-/* $Cambridge: exim/src/src/receive.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2004 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for receiving a message and setting up spool files. */
-
#include "exim.h"
+#ifdef EXPERIMENTAL_DCC
+extern int dcc_ok;
+#endif
+#ifdef EXPERIMENTAL_DMARC
+# include "dmarc.h"
+#endif /* EXPERIMENTAL_DMARC */
/*************************************************
* Local static variables *
qnewsender = (Ustrchr(newsender, '@') != NULL)?
newsender : string_sprintf("%s@%s", newsender, qualify_domain_sender);
return
- match_address_list(qnewsender, TRUE, TRUE, &untrusted_set_sender, NULL, -1,
+ match_address_list(qnewsender, TRUE, TRUE, CUSS &untrusted_set_sender, NULL, -1,
0, NULL) == OK;
}
/*************************************************
-* Check space on spool and log partitions *
+* Read space info for a partition *
*************************************************/
-/* This function is called before accepting a message; if any thresholds are
-set, it checks them. If a message_size is supplied, it checks that there is
-enough space for that size plus the threshold - i.e. that the message won't
-reduce the space to the threshold. Not all OS have statvfs(); for those that
-don't, this function always returns TRUE. For some OS the old function and
-struct name statfs is used; that is handled by a macro, defined in exim.h.
+/* This function is called by receive_check_fs() below, and also by string
+expansion for variables such as $spool_space. The field names for the statvfs
+structure are macros, because not all OS have F_FAVAIL and it seems tidier to
+have macros for F_BAVAIL and F_FILES as well. Some kinds of file system do not
+have inodes, and they return -1 for the number available.
+
+Later: It turns out that some file systems that do not have the concept of
+inodes return 0 rather than -1. Such systems should also return 0 for the total
+number of inodes, so we require that to be greater than zero before returning
+an inode count.
Arguments:
- msg_size the (estimated) size of an incoming message
+ isspool TRUE for spool partition, FALSE for log partition
+ inodeptr address of int to receive inode count; -1 if there isn't one
-Returns: FALSE if there isn't enough space, or if the information cannot
- be obtained
- TRUE if no check was done or there is enough space
+Returns: available on-root space, in kilobytes
+ -1 for log partition if there isn't one
+
+All values are -1 if the STATFS functions are not available.
*/
-BOOL
-receive_check_fs(int msg_size)
+int
+receive_statvfs(BOOL isspool, int *inodeptr)
{
#ifdef HAVE_STATFS
-BOOL rc = TRUE;
struct STATVFS statbuf;
+uschar *path;
+uschar *name;
+uschar buffer[1024];
-memset(&statbuf, 0, sizeof(statbuf));
-
-/* The field names are macros, because not all OS have F_FAVAIL and it seems
-tidier to have macros for F_BAVAIL and F_FILES as well. Some kinds of file
-server do not have inodes, and they return -1 for the number available, so we
-do the check only when this field is non-negative.
-
-Later: It turns out that some file systems that do not have the concept of
-inodes return 0 rather than -1. Such systems should also return 0 for the total
-number of inodes, so we require that to be greater than zero before doing the
-test. */
+/* The spool directory must always exist. */
-if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0)
+if (isspool)
{
- if (STATVFS(CS spool_directory, &statbuf) != 0)
- {
- log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
- "spool directory %s: %s", spool_directory, strerror(errno));
- smtp_closedown(US"spool directory problem");
- exim_exit(EXIT_FAILURE);
- }
-
- /* check_spool_space is held in K because disks are getting huge */
-
- if (statbuf.F_BAVAIL < (unsigned long)
- ((((double)check_spool_space) * 1024.0 + (double)msg_size) /
- (double)statbuf.F_FRSIZE)
- ||
- (statbuf.F_FILES > 0 &&
- statbuf.F_FAVAIL >= 0 &&
- statbuf.F_FAVAIL < check_spool_inodes))
- rc = FALSE;
-
- DEBUG(D_receive)
- debug_printf("spool directory %s space = %d blocks; inodes = %d; "
- "check_space = %dK (%d blocks); inodes = %d; msg_size = %d (%d blocks)\n",
- spool_directory, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
- check_spool_space,
- (int)(((double)check_spool_space * 1024.0) / (double)statbuf.F_FRSIZE),
- check_spool_inodes, msg_size, (int)(msg_size / statbuf.F_FRSIZE));
-
- if (!rc)
- {
- log_write(0, LOG_MAIN, "spool directory space check failed: space=%d "
- "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
- return FALSE;
- }
+ path = spool_directory;
+ name = US"spool";
}
/* Need to cut down the log file path to the directory, and to ignore any
appearance of "syslog" in it. */
-if (check_log_space > 0 || check_log_inodes > 0)
+else
{
- uschar *path;
int sep = ':'; /* Not variable - outside scripts use */
- uschar *cp;
- uschar *p = log_file_path;
- uschar buffer[1024];
+ const uschar *p = log_file_path;
+ name = US"log";
/* An empty log_file_path means "use the default". This is the same as an
empty item in a list. */
if (*p == 0) p = US":";
- while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))) != NULL)
+ while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))))
+ if (Ustrcmp(path, "syslog") != 0)
+ break;
+
+ if (path == NULL) /* No log files */
{
- if (Ustrcmp(path, "syslog") != 0) break;
+ *inodeptr = -1;
+ return -1;
}
- if (path == NULL) return TRUE; /* No log files, so no problem */
-
- /* An empty string means use the default */
+ /* An empty string means use the default, which is in the spool directory.
+ But don't just use the spool directory, as it is possible that the log
+ subdirectory has been symbolically linked elsewhere. */
if (path[0] == 0)
- path = string_sprintf("%s/log/%%slog", spool_directory);
-
- if ((cp = Ustrrchr(path, '/')) == NULL)
{
- DEBUG(D_receive) debug_printf("cannot find slash in %s\n", path);
- return FALSE;
+ sprintf(CS buffer, CS"%s/log", CS spool_directory);
+ path = buffer;
+ }
+ else
+ {
+ uschar *cp;
+ if ((cp = Ustrrchr(path, '/')) != NULL) *cp = 0;
}
- *cp = 0;
+ }
+
+/* We now have the path; do the business */
+
+memset(&statbuf, 0, sizeof(statbuf));
+
+if (STATVFS(CS path, &statbuf) != 0)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
+ "%s directory %s: %s", name, spool_directory, strerror(errno));
+ smtp_closedown(US"spool or log directory problem");
+ exim_exit(EXIT_FAILURE);
+ }
+
+*inodeptr = (statbuf.F_FILES > 0)? statbuf.F_FAVAIL : -1;
+
+/* Disks are getting huge. Take care with computing the size in kilobytes. */
+
+return (int)(((double)statbuf.F_BAVAIL * (double)statbuf.F_FRSIZE)/1024.0);
+
+/* Unable to find partition sizes in this environment. */
+
+#else
+*inodeptr = -1;
+return -1;
+#endif
+}
+
- if (STATVFS(CS path, &statbuf) != 0)
+
+
+/*************************************************
+* Check space on spool and log partitions *
+*************************************************/
+
+/* This function is called before accepting a message; if any thresholds are
+set, it checks them. If a message_size is supplied, it checks that there is
+enough space for that size plus the threshold - i.e. that the message won't
+reduce the space to the threshold. Not all OS have statvfs(); for those that
+don't, this function always returns TRUE. For some OS the old function and
+struct name statfs is used; that is handled by a macro, defined in exim.h.
+
+Arguments:
+ msg_size the (estimated) size of an incoming message
+
+Returns: FALSE if there isn't enough space, or if the information cannot
+ be obtained
+ TRUE if no check was done or there is enough space
+*/
+
+BOOL
+receive_check_fs(int msg_size)
+{
+int space, inodes;
+
+if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0)
+ {
+ space = receive_statvfs(TRUE, &inodes);
+
+ DEBUG(D_receive)
+ debug_printf("spool directory space = %dK inodes = %d "
+ "check_space = %dK inodes = %d msg_size = %d\n",
+ space, inodes, check_spool_space, check_spool_inodes, msg_size);
+
+ if ((space >= 0 && space < check_spool_space) ||
+ (inodes >= 0 && inodes < check_spool_inodes))
{
- log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
- "log directory %s: %s", path, strerror(errno));
- smtp_closedown(US"log directory problem");
- exim_exit(EXIT_FAILURE);
+ log_write(0, LOG_MAIN, "spool directory space check failed: space=%d "
+ "inodes=%d", space, inodes);
+ return FALSE;
}
+ }
- if (statbuf.F_BAVAIL < (unsigned long)
- (((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE)
- ||
- statbuf.F_FAVAIL < check_log_inodes) rc = FALSE;
+if (check_log_space > 0 || check_log_inodes > 0)
+ {
+ space = receive_statvfs(FALSE, &inodes);
DEBUG(D_receive)
- debug_printf("log directory %s space = %d blocks; inodes = %d; "
- "check_space = %dK (%d blocks); inodes = %d\n",
- path, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
- check_log_space,
- (int)(((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE),
- check_log_inodes);
+ debug_printf("log directory space = %dK inodes = %d "
+ "check_space = %dK inodes = %d\n",
+ space, inodes, check_log_space, check_log_inodes);
- if (!rc)
+ if ((space >= 0 && space < check_log_space) ||
+ (inodes >= 0 && inodes < check_log_inodes))
{
log_write(0, LOG_MAIN, "log directory space check failed: space=%d "
- "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
+ "inodes=%d", space, inodes);
return FALSE;
}
}
-#endif
return TRUE;
}
function if there is an ultimate disaster. That is why it is globally
accessible.
-Arguments: SMTP response to give if in an SMTP session
+Arguments:
+ reason text reason to pass to the not-quit ACL
+ msg default SMTP response to give if in an SMTP session
Returns: it doesn't
*/
void
-receive_bomb_out(uschar *msg)
+receive_bomb_out(uschar *reason, uschar *msg)
{
+ static BOOL already_bombing_out;
+/* The smtp_notquit_exit() below can call ACLs which can trigger recursive
+timeouts, if someone has something slow in their quit ACL. Since the only
+things we should be doing are to close down cleanly ASAP, on the second
+pass we also close down stuff that might be opened again, before bypassing
+the ACL call and exiting. */
+
/* If spool_name is set, it contains the name of the data file that is being
written. Unlink it before closing so that it cannot be picked up by a delivery
process. Ensure that any header file is also removed. */
-if (spool_name[0] != 0)
+if (spool_name[0] != '\0')
{
Uunlink(spool_name);
spool_name[Ustrlen(spool_name) - 1] = 'H';
Uunlink(spool_name);
+ spool_name[0] = '\0';
}
/* Now close the file if it is open, either as a fd or a stream. */
-if (data_file != NULL) fclose(data_file);
- else if (data_fd >= 0) close(data_fd);
+if (data_file != NULL)
+ {
+ (void)fclose(data_file);
+ data_file = NULL;
+} else if (data_fd >= 0) {
+ (void)close(data_fd);
+ data_fd = -1;
+ }
-/* Attempt to close down an SMTP connection tidily. */
+/* Attempt to close down an SMTP connection tidily. For non-batched SMTP, call
+smtp_notquit_exit(), which runs the NOTQUIT ACL, if present, and handles the
+SMTP response. */
-if (smtp_input)
+if (!already_bombing_out)
{
- if (!smtp_batched_input)
+ already_bombing_out = TRUE;
+ if (smtp_input)
{
- smtp_printf("421 %s %s - closing connection.\r\n", smtp_active_hostname,
- msg);
- mac_smtp_fflush();
+ if (smtp_batched_input)
+ moan_smtp_batch(NULL, "421 %s - message abandoned", msg); /* No return */
+ smtp_notquit_exit(reason, US"421", US"%s %s - closing connection.",
+ smtp_active_hostname, msg);
}
-
- /* Control does not return from moan_smtp_batch(). */
-
- else moan_smtp_batch(NULL, "421 %s - message abandoned", msg);
}
/* Exit from the program (non-BSMTP cases) */
msg = US"SMTP incoming data timeout";
log_write(L_lost_incoming_connection,
LOG_MAIN, "SMTP data timeout (message abandoned) on connection "
- "from %s",
- (sender_fullhost != NULL)? sender_fullhost : US"local process");
+ "from %s F=<%s>",
+ (sender_fullhost != NULL)? sender_fullhost : US"local process",
+ sender_address);
}
else
{
LOG_MAIN, "timed out while reading local message");
}
-receive_bomb_out(msg); /* Does not return */
+receive_bomb_out(US"data-timeout", msg); /* Does not return */
}
sig = sig; /* Keep picky compilers happy */
log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function timed out - "
"message temporarily rejected (size %d)", message_size);
-receive_bomb_out(US"local verification problem"); /* Does not return */
+/* Does not return */
+receive_bomb_out(US"local-scan-timeout", US"local verification problem");
}
{
log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function crashed with "
"signal %d - message temporarily rejected (size %d)", sig, message_size);
-receive_bomb_out(US"local verification problem"); /* Does not return */
+/* Does not return */
+receive_bomb_out(US"local-scan-error", US"local verification problem");
}
}
else
{
- if (filter_test == NULL)
+ if (filter_test == FTEST_NONE)
{
fprintf(stderr, "\nexim: %s received - message abandoned\n",
(sig == SIGTERM)? "SIGTERM" : "SIGINT");
}
}
-receive_bomb_out(msg); /* Does not return */
+receive_bomb_out(US"signal-exit", msg); /* Does not return */
}
recipients_list[recipients_count].address = recipient;
recipients_list[recipients_count].pno = pno;
+#ifdef EXPERIMENTAL_BRIGHTMAIL
+recipients_list[recipients_count].bmi_optin = bmi_current_optin;
+/* reset optin string pointer for next recipient */
+bmi_current_optin = NULL;
+#endif
+recipients_list[recipients_count].orcpt = NULL;
+recipients_list[recipients_count].dsn_flags = 0;
recipients_list[recipients_count++].errors_to = NULL;
}
+/*************************************************
+* Send user response message *
+*************************************************/
+
+/* This function is passed a default response code and a user message. It calls
+smtp_message_code() to check and possibly modify the response code, and then
+calls smtp_respond() to transmit the response. I put this into a function
+just to avoid a lot of repetition.
+
+Arguments:
+ code the response code
+ user_msg the user message
+
+Returns: nothing
+*/
+
+#ifndef DISABLE_PRDR
+static void
+smtp_user_msg(uschar *code, uschar *user_msg)
+{
+int len = 3;
+smtp_message_code(&code, &len, &user_msg, NULL);
+smtp_respond(code, len, TRUE, user_msg);
+}
+#endif
+
+
+
+
+
/*************************************************
* Remove a recipient from the list *
*************************************************/
{
if ((--recipients_count - count) > 0)
memmove(recipients_list + count, recipients_list + count + 1,
- (recipients_count - count)*sizeof(recipient_item));
+ (recipients_count - count)*sizeof(recipient_item));
return TRUE;
}
}
{
int ch_state;
register int ch;
+register int linelength = 0;
/* Handle the case when only EOF terminates the message */
if (ch == 0) body_zerocount++;
if (last_ch == '\r' && ch != '\n')
{
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = 0;
if (fputc('\n', fout) == EOF) return END_WERROR;
message_size++;
body_linecount++;
if (ch == '\r') continue;
if (fputc(ch, fout) == EOF) return END_WERROR;
- if (ch == '\n') body_linecount++;
+ if (ch == '\n')
+ {
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = 0;
+ body_linecount++;
+ }
+ else linelength++;
if (++message_size > thismessage_size_limit) return END_SIZE;
}
if (last_ch != '\n')
{
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
if (fputc('\n', fout) == EOF) return END_WERROR;
message_size++;
body_linecount++;
{
case 0: /* Normal state (previous char written) */
if (ch == '\n')
- { body_linecount++; ch_state = 1; }
+ {
+ body_linecount++;
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = -1;
+ ch_state = 1;
+ }
else if (ch == '\r')
{ ch_state = 2; continue; }
break;
case 1: /* After written "\n" */
if (ch == '.') { ch_state = 3; continue; }
- if (ch != '\n') ch_state = 0;
+ if (ch == '\r') { ch_state = 2; continue; }
+ if (ch != '\n') ch_state = 0; else linelength = -1;
break;
case 2:
body_linecount++; /* After unwritten "\r" */
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
if (ch == '\n')
- { ch_state = 1; }
+ {
+ ch_state = 1;
+ linelength = -1;
+ }
else
{
if (message_size++, fputc('\n', fout) == EOF) return END_WERROR;
if (ch == '\r') continue;
ch_state = 0;
+ linelength = 0;
}
break;
if (ch == '\n') return END_DOT;
if (ch == '\r') { ch_state = 4; continue; }
message_size++;
+ linelength++;
if (fputc('.', fout) == EOF) return END_WERROR;
ch_state = 0;
break;
break;
}
+ linelength++;
if (fputc(ch, fout) == EOF) return END_WERROR;
if (++message_size > thismessage_size_limit) return END_SIZE;
}
read_message_data_smtp(FILE *fout)
{
int ch_state = 0;
-register int ch;
+int ch;
+register int linelength = 0;
while ((ch = (receive_getc)()) != EOF)
{
{
ch_state = 0;
body_linecount++;
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = -1;
}
else if (ch == '\r')
{
case 2: /* After (unwritten) CR */
body_linecount++;
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = -1;
if (ch == '\n')
{
ch_state = 0;
{
message_size++;
if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+ (void) cutthrough_put_nl();
if (ch != '\r') ch_state = 1; else continue;
}
break;
message_size++;
body_linecount++;
if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+ (void) cutthrough_put_nl();
if (ch == '\r')
{
ch_state = 2;
next. */
message_size++;
+ linelength++;
if (fout != NULL)
{
if (fputc(ch, fout) == EOF) return END_WERROR;
if (message_size > thismessage_size_limit) return END_SIZE;
}
+ if(ch == '\n')
+ (void) cutthrough_put_nl();
+ else
+ {
+ uschar c= ch;
+ (void) cutthrough_puts(&c, 1);
+ }
}
/* Fall through here if EOF encountered. This indicates some kind of error,
error_rc = EXIT_FAILURE;
}
else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */
-fclose(f);
+(void)fclose(f);
exim_exit(error_rc);
}
* Add header lines set up by ACL *
*************************************************/
-/* This function is called to add the header lines that were set up by "warn"
-statements in an ACL onto the list of headers in memory. It is done in two
-stages like this, because when the ACL for RCPT is running, the other headers
-have not yet been received. This function is called twice; once just before
-running the DATA ACL, and once after. This is so that header lines added by
-MAIL or RCPT are visible to the DATA ACL.
+/* This function is called to add the header lines that were set up by
+statements in an ACL to the list of headers in memory. It is done in two stages
+like this, because when the ACL for RCPT is running, the other headers have not
+yet been received. This function is called twice; once just before running the
+DATA ACL, and once after. This is so that header lines added by MAIL or RCPT
+are visible to the DATA ACL.
Originally these header lines were added at the end. Now there is support for
three different places: top, bottom, and after the Received: header(s). There
*/
static void
-add_acl_headers(uschar *acl_name)
+add_acl_headers(int where, uschar *acl_name)
{
header_line *h, *next;
header_line *last_received = NULL;
-if (acl_warn_headers == NULL) return;
+switch(where)
+ {
+ case ACL_WHERE_DKIM:
+ case ACL_WHERE_MIME:
+ case ACL_WHERE_DATA:
+ if (cutthrough.fd >= 0 && (acl_removed_headers || acl_added_headers))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "Header modification in data ACLs"
+ " will not take effect on cutthrough deliveries");
+ return;
+ }
+ }
+
+if (acl_removed_headers != NULL)
+ {
+ DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name);
+
+ for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old)
+ {
+ const uschar * list = acl_removed_headers;
+ int sep = ':'; /* This is specified as a colon-separated list */
+ uschar *s;
+ uschar buffer[128];
+
+ while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+ if (header_testname(h, s, Ustrlen(s), FALSE))
+ {
+ h->type = htype_old;
+ DEBUG(D_receive|D_acl) debug_printf(" %s", h->text);
+ }
+ }
+ acl_removed_headers = NULL;
+ DEBUG(D_receive|D_acl) debug_printf(">>\n");
+ }
+
+if (acl_added_headers == NULL) return;
DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name);
-for (h = acl_warn_headers; h != NULL; h = next)
+for (h = acl_added_headers; h != NULL; h = next)
{
next = h->next;
DEBUG(D_receive|D_acl) debug_printf(" (after Received:)");
break;
+ case htype_add_rfc:
+ /* add header before any header which is NOT Received: or Resent- */
+ last_received = header_list;
+ while ( (last_received->next != NULL) &&
+ ( (header_testname(last_received->next, US"Received", 8, FALSE)) ||
+ (header_testname_incomplete(last_received->next, US"Resent-", 7, FALSE)) ) )
+ last_received = last_received->next;
+ /* last_received now points to the last Received: or Resent-* header
+ in an uninterrupted chain of those header types (seen from the beginning
+ of all headers. Our current header must follow it. */
+ h->next = last_received->next;
+ last_received->next = h;
+ DEBUG(D_receive|D_acl) debug_printf(" (before any non-Received: or Resent-*: header)");
+ break;
+
default:
h->next = NULL;
header_last->next = h;
DEBUG(D_receive|D_acl) debug_printf(" %s", header_last->text);
}
-acl_warn_headers = NULL;
+acl_added_headers = NULL;
DEBUG(D_receive|D_acl) debug_printf(">>\n");
}
+#ifdef WITH_CONTENT_SCAN
+
+/*************************************************
+* Run the MIME ACL on a message *
+*************************************************/
+
+/* This code is in a subroutine so that it can be used for both SMTP
+and non-SMTP messages. It is called with a non-NULL ACL pointer.
+
+Arguments:
+ acl The ACL to run (acl_smtp_mime or acl_not_smtp_mime)
+ smtp_yield_ptr Set FALSE to kill messages after dropped connection
+ smtp_reply_ptr Where SMTP reply is being built
+ blackholed_by_ptr Where "blackholed by" message is being built
+
+Returns: TRUE to carry on; FALSE to abandon the message
+*/
+
+static BOOL
+run_mime_acl(uschar *acl, BOOL *smtp_yield_ptr, uschar **smtp_reply_ptr,
+ uschar **blackholed_by_ptr)
+{
+FILE *mbox_file;
+uschar rfc822_file_path[2048];
+unsigned long mbox_size;
+header_line *my_headerlist;
+uschar *user_msg, *log_msg;
+int mime_part_count_buffer = -1;
+int rc = OK;
+
+memset(CS rfc822_file_path,0,2048);
+
+/* check if it is a MIME message */
+my_headerlist = header_list;
+while (my_headerlist != NULL)
+ {
+ /* skip deleted headers */
+ if (my_headerlist->type == '*')
+ {
+ my_headerlist = my_headerlist->next;
+ continue;
+ }
+ if (strncmpic(my_headerlist->text, US"Content-Type:", 13) == 0)
+ {
+ DEBUG(D_receive) debug_printf("Found Content-Type: header - executing acl_smtp_mime.\n");
+ goto DO_MIME_ACL;
+ }
+ my_headerlist = my_headerlist->next;
+ }
+
+DEBUG(D_receive) debug_printf("No Content-Type: header - presumably not a MIME message.\n");
+return TRUE;
+
+DO_MIME_ACL:
+/* make sure the eml mbox file is spooled up */
+mbox_file = spool_mbox(&mbox_size, NULL);
+if (mbox_file == NULL) {
+ /* error while spooling */
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "acl_smtp_mime: error while creating mbox spool file, message temporarily rejected.");
+ Uunlink(spool_name);
+ unspool_mbox();
+#ifdef EXPERIMENTAL_DCC
+ dcc_ok = 0;
+#endif
+ smtp_respond(US"451", 3, TRUE, US"temporary local problem");
+ message_id[0] = 0; /* Indicate no message accepted */
+ *smtp_reply_ptr = US""; /* Indicate reply already sent */
+ return FALSE; /* Indicate skip to end of receive function */
+};
+
+mime_is_rfc822 = 0;
+
+MIME_ACL_CHECK:
+mime_part_count = -1;
+rc = mime_acl_check(acl, mbox_file, NULL, &user_msg, &log_msg);
+(void)fclose(mbox_file);
+
+if (Ustrlen(rfc822_file_path) > 0)
+ {
+ mime_part_count = mime_part_count_buffer;
+
+ if (unlink(CS rfc822_file_path) == -1)
+ {
+ log_write(0, LOG_PANIC,
+ "acl_smtp_mime: can't unlink RFC822 spool file, skipping.");
+ goto END_MIME_ACL;
+ }
+ }
+
+/* check if we must check any message/rfc822 attachments */
+if (rc == OK)
+ {
+ uschar temp_path[1024];
+ struct dirent * entry;
+ DIR * tempdir;
+
+ (void) string_format(temp_path, sizeof(temp_path), "%s/scan/%s",
+ spool_directory, message_id);
+
+ tempdir = opendir(CS temp_path);
+ for (;;)
+ {
+ if (!(entry = readdir(tempdir)))
+ break;
+ if (strncmpic(US entry->d_name, US"__rfc822_", 9) == 0)
+ {
+ (void) string_format(rfc822_file_path, sizeof(rfc822_file_path),
+ "%s/scan/%s/%s", spool_directory, message_id, entry->d_name);
+ debug_printf("RFC822 attachment detected: running MIME ACL for '%s'\n",
+ rfc822_file_path);
+ break;
+ }
+ }
+ closedir(tempdir);
+
+ if (entry)
+ {
+ if ((mbox_file = Ufopen(rfc822_file_path, "rb")))
+ {
+ /* set RFC822 expansion variable */
+ mime_is_rfc822 = 1;
+ mime_part_count_buffer = mime_part_count;
+ goto MIME_ACL_CHECK;
+ }
+ log_write(0, LOG_PANIC,
+ "acl_smtp_mime: can't open RFC822 spool file, skipping.");
+ unlink(CS rfc822_file_path);
+ }
+ }
+
+END_MIME_ACL:
+add_acl_headers(ACL_WHERE_MIME, US"MIME");
+if (rc == DISCARD)
+ {
+ recipients_count = 0;
+ *blackholed_by_ptr = US"MIME ACL";
+ }
+else if (rc != OK)
+ {
+ Uunlink(spool_name);
+ unspool_mbox();
+#ifdef EXPERIMENTAL_DCC
+ dcc_ok = 0;
+#endif
+ if (smtp_input && smtp_handle_acl_fail(ACL_WHERE_MIME, rc, user_msg, log_msg) != 0) {
+ *smtp_yield_ptr = FALSE; /* No more messsages after dropped connection */
+ *smtp_reply_ptr = US""; /* Indicate reply already sent */
+ }
+ message_id[0] = 0; /* Indicate no message accepted */
+ return FALSE; /* Cause skip to end of receive function */
+ }
+
+return TRUE;
+}
+
+#endif /* WITH_CONTENT_SCAN */
+
+
+
+void
+received_header_gen(void)
+{
+uschar *received;
+uschar *timestamp;
+header_line *received_header= header_list;
+
+timestamp = expand_string(US"${tod_full}");
+if (recipients_count == 1) received_for = recipients_list[0].address;
+received = expand_string(received_header_text);
+received_for = NULL;
+
+if (received == NULL)
+ {
+ if(spool_name[0] != 0)
+ Uunlink(spool_name); /* Lose the data file */
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
+ "(received_header_text) failed: %s", string_printing(received_header_text),
+ expand_string_message);
+ }
+
+/* The first element on the header chain is reserved for the Received header,
+so all we have to do is fill in the text pointer, and set the type. However, if
+the result of the expansion is an empty string, we leave the header marked as
+"old" so as to refrain from adding a Received header. */
+
+if (received[0] == 0)
+ {
+ received_header->text = string_sprintf("Received: ; %s\n", timestamp);
+ received_header->type = htype_old;
+ }
+else
+ {
+ received_header->text = string_sprintf("%s; %s\n", received, timestamp);
+ received_header->type = htype_received;
+ }
+
+received_header->slen = Ustrlen(received_header->text);
+
+DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
+ received_header->type, received_header->text);
+}
+
+
/*************************************************
* Receive message *
Either a non-null list of recipients, or the extract flag will be true, or
both. The flag sender_local is true for locally generated messages. The flag
submission_mode is true if an ACL has obeyed "control = submission". The flag
-smtp_input is true if the message is to be handled using SMTP conventions about
-termination and lines starting with dots. For non-SMTP messages, dot_ends is
-true for dot-terminated messages.
+suppress_local_fixups is true if an ACL has obeyed "control =
+suppress_local_fixups" or -G was passed on the command-line.
+The flag smtp_input is true if the message is to be
+handled using SMTP conventions about termination and lines starting with dots.
+For non-SMTP messages, dot_ends is true for dot-terminated messages.
If a message was successfully read, message_id[0] will be non-zero.
blocks.
. If there is a "sender:" header and the message is locally originated,
- throw it away, unless the caller is trusted, or unless local_sender_retain
- is set - which can only happen if local_from_check is false.
+ throw it away, unless the caller is trusted, or unless
+ active_local_sender_retain is set - which can only happen if
+ active_local_from_check is false.
. If recipients are to be extracted from the message, build the
recipients list from the headers, removing any that were on the
. If the sender is local, check that from: is correct, and if not, generate
a Sender: header, unless message comes from a trusted caller, or this
- feature is disabled by no_local_from_check.
+ feature is disabled by active_local_from_check being false.
. If there is no "date" header, generate one, for locally-originated
or submission mode messages only.
BOOL
receive_msg(BOOL extract_recip)
{
-int i, rc;
+int i;
+int rc = FAIL;
int msg_size = 0;
int process_info_len = Ustrlen(process_info);
int error_rc = (error_handling == ERRORS_SENDER)?
int start, end, domain, size, sptr;
int id_resolution;
int had_zero = 0;
+int prevlines_length = 0;
register int ptr = 0;
BOOL resents_exist = FALSE;
uschar *resent_prefix = US"";
uschar *blackholed_by = NULL;
+uschar *blackhole_log_msg = US"";
+enum {NOT_TRIED, TMP_REJ, PERM_REJ, ACCEPTED} cutthrough_done = NOT_TRIED;
flock_t lock_data;
error_block *bad_addresses = NULL;
uschar *errmsg, *s;
struct stat statbuf;
-/* Final message to give to SMTP caller */
+/* Final message to give to SMTP caller, and messages from ACLs */
uschar *smtp_reply = NULL;
+uschar *user_msg, *log_msg;
/* Working header pointers */
header_line *h, *next;
-/* Flags for noting the existence of certain headers */
-
-/**** No longer check for these (Nov 2003)
-BOOL to_or_cc_header_exists = FALSE;
-BOOL bcc_header_exists = FALSE;
-****/
+/* Flags for noting the existence of certain headers (only one left) */
BOOL date_header_exists = FALSE;
header_line *msgid_header = NULL;
header_line *received_header;
+#ifdef EXPERIMENTAL_DMARC
+int dmarc_up = 0;
+#endif /* EXPERIMENTAL_DMARC */
+
/* Variables for use when building the Received: header. */
-uschar *received;
uschar *timestamp;
int tslen;
search_tidyup();
+/* Extracting the recipient list from an input file is incompatible with
+cutthrough delivery with the no-spool option. It shouldn't be possible
+to set up the combination, but just in case kill any ongoing connection. */
+if (extract_recip || !smtp_input)
+ cancel_cutthrough_connection("not smtp input");
+
/* Initialize the chain of headers by setting up a place-holder for Received:
header. Temporarily mark it as "old", i.e. not to be used. We keep header_last
pointing to the end of the chain to make adding headers simple. */
spool_name[0] = 0;
message_size = 0;
warning_count = 0;
-received_count = 1; /* For the one we will add */
+received_count = 1; /* For the one we will add */
if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX;
-/* While reading the message, body_linecount and body_zerocount is computed.
-The full message_ linecount is set up only when the headers are read back in
-from the spool for delivery. */
+/* While reading the message, the following counts are computed. */
+
+message_linecount = body_linecount = body_zerocount =
+ max_received_linelength = 0;
-body_linecount = body_zerocount = 0;
+#ifndef DISABLE_DKIM
+/* Call into DKIM to set up the context. */
+if (smtp_input && !smtp_batched_input && !dkim_disable_verify) dkim_exim_verify_init();
+#endif
+
+#ifdef EXPERIMENTAL_DMARC
+/* initialize libopendmarc */
+dmarc_up = dmarc_init();
+#endif
/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
/* End of header line reached */
EOL:
- receive_linecount++; /* For BSMTP errors */
+
+ /* Keep track of lines for BSMTP errors and overall message_linecount. */
+
+ receive_linecount++;
+ message_linecount++;
+
+ /* Keep track of maximum line length */
+
+ if (ptr - prevlines_length > max_received_linelength)
+ max_received_linelength = ptr - prevlines_length;
+ prevlines_length = ptr + 1;
/* Now put in the terminating newline. There is always space for
at least two more characters. */
if (domain == 0 && newsender[0] != 0)
newsender = rewrite_address_qualify(newsender, FALSE);
- if (filter_test != NULL || receive_check_set_sender(newsender))
+ if (filter_test != FTEST_NONE || receive_check_set_sender(newsender))
{
sender_address = newsender;
- if (trusted_caller || filter_test != NULL)
+ if (trusted_caller || filter_test != FTEST_NONE)
{
authenticated_sender = NULL;
originator_name = US"";
sender_local = FALSE;
}
- if (filter_test != NULL)
+ if (filter_test != FTEST_NONE)
printf("Sender taken from \"From \" line\n");
}
}
next->text = store_get(header_size);
ptr = 0;
had_zero = 0;
+ prevlines_length = 0;
} /* Continue, starting to read the next header */
/* At this point, we have read all the headers into a data structure in main
/* If this is a filter test run and no headers were read, output a warning
in case there is a mistake in the test message. */
-if (filter_test != NULL && header_list->next == NULL)
+if (filter_test != FTEST_NONE && header_list->next == NULL)
printf("Warning: no message headers read\n");
switch (header_checkname(h, is_resent))
{
- /* "Bcc:" gets flagged, and its existence noted, whether it's resent- or
- not. */
-
case htype_bcc:
- h->type = htype_bcc;
- /****
- bcc_header_exists = TRUE;
- ****/
+ h->type = htype_bcc; /* Both Bcc: and Resent-Bcc: */
break;
- /* "Cc:" gets flagged, and the existence of a recipient header is noted,
- whether it's resent- or not. */
-
case htype_cc:
- h->type = htype_cc;
- /****
- to_or_cc_header_exists = TRUE;
- ****/
+ h->type = htype_cc; /* Both Cc: and Resent-Cc: */
break;
/* Record whether a Date: or Resent-Date: header exists, as appropriate. */
case htype_date:
- date_header_exists = !resents_exist || is_resent;
+ if (!resents_exist || is_resent) date_header_exists = TRUE;
break;
/* Same comments as about Return-Path: below. */
from_header = h;
if (!smtp_input)
{
+ int len;
uschar *s = Ustrchr(h->text, ':') + 1;
while (isspace(*s)) s++;
- if (strncmpic(s, originator_login, h->slen - (s - h->text) - 1) == 0)
+ len = h->slen - (s - h->text) - 1;
+ if (Ustrlen(originator_login) == len &&
+ strncmpic(s, originator_login, len) == 0)
{
uschar *name = is_resent? US"Resent-From" : US"From";
header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name,
otherwise set. However, remove any <> that surround the address
because the variable doesn't have these. */
- if (filter_test != NULL)
+ if (filter_test != FTEST_NONE)
{
uschar *start = h->text + 12;
uschar *end = start + Ustrlen(start);
break;
/* If there is a "Sender:" header and the message is locally originated,
- and from an untrusted caller, or if we are in submission mode for a remote
- message, mark it "old" so that it will not be transmitted with the message,
- unless local_sender_retain is set. (This can only be true if
- local_from_check is false.) If there are any resent- headers in the
- message, apply this rule to Resent-Sender: instead of Sender:. Messages
- with multiple resent- header sets cannot be tidily handled. (For this
- reason, at least one MUA - Pine - turns old resent- headers into X-resent-
- headers when resending, leaving just one set.) */
+ and from an untrusted caller and suppress_local_fixups is not set, or if we
+ are in submission mode for a remote message, mark it "old" so that it will
+ not be transmitted with the message, unless active_local_sender_retain is
+ set. (This can only be true if active_local_from_check is false.) If there
+ are any resent- headers in the message, apply this rule to Resent-Sender:
+ instead of Sender:. Messages with multiple resent- header sets cannot be
+ tidily handled. (For this reason, at least one MUA - Pine - turns old
+ resent- headers into X-resent- headers when resending, leaving just one
+ set.) */
case htype_sender:
- h->type = ((
- (sender_local && !trusted_caller && !local_sender_retain) ||
- submission_mode
+ h->type = ((!active_local_sender_retain &&
+ (
+ (sender_local && !trusted_caller && !suppress_local_fixups)
+ || submission_mode
+ )
) &&
(!resents_exist||is_resent))?
htype_old : htype_sender;
recipients_count = recipients_list_max = 0;
}
- parse_allow_group = TRUE; /* Allow address group syntax */
-
/* Now scan the headers */
for (h = header_list->next; h != NULL; h = h->next)
uschar *s = Ustrchr(h->text, ':') + 1;
while (isspace(*s)) s++;
+ parse_allow_group = TRUE; /* Allow address group syntax */
+
while (*s != 0)
{
uschar *ss = parse_find_address_end(s, FALSE);
s = ss + (*ss? 1:0);
while (isspace(*s)) s++;
- }
+ } /* Next address */
+
+ parse_allow_group = FALSE; /* Reset group syntax flags */
+ parse_found_group = FALSE;
/* If this was the bcc: header, mark it "old", which means it
will be kept on the spool, but not transmitted as part of the
message. */
- if (h->type == htype_bcc)
- {
- h->type = htype_old;
- /****
- bcc_header_exists = FALSE;
- ****/
- }
+ if (h->type == htype_bcc) h->type = htype_old;
} /* For appropriate header line */
} /* For each header line */
- parse_allow_group = FALSE; /* Reset group syntax flags */
- parse_found_group = FALSE;
}
/* Now build the unique message id. This has changed several times over the
message_subdir[0] = split_spool_directory? message_id[5] : 0;
/* Now that we have the message-id, if there is no message-id: header, generate
-one, but only for local or submission mode messages. This can be
-user-configured if required, but we had better flatten any illegal characters
-therein. */
+one, but only for local (without suppress_local_fixups) or submission mode
+messages. This can be user-configured if required, but we had better flatten
+any illegal characters therein. */
-if (msgid_header == NULL && (sender_host_address == NULL || submission_mode))
+if (msgid_header == NULL &&
+ ((sender_host_address == NULL && !suppress_local_fixups)
+ || submission_mode))
{
uschar *p;
uschar *id_text = US"";
}
}
- /* Add the header line */
+ /* Add the header line
+ * Resent-* headers are prepended, per RFC 5322 3.6.6. Non-Resent-* are
+ * appended, to preserve classical expectations of header ordering. */
- header_add(htype_id, "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix,
- message_id_external, (*id_text == 0)? "" : ".", id_text, id_domain);
+ header_add_at_position(!resents_exist, NULL, FALSE, htype_id,
+ "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix, message_id_external,
+ (*id_text == 0)? "" : ".", id_text, id_domain);
}
/* If we are to log recipients, keep a copy of the raw ones before any possible
rewrite_address(recipients_list[i].address, TRUE, TRUE,
global_rewrite_rules, rewrite_existflags);
-/* If there is no From: header, generate one for local or submission_mode
-messages. If there is no sender address, but the sender is local or this is a
-local delivery error, use the originator login. This shouldn't happen for
-genuine bounces, but might happen for autoreplies. The addition of From: must
-be done *before* checking for the possible addition of a Sender: header,
-because untrusted_set_sender allows an untrusted user to set anything in the
-envelope (which might then get info From:) but we still want to ensure a valid
-Sender: if it is required. */
-
-if (from_header == NULL && (sender_host_address == NULL || submission_mode))
+/* If there is no From: header, generate one for local (without
+suppress_local_fixups) or submission_mode messages. If there is no sender
+address, but the sender is local or this is a local delivery error, use the
+originator login. This shouldn't happen for genuine bounces, but might happen
+for autoreplies. The addition of From: must be done *before* checking for the
+possible addition of a Sender: header, because untrusted_set_sender allows an
+untrusted user to set anything in the envelope (which might then get info
+From:) but we still want to ensure a valid Sender: if it is required. */
+
+if (from_header == NULL &&
+ ((sender_host_address == NULL && !suppress_local_fixups)
+ || submission_mode))
{
+ uschar *oname = US"";
+
+ /* Use the originator_name if this is a locally submitted message and the
+ caller is not trusted. For trusted callers, use it only if -F was used to
+ force its value or if we have a non-SMTP message for which -f was not used
+ to set the sender. */
+
+ if (sender_host_address == NULL)
+ {
+ if (!trusted_caller || sender_name_forced ||
+ (!smtp_input && !sender_address_forced))
+ oname = originator_name;
+ }
+
+ /* For non-locally submitted messages, the only time we use the originator
+ name is when it was forced by the /name= option on control=submission. */
+
+ else
+ {
+ if (submission_name != NULL) oname = submission_name;
+ }
+
/* Envelope sender is empty */
if (sender_address[0] == 0)
{
+ uschar *fromstart, *fromend;
+
+ fromstart = string_sprintf("%sFrom: %s%s", resent_prefix,
+ oname, (oname[0] == 0)? "" : " <");
+ fromend = (oname[0] == 0)? US"" : US">";
+
if (sender_local || local_error_message)
{
- header_add(htype_from, "%sFrom: %s%s%s@%s%s\n", resent_prefix,
- originator_name,
- (originator_name[0] == 0)? "" : " <",
- local_part_quote(originator_login),
- qualify_domain_sender,
- (originator_name[0] == 0)? "" : ">");
+ header_add(htype_from, "%s%s@%s%s\n", fromstart,
+ local_part_quote(originator_login), qualify_domain_sender,
+ fromend);
}
else if (submission_mode && authenticated_id != NULL)
{
if (submission_domain == NULL)
{
- header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
- local_part_quote(authenticated_id), qualify_domain_sender);
+ header_add(htype_from, "%s%s@%s%s\n", fromstart,
+ local_part_quote(authenticated_id), qualify_domain_sender,
+ fromend);
}
else if (submission_domain[0] == 0) /* empty => whole address set */
{
- header_add(htype_from, "%sFrom: %s\n", resent_prefix,
- authenticated_id);
+ header_add(htype_from, "%s%s%s\n", fromstart, authenticated_id,
+ fromend);
}
else
{
- header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
- local_part_quote(authenticated_id), submission_domain);
+ header_add(htype_from, "%s%s@%s%s\n", fromstart,
+ local_part_quote(authenticated_id), submission_domain,
+ fromend);
}
from_header = header_last; /* To get it checked for Sender: */
}
else
{
- if (!smtp_input || sender_local)
- header_add(htype_from, "%sFrom: %s%s%s%s\n",
- resent_prefix, originator_name,
- (originator_name[0] == 0)? "" : " <",
- (sender_address_unrewritten == NULL)?
- sender_address : sender_address_unrewritten,
- (originator_name[0] == 0)? "" : ">");
- else
- header_add(htype_from, "%sFrom: %s\n", resent_prefix, sender_address);
+ header_add(htype_from, "%sFrom: %s%s%s%s\n", resent_prefix,
+ oname,
+ (oname[0] == 0)? "" : " <",
+ (sender_address_unrewritten == NULL)?
+ sender_address : sender_address_unrewritten,
+ (oname[0] == 0)? "" : ">");
from_header = header_last; /* To get it checked for Sender: */
}
}
-/* If the sender is local, or if we are in submission mode and there is an
-authenticated_id, check that an existing From: is correct, and if not, generate
-a Sender: header, unless disabled. Any previously-existing Sender: header was
-removed above. Note that sender_local, as well as being TRUE if the caller of
-exim is not trusted, is also true if a trusted caller did not supply a -f
-argument for non-smtp input. To allow trusted callers to forge From: without
-supplying -f, we have to test explicitly here. If the From: header contains
-more than one address, then the call to parse_extract_address fails, and a
-Sender: header is inserted, as required. */
+/* If the sender is local (without suppress_local_fixups), or if we are in
+submission mode and there is an authenticated_id, check that an existing From:
+is correct, and if not, generate a Sender: header, unless disabled. Any
+previously-existing Sender: header was removed above. Note that sender_local,
+as well as being TRUE if the caller of exim is not trusted, is also true if a
+trusted caller did not supply a -f argument for non-smtp input. To allow
+trusted callers to forge From: without supplying -f, we have to test explicitly
+here. If the From: header contains more than one address, then the call to
+parse_extract_address fails, and a Sender: header is inserted, as required. */
if (from_header != NULL &&
- (
- (sender_local && local_from_check && !trusted_caller) ||
- (submission_mode && authenticated_id != NULL)
+ (active_local_from_check &&
+ ((sender_local && !trusted_caller && !suppress_local_fixups) ||
+ (submission_mode && authenticated_id != NULL))
))
{
BOOL make_sender = TRUE;
if (make_sender)
{
- if (submission_mode)
+ if (submission_mode && submission_name == NULL)
header_add(htype_sender, "%sSender: %s\n", resent_prefix,
generated_sender_address);
else
header_add(htype_sender, "%sSender: %s <%s>\n",
- resent_prefix, originator_name, generated_sender_address);
+ resent_prefix,
+ submission_mode? submission_name : originator_name,
+ generated_sender_address);
}
- }
+ /* Ensure that a non-null envelope sender address corresponds to the
+ submission mode sender address. */
+
+ if (submission_mode && sender_address[0] != 0)
+ {
+ if (sender_address_unrewritten == NULL)
+ sender_address_unrewritten = sender_address;
+ sender_address = generated_sender_address;
+ if (Ustrcmp(sender_address_unrewritten, generated_sender_address) != 0)
+ log_write(L_address_rewrite, LOG_MAIN,
+ "\"%s\" from env-from rewritten as \"%s\" by submission mode",
+ sender_address_unrewritten, generated_sender_address);
+ }
+ }
/* If there are any rewriting rules, apply them to the sender address, unless
it has already been rewritten as part of verification for SMTP input. */
/* An RFC 822 (sic) message is not legal unless it has at least one of "to",
-"cc", or "bcc". Note that although the minimal examples in RFC822 show just
+"cc", or "bcc". Note that although the minimal examples in RFC 822 show just
"to" or "bcc", the full syntax spec allows "cc" as well. If any resent- header
exists, this applies to the set of resent- headers rather than the normal set.
-The requirement for a recipient header has been removed in RFC 2822. Earlier
-versions of Exim added a To: header for locally submitted messages, and an
-empty Bcc: header for others or when always_bcc was set. In the light of the
-changes in RFC 2822, we now always add Bcc: just in case there are still MTAs
-out there that insist on the RFC 822 syntax.
-
-November 2003: While generally revising what Exim does to fix up headers, it
-seems like a good time to remove this altogether. */
+The requirement for a recipient header has been removed in RFC 2822. At this
+point in the code, earlier versions of Exim added a To: header for locally
+submitted messages, and an empty Bcc: header for others. In the light of the
+changes in RFC 2822, this was dropped in November 2003. */
-/******
-if (!to_or_cc_header_exists && !bcc_header_exists)
- header_add(htype_bcc, "Bcc:\n");
-******/
/* If there is no date header, generate one if the message originates locally
-(i.e. not over TCP/IP) or the submission mode flag is set. Messages without
-Date: are not valid, but it seems to be more confusing if Exim adds one to
-all remotely-originated messages. */
+(i.e. not over TCP/IP) and suppress_local_fixups is not set, or if the
+submission mode flag is set. Messages without Date: are not valid, but it seems
+to be more confusing if Exim adds one to all remotely-originated messages.
+As per Message-Id, we prepend if resending, else append.
+*/
-if (!date_header_exists && (sender_host_address == NULL || submission_mode))
- header_add(htype_other, "%sDate: %s\n", resent_prefix, tod_stamp(tod_full));
+if (!date_header_exists &&
+ ((sender_host_address == NULL && !suppress_local_fixups)
+ || submission_mode))
+ header_add_at_position(!resents_exist, NULL, FALSE, htype_other,
+ "%sDate: %s\n", resent_prefix, tod_stamp(tod_full));
search_tidyup(); /* Free any cached resources */
testing mode, that is all this function does. Return TRUE if the message
ended with a dot. */
-if (filter_test != NULL)
+if (filter_test != FTEST_NONE)
{
process_info[process_info_len] = 0;
return message_ended == END_DOT;
}
+/* Cutthrough delivery:
+We have to create the Received header now rather than at the end of reception,
+so the timestamp behaviour is a change to the normal case.
+XXX Ensure this gets documented XXX.
+Having created it, send the headers to the destination. */
+if (cutthrough.fd >= 0)
+ {
+ if (received_count > received_headers_max)
+ {
+ cancel_cutthrough_connection("too many headers");
+ if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
+ log_write(0, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
+ "Too many \"Received\" headers",
+ sender_address,
+ (sender_fullhost == NULL)? "" : " H=",
+ (sender_fullhost == NULL)? US"" : sender_fullhost,
+ (sender_ident == NULL)? "" : " U=",
+ (sender_ident == NULL)? US"" : sender_ident);
+ message_id[0] = 0; /* Indicate no message accepted */
+ smtp_reply = US"550 Too many \"Received\" headers - suspected mail loop";
+ goto TIDYUP; /* Skip to end of function */
+ }
+ received_header_gen();
+ add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
+ (void) cutthrough_headers_send();
+ }
+
+
/* Open a new spool file for the data portion of the message. We need
to access it both via a file descriptor and a stream. Try to make the
directory if it isn't there. Note re use of sprintf: spool_directory
/* Make sure the file's group is the Exim gid, and double-check the mode
because the group setting doesn't always get set automatically. */
-fchown(data_fd, exim_uid, exim_gid);
-fchmod(data_fd, SPOOL_MODE);
+if (fchown(data_fd, exim_uid, exim_gid))
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Failed setting ownership on spool file %s: %s",
+ spool_name, strerror(errno));
+(void)fchmod(data_fd, SPOOL_MODE);
/* We now have data file open. Build a stream for it and lock it. We lock only
the first line of the file (containing the message ID) because otherwise there
{
uschar *s = next->text;
int len = next->slen;
- fwrite(s, 1, len, data_file);
+ len = fwrite(s, 1, len, data_file); len = len; /* compiler quietening */
body_linecount++; /* Assumes only 1 line */
}
else message_ended = read_message_data(data_file);
receive_linecount += body_linecount; /* For BSMTP errors mainly */
+ message_linecount += body_linecount;
/* Handle premature termination of SMTP */
if (smtp_input && message_ended == END_EOF)
{
Uunlink(spool_name); /* Lose data file when closed */
+ cancel_cutthrough_connection("sender closed connection");
message_id[0] = 0; /* Indicate no message accepted */
smtp_reply = handle_lost_connection(US"");
smtp_yield = FALSE;
if (message_ended == END_SIZE)
{
Uunlink(spool_name); /* Lose the data file when closed */
+ cancel_cutthrough_connection("mail too big");
if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
anything until the terminating dot line is sent. */
if (fflush(data_file) == EOF || ferror(data_file) ||
- fsync(fileno(data_file)) < 0 || (receive_ferror)())
+ EXIMfsync(fileno(data_file)) < 0 || (receive_ferror)())
{
uschar *msg_errno = US strerror(errno);
BOOL input_error = (receive_ferror)() != 0;
log_write(0, LOG_MAIN, "Message abandoned: %s", msg);
Uunlink(spool_name); /* Lose the data file */
+ cancel_cutthrough_connection("error writing spoolfile");
if (smtp_input)
{
if (recipients_count == 0 || error_handling == ERRORS_STDERR)
{
Uunlink(spool_name);
- fclose(data_file);
+ (void)fclose(data_file);
exim_exit(error_rc);
}
}
Note: the checking for too many Received: headers is handled by the delivery
code. */
+/*XXX eventually add excess Received: check for cutthrough case back when classifying them */
-timestamp = expand_string(US"${tod_full}");
-if (recipients_count == 1) received_for = recipients_list[0].address;
-received = expand_string(received_header_text);
-received_for = NULL;
-
-if (received == NULL)
+if (received_header->text == NULL) /* Non-cutthrough case */
{
- Uunlink(spool_name); /* Lose the data file */
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
- "(received_header_text) failed: %s", string_printing(received_header_text),
- expand_string_message);
- }
-
-/* The first element on the header chain is reserved for the Received header,
-so all we have to do is fill in the text pointer, and set the type. However, if
-the result of the expansion is an empty string, we leave the header marked as
-"old" so as to refrain from adding a Received header. */
-
-if (received[0] == 0)
- {
- received_header->text = string_sprintf("Received: ; %s\n", timestamp);
- received_header->type = htype_old;
- }
-else
- {
- received_header->text = string_sprintf("%s; %s\n", received, timestamp);
- received_header->type = htype_received;
- }
+ received_header_gen();
-received_header->slen = Ustrlen(received_header->text);
-
-DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
- received_header->type, received_header->text);
+ /* Set the value of message_body_size for the DATA ACL and for local_scan() */
-/* Set the value of message_body_size for the DATA ACL and for local_scan() */
+ message_body_size = (fstat(data_fd, &statbuf) == 0)?
+ statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
-message_body_size = (fstat(data_fd, &statbuf) == 0)?
- statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
+ /* If an ACL from any RCPT commands set up any warning headers to add, do so
+ now, before running the DATA ACL. */
-/* If an ACL from any RCPT commands set up any warning headers to add, do so
-now, before running the DATA ACL. */
-
-add_acl_headers(US"MAIL or RCPT");
+ add_acl_headers(ACL_WHERE_RCPT, US"MAIL or RCPT");
+ }
+else
+ message_body_size = (fstat(data_fd, &statbuf) == 0)?
+ statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
/* If an ACL is specified for checking things at this stage of reception of a
message, run it, unless all the recipients were removed by "discard" in earlier
*/
deliver_datafile = data_fd;
+user_msg = NULL;
+
+enable_dollar_recipients = TRUE;
if (recipients_count == 0)
{
}
else
{
- enable_dollar_recipients = TRUE;
-
/* Handle interactive SMTP messages */
if (smtp_input && !smtp_batched_input)
{
+
+#ifndef DISABLE_DKIM
+ if (!dkim_disable_verify)
+ {
+ /* Finish verification, this will log individual signature results to
+ the mainlog */
+ dkim_exim_verify_finish();
+
+ /* Check if we must run the DKIM ACL */
+ if ((acl_smtp_dkim != NULL) &&
+ (dkim_verify_signers != NULL) &&
+ (dkim_verify_signers[0] != '\0'))
+ {
+ uschar *dkim_verify_signers_expanded =
+ expand_string(dkim_verify_signers);
+ if (dkim_verify_signers_expanded == NULL)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "expansion of dkim_verify_signers option failed: %s",
+ expand_string_message);
+ }
+ else
+ {
+ int sep = 0;
+ const uschar *ptr = dkim_verify_signers_expanded;
+ uschar *item = NULL;
+ uschar *seen_items = NULL;
+ int seen_items_size = 0;
+ int seen_items_offset = 0;
+ uschar itembuf[256];
+ /* Default to OK when no items are present */
+ rc = OK;
+ while ((item = string_nextinlist(&ptr, &sep,
+ itembuf,
+ sizeof(itembuf))))
+ {
+ /* Prevent running ACL for an empty item */
+ if (!item || (item[0] == '\0')) continue;
+
+ /* Only run ACL once for each domain or identity,
+ no matter how often it appears in the expanded list. */
+ if (seen_items)
+ {
+ uschar *seen_item = NULL;
+ uschar seen_item_buf[256];
+ const uschar *seen_items_list = seen_items;
+ BOOL seen_this_item = FALSE;
+
+ while ((seen_item = string_nextinlist(&seen_items_list, &sep,
+ seen_item_buf,
+ sizeof(seen_item_buf))))
+ if (Ustrcmp(seen_item,item) == 0)
+ {
+ seen_this_item = TRUE;
+ break;
+ }
+
+ if (seen_this_item)
+ {
+ DEBUG(D_receive)
+ debug_printf("acl_smtp_dkim: skipping signer %s, "
+ "already seen\n", item);
+ continue;
+ }
+
+ seen_items = string_append(seen_items, &seen_items_size,
+ &seen_items_offset, 1, ":");
+ }
+
+ seen_items = string_append(seen_items, &seen_items_size,
+ &seen_items_offset, 1, item);
+ seen_items[seen_items_offset] = '\0';
+
+ DEBUG(D_receive)
+ debug_printf("calling acl_smtp_dkim for dkim_cur_signer=%s\n",
+ item);
+
+ dkim_exim_acl_setup(item);
+ rc = acl_check(ACL_WHERE_DKIM, NULL, acl_smtp_dkim,
+ &user_msg, &log_msg);
+
+ if (rc != OK)
+ {
+ DEBUG(D_receive)
+ debug_printf("acl_smtp_dkim: acl_check returned %d on %s, "
+ "skipping remaining items\n", rc, item);
+ cancel_cutthrough_connection("dkim acl not ok");
+ break;
+ }
+ }
+ add_acl_headers(ACL_WHERE_DKIM, US"DKIM");
+ if (rc == DISCARD)
+ {
+ recipients_count = 0;
+ blackholed_by = US"DKIM ACL";
+ if (log_msg != NULL)
+ blackhole_log_msg = string_sprintf(": %s", log_msg);
+ }
+ else if (rc != OK)
+ {
+ Uunlink(spool_name);
+ if (smtp_handle_acl_fail(ACL_WHERE_DKIM, rc, user_msg, log_msg) != 0)
+ smtp_yield = FALSE; /* No more messsages after dropped connection */
+ smtp_reply = US""; /* Indicate reply already sent */
+ message_id[0] = 0; /* Indicate no message accepted */
+ goto TIDYUP; /* Skip to end of function */
+ }
+ }
+ }
+ }
+#endif /* DISABLE_DKIM */
+
+#ifdef WITH_CONTENT_SCAN
+ if (recipients_count > 0 &&
+ acl_smtp_mime != NULL &&
+ !run_mime_acl(acl_smtp_mime, &smtp_yield, &smtp_reply, &blackholed_by))
+ goto TIDYUP;
+#endif /* WITH_CONTENT_SCAN */
+
+#ifdef EXPERIMENTAL_DMARC
+ dmarc_up = dmarc_store_data(from_header);
+#endif /* EXPERIMENTAL_DMARC */
+
+#ifndef DISABLE_PRDR
+ if (prdr_requested && recipients_count > 1 && acl_smtp_data_prdr)
+ {
+ unsigned int c;
+ int all_pass = OK;
+ int all_fail = FAIL;
+
+ smtp_printf("353 PRDR content analysis beginning\r\n");
+ /* Loop through recipients, responses must be in same order received */
+ for (c = 0; recipients_count > c; c++)
+ {
+ uschar * addr= recipients_list[c].address;
+ uschar * msg= US"PRDR R=<%s> %s";
+ uschar * code;
+ DEBUG(D_receive)
+ debug_printf("PRDR processing recipient %s (%d of %d)\n",
+ addr, c+1, recipients_count);
+ rc = acl_check(ACL_WHERE_PRDR, addr,
+ acl_smtp_data_prdr, &user_msg, &log_msg);
+
+ /* If any recipient rejected content, indicate it in final message */
+ all_pass |= rc;
+ /* If all recipients rejected, indicate in final message */
+ all_fail &= rc;
+
+ switch (rc)
+ {
+ case OK: case DISCARD: code = US"250"; break;
+ case DEFER: code = US"450"; break;
+ default: code = US"550"; break;
+ }
+ if (user_msg != NULL)
+ smtp_user_msg(code, user_msg);
+ else
+ {
+ switch (rc)
+ {
+ case OK: case DISCARD:
+ msg = string_sprintf(CS msg, addr, "acceptance"); break;
+ case DEFER:
+ msg = string_sprintf(CS msg, addr, "temporary refusal"); break;
+ default:
+ msg = string_sprintf(CS msg, addr, "refusal"); break;
+ }
+ smtp_user_msg(code, msg);
+ }
+ if (log_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, log_msg);
+ else if (user_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, user_msg);
+ else log_write(0, LOG_MAIN, "%s", CS msg);
+
+ if (rc != OK) { receive_remove_recipient(addr); c--; }
+ }
+ /* Set up final message, used if data acl gives OK */
+ smtp_reply = string_sprintf("%s id=%s message %s",
+ all_fail == FAIL ? US"550" : US"250",
+ message_id,
+ all_fail == FAIL
+ ? US"rejected for all recipients"
+ : all_pass == OK
+ ? US"accepted"
+ : US"accepted for some recipients");
+ if (recipients_count == 0)
+ {
+ message_id[0] = 0; /* Indicate no message accepted */
+ goto TIDYUP;
+ }
+ }
+ else
+ prdr_requested = FALSE;
+#endif /* !DISABLE_PRDR */
+
+ /* Check the recipients count again, as the MIME ACL might have changed
+ them. */
+
if (acl_smtp_data != NULL && recipients_count > 0)
{
- uschar *user_msg, *log_msg;
rc = acl_check(ACL_WHERE_DATA, NULL, acl_smtp_data, &user_msg, &log_msg);
- add_acl_headers(US"DATA");
+ add_acl_headers(ACL_WHERE_DATA, US"DATA");
if (rc == DISCARD)
{
recipients_count = 0;
blackholed_by = US"DATA ACL";
+ if (log_msg != NULL)
+ blackhole_log_msg = string_sprintf(": %s", log_msg);
+ cancel_cutthrough_connection("data acl discard");
}
else if (rc != OK)
{
Uunlink(spool_name);
+ cancel_cutthrough_connection("data acl not ok");
+#ifdef WITH_CONTENT_SCAN
+ unspool_mbox();
+#endif
+#ifdef EXPERIMENTAL_DCC
+ dcc_ok = 0;
+#endif
if (smtp_handle_acl_fail(ACL_WHERE_DATA, rc, user_msg, log_msg) != 0)
smtp_yield = FALSE; /* No more messsages after dropped connection */
smtp_reply = US""; /* Indicate reply already sent */
/* Handle non-SMTP and batch SMTP (i.e. non-interactive) messages. Note that
we cannot take different actions for permanent and temporary rejections. */
- else if (acl_not_smtp != NULL)
+ else
{
- uschar *user_msg, *log_msg;
- rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
- if (rc == DISCARD)
- {
- recipients_count = 0;
- blackholed_by = US"non-SMTP ACL";
- }
- else if (rc != OK)
+
+#ifdef WITH_CONTENT_SCAN
+ if (acl_not_smtp_mime != NULL &&
+ !run_mime_acl(acl_not_smtp_mime, &smtp_yield, &smtp_reply,
+ &blackholed_by))
+ goto TIDYUP;
+#endif /* WITH_CONTENT_SCAN */
+
+ if (acl_not_smtp != NULL)
{
- Uunlink(spool_name);
- log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
- sender_address, log_msg);
- if (user_msg == NULL) user_msg = US"local configuration problem";
- if (smtp_batched_input)
+ uschar *user_msg, *log_msg;
+ rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
+ if (rc == DISCARD)
{
- moan_smtp_batch(NULL, "%d %s", 550, user_msg);
- /* Does not return */
+ recipients_count = 0;
+ blackholed_by = US"non-SMTP ACL";
+ if (log_msg != NULL)
+ blackhole_log_msg = string_sprintf(": %s", log_msg);
}
- else
+ else if (rc != OK)
{
- fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
- give_local_error(ERRMESS_LOCAL_ACL, user_msg,
- US"message rejected by non-SMTP ACL: ", error_rc, data_file,
- header_list);
- /* Does not return */
+ Uunlink(spool_name);
+#ifdef WITH_CONTENT_SCAN
+ unspool_mbox();
+#endif
+#ifdef EXPERIMENTAL_DCC
+ dcc_ok = 0;
+#endif
+ /* The ACL can specify where rejections are to be logged, possibly
+ nowhere. The default is main and reject logs. */
+
+ if (log_reject_target != 0)
+ log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s",
+ sender_address, log_msg);
+
+ if (user_msg == NULL) user_msg = US"local configuration problem";
+ if (smtp_batched_input)
+ {
+ moan_smtp_batch(NULL, "%d %s", 550, user_msg);
+ /* Does not return */
+ }
+ else
+ {
+ fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
+ give_local_error(ERRMESS_LOCAL_ACL, user_msg,
+ US"message rejected by non-SMTP ACL: ", error_rc, data_file,
+ header_list);
+ /* Does not return */
+ }
}
+ add_acl_headers(ACL_WHERE_NOTSMTP, US"non-SMTP");
}
- add_acl_headers(US"non-SMTP");
}
+ /* The applicable ACLs have been run */
+
if (deliver_freeze) frozen_by = US"ACL"; /* for later logging */
if (queue_only_policy) queued_by = US"ACL";
-
- enable_dollar_recipients = FALSE;
}
+#ifdef WITH_CONTENT_SCAN
+unspool_mbox();
+#endif
+
+#ifdef EXPERIMENTAL_DCC
+dcc_ok = 0;
+#endif
+
+
/* The final check on the message is to run the scan_local() function. The
version supplied with Exim always accepts, but this is a hook for sysadmins to
supply their own checking code. The local_scan() function is run even when all
alarm(0);
os_non_restarting_signal(SIGALRM, sigalrm_handler);
+enable_dollar_recipients = FALSE;
+
store_pool = POOL_MAIN; /* In case changed */
DEBUG(D_receive) debug_printf("local_scan() returned %d %s\n", rc,
local_scan_data);
if (rc == LOCAL_SCAN_ACCEPT_FREEZE)
{
- if (!deliver_freeze) /* ACL might have already frozen */
+ if (!deliver_freeze) /* ACL might have already frozen */
{
deliver_freeze = TRUE;
deliver_frozen_at = time(NULL);
{
uschar *istemp = US"";
uschar *s = NULL;
+ uschar *smtp_code;
int size = 0;
int sptr = 0;
- int code;
errmsg = local_scan_data;
/* Fall through */
case LOCAL_SCAN_REJECT:
- code = 550;
+ smtp_code = US"550";
if (errmsg == NULL) errmsg = US"Administrative prohibition";
break;
case LOCAL_SCAN_TEMPREJECT:
TEMPREJECT:
- code = 451;
+ smtp_code = US"451";
if (errmsg == NULL) errmsg = US"Temporary local problem";
istemp = US"temporarily ";
break;
{
if (!smtp_batched_input)
{
- smtp_respond(code, TRUE, errmsg);
+ smtp_respond(smtp_code, 3, TRUE, errmsg);
message_id[0] = 0; /* Indicate no message accepted */
smtp_reply = US""; /* Indicate reply already sent */
goto TIDYUP; /* Skip to end of function */
}
else
{
- moan_smtp_batch(NULL, "%d %s", code, errmsg);
+ moan_smtp_batch(NULL, "%s %s", smtp_code, errmsg);
/* Does not return */
}
}
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
+
/* Ensure the first time flag is set in the newly-received message. */
deliver_firsttime = TRUE;
+#ifdef EXPERIMENTAL_BRIGHTMAIL
+if (bmi_run == 1) {
+ /* rewind data file */
+ lseek(data_fd, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
+ bmi_verdicts = bmi_process_message(header_list, data_fd);
+};
+#endif
+
/* Update the timstamp in our Received: header to account for any time taken by
an ACL or by local_scan(). The new time is the time that all reception
processing is complete. */
s = add_host_info_for_log(s, &size, &sptr);
#ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
- s = string_append(s, &size, &sptr, 2, US" X=", tls_cipher);
-if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- tls_cipher != NULL)
+if (log_extra_selector & LX_tls_cipher && tls_in.cipher)
+ s = string_append(s, &size, &sptr, 2, US" X=", tls_in.cipher);
+if (log_extra_selector & LX_tls_certificate_verified && tls_in.cipher)
s = string_append(s, &size, &sptr, 2, US" CV=",
- tls_certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
- s = string_append(s, &size, &sptr, 3, US" DN=\"", tls_peerdn, US"\"");
+ tls_in.certificate_verified? "yes":"no");
+if (log_extra_selector & LX_tls_peerdn && tls_in.peerdn)
+ s = string_append(s, &size, &sptr, 3, US" DN=\"",
+ string_printing(tls_in.peerdn), US"\"");
+if (log_extra_selector & LX_tls_sni && tls_in.sni)
+ s = string_append(s, &size, &sptr, 3, US" SNI=\"",
+ string_printing(tls_in.sni), US"\"");
#endif
-if (sender_host_authenticated != NULL)
+if (sender_host_authenticated)
{
s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated);
if (authenticated_id != NULL)
+ {
s = string_append(s, &size, &sptr, 2, US":", authenticated_id);
+ if (log_extra_selector & LX_smtp_mailauth && authenticated_sender != NULL)
+ s = string_append(s, &size, &sptr, 2, US":", authenticated_sender);
+ }
}
+#ifndef DISABLE_PRDR
+if (prdr_requested)
+ s = string_append(s, &size, &sptr, 1, US" PRDR");
+#endif
+
+#ifdef EXPERIMENTAL_PROXY
+if (proxy_session && log_extra_selector & LX_proxy)
+ s = string_append(s, &size, &sptr, 2, US" PRX=", proxy_host_address);
+#endif
+
sprintf(CS big_buffer, "%d", msg_size);
s = string_append(s, &size, &sptr, 2, US" S=", big_buffer);
+/* log 8BITMIME mode announced in MAIL_FROM
+ 0 ... no BODY= used
+ 7 ... 7BIT
+ 8 ... 8BITMIME */
+if (log_extra_selector & LX_8bitmime)
+ {
+ sprintf(CS big_buffer, "%d", body_8bitmime);
+ s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer);
+ }
+
/* If an addr-spec in a message-id contains a quoted string, it can contain
any characters except " \ and CR and so in particular it can contain NL!
Therefore, make sure we use a printing-characters only version for the log.
s[sptr] = 0;
-/* While writing to the log, set a flag to cause a call to receive_bomb_out()
-if the log cannot be opened. */
-
-receive_call_bombout = TRUE;
-log_write(0, LOG_MAIN |
- (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
- (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
- "%s", s);
-receive_call_bombout = FALSE;
-
-/* Log any control actions taken by an ACL or local_scan(). */
-
-if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
-if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
- "no immediate delivery: queued by %s", queued_by);
-
/* Create a message log file if message logs are being used and this message is
not blackholed. Write the reception stuff to it. We used to leave message log
-creation until the first delivery, but this has proved confusing for somep
+creation until the first delivery, but this has proved confusing for some
people. */
if (message_logs && blackholed_by == NULL)
{
log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't fdopen message log %s: %s",
spool_name, strerror(errno));
- close(fd);
+ (void)close(fd);
}
else
{
frozen_by);
if (queue_only_policy) fprintf(message_log,
"%s no immediate delivery: queued by %s\n", now, queued_by);
- fclose(message_log);
+ (void)fclose(message_log);
}
}
}
+/* Everything has now been done for a successful message except logging its
+arrival, and outputting an SMTP response. While writing to the log, set a flag
+to cause a call to receive_bomb_out() if the log cannot be opened. */
+
+receive_call_bombout = TRUE;
+
+/* Before sending an SMTP response in a TCP/IP session, we check to see if the
+connection has gone away. This can only be done if there is no unconsumed input
+waiting in the local input buffer. We can test for this by calling
+receive_smtp_buffered(). RFC 2920 (pipelining) explicitly allows for additional
+input to be sent following the final dot, so the presence of following input is
+not an error.
+
+If the connection is still present, but there is no unread input for the
+socket, the result of a select() call will be zero. If, however, the connection
+has gone away, or if there is pending input, the result of select() will be
+non-zero. The two cases can be distinguished by trying to read the next input
+character. If we succeed, we can unread it so that it remains in the local
+buffer for handling later. If not, the connection has been lost.
+
+Of course, since TCP/IP is asynchronous, there is always a chance that the
+connection will vanish between the time of this test and the sending of the
+response, but the chance of this happening should be small. */
+
+if (smtp_input && sender_host_address != NULL && !sender_host_notsocket &&
+ !receive_smtp_buffered())
+ {
+ struct timeval tv;
+ fd_set select_check;
+ FD_ZERO(&select_check);
+ FD_SET(fileno(smtp_in), &select_check);
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+
+ if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
+ {
+ int c = (receive_getc)();
+ if (c != EOF) (receive_ungetc)(c); else
+ {
+ uschar *msg = US"SMTP connection lost after final dot";
+ smtp_reply = US""; /* No attempt to send a response */
+ smtp_yield = FALSE; /* Nothing more on this connection */
+
+ /* Re-use the log line workspace */
+
+ sptr = 0;
+ s = string_cat(s, &size, &sptr, msg, Ustrlen(msg));
+ s = add_host_info_for_log(s, &size, &sptr);
+ s[sptr] = 0;
+ log_write(0, LOG_MAIN, "%s", s);
+
+ /* Delete the files for this aborted message. */
+
+ sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+
+ sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+
+ sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+
+ goto TIDYUP;
+ }
+ }
+ }
+
+/* The connection has not gone away; we really are going to take responsibility
+for this message. */
+
+/* Cutthrough - had sender last-dot; assume we've sent (or bufferred) all
+ data onward by now.
+
+ Send dot onward. If accepted, wipe the spooled files, log as delivered and accept
+ the sender's dot (below).
+ If rejected: copy response to sender, wipe the spooled files, log approriately.
+ If temp-reject: accept to sender, keep the spooled files.
+
+ Having the normal spool files lets us do data-filtering, and store/forward on temp-reject.
+
+ XXX We do not handle queue-only, freezing, or blackholes.
+*/
+if(cutthrough.fd >= 0)
+ {
+ uschar * msg= cutthrough_finaldot(); /* Ask the target system to accept the messsage */
+ /* Logging was done in finaldot() */
+ switch(msg[0])
+ {
+ case '2': /* Accept. Do the same to the source; dump any spoolfiles. */
+ cutthrough_done = ACCEPTED;
+ break; /* message_id needed for SMTP accept below */
+
+ default: /* Unknown response, or error. Treat as temp-reject. */
+ case '4': /* Temp-reject. Keep spoolfiles and accept. */
+ cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */
+ break; /* message_id needed for SMTP accept below */
+
+ case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */
+ smtp_reply= msg; /* Pass on the exact error */
+ cutthrough_done = PERM_REJ;
+ break;
+ }
+ }
+
+#ifndef DISABLE_PRDR
+if(!smtp_reply || prdr_requested)
+#else
+if(!smtp_reply)
+#endif
+ {
+ log_write(0, LOG_MAIN |
+ (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
+ (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
+ "%s", s);
+
+ /* Log any control actions taken by an ACL or local_scan(). */
+
+ if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
+ if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
+ "no immediate delivery: queued by %s", queued_by);
+ }
+receive_call_bombout = FALSE;
+
store_reset(s); /* The store for the main log message can be reused */
/* If the message is frozen, and freeze_tell is set, do the telling. */
/* Either a message has been successfully received and written to the two spool
files, or an error in writing the spool has occurred for an SMTP message, or
-an SMTP message has been rejected because of a bad sender. (For a non-SMTP
-message we will have already given up because there's no point in carrying on!)
-In either event, we must now close (and thereby unlock) the data file. In the
+an SMTP message has been rejected for policy reasons. (For a non-SMTP message
+we will have already given up because there's no point in carrying on!) In
+either event, we must now close (and thereby unlock) the data file. In the
successful case, this leaves the message on the spool, ready for delivery. In
the error case, the spool file will be deleted. Then tidy up store, interact
with an SMTP call if necessary, and return.
possible for fclose() to fail - but what to do? What has happened to the lock
if this happens? */
+
TIDYUP:
-process_info[process_info_len] = 0; /* Remove message id */
-if (data_file != NULL) fclose(data_file); /* Frees the lock */
+process_info[process_info_len] = 0; /* Remove message id */
+if (data_file != NULL) (void)fclose(data_file); /* Frees the lock */
/* Now reset signal handlers to their defaults */
yield = smtp_yield;
/* Handle interactive SMTP callers. After several kinds of error, smtp_reply
- is set to the response. However, after an ACL error or local_scan() error,
- the response has already been sent, and smtp_reply is an empty string to
- indicate this. */
+ is set to the response that should be sent. When it is NULL, we generate
+ default responses. After an ACL error or local_scan() error, the response has
+ already been sent, and smtp_reply is an empty string to indicate this. */
if (!smtp_batched_input)
{
if (smtp_reply == NULL)
{
- smtp_printf("250 OK id=%s\r\n", message_id);
+ if (fake_response != OK)
+ smtp_respond((fake_response == DEFER)? US"450" : US"550", 3, TRUE,
+ fake_response_text);
+
+ /* An OK response is required; use "message" text if present. */
+
+ else if (user_msg != NULL)
+ {
+ uschar *code = US"250";
+ int len = 3;
+ smtp_message_code(&code, &len, &user_msg, NULL);
+ smtp_respond(code, len, TRUE, user_msg);
+ }
+
+ /* Default OK response */
+
+ else
+ smtp_printf("250 OK id=%s\r\n", message_id);
if (host_checking)
fprintf(stdout,
"\n**** SMTP testing: that is not a real message id!\n\n");
}
- else if (smtp_reply[0] != 0) smtp_printf("%.1024s\r\n", smtp_reply);
+
+ /* smtp_reply is set non-empty */
+
+ else if (smtp_reply[0] != 0)
+ {
+ if (fake_response != OK && (smtp_reply[0] == '2'))
+ smtp_respond((fake_response == DEFER)? US"450" : US"550", 3, TRUE,
+ fake_response_text);
+ else
+ smtp_printf("%.1024s\r\n", smtp_reply);
+ }
+
+ switch (cutthrough_done)
+ {
+ case ACCEPTED: log_write(0, LOG_MAIN, "Completed");/* Delivery was done */
+ case PERM_REJ: { /* Delete spool files */
+ sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ }
+ case TMP_REJ: message_id[0] = 0; /* Prevent a delivery from starting */
+ default:break;
+ }
+ cutthrough.delivery = FALSE;
}
/* For batched SMTP, generate an error message on failure, and do
if (blackholed_by != NULL)
{
- uschar *detail = (local_scan_data != NULL)?
- string_printing(local_scan_data) :
- string_sprintf("(%s discarded recipients)", blackholed_by);
- log_write(0, LOG_MAIN, "=> blackhole %s", detail);
+ const uschar *detail = local_scan_data
+ ? string_printing(local_scan_data)
+ : string_sprintf("(%s discarded recipients)", blackholed_by);
+ log_write(0, LOG_MAIN, "=> blackhole %s%s", detail, blackhole_log_msg);
log_write(0, LOG_MAIN, "Completed");
message_id[0] = 0;
}