Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
0756eb3c PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | ||
9 | #include "../exim.h" | |
10 | #include "autoreply.h" | |
11 | ||
12 | ||
13 | ||
14 | /* Options specific to the autoreply transport. They must be in alphabetic | |
15 | order (note that "_" comes before the lower case letters). Those starting | |
16 | with "*" are not settable by the user but are used by the option-reading | |
17 | software for alternative value types. Some options are publicly visible and so | |
18 | are stored in the driver instance block. These are flagged with opt_public. */ | |
19 | ||
20 | optionlist autoreply_transport_options[] = { | |
21 | { "bcc", opt_stringptr, | |
22 | (void *)offsetof(autoreply_transport_options_block, bcc) }, | |
23 | { "cc", opt_stringptr, | |
24 | (void *)offsetof(autoreply_transport_options_block, cc) }, | |
25 | { "file", opt_stringptr, | |
26 | (void *)offsetof(autoreply_transport_options_block, file) }, | |
27 | { "file_expand", opt_bool, | |
28 | (void *)offsetof(autoreply_transport_options_block, file_expand) }, | |
29 | { "file_optional", opt_bool, | |
30 | (void *)offsetof(autoreply_transport_options_block, file_optional) }, | |
31 | { "from", opt_stringptr, | |
32 | (void *)offsetof(autoreply_transport_options_block, from) }, | |
33 | { "headers", opt_stringptr, | |
34 | (void *)offsetof(autoreply_transport_options_block, headers) }, | |
35 | { "log", opt_stringptr, | |
36 | (void *)offsetof(autoreply_transport_options_block, logfile) }, | |
37 | { "mode", opt_octint, | |
38 | (void *)offsetof(autoreply_transport_options_block, mode) }, | |
39 | { "never_mail", opt_stringptr, | |
40 | (void *)offsetof(autoreply_transport_options_block, never_mail) }, | |
41 | { "once", opt_stringptr, | |
42 | (void *)offsetof(autoreply_transport_options_block, oncelog) }, | |
43 | { "once_file_size", opt_int, | |
44 | (void *)offsetof(autoreply_transport_options_block, once_file_size) }, | |
45 | { "once_repeat", opt_stringptr, | |
46 | (void *)offsetof(autoreply_transport_options_block, once_repeat) }, | |
47 | { "reply_to", opt_stringptr, | |
48 | (void *)offsetof(autoreply_transport_options_block, reply_to) }, | |
49 | { "return_message", opt_bool, | |
50 | (void *)offsetof(autoreply_transport_options_block, return_message) }, | |
51 | { "subject", opt_stringptr, | |
52 | (void *)offsetof(autoreply_transport_options_block, subject) }, | |
53 | { "text", opt_stringptr, | |
54 | (void *)offsetof(autoreply_transport_options_block, text) }, | |
55 | { "to", opt_stringptr, | |
56 | (void *)offsetof(autoreply_transport_options_block, to) }, | |
57 | }; | |
58 | ||
59 | /* Size of the options list. An extern variable has to be used so that its | |
60 | address can appear in the tables drtables.c. */ | |
61 | ||
62 | int autoreply_transport_options_count = | |
63 | sizeof(autoreply_transport_options)/sizeof(optionlist); | |
64 | ||
d185889f JH |
65 | |
66 | #ifdef MACRO_PREDEF | |
67 | ||
68 | /* Dummy values */ | |
69 | autoreply_transport_options_block autoreply_transport_option_defaults = {0}; | |
70 | void autoreply_transport_init(transport_instance *tblock) {} | |
71 | BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;} | |
72 | ||
73 | #else /*!MACRO_PREDEF*/ | |
74 | ||
75 | ||
0756eb3c PH |
76 | /* Default private options block for the autoreply transport. */ |
77 | ||
78 | autoreply_transport_options_block autoreply_transport_option_defaults = { | |
79 | NULL, /* from */ | |
80 | NULL, /* reply_to */ | |
81 | NULL, /* to */ | |
82 | NULL, /* cc */ | |
83 | NULL, /* bcc */ | |
84 | NULL, /* subject */ | |
85 | NULL, /* headers */ | |
86 | NULL, /* text */ | |
87 | NULL, /* file */ | |
88 | NULL, /* logfile */ | |
89 | NULL, /* oncelog */ | |
90 | NULL, /* once_repeat */ | |
91 | NULL, /* never_mail */ | |
92 | 0600, /* mode */ | |
93 | 0, /* once_file_size */ | |
94 | FALSE, /* file_expand */ | |
95 | FALSE, /* file_optional */ | |
96 | FALSE /* return message */ | |
97 | }; | |
98 | ||
99 | ||
100 | ||
101 | /* Type of text for the checkexpand() function */ | |
102 | ||
103 | enum { cke_text, cke_hdr, cke_file }; | |
104 | ||
105 | ||
106 | ||
107 | /************************************************* | |
108 | * Initialization entry point * | |
109 | *************************************************/ | |
110 | ||
111 | /* Called for each instance, after its options have been read, to | |
112 | enable consistency checks to be done, or anything else that needs | |
113 | to be set up. */ | |
114 | ||
115 | void | |
116 | autoreply_transport_init(transport_instance *tblock) | |
117 | { | |
118 | /* | |
119 | autoreply_transport_options_block *ob = | |
120 | (autoreply_transport_options_block *)(tblock->options_block); | |
121 | */ | |
122 | ||
123 | /* If a fixed uid field is set, then a gid field must also be set. */ | |
124 | ||
125 | if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL) | |
126 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, | |
127 | "user set without group for the %s transport", tblock->name); | |
128 | } | |
129 | ||
130 | ||
131 | ||
132 | ||
133 | /************************************************* | |
134 | * Expand string and check * | |
135 | *************************************************/ | |
136 | ||
137 | /* If the expansion fails, the error is set up in the address. Expanded | |
138 | strings must be checked to ensure they contain only printing characters | |
139 | and white space. If not, the function fails. | |
140 | ||
141 | Arguments: | |
142 | s string to expand | |
143 | addr address that is being worked on | |
144 | name transport name, for error text | |
145 | type type, for checking content: | |
146 | cke_text => no check | |
147 | cke_hdr => header, allow \n + whitespace | |
148 | cke_file => file name, no non-printers allowed | |
149 | ||
150 | Returns: expanded string if expansion succeeds; | |
151 | NULL otherwise | |
152 | */ | |
153 | ||
154 | static uschar * | |
155 | checkexpand(uschar *s, address_item *addr, uschar *name, int type) | |
156 | { | |
0756eb3c PH |
157 | uschar *ss = expand_string(s); |
158 | ||
481e63ca | 159 | if (!ss) |
0756eb3c PH |
160 | { |
161 | addr->transport_return = FAIL; | |
162 | addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: " | |
163 | "%s", s, name, expand_string_message); | |
164 | return NULL; | |
165 | } | |
166 | ||
d7978c0f | 167 | if (type != cke_text) for (uschar * t = ss; *t != 0; t++) |
0756eb3c PH |
168 | { |
169 | int c = *t; | |
55414b25 | 170 | const uschar * sp; |
0756eb3c PH |
171 | if (mac_isprint(c)) continue; |
172 | if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue; | |
55414b25 | 173 | sp = string_printing(s); |
0756eb3c PH |
174 | addr->transport_return = FAIL; |
175 | addr->message = string_sprintf("Expansion of \"%s\" in %s transport " | |
55414b25 | 176 | "contains non-printing character %d", sp, name, c); |
0756eb3c PH |
177 | return NULL; |
178 | } | |
179 | ||
180 | return ss; | |
181 | } | |
182 | ||
183 | ||
184 | ||
185 | ||
186 | /************************************************* | |
187 | * Check a header line for never_mail * | |
188 | *************************************************/ | |
189 | ||
190 | /* This is called to check to, cc, and bcc for addresses in the never_mail | |
191 | list. Any that are found are removed. | |
192 | ||
193 | Arguments: | |
194 | listptr points to the list of addresses | |
195 | never_mail an address list, already expanded | |
196 | ||
197 | Returns: nothing | |
198 | */ | |
199 | ||
200 | static void | |
55414b25 | 201 | check_never_mail(uschar **listptr, const uschar *never_mail) |
0756eb3c PH |
202 | { |
203 | uschar *s = *listptr; | |
204 | ||
205 | while (*s != 0) | |
206 | { | |
207 | uschar *error, *next; | |
208 | uschar *e = parse_find_address_end(s, FALSE); | |
209 | int terminator = *e; | |
210 | int start, end, domain, rc; | |
211 | ||
212 | /* Temporarily terminate the string at the address end while extracting | |
213 | the operative address within. */ | |
214 | ||
215 | *e = 0; | |
216 | next = parse_extract_address(s, &error, &start, &end, &domain, FALSE); | |
217 | *e = terminator; | |
218 | ||
219 | /* If there is some kind of syntax error, just give up on this header | |
220 | line. */ | |
221 | ||
222 | if (next == NULL) break; | |
223 | ||
224 | /* See if the address is on the never_mail list */ | |
225 | ||
226 | rc = match_address_list(next, /* address to check */ | |
227 | TRUE, /* start caseless */ | |
228 | FALSE, /* don't expand the list */ | |
229 | &never_mail, /* the list */ | |
230 | NULL, /* no caching */ | |
231 | -1, /* no expand setup */ | |
232 | 0, /* separator from list */ | |
233 | NULL); /* no lookup value return */ | |
234 | ||
235 | if (rc == OK) /* Remove this address */ | |
236 | { | |
237 | DEBUG(D_transport) | |
238 | debug_printf("discarding recipient %s (matched never_mail)\n", next); | |
239 | if (terminator == ',') e++; | |
240 | memmove(s, e, Ustrlen(e) + 1); | |
241 | } | |
242 | else /* Skip over this address */ | |
243 | { | |
244 | s = e; | |
245 | if (terminator == ',') s++; | |
246 | } | |
247 | } | |
248 | ||
249 | /* Check to see if we removed the last address, leaving a terminating comma | |
250 | that needs to be removed */ | |
251 | ||
252 | s = *listptr + Ustrlen(*listptr); | |
253 | while (s > *listptr && (isspace(s[-1]) || s[-1] == ',')) s--; | |
254 | *s = 0; | |
255 | ||
256 | /* Check to see if there any addresses left; if not, set NULL */ | |
257 | ||
258 | s = *listptr; | |
259 | while (s != 0 && isspace(*s)) s++; | |
260 | if (*s == 0) *listptr = NULL; | |
261 | } | |
262 | ||
263 | ||
264 | ||
265 | /************************************************* | |
266 | * Main entry point * | |
267 | *************************************************/ | |
268 | ||
269 | /* See local README for interface details. This transport always returns | |
270 | FALSE, indicating that the top address has the status for all - though in fact | |
271 | this transport can handle only one address at at time anyway. */ | |
272 | ||
273 | BOOL | |
274 | autoreply_transport_entry( | |
275 | transport_instance *tblock, /* data for this instantiation */ | |
276 | address_item *addr) /* address we are working on */ | |
277 | { | |
278 | int fd, pid, rc; | |
279 | int cache_fd = -1; | |
0756eb3c PH |
280 | int cache_size = 0; |
281 | int add_size = 0; | |
282 | EXIM_DB *dbm_file = NULL; | |
283 | BOOL file_expand, return_message; | |
284 | uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file; | |
285 | uschar *logfile, *oncelog; | |
286 | uschar *cache_buff = NULL; | |
287 | uschar *cache_time = NULL; | |
30dba1e6 | 288 | uschar *message_id = NULL; |
0756eb3c PH |
289 | header_line *h; |
290 | time_t now = time(NULL); | |
291 | time_t once_repeat_sec = 0; | |
8768d548 | 292 | FILE *fp; |
0756eb3c PH |
293 | FILE *ff = NULL; |
294 | ||
295 | autoreply_transport_options_block *ob = | |
296 | (autoreply_transport_options_block *)(tblock->options_block); | |
297 | ||
298 | DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name); | |
299 | ||
300 | /* Set up for the good case */ | |
301 | ||
302 | addr->transport_return = OK; | |
303 | addr->basic_errno = 0; | |
304 | ||
305 | /* If the address is pointing to a reply block, then take all the data | |
306 | from that block. It has typically been set up by a mail filter processing | |
307 | router. Otherwise, the data must be supplied by this transport, and | |
308 | it has to be expanded here. */ | |
309 | ||
481e63ca | 310 | if (addr->reply) |
0756eb3c PH |
311 | { |
312 | DEBUG(D_transport) debug_printf("taking data from address\n"); | |
313 | from = addr->reply->from; | |
314 | reply_to = addr->reply->reply_to; | |
315 | to = addr->reply->to; | |
316 | cc = addr->reply->cc; | |
317 | bcc = addr->reply->bcc; | |
318 | subject = addr->reply->subject; | |
319 | headers = addr->reply->headers; | |
320 | text = addr->reply->text; | |
321 | file = addr->reply->file; | |
322 | logfile = addr->reply->logfile; | |
323 | oncelog = addr->reply->oncelog; | |
324 | once_repeat_sec = addr->reply->once_repeat; | |
325 | file_expand = addr->reply->file_expand; | |
326 | expand_forbid = addr->reply->expand_forbid; | |
327 | return_message = addr->reply->return_message; | |
328 | } | |
329 | else | |
330 | { | |
331 | uschar *oncerepeat = ob->once_repeat; | |
332 | ||
333 | DEBUG(D_transport) debug_printf("taking data from transport\n"); | |
334 | from = ob->from; | |
335 | reply_to = ob->reply_to; | |
336 | to = ob->to; | |
337 | cc = ob->cc; | |
338 | bcc = ob->bcc; | |
339 | subject = ob->subject; | |
340 | headers = ob->headers; | |
341 | text = ob->text; | |
342 | file = ob->file; | |
343 | logfile = ob->logfile; | |
344 | oncelog = ob->oncelog; | |
345 | file_expand = ob->file_expand; | |
346 | return_message = ob->return_message; | |
347 | ||
0a6c178c JH |
348 | if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr)) |
349 | || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr)) | |
350 | || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr)) | |
351 | || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr)) | |
352 | || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr)) | |
353 | || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr)) | |
354 | || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text)) | |
355 | || text && !(text = checkexpand(text, addr, tblock->name, cke_text)) | |
356 | || file && !(file = checkexpand(file, addr, tblock->name, cke_file)) | |
357 | || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file)) | |
358 | || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file)) | |
359 | || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file)) | |
360 | ) | |
0756eb3c PH |
361 | return FALSE; |
362 | ||
0a6c178c | 363 | if (oncerepeat) |
0756eb3c PH |
364 | { |
365 | once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE); | |
366 | if (once_repeat_sec < 0) | |
367 | { | |
368 | addr->transport_return = FAIL; | |
369 | addr->message = string_sprintf("Invalid time value \"%s\" for " | |
370 | "\"once_repeat\" in %s transport", oncerepeat, tblock->name); | |
371 | return FALSE; | |
372 | } | |
373 | } | |
374 | } | |
375 | ||
376 | /* If the never_mail option is set, we have to scan all the recipients and | |
377 | remove those that match. */ | |
378 | ||
0a6c178c | 379 | if (ob->never_mail) |
0756eb3c | 380 | { |
55414b25 | 381 | const uschar *never_mail = expand_string(ob->never_mail); |
0756eb3c | 382 | |
0a6c178c | 383 | if (!never_mail) |
0756eb3c PH |
384 | { |
385 | addr->transport_return = FAIL; | |
386 | addr->message = string_sprintf("Failed to expand \"%s\" for " | |
387 | "\"never_mail\" in %s transport", ob->never_mail, tblock->name); | |
388 | return FALSE; | |
389 | } | |
390 | ||
0a6c178c JH |
391 | if (to) check_never_mail(&to, never_mail); |
392 | if (cc) check_never_mail(&cc, never_mail); | |
393 | if (bcc) check_never_mail(&bcc, never_mail); | |
0756eb3c | 394 | |
0a6c178c | 395 | if (!to && !cc && !bcc) |
0756eb3c PH |
396 | { |
397 | DEBUG(D_transport) | |
398 | debug_printf("*** all recipients removed by never_mail\n"); | |
399 | return OK; | |
400 | } | |
401 | } | |
402 | ||
403 | /* If the -N option is set, can't do any more. */ | |
404 | ||
8768d548 | 405 | if (f.dont_deliver) |
0756eb3c PH |
406 | { |
407 | DEBUG(D_transport) | |
408 | debug_printf("*** delivery by %s transport bypassed by -N option\n", | |
409 | tblock->name); | |
410 | return FALSE; | |
411 | } | |
412 | ||
413 | ||
414 | /* If the oncelog field is set, we send want to send only one message to the | |
415 | given recipient(s). This works only on the "To" field. If there is no "To" | |
416 | field, the message is always sent. If the To: field contains more than one | |
417 | recipient, the effect might not be quite as envisaged. If once_file_size is | |
418 | set, instead of a dbm file, we use a regular file containing a circular buffer | |
419 | recipient cache. */ | |
420 | ||
481e63ca | 421 | if (oncelog && *oncelog && to) |
0756eb3c PH |
422 | { |
423 | time_t then = 0; | |
424 | ||
481e63ca JH |
425 | if (is_tainted(oncelog)) |
426 | { | |
427 | addr->transport_return = DEFER; | |
428 | addr->basic_errno = EACCES; | |
429 | addr->message = string_sprintf("Tainted '%s' (once file for %s transport)" | |
430 | " not permitted", oncelog, tblock->name); | |
431 | goto END_OFF; | |
432 | } | |
433 | ||
0756eb3c PH |
434 | /* Handle fixed-size cache file. */ |
435 | ||
436 | if (ob->once_file_size > 0) | |
437 | { | |
d7978c0f | 438 | uschar * nextp; |
0756eb3c | 439 | struct stat statbuf; |
0756eb3c | 440 | |
481e63ca | 441 | cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode); |
0756eb3c PH |
442 | if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) |
443 | { | |
444 | addr->transport_return = DEFER; | |
6e0fddef | 445 | addr->basic_errno = errno; |
0756eb3c PH |
446 | addr->message = string_sprintf("Failed to %s \"once\" file %s when " |
447 | "sending message from %s transport: %s", | |
6e0fddef | 448 | cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); |
0756eb3c PH |
449 | goto END_OFF; |
450 | } | |
451 | ||
452 | /* Get store in the temporary pool and read the entire file into it. We get | |
453 | an amount of store that is big enough to add the new entry on the end if we | |
454 | need to do that. */ | |
455 | ||
456 | cache_size = statbuf.st_size; | |
457 | add_size = sizeof(time_t) + Ustrlen(to) + 1; | |
f3ebb786 | 458 | cache_buff = store_get(cache_size + add_size, is_tainted(oncelog)); |
0756eb3c PH |
459 | |
460 | if (read(cache_fd, cache_buff, cache_size) != cache_size) | |
461 | { | |
462 | addr->transport_return = DEFER; | |
463 | addr->basic_errno = errno; | |
464 | addr->message = US"error while reading \"once\" file"; | |
465 | goto END_OFF; | |
466 | } | |
467 | ||
468 | DEBUG(D_transport) debug_printf("%d bytes read from %s\n", cache_size, oncelog); | |
469 | ||
470 | /* Scan the data for this recipient. Each entry in the file starts with | |
471 | a time_t sized time value, followed by the address, followed by a binary | |
472 | zero. If we find a match, put the time into "then", and the place where it | |
473 | was found into "cache_time". Otherwise, "then" is left at zero. */ | |
474 | ||
d7978c0f | 475 | for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp) |
0756eb3c PH |
476 | { |
477 | uschar *s = p + sizeof(time_t); | |
0a6c178c | 478 | nextp = s + Ustrlen(s) + 1; |
0756eb3c PH |
479 | if (Ustrcmp(to, s) == 0) |
480 | { | |
481 | memcpy(&then, p, sizeof(time_t)); | |
482 | cache_time = p; | |
483 | break; | |
484 | } | |
0756eb3c PH |
485 | } |
486 | } | |
487 | ||
488 | /* Use a DBM file for the list of previous recipients. */ | |
489 | ||
490 | else | |
491 | { | |
492 | EXIM_DATUM key_datum, result_datum; | |
cfb9cf20 JH |
493 | uschar * dirname = string_copy(oncelog); |
494 | uschar * s; | |
495 | ||
496 | if ((s = Ustrrchr(dirname, '/'))) *s = '\0'; | |
497 | EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file); | |
d315eda1 | 498 | if (!dbm_file) |
0756eb3c PH |
499 | { |
500 | addr->transport_return = DEFER; | |
6e0fddef | 501 | addr->basic_errno = errno; |
0756eb3c PH |
502 | addr->message = string_sprintf("Failed to open %s file %s when sending " |
503 | "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, | |
504 | strerror(errno)); | |
505 | goto END_OFF; | |
506 | } | |
507 | ||
508 | EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need datums */ | |
509 | EXIM_DATUM_INIT(result_datum); /* to be cleared */ | |
510 | EXIM_DATUM_DATA(key_datum) = CS to; | |
511 | EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1; | |
512 | ||
513 | if (EXIM_DBGET(dbm_file, key_datum, result_datum)) | |
514 | { | |
515 | /* If the datum size is that of a binary time, we are in the new world | |
516 | where messages are sent periodically. Otherwise the file is an old one, | |
517 | where the datum was filled with a tod_log time, which is assumed to be | |
518 | different in size. For that, only one message is ever sent. This change | |
519 | introduced at Exim 3.00. In a couple of years' time the test on the size | |
520 | can be abolished. */ | |
521 | ||
522 | if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t)) | |
0756eb3c | 523 | memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t)); |
0a6c178c JH |
524 | else |
525 | then = now; | |
0756eb3c PH |
526 | } |
527 | } | |
528 | ||
529 | /* Either "then" is set zero, if no message has yet been sent, or it | |
530 | is set to the time of the last sending. */ | |
531 | ||
532 | if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec)) | |
533 | { | |
13559da6 | 534 | int log_fd; |
481e63ca JH |
535 | if (is_tainted(logfile)) |
536 | { | |
537 | addr->transport_return = DEFER; | |
538 | addr->basic_errno = EACCES; | |
539 | addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)" | |
540 | " not permitted", logfile, tblock->name); | |
541 | goto END_OFF; | |
542 | } | |
543 | ||
0756eb3c PH |
544 | DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to, |
545 | (once_repeat_sec > 0)? " and repeat time not reached" : ""); | |
13559da6 | 546 | log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1; |
0756eb3c PH |
547 | if (log_fd >= 0) |
548 | { | |
549 | uschar *ptr = log_buffer; | |
550 | sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to); | |
551 | while(*ptr) ptr++; | |
1ac6b2e7 JH |
552 | if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer |
553 | || close(log_fd)) | |
554 | DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " | |
555 | "transport\n", logfile, tblock->name); | |
0756eb3c PH |
556 | } |
557 | goto END_OFF; | |
558 | } | |
559 | ||
560 | DEBUG(D_transport) debug_printf("%s %s\n", (then <= 0)? | |
561 | "no previous message sent to" : "repeat time reached for", to); | |
562 | } | |
563 | ||
564 | /* We are going to send a message. Ensure any requested file is available. */ | |
481e63ca | 565 | if (file) |
0756eb3c | 566 | { |
481e63ca JH |
567 | if (is_tainted(file)) |
568 | { | |
569 | addr->transport_return = DEFER; | |
570 | addr->basic_errno = EACCES; | |
571 | addr->message = string_sprintf("Tainted '%s' (file for %s transport)" | |
572 | " not permitted", file, tblock->name); | |
573 | return FALSE; | |
574 | } | |
575 | if (!(ff = Ufopen(file, "rb")) && !ob->file_optional) | |
576 | { | |
577 | addr->transport_return = DEFER; | |
578 | addr->basic_errno = errno; | |
579 | addr->message = string_sprintf("Failed to open file %s when sending " | |
580 | "message from %s transport: %s", file, tblock->name, strerror(errno)); | |
581 | return FALSE; | |
582 | } | |
0756eb3c PH |
583 | } |
584 | ||
585 | /* Make a subprocess to send the message */ | |
586 | ||
587 | pid = child_open_exim(&fd); | |
588 | ||
589 | /* Creation of child failed; defer this delivery. */ | |
590 | ||
591 | if (pid < 0) | |
592 | { | |
593 | addr->transport_return = DEFER; | |
6e0fddef | 594 | addr->basic_errno = errno; |
0756eb3c PH |
595 | addr->message = string_sprintf("Failed to create child process to send " |
596 | "message from %s transport: %s", tblock->name, strerror(errno)); | |
597 | DEBUG(D_transport) debug_printf("%s\n", addr->message); | |
0a6c178c | 598 | if (dbm_file) EXIM_DBCLOSE(dbm_file); |
0756eb3c PH |
599 | return FALSE; |
600 | } | |
601 | ||
602 | /* Create the message to be sent - recipients are taken from the headers, | |
603 | as the -t option is used. The "headers" stuff *must* be last in case there | |
604 | are newlines in it which might, if placed earlier, screw up other headers. */ | |
605 | ||
8768d548 | 606 | fp = fdopen(fd, "wb"); |
0756eb3c | 607 | |
8768d548 JH |
608 | if (from) fprintf(fp, "From: %s\n", from); |
609 | if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to); | |
610 | if (to) fprintf(fp, "To: %s\n", to); | |
611 | if (cc) fprintf(fp, "Cc: %s\n", cc); | |
612 | if (bcc) fprintf(fp, "Bcc: %s\n", bcc); | |
613 | if (subject) fprintf(fp, "Subject: %s\n", subject); | |
0756eb3c PH |
614 | |
615 | /* Generate In-Reply-To from the message_id header; there should | |
616 | always be one, but code defensively. */ | |
617 | ||
0a6c178c | 618 | for (h = header_list; h; h = h->next) |
0756eb3c PH |
619 | if (h->type == htype_id) break; |
620 | ||
0a6c178c | 621 | if (h) |
0756eb3c | 622 | { |
30dba1e6 PH |
623 | message_id = Ustrchr(h->text, ':') + 1; |
624 | while (isspace(*message_id)) message_id++; | |
8768d548 | 625 | fprintf(fp, "In-Reply-To: %s", message_id); |
30dba1e6 PH |
626 | } |
627 | ||
d6c829b9 | 628 | moan_write_references(fp, message_id); |
0756eb3c PH |
629 | |
630 | /* Add an Auto-Submitted: header */ | |
631 | ||
8768d548 | 632 | fprintf(fp, "Auto-Submitted: auto-replied\n"); |
0756eb3c PH |
633 | |
634 | /* Add any specially requested headers */ | |
635 | ||
8768d548 JH |
636 | if (headers) fprintf(fp, "%s\n", headers); |
637 | fprintf(fp, "\n"); | |
0756eb3c | 638 | |
0a6c178c | 639 | if (text) |
0756eb3c | 640 | { |
8768d548 JH |
641 | fprintf(fp, "%s", CS text); |
642 | if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n"); | |
0756eb3c PH |
643 | } |
644 | ||
0a6c178c | 645 | if (ff) |
0756eb3c PH |
646 | { |
647 | while (Ufgets(big_buffer, big_buffer_size, ff) != NULL) | |
648 | { | |
649 | if (file_expand) | |
650 | { | |
651 | uschar *s = expand_string(big_buffer); | |
652 | DEBUG(D_transport) | |
653 | { | |
0a6c178c | 654 | if (!s) |
0756eb3c PH |
655 | debug_printf("error while expanding line from file:\n %s\n %s\n", |
656 | big_buffer, expand_string_message); | |
657 | } | |
8768d548 | 658 | fprintf(fp, "%s", s ? CS s : CS big_buffer); |
0756eb3c | 659 | } |
8768d548 | 660 | else fprintf(fp, "%s", CS big_buffer); |
0756eb3c | 661 | } |
e0eb00cd | 662 | (void) fclose(ff); |
0756eb3c PH |
663 | } |
664 | ||
665 | /* Copy the original message if required, observing the return size | |
9f526266 | 666 | limit if we are returning the body. */ |
0756eb3c PH |
667 | |
668 | if (return_message) | |
669 | { | |
9f526266 PH |
670 | uschar *rubric = (tblock->headers_only)? |
671 | US"------ This is a copy of the message's header lines.\n" | |
672 | : (tblock->body_only)? | |
673 | US"------ This is a copy of the body of the message, without the headers.\n" | |
674 | : | |
675 | US"------ This is a copy of the message, including all the headers.\n"; | |
65de12cc | 676 | transport_ctx tctx = { |
8768d548 | 677 | .u = {.fd = fileno(fp)}, |
b3b37076 JH |
678 | .tblock = tblock, |
679 | .addr = addr, | |
680 | .check_string = NULL, | |
681 | .escape_string = NULL, | |
682 | .options = (tblock->body_only ? topt_no_headers : 0) | |
683 | | (tblock->headers_only ? topt_no_body : 0) | |
684 | | (tblock->return_path_add ? topt_add_return_path : 0) | |
685 | | (tblock->delivery_date_add ? topt_add_delivery_date : 0) | |
686 | | (tblock->envelope_to_add ? topt_add_envelope_to : 0) | |
687 | | topt_not_socket | |
65de12cc | 688 | }; |
9f526266 PH |
689 | |
690 | if (bounce_return_size_limit > 0 && !tblock->headers_only) | |
0756eb3c PH |
691 | { |
692 | struct stat statbuf; | |
693 | int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) * | |
694 | DELIVER_IN_BUFFER_SIZE; | |
695 | if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max) | |
696 | { | |
8768d548 | 697 | fprintf(fp, "\n%s" |
b1c749bb | 698 | "------ The body of the message is " OFF_T_FMT " characters long; only the first\n" |
9f526266 | 699 | "------ %d or so are included here.\n\n", rubric, statbuf.st_size, |
0d7eb84a | 700 | (max/1000)*1000); |
0756eb3c | 701 | } |
8768d548 | 702 | else fprintf(fp, "\n%s\n", rubric); |
0756eb3c | 703 | } |
8768d548 | 704 | else fprintf(fp, "\n%s\n", rubric); |
0756eb3c | 705 | |
8768d548 | 706 | fflush(fp); |
0756eb3c | 707 | transport_count = 0; |
42055a33 | 708 | transport_write_message(&tctx, bounce_return_size_limit); |
0756eb3c PH |
709 | } |
710 | ||
711 | /* End the message and wait for the child process to end; no timeout. */ | |
712 | ||
8768d548 | 713 | (void)fclose(fp); |
0756eb3c PH |
714 | rc = child_close(pid, 0); |
715 | ||
716 | /* Update the "sent to" log whatever the yield. This errs on the side of | |
717 | missing out a message rather than risking sending more than one. We either have | |
718 | cache_fd set to a fixed size, circular buffer file, or dbm_file set to an open | |
719 | DBM file (or neither, if "once" is not set). */ | |
720 | ||
721 | /* Update fixed-size cache file. If cache_time is set, we found a previous | |
722 | entry; that is the spot into which to put the current time. Otherwise we have | |
723 | to add a new record; remove the first one in the file if the file is too big. | |
724 | We always rewrite the entire file in a single write operation. This is | |
725 | (hopefully) going to be the safest thing because there is no interlocking | |
726 | between multiple simultaneous deliveries. */ | |
727 | ||
728 | if (cache_fd >= 0) | |
729 | { | |
730 | uschar *from = cache_buff; | |
731 | int size = cache_size; | |
0756eb3c | 732 | |
d315eda1 | 733 | if (lseek(cache_fd, 0, SEEK_SET) == 0) |
0756eb3c | 734 | { |
d315eda1 | 735 | if (!cache_time) |
0756eb3c | 736 | { |
d315eda1 JH |
737 | cache_time = from + size; |
738 | memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t)); | |
739 | size += add_size; | |
740 | ||
741 | if (cache_size > 0 && size > ob->once_file_size) | |
742 | { | |
743 | from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1; | |
744 | size -= (from - cache_buff); | |
745 | } | |
0756eb3c | 746 | } |
0756eb3c | 747 | |
d315eda1 JH |
748 | memcpy(cache_time, &now, sizeof(time_t)); |
749 | if(write(cache_fd, from, size) != size) | |
750 | DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s " | |
751 | "transport\n", oncelog, tblock->name); | |
752 | } | |
0756eb3c PH |
753 | } |
754 | ||
755 | /* Update DBM file */ | |
756 | ||
d315eda1 | 757 | else if (dbm_file) |
0756eb3c PH |
758 | { |
759 | EXIM_DATUM key_datum, value_datum; | |
760 | EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */ | |
761 | EXIM_DATUM_INIT(value_datum); /* cleared datums. */ | |
762 | EXIM_DATUM_DATA(key_datum) = CS to; | |
763 | EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1; | |
764 | ||
765 | /* Many OS define the datum value, sensibly, as a void *. However, there | |
766 | are some which still have char *. By casting this address to a char * we | |
767 | can avoid warning messages from the char * systems. */ | |
768 | ||
769 | EXIM_DATUM_DATA(value_datum) = CS (&now); | |
770 | EXIM_DATUM_SIZE(value_datum) = (int)sizeof(time_t); | |
771 | EXIM_DBPUT(dbm_file, key_datum, value_datum); | |
772 | } | |
773 | ||
774 | /* If sending failed, defer to try again - but if once is set the next | |
775 | try will skip, of course. However, if there were no recipients in the | |
776 | message, we do not fail. */ | |
777 | ||
778 | if (rc != 0) | |
0756eb3c PH |
779 | if (rc == EXIT_NORECIPIENTS) |
780 | { | |
781 | DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n", | |
782 | tblock->name); | |
783 | } | |
784 | else | |
785 | { | |
786 | addr->transport_return = DEFER; | |
787 | addr->message = string_sprintf("Failed to send message from %s " | |
788 | "transport (%d)", tblock->name, rc); | |
789 | goto END_OFF; | |
790 | } | |
0756eb3c PH |
791 | |
792 | /* Log the sending of the message if successful and required. If the file | |
793 | fails to open, it's hard to know what to do. We cannot write to the Exim | |
794 | log from here, since we may be running under an unprivileged uid. We don't | |
795 | want to fail the delivery, since the message has been successfully sent. For | |
796 | the moment, ignore open failures. Write the log entry as a single write() to a | |
797 | file opened for appending, in order to avoid interleaving of output from | |
798 | different processes. The log_buffer can be used exactly as for main log | |
799 | writing. */ | |
800 | ||
0a6c178c | 801 | if (logfile) |
0756eb3c PH |
802 | { |
803 | int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode); | |
804 | if (log_fd >= 0) | |
805 | { | |
f3ebb786 JH |
806 | gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs; |
807 | ||
808 | /* Use taint-unchecked routines for writing into log_buffer, trusting | |
809 | that we'll never expand it. */ | |
810 | ||
0756eb3c | 811 | DEBUG(D_transport) debug_printf("logging message details\n"); |
f3ebb786 | 812 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log)); |
0a6c178c | 813 | if (from) |
f3ebb786 | 814 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from); |
0a6c178c | 815 | if (to) |
f3ebb786 | 816 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to); |
0a6c178c | 817 | if (cc) |
f3ebb786 | 818 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc); |
0a6c178c | 819 | if (bcc) |
f3ebb786 | 820 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc); |
0a6c178c | 821 | if (subject) |
f3ebb786 | 822 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject); |
0a6c178c | 823 | if (headers) |
f3ebb786 JH |
824 | g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers); |
825 | if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd)) | |
1ac6b2e7 JH |
826 | DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " |
827 | "transport\n", logfile, tblock->name); | |
0756eb3c PH |
828 | } |
829 | else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s " | |
830 | "transport: %s\n", logfile, tblock->name, strerror(errno)); | |
831 | } | |
832 | ||
833 | END_OFF: | |
d315eda1 | 834 | if (dbm_file) EXIM_DBCLOSE(dbm_file); |
f1e894f3 | 835 | if (cache_fd > 0) (void)close(cache_fd); |
0756eb3c PH |
836 | |
837 | DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name); | |
838 | ||
839 | return FALSE; | |
840 | } | |
841 | ||
d185889f | 842 | #endif /*!MACRO_PREDEF*/ |
0756eb3c | 843 | /* End of transport/autoreply.c */ |