X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8c513105fde2b8be3397216a0153f9b266fc7dfb..001bf8f58763581d117edaa391aa13ac139eb39b:/src/src/receive.c diff --git a/src/src/receive.c b/src/src/receive.c index 93b350a65..3e950ffc6 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for receiving a message and setting up spool files. */ @@ -14,9 +15,9 @@ extern int dcc_ok; #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC # include "dmarc.h" -#endif /* EXPERIMENTAL_DMARC */ +#endif /************************************************* * Local static variables * @@ -175,6 +176,7 @@ else empty item in a list. */ if (*p == 0) p = US":"; + /* should never be a tainted list */ while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer)))) if (Ustrcmp(path, "syslog") != 0) break; @@ -216,7 +218,7 @@ if (STATVFS(CS path, &statbuf) != 0) log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat " "%s directory %s: %s", name, path, strerror(errno)); smtp_closedown(US"spool or log directory problem"); - exim_exit(EXIT_FAILURE, NULL); + exim_exit(EXIT_FAILURE); } *inodeptr = (statbuf.F_FILES > 0)? statbuf.F_FAVAIL : -1; @@ -270,8 +272,8 @@ if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0) "check_space = " PR_EXIM_ARITH "K inodes = %d msg_size = %d\n", space, inodes, check_spool_space, check_spool_inodes, msg_size); - if ((space >= 0 && space < check_spool_space) || - (inodes >= 0 && inodes < check_spool_inodes)) + if ( space >= 0 && space + msg_size / 1024 < check_spool_space + || inodes >= 0 && inodes < check_spool_inodes) { log_write(0, LOG_MAIN, "spool directory space check failed: space=" PR_EXIM_ARITH " inodes=%d", space, inodes); @@ -372,7 +374,7 @@ if (!already_bombing_out) /* Exit from the program (non-BSMTP cases) */ -exim_exit(EXIT_FAILURE, NULL); +exim_exit(EXIT_FAILURE); } @@ -489,7 +491,7 @@ if (recipients_count >= recipients_list_max) recipient_item *oldlist = recipients_list; int oldmax = recipients_list_max; recipients_list_max = recipients_list_max ? 2*recipients_list_max : 50; - recipients_list = store_get(recipients_list_max * sizeof(recipient_item)); + recipients_list = store_get(recipients_list_max * sizeof(recipient_item), FALSE); if (oldlist != NULL) memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item)); } @@ -554,11 +556,9 @@ Returns: TRUE if it did remove something; FALSE otherwise BOOL receive_remove_recipient(uschar *recipient) { -int count; DEBUG(D_receive) debug_printf("receive_remove_recipient(\"%s\") called\n", recipient); -for (count = 0; count < recipients_count; count++) - { +for (int count = 0; count < recipients_count; count++) if (Ustrcmp(recipients_list[count].address, recipient) == 0) { if ((--recipients_count - count) > 0) @@ -566,7 +566,6 @@ for (count = 0; count < recipients_count; count++) (recipients_count - count)*sizeof(recipient_item)); return TRUE; } - } return FALSE; } @@ -574,6 +573,30 @@ return FALSE; +/* Pause for a while waiting for input. If none received in that time, +close the logfile, if we had one open; then if we wait for a long-running +datasource (months, in one use-case) log rotation will not leave us holding +the file copy. */ + +static void +log_close_chk(void) +{ +if (!receive_timeout) + { + struct timeval t; + timesince(&t, &received_time); + if (t.tv_sec > 30*60) + mainlog_close(); + else + { + fd_set r; + FD_ZERO(&r); FD_SET(0, &r); + t.tv_sec = 30*60 - t.tv_sec; t.tv_usec = 0; + if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close(); + } + } +} + /************************************************* * Read data portion of a non-SMTP message * *************************************************/ @@ -622,9 +645,16 @@ register int linelength = 0; if (!f.dot_ends) { - register int last_ch = '\n'; + int last_ch = '\n'; + +/*XXX we do a gettimeofday before checking for every received char, +which is hardly clever. The function-indirection doesn't help, but +an additional function to check for nonempty read buffer would help. +See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */ - for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch) + for ( ; + log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; + last_ch = ch) { if (ch == 0) body_zerocount++; if (last_ch == '\r' && ch != '\n') @@ -666,7 +696,7 @@ if (!f.dot_ends) ch_state = 1; -while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) +while (log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -1144,7 +1174,7 @@ if (error_handling == ERRORS_SENDER) else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */ (void)fclose(f); -exim_exit(error_rc, US""); +exim_exit(error_rc); } @@ -1174,7 +1204,6 @@ Returns: nothing static void add_acl_headers(int where, uschar *acl_name) { -header_line *h, *next; header_line *last_received = NULL; switch(where) @@ -1195,14 +1224,13 @@ if (acl_removed_headers) { DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers removed by %s ACL:\n", acl_name); - for (h = header_list; h; h = h->next) if (h->type != htype_old) + for (header_line * h = header_list; h; h = h->next) if (h->type != htype_old) { const uschar * list = acl_removed_headers; int sep = ':'; /* This is specified as a colon-separated list */ uschar *s; - uschar buffer[128]; - while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) + while ((s = string_nextinlist(&list, &sep, NULL, 0))) if (header_testname(h, s, Ustrlen(s), FALSE)) { h->type = htype_old; @@ -1216,7 +1244,7 @@ if (acl_removed_headers) if (!acl_added_headers) return; DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers added by %s ACL:\n", acl_name); -for (h = acl_added_headers; h; h = next) +for (header_line * h = acl_added_headers, * next; h; h = next) { next = h->next; @@ -1321,7 +1349,7 @@ if (received_protocol) if (LOGGING(pipelining) && f.smtp_in_pipelining_advertised) { g = string_catn(g, US" L", 2); -#ifdef EXPERIMENTAL_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (f.smtp_in_early_pipe_used) g = string_catn(g, US"*", 1); else if (f.smtp_in_early_pipe_advertised) @@ -1360,7 +1388,6 @@ run_mime_acl(uschar *acl, BOOL *smtp_yield_ptr, uschar **smtp_reply_ptr, FILE *mbox_file; uschar * rfc822_file_path = NULL; unsigned long mbox_size; -header_line *my_headerlist; uschar *user_msg, *log_msg; int mime_part_count_buffer = -1; uschar * mbox_filename; @@ -1368,7 +1395,8 @@ int rc = OK; /* check if it is a MIME message */ -for (my_headerlist = header_list; my_headerlist; my_headerlist = my_headerlist->next) +for (header_line * my_headerlist = header_list; my_headerlist; + my_headerlist = my_headerlist->next) if ( my_headerlist->type != '*' /* skip deleted headers */ && strncmpic(my_headerlist->text, US"Content-Type:", 13) == 0 ) @@ -1426,7 +1454,7 @@ if (rc == OK) struct dirent * entry; DIR * tempdir; - for (tempdir = opendir(CS scandir); entry = readdir(tempdir); ) + for (tempdir = exim_opendir(scandir); entry = readdir(tempdir); ) if (strncmpic(US entry->d_name, US"__rfc822_", 9) == 0) { rfc822_file_path = string_sprintf("%s/%s", scandir, entry->d_name); @@ -1623,7 +1651,6 @@ not. */ BOOL receive_msg(BOOL extract_recip) { -int i; int rc = FAIL; int msg_size = 0; int process_info_len = Ustrlen(process_info); @@ -1656,6 +1683,7 @@ uschar *frozen_by = NULL; uschar *queued_by = NULL; uschar *errmsg; +rmark rcvd_log_reset_point; gstring * g; struct stat statbuf; @@ -1666,7 +1694,8 @@ uschar *user_msg, *log_msg; /* Working header pointers */ -header_line *h, *next; +rmark reset_point; +header_line *next; /* Flags for noting the existence of certain headers (only one left) */ @@ -1678,10 +1707,7 @@ header_line *from_header = NULL; header_line *subject_header = NULL; header_line *msgid_header = NULL; header_line *received_header; - -#ifdef EXPERIMENTAL_DMARC -int dmarc_up = 0; -#endif /* EXPERIMENTAL_DMARC */ +BOOL msgid_header_newly_created = FALSE; /* Variables for use when building the Received: header. */ @@ -1705,7 +1731,7 @@ if (extract_recip || !smtp_input) header. Temporarily mark it as "old", i.e. not to be used. We keep header_last pointing to the end of the chain to make adding headers simple. */ -received_header = header_list = header_last = store_get(sizeof(header_line)); +received_header = header_list = header_last = store_get(sizeof(header_line), FALSE); header_list->next = NULL; header_list->type = htype_old; header_list->text = NULL; @@ -1713,8 +1739,9 @@ header_list->slen = 0; /* Control block for the next header to be read. */ -next = store_get(sizeof(header_line)); -next->text = store_get(header_size); +reset_point = store_mark(); +next = store_get(sizeof(header_line), FALSE); /* not tainted */ +next->text = store_get(header_size, TRUE); /* tainted */ /* Initialize message id to be null (indicating no message read), and the header names list to be the normal list. Indicate there is no data file open @@ -1735,6 +1762,13 @@ if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX; message_linecount = body_linecount = body_zerocount = max_received_linelength = 0; +#ifdef WITH_CONTENT_SCAN +/* reset non-per-part mime variables */ +mime_is_coverletter = 0; +mime_is_rfc822 = 0; +mime_part_count = -1; +#endif + #ifndef DISABLE_DKIM /* Call into DKIM to set up the context. In CHUNKING mode we clear the dot-stuffing flag */ @@ -1742,16 +1776,15 @@ if (smtp_input && !smtp_batched_input && !f.dkim_disable_verify) dkim_exim_verify_init(chunking_state <= CHUNKING_OFFERED); #endif -#ifdef EXPERIMENTAL_DMARC -/* initialize libopendmarc */ -dmarc_up = dmarc_init(); +#ifdef SUPPORT_DMARC +if (sender_host_address) dmarc_init(); /* initialize libopendmarc */ #endif /* Remember the time of reception. Exim uses time+pid for uniqueness of message ids, and fractions of a second are required. See the comments that precede the message id creation below. */ -(void)gettimeofday(&message_id_tv, NULL); +exim_gettime(&message_id_tv); /* For other uses of the received time we can operate with granularity of one second, and for that we use the global variable received_time. This is for @@ -1827,10 +1860,15 @@ for (;;) if (ptr >= header_size - 4) { int oldsize = header_size; - /* header_size += 256; */ + + if (header_size >= INT_MAX/2) + goto OVERSIZE; header_size *= 2; - if (!store_extend(next->text, oldsize, header_size)) - next->text = store_newblock(next->text, header_size, ptr); + + /* The data came from the message, so is tainted. */ + + if (!store_extend(next->text, TRUE, oldsize, header_size)) + next->text = store_newblock(next->text, TRUE, header_size, ptr); } /* Cope with receiving a binary zero. There is dispute about whether @@ -1885,7 +1923,7 @@ for (;;) if (ch == '\n') { message_ended = END_DOT; - store_reset(next); + reset_point = store_reset(reset_point); next = NULL; break; /* End character-reading loop */ } @@ -1934,6 +1972,7 @@ for (;;) if (message_size >= header_maxsize) { +OVERSIZE: next->text[ptr] = 0; next->slen = ptr; next->type = htype_other; @@ -1990,7 +2029,7 @@ for (;;) if (ptr == 1) { - store_reset(next); + reset_point = store_reset(reset_point); next = NULL; break; } @@ -2005,7 +2044,8 @@ for (;;) if (nextch == ' ' || nextch == '\t') { next->text[ptr++] = nextch; - message_size++; + if (++message_size >= header_maxsize) + goto OVERSIZE; continue; /* Iterate the loop */ } else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */ @@ -2018,7 +2058,7 @@ for (;;) next->text[ptr] = 0; next->slen = ptr; - store_reset(next->text + ptr + 1); + store_release_above(next->text + ptr + 1); /* Check the running total size against the overall message size limit. We don't expect to fail here, but if the overall limit is set less than MESSAGE_ @@ -2128,7 +2168,8 @@ for (;;) the line, stomp on them here. */ if (had_zero > 0) - for (p = next->text; p < next->text + ptr; p++) if (*p == 0) *p = '?'; + for (uschar * p = next->text; p < next->text + ptr; p++) if (*p == 0) + *p = '?'; /* It is perfectly legal to have an empty continuation line at the end of a header, but it is confusing to humans @@ -2213,9 +2254,10 @@ for (;;) /* Set up for the next header */ + reset_point = store_mark(); header_size = 256; - next = store_get(sizeof(header_line)); - next->text = store_get(header_size); + next = store_get(sizeof(header_line), FALSE); + next->text = store_get(header_size, TRUE); ptr = 0; had_zero = 0; prevlines_length = 0; @@ -2230,7 +2272,7 @@ normal case). */ DEBUG(D_receive) { debug_printf(">>Headers received:\n"); - for (h = header_list->next; h; h = h->next) + for (header_line * h = header_list->next; h; h = h->next) debug_printf("%s", h->text); debug_printf("\n"); } @@ -2257,7 +2299,7 @@ if (filter_test != FTEST_NONE && header_list->next == NULL) /* Scan the headers to identify them. Some are merely marked for later processing; some are dealt with here. */ -for (h = header_list->next; h; h = h->next) +for (header_line * h = header_list->next; h; h = h->next) { BOOL is_resent = strncmpic(h->text, US"resent-", 7) == 0; if (is_resent) contains_resent_headers = TRUE; @@ -2471,7 +2513,7 @@ if (extract_recip) /* Now scan the headers */ - for (h = header_list->next; h; h = h->next) + for (header_line * h = header_list->next; h; h = h->next) { if ((h->type == htype_to || h->type == htype_cc || h->type == htype_bcc) && (!contains_resent_headers || strncmpic(h->text, US"resent-", 7) == 0)) @@ -2484,7 +2526,7 @@ if (extract_recip) while (*s != 0) { uschar *ss = parse_find_address_end(s, FALSE); - uschar *recipient, *errmess, *p, *pp; + uschar *recipient, *errmess, *pp; int start, end, domain; /* Check on maximum */ @@ -2499,8 +2541,8 @@ if (extract_recip) white space that follows the newline must not be removed - it is part of the header. */ - pp = recipient = store_get(ss - s + 1); - for (p = s; p < ss; p++) if (*p != '\n') *pp++ = *p; + pp = recipient = store_get(ss - s + 1, is_tainted(s)); + for (uschar * p = s; p < ss; p++) if (*p != '\n') *pp++ = *p; *pp = 0; #ifdef SUPPORT_I18N @@ -2527,10 +2569,10 @@ if (extract_recip) If there are no recipients at all, an error will occur later. */ - if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0) + if (!recipient && Ustrcmp(errmess, "empty address") != 0) { int len = Ustrlen(s); - error_block *b = store_get(sizeof(error_block)); + error_block *b = store_get(sizeof(error_block), FALSE); while (len > 0 && isspace(s[len-1])) len--; b->next = NULL; b->text1 = string_printing(string_copyn(s, len)); @@ -2660,7 +2702,7 @@ it will fit. */ to be the least significant base-62 digit of the time of arrival. Otherwise ensure that it is an empty string. */ -message_subdir[0] = split_spool_directory ? message_id[5] : 0; +set_subdir_str(message_subdir, message_id, 0); /* Now that we have the message-id, if there is no message-id: header, generate one, but only for local (without suppress_local_fixups) or submission mode @@ -2670,9 +2712,9 @@ any illegal characters therein. */ if ( !msgid_header && ((!sender_host_address && !f.suppress_local_fixups) || f.submission_mode)) { - uschar *p; uschar *id_text = US""; uschar *id_domain = primary_hostname; + header_line * h; /* Permit only letters, digits, dots, and hyphens in the domain */ @@ -2689,7 +2731,7 @@ if ( !msgid_header else if (*new_id_domain) { id_domain = new_id_domain; - for (p = id_domain; *p; p++) + for (uschar * p = id_domain; *p; p++) if (!isalnum(*p) && *p != '.') *p = '-'; /* No need to test '-' ! */ } } @@ -2710,17 +2752,25 @@ if ( !msgid_header else if (*new_id_text) { id_text = new_id_text; - for (p = id_text; *p; p++) if (mac_iscntrl_or_special(*p)) *p = '-'; + for (uschar * p = id_text; *p; p++) if (mac_iscntrl_or_special(*p)) *p = '-'; } } - /* Add the header line - * Resent-* headers are prepended, per RFC 5322 3.6.6. Non-Resent-* are - * appended, to preserve classical expectations of header ordering. */ + /* Add the header line. + Resent-* headers are prepended, per RFC 5322 3.6.6. Non-Resent-* are + appended, to preserve classical expectations of header ordering. */ - header_add_at_position(!resents_exist, NULL, FALSE, htype_id, + h = header_add_at_position_internal(!resents_exist, NULL, FALSE, htype_id, "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix, message_id_external, - (*id_text == 0)? "" : ".", id_text, id_domain); + *id_text == 0 ? "" : ".", id_text, id_domain); + + /* Arrange for newly-created Message-Id to be logged */ + + if (!resents_exist) + { + msgid_header_newly_created = TRUE; + msgid_header = h; + } } /* If we are to log recipients, keep a copy of the raw ones before any possible @@ -2729,8 +2779,8 @@ function may mess with the real recipients. */ if (LOGGING(received_recipients)) { - raw_recipients = store_get(recipients_count * sizeof(uschar *)); - for (i = 0; i < recipients_count; i++) + raw_recipients = store_get(recipients_count * sizeof(uschar *), FALSE); + for (int i = 0; i < recipients_count; i++) raw_recipients[i] = string_copy(recipients_list[i].address); raw_recipients_count = recipients_count; } @@ -2739,7 +2789,7 @@ if (LOGGING(received_recipients)) recipients will get here only if the conditions were right (allow_unqualified_ recipient is TRUE). */ -for (i = 0; i < recipients_count; i++) +for (int i = 0; i < recipients_count; i++) recipients_list[i].address = rewrite_address(recipients_list[i].address, TRUE, TRUE, global_rewrite_rules, rewrite_existflags); @@ -2756,7 +2806,7 @@ From:) but we still want to ensure a valid Sender: if it is required. */ if ( !from_header && ((!sender_host_address && !f.suppress_local_fixups) || f.submission_mode)) { - uschar *oname = US""; + const uschar * oname = US""; /* Use the originator_name if this is a locally submitted message and the caller is not trusted. For trusted callers, use it only if -F was used to @@ -2870,9 +2920,8 @@ if ( from_header uschar *at = domain ? from_address + domain - 1 : NULL; if (at) *at = 0; - from_address += route_check_prefix(from_address, local_from_prefix); - slen = route_check_suffix(from_address, local_from_suffix); - if (slen > 0) + from_address += route_check_prefix(from_address, local_from_prefix, NULL); + if ((slen = route_check_suffix(from_address, local_from_suffix, NULL)) > 0) { memmove(from_address+slen, from_address, Ustrlen(from_address)-slen); from_address += slen; @@ -2938,7 +2987,7 @@ We start at the second header, skipping our own Received:. This rewriting is documented as happening *after* recipient addresses are taken from the headers by the -t command line option. An added Sender: gets rewritten here. */ -for (h = header_list->next; h; h = h->next) +for (header_line * h = header_list->next; h; h = h->next) { header_line *newh = rewrite_header(h, NULL, NULL, global_rewrite_rules, rewrite_existflags, TRUE); @@ -2977,7 +3026,7 @@ new Received:) has not yet been set. */ DEBUG(D_receive) { debug_printf(">>Headers after rewriting and local additions:\n"); - for (h = header_list->next; h; h = h->next) + for (header_line * h = header_list->next; h; h = h->next) debug_printf("%c %s", h->type, h->text); debug_printf("\n"); } @@ -3050,7 +3099,7 @@ if ((data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE)) < 0) /* Make sure the file's group is the Exim gid, and double-check the mode because the group setting doesn't always get set automatically. */ -if (fchown(data_fd, exim_uid, exim_gid)) +if (0 != exim_fchown(data_fd, exim_uid, exim_gid, spool_name)) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed setting ownership on spool file %s: %s", spool_name, strerror(errno)); @@ -3244,16 +3293,15 @@ if (extract_recip && (bad_addresses || recipients_count == 0)) if (recipients_count == 0) debug_printf("*** No recipients\n"); if (bad_addresses) { - error_block *eblock = bad_addresses; debug_printf("*** Bad address(es)\n"); - while (eblock != NULL) - { + for (error_block * eblock = bad_addresses; eblock; eblock = eblock->next) debug_printf(" %s: %s\n", eblock->text1, eblock->text2); - eblock = eblock->next; - } } } + log_write(0, LOG_MAIN|LOG_PANIC, "%s %s found in headers", + message_id, bad_addresses ? "bad addresses" : "no recipients"); + fseek(spool_data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); /* If configured to send errors to the sender, but this fails, force @@ -3265,11 +3313,12 @@ if (extract_recip && (bad_addresses || recipients_count == 0)) if (error_handling == ERRORS_SENDER) { if (!moan_to_sender( - (bad_addresses == NULL)? - (extracted_ignored? ERRMESS_IGADDRESS : ERRMESS_NOADDRESS) : - (recipients_list == NULL)? ERRMESS_BADNOADDRESS : ERRMESS_BADADDRESS, - bad_addresses, header_list, spool_data_file, FALSE)) - error_rc = (bad_addresses == NULL)? EXIT_NORECIPIENTS : EXIT_FAILURE; + bad_addresses + ? recipients_list ? ERRMESS_BADADDRESS : ERRMESS_BADNOADDRESS + : extracted_ignored ? ERRMESS_IGADDRESS : ERRMESS_NOADDRESS, + bad_addresses, header_list, spool_data_file, FALSE + ) ) + error_rc = bad_addresses ? EXIT_FAILURE : EXIT_NORECIPIENTS; } else { @@ -3292,7 +3341,7 @@ if (extract_recip && (bad_addresses || recipients_count == 0)) { Uunlink(spool_name); (void)fclose(spool_data_file); - exim_exit(error_rc, US"receiving"); + exim_exit(error_rc); } } @@ -3457,20 +3506,19 @@ else goto TIDYUP; #endif /* WITH_CONTENT_SCAN */ -#ifdef EXPERIMENTAL_DMARC - dmarc_up = dmarc_store_data(from_header); -#endif /* EXPERIMENTAL_DMARC */ +#ifdef SUPPORT_DMARC + dmarc_store_data(from_header); +#endif #ifndef DISABLE_PRDR if (prdr_requested && recipients_count > 1 && acl_smtp_data_prdr) { - unsigned int c; int all_pass = OK; int all_fail = FAIL; smtp_printf("353 PRDR content analysis beginning\r\n", TRUE); /* Loop through recipients, responses must be in same order received */ - for (c = 0; recipients_count > c; c++) + for (unsigned int c = 0; recipients_count > c; c++) { uschar * addr= recipients_list[c].address; uschar * msg= US"PRDR R=<%s> %s"; @@ -3736,18 +3784,15 @@ the spool file gets corrupted. Ensure that all recipients are qualified. */ if (rc == LOCAL_SCAN_ACCEPT) { if (local_scan_data) - { - uschar *s; - for (s = local_scan_data; *s != 0; s++) if (*s == '\n') *s = ' '; - } - for (i = 0; i < recipients_count; i++) + for (uschar * s = local_scan_data; *s != 0; s++) if (*s == '\n') *s = ' '; + for (int i = 0; i < recipients_count; i++) { recipient_item *r = recipients_list + i; r->address = rewrite_address_qualify(r->address, TRUE); - if (r->errors_to != NULL) + if (r->errors_to) r->errors_to = rewrite_address_qualify(r->errors_to, TRUE); } - if (recipients_count == 0 && blackholed_by == NULL) + if (recipients_count == 0 && !blackholed_by) blackholed_by = US"local_scan"; } @@ -3799,7 +3844,6 @@ else string_from_gstring(g), istemp, string_printing(errmsg)); if (smtp_input) - { if (!smtp_batched_input) { smtp_respond(smtp_code, 3, TRUE, errmsg); @@ -3810,7 +3854,6 @@ else else moan_smtp_batch(NULL, "%s %s", smtp_code, errmsg); /* Does not return */ - } else { fseek(spool_data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); @@ -3866,10 +3909,9 @@ file fails, we have failed to accept this message. */ if (host_checking || blackholed_by) { - header_line *h; Uunlink(spool_name); msg_size = 0; /* Compute size for log line */ - for (h = header_list; h; h = h->next) + for (header_line * h = header_list; h; h = h->next) if (h->type != '*') msg_size += h->slen; } @@ -3937,6 +3979,7 @@ it first! Include any message id that is in the message - since the syntax of a message id is actually an addr-spec, we can use the parse routine to canonicalize it. */ +rcvd_log_reset_point = store_mark(); g = string_get(256); g = string_append(g, 2, @@ -3947,15 +3990,21 @@ if (message_reference) g = add_host_info_for_log(g); -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS if (LOGGING(tls_cipher) && tls_in.cipher) + { g = string_append(g, 2, US" X=", tls_in.cipher); +# ifndef DISABLE_TLS_RESUME + if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED) + g = string_catn(g, US"*", 1); +# endif + } if (LOGGING(tls_certificate_verified) && tls_in.cipher) g = string_append(g, 2, US" CV=", tls_in.certificate_verified ? "yes":"no"); if (LOGGING(tls_peerdn) && tls_in.peerdn) g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); if (LOGGING(tls_sni) && tls_in.sni) - g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\""); + g = string_append(g, 2, US" SNI=", string_printing2(tls_in.sni, SP_TAB|SP_SPACE)); #endif if (sender_host_authenticated) @@ -3982,18 +4031,14 @@ if (proxy_session && LOGGING(proxy)) if (chunking_state > CHUNKING_OFFERED) g = string_catn(g, US" K", 2); -sprintf(CS big_buffer, "%d", msg_size); -g = string_append(g, 2, US" S=", big_buffer); +g = string_fmt_append(g, " S=%d", msg_size); /* log 8BITMIME mode announced in MAIL_FROM 0 ... no BODY= used 7 ... 7BIT 8 ... 8BITMIME */ if (LOGGING(8bitmime)) - { - sprintf(CS big_buffer, "%d", body_8bitmime); - g = string_append(g, 2, US" M8S=", big_buffer); - } + g = string_fmt_append(g, " M8S=%d", body_8bitmime); #ifndef DISABLE_DKIM if (LOGGING(dkim) && dkim_verify_overall) @@ -4015,16 +4060,20 @@ any characters except " \ and CR and so in particular it can contain NL! Therefore, make sure we use a printing-characters only version for the log. Also, allow for domain literals in the message id. */ -if (msgid_header) +if ( LOGGING(msg_id) && msgid_header + && (LOGGING(msg_id_created) || !msgid_header_newly_created) + ) { - uschar *old_id; + uschar * old_id; BOOL save_allow_domain_literals = allow_domain_literals; allow_domain_literals = TRUE; old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1, &errmsg, &start, &end, &domain, FALSE); allow_domain_literals = save_allow_domain_literals; - if (old_id != NULL) - g = string_append(g, 2, US" id=", string_printing(old_id)); + if (old_id) + g = string_append(g, 2, + msgid_header_newly_created ? US" id*=" : US" id=", + string_printing(old_id)); } /* If subject logging is turned on, create suitable printing-character @@ -4032,7 +4081,6 @@ text. By expanding $h_subject: we make use of the MIME decoding. */ if (LOGGING(subject) && subject_header) { - int i; uschar *p = big_buffer; uschar *ss = expand_string(US"$h_subject:"); @@ -4040,7 +4088,7 @@ if (LOGGING(subject) && subject_header) a C-like string, and turn any non-printers into escape sequences. */ *p++ = '\"'; - if (*ss != 0) for (i = 0; i < 100 && ss[i] != 0; i++) + if (*ss != 0) for (int i = 0; i < 100 && ss[i] != 0; i++) { if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\'; *p++ = ss[i]; @@ -4064,7 +4112,7 @@ if (message_logs && !blackholed_by) { int fd; uschar * m_name = spool_fname(US"msglog", message_subdir, message_id, US""); - + if ( (fd = Uopen(m_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE)) < 0 && errno == ENOENT ) @@ -4129,12 +4177,10 @@ response, but the chance of this happening should be small. */ if (smtp_input && sender_host_address && !f.sender_host_notsocket && !receive_smtp_buffered()) { - struct timeval tv; + struct timeval tv = {.tv_sec = 0, .tv_usec = 0}; fd_set select_check; FD_ZERO(&select_check); FD_SET(fileno(smtp_in), &select_check); - tv.tv_sec = 0; - tv.tv_usec = 0; if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0) { @@ -4191,7 +4237,7 @@ if(cutthrough.cctx.sock >= 0 && cutthrough.delivery) case '4': /* Temp-reject. Keep spoolfiles and accept, unless defer-pass mode. ... for which, pass back the exact error */ - if (cutthrough.defer_pass) smtp_reply = string_copy_malloc(msg); + if (cutthrough.defer_pass) smtp_reply = string_copy_perm(msg, TRUE); cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */ break; /* message_id needed for SMTP accept below */ @@ -4201,7 +4247,7 @@ if(cutthrough.cctx.sock >= 0 && cutthrough.delivery) break; /* message_id needed for SMTP accept below */ case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */ - smtp_reply = string_copy_malloc(msg); /* Pass on the exact error */ + smtp_reply = string_copy_perm(msg, TRUE); /* Pass on the exact error */ cutthrough_done = PERM_REJ; break; } @@ -4223,12 +4269,13 @@ if(!smtp_reply) if (f.deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by); if (f.queue_only_policy) log_write(L_delay_delivery, LOG_MAIN, "no immediate delivery: queued%s%s by %s", - *queue_name ? " in " : "", *queue_name ? CS queue_name : "", + *queue_name ? " in " : "", *queue_name ? CS queue_name : "", queued_by); } f.receive_call_bombout = FALSE; -store_reset(g); /* The store for the main log message can be reused */ +/* The store for the main log message can be reused */ +rcvd_log_reset_point = store_reset(rcvd_log_reset_point); /* If the message is frozen, and freeze_tell is set, do the telling. */ @@ -4326,12 +4373,17 @@ if (smtp_input) else if (chunking_state > CHUNKING_OFFERED) { - smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n", FALSE, + /* If there is more input waiting, no need to flush (probably the client + pipelined QUIT after data). We check only the in-process buffer, not + the socket. */ + + smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n", + receive_smtp_buffered(), chunking_datasize, message_size+message_linecount, message_id); chunking_state = CHUNKING_OFFERED; } else - smtp_printf("250 OK id=%s\r\n", FALSE, message_id); + smtp_printf("250 OK id=%s\r\n", receive_smtp_buffered(), message_id); if (host_checking) fprintf(stdout,