X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f7fd3850601c141d3a8d5b9cc6e6403f623923ae..0a49a7a4f1090b6f1ce1d0f9d969804c9226b53e:/src/src/deliver.c diff --git a/src/src/deliver.c b/src/src/deliver.c index a80d97842..1e1f5a528 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/deliver.c,v 1.31 2006/04/20 14:11:29 ph10 Exp $ */ +/* $Cambridge: exim/src/src/deliver.c,v 1.47 2009/11/16 19:50:36 nm4 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2006 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ /* The main code for delivering a message. */ @@ -774,7 +774,7 @@ if (addr->return_file >= 0 && addr->return_filename != NULL) { BOOL return_output = FALSE; struct stat statbuf; - fsync(addr->return_file); + (void)EXIMfsync(addr->return_file); /* If there is no output, do nothing. */ @@ -944,7 +944,8 @@ if (result == OK) s = string_append(s, &size, &ptr, 2, US" CV=", testflag(addr, af_cert_verified)? "yes":"no"); if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL) - s = string_append(s, &size, &ptr, 3, US" DN=\"", addr->peerdn, US"\""); + s = string_append(s, &size, &ptr, 3, US" DN=\"", + string_printing(addr->peerdn), US"\""); #endif if ((log_extra_selector & LX_smtp_confirmation) != 0 && @@ -1433,10 +1434,10 @@ int rc = OK; int size_limit; deliver_set_expansions(addr); -size_limit = expand_string_integer(tp->message_size_limit); +size_limit = expand_string_integer(tp->message_size_limit, TRUE); deliver_set_expansions(NULL); -if (size_limit < 0) +if (expand_string_message != NULL) { rc = DEFER; if (size_limit == -1) @@ -1626,17 +1627,13 @@ return. */ if (!findugid(addr, tp, &uid, &gid, &use_initgroups)) return; -/* See if either the transport or the address specifies a home and/or a current -working directory. Expand it if necessary. If nothing is set, use "/", for the -working directory, which is assumed to be a directory to which all users have -access. It is necessary to be in a visible directory for some operating systems -when running pipes, as some commands (e.g. "rm" under Solaris 2.5) require -this. */ +/* See if either the transport or the address specifies a home directory. A +home directory set in the address may already be expanded; a flag is set to +indicate that. In other cases we must expand it. */ -deliver_home = (tp->home_dir != NULL)? tp->home_dir : - (addr->home_dir != NULL)? addr->home_dir : NULL; - -if (deliver_home != NULL && !testflag(addr, af_home_expanded)) +if ((deliver_home = tp->home_dir) != NULL || /* Set in transport, or */ + ((deliver_home = addr->home_dir) != NULL && /* Set in address and */ + !testflag(addr, af_home_expanded))) /* not expanded */ { uschar *rawhome = deliver_home; deliver_home = NULL; /* in case it contains $home */ @@ -1656,8 +1653,15 @@ if (deliver_home != NULL && !testflag(addr, af_home_expanded)) } } -working_directory = (tp->current_dir != NULL)? tp->current_dir : - (addr->current_dir != NULL)? addr->current_dir : NULL; +/* See if either the transport or the address specifies a current directory, +and if so, expand it. If nothing is set, use the home directory, unless it is +also unset in which case use "/", which is assumed to be a directory to which +all users have access. It is necessary to be in a visible directory for some +operating systems when running pipes, as some commands (e.g. "rm" under Solaris +2.5) require this. */ + +working_directory = (tp->current_dir != NULL)? + tp->current_dir : addr->current_dir; if (working_directory != NULL) { @@ -1976,7 +1980,7 @@ if (!shadowing) /* Ensure the journal file is pushed out to disk. */ - if (fsync(journal_fd) < 0) + if (EXIMfsync(journal_fd) < 0) log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s", strerror(errno)); } @@ -2040,9 +2044,7 @@ if (addr->special_action == SPECIAL_WARN && !contains_header(US"Reply-To", warn_message)) fprintf(f, "Reply-To: %s\n", errors_reply_to); fprintf(f, "Auto-Submitted: auto-replied\n"); - if (!contains_header(US"From", warn_message)) - fprintf(f, "From: Mail Delivery System \n", - qualify_domain_sender); + if (!contains_header(US"From", warn_message)) moan_write_from(f); fprintf(f, "%s", CS warn_message); /* Close and wait for child process to complete, without a timeout. */ @@ -2325,8 +2327,13 @@ while (addr_local != NULL) retry_record->more_errno); DEBUG(D_deliver|D_retry) + { debug_printf("retry time not reached for %s: " "checking ultimate address timeout\n", addr2->address); + debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n", + (int)now, (int)retry_record->first_failed, + (int)retry_record->next_try, retry_record->expired); + } if (retry != NULL && retry->rules != NULL) { @@ -2335,9 +2342,8 @@ while (addr_local != NULL) last_rule->next != NULL; last_rule = last_rule->next); DEBUG(D_deliver|D_retry) - debug_printf("now=%d received_time=%d diff=%d timeout=%d\n", - (int)now, received_time, (int)now - received_time, - last_rule->timeout); + debug_printf(" received_time=%d diff=%d timeout=%d\n", + received_time, (int)now - received_time, last_rule->timeout); if (now - received_time > last_rule->timeout) ok = TRUE; } else @@ -4369,16 +4375,13 @@ while (*s != 0) /* This function was introduced when the test for duplicate addresses that are not pipes, files, or autoreplies was moved from the middle of routing to when routing was complete. That was to fix obscure cases when the routing history -affects the subsequent routing of identical addresses. If that change has to be -reversed, this function is no longer needed. For a while, the old code that was -affected by this change is commented with !!!OLD-DE-DUP!!! so it can be found -easily. +affects the subsequent routing of identical addresses. This function is called +after routing, to check that the final routed addresses are not duplicates. -This function is called after routing, to check that the final routed addresses -are not duplicates. If we detect a duplicate, we remember what it is a -duplicate of. Note that pipe, file, and autoreply de-duplication is handled -during routing, so we must leave such "addresses" alone here, as otherwise they -will incorrectly be discarded. +If we detect a duplicate, we remember what it is a duplicate of. Note that +pipe, file, and autoreply de-duplication is handled during routing, so we must +leave such "addresses" alone here, as otherwise they will incorrectly be +discarded. Argument: address of list anchor Returns: nothing @@ -4804,6 +4807,7 @@ else if (system_filter != NULL && process_recipients != RECIP_FAIL_TIMEOUT) RDO_REWRITE, NULL, /* No :include: restriction (not used in filter) */ NULL, /* No sieve vacation directory (not sieve!) */ + NULL, /* No sieve enotify mailto owner (not sieve!) */ NULL, /* No sieve user address (not sieve!) */ NULL, /* No sieve subaddress (not sieve!) */ &ugid, /* uid/gid data */ @@ -4937,6 +4941,9 @@ else if (system_filter != NULL && process_recipients != RECIP_FAIL_TIMEOUT) while (p != NULL) { + if (parent->child_count == SHRT_MAX) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "system filter generated more " + "than %d delivery addresses", SHRT_MAX); parent->child_count++; p->parent = parent; @@ -5447,40 +5454,11 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ continue; } - - /* !!!OLD-DE-DUP!!! We used to test for duplicates at this point, in order - to save effort on routing duplicate addresses. However, facilities have - been added to Exim so that now two identical addresses that are children of - other addresses may be routed differently as a result of their previous - routing history. For example, different redirect routers may have given - them different redirect_router values, but there are other cases too. - Therefore, tests for duplicates now take place when routing is complete. - This is the old code, kept for a while for the record, and in case this - radical change has to be backed out for some reason. */ - - #ifdef NEVER - /* If it's a duplicate, remember what it's a duplicate of */ - - if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL) - { - DEBUG(D_deliver|D_route) - debug_printf("%s is a duplicate address: discarded\n", addr->unique); - addr->dupof = tnode->data.ptr; - addr->next = addr_duplicate; - addr_duplicate = addr; - continue; - } - - /* Record this address, so subsequent duplicates get picked up. */ - - tree_add_duplicate(addr->unique, addr); - #endif - - - /* Get the routing retry status, saving the two retry keys (with and - without the local part) for subsequent use. Ignore retry records that - are too old. */ + without the local part) for subsequent use. If there is no retry record for + the standard address routing retry key, we look for the same key with the + sender attached, because this form is used by the smtp transport after a + 4xx response to RCPT when address_retry_include_sender is true. */ addr->domain_retry_key = string_sprintf("R:%s", addr->domain); addr->address_retry_key = string_sprintf("R:%s@%s", addr->local_part, @@ -5493,12 +5471,22 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ domain_retry_record = dbfn_read(dbm_file, addr->domain_retry_key); if (domain_retry_record != NULL && now - domain_retry_record->time_stamp > retry_data_expire) - domain_retry_record = NULL; + domain_retry_record = NULL; /* Ignore if too old */ address_retry_record = dbfn_read(dbm_file, addr->address_retry_key); if (address_retry_record != NULL && now - address_retry_record->time_stamp > retry_data_expire) - address_retry_record = NULL; + address_retry_record = NULL; /* Ignore if too old */ + + if (address_retry_record == NULL) + { + uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, + sender_address); + address_retry_record = dbfn_read(dbm_file, altkey); + if (address_retry_record != NULL && + now - address_retry_record->time_stamp > retry_data_expire) + address_retry_record = NULL; /* Ignore if too old */ + } } DEBUG(D_deliver|D_retry) @@ -5530,19 +5518,29 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ (void)post_process_one(addr, DEFER, LOG_MAIN, DTYPE_ROUTER, 0); } - /* If queue_running, defer routing unless no retry data or we've - passed the next retry time, or this message is forced. However, - if the retry time has expired, allow the routing attempt. - If it fails again, the address will be failed. This ensures that + /* If we are in a queue run, defer routing unless there is no retry data or + we've passed the next retry time, or this message is forced. In other + words, ignore retry data when not in a queue run. + + However, if the domain retry time has expired, always allow the routing + attempt. If it fails again, the address will be failed. This ensures that each address is routed at least once, even after long-term routing failures. If there is an address retry, check that too; just wait for the next retry time. This helps with the case when the temporary error on the address was really message-specific rather than address specific, since - it allows other messages through. */ + it allows other messages through. + + We also wait for the next retry time if this is a message sent down an + existing SMTP connection (even though that will be forced). Otherwise there + will be far too many attempts for an address that gets a 4xx error. In + fact, after such an error, we should not get here because, the host should + not be remembered as one this message needs. However, there was a bug that + used to cause this to happen, so it is best to be on the safe side. */ - else if (!deliver_force && queue_running && + else if (((queue_running && !deliver_force) || continue_hostname != NULL) + && ((domain_retry_record != NULL && now < domain_retry_record->next_try && !domain_retry_record->expired) @@ -5641,12 +5639,16 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ string_sprintf("R:%s", addr->domain), 0); /* Otherwise, if there is an existing retry record in the database, add - retry items to delete both forms. Since the domain might have been - rewritten (expanded to fully qualified) as a result of routing, ensure - that the rewritten form is also deleted. */ + retry items to delete both forms. We must also allow for the possibility + of a routing retry that includes the sender address. Since the domain might + have been rewritten (expanded to fully qualified) as a result of routing, + ensure that the rewritten form is also deleted. */ else if (testflag(addr, af_dr_retry_exists)) { + uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, + sender_address); + retry_add_item(addr, altkey, rf_delete); retry_add_item(addr, addr->address_retry_key, rf_delete); retry_add_item(addr, addr->domain_retry_key, rf_delete); if (Ustrcmp(addr->domain, old_domain) != 0) @@ -5789,11 +5791,6 @@ Ensure they are not set in transports. */ local_user_gid = (gid_t)(-1); local_user_uid = (uid_t)(-1); - -/* !!!OLD-DE-DUP!!! The next two statement were introduced when checking for -duplicates was moved from within routing to afterwards. If that change has to -be backed out, they should be removed. */ - /* Check for any duplicate addresses. This check is delayed until after routing, because the flexibility of the routing configuration means that identical addresses with different parentage may end up being redirected to @@ -5803,7 +5800,6 @@ to) makes this kind of thing not work. */ do_duplicate_check(&addr_local); do_duplicate_check(&addr_remote); - /* When acting as an MUA wrapper, we proceed only if all addresses route to a remote transport. The check that they all end up in one transaction happens in the do_remote_deliveries() function. */ @@ -6256,8 +6252,7 @@ while (addr_failed != NULL) if (errors_reply_to != NULL) fprintf(f, "Reply-To: %s\n", errors_reply_to); fprintf(f, "Auto-Submitted: auto-replied\n"); - fprintf(f, "From: Mail Delivery System \n", - qualify_domain_sender); + moan_write_from(f); fprintf(f, "To: %s\n", bounce_recipient); /* Open a template file if one is provided. Log failure to open, but @@ -6580,6 +6575,9 @@ if (addr_defer == NULL) readconf_printtime(time(NULL) - received_time)); else log_write(0, LOG_MAIN, "Completed"); + + /* Unset deliver_freeze so that we won't try to move the spool files further down */ + deliver_freeze = FALSE; } /* If there are deferred addresses, we are keeping this message because it is @@ -6778,8 +6776,7 @@ else if (addr_defer != (address_item *)(+1)) if (errors_reply_to != NULL) fprintf(f, "Reply-To: %s\n", errors_reply_to); fprintf(f, "Auto-Submitted: auto-replied\n"); - fprintf(f, "From: Mail Delivery System \n", - qualify_domain_sender); + moan_write_from(f); fprintf(f, "To: %s\n", recipients); wmf_text = next_emf(wmf, US"header");