* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* The main code for delivering a message. */
/* Mutually recursive functions for marking addresses done. */
-static void child_done(address_item *, uschar *);
-static void address_done(address_item *, uschar *);
+static void child_done(address_item *, const uschar *);
+static void address_done(address_item *, const uschar *);
/* Table for turning base-62 numbers into binary */
static BOOL remove_journal;
static int parcount = 0;
static pardata *parlist = NULL;
+static struct pollfd *parpoll;
static int return_count;
static uschar *frozen_info = US"";
static uschar *used_return_path = NULL;
address_item *
deliver_make_addr(uschar *address, BOOL copy)
{
-address_item *addr = store_get(sizeof(address_item), FALSE);
+address_item * addr = store_get(sizeof(address_item), GET_UNTAINTED);
*addr = address_defaults;
if (copy) address = string_copy(address);
addr->address = address;
open_msglog_file(uschar *filename, int mode, uschar **error)
{
if (Ustrstr(filename, US"/../"))
- log_write(0, LOG_MAIN|LOG_PANIC,
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"Attempt to open msglog file path with upward-traversal: '%s'\n", filename);
for (int i = 2; i > 0; i--)
{
int fd = Uopen(filename,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
-#ifdef O_NOFOLLOW
- O_NOFOLLOW |
-#endif
- O_WRONLY|O_APPEND|O_CREAT, mode);
+ EXIM_CLOEXEC | EXIM_NOFOLLOW | O_WRONLY|O_APPEND|O_CREAT, mode);
if (fd >= 0)
{
/* Set the close-on-exec flag and change the owner to the exim uid/gid (this
else if (one->port != two->port)
return FALSE;
- /* Hosts matched */
+#ifdef SUPPORT_DANE
+ /* DNSSEC equality */
+ if (one->dnssec != two->dnssec) return FALSE;
+#endif
+ /* Hosts matched */
one = one->next;
two = two->next;
}
*/
static void
-address_done(address_item *addr, uschar *now)
+address_done(address_item * addr, const uschar * now)
{
update_spool = TRUE; /* Ensure spool gets updated */
*/
static void
-child_done(address_item *addr, uschar *now)
+child_done(address_item * addr, const uschar * now)
{
while (addr->parent)
{
#ifndef DISABLE_EVENT
+/* Distribute a named event to any listeners.
+
+Args: action config option specifying listener
+ event name of the event
+ ev_data associated data for the event
+ errnop pointer to errno for modification, or null
+
+Return: string expansion from listener, or NULL
+*/
+
uschar *
-event_raise(uschar * action, const uschar * event, uschar * ev_data)
+event_raise(uschar * action, const uschar * event, uschar * ev_data, int * errnop)
{
uschar * s;
if (action)
{
DEBUG(D_deliver)
debug_printf("Event(%s): event_action returned \"%s\"\n", event, s);
- errno = ERRNO_EVENT;
+ if (errnop)
+ *errnop = ERRNO_EVENT;
return s;
}
}
a filter was used which triggered a fail command (in such a case
a transport isn't needed). Convert it to an internal fail event. */
- (void) event_raise(event_action, US"msg:fail:internal", addr->message);
+ (void) event_raise(event_action, US"msg:fail:internal", addr->message, NULL);
}
}
else
|| Ustrcmp(addr->transport->driver_name, "smtp") == 0
|| Ustrcmp(addr->transport->driver_name, "lmtp") == 0
|| Ustrcmp(addr->transport->driver_name, "autoreply") == 0
- ? addr->message : NULL);
+ ? addr->message : NULL,
+ NULL);
}
deliver_host_port = save_port;
/*************************************************
-* Generate local prt for logging *
+* Generate local part for logging *
*************************************************/
+static uschar *
+string_get_lpart_sub(const address_item * addr, uschar * s)
+{
+#ifdef SUPPORT_I18N
+if (testflag(addr, af_utf8_downcvt))
+ {
+ uschar * t = string_localpart_utf8_to_alabel(s, NULL);
+ return t ? t : s; /* t is NULL on a failed conversion */
+ }
+#endif
+return s;
+}
+
/* This function is a subroutine for use in string_log_address() below.
Arguments:
{
uschar * s;
-s = addr->prefix;
-if (testflag(addr, af_include_affixes) && s)
- {
-#ifdef SUPPORT_I18N
- if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
- yield = string_cat(yield, s);
- }
+if (testflag(addr, af_include_affixes) && (s = addr->prefix))
+ yield = string_cat(yield, string_get_lpart_sub(addr, s));
-s = addr->local_part;
-#ifdef SUPPORT_I18N
-if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
-yield = string_cat(yield, s);
+yield = string_cat(yield, string_get_lpart_sub(addr, addr->local_part));
-s = addr->suffix;
-if (testflag(addr, af_include_affixes) && s)
- {
-#ifdef SUPPORT_I18N
- if (testflag(addr, af_utf8_downcvt))
- s = string_localpart_utf8_to_alabel(s, NULL);
-#endif
- yield = string_cat(yield, s);
- }
+if (testflag(addr, af_include_affixes) && (s = addr->suffix))
+ yield = string_cat(yield, string_get_lpart_sub(addr, s));
return yield;
}
else
{
uschar * cmp;
- int off = g->ptr; /* start of the "full address" */
+ int off = gstring_length(g); /* start of the "full address" */
if (addr->local_part)
{
#endif
reset_point = store_mark();
-g = string_get_tainted(256, TRUE); /* addrs will be tainted, so avoid copy */
+g = string_get_tainted(256, GET_TAINTED); /* addrs will be tainted, so avoid copy */
if (msg)
g = string_append(g, 2, host_and_ident(TRUE), US" ");
if (*queue_name)
g = string_append(g, 2, US" Q=", queue_name);
-#ifdef EXPERIMENTAL_SRS_ALT
-if(addr->prop.srs_sender)
- g = string_append(g, 3, US" SRS=<", addr->prop.srs_sender, US">");
-#endif
-
/* You might think that the return path must always be set for a successful
delivery; indeed, I did for some time, until this statement crashed. The case
when it is not set is for a delivery to /dev/null which is optimised by not
if (addr->message)
g = string_append(g, 2, US": ", addr->message);
-(void) string_from_gstring(g);
+ {
+ const uschar * s = string_from_gstring(g);
-/* Log the deferment in the message log, but don't clutter it
-up with retry-time defers after the first delivery attempt. */
+ /* Log the deferment in the message log, but don't clutter it
+ up with retry-time defers after the first delivery attempt. */
-if (f.deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE)
- deliver_msglog("%s %s\n", now, g->s);
+ if (f.deliver_firsttime || addr->basic_errno > ERRNO_RETRY_BASE)
+ deliver_msglog("%s %s\n", now, s);
-/* Write the main log and reset the store.
-For errors of the type "retry time not reached" (also remotes skipped
-on queue run), logging is controlled by L_retry_defer. Note that this kind
-of error number is negative, and all the retry ones are less than any
-others. */
+ /* Write the main log and reset the store.
+ For errors of the type "retry time not reached" (also remotes skipped
+ on queue run), logging is controlled by L_retry_defer. Note that this kind
+ of error number is negative, and all the retry ones are less than any
+ others. */
-log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags,
- "== %s", g->s);
+ log_write(addr->basic_errno <= ERRNO_RETRY_BASE ? L_retry_defer : 0, logflags,
+ "== %s", s);
+ }
store_reset(reset_point);
return;
if (LOGGING(deliver_time))
g = string_append(g, 2, US" DT=", string_timediff(&addr->delivery_time));
-(void) string_from_gstring(g);
-
/* Do the logging. For the message log, "routing failed" for those cases,
just to make it clearer. */
-if (driver_kind)
- deliver_msglog("%s %s failed for %s\n", now, driver_kind, g->s);
-else
- deliver_msglog("%s %s\n", now, g->s);
+ {
+ const uschar * s = string_from_gstring(g);
-log_write(0, LOG_MAIN, "** %s", g->s);
+ if (driver_kind)
+ deliver_msglog("%s %s failed for %s\n", now, driver_kind, s);
+ else
+ deliver_msglog("%s %s\n", now, s);
+
+ log_write(0, LOG_MAIN, "** %s", s);
+ }
store_reset(reset_point);
return;
*/
static void
-post_process_one(address_item *addr, int result, int logflags, int driver_type,
+post_process_one(address_item * addr, int result, int logflags, int driver_type,
int logchar)
{
-uschar *now = tod_stamp(tod_log);
-uschar *driver_kind = NULL;
-uschar *driver_name = NULL;
+uschar * now = tod_stamp(tod_log);
+uschar * driver_kind = NULL;
+uschar * driver_name = NULL;
DEBUG(D_deliver) debug_printf("post-process %s (%d)\n", addr->address, result);
/* Each local delivery is performed in a separate process which sets its
uid and gid as specified. This is a safer way than simply changing and
-restoring using seteuid(); there is a body of opinion that seteuid() cannot be
-used safely. From release 4, Exim no longer makes any use of it. Besides, not
-all systems have seteuid().
+restoring using seteuid(); there is a body of opinion that seteuid()
+cannot be used safely. From release 4, Exim no longer makes any use of
+it for delivery. Besides, not all systems have seteuid().
If the uid/gid are specified in the transport_instance, they are used; the
transport initialization must ensure that either both or neither are set.
if(addr->prop.errors_address)
return_path = addr->prop.errors_address;
-#ifdef EXPERIMENTAL_SRS_ALT
-else if (addr->prop.srs_sender)
- return_path = addr->prop.srs_sender;
-#endif
else
return_path = sender_address;
if (addr->transport->setup)
switch((addr->transport->setup)(addr->transport, addr, NULL, uid, gid,
- &(addr->message)))
+ &addr->message))
{
case DEFER:
addr->transport_return = DEFER;
{
BOOL ok = TRUE;
set_process_info("delivering %s to %s using %s", message_id,
- addr->local_part, addr->transport->name);
+ addr->local_part, tp->name);
- /* Setting this global in the subprocess means we need never clear it */
+ /* Setting these globals in the subprocess means we need never clear them */
transport_name = addr->transport->name;
+ driver_srcfile = tp->srcfile;
+ driver_srcline = tp->srcline;
/* If a transport filter has been specified, set up its argument list.
Any errors will get put into the address, and FALSE yielded. */
- if (addr->transport->filter_command)
+ if (tp->filter_command)
{
ok = transport_set_up_command(&transport_filter_argv,
- addr->transport->filter_command,
- TRUE, PANIC, addr, US"transport filter", NULL);
- transport_filter_timeout = addr->transport->filter_timeout;
+ tp->filter_command,
+ TRUE, PANIC, addr, FALSE, US"transport filter", NULL);
+ transport_filter_timeout = tp->filter_timeout;
}
else transport_filter_argv = NULL;
if (ok)
{
- debug_print_string(addr->transport->debug_string);
- replicate = !(addr->transport->info->code)(addr->transport, addr);
+ debug_print_string(tp->debug_string);
+ replicate = !(tp->info->code)(addr->transport, addr);
}
}
uschar *s;
int ret;
- if( (ret = write(pfd[pipe_write], &addr2->transport_return, sizeof(int))) != sizeof(int)
+ if( (i = addr2->transport_return, (ret = write(pfd[pipe_write], &i, sizeof(int))) != sizeof(int))
|| (ret = write(pfd[pipe_write], &transport_count, sizeof(transport_count))) != sizeof(transport_count)
|| (ret = write(pfd[pipe_write], &addr2->flags, sizeof(addr2->flags))) != sizeof(addr2->flags)
|| (ret = write(pfd[pipe_write], &addr2->basic_errno, sizeof(int))) != sizeof(int)
|| (ret = write(pfd[pipe_write], &addr2->more_errno, sizeof(int))) != sizeof(int)
|| (ret = write(pfd[pipe_write], &addr2->delivery_time, sizeof(struct timeval))) != sizeof(struct timeval)
- || (ret = write(pfd[pipe_write], &addr2->special_action, sizeof(int))) != sizeof(int)
+ || (i = addr2->special_action, (ret = write(pfd[pipe_write], &i, sizeof(int))) != sizeof(int))
|| (ret = write(pfd[pipe_write], &addr2->transport,
sizeof(transport_instance *))) != sizeof(transport_instance *)
len = read(pfd[pipe_read], &addr2->basic_errno, sizeof(int));
len = read(pfd[pipe_read], &addr2->more_errno, sizeof(int));
len = read(pfd[pipe_read], &addr2->delivery_time, sizeof(struct timeval));
- len = read(pfd[pipe_read], &addr2->special_action, sizeof(int));
+ len = read(pfd[pipe_read], &i, sizeof(int)); addr2->special_action = i;
len = read(pfd[pipe_read], &addr2->transport,
sizeof(transport_instance *));
deliveries (e.g. to pipes) can take a substantial time. */
if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE)))
- {
DEBUG(D_deliver|D_retry|D_hints_lookup)
debug_printf("no retry data available\n");
- }
addr2 = addr;
addr3 = NULL;
else for (addr2 = addr; addr2; addr2 = addr2->next)
if (addr2->transport_return == OK)
{
- addr3 = store_get(sizeof(address_item), FALSE);
+ addr3 = store_get(sizeof(address_item), GET_UNTAINTED);
*addr3 = *addr2;
addr3->next = NULL;
addr3->shadow_message = US &addr2->shadow_message;
/* Loop through all items, reading from the pipe when necessary. The pipe
used to be non-blocking. But I do not see a reason for using non-blocking I/O
-here, as the preceding select() tells us, if data is available for reading.
+here, as the preceding poll() tells us, if data is available for reading.
A read() on a "selected" handle should never block, but(!) it may return
less data then we expected. (The buffer size we pass to read() shouldn't be
if (!r || !(*ptr & rf_delete))
{
- r = store_get(sizeof(retry_item), FALSE);
+ r = store_get(sizeof(retry_item), GET_UNTAINTED);
r->next = addr->retries;
addr->retries = r;
r->flags = *ptr++;
guarantee it won't be split in the pipe. */
#ifndef DISABLE_TLS
- case 'X':
+ case 'X': /* TLS details */
if (!addr) goto ADDR_MISMATCH; /* Below, in 'A' handler */
switch (*subid)
{
DEBUG(D_deliver) debug_printf("DSN read: addr->dsn_aware = %d\n", addr->dsn_aware);
break;
- case 'A':
+ case 'A': /* Per-address info */
if (!addr)
{
ADDR_MISMATCH:
break;
#endif
- case '0':
+ case '0': /* results of trying to send to this address */
DEBUG(D_deliver) debug_printf("A0 %s tret %d\n", addr->address, *ptr);
addr->transport_return = *ptr++;
addr->special_action = *ptr++;
if (*ptr)
{
- h = store_get(sizeof(host_item), FALSE);
+ h = store_get(sizeof(host_item), GET_UNTAINTED);
h->name = string_copy(ptr);
while (*ptr++);
h->address = string_copy(ptr);
*/
static void
-remote_post_process(address_item *addr, int logflags, uschar *msg,
+remote_post_process(address_item * addr, int logflags, uschar * msg,
BOOL fallback)
{
/* If any host addresses were found to be unusable, add them to the unusable
while (addr)
{
- address_item *next = addr->next;
+ address_item * next = addr->next;
/* If msg == NULL (normal processing) and the result is DEFER and we are
processing the main hosts and there are fallback hosts available, put the
par_wait(void)
{
int poffset, status;
-address_item *addr, *addrlist;
+address_item * addr, * addrlist;
pid_t pid;
set_process_info("delivering %s: waiting for a remote delivery subprocess "
existence - in which case give an error return. We cannot proceed just by
waiting for a completion, because a subprocess may have filled up its pipe, and
be waiting for it to be emptied. Therefore, if no processes have finished, we
-wait for one of the pipes to acquire some data by calling select(), with a
+wait for one of the pipes to acquire some data by calling poll(), with a
timeout just in case.
The simple approach is just to iterate after reading data from a ready pipe.
This leads to non-ideal behaviour when the subprocess has written its final Z
item, closed the pipe, and is in the process of exiting (the common case). A
-call to waitpid() yields nothing completed, but select() shows the pipe ready -
+call to waitpid() yields nothing completed, but poll() shows the pipe ready -
reading it yields EOF, so you end up with busy-waiting until the subprocess has
actually finished.
To avoid this, if all the data that is needed has been read from a subprocess
-after select(), an explicit wait() for it is done. We know that all it is doing
+after poll(), an explicit wait() for it is done. We know that all it is doing
is writing to the pipe and then exiting, so the wait should not be long.
The non-blocking waitpid() is to some extent just insurance; if we could
{
while ((pid = waitpid(-1, &status, WNOHANG)) <= 0)
{
- struct timeval tv;
- fd_set select_pipes;
- int maxpipe, readycount;
+ int readycount;
/* A return value of -1 can mean several things. If errno != ECHILD, it
either means invalid options (which we discount), or that this process was
subprocesses are still in existence. If kill() gives an OK return, we know
it must be for one of our processes - it can't be for a re-use of the pid,
because if our process had finished, waitpid() would have found it. If any
- of our subprocesses are in existence, we proceed to use select() as if
+ of our subprocesses are in existence, we proceed to use poll() as if
waitpid() had returned zero. I think this is safe. */
if (pid < 0)
if (poffset >= remote_max_parallel)
{
DEBUG(D_deliver) debug_printf("*** no delivery children found\n");
- return NULL; /* This is the error return */
+ return NULL; /* This is the error return */
}
}
subprocess, but there are no completed subprocesses. See if any pipes are
ready with any data for reading. */
- DEBUG(D_deliver) debug_printf("selecting on subprocess pipes\n");
+ DEBUG(D_deliver) debug_printf("polling subprocess pipes\n");
- maxpipe = 0;
- FD_ZERO(&select_pipes);
for (poffset = 0; poffset < remote_max_parallel; poffset++)
if (parlist[poffset].pid != 0)
- {
- int fd = parlist[poffset].fd;
- FD_SET(fd, &select_pipes);
- if (fd > maxpipe) maxpipe = fd;
- }
+ {
+ parpoll[poffset].fd = parlist[poffset].fd;
+ parpoll[poffset].events = POLLIN;
+ }
+ else
+ parpoll[poffset].fd = -1;
/* Stick in a 60-second timeout, just in case. */
- tv.tv_sec = 60;
- tv.tv_usec = 0;
-
- readycount = select(maxpipe + 1, (SELECT_ARG2_TYPE *)&select_pipes,
- NULL, NULL, &tv);
+ readycount = poll(parpoll, remote_max_parallel, 60 * 1000);
/* Scan through the pipes and read any that are ready; use the count
- returned by select() to stop when there are no more. Select() can return
+ returned by poll() to stop when there are no more. Select() can return
with no processes (e.g. if interrupted). This shouldn't matter.
If par_read_pipe() returns TRUE, it means that either the terminating Z was
poffset++)
{
if ( (pid = parlist[poffset].pid) != 0
- && FD_ISSET(parlist[poffset].fd, &select_pipes)
+ && parpoll[poffset].revents
)
{
readycount--;
"transport process list", pid);
} /* End of the "for" loop */
-/* Come here when all the data was completely read after a select(), and
+/* Come here when all the data was completely read after a poll(), and
the process in pid has been wait()ed for. */
PROCESS_DONE:
"%s %d",
addrlist->transport->driver_name,
status,
- (msb == 0)? "terminated by signal" : "exit code",
+ msb == 0 ? "terminated by signal" : "exit code",
code);
if (msb != 0 || (code != SIGTERM && code != SIGKILL && code != SIGQUIT))
/* Else complete reading the pipe to get the result of the delivery, if all
the data has not yet been obtained. */
-else if (!parlist[poffset].done) (void)par_read_pipe(poffset, TRUE);
+else if (!parlist[poffset].done)
+ (void) par_read_pipe(poffset, TRUE);
/* Put the data count and return path into globals, mark the data slot unused,
decrement the count of subprocesses, and return the address chain. */
{
while (parcount > max)
{
- address_item *doneaddr = par_wait();
+ address_item * doneaddr = par_wait();
if (!doneaddr)
{
log_write(0, LOG_MAIN|LOG_PANIC,
if (!parlist)
{
- parlist = store_get(remote_max_parallel * sizeof(pardata), FALSE);
+ parlist = store_get(remote_max_parallel * sizeof(pardata), GET_UNTAINTED);
for (poffset = 0; poffset < remote_max_parallel; poffset++)
parlist[poffset].pid = 0;
+ parpoll = store_get(remote_max_parallel * sizeof(struct pollfd), GET_UNTAINTED);
}
/* Now loop for each remote delivery */
}
/* Get the maximum it can handle in one envelope, with zero meaning
- unlimited, which is forced for the MUA wrapper case. */
+ unlimited, which is forced for the MUA wrapper case and if the
+ value could vary depending on the messages.
+ For those, we only split (below) by (tpt,dest,erraddr,hdrs) and rely on the
+ transport splitting further by max_rcp. So we potentially lose some
+ parallellism. */
- address_count_max = tp->max_addresses;
- if (address_count_max == 0 || mua_wrapper) address_count_max = 999999;
+ address_count_max = mua_wrapper || Ustrchr(tp->max_addresses, '$')
+ ? UNLIMITED_ADDRS : expand_max_rcpt(tp->max_addresses);
/************************************************************************/
if(addr->prop.errors_address)
return_path = addr->prop.errors_address;
-#ifdef EXPERIMENTAL_SRS_ALT
- else if(addr->prop.srs_sender)
- return_path = addr->prop.srs_sender;
-#endif
else
return_path = sender_address;
that it can use either of them, though it prefers O_NONBLOCK, which
distinguishes between EOF and no-more-data. */
-/* The data appears in a timely manner and we already did a select on
+/* The data appears in a timely manner and we already did a poll on
all pipes, so I do not see a reason to use non-blocking IO here
#ifdef O_NONBLOCK
int fd = pfd[pipe_write];
host_item *h;
- /* Setting this global in the subprocess means we need never clear it */
- transport_name = tp->name;
+ /* Setting these globals in the subprocess means we need never clear them */
+ transport_name = addr->transport->name;
+ driver_srcfile = tp->srcfile;
+ driver_srcline = tp->srcline;
/* There are weird circumstances in which logging is disabled */
f.disable_logging = tp->disable_logging;
{
uschar * fname = spool_fname(US"input", message_subdir, message_id, US"-D");
- if ((deliver_datafile = Uopen(fname,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
- O_RDWR | O_APPEND, 0)) < 0)
+ if ( (deliver_datafile = Uopen(fname, EXIM_CLOEXEC | O_RDWR | O_APPEND, 0))
+ < 0)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to reopen %s for remote "
"parallel delivery: %s", fname, strerror(errno));
}
- /* Set the close-on-exec flag */
-#ifndef O_CLOEXEC
+#ifndef O_CLOEXEC /* Set the close-on-exec flag */
(void)fcntl(deliver_datafile, F_SETFD, fcntl(deliver_datafile, F_GETFD) |
FD_CLOEXEC);
#endif
this, Jan 1999.] We know the syntax is valid, so this can be done by simply
removing quoting backslashes and any unquoted doublequotes. */
-t = addr->cc_local_part = store_get(len+1, is_tainted(address));
+t = addr->cc_local_part = store_get(len+1, address);
while(len-- > 0)
{
int c = *address++;
if (new_address)
{
- address_item *new_parent = store_get(sizeof(address_item), FALSE);
+ address_item * new_parent = store_get(sizeof(address_item), GET_UNTAINTED);
*new_parent = *addr;
addr->parent = new_parent;
new_parent->child_count = 1;
*/
static void
-print_address_error(address_item *addr, FILE *f, uschar *t)
+print_address_error(address_item * addr, FILE * f, const uschar * t)
{
int count = Ustrlen(t);
-uschar *s = testflag(addr, af_pass_message) ? addr->message : NULL;
+uschar * s = testflag(addr, af_pass_message) ? addr->message : NULL;
if (!s && !(s = addr->user_message))
return;
return fp;
}
+/*************************************************
+* Send a bounce message *
+*************************************************/
+
+/* Find the error address for the first address, then send a message that
+includes all failed addresses that have the same error address. Note the
+bounce_recipient is a global so that it can be accessed by $bounce_recipient
+while creating a customized error message. */
+
+static void
+send_bounce_message(time_t now, const uschar * logtod)
+{
+pid_t pid;
+int fd;
+
+if (!(bounce_recipient = addr_failed->prop.errors_address))
+ bounce_recipient = sender_address;
+
+/* Make a subprocess to send a message, using its stdin */
+
+if ((pid = child_open_exim(&fd, US"bounce-message")) < 0)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Process %d (parent %d) failed to "
+ "create child process to send failure message: %s", getpid(),
+ getppid(), strerror(errno));
+
+/* Creation of child succeeded */
+
+else
+ {
+ int ch, rc, filecount = 0, rcount = 0;
+ uschar * bcc, * emf_text;
+ FILE * fp = fdopen(fd, "wb"), * emf = NULL;
+ BOOL to_sender = strcmpic(sender_address, bounce_recipient) == 0;
+ int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) *
+ DELIVER_IN_BUFFER_SIZE;
+ uschar * bound, * dsnlimitmsg, * dsnnotifyhdr;
+ int topt;
+ address_item ** paddr;
+ address_item * msgchain = NULL, ** pmsgchain = &msgchain;
+ address_item * handled_addr = NULL;
+
+ DEBUG(D_deliver)
+ debug_printf("sending error message to: %s\n", bounce_recipient);
+
+ /* Scan the addresses for all that have the same errors address, removing
+ them from the addr_failed chain, and putting them on msgchain. */
+
+ paddr = &addr_failed;
+ for (address_item * addr = addr_failed; addr; addr = *paddr)
+ if (Ustrcmp(bounce_recipient, addr->prop.errors_address
+ ? addr->prop.errors_address : sender_address) == 0)
+ { /* The same - dechain */
+ *paddr = addr->next;
+ *pmsgchain = addr;
+ addr->next = NULL;
+ pmsgchain = &addr->next;
+ }
+ else
+ paddr = &addr->next; /* Not the same; skip */
+
+ /* Include X-Failed-Recipients: for automatic interpretation, but do
+ not let any one header line get too long. We do this by starting a
+ new header every 50 recipients. Omit any addresses for which the
+ "hide_child" flag is set. */
+
+ for (address_item * addr = msgchain; addr; addr = addr->next)
+ {
+ if (testflag(addr, af_hide_child)) continue;
+ if (rcount >= 50)
+ {
+ fprintf(fp, "\n");
+ rcount = 0;
+ }
+ fprintf(fp, "%s%s",
+ rcount++ == 0
+ ? "X-Failed-Recipients: "
+ : ",\n ",
+ testflag(addr, af_pfr) && addr->parent
+ ? string_printing(addr->parent->address)
+ : string_printing(addr->address));
+ }
+ if (rcount > 0) fprintf(fp, "\n");
+
+ /* Output the standard headers */
+
+ if (errors_reply_to)
+ fprintf(fp, "Reply-To: %s\n", errors_reply_to);
+ fprintf(fp, "Auto-Submitted: auto-replied\n");
+ moan_write_from(fp);
+ fprintf(fp, "To: %s\n", bounce_recipient);
+ moan_write_references(fp, NULL);
+
+ /* generate boundary string and output MIME-Headers */
+ bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
+
+ fprintf(fp, "Content-Type: multipart/report;"
+ " report-type=delivery-status; boundary=%s\n"
+ "MIME-Version: 1.0\n",
+ bound);
+
+ /* Open a template file if one is provided. Log failure to open, but
+ carry on - default texts will be used. */
+
+ if (bounce_message_file)
+ emf = expand_open(bounce_message_file,
+ US"bounce_message_file", US"error");
+
+ /* Quietly copy to configured additional addresses if required. */
+
+ if ((bcc = moan_check_errorcopy(bounce_recipient)))
+ fprintf(fp, "Bcc: %s\n", bcc);
+
+ /* The texts for the message can be read from a template file; if there
+ isn't one, or if it is too short, built-in texts are used. The first
+ emf text is a Subject: and any other headers. */
+
+ if ((emf_text = next_emf(emf, US"header")))
+ fprintf(fp, "%s\n", emf_text);
+ else
+ fprintf(fp, "Subject: Mail delivery failed%s\n\n",
+ to_sender? ": returning message to sender" : "");
+
+ /* output human readable part as text/plain section */
+ fprintf(fp, "--%s\n"
+ "Content-type: text/plain; charset=us-ascii\n\n",
+ bound);
+
+ if ((emf_text = next_emf(emf, US"intro")))
+ fprintf(fp, "%s", CS emf_text);
+ else
+ {
+ fprintf(fp,
+/* This message has been reworded several times. It seems to be confusing to
+somebody, however it is worded. I have retreated to the original, simple
+wording. */
+"This message was created automatically by mail delivery software.\n");
+
+ if (bounce_message_text)
+ fprintf(fp, "%s", CS bounce_message_text);
+ if (to_sender)
+ fprintf(fp,
+"\nA message that you sent could not be delivered to one or more of its\n"
+"recipients. This is a permanent error. The following address(es) failed:\n");
+ else
+ fprintf(fp,
+"\nA message sent by\n\n <%s>\n\n"
+"could not be delivered to one or more of its recipients. The following\n"
+"address(es) failed:\n", sender_address);
+ }
+ fputc('\n', fp);
+
+ /* Process the addresses, leaving them on the msgchain if they have a
+ file name for a return message. (There has already been a check in
+ post_process_one() for the existence of data in the message file.) A TRUE
+ return from print_address_information() means that the address is not
+ hidden. */
+
+ paddr = &msgchain;
+ for (address_item * addr = msgchain; addr; addr = *paddr)
+ {
+ if (print_address_information(addr, fp, US" ", US"\n ", US""))
+ print_address_error(addr, fp, US"");
+
+ /* End the final line for the address */
+
+ fputc('\n', fp);
+
+ /* Leave on msgchain if there's a return file. */
+
+ if (addr->return_file >= 0)
+ {
+ paddr = &(addr->next);
+ filecount++;
+ }
+
+ /* Else save so that we can tick off the recipient when the
+ message is sent. */
+
+ else
+ {
+ *paddr = addr->next;
+ addr->next = handled_addr;
+ handled_addr = addr;
+ }
+ }
+
+ fputc('\n', fp);
+
+ /* Get the next text, whether we need it or not, so as to be
+ positioned for the one after. */
+
+ emf_text = next_emf(emf, US"generated text");
+
+ /* If there were any file messages passed by the local transports,
+ include them in the message. Then put the address on the handled chain.
+ In the case of a batch of addresses that were all sent to the same
+ transport, the return_file field in all of them will contain the same
+ fd, and the return_filename field in the *last* one will be set (to the
+ name of the file). */
+
+ if (msgchain)
+ {
+ address_item * nextaddr;
+
+ if (emf_text)
+ fprintf(fp, "%s", CS emf_text);
+ else
+ fprintf(fp,
+ "The following text was generated during the delivery "
+ "attempt%s:\n", (filecount > 1)? "s" : "");
+
+ for (address_item * addr = msgchain; addr; addr = nextaddr)
+ {
+ FILE *fm;
+ address_item *topaddr = addr;
+
+ /* List all the addresses that relate to this file */
+
+ fputc('\n', fp);
+ while(addr) /* Insurance */
+ {
+ print_address_information(addr, fp, US"------ ", US"\n ",
+ US" ------\n");
+ if (addr->return_filename) break;
+ addr = addr->next;
+ }
+ fputc('\n', fp);
+
+ /* Now copy the file */
+
+ if (!(fm = Ufopen(addr->return_filename, "rb")))
+ fprintf(fp, " +++ Exim error... failed to open text file: %s\n",
+ strerror(errno));
+ else
+ {
+ while ((ch = fgetc(fm)) != EOF) fputc(ch, fp);
+ (void)fclose(fm);
+ }
+ Uunlink(addr->return_filename);
+
+ /* Can now add to handled chain, first fishing off the next
+ address on the msgchain. */
+
+ nextaddr = addr->next;
+ addr->next = handled_addr;
+ handled_addr = topaddr;
+ }
+ fputc('\n', fp);
+ }
+
+ /* output machine readable part */
+#ifdef SUPPORT_I18N
+ if (message_smtputf8)
+ fprintf(fp, "--%s\n"
+ "Content-type: message/global-delivery-status\n\n"
+ "Reporting-MTA: dns; %s\n",
+ bound, smtp_active_hostname);
+ else
+#endif
+ fprintf(fp, "--%s\n"
+ "Content-type: message/delivery-status\n\n"
+ "Reporting-MTA: dns; %s\n",
+ bound, smtp_active_hostname);
+
+ if (dsn_envid)
+ {
+ /* must be decoded from xtext: see RFC 3461:6.3a */
+ uschar *xdec_envid;
+ if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0)
+ fprintf(fp, "Original-Envelope-ID: %s\n", dsn_envid);
+ else
+ fprintf(fp, "X-Original-Envelope-ID: error decoding xtext formatted ENVID\n");
+ }
+ fputc('\n', fp);
+
+ for (address_item * addr = handled_addr; addr; addr = addr->next)
+ {
+ host_item * hu;
+
+ print_dsn_addr_action(fp, addr, US"failed", US"5.0.0");
+
+ if ((hu = addr->host_used) && hu->name)
+ {
+ fprintf(fp, "Remote-MTA: dns; %s\n", hu->name);
+#ifdef EXPERIMENTAL_DSN_INFO
+ {
+ const uschar * s;
+ if (hu->address)
+ {
+ uschar * p = hu->port == 25
+ ? US"" : string_sprintf(":%d", hu->port);
+ fprintf(fp, "Remote-MTA: X-ip; [%s]%s\n", hu->address, p);
+ }
+ if ((s = addr->smtp_greeting) && *s)
+ fprintf(fp, "X-Remote-MTA-smtp-greeting: X-str; %.900s\n", s);
+ if ((s = addr->helo_response) && *s)
+ fprintf(fp, "X-Remote-MTA-helo-response: X-str; %.900s\n", s);
+ if ((s = addr->message) && *s)
+ fprintf(fp, "X-Exim-Diagnostic: X-str; %.900s\n", s);
+ }
+#endif
+ print_dsn_diagnostic_code(addr, fp);
+ }
+ fputc('\n', fp);
+ }
+
+ /* Now copy the message, trying to give an intelligible comment if
+ it is too long for it all to be copied. The limit isn't strictly
+ applied because of the buffering. There is, however, an option
+ to suppress copying altogether. */
+
+ emf_text = next_emf(emf, US"copy");
+
+ /* add message body
+ we ignore the intro text from template and add
+ the text for bounce_return_size_limit at the end.
+
+ bounce_return_message is ignored
+ in case RET= is defined we honor these values
+ otherwise bounce_return_body is honored.
+
+ bounce_return_size_limit is always honored.
+ */
+
+ fprintf(fp, "--%s\n", bound);
+
+ dsnlimitmsg = US"X-Exim-DSN-Information: Due to administrative limits only headers are returned";
+ dsnnotifyhdr = NULL;
+ topt = topt_add_return_path;
+
+ /* RET=HDRS? top priority */
+ if (dsn_ret == dsn_ret_hdrs)
+ topt |= topt_no_body;
+ else
+ {
+ struct stat statbuf;
+
+ /* no full body return at all? */
+ if (!bounce_return_body)
+ {
+ topt |= topt_no_body;
+ /* add header if we overrule RET=FULL */
+ if (dsn_ret == dsn_ret_full)
+ dsnnotifyhdr = dsnlimitmsg;
+ }
+ /* line length limited... return headers only if oversize */
+ /* size limited ... return headers only if limit reached */
+ else if ( max_received_linelength > bounce_return_linesize_limit
+ || ( bounce_return_size_limit > 0
+ && fstat(deliver_datafile, &statbuf) == 0
+ && statbuf.st_size > max
+ ) )
+ {
+ topt |= topt_no_body;
+ dsnnotifyhdr = dsnlimitmsg;
+ }
+ }
+
+#ifdef SUPPORT_I18N
+ if (message_smtputf8)
+ fputs(topt & topt_no_body ? "Content-type: message/global-headers\n\n"
+ : "Content-type: message/global\n\n",
+ fp);
+ else
+#endif
+ fputs(topt & topt_no_body ? "Content-type: text/rfc822-headers\n\n"
+ : "Content-type: message/rfc822\n\n",
+ fp);
+
+ fflush(fp);
+ transport_filter_argv = NULL; /* Just in case */
+ return_path = sender_address; /* In case not previously set */
+ { /* Dummy transport for headers add */
+ transport_ctx tctx = {{0}};
+ transport_instance tb = {0};
+
+ tctx.u.fd = fileno(fp);
+ tctx.tblock = &tb;
+ tctx.options = topt;
+ tb.add_headers = dsnnotifyhdr;
+
+ /*XXX no checking for failure! buggy! */
+ transport_write_message(&tctx, 0);
+ }
+ fflush(fp);
+
+ /* we never add the final text. close the file */
+ if (emf)
+ (void)fclose(emf);
+
+ fprintf(fp, "\n--%s--\n", bound);
+
+ /* Close the file, which should send an EOF to the child process
+ that is receiving the message. Wait for it to finish. */
+
+ (void)fclose(fp);
+ rc = child_close(pid, 0); /* Waits for child to close, no timeout */
+
+ /* If the process failed, there was some disaster in setting up the
+ error message. Unless the message is very old, ensure that addr_defer
+ is non-null, which will have the effect of leaving the message on the
+ spool. The failed addresses will get tried again next time. However, we
+ don't really want this to happen too often, so freeze the message unless
+ there are some genuine deferred addresses to try. To do this we have
+ to call spool_write_header() here, because with no genuine deferred
+ addresses the normal code below doesn't get run. */
+
+ if (rc != 0)
+ {
+ uschar *s = US"";
+ if (now - received_time.tv_sec < retry_maximum_timeout && !addr_defer)
+ {
+ addr_defer = (address_item *)(+1);
+ f.deliver_freeze = TRUE;
+ deliver_frozen_at = time(NULL);
+ /* Panic-dies on error */
+ (void)spool_write_header(message_id, SW_DELIVERING, NULL);
+ s = US" (frozen)";
+ }
+ deliver_msglog("Process failed (%d) when writing error message "
+ "to %s%s", rc, bounce_recipient, s);
+ log_write(0, LOG_MAIN, "Process failed (%d) when writing error message "
+ "to %s%s", rc, bounce_recipient, s);
+ }
+
+ /* The message succeeded. Ensure that the recipients that failed are
+ now marked finished with on the spool and their parents updated. */
+
+ else
+ {
+ for (address_item * addr = handled_addr; addr; addr = addr->next)
+ {
+ address_done(addr, logtod);
+ child_done(addr, logtod);
+ }
+ /* Panic-dies on error */
+ (void)spool_write_header(message_id, SW_DELIVERING, NULL);
+ }
+ }
+}
+
+/*************************************************
+* Send a warning message *
+*************************************************/
+/* Return: boolean success */
+
+static BOOL
+send_warning_message(const uschar * recipients, int queue_time, int show_time)
+{
+int fd;
+pid_t pid = child_open_exim(&fd, US"delay-warning-message");
+FILE * wmf = NULL, * f = fdopen(fd, "wb");
+uschar * wmf_text, * bound;
+transport_ctx tctx = {{0}};
+
+
+if (pid <= 0) return FALSE;
+
+if (warn_message_file)
+ wmf = expand_open(warn_message_file,
+ US"warn_message_file", US"warning");
+
+warnmsg_recipients = recipients;
+warnmsg_delay = queue_time < 120*60
+ ? string_sprintf("%d minutes", show_time/60)
+ : string_sprintf("%d hours", show_time/3600);
+
+if (errors_reply_to)
+ fprintf(f, "Reply-To: %s\n", errors_reply_to);
+fprintf(f, "Auto-Submitted: auto-replied\n");
+moan_write_from(f);
+fprintf(f, "To: %s\n", recipients);
+moan_write_references(f, NULL);
+
+/* generated boundary string and output MIME-Headers */
+bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
+
+fprintf(f, "Content-Type: multipart/report;"
+ " report-type=delivery-status; boundary=%s\n"
+ "MIME-Version: 1.0\n",
+ bound);
+
+if ((wmf_text = next_emf(wmf, US"header")))
+ fprintf(f, "%s\n", wmf_text);
+else
+ fprintf(f, "Subject: Warning: message %s delayed %s\n\n",
+ message_id, warnmsg_delay);
+
+/* output human readable part as text/plain section */
+fprintf(f, "--%s\n"
+ "Content-type: text/plain; charset=us-ascii\n\n",
+ bound);
+
+if ((wmf_text = next_emf(wmf, US"intro")))
+ fprintf(f, "%s", CS wmf_text);
+else
+ {
+ fprintf(f,
+"This message was created automatically by mail delivery software.\n");
+
+ if (Ustrcmp(recipients, sender_address) == 0)
+ fprintf(f,
+"A message that you sent has not yet been delivered to one or more of its\n"
+"recipients after more than ");
+
+ else
+ fprintf(f,
+"A message sent by\n\n <%s>\n\n"
+"has not yet been delivered to one or more of its recipients after more than \n",
+ sender_address);
+
+ fprintf(f, "%s on the queue on %s.\n\n"
+ "The message identifier is: %s\n",
+ warnmsg_delay, primary_hostname, message_id);
+
+ for (header_line * h = header_list; h; h = h->next)
+ if (strncmpic(h->text, US"Subject:", 8) == 0)
+ fprintf(f, "The subject of the message is: %s", h->text + 9);
+ else if (strncmpic(h->text, US"Date:", 5) == 0)
+ fprintf(f, "The date of the message is: %s", h->text + 6);
+ fputc('\n', f);
+
+ fprintf(f, "The address%s to which the message has not yet been "
+ "delivered %s:\n",
+ !addr_defer->next ? "" : "es",
+ !addr_defer->next ? "is": "are");
+ }
+
+/* List the addresses, with error information if allowed */
+
+fputc('\n', f);
+for (address_item * addr = addr_defer; addr; addr = addr->next)
+ {
+ if (print_address_information(addr, f, US" ", US"\n ", US""))
+ print_address_error(addr, f, US"Delay reason: ");
+ fputc('\n', f);
+ }
+fputc('\n', f);
+
+/* Final text */
+
+if (wmf)
+ {
+ if ((wmf_text = next_emf(wmf, US"final")))
+ fprintf(f, "%s", CS wmf_text);
+ (void)fclose(wmf);
+ }
+else
+ {
+ fprintf(f,
+"No action is required on your part. Delivery attempts will continue for\n"
+"some time, and this warning may be repeated at intervals if the message\n"
+"remains undelivered. Eventually the mail delivery software will give up,\n"
+"and when that happens, the message will be returned to you.\n");
+ }
+
+/* output machine readable part */
+fprintf(f, "\n--%s\n"
+ "Content-type: message/delivery-status\n\n"
+ "Reporting-MTA: dns; %s\n",
+ bound,
+ smtp_active_hostname);
+
+
+if (dsn_envid)
+ {
+ /* must be decoded from xtext: see RFC 3461:6.3a */
+ uschar *xdec_envid;
+ if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0)
+ fprintf(f,"Original-Envelope-ID: %s\n", dsn_envid);
+ else
+ fprintf(f,"X-Original-Envelope-ID: error decoding xtext formatted ENVID\n");
+ }
+fputc('\n', f);
+
+for (address_item * addr = addr_defer; addr; addr = addr->next)
+ {
+ host_item * hu;
+
+ print_dsn_addr_action(f, addr, US"delayed", US"4.0.0");
+
+ if ((hu = addr->host_used) && hu->name)
+ {
+ fprintf(f, "Remote-MTA: dns; %s\n", hu->name);
+ print_dsn_diagnostic_code(addr, f);
+ }
+ fputc('\n', f);
+ }
+
+fprintf(f, "--%s\n"
+ "Content-type: text/rfc822-headers\n\n",
+ bound);
+
+fflush(f);
+/* header only as required by RFC. only failure DSN needs to honor RET=FULL */
+tctx.u.fd = fileno(f);
+tctx.options = topt_add_return_path | topt_no_body;
+transport_filter_argv = NULL; /* Just in case */
+return_path = sender_address; /* In case not previously set */
+
+/* Write the original email out */
+/*XXX no checking for failure! buggy! */
+transport_write_message(&tctx, 0);
+fflush(f);
+
+fprintf(f,"\n--%s--\n", bound);
+
+fflush(f);
+
+/* Close and wait for child process to complete, without a timeout.
+If there's an error, don't update the count. */
+
+(void)fclose(f);
+return child_close(pid, 0) == 0;
+}
+
/*************************************************
* Deliver one message *
*************************************************/
uschar * fname = spool_fname(US"input", message_subdir, id, US"-J");
FILE * jread;
- if ( (journal_fd = Uopen(fname, O_RDWR|O_APPEND
-#ifdef O_CLOEXEC
- | O_CLOEXEC
-#endif
-#ifdef O_NOFOLLOW
- | O_NOFOLLOW
-#endif
- , SPOOL_MODE)) >= 0
+ if ( (journal_fd = Uopen(fname,
+ O_RDWR|O_APPEND | EXIM_CLOEXEC | EXIM_NOFOLLOW, SPOOL_MODE)) >= 0
&& lseek(journal_fd, 0, SEEK_SET) == 0
&& (jread = fdopen(journal_fd, "rb"))
)
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
}
- /* Make a C stream out of it. */
+ /* Make a stdio stream out of it. */
if (!(message_log = fdopen(fd, "a")))
{
string_copyn(addr+start, dom ? (dom-1) - start : end - start);
deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS"";
- event_raise(event_action, US"msg:fail:internal", new->message);
+ (void) event_raise(event_action, US"msg:fail:internal", new->message, NULL);
deliver_localpart = save_local;
deliver_domain = save_domain;
f.header_rewritten = FALSE; /* No headers rewritten yet */
while (addr_new) /* Loop until all addresses dealt with */
{
- address_item *addr, *parent;
+ address_item * addr, * parent;
/* Failure to open the retry database is treated the same as if it does
not exist. In both cases, dbm_file is NULL. */
while (addr_new)
{
int rc;
- uschar *p;
- tree_node *tnode;
- dbdata_retry *domain_retry_record;
- dbdata_retry *address_retry_record;
+ tree_node * tnode;
+ dbdata_retry * domain_retry_record, * address_retry_record;
addr = addr_new;
addr_new = addr->next;
/* Treat /dev/null as a special case and abandon the delivery. This
avoids having to specify a uid on the transport just for this case.
- Arrange for the transport name to be logged as "**bypassed**". */
+ Arrange for the transport name to be logged as "**bypassed**".
+ Copy the transport for this fairly unusual case rather than having
+ to make all transports mutable. */
if (Ustrcmp(addr->address, "/dev/null") == 0)
{
- uschar *save = addr->transport->name;
- addr->transport->name = US"**bypassed**";
+ transport_instance * save_t = addr->transport;
+ transport_instance * t = store_get(sizeof(*t), save_t);
+ *t = *save_t;
+ t->name = US"**bypassed**";
+ addr->transport = t;
(void)post_process_one(addr, OK, LOG_MAIN, EXIM_DTYPE_TRANSPORT, '=');
- addr->transport->name = save;
+ addr->transport= save_t;
continue; /* with the next new address */
}
/* Ensure that the domain in the unique field is lower cased, because
domains are always handled caselessly. */
- p = Ustrrchr(addr->unique, '@');
- while (*p != 0) { *p = tolower(*p); p++; }
+ for (uschar * p = Ustrrchr(addr->unique, '@'); *p; p++) *p = tolower(*p);
DEBUG(D_deliver|D_route) debug_printf("unique = %s\n", addr->unique);
uschar * fname = spool_fname(US"input", message_subdir, id, US"-J");
if ((journal_fd = Uopen(fname,
-#ifdef O_CLOEXEC
- O_CLOEXEC |
-#endif
- O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0)
+ EXIM_CLOEXEC | O_WRONLY|O_APPEND|O_CREAT|O_EXCL, SPOOL_MODE)) < 0)
{
log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s",
fname, strerror(errno));
if (!regex_IGNOREQUOTA)
regex_IGNOREQUOTA =
- regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE);
+ regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", MCS_NOFLAGS, TRUE);
/* Handle local deliveries */
{
/* copy and relink address_item and send report with all of them at once later */
address_item * addr_next = addr_senddsn;
- addr_senddsn = store_get(sizeof(address_item), FALSE);
+ addr_senddsn = store_get(sizeof(address_item), GET_UNTAINTED);
*addr_senddsn = *a;
addr_senddsn->next = addr_next;
}
if (dsn_envid)
{ /* must be decoded from xtext: see RFC 3461:6.3a */
- uschar *xdec_envid;
+ uschar * xdec_envid;
if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0)
fprintf(f, "Original-Envelope-ID: %s\n", dsn_envid);
else
while (addr_failed)
{
- pid_t pid;
- int fd;
- uschar *logtod = tod_stamp(tod_log);
- address_item *addr;
- address_item *handled_addr = NULL;
- address_item **paddr;
- address_item *msgchain = NULL;
- address_item **pmsgchain = &msgchain;
+ const uschar * logtod = tod_stamp(tod_log);
+ address_item * addr;
/* There are weird cases when logging is disabled in the transport. However,
there may not be a transport (address failed by a router). */
/* Otherwise, handle the sending of a message. Find the error address for
the first address, then send a message that includes all failed addresses
- that have the same error address. Note the bounce_recipient is a global so
- that it can be accessed by $bounce_recipient while creating a customized
- error message. */
+ that have the same error address. */
else
- {
- if (!(bounce_recipient = addr_failed->prop.errors_address))
- bounce_recipient = sender_address;
-
- /* Make a subprocess to send a message */
-
- if ((pid = child_open_exim(&fd, US"bounce-message")) < 0)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Process %d (parent %d) failed to "
- "create child process to send failure message: %s", getpid(),
- getppid(), strerror(errno));
-
- /* Creation of child succeeded */
-
- else
- {
- int ch, rc;
- int filecount = 0;
- int rcount = 0;
- uschar *bcc, *emf_text;
- FILE * fp = fdopen(fd, "wb");
- FILE * emf = NULL;
- BOOL to_sender = strcmpic(sender_address, bounce_recipient) == 0;
- int max = (bounce_return_size_limit/DELIVER_IN_BUFFER_SIZE + 1) *
- DELIVER_IN_BUFFER_SIZE;
- uschar * bound;
- uschar *dsnlimitmsg;
- uschar *dsnnotifyhdr;
- int topt;
-
- DEBUG(D_deliver)
- debug_printf("sending error message to: %s\n", bounce_recipient);
-
- /* Scan the addresses for all that have the same errors address, removing
- them from the addr_failed chain, and putting them on msgchain. */
-
- paddr = &addr_failed;
- for (addr = addr_failed; addr; addr = *paddr)
- if (Ustrcmp(bounce_recipient, addr->prop.errors_address
- ? addr->prop.errors_address : sender_address) == 0)
- { /* The same - dechain */
- *paddr = addr->next;
- *pmsgchain = addr;
- addr->next = NULL;
- pmsgchain = &(addr->next);
- }
- else
- paddr = &addr->next; /* Not the same; skip */
-
- /* Include X-Failed-Recipients: for automatic interpretation, but do
- not let any one header line get too long. We do this by starting a
- new header every 50 recipients. Omit any addresses for which the
- "hide_child" flag is set. */
-
- for (addr = msgchain; addr; addr = addr->next)
- {
- if (testflag(addr, af_hide_child)) continue;
- if (rcount >= 50)
- {
- fprintf(fp, "\n");
- rcount = 0;
- }
- fprintf(fp, "%s%s",
- rcount++ == 0
- ? "X-Failed-Recipients: "
- : ",\n ",
- testflag(addr, af_pfr) && addr->parent
- ? string_printing(addr->parent->address)
- : string_printing(addr->address));
- }
- if (rcount > 0) fprintf(fp, "\n");
-
- /* Output the standard headers */
-
- if (errors_reply_to)
- fprintf(fp, "Reply-To: %s\n", errors_reply_to);
- fprintf(fp, "Auto-Submitted: auto-replied\n");
- moan_write_from(fp);
- fprintf(fp, "To: %s\n", bounce_recipient);
- moan_write_references(fp, NULL);
-
- /* generate boundary string and output MIME-Headers */
- bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
-
- fprintf(fp, "Content-Type: multipart/report;"
- " report-type=delivery-status; boundary=%s\n"
- "MIME-Version: 1.0\n",
- bound);
-
- /* Open a template file if one is provided. Log failure to open, but
- carry on - default texts will be used. */
-
- if (bounce_message_file)
- emf = expand_open(bounce_message_file,
- US"bounce_message_file", US"error");
-
- /* Quietly copy to configured additional addresses if required. */
-
- if ((bcc = moan_check_errorcopy(bounce_recipient)))
- fprintf(fp, "Bcc: %s\n", bcc);
-
- /* The texts for the message can be read from a template file; if there
- isn't one, or if it is too short, built-in texts are used. The first
- emf text is a Subject: and any other headers. */
-
- if ((emf_text = next_emf(emf, US"header")))
- fprintf(fp, "%s\n", emf_text);
- else
- fprintf(fp, "Subject: Mail delivery failed%s\n\n",
- to_sender? ": returning message to sender" : "");
-
- /* output human readable part as text/plain section */
- fprintf(fp, "--%s\n"
- "Content-type: text/plain; charset=us-ascii\n\n",
- bound);
-
- if ((emf_text = next_emf(emf, US"intro")))
- fprintf(fp, "%s", CS emf_text);
- else
- {
- fprintf(fp,
-/* This message has been reworded several times. It seems to be confusing to
-somebody, however it is worded. I have retreated to the original, simple
-wording. */
-"This message was created automatically by mail delivery software.\n");
-
- if (bounce_message_text)
- fprintf(fp, "%s", CS bounce_message_text);
- if (to_sender)
- fprintf(fp,
-"\nA message that you sent could not be delivered to one or more of its\n"
-"recipients. This is a permanent error. The following address(es) failed:\n");
- else
- fprintf(fp,
-"\nA message sent by\n\n <%s>\n\n"
-"could not be delivered to one or more of its recipients. The following\n"
-"address(es) failed:\n", sender_address);
- }
- fputc('\n', fp);
-
- /* Process the addresses, leaving them on the msgchain if they have a
- file name for a return message. (There has already been a check in
- post_process_one() for the existence of data in the message file.) A TRUE
- return from print_address_information() means that the address is not
- hidden. */
-
- paddr = &msgchain;
- for (addr = msgchain; addr; addr = *paddr)
- {
- if (print_address_information(addr, fp, US" ", US"\n ", US""))
- print_address_error(addr, fp, US"");
-
- /* End the final line for the address */
-
- fputc('\n', fp);
-
- /* Leave on msgchain if there's a return file. */
-
- if (addr->return_file >= 0)
- {
- paddr = &(addr->next);
- filecount++;
- }
-
- /* Else save so that we can tick off the recipient when the
- message is sent. */
-
- else
- {
- *paddr = addr->next;
- addr->next = handled_addr;
- handled_addr = addr;
- }
- }
-
- fputc('\n', fp);
-
- /* Get the next text, whether we need it or not, so as to be
- positioned for the one after. */
-
- emf_text = next_emf(emf, US"generated text");
-
- /* If there were any file messages passed by the local transports,
- include them in the message. Then put the address on the handled chain.
- In the case of a batch of addresses that were all sent to the same
- transport, the return_file field in all of them will contain the same
- fd, and the return_filename field in the *last* one will be set (to the
- name of the file). */
-
- if (msgchain)
- {
- address_item *nextaddr;
-
- if (emf_text)
- fprintf(fp, "%s", CS emf_text);
- else
- fprintf(fp,
- "The following text was generated during the delivery "
- "attempt%s:\n", (filecount > 1)? "s" : "");
-
- for (addr = msgchain; addr; addr = nextaddr)
- {
- FILE *fm;
- address_item *topaddr = addr;
-
- /* List all the addresses that relate to this file */
-
- fputc('\n', fp);
- while(addr) /* Insurance */
- {
- print_address_information(addr, fp, US"------ ", US"\n ",
- US" ------\n");
- if (addr->return_filename) break;
- addr = addr->next;
- }
- fputc('\n', fp);
-
- /* Now copy the file */
-
- if (!(fm = Ufopen(addr->return_filename, "rb")))
- fprintf(fp, " +++ Exim error... failed to open text file: %s\n",
- strerror(errno));
- else
- {
- while ((ch = fgetc(fm)) != EOF) fputc(ch, fp);
- (void)fclose(fm);
- }
- Uunlink(addr->return_filename);
-
- /* Can now add to handled chain, first fishing off the next
- address on the msgchain. */
-
- nextaddr = addr->next;
- addr->next = handled_addr;
- handled_addr = topaddr;
- }
- fputc('\n', fp);
- }
-
- /* output machine readable part */
-#ifdef SUPPORT_I18N
- if (message_smtputf8)
- fprintf(fp, "--%s\n"
- "Content-type: message/global-delivery-status\n\n"
- "Reporting-MTA: dns; %s\n",
- bound, smtp_active_hostname);
- else
-#endif
- fprintf(fp, "--%s\n"
- "Content-type: message/delivery-status\n\n"
- "Reporting-MTA: dns; %s\n",
- bound, smtp_active_hostname);
-
- if (dsn_envid)
- {
- /* must be decoded from xtext: see RFC 3461:6.3a */
- uschar *xdec_envid;
- if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0)
- fprintf(fp, "Original-Envelope-ID: %s\n", dsn_envid);
- else
- fprintf(fp, "X-Original-Envelope-ID: error decoding xtext formatted ENVID\n");
- }
- fputc('\n', fp);
-
- for (addr = handled_addr; addr; addr = addr->next)
- {
- host_item * hu;
-
- print_dsn_addr_action(fp, addr, US"failed", US"5.0.0");
-
- if ((hu = addr->host_used) && hu->name)
- {
- fprintf(fp, "Remote-MTA: dns; %s\n", hu->name);
-#ifdef EXPERIMENTAL_DSN_INFO
- {
- const uschar * s;
- if (hu->address)
- {
- uschar * p = hu->port == 25
- ? US"" : string_sprintf(":%d", hu->port);
- fprintf(fp, "Remote-MTA: X-ip; [%s]%s\n", hu->address, p);
- }
- if ((s = addr->smtp_greeting) && *s)
- fprintf(fp, "X-Remote-MTA-smtp-greeting: X-str; %.900s\n", s);
- if ((s = addr->helo_response) && *s)
- fprintf(fp, "X-Remote-MTA-helo-response: X-str; %.900s\n", s);
- if ((s = addr->message) && *s)
- fprintf(fp, "X-Exim-Diagnostic: X-str; %.900s\n", s);
- }
-#endif
- print_dsn_diagnostic_code(addr, fp);
- }
- fputc('\n', fp);
- }
-
- /* Now copy the message, trying to give an intelligible comment if
- it is too long for it all to be copied. The limit isn't strictly
- applied because of the buffering. There is, however, an option
- to suppress copying altogether. */
-
- emf_text = next_emf(emf, US"copy");
-
- /* add message body
- we ignore the intro text from template and add
- the text for bounce_return_size_limit at the end.
-
- bounce_return_message is ignored
- in case RET= is defined we honor these values
- otherwise bounce_return_body is honored.
-
- bounce_return_size_limit is always honored.
- */
-
- fprintf(fp, "--%s\n", bound);
-
- dsnlimitmsg = US"X-Exim-DSN-Information: Due to administrative limits only headers are returned";
- dsnnotifyhdr = NULL;
- topt = topt_add_return_path;
-
- /* RET=HDRS? top priority */
- if (dsn_ret == dsn_ret_hdrs)
- topt |= topt_no_body;
- else
- {
- struct stat statbuf;
-
- /* no full body return at all? */
- if (!bounce_return_body)
- {
- topt |= topt_no_body;
- /* add header if we overrule RET=FULL */
- if (dsn_ret == dsn_ret_full)
- dsnnotifyhdr = dsnlimitmsg;
- }
- /* line length limited... return headers only if oversize */
- /* size limited ... return headers only if limit reached */
- else if ( max_received_linelength > bounce_return_linesize_limit
- || ( bounce_return_size_limit > 0
- && fstat(deliver_datafile, &statbuf) == 0
- && statbuf.st_size > max
- ) )
- {
- topt |= topt_no_body;
- dsnnotifyhdr = dsnlimitmsg;
- }
- }
-
-#ifdef SUPPORT_I18N
- if (message_smtputf8)
- fputs(topt & topt_no_body ? "Content-type: message/global-headers\n\n"
- : "Content-type: message/global\n\n",
- fp);
- else
-#endif
- fputs(topt & topt_no_body ? "Content-type: text/rfc822-headers\n\n"
- : "Content-type: message/rfc822\n\n",
- fp);
-
- fflush(fp);
- transport_filter_argv = NULL; /* Just in case */
- return_path = sender_address; /* In case not previously set */
- { /* Dummy transport for headers add */
- transport_ctx tctx = {{0}};
- transport_instance tb = {0};
-
- tctx.u.fd = fileno(fp);
- tctx.tblock = &tb;
- tctx.options = topt;
- tb.add_headers = dsnnotifyhdr;
-
- /*XXX no checking for failure! buggy! */
- transport_write_message(&tctx, 0);
- }
- fflush(fp);
-
- /* we never add the final text. close the file */
- if (emf)
- (void)fclose(emf);
-
- fprintf(fp, "\n--%s--\n", bound);
-
- /* Close the file, which should send an EOF to the child process
- that is receiving the message. Wait for it to finish. */
-
- (void)fclose(fp);
- rc = child_close(pid, 0); /* Waits for child to close, no timeout */
-
- /* If the process failed, there was some disaster in setting up the
- error message. Unless the message is very old, ensure that addr_defer
- is non-null, which will have the effect of leaving the message on the
- spool. The failed addresses will get tried again next time. However, we
- don't really want this to happen too often, so freeze the message unless
- there are some genuine deferred addresses to try. To do this we have
- to call spool_write_header() here, because with no genuine deferred
- addresses the normal code below doesn't get run. */
-
- if (rc != 0)
- {
- uschar *s = US"";
- if (now - received_time.tv_sec < retry_maximum_timeout && !addr_defer)
- {
- addr_defer = (address_item *)(+1);
- f.deliver_freeze = TRUE;
- deliver_frozen_at = time(NULL);
- /* Panic-dies on error */
- (void)spool_write_header(message_id, SW_DELIVERING, NULL);
- s = US" (frozen)";
- }
- deliver_msglog("Process failed (%d) when writing error message "
- "to %s%s", rc, bounce_recipient, s);
- log_write(0, LOG_MAIN, "Process failed (%d) when writing error message "
- "to %s%s", rc, bounce_recipient, s);
- }
-
- /* The message succeeded. Ensure that the recipients that failed are
- now marked finished with on the spool and their parents updated. */
-
- else
- {
- for (addr = handled_addr; addr; addr = addr->next)
- {
- address_done(addr, logtod);
- child_done(addr, logtod);
- }
- /* Panic-dies on error */
- (void)spool_write_header(message_id, SW_DELIVERING, NULL);
- }
- }
- }
+ send_bounce_message(now, logtod);
}
f.disable_logging = FALSE; /* In case left set */
f.deliver_freeze = FALSE;
#ifndef DISABLE_EVENT
- (void) event_raise(event_action, US"msg:complete", NULL);
+ (void) event_raise(event_action, US"msg:complete", NULL, NULL);
#endif
}
else if (addr_defer != (address_item *)(+1))
{
- uschar *recipients = US"";
+ uschar * recipients = US"";
BOOL want_warning_msg = FALSE;
deliver_domain = testflag(addr_defer, af_pfr)
for (address_item * addr = addr_defer; addr; addr = addr->next)
{
- address_item *otaddr;
+ address_item * otaddr;
if (addr->basic_errno > ERRNO_WARN_BASE) want_warning_msg = TRUE;
have been. */
if (warning_count < count)
- {
- header_line *h;
- int fd;
- pid_t pid = child_open_exim(&fd, US"delay-warning-message");
-
- if (pid > 0)
- {
- uschar * wmf_text;
- FILE * wmf = NULL;
- FILE * f = fdopen(fd, "wb");
- uschar * bound;
- transport_ctx tctx = {{0}};
-
- if (warn_message_file)
- wmf = expand_open(warn_message_file,
- US"warn_message_file", US"warning");
-
- warnmsg_recipients = recipients;
- warnmsg_delay = queue_time < 120*60
- ? string_sprintf("%d minutes", show_time/60)
- : string_sprintf("%d hours", show_time/3600);
-
- if (errors_reply_to)
- fprintf(f, "Reply-To: %s\n", errors_reply_to);
- fprintf(f, "Auto-Submitted: auto-replied\n");
- moan_write_from(f);
- fprintf(f, "To: %s\n", recipients);
- moan_write_references(f, NULL);
-
- /* generated boundary string and output MIME-Headers */
- bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
-
- fprintf(f, "Content-Type: multipart/report;"
- " report-type=delivery-status; boundary=%s\n"
- "MIME-Version: 1.0\n",
- bound);
-
- if ((wmf_text = next_emf(wmf, US"header")))
- fprintf(f, "%s\n", wmf_text);
- else
- fprintf(f, "Subject: Warning: message %s delayed %s\n\n",
- message_id, warnmsg_delay);
-
- /* output human readable part as text/plain section */
- fprintf(f, "--%s\n"
- "Content-type: text/plain; charset=us-ascii\n\n",
- bound);
-
- if ((wmf_text = next_emf(wmf, US"intro")))
- fprintf(f, "%s", CS wmf_text);
- else
- {
- fprintf(f,
-"This message was created automatically by mail delivery software.\n");
-
- if (Ustrcmp(recipients, sender_address) == 0)
- fprintf(f,
-"A message that you sent has not yet been delivered to one or more of its\n"
-"recipients after more than ");
-
- else
- fprintf(f,
-"A message sent by\n\n <%s>\n\n"
-"has not yet been delivered to one or more of its recipients after more than \n",
- sender_address);
-
- fprintf(f, "%s on the queue on %s.\n\n"
- "The message identifier is: %s\n",
- warnmsg_delay, primary_hostname, message_id);
-
- for (h = header_list; h; h = h->next)
- if (strncmpic(h->text, US"Subject:", 8) == 0)
- fprintf(f, "The subject of the message is: %s", h->text + 9);
- else if (strncmpic(h->text, US"Date:", 5) == 0)
- fprintf(f, "The date of the message is: %s", h->text + 6);
- fputc('\n', f);
-
- fprintf(f, "The address%s to which the message has not yet been "
- "delivered %s:\n",
- !addr_defer->next ? "" : "es",
- !addr_defer->next ? "is": "are");
- }
-
- /* List the addresses, with error information if allowed */
-
- fputc('\n', f);
- for (address_item * addr = addr_defer; addr; addr = addr->next)
- {
- if (print_address_information(addr, f, US" ", US"\n ", US""))
- print_address_error(addr, f, US"Delay reason: ");
- fputc('\n', f);
- }
- fputc('\n', f);
-
- /* Final text */
-
- if (wmf)
- {
- if ((wmf_text = next_emf(wmf, US"final")))
- fprintf(f, "%s", CS wmf_text);
- (void)fclose(wmf);
- }
- else
- {
- fprintf(f,
-"No action is required on your part. Delivery attempts will continue for\n"
-"some time, and this warning may be repeated at intervals if the message\n"
-"remains undelivered. Eventually the mail delivery software will give up,\n"
-"and when that happens, the message will be returned to you.\n");
- }
-
- /* output machine readable part */
- fprintf(f, "\n--%s\n"
- "Content-type: message/delivery-status\n\n"
- "Reporting-MTA: dns; %s\n",
- bound,
- smtp_active_hostname);
-
-
- if (dsn_envid)
- {
- /* must be decoded from xtext: see RFC 3461:6.3a */
- uschar *xdec_envid;
- if (auth_xtextdecode(dsn_envid, &xdec_envid) > 0)
- fprintf(f,"Original-Envelope-ID: %s\n", dsn_envid);
- else
- fprintf(f,"X-Original-Envelope-ID: error decoding xtext formatted ENVID\n");
- }
- fputc('\n', f);
-
- for (address_item * addr = addr_defer; addr; addr = addr->next)
- {
- host_item * hu;
-
- print_dsn_addr_action(f, addr, US"delayed", US"4.0.0");
-
- if ((hu = addr->host_used) && hu->name)
- {
- fprintf(f, "Remote-MTA: dns; %s\n", hu->name);
- print_dsn_diagnostic_code(addr, f);
- }
- fputc('\n', f);
- }
-
- fprintf(f, "--%s\n"
- "Content-type: text/rfc822-headers\n\n",
- bound);
-
- fflush(f);
- /* header only as required by RFC. only failure DSN needs to honor RET=FULL */
- tctx.u.fd = fileno(f);
- tctx.options = topt_add_return_path | topt_no_body;
- transport_filter_argv = NULL; /* Just in case */
- return_path = sender_address; /* In case not previously set */
-
- /* Write the original email out */
- /*XXX no checking for failure! buggy! */
- transport_write_message(&tctx, 0);
- fflush(f);
-
- fprintf(f,"\n--%s--\n", bound);
-
- fflush(f);
-
- /* Close and wait for child process to complete, without a timeout.
- If there's an error, don't update the count. */
-
- (void)fclose(f);
- if (child_close(pid, 0) == 0)
- {
- warning_count = count;
- update_spool = TRUE; /* Ensure spool rewritten */
- }
- }
- }
+ if (send_warning_message(recipients, queue_time, show_time))
+ {
+ warning_count = count;
+ update_spool = TRUE; /* Ensure spool rewritten */
+ }
}
/* Clear deliver_domain */
+/* Called from a commandline, or from the daemon, to do a delivery.
+We need to regain privs; do this by exec of the exim binary. */
+
void
delivery_re_exec(int exec_type)
{
if (pid == 0) /* child: will fork again to totally disconnect */
{
smtp_proxy_tls(cutthrough.cctx.tls_ctx, big_buffer, big_buffer_size,
- pfd, 5*60);
+ pfd, 5*60, cutthrough.host.name);
/* does not return */
}
git://git.exim.org / exim.git / blobdiff