | the addresses. */ | |
5423 | ||
5424 | if (give_up) | |
5425 | { | |
5426 | struct passwd *pw = getpwuid(real_uid); | |
d6c82d7b JH |
5427 | log_write(0, LOG_MAIN, "cancelled by %s", |
5428 | pw ? US pw->pw_name : string_sprintf("uid %ld", (long int)real_uid)); | |
059ec3d9 PH |
5429 | process_recipients = RECIP_FAIL; |
5430 | } | |
5431 | ||
5432 | /* Otherwise, if there are too many Received: headers, fail all recipients. */ | |
5433 | ||
5434 | else if (received_count > received_headers_max) | |
5435 | process_recipients = RECIP_FAIL_LOOP; | |
5436 | ||
5437 | /* Otherwise, if a system-wide, address-independent message filter is | |
5438 | specified, run it now, except in the case when we are failing all recipients as | |
5439 | a result of timeout_frozen_after. If the system filter yields "delivered", then | |
5440 | ignore the true recipients of the message. Failure of the filter file is | |
5441 | logged, and the delivery attempt fails. */ | |
5442 | ||
d6c82d7b | 5443 | else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) |
059ec3d9 PH |
5444 | { |
5445 | int rc; | |
5446 | int filtertype; | |
5447 | ugid_block ugid; | |
5448 | redirect_block redirect; | |
5449 | ||
5450 | if (system_filter_uid_set) | |
5451 | { | |
5452 | ugid.uid = system_filter_uid; | |
5453 | ugid.gid = system_filter_gid; | |
5454 | ugid.uid_set = ugid.gid_set = TRUE; | |
5455 | } | |
5456 | else | |
5457 | { | |
5458 | ugid.uid_set = ugid.gid_set = FALSE; | |
5459 | } | |
5460 | ||
5461 | return_path = sender_address; | |
5462 | enable_dollar_recipients = TRUE; /* Permit $recipients in system filter */ | |
5463 | system_filtering = TRUE; | |
5464 | ||
5465 | /* Any error in the filter file causes a delivery to be abandoned. */ | |
5466 | ||
5467 | redirect.string = system_filter; | |
5468 | redirect.isfile = TRUE; | |
5469 | redirect.check_owner = redirect.check_group = FALSE; | |
5470 | redirect.owners = NULL; | |
5471 | redirect.owngroups = NULL; | |
5472 | redirect.pw = NULL; | |
5473 | redirect.modemask = 0; | |
5474 | ||
5475 | DEBUG(D_deliver|D_filter) debug_printf("running system filter\n"); | |
5476 | ||
5477 | rc = rda_interpret( | |
5478 | &redirect, /* Where the data is */ | |
5479 | RDO_DEFER | /* Turn on all the enabling options */ | |
5480 | RDO_FAIL | /* Leave off all the disabling options */ | |
5481 | RDO_FILTER | | |
5482 | RDO_FREEZE | | |
5483 | RDO_REALLOG | | |
5484 | RDO_REWRITE, | |
5485 | NULL, /* No :include: restriction (not used in filter) */ | |
5486 | NULL, /* No sieve vacation directory (not sieve!) */ | |
efd9a422 | 5487 | NULL, /* No sieve enotify mailto owner (not sieve!) */ |
e4a89c47 PH |
5488 | NULL, /* No sieve user address (not sieve!) */ |
5489 | NULL, /* No sieve subaddress (not sieve!) */ | |
059ec3d9 PH |
5490 | &ugid, /* uid/gid data */ |
5491 | &addr_new, /* Where to hang generated addresses */ | |
5492 | &filter_message, /* Where to put error message */ | |
5493 | NULL, /* Don't skip syntax errors */ | |
5494 | &filtertype, /* Will always be set to FILTER_EXIM for this call */ | |
5495 | US"system filter"); /* For error messages */ | |
5496 | ||
5497 | DEBUG(D_deliver|D_filter) debug_printf("system filter returned %d\n", rc); | |
5498 | ||
5499 | if (rc == FF_ERROR || rc == FF_NONEXIST) | |
5500 | { | |
f1e894f3 | 5501 | (void)close(deliver_datafile); |
059ec3d9 PH |
5502 | deliver_datafile = -1; |
5503 | log_write(0, LOG_MAIN|LOG_PANIC, "Error in system filter: %s", | |
5504 | string_printing(filter_message)); | |
5505 | return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */ | |
5506 | } | |
5507 | ||
5508 | /* Reset things. If the filter message is an empty string, which can happen | |
5509 | for a filter "fail" or "freeze" command with no text, reset it to NULL. */ | |
5510 | ||
5511 | system_filtering = FALSE; | |
5512 | enable_dollar_recipients = FALSE; | |
d6c82d7b | 5513 | if (filter_message && filter_message[0] == 0) filter_message = NULL; |
059ec3d9 PH |
5514 | |
5515 | /* Save the values of the system filter variables so that user filters | |
5516 | can use them. */ | |
5517 | ||
5518 | memcpy(filter_sn, filter_n, sizeof(filter_sn)); | |
5519 | ||
5520 | /* The filter can request that delivery of the original addresses be | |
5521 | deferred. */ | |
5522 | ||
5523 | if (rc == FF_DEFER) | |
5524 | { | |
5525 | process_recipients = RECIP_DEFER; | |
5526 | deliver_msglog("Delivery deferred by system filter\n"); | |
5527 | log_write(0, LOG_MAIN, "Delivery deferred by system filter"); | |
5528 | } | |
5529 | ||
5530 | /* The filter can request that a message be frozen, but this does not | |
5531 | take place if the message has been manually thawed. In that case, we must | |
5532 | unset "delivered", which is forced by the "freeze" command to make -bF | |
5533 | work properly. */ | |
5534 | ||
5535 | else if (rc == FF_FREEZE && !deliver_manual_thaw) | |
5536 | { | |
5537 | deliver_freeze = TRUE; | |
5538 | deliver_frozen_at = time(NULL); | |
5539 | process_recipients = RECIP_DEFER; | |
5540 | frozen_info = string_sprintf(" by the system filter%s%s", | |
d6c82d7b JH |
5541 | filter_message ? US": " : US"", |
5542 | filter_message ? filter_message : US""); | |
059ec3d9 PH |
5543 | } |
5544 | ||
5545 | /* The filter can request that a message be failed. The error message may be | |
5546 | quite long - it is sent back to the sender in the bounce - but we don't want | |
5547 | to fill up the log with repetitions of it. If it starts with << then the text | |
5548 | between << and >> is written to the log, with the rest left for the bounce | |
5549 | message. */ | |
5550 | ||
5551 | else if (rc == FF_FAIL) | |
5552 | { | |
5553 | uschar *colon = US""; | |
5554 | uschar *logmsg = US""; | |
5555 | int loglen = 0; | |
5556 | ||
5557 | process_recipients = RECIP_FAIL_FILTER; | |
5558 | ||
d6c82d7b | 5559 | if (filter_message) |
059ec3d9 PH |
5560 | { |
5561 | uschar *logend; | |
5562 | colon = US": "; | |
d6c82d7b JH |
5563 | if ( filter_message[0] == '<' |
5564 | && filter_message[1] == '<' | |
5565 | && (logend = Ustrstr(filter_message, ">>")) | |
5566 | ) | |
059ec3d9 PH |
5567 | { |
5568 | logmsg = filter_message + 2; | |
5569 | loglen = logend - logmsg; | |
5570 | filter_message = logend + 2; | |
5571 | if (filter_message[0] == 0) filter_message = NULL; | |
5572 | } | |
5573 | else | |
5574 | { | |
5575 | logmsg = filter_message; | |
5576 | loglen = Ustrlen(filter_message); | |
5577 | } | |
5578 | } | |
5579 | ||
5580 | log_write(0, LOG_MAIN, "cancelled by system filter%s%.*s", colon, loglen, | |
5581 | logmsg); | |
5582 | } | |
5583 | ||
5584 | /* Delivery can be restricted only to those recipients (if any) that the | |
5585 | filter specified. */ | |
5586 | ||
5587 | else if (rc == FF_DELIVERED) | |
5588 | { | |
5589 | process_recipients = RECIP_IGNORE; | |
d6c82d7b | 5590 | if (addr_new) |
059ec3d9 | 5591 | log_write(0, LOG_MAIN, "original recipients ignored (system filter)"); |
d6c82d7b JH |
5592 | else |
5593 | log_write(0, LOG_MAIN, "=> discarded (system filter)"); | |
059ec3d9 PH |
5594 | } |
5595 | ||
5596 | /* If any new addresses were created by the filter, fake up a "parent" | |
5597 | for them. This is necessary for pipes, etc., which are expected to have | |
5598 | parents, and it also gives some sensible logging for others. Allow | |
5599 | pipes, files, and autoreplies, and run them as the filter uid if set, | |
5600 | otherwise as the current uid. */ | |
5601 | ||
d6c82d7b | 5602 | if (addr_new) |
059ec3d9 PH |
5603 | { |
5604 | int uid = (system_filter_uid_set)? system_filter_uid : geteuid(); | |
5605 | int gid = (system_filter_gid_set)? system_filter_gid : getegid(); | |
5606 | ||
5607 | /* The text "system-filter" is tested in transport_set_up_command() and in | |
5608 | set_up_shell_command() in the pipe transport, to enable them to permit | |
5609 | $recipients, so don't change it here without also changing it there. */ | |
5610 | ||
5611 | address_item *p = addr_new; | |
5612 | address_item *parent = deliver_make_addr(US"system-filter", FALSE); | |
5613 | ||
5614 | parent->domain = string_copylc(qualify_domain_recipient); | |
5615 | parent->local_part = US"system-filter"; | |
5616 | ||
5617 | /* As part of this loop, we arrange for addr_last to end up pointing | |
5618 | at the final address. This is used if we go on to add addresses for the | |
5619 | original recipients. */ | |
5620 | ||
d6c82d7b | 5621 | while (p) |
059ec3d9 | 5622 | { |
4362ff0d PH |
5623 | if (parent->child_count == SHRT_MAX) |
5624 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "system filter generated more " | |
5625 | "than %d delivery addresses", SHRT_MAX); | |
059ec3d9 PH |
5626 | parent->child_count++; |
5627 | p->parent = parent; | |
5628 | ||
5629 | if (testflag(p, af_pfr)) | |
5630 | { | |
5631 | uschar *tpname; | |
5632 | uschar *type; | |
5633 | p->uid = uid; | |
5634 | p->gid = gid; | |
5635 | setflag(p, af_uid_set | | |
5636 | af_gid_set | | |
5637 | af_allow_file | | |
5638 | af_allow_pipe | | |
5639 | af_allow_reply); | |
5640 | ||
5641 | /* Find the name of the system filter's appropriate pfr transport */ | |
5642 | ||
5643 | if (p->address[0] == '|') | |
5644 | { | |
5645 | type = US"pipe"; | |
5646 | tpname = system_filter_pipe_transport; | |
5647 | address_pipe = p->address; | |
5648 | } | |
5649 | else if (p->address[0] == '>') | |
5650 | { | |
5651 | type = US"reply"; | |
5652 | tpname = system_filter_reply_transport; | |
5653 | } | |
5654 | else | |
5655 | { | |
5656 | if (p->address[Ustrlen(p->address)-1] == '/') | |
5657 | { | |
5658 | type = US"directory"; | |
5659 | tpname = system_filter_directory_transport; | |
5660 | } | |
5661 | else | |
5662 | { | |
5663 | type = US"file"; | |
5664 | tpname = system_filter_file_transport; | |
5665 | } | |
5666 | address_file = p->address; | |
5667 | } | |
5668 | ||
5669 | /* Now find the actual transport, first expanding the name. We have | |
5670 | set address_file or address_pipe above. */ | |
5671 | ||
d6c82d7b | 5672 | if (tpname) |
059ec3d9 PH |
5673 | { |
5674 | uschar *tmp = expand_string(tpname); | |
5675 | address_file = address_pipe = NULL; | |
d6c82d7b | 5676 | if (!tmp) |
059ec3d9 PH |
5677 | p->message = string_sprintf("failed to expand \"%s\" as a " |
5678 | "system filter transport name", tpname); | |
5679 | tpname = tmp; | |
5680 | } | |
5681 | else | |
5682 | { | |
5683 | p->message = string_sprintf("system_filter_%s_transport is unset", | |
5684 | type); | |
5685 | } | |
5686 | ||
d6c82d7b | 5687 | if (tpname) |
059ec3d9 PH |
5688 | { |
5689 | transport_instance *tp; | |
d6c82d7b | 5690 | for (tp = transports; tp; tp = tp->next) |
059ec3d9 PH |
5691 | { |
5692 | if (Ustrcmp(tp->name, tpname) == 0) | |
5693 | { | |
5694 | p->transport = tp; | |
5695 | break; | |
5696 | } | |
5697 | } | |
d6c82d7b | 5698 | if (!tp) |
059ec3d9 PH |
5699 | p->message = string_sprintf("failed to find \"%s\" transport " |
5700 | "for system filter delivery", tpname); | |
5701 | } | |
5702 | ||
5703 | /* If we couldn't set up a transport, defer the delivery, putting the | |
5704 | error on the panic log as well as the main log. */ | |
5705 | ||
d6c82d7b | 5706 | if (!p->transport) |
059ec3d9 PH |
5707 | { |
5708 | address_item *badp = p; | |
5709 | p = p->next; | |
d6c82d7b | 5710 | if (!addr_last) addr_new = p; else addr_last->next = p; |
059ec3d9 PH |
5711 | badp->local_part = badp->address; /* Needed for log line */ |
5712 | post_process_one(badp, DEFER, LOG_MAIN|LOG_PANIC, DTYPE_ROUTER, 0); | |
5713 | continue; | |
5714 | } | |
5715 | } /* End of pfr handling */ | |
5716 | ||
5717 | /* Either a non-pfr delivery, or we found a transport */ | |
5718 | ||
5719 | DEBUG(D_deliver|D_filter) | |
5720 | debug_printf("system filter added %s\n", p->address); | |
5721 | ||
5722 | addr_last = p; | |
5723 | p = p->next; | |
5724 | } /* Loop through all addr_new addresses */ | |
5725 | } | |
5726 | } | |
5727 | ||
5728 | ||
5729 | /* Scan the recipients list, and for every one that is not in the non- | |
5730 | recipients tree, add an addr item to the chain of new addresses. If the pno | |
5731 | value is non-negative, we must set the onetime parent from it. This which | |
5732 | points to the relevant entry in the recipients list. | |
5733 | ||
5734 | This processing can be altered by the setting of the process_recipients | |
5735 | variable, which is changed if recipients are to be ignored, failed, or | |
5736 | deferred. This can happen as a result of system filter activity, or if the -Mg | |
5737 | option is used to fail all of them. | |
5738 | ||
5739 | Duplicate addresses are handled later by a different tree structure; we can't | |
5740 | just extend the non-recipients tree, because that will be re-written to the | |
5741 | spool if the message is deferred, and in any case there are casing | |
5742 | complications for local addresses. */ | |
5743 | ||
5744 | if (process_recipients != RECIP_IGNORE) | |
5745 | { | |
5746 | for (i = 0; i < recipients_count; i++) | |
5747 | { | |
d6c82d7b | 5748 | if (!tree_search(tree_nonrecipients, recipients_list[i].address)) |
059ec3d9 PH |
5749 | { |
5750 | recipient_item *r = recipients_list + i; | |
5751 | address_item *new = deliver_make_addr(r->address, FALSE); | |
d43cbe25 | 5752 | new->prop.errors_address = r->errors_to; |
7ade712c | 5753 | #ifdef EXPERIMENTAL_INTERNATIONAL |
3c8b3577 JH |
5754 | if ((new->prop.utf8_msg = message_smtputf8)) |
5755 | { | |
5756 | new->prop.utf8_downcvt = message_utf8_downconvert == 1; | |
5757 | new->prop.utf8_downcvt_maybe = message_utf8_downconvert == -1; | |
0ec7e948 JH |
5758 | DEBUG(D_deliver) debug_printf("utf8, downconvert %s\n", |
5759 | new->prop.utf8_downcvt ? "yes" | |
5760 | : new->prop.utf8_downcvt_maybe ? "ifneeded" | |
5761 | : "no"); | |
3c8b3577 | 5762 | } |
7ade712c | 5763 | #endif |
059ec3d9 PH |
5764 | |
5765 | if (r->pno >= 0) | |
5766 | new->onetime_parent = recipients_list[r->pno].address; | |
5767 | ||
94431adb | 5768 | /* If DSN support is enabled, set the dsn flags and the original receipt |
6c1c3d1d WB |
5769 | to be passed on to other DSN enabled MTAs */ |
5770 | new->dsn_flags = r->dsn_flags & rf_dsnflags; | |
5771 | new->dsn_orcpt = r->orcpt; | |
f923454a JH |
5772 | DEBUG(D_deliver) debug_printf("DSN: set orcpt: %s flags: %d\n", |
5773 | new->dsn_orcpt, new->dsn_flags); | |
6c1c3d1d | 5774 | |
059ec3d9 PH |
5775 | switch (process_recipients) |
5776 | { | |
5777 | /* RECIP_DEFER is set when a system filter freezes a message. */ | |
5778 | ||
5779 | case RECIP_DEFER: | |
5780 | new->next = addr_defer; | |
5781 | addr_defer = new; | |
5782 | break; | |
5783 | ||
5784 | ||
5785 | /* RECIP_FAIL_FILTER is set when a system filter has obeyed a "fail" | |
5786 | command. */ | |
5787 | ||
5788 | case RECIP_FAIL_FILTER: | |
5789 | new->message = | |
d6c82d7b | 5790 | filter_message ? filter_message : US"delivery cancelled"; |
447d236c | 5791 | setflag(new, af_pass_message); |
059ec3d9 PH |
5792 | goto RECIP_QUEUE_FAILED; /* below */ |
5793 | ||
5794 | ||
5795 | /* RECIP_FAIL_TIMEOUT is set when a message is frozen, but is older | |
5796 | than the value in timeout_frozen_after. Treat non-bounce messages | |
5797 | similarly to -Mg; for bounce messages we just want to discard, so | |
5798 | don't put the address on the failed list. The timeout has already | |
5799 | been logged. */ | |
5800 | ||
5801 | case RECIP_FAIL_TIMEOUT: | |
5802 | new->message = US"delivery cancelled; message timed out"; | |
5803 | goto RECIP_QUEUE_FAILED; /* below */ | |
5804 | ||
5805 | ||
5806 | /* RECIP_FAIL is set when -Mg has been used. */ | |
5807 | ||
5808 | case RECIP_FAIL: | |
5809 | new->message = US"delivery cancelled by administrator"; | |
5810 | /* Fall through */ | |
5811 | ||
5812 | /* Common code for the failure cases above. If this is not a bounce | |
5813 | message, put the address on the failed list so that it is used to | |
5814 | create a bounce. Otherwise do nothing - this just discards the address. | |
5815 | The incident has already been logged. */ | |
5816 | ||
5817 | RECIP_QUEUE_FAILED: | |
5818 | if (sender_address[0] != 0) | |
5819 | { | |
5820 | new->next = addr_failed; | |
5821 | addr_failed = new; | |
5822 | } | |
5823 | break; | |
5824 | ||
5825 | ||
5826 | /* RECIP_FAIL_LOOP is set when there are too many Received: headers | |
5827 | in the message. Process each address as a routing failure; if this | |
5828 | is a bounce message, it will get frozen. */ | |
5829 | ||
5830 | case RECIP_FAIL_LOOP: | |
5831 | new->message = US"Too many \"Received\" headers - suspected mail loop"; | |
5832 | post_process_one(new, FAIL, LOG_MAIN, DTYPE_ROUTER, 0); | |
5833 | break; | |
5834 | ||
5835 | ||
5836 | /* Value should be RECIP_ACCEPT; take this as the safe default. */ | |
5837 | ||
5838 | default: | |
d6c82d7b | 5839 | if (!addr_new) addr_new = new; else addr_last->next = new; |
059ec3d9 PH |
5840 | addr_last = new; |
5841 | break; | |
5842 | } | |
14a465c3 | 5843 | |
774ef2d7 | 5844 | #ifdef EXPERIMENTAL_EVENT |
14a465c3 JH |
5845 | if (process_recipients != RECIP_ACCEPT) |
5846 | { | |
5847 | uschar * save_local = deliver_localpart; | |
55414b25 | 5848 | const uschar * save_domain = deliver_domain; |
14a465c3 JH |
5849 | |
5850 | deliver_localpart = expand_string( | |
5851 | string_sprintf("${local_part:%s}", new->address)); | |
5852 | deliver_domain = expand_string( | |
5853 | string_sprintf("${domain:%s}", new->address)); | |
5854 | ||
774ef2d7 | 5855 | (void) event_raise(event_action, |
14a465c3 JH |
5856 | US"msg:fail:internal", new->message); |
5857 | ||
5858 | deliver_localpart = save_local; | |
5859 | deliver_domain = save_domain; | |
5860 | } | |
5861 | #endif | |
059ec3d9 PH |
5862 | } |
5863 | } | |
5864 | } | |
5865 | ||
5866 | DEBUG(D_deliver) | |
5867 | { | |
d6c82d7b | 5868 | address_item *p; |
059ec3d9 | 5869 | debug_printf("Delivery address list:\n"); |
d6c82d7b JH |
5870 | for (p = addr_new; p; p = p->next) |
5871 | debug_printf(" %s %s\n", p->address, | |
5872 | p->onetime_parent ? p->onetime_parent : US""); | |
059ec3d9 PH |
5873 | } |
5874 | ||
5875 | /* Set up the buffers used for copying over the file when delivering. */ | |
5876 | ||
5877 | deliver_in_buffer = store_malloc(DELIVER_IN_BUFFER_SIZE); | |
5878 | deliver_out_buffer = store_malloc(DELIVER_OUT_BUFFER_SIZE); | |
5879 | ||
5880 | ||
5881 | ||
5882 | /* Until there are no more new addresses, handle each one as follows: | |
5883 | ||
5884 | . If this is a generated address (indicated by the presence of a parent | |
5885 | pointer) then check to see whether it is a pipe, file, or autoreply, and | |
5886 | if so, handle it directly here. The router that produced the address will | |
5887 | have set the allow flags into the address, and also set the uid/gid required. | |
5888 | Having the routers generate new addresses and then checking them here at | |
5889 | the outer level is tidier than making each router do the checking, and | |
5890 | means that routers don't need access to the failed address queue. | |
5891 | ||
5892 | . Break up the address into local part and domain, and make lowercased | |
5893 | versions of these strings. We also make unquoted versions of the local part. | |
5894 | ||
5895 | . Handle the percent hack for those domains for which it is valid. | |
5896 | ||
5897 | . For child addresses, determine if any of the parents have the same address. | |
5898 | If so, generate a different string for previous delivery checking. Without | |
5899 | this code, if the address spqr generates spqr via a forward or alias file, | |
5900 | delivery of the generated spqr stops further attempts at the top level spqr, | |
5901 | which is not what is wanted - it may have generated other addresses. | |
5902 | ||
5903 | . Check on the retry database to see if routing was previously deferred, but | |
5904 | only if in a queue run. Addresses that are to be routed are put on the | |
5905 | addr_route chain. Addresses that are to be deferred are put on the | |
5906 | addr_defer chain. We do all the checking first, so as not to keep the | |
5907 | retry database open any longer than necessary. | |
5908 | ||
5909 | . Now we run the addresses through the routers. A router may put the address | |
5910 | on either the addr_local or the addr_remote chain for local or remote | |
5911 | delivery, respectively, or put it on the addr_failed chain if it is | |
5912 | undeliveable, or it may generate child addresses and put them on the | |
5913 | addr_new chain, or it may defer an address. All the chain anchors are | |
5914 | passed as arguments so that the routers can be called for verification | |
5915 | purposes as well. | |
5916 | ||
5917 | . If new addresses have been generated by the routers, da capo. | |
5918 | */ | |
5919 | ||
5920 | header_rewritten = FALSE; /* No headers rewritten yet */ | |
d6c82d7b | 5921 | while (addr_new) /* Loop until all addresses dealt with */ |
059ec3d9 PH |
5922 | { |
5923 | address_item *addr, *parent; | |
059ec3d9 PH |
5924 | |
5925 | /* Failure to open the retry database is treated the same as if it does | |
5926 | not exist. In both cases, dbm_file is NULL. */ | |
5927 | ||
d6c82d7b | 5928 | if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE))) |
059ec3d9 PH |
5929 | { |
5930 | DEBUG(D_deliver|D_retry|D_route|D_hints_lookup) | |
5931 | debug_printf("no retry data available\n"); | |
5932 | } | |
5933 | ||
5934 | /* Scan the current batch of new addresses, to handle pipes, files and | |
5935 | autoreplies, and determine which others are ready for routing. */ | |
5936 | ||
d6c82d7b | 5937 | while (addr_new) |
059ec3d9 PH |
5938 | { |
5939 | int rc; | |
5940 | uschar *p; | |
5941 | tree_node *tnode; | |
5942 | dbdata_retry *domain_retry_record; | |
5943 | dbdata_retry *address_retry_record; | |
5944 | ||
5945 | addr = addr_new; | |
5946 | addr_new = addr->next; | |
5947 | ||
5948 | DEBUG(D_deliver|D_retry|D_route) | |
5949 | { | |
5950 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
5951 | debug_printf("Considering: %s\n", addr->address); | |
5952 | } | |
5953 | ||
5954 | /* Handle generated address that is a pipe or a file or an autoreply. */ | |
5955 | ||
5956 | if (testflag(addr, af_pfr)) | |
5957 | { | |
424a1c63 PH |
5958 | /* If an autoreply in a filter could not generate a syntactically valid |
5959 | address, give up forthwith. Set af_ignore_error so that we don't try to | |
5960 | generate a bounce. */ | |
5961 | ||
5962 | if (testflag(addr, af_bad_reply)) | |
5963 | { | |
5964 | addr->basic_errno = ERRNO_BADADDRESS2; | |
5965 | addr->local_part = addr->address; | |
5966 | addr->message = | |
5967 | US"filter autoreply generated syntactically invalid recipient"; | |
5968 | setflag(addr, af_ignore_error); | |
5969 | (void)post_process_one(addr, FAIL, LOG_MAIN, DTYPE_ROUTER, 0); | |
5970 | continue; /* with the next new address */ | |
5971 | } | |
059ec3d9 PH |
5972 | |
5973 | /* If two different users specify delivery to the same pipe or file or | |
5974 | autoreply, there should be two different deliveries, so build a unique | |
5975 | string that incorporates the original address, and use this for | |
5976 | duplicate testing and recording delivery, and also for retrying. */ | |
5977 | ||
5978 | addr->unique = | |
424a1c63 PH |
5979 | string_sprintf("%s:%s", addr->address, addr->parent->unique + |
5980 | (testflag(addr->parent, af_homonym)? 3:0)); | |
059ec3d9 PH |
5981 | |
5982 | addr->address_retry_key = addr->domain_retry_key = | |
5983 | string_sprintf("T:%s", addr->unique); | |
5984 | ||
5985 | /* If a filter file specifies two deliveries to the same pipe or file, | |
5986 | we want to de-duplicate, but this is probably not wanted for two mail | |
5987 | commands to the same address, where probably both should be delivered. | |
5988 | So, we have to invent a different unique string in that case. Just | |
5989 | keep piling '>' characters on the front. */ | |
5990 | ||
5991 | if (addr->address[0] == '>') | |
5992 | { | |
d6c82d7b | 5993 | while (tree_search(tree_duplicates, addr->unique)) |
059ec3d9 PH |
5994 | addr->unique = string_sprintf(">%s", addr->unique); |
5995 | } | |
5996 | ||
d6c82d7b | 5997 | else if ((tnode = tree_search(tree_duplicates, addr->unique))) |
059ec3d9 PH |
5998 | { |
5999 | DEBUG(D_deliver|D_route) | |
6000 | debug_printf("%s is a duplicate address: discarded\n", addr->address); | |
6001 | addr->dupof = tnode->data.ptr; | |
6002 | addr->next = addr_duplicate; | |
6003 | addr_duplicate = addr; | |
6004 | continue; | |
6005 | } | |
6006 | ||
6007 | DEBUG(D_deliver|D_route) debug_printf("unique = %s\n", addr->unique); | |
6008 | ||
6009 | /* Check for previous delivery */ | |
6010 | ||
d6c82d7b | 6011 | if (tree_search(tree_nonrecipients, addr->unique)) |
059ec3d9 PH |
6012 | { |
6013 | DEBUG(D_deliver|D_route) | |
6014 | debug_printf("%s was previously delivered: discarded\n", addr->address); | |
6015 | child_done(addr, tod_stamp(tod_log)); | |
6016 | continue; | |
6017 | } | |
6018 | ||
6019 | /* Save for checking future duplicates */ | |
6020 | ||
6021 | tree_add_duplicate(addr->unique, addr); | |
6022 | ||
6023 | /* Set local part and domain */ | |
6024 | ||
6025 | addr->local_part = addr->address; | |
6026 | addr->domain = addr->parent->domain; | |
6027 | ||
6028 | /* Ensure that the delivery is permitted. */ | |
6029 | ||
6030 | if (testflag(addr, af_file)) | |
6031 | { | |
6032 | if (!testflag(addr, af_allow_file)) | |
6033 | { | |
6034 | addr->basic_errno = ERRNO_FORBIDFILE; | |
6035 | addr->message = US"delivery to file forbidden"; | |
6036 | (void)post_process_one(addr, FAIL, LOG_MAIN, DTYPE_ROUTER, 0); | |
6037 | continue; /* with the next new address */ | |
6038 | } | |
6039 | } | |
6040 | else if (addr->address[0] == '|') | |
6041 | { | |
6042 | if (!testflag(addr, af_allow_pipe)) | |
6043 | { | |
6044 | addr->basic_errno = ERRNO_FORBIDPIPE; | |
6045 | addr->message = US"delivery to pipe forbidden"; | |
6046 | (void)post_process_one(addr, FAIL, LOG_MAIN, DTYPE_ROUTER, 0); | |
6047 | continue; /* with the next new address */ | |
6048 | } | |
6049 | } | |
6050 | else if (!testflag(addr, af_allow_reply)) | |
6051 | { | |
6052 | addr->basic_errno = ERRNO_FORBIDREPLY; | |
6053 | addr->message = US"autoreply forbidden"; | |
6054 | (void)post_process_one(addr, FAIL, LOG_MAIN, DTYPE_ROUTER, 0); | |
6055 | continue; /* with the next new address */ | |
6056 | } | |
6057 | ||
6058 | /* If the errno field is already set to BADTRANSPORT, it indicates | |
6059 | failure to expand a transport string, or find the associated transport, | |
6060 | or an unset transport when one is required. Leave this test till now so | |
6061 | that the forbid errors are given in preference. */ | |
6062 | ||
6063 | if (addr->basic_errno == ERRNO_BADTRANSPORT) | |
6064 | { | |
6065 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); | |
6066 | continue; | |
6067 | } | |
6068 | ||
6069 | /* Treat /dev/null as a special case and abandon the delivery. This | |
6070 | avoids having to specify a uid on the transport just for this case. | |
6071 | Arrange for the transport name to be logged as "**bypassed**". */ | |
6072 | ||
6073 | if (Ustrcmp(addr->address, "/dev/null") == 0) | |
6074 | { | |
6075 | uschar *save = addr->transport->name; | |
6076 | addr->transport->name = US"**bypassed**"; | |
6077 | (void)post_process_one(addr, OK, LOG_MAIN, DTYPE_TRANSPORT, '='); | |
6078 | addr->transport->name = save; | |
6079 | continue; /* with the next new address */ | |
6080 | } | |
6081 | ||
6082 | /* Pipe, file, or autoreply delivery is to go ahead as a normal local | |
6083 | delivery. */ | |
6084 | ||
6085 | DEBUG(D_deliver|D_route) | |
6086 | debug_printf("queued for %s transport\n", addr->transport->name); | |
6087 | addr->next = addr_local; | |
6088 | addr_local = addr; | |
6089 | continue; /* with the next new address */ | |
6090 | } | |
6091 | ||
6092 | /* Handle normal addresses. First, split up into local part and domain, | |
6093 | handling the %-hack if necessary. There is the possibility of a defer from | |
6094 | a lookup in percent_hack_domains. */ | |
6095 | ||
6096 | if ((rc = deliver_split_address(addr)) == DEFER) | |
6097 | { | |
6098 | addr->message = US"cannot check percent_hack_domains"; | |
6099 | addr->basic_errno = ERRNO_LISTDEFER; | |
6100 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_NONE, 0); | |
6101 | continue; | |
6102 | } | |
6103 | ||
6104 | /* Check to see if the domain is held. If so, proceed only if the | |
6105 | delivery was forced by hand. */ | |
6106 | ||
6107 | deliver_domain = addr->domain; /* set $domain */ | |
d6c82d7b JH |
6108 | if ( !forced && hold_domains |
6109 | && (rc = match_isinlist(addr->domain, (const uschar **)&hold_domains, 0, | |
059ec3d9 | 6110 | &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, |
d6c82d7b JH |
6111 | NULL)) != FAIL |
6112 | ) | |
059ec3d9 PH |
6113 | { |
6114 | if (rc == DEFER) | |
6115 | { | |
6116 | addr->message = US"hold_domains lookup deferred"; | |
6117 | addr->basic_errno = ERRNO_LISTDEFER; | |
6118 | } | |
6119 | else | |
6120 | { | |
6121 | addr->message = US"domain is held"; | |
6122 | addr->basic_errno = ERRNO_HELD; | |
6123 | } | |
6124 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_NONE, 0); | |
6125 | continue; | |
6126 | } | |
6127 | ||
6128 | /* Now we can check for duplicates and previously delivered addresses. In | |
6129 | order to do this, we have to generate a "unique" value for each address, | |
6130 | because there may be identical actual addresses in a line of descendents. | |
6131 | The "unique" field is initialized to the same value as the "address" field, | |
6132 | but gets changed here to cope with identically-named descendents. */ | |
6133 | ||
d6c82d7b | 6134 | for (parent = addr->parent; parent; parent = parent->parent) |
059ec3d9 PH |
6135 | if (strcmpic(addr->address, parent->address) == 0) break; |
6136 | ||
6137 | /* If there's an ancestor with the same name, set the homonym flag. This | |
6138 | influences how deliveries are recorded. Then add a prefix on the front of | |
6139 | the unique address. We use \n\ where n starts at 0 and increases each time. | |
6140 | It is unlikely to pass 9, but if it does, it may look odd but will still | |
6141 | work. This means that siblings or cousins with the same names are treated | |
6142 | as duplicates, which is what we want. */ | |
6143 | ||
d6c82d7b | 6144 | if (parent) |
059ec3d9 PH |
6145 | { |
6146 | setflag(addr, af_homonym); | |
6147 | if (parent->unique[0] != '\\') | |
6148 | addr->unique = string_sprintf("\\0\\%s", addr->address); | |
6149 | else | |
6150 | addr->unique = string_sprintf("\\%c\\%s", parent->unique[1] + 1, | |
6151 | addr->address); | |
6152 | } | |
6153 | ||
6154 | /* Ensure that the domain in the unique field is lower cased, because | |
6155 | domains are always handled caselessly. */ | |
6156 | ||
6157 | p = Ustrrchr(addr->unique, '@'); | |
6158 | while (*p != 0) { *p = tolower(*p); p++; } | |
6159 | ||
6160 | DEBUG(D_deliver|D_route) debug_printf("unique = %s\n", addr->unique); | |
6161 | ||
d6c82d7b | 6162 | if (tree_search(tree_nonrecipients, addr->unique)) |
059ec3d9 PH |
6163 | { |
6164 | DEBUG(D_deliver|D_route) | |
6165 | debug_printf("%s was previously delivered: discarded\n", addr->unique); | |
6166 | child_done(addr, tod_stamp(tod_log)); | |
6167 | continue; | |
6168 | } | |
6169 | ||
059ec3d9 | 6170 | /* Get the routing retry status, saving the two retry keys (with and |
48c7f9e2 PH |
6171 | without the local part) for subsequent use. If there is no retry record for |
6172 | the standard address routing retry key, we look for the same key with the | |
6173 | sender attached, because this form is used by the smtp transport after a | |
6174 | 4xx response to RCPT when address_retry_include_sender is true. */ | |
059ec3d9 PH |
6175 | |
6176 | addr->domain_retry_key = string_sprintf("R:%s", addr->domain); | |
6177 | addr->address_retry_key = string_sprintf("R:%s@%s", addr->local_part, | |
6178 | addr->domain); | |
6179 | ||
d6c82d7b | 6180 | if (dbm_file) |
059ec3d9 PH |
6181 | { |
6182 | domain_retry_record = dbfn_read(dbm_file, addr->domain_retry_key); | |
d6c82d7b JH |
6183 | if ( domain_retry_record |
6184 | && now - domain_retry_record->time_stamp > retry_data_expire | |
6185 | ) | |
48c7f9e2 | 6186 | domain_retry_record = NULL; /* Ignore if too old */ |
059ec3d9 PH |
6187 | |
6188 | address_retry_record = dbfn_read(dbm_file, addr->address_retry_key); | |
d6c82d7b JH |
6189 | if ( address_retry_record |
6190 | && now - address_retry_record->time_stamp > retry_data_expire | |
6191 | ) | |
48c7f9e2 PH |
6192 | address_retry_record = NULL; /* Ignore if too old */ |
6193 | ||
d6c82d7b | 6194 | if (!address_retry_record) |
48c7f9e2 | 6195 | { |
09945f1e | 6196 | uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, |
48c7f9e2 PH |
6197 | sender_address); |
6198 | address_retry_record = dbfn_read(dbm_file, altkey); | |
d6c82d7b JH |
6199 | if ( address_retry_record |
6200 | && now - address_retry_record->time_stamp > retry_data_expire) | |
48c7f9e2 PH |
6201 | address_retry_record = NULL; /* Ignore if too old */ |
6202 | } | |
059ec3d9 | 6203 | } |
d6c82d7b JH |
6204 | else |
6205 | domain_retry_record = address_retry_record = NULL; | |
059ec3d9 PH |
6206 | |
6207 | DEBUG(D_deliver|D_retry) | |
6208 | { | |
d6c82d7b | 6209 | if (!domain_retry_record) |
059ec3d9 | 6210 | debug_printf("no domain retry record\n"); |
d6c82d7b | 6211 | if (!address_retry_record) |
059ec3d9 PH |
6212 | debug_printf("no address retry record\n"); |
6213 | } | |
6214 | ||
6215 | /* If we are sending a message down an existing SMTP connection, we must | |
6216 | assume that the message which created the connection managed to route | |
6217 | an address to that connection. We do not want to run the risk of taking | |
6218 | a long time over routing here, because if we do, the server at the other | |
6219 | end of the connection may time it out. This is especially true for messages | |
6220 | with lots of addresses. For this kind of delivery, queue_running is not | |
6221 | set, so we would normally route all addresses. We take a pragmatic approach | |
6222 | and defer routing any addresses that have any kind of domain retry record. | |
6223 | That is, we don't even look at their retry times. It doesn't matter if this | |
6224 | doesn't work occasionally. This is all just an optimization, after all. | |
6225 | ||
6226 | The reason for not doing the same for address retries is that they normally | |
6227 | arise from 4xx responses, not DNS timeouts. */ | |
6228 | ||
d6c82d7b | 6229 | if (continue_hostname && domain_retry_record) |
059ec3d9 PH |
6230 | { |
6231 | addr->message = US"reusing SMTP connection skips previous routing defer"; | |
6232 | addr->basic_errno = ERRNO_RRETRY; | |
6233 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); | |
6234 | } | |
6235 | ||
f6c332bd PH |
6236 | /* If we are in a queue run, defer routing unless there is no retry data or |
6237 | we've passed the next retry time, or this message is forced. In other | |
6238 | words, ignore retry data when not in a queue run. | |
6239 | ||
6240 | However, if the domain retry time has expired, always allow the routing | |
6241 | attempt. If it fails again, the address will be failed. This ensures that | |
059ec3d9 PH |
6242 | each address is routed at least once, even after long-term routing |
6243 | failures. | |
6244 | ||
6245 | If there is an address retry, check that too; just wait for the next | |
6246 | retry time. This helps with the case when the temporary error on the | |
6247 | address was really message-specific rather than address specific, since | |
f6c332bd PH |
6248 | it allows other messages through. |
6249 | ||
6250 | We also wait for the next retry time if this is a message sent down an | |
6251 | existing SMTP connection (even though that will be forced). Otherwise there | |
6252 | will be far too many attempts for an address that gets a 4xx error. In | |
6253 | fact, after such an error, we should not get here because, the host should | |
6254 | not be remembered as one this message needs. However, there was a bug that | |
ba9af0af TF |
6255 | used to cause this to happen, so it is best to be on the safe side. |
6256 | ||
1ddeb334 TF |
6257 | Even if we haven't reached the retry time in the hints, there is one more |
6258 | check to do, which is for the ultimate address timeout. We only do this | |
6259 | check if there is an address retry record and there is not a domain retry | |
6260 | record; this implies that previous attempts to handle the address had the | |
6261 | retry_use_local_parts option turned on. We use this as an approximation | |
6262 | for the destination being like a local delivery, for example delivery over | |
6263 | LMTP to an IMAP message store. In this situation users are liable to bump | |
6264 | into their quota and thereby have intermittently successful deliveries, | |
6265 | which keep the retry record fresh, which can lead to us perpetually | |
6266 | deferring messages. */ | |
059ec3d9 | 6267 | |
d6c82d7b JH |
6268 | else if ( ( queue_running && !deliver_force |
6269 | || continue_hostname | |
6270 | ) | |
6271 | && ( ( domain_retry_record | |
6272 | && now < domain_retry_record->next_try | |
6273 | && !domain_retry_record->expired | |
6274 | ) | |
6275 | || ( address_retry_record | |
6276 | && now < address_retry_record->next_try | |
6277 | ) ) | |
6278 | && ( domain_retry_record | |
6279 | || !address_retry_record | |
6280 | || !retry_ultimate_address_timeout(addr->address_retry_key, | |
6281 | addr->domain, address_retry_record, now) | |
6282 | ) ) | |
059ec3d9 PH |
6283 | { |
6284 | addr->message = US"retry time not reached"; | |
6285 | addr->basic_errno = ERRNO_RRETRY; | |
6286 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); | |
6287 | } | |
6288 | ||
6289 | /* The domain is OK for routing. Remember if retry data exists so it | |
6290 | can be cleaned up after a successful delivery. */ | |
6291 | ||
6292 | else | |
6293 | { | |
d6c82d7b | 6294 | if (domain_retry_record || address_retry_record) |
059ec3d9 PH |
6295 | setflag(addr, af_dr_retry_exists); |
6296 | addr->next = addr_route; | |
6297 | addr_route = addr; | |
6298 | DEBUG(D_deliver|D_route) | |
6299 | debug_printf("%s: queued for routing\n", addr->address); | |
6300 | } | |
6301 | } | |
6302 | ||
6303 | /* The database is closed while routing is actually happening. Requests to | |
6304 | update it are put on a chain and all processed together at the end. */ | |
6305 | ||
d6c82d7b | 6306 | if (dbm_file) dbfn_close(dbm_file); |
059ec3d9 PH |
6307 | |
6308 | /* If queue_domains is set, we don't even want to try routing addresses in | |
6309 | those domains. During queue runs, queue_domains is forced to be unset. | |
6310 | Optimize by skipping this pass through the addresses if nothing is set. */ | |
6311 | ||
d6c82d7b | 6312 | if (!deliver_force && queue_domains) |
059ec3d9 PH |
6313 | { |
6314 | address_item *okaddr = NULL; | |
d6c82d7b | 6315 | while (addr_route) |
059ec3d9 PH |
6316 | { |
6317 | address_item *addr = addr_route; | |
6318 | addr_route = addr->next; | |
6319 | ||
6320 | deliver_domain = addr->domain; /* set $domain */ | |
55414b25 | 6321 | if ((rc = match_isinlist(addr->domain, (const uschar **)&queue_domains, 0, |
059ec3d9 PH |
6322 | &domainlist_anchor, addr->domain_cache, MCL_DOMAIN, TRUE, NULL)) |
6323 | != OK) | |
6324 | { | |
6325 | if (rc == DEFER) | |
6326 | { | |
6327 | addr->basic_errno = ERRNO_LISTDEFER; | |
6328 | addr->message = US"queue_domains lookup deferred"; | |
6329 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); | |
6330 | } | |
6331 | else | |
6332 | { | |
6333 | addr->next = okaddr; | |
6334 | okaddr = addr; | |
6335 | } | |
6336 | } | |
6337 | else | |
6338 | { | |
6339 | addr->basic_errno = ERRNO_QUEUE_DOMAIN; | |
6340 | addr->message = US"domain is in queue_domains"; | |
6341 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); | |
6342 | } | |
6343 | } | |
6344 | ||
6345 | addr_route = okaddr; | |
6346 | } | |
6347 | ||
6348 | /* Now route those addresses that are not deferred. */ | |
6349 | ||
d6c82d7b | 6350 | while (addr_route) |
059ec3d9 PH |
6351 | { |
6352 | int rc; | |
6353 | address_item *addr = addr_route; | |
55414b25 | 6354 | const uschar *old_domain = addr->domain; |
059ec3d9 PH |
6355 | uschar *old_unique = addr->unique; |
6356 | addr_route = addr->next; | |
6357 | addr->next = NULL; | |
6358 | ||
6359 | /* Just in case some router parameter refers to it. */ | |
6360 | ||
d6c82d7b JH |
6361 | if (!(return_path = addr->prop.errors_address)) |
6362 | return_path = sender_address; | |
059ec3d9 PH |
6363 | |
6364 | /* If a router defers an address, add a retry item. Whether or not to | |
6365 | use the local part in the key is a property of the router. */ | |
6366 | ||
6367 | if ((rc = route_address(addr, &addr_local, &addr_remote, &addr_new, | |
6368 | &addr_succeed, v_none)) == DEFER) | |
d6c82d7b JH |
6369 | retry_add_item(addr, |
6370 | addr->router->retry_use_local_part | |
6371 | ? string_sprintf("R:%s@%s", addr->local_part, addr->domain) | |
6372 | : string_sprintf("R:%s", addr->domain), | |
6373 | 0); | |
059ec3d9 PH |
6374 | |
6375 | /* Otherwise, if there is an existing retry record in the database, add | |
09945f1e PH |
6376 | retry items to delete both forms. We must also allow for the possibility |
6377 | of a routing retry that includes the sender address. Since the domain might | |
6378 | have been rewritten (expanded to fully qualified) as a result of routing, | |
6379 | ensure that the rewritten form is also deleted. */ | |
059ec3d9 PH |
6380 | |
6381 | else if (testflag(addr, af_dr_retry_exists)) | |
6382 | { | |
09945f1e PH |
6383 | uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, |
6384 | sender_address); | |
6385 | retry_add_item(addr, altkey, rf_delete); | |
059ec3d9 PH |
6386 | retry_add_item(addr, addr->address_retry_key, rf_delete); |
6387 | retry_add_item(addr, addr->domain_retry_key, rf_delete); | |
6388 | if (Ustrcmp(addr->domain, old_domain) != 0) | |
6389 | retry_add_item(addr, string_sprintf("R:%s", old_domain), rf_delete); | |
6390 | } | |
6391 | ||
6392 | /* DISCARD is given for :blackhole: and "seen finish". The event has been | |
6393 | logged, but we need to ensure the address (and maybe parents) is marked | |
6394 | done. */ | |
6395 | ||
6396 | if (rc == DISCARD) | |
6397 | { | |
6398 | address_done(addr, tod_stamp(tod_log)); | |
6399 | continue; /* route next address */ | |
6400 | } | |
6401 | ||
6402 | /* The address is finished with (failed or deferred). */ | |
6403 | ||
6404 | if (rc != OK) | |
6405 | { | |
6406 | (void)post_process_one(addr, rc, LOG_MAIN, DTYPE_ROUTER, 0); | |
6407 | continue; /* route next address */ | |
6408 | } | |
6409 | ||
6410 | /* The address has been routed. If the router changed the domain, it will | |
6411 | also have changed the unique address. We have to test whether this address | |
6412 | has already been delivered, because it's the unique address that finally | |
6413 | gets recorded. */ | |
6414 | ||
d6c82d7b JH |
6415 | if ( addr->unique != old_unique |
6416 | && tree_search(tree_nonrecipients, addr->unique) != 0 | |
6417 | ) | |
059ec3d9 PH |
6418 | { |
6419 | DEBUG(D_deliver|D_route) debug_printf("%s was previously delivered: " | |
6420 | "discarded\n", addr->address); | |
6421 | if (addr_remote == addr) addr_remote = addr->next; | |
6422 | else if (addr_local == addr) addr_local = addr->next; | |
6423 | } | |
6424 | ||
6425 | /* If the router has same_domain_copy_routing set, we are permitted to copy | |
6426 | the routing for any other addresses with the same domain. This is an | |
6427 | optimisation to save repeated DNS lookups for "standard" remote domain | |
6428 | routing. The option is settable only on routers that generate host lists. | |
6429 | We play it very safe, and do the optimization only if the address is routed | |
6430 | to a remote transport, there are no header changes, and the domain was not | |
6431 | modified by the router. */ | |
6432 | ||
d6c82d7b JH |
6433 | if ( addr_remote == addr |
6434 | && addr->router->same_domain_copy_routing | |
6435 | && !addr->prop.extra_headers | |
6436 | && !addr->prop.remove_headers | |
6437 | && old_domain == addr->domain | |
6438 | ) | |
059ec3d9 PH |
6439 | { |
6440 | address_item **chain = &addr_route; | |
d6c82d7b | 6441 | while (*chain) |
059ec3d9 PH |
6442 | { |
6443 | address_item *addr2 = *chain; | |
6444 | if (Ustrcmp(addr2->domain, addr->domain) != 0) | |
6445 | { | |
6446 | chain = &(addr2->next); | |
6447 | continue; | |
6448 | } | |
6449 | ||
6450 | /* Found a suitable address; take it off the routing list and add it to | |
6451 | the remote delivery list. */ | |
6452 | ||
6453 | *chain = addr2->next; | |
6454 | addr2->next = addr_remote; | |
6455 | addr_remote = addr2; | |
6456 | ||
6457 | /* Copy the routing data */ | |
6458 | ||
6459 | addr2->domain = addr->domain; | |
6460 | addr2->router = addr->router; | |
6461 | addr2->transport = addr->transport; | |
6462 | addr2->host_list = addr->host_list; | |
6463 | addr2->fallback_hosts = addr->fallback_hosts; | |
d43cbe25 | 6464 | addr2->prop.errors_address = addr->prop.errors_address; |
059ec3d9 PH |
6465 | copyflag(addr2, addr, af_hide_child | af_local_host_removed); |
6466 | ||
6467 | DEBUG(D_deliver|D_route) | |
6468 | { | |
6469 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n" | |
6470 | "routing %s\n" | |
6471 | "Routing for %s copied from %s\n", | |
6472 | addr2->address, addr2->address, addr->address); | |
6473 | } | |
6474 | } | |
6475 | } | |
6476 | } /* Continue with routing the next address. */ | |
6477 | } /* Loop to process any child addresses that the routers created, and | |
6478 | any rerouted addresses that got put back on the new chain. */ | |
6479 | ||
6480 | ||
6481 | /* Debugging: show the results of the routing */ | |
6482 | ||
6483 | DEBUG(D_deliver|D_retry|D_route) | |
6484 | { | |
d6c82d7b | 6485 | address_item *p; |
059ec3d9 PH |
6486 | debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); |
6487 | debug_printf("After routing:\n Local deliveries:\n"); | |
d6c82d7b | 6488 | for (p = addr_local; p; p = p->next) |
059ec3d9 | 6489 | debug_printf(" %s\n", p->address); |
059ec3d9 | 6490 | |
059ec3d9 | 6491 | debug_printf(" Remote deliveries:\n"); |
d6c82d7b | 6492 | for (p = addr_remote; p; p = p->next) |
059ec3d9 | 6493 | debug_printf(" %s\n", p->address); |
059ec3d9 | 6494 | |
059ec3d9 | 6495 | debug_printf(" Failed addresses:\n"); |
d6c82d7b | 6496 | for (p = addr_failed; p; p = p->next) |
059ec3d9 | 6497 | debug_printf(" %s\n", p->address); |
059ec3d9 | 6498 | |
059ec3d9 | 6499 | debug_printf(" Deferred addresses:\n"); |
d6c82d7b | 6500 | for (p = addr_defer; p; p = p->next) |
059ec3d9 | 6501 | debug_printf(" %s\n", p->address); |
059ec3d9 PH |
6502 | } |
6503 | ||
6504 | /* Free any resources that were cached during routing. */ | |
6505 | ||
6506 | search_tidyup(); | |
6507 | route_tidyup(); | |
6508 | ||
6509 | /* These two variables are set only during routing, after check_local_user. | |
6510 | Ensure they are not set in transports. */ | |
6511 | ||
6512 | local_user_gid = (gid_t)(-1); | |
6513 | local_user_uid = (uid_t)(-1); | |
6514 | ||
d7174846 PH |
6515 | /* Check for any duplicate addresses. This check is delayed until after |
6516 | routing, because the flexibility of the routing configuration means that | |
6517 | identical addresses with different parentage may end up being redirected to | |
6518 | different addresses. Checking for duplicates too early (as we previously used | |
6519 | to) makes this kind of thing not work. */ | |
6520 | ||
6521 | do_duplicate_check(&addr_local); | |
6522 | do_duplicate_check(&addr_remote); | |
6523 | ||
059ec3d9 PH |
6524 | /* When acting as an MUA wrapper, we proceed only if all addresses route to a |
6525 | remote transport. The check that they all end up in one transaction happens in | |
6526 | the do_remote_deliveries() function. */ | |
6527 | ||
d6c82d7b JH |
6528 | if ( mua_wrapper |
6529 | && (addr_local || addr_failed || addr_defer) | |
6530 | ) | |
059ec3d9 PH |
6531 | { |
6532 | address_item *addr; | |
6533 | uschar *which, *colon, *msg; | |
6534 | ||
d6c82d7b | 6535 | if (addr_local) |
059ec3d9 PH |
6536 | { |
6537 | addr = addr_local; | |
6538 | which = US"local"; | |
6539 | } | |
d6c82d7b | 6540 | else if (addr_defer) |
059ec3d9 PH |
6541 | { |
6542 | addr = addr_defer; | |
6543 | which = US"deferred"; | |
6544 | } | |
6545 | else | |
6546 | { | |
6547 | addr = addr_failed; | |
6548 | which = US"failed"; | |
6549 | } | |
6550 | ||
d6c82d7b | 6551 | while (addr->parent) addr = addr->parent; |
059ec3d9 | 6552 | |
d6c82d7b | 6553 | if (addr->message) |
059ec3d9 PH |
6554 | { |
6555 | colon = US": "; | |
6556 | msg = addr->message; | |
6557 | } | |
6558 | else colon = msg = US""; | |
6559 | ||
6560 | /* We don't need to log here for a forced failure as it will already | |
6561 | have been logged. Defer will also have been logged, but as a defer, so we do | |
6562 | need to do the failure logging. */ | |
6563 | ||
6564 | if (addr != addr_failed) | |
6565 | log_write(0, LOG_MAIN, "** %s routing yielded a %s delivery", | |
6566 | addr->address, which); | |
6567 | ||
6568 | /* Always write an error to the caller */ | |
6569 | ||
6570 | fprintf(stderr, "routing %s yielded a %s delivery%s%s\n", addr->address, | |
6571 | which, colon, msg); | |
6572 | ||
6573 | final_yield = DELIVER_MUA_FAILED; | |
6574 | addr_failed = addr_defer = NULL; /* So that we remove the message */ | |
6575 | goto DELIVERY_TIDYUP; | |
6576 | } | |
6577 | ||
6578 | ||
6579 | /* If this is a run to continue deliveries to an external channel that is | |
6580 | already set up, defer any local deliveries. */ | |
6581 | ||
d6c82d7b | 6582 | if (continue_transport) |
059ec3d9 | 6583 | { |
d6c82d7b | 6584 | if (addr_defer) |
059ec3d9 PH |
6585 | { |
6586 | address_item *addr = addr_defer; | |
d6c82d7b | 6587 | while (addr->next) addr = addr->next; |
059ec3d9 PH |
6588 | addr->next = addr_local; |
6589 | } | |
d6c82d7b JH |
6590 | else |
6591 | addr_defer = addr_local; | |
059ec3d9 PH |
6592 | addr_local = NULL; |
6593 | } | |
6594 | ||
6595 | ||
6596 | /* Because address rewriting can happen in the routers, we should not really do | |
6597 | ANY deliveries until all addresses have been routed, so that all recipients of | |
6598 | the message get the same headers. However, this is in practice not always | |
6599 | possible, since sometimes remote addresses give DNS timeouts for days on end. | |
6600 | The pragmatic approach is to deliver what we can now, saving any rewritten | |
6601 | headers so that at least the next lot of recipients benefit from the rewriting | |
6602 | that has already been done. | |
6603 | ||
6604 | If any headers have been rewritten during routing, update the spool file to | |
6605 | remember them for all subsequent deliveries. This can be delayed till later if | |
6606 | there is only address to be delivered - if it succeeds the spool write need not | |
6607 | happen. */ | |
6608 | ||
d6c82d7b JH |
6609 | if ( header_rewritten |
6610 | && ( ( addr_local | |
6611 | && (addr_local->next || addr_remote) | |
6612 | ) | |
6613 | || (addr_remote && addr_remote->next) | |
6614 | ) ) | |
059ec3d9 PH |
6615 | { |
6616 | /* Panic-dies on error */ | |
6617 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
6618 | header_rewritten = FALSE; | |
6619 | } | |
6620 | ||
6621 | ||
6622 | /* If there are any deliveries to be done, open the journal file. This is used | |
6623 | to record successful deliveries as soon as possible after each delivery is | |
6624 | known to be complete. A file opened with O_APPEND is used so that several | |
6625 | processes can run simultaneously. | |
6626 | ||
6627 | The journal is just insurance against crashes. When the spool file is | |
6628 | ultimately updated at the end of processing, the journal is deleted. If a | |
6629 | journal is found to exist at the start of delivery, the addresses listed | |
6630 | therein are added to the non-recipients. */ | |
6631 | ||
d6c82d7b | 6632 | if (addr_local || addr_remote) |
059ec3d9 PH |
6633 | { |
6634 | sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); | |
6635 | journal_fd = Uopen(spoolname, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE); | |
6636 | ||
6637 | if (journal_fd < 0) | |
6638 | { | |
6639 | log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s", | |
6640 | spoolname, strerror(errno)); | |
6641 | return DELIVER_NOT_ATTEMPTED; | |
6642 | } | |
6643 | ||
6644 | /* Set the close-on-exec flag, make the file owned by Exim, and ensure | |
6645 | that the mode is correct - the group setting doesn't always seem to get | |
6646 | set automatically. */ | |
6647 | ||
1ac6b2e7 JH |
6648 | if( fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) |
6649 | || fchown(journal_fd, exim_uid, exim_gid) | |
6650 | || fchmod(journal_fd, SPOOL_MODE) | |
6651 | ) | |
6652 | { | |
6653 | int ret = Uunlink(spoolname); | |
6654 | log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", | |
6655 | spoolname, strerror(errno)); | |
6656 | if(ret && errno != ENOENT) | |
6657 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", | |
6658 | spoolname, strerror(errno)); | |
6659 | return DELIVER_NOT_ATTEMPTED; | |
6660 | } | |
059ec3d9 PH |
6661 | } |
6662 | ||
6663 | ||
1ac6b2e7 | 6664 | |
059ec3d9 PH |
6665 | /* Now we can get down to the business of actually doing deliveries. Local |
6666 | deliveries are done first, then remote ones. If ever the problems of how to | |
6667 | handle fallback transports are figured out, this section can be put into a loop | |
6668 | for handling fallbacks, though the uid switching will have to be revised. */ | |
6669 | ||
f1513293 PH |
6670 | /* Precompile a regex that is used to recognize a parameter in response |
6671 | to an LHLO command, if is isn't already compiled. This may be used on both | |
6672 | local and remote LMTP deliveries. */ | |
6673 | ||
d6c82d7b JH |
6674 | if (!regex_IGNOREQUOTA) |
6675 | regex_IGNOREQUOTA = | |
6676 | regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); | |
f1513293 PH |
6677 | |
6678 | /* Handle local deliveries */ | |
6679 | ||
d6c82d7b | 6680 | if (addr_local) |
059ec3d9 PH |
6681 | { |
6682 | DEBUG(D_deliver|D_transport) | |
6683 | debug_printf(">>>>>>>>>>>>>>>> Local deliveries >>>>>>>>>>>>>>>>\n"); | |
6684 | do_local_deliveries(); | |
6685 | disable_logging = FALSE; | |
6686 | } | |
6687 | ||
6688 | /* If queue_run_local is set, we do not want to attempt any remote deliveries, | |
6689 | so just queue them all. */ | |
6690 | ||
6691 | if (queue_run_local) | |
d6c82d7b | 6692 | while (addr_remote) |
059ec3d9 PH |
6693 | { |
6694 | address_item *addr = addr_remote; | |
6695 | addr_remote = addr->next; | |
6696 | addr->next = NULL; | |
6697 | addr->basic_errno = ERRNO_LOCAL_ONLY; | |
6698 | addr->message = US"remote deliveries suppressed"; | |
6699 | (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_TRANSPORT, 0); | |
6700 | } | |
059ec3d9 PH |
6701 | |
6702 | /* Handle remote deliveries */ | |
6703 | ||
d6c82d7b | 6704 | if (addr_remote) |
059ec3d9 PH |
6705 | { |
6706 | DEBUG(D_deliver|D_transport) | |
6707 | debug_printf(">>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>\n"); | |
6708 | ||
6709 | /* Precompile some regex that are used to recognize parameters in response | |
6710 | to an EHLO command, if they aren't already compiled. */ | |
6711 | ||
476be7e2 | 6712 | deliver_init(); |
6c1c3d1d | 6713 | |
059ec3d9 PH |
6714 | /* Now sort the addresses if required, and do the deliveries. The yield of |
6715 | do_remote_deliveries is FALSE when mua_wrapper is set and all addresses | |
6716 | cannot be delivered in one transaction. */ | |
6717 | ||
d6c82d7b | 6718 | if (remote_sort_domains) sort_remote_deliveries(); |
059ec3d9 PH |
6719 | if (!do_remote_deliveries(FALSE)) |
6720 | { | |
6721 | log_write(0, LOG_MAIN, "** mua_wrapper is set but recipients cannot all " | |
6722 | "be delivered in one transaction"); | |
6723 | fprintf(stderr, "delivery to smarthost failed (configuration problem)\n"); | |
6724 | ||
6725 | final_yield = DELIVER_MUA_FAILED; | |
6726 | addr_failed = addr_defer = NULL; /* So that we remove the message */ | |
6727 | goto DELIVERY_TIDYUP; | |
6728 | } | |
6729 | ||
6730 | /* See if any of the addresses that failed got put on the queue for delivery | |
6731 | to their fallback hosts. We do it this way because often the same fallback | |
6732 | host is used for many domains, so all can be sent in a single transaction | |
6733 | (if appropriately configured). */ | |
6734 | ||
d6c82d7b | 6735 | if (addr_fallback && !mua_wrapper) |
059ec3d9 PH |
6736 | { |
6737 | DEBUG(D_deliver) debug_printf("Delivering to fallback hosts\n"); | |
6738 | addr_remote = addr_fallback; | |
6739 | addr_fallback = NULL; | |
d6c82d7b | 6740 | if (remote_sort_domains) sort_remote_deliveries(); |
059ec3d9 PH |
6741 | do_remote_deliveries(TRUE); |
6742 | } | |
6743 | disable_logging = FALSE; | |
6744 | } | |
6745 | ||
6746 | ||
6747 | /* All deliveries are now complete. Ignore SIGTERM during this tidying up | |
6748 | phase, to minimize cases of half-done things. */ | |
6749 | ||
6750 | DEBUG(D_deliver) | |
6751 | debug_printf(">>>>>>>>>>>>>>>> deliveries are done >>>>>>>>>>>>>>>>\n"); | |
6752 | ||
6753 | /* Root privilege is no longer needed */ | |
6754 | ||
6755 | exim_setugid(exim_uid, exim_gid, FALSE, US"post-delivery tidying"); | |
6756 | ||
6757 | set_process_info("tidying up after delivering %s", message_id); | |
6758 | signal(SIGTERM, SIG_IGN); | |
6759 | ||
6760 | /* When we are acting as an MUA wrapper, the smtp transport will either have | |
47c7a64a PH |
6761 | succeeded for all addresses, or failed them all in normal cases. However, there |
6762 | are some setup situations (e.g. when a named port does not exist) that cause an | |
6763 | immediate exit with deferral of all addresses. Convert those into failures. We | |
6764 | do not ever want to retry, nor do we want to send a bounce message. */ | |
059ec3d9 PH |
6765 | |
6766 | if (mua_wrapper) | |
6767 | { | |
d6c82d7b | 6768 | if (addr_defer) |
47c7a64a PH |
6769 | { |
6770 | address_item *addr, *nextaddr; | |
d6c82d7b | 6771 | for (addr = addr_defer; addr; addr = nextaddr) |
47c7a64a PH |
6772 | { |
6773 | log_write(0, LOG_MAIN, "** %s mua_wrapper forced failure for deferred " | |
6774 | "delivery", addr->address); | |
6775 | nextaddr = addr->next; | |
6776 | addr->next = addr_failed; | |
6777 | addr_failed = addr; | |
6778 | } | |
6779 | addr_defer = NULL; | |
6780 | } | |
6781 | ||
6782 | /* Now all should either have succeeded or failed. */ | |
6783 | ||
d6c82d7b JH |
6784 | if (!addr_failed) |
6785 | final_yield = DELIVER_MUA_SUCCEEDED; | |
6786 | else | |
059ec3d9 | 6787 | { |
c562fd30 | 6788 | host_item * host; |
d6c82d7b JH |
6789 | uschar *s = addr_failed->user_message; |
6790 | ||
6791 | if (!s) s = addr_failed->message; | |
059ec3d9 PH |
6792 | |
6793 | fprintf(stderr, "Delivery failed: "); | |
6794 | if (addr_failed->basic_errno > 0) | |
6795 | { | |
6796 | fprintf(stderr, "%s", strerror(addr_failed->basic_errno)); | |
d6c82d7b | 6797 | if (s) fprintf(stderr, ": "); |
059ec3d9 | 6798 | } |
c562fd30 JH |
6799 | if ((host = addr_failed->host_used)) |
6800 | fprintf(stderr, "H=%s [%s]: ", host->name, host->address); | |
d6c82d7b JH |
6801 | if (s) |
6802 | fprintf(stderr, "%s", CS s); | |
6803 | else if (addr_failed->basic_errno <= 0) | |
6804 | fprintf(stderr, "unknown error"); | |
059ec3d9 PH |
6805 | fprintf(stderr, "\n"); |
6806 | ||
6807 | final_yield = DELIVER_MUA_FAILED; | |
6808 | addr_failed = NULL; | |
6809 | } | |
6810 | } | |
6811 | ||
6812 | /* In a normal configuration, we now update the retry database. This is done in | |
6813 | one fell swoop at the end in order not to keep opening and closing (and | |
6814 | locking) the database. The code for handling retries is hived off into a | |
6815 | separate module for convenience. We pass it the addresses of the various | |
6816 | chains, because deferred addresses can get moved onto the failed chain if the | |
6817 | retry cutoff time has expired for all alternative destinations. Bypass the | |
6818 | updating of the database if the -N flag is set, which is a debugging thing that | |
6819 | prevents actual delivery. */ | |
6820 | ||
d6c82d7b JH |
6821 | else if (!dont_deliver) |
6822 | retry_update(&addr_defer, &addr_failed, &addr_succeed); | |
059ec3d9 | 6823 | |
6c1c3d1d WB |
6824 | /* Send DSN for successful messages */ |
6825 | addr_dsntmp = addr_succeed; | |
6826 | addr_senddsn = NULL; | |
6827 | ||
9671784a | 6828 | while(addr_dsntmp) |
6c1c3d1d | 6829 | { |
6c1c3d1d | 6830 | /* af_ignore_error not honored here. it's not an error */ |
9671784a JH |
6831 | DEBUG(D_deliver) |
6832 | { | |
6833 | debug_printf("DSN: processing router : %s\n" | |
6834 | "DSN: processing successful delivery address: %s\n" | |
6835 | "DSN: Sender_address: %s\n" | |
6836 | "DSN: orcpt: %s flags: %d\n" | |
6837 | "DSN: envid: %s ret: %d\n" | |
6838 | "DSN: Final recipient: %s\n" | |
6839 | "DSN: Remote SMTP server supports DSN: %d\n", | |
6840 | addr_dsntmp->router->name, | |
6841 | addr_dsntmp->address, | |
6842 | sender_address, | |
6843 | addr_dsntmp->dsn_orcpt, addr_dsntmp->dsn_flags, | |
6844 | dsn_envid, dsn_ret, | |
6845 | addr_dsntmp->address, | |
6846 | addr_dsntmp->dsn_aware | |
6847 | ); | |
6848 | } | |
6c1c3d1d WB |
6849 | |
6850 | /* send report if next hop not DSN aware or a router flagged "last DSN hop" | |
6851 | and a report was requested */ | |
9671784a JH |
6852 | if ( ( addr_dsntmp->dsn_aware != dsn_support_yes |
6853 | || addr_dsntmp->dsn_flags & rf_dsnlasthop | |
6854 | ) | |
6855 | && addr_dsntmp->dsn_flags & rf_dsnflags | |
6856 | && addr_dsntmp->dsn_flags & rf_notify_success | |
6857 | ) | |
6c1c3d1d WB |
6858 | { |
6859 | /* copy and relink address_item and send report with all of them at once later */ | |
6860 | address_item *addr_next; | |
6861 | addr_next = addr_senddsn; | |
6862 | addr_senddsn = store_get(sizeof(address_item)); | |
6863 | memcpy(addr_senddsn, addr_dsntmp, sizeof(address_item)); | |
6864 | addr_senddsn->next = addr_next; | |
6865 | } | |
6866 | else | |
94431adb | 6867 | DEBUG(D_deliver) debug_printf("DSN: not sending DSN success message\n"); |
6c1c3d1d WB |
6868 | |
6869 | addr_dsntmp = addr_dsntmp->next; | |
6870 | } | |
6871 | ||
9671784a | 6872 | if (addr_senddsn) |
6c1c3d1d WB |
6873 | { |
6874 | pid_t pid; | |
6875 | int fd; | |
6876 | ||
94431adb | 6877 | /* create exim process to send message */ |
6c1c3d1d WB |
6878 | pid = child_open_exim(&fd); |
6879 | ||
6880 | DEBUG(D_deliver) debug_printf("DSN: child_open_exim returns: %d\n", pid); | |
94431adb | 6881 | |
6c1c3d1d WB |
6882 | if (pid < 0) /* Creation of child failed */ |
6883 | { | |
6884 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Process %d (parent %d) failed to " | |
6885 | "create child process to send failure message: %s", getpid(), | |
6886 | getppid(), strerror(errno)); | |
6887 | ||
1c5b1499 | 6888 | DEBUG(D_deliver) debug_printf("DSN: child_open_exim failed\n"); |
94431adb | 6889 | } |
6c1c3d1d WB |
6890 | else /* Creation of child succeeded */ |
6891 | { | |
6892 | FILE *f = fdopen(fd, "wb"); | |
6893 | /* header only as required by RFC. only failure DSN needs to honor RET=FULL */ | |
6894 | int topt = topt_add_return_path | topt_no_body; | |
45500060 | 6895 | uschar * bound; |
94431adb | 6896 | |
1c5b1499 JH |
6897 | DEBUG(D_deliver) |
6898 | debug_printf("sending error message to: %s\n", sender_address); | |
94431adb | 6899 | |
6c1c3d1d | 6900 | /* build unique id for MIME boundary */ |
45500060 JH |
6901 | bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand()); |
6902 | DEBUG(D_deliver) debug_printf("DSN: MIME boundary: %s\n", bound); | |
94431adb | 6903 | |
c007c974 JH |
6904 | if (errors_reply_to) |
6905 | fprintf(f, "Reply-To: %s\n", errors_reply_to); | |
94431adb | 6906 | |
c007c974 JH |
6907 | fprintf(f, "Auto-Submitted: auto-generated\n" |
6908 | "From: Mail Delivery System <Mailer-Daemon@%s>\n" | |
6909 | "To: %s\n" | |
6910 | "Subject: Delivery Status Notification\n" | |
6911 | "Content-Type: multipart/report; report-type=delivery-status; boundary=%s\n" | |
6912 | "MIME-Version: 1.0\n\n" | |
6913 | ||
6914 | "--%s\n" | |
6915 | "Content-type: text/plain; charset=us-ascii\n\n" | |
94431adb | 6916 | |
c007c974 | 6917 | "This message was created automatically by mail delivery software.\n" |
8864c2c4 | 6918 | " ----- The following addresses had successful delivery notifications -----\n", |
45500060 | 6919 | qualify_domain_sender, sender_address, bound, bound); |
6c1c3d1d | 6920 | |
1c5b1499 JH |
6921 | for (addr_dsntmp = addr_senddsn; addr_dsntmp; |
6922 | addr_dsntmp = addr_dsntmp->next) | |
c007c974 JH |
6923 | fprintf(f, "<%s> (relayed %s)\n\n", |
6924 | addr_dsntmp->address, | |
6925 | (addr_dsntmp->dsn_flags & rf_dsnlasthop) == 1 | |
6926 | ? "via non DSN router" | |
6927 | : addr_dsntmp->dsn_aware == dsn_support_no | |
6928 | ? "to non-DSN-aware mailer" | |
6929 | : "via non \"Remote SMTP\" router" | |
6930 | ); | |
1c5b1499 | 6931 | |
c007c974 JH |
6932 | fprintf(f, "--%s\n" |
6933 | "Content-type: message/delivery-status\n\n" | |
6934 | "Reporting-MTA: dns; %s\n", | |
45500060 | 6935 | bound, smtp_active_hostname); |
c007c974 | 6936 | |
1c5b1499 JH |
6937 | if (dsn_envid) |
6938 | { /* must be decoded from xtext: see RFC 3461:6.3a */ | |
6c1c3d1d WB |
6939 | uschar *xdec_envid; |
6940 | if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) | |
c007c974 | 6941 | fprintf(f, "Original-Envelope-ID: %s\n", dsn_envid); |
6c1c3d1d | 6942 | else |
c007c974 | 6943 | fprintf(f, "X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); |
6c1c3d1d | 6944 | } |
c007c974 | 6945 | fputc('\n', f); |
6c1c3d1d | 6946 | |
c007c974 JH |
6947 | for (addr_dsntmp = addr_senddsn; |
6948 | addr_dsntmp; | |
6949 | addr_dsntmp = addr_dsntmp->next) | |
6c1c3d1d | 6950 | { |
c007c974 | 6951 | if (addr_dsntmp->dsn_orcpt) |
6c1c3d1d | 6952 | fprintf(f,"Original-Recipient: %s\n", addr_dsntmp->dsn_orcpt); |
c007c974 JH |
6953 | |
6954 | fprintf(f, "Action: delivered\n" | |
6955 | "Final-Recipient: rfc822;%s\n" | |
6956 | "Status: 2.0.0\n", | |
6957 | addr_dsntmp->address); | |
6958 | ||
6959 | if (addr_dsntmp->host_used && addr_dsntmp->host_used->name) | |
1c5b1499 | 6960 | fprintf(f, "Remote-MTA: dns; %s\nDiagnostic-Code: smtp; 250 Ok\n\n", |
c007c974 | 6961 | addr_dsntmp->host_used->name); |
6c1c3d1d | 6962 | else |
1c5b1499 | 6963 | fprintf(f, "Diagnostic-Code: X-Exim; relayed via non %s router\n\n", |
c007c974 | 6964 | (addr_dsntmp->dsn_flags & rf_dsnlasthop) == 1 ? "DSN" : "SMTP"); |
6c1c3d1d WB |
6965 | } |
6966 | ||
45500060 | 6967 | fprintf(f, "--%s\nContent-type: text/rfc822-headers\n\n", bound); |
94431adb | 6968 | |
6c1c3d1d WB |
6969 | fflush(f); |
6970 | transport_filter_argv = NULL; /* Just in case */ | |
6971 | return_path = sender_address; /* In case not previously set */ | |
94431adb | 6972 | |
6c1c3d1d WB |
6973 | /* Write the original email out */ |
6974 | transport_write_message(NULL, fileno(f), topt, 0, NULL, NULL, NULL, NULL, NULL, 0); | |
6975 | fflush(f); | |
6976 | ||
21bc4865 | 6977 | fprintf(f,"\n--%s--\n", bound); |
6c1c3d1d WB |
6978 | |
6979 | fflush(f); | |
6980 | fclose(f); | |
6981 | rc = child_close(pid, 0); /* Waits for child to close, no timeout */ | |
6982 | } | |
6983 | } | |
6c1c3d1d | 6984 | |
059ec3d9 PH |
6985 | /* If any addresses failed, we must send a message to somebody, unless |
6986 | af_ignore_error is set, in which case no action is taken. It is possible for | |
6987 | several messages to get sent if there are addresses with different | |
6988 | requirements. */ | |
6989 | ||
d6c82d7b | 6990 | while (addr_failed) |
059ec3d9 PH |
6991 | { |
6992 | pid_t pid; | |
6993 | int fd; | |
6994 | uschar *logtod = tod_stamp(tod_log); | |
6995 | address_item *addr; | |
6996 | address_item *handled_addr = NULL; | |
6997 | address_item **paddr; | |
6998 | address_item *msgchain = NULL; | |
6999 | address_item **pmsgchain = &msgchain; | |
7000 | ||
7001 | /* There are weird cases when logging is disabled in the transport. However, | |
7002 | there may not be a transport (address failed by a router). */ | |
7003 | ||
7004 | disable_logging = FALSE; | |
d6c82d7b | 7005 | if (addr_failed->transport) |
059ec3d9 PH |
7006 | disable_logging = addr_failed->transport->disable_logging; |
7007 | ||
7008 | DEBUG(D_deliver) | |
7009 | debug_printf("processing failed address %s\n", addr_failed->address); | |
7010 | ||
7011 | /* There are only two ways an address in a bounce message can get here: | |
7012 | ||
7013 | (1) When delivery was initially deferred, but has now timed out (in the call | |
7014 | to retry_update() above). We can detect this by testing for | |
7015 | af_retry_timedout. If the address does not have its own errors address, | |
7016 | we arrange to ignore the error. | |
7017 | ||
7018 | (2) If delivery failures for bounce messages are being ignored. We can detect | |
7019 | this by testing for af_ignore_error. This will also be set if a bounce | |
7020 | message has been autothawed and the ignore_bounce_errors_after time has | |
7021 | passed. It might also be set if a router was explicitly configured to | |
7022 | ignore errors (errors_to = ""). | |
7023 | ||
7024 | If neither of these cases obtains, something has gone wrong. Log the | |
7025 | incident, but then ignore the error. */ | |
7026 | ||
d6c82d7b | 7027 | if (sender_address[0] == 0 && !addr_failed->prop.errors_address) |
059ec3d9 | 7028 | { |
9671784a JH |
7029 | if ( !testflag(addr_failed, af_retry_timedout) |
7030 | && !testflag(addr_failed, af_ignore_error)) | |
059ec3d9 PH |
7031 | { |
7032 | log_write(0, LOG_MAIN|LOG_PANIC, "internal error: bounce message " | |
7033 | "failure is neither frozen nor ignored (it's been ignored)"); | |
7034 | } | |
7035 | setflag(addr_failed, af_ignore_error); | |
7036 | } | |
7037 | ||
7038 | /* If the first address on the list has af_ignore_error set, just remove | |
7039 | it from the list, throw away any saved message file, log it, and | |
7040 | mark the recipient done. */ | |
7041 | ||
50dc7409 | 7042 | if ( testflag(addr_failed, af_ignore_error) |
9671784a | 7043 | || ( addr_failed->dsn_flags & rf_dsnflags |
d6c82d7b JH |
7044 | && (addr_failed->dsn_flags & rf_notify_failure) != rf_notify_failure |
7045 | ) ) | |
1c5b1499 | 7046 | { |
059ec3d9 PH |
7047 | addr = addr_failed; |
7048 | addr_failed = addr->next; | |
d6c82d7b | 7049 | if (addr->return_filename) Uunlink(addr->return_filename); |
059ec3d9 PH |
7050 | |
7051 | log_write(0, LOG_MAIN, "%s%s%s%s: error ignored", | |
7052 | addr->address, | |
1c5b1499 JH |
7053 | !addr->parent ? US"" : US" <", |
7054 | !addr->parent ? US"" : addr->parent->address, | |
7055 | !addr->parent ? US"" : US">"); | |
059ec3d9 PH |
7056 | |
7057 | address_done(addr, logtod); | |
7058 | child_done(addr, logtod); | |
7059 | /* Panic-dies on error */ | |
7060 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
7061 | } | |
7062 | ||
7063 | /* Otherwise, handle the sending of a message. Find the error address for | |
7064 | the first address, then send a message that includes all failed addresses | |
7065 | that have the same error address. Note the bounce_recipient is a global so | |
7066 | that it can be accesssed by $bounce_recipient while creating a customized | |
7067 | error message. */ | |
7068 | ||
7069 | else | |
7070 | { | |
d6c82d7b JH |
7071 | if (!(bounce_recipient = addr_failed->prop.errors_address)) |
7072 | bounce_recipient = sender_address; | |
059ec3d9 PH |
7073 | |
7074 | /* Make a subprocess to send a message */ | |
7075 | ||
1c5b1499 | 7076 | if ((pid = child_open_exim(&fd)) < 0) |
059ec3d9 PH |
7077 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Process %d (parent %d) failed to " |
7078 | "create child process to send failure message: %s", getpid(), | |
7079 | getppid(), strerror(errno)); | |
7080 | ||
7081 | /* Creation of child succeeded */ | |
7082 | ||
7083 | else | |
7084 | { | |
7085 | int ch, rc; | |
7086 | int filecount = 0; | |
7087 | int rcount = 0; | |
7088 | uschar *bcc, *emf_text; | |
7089 | FILE *f = fdopen(fd, "wb"); | |
7090 | FILE *emf = NULL; | |
7091 | BOOL to_sender = strcmpic(sender_address, bounce_recipient) == 0; | |
7092 | int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) * | |
7093 | DELIVER_IN_BUFFER_SIZE; | |
45500060 | 7094 | uschar * bound; |
0f9d3aea JH |
7095 | uschar *dsnlimitmsg; |
7096 | uschar *dsnnotifyhdr; | |
7097 | int topt; | |
059ec3d9 PH |
7098 | |
7099 | DEBUG(D_deliver) | |
7100 | debug_printf("sending error message to: %s\n", bounce_recipient); | |
7101 | ||
7102 | /* Scan the addresses for all that have the same errors address, removing | |
7103 | them from the addr_failed chain, and putting them on msgchain. */ | |
7104 | ||
7105 | paddr = &addr_failed; | |
d6c82d7b | 7106 | for (addr = addr_failed; addr; addr = *paddr) |
d43cbe25 JH |
7107 | if (Ustrcmp(bounce_recipient, addr->prop.errors_address |
7108 | ? addr->prop.errors_address : sender_address) == 0) | |
1c5b1499 | 7109 | { /* The same - dechain */ |
059ec3d9 PH |
7110 | *paddr = addr->next; |
7111 | *pmsgchain = addr; | |
7112 | addr->next = NULL; | |
7113 | pmsgchain = &(addr->next); | |
7114 | } | |
1c5b1499 JH |
7115 | else |
7116 | paddr = &addr->next; /* Not the same; skip */ | |
059ec3d9 PH |
7117 | |
7118 | /* Include X-Failed-Recipients: for automatic interpretation, but do | |
7119 | not let any one header line get too long. We do this by starting a | |
7120 | new header every 50 recipients. Omit any addresses for which the | |
7121 | "hide_child" flag is set. */ | |
7122 | ||
d6c82d7b | 7123 | for (addr = msgchain; addr; addr = addr->next) |
059ec3d9 PH |
7124 | { |
7125 | if (testflag(addr, af_hide_child)) continue; | |
7126 | if (rcount >= 50) | |
7127 | { | |
7128 | fprintf(f, "\n"); | |
7129 | rcount = 0; | |
7130 | } | |
7131 | fprintf(f, "%s%s", | |
d6c82d7b JH |
7132 | rcount++ == 0 |
7133 | ? "X-Failed-Recipients: " | |
7134 | : ",\n ", | |
7135 | testflag(addr, af_pfr) && addr->parent | |
7136 | ? string_printing(addr->parent->address) | |
7137 | : string_printing(addr->address)); | |
059ec3d9 PH |
7138 | } |
7139 | if (rcount > 0) fprintf(f, "\n"); | |
7140 | ||
7141 | /* Output the standard headers */ | |
7142 | ||
1c5b1499 | 7143 | if (errors_reply_to) |
059ec3d9 | 7144 | fprintf(f, "Reply-To: %s\n", errors_reply_to); |
456682f5 | 7145 | fprintf(f, "Auto-Submitted: auto-replied\n"); |
0e22dfd1 | 7146 | moan_write_from(f); |
059ec3d9 PH |
7147 | fprintf(f, "To: %s\n", bounce_recipient); |
7148 | ||
6c1c3d1d | 7149 | /* generate boundary string and output MIME-Headers */ |
45500060 | 7150 | bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand()); |
c007c974 JH |
7151 | |
7152 | fprintf(f, "Content-Type: multipart/report;" | |
7153 | " report-type=delivery-status; boundary=%s\n" | |
7154 | "MIME-Version: 1.0\n", | |
45500060 | 7155 | bound); |
6c1c3d1d | 7156 | |
059ec3d9 PH |
7157 | /* Open a template file if one is provided. Log failure to open, but |
7158 | carry on - default texts will be used. */ | |
7159 | ||
c007c974 JH |
7160 | if (bounce_message_file) |
7161 | if (!(emf = Ufopen(bounce_message_file, "rb"))) | |
059ec3d9 PH |
7162 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for error " |
7163 | "message texts: %s", bounce_message_file, strerror(errno)); | |
059ec3d9 PH |
7164 | |
7165 | /* Quietly copy to configured additional addresses if required. */ | |
7166 | ||
c007c974 JH |
7167 | if ((bcc = moan_check_errorcopy(bounce_recipient))) |
7168 | fprintf(f, "Bcc: %s\n", bcc); | |
059ec3d9 PH |
7169 | |
7170 | /* The texts for the message can be read from a template file; if there | |
7171 | isn't one, or if it is too short, built-in texts are used. The first | |
7172 | emf text is a Subject: and any other headers. */ | |
7173 | ||
c007c974 JH |
7174 | if ((emf_text = next_emf(emf, US"header"))) |
7175 | fprintf(f, "%s\n", emf_text); | |
7176 | else | |
059ec3d9 PH |
7177 | fprintf(f, "Subject: Mail delivery failed%s\n\n", |
7178 | to_sender? ": returning message to sender" : ""); | |
059ec3d9 | 7179 | |
6c1c3d1d | 7180 | /* output human readable part as text/plain section */ |
c007c974 JH |
7181 | fprintf(f, "--%s\n" |
7182 | "Content-type: text/plain; charset=us-ascii\n\n", | |
45500060 | 7183 | bound); |
6c1c3d1d | 7184 | |
c007c974 JH |
7185 | if ((emf_text = next_emf(emf, US"intro"))) |
7186 | fprintf(f, "%s", CS emf_text); | |
7187 | else | |
059ec3d9 PH |
7188 | { |
7189 | fprintf(f, | |
7190 | /* This message has been reworded several times. It seems to be confusing to | |
7191 | somebody, however it is worded. I have retreated to the original, simple | |
7192 | wording. */ | |
7193 | "This message was created automatically by mail delivery software.\n"); | |
c007c974 JH |
7194 | |
7195 | if (bounce_message_text) | |
7196 | fprintf(f, "%s", CS bounce_message_text); | |
059ec3d9 | 7197 | if (to_sender) |
059ec3d9 PH |
7198 | fprintf(f, |
7199 | "\nA message that you sent could not be delivered to one or more of its\n" | |
7200 | "recipients. This is a permanent error. The following address(es) failed:\n"); | |
059ec3d9 | 7201 | else |
059ec3d9 PH |
7202 | fprintf(f, |
7203 | "\nA message sent by\n\n <%s>\n\n" | |
7204 | "could not be delivered to one or more of its recipients. The following\n" | |
7205 | "address(es) failed:\n", sender_address); | |
059ec3d9 | 7206 | } |
c007c974 | 7207 | fputc('\n', f); |
059ec3d9 PH |
7208 | |
7209 | /* Process the addresses, leaving them on the msgchain if they have a | |
7210 | file name for a return message. (There has already been a check in | |
447d236c PH |
7211 | post_process_one() for the existence of data in the message file.) A TRUE |
7212 | return from print_address_information() means that the address is not | |
7213 | hidden. */ | |
059ec3d9 PH |
7214 | |
7215 | paddr = &msgchain; | |
d6c82d7b | 7216 | for (addr = msgchain; addr; addr = *paddr) |
059ec3d9 PH |
7217 | { |
7218 | if (print_address_information(addr, f, US" ", US"\n ", US"")) | |
447d236c | 7219 | print_address_error(addr, f, US""); |
059ec3d9 PH |
7220 | |
7221 | /* End the final line for the address */ | |
7222 | ||
7223 | fputc('\n', f); | |
7224 | ||
7225 | /* Leave on msgchain if there's a return file. */ | |
7226 | ||
7227 | if (addr->return_file >= 0) | |
7228 | { | |
7229 | paddr = &(addr->next); | |
7230 | filecount++; | |
7231 | } | |
7232 | ||
7233 | /* Else save so that we can tick off the recipient when the | |
7234 | message is sent. */ | |
7235 | ||
7236 | else | |
7237 | { | |
7238 | *paddr = addr->next; | |
7239 | addr->next = handled_addr; | |
7240 | handled_addr = addr; | |
7241 | } | |
7242 | } | |
7243 | ||
c007c974 | 7244 | fputc('\n', f); |
059ec3d9 PH |
7245 | |
7246 | /* Get the next text, whether we need it or not, so as to be | |
7247 | positioned for the one after. */ | |
7248 | ||
7249 | emf_text = next_emf(emf, US"generated text"); | |
7250 | ||
7251 | /* If there were any file messages passed by the local transports, | |
7252 | include them in the message. Then put the address on the handled chain. | |
7253 | In the case of a batch of addresses that were all sent to the same | |
7254 | transport, the return_file field in all of them will contain the same | |
7255 | fd, and the return_filename field in the *last* one will be set (to the | |
7256 | name of the file). */ | |
7257 | ||
c007c974 | 7258 | if (msgchain) |
059ec3d9 PH |
7259 | { |
7260 | address_item *nextaddr; | |
7261 | ||
c007c974 JH |
7262 | if (emf_text) |
7263 | fprintf(f, "%s", CS emf_text); | |
7264 | else | |
059ec3d9 PH |
7265 | fprintf(f, |
7266 | "The following text was generated during the delivery " | |
7267 | "attempt%s:\n", (filecount > 1)? "s" : ""); | |
7268 | ||
d6c82d7b | 7269 | for (addr = msgchain; addr; addr = nextaddr) |
059ec3d9 PH |
7270 | { |
7271 | FILE *fm; | |
7272 | address_item *topaddr = addr; | |
7273 | ||
7274 | /* List all the addresses that relate to this file */ | |
7275 | ||
c007c974 JH |
7276 | fputc('\n', f); |
7277 | while(addr) /* Insurance */ | |
059ec3d9 PH |
7278 | { |
7279 | print_address_information(addr, f, US"------ ", US"\n ", | |
7280 | US" ------\n"); | |
c007c974 | 7281 | if (addr->return_filename) break; |
059ec3d9 PH |
7282 | addr = addr->next; |
7283 | } | |
c007c974 | 7284 | fputc('\n', f); |
059ec3d9 PH |
7285 | |
7286 | /* Now copy the file */ | |
7287 | ||
d6c82d7b | 7288 | if (!(fm = Ufopen(addr->return_filename, "rb"))) |
059ec3d9 PH |
7289 | fprintf(f, " +++ Exim error... failed to open text file: %s\n", |
7290 | strerror(errno)); | |
7291 | else | |
7292 | { | |
7293 | while ((ch = fgetc(fm)) != EOF) fputc(ch, f); | |
f1e894f3 | 7294 | (void)fclose(fm); |
059ec3d9 PH |
7295 | } |
7296 | Uunlink(addr->return_filename); | |
7297 | ||
7298 | /* Can now add to handled chain, first fishing off the next | |
7299 | address on the msgchain. */ | |
7300 | ||
7301 | nextaddr = addr->next; | |
7302 | addr->next = handled_addr; | |
7303 | handled_addr = topaddr; | |
7304 | } | |
c007c974 | 7305 | fputc('\n', f); |
059ec3d9 PH |
7306 | } |
7307 | ||
6c1c3d1d | 7308 | /* output machine readable part */ |
9671784a JH |
7309 | #ifdef EXPERIMENTAL_INTERNATIONAL |
7310 | if (message_smtputf8) | |
7311 | fprintf(f, "--%s\n" | |
7312 | "Content-type: message/global-delivery-status\n\n" | |
7313 | "Reporting-MTA: dns; %s\n", | |
7314 | bound, smtp_active_hostname); | |
7315 | else | |
7316 | #endif | |
7317 | fprintf(f, "--%s\n" | |
7318 | "Content-type: message/delivery-status\n\n" | |
7319 | "Reporting-MTA: dns; %s\n", | |
7320 | bound, smtp_active_hostname); | |
c007c974 JH |
7321 | |
7322 | if (dsn_envid) | |
7323 | { | |
6c1c3d1d WB |
7324 | /* must be decoded from xtext: see RFC 3461:6.3a */ |
7325 | uschar *xdec_envid; | |
7326 | if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) | |
c007c974 | 7327 | fprintf(f, "Original-Envelope-ID: %s\n", dsn_envid); |
6c1c3d1d | 7328 | else |
c007c974 | 7329 | fprintf(f, "X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); |
6c1c3d1d | 7330 | } |
c007c974 | 7331 | fputc('\n', f); |
94431adb | 7332 | |
c007c974 | 7333 | for (addr = handled_addr; addr; addr = addr->next) |
6c1c3d1d | 7334 | { |
895fbaf2 | 7335 | host_item * hu; |
c007c974 | 7336 | fprintf(f, "Action: failed\n" |
8864c2c4 JH |
7337 | "Final-Recipient: rfc822;%s\n" |
7338 | "Status: 5.0.0\n", | |
7339 | addr->address); | |
895fbaf2 JH |
7340 | if ((hu = addr->host_used) && hu->name) |
7341 | { | |
7342 | const uschar * s; | |
23f3dc67 | 7343 | fprintf(f, "Remote-MTA: dns; %s\n", hu->name); |
895fbaf2 JH |
7344 | #ifdef EXPERIMENTAL_DSN_INFO |
7345 | if (hu->address) | |
7346 | { | |
7347 | uschar * p = hu->port == 25 | |
7348 | ? US"" : string_sprintf(":%d", hu->port); | |
7349 | fprintf(f, "Remote-MTA: X-ip; [%s]%s\n", hu->address, p); | |
7350 | } | |
7351 | if ((s = addr->smtp_greeting) && *s) | |
7352 | fprintf(f, "X-Remote-MTA-smtp-greeting: X-str; %s\n", s); | |
7353 | if ((s = addr->helo_response) && *s) | |
7354 | fprintf(f, "X-Remote-MTA-helo-response: X-str; %s\n", s); | |
7355 | if ((s = addr->message) && *s) | |
7356 | fprintf(f, "X-Exim-Diagnostic: X-str; %s\n", s); | |
7357 | #endif | |
7358 | print_dsn_diagnostic_code(addr, f); | |
7359 | } | |
1c5b1499 | 7360 | fputc('\n', f); |
6c1c3d1d | 7361 | } |
6c1c3d1d | 7362 | |
059ec3d9 PH |
7363 | /* Now copy the message, trying to give an intelligible comment if |
7364 | it is too long for it all to be copied. The limit isn't strictly | |
7365 | applied because of the buffering. There is, however, an option | |
7366 | to suppress copying altogether. */ | |
7367 | ||
7368 | emf_text = next_emf(emf, US"copy"); | |
7369 | ||
6c1c3d1d | 7370 | /* add message body |
94431adb | 7371 | we ignore the intro text from template and add |
6c1c3d1d | 7372 | the text for bounce_return_size_limit at the end. |
94431adb | 7373 | |
6c1c3d1d WB |
7374 | bounce_return_message is ignored |
7375 | in case RET= is defined we honor these values | |
7376 | otherwise bounce_return_body is honored. | |
94431adb | 7377 | |
6c1c3d1d WB |
7378 | bounce_return_size_limit is always honored. |
7379 | */ | |
94431adb | 7380 | |
1c5b1499 | 7381 | fprintf(f, "--%s\n", bound); |
6c1c3d1d | 7382 | |
0f9d3aea JH |
7383 | dsnlimitmsg = US"X-Exim-DSN-Information: Due to administrative limits only headers are returned"; |
7384 | dsnnotifyhdr = NULL; | |
7385 | topt = topt_add_return_path; | |
7386 | ||
6c1c3d1d WB |
7387 | /* RET=HDRS? top priority */ |
7388 | if (dsn_ret == dsn_ret_hdrs) | |
7389 | topt |= topt_no_body; | |
7390 | else | |
7391 | /* no full body return at all? */ | |
7392 | if (!bounce_return_body) | |
7393 | { | |
7394 | topt |= topt_no_body; | |
7395 | /* add header if we overrule RET=FULL */ | |
7396 | if (dsn_ret == dsn_ret_full) | |
7397 | dsnnotifyhdr = dsnlimitmsg; | |
7398 | } | |
7399 | /* size limited ... return headers only if limit reached */ | |
7400 | else if (bounce_return_size_limit > 0) | |
7401 | { | |
7402 | struct stat statbuf; | |
7403 | if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max) | |
7404 | { | |
7405 | topt |= topt_no_body; | |
7406 | dsnnotifyhdr = dsnlimitmsg; | |
7407 | } | |
7408 | } | |
94431adb | 7409 | |
9671784a JH |
7410 | #ifdef EXPERIMENTAL_INTERNATIONAL |
7411 | if (message_smtputf8) | |
7412 | fputs(topt & topt_no_body ? "Content-type: message/global-headers\n\n" | |
7413 | : "Content-type: message/global\n\n", | |
7414 | f); | |
7415 | else | |
7416 | #endif | |
7417 | fputs(topt & topt_no_body ? "Content-type: text/rfc822-headers\n\n" | |
7418 | : "Content-type: message/rfc822\n\n", | |
7419 | f); | |
6c1c3d1d WB |
7420 | |
7421 | fflush(f); | |
7422 | transport_filter_argv = NULL; /* Just in case */ | |
7423 | return_path = sender_address; /* In case not previously set */ | |
7424 | transport_write_message(NULL, fileno(f), topt, | |
7425 | 0, dsnnotifyhdr, NULL, NULL, NULL, NULL, 0); | |
7426 | fflush(f); | |
94431adb | 7427 | |
6c1c3d1d | 7428 | /* we never add the final text. close the file */ |
c007c974 | 7429 | if (emf) |
6c1c3d1d | 7430 | (void)fclose(emf); |
94431adb | 7431 | |
45500060 | 7432 | fprintf(f, "\n--%s--\n", bound); |
059ec3d9 PH |
7433 | |
7434 | /* Close the file, which should send an EOF to the child process | |
7435 | that is receiving the message. Wait for it to finish. */ | |
7436 | ||
f1e894f3 | 7437 | (void)fclose(f); |
059ec3d9 PH |
7438 | rc = child_close(pid, 0); /* Waits for child to close, no timeout */ |
7439 | ||
7440 | /* In the test harness, let the child do it's thing first. */ | |
7441 | ||
7442 | if (running_in_test_harness) millisleep(500); | |
7443 | ||
7444 | /* If the process failed, there was some disaster in setting up the | |
7445 | error message. Unless the message is very old, ensure that addr_defer | |
7446 | is non-null, which will have the effect of leaving the message on the | |
7447 | spool. The failed addresses will get tried again next time. However, we | |
7448 | don't really want this to happen too often, so freeze the message unless | |
7449 | there are some genuine deferred addresses to try. To do this we have | |
7450 | to call spool_write_header() here, because with no genuine deferred | |
7451 | addresses the normal code below doesn't get run. */ | |
7452 | ||
7453 | if (rc != 0) | |
7454 | { | |
7455 | uschar *s = US""; | |
d6c82d7b | 7456 | if (now - received_time < retry_maximum_timeout && !addr_defer) |
059ec3d9 PH |
7457 | { |
7458 | addr_defer = (address_item *)(+1); | |
7459 | deliver_freeze = TRUE; | |
7460 | deliver_frozen_at = time(NULL); | |
7461 | /* Panic-dies on error */ | |
7462 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
7463 | s = US" (frozen)"; | |
7464 | } | |
7465 | deliver_msglog("Process failed (%d) when writing error message " | |
7466 | "to %s%s", rc, bounce_recipient, s); | |
7467 | log_write(0, LOG_MAIN, "Process failed (%d) when writing error message " | |
7468 | "to %s%s", rc, bounce_recipient, s); | |
7469 | } | |
7470 | ||
7471 | /* The message succeeded. Ensure that the recipients that failed are | |
7472 | now marked finished with on the spool and their parents updated. */ | |
7473 | ||
7474 | else | |
7475 | { | |
d6c82d7b | 7476 | for (addr = handled_addr; addr; addr = addr->next) |
059ec3d9 PH |
7477 | { |
7478 | address_done(addr, logtod); | |
7479 | child_done(addr, logtod); | |
7480 | } | |
7481 | /* Panic-dies on error */ | |
7482 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
7483 | } | |
7484 | } | |
7485 | } | |
7486 | } | |
7487 | ||
7488 | disable_logging = FALSE; /* In case left set */ | |
7489 | ||
7490 | /* Come here from the mua_wrapper case if routing goes wrong */ | |
7491 | ||
7492 | DELIVERY_TIDYUP: | |
7493 | ||
7494 | /* If there are now no deferred addresses, we are done. Preserve the | |
7495 | message log if so configured, and we are using them. Otherwise, sling it. | |
7496 | Then delete the message itself. */ | |
7497 | ||
d6c82d7b | 7498 | if (!addr_defer) |
059ec3d9 PH |
7499 | { |
7500 | if (message_logs) | |
7501 | { | |
7502 | sprintf(CS spoolname, "%s/msglog/%s/%s", spool_directory, message_subdir, | |
7503 | id); | |
7504 | if (preserve_message_logs) | |
7505 | { | |
7506 | int rc; | |
7507 | sprintf(CS big_buffer, "%s/msglog.OLD/%s", spool_directory, id); | |
7508 | if ((rc = Urename(spoolname, big_buffer)) < 0) | |
7509 | { | |
7510 | (void)directory_make(spool_directory, US"msglog.OLD", | |
7511 | MSGLOG_DIRECTORY_MODE, TRUE); | |
7512 | rc = Urename(spoolname, big_buffer); | |
7513 | } | |
7514 | if (rc < 0) | |
7515 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to move %s to the " | |
7516 | "msglog.OLD directory", spoolname); | |
7517 | } | |
7518 | else | |
059ec3d9 | 7519 | if (Uunlink(spoolname) < 0) |
0761d44e TF |
7520 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", |
7521 | spoolname, strerror(errno)); | |
059ec3d9 PH |
7522 | } |
7523 | ||
7524 | /* Remove the two message files. */ | |
8e669ac1 | 7525 | |
059ec3d9 PH |
7526 | sprintf(CS spoolname, "%s/input/%s/%s-D", spool_directory, message_subdir, id); |
7527 | if (Uunlink(spoolname) < 0) | |
0ca0cf52 TF |
7528 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", |
7529 | spoolname, strerror(errno)); | |
059ec3d9 PH |
7530 | sprintf(CS spoolname, "%s/input/%s/%s-H", spool_directory, message_subdir, id); |
7531 | if (Uunlink(spoolname) < 0) | |
0ca0cf52 TF |
7532 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", |
7533 | spoolname, strerror(errno)); | |
2ac0e484 PH |
7534 | |
7535 | /* Log the end of this message, with queue time if requested. */ | |
7536 | ||
6c6d6e48 | 7537 | if (LOGGING(queue_time_overall)) |
8e669ac1 | 7538 | log_write(0, LOG_MAIN, "Completed QT=%s", |
19050083 | 7539 | readconf_printtime( (int) ((long)time(NULL) - (long)received_time)) ); |
2ac0e484 PH |
7540 | else |
7541 | log_write(0, LOG_MAIN, "Completed"); | |
0e8a9471 MH |
7542 | |
7543 | /* Unset deliver_freeze so that we won't try to move the spool files further down */ | |
7544 | deliver_freeze = FALSE; | |
14a465c3 | 7545 | |
774ef2d7 JH |
7546 | #ifdef EXPERIMENTAL_EVENT |
7547 | (void) event_raise(event_action, US"msg:complete", NULL); | |
14a465c3 | 7548 | #endif |
fa41615d | 7549 | } |
059ec3d9 PH |
7550 | |
7551 | /* If there are deferred addresses, we are keeping this message because it is | |
7552 | not yet completed. Lose any temporary files that were catching output from | |
7553 | pipes for any of the deferred addresses, handle one-time aliases, and see if | |
7554 | the message has been on the queue for so long that it is time to send a warning | |
7555 | message to the sender, unless it is a mailer-daemon. If all deferred addresses | |
7556 | have the same domain, we can set deliver_domain for the expansion of | |
7557 | delay_warning_ condition - if any of them are pipes, files, or autoreplies, use | |
7558 | the parent's domain. | |
7559 | ||
7560 | If all the deferred addresses have an error number that indicates "retry time | |
7561 | not reached", skip sending the warning message, because it won't contain the | |
7562 | reason for the delay. It will get sent at the next real delivery attempt. | |
7563 | However, if at least one address has tried, we'd better include all of them in | |
7564 | the message. | |
7565 | ||
7566 | If we can't make a process to send the message, don't worry. | |
7567 | ||
7568 | For mailing list expansions we want to send the warning message to the | |
7569 | mailing list manager. We can't do a perfect job here, as some addresses may | |
7570 | have different errors addresses, but if we take the errors address from | |
7571 | each deferred address it will probably be right in most cases. | |
7572 | ||
7573 | If addr_defer == +1, it means there was a problem sending an error message | |
7574 | for failed addresses, and there were no "real" deferred addresses. The value | |
7575 | was set just to keep the message on the spool, so there is nothing to do here. | |
7576 | */ | |
7577 | ||
7578 | else if (addr_defer != (address_item *)(+1)) | |
7579 | { | |
7580 | address_item *addr; | |
7581 | uschar *recipients = US""; | |
7582 | BOOL delivery_attempted = FALSE; | |
7583 | ||
d6c82d7b JH |
7584 | deliver_domain = testflag(addr_defer, af_pfr) |
7585 | ? addr_defer->parent->domain : addr_defer->domain; | |
059ec3d9 | 7586 | |
d6c82d7b | 7587 | for (addr = addr_defer; addr; addr = addr->next) |
059ec3d9 PH |
7588 | { |
7589 | address_item *otaddr; | |
7590 | ||
7591 | if (addr->basic_errno > ERRNO_RETRY_BASE) delivery_attempted = TRUE; | |
7592 | ||
d6c82d7b | 7593 | if (deliver_domain) |
059ec3d9 | 7594 | { |
55414b25 JH |
7595 | const uschar *d = testflag(addr, af_pfr) |
7596 | ? addr->parent->domain : addr->domain; | |
059ec3d9 PH |
7597 | |
7598 | /* The domain may be unset for an address that has never been routed | |
7599 | because the system filter froze the message. */ | |
7600 | ||
d6c82d7b JH |
7601 | if (!d || Ustrcmp(d, deliver_domain) != 0) |
7602 | deliver_domain = NULL; | |
059ec3d9 PH |
7603 | } |
7604 | ||
d6c82d7b | 7605 | if (addr->return_filename) Uunlink(addr->return_filename); |
059ec3d9 PH |
7606 | |
7607 | /* Handle the case of one-time aliases. If any address in the ancestry | |
7608 | of this one is flagged, ensure it is in the recipients list, suitably | |
7609 | flagged, and that its parent is marked delivered. */ | |
7610 | ||
d6c82d7b JH |
7611 | for (otaddr = addr; otaddr; otaddr = otaddr->parent) |
7612 | if (otaddr->onetime_parent) break; | |
059ec3d9 | 7613 | |
d6c82d7b | 7614 | if (otaddr) |
059ec3d9 PH |
7615 | { |
7616 | int i; | |
7617 | int t = recipients_count; | |
7618 | ||
7619 | for (i = 0; i < recipients_count; i++) | |
7620 | { | |
7621 | uschar *r = recipients_list[i].address; | |
7622 | if (Ustrcmp(otaddr->onetime_parent, r) == 0) t = i; | |
7623 | if (Ustrcmp(otaddr->address, r) == 0) break; | |
7624 | } | |
7625 | ||
7626 | /* Didn't find the address already in the list, and did find the | |
7627 | ultimate parent's address in the list. After adding the recipient, | |
7628 | update the errors address in the recipients list. */ | |
7629 | ||
7630 | if (i >= recipients_count && t < recipients_count) | |
7631 | { | |
7632 | DEBUG(D_deliver) debug_printf("one_time: adding %s in place of %s\n", | |
7633 | otaddr->address, otaddr->parent->address); | |
7634 | receive_add_recipient(otaddr->address, t); | |
d43cbe25 | 7635 | recipients_list[recipients_count-1].errors_to = otaddr->prop.errors_address; |
059ec3d9 PH |
7636 | tree_add_nonrecipient(otaddr->parent->address); |
7637 | update_spool = TRUE; | |
7638 | } | |
7639 | } | |
7640 | ||
7641 | /* Except for error messages, ensure that either the errors address for | |
7642 | this deferred address or, if there is none, the sender address, is on the | |
7643 | list of recipients for a warning message. */ | |
7644 | ||
7645 | if (sender_address[0] != 0) | |
d6c82d7b | 7646 | if (addr->prop.errors_address) |
059ec3d9 | 7647 | { |
d6c82d7b | 7648 | if (Ustrstr(recipients, addr->prop.errors_address) == NULL) |
059ec3d9 | 7649 | recipients = string_sprintf("%s%s%s", recipients, |
d6c82d7b | 7650 | (recipients[0] == 0)? "" : ",", addr->prop.errors_address); |
059ec3d9 PH |
7651 | } |
7652 | else | |
7653 | { | |
d6c82d7b | 7654 | if (Ustrstr(recipients, sender_address) == NULL) |
059ec3d9 | 7655 | recipients = string_sprintf("%s%s%s", recipients, |
d6c82d7b | 7656 | (recipients[0] == 0)? "" : ",", sender_address); |
059ec3d9 | 7657 | } |
059ec3d9 PH |
7658 | } |
7659 | ||
7660 | /* Send a warning message if the conditions are right. If the condition check | |
7661 | fails because of a lookup defer, there is nothing we can do. The warning | |
7662 | is not sent. Another attempt will be made at the next delivery attempt (if | |
7663 | it also defers). */ | |
7664 | ||
50dc7409 JH |
7665 | if ( !queue_2stage |
7666 | && delivery_attempted | |
7667 | && ( ((addr_defer->dsn_flags & rf_dsnflags) == 0) | |
7668 | || (addr_defer->dsn_flags & rf_notify_delay) == rf_notify_delay | |
7669 | ) | |
7670 | && delay_warning[1] > 0 | |
7671 | && sender_address[0] != 0 | |
d6c82d7b | 7672 | && ( !delay_warning_condition |
50dc7409 JH |
7673 | || expand_check_condition(delay_warning_condition, |
7674 | US"delay_warning", US"option") | |
7675 | ) | |
7676 | ) | |
059ec3d9 PH |
7677 | { |
7678 | int count; | |
7679 | int show_time; | |
7680 | int queue_time = time(NULL) - received_time; | |
7681 | ||
7682 | /* When running in the test harness, there's an option that allows us to | |
7683 | fudge this time so as to get repeatability of the tests. Take the first | |
7684 | time off the list. In queue runs, the list pointer gets updated in the | |
7685 | calling process. */ | |
7686 | ||
7687 | if (running_in_test_harness && fudged_queue_times[0] != 0) | |
7688 | { | |
7689 | int qt = readconf_readtime(fudged_queue_times, '/', FALSE); | |
7690 | if (qt >= 0) | |
7691 | { | |
7692 | DEBUG(D_deliver) debug_printf("fudged queue_times = %s\n", | |
7693 | fudged_queue_times); | |
7694 | queue_time = qt; | |
7695 | } | |
7696 | } | |
7697 | ||
7698 | /* See how many warnings we should have sent by now */ | |
7699 | ||
7700 | for (count = 0; count < delay_warning[1]; count++) | |
7701 | if (queue_time < delay_warning[count+2]) break; | |
7702 | ||
7703 | show_time = delay_warning[count+1]; | |
7704 | ||
7705 | if (count >= delay_warning[1]) | |
7706 | { | |
7707 | int extra; | |
7708 | int last_gap = show_time; | |
7709 | if (count > 1) last_gap -= delay_warning[count]; | |
7710 | extra = (queue_time - delay_warning[count+1])/last_gap; | |
7711 | show_time += last_gap * extra; | |
7712 | count += extra; | |
7713 | } | |
7714 | ||
7715 | DEBUG(D_deliver) | |
7716 | { | |
7717 | debug_printf("time on queue = %s\n", readconf_printtime(queue_time)); | |
7718 | debug_printf("warning counts: required %d done %d\n", count, | |
7719 | warning_count); | |
7720 | } | |
7721 | ||
7722 | /* We have computed the number of warnings there should have been by now. | |
7723 | If there haven't been enough, send one, and up the count to what it should | |
7724 | have been. */ | |
7725 | ||
7726 | if (warning_count < count) | |
7727 | { | |
7728 | header_line *h; | |
7729 | int fd; | |
7730 | pid_t pid = child_open_exim(&fd); | |
7731 | ||
7732 | if (pid > 0) | |
7733 | { | |
7734 | uschar *wmf_text; | |
7735 | FILE *wmf = NULL; | |
7736 | FILE *f = fdopen(fd, "wb"); | |
45500060 | 7737 | uschar * bound; |
059ec3d9 | 7738 | |
c007c974 | 7739 | if (warn_message_file) |
d6c82d7b | 7740 | if (!(wmf = Ufopen(warn_message_file, "rb"))) |
059ec3d9 PH |
7741 | log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for warning " |
7742 | "message texts: %s", warn_message_file, strerror(errno)); | |
059ec3d9 PH |
7743 | |
7744 | warnmsg_recipients = recipients; | |
d6c82d7b JH |
7745 | warnmsg_delay = queue_time < 120*60 |
7746 | ? string_sprintf("%d minutes", show_time/60) | |
7747 | : string_sprintf("%d hours", show_time/3600); | |
059ec3d9 | 7748 | |
c007c974 | 7749 | if (errors_reply_to) |
059ec3d9 | 7750 | fprintf(f, "Reply-To: %s\n", errors_reply_to); |
456682f5 | 7751 | fprintf(f, "Auto-Submitted: auto-replied\n"); |
0e22dfd1 | 7752 | moan_write_from(f); |
059ec3d9 PH |
7753 | fprintf(f, "To: %s\n", recipients); |
7754 | ||
6c1c3d1d | 7755 | /* generated boundary string and output MIME-Headers */ |
45500060 | 7756 | bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand()); |
c007c974 JH |
7757 | |
7758 | fprintf(f, "Content-Type: multipart/report;" | |
7759 | " report-type=delivery-status; boundary=%s\n" | |
7760 | "MIME-Version: 1.0\n", | |
45500060 | 7761 | bound); |
6c1c3d1d | 7762 | |
c007c974 | 7763 | if ((wmf_text = next_emf(wmf, US"header"))) |
059ec3d9 PH |
7764 | fprintf(f, "%s\n", wmf_text); |
7765 | else | |
7766 | fprintf(f, "Subject: Warning: message %s delayed %s\n\n", | |
7767 | message_id, warnmsg_delay); | |
7768 | ||
6c1c3d1d | 7769 | /* output human readable part as text/plain section */ |
c007c974 JH |
7770 | fprintf(f, "--%s\n" |
7771 | "Content-type: text/plain; charset=us-ascii\n\n", | |
45500060 | 7772 | bound); |
6c1c3d1d | 7773 | |
c007c974 JH |
7774 | if ((wmf_text = next_emf(wmf, US"intro"))) |
7775 | fprintf(f, "%s", CS wmf_text); | |
7776 | else | |
059ec3d9 PH |
7777 | { |
7778 | fprintf(f, | |
7779 | "This message was created automatically by mail delivery software.\n"); | |
7780 | ||
7781 | if (Ustrcmp(recipients, sender_address) == 0) | |
7782 | fprintf(f, | |
7783 | "A message that you sent has not yet been delivered to one or more of its\n" | |
7784 | "recipients after more than "); | |
7785 | ||
c007c974 JH |
7786 | else |
7787 | fprintf(f, | |
059ec3d9 PH |
7788 | "A message sent by\n\n <%s>\n\n" |
7789 | "has not yet been delivered to one or more of its recipients after more than \n", | |
c007c974 | 7790 | sender_address); |
059ec3d9 | 7791 | |
c007c974 JH |
7792 | fprintf(f, "%s on the queue on %s.\n\n" |
7793 | "The message identifier is: %s\n", | |
7794 | warnmsg_delay, primary_hostname, message_id); | |
059ec3d9 | 7795 | |
d6c82d7b | 7796 | for (h = header_list; h; h = h->next) |
059ec3d9 PH |
7797 | if (strncmpic(h->text, US"Subject:", 8) == 0) |
7798 | fprintf(f, "The subject of the message is: %s", h->text + 9); | |
7799 | else if (strncmpic(h->text, US"Date:", 5) == 0) | |
7800 | fprintf(f, "The date of the message is: %s", h->text + 6); | |
c007c974 | 7801 | fputc('\n', f); |
059ec3d9 PH |
7802 | |
7803 | fprintf(f, "The address%s to which the message has not yet been " | |
7804 | "delivered %s:\n", | |
c007c974 JH |
7805 | !addr_defer->next ? "" : "es", |
7806 | !addr_defer->next ? "is": "are"); | |
059ec3d9 PH |
7807 | } |
7808 | ||
447d236c | 7809 | /* List the addresses, with error information if allowed */ |
059ec3d9 | 7810 | |
6c1c3d1d WB |
7811 | /* store addr_defer for machine readable part */ |
7812 | address_item *addr_dsndefer = addr_defer; | |
c007c974 JH |
7813 | fputc('\n', f); |
7814 | while (addr_defer) | |
059ec3d9 PH |
7815 | { |
7816 | address_item *addr = addr_defer; | |
7817 | addr_defer = addr->next; | |
447d236c PH |
7818 | if (print_address_information(addr, f, US" ", US"\n ", US"")) |
7819 | print_address_error(addr, f, US"Delay reason: "); | |
c007c974 | 7820 | fputc('\n', f); |
059ec3d9 | 7821 | } |
c007c974 | 7822 | fputc('\n', f); |
059ec3d9 PH |
7823 | |
7824 | /* Final text */ | |
7825 | ||
c007c974 | 7826 | if (wmf) |
059ec3d9 | 7827 | { |
c007c974 JH |
7828 | if ((wmf_text = next_emf(wmf, US"final"))) |
7829 | fprintf(f, "%s", CS wmf_text); | |
f1e894f3 | 7830 | (void)fclose(wmf); |
059ec3d9 PH |
7831 | } |
7832 | else | |
7833 | { | |
7834 | fprintf(f, | |
7835 | "No action is required on your part. Delivery attempts will continue for\n" | |
7836 | "some time, and this warning may be repeated at intervals if the message\n" | |
7837 | "remains undelivered. Eventually the mail delivery software will give up,\n" | |
7838 | "and when that happens, the message will be returned to you.\n"); | |
7839 | } | |
7840 | ||
6c1c3d1d | 7841 | /* output machine readable part */ |
c007c974 JH |
7842 | fprintf(f, "\n--%s\n" |
7843 | "Content-type: message/delivery-status\n\n" | |
7844 | "Reporting-MTA: dns; %s\n", | |
45500060 | 7845 | bound, |
c007c974 | 7846 | smtp_active_hostname); |
94431adb | 7847 | |
c007c974 JH |
7848 | |
7849 | if (dsn_envid) | |
7850 | { | |
6c1c3d1d WB |
7851 | /* must be decoded from xtext: see RFC 3461:6.3a */ |
7852 | uschar *xdec_envid; | |
7853 | if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0) | |
7854 | fprintf(f,"Original-Envelope-ID: %s\n", dsn_envid); | |
7855 | else | |
7856 | fprintf(f,"X-Original-Envelope-ID: error decoding xtext formated ENVID\n"); | |
7857 | } | |
c007c974 | 7858 | fputc('\n', f); |
6c1c3d1d | 7859 | |
1c5b1499 | 7860 | for ( ; addr_dsndefer; addr_dsndefer = addr_dsndefer->next) |
6c1c3d1d | 7861 | { |
c007c974 | 7862 | if (addr_dsndefer->dsn_orcpt) |
1c5b1499 | 7863 | fprintf(f, "Original-Recipient: %s\n", addr_dsndefer->dsn_orcpt); |
c007c974 | 7864 | |
1c5b1499 JH |
7865 | fprintf(f, "Action: delayed\n" |
7866 | "Final-Recipient: rfc822;%s\n" | |
7867 | "Status: 4.0.0\n", | |
7868 | addr_dsndefer->address); | |
c007c974 | 7869 | if (addr_dsndefer->host_used && addr_dsndefer->host_used->name) |
21bc4865 | 7870 | { |
94431adb | 7871 | fprintf(f, "Remote-MTA: dns; %s\n", |
21bc4865 WB |
7872 | addr_dsndefer->host_used->name); |
7873 | print_dsn_diagnostic_code(addr_dsndefer, f); | |
7874 | } | |
1c5b1499 | 7875 | fputc('\n', f); |
6c1c3d1d WB |
7876 | } |
7877 | ||
1c5b1499 | 7878 | fprintf(f, "--%s\n" |
c007c974 | 7879 | "Content-type: text/rfc822-headers\n\n", |
45500060 | 7880 | bound); |
6c1c3d1d WB |
7881 | |
7882 | fflush(f); | |
7883 | /* header only as required by RFC. only failure DSN needs to honor RET=FULL */ | |
7884 | int topt = topt_add_return_path | topt_no_body; | |
7885 | transport_filter_argv = NULL; /* Just in case */ | |
7886 | return_path = sender_address; /* In case not previously set */ | |
7887 | /* Write the original email out */ | |
7888 | transport_write_message(NULL, fileno(f), topt, 0, NULL, NULL, NULL, NULL, NULL, 0); | |
7889 | fflush(f); | |
7890 | ||
45500060 | 7891 | fprintf(f,"\n--%s--\n", bound); |
6c1c3d1d WB |
7892 | |
7893 | fflush(f); | |
6c1c3d1d | 7894 | |
059ec3d9 PH |
7895 | /* Close and wait for child process to complete, without a timeout. |
7896 | If there's an error, don't update the count. */ | |
7897 | ||
f1e894f3 | 7898 | (void)fclose(f); |
059ec3d9 PH |
7899 | if (child_close(pid, 0) == 0) |
7900 | { | |
7901 | warning_count = count; | |
7902 | update_spool = TRUE; /* Ensure spool rewritten */ | |
7903 | } | |
7904 | } | |
7905 | } | |
7906 | } | |
7907 | ||
7908 | /* Clear deliver_domain */ | |
7909 | ||
7910 | deliver_domain = NULL; | |
7911 | ||
7912 | /* If this was a first delivery attempt, unset the first time flag, and | |
7913 | ensure that the spool gets updated. */ | |
7914 | ||
7915 | if (deliver_firsttime) | |
7916 | { | |
7917 | deliver_firsttime = FALSE; | |
7918 | update_spool = TRUE; | |
7919 | } | |
7920 | ||
7921 | /* If delivery was frozen and freeze_tell is set, generate an appropriate | |
7922 | message, unless the message is a local error message (to avoid loops). Then | |
7923 | log the freezing. If the text in "frozen_info" came from a system filter, | |
7924 | it has been escaped into printing characters so as not to mess up log lines. | |
7925 | For the "tell" message, we turn \n back into newline. Also, insert a newline | |
7926 | near the start instead of the ": " string. */ | |
7927 | ||
7928 | if (deliver_freeze) | |
7929 | { | |
d6c82d7b | 7930 | if (freeze_tell && freeze_tell[0] != 0 && !local_error_message) |
059ec3d9 PH |
7931 | { |
7932 | uschar *s = string_copy(frozen_info); | |
7933 | uschar *ss = Ustrstr(s, " by the system filter: "); | |
7934 | ||
7935 | if (ss != NULL) | |
7936 | { | |
7937 | ss[21] = '.'; | |
7938 | ss[22] = '\n'; | |
7939 | } | |
7940 | ||
7941 | ss = s; | |
7942 | while (*ss != 0) | |
7943 | { | |
7944 | if (*ss == '\\' && ss[1] == 'n') | |
7945 | { | |
7946 | *ss++ = ' '; | |
7947 | *ss++ = '\n'; | |
7948 | } | |
7949 | else ss++; | |
7950 | } | |
7951 | moan_tell_someone(freeze_tell, addr_defer, US"Message frozen", | |
7952 | "Message %s has been frozen%s.\nThe sender is <%s>.\n", message_id, | |
7953 | s, sender_address); | |
7954 | } | |
7955 | ||
7956 | /* Log freezing just before we update the -H file, to minimize the chance | |
7957 | of a race problem. */ | |
7958 | ||
7959 | deliver_msglog("*** Frozen%s\n", frozen_info); | |
7960 | log_write(0, LOG_MAIN, "Frozen%s", frozen_info); | |
7961 | } | |
7962 | ||
7963 | /* If there have been any updates to the non-recipients list, or other things | |
7964 | that get written to the spool, we must now update the spool header file so | |
7965 | that it has the right information for the next delivery attempt. If there | |
7966 | was more than one address being delivered, the header_change update is done | |
7967 | earlier, in case one succeeds and then something crashes. */ | |
7968 | ||
7969 | DEBUG(D_deliver) | |
7970 | debug_printf("delivery deferred: update_spool=%d header_rewritten=%d\n", | |
7971 | update_spool, header_rewritten); | |
7972 | ||
7973 | if (update_spool || header_rewritten) | |
7974 | /* Panic-dies on error */ | |
7975 | (void)spool_write_header(message_id, SW_DELIVERING, NULL); | |
7976 | } | |
7977 | ||
7978 | /* Finished with the message log. If the message is complete, it will have | |
7979 | been unlinked or renamed above. */ | |
7980 | ||
f1e894f3 | 7981 | if (message_logs) (void)fclose(message_log); |
059ec3d9 PH |
7982 | |
7983 | /* Now we can close and remove the journal file. Its only purpose is to record | |
7984 | successfully completed deliveries asap so that this information doesn't get | |
7985 | lost if Exim (or the machine) crashes. Forgetting about a failed delivery is | |
7986 | not serious, as trying it again is not harmful. The journal might not be open | |
7987 | if all addresses were deferred at routing or directing. Nevertheless, we must | |
7988 | remove it if it exists (may have been lying around from a crash during the | |
7989 | previous delivery attempt). We don't remove the journal if a delivery | |
7990 | subprocess failed to pass back delivery information; this is controlled by | |
7991 | the remove_journal flag. When the journal is left, we also don't move the | |
7992 | message off the main spool if frozen and the option is set. It should get moved | |
7993 | at the next attempt, after the journal has been inspected. */ | |
7994 | ||
f1e894f3 | 7995 | if (journal_fd >= 0) (void)close(journal_fd); |
059ec3d9 PH |
7996 | |
7997 | if (remove_journal) | |
7998 | { | |
7999 | sprintf(CS spoolname, "%s/input/%s/%s-J", spool_directory, message_subdir, id); | |
8000 | if (Uunlink(spoolname) < 0 && errno != ENOENT) | |
8001 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", spoolname, | |
8002 | strerror(errno)); | |
8003 | ||
8004 | /* Move the message off the spool if reqested */ | |
8005 | ||
a7538db1 | 8006 | #ifdef SUPPORT_MOVE_FROZEN_MESSAGES |
059ec3d9 PH |
8007 | if (deliver_freeze && move_frozen_messages) |
8008 | (void)spool_move_message(id, message_subdir, US"", US"F"); | |
a7538db1 | 8009 | #endif |
059ec3d9 PH |
8010 | } |
8011 | ||
8012 | /* Closing the data file frees the lock; if the file has been unlinked it | |
8013 | will go away. Otherwise the message becomes available for another process | |
8014 | to try delivery. */ | |
8015 | ||
f1e894f3 | 8016 | (void)close(deliver_datafile); |
059ec3d9 PH |
8017 | deliver_datafile = -1; |
8018 | DEBUG(D_deliver) debug_printf("end delivery of %s\n", id); | |
8019 | ||
8020 | /* It is unlikely that there will be any cached resources, since they are | |
8021 | released after routing, and in the delivery subprocesses. However, it's | |
8022 | possible for an expansion for something afterwards (for example, | |
8023 | expand_check_condition) to do a lookup. We must therefore be sure everything is | |
8024 | released. */ | |
8025 | ||
8026 | search_tidyup(); | |
faa05a93 | 8027 | acl_where = ACL_WHERE_UNKNOWN; |
059ec3d9 PH |
8028 | return final_yield; |
8029 | } | |
8030 | ||
476be7e2 JH |
8031 | |
8032 | ||
8033 | void | |
8034 | deliver_init(void) | |
8035 | { | |
8036 | if (!regex_PIPELINING) regex_PIPELINING = | |
8037 | regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); | |
8038 | ||
8039 | if (!regex_SIZE) regex_SIZE = | |
8040 | regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); | |
8041 | ||
8042 | if (!regex_AUTH) regex_AUTH = | |
8043 | regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)", | |
8044 | FALSE, TRUE); | |
8045 | ||
8046 | #ifdef SUPPORT_TLS | |
8047 | if (!regex_STARTTLS) regex_STARTTLS = | |
8048 | regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); | |
8049 | #endif | |
8050 | ||
8051 | #ifndef DISABLE_PRDR | |
8052 | if (!regex_PRDR) regex_PRDR = | |
8053 | regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); | |
8054 | #endif | |
8055 | ||
c9068a49 | 8056 | #ifdef EXPERIMENTAL_INTERNATIONAL |
7ade712c JH |
8057 | if (!regex_UTF8) regex_UTF8 = |
8058 | regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); | |
8059 | #endif | |
8060 | ||
476be7e2 JH |
8061 | if (!regex_DSN) regex_DSN = |
8062 | regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); | |
8063 | ||
8064 | if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = | |
8065 | regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); | |
8066 | } | |
8067 | ||
8068 | ||
a39bd74d JB |
8069 | uschar * |
8070 | deliver_get_sender_address (uschar * id) | |
8071 | { | |
dadff1d4 HSHR |
8072 | int rc; |
8073 | uschar * new_sender_address, | |
8074 | * save_sender_address; | |
8075 | ||
a39bd74d JB |
8076 | if (!spool_open_datafile(id)) |
8077 | return NULL; | |
8078 | ||
dadff1d4 HSHR |
8079 | /* Save and restore the global sender_address. I'm not sure if we should |
8080 | not save/restore all the other global variables too, because | |
8081 | spool_read_header() may change all of them. But OTOH, when this | |
8082 | deliver_get_sender_address() gets called, the current message is done | |
8083 | already and nobody needs the globals anymore. (HS12, 2015-08-21) */ | |
8084 | ||
a39bd74d | 8085 | sprintf(CS spoolname, "%s-H", id); |
dadff1d4 HSHR |
8086 | save_sender_address = sender_address; |
8087 | ||
8088 | rc = spool_read_header(spoolname, TRUE, TRUE); | |
8089 | ||
8090 | new_sender_address = sender_address; | |
8091 | sender_address = save_sender_address; | |
8092 | ||
8093 | if (rc != spool_read_OK) | |
a39bd74d JB |
8094 | return NULL; |
8095 | ||
dadff1d4 HSHR |
8096 | assert(new_sender_address); |
8097 | ||
a39bd74d JB |
8098 | (void)close(deliver_datafile); |
8099 | deliver_datafile = -1; | |
8100 | ||
dadff1d4 | 8101 | return new_sender_address; |
a39bd74d JB |
8102 | } |
8103 | ||
67d81c10 JH |
8104 | /* vi: aw ai sw=2 |
8105 | */ | |
059ec3d9 | 8106 | /* End of deliver.c */ |