1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_OK 256
15 /* Options specific to the lmtp transport. They must be in alphabetic
16 order (note that "_" comes before the lower case letters). Those starting
17 with "*" are not settable by the user but are used by the option-reading
18 software for alternative value types. Some options are stored in the transport
19 instance block so as to be publicly visible; these are flagged with opt_public.
22 optionlist lmtp_transport_options[] = {
23 { "batch_id", opt_stringptr | opt_public,
24 (void *)offsetof(transport_instance, batch_id) },
25 { "batch_max", opt_int | opt_public,
26 (void *)offsetof(transport_instance, batch_max) },
27 { "command", opt_stringptr,
28 (void *)offsetof(lmtp_transport_options_block, cmd) },
29 { "ignore_quota", opt_bool,
30 (void *)offsetof(lmtp_transport_options_block, ignore_quota) },
31 { "socket", opt_stringptr,
32 (void *)offsetof(lmtp_transport_options_block, skt) },
33 { "timeout", opt_time,
34 (void *)offsetof(lmtp_transport_options_block, timeout) }
37 /* Size of the options list. An extern variable has to be used so that its
38 address can appear in the tables drtables.c. */
40 int lmtp_transport_options_count =
41 sizeof(lmtp_transport_options)/sizeof(optionlist);
47 lmtp_transport_options_block lmtp_transport_option_defaults = {0};
48 void lmtp_transport_init(transport_instance *tblock) {}
49 BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
51 #else /*!MACRO_PREDEF*/
54 /* Default private options block for the lmtp transport. */
56 lmtp_transport_options_block lmtp_transport_option_defaults = {
61 FALSE /* ignore_quota */
66 /*************************************************
67 * Initialization entry point *
68 *************************************************/
70 /* Called for each instance, after its options have been read, to
71 enable consistency checks to be done, or anything else that needs
75 lmtp_transport_init(transport_instance *tblock)
77 lmtp_transport_options_block *ob =
78 (lmtp_transport_options_block *)(tblock->options_block);
80 /* Either the command field or the socket field must be set */
82 if ((ob->cmd == NULL) == (ob->skt == NULL))
83 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
84 "one (and only one) of command or socket must be set for the %s transport",
87 /* If a fixed uid field is set, then a gid field must also be set. */
89 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
90 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
91 "user set without group for the %s transport", tblock->name);
93 /* Set up the bitwise options for transport_write_message from the various
94 driver options. Only one of body_only and headers_only can be set. */
97 (tblock->body_only? topt_no_headers : 0) |
98 (tblock->headers_only? topt_no_body : 0) |
99 (tblock->return_path_add? topt_add_return_path : 0) |
100 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
101 (tblock->envelope_to_add? topt_add_envelope_to : 0) |
102 topt_use_crlf | topt_end_dot;
106 /*************************************************
107 * Check an LMTP response *
108 *************************************************/
110 /* This function is given an errno code and the LMTP response buffer to
111 analyse. It sets an appropriate message and puts the first digit of the
112 response code into the yield variable. If no response was actually read, a
113 suitable digit is chosen.
116 errno_value pointer to the errno value
117 more_errno from the top address for use with ERRNO_FILTER_FAIL
118 buffer the LMTP response buffer
119 yield where to put a one-digit LMTP response code
120 message where to put an error message
122 Returns: TRUE if a "QUIT" command should be sent, else FALSE
126 check_response(int *errno_value, int more_errno, uschar *buffer,
127 int *yield, uschar **message)
129 *yield = '4'; /* Default setting is to give a temporary error */
131 /* Handle response timeout */
133 if (*errno_value == ETIMEDOUT)
135 *message = string_sprintf("LMTP timeout after %s", big_buffer);
136 if (transport_count > 0)
137 *message = string_sprintf("%s (%d bytes written)", *message,
143 /* Handle malformed LMTP response */
145 if (*errno_value == ERRNO_SMTPFORMAT)
147 *message = string_sprintf("Malformed LMTP response after %s: %s",
148 big_buffer, string_printing(buffer));
152 /* Handle a failed filter process error; can't send QUIT as we mustn't
155 if (*errno_value == ERRNO_FILTER_FAIL)
157 *message = string_sprintf("transport filter process failed (%d)%s",
159 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
163 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
166 if (*errno_value == ERRNO_CHHEADER_FAIL)
169 string_sprintf("failed to expand headers_add or headers_remove: %s",
170 expand_string_message);
174 /* Handle failure to write a complete data block */
176 if (*errno_value == ERRNO_WRITEINCOMPLETE)
178 *message = string_sprintf("failed to write a data block");
182 /* Handle error responses from the remote process. */
186 const uschar *s = string_printing(buffer);
187 *message = string_sprintf("LMTP error after %s: %s", big_buffer, s);
192 /* No data was read. If there is no errno, this must be the EOF (i.e.
193 connection closed) case, which causes deferral. Otherwise, leave the errno
194 value to be interpreted. In all cases, we have to assume the connection is now
197 if (*errno_value == 0)
199 *errno_value = ERRNO_SMTPCLOSED;
200 *message = string_sprintf("LMTP connection closed after %s", big_buffer);
208 /*************************************************
209 * Write LMTP command *
210 *************************************************/
212 /* The formatted command is left in big_buffer so that it can be reflected in
216 fd the fd to write to
217 format a format, starting with one of
218 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
219 ... data for the format
221 Returns: TRUE if successful, FALSE if not, with errno set
225 lmtp_write_command(int fd, const char *format, ...)
227 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
231 va_start(ap, format);
232 if (!string_vformat(&gs, FALSE, CS format, ap))
235 errno = ERRNO_SMTPFORMAT;
239 DEBUG(D_transport|D_v) debug_printf(" LMTP>> %s", string_from_gstring(&gs));
240 rc = write(fd, gs.s, gs.ptr);
241 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */
242 if (rc > 0) return TRUE;
243 DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno));
250 /*************************************************
251 * Read LMTP response *
252 *************************************************/
254 /* This function reads an LMTP response with a timeout, and returns the
255 response in the given buffer. It also analyzes the first digit of the reply
256 code and returns FALSE if it is not acceptable.
258 FALSE is also returned after a reading error. In this case buffer[0] will be
259 zero, and the error code will be in errno.
262 f a file to read from
263 buffer where to put the response
264 size the size of the buffer
265 okdigit the expected first digit of the response
266 timeout the timeout to use
268 Returns: TRUE if a valid, non-error response was received; else FALSE
272 lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout)
275 uschar *ptr = buffer;
276 uschar *readptr = buffer;
278 /* Ensure errno starts out zero */
282 /* Loop for handling LMTP responses that do not all come in one line. */
286 /* If buffer is too full, something has gone wrong. */
291 errno = ERRNO_SMTPFORMAT;
295 /* Loop to cover the read getting interrupted. */
302 *readptr = 0; /* In case nothing gets read */
303 sigalrm_seen = FALSE;
305 rc = Ufgets(readptr, size-1, f);
310 if (rc != NULL) break; /* A line has been read */
312 /* Handle timeout; must do this first because it uses EINTR */
314 if (sigalrm_seen) errno = ETIMEDOUT;
316 /* If some other interrupt arrived, just retry. We presume this to be rare,
317 but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes
320 else if (errno == EINTR)
322 DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n");
326 /* Handle other errors, including EOF; ensure buffer is completely empty. */
332 /* Adjust size in case we have to read another line, and adjust the
333 count to be the length of the line we are about to inspect. */
335 count = Ustrlen(readptr);
337 count += readptr - ptr;
339 /* See if the final two characters in the buffer are \r\n. If not, we
340 have to read some more. At least, that is what we should do on a strict
341 interpretation of the RFC. But accept LF as well, as we do for SMTP. */
343 if (ptr[count-1] != '\n')
348 debug_printf("LMTP input line incomplete in one buffer:\n ");
349 for (i = 0; i < count; i++)
352 if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c);
356 readptr = ptr + count;
360 /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF
361 etc. at the end. Show it, if debugging, formatting multi-line responses. */
363 while (count > 0 && isspace(ptr[count-1])) count--;
366 DEBUG(D_transport|D_v)
372 while (*t != 0 && *t != '\n') t++;
373 debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ",
380 /* Check the format of the response: it must start with three digits; if
381 these are followed by a space or end of line, the response is complete. If
382 they are followed by '-' this is a multi-line response and we must look for
383 another line until the final line is reached. The only use made of multi-line
384 responses is to pass them back as error messages. We therefore just
385 concatenate them all within the buffer, which should be large enough to
386 accept any reasonable number of lines. A multiline response may already
387 have been read in one go - hence the loop here. */
396 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
398 errno = ERRNO_SMTPFORMAT; /* format error */
402 /* If a single-line response, exit the loop */
404 if (ptr[3] != '-') break;
406 /* For a multi-line response see if the next line is already read, and if
407 so, stay in this loop to check it. */
418 if (*p == 0) break; /* No more lines to check */
421 /* End of response. If the last of the lines we are looking at is the final
422 line, we are done. Otherwise more data has to be read. */
424 if (ptr[3] != '-') break;
426 /* Move the reading pointer upwards in the buffer and insert \n in case this
427 is an error message that subsequently gets printed. Set the scanning pointer
428 to the reading pointer position. */
436 /* Return a value that depends on the LMTP return code. Ensure that errno is
437 zero, because the caller of this function looks at errno when FALSE is
438 returned, to distinguish between an unexpected return code and other errors
439 such as timeouts, lost connections, etc. */
442 return buffer[0] == okdigit;
450 /*************************************************
452 *************************************************/
454 /* See local README for interface details. For setup-errors, this transport
455 returns FALSE, indicating that the first address has the status for all; in
456 normal cases it returns TRUE, indicating that each address has its own status
460 lmtp_transport_entry(
461 transport_instance *tblock, /* data for this instantiation */
462 address_item *addrlist) /* address(es) we are working on */
466 lmtp_transport_options_block *ob =
467 (lmtp_transport_options_block *)(tblock->options_block);
468 struct sockaddr_un sockun; /* don't call this "sun" ! */
469 int timeout = ob->timeout;
470 int fd_in = -1, fd_out = -1;
471 int code, save_errno;
475 uschar *igquotstr = US"";
476 uschar *sockname = NULL;
480 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
482 /* Initialization ensures that either a command or a socket is specified, but
483 not both. When a command is specified, call the common function for creating an
484 argument list and expanding the items. */
488 DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
489 sprintf(CS buffer, "%.50s transport", tblock->name);
490 if (!transport_set_up_command(&argv, ob->cmd, TRUE, PANIC, addrlist, buffer,
494 /* If the -N option is set, can't do any more. Presume all has gone well. */
498 /* As this is a local transport, we are already running with the required
499 uid/gid and current directory. Request that the new process be a process group
500 leader, so we can kill it and all its children on an error. */
502 if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE)) < 0)
504 addrlist->message = string_sprintf(
505 "Failed to create child process for %s transport: %s", tblock->name,
511 /* When a socket is specified, expand the string and create a socket. */
515 DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt);
516 sockname = expand_string(ob->skt);
517 if (sockname == NULL)
519 addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting "
520 "for %s transport) failed: %s", ob->skt, tblock->name,
521 expand_string_message);
524 if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
526 addrlist->message = string_sprintf(
527 "Failed to create socket %s for %s transport: %s",
528 ob->skt, tblock->name, strerror(errno));
532 /* If the -N option is set, can't do any more. Presume all has gone well. */
536 sockun.sun_family = AF_UNIX;
537 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname);
538 if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
540 addrlist->message = string_sprintf(
541 "Failed to connect to socket %s for %s transport: %s",
542 sockun.sun_path, tblock->name, strerror(errno));
548 /* Make the output we are going to read into a file. */
550 out = fdopen(fd_out, "rb");
552 /* Now we must implement the LMTP protocol. It is like SMTP, except that after
553 the end of the message, a return code for every accepted RCPT TO is sent. This
554 allows for message+recipient checks after the message has been received. */
556 /* First thing is to wait for an initial greeting. */
558 Ustrcpy(big_buffer, "initial connection");
559 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2',
560 timeout)) goto RESPONSE_FAILED;
562 /* Next, we send a LHLO command, and expect a positive response */
564 if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO",
565 primary_hostname)) goto WRITE_FAILED;
567 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2',
568 timeout)) goto RESPONSE_FAILED;
570 /* If the ignore_quota option is set, note whether the server supports the
571 IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */
573 if (ob->ignore_quota)
574 igquotstr = (pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer,
575 Ustrlen(CS buffer), 0, PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
577 /* Now the envelope sender */
579 if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path))
582 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
584 if (errno == 0 && buffer[0] == '4')
586 errno = ERRNO_MAIL4XX;
587 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
589 goto RESPONSE_FAILED;
592 /* Next, we hand over all the recipients. Some may be permanently or
593 temporarily rejected; others may be accepted, for now. */
596 for (addr = addrlist; addr != NULL; addr = addr->next)
598 if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n",
599 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr))
601 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
604 addr->transport_return = PENDING_OK;
608 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
609 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
610 string_printing(buffer));
611 setflag(addr, af_pass_message); /* Allow message to go to user */
612 if (buffer[0] == '5') addr->transport_return = FAIL; else
614 addr->basic_errno = ERRNO_RCPT4XX;
615 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
620 /* Now send the text of the message if there were any good recipients. */
625 transport_ctx tctx = {
633 if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED;
634 if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout))
636 if (errno == 0 && buffer[0] == '4')
638 errno = ERRNO_DATA4XX;
639 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
641 goto RESPONSE_FAILED;
644 sigalrm_seen = FALSE;
645 transport_write_timeout = timeout;
646 Ustrcpy(big_buffer, "sending data block"); /* For error messages */
647 DEBUG(D_transport|D_v)
648 debug_printf(" LMTP>> writing message and terminating \".\"\n");
651 ok = transport_write_message(&tctx, 0);
653 /* Failure can either be some kind of I/O disaster (including timeout),
654 or the failure of a transport filter or the expansion of added headers. */
658 buffer[0] = 0; /* There hasn't been a response */
659 goto RESPONSE_FAILED;
662 Ustrcpy(big_buffer, "end of data"); /* For error messages */
664 /* We now expect a response for every address that was accepted above,
665 in the same order. For those that get a response, their status is fixed;
666 any that are accepted have been handed over, even if later responses crash -
667 at least, that's how I read RFC 2033. */
669 for (addr = addrlist; addr != NULL; addr = addr->next)
671 if (addr->transport_return != PENDING_OK) continue;
673 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
675 addr->transport_return = OK;
676 if (LOGGING(smtp_confirmation))
678 const uschar *s = string_printing(buffer);
679 /* de-const safe here as string_printing known to have alloc'n'copied */
680 addr->message = (s == buffer)? US string_copy(s) : US s;
683 /* If the response has failed badly, use it for all the remaining pending
684 addresses and give up. */
686 else if (errno != 0 || buffer[0] == 0)
690 check_response(&save_errno, addr->more_errno, buffer, &code,
692 addr->transport_return = (code == '5')? FAIL : DEFER;
693 for (a = addr->next; a != NULL; a = a->next)
695 if (a->transport_return != PENDING_OK) continue;
696 a->basic_errno = addr->basic_errno;
697 a->message = addr->message;
698 a->transport_return = addr->transport_return;
703 /* Otherwise, it's an LMTP error code return for one address */
707 if (buffer[0] == '4')
709 addr->basic_errno = ERRNO_DATA4XX;
710 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
712 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
713 string_printing(buffer));
714 addr->transport_return = (buffer[0] == '5')? FAIL : DEFER;
715 setflag(addr, af_pass_message); /* Allow message to go to user */
720 /* The message transaction has completed successfully - this doesn't mean that
721 all the addresses have necessarily been transferred, but each has its status
722 set, so we change the yield to TRUE. */
725 (void) lmtp_write_command(fd_in, "QUIT\r\n");
726 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
731 /* Come here if any call to read_response, other than a response after the data
732 phase, failed. Put the error in the top address - this will be replicated
733 because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be
734 a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT
735 command. Wait for the response with a short timeout, so we don't wind up this
736 process before the far end has had time to read the QUIT. */
741 if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno;
742 addrlist->message = NULL;
744 if (check_response(&save_errno, addrlist->more_errno,
745 buffer, &code, &(addrlist->message)))
747 (void) lmtp_write_command(fd_in, "QUIT\r\n");
748 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
751 addrlist->transport_return = (code == '5')? FAIL : DEFER;
752 if (code == '4' && save_errno > 0)
753 addrlist->message = string_sprintf("%s: %s", addrlist->message,
754 strerror(save_errno));
755 goto KILL_AND_RETURN;
757 /* Come here if there are errors during writing of a command or the message
758 itself. This error will be applied to all the addresses. */
762 addrlist->transport_return = PANIC;
763 addrlist->basic_errno = errno;
764 if (errno == ERRNO_CHHEADER_FAIL)
766 string_sprintf("Failed to expand headers_add or headers_remove: %s",
767 expand_string_message);
768 else if (errno == ERRNO_FILTER_FAIL)
769 addrlist->message = string_sprintf("Filter process failure");
770 else if (errno == ERRNO_WRITEINCOMPLETE)
771 addrlist->message = string_sprintf("Failed repeatedly to write data");
772 else if (errno == ERRNO_SMTPFORMAT)
773 addrlist->message = US"overlong LMTP command generated";
775 addrlist->message = string_sprintf("Error %d", errno);
777 /* Come here after errors. Kill off the process. */
781 if (pid > 0) killpg(pid, SIGKILL);
783 /* Come here from all paths after the subprocess is created. Wait for the
784 process, but with a timeout. */
788 (void)child_close(pid, timeout);
790 if (fd_in >= 0) (void)close(fd_in);
791 if (fd_out >= 0) (void)fclose(out);
794 debug_printf("%s transport yields %d\n", tblock->name, yield);
801 debug_printf("*** delivery by %s transport bypassed by -N option",
803 addrlist->transport_return = OK;
807 #endif /*!MACRO_PREDEF*/
808 /* End of transport/lmtp.c */