projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Track tainted data and refuse to expand it
[exim.git] / src / src / transports / autoreply.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 #include "../exim.h"
10 #include "autoreply.h"
11
12
13
14 /* Options specific to the autoreply transport. They must be in alphabetic
15 order (note that "_" comes before the lower case letters). Those starting
16 with "*" are not settable by the user but are used by the option-reading
17 software for alternative value types. Some options are publicly visible and so
18 are stored in the driver instance block. These are flagged with opt_public. */
19
20 optionlist autoreply_transport_options[] = {
21 { "bcc", opt_stringptr,
22 (void *)offsetof(autoreply_transport_options_block, bcc) },
23 { "cc", opt_stringptr,
24 (void *)offsetof(autoreply_transport_options_block, cc) },
25 { "file", opt_stringptr,
26 (void *)offsetof(autoreply_transport_options_block, file) },
27 { "file_expand", opt_bool,
28 (void *)offsetof(autoreply_transport_options_block, file_expand) },
29 { "file_optional", opt_bool,
30 (void *)offsetof(autoreply_transport_options_block, file_optional) },
31 { "from", opt_stringptr,
32 (void *)offsetof(autoreply_transport_options_block, from) },
33 { "headers", opt_stringptr,
34 (void *)offsetof(autoreply_transport_options_block, headers) },
35 { "log", opt_stringptr,
36 (void *)offsetof(autoreply_transport_options_block, logfile) },
37 { "mode", opt_octint,
38 (void *)offsetof(autoreply_transport_options_block, mode) },
39 { "never_mail", opt_stringptr,
40 (void *)offsetof(autoreply_transport_options_block, never_mail) },
41 { "once", opt_stringptr,
42 (void *)offsetof(autoreply_transport_options_block, oncelog) },
43 { "once_file_size", opt_int,
44 (void *)offsetof(autoreply_transport_options_block, once_file_size) },
45 { "once_repeat", opt_stringptr,
46 (void *)offsetof(autoreply_transport_options_block, once_repeat) },
47 { "reply_to", opt_stringptr,
48 (void *)offsetof(autoreply_transport_options_block, reply_to) },
49 { "return_message", opt_bool,
50 (void *)offsetof(autoreply_transport_options_block, return_message) },
51 { "subject", opt_stringptr,
52 (void *)offsetof(autoreply_transport_options_block, subject) },
53 { "text", opt_stringptr,
54 (void *)offsetof(autoreply_transport_options_block, text) },
55 { "to", opt_stringptr,
56 (void *)offsetof(autoreply_transport_options_block, to) },
57 };
58
59 /* Size of the options list. An extern variable has to be used so that its
60 address can appear in the tables drtables.c. */
61
62 int autoreply_transport_options_count =
63 sizeof(autoreply_transport_options)/sizeof(optionlist);
64
65
66 #ifdef MACRO_PREDEF
67
68 /* Dummy values */
69 autoreply_transport_options_block autoreply_transport_option_defaults = {0};
70 void autoreply_transport_init(transport_instance *tblock) {}
71 BOOL autoreply_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
72
73 #else /*!MACRO_PREDEF*/
74
75
76 /* Default private options block for the autoreply transport. */
77
78 autoreply_transport_options_block autoreply_transport_option_defaults = {
79 NULL, /* from */
80 NULL, /* reply_to */
81 NULL, /* to */
82 NULL, /* cc */
83 NULL, /* bcc */
84 NULL, /* subject */
85 NULL, /* headers */
86 NULL, /* text */
87 NULL, /* file */
88 NULL, /* logfile */
89 NULL, /* oncelog */
90 NULL, /* once_repeat */
91 NULL, /* never_mail */
92 0600, /* mode */
93 0, /* once_file_size */
94 FALSE, /* file_expand */
95 FALSE, /* file_optional */
96 FALSE /* return message */
97 };
98
99
100
101 /* Type of text for the checkexpand() function */
102
103 enum { cke_text, cke_hdr, cke_file };
104
105
106
107 /*************************************************
108 * Initialization entry point *
109 *************************************************/
110
111 /* Called for each instance, after its options have been read, to
112 enable consistency checks to be done, or anything else that needs
113 to be set up. */
114
115 void
116 autoreply_transport_init(transport_instance *tblock)
117 {
118 /*
119 autoreply_transport_options_block *ob =
120 (autoreply_transport_options_block *)(tblock->options_block);
121 */
122
123 /* If a fixed uid field is set, then a gid field must also be set. */
124
125 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
126 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
127 "user set without group for the %s transport", tblock->name);
128 }
129
130
131
132
133 /*************************************************
134 * Expand string and check *
135 *************************************************/
136
137 /* If the expansion fails, the error is set up in the address. Expanded
138 strings must be checked to ensure they contain only printing characters
139 and white space. If not, the function fails.
140
141 Arguments:
142 s string to expand
143 addr address that is being worked on
144 name transport name, for error text
145 type type, for checking content:
146 cke_text => no check
147 cke_hdr => header, allow \n + whitespace
148 cke_file => file name, no non-printers allowed
149
150 Returns: expanded string if expansion succeeds;
151 NULL otherwise
152 */
153
154 static uschar *
155 checkexpand(uschar *s, address_item *addr, uschar *name, int type)
156 {
157 uschar *ss = expand_string(s);
158
159 if (ss == NULL)
160 {
161 addr->transport_return = FAIL;
162 addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
163 "%s", s, name, expand_string_message);
164 return NULL;
165 }
166
167 if (type != cke_text) for (uschar * t = ss; *t != 0; t++)
168 {
169 int c = *t;
170 const uschar * sp;
171 if (mac_isprint(c)) continue;
172 if (type == cke_hdr && c == '\n' && (t[1] == ' ' || t[1] == '\t')) continue;
173 sp = string_printing(s);
174 addr->transport_return = FAIL;
175 addr->message = string_sprintf("Expansion of \"%s\" in %s transport "
176 "contains non-printing character %d", sp, name, c);
177 return NULL;
178 }
179
180 return ss;
181 }
182
183
184
185
186 /*************************************************
187 * Check a header line for never_mail *
188 *************************************************/
189
190 /* This is called to check to, cc, and bcc for addresses in the never_mail
191 list. Any that are found are removed.
192
193 Arguments:
194 listptr points to the list of addresses
195 never_mail an address list, already expanded
196
197 Returns: nothing
198 */
199
200 static void
201 check_never_mail(uschar **listptr, const uschar *never_mail)
202 {
203 uschar *s = *listptr;
204
205 while (*s != 0)
206 {
207 uschar *error, *next;
208 uschar *e = parse_find_address_end(s, FALSE);
209 int terminator = *e;
210 int start, end, domain, rc;
211
212 /* Temporarily terminate the string at the address end while extracting
213 the operative address within. */
214
215 *e = 0;
216 next = parse_extract_address(s, &error, &start, &end, &domain, FALSE);
217 *e = terminator;
218
219 /* If there is some kind of syntax error, just give up on this header
220 line. */
221
222 if (next == NULL) break;
223
224 /* See if the address is on the never_mail list */
225
226 rc = match_address_list(next, /* address to check */
227 TRUE, /* start caseless */
228 FALSE, /* don't expand the list */
229 &never_mail, /* the list */
230 NULL, /* no caching */
231 -1, /* no expand setup */
232 0, /* separator from list */
233 NULL); /* no lookup value return */
234
235 if (rc == OK) /* Remove this address */
236 {
237 DEBUG(D_transport)
238 debug_printf("discarding recipient %s (matched never_mail)\n", next);
239 if (terminator == ',') e++;
240 memmove(s, e, Ustrlen(e) + 1);
241 }
242 else /* Skip over this address */
243 {
244 s = e;
245 if (terminator == ',') s++;
246 }
247 }
248
249 /* Check to see if we removed the last address, leaving a terminating comma
250 that needs to be removed */
251
252 s = *listptr + Ustrlen(*listptr);
253 while (s > *listptr && (isspace(s[-1]) || s[-1] == ',')) s--;
254 *s = 0;
255
256 /* Check to see if there any addresses left; if not, set NULL */
257
258 s = *listptr;
259 while (s != 0 && isspace(*s)) s++;
260 if (*s == 0) *listptr = NULL;
261 }
262
263
264
265 /*************************************************
266 * Main entry point *
267 *************************************************/
268
269 /* See local README for interface details. This transport always returns
270 FALSE, indicating that the top address has the status for all - though in fact
271 this transport can handle only one address at at time anyway. */
272
273 BOOL
274 autoreply_transport_entry(
275 transport_instance *tblock, /* data for this instantiation */
276 address_item *addr) /* address we are working on */
277 {
278 int fd, pid, rc;
279 int cache_fd = -1;
280 int cache_size = 0;
281 int add_size = 0;
282 EXIM_DB *dbm_file = NULL;
283 BOOL file_expand, return_message;
284 uschar *from, *reply_to, *to, *cc, *bcc, *subject, *headers, *text, *file;
285 uschar *logfile, *oncelog;
286 uschar *cache_buff = NULL;
287 uschar *cache_time = NULL;
288 uschar *message_id = NULL;
289 header_line *h;
290 time_t now = time(NULL);
291 time_t once_repeat_sec = 0;
292 FILE *fp;
293 FILE *ff = NULL;
294
295 autoreply_transport_options_block *ob =
296 (autoreply_transport_options_block *)(tblock->options_block);
297
298 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
299
300 /* Set up for the good case */
301
302 addr->transport_return = OK;
303 addr->basic_errno = 0;
304
305 /* If the address is pointing to a reply block, then take all the data
306 from that block. It has typically been set up by a mail filter processing
307 router. Otherwise, the data must be supplied by this transport, and
308 it has to be expanded here. */
309
310 if (addr->reply != NULL)
311 {
312 DEBUG(D_transport) debug_printf("taking data from address\n");
313 from = addr->reply->from;
314 reply_to = addr->reply->reply_to;
315 to = addr->reply->to;
316 cc = addr->reply->cc;
317 bcc = addr->reply->bcc;
318 subject = addr->reply->subject;
319 headers = addr->reply->headers;
320 text = addr->reply->text;
321 file = addr->reply->file;
322 logfile = addr->reply->logfile;
323 oncelog = addr->reply->oncelog;
324 once_repeat_sec = addr->reply->once_repeat;
325 file_expand = addr->reply->file_expand;
326 expand_forbid = addr->reply->expand_forbid;
327 return_message = addr->reply->return_message;
328 }
329 else
330 {
331 uschar *oncerepeat = ob->once_repeat;
332
333 DEBUG(D_transport) debug_printf("taking data from transport\n");
334 from = ob->from;
335 reply_to = ob->reply_to;
336 to = ob->to;
337 cc = ob->cc;
338 bcc = ob->bcc;
339 subject = ob->subject;
340 headers = ob->headers;
341 text = ob->text;
342 file = ob->file;
343 logfile = ob->logfile;
344 oncelog = ob->oncelog;
345 file_expand = ob->file_expand;
346 return_message = ob->return_message;
347
348 if ( from && !(from = checkexpand(from, addr, tblock->name, cke_hdr))
349 || reply_to && !(reply_to = checkexpand(reply_to, addr, tblock->name, cke_hdr))
350 || to && !(to = checkexpand(to, addr, tblock->name, cke_hdr))
351 || cc && !(cc = checkexpand(cc, addr, tblock->name, cke_hdr))
352 || bcc && !(bcc = checkexpand(bcc, addr, tblock->name, cke_hdr))
353 || subject && !(subject = checkexpand(subject, addr, tblock->name, cke_hdr))
354 || headers && !(headers = checkexpand(headers, addr, tblock->name, cke_text))
355 || text && !(text = checkexpand(text, addr, tblock->name, cke_text))
356 || file && !(file = checkexpand(file, addr, tblock->name, cke_file))
357 || logfile && !(logfile = checkexpand(logfile, addr, tblock->name, cke_file))
358 || oncelog && !(oncelog = checkexpand(oncelog, addr, tblock->name, cke_file))
359 || oncerepeat && !(oncerepeat = checkexpand(oncerepeat, addr, tblock->name, cke_file))
360 )
361 return FALSE;
362
363 if (oncerepeat)
364 {
365 once_repeat_sec = readconf_readtime(oncerepeat, 0, FALSE);
366 if (once_repeat_sec < 0)
367 {
368 addr->transport_return = FAIL;
369 addr->message = string_sprintf("Invalid time value \"%s\" for "
370 "\"once_repeat\" in %s transport", oncerepeat, tblock->name);
371 return FALSE;
372 }
373 }
374 }
375
376 /* If the never_mail option is set, we have to scan all the recipients and
377 remove those that match. */
378
379 if (ob->never_mail)
380 {
381 const uschar *never_mail = expand_string(ob->never_mail);
382
383 if (!never_mail)
384 {
385 addr->transport_return = FAIL;
386 addr->message = string_sprintf("Failed to expand \"%s\" for "
387 "\"never_mail\" in %s transport", ob->never_mail, tblock->name);
388 return FALSE;
389 }
390
391 if (to) check_never_mail(&to, never_mail);
392 if (cc) check_never_mail(&cc, never_mail);
393 if (bcc) check_never_mail(&bcc, never_mail);
394
395 if (!to && !cc && !bcc)
396 {
397 DEBUG(D_transport)
398 debug_printf("*** all recipients removed by never_mail\n");
399 return OK;
400 }
401 }
402
403 /* If the -N option is set, can't do any more. */
404
405 if (f.dont_deliver)
406 {
407 DEBUG(D_transport)
408 debug_printf("*** delivery by %s transport bypassed by -N option\n",
409 tblock->name);
410 return FALSE;
411 }
412
413
414 /* If the oncelog field is set, we send want to send only one message to the
415 given recipient(s). This works only on the "To" field. If there is no "To"
416 field, the message is always sent. If the To: field contains more than one
417 recipient, the effect might not be quite as envisaged. If once_file_size is
418 set, instead of a dbm file, we use a regular file containing a circular buffer
419 recipient cache. */
420
421 if (oncelog && *oncelog != 0 && to)
422 {
423 time_t then = 0;
424
425 /* Handle fixed-size cache file. */
426
427 if (ob->once_file_size > 0)
428 {
429 uschar * nextp;
430 struct stat statbuf;
431 cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
432
433 if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
434 {
435 addr->transport_return = DEFER;
436 addr->message = string_sprintf("Failed to %s \"once\" file %s when "
437 "sending message from %s transport: %s",
438 (cache_fd < 0)? "open" : "stat", oncelog, tblock->name,
439 strerror(errno));
440 goto END_OFF;
441 }
442
443 /* Get store in the temporary pool and read the entire file into it. We get
444 an amount of store that is big enough to add the new entry on the end if we
445 need to do that. */
446
447 cache_size = statbuf.st_size;
448 add_size = sizeof(time_t) + Ustrlen(to) + 1;
449 cache_buff = store_get(cache_size + add_size, is_tainted(oncelog));
450
451 if (read(cache_fd, cache_buff, cache_size) != cache_size)
452 {
453 addr->transport_return = DEFER;
454 addr->basic_errno = errno;
455 addr->message = US"error while reading \"once\" file";
456 goto END_OFF;
457 }
458
459 DEBUG(D_transport) debug_printf("%d bytes read from %s\n", cache_size, oncelog);
460
461 /* Scan the data for this recipient. Each entry in the file starts with
462 a time_t sized time value, followed by the address, followed by a binary
463 zero. If we find a match, put the time into "then", and the place where it
464 was found into "cache_time". Otherwise, "then" is left at zero. */
465
466 for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp)
467 {
468 uschar *s = p + sizeof(time_t);
469 nextp = s + Ustrlen(s) + 1;
470 if (Ustrcmp(to, s) == 0)
471 {
472 memcpy(&then, p, sizeof(time_t));
473 cache_time = p;
474 break;
475 }
476 }
477 }
478
479 /* Use a DBM file for the list of previous recipients. */
480
481 else
482 {
483 EXIM_DATUM key_datum, result_datum;
484 uschar * dirname = string_copy(oncelog);
485 uschar * s;
486
487 if ((s = Ustrrchr(dirname, '/'))) *s = '\0';
488 EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file);
489 if (!dbm_file)
490 {
491 addr->transport_return = DEFER;
492 addr->message = string_sprintf("Failed to open %s file %s when sending "
493 "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
494 strerror(errno));
495 goto END_OFF;
496 }
497
498 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need datums */
499 EXIM_DATUM_INIT(result_datum); /* to be cleared */
500 EXIM_DATUM_DATA(key_datum) = CS to;
501 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
502
503 if (EXIM_DBGET(dbm_file, key_datum, result_datum))
504 {
505 /* If the datum size is that of a binary time, we are in the new world
506 where messages are sent periodically. Otherwise the file is an old one,
507 where the datum was filled with a tod_log time, which is assumed to be
508 different in size. For that, only one message is ever sent. This change
509 introduced at Exim 3.00. In a couple of years' time the test on the size
510 can be abolished. */
511
512 if (EXIM_DATUM_SIZE(result_datum) == sizeof(time_t))
513 memcpy(&then, EXIM_DATUM_DATA(result_datum), sizeof(time_t));
514 else
515 then = now;
516 }
517 }
518
519 /* Either "then" is set zero, if no message has yet been sent, or it
520 is set to the time of the last sending. */
521
522 if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
523 {
524 int log_fd;
525 DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
526 (once_repeat_sec > 0)? " and repeat time not reached" : "");
527 log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
528 if (log_fd >= 0)
529 {
530 uschar *ptr = log_buffer;
531 sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to);
532 while(*ptr) ptr++;
533 if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
534 || close(log_fd))
535 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
536 "transport\n", logfile, tblock->name);
537 }
538 goto END_OFF;
539 }
540
541 DEBUG(D_transport) debug_printf("%s %s\n", (then <= 0)?
542 "no previous message sent to" : "repeat time reached for", to);
543 }
544
545 /* We are going to send a message. Ensure any requested file is available. */
546
547 if (file)
548 {
549 ff = Ufopen(file, "rb");
550 if (!ff && !ob->file_optional)
551 {
552 addr->transport_return = DEFER;
553 addr->message = string_sprintf("Failed to open file %s when sending "
554 "message from %s transport: %s", file, tblock->name, strerror(errno));
555 return FALSE;
556 }
557 }
558
559 /* Make a subprocess to send the message */
560
561 pid = child_open_exim(&fd);
562
563 /* Creation of child failed; defer this delivery. */
564
565 if (pid < 0)
566 {
567 addr->transport_return = DEFER;
568 addr->message = string_sprintf("Failed to create child process to send "
569 "message from %s transport: %s", tblock->name, strerror(errno));
570 DEBUG(D_transport) debug_printf("%s\n", addr->message);
571 if (dbm_file) EXIM_DBCLOSE(dbm_file);
572 return FALSE;
573 }
574
575 /* Create the message to be sent - recipients are taken from the headers,
576 as the -t option is used. The "headers" stuff *must* be last in case there
577 are newlines in it which might, if placed earlier, screw up other headers. */
578
579 fp = fdopen(fd, "wb");
580
581 if (from) fprintf(fp, "From: %s\n", from);
582 if (reply_to) fprintf(fp, "Reply-To: %s\n", reply_to);
583 if (to) fprintf(fp, "To: %s\n", to);
584 if (cc) fprintf(fp, "Cc: %s\n", cc);
585 if (bcc) fprintf(fp, "Bcc: %s\n", bcc);
586 if (subject) fprintf(fp, "Subject: %s\n", subject);
587
588 /* Generate In-Reply-To from the message_id header; there should
589 always be one, but code defensively. */
590
591 for (h = header_list; h; h = h->next)
592 if (h->type == htype_id) break;
593
594 if (h)
595 {
596 message_id = Ustrchr(h->text, ':') + 1;
597 while (isspace(*message_id)) message_id++;
598 fprintf(fp, "In-Reply-To: %s", message_id);
599 }
600
601 /* Generate a References header if there is at least one of Message-ID:,
602 References:, or In-Reply-To: (see RFC 2822). */
603
604 for (h = header_list; h; h = h->next)
605 if (h->type != htype_old && strncmpic(US"References:", h->text, 11) == 0)
606 break;
607
608 if (!h)
609 for (h = header_list; h; h = h->next)
610 if (h->type != htype_old && strncmpic(US"In-Reply-To:", h->text, 12) == 0)
611 break;
612
613 /* We limit the total length of references. Although there is no fixed
614 limit, some systems do not like headers growing beyond recognition.
615 Keep the first message ID for the thread root and the last few for
616 the position inside the thread, up to a maximum of 12 altogether. */
617
618 if (h || message_id)
619 {
620 fprintf(fp, "References:");
621 if (h)
622 {
623 uschar *s, *id, *error;
624 uschar *referenced_ids[12];
625 int reference_count = 0;
626
627 s = Ustrchr(h->text, ':') + 1;
628 f.parse_allow_group = FALSE;
629 while (*s != 0 && (s = parse_message_id(s, &id, &error)) != NULL)
630 {
631 if (reference_count == nelem(referenced_ids))
632 {
633 memmove(referenced_ids + 1, referenced_ids + 2,
634 sizeof(referenced_ids) - 2*sizeof(uschar *));
635 referenced_ids[reference_count - 1] = id;
636 }
637 else referenced_ids[reference_count++] = id;
638 }
639 for (int i = 0; i < reference_count; ++i) fprintf(fp, " %s", referenced_ids[i]);
640 }
641
642 /* The message id will have a newline on the end of it. */
643
644 if (message_id) fprintf(fp, " %s", message_id);
645 else fprintf(fp, "\n");
646 }
647
648 /* Add an Auto-Submitted: header */
649
650 fprintf(fp, "Auto-Submitted: auto-replied\n");
651
652 /* Add any specially requested headers */
653
654 if (headers) fprintf(fp, "%s\n", headers);
655 fprintf(fp, "\n");
656
657 if (text)
658 {
659 fprintf(fp, "%s", CS text);
660 if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n");
661 }
662
663 if (ff)
664 {
665 while (Ufgets(big_buffer, big_buffer_size, ff) != NULL)
666 {
667 if (file_expand)
668 {
669 uschar *s = expand_string(big_buffer);
670 DEBUG(D_transport)
671 {
672 if (!s)
673 debug_printf("error while expanding line from file:\n %s\n %s\n",
674 big_buffer, expand_string_message);
675 }
676 fprintf(fp, "%s", s ? CS s : CS big_buffer);
677 }
678 else fprintf(fp, "%s", CS big_buffer);
679 }
680 (void) fclose(ff);
681 }
682
683 /* Copy the original message if required, observing the return size
684 limit if we are returning the body. */
685
686 if (return_message)
687 {
688 uschar *rubric = (tblock->headers_only)?
689 US"------ This is a copy of the message's header lines.\n"
690 : (tblock->body_only)?
691 US"------ This is a copy of the body of the message, without the headers.\n"
692 :
693 US"------ This is a copy of the message, including all the headers.\n";
694 transport_ctx tctx = {
695 .u = {.fd = fileno(fp)},
696 .tblock = tblock,
697 .addr = addr,
698 .check_string = NULL,
699 .escape_string = NULL,
700 .options = (tblock->body_only ? topt_no_headers : 0)
701 | (tblock->headers_only ? topt_no_body : 0)
702 | (tblock->return_path_add ? topt_add_return_path : 0)
703 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
704 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
705 | topt_not_socket
706 };
707
708 if (bounce_return_size_limit > 0 && !tblock->headers_only)
709 {
710 struct stat statbuf;
711 int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) *
712 DELIVER_IN_BUFFER_SIZE;
713 if (fstat(deliver_datafile, &statbuf) == 0 && statbuf.st_size > max)
714 {
715 fprintf(fp, "\n%s"
716 "------ The body of the message is " OFF_T_FMT " characters long; only the first\n"
717 "------ %d or so are included here.\n\n", rubric, statbuf.st_size,
718 (max/1000)*1000);
719 }
720 else fprintf(fp, "\n%s\n", rubric);
721 }
722 else fprintf(fp, "\n%s\n", rubric);
723
724 fflush(fp);
725 transport_count = 0;
726 transport_write_message(&tctx, bounce_return_size_limit);
727 }
728
729 /* End the message and wait for the child process to end; no timeout. */
730
731 (void)fclose(fp);
732 rc = child_close(pid, 0);
733
734 /* Update the "sent to" log whatever the yield. This errs on the side of
735 missing out a message rather than risking sending more than one. We either have
736 cache_fd set to a fixed size, circular buffer file, or dbm_file set to an open
737 DBM file (or neither, if "once" is not set). */
738
739 /* Update fixed-size cache file. If cache_time is set, we found a previous
740 entry; that is the spot into which to put the current time. Otherwise we have
741 to add a new record; remove the first one in the file if the file is too big.
742 We always rewrite the entire file in a single write operation. This is
743 (hopefully) going to be the safest thing because there is no interlocking
744 between multiple simultaneous deliveries. */
745
746 if (cache_fd >= 0)
747 {
748 uschar *from = cache_buff;
749 int size = cache_size;
750
751 if (lseek(cache_fd, 0, SEEK_SET) == 0)
752 {
753 if (!cache_time)
754 {
755 cache_time = from + size;
756 memcpy(cache_time + sizeof(time_t), to, add_size - sizeof(time_t));
757 size += add_size;
758
759 if (cache_size > 0 && size > ob->once_file_size)
760 {
761 from += sizeof(time_t) + Ustrlen(from + sizeof(time_t)) + 1;
762 size -= (from - cache_buff);
763 }
764 }
765
766 memcpy(cache_time, &now, sizeof(time_t));
767 if(write(cache_fd, from, size) != size)
768 DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s "
769 "transport\n", oncelog, tblock->name);
770 }
771 }
772
773 /* Update DBM file */
774
775 else if (dbm_file)
776 {
777 EXIM_DATUM key_datum, value_datum;
778 EXIM_DATUM_INIT(key_datum); /* Some DBM libraries need to have */
779 EXIM_DATUM_INIT(value_datum); /* cleared datums. */
780 EXIM_DATUM_DATA(key_datum) = CS to;
781 EXIM_DATUM_SIZE(key_datum) = Ustrlen(to) + 1;
782
783 /* Many OS define the datum value, sensibly, as a void *. However, there
784 are some which still have char *. By casting this address to a char * we
785 can avoid warning messages from the char * systems. */
786
787 EXIM_DATUM_DATA(value_datum) = CS (&now);
788 EXIM_DATUM_SIZE(value_datum) = (int)sizeof(time_t);
789 EXIM_DBPUT(dbm_file, key_datum, value_datum);
790 }
791
792 /* If sending failed, defer to try again - but if once is set the next
793 try will skip, of course. However, if there were no recipients in the
794 message, we do not fail. */
795
796 if (rc != 0)
797 if (rc == EXIT_NORECIPIENTS)
798 {
799 DEBUG(D_any) debug_printf("%s transport: message contained no recipients\n",
800 tblock->name);
801 }
802 else
803 {
804 addr->transport_return = DEFER;
805 addr->message = string_sprintf("Failed to send message from %s "
806 "transport (%d)", tblock->name, rc);
807 goto END_OFF;
808 }
809
810 /* Log the sending of the message if successful and required. If the file
811 fails to open, it's hard to know what to do. We cannot write to the Exim
812 log from here, since we may be running under an unprivileged uid. We don't
813 want to fail the delivery, since the message has been successfully sent. For
814 the moment, ignore open failures. Write the log entry as a single write() to a
815 file opened for appending, in order to avoid interleaving of output from
816 different processes. The log_buffer can be used exactly as for main log
817 writing. */
818
819 if (logfile)
820 {
821 int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode);
822 if (log_fd >= 0)
823 {
824 gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs;
825
826 /* Use taint-unchecked routines for writing into log_buffer, trusting
827 that we'll never expand it. */
828
829 DEBUG(D_transport) debug_printf("logging message details\n");
830 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log));
831 if (from)
832 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from);
833 if (to)
834 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to);
835 if (cc)
836 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc);
837 if (bcc)
838 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc);
839 if (subject)
840 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject);
841 if (headers)
842 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers);
843 if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd))
844 DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
845 "transport\n", logfile, tblock->name);
846 }
847 else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s "
848 "transport: %s\n", logfile, tblock->name, strerror(errno));
849 }
850
851 END_OFF:
852 if (dbm_file) EXIM_DBCLOSE(dbm_file);
853 if (cache_fd > 0) (void)close(cache_fd);
854
855 DEBUG(D_transport) debug_printf("%s transport succeeded\n", tblock->name);
856
857 return FALSE;
858 }
859
860 #endif /*!MACRO_PREDEF*/
861 /* End of transport/autoreply.c */
Unnamed repository; edit this file 'description' to name the repository.