1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
13 #define PENDING_OK 256
16 /* Options specific to the lmtp transport. They must be in alphabetic
17 order (note that "_" comes before the lower case letters). Those starting
18 with "*" are not settable by the user but are used by the option-reading
19 software for alternative value types. Some options are stored in the transport
20 instance block so as to be publicly visible; these are flagged with opt_public.
23 optionlist lmtp_transport_options[] = {
24 { "batch_id", opt_stringptr | opt_public,
25 OPT_OFF(transport_instance, batch_id) },
26 { "batch_max", opt_int | opt_public,
27 OPT_OFF(transport_instance, batch_max) },
28 { "command", opt_stringptr,
29 OPT_OFF(lmtp_transport_options_block, cmd) },
30 { "ignore_quota", opt_bool,
31 OPT_OFF(lmtp_transport_options_block, ignore_quota) },
32 { "socket", opt_stringptr,
33 OPT_OFF(lmtp_transport_options_block, skt) },
34 { "timeout", opt_time,
35 OPT_OFF(lmtp_transport_options_block, timeout) }
38 /* Size of the options list. An extern variable has to be used so that its
39 address can appear in the tables drtables.c. */
41 int lmtp_transport_options_count =
42 sizeof(lmtp_transport_options)/sizeof(optionlist);
48 lmtp_transport_options_block lmtp_transport_option_defaults = {0};
49 void lmtp_transport_init(transport_instance *tblock) {}
50 BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
52 #else /*!MACRO_PREDEF*/
55 /* Default private options block for the lmtp transport. */
57 lmtp_transport_options_block lmtp_transport_option_defaults = {
62 FALSE /* ignore_quota */
67 /*************************************************
68 * Initialization entry point *
69 *************************************************/
71 /* Called for each instance, after its options have been read, to
72 enable consistency checks to be done, or anything else that needs
76 lmtp_transport_init(transport_instance *tblock)
78 lmtp_transport_options_block *ob =
79 (lmtp_transport_options_block *)(tblock->options_block);
81 /* Either the command field or the socket field must be set */
83 if ((ob->cmd == NULL) == (ob->skt == NULL))
84 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
85 "one (and only one) of command or socket must be set for the %s transport",
88 /* If a fixed uid field is set, then a gid field must also be set. */
90 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
91 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
92 "user set without group for the %s transport", tblock->name);
94 /* Set up the bitwise options for transport_write_message from the various
95 driver options. Only one of body_only and headers_only can be set. */
98 (tblock->body_only? topt_no_headers : 0) |
99 (tblock->headers_only? topt_no_body : 0) |
100 (tblock->return_path_add? topt_add_return_path : 0) |
101 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
102 (tblock->envelope_to_add? topt_add_envelope_to : 0) |
103 topt_use_crlf | topt_end_dot;
107 /*************************************************
108 * Check an LMTP response *
109 *************************************************/
111 /* This function is given an errno code and the LMTP response buffer to
112 analyse. It sets an appropriate message and puts the first digit of the
113 response code into the yield variable. If no response was actually read, a
114 suitable digit is chosen.
117 errno_value pointer to the errno value
118 more_errno from the top address for use with ERRNO_FILTER_FAIL
119 buffer the LMTP response buffer
120 yield where to put a one-digit LMTP response code
121 message where to put an error message
123 Returns: TRUE if a "QUIT" command should be sent, else FALSE
127 check_response(int *errno_value, int more_errno, uschar *buffer,
128 int *yield, uschar **message)
130 *yield = '4'; /* Default setting is to give a temporary error */
132 /* Handle response timeout */
134 if (*errno_value == ETIMEDOUT)
136 *message = string_sprintf("LMTP timeout after %s", big_buffer);
137 if (transport_count > 0)
138 *message = string_sprintf("%s (%d bytes written)", *message,
144 /* Handle malformed LMTP response */
146 if (*errno_value == ERRNO_SMTPFORMAT)
148 *message = string_sprintf("Malformed LMTP response after %s: %s",
149 big_buffer, string_printing(buffer));
153 /* Handle a failed filter process error; can't send QUIT as we mustn't
156 if (*errno_value == ERRNO_FILTER_FAIL)
158 *message = string_sprintf("transport filter process failed (%d)%s",
160 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
164 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
167 if (*errno_value == ERRNO_CHHEADER_FAIL)
170 string_sprintf("failed to expand headers_add or headers_remove: %s",
171 expand_string_message);
175 /* Handle failure to write a complete data block */
177 if (*errno_value == ERRNO_WRITEINCOMPLETE)
179 *message = US"failed to write a data block";
183 /* Handle error responses from the remote process. */
187 const uschar *s = string_printing(buffer);
188 *message = string_sprintf("LMTP error after %s: %s", big_buffer, s);
193 /* No data was read. If there is no errno, this must be the EOF (i.e.
194 connection closed) case, which causes deferral. Otherwise, leave the errno
195 value to be interpreted. In all cases, we have to assume the connection is now
198 if (*errno_value == 0)
200 *errno_value = ERRNO_SMTPCLOSED;
201 *message = string_sprintf("LMTP connection closed after %s", big_buffer);
209 /*************************************************
210 * Write LMTP command *
211 *************************************************/
213 /* The formatted command is left in big_buffer so that it can be reflected in
217 fd the fd to write to
218 format a format, starting with one of
219 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
220 ... data for the format
222 Returns: TRUE if successful, FALSE if not, with errno set
226 lmtp_write_command(int fd, const char *format, ...)
228 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
232 /*XXX see comment in smtp_write_command() regarding leaving stuff in
235 va_start(ap, format);
236 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
239 errno = ERRNO_SMTPFORMAT;
243 DEBUG(D_transport|D_v) debug_printf(" LMTP>> %s", string_from_gstring(&gs));
244 rc = write(fd, gs.s, gs.ptr);
245 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */
246 if (rc > 0) return TRUE;
247 DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno));
254 /*************************************************
255 * Read LMTP response *
256 *************************************************/
258 /* This function reads an LMTP response with a timeout, and returns the
259 response in the given buffer. It also analyzes the first digit of the reply
260 code and returns FALSE if it is not acceptable.
262 FALSE is also returned after a reading error. In this case buffer[0] will be
263 zero, and the error code will be in errno.
266 f a file to read from
267 buffer where to put the response
268 size the size of the buffer
269 okdigit the expected first digit of the response
270 timeout the timeout to use
272 Returns: TRUE if a valid, non-error response was received; else FALSE
276 lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout)
279 uschar *ptr = buffer;
280 uschar *readptr = buffer;
282 /* Ensure errno starts out zero */
286 /* Loop for handling LMTP responses that do not all come in one line. */
290 /* If buffer is too full, something has gone wrong. */
295 errno = ERRNO_SMTPFORMAT;
299 /* Loop to cover the read getting interrupted. */
306 *readptr = 0; /* In case nothing gets read */
307 sigalrm_seen = FALSE;
309 rc = Ufgets(readptr, size-1, f);
314 if (rc != NULL) break; /* A line has been read */
316 /* Handle timeout; must do this first because it uses EINTR */
318 if (sigalrm_seen) errno = ETIMEDOUT;
320 /* If some other interrupt arrived, just retry. We presume this to be rare,
321 but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes
324 else if (errno == EINTR)
326 DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n");
330 /* Handle other errors, including EOF; ensure buffer is completely empty. */
336 /* Adjust size in case we have to read another line, and adjust the
337 count to be the length of the line we are about to inspect. */
339 count = Ustrlen(readptr);
341 count += readptr - ptr;
343 /* See if the final two characters in the buffer are \r\n. If not, we
344 have to read some more. At least, that is what we should do on a strict
345 interpretation of the RFC. But accept LF as well, as we do for SMTP. */
347 if (ptr[count-1] != '\n')
351 debug_printf("LMTP input line incomplete in one buffer:\n ");
352 for (int i = 0; i < count; i++)
355 if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c);
359 readptr = ptr + count;
363 /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF
364 etc. at the end. Show it, if debugging, formatting multi-line responses. */
366 while (count > 0 && isspace(ptr[count-1])) count--;
369 DEBUG(D_transport|D_v)
375 while (*t != 0 && *t != '\n') t++;
376 debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ",
383 /* Check the format of the response: it must start with three digits; if
384 these are followed by a space or end of line, the response is complete. If
385 they are followed by '-' this is a multi-line response and we must look for
386 another line until the final line is reached. The only use made of multi-line
387 responses is to pass them back as error messages. We therefore just
388 concatenate them all within the buffer, which should be large enough to
389 accept any reasonable number of lines. A multiline response may already
390 have been read in one go - hence the loop here. */
399 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
401 errno = ERRNO_SMTPFORMAT; /* format error */
405 /* If a single-line response, exit the loop */
407 if (ptr[3] != '-') break;
409 /* For a multi-line response see if the next line is already read, and if
410 so, stay in this loop to check it. */
421 if (*p == 0) break; /* No more lines to check */
424 /* End of response. If the last of the lines we are looking at is the final
425 line, we are done. Otherwise more data has to be read. */
427 if (ptr[3] != '-') break;
429 /* Move the reading pointer upwards in the buffer and insert \n in case this
430 is an error message that subsequently gets printed. Set the scanning pointer
431 to the reading pointer position. */
439 /* Return a value that depends on the LMTP return code. Ensure that errno is
440 zero, because the caller of this function looks at errno when FALSE is
441 returned, to distinguish between an unexpected return code and other errors
442 such as timeouts, lost connections, etc. */
445 return buffer[0] == okdigit;
453 /*************************************************
455 *************************************************/
457 /* See local README for interface details. For setup-errors, this transport
458 returns FALSE, indicating that the first address has the status for all; in
459 normal cases it returns TRUE, indicating that each address has its own status
463 lmtp_transport_entry(
464 transport_instance *tblock, /* data for this instantiation */
465 address_item *addrlist) /* address(es) we are working on */
469 lmtp_transport_options_block *ob =
470 (lmtp_transport_options_block *)(tblock->options_block);
471 struct sockaddr_un sockun; /* don't call this "sun" ! */
472 int timeout = ob->timeout;
473 int fd_in = -1, fd_out = -1;
474 int code, save_errno;
477 uschar *igquotstr = US"";
478 uschar *sockname = NULL;
482 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
484 /* Initialization ensures that either a command or a socket is specified, but
485 not both. When a command is specified, call the common function for creating an
486 argument list and expanding the items. */
490 DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
491 sprintf(CS buffer, "%.50s transport", tblock->name);
492 if (!transport_set_up_command(&argv, ob->cmd, TRUE, PANIC, addrlist, buffer,
496 /* If the -N option is set, can't do any more. Presume all has gone well. */
500 /* As this is a local transport, we are already running with the required
501 uid/gid and current directory. Request that the new process be a process group
502 leader, so we can kill it and all its children on an error. */
504 if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE,
505 US"lmtp-tpt-cmd")) < 0)
507 addrlist->message = string_sprintf(
508 "Failed to create child process for %s transport: %s", tblock->name,
514 /* When a socket is specified, expand the string and create a socket. */
518 DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt);
519 if (!(sockname = expand_string(ob->skt)))
521 addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting "
522 "for %s transport) failed: %s", ob->skt, tblock->name,
523 expand_string_message);
526 if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
528 addrlist->message = string_sprintf(
529 "Failed to create socket %s for %s transport: %s",
530 ob->skt, tblock->name, strerror(errno));
534 /* If the -N option is set, can't do any more. Presume all has gone well. */
538 sockun.sun_family = AF_UNIX;
539 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname);
540 if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
542 addrlist->message = string_sprintf(
543 "Failed to connect to socket %s for %s transport: %s",
544 sockun.sun_path, tblock->name, strerror(errno));
550 /* Make the output we are going to read into a file. */
552 out = fdopen(fd_out, "rb");
554 /* Now we must implement the LMTP protocol. It is like SMTP, except that after
555 the end of the message, a return code for every accepted RCPT TO is sent. This
556 allows for message+recipient checks after the message has been received. */
558 /* First thing is to wait for an initial greeting. */
560 Ustrcpy(big_buffer, US"initial connection");
561 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
562 goto RESPONSE_FAILED;
564 /* Next, we send a LHLO command, and expect a positive response */
566 if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO", primary_hostname))
569 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
570 goto RESPONSE_FAILED;
572 /* If the ignore_quota option is set, note whether the server supports the
573 IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */
575 if (ob->ignore_quota)
576 igquotstr = regex_match(regex_IGNOREQUOTA, buffer, -1, NULL)
577 ? US" IGNOREQUOTA" : US"";
579 /* Now the envelope sender */
581 if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path))
584 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
586 if (errno == 0 && buffer[0] == '4')
588 errno = ERRNO_MAIL4XX;
589 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
591 goto RESPONSE_FAILED;
594 /* Next, we hand over all the recipients. Some may be permanently or
595 temporarily rejected; others may be accepted, for now. */
598 for (address_item * addr = addrlist; addr; addr = addr->next)
600 if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n",
601 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr))
603 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
606 addr->transport_return = PENDING_OK;
610 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
611 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
612 string_printing(buffer));
613 setflag(addr, af_pass_message); /* Allow message to go to user */
614 if (buffer[0] == '5') addr->transport_return = FAIL; else
616 addr->basic_errno = ERRNO_RCPT4XX;
617 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
622 /* Now send the text of the message if there were any good recipients. */
627 transport_ctx tctx = {
635 if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED;
636 if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout))
638 if (errno == 0 && buffer[0] == '4')
640 errno = ERRNO_DATA4XX;
641 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
643 goto RESPONSE_FAILED;
646 sigalrm_seen = FALSE;
647 transport_write_timeout = timeout;
648 Ustrcpy(big_buffer, US"sending data block"); /* For error messages */
649 DEBUG(D_transport|D_v)
650 debug_printf(" LMTP>> writing message and terminating \".\"\n");
653 ok = transport_write_message(&tctx, 0);
655 /* Failure can either be some kind of I/O disaster (including timeout),
656 or the failure of a transport filter or the expansion of added headers. */
660 buffer[0] = 0; /* There hasn't been a response */
661 goto RESPONSE_FAILED;
664 Ustrcpy(big_buffer, US"end of data"); /* For error messages */
666 /* We now expect a response for every address that was accepted above,
667 in the same order. For those that get a response, their status is fixed;
668 any that are accepted have been handed over, even if later responses crash -
669 at least, that's how I read RFC 2033. */
671 for (address_item * addr = addrlist; addr; addr = addr->next)
673 if (addr->transport_return != PENDING_OK) continue;
675 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
677 addr->transport_return = OK;
678 if (LOGGING(smtp_confirmation))
680 const uschar *s = string_printing(buffer);
681 /* de-const safe here as string_printing known to have alloc'n'copied */
682 addr->message = (s == buffer)? US string_copy(s) : US s;
685 /* If the response has failed badly, use it for all the remaining pending
686 addresses and give up. */
688 else if (errno != 0 || buffer[0] == 0)
691 check_response(&save_errno, addr->more_errno, buffer, &code,
693 addr->transport_return = (code == '5')? FAIL : DEFER;
694 for (address_item * a = addr->next; a; a = a->next)
696 if (a->transport_return != PENDING_OK) continue;
697 a->basic_errno = addr->basic_errno;
698 a->message = addr->message;
699 a->transport_return = addr->transport_return;
704 /* Otherwise, it's an LMTP error code return for one address */
708 if (buffer[0] == '4')
710 addr->basic_errno = ERRNO_DATA4XX;
711 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
713 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
714 string_printing(buffer));
715 addr->transport_return = (buffer[0] == '5')? FAIL : DEFER;
716 setflag(addr, af_pass_message); /* Allow message to go to user */
721 /* The message transaction has completed successfully - this doesn't mean that
722 all the addresses have necessarily been transferred, but each has its status
723 set, so we change the yield to TRUE. */
726 (void) lmtp_write_command(fd_in, "QUIT\r\n");
727 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
732 /* Come here if any call to read_response, other than a response after the data
733 phase, failed. Put the error in the top address - this will be replicated
734 because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be
735 a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT
736 command. Wait for the response with a short timeout, so we don't wind up this
737 process before the far end has had time to read the QUIT. */
742 if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno;
743 addrlist->message = NULL;
745 if (check_response(&save_errno, addrlist->more_errno,
746 buffer, &code, &(addrlist->message)))
748 (void) lmtp_write_command(fd_in, "QUIT\r\n");
749 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
752 addrlist->transport_return = (code == '5')? FAIL : DEFER;
753 if (code == '4' && save_errno > 0)
754 addrlist->message = string_sprintf("%s: %s", addrlist->message,
755 strerror(save_errno));
756 goto KILL_AND_RETURN;
758 /* Come here if there are errors during writing of a command or the message
759 itself. This error will be applied to all the addresses. */
763 addrlist->transport_return = PANIC;
764 addrlist->basic_errno = errno;
765 if (errno == ERRNO_CHHEADER_FAIL)
767 string_sprintf("Failed to expand headers_add or headers_remove: %s",
768 expand_string_message);
769 else if (errno == ERRNO_FILTER_FAIL)
770 addrlist->message = US"Filter process failure";
771 else if (errno == ERRNO_WRITEINCOMPLETE)
772 addrlist->message = US"Failed repeatedly to write data";
773 else if (errno == ERRNO_SMTPFORMAT)
774 addrlist->message = US"overlong LMTP command generated";
776 addrlist->message = string_sprintf("Error %d", errno);
778 /* Come here after errors. Kill off the process. */
782 if (pid > 0) killpg(pid, SIGKILL);
784 /* Come here from all paths after the subprocess is created. Wait for the
785 process, but with a timeout. */
789 (void)child_close(pid, timeout);
791 if (fd_in >= 0) (void)close(fd_in);
792 if (fd_out >= 0) (void)fclose(out);
795 debug_printf("%s transport yields %d\n", tblock->name, yield);
802 debug_printf("*** delivery by %s transport bypassed by -N option",
804 addrlist->transport_return = OK;
808 #endif /*!MACRO_PREDEF*/
809 /* End of transport/lmtp.c */
git://git.exim.org / exim.git / blob