1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2024 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
12 #ifdef TRANSPORT_LMTP /* Remainder of file */
16 #define PENDING_OK 256
19 /* Options specific to the lmtp transport. They must be in alphabetic
20 order (note that "_" comes before the lower case letters). Those starting
21 with "*" are not settable by the user but are used by the option-reading
22 software for alternative value types. Some options are stored in the transport
23 instance block so as to be publicly visible; these are flagged with opt_public.
26 optionlist lmtp_transport_options[] = {
27 { "batch_id", opt_stringptr | opt_public,
28 OPT_OFF(transport_instance, batch_id) },
29 { "batch_max", opt_int | opt_public,
30 OPT_OFF(transport_instance, batch_max) },
31 { "command", opt_stringptr,
32 OPT_OFF(lmtp_transport_options_block, cmd) },
33 { "ignore_quota", opt_bool,
34 OPT_OFF(lmtp_transport_options_block, ignore_quota) },
35 { "socket", opt_stringptr,
36 OPT_OFF(lmtp_transport_options_block, skt) },
37 { "timeout", opt_time,
38 OPT_OFF(lmtp_transport_options_block, timeout) }
41 /* Size of the options list. An extern variable has to be used so that its
42 address can appear in the tables drtables.c. */
44 int lmtp_transport_options_count =
45 sizeof(lmtp_transport_options)/sizeof(optionlist);
51 lmtp_transport_options_block lmtp_transport_option_defaults = {0};
52 void lmtp_transport_init(driver_instance *tblock) {}
53 BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
55 #else /*!MACRO_PREDEF*/
58 /* Default private options block for the lmtp transport. */
60 lmtp_transport_options_block lmtp_transport_option_defaults = {
65 FALSE /* ignore_quota */
70 /*************************************************
71 * Initialization entry point *
72 *************************************************/
74 /* Called for each instance, after its options have been read, to
75 enable consistency checks to be done, or anything else that needs
79 lmtp_transport_init(driver_instance * t)
81 transport_instance * tblock = (transport_instance *)t;
82 lmtp_transport_options_block * ob = t->options_block;
84 /* Either the command field or the socket field must be set */
86 if ((ob->cmd == NULL) == (ob->skt == NULL))
87 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
88 "one (and only one) of command or socket must be set for the %s transport",
91 /* If a fixed uid field is set, then a gid field must also be set. */
93 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
94 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
95 "user set without group for the %s transport", tblock->drinst.name);
97 /* Set up the bitwise options for transport_write_message from the various
98 driver options. Only one of body_only and headers_only can be set. */
101 (tblock->body_only ? topt_no_headers : 0) |
102 (tblock->headers_only ? topt_no_body : 0) |
103 (tblock->return_path_add ? topt_add_return_path : 0) |
104 (tblock->delivery_date_add ? topt_add_delivery_date : 0) |
105 (tblock->envelope_to_add ? topt_add_envelope_to : 0) |
106 topt_use_crlf | topt_end_dot;
110 /*************************************************
111 * Check an LMTP response *
112 *************************************************/
114 /* This function is given an errno code and the LMTP response buffer to
115 analyse. It sets an appropriate message and puts the first digit of the
116 response code into the yield variable. If no response was actually read, a
117 suitable digit is chosen.
120 errno_value pointer to the errno value
121 more_errno from the top address for use with ERRNO_FILTER_FAIL
122 buffer the LMTP response buffer
123 yield where to put a one-digit LMTP response code
124 message where to put an error message
126 Returns: TRUE if a "QUIT" command should be sent, else FALSE
130 check_response(int *errno_value, int more_errno, uschar *buffer,
131 int *yield, uschar **message)
133 *yield = '4'; /* Default setting is to give a temporary error */
135 /* Handle response timeout */
137 if (*errno_value == ETIMEDOUT)
139 *message = string_sprintf("LMTP timeout after %s", big_buffer);
140 if (transport_count > 0)
141 *message = string_sprintf("%s (%d bytes written)", *message,
147 /* Handle malformed LMTP response */
149 if (*errno_value == ERRNO_SMTPFORMAT)
151 *message = string_sprintf("Malformed LMTP response after %s: %s",
152 big_buffer, string_printing(buffer));
156 /* Handle a failed filter process error; can't send QUIT as we mustn't
159 if (*errno_value == ERRNO_FILTER_FAIL)
161 *message = string_sprintf("transport filter process failed (%d)%s",
163 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
167 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
170 if (*errno_value == ERRNO_CHHEADER_FAIL)
173 string_sprintf("failed to expand headers_add or headers_remove: %s",
174 expand_string_message);
178 /* Handle failure to write a complete data block */
180 if (*errno_value == ERRNO_WRITEINCOMPLETE)
182 *message = US"failed to write a data block";
186 /* Handle error responses from the remote process. */
190 const uschar *s = string_printing(buffer);
191 *message = string_sprintf("LMTP error after %s: %s", big_buffer, s);
196 /* No data was read. If there is no errno, this must be the EOF (i.e.
197 connection closed) case, which causes deferral. Otherwise, leave the errno
198 value to be interpreted. In all cases, we have to assume the connection is now
201 if (*errno_value == 0)
203 *errno_value = ERRNO_SMTPCLOSED;
204 *message = string_sprintf("LMTP connection closed after %s", big_buffer);
212 /*************************************************
213 * Write LMTP command *
214 *************************************************/
216 /* The formatted command is left in big_buffer so that it can be reflected in
220 fd the fd to write to
221 format a format, starting with one of
222 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
223 ... data for the format
225 Returns: TRUE if successful, FALSE if not, with errno set
229 lmtp_write_command(int fd, const char *format, ...)
231 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
235 /*XXX see comment in smtp_write_command() regarding leaving stuff in
238 va_start(ap, format);
239 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
242 errno = ERRNO_SMTPFORMAT;
246 DEBUG(D_transport|D_v) debug_printf(" LMTP>> %Y", &gs);
247 rc = write(fd, gs.s, gs.ptr);
248 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */
249 if (rc > 0) return TRUE;
250 DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno));
257 /*************************************************
258 * Read LMTP response *
259 *************************************************/
261 /* This function reads an LMTP response with a timeout, and returns the
262 response in the given buffer. It also analyzes the first digit of the reply
263 code and returns FALSE if it is not acceptable.
265 FALSE is also returned after a reading error. In this case buffer[0] will be
266 zero, and the error code will be in errno.
269 f a file to read from
270 buffer where to put the response
271 size the size of the buffer
272 okdigit the expected first digit of the response
273 timeout the timeout to use
275 Returns: TRUE if a valid, non-error response was received; else FALSE
279 lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout)
282 uschar *ptr = buffer;
283 uschar *readptr = buffer;
285 /* Ensure errno starts out zero */
289 /* Loop for handling LMTP responses that do not all come in one line. */
293 /* If buffer is too full, something has gone wrong. */
298 errno = ERRNO_SMTPFORMAT;
302 /* Loop to cover the read getting interrupted. */
309 *readptr = 0; /* In case nothing gets read */
310 sigalrm_seen = FALSE;
312 rc = Ufgets(readptr, size-1, f);
317 if (rc != NULL) break; /* A line has been read */
319 /* Handle timeout; must do this first because it uses EINTR */
321 if (sigalrm_seen) errno = ETIMEDOUT;
323 /* If some other interrupt arrived, just retry. We presume this to be rare,
324 but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes
327 else if (errno == EINTR)
329 DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n");
333 /* Handle other errors, including EOF; ensure buffer is completely empty. */
339 /* Adjust size in case we have to read another line, and adjust the
340 count to be the length of the line we are about to inspect. */
342 count = Ustrlen(readptr);
344 count += readptr - ptr;
346 /* See if the final two characters in the buffer are \r\n. If not, we
347 have to read some more. At least, that is what we should do on a strict
348 interpretation of the RFC. But accept LF as well, as we do for SMTP. */
350 if (ptr[count-1] != '\n')
354 debug_printf("LMTP input line incomplete in one buffer:\n ");
355 for (int i = 0; i < count; i++)
358 if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c);
362 readptr = ptr + count;
366 /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF
367 etc. at the end. Show it, if debugging, formatting multi-line responses. */
369 while (count > 0 && isspace(ptr[count-1])) count--;
372 DEBUG(D_transport|D_v)
378 while (*t != 0 && *t != '\n') t++;
379 debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ",
386 /* Check the format of the response: it must start with three digits; if
387 these are followed by a space or end of line, the response is complete. If
388 they are followed by '-' this is a multi-line response and we must look for
389 another line until the final line is reached. The only use made of multi-line
390 responses is to pass them back as error messages. We therefore just
391 concatenate them all within the buffer, which should be large enough to
392 accept any reasonable number of lines. A multiline response may already
393 have been read in one go - hence the loop here. */
402 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
404 errno = ERRNO_SMTPFORMAT; /* format error */
408 /* If a single-line response, exit the loop */
410 if (ptr[3] != '-') break;
412 /* For a multi-line response see if the next line is already read, and if
413 so, stay in this loop to check it. */
424 if (*p == 0) break; /* No more lines to check */
427 /* End of response. If the last of the lines we are looking at is the final
428 line, we are done. Otherwise more data has to be read. */
430 if (ptr[3] != '-') break;
432 /* Move the reading pointer upwards in the buffer and insert \n in case this
433 is an error message that subsequently gets printed. Set the scanning pointer
434 to the reading pointer position. */
442 /* Return a value that depends on the LMTP return code. Ensure that errno is
443 zero, because the caller of this function looks at errno when FALSE is
444 returned, to distinguish between an unexpected return code and other errors
445 such as timeouts, lost connections, etc. */
448 return buffer[0] == okdigit;
456 /*************************************************
458 *************************************************/
460 /* See local README for interface details. For setup-errors, this transport
461 returns FALSE, indicating that the first address has the status for all; in
462 normal cases it returns TRUE, indicating that each address has its own status
466 lmtp_transport_entry(
467 transport_instance *tblock, /* data for this instantiation */
468 address_item *addrlist) /* address(es) we are working on */
470 lmtp_transport_options_block * ob = tblock->drinst.options_block;
471 const uschar * trname = tblock->drinst.name;
474 struct sockaddr_un sockun; /* don't call this "sun" ! */
475 int timeout = ob->timeout;
476 int fd_in = -1, fd_out = -1;
477 int code, save_errno;
480 uschar *igquotstr = US"";
481 uschar *sockname = NULL;
485 DEBUG(D_transport) debug_printf("%s transport entered\n", trname);
487 /* Initialization ensures that either a command or a socket is specified, but
488 not both. When a command is specified, call the common function for creating an
489 argument list and expanding the items. */
493 DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
494 sprintf(CS buffer, "%.50s transport", trname);
495 if (!transport_set_up_command(&argv, ob->cmd, TSUC_EXPAND_ARGS, PANIC,
496 addrlist, buffer, NULL))
499 /* If the -N option is set, can't do any more. Presume all has gone well. */
503 /* As this is a local transport, we are already running with the required
504 uid/gid and current directory. Request that the new process be a process group
505 leader, so we can kill it and all its children on an error. */
507 if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE,
508 US"lmtp-tpt-cmd")) < 0)
510 addrlist->message = string_sprintf(
511 "Failed to create child process for %s transport: %s", trname,
517 /* When a socket is specified, expand the string and create a socket. */
521 DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt);
522 if (!(sockname = expand_string(ob->skt)))
524 addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting "
525 "for %s transport) failed: %s", ob->skt, trname,
526 expand_string_message);
529 if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
531 addrlist->message = string_sprintf(
532 "Failed to create socket %s for %s transport: %s",
533 ob->skt, trname, strerror(errno));
537 /* If the -N option is set, can't do any more. Presume all has gone well. */
541 sockun.sun_family = AF_UNIX;
542 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname);
543 if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
545 addrlist->message = string_sprintf(
546 "Failed to connect to socket %s for %s transport: %s",
547 sockun.sun_path, trname, strerror(errno));
553 /* Make the output we are going to read into a file. */
555 out = fdopen(fd_out, "rb");
557 /* Now we must implement the LMTP protocol. It is like SMTP, except that after
558 the end of the message, a return code for every accepted RCPT TO is sent. This
559 allows for message+recipient checks after the message has been received. */
561 /* First thing is to wait for an initial greeting. */
563 Ustrcpy(big_buffer, US"initial connection");
564 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
565 goto RESPONSE_FAILED;
567 /* Next, we send a LHLO command, and expect a positive response */
569 if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", primary_hostname))
572 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
573 goto RESPONSE_FAILED;
575 /* If the ignore_quota option is set, note whether the server supports the
576 IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */
578 if (ob->ignore_quota)
579 igquotstr = regex_match(regex_IGNOREQUOTA, buffer, -1, NULL)
580 ? US" IGNOREQUOTA" : US"";
582 /* Now the envelope sender */
584 if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path))
587 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
589 if (errno == 0 && buffer[0] == '4')
591 errno = ERRNO_MAIL4XX;
592 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
594 goto RESPONSE_FAILED;
597 /* Next, we hand over all the recipients. Some may be permanently or
598 temporarily rejected; others may be accepted, for now. */
601 for (address_item * addr = addrlist; addr; addr = addr->next)
603 if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n",
604 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr))
606 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
609 addr->transport_return = PENDING_OK;
613 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
614 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
615 string_printing(buffer));
616 setflag(addr, af_pass_message); /* Allow message to go to user */
617 if (buffer[0] == '5') addr->transport_return = FAIL; else
619 addr->basic_errno = ERRNO_RCPT4XX;
620 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
625 /* Now send the text of the message if there were any good recipients. */
630 transport_ctx tctx = {
638 if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED;
639 if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout))
641 if (errno == 0 && buffer[0] == '4')
643 errno = ERRNO_DATA4XX;
644 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
646 goto RESPONSE_FAILED;
649 sigalrm_seen = FALSE;
650 transport_write_timeout = timeout;
651 Ustrcpy(big_buffer, US"sending data block"); /* For error messages */
652 DEBUG(D_transport|D_v)
653 debug_printf(" LMTP>> writing message and terminating \".\"\n");
656 ok = transport_write_message(&tctx, 0);
658 /* Failure can either be some kind of I/O disaster (including timeout),
659 or the failure of a transport filter or the expansion of added headers. */
663 buffer[0] = 0; /* There hasn't been a response */
664 goto RESPONSE_FAILED;
667 Ustrcpy(big_buffer, US"end of data"); /* For error messages */
669 /* We now expect a response for every address that was accepted above,
670 in the same order. For those that get a response, their status is fixed;
671 any that are accepted have been handed over, even if later responses crash -
672 at least, that's how I read RFC 2033. */
674 for (address_item * addr = addrlist; addr; addr = addr->next)
676 if (addr->transport_return != PENDING_OK) continue;
678 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
680 addr->transport_return = OK;
681 if (LOGGING(smtp_confirmation))
683 const uschar *s = string_printing(buffer);
684 /* de-const safe here as string_printing known to have alloc'n'copied */
685 addr->message = (s == buffer)? US string_copy(s) : US s;
688 /* If the response has failed badly, use it for all the remaining pending
689 addresses and give up. */
691 else if (errno != 0 || buffer[0] == 0)
694 check_response(&save_errno, addr->more_errno, buffer, &code,
696 addr->transport_return = (code == '5')? FAIL : DEFER;
697 for (address_item * a = addr->next; a; a = a->next)
699 if (a->transport_return != PENDING_OK) continue;
700 a->basic_errno = addr->basic_errno;
701 a->message = addr->message;
702 a->transport_return = addr->transport_return;
707 /* Otherwise, it's an LMTP error code return for one address */
711 if (buffer[0] == '4')
713 addr->basic_errno = ERRNO_DATA4XX;
714 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
716 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
717 string_printing(buffer));
718 addr->transport_return = (buffer[0] == '5')? FAIL : DEFER;
719 setflag(addr, af_pass_message); /* Allow message to go to user */
724 /* The message transaction has completed successfully - this doesn't mean that
725 all the addresses have necessarily been transferred, but each has its status
726 set, so we change the yield to TRUE. */
729 (void) lmtp_write_command(fd_in, "QUIT\r\n");
730 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
735 /* Come here if any call to read_response, other than a response after the data
736 phase, failed. Put the error in the top address - this will be replicated
737 because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be
738 a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT
739 command. Wait for the response with a short timeout, so we don't wind up this
740 process before the far end has had time to read the QUIT. */
745 if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno;
746 addrlist->message = NULL;
748 if (check_response(&save_errno, addrlist->more_errno,
749 buffer, &code, &(addrlist->message)))
751 (void) lmtp_write_command(fd_in, "QUIT\r\n");
752 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
755 addrlist->transport_return = (code == '5')? FAIL : DEFER;
756 if (code == '4' && save_errno > 0)
757 addrlist->message = string_sprintf("%s: %s", addrlist->message,
758 strerror(save_errno));
759 goto KILL_AND_RETURN;
761 /* Come here if there are errors during writing of a command or the message
762 itself. This error will be applied to all the addresses. */
766 addrlist->transport_return = PANIC;
767 addrlist->basic_errno = errno;
768 if (errno == ERRNO_CHHEADER_FAIL)
770 string_sprintf("Failed to expand headers_add or headers_remove: %s",
771 expand_string_message);
772 else if (errno == ERRNO_FILTER_FAIL)
773 addrlist->message = US"Filter process failure";
774 else if (errno == ERRNO_WRITEINCOMPLETE)
775 addrlist->message = US"Failed repeatedly to write data";
776 else if (errno == ERRNO_SMTPFORMAT)
777 addrlist->message = US"overlong LMTP command generated";
779 addrlist->message = string_sprintf("Error %d", errno);
781 /* Come here after errors. Kill off the process. */
785 if (pid > 0) killpg(pid, SIGKILL);
787 /* Come here from all paths after the subprocess is created. Wait for the
788 process, but with a timeout. */
792 (void)child_close(pid, timeout);
794 if (fd_in >= 0) (void)close(fd_in);
795 if (fd_out >= 0) (void)fclose(out);
798 debug_printf("%s transport yields %d\n", trname, yield);
805 debug_printf("*** delivery by %s transport bypassed by -N option",
807 addrlist->transport_return = OK;
811 #endif /*!MACRO_PREDEF*/
812 #endif /*TRANSPORT_LMTP*/
813 /* End of transport/lmtp.c */