OpenSSL fixes and backwards compat break.
[exim.git] / src / src / spam.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-???? */
6 /* License: GPL */
7
8 /* Code for calling spamassassin's spamd. Called from acl.c. */
9
10 #include "exim.h"
11 #ifdef WITH_CONTENT_SCAN
12 #include "spam.h"
13
14 uschar spam_score_buffer[16];
15 uschar spam_score_int_buffer[16];
16 uschar spam_bar_buffer[128];
17 uschar spam_report_buffer[32600];
18 uschar prev_user_name[128] = "";
19 int spam_ok = 0;
20 int spam_rc = 0;
21 uschar *prev_spamd_address_work = NULL;
22
23 int spam(uschar **listptr) {
24 int sep = 0;
25 uschar *list = *listptr;
26 uschar *user_name;
27 uschar user_name_buffer[128];
28 unsigned long mbox_size;
29 FILE *mbox_file;
30 int spamd_sock;
31 uschar spamd_buffer[32600];
32 int i, j, offset, result;
33 uschar spamd_version[8];
34 uschar spamd_score_char;
35 double spamd_threshold, spamd_score;
36 int spamd_report_offset;
37 uschar *p,*q;
38 int override = 0;
39 time_t start;
40 size_t read, wrote;
41 struct sockaddr_un server;
42 #ifndef NO_POLL_H
43 struct pollfd pollfd;
44 #else /* Patch posted by Erik ? for OS X */
45 struct timeval select_tv; /* and applied by PH */
46 fd_set select_fd;
47 #endif
48 uschar *spamd_address_work;
49
50 /* stop compiler warning */
51 result = 0;
52
53 /* find the username from the option list */
54 if ((user_name = string_nextinlist(&list, &sep,
55 user_name_buffer,
56 sizeof(user_name_buffer))) == NULL) {
57 /* no username given, this means no scanning should be done */
58 return FAIL;
59 };
60
61 /* if username is "0" or "false", do not scan */
62 if ( (Ustrcmp(user_name,"0") == 0) ||
63 (strcmpic(user_name,US"false") == 0) ) {
64 return FAIL;
65 };
66
67 /* if there is an additional option, check if it is "true" */
68 if (strcmpic(list,US"true") == 0) {
69 /* in that case, always return true later */
70 override = 1;
71 };
72
73 /* expand spamd_address if needed */
74 if (*spamd_address == '$') {
75 spamd_address_work = expand_string(spamd_address);
76 if (spamd_address_work == NULL) {
77 log_write(0, LOG_MAIN|LOG_PANIC,
78 "spamassassin acl condition: spamd_address starts with $, but expansion failed: %s", expand_string_message);
79 return DEFER;
80 }
81 }
82 else
83 spamd_address_work = spamd_address;
84
85 /* check if previous spamd_address was expanded and has changed. dump cached results if so */
86 if ( spam_ok && ( prev_spamd_address_work != NULL) && (Ustrcmp(prev_spamd_address_work, spamd_address_work) != 0)) {
87 spam_ok = 0;
88 }
89
90 /* if we scanned for this username last time, just return */
91 if ( spam_ok && ( Ustrcmp(prev_user_name, user_name) == 0 ) ) {
92 if (override)
93 return OK;
94 else
95 return spam_rc;
96 };
97
98 /* make sure the eml mbox file is spooled up */
99 mbox_file = spool_mbox(&mbox_size, NULL);
100
101 if (mbox_file == NULL) {
102 /* error while spooling */
103 log_write(0, LOG_MAIN|LOG_PANIC,
104 "spam acl condition: error while creating mbox spool file");
105 return DEFER;
106 };
107
108 start = time(NULL);
109
110 /* socket does not start with '/' -> network socket */
111 if (*spamd_address_work != '/') {
112 int num_servers = 0;
113 int current_server;
114 uschar *address = NULL;
115 uschar *spamd_address_list_ptr = spamd_address_work;
116 uschar address_buffer[256];
117 spamd_address_container * spamd_address_vector[32];
118
119 /* Check how many spamd servers we have
120 and register their addresses */
121 while ((address = string_nextinlist(&spamd_address_list_ptr, &sep,
122 address_buffer,
123 sizeof(address_buffer))) != NULL) {
124
125 /* Potential memory leak as we never free the store. */
126 spamd_address_container *this_spamd =
127 (spamd_address_container *)store_get(sizeof(spamd_address_container));
128
129 /* grok spamd address and port */
130 if( sscanf(CS address, "%s %u", this_spamd->tcp_addr, &(this_spamd->tcp_port)) != 2 ) {
131 log_write(0, LOG_MAIN,
132 "spam acl condition: warning - invalid spamd address: '%s'", address);
133 continue;
134 };
135
136 spamd_address_vector[num_servers] = this_spamd;
137 num_servers++;
138 if (num_servers > 31)
139 break;
140 };
141
142 /* check if we have at least one server */
143 if (!num_servers) {
144 log_write(0, LOG_MAIN|LOG_PANIC,
145 "spam acl condition: no useable spamd server addresses in spamd_address configuration option.");
146 (void)fclose(mbox_file);
147 return DEFER;
148 };
149
150 while ( num_servers > 0 ) {
151 int i;
152
153 /* Randomly pick a server to try */
154 current_server = random_number( num_servers );
155
156 debug_printf("trying server %s, port %u\n",
157 spamd_address_vector[current_server]->tcp_addr,
158 spamd_address_vector[current_server]->tcp_port);
159
160 /* contact a spamd */
161 if ( (spamd_sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
162 log_write(0, LOG_MAIN|LOG_PANIC,
163 "spam acl condition: error creating IP socket for spamd");
164 (void)fclose(mbox_file);
165 return DEFER;
166 };
167
168 if (ip_connect( spamd_sock,
169 AF_INET,
170 spamd_address_vector[current_server]->tcp_addr,
171 spamd_address_vector[current_server]->tcp_port,
172 5 ) > -1) {
173 /* connection OK */
174 break;
175 };
176
177 log_write(0, LOG_MAIN|LOG_PANIC,
178 "spam acl condition: warning - spamd connection to %s, port %u failed: %s",
179 spamd_address_vector[current_server]->tcp_addr,
180 spamd_address_vector[current_server]->tcp_port,
181 strerror(errno));
182
183 (void)close(spamd_sock);
184
185 /* Remove the server from the list. XXX We should free the memory */
186 num_servers--;
187 for( i = current_server; i < num_servers; i++ )
188 spamd_address_vector[i] = spamd_address_vector[i+1];
189 }
190
191 if ( num_servers == 0 ) {
192 log_write(0, LOG_MAIN|LOG_PANIC, "spam acl condition: all spamd servers failed");
193 (void)fclose(mbox_file);
194 return DEFER;
195 }
196
197 }
198 else {
199 /* open the local socket */
200
201 if ((spamd_sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
202 log_write(0, LOG_MAIN|LOG_PANIC,
203 "malware acl condition: spamd: unable to acquire socket (%s)",
204 strerror(errno));
205 (void)fclose(mbox_file);
206 return DEFER;
207 }
208
209 server.sun_family = AF_UNIX;
210 Ustrcpy(server.sun_path, spamd_address_work);
211
212 if (connect(spamd_sock, (struct sockaddr *) &server, sizeof(struct sockaddr_un)) < 0) {
213 log_write(0, LOG_MAIN|LOG_PANIC,
214 "malware acl condition: spamd: unable to connect to UNIX socket %s (%s)",
215 spamd_address_work, strerror(errno) );
216 (void)fclose(mbox_file);
217 (void)close(spamd_sock);
218 return DEFER;
219 }
220
221 }
222
223 /* now we are connected to spamd on spamd_sock */
224 (void)string_format(spamd_buffer,
225 sizeof(spamd_buffer),
226 "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
227 user_name,
228 mbox_size);
229
230 /* send our request */
231 if (send(spamd_sock, spamd_buffer, Ustrlen(spamd_buffer), 0) < 0) {
232 (void)close(spamd_sock);
233 log_write(0, LOG_MAIN|LOG_PANIC,
234 "spam acl condition: spamd send failed: %s", strerror(errno));
235 (void)fclose(mbox_file);
236 (void)close(spamd_sock);
237 return DEFER;
238 };
239
240 /* now send the file */
241 /* spamd sometimes accepts conections but doesn't read data off
242 * the connection. We make the file descriptor non-blocking so
243 * that the write will only write sufficient data without blocking
244 * and we poll the desciptor to make sure that we can write without
245 * blocking. Short writes are gracefully handled and if the whole
246 * trasaction takes too long it is aborted.
247 * Note: poll() is not supported in OSX 10.2 and is reported to be
248 * broken in more recent versions (up to 10.4).
249 */
250 #ifndef NO_POLL_H
251 pollfd.fd = spamd_sock;
252 pollfd.events = POLLOUT;
253 #endif
254 (void)fcntl(spamd_sock, F_SETFL, O_NONBLOCK);
255 do {
256 read = fread(spamd_buffer,1,sizeof(spamd_buffer),mbox_file);
257 if (read > 0) {
258 offset = 0;
259 again:
260 #ifndef NO_POLL_H
261 result = poll(&pollfd, 1, 1000);
262
263 /* Patch posted by Erik ? for OS X and applied by PH */
264 #else
265 select_tv.tv_sec = 1;
266 select_tv.tv_usec = 0;
267 FD_ZERO(&select_fd);
268 FD_SET(spamd_sock, &select_fd);
269 result = select(spamd_sock+1, NULL, &select_fd, NULL, &select_tv);
270 #endif
271 /* End Erik's patch */
272
273 if (result == -1 && errno == EINTR)
274 goto again;
275 else if (result < 1) {
276 if (result == -1)
277 log_write(0, LOG_MAIN|LOG_PANIC,
278 "spam acl condition: %s on spamd socket", strerror(errno));
279 else {
280 if (time(NULL) - start < SPAMD_TIMEOUT)
281 goto again;
282 log_write(0, LOG_MAIN|LOG_PANIC,
283 "spam acl condition: timed out writing spamd socket");
284 }
285 (void)close(spamd_sock);
286 (void)fclose(mbox_file);
287 return DEFER;
288 }
289
290 wrote = send(spamd_sock,spamd_buffer + offset,read - offset,0);
291 if (wrote == -1)
292 {
293 log_write(0, LOG_MAIN|LOG_PANIC,
294 "spam acl condition: %s on spamd socket", strerror(errno));
295 (void)close(spamd_sock);
296 (void)fclose(mbox_file);
297 return DEFER;
298 }
299 if (offset + wrote != read) {
300 offset += wrote;
301 goto again;
302 }
303 }
304 }
305 while (!feof(mbox_file) && !ferror(mbox_file));
306 if (ferror(mbox_file)) {
307 log_write(0, LOG_MAIN|LOG_PANIC,
308 "spam acl condition: error reading spool file: %s", strerror(errno));
309 (void)close(spamd_sock);
310 (void)fclose(mbox_file);
311 return DEFER;
312 }
313
314 (void)fclose(mbox_file);
315
316 /* we're done sending, close socket for writing */
317 shutdown(spamd_sock,SHUT_WR);
318
319 /* read spamd response using what's left of the timeout.
320 */
321 memset(spamd_buffer, 0, sizeof(spamd_buffer));
322 offset = 0;
323 while((i = ip_recv(spamd_sock,
324 spamd_buffer + offset,
325 sizeof(spamd_buffer) - offset - 1,
326 SPAMD_TIMEOUT - time(NULL) + start)) > 0 ) {
327 offset += i;
328 }
329
330 /* error handling */
331 if((i <= 0) && (errno != 0)) {
332 log_write(0, LOG_MAIN|LOG_PANIC,
333 "spam acl condition: error reading from spamd socket: %s", strerror(errno));
334 (void)close(spamd_sock);
335 return DEFER;
336 }
337
338 /* reading done */
339 (void)close(spamd_sock);
340
341 /* dig in the spamd output and put the report in a multiline header, if requested */
342 if( sscanf(CS spamd_buffer,"SPAMD/%7s 0 EX_OK\r\nContent-length: %*u\r\n\r\n%lf/%lf\r\n%n",
343 spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3 ) {
344
345 /* try to fall back to pre-2.50 spamd output */
346 if( sscanf(CS spamd_buffer,"SPAMD/%7s 0 EX_OK\r\nSpam: %*s ; %lf / %lf\r\n\r\n%n",
347 spamd_version,&spamd_score,&spamd_threshold,&spamd_report_offset) != 3 ) {
348 log_write(0, LOG_MAIN|LOG_PANIC,
349 "spam acl condition: cannot parse spamd output");
350 return DEFER;
351 };
352 };
353
354 /* Create report. Since this is a multiline string,
355 we must hack it into shape first */
356 p = &spamd_buffer[spamd_report_offset];
357 q = spam_report_buffer;
358 while (*p != '\0') {
359 /* skip \r */
360 if (*p == '\r') {
361 p++;
362 continue;
363 };
364 *q = *p;
365 q++;
366 if (*p == '\n') {
367 /* add an extra space after the newline to ensure
368 that it is treated as a header continuation line */
369 *q = ' ';
370 q++;
371 };
372 p++;
373 };
374 /* NULL-terminate */
375 *q = '\0';
376 q--;
377 /* cut off trailing leftovers */
378 while (*q <= ' ') {
379 *q = '\0';
380 q--;
381 };
382 spam_report = spam_report_buffer;
383
384 /* create spam bar */
385 spamd_score_char = spamd_score > 0 ? '+' : '-';
386 j = abs((int)(spamd_score));
387 i = 0;
388 if( j != 0 ) {
389 while((i < j) && (i <= MAX_SPAM_BAR_CHARS))
390 spam_bar_buffer[i++] = spamd_score_char;
391 }
392 else{
393 spam_bar_buffer[0] = '/';
394 i = 1;
395 }
396 spam_bar_buffer[i] = '\0';
397 spam_bar = spam_bar_buffer;
398
399 /* create "float" spam score */
400 (void)string_format(spam_score_buffer, sizeof(spam_score_buffer),"%.1f", spamd_score);
401 spam_score = spam_score_buffer;
402
403 /* create "int" spam score */
404 j = (int)((spamd_score + 0.001)*10);
405 (void)string_format(spam_score_int_buffer, sizeof(spam_score_int_buffer), "%d", j);
406 spam_score_int = spam_score_int_buffer;
407
408 /* compare threshold against score */
409 if (spamd_score >= spamd_threshold) {
410 /* spam as determined by user's threshold */
411 spam_rc = OK;
412 }
413 else {
414 /* not spam */
415 spam_rc = FAIL;
416 };
417
418 /* remember expanded spamd_address if needed */
419 if (spamd_address_work != spamd_address) {
420 prev_spamd_address_work = string_copy(spamd_address_work);
421 }
422 /* remember user name and "been here" for it */
423 Ustrcpy(prev_user_name, user_name);
424 spam_ok = 1;
425
426 if (override) {
427 /* always return OK, no matter what the score */
428 return OK;
429 }
430 else {
431 return spam_rc;
432 };
433 }
434
435 #endif