X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/db3f7b6972f3b003c0413b78afcfbe295ffe0b97..0ae2e68e24b938ac84bbea5740c53192d08bb7f1:/src/src/receive.c diff --git a/src/src/receive.c b/src/src/receive.c index 1e3ef8de0..95c44c01c 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3,6 +3,7 @@ *************************************************/ /* Copyright (c) University of Cambridge 1995 - 2018 */ +/* Copyright (c) The Exim Maintainers 2020 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for receiving a message and setting up spool files. */ @@ -14,9 +15,9 @@ extern int dcc_ok; #endif -#ifdef EXPERIMENTAL_DMARC +#ifdef SUPPORT_DMARC # include "dmarc.h" -#endif /* EXPERIMENTAL_DMARC */ +#endif /************************************************* * Local static variables * @@ -216,7 +217,7 @@ if (STATVFS(CS path, &statbuf) != 0) log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat " "%s directory %s: %s", name, path, strerror(errno)); smtp_closedown(US"spool or log directory problem"); - exim_exit(EXIT_FAILURE, NULL); + exim_exit(EXIT_FAILURE); } *inodeptr = (statbuf.F_FILES > 0)? statbuf.F_FAVAIL : -1; @@ -270,8 +271,8 @@ if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0) "check_space = " PR_EXIM_ARITH "K inodes = %d msg_size = %d\n", space, inodes, check_spool_space, check_spool_inodes, msg_size); - if ((space >= 0 && space < check_spool_space) || - (inodes >= 0 && inodes < check_spool_inodes)) + if ( space >= 0 && space + msg_size / 1024 < check_spool_space + || inodes >= 0 && inodes < check_spool_inodes) { log_write(0, LOG_MAIN, "spool directory space check failed: space=" PR_EXIM_ARITH " inodes=%d", space, inodes); @@ -372,7 +373,7 @@ if (!already_bombing_out) /* Exit from the program (non-BSMTP cases) */ -exim_exit(EXIT_FAILURE, NULL); +exim_exit(EXIT_FAILURE); } @@ -489,7 +490,7 @@ if (recipients_count >= recipients_list_max) recipient_item *oldlist = recipients_list; int oldmax = recipients_list_max; recipients_list_max = recipients_list_max ? 2*recipients_list_max : 50; - recipients_list = store_get(recipients_list_max * sizeof(recipient_item)); + recipients_list = store_get(recipients_list_max * sizeof(recipient_item), FALSE); if (oldlist != NULL) memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item)); } @@ -571,6 +572,30 @@ return FALSE; +/* Pause for a while waiting for input. If none received in that time, +close the logfile, if we had one open; then if we wait for a long-running +datasource (months, in one use-case) log rotation will not leave us holding +the file copy. */ + +static void +log_close_chk(void) +{ +if (!receive_timeout) + { + struct timeval t; + timesince(&t, &received_time); + if (t.tv_sec > 30*60) + mainlog_close(); + else + { + fd_set r; + FD_ZERO(&r); FD_SET(0, &r); + t.tv_sec = 30*60 - t.tv_sec; t.tv_usec = 0; + if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close(); + } + } +} + /************************************************* * Read data portion of a non-SMTP message * *************************************************/ @@ -619,9 +644,16 @@ register int linelength = 0; if (!f.dot_ends) { - register int last_ch = '\n'; + int last_ch = '\n'; + +/*XXX we do a gettimeofday before checking for every received char, +which is hardly clever. The function-indirection doesn't help, but +an additional function to check for nonempty read buffer would help. +See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */ - for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch) + for ( ; + log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; + last_ch = ch) { if (ch == 0) body_zerocount++; if (last_ch == '\r' && ch != '\n') @@ -663,7 +695,7 @@ if (!f.dot_ends) ch_state = 1; -while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) +while (log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -1141,7 +1173,7 @@ if (error_handling == ERRORS_SENDER) else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */ (void)fclose(f); -exim_exit(error_rc, US""); +exim_exit(error_rc); } @@ -1317,7 +1349,7 @@ if (received_protocol) if (LOGGING(pipelining) && f.smtp_in_pipelining_advertised) { g = string_catn(g, US" L", 2); -#ifdef EXPERIMENTAL_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (f.smtp_in_early_pipe_used) g = string_catn(g, US"*", 1); else if (f.smtp_in_early_pipe_advertised) @@ -1422,7 +1454,7 @@ if (rc == OK) struct dirent * entry; DIR * tempdir; - for (tempdir = opendir(CS scandir); entry = readdir(tempdir); ) + for (tempdir = exim_opendir(scandir); entry = readdir(tempdir); ) if (strncmpic(US entry->d_name, US"__rfc822_", 9) == 0) { rfc822_file_path = string_sprintf("%s/%s", scandir, entry->d_name); @@ -1619,7 +1651,6 @@ not. */ BOOL receive_msg(BOOL extract_recip) { -int i; int rc = FAIL; int msg_size = 0; int process_info_len = Ustrlen(process_info); @@ -1652,6 +1683,7 @@ uschar *frozen_by = NULL; uschar *queued_by = NULL; uschar *errmsg; +rmark rcvd_log_reset_point; gstring * g; struct stat statbuf; @@ -1662,6 +1694,7 @@ uschar *user_msg, *log_msg; /* Working header pointers */ +rmark reset_point; header_line *next; /* Flags for noting the existence of certain headers (only one left) */ @@ -1674,10 +1707,7 @@ header_line *from_header = NULL; header_line *subject_header = NULL; header_line *msgid_header = NULL; header_line *received_header; - -#ifdef EXPERIMENTAL_DMARC -int dmarc_up = 0; -#endif /* EXPERIMENTAL_DMARC */ +BOOL msgid_header_newly_created = FALSE; /* Variables for use when building the Received: header. */ @@ -1701,7 +1731,7 @@ if (extract_recip || !smtp_input) header. Temporarily mark it as "old", i.e. not to be used. We keep header_last pointing to the end of the chain to make adding headers simple. */ -received_header = header_list = header_last = store_get(sizeof(header_line)); +received_header = header_list = header_last = store_get(sizeof(header_line), FALSE); header_list->next = NULL; header_list->type = htype_old; header_list->text = NULL; @@ -1709,8 +1739,9 @@ header_list->slen = 0; /* Control block for the next header to be read. */ -next = store_get(sizeof(header_line)); -next->text = store_get(header_size); +reset_point = store_mark(); +next = store_get(sizeof(header_line), FALSE); /* not tainted */ +next->text = store_get(header_size, TRUE); /* tainted */ /* Initialize message id to be null (indicating no message read), and the header names list to be the normal list. Indicate there is no data file open @@ -1731,6 +1762,13 @@ if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX; message_linecount = body_linecount = body_zerocount = max_received_linelength = 0; +#ifdef WITH_CONTENT_SCAN +/* reset non-per-part mime variables */ +mime_is_coverletter = 0; +mime_is_rfc822 = 0; +mime_part_count = -1; +#endif + #ifndef DISABLE_DKIM /* Call into DKIM to set up the context. In CHUNKING mode we clear the dot-stuffing flag */ @@ -1738,16 +1776,15 @@ if (smtp_input && !smtp_batched_input && !f.dkim_disable_verify) dkim_exim_verify_init(chunking_state <= CHUNKING_OFFERED); #endif -#ifdef EXPERIMENTAL_DMARC -/* initialize libopendmarc */ -dmarc_up = dmarc_init(); +#ifdef SUPPORT_DMARC +if (sender_host_address) dmarc_init(); /* initialize libopendmarc */ #endif /* Remember the time of reception. Exim uses time+pid for uniqueness of message ids, and fractions of a second are required. See the comments that precede the message id creation below. */ -(void)gettimeofday(&message_id_tv, NULL); +exim_gettime(&message_id_tv); /* For other uses of the received time we can operate with granularity of one second, and for that we use the global variable received_time. This is for @@ -1823,10 +1860,15 @@ for (;;) if (ptr >= header_size - 4) { int oldsize = header_size; - /* header_size += 256; */ + + if (header_size >= INT_MAX/2) + goto OVERSIZE; header_size *= 2; - if (!store_extend(next->text, oldsize, header_size)) - next->text = store_newblock(next->text, header_size, ptr); + + /* The data came from the message, so is tainted. */ + + if (!store_extend(next->text, TRUE, oldsize, header_size)) + next->text = store_newblock(next->text, TRUE, header_size, ptr); } /* Cope with receiving a binary zero. There is dispute about whether @@ -1881,7 +1923,7 @@ for (;;) if (ch == '\n') { message_ended = END_DOT; - store_reset(next); + reset_point = store_reset(reset_point); next = NULL; break; /* End character-reading loop */ } @@ -1930,6 +1972,7 @@ for (;;) if (message_size >= header_maxsize) { +OVERSIZE: next->text[ptr] = 0; next->slen = ptr; next->type = htype_other; @@ -1986,7 +2029,7 @@ for (;;) if (ptr == 1) { - store_reset(next); + reset_point = store_reset(reset_point); next = NULL; break; } @@ -2001,7 +2044,8 @@ for (;;) if (nextch == ' ' || nextch == '\t') { next->text[ptr++] = nextch; - message_size++; + if (++message_size >= header_maxsize) + goto OVERSIZE; continue; /* Iterate the loop */ } else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */ @@ -2014,7 +2058,7 @@ for (;;) next->text[ptr] = 0; next->slen = ptr; - store_reset(next->text + ptr + 1); + store_release_above(next->text + ptr + 1); /* Check the running total size against the overall message size limit. We don't expect to fail here, but if the overall limit is set less than MESSAGE_ @@ -2210,9 +2254,10 @@ for (;;) /* Set up for the next header */ + reset_point = store_mark(); header_size = 256; - next = store_get(sizeof(header_line)); - next->text = store_get(header_size); + next = store_get(sizeof(header_line), FALSE); + next->text = store_get(header_size, TRUE); ptr = 0; had_zero = 0; prevlines_length = 0; @@ -2496,7 +2541,7 @@ if (extract_recip) white space that follows the newline must not be removed - it is part of the header. */ - pp = recipient = store_get(ss - s + 1); + pp = recipient = store_get(ss - s + 1, is_tainted(s)); for (uschar * p = s; p < ss; p++) if (*p != '\n') *pp++ = *p; *pp = 0; @@ -2524,10 +2569,10 @@ if (extract_recip) If there are no recipients at all, an error will occur later. */ - if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0) + if (!recipient && Ustrcmp(errmess, "empty address") != 0) { int len = Ustrlen(s); - error_block *b = store_get(sizeof(error_block)); + error_block *b = store_get(sizeof(error_block), FALSE); while (len > 0 && isspace(s[len-1])) len--; b->next = NULL; b->text1 = string_printing(string_copyn(s, len)); @@ -2657,7 +2702,7 @@ it will fit. */ to be the least significant base-62 digit of the time of arrival. Otherwise ensure that it is an empty string. */ -message_subdir[0] = split_spool_directory ? message_id[5] : 0; +set_subdir_str(message_subdir, message_id, 0); /* Now that we have the message-id, if there is no message-id: header, generate one, but only for local (without suppress_local_fixups) or submission mode @@ -2669,6 +2714,7 @@ if ( !msgid_header { uschar *id_text = US""; uschar *id_domain = primary_hostname; + header_line * h; /* Permit only letters, digits, dots, and hyphens in the domain */ @@ -2710,13 +2756,21 @@ if ( !msgid_header } } - /* Add the header line - * Resent-* headers are prepended, per RFC 5322 3.6.6. Non-Resent-* are - * appended, to preserve classical expectations of header ordering. */ + /* Add the header line. + Resent-* headers are prepended, per RFC 5322 3.6.6. Non-Resent-* are + appended, to preserve classical expectations of header ordering. */ - header_add_at_position(!resents_exist, NULL, FALSE, htype_id, + h = header_add_at_position_internal(!resents_exist, NULL, FALSE, htype_id, "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix, message_id_external, - (*id_text == 0)? "" : ".", id_text, id_domain); + *id_text == 0 ? "" : ".", id_text, id_domain); + + /* Arrange for newly-created Message-Id to be logged */ + + if (!resents_exist) + { + msgid_header_newly_created = TRUE; + msgid_header = h; + } } /* If we are to log recipients, keep a copy of the raw ones before any possible @@ -2725,7 +2779,7 @@ function may mess with the real recipients. */ if (LOGGING(received_recipients)) { - raw_recipients = store_get(recipients_count * sizeof(uschar *)); + raw_recipients = store_get(recipients_count * sizeof(uschar *), FALSE); for (int i = 0; i < recipients_count; i++) raw_recipients[i] = string_copy(recipients_list[i].address); raw_recipients_count = recipients_count; @@ -2752,7 +2806,7 @@ From:) but we still want to ensure a valid Sender: if it is required. */ if ( !from_header && ((!sender_host_address && !f.suppress_local_fixups) || f.submission_mode)) { - uschar *oname = US""; + const uschar * oname = US""; /* Use the originator_name if this is a locally submitted message and the caller is not trusted. For trusted callers, use it only if -F was used to @@ -2866,9 +2920,8 @@ if ( from_header uschar *at = domain ? from_address + domain - 1 : NULL; if (at) *at = 0; - from_address += route_check_prefix(from_address, local_from_prefix); - slen = route_check_suffix(from_address, local_from_suffix); - if (slen > 0) + from_address += route_check_prefix(from_address, local_from_prefix, NULL); + if ((slen = route_check_suffix(from_address, local_from_suffix, NULL)) > 0) { memmove(from_address+slen, from_address, Ustrlen(from_address)-slen); from_address += slen; @@ -3046,7 +3099,7 @@ if ((data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE)) < 0) /* Make sure the file's group is the Exim gid, and double-check the mode because the group setting doesn't always get set automatically. */ -if (fchown(data_fd, exim_uid, exim_gid)) +if (0 != exim_fchown(data_fd, exim_uid, exim_gid, spool_name)) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed setting ownership on spool file %s: %s", spool_name, strerror(errno)); @@ -3288,7 +3341,7 @@ if (extract_recip && (bad_addresses || recipients_count == 0)) { Uunlink(spool_name); (void)fclose(spool_data_file); - exim_exit(error_rc, US"receiving"); + exim_exit(error_rc); } } @@ -3453,9 +3506,9 @@ else goto TIDYUP; #endif /* WITH_CONTENT_SCAN */ -#ifdef EXPERIMENTAL_DMARC - dmarc_up = dmarc_store_data(from_header); -#endif /* EXPERIMENTAL_DMARC */ +#ifdef SUPPORT_DMARC + dmarc_store_data(from_header); +#endif #ifndef DISABLE_PRDR if (prdr_requested && recipients_count > 1 && acl_smtp_data_prdr) @@ -3791,7 +3844,6 @@ else string_from_gstring(g), istemp, string_printing(errmsg)); if (smtp_input) - { if (!smtp_batched_input) { smtp_respond(smtp_code, 3, TRUE, errmsg); @@ -3802,7 +3854,6 @@ else else moan_smtp_batch(NULL, "%s %s", smtp_code, errmsg); /* Does not return */ - } else { fseek(spool_data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET); @@ -3928,6 +3979,7 @@ it first! Include any message id that is in the message - since the syntax of a message id is actually an addr-spec, we can use the parse routine to canonicalize it. */ +rcvd_log_reset_point = store_mark(); g = string_get(256); g = string_append(g, 2, @@ -3938,15 +3990,21 @@ if (message_reference) g = add_host_info_for_log(g); -#ifdef SUPPORT_TLS +#ifndef DISABLE_TLS if (LOGGING(tls_cipher) && tls_in.cipher) + { g = string_append(g, 2, US" X=", tls_in.cipher); +# ifndef DISABLE_TLS_RESUME + if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED) + g = string_catn(g, US"*", 1); +# endif + } if (LOGGING(tls_certificate_verified) && tls_in.cipher) g = string_append(g, 2, US" CV=", tls_in.certificate_verified ? "yes":"no"); if (LOGGING(tls_peerdn) && tls_in.peerdn) g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); if (LOGGING(tls_sni) && tls_in.sni) - g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\""); + g = string_append(g, 2, US" SNI=", string_printing2(tls_in.sni, SP_TAB|SP_SPACE)); #endif if (sender_host_authenticated) @@ -3973,18 +4031,14 @@ if (proxy_session && LOGGING(proxy)) if (chunking_state > CHUNKING_OFFERED) g = string_catn(g, US" K", 2); -sprintf(CS big_buffer, "%d", msg_size); -g = string_append(g, 2, US" S=", big_buffer); +g = string_fmt_append(g, " S=%d", msg_size); /* log 8BITMIME mode announced in MAIL_FROM 0 ... no BODY= used 7 ... 7BIT 8 ... 8BITMIME */ if (LOGGING(8bitmime)) - { - sprintf(CS big_buffer, "%d", body_8bitmime); - g = string_append(g, 2, US" M8S=", big_buffer); - } + g = string_fmt_append(g, " M8S=%d", body_8bitmime); #ifndef DISABLE_DKIM if (LOGGING(dkim) && dkim_verify_overall) @@ -4006,16 +4060,20 @@ any characters except " \ and CR and so in particular it can contain NL! Therefore, make sure we use a printing-characters only version for the log. Also, allow for domain literals in the message id. */ -if (msgid_header) +if ( LOGGING(msg_id) && msgid_header + && (LOGGING(msg_id_created) || !msgid_header_newly_created) + ) { - uschar *old_id; + uschar * old_id; BOOL save_allow_domain_literals = allow_domain_literals; allow_domain_literals = TRUE; old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1, &errmsg, &start, &end, &domain, FALSE); allow_domain_literals = save_allow_domain_literals; - if (old_id != NULL) - g = string_append(g, 2, US" id=", string_printing(old_id)); + if (old_id) + g = string_append(g, 2, + msgid_header_newly_created ? US" id*=" : US" id=", + string_printing(old_id)); } /* If subject logging is turned on, create suitable printing-character @@ -4054,7 +4112,7 @@ if (message_logs && !blackholed_by) { int fd; uschar * m_name = spool_fname(US"msglog", message_subdir, message_id, US""); - + if ( (fd = Uopen(m_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE)) < 0 && errno == ENOENT ) @@ -4181,7 +4239,7 @@ if(cutthrough.cctx.sock >= 0 && cutthrough.delivery) case '4': /* Temp-reject. Keep spoolfiles and accept, unless defer-pass mode. ... for which, pass back the exact error */ - if (cutthrough.defer_pass) smtp_reply = string_copy_malloc(msg); + if (cutthrough.defer_pass) smtp_reply = string_copy_perm(msg, TRUE); cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */ break; /* message_id needed for SMTP accept below */ @@ -4191,7 +4249,7 @@ if(cutthrough.cctx.sock >= 0 && cutthrough.delivery) break; /* message_id needed for SMTP accept below */ case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */ - smtp_reply = string_copy_malloc(msg); /* Pass on the exact error */ + smtp_reply = string_copy_perm(msg, TRUE); /* Pass on the exact error */ cutthrough_done = PERM_REJ; break; } @@ -4213,12 +4271,13 @@ if(!smtp_reply) if (f.deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by); if (f.queue_only_policy) log_write(L_delay_delivery, LOG_MAIN, "no immediate delivery: queued%s%s by %s", - *queue_name ? " in " : "", *queue_name ? CS queue_name : "", + *queue_name ? " in " : "", *queue_name ? CS queue_name : "", queued_by); } f.receive_call_bombout = FALSE; -store_reset(g); /* The store for the main log message can be reused */ +/* The store for the main log message can be reused */ +rcvd_log_reset_point = store_reset(rcvd_log_reset_point); /* If the message is frozen, and freeze_tell is set, do the telling. */