| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
| 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
| 7 | /* See the file NOTICE for conditions of use and distribution. */ |
| 8 | |
| 9 | |
| 10 | #include "../exim.h" |
| 11 | #include "lmtp.h" |
| 12 | |
| 13 | #define PENDING_OK 256 |
| 14 | |
| 15 | |
| 16 | /* Options specific to the lmtp transport. They must be in alphabetic |
| 17 | order (note that "_" comes before the lower case letters). Those starting |
| 18 | with "*" are not settable by the user but are used by the option-reading |
| 19 | software for alternative value types. Some options are stored in the transport |
| 20 | instance block so as to be publicly visible; these are flagged with opt_public. |
| 21 | */ |
| 22 | |
| 23 | optionlist lmtp_transport_options[] = { |
| 24 | { "batch_id", opt_stringptr | opt_public, |
| 25 | OPT_OFF(transport_instance, batch_id) }, |
| 26 | { "batch_max", opt_int | opt_public, |
| 27 | OPT_OFF(transport_instance, batch_max) }, |
| 28 | { "command", opt_stringptr, |
| 29 | OPT_OFF(lmtp_transport_options_block, cmd) }, |
| 30 | { "ignore_quota", opt_bool, |
| 31 | OPT_OFF(lmtp_transport_options_block, ignore_quota) }, |
| 32 | { "socket", opt_stringptr, |
| 33 | OPT_OFF(lmtp_transport_options_block, skt) }, |
| 34 | { "timeout", opt_time, |
| 35 | OPT_OFF(lmtp_transport_options_block, timeout) } |
| 36 | }; |
| 37 | |
| 38 | /* Size of the options list. An extern variable has to be used so that its |
| 39 | address can appear in the tables drtables.c. */ |
| 40 | |
| 41 | int lmtp_transport_options_count = |
| 42 | sizeof(lmtp_transport_options)/sizeof(optionlist); |
| 43 | |
| 44 | |
| 45 | #ifdef MACRO_PREDEF |
| 46 | |
| 47 | /* Dummy values */ |
| 48 | lmtp_transport_options_block lmtp_transport_option_defaults = {0}; |
| 49 | void lmtp_transport_init(transport_instance *tblock) {} |
| 50 | BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;} |
| 51 | |
| 52 | #else /*!MACRO_PREDEF*/ |
| 53 | |
| 54 | |
| 55 | /* Default private options block for the lmtp transport. */ |
| 56 | |
| 57 | lmtp_transport_options_block lmtp_transport_option_defaults = { |
| 58 | NULL, /* cmd */ |
| 59 | NULL, /* skt */ |
| 60 | 5*60, /* timeout */ |
| 61 | 0, /* options */ |
| 62 | FALSE /* ignore_quota */ |
| 63 | }; |
| 64 | |
| 65 | |
| 66 | |
| 67 | /************************************************* |
| 68 | * Initialization entry point * |
| 69 | *************************************************/ |
| 70 | |
| 71 | /* Called for each instance, after its options have been read, to |
| 72 | enable consistency checks to be done, or anything else that needs |
| 73 | to be set up. */ |
| 74 | |
| 75 | void |
| 76 | lmtp_transport_init(transport_instance *tblock) |
| 77 | { |
| 78 | lmtp_transport_options_block *ob = |
| 79 | (lmtp_transport_options_block *)(tblock->options_block); |
| 80 | |
| 81 | /* Either the command field or the socket field must be set */ |
| 82 | |
| 83 | if ((ob->cmd == NULL) == (ob->skt == NULL)) |
| 84 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, |
| 85 | "one (and only one) of command or socket must be set for the %s transport", |
| 86 | tblock->name); |
| 87 | |
| 88 | /* If a fixed uid field is set, then a gid field must also be set. */ |
| 89 | |
| 90 | if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL) |
| 91 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, |
| 92 | "user set without group for the %s transport", tblock->name); |
| 93 | |
| 94 | /* Set up the bitwise options for transport_write_message from the various |
| 95 | driver options. Only one of body_only and headers_only can be set. */ |
| 96 | |
| 97 | ob->options |= |
| 98 | (tblock->body_only? topt_no_headers : 0) | |
| 99 | (tblock->headers_only? topt_no_body : 0) | |
| 100 | (tblock->return_path_add? topt_add_return_path : 0) | |
| 101 | (tblock->delivery_date_add? topt_add_delivery_date : 0) | |
| 102 | (tblock->envelope_to_add? topt_add_envelope_to : 0) | |
| 103 | topt_use_crlf | topt_end_dot; |
| 104 | } |
| 105 | |
| 106 | |
| 107 | /************************************************* |
| 108 | * Check an LMTP response * |
| 109 | *************************************************/ |
| 110 | |
| 111 | /* This function is given an errno code and the LMTP response buffer to |
| 112 | analyse. It sets an appropriate message and puts the first digit of the |
| 113 | response code into the yield variable. If no response was actually read, a |
| 114 | suitable digit is chosen. |
| 115 | |
| 116 | Arguments: |
| 117 | errno_value pointer to the errno value |
| 118 | more_errno from the top address for use with ERRNO_FILTER_FAIL |
| 119 | buffer the LMTP response buffer |
| 120 | yield where to put a one-digit LMTP response code |
| 121 | message where to put an error message |
| 122 | |
| 123 | Returns: TRUE if a "QUIT" command should be sent, else FALSE |
| 124 | */ |
| 125 | |
| 126 | static BOOL |
| 127 | check_response(int *errno_value, int more_errno, uschar *buffer, |
| 128 | int *yield, uschar **message) |
| 129 | { |
| 130 | *yield = '4'; /* Default setting is to give a temporary error */ |
| 131 | |
| 132 | /* Handle response timeout */ |
| 133 | |
| 134 | if (*errno_value == ETIMEDOUT) |
| 135 | { |
| 136 | *message = string_sprintf("LMTP timeout after %s", big_buffer); |
| 137 | if (transport_count > 0) |
| 138 | *message = string_sprintf("%s (%d bytes written)", *message, |
| 139 | transport_count); |
| 140 | *errno_value = 0; |
| 141 | return FALSE; |
| 142 | } |
| 143 | |
| 144 | /* Handle malformed LMTP response */ |
| 145 | |
| 146 | if (*errno_value == ERRNO_SMTPFORMAT) |
| 147 | { |
| 148 | *message = string_sprintf("Malformed LMTP response after %s: %s", |
| 149 | big_buffer, string_printing(buffer)); |
| 150 | return FALSE; |
| 151 | } |
| 152 | |
| 153 | /* Handle a failed filter process error; can't send QUIT as we mustn't |
| 154 | end the DATA. */ |
| 155 | |
| 156 | if (*errno_value == ERRNO_FILTER_FAIL) |
| 157 | { |
| 158 | *message = string_sprintf("transport filter process failed (%d)%s", |
| 159 | more_errno, |
| 160 | (more_errno == EX_EXECFAILED)? ": unable to execute command" : ""); |
| 161 | return FALSE; |
| 162 | } |
| 163 | |
| 164 | /* Handle a failed add_headers expansion; can't send QUIT as we mustn't |
| 165 | end the DATA. */ |
| 166 | |
| 167 | if (*errno_value == ERRNO_CHHEADER_FAIL) |
| 168 | { |
| 169 | *message = |
| 170 | string_sprintf("failed to expand headers_add or headers_remove: %s", |
| 171 | expand_string_message); |
| 172 | return FALSE; |
| 173 | } |
| 174 | |
| 175 | /* Handle failure to write a complete data block */ |
| 176 | |
| 177 | if (*errno_value == ERRNO_WRITEINCOMPLETE) |
| 178 | { |
| 179 | *message = US"failed to write a data block"; |
| 180 | return FALSE; |
| 181 | } |
| 182 | |
| 183 | /* Handle error responses from the remote process. */ |
| 184 | |
| 185 | if (buffer[0] != 0) |
| 186 | { |
| 187 | const uschar *s = string_printing(buffer); |
| 188 | *message = string_sprintf("LMTP error after %s: %s", big_buffer, s); |
| 189 | *yield = buffer[0]; |
| 190 | return TRUE; |
| 191 | } |
| 192 | |
| 193 | /* No data was read. If there is no errno, this must be the EOF (i.e. |
| 194 | connection closed) case, which causes deferral. Otherwise, leave the errno |
| 195 | value to be interpreted. In all cases, we have to assume the connection is now |
| 196 | dead. */ |
| 197 | |
| 198 | if (*errno_value == 0) |
| 199 | { |
| 200 | *errno_value = ERRNO_SMTPCLOSED; |
| 201 | *message = string_sprintf("LMTP connection closed after %s", big_buffer); |
| 202 | } |
| 203 | |
| 204 | return FALSE; |
| 205 | } |
| 206 | |
| 207 | |
| 208 | |
| 209 | /************************************************* |
| 210 | * Write LMTP command * |
| 211 | *************************************************/ |
| 212 | |
| 213 | /* The formatted command is left in big_buffer so that it can be reflected in |
| 214 | any error message. |
| 215 | |
| 216 | Arguments: |
| 217 | fd the fd to write to |
| 218 | format a format, starting with one of |
| 219 | of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT. |
| 220 | ... data for the format |
| 221 | |
| 222 | Returns: TRUE if successful, FALSE if not, with errno set |
| 223 | */ |
| 224 | |
| 225 | static BOOL |
| 226 | lmtp_write_command(int fd, const char *format, ...) |
| 227 | { |
| 228 | gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }; |
| 229 | int rc; |
| 230 | va_list ap; |
| 231 | |
| 232 | /*XXX see comment in smtp_write_command() regarding leaving stuff in |
| 233 | big_buffer */ |
| 234 | |
| 235 | va_start(ap, format); |
| 236 | if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap)) |
| 237 | { |
| 238 | va_end(ap); |
| 239 | errno = ERRNO_SMTPFORMAT; |
| 240 | return FALSE; |
| 241 | } |
| 242 | va_end(ap); |
| 243 | DEBUG(D_transport|D_v) debug_printf(" LMTP>> %s", string_from_gstring(&gs)); |
| 244 | rc = write(fd, gs.s, gs.ptr); |
| 245 | gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */ |
| 246 | if (rc > 0) return TRUE; |
| 247 | DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno)); |
| 248 | return FALSE; |
| 249 | } |
| 250 | |
| 251 | |
| 252 | |
| 253 | |
| 254 | /************************************************* |
| 255 | * Read LMTP response * |
| 256 | *************************************************/ |
| 257 | |
| 258 | /* This function reads an LMTP response with a timeout, and returns the |
| 259 | response in the given buffer. It also analyzes the first digit of the reply |
| 260 | code and returns FALSE if it is not acceptable. |
| 261 | |
| 262 | FALSE is also returned after a reading error. In this case buffer[0] will be |
| 263 | zero, and the error code will be in errno. |
| 264 | |
| 265 | Arguments: |
| 266 | f a file to read from |
| 267 | buffer where to put the response |
| 268 | size the size of the buffer |
| 269 | okdigit the expected first digit of the response |
| 270 | timeout the timeout to use |
| 271 | |
| 272 | Returns: TRUE if a valid, non-error response was received; else FALSE |
| 273 | */ |
| 274 | |
| 275 | static BOOL |
| 276 | lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout) |
| 277 | { |
| 278 | int count; |
| 279 | uschar *ptr = buffer; |
| 280 | uschar *readptr = buffer; |
| 281 | |
| 282 | /* Ensure errno starts out zero */ |
| 283 | |
| 284 | errno = 0; |
| 285 | |
| 286 | /* Loop for handling LMTP responses that do not all come in one line. */ |
| 287 | |
| 288 | for (;;) |
| 289 | { |
| 290 | /* If buffer is too full, something has gone wrong. */ |
| 291 | |
| 292 | if (size < 10) |
| 293 | { |
| 294 | *readptr = 0; |
| 295 | errno = ERRNO_SMTPFORMAT; |
| 296 | return FALSE; |
| 297 | } |
| 298 | |
| 299 | /* Loop to cover the read getting interrupted. */ |
| 300 | |
| 301 | for (;;) |
| 302 | { |
| 303 | char *rc; |
| 304 | int save_errno; |
| 305 | |
| 306 | *readptr = 0; /* In case nothing gets read */ |
| 307 | sigalrm_seen = FALSE; |
| 308 | ALARM(timeout); |
| 309 | rc = Ufgets(readptr, size-1, f); |
| 310 | save_errno = errno; |
| 311 | ALARM_CLR(0); |
| 312 | errno = save_errno; |
| 313 | |
| 314 | if (rc != NULL) break; /* A line has been read */ |
| 315 | |
| 316 | /* Handle timeout; must do this first because it uses EINTR */ |
| 317 | |
| 318 | if (sigalrm_seen) errno = ETIMEDOUT; |
| 319 | |
| 320 | /* If some other interrupt arrived, just retry. We presume this to be rare, |
| 321 | but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes |
| 322 | read() to exit). */ |
| 323 | |
| 324 | else if (errno == EINTR) |
| 325 | { |
| 326 | DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n"); |
| 327 | continue; |
| 328 | } |
| 329 | |
| 330 | /* Handle other errors, including EOF; ensure buffer is completely empty. */ |
| 331 | |
| 332 | buffer[0] = 0; |
| 333 | return FALSE; |
| 334 | } |
| 335 | |
| 336 | /* Adjust size in case we have to read another line, and adjust the |
| 337 | count to be the length of the line we are about to inspect. */ |
| 338 | |
| 339 | count = Ustrlen(readptr); |
| 340 | size -= count; |
| 341 | count += readptr - ptr; |
| 342 | |
| 343 | /* See if the final two characters in the buffer are \r\n. If not, we |
| 344 | have to read some more. At least, that is what we should do on a strict |
| 345 | interpretation of the RFC. But accept LF as well, as we do for SMTP. */ |
| 346 | |
| 347 | if (ptr[count-1] != '\n') |
| 348 | { |
| 349 | DEBUG(D_transport) |
| 350 | { |
| 351 | debug_printf("LMTP input line incomplete in one buffer:\n "); |
| 352 | for (int i = 0; i < count; i++) |
| 353 | { |
| 354 | int c = (ptr[i]); |
| 355 | if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c); |
| 356 | } |
| 357 | debug_printf("\n"); |
| 358 | } |
| 359 | readptr = ptr + count; |
| 360 | continue; |
| 361 | } |
| 362 | |
| 363 | /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF |
| 364 | etc. at the end. Show it, if debugging, formatting multi-line responses. */ |
| 365 | |
| 366 | while (count > 0 && isspace(ptr[count-1])) count--; |
| 367 | ptr[count] = 0; |
| 368 | |
| 369 | DEBUG(D_transport|D_v) |
| 370 | { |
| 371 | uschar *s = ptr; |
| 372 | uschar *t = ptr; |
| 373 | while (*t != 0) |
| 374 | { |
| 375 | while (*t != 0 && *t != '\n') t++; |
| 376 | debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ", |
| 377 | (int)(t-s), s); |
| 378 | if (*t == 0) break; |
| 379 | s = t = t + 1; |
| 380 | } |
| 381 | } |
| 382 | |
| 383 | /* Check the format of the response: it must start with three digits; if |
| 384 | these are followed by a space or end of line, the response is complete. If |
| 385 | they are followed by '-' this is a multi-line response and we must look for |
| 386 | another line until the final line is reached. The only use made of multi-line |
| 387 | responses is to pass them back as error messages. We therefore just |
| 388 | concatenate them all within the buffer, which should be large enough to |
| 389 | accept any reasonable number of lines. A multiline response may already |
| 390 | have been read in one go - hence the loop here. */ |
| 391 | |
| 392 | for(;;) |
| 393 | { |
| 394 | uschar *p; |
| 395 | if (count < 3 || |
| 396 | !isdigit(ptr[0]) || |
| 397 | !isdigit(ptr[1]) || |
| 398 | !isdigit(ptr[2]) || |
| 399 | (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0)) |
| 400 | { |
| 401 | errno = ERRNO_SMTPFORMAT; /* format error */ |
| 402 | return FALSE; |
| 403 | } |
| 404 | |
| 405 | /* If a single-line response, exit the loop */ |
| 406 | |
| 407 | if (ptr[3] != '-') break; |
| 408 | |
| 409 | /* For a multi-line response see if the next line is already read, and if |
| 410 | so, stay in this loop to check it. */ |
| 411 | |
| 412 | p = ptr + 3; |
| 413 | while (*(++p) != 0) |
| 414 | { |
| 415 | if (*p == '\n') |
| 416 | { |
| 417 | ptr = ++p; |
| 418 | break; |
| 419 | } |
| 420 | } |
| 421 | if (*p == 0) break; /* No more lines to check */ |
| 422 | } |
| 423 | |
| 424 | /* End of response. If the last of the lines we are looking at is the final |
| 425 | line, we are done. Otherwise more data has to be read. */ |
| 426 | |
| 427 | if (ptr[3] != '-') break; |
| 428 | |
| 429 | /* Move the reading pointer upwards in the buffer and insert \n in case this |
| 430 | is an error message that subsequently gets printed. Set the scanning pointer |
| 431 | to the reading pointer position. */ |
| 432 | |
| 433 | ptr += count; |
| 434 | *ptr++ = '\n'; |
| 435 | size--; |
| 436 | readptr = ptr; |
| 437 | } |
| 438 | |
| 439 | /* Return a value that depends on the LMTP return code. Ensure that errno is |
| 440 | zero, because the caller of this function looks at errno when FALSE is |
| 441 | returned, to distinguish between an unexpected return code and other errors |
| 442 | such as timeouts, lost connections, etc. */ |
| 443 | |
| 444 | errno = 0; |
| 445 | return buffer[0] == okdigit; |
| 446 | } |
| 447 | |
| 448 | |
| 449 | |
| 450 | |
| 451 | |
| 452 | |
| 453 | /************************************************* |
| 454 | * Main entry point * |
| 455 | *************************************************/ |
| 456 | |
| 457 | /* See local README for interface details. For setup-errors, this transport |
| 458 | returns FALSE, indicating that the first address has the status for all; in |
| 459 | normal cases it returns TRUE, indicating that each address has its own status |
| 460 | set. */ |
| 461 | |
| 462 | BOOL |
| 463 | lmtp_transport_entry( |
| 464 | transport_instance *tblock, /* data for this instantiation */ |
| 465 | address_item *addrlist) /* address(es) we are working on */ |
| 466 | { |
| 467 | pid_t pid = 0; |
| 468 | FILE *out; |
| 469 | lmtp_transport_options_block *ob = |
| 470 | (lmtp_transport_options_block *)(tblock->options_block); |
| 471 | struct sockaddr_un sockun; /* don't call this "sun" ! */ |
| 472 | int timeout = ob->timeout; |
| 473 | int fd_in = -1, fd_out = -1; |
| 474 | int code, save_errno; |
| 475 | BOOL send_data; |
| 476 | BOOL yield = FALSE; |
| 477 | uschar *igquotstr = US""; |
| 478 | uschar *sockname = NULL; |
| 479 | const uschar **argv; |
| 480 | uschar buffer[256]; |
| 481 | |
| 482 | DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name); |
| 483 | |
| 484 | /* Initialization ensures that either a command or a socket is specified, but |
| 485 | not both. When a command is specified, call the common function for creating an |
| 486 | argument list and expanding the items. */ |
| 487 | |
| 488 | if (ob->cmd) |
| 489 | { |
| 490 | DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd); |
| 491 | sprintf(CS buffer, "%.50s transport", tblock->name); |
| 492 | if (!transport_set_up_command(&argv, ob->cmd, TRUE, PANIC, addrlist, buffer, |
| 493 | NULL)) |
| 494 | return FALSE; |
| 495 | |
| 496 | /* If the -N option is set, can't do any more. Presume all has gone well. */ |
| 497 | if (f.dont_deliver) |
| 498 | goto MINUS_N; |
| 499 | |
| 500 | /* As this is a local transport, we are already running with the required |
| 501 | uid/gid and current directory. Request that the new process be a process group |
| 502 | leader, so we can kill it and all its children on an error. */ |
| 503 | |
| 504 | if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE, |
| 505 | US"lmtp-tpt-cmd")) < 0) |
| 506 | { |
| 507 | addrlist->message = string_sprintf( |
| 508 | "Failed to create child process for %s transport: %s", tblock->name, |
| 509 | strerror(errno)); |
| 510 | return FALSE; |
| 511 | } |
| 512 | } |
| 513 | |
| 514 | /* When a socket is specified, expand the string and create a socket. */ |
| 515 | |
| 516 | else |
| 517 | { |
| 518 | DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt); |
| 519 | if (!(sockname = expand_string(ob->skt))) |
| 520 | { |
| 521 | addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting " |
| 522 | "for %s transport) failed: %s", ob->skt, tblock->name, |
| 523 | expand_string_message); |
| 524 | return FALSE; |
| 525 | } |
| 526 | if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) |
| 527 | { |
| 528 | addrlist->message = string_sprintf( |
| 529 | "Failed to create socket %s for %s transport: %s", |
| 530 | ob->skt, tblock->name, strerror(errno)); |
| 531 | return FALSE; |
| 532 | } |
| 533 | |
| 534 | /* If the -N option is set, can't do any more. Presume all has gone well. */ |
| 535 | if (f.dont_deliver) |
| 536 | goto MINUS_N; |
| 537 | |
| 538 | sockun.sun_family = AF_UNIX; |
| 539 | sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname); |
| 540 | if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1) |
| 541 | { |
| 542 | addrlist->message = string_sprintf( |
| 543 | "Failed to connect to socket %s for %s transport: %s", |
| 544 | sockun.sun_path, tblock->name, strerror(errno)); |
| 545 | return FALSE; |
| 546 | } |
| 547 | } |
| 548 | |
| 549 | |
| 550 | /* Make the output we are going to read into a file. */ |
| 551 | |
| 552 | out = fdopen(fd_out, "rb"); |
| 553 | |
| 554 | /* Now we must implement the LMTP protocol. It is like SMTP, except that after |
| 555 | the end of the message, a return code for every accepted RCPT TO is sent. This |
| 556 | allows for message+recipient checks after the message has been received. */ |
| 557 | |
| 558 | /* First thing is to wait for an initial greeting. */ |
| 559 | |
| 560 | Ustrcpy(big_buffer, US"initial connection"); |
| 561 | if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', |
| 562 | timeout)) goto RESPONSE_FAILED; |
| 563 | |
| 564 | /* Next, we send a LHLO command, and expect a positive response */ |
| 565 | |
| 566 | if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", |
| 567 | primary_hostname)) goto WRITE_FAILED; |
| 568 | |
| 569 | if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', |
| 570 | timeout)) goto RESPONSE_FAILED; |
| 571 | |
| 572 | /* If the ignore_quota option is set, note whether the server supports the |
| 573 | IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */ |
| 574 | |
| 575 | if (ob->ignore_quota) |
| 576 | igquotstr = (pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, |
| 577 | Ustrlen(CS buffer), 0, PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US""; |
| 578 | |
| 579 | /* Now the envelope sender */ |
| 580 | |
| 581 | if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path)) |
| 582 | goto WRITE_FAILED; |
| 583 | |
| 584 | if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout)) |
| 585 | { |
| 586 | if (errno == 0 && buffer[0] == '4') |
| 587 | { |
| 588 | errno = ERRNO_MAIL4XX; |
| 589 | addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; |
| 590 | } |
| 591 | goto RESPONSE_FAILED; |
| 592 | } |
| 593 | |
| 594 | /* Next, we hand over all the recipients. Some may be permanently or |
| 595 | temporarily rejected; others may be accepted, for now. */ |
| 596 | |
| 597 | send_data = FALSE; |
| 598 | for (address_item * addr = addrlist; addr; addr = addr->next) |
| 599 | { |
| 600 | if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n", |
| 601 | transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr)) |
| 602 | goto WRITE_FAILED; |
| 603 | if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout)) |
| 604 | { |
| 605 | send_data = TRUE; |
| 606 | addr->transport_return = PENDING_OK; |
| 607 | } |
| 608 | else |
| 609 | { |
| 610 | if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED; |
| 611 | addr->message = string_sprintf("LMTP error after %s: %s", big_buffer, |
| 612 | string_printing(buffer)); |
| 613 | setflag(addr, af_pass_message); /* Allow message to go to user */ |
| 614 | if (buffer[0] == '5') addr->transport_return = FAIL; else |
| 615 | { |
| 616 | addr->basic_errno = ERRNO_RCPT4XX; |
| 617 | addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; |
| 618 | } |
| 619 | } |
| 620 | } |
| 621 | |
| 622 | /* Now send the text of the message if there were any good recipients. */ |
| 623 | |
| 624 | if (send_data) |
| 625 | { |
| 626 | BOOL ok; |
| 627 | transport_ctx tctx = { |
| 628 | {fd_in}, |
| 629 | tblock, |
| 630 | addrlist, |
| 631 | US".", US"..", |
| 632 | ob->options |
| 633 | }; |
| 634 | |
| 635 | if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED; |
| 636 | if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout)) |
| 637 | { |
| 638 | if (errno == 0 && buffer[0] == '4') |
| 639 | { |
| 640 | errno = ERRNO_DATA4XX; |
| 641 | addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; |
| 642 | } |
| 643 | goto RESPONSE_FAILED; |
| 644 | } |
| 645 | |
| 646 | sigalrm_seen = FALSE; |
| 647 | transport_write_timeout = timeout; |
| 648 | Ustrcpy(big_buffer, US"sending data block"); /* For error messages */ |
| 649 | DEBUG(D_transport|D_v) |
| 650 | debug_printf(" LMTP>> writing message and terminating \".\"\n"); |
| 651 | |
| 652 | transport_count = 0; |
| 653 | ok = transport_write_message(&tctx, 0); |
| 654 | |
| 655 | /* Failure can either be some kind of I/O disaster (including timeout), |
| 656 | or the failure of a transport filter or the expansion of added headers. */ |
| 657 | |
| 658 | if (!ok) |
| 659 | { |
| 660 | buffer[0] = 0; /* There hasn't been a response */ |
| 661 | goto RESPONSE_FAILED; |
| 662 | } |
| 663 | |
| 664 | Ustrcpy(big_buffer, US"end of data"); /* For error messages */ |
| 665 | |
| 666 | /* We now expect a response for every address that was accepted above, |
| 667 | in the same order. For those that get a response, their status is fixed; |
| 668 | any that are accepted have been handed over, even if later responses crash - |
| 669 | at least, that's how I read RFC 2033. */ |
| 670 | |
| 671 | for (address_item * addr = addrlist; addr; addr = addr->next) |
| 672 | { |
| 673 | if (addr->transport_return != PENDING_OK) continue; |
| 674 | |
| 675 | if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout)) |
| 676 | { |
| 677 | addr->transport_return = OK; |
| 678 | if (LOGGING(smtp_confirmation)) |
| 679 | { |
| 680 | const uschar *s = string_printing(buffer); |
| 681 | /* de-const safe here as string_printing known to have alloc'n'copied */ |
| 682 | addr->message = (s == buffer)? US string_copy(s) : US s; |
| 683 | } |
| 684 | } |
| 685 | /* If the response has failed badly, use it for all the remaining pending |
| 686 | addresses and give up. */ |
| 687 | |
| 688 | else if (errno != 0 || buffer[0] == 0) |
| 689 | { |
| 690 | save_errno = errno; |
| 691 | check_response(&save_errno, addr->more_errno, buffer, &code, |
| 692 | &(addr->message)); |
| 693 | addr->transport_return = (code == '5')? FAIL : DEFER; |
| 694 | for (address_item * a = addr->next; a; a = a->next) |
| 695 | { |
| 696 | if (a->transport_return != PENDING_OK) continue; |
| 697 | a->basic_errno = addr->basic_errno; |
| 698 | a->message = addr->message; |
| 699 | a->transport_return = addr->transport_return; |
| 700 | } |
| 701 | break; |
| 702 | } |
| 703 | |
| 704 | /* Otherwise, it's an LMTP error code return for one address */ |
| 705 | |
| 706 | else |
| 707 | { |
| 708 | if (buffer[0] == '4') |
| 709 | { |
| 710 | addr->basic_errno = ERRNO_DATA4XX; |
| 711 | addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; |
| 712 | } |
| 713 | addr->message = string_sprintf("LMTP error after %s: %s", big_buffer, |
| 714 | string_printing(buffer)); |
| 715 | addr->transport_return = (buffer[0] == '5')? FAIL : DEFER; |
| 716 | setflag(addr, af_pass_message); /* Allow message to go to user */ |
| 717 | } |
| 718 | } |
| 719 | } |
| 720 | |
| 721 | /* The message transaction has completed successfully - this doesn't mean that |
| 722 | all the addresses have necessarily been transferred, but each has its status |
| 723 | set, so we change the yield to TRUE. */ |
| 724 | |
| 725 | yield = TRUE; |
| 726 | (void) lmtp_write_command(fd_in, "QUIT\r\n"); |
| 727 | (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1); |
| 728 | |
| 729 | goto RETURN; |
| 730 | |
| 731 | |
| 732 | /* Come here if any call to read_response, other than a response after the data |
| 733 | phase, failed. Put the error in the top address - this will be replicated |
| 734 | because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be |
| 735 | a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT |
| 736 | command. Wait for the response with a short timeout, so we don't wind up this |
| 737 | process before the far end has had time to read the QUIT. */ |
| 738 | |
| 739 | RESPONSE_FAILED: |
| 740 | |
| 741 | save_errno = errno; |
| 742 | if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno; |
| 743 | addrlist->message = NULL; |
| 744 | |
| 745 | if (check_response(&save_errno, addrlist->more_errno, |
| 746 | buffer, &code, &(addrlist->message))) |
| 747 | { |
| 748 | (void) lmtp_write_command(fd_in, "QUIT\r\n"); |
| 749 | (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1); |
| 750 | } |
| 751 | |
| 752 | addrlist->transport_return = (code == '5')? FAIL : DEFER; |
| 753 | if (code == '4' && save_errno > 0) |
| 754 | addrlist->message = string_sprintf("%s: %s", addrlist->message, |
| 755 | strerror(save_errno)); |
| 756 | goto KILL_AND_RETURN; |
| 757 | |
| 758 | /* Come here if there are errors during writing of a command or the message |
| 759 | itself. This error will be applied to all the addresses. */ |
| 760 | |
| 761 | WRITE_FAILED: |
| 762 | |
| 763 | addrlist->transport_return = PANIC; |
| 764 | addrlist->basic_errno = errno; |
| 765 | if (errno == ERRNO_CHHEADER_FAIL) |
| 766 | addrlist->message = |
| 767 | string_sprintf("Failed to expand headers_add or headers_remove: %s", |
| 768 | expand_string_message); |
| 769 | else if (errno == ERRNO_FILTER_FAIL) |
| 770 | addrlist->message = US"Filter process failure"; |
| 771 | else if (errno == ERRNO_WRITEINCOMPLETE) |
| 772 | addrlist->message = US"Failed repeatedly to write data"; |
| 773 | else if (errno == ERRNO_SMTPFORMAT) |
| 774 | addrlist->message = US"overlong LMTP command generated"; |
| 775 | else |
| 776 | addrlist->message = string_sprintf("Error %d", errno); |
| 777 | |
| 778 | /* Come here after errors. Kill off the process. */ |
| 779 | |
| 780 | KILL_AND_RETURN: |
| 781 | |
| 782 | if (pid > 0) killpg(pid, SIGKILL); |
| 783 | |
| 784 | /* Come here from all paths after the subprocess is created. Wait for the |
| 785 | process, but with a timeout. */ |
| 786 | |
| 787 | RETURN: |
| 788 | |
| 789 | (void)child_close(pid, timeout); |
| 790 | |
| 791 | if (fd_in >= 0) (void)close(fd_in); |
| 792 | if (fd_out >= 0) (void)fclose(out); |
| 793 | |
| 794 | DEBUG(D_transport) |
| 795 | debug_printf("%s transport yields %d\n", tblock->name, yield); |
| 796 | |
| 797 | return yield; |
| 798 | |
| 799 | |
| 800 | MINUS_N: |
| 801 | DEBUG(D_transport) |
| 802 | debug_printf("*** delivery by %s transport bypassed by -N option", |
| 803 | tblock->name); |
| 804 | addrlist->transport_return = OK; |
| 805 | return FALSE; |
| 806 | } |
| 807 | |
| 808 | #endif /*!MACRO_PREDEF*/ |
| 809 | /* End of transport/lmtp.c */ |