Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
0756eb3c PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | ||
10 | #include "../exim.h" | |
11 | #include "autoreply.h" | |
12 | ||
13 | ||
14 | ||
15 | /* Options specific to the autoreply transport. They must be in alphabetic | |
16 | order (note that "_" comes before the lower case letters). Those starting | |
17 | with "*" are not settable by the user but are used by the option-reading | |
18 | software for alternative value types. Some options are publicly visible and so | |
19 | are stored in the driver instance block. These are flagged with opt_public. */ | |
13a4b4c1 | 20 | #define LOFF(field) OPT_OFF(autoreply_transport_options_block, field) |
0756eb3c PH |
21 | |
22 | optionlist autoreply_transport_options[] = { | |
13a4b4c1 JH |
23 | { "bcc", opt_stringptr, LOFF(bcc) }, |
24 | { "cc", opt_stringptr, LOFF(cc) }, | |
25 | { "file", opt_stringptr, LOFF(file) }, | |
26 | { "file_expand", opt_bool, LOFF(file_expand) }, | |
27 | { "file_optional", opt_bool, LOFF(file_optional) }, | |
28 | { "from", opt_stringptr, LOFF(from) }, | |
29 | { "headers", opt_stringptr, LOFF(headers) }, | |
30 | { "log", opt_stringptr, LOFF(logfile) }, | |
31 | { "mode", opt_octint, LOFF(mode) }, | |
32 | { "never_mail", opt_stringptr, LOFF(never_mail) }, | |
33 | { "once", opt_stringptr, LOFF(oncelog) }, | |
34 | { "once_file_size", opt_int, LOFF(once_file_size) }, | |
35 | { "once_repeat", opt_stringptr, LOFF(once_repeat) }, | |
36 | { "reply_to", opt_stringptr, LOFF(reply_to) }, | |
37 | { "return_message", opt_bool, LOFF(return_message) }, | |
38 | { "subject", opt_stringptr, LOFF(subject) }, | |
39 | { "text", opt_stringptr, LOFF(text) }, | |
40 | { "to", opt_stringptr, LOFF(to) }, | |
0756eb3c PH |
41 | }; |
42 | ||
43 | /* Size of the options list. An extern variable has to be used so that its | |
44 | address can appear in the tables drtables.c. */ | |
45 | ||
46 | int autoreply_transport_options_count = | |
47 | sizeof(autoreply_transport_options)/sizeof(optionlist); | |
48 | ||
d185889f JH |
49 | |
50 | #ifdef MACRO_PREDEF | |
51 | ||
52 | /* Dummy values */ | |
53 | autoreply_transport_options_block autoreply_transport_option_defaults = {0}; | |
54 | void autoreply_transport_init(transport_instance *tblock) {} | |
55 | BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;} | |
56 | ||
57 | #else /*!MACRO_PREDEF*/ | |
58 | ||
59 | ||
0756eb3c PH |
60 | /* Default private options block for the autoreply transport. */ |
61 | ||
62 | autoreply_transport_options_block autoreply_transport_option_defaults = { | |
63 | NULL, /* from */ | |
64 | NULL, /* reply_to */ | |
65 | NULL, /* to */ | |
66 | NULL, /* cc */ | |
67 | NULL, /* bcc */ | |
68 | NULL, /* subject */ | |
69 | NULL, /* headers */ | |
70 | NULL, /* text */ | |
71 | NULL, /* file */ | |
72 | NULL, /* logfile */ | |
73 | NULL, /* oncelog */ | |
74 | NULL, /* once_repeat */ | |
75 | NULL, /* never_mail */ | |
76 | 0600, /* mode */ | |
77 | 0, /* once_file_size */ | |
78 | FALSE, /* file_expand */ | |
79 | FALSE, /* file_optional */ | |
80 | FALSE /* return message */ | |
81 | }; | |
82 | ||
83 | ||
84 | ||
85 | /* Type of text for the checkexpand() function */ | |
86 | ||
87 | enum { cke_text, cke_hdr, cke_file }; | |
88 | ||
89 | ||
90 | ||
91 | /************************************************* | |
92 | * Initialization entry point * | |
93 | *************************************************/ | |
94 | ||
95 | /* Called for each instance, after its options have been read, to | |
96 | enable consistency checks to be done, or anything else that needs | |
97 | to be set up. */ | |
98 | ||
99 | void | |
100 | autoreply_transport_init(transport_instance *tblock) | |
101 | { | |
102 | /* | |
103 | autoreply_transport_options_block *ob = | |
104 | (autoreply_transport_options_block *)(tblock->options_block); | |
105 | */ | |
106 | ||
107 | /* If a fixed uid field is set, then a gid field must also be set. */ | |
108 | ||
109 | if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL) | |
110 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, | |
111 | "user set without group for the %s transport", tblock->name); | |
112 | } | |
113 | ||
114 | ||
115 | ||
116 | ||
117 | /************************************************* | |
118 | * Expand string and check * | |
119 | *************************************************/ | |
120 | ||
121 | /* If the expansion fails, the error is set up in the address. Expanded | |
122 | strings must be checked to ensure they contain only printing characters | |
123 | and white space. If not, the function fails. | |
124 | ||
125 | Arguments: | |
126 | s string to expand | |
127 | addr address that is being worked on | |
128 | name transport name, for error text | |
129 | type type, for checking content: | |
130 | cke_text => no check | |
131 | cke_hdr => header, allow \n + whitespace | |
132 | cke_file => file name, no non-printers allowed | |
133 | ||
134 | Returns: expanded string if expansion succeeds; | |
135 | NULL otherwise | |
136 | */ | |
137 | ||
138 | static uschar * | |
139 | checkexpand(uschar *s, address_item *addr, uschar *name, int type) | |
140 | { | |
0756eb3c PH |
141 | uschar *ss = expand_string(s); |
142 | ||
481e63ca | 143 | if (!ss) |
0756eb3c PH |
144 | { |
145 | addr->transport_return = FAIL; | |
146 | addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: " | |
147 | "%s", s, name, expand_string_message); | |
148 | return NULL; | |
149 | } | |
150 | ||
d7978c0f | 151 | if (type != cke_text) for (uschar * t = ss; *t != 0; t++) |
0756eb3c PH |
152 | { |
153 | int c = *t; | |
55414b25 | 154 | const uschar * sp; |
0756eb3c PH |
155 | if (mac_isprint(c)) continue; |
156 | if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue; | |
55414b25 | 157 | sp = string_printing(s); |
0756eb3c PH |
158 | addr->transport_return = FAIL; |
159 | addr->message = string_sprintf("Expansion of \"%s\" in %s transport " | |
55414b25 | 160 | "contains non-printing character %d", sp, name, c); |
0756eb3c PH |
161 | return NULL; |
162 | } | |
163 | ||
164 | return ss; | |
165 | } | |
166 | ||
167 | ||
168 | ||
169 | ||
170 | /************************************************* | |
171 | * Check a header line for never_mail * | |
172 | *************************************************/ | |
173 | ||
174 | /* This is called to check to, cc, and bcc for addresses in the never_mail | |
175 | list. Any that are found are removed. | |
176 | ||
177 | Arguments: | |
178 | listptr points to the list of addresses | |
179 | never_mail an address list, already expanded | |
180 | ||
181 | Returns: nothing | |
182 | */ | |
183 | ||
184 | static void | |
55414b25 | 185 | check_never_mail(uschar **listptr, const uschar *never_mail) |
0756eb3c PH |
186 | { |
187 | uschar *s = *listptr; | |
188 | ||
189 | while (*s != 0) | |
190 | { | |
191 | uschar *error, *next; | |
192 | uschar *e = parse_find_address_end(s, FALSE); | |
193 | int terminator = *e; | |
194 | int start, end, domain, rc; | |
195 | ||
196 | /* Temporarily terminate the string at the address end while extracting | |
197 | the operative address within. */ | |
198 | ||
199 | *e = 0; | |
200 | next = parse_extract_address(s, &error, &start, &end, &domain, FALSE); | |
201 | *e = terminator; | |
202 | ||
203 | /* If there is some kind of syntax error, just give up on this header | |
204 | line. */ | |
205 | ||
5fcc791a | 206 | if (!next) break; |
0756eb3c PH |
207 | |
208 | /* See if the address is on the never_mail list */ | |
209 | ||
210 | rc = match_address_list(next, /* address to check */ | |
211 | TRUE, /* start caseless */ | |
212 | FALSE, /* don't expand the list */ | |
213 | &never_mail, /* the list */ | |
214 | NULL, /* no caching */ | |
215 | -1, /* no expand setup */ | |
216 | 0, /* separator from list */ | |
217 | NULL); /* no lookup value return */ | |
218 | ||
219 | if (rc == OK) /* Remove this address */ | |
220 | { | |
221 | DEBUG(D_transport) | |
222 | debug_printf("discarding recipient %s (matched never_mail)\n", next); | |
223 | if (terminator == ',') e++; | |
224 | memmove(s, e, Ustrlen(e) + 1); | |
225 | } | |
226 | else /* Skip over this address */ | |
227 | { | |
228 | s = e; | |
229 | if (terminator == ',') s++; | |
230 | } | |
231 | } | |
232 | ||
233 | /* Check to see if we removed the last address, leaving a terminating comma | |
234 | that needs to be removed */ | |
235 | ||
236 | s = *listptr + Ustrlen(*listptr); | |
237 | while (s > *listptr && (isspace(s[-1]) || s[-1] == ',')) s--; | |
238 | *s = 0; | |
239 | ||
240 | /* Check to see if there any addresses left; if not, set NULL */ | |
241 | ||
242 | s = *listptr; | |
243 | while (s != 0 && isspace(*s)) s++; | |
244 | if (*s == 0) *listptr = NULL; | |
245 | } | |
246 | ||
247 | ||
248 | ||
249 | /************************************************* | |
250 | * Main entry point * | |
251 | *************************************************/ | |
252 | ||
253 | /* See local README for interface details. This transport always returns | |
254 | FALSE, indicating that the top address has the status for all - though in fact | |
255 | this transport can handle only one address at at time anyway. */ | |
256 | ||
257 | BOOL | |
258 | autoreply_transport_entry( | |
259 | transport_instance *tblock, /* data for this instantiation */ | |
260 | address_item *addr) /* address we are working on */ | |
261 | { | |
262 | int fd, pid, rc; | |
263 | int cache_fd = -1; | |
0756eb3c PH |
264 | int cache_size = 0; |
265 | int add_size = 0; | |
266 | EXIM_DB *dbm_file = NULL; | |
267 | BOOL file_expand, return_message; | |
268 | uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file; | |
269 | uschar *logfile, *oncelog; | |
270 | uschar *cache_buff = NULL; | |
271 | uschar *cache_time = NULL; | |
30dba1e6 | 272 | uschar *message_id = NULL; |
0756eb3c PH |
273 | header_line *h; |
274 | time_t now = time(NULL); | |
275 | time_t once_repeat_sec = 0; | |
8768d548 | 276 | FILE *fp; |
0756eb3c PH |
277 | FILE *ff = NULL; |
278 | ||
279 | autoreply_transport_options_block *ob = | |
280 | (autoreply_transport_options_block *)(tblock->options_block); | |
281 | ||
282 | DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name); | |
283 | ||
284 | /* Set up for the good case */ | |
285 | ||
286 | addr->transport_return = OK; | |
287 | addr->basic_errno = 0; | |
288 | ||
289 | /* If the address is pointing to a reply block, then take all the data | |
290 | from that block. It has typically been set up by a mail filter processing | |
291 | router. Otherwise, the data must be supplied by this transport, and | |
292 | it has to be expanded here. */ | |
293 | ||
481e63ca | 294 | if (addr->reply) |
0756eb3c PH |
295 | { |
296 | DEBUG(D_transport) debug_printf("taking data from address\n"); | |
297 | from = addr->reply->from; | |
298 | reply_to = addr->reply->reply_to; | |
299 | to = addr->reply->to; | |
300 | cc = addr->reply->cc; | |
301 | bcc = addr->reply->bcc; | |
302 | subject = addr->reply->subject; | |
303 | headers = addr->reply->headers; | |
304 | text = addr->reply->text; | |
305 | file = addr->reply->file; | |
306 | logfile = addr->reply->logfile; | |
307 | oncelog = addr->reply->oncelog; | |
308 | once_repeat_sec = addr->reply->once_repeat; | |
309 | file_expand = addr->reply->file_expand; | |
310 | expand_forbid = addr->reply->expand_forbid; | |
311 | return_message = addr->reply->return_message; | |
312 | } | |
313 | else | |
314 | { | |
315 | uschar *oncerepeat = ob->once_repeat; | |
316 | ||
317 | DEBUG(D_transport) debug_printf("taking data from transport\n"); | |
318 | from = ob->from; | |
319 | reply_to = ob->reply_to; | |
320 | to = ob->to; | |
321 | cc = ob->cc; | |
322 | bcc = ob->bcc; | |
323 | subject = ob->subject; | |
324 | headers = ob->headers; | |
325 | text = ob->text; | |
326 | file = ob->file; | |
327 | logfile = ob->logfile; | |
328 | oncelog = ob->oncelog; | |
329 | file_expand = ob->file_expand; | |
330 | return_message = ob->return_message; | |
331 | ||
0a6c178c JH |
332 | if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr)) |
333 | || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr)) | |
334 | || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr)) | |
335 | || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr)) | |
336 | || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr)) | |
337 | || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr)) | |
338 | || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text)) | |
339 | || text && !(text = checkexpand(text, addr, tblock->name, cke_text)) | |
340 | || file && !(file = checkexpand(file, addr, tblock->name, cke_file)) | |
341 | || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file)) | |
342 | || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file)) | |
343 | || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file)) | |
344 | ) | |
0756eb3c PH |
345 | return FALSE; |
346 | ||
0a6c178c | 347 | if (oncerepeat) |
0756eb3c PH |
348 | { |
349 | once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE); | |
350 | if (once_repeat_sec < 0) | |
351 | { | |
352 | addr->transport_return = FAIL; | |
353 | addr->message = string_sprintf("Invalid time value \"%s\" for " | |
354 | "\"once_repeat\" in %s transport", oncerepeat, tblock->name); | |
355 | return FALSE; | |
356 | } | |
357 | } | |
358 | } | |
359 | ||
360 | /* If the never_mail option is set, we have to scan all the recipients and | |
361 | remove those that match. */ | |
362 | ||
0a6c178c | 363 | if (ob->never_mail) |
0756eb3c | 364 | { |
55414b25 | 365 | const uschar *never_mail = expand_string(ob->never_mail); |
0756eb3c | 366 | |
0a6c178c | 367 | if (!never_mail) |
0756eb3c PH |
368 | { |
369 | addr->transport_return = FAIL; | |
370 | addr->message = string_sprintf("Failed to expand \"%s\" for " | |
371 | "\"never_mail\" in %s transport", ob->never_mail, tblock->name); | |
372 | return FALSE; | |
373 | } | |
374 | ||
0a6c178c JH |
375 | if (to) check_never_mail(&to, never_mail); |
376 | if (cc) check_never_mail(&cc, never_mail); | |
377 | if (bcc) check_never_mail(&bcc, never_mail); | |
0756eb3c | 378 | |
0a6c178c | 379 | if (!to && !cc && !bcc) |
0756eb3c PH |
380 | { |
381 | DEBUG(D_transport) | |
382 | debug_printf("*** all recipients removed by never_mail\n"); | |
383 | return OK; | |
384 | } | |
385 | } | |
386 | ||
387 | /* If the -N option is set, can't do any more. */ | |
388 | ||
8768d548 | 389 | if (f.dont_deliver) |
0756eb3c PH |
390 | { |
391 | DEBUG(D_transport) | |
392 | debug_printf("*** delivery by %s transport bypassed by -N option\n", | |
393 | tblock->name); | |
394 | return FALSE; | |
395 | } | |
396 | ||
397 | ||
398 | /* If the oncelog field is set, we send want to send only one message to the | |
399 | given recipient(s). This works only on the "To" field. If there is no "To" | |
400 | field, the message is always sent. If the To: field contains more than one | |
401 | recipient, the effect might not be quite as envisaged. If once_file_size is | |
402 | set, instead of a dbm file, we use a regular file containing a circular buffer | |
403 | recipient cache. */ | |
404 | ||
481e63ca | 405 | if (oncelog && *oncelog && to) |
0756eb3c PH |
406 | { |
407 | time_t then = 0; | |
408 | ||
481e63ca JH |
409 | if (is_tainted(oncelog)) |
410 | { | |
411 | addr->transport_return = DEFER; | |
412 | addr->basic_errno = EACCES; | |
413 | addr->message = string_sprintf("Tainted '%s' (once file for %s transport)" | |
414 | " not permitted", oncelog, tblock->name); | |
415 | goto END_OFF; | |
416 | } | |
417 | ||
0756eb3c PH |
418 | /* Handle fixed-size cache file. */ |
419 | ||
420 | if (ob->once_file_size > 0) | |
421 | { | |
d7978c0f | 422 | uschar * nextp; |
0756eb3c | 423 | struct stat statbuf; |
0756eb3c | 424 | |
481e63ca | 425 | cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode); |
0756eb3c PH |
426 | if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) |
427 | { | |
428 | addr->transport_return = DEFER; | |
6e0fddef | 429 | addr->basic_errno = errno; |
0756eb3c PH |
430 | addr->message = string_sprintf("Failed to %s \"once\" file %s when " |
431 | "sending message from %s transport: %s", | |
6e0fddef | 432 | cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); |
0756eb3c PH |
433 | goto END_OFF; |
434 | } | |
435 | ||
436 | /* Get store in the temporary pool and read the entire file into it. We get | |
437 | an amount of store that is big enough to add the new entry on the end if we | |
438 | need to do that. */ | |
439 | ||
440 | cache_size = statbuf.st_size; | |
441 | add_size = sizeof(time_t) + Ustrlen(to) + 1; | |
f3ebb786 | 442 | cache_buff = store_get(cache_size + add_size, is_tainted(oncelog)); |
0756eb3c PH |
443 | |
444 | if (read(cache_fd, cache_buff, cache_size) != cache_size) | |
445 | { | |
446 | addr->transport_return = DEFER; | |
447 | addr->basic_errno = errno; | |
448 | addr->message = US"error while reading \"once\" file"; | |
449 | goto END_OFF; | |
450 | } | |
451 | ||
452 | DEBUG(D_transport) debug_printf("%d bytes read from %s\n", cache_size, oncelog); | |
453 | ||
454 | /* Scan the data for this recipient. Each entry in the file starts with | |
455 | a time_t sized time value, followed by the address, followed by a binary | |
456 | zero. If we find a match, put the time into "then", and the place where it | |
457 | was found into "cache_time". Otherwise, "then" is left at zero. */ | |
458 | ||
d7978c0f | 459 | for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp) |
0756eb3c PH |
460 | { |
461 | uschar *s = p + sizeof(time_t); | |
0a6c178c | 462 | nextp = s + Ustrlen(s) + 1; |
0756eb3c PH |
463 | if (Ustrcmp(to, s) == 0) |
464 | { | |
465 | memcpy(&then, p, sizeof(time_t)); | |
466 | cache_time = p; | |
467 | break; | |
468 | } | |
0756eb3c PH |
469 | } |
470 | } | |
471 | ||
472 | /* Use a DBM file for the list of previous recipients. */ | |
473 | ||
474 | else | |
475 | { | |
476 | EXIM_DATUM key_datum, result_datum; | |
cfb9cf20 JH |
477 | uschar * dirname = string_copy(oncelog); |
478 | uschar * s; | |
479 | ||
480 | if ((s = Ustrrchr(dirname, '/'))) *s = '\0'; | |
481 | EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file); | |
d315eda1 | 482 | if (!dbm_file) |
0756eb3c PH |
483 | { |
484 | addr->transport_return = DEFER; | |
6e0fddef | 485 | addr->basic_errno = errno; |
0756eb3c PH |
486 | addr->message = string_sprintf("Failed to open %s file %s when sending " |
487 | "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, | |
488 | strerror(errno)); | |
489 | goto END_OFF; | |
490 | } | |
491 | ||
492 | EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need datums */ | |
493 | EXIM_DATUM_INIT(result_datum); /* to be cleared */ | |
494 | EXIM_DATUM_DATA(key_datum) = CS to; | |
495 | EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1; | |
496 | ||
497 | if (EXIM_DBGET(dbm_file, key_datum, result_datum)) | |
498 | { | |
499 | /* If the datum size is that of a binary time, we are in the new world | |
500 | where messages are sent periodically. Otherwise the file is an old one, | |
501 | where the datum was filled with a tod_log time, which is assumed to be | |
502 | different in size. For that, only one message is ever sent. This change | |
503 | introduced at Exim 3.00. In a couple of years' time the test on the size | |
504 | can be abolished. */ | |
505 | ||
506 | if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t)) | |
0756eb3c | 507 | memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t)); |
0a6c178c JH |
508 | else |
509 | then = now; | |
0756eb3c PH |
510 | } |
511 | } | |
512 | ||
513 | /* Either "then" is set zero, if no message has yet been sent, or it | |
514 | is set to the time of the last sending. */ | |
515 | ||
516 | if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec)) | |
517 | { | |
13559da6 | 518 | int log_fd; |
481e63ca JH |
519 | if (is_tainted(logfile)) |
520 | { | |
521 | addr->transport_return = DEFER; | |
522 | addr->basic_errno = EACCES; | |
523 | addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)" | |
524 | " not permitted", logfile, tblock->name); | |
525 | goto END_OFF; | |
526 | } | |
527 | ||
0756eb3c PH |
528 | DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to, |
529 | (once_repeat_sec > 0)? " and repeat time not reached" : ""); | |
13559da6 | 530 | log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1; |
0756eb3c PH |
531 | if (log_fd >= 0) |
532 | { | |
533 | uschar *ptr = log_buffer; | |
534 | sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to); | |
535 | while(*ptr) ptr++; | |
1ac6b2e7 JH |
536 | if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer |
537 | || close(log_fd)) | |
538 | DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " | |
539 | "transport\n", logfile, tblock->name); | |
0756eb3c PH |
540 | } |
541 | goto END_OFF; | |
542 | } | |
543 | ||
544 | DEBUG(D_transport) debug_printf("%s %s\n", (then <= 0)? | |
545 | "no previous message sent to" : "repeat time reached for", to); | |
546 | } | |
547 | ||
548 | /* We are going to send a message. Ensure any requested file is available. */ | |
481e63ca | 549 | if (file) |
0756eb3c | 550 | { |
481e63ca JH |
551 | if (is_tainted(file)) |
552 | { | |
553 | addr->transport_return = DEFER; | |
554 | addr->basic_errno = EACCES; | |
555 | addr->message = string_sprintf("Tainted '%s' (file for %s transport)" | |
556 | " not permitted", file, tblock->name); | |
557 | return FALSE; | |
558 | } | |
559 | if (!(ff = Ufopen(file, "rb")) && !ob->file_optional) | |
560 | { | |
561 | addr->transport_return = DEFER; | |
562 | addr->basic_errno = errno; | |
563 | addr->message = string_sprintf("Failed to open file %s when sending " | |
564 | "message from %s transport: %s", file, tblock->name, strerror(errno)); | |
565 | return FALSE; | |
566 | } | |
0756eb3c PH |
567 | } |
568 | ||
569 | /* Make a subprocess to send the message */ | |
570 | ||
8e9fdd63 | 571 | if ((pid = child_open_exim(&fd, US"autoreply")) < 0) |
0756eb3c | 572 | { |
8e9fdd63 JH |
573 | /* Creation of child failed; defer this delivery. */ |
574 | ||
0756eb3c | 575 | addr->transport_return = DEFER; |
6e0fddef | 576 | addr->basic_errno = errno; |
0756eb3c PH |
577 | addr->message = string_sprintf("Failed to create child process to send " |
578 | "message from %s transport: %s", tblock->name, strerror(errno)); | |
579 | DEBUG(D_transport) debug_printf("%s\n", addr->message); | |
0a6c178c | 580 | if (dbm_file) EXIM_DBCLOSE(dbm_file); |
0756eb3c PH |
581 | return FALSE; |
582 | } | |
583 | ||
584 | /* Create the message to be sent - recipients are taken from the headers, | |
585 | as the -t option is used. The "headers" stuff *must* be last in case there | |
586 | are newlines in it which might, if placed earlier, screw up other headers. */ | |
587 | ||
8768d548 | 588 | fp = fdopen(fd, "wb"); |
0756eb3c | 589 | |
8768d548 JH |
590 | if (from) fprintf(fp, "From: %s\n", from); |
591 | if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to); | |
592 | if (to) fprintf(fp, "To: %s\n", to); | |
593 | if (cc) fprintf(fp, "Cc: %s\n", cc); | |
594 | if (bcc) fprintf(fp, "Bcc: %s\n", bcc); | |
595 | if (subject) fprintf(fp, "Subject: %s\n", subject); | |
0756eb3c PH |
596 | |
597 | /* Generate In-Reply-To from the message_id header; there should | |
598 | always be one, but code defensively. */ | |
599 | ||
0a6c178c | 600 | for (h = header_list; h; h = h->next) |
0756eb3c PH |
601 | if (h->type == htype_id) break; |
602 | ||
0a6c178c | 603 | if (h) |
0756eb3c | 604 | { |
30dba1e6 PH |
605 | message_id = Ustrchr(h->text, ':') + 1; |
606 | while (isspace(*message_id)) message_id++; | |
8768d548 | 607 | fprintf(fp, "In-Reply-To: %s", message_id); |
30dba1e6 PH |
608 | } |
609 | ||
d6c829b9 | 610 | moan_write_references(fp, message_id); |
0756eb3c PH |
611 | |
612 | /* Add an Auto-Submitted: header */ | |
613 | ||
8768d548 | 614 | fprintf(fp, "Auto-Submitted: auto-replied\n"); |
0756eb3c PH |
615 | |
616 | /* Add any specially requested headers */ | |
617 | ||
8768d548 JH |
618 | if (headers) fprintf(fp, "%s\n", headers); |
619 | fprintf(fp, "\n"); | |
0756eb3c | 620 | |
0a6c178c | 621 | if (text) |
0756eb3c | 622 | { |
8768d548 JH |
623 | fprintf(fp, "%s", CS text); |
624 | if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n"); | |
0756eb3c PH |
625 | } |
626 | ||
0a6c178c | 627 | if (ff) |
0756eb3c PH |
628 | { |
629 | while (Ufgets(big_buffer, big_buffer_size, ff) != NULL) | |
630 | { | |
631 | if (file_expand) | |
632 | { | |
633 | uschar *s = expand_string(big_buffer); | |
634 | DEBUG(D_transport) | |
635 | { | |
0a6c178c | 636 | if (!s) |
0756eb3c PH |
637 | debug_printf("error while expanding line from file:\n %s\n %s\n", |
638 | big_buffer, expand_string_message); | |
639 | } | |
8768d548 | 640 | fprintf(fp, "%s", s ? CS s : CS big_buffer); |
0756eb3c | 641 | } |
8768d548 | 642 | else fprintf(fp, "%s", CS big_buffer); |
0756eb3c | 643 | } |
e0eb00cd | 644 | (void) fclose(ff); |
0756eb3c PH |
645 | } |
646 | ||
647 | /* Copy the original message if required, observing the return size | |
9f526266 | 648 | limit if we are returning the body. */ |
0756eb3c PH |
649 | |
650 | if (return_message) | |
651 | { | |
9f526266 PH |
652 | uschar *rubric = (tblock->headers_only)? |
653 | US"------ This is a copy of the message's header lines.\n" | |
654 | : (tblock->body_only)? | |
655 | US"------ This is a copy of the body of the message, without the headers.\n" | |
656 | : | |
657 | US"------ This is a copy of the message, including all the headers.\n"; | |
65de12cc | 658 | transport_ctx tctx = { |
8768d548 | 659 | .u = {.fd = fileno(fp)}, |
b3b37076 JH |
660 | .tblock = tblock, |
661 | .addr = addr, | |
662 | .check_string = NULL, | |
663 | .escape_string = NULL, | |
664 | .options = (tblock->body_only ? topt_no_headers : 0) | |
665 | | (tblock->headers_only ? topt_no_body : 0) | |
666 | | (tblock->return_path_add ? topt_add_return_path : 0) | |
667 | | (tblock->delivery_date_add ? topt_add_delivery_date : 0) | |
668 | | (tblock->envelope_to_add ? topt_add_envelope_to : 0) | |
669 | | topt_not_socket | |
65de12cc | 670 | }; |
9f526266 PH |
671 | |
672 | if (bounce_return_size_limit > 0 && !tblock->headers_only) | |
0756eb3c PH |
673 | { |
674 | struct stat statbuf; | |
675 | int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) * | |
676 | DELIVER_IN_BUFFER_SIZE; | |
677 | if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max) | |
678 | { | |
8768d548 | 679 | fprintf(fp, "\n%s" |
b1c749bb | 680 | "------ The body of the message is " OFF_T_FMT " characters long; only the first\n" |
9f526266 | 681 | "------ %d or so are included here.\n\n", rubric, statbuf.st_size, |
0d7eb84a | 682 | (max/1000)*1000); |
0756eb3c | 683 | } |
8768d548 | 684 | else fprintf(fp, "\n%s\n", rubric); |
0756eb3c | 685 | } |
8768d548 | 686 | else fprintf(fp, "\n%s\n", rubric); |
0756eb3c | 687 | |
8768d548 | 688 | fflush(fp); |
0756eb3c | 689 | transport_count = 0; |
42055a33 | 690 | transport_write_message(&tctx, bounce_return_size_limit); |
0756eb3c PH |
691 | } |
692 | ||
693 | /* End the message and wait for the child process to end; no timeout. */ | |
694 | ||
8768d548 | 695 | (void)fclose(fp); |
0756eb3c PH |
696 | rc = child_close(pid, 0); |
697 | ||
698 | /* Update the "sent to" log whatever the yield. This errs on the side of | |
699 | missing out a message rather than risking sending more than one. We either have | |
700 | cache_fd set to a fixed size, circular buffer file, or dbm_file set to an open | |
701 | DBM file (or neither, if "once" is not set). */ | |
702 | ||
703 | /* Update fixed-size cache file. If cache_time is set, we found a previous | |
704 | entry; that is the spot into which to put the current time. Otherwise we have | |
705 | to add a new record; remove the first one in the file if the file is too big. | |
706 | We always rewrite the entire file in a single write operation. This is | |
707 | (hopefully) going to be the safest thing because there is no interlocking | |
708 | between multiple simultaneous deliveries. */ | |
709 | ||
710 | if (cache_fd >= 0) | |
711 | { | |
712 | uschar *from = cache_buff; | |
713 | int size = cache_size; | |
0756eb3c | 714 | |
d315eda1 | 715 | if (lseek(cache_fd, 0, SEEK_SET) == 0) |
0756eb3c | 716 | { |
d315eda1 | 717 | if (!cache_time) |
0756eb3c | 718 | { |
d315eda1 JH |
719 | cache_time = from + size; |
720 | memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t)); | |
721 | size += add_size; | |
722 | ||
723 | if (cache_size > 0 && size > ob->once_file_size) | |
724 | { | |
725 | from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1; | |
726 | size -= (from - cache_buff); | |
727 | } | |
0756eb3c | 728 | } |
0756eb3c | 729 | |
d315eda1 JH |
730 | memcpy(cache_time, &now, sizeof(time_t)); |
731 | if(write(cache_fd, from, size) != size) | |
732 | DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s " | |
733 | "transport\n", oncelog, tblock->name); | |
734 | } | |
0756eb3c PH |
735 | } |
736 | ||
737 | /* Update DBM file */ | |
738 | ||
d315eda1 | 739 | else if (dbm_file) |
0756eb3c PH |
740 | { |
741 | EXIM_DATUM key_datum, value_datum; | |
742 | EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */ | |
743 | EXIM_DATUM_INIT(value_datum); /* cleared datums. */ | |
744 | EXIM_DATUM_DATA(key_datum) = CS to; | |
745 | EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1; | |
746 | ||
747 | /* Many OS define the datum value, sensibly, as a void *. However, there | |
748 | are some which still have char *. By casting this address to a char * we | |
749 | can avoid warning messages from the char * systems. */ | |
750 | ||
751 | EXIM_DATUM_DATA(value_datum) = CS (&now); | |
752 | EXIM_DATUM_SIZE(value_datum) = (int)sizeof(time_t); | |
753 | EXIM_DBPUT(dbm_file, key_datum, value_datum); | |
754 | } | |
755 | ||
756 | /* If sending failed, defer to try again - but if once is set the next | |
757 | try will skip, of course. However, if there were no recipients in the | |
758 | message, we do not fail. */ | |
759 | ||
760 | if (rc != 0) | |
0756eb3c PH |
761 | if (rc == EXIT_NORECIPIENTS) |
762 | { | |
763 | DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n", | |
764 | tblock->name); | |
765 | } | |
766 | else | |
767 | { | |
768 | addr->transport_return = DEFER; | |
769 | addr->message = string_sprintf("Failed to send message from %s " | |
770 | "transport (%d)", tblock->name, rc); | |
771 | goto END_OFF; | |
772 | } | |
0756eb3c PH |
773 | |
774 | /* Log the sending of the message if successful and required. If the file | |
775 | fails to open, it's hard to know what to do. We cannot write to the Exim | |
776 | log from here, since we may be running under an unprivileged uid. We don't | |
777 | want to fail the delivery, since the message has been successfully sent. For | |
778 | the moment, ignore open failures. Write the log entry as a single write() to a | |
779 | file opened for appending, in order to avoid interleaving of output from | |
780 | different processes. The log_buffer can be used exactly as for main log | |
781 | writing. */ | |
782 | ||
0a6c178c | 783 | if (logfile) |
0756eb3c PH |
784 | { |
785 | int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode); | |
786 | if (log_fd >= 0) | |
787 | { | |
f3ebb786 JH |
788 | gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs; |
789 | ||
790 | /* Use taint-unchecked routines for writing into log_buffer, trusting | |
791 | that we'll never expand it. */ | |
792 | ||
0756eb3c | 793 | DEBUG(D_transport) debug_printf("logging message details\n"); |
f3ebb786 | 794 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log)); |
0a6c178c | 795 | if (from) |
f3ebb786 | 796 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from); |
0a6c178c | 797 | if (to) |
f3ebb786 | 798 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to); |
0a6c178c | 799 | if (cc) |
f3ebb786 | 800 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc); |
0a6c178c | 801 | if (bcc) |
f3ebb786 | 802 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc); |
0a6c178c | 803 | if (subject) |
f3ebb786 | 804 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject); |
0a6c178c | 805 | if (headers) |
f3ebb786 JH |
806 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers); |
807 | if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd)) | |
1ac6b2e7 JH |
808 | DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " |
809 | "transport\n", logfile, tblock->name); | |
0756eb3c PH |
810 | } |
811 | else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s " | |
812 | "transport: %s\n", logfile, tblock->name, strerror(errno)); | |
813 | } | |
814 | ||
815 | END_OFF: | |
d315eda1 | 816 | if (dbm_file) EXIM_DBCLOSE(dbm_file); |
f1e894f3 | 817 | if (cache_fd > 0) (void)close(cache_fd); |
0756eb3c PH |
818 | |
819 | DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name); | |
820 | ||
821 | return FALSE; | |
822 | } | |
823 | ||
d185889f | 824 | #endif /*!MACRO_PREDEF*/ |
0756eb3c | 825 | /* End of transport/autoreply.c */ |