1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
9 /* Code for mail filtering functions. */
14 /* Command arguments and left/right points in conditions can contain different
15 types of data, depending on the particular command or condition. Originally,
16 (void *) was used as "any old type", with casts, but this gives trouble and
17 warnings in some environments. So now it is done "properly", with a union. We
18 need to declare the structures first because some of them are recursive. */
21 struct condition_block;
24 struct string_item *a;
26 struct condition_block *c;
32 /* Local structures used in this module */
34 typedef struct filter_cmd {
35 struct filter_cmd *next;
39 union argtypes args[1];
42 typedef struct condition_block {
43 struct condition_block *parent;
50 /* Miscellaneous other declarations */
52 static uschar **error_pointer;
53 static uschar *log_filename;
54 static int filter_options;
55 static int line_number;
56 static int expect_endif;
57 static int had_else_endif;
60 static int output_indent;
61 static BOOL filter_delivered;
62 static BOOL finish_obeyed;
63 static BOOL seen_force;
64 static BOOL seen_value;
65 static BOOL noerror_force;
67 enum { had_neither, had_else, had_elif, had_endif };
69 static BOOL read_command_list(uschar **, filter_cmd ***, BOOL);
72 /* The string arguments for the mail command. The header line ones (that are
73 permitted to include \n followed by white space) first, and then the body text
74 one (it can have \n anywhere). Then the file names and once_repeat, which may
77 static const char *mailargs[] = { /* "to" must be first, and */
78 "to", /* "cc" and "bcc" must follow */
84 "extra_headers", /* miscellaneous added header lines */
92 /* The count of string arguments */
94 #define MAILARGS_STRING_COUNT (nelem(mailargs))
96 /* The count of string arguments that are actually passed over as strings
97 (once_repeat is converted to an int). */
99 #define mailargs_string_passed (MAILARGS_STRING_COUNT - 1)
101 /* This defines the offsets for the arguments; first the string ones, and
102 then the non-string ones. The order must be as above. */
104 enum { mailarg_index_to,
108 mailarg_index_reply_to,
109 mailarg_index_subject,
110 mailarg_index_headers, /* misc headers must be last */
111 mailarg_index_text, /* text is first after headers */
112 mailarg_index_file, /* between text and expand are filenames */
115 mailarg_index_once_repeat, /* a time string */
116 mailarg_index_expand, /* first non-string argument */
117 mailarg_index_return,
118 mailargs_total /* total number of arguments */
121 /* Offsets in the data structure for the string arguments (note that
122 once_repeat isn't a string argument at this point.) */
124 static int reply_offsets[] = { /* must be in same order as above */
125 offsetof(reply_item, to),
126 offsetof(reply_item, cc),
127 offsetof(reply_item, bcc),
128 offsetof(reply_item, from),
129 offsetof(reply_item, reply_to),
130 offsetof(reply_item, subject),
131 offsetof(reply_item, headers),
132 offsetof(reply_item, text),
133 offsetof(reply_item, file),
134 offsetof(reply_item, logfile),
135 offsetof(reply_item, oncelog),
138 /* Condition identities and names, with negated versions for some
141 enum { cond_and, cond_or, cond_personal, cond_begins, cond_BEGINS,
142 cond_ends, cond_ENDS, cond_is, cond_IS, cond_matches,
143 cond_MATCHES, cond_contains, cond_CONTAINS, cond_delivered,
144 cond_above, cond_below, cond_errormsg, cond_firsttime,
145 cond_manualthaw, cond_foranyaddress };
147 static const char *cond_names[] = {
148 "and", "or", "personal",
149 "begins", "BEGINS", "ends", "ENDS",
150 "is", "IS", "matches", "MATCHES", "contains",
151 "CONTAINS", "delivered", "above", "below", "error_message",
152 "first_delivery", "manually_thawed", "foranyaddress" };
154 static const char *cond_not_names[] = {
155 "", "", "not personal",
156 "does not begin", "does not BEGIN",
157 "does not end", "does not END",
158 "is not", "IS not", "does not match",
159 "does not MATCH", "does not contain", "does not CONTAIN",
160 "not delivered", "not above", "not below", "not error_message",
161 "not first_delivery", "not manually_thawed", "not foranyaddress" };
163 /* Tables of binary condition words and their corresponding types. Not easy
164 to amalgamate with the above because of the different variants. */
166 static const char *cond_words[] = {
188 static int cond_word_count = nelem(cond_words);
190 static int cond_types[] = { cond_BEGINS, cond_BEGINS, cond_CONTAINS,
191 cond_CONTAINS, cond_ENDS, cond_ENDS, cond_IS, cond_MATCHES, cond_MATCHES,
192 cond_above, cond_begins, cond_begins, cond_below, cond_contains,
193 cond_contains, cond_ends, cond_ends, cond_is, cond_matches, cond_matches };
195 /* Command identities: must be kept in step with the list of command words
196 and the list of expanded argument counts which follow. */
198 enum { add_command, defer_command, deliver_command, elif_command, else_command,
199 endif_command, finish_command, fail_command, freeze_command,
200 headers_command, if_command, logfile_command, logwrite_command,
201 mail_command, noerror_command, pipe_command, save_command, seen_command,
202 testprint_command, unseen_command, vacation_command };
204 static const char *command_list[] = {
205 "add", "defer", "deliver", "elif", "else", "endif", "finish",
206 "fail", "freeze", "headers", "if", "logfile", "logwrite", "mail",
207 "noerror", "pipe", "save", "seen", "testprint", "unseen", "vacation"
210 static int command_list_count = nelem(command_list);
212 /* This table contains the number of expanded arguments in the bottom 4 bits.
213 If the top bit is set, it means that the default for the command is "seen". */
215 static uschar command_exparg_count[] = {
229 MAILARGS_STRING_COUNT, /* mail */
236 MAILARGS_STRING_COUNT /* vacation */
241 /*************************************************
242 * Find next significant uschar *
243 *************************************************/
245 /* Function to skip over white space and, optionally, comments.
248 ptr pointer to next character
249 comment_allowed if TRUE, comments (# to \n) are skipped
251 Returns: pointer to next non-whitespace character
255 nextsigchar(uschar *ptr, BOOL comment_allowed)
259 while (isspace(*ptr))
261 if (*ptr == '\n') line_number++;
264 if (comment_allowed && *ptr == '#')
266 while (*(++ptr) != '\n' && *ptr != 0);
276 /*************************************************
278 *************************************************/
280 /* The terminator is white space unless bracket is TRUE, in which
281 case ( and ) terminate.
284 ptr pointer to next character
285 buffer where to put the word
287 bracket if TRUE, terminate on ( and ) as well as space
289 Returns: pointer to the next significant character after the word
293 nextword(uschar *ptr, uschar *buffer, int size, BOOL bracket)
296 while (*ptr != 0 && !isspace(*ptr) &&
297 (!bracket || (*ptr != '(' && *ptr != ')')))
299 if (bp - buffer < size - 1) *bp++ = *ptr++; else
301 *error_pointer = string_sprintf("word is too long in line %d of "
302 "filter file (max = %d chars)", line_number, size);
307 return nextsigchar(ptr, TRUE);
312 /*************************************************
314 *************************************************/
316 /* Might be a word, or might be a quoted string; in the latter case
320 ptr pointer to next character
321 buffer where to put the item
323 bracket if TRUE, terminate non-quoted on ( and ) as well as space
325 Returns: the next significant character after the item
329 nextitem(uschar *ptr, uschar *buffer, int size, BOOL bracket)
332 if (*ptr != '\"') return nextword(ptr, buffer, size, bracket);
334 while (*(++ptr) != 0 && *ptr != '\"' && *ptr != '\n')
336 if (bp - buffer >= size - 1)
338 *error_pointer = string_sprintf("string is too long in line %d of "
339 "filter file (max = %d chars)", line_number, size);
343 if (*ptr != '\\') *bp++ = *ptr; else
345 if (isspace(ptr[1])) /* \<whitespace>NL<whitespace> ignored */
348 while (*p != '\n' && isspace(*p)) p++;
353 while (ptr[1] != '\n' && isspace(ptr[1])) ptr++;
358 *bp++ = string_interpret_escape(CUSS &ptr);
362 if (*ptr == '\"') ptr++;
363 else if (*error_pointer == NULL)
364 *error_pointer = string_sprintf("quote missing at end of string "
365 "in line %d", line_number);
368 return nextsigchar(ptr, TRUE);
374 /*************************************************
375 * Convert a string + K|M to a number *
376 *************************************************/
380 s points to text string
381 OK set TRUE if a valid number was read
383 Returns: the number, or 0 on error (with *OK FALSE)
387 get_number(uschar *s, BOOL *ok)
391 if (sscanf(CS s, "%i%n", &value, &count) != 1) return 0;
392 if (tolower(s[count]) == 'k') { value *= 1024; count++; }
393 if (tolower(s[count]) == 'm') { value *= 1024*1024; count++; }
394 while (isspace((s[count]))) count++;
395 if (s[count] != 0) return 0;
402 /*************************************************
403 * Read one condition *
404 *************************************************/
406 /* A complete condition must be terminated by "then"; bracketed internal
407 conditions must be terminated by a closing bracket. They are read by calling
408 this function recursively.
411 ptr points to start of condition
412 condition_block where to hang the created condition block
413 toplevel TRUE when called at the top level
415 Returns: points to next character after "then"
419 read_condition(uschar *ptr, condition_block **cond, BOOL toplevel)
423 condition_block *current_parent = NULL;
424 condition_block **current = cond;
428 /* Loop to read next condition */
434 /* reaching the end of the input is an error. */
438 *error_pointer = US"\"then\" missing at end of filter file";
442 /* Opening bracket at the start of a condition introduces a nested
443 condition, which must be terminated by a closing bracket. */
447 ptr = read_condition(nextsigchar(ptr+1, TRUE), &c, FALSE);
448 if (*error_pointer != NULL) break;
451 *error_pointer = string_sprintf("expected \")\" in line %d of "
452 "filter file", line_number);
457 c->testfor = !c->testfor;
460 ptr = nextsigchar(ptr+1, TRUE);
464 /* Closing bracket at the start of a condition is an error. Give an
465 explicit message, as otherwise "unknown condition" would be confusing. */
467 else if (*ptr == ')')
469 *error_pointer = string_sprintf("unexpected \")\" in line %d of "
470 "filter file", line_number);
474 /* Otherwise we expect a word or a string. */
478 ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
479 if (*error_pointer != NULL) break;
481 /* "Then" at the start of a condition is an error */
483 if (Ustrcmp(buffer, "then") == 0)
485 *error_pointer = string_sprintf("unexpected \"then\" near line %d of "
486 "filter file", line_number);
490 /* "Not" at the start of a condition negates the testing condition. */
492 if (Ustrcmp(buffer, "not") == 0)
498 /* Build a condition block from the specific word. */
500 c = store_get(sizeof(condition_block), FALSE);
501 c->left.u = c->right.u = NULL;
502 c->testfor = testfor;
505 /* Check for conditions that start with a keyword */
507 if (Ustrcmp(buffer, "delivered") == 0) c->type = cond_delivered;
508 else if (Ustrcmp(buffer, "error_message") == 0) c->type = cond_errormsg;
509 else if (Ustrcmp(buffer, "first_delivery") == 0) c->type = cond_firsttime;
510 else if (Ustrcmp(buffer, "manually_thawed") == 0) c->type = cond_manualthaw;
512 /* Personal can be followed by any number of aliases */
514 else if (Ustrcmp(buffer, "personal") == 0)
516 c->type = cond_personal;
520 uschar *saveptr = ptr;
521 ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);
522 if (*error_pointer) break;
523 if (Ustrcmp(buffer, "alias") != 0)
528 ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
529 if (*error_pointer) break;
530 aa = store_get(sizeof(string_item), FALSE);
531 aa->text = string_copy(buffer);
532 aa->next = c->left.a;
537 /* Foranyaddress must be followed by a string and a condition enclosed
538 in parentheses, which is handled as a subcondition. */
540 else if (Ustrcmp(buffer, "foranyaddress") == 0)
542 ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
543 if (*error_pointer) break;
546 *error_pointer = string_sprintf("\"(\" expected after \"foranyaddress\" "
547 "near line %d of filter file", line_number);
551 c->type = cond_foranyaddress;
552 c->left.u = string_copy(buffer);
554 ptr = read_condition(nextsigchar(ptr+1, TRUE), &(c->right.c), FALSE);
555 if (*error_pointer) break;
558 *error_pointer = string_sprintf("expected \")\" in line %d of "
559 "filter file", line_number);
562 ptr = nextsigchar(ptr+1, TRUE);
565 /* If it's not a word we recognize, then it must be the lefthand
566 operand of one of the comparison words. */
571 uschar *isptr = NULL;
573 c->left.u = string_copy(buffer);
574 ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);
575 if (*error_pointer) break;
577 /* Handle "does|is [not]", preserving the pointer after "is" in
578 case it isn't that, but the form "is <string>". */
580 if (strcmpic(buffer, US"does") == 0 || strcmpic(buffer, US"is") == 0)
582 if (buffer[0] == 'i') { c->type = cond_is; isptr = ptr; }
583 if (buffer[0] == 'I') { c->type = cond_IS; isptr = ptr; }
585 ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);
586 if (*error_pointer) break;
587 if (strcmpic(buffer, US"not") == 0)
589 c->testfor = !c->testfor;
590 if (isptr) isptr = ptr;
591 ptr = nextword(ptr, buffer, sizeof(buffer), TRUE);
592 if (*error_pointer) break;
596 for (i = 0; i < cond_word_count; i++)
598 if (Ustrcmp(buffer, cond_words[i]) == 0)
600 c->type = cond_types[i];
605 /* If an unknown word follows "is" or "is not"
606 it's actually the argument. Reset to read it. */
608 if (i >= cond_word_count)
612 *error_pointer = string_sprintf("unrecognized condition word \"%s\" "
613 "near line %d of filter file", buffer, line_number);
619 /* Get the RH argument. */
621 ptr = nextitem(ptr, buffer, sizeof(buffer), TRUE);
622 if (*error_pointer) break;
623 c->right.u = string_copy(buffer);
627 /* We have read some new condition and set it up in the condition block
628 c; point the current pointer at it, and then deal with what follows. */
632 /* Closing bracket terminates if this is a lower-level condition. Otherwise
638 *error_pointer = string_sprintf("unexpected \")\" in line %d of "
639 "filter file", line_number);
643 /* Opening bracket following a condition is an error; give an explicit
644 message to make it clearer what is wrong. */
646 else if (*ptr == '(')
648 *error_pointer = string_sprintf("unexpected \"(\" in line %d of "
649 "filter file", line_number);
653 /* Otherwise the next thing must be one of the words "and", "or" or "then" */
657 uschar *saveptr = ptr;
658 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
659 if (*error_pointer) break;
661 /* "Then" terminates a toplevel condition; otherwise a closing bracket
662 has been omitted. Put a string terminator at the start of "then" so
663 that reflecting the condition can be done when testing. */
665 if (Ustrcmp(buffer, "then") == 0)
667 if (toplevel) *saveptr = 0;
668 else *error_pointer = string_sprintf("missing \")\" at end of "
669 "condition near line %d of filter file", line_number);
673 /* "And" causes a new condition block to replace the one we have
674 just read, which becomes the left sub-condition. The current pointer
675 is reset to the pointer for the right sub-condition. We have to keep
676 track of the tree of sequential "ands", so as to traverse back up it
677 if an "or" is met. */
679 else if (Ustrcmp(buffer, "and") == 0)
681 condition_block *andc = store_get(sizeof(condition_block), FALSE);
682 andc->parent = current_parent;
683 andc->type = cond_and;
684 andc->testfor = TRUE;
686 andc->right.u = NULL; /* insurance */
688 current = &(andc->right.c);
689 current_parent = andc;
692 /* "Or" is similar, but has to be done a bit more carefully to
693 ensure that "and" is more binding. If there's a parent set, we
694 are following a sequence of "and"s and must track back to their
697 else if (Ustrcmp(buffer, "or") == 0)
699 condition_block *orc = store_get(sizeof(condition_block), FALSE);
700 condition_block *or_parent = NULL;
704 while (current_parent->parent &&
705 current_parent->parent->type == cond_and)
706 current_parent = current_parent->parent;
708 /* If the parent has a parent, it must be an "or" parent. */
710 if (current_parent->parent)
711 or_parent = current_parent->parent;
714 orc->parent = or_parent;
715 if (!or_parent) *cond = orc;
716 else or_parent->right.c = orc;
719 orc->left.c = (current_parent == NULL)? c : current_parent;
720 orc->right.c = NULL; /* insurance */
721 current = &(orc->right.c);
722 current_parent = orc;
725 /* Otherwise there is a disaster */
729 *error_pointer = string_sprintf("\"and\" or \"or\" or \"%s\" "
730 "expected near line %d of filter file, but found \"%s\"",
731 toplevel? "then" : ")", line_number, buffer);
737 return nextsigchar(ptr, TRUE);
742 /*************************************************
743 * Output the current indent *
744 *************************************************/
750 for (i = 0; i < output_indent; i++) debug_printf(" ");
755 /*************************************************
756 * Condition printer: for debugging *
757 *************************************************/
761 c the block at the top of the tree
762 toplevel TRUE at toplevel - stops overall brackets
768 print_condition(condition_block *c, BOOL toplevel)
770 const char *name = (c->testfor)? cond_names[c->type] : cond_not_names[c->type];
777 case cond_manualthaw:
778 debug_printf("%s", name);
793 debug_printf("%s %s %s", c->left.u, name, c->right.u);
797 if (!c->testfor) debug_printf("not (");
798 print_condition(c->left.c, FALSE);
799 debug_printf(" %s ", cond_names[c->type]);
800 print_condition(c->right.c, FALSE);
801 if (!c->testfor) debug_printf(")");
805 if (!c->testfor) debug_printf("not (");
806 else if (!toplevel) debug_printf("(");
807 print_condition(c->left.c, FALSE);
808 debug_printf(" %s ", cond_names[c->type]);
809 print_condition(c->right.c, FALSE);
810 if (!toplevel || !c->testfor) debug_printf(")");
813 case cond_foranyaddress:
814 debug_printf("%s %s (", name, c->left.u);
815 print_condition(c->right.c, FALSE);
824 /*************************************************
825 * Read one filtering command *
826 *************************************************/
830 pptr points to pointer to first character of command; the pointer
831 is updated to point after the last character read
832 lastcmdptr points to pointer to pointer to last command; used for hanging
833 on the newly read command
835 Returns: TRUE if command successfully read, else FALSE
839 read_command(uschar **pptr, filter_cmd ***lastcmdptr)
841 int command, i, cmd_bit;
842 filter_cmd *new, **newlastcmdptr;
844 BOOL was_seen_or_unseen = FALSE;
845 BOOL was_noerror = FALSE;
851 /* Read the next word and find which command it is. Command words are normally
852 terminated by white space, but there are two exceptions, which are the "if" and
853 "elif" commands. We must allow for them to be terminated by an opening bracket,
854 as brackets are allowed in conditions and users will expect not to require
857 if (Ustrncmp(ptr, "if(", 3) == 0)
859 Ustrcpy(buffer, US"if");
862 else if (Ustrncmp(ptr, "elif(", 5) == 0)
864 Ustrcpy(buffer, US"elif");
869 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
870 if (*error_pointer != NULL) return FALSE;
873 for (command = 0; command < command_list_count; command++)
874 if (Ustrcmp(buffer, command_list[command]) == 0) break;
876 /* Handle the individual commands */
880 /* Add takes two arguments, separated by the word "to". Headers has two
881 arguments, but the first must be "add", "remove", or "charset", and it gets
882 stored in the second argument slot. Neither may be preceded by seen, unseen
886 case headers_command:
887 if (seen_force || noerror_force)
889 *error_pointer = string_sprintf("\"seen\", \"unseen\", or \"noerror\" "
890 "found before an \"%s\" command near line %d",
891 command_list[command], line_number);
896 /* Logwrite, logfile, pipe, and testprint all take a single argument, save
897 and logfile can have an option second argument for the mode, and deliver can
898 have "errors_to <address>" in a system filter, or in a user filter if the
899 address is the current one. */
901 case deliver_command:
902 case logfile_command:
903 case logwrite_command:
906 case testprint_command:
908 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
910 *error_pointer = string_sprintf("\"%s\" requires an argument "
911 "near line %d of filter file", command_list[command], line_number);
913 if (*error_pointer != NULL) yield = FALSE; else
915 union argtypes argument, second_argument;
917 argument.u = second_argument.u = NULL;
919 if (command == add_command)
921 argument.u = string_copy(buffer);
922 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
923 if (*buffer == 0 || Ustrcmp(buffer, "to") != 0)
924 *error_pointer = string_sprintf("\"to\" expected in \"add\" command "
925 "near line %d of filter file", line_number);
928 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
930 *error_pointer = string_sprintf("value missing after \"to\" "
931 "near line %d of filter file", line_number);
932 else second_argument.u = string_copy(buffer);
936 else if (command == headers_command)
938 if (Ustrcmp(buffer, "add") == 0)
939 second_argument.b = TRUE;
941 if (Ustrcmp(buffer, "remove") == 0) second_argument.b = FALSE;
943 if (Ustrcmp(buffer, "charset") == 0)
944 second_argument.b = TRUE_UNSET;
947 *error_pointer = string_sprintf("\"add\", \"remove\", or \"charset\" "
948 "expected after \"headers\" near line %d of filter file",
953 if (!f.system_filtering && second_argument.b != TRUE_UNSET)
955 *error_pointer = string_sprintf("header addition and removal is "
956 "available only in system filters: near line %d of filter file",
964 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
966 *error_pointer = string_sprintf("value missing after \"add\", "
967 "\"remove\", or \"charset\" near line %d of filter file",
969 else argument.u = string_copy(buffer);
973 /* The argument for the logwrite command must end in a newline, and the save
974 and logfile commands can have an optional mode argument. The deliver
975 command can have an optional "errors_to <address>" for a system filter,
976 or for a user filter if the address is the user's address. Accept the
977 syntax here - the check is later. */
981 if (command == logwrite_command)
983 int len = Ustrlen(buffer);
984 if (len == 0 || buffer[len-1] != '\n') Ustrcat(buffer, US"\n");
987 argument.u = string_copy(buffer);
989 if (command == save_command || command == logfile_command)
993 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
994 second_argument.i = (int)Ustrtol(buffer, NULL, 8);
996 else second_argument.i = -1;
999 else if (command == deliver_command)
1001 uschar *save_ptr = ptr;
1002 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
1003 if (Ustrcmp(buffer, "errors_to") == 0)
1005 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
1006 second_argument.u = string_copy(buffer);
1008 else ptr = save_ptr;
1012 /* Set up the command block. Seen defaults TRUE for delivery commands,
1013 FALSE for logging commands, and it doesn't matter for testprint, as
1014 that doesn't change the "delivered" status. */
1016 if (*error_pointer != NULL) yield = FALSE; else
1018 new = store_get(sizeof(filter_cmd) + sizeof(union argtypes), FALSE);
1021 *lastcmdptr = &(new->next);
1022 new->command = command;
1023 new->seen = seen_force? seen_value : command_exparg_count[command] >= 128;
1024 new->noerror = noerror_force;
1025 new->args[0] = argument;
1026 new->args[1] = second_argument;
1032 /* Elif, else and endif just set a flag if expected. */
1037 if (seen_force || noerror_force)
1039 *error_pointer = string_sprintf("\"seen\", \"unseen\", or \"noerror\" "
1040 "near line %d is not followed by a command", line_number);
1044 if (expect_endif > 0)
1045 had_else_endif = (command == elif_command)? had_elif :
1046 (command == else_command)? had_else : had_endif;
1049 *error_pointer = string_sprintf("unexpected \"%s\" command near "
1050 "line %d of filter file", buffer, line_number);
1056 /* Defer, freeze, and fail are available only if permitted. */
1059 cmd_bit = RDO_DEFER;
1060 goto DEFER_FREEZE_FAIL;
1064 goto DEFER_FREEZE_FAIL;
1066 case freeze_command:
1067 cmd_bit = RDO_FREEZE;
1070 if ((filter_options & cmd_bit) == 0)
1072 *error_pointer = string_sprintf("filtering command \"%s\" is disabled: "
1073 "near line %d of filter file", buffer, line_number);
1078 /* A text message can be provided after the "text" keyword, or
1079 as a string in quotes. */
1082 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
1083 if (*saveptr != '\"' && (*buffer == 0 || Ustrcmp(buffer, "text") != 0))
1090 if (*saveptr != '\"')
1091 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
1092 fmsg = string_copy(buffer);
1095 /* Drop through and treat as "finish", but never set "seen". */
1099 /* Finish has no arguments; fmsg defaults to NULL */
1101 case finish_command:
1102 new = store_get(sizeof(filter_cmd), FALSE);
1105 *lastcmdptr = &(new->next);
1106 new->command = command;
1107 new->seen = seen_force? seen_value : FALSE;
1108 new->args[0].u = fmsg;
1112 /* Seen, unseen, and noerror are not allowed before if, which takes a
1113 condition argument and then and else sub-commands. */
1116 if (seen_force || noerror_force)
1118 *error_pointer = string_sprintf("\"seen\", \"unseen\", or \"noerror\" "
1119 "found before an \"if\" command near line %d",
1124 /* Set up the command block for if */
1126 new = store_get(sizeof(filter_cmd) + 4 * sizeof(union argtypes), FALSE);
1129 *lastcmdptr = &(new->next);
1130 new->command = command;
1132 new->args[0].u = NULL;
1133 new->args[1].u = new->args[2].u = NULL;
1134 new->args[3].u = ptr;
1136 /* Read the condition */
1138 ptr = read_condition(ptr, &(new->args[0].c), TRUE);
1139 if (*error_pointer != NULL) { yield = FALSE; break; }
1141 /* Read the commands to be obeyed if the condition is true */
1143 newlastcmdptr = &(new->args[1].f);
1144 if (!read_command_list(&ptr, &newlastcmdptr, TRUE)) yield = FALSE;
1146 /* If commands were successfully read, handle the various possible
1147 terminators. There may be a number of successive "elif" sections. */
1151 while (had_else_endif == had_elif)
1153 filter_cmd *newnew =
1154 store_get(sizeof(filter_cmd) + 4 * sizeof(union argtypes), FALSE);
1155 new->args[2].f = newnew;
1158 new->command = command;
1160 new->args[0].u = NULL;
1161 new->args[1].u = new->args[2].u = NULL;
1162 new->args[3].u = ptr;
1164 ptr = read_condition(ptr, &(new->args[0].c), TRUE);
1165 if (*error_pointer != NULL) { yield = FALSE; break; }
1166 newlastcmdptr = &(new->args[1].f);
1167 if (!read_command_list(&ptr, &newlastcmdptr, TRUE))
1171 if (yield == FALSE) break;
1173 /* Handle termination by "else", possibly following one or more
1174 "elsif" sections. */
1176 if (had_else_endif == had_else)
1178 newlastcmdptr = &(new->args[2].f);
1179 if (!read_command_list(&ptr, &newlastcmdptr, TRUE))
1181 else if (had_else_endif != had_endif)
1183 *error_pointer = string_sprintf("\"endif\" missing near line %d of "
1184 "filter file", line_number);
1189 /* Otherwise the terminator was "endif" - this is checked by
1190 read_command_list(). The pointer is already set to NULL. */
1193 /* Reset the terminator flag. */
1195 had_else_endif = had_neither;
1199 /* The mail & vacation commands have a whole slew of keyworded arguments.
1200 The final argument values are the file expand and return message booleans,
1201 whose offsets are defined in mailarg_index_{expand,return}. Although they
1202 are logically booleans, because they are stored in a uschar * value, we use
1203 NULL and not FALSE, to keep 64-bit compilers happy. */
1206 case vacation_command:
1207 new = store_get(sizeof(filter_cmd) + mailargs_total * sizeof(union argtypes), FALSE);
1209 new->command = command;
1210 new->seen = seen_force? seen_value : FALSE;
1211 new->noerror = noerror_force;
1212 for (i = 0; i < mailargs_total; i++) new->args[i].u = NULL;
1214 /* Read keyword/value pairs until we hit one that isn't. The data
1215 must contain only printing chars plus tab, though the "text" value
1216 can also contain newlines. The "file" keyword can be preceded by the
1217 word "expand", and "return message" has no data. */
1221 uschar *saveptr = ptr;
1222 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
1223 if (*error_pointer != NULL)
1229 /* Ensure "return" is followed by "message"; that's a complete option */
1231 if (Ustrcmp(buffer, "return") == 0)
1233 new->args[mailarg_index_return].u = US""; /* not NULL => TRUE */
1234 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
1235 if (Ustrcmp(buffer, "message") != 0)
1237 *error_pointer = string_sprintf("\"return\" not followed by \"message\" "
1238 " near line %d of filter file", line_number);
1245 /* Ensure "expand" is followed by "file", then fall through to process the
1248 if (Ustrcmp(buffer, "expand") == 0)
1250 new->args[mailarg_index_expand].u = US""; /* not NULL => TRUE */
1251 ptr = nextword(ptr, buffer, sizeof(buffer), FALSE);
1252 if (Ustrcmp(buffer, "file") != 0)
1254 *error_pointer = string_sprintf("\"expand\" not followed by \"file\" "
1255 " near line %d of filter file", line_number);
1261 /* Scan for the keyword */
1263 for (i = 0; i < MAILARGS_STRING_COUNT; i++)
1264 if (Ustrcmp(buffer, mailargs[i]) == 0) break;
1266 /* Not found keyword; assume end of this command */
1268 if (i >= MAILARGS_STRING_COUNT)
1274 /* Found keyword, read the data item */
1276 ptr = nextitem(ptr, buffer, sizeof(buffer), FALSE);
1277 if (*error_pointer != NULL)
1282 else new->args[i].u = string_copy(buffer);
1285 /* If this is the vacation command, apply some default settings to
1286 some of the arguments. */
1288 if (command == vacation_command)
1290 if (new->args[mailarg_index_file].u == NULL)
1292 new->args[mailarg_index_file].u = string_copy(US".vacation.msg");
1293 new->args[mailarg_index_expand].u = US""; /* not NULL => TRUE */
1295 if (new->args[mailarg_index_log].u == NULL)
1296 new->args[mailarg_index_log].u = string_copy(US".vacation.log");
1297 if (new->args[mailarg_index_once].u == NULL)
1298 new->args[mailarg_index_once].u = string_copy(US".vacation");
1299 if (new->args[mailarg_index_once_repeat].u == NULL)
1300 new->args[mailarg_index_once_repeat].u = string_copy(US"7d");
1301 if (new->args[mailarg_index_subject].u == NULL)
1302 new->args[mailarg_index_subject].u = string_copy(US"On vacation");
1305 /* Join the address on to the chain of generated addresses */
1308 *lastcmdptr = &(new->next);
1312 /* Seen and unseen just set flags */
1315 case unseen_command:
1318 *error_pointer = string_sprintf("\"seen\" or \"unseen\" "
1319 "near line %d is not followed by a command", line_number);
1324 *error_pointer = string_sprintf("\"seen\" or \"unseen\" repeated "
1325 "near line %d", line_number);
1328 seen_value = (command == seen_command);
1330 was_seen_or_unseen = TRUE;
1334 /* So does noerror */
1336 case noerror_command:
1339 *error_pointer = string_sprintf("\"noerror\" "
1340 "near line %d is not followed by a command", line_number);
1343 noerror_force = TRUE;
1351 *error_pointer = string_sprintf("unknown filtering command \"%s\" "
1352 "near line %d of filter file", buffer, line_number);
1357 if (!was_seen_or_unseen && !was_noerror)
1360 noerror_force = FALSE;
1369 /*************************************************
1370 * Read a list of commands *
1371 *************************************************/
1373 /* If conditional is TRUE, the list must be terminated
1374 by the words "else" or "endif".
1377 pptr points to pointer to next character; the pointer is updated
1378 lastcmdptr points to pointer to pointer to previously-read command; used
1379 for hanging on the new command
1380 conditional TRUE if this command is the subject of a condition
1382 Returns: TRUE on success
1386 read_command_list(uschar **pptr, filter_cmd ***lastcmdptr, BOOL conditional)
1388 if (conditional) expect_endif++;
1389 had_else_endif = had_neither;
1390 while (**pptr != 0 && had_else_endif == had_neither)
1392 if (!read_command(pptr, lastcmdptr)) return FALSE;
1393 *pptr = nextsigchar(*pptr, TRUE);
1398 if (had_else_endif == had_neither)
1400 *error_pointer = US"\"endif\" missing at end of filter file";
1410 /*************************************************
1411 * Test a condition *
1412 *************************************************/
1416 c points to the condition block; c->testfor indicated whether
1417 it's a positive or negative condition
1418 toplevel TRUE if called from "if" directly; FALSE otherwise
1420 Returns: TRUE if the condition is met
1424 test_condition(condition_block *c, BOOL toplevel)
1428 uschar *exp[2], *p, *pp;
1429 const uschar *regcomp_error = NULL;
1430 int regcomp_error_offset;
1434 if (c == NULL) return TRUE; /* does this ever occur? */
1439 yield = test_condition(c->left.c, FALSE) &&
1440 *error_pointer == NULL &&
1441 test_condition(c->right.c, FALSE);
1445 yield = test_condition(c->left.c, FALSE) ||
1446 (*error_pointer == NULL &&
1447 test_condition(c->right.c, FALSE));
1450 /* The personal test is meaningless in a system filter. The tests are now in
1451 a separate function (so Sieve can use them). However, an Exim filter does not
1452 scan Cc: (hence the FALSE argument). */
1455 yield = f.system_filtering? FALSE : filter_personal(c->left.a, FALSE);
1458 case cond_delivered:
1459 yield = filter_delivered;
1462 /* Only TRUE if a message is actually being processed; FALSE for address
1463 testing and verification. */
1466 yield = message_id[0] != 0 &&
1467 (sender_address == NULL || sender_address[0] == 0);
1470 /* Only FALSE if a message is actually being processed; TRUE for address
1471 and filter testing and verification. */
1473 case cond_firsttime:
1474 yield = filter_test != FTEST_NONE || message_id[0] == 0 || f.deliver_firsttime;
1477 /* Only TRUE if a message is actually being processed; FALSE for address
1478 testing and verification. */
1480 case cond_manualthaw:
1481 yield = message_id[0] != 0 && f.deliver_manual_thaw;
1484 /* The foranyaddress condition loops through a list of addresses */
1486 case cond_foranyaddress:
1488 pp = expand_string(p);
1491 *error_pointer = string_sprintf("failed to expand \"%s\" in "
1492 "filter file: %s", p, expand_string_message);
1497 f.parse_allow_group = TRUE; /* Allow group syntax */
1502 int start, end, domain;
1505 p = parse_find_address_end(pp, FALSE);
1509 filter_thisaddress =
1510 parse_extract_address(pp, &error, &start, &end, &domain, FALSE);
1513 if (filter_thisaddress != NULL)
1515 if ((filter_test != FTEST_NONE && debug_selector != 0) ||
1516 (debug_selector & D_filter) != 0)
1519 debug_printf_indent("Extracted address %s\n", filter_thisaddress);
1521 yield = test_condition(c->right.c, FALSE);
1525 if (saveend == 0) break;
1529 f.parse_allow_group = FALSE; /* Reset group syntax flags */
1530 f.parse_found_group = FALSE;
1533 /* All other conditions have left and right values that need expanding;
1534 on error, it doesn't matter what value is returned. */
1538 for (i = 0; i < 2; i++)
1540 exp[i] = expand_string(p);
1543 *error_pointer = string_sprintf("failed to expand \"%s\" in "
1544 "filter file: %s", p, expand_string_message);
1550 /* Inner switch for the different cases */
1555 yield = strcmpic(exp[0], exp[1]) == 0;
1559 yield = Ustrcmp(exp[0], exp[1]) == 0;
1563 yield = strstric(exp[0], exp[1], FALSE) != NULL;
1567 yield = Ustrstr(exp[0], exp[1]) != NULL;
1571 yield = strncmpic(exp[0], exp[1], Ustrlen(exp[1])) == 0;
1575 yield = Ustrncmp(exp[0], exp[1], Ustrlen(exp[1])) == 0;
1581 int len = Ustrlen(exp[1]);
1582 uschar *s = exp[0] + Ustrlen(exp[0]) - len;
1583 yield = (s < exp[0])? FALSE :
1584 ((c->type == cond_ends)? strcmpic(s, exp[1]) : Ustrcmp(s, exp[1])) == 0;
1590 if ((filter_test != FTEST_NONE && debug_selector != 0) ||
1591 (debug_selector & D_filter) != 0)
1593 debug_printf_indent("Match expanded arguments:\n");
1594 debug_printf_indent(" Subject = %s\n", exp[0]);
1595 debug_printf_indent(" Pattern = %s\n", exp[1]);
1598 re = pcre_compile(CS exp[1],
1599 PCRE_COPT | ((c->type == cond_matches)? PCRE_CASELESS : 0),
1600 (const char **)®comp_error, ®comp_error_offset, NULL);
1604 *error_pointer = string_sprintf("error while compiling "
1605 "regular expression \"%s\": %s at offset %d",
1606 exp[1], regcomp_error, regcomp_error_offset);
1610 yield = regex_match_and_setup(re, exp[0], PCRE_EOPT, -1);
1613 /* For above and below, convert the strings to numbers */
1617 for (i = 0; i < 2; i++)
1619 val[i] = get_number(exp[i], &yield);
1622 *error_pointer = string_sprintf("malformed numerical string \"%s\"",
1627 yield = (c->type == cond_above)? (val[0] > val[1]) : (val[0] < val[1]);
1633 if ((filter_test != FTEST_NONE && debug_selector != 0) ||
1634 (debug_selector & D_filter) != 0)
1637 debug_printf_indent("%sondition is %s: ",
1638 toplevel? "C" : "Sub-c",
1639 (yield == c->testfor)? "true" : "false");
1640 print_condition(c, TRUE);
1641 debug_printf_indent("\n");
1644 return yield == c->testfor;
1649 /*************************************************
1650 * Interpret chain of commands *
1651 *************************************************/
1653 /* In testing state, just say what would be done rather than doing it. The
1654 testprint command just expands and outputs its argument in testing state, and
1655 does nothing otherwise.
1658 commands points to chain of commands to interpret
1659 generated where to hang newly-generated addresses
1661 Returns: FF_DELIVERED success, a significant action was taken
1662 FF_NOTDELIVERED success, no significant action
1663 FF_DEFER defer requested
1664 FF_FAIL fail requested
1665 FF_FREEZE freeze requested
1666 FF_ERROR there was a problem
1670 interpret_commands(filter_cmd *commands, address_item **generated)
1675 BOOL condition_value;
1680 uschar *fmsg, *ff_name;
1681 uschar *expargs[MAILARGS_STRING_COUNT];
1685 /* Expand the relevant number of arguments for the command that are
1688 for (i = 0; i < (command_exparg_count[commands->command] & 15); i++)
1690 uschar *ss = commands->args[i].u;
1694 if (!(expargs[i] = expand_string(ss)))
1696 *error_pointer = string_sprintf("failed to expand \"%s\" in "
1697 "%s command: %s", ss, command_list[commands->command],
1698 expand_string_message);
1703 /* Now switch for each command, setting the "delivered" flag if any of them
1706 if (commands->seen) filter_delivered = TRUE;
1708 switch(commands->command)
1711 for (i = 0; i < 2; i++)
1713 uschar *ss = expargs[i];
1716 if (i == 1 && (*ss++ != 'n' || ss[1] != 0))
1718 *error_pointer = string_sprintf("unknown variable \"%s\" in \"add\" "
1719 "command", expargs[i]);
1723 /* Allow for "--" at the start of the value (from -$n0) for example */
1724 if (i == 0) while (ss[0] == '-' && ss[1] == '-') ss += 2;
1726 n[i] = (int)Ustrtol(ss, &end, 0);
1729 *error_pointer = string_sprintf("malformed number \"%s\" in \"add\" "
1735 filter_n[n[1]] += n[0];
1736 if (filter_test != FTEST_NONE) printf("Add %d to n%d\n", n[0], n[1]);
1739 /* A deliver command's argument must be a valid address. Its optional
1740 second argument (system filter only) must also be a valid address. */
1742 case deliver_command:
1743 for (i = 0; i < 2; i++)
1748 int start, end, domain;
1750 uschar *ss = parse_extract_address(s, &error, &start, &end, &domain,
1753 expargs[i] = ((filter_options & RDO_REWRITE) != 0)?
1754 rewrite_address(ss, TRUE, FALSE, global_rewrite_rules,
1755 rewrite_existflags) :
1756 rewrite_address_qualify(ss, TRUE);
1759 *error_pointer = string_sprintf("malformed address \"%s\" in "
1760 "filter file: %s", s, error);
1766 /* Stick the errors address into a simple variable, as it will
1767 be referenced a few times. Check that the caller is permitted to
1772 if (s != NULL && !f.system_filtering)
1774 uschar *ownaddress = expand_string(US"$local_part@$domain");
1775 if (strcmpic(ownaddress, s) != 0)
1777 *error_pointer = US"errors_to must point to the caller's address";
1782 /* Test case: report what would happen */
1784 if (filter_test != FTEST_NONE)
1787 printf("%seliver message to: %s%s%s%s\n",
1788 (commands->seen)? "D" : "Unseen d",
1790 commands->noerror? " (noerror)" : "",
1791 (s != NULL)? " errors_to " : "",
1792 (s != NULL)? s : US"");
1799 DEBUG(D_filter) debug_printf_indent("Filter: %sdeliver message to: %s%s%s%s\n",
1800 (commands->seen)? "" : "unseen ",
1802 commands->noerror? " (noerror)" : "",
1803 (s != NULL)? " errors_to " : "",
1804 (s != NULL)? s : US"");
1806 /* Create the new address and add it to the chain, setting the
1807 af_ignore_error flag if necessary, and the errors address, which can be
1808 set in a system filter and to the local address in user filters. */
1810 addr = deliver_make_addr(expargs[0], TRUE); /* TRUE => copy s */
1811 addr->prop.errors_address = (s == NULL)?
1812 s : string_copy(s); /* Default is NULL */
1813 if (commands->noerror) addr->prop.ignore_error = TRUE;
1814 addr->next = *generated;
1821 mode = commands->args[1].i;
1823 /* Test case: report what would happen */
1825 if (filter_test != FTEST_NONE)
1829 printf("%save message to: %s%s\n", (commands->seen)?
1830 "S" : "Unseen s", s, commands->noerror? " (noerror)" : "");
1832 printf("%save message to: %s %04o%s\n", (commands->seen)?
1833 "S" : "Unseen s", s, mode, commands->noerror? " (noerror)" : "");
1836 /* Real case: Ensure save argument starts with / if there is a home
1837 directory to prepend. */
1841 if (s[0] != '/' && (filter_options & RDO_PREPEND_HOME) != 0 &&
1842 deliver_home != NULL && deliver_home[0] != 0)
1843 s = string_sprintf("%s/%s", deliver_home, s);
1844 DEBUG(D_filter) debug_printf_indent("Filter: %ssave message to: %s%s\n",
1845 (commands->seen)? "" : "unseen ", s,
1846 commands->noerror? " (noerror)" : "");
1848 /* Create the new address and add it to the chain, setting the
1849 af_pfr and af_file flags, the af_ignore_error flag if necessary, and the
1852 addr = deliver_make_addr(s, TRUE); /* TRUE => copy s */
1853 setflag(addr, af_pfr);
1854 setflag(addr, af_file);
1855 if (commands->noerror) addr->prop.ignore_error = TRUE;
1857 addr->next = *generated;
1863 s = string_copy(commands->args[0].u);
1864 if (filter_test != FTEST_NONE)
1867 printf("%sipe message to: %s%s\n", (commands->seen)?
1868 "P" : "Unseen p", s, commands->noerror? " (noerror)" : "");
1870 else /* Ensure pipe command starts with | */
1872 DEBUG(D_filter) debug_printf_indent("Filter: %spipe message to: %s%s\n",
1873 commands->seen ? "" : "unseen ", s,
1874 commands->noerror ? " (noerror)" : "");
1875 if (s[0] != '|') s = string_sprintf("|%s", s);
1877 /* Create the new address and add it to the chain, setting the
1878 af_ignore_error flag if necessary. Set the af_expand_pipe flag so that
1879 each command argument is expanded in the transport after the command
1880 has been split up into separate arguments. */
1882 addr = deliver_make_addr(s, TRUE); /* TRUE => copy s */
1883 setflag(addr, af_pfr);
1884 setflag(addr, af_expand_pipe);
1885 if (commands->noerror) addr->prop.ignore_error = TRUE;
1886 addr->next = *generated;
1889 /* If there are any numeric variables in existence (e.g. after a regex
1890 condition), or if $thisaddress is set, take a copy for use in the
1891 expansion. Note that we can't pass NULL for filter_thisaddress, because
1892 NULL terminates the list. */
1894 if (expand_nmax >= 0 || filter_thisaddress != NULL)
1896 int ecount = expand_nmax >= 0 ? expand_nmax : -1;
1897 uschar **ss = store_get(sizeof(uschar *) * (ecount + 3), FALSE);
1899 addr->pipe_expandn = ss;
1900 if (!filter_thisaddress) filter_thisaddress = US"";
1901 *ss++ = string_copy(filter_thisaddress);
1902 for (int i = 0; i <= expand_nmax; i++)
1903 *ss++ = string_copyn(expand_nstring[i], expand_nlength[i]);
1909 /* Set up the file name and mode, and close any previously open
1912 case logfile_command:
1913 log_mode = commands->args[1].i;
1914 if (log_mode == -1) log_mode = 0600;
1917 (void)close(log_fd);
1920 log_filename = expargs[0];
1921 if (filter_test != FTEST_NONE)
1924 printf("%sogfile %s\n", (commands->seen)? "Seen l" : "L", log_filename);
1928 case logwrite_command:
1931 if (filter_test != FTEST_NONE)
1934 printf("%sogwrite \"%s\"\n", (commands->seen)? "Seen l" : "L",
1935 string_printing(s));
1938 /* Attempt to write to a log file only if configured as permissible.
1939 Logging may be forcibly skipped for verifying or testing. */
1941 else if ((filter_options & RDO_LOG) != 0) /* Locked out */
1944 debug_printf_indent("filter log command aborted: euid=%ld\n",
1945 (long int)geteuid());
1946 *error_pointer = US"logwrite command forbidden";
1949 else if ((filter_options & RDO_REALLOG) != 0)
1952 DEBUG(D_filter) debug_printf_indent("writing filter log as euid %ld\n",
1953 (long int)geteuid());
1956 if (log_filename == NULL)
1958 *error_pointer = US"attempt to obey \"logwrite\" command "
1959 "without a previous \"logfile\"";
1962 log_fd = Uopen(log_filename, O_CREAT|O_APPEND|O_WRONLY, log_mode);
1965 *error_pointer = string_open_failed(errno, "filter log file \"%s\"",
1971 if (write(log_fd, s, len) != len)
1973 *error_pointer = string_sprintf("write error on file \"%s\": %s",
1974 log_filename, strerror(errno));
1980 DEBUG(D_filter) debug_printf_indent("skipping logwrite (verifying or testing)\n");
1984 /* Header addition and removal is available only in the system filter. The
1985 command is rejected at parse time otherwise. However "headers charset" is
1986 always permitted. */
1988 case headers_command:
1990 int subtype = commands->args[1].i;
1993 if (filter_test != FTEST_NONE)
1994 printf("Headers %s \"%s\"\n", (subtype == TRUE)? "add" :
1995 (subtype == FALSE)? "remove" : "charset", string_printing(s));
1997 if (subtype == TRUE)
1999 while (isspace(*s)) s++;
2002 header_add(htype_other, "%s%s", s, (s[Ustrlen(s)-1] == '\n')?
2004 header_last->type = header_checkname(header_last, FALSE);
2005 if (header_last->type >= 'a') header_last->type = htype_other;
2009 else if (subtype == FALSE)
2013 const uschar *list = s;
2015 while ((ss = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
2017 header_remove(0, ss);
2020 /* This setting lasts only while the filter is running; on exit, the
2021 variable is reset to the previous value. */
2023 else headers_charset = s;
2027 /* Defer, freeze, and fail are available only when explicitly permitted.
2028 These commands are rejected at parse time otherwise. The message can get
2029 very long by the inclusion of message headers; truncate if it is, and also
2030 ensure printing characters so as not to mess up log files. */
2033 ff_name = US"defer";
2035 goto DEFERFREEZEFAIL;
2040 goto DEFERFREEZEFAIL;
2042 case freeze_command:
2043 ff_name = US"freeze";
2048 if (Ustrlen(fmsg) > 1024) Ustrcpy(fmsg + 1000, US" ... (truncated)");
2049 fmsg = US string_printing(fmsg);
2050 *error_pointer = fmsg;
2052 if (filter_test != FTEST_NONE)
2055 printf("%c%s text \"%s\"\n", toupper(ff_name[0]), ff_name+1, fmsg);
2057 else DEBUG(D_filter) debug_printf_indent("Filter: %s \"%s\"\n", ff_name, fmsg);
2060 case finish_command:
2061 if (filter_test != FTEST_NONE)
2064 printf("%sinish\n", (commands->seen)? "Seen f" : "F");
2068 DEBUG(D_filter) debug_printf_indent("Filter: %sfinish\n",
2069 (commands->seen)? " Seen " : "");
2071 finish_obeyed = TRUE;
2072 return filter_delivered? FF_DELIVERED : FF_NOTDELIVERED;
2076 uschar *save_address = filter_thisaddress;
2077 int ok = FF_DELIVERED;
2078 condition_value = test_condition(commands->args[0].c, TRUE);
2079 if (*error_pointer != NULL) ok = FF_ERROR; else
2082 ok = interpret_commands(commands->args[condition_value? 1:2].f,
2086 filter_thisaddress = save_address;
2087 if (finish_obeyed || (ok != FF_DELIVERED && ok != FF_NOTDELIVERED))
2093 /* To try to catch runaway loops, do not generate mail if the
2094 return path is unset or if a non-trusted user supplied -f <>
2095 as the return path. */
2098 case vacation_command:
2099 if (return_path == NULL || return_path[0] == 0)
2101 if (filter_test != FTEST_NONE)
2102 printf("%s command ignored because return_path is empty\n",
2103 command_list[commands->command]);
2104 else DEBUG(D_filter) debug_printf_indent("%s command ignored because return_path "
2105 "is empty\n", command_list[commands->command]);
2109 /* Check the contents of the strings. The type of string can be deduced
2110 from the value of i.
2112 . If i is equal to mailarg_index_text it's a text string for the body,
2113 where anything goes.
2115 . If i is > mailarg_index_text, we are dealing with a file name, which
2116 cannot contain non-printing characters.
2118 . If i is less than mailarg_index_headers we are dealing with something
2119 that will go in a single message header line, where newlines must be
2120 followed by white space.
2122 . If i is equal to mailarg_index_headers, we have a string that contains
2123 one or more headers. Newlines that are not followed by white space must
2124 be followed by a header name.
2127 for (i = 0; i < MAILARGS_STRING_COUNT; i++)
2130 uschar *s = expargs[i];
2132 if (s == NULL) continue;
2134 if (i != mailarg_index_text) for (p = s; *p != 0; p++)
2137 if (i > mailarg_index_text)
2139 if (!mac_isprint(c))
2141 *error_pointer = string_sprintf("non-printing character in \"%s\" "
2142 "in %s command", string_printing(s),
2143 command_list[commands->command]);
2148 /* i < mailarg_index_text */
2150 else if (c == '\n' && !isspace(p[1]))
2152 if (i < mailarg_index_headers)
2154 *error_pointer = string_sprintf("\\n not followed by space in "
2155 "\"%.1024s\" in %s command", string_printing(s),
2156 command_list[commands->command]);
2160 /* Check for the start of a new header line within the string */
2165 for (pp = p + 1;; pp++)
2168 if (c == ':' && pp != p + 1) break;
2169 if (c == 0 || c == ':' || isspace(*pp))
2171 *error_pointer = string_sprintf("\\n not followed by space or "
2172 "valid header name in \"%.1024s\" in %s command",
2173 string_printing(s), command_list[commands->command]);
2180 } /* Loop to scan the string */
2182 /* The string is OK */
2184 commands->args[i].u = s;
2187 /* Proceed with mail or vacation command */
2189 if (filter_test != FTEST_NONE)
2191 uschar *to = commands->args[mailarg_index_to].u;
2193 printf("%sail to: %s%s%s\n", (commands->seen)? "Seen m" : "M",
2194 to ? to : US"<default>",
2195 commands->command == vacation_command ? " (vacation)" : "",
2196 commands->noerror ? " (noerror)" : "");
2197 for (i = 1; i < MAILARGS_STRING_COUNT; i++)
2199 uschar *arg = commands->args[i].u;
2202 int len = Ustrlen(mailargs[i]);
2203 int indent = (debug_selector != 0)? output_indent : 0;
2204 while (len++ < 7 + indent) printf(" ");
2205 printf("%s: %s%s\n", mailargs[i], string_printing(arg),
2206 (commands->args[mailarg_index_expand].u != NULL &&
2207 Ustrcmp(mailargs[i], "file") == 0)? " (expanded)" : "");
2210 if (commands->args[mailarg_index_return].u)
2211 printf("Return original message\n");
2216 uschar *to = commands->args[mailarg_index_to].u;
2217 gstring * log_addr = NULL;
2219 if (!to) to = expand_string(US"$reply_address");
2220 while (isspace(*to)) to++;
2222 for (tt = to; *tt != 0; tt++) /* Get rid of newlines */
2223 if (*tt == '\n') *tt = ' ';
2227 debug_printf_indent("Filter: %smail to: %s%s%s\n",
2228 commands->seen ? "seen " : "",
2230 commands->command == vacation_command ? " (vacation)" : "",
2231 commands->noerror ? " (noerror)" : "");
2232 for (i = 1; i < MAILARGS_STRING_COUNT; i++)
2234 uschar *arg = commands->args[i].u;
2237 int len = Ustrlen(mailargs[i]);
2238 while (len++ < 15) debug_printf_indent(" ");
2239 debug_printf_indent("%s: %s%s\n", mailargs[i], string_printing(arg),
2240 (commands->args[mailarg_index_expand].u != NULL &&
2241 Ustrcmp(mailargs[i], "file") == 0)? " (expanded)" : "");
2246 /* Create the "address" for the autoreply. This is used only for logging,
2247 as the actual recipients are extracted from the To: line by -t. We use the
2248 same logic here to extract the working addresses (there may be more than
2249 one). Just in case there are a vast number of addresses, stop when the
2250 string gets too long. */
2255 uschar *ss = parse_find_address_end(tt, FALSE);
2256 uschar *recipient, *errmess;
2257 int start, end, domain;
2261 recipient = parse_extract_address(tt, &errmess, &start, &end, &domain,
2265 /* Ignore empty addresses and errors; an error will occur later if
2266 there's something really bad. */
2270 log_addr = string_catn(log_addr, log_addr ? US"," : US">", 1);
2271 log_addr = string_cat (log_addr, recipient);
2276 if (log_addr && log_addr->ptr > 256)
2278 log_addr = string_catn(log_addr, US", ...", 5);
2282 /* Move on past this address */
2284 tt = ss + (*ss ? 1 : 0);
2285 while (isspace(*tt)) tt++;
2289 addr = deliver_make_addr(string_from_gstring(log_addr), FALSE);
2292 addr = deliver_make_addr(US ">**bad-reply**", FALSE);
2293 setflag(addr, af_bad_reply);
2296 setflag(addr, af_pfr);
2297 if (commands->noerror) addr->prop.ignore_error = TRUE;
2298 addr->next = *generated;
2301 addr->reply = store_get(sizeof(reply_item), FALSE);
2302 addr->reply->from = NULL;
2303 addr->reply->to = string_copy(to);
2304 addr->reply->file_expand =
2305 commands->args[mailarg_index_expand].u != NULL;
2306 addr->reply->expand_forbid = expand_forbid;
2307 addr->reply->return_message =
2308 commands->args[mailarg_index_return].u != NULL;
2309 addr->reply->once_repeat = 0;
2311 if (commands->args[mailarg_index_once_repeat].u != NULL)
2313 addr->reply->once_repeat =
2314 readconf_readtime(commands->args[mailarg_index_once_repeat].u, 0,
2316 if (addr->reply->once_repeat < 0)
2318 *error_pointer = string_sprintf("Bad time value for \"once_repeat\" "
2319 "in mail or vacation command: %s",
2320 commands->args[mailarg_index_once_repeat].u);
2325 /* Set up all the remaining string arguments (those other than "to") */
2327 for (i = 1; i < mailargs_string_passed; i++)
2329 uschar *ss = commands->args[i].u;
2330 *(USS((US addr->reply) + reply_offsets[i])) =
2331 ss ? string_copy(ss) : NULL;
2336 case testprint_command:
2337 if (filter_test != FTEST_NONE || (debug_selector & D_filter) != 0)
2339 const uschar *s = string_printing(expargs[0]);
2340 if (filter_test == FTEST_NONE)
2341 debug_printf_indent("Filter: testprint: %s\n", s);
2343 printf("Testprint: %s\n", s);
2347 commands = commands->next;
2350 return filter_delivered? FF_DELIVERED : FF_NOTDELIVERED;
2355 /*************************************************
2356 * Test for a personal message *
2357 *************************************************/
2359 /* This function is global so that it can also be called from the code that
2360 implements Sieve filters.
2363 aliases a chain of aliases
2364 scan_cc TRUE if Cc: and Bcc: are to be scanned (Exim filters do not)
2366 Returns: TRUE if the message is deemed to be personal
2370 filter_personal(string_item *aliases, BOOL scan_cc)
2372 uschar *self, *self_from, *self_to;
2373 uschar *psself = NULL, *psself_from = NULL, *psself_to = NULL;
2374 rmark reset_point = store_mark();
2380 /* If any header line in the message is a defined "List-" header field, it is
2381 not a personal message. We used to check for any header line that started with
2382 "List-", but this was tightened up for release 4.54. The check is now for
2383 "List-Id", defined in RFC 2929, or "List-Help", "List-Subscribe", "List-
2384 Unsubscribe", "List-Post", "List-Owner" or "List-Archive", all of which are
2385 defined in RFC 2369. We also scan for "Auto-Submitted"; if it is found to
2386 contain any value other than "no", the message is not personal (RFC 3834).
2387 Previously the test was for "auto-". */
2389 for (h = header_list; h; h = h->next)
2392 if (h->type == htype_old) continue;
2394 if (strncmpic(h->text, US"List-", 5) == 0)
2397 if (strncmpic(s, US"Id:", 3) == 0 ||
2398 strncmpic(s, US"Help:", 5) == 0 ||
2399 strncmpic(s, US"Subscribe:", 10) == 0 ||
2400 strncmpic(s, US"Unsubscribe:", 12) == 0 ||
2401 strncmpic(s, US"Post:", 5) == 0 ||
2402 strncmpic(s, US"Owner:", 6) == 0 ||
2403 strncmpic(s, US"Archive:", 8) == 0)
2407 else if (strncmpic(h->text, US"Auto-submitted:", 15) == 0)
2410 while (isspace(*s)) s++;
2411 if (strncmpic(s, US"no", 2) != 0) return FALSE;
2413 while (isspace(*s)) s++;
2414 if (*s != 0) return FALSE;
2418 /* Set up "my" address */
2420 self = string_sprintf("%s@%s", deliver_localpart, deliver_domain);
2421 self_from = rewrite_one(self, rewrite_from, NULL, FALSE, US"",
2422 global_rewrite_rules);
2423 self_to = rewrite_one(self, rewrite_to, NULL, FALSE, US"",
2424 global_rewrite_rules);
2427 if (self_from == NULL) self_from = self;
2428 if (self_to == NULL) self_to = self;
2430 /* If there's a prefix or suffix set, we must include the prefixed/
2431 suffixed version of the local part in the tests. */
2433 if (deliver_localpart_prefix != NULL || deliver_localpart_suffix != NULL)
2435 psself = string_sprintf("%s%s%s@%s",
2436 (deliver_localpart_prefix == NULL)? US"" : deliver_localpart_prefix,
2438 (deliver_localpart_suffix == NULL)? US"" : deliver_localpart_suffix,
2440 psself_from = rewrite_one(psself, rewrite_from, NULL, FALSE, US"",
2441 global_rewrite_rules);
2442 psself_to = rewrite_one(psself, rewrite_to, NULL, FALSE, US"",
2443 global_rewrite_rules);
2444 if (psself_from == NULL) psself_from = psself;
2445 if (psself_to == NULL) psself_to = psself;
2450 /* Do all the necessary tests; the counts are adjusted for {pre,suf}fix */
2454 header_match(US"to:", TRUE, TRUE, aliases, to_count, self, self_to, psself,
2458 header_match(US"cc:", TRUE, TRUE, aliases, to_count, self, self_to,
2461 header_match(US"bcc:", TRUE, TRUE, aliases, to_count, self, self_to,
2467 header_match(US"from:", TRUE, FALSE, aliases, from_count, "^server@",
2468 "^daemon@", "^root@", "^listserv@", "^majordomo@", "^.*?-request@",
2469 "^owner-[^@]+@", self, self_from, psself, psself_from) &&
2471 header_match(US"precedence:", FALSE, FALSE, NULL, 3, "bulk","list","junk") &&
2473 (sender_address == NULL || sender_address[0] != 0);
2475 store_reset(reset_point);
2481 /*************************************************
2482 * Interpret a mail filter file *
2483 *************************************************/
2487 filter points to the entire file, read into store as a single string
2488 options controls whether various special things are allowed, and requests
2490 generated where to hang newly-generated addresses
2491 error where to pass back an error text
2493 Returns: FF_DELIVERED success, a significant action was taken
2494 FF_NOTDELIVERED success, no significant action
2495 FF_DEFER defer requested
2496 FF_FAIL fail requested
2497 FF_FREEZE freeze requested
2498 FF_ERROR there was a problem
2502 filter_interpret(uschar *filter, int options, address_item **generated,
2506 int yield = FF_ERROR;
2507 uschar *ptr = filter;
2508 uschar *save_headers_charset = headers_charset;
2509 filter_cmd *commands = NULL;
2510 filter_cmd **lastcmdptr = &commands;
2512 DEBUG(D_route) debug_printf("Filter: start of processing\n");
2515 /* Initialize "not in an if command", set the global flag that is always TRUE
2516 while filtering, and zero the variables. */
2520 f.filter_running = TRUE;
2521 for (i = 0; i < FILTER_VARIABLE_COUNT; i++) filter_n[i] = 0;
2523 /* To save having to pass certain values about all the time, make them static.
2524 Also initialize the line number, for error messages, and the log file
2527 filter_options = options;
2528 filter_delivered = FALSE;
2529 finish_obeyed = FALSE;
2530 error_pointer = error;
2531 *error_pointer = NULL;
2535 log_filename = NULL;
2537 /* Scan filter file for syntax and build up an interpretation thereof, and
2538 interpret the compiled commands, and if testing, say whether we ended up
2539 delivered or not, unless something went wrong. */
2542 ptr = nextsigchar(ptr, TRUE);
2544 if (read_command_list(&ptr, &lastcmdptr, FALSE))
2545 yield = interpret_commands(commands, generated);
2547 if (filter_test != FTEST_NONE || (debug_selector & D_filter) != 0)
2553 s = US"Filtering ended by \"defer\".";
2557 s = US"Filtering ended by \"freeze\".";
2561 s = US"Filtering ended by \"fail\".";
2565 s = US"Filtering set up at least one significant delivery "
2566 "or other action.\n"
2567 "No other deliveries will occur.";
2570 case FF_NOTDELIVERED:
2571 s = US"Filtering did not set up a significant delivery.\n"
2572 "Normal delivery will occur.";
2576 s = string_sprintf("Filter error: %s", *error);
2580 if (filter_test != FTEST_NONE) printf("%s\n", CS s);
2581 else debug_printf_indent("%s\n", s);
2584 /* Close the log file if it was opened, and kill off any numerical variables
2585 before returning. Reset the header decoding charset. */
2587 if (log_fd >= 0) (void)close(log_fd);
2589 f.filter_running = FALSE;
2590 headers_charset = save_headers_charset;
2593 DEBUG(D_route) debug_printf("Filter: end of processing\n");
2598 /* End of filter.c */
git://git.exim.org / exim.git / blob