1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2022 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
14 #define PENDING_OK 256
17 /* Options specific to the lmtp transport. They must be in alphabetic
18 order (note that "_" comes before the lower case letters). Those starting
19 with "*" are not settable by the user but are used by the option-reading
20 software for alternative value types. Some options are stored in the transport
21 instance block so as to be publicly visible; these are flagged with opt_public.
24 optionlist lmtp_transport_options[] = {
25 { "batch_id", opt_stringptr | opt_public,
26 OPT_OFF(transport_instance, batch_id) },
27 { "batch_max", opt_int | opt_public,
28 OPT_OFF(transport_instance, batch_max) },
29 { "command", opt_stringptr,
30 OPT_OFF(lmtp_transport_options_block, cmd) },
31 { "ignore_quota", opt_bool,
32 OPT_OFF(lmtp_transport_options_block, ignore_quota) },
33 { "socket", opt_stringptr,
34 OPT_OFF(lmtp_transport_options_block, skt) },
35 { "timeout", opt_time,
36 OPT_OFF(lmtp_transport_options_block, timeout) }
39 /* Size of the options list. An extern variable has to be used so that its
40 address can appear in the tables drtables.c. */
42 int lmtp_transport_options_count =
43 sizeof(lmtp_transport_options)/sizeof(optionlist);
49 lmtp_transport_options_block lmtp_transport_option_defaults = {0};
50 void lmtp_transport_init(transport_instance *tblock) {}
51 BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
53 #else /*!MACRO_PREDEF*/
56 /* Default private options block for the lmtp transport. */
58 lmtp_transport_options_block lmtp_transport_option_defaults = {
63 FALSE /* ignore_quota */
68 /*************************************************
69 * Initialization entry point *
70 *************************************************/
72 /* Called for each instance, after its options have been read, to
73 enable consistency checks to be done, or anything else that needs
77 lmtp_transport_init(transport_instance *tblock)
79 lmtp_transport_options_block *ob =
80 (lmtp_transport_options_block *)(tblock->options_block);
82 /* Either the command field or the socket field must be set */
84 if ((ob->cmd == NULL) == (ob->skt == NULL))
85 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
86 "one (and only one) of command or socket must be set for the %s transport",
89 /* If a fixed uid field is set, then a gid field must also be set. */
91 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
92 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
93 "user set without group for the %s transport", tblock->name);
95 /* Set up the bitwise options for transport_write_message from the various
96 driver options. Only one of body_only and headers_only can be set. */
99 (tblock->body_only? topt_no_headers : 0) |
100 (tblock->headers_only? topt_no_body : 0) |
101 (tblock->return_path_add? topt_add_return_path : 0) |
102 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
103 (tblock->envelope_to_add? topt_add_envelope_to : 0) |
104 topt_use_crlf | topt_end_dot;
108 /*************************************************
109 * Check an LMTP response *
110 *************************************************/
112 /* This function is given an errno code and the LMTP response buffer to
113 analyse. It sets an appropriate message and puts the first digit of the
114 response code into the yield variable. If no response was actually read, a
115 suitable digit is chosen.
118 errno_value pointer to the errno value
119 more_errno from the top address for use with ERRNO_FILTER_FAIL
120 buffer the LMTP response buffer
121 yield where to put a one-digit LMTP response code
122 message where to put an error message
124 Returns: TRUE if a "QUIT" command should be sent, else FALSE
128 check_response(int *errno_value, int more_errno, uschar *buffer,
129 int *yield, uschar **message)
131 *yield = '4'; /* Default setting is to give a temporary error */
133 /* Handle response timeout */
135 if (*errno_value == ETIMEDOUT)
137 *message = string_sprintf("LMTP timeout after %s", big_buffer);
138 if (transport_count > 0)
139 *message = string_sprintf("%s (%d bytes written)", *message,
145 /* Handle malformed LMTP response */
147 if (*errno_value == ERRNO_SMTPFORMAT)
149 *message = string_sprintf("Malformed LMTP response after %s: %s",
150 big_buffer, string_printing(buffer));
154 /* Handle a failed filter process error; can't send QUIT as we mustn't
157 if (*errno_value == ERRNO_FILTER_FAIL)
159 *message = string_sprintf("transport filter process failed (%d)%s",
161 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
165 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
168 if (*errno_value == ERRNO_CHHEADER_FAIL)
171 string_sprintf("failed to expand headers_add or headers_remove: %s",
172 expand_string_message);
176 /* Handle failure to write a complete data block */
178 if (*errno_value == ERRNO_WRITEINCOMPLETE)
180 *message = US"failed to write a data block";
184 /* Handle error responses from the remote process. */
188 const uschar *s = string_printing(buffer);
189 *message = string_sprintf("LMTP error after %s: %s", big_buffer, s);
194 /* No data was read. If there is no errno, this must be the EOF (i.e.
195 connection closed) case, which causes deferral. Otherwise, leave the errno
196 value to be interpreted. In all cases, we have to assume the connection is now
199 if (*errno_value == 0)
201 *errno_value = ERRNO_SMTPCLOSED;
202 *message = string_sprintf("LMTP connection closed after %s", big_buffer);
210 /*************************************************
211 * Write LMTP command *
212 *************************************************/
214 /* The formatted command is left in big_buffer so that it can be reflected in
218 fd the fd to write to
219 format a format, starting with one of
220 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
221 ... data for the format
223 Returns: TRUE if successful, FALSE if not, with errno set
227 lmtp_write_command(int fd, const char *format, ...)
229 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
233 /*XXX see comment in smtp_write_command() regarding leaving stuff in
236 va_start(ap, format);
237 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
240 errno = ERRNO_SMTPFORMAT;
244 DEBUG(D_transport|D_v) debug_printf(" LMTP>> %Y", &gs);
245 rc = write(fd, gs.s, gs.ptr);
246 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */
247 if (rc > 0) return TRUE;
248 DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno));
255 /*************************************************
256 * Read LMTP response *
257 *************************************************/
259 /* This function reads an LMTP response with a timeout, and returns the
260 response in the given buffer. It also analyzes the first digit of the reply
261 code and returns FALSE if it is not acceptable.
263 FALSE is also returned after a reading error. In this case buffer[0] will be
264 zero, and the error code will be in errno.
267 f a file to read from
268 buffer where to put the response
269 size the size of the buffer
270 okdigit the expected first digit of the response
271 timeout the timeout to use
273 Returns: TRUE if a valid, non-error response was received; else FALSE
277 lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout)
280 uschar *ptr = buffer;
281 uschar *readptr = buffer;
283 /* Ensure errno starts out zero */
287 /* Loop for handling LMTP responses that do not all come in one line. */
291 /* If buffer is too full, something has gone wrong. */
296 errno = ERRNO_SMTPFORMAT;
300 /* Loop to cover the read getting interrupted. */
307 *readptr = 0; /* In case nothing gets read */
308 sigalrm_seen = FALSE;
310 rc = Ufgets(readptr, size-1, f);
315 if (rc != NULL) break; /* A line has been read */
317 /* Handle timeout; must do this first because it uses EINTR */
319 if (sigalrm_seen) errno = ETIMEDOUT;
321 /* If some other interrupt arrived, just retry. We presume this to be rare,
322 but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes
325 else if (errno == EINTR)
327 DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n");
331 /* Handle other errors, including EOF; ensure buffer is completely empty. */
337 /* Adjust size in case we have to read another line, and adjust the
338 count to be the length of the line we are about to inspect. */
340 count = Ustrlen(readptr);
342 count += readptr - ptr;
344 /* See if the final two characters in the buffer are \r\n. If not, we
345 have to read some more. At least, that is what we should do on a strict
346 interpretation of the RFC. But accept LF as well, as we do for SMTP. */
348 if (ptr[count-1] != '\n')
352 debug_printf("LMTP input line incomplete in one buffer:\n ");
353 for (int i = 0; i < count; i++)
356 if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c);
360 readptr = ptr + count;
364 /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF
365 etc. at the end. Show it, if debugging, formatting multi-line responses. */
367 while (count > 0 && isspace(ptr[count-1])) count--;
370 DEBUG(D_transport|D_v)
376 while (*t != 0 && *t != '\n') t++;
377 debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ",
384 /* Check the format of the response: it must start with three digits; if
385 these are followed by a space or end of line, the response is complete. If
386 they are followed by '-' this is a multi-line response and we must look for
387 another line until the final line is reached. The only use made of multi-line
388 responses is to pass them back as error messages. We therefore just
389 concatenate them all within the buffer, which should be large enough to
390 accept any reasonable number of lines. A multiline response may already
391 have been read in one go - hence the loop here. */
400 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
402 errno = ERRNO_SMTPFORMAT; /* format error */
406 /* If a single-line response, exit the loop */
408 if (ptr[3] != '-') break;
410 /* For a multi-line response see if the next line is already read, and if
411 so, stay in this loop to check it. */
422 if (*p == 0) break; /* No more lines to check */
425 /* End of response. If the last of the lines we are looking at is the final
426 line, we are done. Otherwise more data has to be read. */
428 if (ptr[3] != '-') break;
430 /* Move the reading pointer upwards in the buffer and insert \n in case this
431 is an error message that subsequently gets printed. Set the scanning pointer
432 to the reading pointer position. */
440 /* Return a value that depends on the LMTP return code. Ensure that errno is
441 zero, because the caller of this function looks at errno when FALSE is
442 returned, to distinguish between an unexpected return code and other errors
443 such as timeouts, lost connections, etc. */
446 return buffer[0] == okdigit;
454 /*************************************************
456 *************************************************/
458 /* See local README for interface details. For setup-errors, this transport
459 returns FALSE, indicating that the first address has the status for all; in
460 normal cases it returns TRUE, indicating that each address has its own status
464 lmtp_transport_entry(
465 transport_instance *tblock, /* data for this instantiation */
466 address_item *addrlist) /* address(es) we are working on */
470 lmtp_transport_options_block *ob =
471 (lmtp_transport_options_block *)(tblock->options_block);
472 struct sockaddr_un sockun; /* don't call this "sun" ! */
473 int timeout = ob->timeout;
474 int fd_in = -1, fd_out = -1;
475 int code, save_errno;
478 uschar *igquotstr = US"";
479 uschar *sockname = NULL;
483 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
485 /* Initialization ensures that either a command or a socket is specified, but
486 not both. When a command is specified, call the common function for creating an
487 argument list and expanding the items. */
491 DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
492 sprintf(CS buffer, "%.50s transport", tblock->name);
493 if (!transport_set_up_command(&argv, ob->cmd, TSUC_EXPAND_ARGS, PANIC,
494 addrlist, buffer, NULL))
497 /* If the -N option is set, can't do any more. Presume all has gone well. */
501 /* As this is a local transport, we are already running with the required
502 uid/gid and current directory. Request that the new process be a process group
503 leader, so we can kill it and all its children on an error. */
505 if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE,
506 US"lmtp-tpt-cmd")) < 0)
508 addrlist->message = string_sprintf(
509 "Failed to create child process for %s transport: %s", tblock->name,
515 /* When a socket is specified, expand the string and create a socket. */
519 DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt);
520 if (!(sockname = expand_string(ob->skt)))
522 addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting "
523 "for %s transport) failed: %s", ob->skt, tblock->name,
524 expand_string_message);
527 if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
529 addrlist->message = string_sprintf(
530 "Failed to create socket %s for %s transport: %s",
531 ob->skt, tblock->name, strerror(errno));
535 /* If the -N option is set, can't do any more. Presume all has gone well. */
539 sockun.sun_family = AF_UNIX;
540 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname);
541 if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
543 addrlist->message = string_sprintf(
544 "Failed to connect to socket %s for %s transport: %s",
545 sockun.sun_path, tblock->name, strerror(errno));
551 /* Make the output we are going to read into a file. */
553 out = fdopen(fd_out, "rb");
555 /* Now we must implement the LMTP protocol. It is like SMTP, except that after
556 the end of the message, a return code for every accepted RCPT TO is sent. This
557 allows for message+recipient checks after the message has been received. */
559 /* First thing is to wait for an initial greeting. */
561 Ustrcpy(big_buffer, US"initial connection");
562 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
563 goto RESPONSE_FAILED;
565 /* Next, we send a LHLO command, and expect a positive response */
567 if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", primary_hostname))
570 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
571 goto RESPONSE_FAILED;
573 /* If the ignore_quota option is set, note whether the server supports the
574 IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */
576 if (ob->ignore_quota)
577 igquotstr = regex_match(regex_IGNOREQUOTA, buffer, -1, NULL)
578 ? US" IGNOREQUOTA" : US"";
580 /* Now the envelope sender */
582 if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path))
585 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
587 if (errno == 0 && buffer[0] == '4')
589 errno = ERRNO_MAIL4XX;
590 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
592 goto RESPONSE_FAILED;
595 /* Next, we hand over all the recipients. Some may be permanently or
596 temporarily rejected; others may be accepted, for now. */
599 for (address_item * addr = addrlist; addr; addr = addr->next)
601 if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n",
602 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr))
604 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
607 addr->transport_return = PENDING_OK;
611 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
612 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
613 string_printing(buffer));
614 setflag(addr, af_pass_message); /* Allow message to go to user */
615 if (buffer[0] == '5') addr->transport_return = FAIL; else
617 addr->basic_errno = ERRNO_RCPT4XX;
618 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
623 /* Now send the text of the message if there were any good recipients. */
628 transport_ctx tctx = {
636 if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED;
637 if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout))
639 if (errno == 0 && buffer[0] == '4')
641 errno = ERRNO_DATA4XX;
642 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
644 goto RESPONSE_FAILED;
647 sigalrm_seen = FALSE;
648 transport_write_timeout = timeout;
649 Ustrcpy(big_buffer, US"sending data block"); /* For error messages */
650 DEBUG(D_transport|D_v)
651 debug_printf(" LMTP>> writing message and terminating \".\"\n");
654 ok = transport_write_message(&tctx, 0);
656 /* Failure can either be some kind of I/O disaster (including timeout),
657 or the failure of a transport filter or the expansion of added headers. */
661 buffer[0] = 0; /* There hasn't been a response */
662 goto RESPONSE_FAILED;
665 Ustrcpy(big_buffer, US"end of data"); /* For error messages */
667 /* We now expect a response for every address that was accepted above,
668 in the same order. For those that get a response, their status is fixed;
669 any that are accepted have been handed over, even if later responses crash -
670 at least, that's how I read RFC 2033. */
672 for (address_item * addr = addrlist; addr; addr = addr->next)
674 if (addr->transport_return != PENDING_OK) continue;
676 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
678 addr->transport_return = OK;
679 if (LOGGING(smtp_confirmation))
681 const uschar *s = string_printing(buffer);
682 /* de-const safe here as string_printing known to have alloc'n'copied */
683 addr->message = (s == buffer)? US string_copy(s) : US s;
686 /* If the response has failed badly, use it for all the remaining pending
687 addresses and give up. */
689 else if (errno != 0 || buffer[0] == 0)
692 check_response(&save_errno, addr->more_errno, buffer, &code,
694 addr->transport_return = (code == '5')? FAIL : DEFER;
695 for (address_item * a = addr->next; a; a = a->next)
697 if (a->transport_return != PENDING_OK) continue;
698 a->basic_errno = addr->basic_errno;
699 a->message = addr->message;
700 a->transport_return = addr->transport_return;
705 /* Otherwise, it's an LMTP error code return for one address */
709 if (buffer[0] == '4')
711 addr->basic_errno = ERRNO_DATA4XX;
712 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
714 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
715 string_printing(buffer));
716 addr->transport_return = (buffer[0] == '5')? FAIL : DEFER;
717 setflag(addr, af_pass_message); /* Allow message to go to user */
722 /* The message transaction has completed successfully - this doesn't mean that
723 all the addresses have necessarily been transferred, but each has its status
724 set, so we change the yield to TRUE. */
727 (void) lmtp_write_command(fd_in, "QUIT\r\n");
728 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
733 /* Come here if any call to read_response, other than a response after the data
734 phase, failed. Put the error in the top address - this will be replicated
735 because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be
736 a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT
737 command. Wait for the response with a short timeout, so we don't wind up this
738 process before the far end has had time to read the QUIT. */
743 if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno;
744 addrlist->message = NULL;
746 if (check_response(&save_errno, addrlist->more_errno,
747 buffer, &code, &(addrlist->message)))
749 (void) lmtp_write_command(fd_in, "QUIT\r\n");
750 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
753 addrlist->transport_return = (code == '5')? FAIL : DEFER;
754 if (code == '4' && save_errno > 0)
755 addrlist->message = string_sprintf("%s: %s", addrlist->message,
756 strerror(save_errno));
757 goto KILL_AND_RETURN;
759 /* Come here if there are errors during writing of a command or the message
760 itself. This error will be applied to all the addresses. */
764 addrlist->transport_return = PANIC;
765 addrlist->basic_errno = errno;
766 if (errno == ERRNO_CHHEADER_FAIL)
768 string_sprintf("Failed to expand headers_add or headers_remove: %s",
769 expand_string_message);
770 else if (errno == ERRNO_FILTER_FAIL)
771 addrlist->message = US"Filter process failure";
772 else if (errno == ERRNO_WRITEINCOMPLETE)
773 addrlist->message = US"Failed repeatedly to write data";
774 else if (errno == ERRNO_SMTPFORMAT)
775 addrlist->message = US"overlong LMTP command generated";
777 addrlist->message = string_sprintf("Error %d", errno);
779 /* Come here after errors. Kill off the process. */
783 if (pid > 0) killpg(pid, SIGKILL);
785 /* Come here from all paths after the subprocess is created. Wait for the
786 process, but with a timeout. */
790 (void)child_close(pid, timeout);
792 if (fd_in >= 0) (void)close(fd_in);
793 if (fd_out >= 0) (void)fclose(out);
796 debug_printf("%s transport yields %d\n", tblock->name, yield);
803 debug_printf("*** delivery by %s transport bypassed by -N option",
805 addrlist->transport_return = OK;
809 #endif /*!MACRO_PREDEF*/
810 /* End of transport/lmtp.c */
git://git.exim.org / exim.git / blob