1 /* $Cambridge: exim/src/src/receive.c,v 1.3 2004/10/19 11:04:26 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
10 /* Code for receiving a message and setting up spool files. */
17 /*************************************************
18 * Local static variables *
19 *************************************************/
21 static FILE *data_file = NULL;
22 static int data_fd = -1;
23 static uschar spool_name[256];
27 /*************************************************
28 * Non-SMTP character reading functions *
29 *************************************************/
31 /* These are the default functions that are set up in the variables such as
32 receive_getc initially. They just call the standard functions, passing stdin as
33 the file. (When SMTP input is occurring, different functions are used by
34 changing the pointer variables.) */
45 return ungetc(c, stdin);
63 /*************************************************
64 * Check that a set sender is allowed *
65 *************************************************/
67 /* This function is called when a local caller sets an explicit sender address.
68 It checks whether this is permitted, which it is for trusted callers.
69 Otherwise, it must match the pattern(s) in untrusted_set_sender.
71 Arguments: the proposed sender address
72 Returns: TRUE for a trusted caller
73 TRUE if the address has been set, untrusted_set_sender has been
74 set, and the address matches something in the list
79 receive_check_set_sender(uschar *newsender)
82 if (trusted_caller) return TRUE;
83 if (newsender == NULL || untrusted_set_sender == NULL) return FALSE;
84 qnewsender = (Ustrchr(newsender, '@') != NULL)?
85 newsender : string_sprintf("%s@%s", newsender, qualify_domain_sender);
87 match_address_list(qnewsender, TRUE, TRUE, &untrusted_set_sender, NULL, -1,
94 /*************************************************
95 * Check space on spool and log partitions *
96 *************************************************/
98 /* This function is called before accepting a message; if any thresholds are
99 set, it checks them. If a message_size is supplied, it checks that there is
100 enough space for that size plus the threshold - i.e. that the message won't
101 reduce the space to the threshold. Not all OS have statvfs(); for those that
102 don't, this function always returns TRUE. For some OS the old function and
103 struct name statfs is used; that is handled by a macro, defined in exim.h.
106 msg_size the (estimated) size of an incoming message
108 Returns: FALSE if there isn't enough space, or if the information cannot
110 TRUE if no check was done or there is enough space
114 receive_check_fs(int msg_size)
118 struct STATVFS statbuf;
120 memset(&statbuf, 0, sizeof(statbuf));
122 /* The field names are macros, because not all OS have F_FAVAIL and it seems
123 tidier to have macros for F_BAVAIL and F_FILES as well. Some kinds of file
124 server do not have inodes, and they return -1 for the number available, so we
125 do the check only when this field is non-negative.
127 Later: It turns out that some file systems that do not have the concept of
128 inodes return 0 rather than -1. Such systems should also return 0 for the total
129 number of inodes, so we require that to be greater than zero before doing the
132 if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0)
134 if (STATVFS(CS spool_directory, &statbuf) != 0)
136 log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
137 "spool directory %s: %s", spool_directory, strerror(errno));
138 smtp_closedown(US"spool directory problem");
139 exim_exit(EXIT_FAILURE);
142 /* check_spool_space is held in K because disks are getting huge */
144 if (statbuf.F_BAVAIL < (unsigned long)
145 ((((double)check_spool_space) * 1024.0 + (double)msg_size) /
146 (double)statbuf.F_FRSIZE)
148 (statbuf.F_FILES > 0 &&
149 statbuf.F_FAVAIL >= 0 &&
150 statbuf.F_FAVAIL < check_spool_inodes))
154 debug_printf("spool directory %s space = %d blocks; inodes = %d; "
155 "check_space = %dK (%d blocks); inodes = %d; msg_size = %d (%d blocks)\n",
156 spool_directory, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
158 (int)(((double)check_spool_space * 1024.0) / (double)statbuf.F_FRSIZE),
159 check_spool_inodes, msg_size, (int)(msg_size / statbuf.F_FRSIZE));
163 log_write(0, LOG_MAIN, "spool directory space check failed: space=%d "
164 "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
169 /* Need to cut down the log file path to the directory, and to ignore any
170 appearance of "syslog" in it. */
172 if (check_log_space > 0 || check_log_inodes > 0)
175 int sep = ':'; /* Not variable - outside scripts use */
177 uschar *p = log_file_path;
180 /* An empty log_file_path means "use the default". This is the same as an
181 empty item in a list. */
183 if (*p == 0) p = US":";
184 while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))) != NULL)
186 if (Ustrcmp(path, "syslog") != 0) break;
189 if (path == NULL) return TRUE; /* No log files, so no problem */
191 /* An empty string means use the default */
194 path = string_sprintf("%s/log/%%slog", spool_directory);
196 if ((cp = Ustrrchr(path, '/')) == NULL)
198 DEBUG(D_receive) debug_printf("cannot find slash in %s\n", path);
203 if (STATVFS(CS path, &statbuf) != 0)
205 log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
206 "log directory %s: %s", path, strerror(errno));
207 smtp_closedown(US"log directory problem");
208 exim_exit(EXIT_FAILURE);
211 if (statbuf.F_BAVAIL < (unsigned long)
212 (((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE)
214 statbuf.F_FAVAIL < check_log_inodes) rc = FALSE;
217 debug_printf("log directory %s space = %d blocks; inodes = %d; "
218 "check_space = %dK (%d blocks); inodes = %d\n",
219 path, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
221 (int)(((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE),
226 log_write(0, LOG_MAIN, "log directory space check failed: space=%d "
227 "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
238 /*************************************************
239 * Bomb out while reading a message *
240 *************************************************/
242 /* The common case of wanting to bomb out is if a SIGTERM or SIGINT is
243 received, or if there is a timeout. A rarer case might be if the log files are
244 screwed up and Exim can't open them to record a message's arrival. Handling
245 that case is done by setting a flag to cause the log functions to call this
246 function if there is an ultimate disaster. That is why it is globally
249 Arguments: SMTP response to give if in an SMTP session
254 receive_bomb_out(uschar *msg)
256 /* If spool_name is set, it contains the name of the data file that is being
257 written. Unlink it before closing so that it cannot be picked up by a delivery
258 process. Ensure that any header file is also removed. */
260 if (spool_name[0] != 0)
263 spool_name[Ustrlen(spool_name) - 1] = 'H';
267 /* Now close the file if it is open, either as a fd or a stream. */
269 if (data_file != NULL) fclose(data_file);
270 else if (data_fd >= 0) close(data_fd);
272 /* Attempt to close down an SMTP connection tidily. */
276 if (!smtp_batched_input)
278 smtp_printf("421 %s %s - closing connection.\r\n", smtp_active_hostname,
283 /* Control does not return from moan_smtp_batch(). */
285 else moan_smtp_batch(NULL, "421 %s - message abandoned", msg);
288 /* Exit from the program (non-BSMTP cases) */
290 exim_exit(EXIT_FAILURE);
294 /*************************************************
295 * Data read timeout *
296 *************************************************/
298 /* Handler function for timeouts that occur while reading the data that
301 Argument: the signal number
306 data_timeout_handler(int sig)
310 sig = sig; /* Keep picky compilers happy */
314 msg = US"SMTP incoming data timeout";
315 log_write(L_lost_incoming_connection,
316 LOG_MAIN, "SMTP data timeout (message abandoned) on connection "
318 (sender_fullhost != NULL)? sender_fullhost : US"local process");
322 fprintf(stderr, "exim: timed out while reading - message abandoned\n");
323 log_write(L_lost_incoming_connection,
324 LOG_MAIN, "timed out while reading local message");
327 receive_bomb_out(msg); /* Does not return */
332 /*************************************************
333 * local_scan() timeout *
334 *************************************************/
336 /* Handler function for timeouts that occur while running a local_scan()
339 Argument: the signal number
344 local_scan_timeout_handler(int sig)
346 sig = sig; /* Keep picky compilers happy */
347 log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function timed out - "
348 "message temporarily rejected (size %d)", message_size);
349 receive_bomb_out(US"local verification problem"); /* Does not return */
354 /*************************************************
355 * local_scan() crashed *
356 *************************************************/
358 /* Handler function for signals that occur while running a local_scan()
361 Argument: the signal number
366 local_scan_crash_handler(int sig)
368 log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function crashed with "
369 "signal %d - message temporarily rejected (size %d)", sig, message_size);
370 receive_bomb_out(US"local verification problem"); /* Does not return */
374 /*************************************************
375 * SIGTERM or SIGINT received *
376 *************************************************/
378 /* Handler for SIGTERM or SIGINT signals that occur while reading the
379 data that comprises a message.
381 Argument: the signal number
386 data_sigterm_sigint_handler(int sig)
392 msg = US"Service not available - SIGTERM or SIGINT received";
393 log_write(0, LOG_MAIN, "%s closed after %s", smtp_get_connection_info(),
394 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
398 if (filter_test == NULL)
400 fprintf(stderr, "\nexim: %s received - message abandoned\n",
401 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
402 log_write(0, LOG_MAIN, "%s received while reading local message",
403 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
407 receive_bomb_out(msg); /* Does not return */
412 /*************************************************
413 * Add new recipient to list *
414 *************************************************/
416 /* This function builds a list of recipient addresses in argc/argv
420 recipient the next address to add to recipients_list
421 pno parent number for fixed aliases; -1 otherwise
427 receive_add_recipient(uschar *recipient, int pno)
429 if (recipients_count >= recipients_list_max)
431 recipient_item *oldlist = recipients_list;
432 int oldmax = recipients_list_max;
433 recipients_list_max = recipients_list_max? 2*recipients_list_max : 50;
434 recipients_list = store_get(recipients_list_max * sizeof(recipient_item));
436 memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item));
439 recipients_list[recipients_count].address = recipient;
440 recipients_list[recipients_count].pno = pno;
441 recipients_list[recipients_count++].errors_to = NULL;
447 /*************************************************
448 * Remove a recipient from the list *
449 *************************************************/
451 /* This function is provided for local_scan() to use.
454 recipient address to remove
456 Returns: TRUE if it did remove something; FALSE otherwise
460 receive_remove_recipient(uschar *recipient)
463 DEBUG(D_receive) debug_printf("receive_remove_recipient(\"%s\") called\n",
465 for (count = 0; count < recipients_count; count++)
467 if (Ustrcmp(recipients_list[count].address, recipient) == 0)
469 if ((--recipients_count - count) > 0)
470 memmove(recipients_list + count, recipients_list + count + 1,
471 (recipients_count - count)*sizeof(recipient_item));
482 /*************************************************
483 * Read data portion of a non-SMTP message *
484 *************************************************/
486 /* This function is called to read the remainder of a message (following the
487 header) when the input is not from SMTP - we are receiving a local message on
488 a standard input stream. The message is always terminated by EOF, and is also
489 terminated by a dot on a line by itself if the flag dot_ends is TRUE. Split the
490 two cases for maximum efficiency.
492 Ensure that the body ends with a newline. This will naturally be the case when
493 the termination is "\n.\n" but may not be otherwise. The RFC defines messages
494 as "sequences of lines" - this of course strictly applies only to SMTP, but
495 deliveries into BSD-type mailbox files also require it. Exim used to have a
496 flag for doing this at delivery time, but as it was always set for all
497 transports, I decided to simplify things by putting the check here instead.
499 There is at least one MUA (dtmail) that sends CRLF via this interface, and
500 other programs are known to do this as well. Exim used to have a option for
501 dealing with this: in July 2003, after much discussion, the code has been
502 changed to default to treat any of LF, CRLF, and bare CR as line terminators.
504 However, for the case when a dot on a line by itself terminates a message, the
505 only recognized terminating sequences before and after the dot are LF and CRLF.
506 Otherwise, having read EOL . CR, you don't know whether to read another
509 Internally, in messages stored in Exim's spool files, LF is used as the line
510 terminator. Under the new regime, bare CRs will no longer appear in these
514 fout a FILE to which to write the message
516 Returns: One of the END_xxx values indicating why it stopped reading
520 read_message_data(FILE *fout)
525 /* Handle the case when only EOF terminates the message */
529 register int last_ch = '\n';
531 for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
533 if (ch == 0) body_zerocount++;
534 if (last_ch == '\r' && ch != '\n')
536 if (fputc('\n', fout) == EOF) return END_WERROR;
540 if (ch == '\r') continue;
542 if (fputc(ch, fout) == EOF) return END_WERROR;
543 if (ch == '\n') body_linecount++;
544 if (++message_size > thismessage_size_limit) return END_SIZE;
549 if (fputc('\n', fout) == EOF) return END_WERROR;
557 /* Handle the case when a dot on a line on its own, or EOF, terminates. */
561 while ((ch = (receive_getc)()) != EOF)
563 if (ch == 0) body_zerocount++;
566 case 0: /* Normal state (previous char written) */
568 { body_linecount++; ch_state = 1; }
570 { ch_state = 2; continue; }
573 case 1: /* After written "\n" */
574 if (ch == '.') { ch_state = 3; continue; }
575 if (ch != '\n') ch_state = 0;
579 body_linecount++; /* After unwritten "\r" */
584 if (message_size++, fputc('\n', fout) == EOF) return END_WERROR;
585 if (ch == '\r') continue;
590 case 3: /* After "\n." (\n written, dot not) */
591 if (ch == '\n') return END_DOT;
592 if (ch == '\r') { ch_state = 4; continue; }
594 if (fputc('.', fout) == EOF) return END_WERROR;
598 case 4: /* After "\n.\r" (\n written, rest not) */
599 if (ch == '\n') return END_DOT;
602 if (fputs(".\n", fout) == EOF) return END_WERROR;
603 if (ch == '\r') { ch_state = 2; continue; }
608 if (fputc(ch, fout) == EOF) return END_WERROR;
609 if (++message_size > thismessage_size_limit) return END_SIZE;
612 /* Get here if EOF read. Unless we have just written "\n", we need to ensure
613 the message ends with a newline, and we must also write any characters that
614 were saved up while testing for an ending dot. */
618 static uschar *ends[] = { US"\n", NULL, US"\n", US".\n", US".\n" };
619 if (fputs(CS ends[ch_state], fout) == EOF) return END_WERROR;
620 message_size += Ustrlen(ends[ch_state]);
630 /*************************************************
631 * Read data portion of an SMTP message *
632 *************************************************/
634 /* This function is called to read the remainder of an SMTP message (after the
635 headers), or to skip over it when an error has occurred. In this case, the
636 output file is passed as NULL.
638 If any line begins with a dot, that character is skipped. The input should only
639 be successfully terminated by CR LF . CR LF unless it is local (non-network)
640 SMTP, in which case the CRs are optional, but...
642 FUDGE: It seems that sites on the net send out messages with just LF
643 terminators, despite the warnings in the RFCs, and other MTAs handle this. So
644 we make the CRs optional in all cases.
646 July 2003: Bare CRs cause trouble. We now treat them as line terminators as
647 well, so that there are no CRs in spooled messages. However, the message
648 terminating dot is not recognized between two bare CRs.
651 fout a FILE to which to write the message; NULL if skipping
653 Returns: One of the END_xxx values indicating why it stopped reading
657 read_message_data_smtp(FILE *fout)
662 while ((ch = (receive_getc)()) != EOF)
664 if (ch == 0) body_zerocount++;
667 case 0: /* After LF or CRLF */
671 continue; /* Don't ever write . after LF */
675 /* Else fall through to handle as normal uschar. */
677 case 1: /* Normal state */
690 case 2: /* After (unwritten) CR */
699 if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
700 if (ch != '\r') ch_state = 1; else continue;
704 case 3: /* After [CR] LF . */
712 ch_state = 1; /* The dot itself is removed */
715 case 4: /* After [CR] LF . CR */
716 if (ch == '\n') return END_DOT;
719 if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
729 /* Add the character to the spool file, unless skipping; then loop for the
735 if (fputc(ch, fout) == EOF) return END_WERROR;
736 if (message_size > thismessage_size_limit) return END_SIZE;
740 /* Fall through here if EOF encountered. This indicates some kind of error,
741 since a correct message is terminated by [CR] LF . [CR] LF. */
749 /*************************************************
750 * Swallow SMTP message *
751 *************************************************/
753 /* This function is called when there has been some kind of error while reading
754 an SMTP message, and the remaining data may need to be swallowed. It is global
755 because it is called from smtp_closedown() to shut down an incoming call
758 Argument: a FILE from which to read the message
763 receive_swallow_smtp(void)
765 if (message_ended >= END_NOTENDED)
766 message_ended = read_message_data_smtp(NULL);
771 /*************************************************
772 * Handle lost SMTP connection *
773 *************************************************/
775 /* This function logs connection loss incidents and generates an appropriate
778 Argument: additional data for the message
779 Returns: the SMTP response
783 handle_lost_connection(uschar *s)
785 log_write(L_lost_incoming_connection | L_smtp_connection, LOG_MAIN,
786 "%s lost while reading message data%s", smtp_get_connection_info(), s);
787 return US"421 Lost incoming connection";
793 /*************************************************
794 * Handle a non-smtp reception error *
795 *************************************************/
797 /* This function is called for various errors during the reception of non-SMTP
798 messages. It either sends a message to the sender of the problem message, or it
799 writes to the standard error stream.
802 errcode code for moan_to_sender(), identifying the error
803 text1 first message text, passed to moan_to_sender()
804 text2 second message text, used only for stderrr
805 error_rc code to pass to exim_exit if no problem
806 f FILE containing body of message (may be stdin)
807 hptr pointer to instore headers or NULL
809 Returns: calls exim_exit(), which does not return
813 give_local_error(int errcode, uschar *text1, uschar *text2, int error_rc,
814 FILE *f, header_line *hptr)
816 if (error_handling == ERRORS_SENDER)
820 eblock.text1 = text1;
821 if (!moan_to_sender(errcode, &eblock, hptr, f, FALSE))
822 error_rc = EXIT_FAILURE;
824 else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */
831 /*************************************************
832 * Add header lines set up by ACL *
833 *************************************************/
835 /* This function is called to add the header lines that were set up by "warn"
836 statements in an ACL onto the list of headers in memory. It is done in two
837 stages like this, because when the ACL for RCPT is running, the other headers
838 have not yet been received. This function is called twice; once just before
839 running the DATA ACL, and once after. This is so that header lines added by
840 MAIL or RCPT are visible to the DATA ACL.
842 Originally these header lines were added at the end. Now there is support for
843 three different places: top, bottom, and after the Received: header(s). There
844 will always be at least one Received: header, even if it is marked deleted, and
845 even if something else has been put in front of it.
848 acl_name text to identify which ACL
854 add_acl_headers(uschar *acl_name)
856 header_line *h, *next;
857 header_line *last_received = NULL;
859 if (acl_warn_headers == NULL) return;
860 DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name);
862 for (h = acl_warn_headers; h != NULL; h = next)
869 h->next = header_list;
871 DEBUG(D_receive|D_acl) debug_printf(" (at top)");
875 if (last_received == NULL)
877 last_received = header_list;
878 while (!header_testname(last_received, US"Received", 8, FALSE))
879 last_received = last_received->next;
880 while (last_received->next != NULL &&
881 header_testname(last_received->next, US"Received", 8, FALSE))
882 last_received = last_received->next;
884 h->next = last_received->next;
885 last_received->next = h;
886 DEBUG(D_receive|D_acl) debug_printf(" (after Received:)");
891 header_last->next = h;
895 if (h->next == NULL) header_last = h;
897 /* Check for one of the known header types (From:, To:, etc.) though in
898 practice most added headers are going to be "other". Lower case
899 identification letters are never stored with the header; they are used
900 for existence tests when messages are received. So discard any lower case
903 h->type = header_checkname(h, FALSE);
904 if (h->type >= 'a') h->type = htype_other;
906 DEBUG(D_receive|D_acl) debug_printf(" %s", header_last->text);
909 acl_warn_headers = NULL;
910 DEBUG(D_receive|D_acl) debug_printf(">>\n");
915 /*************************************************
916 * Add host information for log line *
917 *************************************************/
919 /* Called for acceptance and rejecting log lines. This adds information about
920 the calling host to a string that is being built dynamically.
924 sizeptr points to the size variable
925 ptrptr points to the pointer variable
927 Returns: the extended string
931 add_host_info_for_log(uschar *s, int *sizeptr, int *ptrptr)
933 if (sender_fullhost != NULL)
935 s = string_append(s, sizeptr, ptrptr, 2, US" H=", sender_fullhost);
936 if ((log_extra_selector & LX_incoming_interface) != 0 &&
937 interface_address != NULL)
939 uschar *ss = string_sprintf(" I=[%s]:%d", interface_address,
941 s = string_cat(s, sizeptr, ptrptr, ss, Ustrlen(ss));
944 if (sender_ident != NULL)
945 s = string_append(s, sizeptr, ptrptr, 2, US" U=", sender_ident);
946 if (received_protocol != NULL)
947 s = string_append(s, sizeptr, ptrptr, 2, US" P=", received_protocol);
954 /*************************************************
956 *************************************************/
958 /* Receive a message on the given input, and put it into a pair of spool files.
959 Either a non-null list of recipients, or the extract flag will be true, or
960 both. The flag sender_local is true for locally generated messages. The flag
961 submission_mode is true if an ACL has obeyed "control = submission". The flag
962 smtp_input is true if the message is to be handled using SMTP conventions about
963 termination and lines starting with dots. For non-SMTP messages, dot_ends is
964 true for dot-terminated messages.
966 If a message was successfully read, message_id[0] will be non-zero.
968 The general actions of this function are:
970 . Read the headers of the message (if any) into a chain of store
973 . If there is a "sender:" header and the message is locally originated,
974 throw it away, unless the caller is trusted, or unless
975 active_local_sender_retain is set - which can only happen if
976 active_local_from_check is false.
978 . If recipients are to be extracted from the message, build the
979 recipients list from the headers, removing any that were on the
980 original recipients list (unless extract_addresses_remove_arguments is
981 false), and at the same time, remove any bcc header that may be present.
983 . Get the spool file for the data, sort out its unique name, open
984 and lock it (but don't give it the name yet).
986 . Generate a "Message-Id" header if the message doesn't have one, for
987 locally-originated messages.
989 . Generate a "Received" header.
991 . Ensure the recipients list is fully qualified and rewritten if necessary.
993 . If there are any rewriting rules, apply them to the sender address
994 and also to the headers.
996 . If there is no from: header, generate one, for locally-generated messages
997 and messages in "submission mode" only.
999 . If the sender is local, check that from: is correct, and if not, generate
1000 a Sender: header, unless message comes from a trusted caller, or this
1001 feature is disabled by active_local_from_check being false.
1003 . If there is no "date" header, generate one, for locally-originated
1004 or submission mode messages only.
1006 . Copy the rest of the input, or up to a terminating "." if in SMTP or
1007 dot_ends mode, to the data file. Leave it open, to hold the lock.
1009 . Write the envelope and the headers to a new file.
1011 . Set the name for the header file; close it.
1013 . Set the name for the data file; close it.
1015 Because this function can potentially be called many times in a single
1016 SMTP connection, all store should be got by store_get(), so that it will be
1017 automatically retrieved after the message is accepted.
1019 FUDGE: It seems that sites on the net send out messages with just LF
1020 terminators, despite the warnings in the RFCs, and other MTAs handle this. So
1021 we make the CRs optional in all cases.
1023 July 2003: Bare CRs in messages, especially in header lines, cause trouble. A
1024 new regime is now in place in which bare CRs in header lines are turned into LF
1025 followed by a space, so as not to terminate the header line.
1027 February 2004: A bare LF in a header line in a message whose first line was
1028 terminated by CRLF is treated in the same way as a bare CR.
1031 extract_recip TRUE if recipients are to be extracted from the message's
1034 Returns: TRUE there are more messages to be read (SMTP input)
1035 FALSE there are no more messages to be read (non-SMTP input
1036 or SMTP connection collapsed, or other failure)
1038 When reading a message for filter testing, the returned value indicates
1039 whether the headers (which is all that is read) were terminated by '.' or
1043 receive_msg(BOOL extract_recip)
1047 int process_info_len = Ustrlen(process_info);
1048 int error_rc = (error_handling == ERRORS_SENDER)?
1049 errors_sender_rc : EXIT_FAILURE;
1050 int header_size = 256;
1051 int start, end, domain, size, sptr;
1055 register int ptr = 0;
1057 BOOL contains_resent_headers = FALSE;
1058 BOOL extracted_ignored = FALSE;
1059 BOOL first_line_ended_crlf = TRUE_UNSET;
1060 BOOL smtp_yield = TRUE;
1063 BOOL resents_exist = FALSE;
1064 uschar *resent_prefix = US"";
1065 uschar *blackholed_by = NULL;
1068 error_block *bad_addresses = NULL;
1070 uschar *frozen_by = NULL;
1071 uschar *queued_by = NULL;
1074 struct stat statbuf;
1076 /* Final message to give to SMTP caller */
1078 uschar *smtp_reply = NULL;
1080 /* Working header pointers */
1082 header_line *h, *next;
1084 /* Flags for noting the existence of certain headers */
1086 /**** No longer check for these (Nov 2003)
1087 BOOL to_or_cc_header_exists = FALSE;
1088 BOOL bcc_header_exists = FALSE;
1091 BOOL date_header_exists = FALSE;
1093 /* Pointers to receive the addresses of headers whose contents we need. */
1095 header_line *from_header = NULL;
1096 header_line *subject_header = NULL;
1097 header_line *msgid_header = NULL;
1098 header_line *received_header;
1100 /* Variables for use when building the Received: header. */
1106 /* Release any open files that might have been cached while preparing to
1107 accept the message - e.g. by verifying addresses - because reading a message
1108 might take a fair bit of real time. */
1112 /* Initialize the chain of headers by setting up a place-holder for Received:
1113 header. Temporarily mark it as "old", i.e. not to be used. We keep header_last
1114 pointing to the end of the chain to make adding headers simple. */
1116 received_header = header_list = header_last = store_get(sizeof(header_line));
1117 header_list->next = NULL;
1118 header_list->type = htype_old;
1119 header_list->text = NULL;
1120 header_list->slen = 0;
1122 /* Control block for the next header to be read. */
1124 next = store_get(sizeof(header_line));
1125 next->text = store_get(header_size);
1127 /* Initialize message id to be null (indicating no message read), and the
1128 header names list to be the normal list. Indicate there is no data file open
1129 yet, initialize the size and warning count, and deal with no size limit. */
1137 received_count = 1; /* For the one we will add */
1139 if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX;
1141 /* While reading the message, body_linecount and body_zerocount is computed.
1142 The full message_ linecount is set up only when the headers are read back in
1143 from the spool for delivery. */
1145 body_linecount = body_zerocount = 0;
1147 /* Remember the time of reception. Exim uses time+pid for uniqueness of message
1148 ids, and fractions of a second are required. See the comments that precede the
1149 message id creation below. */
1151 (void)gettimeofday(&message_id_tv, NULL);
1153 /* For other uses of the received time we can operate with granularity of one
1154 second, and for that we use the global variable received_time. This is for
1155 things like ultimate message timeouts. */
1157 received_time = message_id_tv.tv_sec;
1159 /* If SMTP input, set the special handler for timeouts. The alarm() calls
1160 happen in the smtp_getc() function when it refills its buffer. */
1162 if (smtp_input) os_non_restarting_signal(SIGALRM, data_timeout_handler);
1164 /* If not SMTP input, timeout happens only if configured, and we just set a
1165 single timeout for the whole message. */
1167 else if (receive_timeout > 0)
1169 os_non_restarting_signal(SIGALRM, data_timeout_handler);
1170 alarm(receive_timeout);
1173 /* SIGTERM and SIGINT are caught always. */
1175 signal(SIGTERM, data_sigterm_sigint_handler);
1176 signal(SIGINT, data_sigterm_sigint_handler);
1178 /* Header lines in messages are not supposed to be very long, though when
1179 unfolded, to: and cc: headers can take up a lot of store. We must also cope
1180 with the possibility of junk being thrown at us. Start by getting 256 bytes for
1181 storing the header, and extend this as necessary using string_cat().
1183 To cope with total lunacies, impose an upper limit on the length of the header
1184 section of the message, as otherwise the store will fill up. We must also cope
1185 with the possibility of binary zeros in the data. Hence we cannot use fgets().
1186 Folded header lines are joined into one string, leaving the '\n' characters
1187 inside them, so that writing them out reproduces the input.
1189 Loop for each character of each header; the next structure for chaining the
1190 header is set up already, with ptr the offset of the next character in
1195 int ch = (receive_getc)();
1197 /* If we hit EOF on a SMTP connection, it's an error, since incoming
1198 SMTP must have a correct "." terminator. */
1200 if (ch == EOF && smtp_input /* && !smtp_batched_input */)
1202 smtp_reply = handle_lost_connection(US" (header)");
1204 goto TIDYUP; /* Skip to end of function */
1207 /* See if we are at the current header's size limit - there must be at least
1208 four bytes left. This allows for the new character plus a zero, plus two for
1209 extra insertions when we are playing games with dots and carriage returns. If
1210 we are at the limit, extend the text buffer. This could have been done
1211 automatically using string_cat() but because this is a tightish loop storing
1212 only one character at a time, we choose to do it inline. Normally
1213 store_extend() will be able to extend the block; only at the end of a big
1214 store block will a copy be needed. To handle the case of very long headers
1215 (and sometimes lunatic messages can have ones that are 100s of K long) we
1216 call store_release() for strings that have been copied - if the string is at
1217 the start of a block (and therefore the only thing in it, because we aren't
1218 doing any other gets), the block gets freed. We can only do this because we
1219 know there are no other calls to store_get() going on. */
1221 if (ptr >= header_size - 4)
1223 int oldsize = header_size;
1224 /* header_size += 256; */
1226 if (!store_extend(next->text, oldsize, header_size))
1228 uschar *newtext = store_get(header_size);
1229 memcpy(newtext, next->text, ptr);
1230 store_release(next->text);
1231 next->text = newtext;
1235 /* Cope with receiving a binary zero. There is dispute about whether
1236 these should be allowed in RFC 822 messages. The middle view is that they
1237 should not be allowed in headers, at least. Exim takes this attitude at
1238 the moment. We can't just stomp on them here, because we don't know that
1239 this line is a header yet. Set a flag to cause scanning later. */
1241 if (ch == 0) had_zero++;
1243 /* Test for termination. Lines in remote SMTP are terminated by CRLF, while
1244 those from data files use just LF. Treat LF in local SMTP input as a
1245 terminator too. Treat EOF as a line terminator always. */
1247 if (ch == EOF) goto EOL;
1249 /* FUDGE: There are sites out there that don't send CRs before their LFs, and
1250 other MTAs accept this. We are therefore forced into this "liberalisation"
1251 too, so we accept LF as a line terminator whatever the source of the message.
1252 However, if the first line of the message ended with a CRLF, we treat a bare
1253 LF specially by inserting a white space after it to ensure that the header
1254 line is not terminated. */
1258 if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
1259 else if (first_line_ended_crlf) receive_ungetc(' ');
1263 /* This is not the end of the line. If this is SMTP input and this is
1264 the first character in the line and it is a "." character, ignore it.
1265 This implements the dot-doubling rule, though header lines starting with
1266 dots aren't exactly common. They are legal in RFC 822, though. If the
1267 following is CRLF or LF, this is the line that that terminates the
1268 entire message. We set message_ended to indicate this has happened (to
1269 prevent further reading), and break out of the loop, having freed the
1270 empty header, and set next = NULL to indicate no data line. */
1272 if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
1274 ch = (receive_getc)();
1277 ch = (receive_getc)();
1281 ch = '\r'; /* Revert to CR */
1286 message_ended = END_DOT;
1289 break; /* End character-reading loop */
1292 /* For non-SMTP input, the dot at the start of the line was really a data
1293 character. What is now in ch is the following character. We guaranteed
1294 enough space for this above. */
1298 next->text[ptr++] = '.';
1303 /* If CR is immediately followed by LF, end the line, ignoring the CR, and
1304 remember this case if this is the first line ending. */
1308 ch = (receive_getc)();
1311 if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
1315 /* Otherwise, put back the character after CR, and turn the bare CR
1318 ch = (receive_ungetc)(ch);
1319 next->text[ptr++] = '\n';
1324 /* We have a data character for the header line. */
1326 next->text[ptr++] = ch; /* Add to buffer */
1327 message_size++; /* Total message size so far */
1329 /* Handle failure due to a humungously long header section. The >= allows
1330 for the terminating \n. Add what we have so far onto the headers list so
1331 that it gets reflected in any error message, and back up the just-read
1334 if (message_size >= header_maxsize)
1336 next->text[ptr] = 0;
1338 next->type = htype_other;
1340 header_last->next = next;
1343 log_write(0, LOG_MAIN, "ridiculously long message header received from "
1344 "%s (more than %d characters): message abandoned",
1345 sender_host_unknown? sender_ident : sender_fullhost, header_maxsize);
1349 smtp_reply = US"552 Message header is ridiculously long";
1350 receive_swallow_smtp();
1351 goto TIDYUP; /* Skip to end of function */
1356 give_local_error(ERRMESS_VLONGHEADER,
1357 string_sprintf("message header longer than %d characters received: "
1358 "message not accepted", header_maxsize), US"", error_rc, stdin,
1360 /* Does not return */
1364 continue; /* With next input character */
1366 /* End of header line reached */
1369 receive_linecount++; /* For BSMTP errors */
1371 /* Now put in the terminating newline. There is always space for
1372 at least two more characters. */
1374 next->text[ptr++] = '\n';
1377 /* A blank line signals the end of the headers; release the unwanted
1378 space and set next to NULL to indicate this. */
1387 /* There is data in the line; see if the next input character is a
1388 whitespace character. If it is, we have a continuation of this header line.
1389 There is always space for at least one character at this point. */
1393 int nextch = (receive_getc)();
1394 if (nextch == ' ' || nextch == '\t')
1396 next->text[ptr++] = nextch;
1398 continue; /* Iterate the loop */
1400 else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */
1401 else ch = EOF; /* Cause main loop to exit at end */
1404 /* We have got to the real line end. Terminate the string and release store
1405 beyond it. If it turns out to be a real header, internal binary zeros will
1406 be squashed later. */
1408 next->text[ptr] = 0;
1410 store_reset(next->text + ptr + 1);
1412 /* Check the running total size against the overall message size limit. We
1413 don't expect to fail here, but if the overall limit is set less than MESSAGE_
1414 MAXSIZE and a big header is sent, we want to catch it. Just stop reading
1415 headers - the code to read the body will then also hit the buffer. */
1417 if (message_size > thismessage_size_limit) break;
1419 /* A line that is not syntactically correct for a header also marks
1420 the end of the headers. In this case, we leave next containing the
1421 first data line. This might actually be several lines because of the
1422 continuation logic applied above, but that doesn't matter.
1424 It turns out that smail, and presumably sendmail, accept leading lines
1427 From ph10 Fri Jan 5 12:35 GMT 1996
1429 in messages. The "mail" command on Solaris 2 sends such lines. I cannot
1430 find any documentation of this, but for compatibility it had better be
1431 accepted. Exim restricts it to the case of non-smtp messages, and
1432 treats it as an alternative to the -f command line option. Thus it is
1433 ignored except for trusted users or filter testing. Otherwise it is taken
1434 as the sender address, unless -f was used (sendmail compatibility).
1436 It further turns out that some UUCPs generate the From_line in a different
1439 From ph10 Fri, 7 Jan 97 14:00:00 GMT
1441 The regex for matching these things is now capable of recognizing both
1442 formats (including 2- and 4-digit years in the latter). In fact, the regex
1443 is now configurable, as is the expansion string to fish out the sender.
1445 Even further on it has been discovered that some broken clients send
1446 these lines in SMTP messages. There is now an option to ignore them from
1447 specified hosts or networks. Sigh. */
1449 if (header_last == header_list &&
1452 (sender_host_address != NULL &&
1453 verify_check_host(&ignore_fromline_hosts) == OK)
1455 (sender_host_address == NULL && ignore_fromline_local)
1457 regex_match_and_setup(regex_From, next->text, 0, -1))
1459 if (!sender_address_forced)
1461 uschar *uucp_sender = expand_string(uucp_from_sender);
1462 if (uucp_sender == NULL)
1464 log_write(0, LOG_MAIN|LOG_PANIC,
1465 "expansion of \"%s\" failed after matching "
1466 "\"From \" line: %s", uucp_from_sender, expand_string_message);
1470 int start, end, domain;
1472 uschar *newsender = parse_extract_address(uucp_sender, &errmess,
1473 &start, &end, &domain, TRUE);
1474 if (newsender != NULL)
1476 if (domain == 0 && newsender[0] != 0)
1477 newsender = rewrite_address_qualify(newsender, FALSE);
1479 if (filter_test != NULL || receive_check_set_sender(newsender))
1481 sender_address = newsender;
1483 if (trusted_caller || filter_test != NULL)
1485 authenticated_sender = NULL;
1486 originator_name = US"";
1487 sender_local = FALSE;
1490 if (filter_test != NULL)
1491 printf("Sender taken from \"From \" line\n");
1498 /* Not a leading "From " line. Check to see if it is a valid header line.
1499 Header names may contain any non-control characters except space and colon,
1504 uschar *p = next->text;
1506 /* If not a valid header line, break from the header reading loop, leaving
1507 next != NULL, indicating that it holds the first line of the body. */
1509 if (isspace(*p)) break;
1510 while (mac_isgraph(*p) && *p != ':') p++;
1511 while (isspace(*p)) p++;
1514 body_zerocount = had_zero;
1518 /* We have a valid header line. If there were any binary zeroes in
1519 the line, stomp on them here. */
1522 for (p = next->text; p < next->text + ptr; p++) if (*p == 0) *p = '?';
1524 /* It is perfectly legal to have an empty continuation line
1525 at the end of a header, but it is confusing to humans
1526 looking at such messages, since it looks like a blank line.
1527 Reduce confusion by removing redundant white space at the
1528 end. We know that there is at least one printing character
1529 (the ':' tested for above) so there is no danger of running
1532 p = next->text + ptr - 2;
1535 while (*p == ' ' || *p == '\t') p--;
1536 if (*p != '\n') break;
1537 ptr = (p--) - next->text + 1;
1538 message_size -= next->slen - ptr;
1539 next->text[ptr] = 0;
1543 /* Add the header to the chain */
1545 next->type = htype_other;
1547 header_last->next = next;
1550 /* Check the limit for individual line lengths. This comes after adding to
1551 the chain so that the failing line is reflected if a bounce is generated
1552 (for a local message). */
1554 if (header_line_maxsize > 0 && next->slen > header_line_maxsize)
1556 log_write(0, LOG_MAIN, "overlong message header line received from "
1557 "%s (more than %d characters): message abandoned",
1558 sender_host_unknown? sender_ident : sender_fullhost,
1559 header_line_maxsize);
1563 smtp_reply = US"552 A message header line is too long";
1564 receive_swallow_smtp();
1565 goto TIDYUP; /* Skip to end of function */
1570 give_local_error(ERRMESS_VLONGHDRLINE,
1571 string_sprintf("message header line longer than %d characters "
1572 "received: message not accepted", header_line_maxsize), US"",
1573 error_rc, stdin, header_list->next);
1574 /* Does not return */
1578 /* Note if any resent- fields exist. */
1580 if (!resents_exist && strncmpic(next->text, US"resent-", 7) == 0)
1582 resents_exist = TRUE;
1583 resent_prefix = US"Resent-";
1587 /* The line has been handled. If we have hit EOF, break out of the loop,
1588 indicating no pending data line. */
1590 if (ch == EOF) { next = NULL; break; }
1592 /* Set up for the next header */
1595 next = store_get(sizeof(header_line));
1596 next->text = store_get(header_size);
1599 } /* Continue, starting to read the next header */
1601 /* At this point, we have read all the headers into a data structure in main
1602 store. The first header is still the dummy placeholder for the Received: header
1603 we are going to generate a bit later on. If next != NULL, it contains the first
1604 data line - which terminated the headers before reaching a blank line (not the
1609 debug_printf(">>Headers received:\n");
1610 for (h = header_list->next; h != NULL; h = h->next)
1611 debug_printf("%s", h->text);
1615 /* End of file on any SMTP connection is an error. If an incoming SMTP call
1616 is dropped immediately after valid headers, the next thing we will see is EOF.
1617 We must test for this specially, as further down the reading of the data is
1618 skipped if already at EOF. */
1620 if (smtp_input && (receive_feof)())
1622 smtp_reply = handle_lost_connection(US" (after header)");
1624 goto TIDYUP; /* Skip to end of function */
1627 /* If this is a filter test run and no headers were read, output a warning
1628 in case there is a mistake in the test message. */
1630 if (filter_test != NULL && header_list->next == NULL)
1631 printf("Warning: no message headers read\n");
1634 /* Scan the headers to identify them. Some are merely marked for later
1635 processing; some are dealt with here. */
1637 for (h = header_list->next; h != NULL; h = h->next)
1639 BOOL is_resent = strncmpic(h->text, US"resent-", 7) == 0;
1640 if (is_resent) contains_resent_headers = TRUE;
1642 switch (header_checkname(h, is_resent))
1644 /* "Bcc:" gets flagged, and its existence noted, whether it's resent- or
1648 h->type = htype_bcc;
1650 bcc_header_exists = TRUE;
1654 /* "Cc:" gets flagged, and the existence of a recipient header is noted,
1655 whether it's resent- or not. */
1660 to_or_cc_header_exists = TRUE;
1664 /* Record whether a Date: or Resent-Date: header exists, as appropriate. */
1667 date_header_exists = !resents_exist || is_resent;
1670 /* Same comments as about Return-Path: below. */
1672 case htype_delivery_date:
1673 if (delivery_date_remove) h->type = htype_old;
1676 /* Same comments as about Return-Path: below. */
1678 case htype_envelope_to:
1679 if (envelope_to_remove) h->type = htype_old;
1682 /* Mark all "From:" headers so they get rewritten. Save the one that is to
1683 be used for Sender: checking. For Sendmail compatibility, if the "From:"
1684 header consists of just the login id of the user who called Exim, rewrite
1685 it with the gecos field first. Apply this rule to Resent-From: if there
1686 are resent- fields. */
1689 h->type = htype_from;
1690 if (!resents_exist || is_resent)
1695 uschar *s = Ustrchr(h->text, ':') + 1;
1696 while (isspace(*s)) s++;
1697 if (strncmpic(s, originator_login, h->slen - (s - h->text) - 1) == 0)
1699 uschar *name = is_resent? US"Resent-From" : US"From";
1700 header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name,
1701 originator_login, qualify_domain_sender);
1702 from_header = header_last;
1703 h->type = htype_old;
1704 DEBUG(D_receive|D_rewrite)
1705 debug_printf("rewrote \"%s:\" header using gecos\n", name);
1711 /* Identify the Message-id: header for generating "in-reply-to" in the
1712 autoreply transport. For incoming logging, save any resent- value. In both
1713 cases, take just the first of any multiples. */
1716 if (msgid_header == NULL && (!resents_exist || is_resent))
1723 /* Flag all Received: headers */
1725 case htype_received:
1726 h->type = htype_received;
1730 /* "Reply-to:" is just noted (there is no resent-reply-to field) */
1732 case htype_reply_to:
1733 h->type = htype_reply_to;
1736 /* The Return-path: header is supposed to be added to messages when
1737 they leave the SMTP system. We shouldn't receive messages that already
1738 contain Return-path. However, since Exim generates Return-path: on
1739 local delivery, resent messages may well contain it. We therefore
1740 provide an option (which defaults on) to remove any Return-path: headers
1741 on input. Removal actually means flagging as "old", which prevents the
1742 header being transmitted with the message. */
1744 case htype_return_path:
1745 if (return_path_remove) h->type = htype_old;
1747 /* If we are testing a mail filter file, use the value of the
1748 Return-Path: header to set up the return_path variable, which is not
1749 otherwise set. However, remove any <> that surround the address
1750 because the variable doesn't have these. */
1752 if (filter_test != NULL)
1754 uschar *start = h->text + 12;
1755 uschar *end = start + Ustrlen(start);
1756 while (isspace(*start)) start++;
1757 while (end > start && isspace(end[-1])) end--;
1758 if (*start == '<' && end[-1] == '>')
1763 return_path = string_copyn(start, end - start);
1764 printf("Return-path taken from \"Return-path:\" header line\n");
1768 /* If there is a "Sender:" header and the message is locally originated,
1769 and from an untrusted caller, or if we are in submission mode for a remote
1770 message, mark it "old" so that it will not be transmitted with the message,
1771 unless active_local_sender_retain is set. (This can only be true if
1772 active_local_from_check is false.) If there are any resent- headers in the
1773 message, apply this rule to Resent-Sender: instead of Sender:. Messages
1774 with multiple resent- header sets cannot be tidily handled. (For this
1775 reason, at least one MUA - Pine - turns old resent- headers into X-resent-
1776 headers when resending, leaving just one set.) */
1779 h->type = ((!active_local_sender_retain &&
1780 ((sender_local && !trusted_caller) || submission_mode)
1782 (!resents_exist||is_resent))?
1783 htype_old : htype_sender;
1786 /* Remember the Subject: header for logging. There is no Resent-Subject */
1792 /* "To:" gets flagged, and the existence of a recipient header is noted,
1793 whether it's resent- or not. */
1798 to_or_cc_header_exists = TRUE;
1804 /* Extract recipients from the headers if that is required (the -t option).
1805 Note that this is documented as being done *before* any address rewriting takes
1806 place. There are two possibilities:
1808 (1) According to sendmail documentation for Solaris, IRIX, and HP-UX, any
1809 recipients already listed are to be REMOVED from the message. Smail 3 works
1810 like this. We need to build a non-recipients tree for that list, because in
1811 subsequent processing this data is held in a tree and that's what the
1812 spool_write_header() function expects. Make sure that non-recipient addresses
1813 are fully qualified and rewritten if necessary.
1815 (2) According to other sendmail documentation, -t ADDS extracted recipients to
1816 those in the command line arguments (and it is rumoured some other MTAs do
1817 this). Therefore, there is an option to make Exim behave this way.
1819 *** Notes on "Resent-" header lines ***
1821 The presence of resent-headers in the message makes -t horribly ambiguous.
1822 Experiments with sendmail showed that it uses recipients for all resent-
1823 headers, totally ignoring the concept of "sets of resent- headers" as described
1824 in RFC 2822 section 3.6.6. Sendmail also amalgamates them into a single set
1825 with all the addresses in one instance of each header.
1827 This seems to me not to be at all sensible. Before release 4.20, Exim 4 gave an
1828 error for -t if there were resent- headers in the message. However, after a
1829 discussion on the mailing list, I've learned that there are MUAs that use
1830 resent- headers with -t, and also that the stuff about sets of resent- headers
1831 and their ordering in RFC 2822 is generally ignored. An MUA that submits a
1832 message with -t and resent- header lines makes sure that only *its* resent-
1833 headers are present; previous ones are often renamed as X-resent- for example.
1835 Consequently, Exim has been changed so that, if any resent- header lines are
1836 present, the recipients are taken from all of the appropriate resent- lines,
1837 and not from the ordinary To:, Cc:, etc. */
1842 error_block **bnext = &bad_addresses;
1844 if (extract_addresses_remove_arguments)
1846 while (recipients_count-- > 0)
1848 uschar *s = rewrite_address(recipients_list[recipients_count].address,
1849 TRUE, TRUE, global_rewrite_rules, rewrite_existflags);
1850 tree_add_nonrecipient(s);
1852 recipients_list = NULL;
1853 recipients_count = recipients_list_max = 0;
1856 parse_allow_group = TRUE; /* Allow address group syntax */
1858 /* Now scan the headers */
1860 for (h = header_list->next; h != NULL; h = h->next)
1862 if ((h->type == htype_to || h->type == htype_cc || h->type == htype_bcc) &&
1863 (!contains_resent_headers || strncmpic(h->text, US"resent-", 7) == 0))
1865 uschar *s = Ustrchr(h->text, ':') + 1;
1866 while (isspace(*s)) s++;
1870 uschar *ss = parse_find_address_end(s, FALSE);
1871 uschar *recipient, *errmess, *p, *pp;
1872 int start, end, domain;
1874 /* Check on maximum */
1876 if (recipients_max > 0 && ++rcount > recipients_max)
1878 give_local_error(ERRMESS_TOOMANYRECIP, US"too many recipients",
1879 US"message rejected: ", error_rc, stdin, NULL);
1880 /* Does not return */
1883 /* Make a copy of the address, and remove any internal newlines. These
1884 may be present as a result of continuations of the header line. The
1885 white space that follows the newline must not be removed - it is part
1888 pp = recipient = store_get(ss - s + 1);
1889 for (p = s; p < ss; p++) if (*p != '\n') *pp++ = *p;
1891 recipient = parse_extract_address(recipient, &errmess, &start, &end,
1894 /* Keep a list of all the bad addresses so we can send a single
1895 error message at the end. However, an empty address is not an error;
1896 just ignore it. This can come from an empty group list like
1898 To: Recipients of list:;
1900 If there are no recipients at all, an error will occur later. */
1902 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1904 int len = Ustrlen(s);
1905 error_block *b = store_get(sizeof(error_block));
1906 while (len > 0 && isspace(s[len-1])) len--;
1908 b->text1 = string_printing(string_copyn(s, len));
1914 /* If the recipient is already in the nonrecipients tree, it must
1915 have appeared on the command line with the option extract_addresses_
1916 remove_arguments set. Do not add it to the recipients, and keep a note
1917 that this has happened, in order to give a better error if there are
1918 no recipients left. */
1920 else if (recipient != NULL)
1922 if (tree_search(tree_nonrecipients, recipient) == NULL)
1923 receive_add_recipient(recipient, -1);
1925 extracted_ignored = TRUE;
1928 /* Move on past this address */
1930 s = ss + (*ss? 1:0);
1931 while (isspace(*s)) s++;
1934 /* If this was the bcc: header, mark it "old", which means it
1935 will be kept on the spool, but not transmitted as part of the
1938 if (h->type == htype_bcc)
1940 h->type = htype_old;
1942 bcc_header_exists = FALSE;
1945 } /* For appropriate header line */
1946 } /* For each header line */
1948 parse_allow_group = FALSE; /* Reset group syntax flags */
1949 parse_found_group = FALSE;
1952 /* Now build the unique message id. This has changed several times over the
1953 lifetime of Exim. This description was rewritten for Exim 4.14 (February 2003).
1954 Retaining all the history in the comment has become too unwieldy - read
1955 previous release sources if you want it.
1957 The message ID has 3 parts: tttttt-pppppp-ss. Each part is a number in base 62.
1958 The first part is the current time, in seconds. The second part is the current
1959 pid. Both are large enough to hold 32-bit numbers in base 62. The third part
1960 can hold a number in the range 0-3843. It used to be a computed sequence
1961 number, but is now the fractional component of the current time in units of
1962 1/2000 of a second (i.e. a value in the range 0-1999). After a message has been
1963 received, Exim ensures that the timer has ticked at the appropriate level
1964 before proceeding, to avoid duplication if the pid happened to be re-used
1965 within the same time period. It seems likely that most messages will take at
1966 least half a millisecond to be received, so no delay will normally be
1967 necessary. At least for some time...
1969 There is a modification when localhost_number is set. Formerly this was allowed
1970 to be as large as 255. Now it is restricted to the range 0-16, and the final
1971 component of the message id becomes (localhost_number * 200) + fractional time
1972 in units of 1/200 of a second (i.e. a value in the range 0-3399).
1974 Some not-really-Unix operating systems use case-insensitive file names (Darwin,
1975 Cygwin). For these, we have to use base 36 instead of base 62. Luckily, this
1976 still allows the tttttt field to hold a large enough number to last for some
1977 more decades, and the final two-digit field can hold numbers up to 1295, which
1978 is enough for milliseconds (instead of 1/2000 of a second).
1980 However, the pppppp field cannot hold a 32-bit pid, but it can hold a 31-bit
1981 pid, so it is probably safe because pids have to be positive. The
1982 localhost_number is restricted to 0-10 for these hosts, and when it is set, the
1983 final field becomes (localhost_number * 100) + fractional time in centiseconds.
1985 Note that string_base62() returns its data in a static storage block, so it
1986 must be copied before calling string_base62() again. It always returns exactly
1989 There doesn't seem to be anything in the RFC which requires a message id to
1990 start with a letter, but Smail was changed to ensure this. The external form of
1991 the message id (as supplied by string expansion) therefore starts with an
1992 additional leading 'E'. The spool file names do not include this leading
1993 letter and it is not used internally.
1995 NOTE: If ever the format of message ids is changed, the regular expression for
1996 checking that a string is in this format must be updated in a corresponding
1997 way. It appears in the initializing code in exim.c. The macro MESSAGE_ID_LENGTH
1998 must also be changed to reflect the correct string length. Then, of course,
1999 other programs that rely on the message id format will need updating too. */
2001 Ustrncpy(message_id, string_base62((long int)(message_id_tv.tv_sec)), 6);
2002 message_id[6] = '-';
2003 Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6);
2005 /* Deal with the case where the host number is set. The value of the number was
2006 checked when it was read, to ensure it isn't too big. The timing granularity is
2007 left in id_resolution so that an appropriate wait can be done after receiving
2008 the message, if necessary (we hope it won't be). */
2010 if (host_number_string != NULL)
2012 id_resolution = (BASE_62 == 62)? 5000 : 10000;
2013 sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
2014 string_base62((long int)(
2015 host_number * (1000000/id_resolution) +
2016 message_id_tv.tv_usec/id_resolution)) + 4);
2019 /* Host number not set: final field is just the fractional time at an
2020 appropriate resolution. */
2024 id_resolution = (BASE_62 == 62)? 500 : 1000;
2025 sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
2026 string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4);
2029 /* Add the current message id onto the current process info string if
2032 (void)string_format(process_info + process_info_len,
2033 PROCESS_INFO_SIZE - process_info_len, " id=%s", message_id);
2035 /* If we are using multiple input directories, set up the one for this message
2036 to be the least significant base-62 digit of the time of arrival. Otherwise
2037 ensure that it is an empty string. */
2039 message_subdir[0] = split_spool_directory? message_id[5] : 0;
2041 /* Now that we have the message-id, if there is no message-id: header, generate
2042 one, but only for local or submission mode messages. This can be
2043 user-configured if required, but we had better flatten any illegal characters
2046 if (msgid_header == NULL && (sender_host_address == NULL || submission_mode))
2049 uschar *id_text = US"";
2050 uschar *id_domain = primary_hostname;
2052 /* Permit only letters, digits, dots, and hyphens in the domain */
2054 if (message_id_domain != NULL)
2056 uschar *new_id_domain = expand_string(message_id_domain);
2057 if (new_id_domain == NULL)
2059 if (!expand_string_forcedfail)
2060 log_write(0, LOG_MAIN|LOG_PANIC,
2061 "expansion of \"%s\" (message_id_header_domain) "
2062 "failed: %s", message_id_domain, expand_string_message);
2064 else if (*new_id_domain != 0)
2066 id_domain = new_id_domain;
2067 for (p = id_domain; *p != 0; p++)
2068 if (!isalnum(*p) && *p != '.') *p = '-'; /* No need to test '-' ! */
2072 /* Permit all characters except controls and RFC 2822 specials in the
2073 additional text part. */
2075 if (message_id_text != NULL)
2077 uschar *new_id_text = expand_string(message_id_text);
2078 if (new_id_text == NULL)
2080 if (!expand_string_forcedfail)
2081 log_write(0, LOG_MAIN|LOG_PANIC,
2082 "expansion of \"%s\" (message_id_header_text) "
2083 "failed: %s", message_id_text, expand_string_message);
2085 else if (*new_id_text != 0)
2087 id_text = new_id_text;
2088 for (p = id_text; *p != 0; p++)
2089 if (mac_iscntrl_or_special(*p)) *p = '-';
2093 /* Add the header line */
2095 header_add(htype_id, "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix,
2096 message_id_external, (*id_text == 0)? "" : ".", id_text, id_domain);
2099 /* If we are to log recipients, keep a copy of the raw ones before any possible
2100 rewriting. Must copy the count, because later ACLs and the local_scan()
2101 function may mess with the real recipients. */
2103 if ((log_extra_selector & LX_received_recipients) != 0)
2105 raw_recipients = store_get(recipients_count * sizeof(uschar *));
2106 for (i = 0; i < recipients_count; i++)
2107 raw_recipients[i] = string_copy(recipients_list[i].address);
2108 raw_recipients_count = recipients_count;
2111 /* Ensure the recipients list is fully qualified and rewritten. Unqualified
2112 recipients will get here only if the conditions were right (allow_unqualified_
2113 recipient is TRUE). */
2115 for (i = 0; i < recipients_count; i++)
2116 recipients_list[i].address =
2117 rewrite_address(recipients_list[i].address, TRUE, TRUE,
2118 global_rewrite_rules, rewrite_existflags);
2120 /* If there is no From: header, generate one for local or submission_mode
2121 messages. If there is no sender address, but the sender is local or this is a
2122 local delivery error, use the originator login. This shouldn't happen for
2123 genuine bounces, but might happen for autoreplies. The addition of From: must
2124 be done *before* checking for the possible addition of a Sender: header,
2125 because untrusted_set_sender allows an untrusted user to set anything in the
2126 envelope (which might then get info From:) but we still want to ensure a valid
2127 Sender: if it is required. */
2129 if (from_header == NULL && (sender_host_address == NULL || submission_mode))
2131 /* Envelope sender is empty */
2133 if (sender_address[0] == 0)
2135 if (sender_local || local_error_message)
2137 header_add(htype_from, "%sFrom: %s%s%s@%s%s\n", resent_prefix,
2139 (originator_name[0] == 0)? "" : " <",
2140 local_part_quote(originator_login),
2141 qualify_domain_sender,
2142 (originator_name[0] == 0)? "" : ">");
2144 else if (submission_mode && authenticated_id != NULL)
2146 if (submission_domain == NULL)
2148 header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
2149 local_part_quote(authenticated_id), qualify_domain_sender);
2151 else if (submission_domain[0] == 0) /* empty => whole address set */
2153 header_add(htype_from, "%sFrom: %s\n", resent_prefix,
2158 header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
2159 local_part_quote(authenticated_id), submission_domain);
2161 from_header = header_last; /* To get it checked for Sender: */
2165 /* There is a non-null envelope sender. Build the header using the original
2166 sender address, before any rewriting that might have been done while
2171 if (!smtp_input || sender_local)
2172 header_add(htype_from, "%sFrom: %s%s%s%s\n",
2173 resent_prefix, originator_name,
2174 (originator_name[0] == 0)? "" : " <",
2175 (sender_address_unrewritten == NULL)?
2176 sender_address : sender_address_unrewritten,
2177 (originator_name[0] == 0)? "" : ">");
2179 header_add(htype_from, "%sFrom: %s\n", resent_prefix, sender_address);
2181 from_header = header_last; /* To get it checked for Sender: */
2186 /* If the sender is local, or if we are in submission mode and there is an
2187 authenticated_id, check that an existing From: is correct, and if not, generate
2188 a Sender: header, unless disabled. Any previously-existing Sender: header was
2189 removed above. Note that sender_local, as well as being TRUE if the caller of
2190 exim is not trusted, is also true if a trusted caller did not supply a -f
2191 argument for non-smtp input. To allow trusted callers to forge From: without
2192 supplying -f, we have to test explicitly here. If the From: header contains
2193 more than one address, then the call to parse_extract_address fails, and a
2194 Sender: header is inserted, as required. */
2196 if (from_header != NULL &&
2197 (active_local_from_check &&
2198 ((sender_local && !trusted_caller) ||
2199 (submission_mode && authenticated_id != NULL))
2202 BOOL make_sender = TRUE;
2203 int start, end, domain;
2205 uschar *from_address =
2206 parse_extract_address(Ustrchr(from_header->text, ':') + 1, &errmess,
2207 &start, &end, &domain, FALSE);
2208 uschar *generated_sender_address;
2210 if (submission_mode)
2212 if (submission_domain == NULL)
2214 generated_sender_address = string_sprintf("%s@%s",
2215 local_part_quote(authenticated_id), qualify_domain_sender);
2217 else if (submission_domain[0] == 0) /* empty => full address */
2219 generated_sender_address = string_sprintf("%s",
2224 generated_sender_address = string_sprintf("%s@%s",
2225 local_part_quote(authenticated_id), submission_domain);
2229 generated_sender_address = string_sprintf("%s@%s",
2230 local_part_quote(originator_login), qualify_domain_sender);
2232 /* Remove permitted prefixes and suffixes from the local part of the From:
2233 address before doing the comparison with the generated sender. */
2235 if (from_address != NULL)
2238 uschar *at = (domain == 0)? NULL : from_address + domain - 1;
2240 if (at != NULL) *at = 0;
2241 from_address += route_check_prefix(from_address, local_from_prefix);
2242 slen = route_check_suffix(from_address, local_from_suffix);
2245 memmove(from_address+slen, from_address, Ustrlen(from_address)-slen);
2246 from_address += slen;
2248 if (at != NULL) *at = '@';
2250 if (strcmpic(generated_sender_address, from_address) == 0 ||
2251 (domain == 0 && strcmpic(from_address, originator_login) == 0))
2252 make_sender = FALSE;
2255 /* We have to cause the Sender header to be rewritten if there are
2256 appropriate rewriting rules. */
2260 if (submission_mode)
2261 header_add(htype_sender, "%sSender: %s\n", resent_prefix,
2262 generated_sender_address);
2264 header_add(htype_sender, "%sSender: %s <%s>\n",
2265 resent_prefix, originator_name, generated_sender_address);
2270 /* If there are any rewriting rules, apply them to the sender address, unless
2271 it has already been rewritten as part of verification for SMTP input. */
2273 if (global_rewrite_rules != NULL && sender_address_unrewritten == NULL &&
2274 sender_address[0] != 0)
2276 sender_address = rewrite_address(sender_address, FALSE, TRUE,
2277 global_rewrite_rules, rewrite_existflags);
2278 DEBUG(D_receive|D_rewrite)
2279 debug_printf("rewritten sender = %s\n", sender_address);
2283 /* The headers must be run through rewrite_header(), because it ensures that
2284 addresses are fully qualified, as well as applying any rewriting rules that may
2287 Qualification of header addresses in a message from a remote host happens only
2288 if the host is in sender_unqualified_hosts or recipient_unqualified hosts, as
2289 appropriate. For local messages, qualification always happens, unless -bnq is
2290 used to explicitly suppress it. No rewriting is done for an unqualified address
2291 that is left untouched.
2293 We start at the second header, skipping our own Received:. This rewriting is
2294 documented as happening *after* recipient addresses are taken from the headers
2295 by the -t command line option. An added Sender: gets rewritten here. */
2297 for (h = header_list->next; h != NULL; h = h->next)
2299 header_line *newh = rewrite_header(h, NULL, NULL, global_rewrite_rules,
2300 rewrite_existflags, TRUE);
2301 if (newh != NULL) h = newh;
2305 /* An RFC 822 (sic) message is not legal unless it has at least one of "to",
2306 "cc", or "bcc". Note that although the minimal examples in RFC822 show just
2307 "to" or "bcc", the full syntax spec allows "cc" as well. If any resent- header
2308 exists, this applies to the set of resent- headers rather than the normal set.
2310 The requirement for a recipient header has been removed in RFC 2822. Earlier
2311 versions of Exim added a To: header for locally submitted messages, and an
2312 empty Bcc: header for others or when always_bcc was set. In the light of the
2313 changes in RFC 2822, we now always add Bcc: just in case there are still MTAs
2314 out there that insist on the RFC 822 syntax.
2316 November 2003: While generally revising what Exim does to fix up headers, it
2317 seems like a good time to remove this altogether. */
2320 if (!to_or_cc_header_exists && !bcc_header_exists)
2321 header_add(htype_bcc, "Bcc:\n");
2324 /* If there is no date header, generate one if the message originates locally
2325 (i.e. not over TCP/IP) or the submission mode flag is set. Messages without
2326 Date: are not valid, but it seems to be more confusing if Exim adds one to
2327 all remotely-originated messages. */
2329 if (!date_header_exists && (sender_host_address == NULL || submission_mode))
2330 header_add(htype_other, "%sDate: %s\n", resent_prefix, tod_stamp(tod_full));
2332 search_tidyup(); /* Free any cached resources */
2334 /* Show the complete set of headers if debugging. Note that the first one (the
2335 new Received:) has not yet been set. */
2339 debug_printf(">>Headers after rewriting and local additions:\n");
2340 for (h = header_list->next; h != NULL; h = h->next)
2341 debug_printf("%c %s", h->type, h->text);
2345 /* The headers are now complete in store. If we are running in filter
2346 testing mode, that is all this function does. Return TRUE if the message
2347 ended with a dot. */
2349 if (filter_test != NULL)
2351 process_info[process_info_len] = 0;
2352 return message_ended == END_DOT;
2355 /* Open a new spool file for the data portion of the message. We need
2356 to access it both via a file descriptor and a stream. Try to make the
2357 directory if it isn't there. Note re use of sprintf: spool_directory
2358 is checked on input to be < 200 characters long. */
2360 sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, message_subdir,
2362 data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
2365 if (errno == ENOENT)
2368 sprintf(CS temp, "input/%s", message_subdir);
2369 if (message_subdir[0] == 0) temp[5] = 0;
2370 (void)directory_make(spool_directory, temp, INPUT_DIRECTORY_MODE, TRUE);
2371 data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
2374 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to create spool file %s: %s",
2375 spool_name, strerror(errno));
2378 /* Make sure the file's group is the Exim gid, and double-check the mode
2379 because the group setting doesn't always get set automatically. */
2381 fchown(data_fd, exim_uid, exim_gid);
2382 fchmod(data_fd, SPOOL_MODE);
2384 /* We now have data file open. Build a stream for it and lock it. We lock only
2385 the first line of the file (containing the message ID) because otherwise there
2386 are problems when Exim is run under Cygwin (I'm told). See comments in
2387 spool_in.c, where the same locking is done. */
2389 data_file = fdopen(data_fd, "w+");
2390 lock_data.l_type = F_WRLCK;
2391 lock_data.l_whence = SEEK_SET;
2392 lock_data.l_start = 0;
2393 lock_data.l_len = SPOOL_DATA_START_OFFSET;
2395 if (fcntl(data_fd, F_SETLK, &lock_data) < 0)
2396 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Cannot lock %s (%d): %s", spool_name,
2397 errno, strerror(errno));
2399 /* We have an open, locked data file. Write the message id to it to make it
2400 self-identifying. Then read the remainder of the input of this message and
2401 write it to the data file. If the variable next != NULL, it contains the first
2402 data line (which was read as a header but then turned out not to have the right
2403 format); write it (remembering that it might contain binary zeros). The result
2404 of fwrite() isn't inspected; instead we call ferror() below. */
2406 fprintf(data_file, "%s-D\n", message_id);
2409 uschar *s = next->text;
2410 int len = next->slen;
2411 fwrite(s, 1, len, data_file);
2412 body_linecount++; /* Assumes only 1 line */
2415 /* Note that we might already be at end of file, or the logical end of file
2416 (indicated by '.'), or might have encountered an error while writing the
2417 message id or "next" line. */
2419 if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT)
2423 message_ended = read_message_data_smtp(data_file);
2424 receive_linecount++; /* The terminating "." line */
2426 else message_ended = read_message_data(data_file);
2428 receive_linecount += body_linecount; /* For BSMTP errors mainly */
2430 /* Handle premature termination of SMTP */
2432 if (smtp_input && message_ended == END_EOF)
2434 Uunlink(spool_name); /* Lose data file when closed */
2435 message_id[0] = 0; /* Indicate no message accepted */
2436 smtp_reply = handle_lost_connection(US"");
2438 goto TIDYUP; /* Skip to end of function */
2441 /* Handle message that is too big. Don't use host_or_ident() in the log
2442 message; we want to see the ident value even for non-remote messages. */
2444 if (message_ended == END_SIZE)
2446 Uunlink(spool_name); /* Lose the data file when closed */
2447 if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
2449 log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
2450 "message too big: read=%d max=%d",
2452 (sender_fullhost == NULL)? "" : " H=",
2453 (sender_fullhost == NULL)? US"" : sender_fullhost,
2454 (sender_ident == NULL)? "" : " U=",
2455 (sender_ident == NULL)? US"" : sender_ident,
2457 thismessage_size_limit);
2461 smtp_reply = US"552 Message size exceeds maximum permitted";
2462 message_id[0] = 0; /* Indicate no message accepted */
2463 goto TIDYUP; /* Skip to end of function */
2467 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2468 give_local_error(ERRMESS_TOOBIG,
2469 string_sprintf("message too big (max=%d)", thismessage_size_limit),
2470 US"message rejected: ", error_rc, data_file, header_list);
2471 /* Does not return */
2476 /* Restore the standard SIGALRM handler for any subsequent processing. (For
2477 example, there may be some expansion in an ACL that uses a timer.) */
2479 os_non_restarting_signal(SIGALRM, sigalrm_handler);
2481 /* The message body has now been read into the data file. Call fflush() to
2482 empty the buffers in C, and then call fsync() to get the data written out onto
2483 the disk, as fflush() doesn't do this (or at least, it isn't documented as
2484 having to do this). If there was an I/O error on either input or output,
2485 attempt to send an error message, and unlink the spool file. For non-SMTP input
2486 we can then give up. Note that for SMTP input we must swallow the remainder of
2487 the input in cases of output errors, since the far end doesn't expect to see
2488 anything until the terminating dot line is sent. */
2490 if (fflush(data_file) == EOF || ferror(data_file) ||
2491 fsync(fileno(data_file)) < 0 || (receive_ferror)())
2493 uschar *msg_errno = US strerror(errno);
2494 BOOL input_error = (receive_ferror)() != 0;
2495 uschar *msg = string_sprintf("%s error (%s) while receiving message from %s",
2496 input_error? "Input read" : "Spool write",
2498 (sender_fullhost != NULL)? sender_fullhost : sender_ident);
2500 log_write(0, LOG_MAIN, "Message abandoned: %s", msg);
2501 Uunlink(spool_name); /* Lose the data file */
2506 smtp_reply = US"451 Error while reading input data";
2509 smtp_reply = US"451 Error while writing spool file";
2510 receive_swallow_smtp();
2512 message_id[0] = 0; /* Indicate no message accepted */
2513 goto TIDYUP; /* Skip to end of function */
2518 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2519 give_local_error(ERRMESS_IOERR, msg, US"", error_rc, data_file,
2521 /* Does not return */
2526 /* No I/O errors were encountered while writing the data file. */
2528 DEBUG(D_receive) debug_printf("Data file written for message %s\n", message_id);
2531 /* If there were any bad addresses extracted by -t, or there were no recipients
2532 left after -t, send a message to the sender of this message, or write it to
2533 stderr if the error handling option is set that way. Note that there may
2534 legitimately be no recipients for an SMTP message if they have all been removed
2537 We need to rewind the data file in order to read it. In the case of no
2538 recipients or stderr error writing, throw the data file away afterwards, and
2539 exit. (This can't be SMTP, which always ensures there's at least one
2540 syntactically good recipient address.) */
2542 if (extract_recip && (bad_addresses != NULL || recipients_count == 0))
2546 if (recipients_count == 0) debug_printf("*** No recipients\n");
2547 if (bad_addresses != NULL)
2549 error_block *eblock = bad_addresses;
2550 debug_printf("*** Bad address(es)\n");
2551 while (eblock != NULL)
2553 debug_printf(" %s: %s\n", eblock->text1, eblock->text2);
2554 eblock = eblock->next;
2559 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2561 /* If configured to send errors to the sender, but this fails, force
2562 a failure error code. We use a special one for no recipients so that it
2563 can be detected by the autoreply transport. Otherwise error_rc is set to
2564 errors_sender_rc, which is EXIT_FAILURE unless -oee was given, in which case
2565 it is EXIT_SUCCESS. */
2567 if (error_handling == ERRORS_SENDER)
2569 if (!moan_to_sender(
2570 (bad_addresses == NULL)?
2571 (extracted_ignored? ERRMESS_IGADDRESS : ERRMESS_NOADDRESS) :
2572 (recipients_list == NULL)? ERRMESS_BADNOADDRESS : ERRMESS_BADADDRESS,
2573 bad_addresses, header_list, data_file, FALSE))
2574 error_rc = (bad_addresses == NULL)? EXIT_NORECIPIENTS : EXIT_FAILURE;
2578 if (bad_addresses == NULL)
2580 if (extracted_ignored)
2581 fprintf(stderr, "exim: all -t recipients overridden by command line\n");
2583 fprintf(stderr, "exim: no recipients in message\n");
2587 fprintf(stderr, "exim: invalid address%s",
2588 (bad_addresses->next == NULL)? ":" : "es:\n");
2589 while (bad_addresses != NULL)
2591 fprintf(stderr, " %s: %s\n", bad_addresses->text1,
2592 bad_addresses->text2);
2593 bad_addresses = bad_addresses->next;
2598 if (recipients_count == 0 || error_handling == ERRORS_STDERR)
2600 Uunlink(spool_name);
2602 exim_exit(error_rc);
2606 /* Data file successfully written. Generate text for the Received: header by
2607 expanding the configured string, and adding a timestamp. By leaving this
2608 operation till now, we ensure that the timestamp is the time that message
2609 reception was completed. However, this is deliberately done before calling the
2610 data ACL and local_scan().
2612 This Received: header may therefore be inspected by the data ACL and by code in
2613 the local_scan() function. When they have run, we update the timestamp to be
2614 the final time of reception.
2616 If there is just one recipient, set up its value in the $received_for variable
2617 for use when we generate the Received: header.
2619 Note: the checking for too many Received: headers is handled by the delivery
2622 timestamp = expand_string(US"${tod_full}");
2623 if (recipients_count == 1) received_for = recipients_list[0].address;
2624 received = expand_string(received_header_text);
2625 received_for = NULL;
2627 if (received == NULL)
2629 Uunlink(spool_name); /* Lose the data file */
2630 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
2631 "(received_header_text) failed: %s", string_printing(received_header_text),
2632 expand_string_message);
2635 /* The first element on the header chain is reserved for the Received header,
2636 so all we have to do is fill in the text pointer, and set the type. However, if
2637 the result of the expansion is an empty string, we leave the header marked as
2638 "old" so as to refrain from adding a Received header. */
2640 if (received[0] == 0)
2642 received_header->text = string_sprintf("Received: ; %s\n", timestamp);
2643 received_header->type = htype_old;
2647 received_header->text = string_sprintf("%s; %s\n", received, timestamp);
2648 received_header->type = htype_received;
2651 received_header->slen = Ustrlen(received_header->text);
2653 DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
2654 received_header->type, received_header->text);
2656 /* Set the value of message_body_size for the DATA ACL and for local_scan() */
2658 message_body_size = (fstat(data_fd, &statbuf) == 0)?
2659 statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
2661 /* If an ACL from any RCPT commands set up any warning headers to add, do so
2662 now, before running the DATA ACL. */
2664 add_acl_headers(US"MAIL or RCPT");
2666 /* If an ACL is specified for checking things at this stage of reception of a
2667 message, run it, unless all the recipients were removed by "discard" in earlier
2668 ACLs. That is the only case in which recipients_count can be zero at this
2669 stage. Set deliver_datafile to point to the data file so that $message_body and
2670 $message_body_end can be extracted if needed. Allow $recipients in expansions.
2673 deliver_datafile = data_fd;
2675 if (recipients_count == 0)
2677 blackholed_by = recipients_discarded? US"MAIL ACL" : US"RCPT ACL";
2681 enable_dollar_recipients = TRUE;
2683 /* Handle interactive SMTP messages */
2685 if (smtp_input && !smtp_batched_input)
2687 if (acl_smtp_data != NULL && recipients_count > 0)
2689 uschar *user_msg, *log_msg;
2690 rc = acl_check(ACL_WHERE_DATA, NULL, acl_smtp_data, &user_msg, &log_msg);
2691 add_acl_headers(US"DATA");
2694 recipients_count = 0;
2695 blackholed_by = US"DATA ACL";
2699 Uunlink(spool_name);
2700 if (smtp_handle_acl_fail(ACL_WHERE_DATA, rc, user_msg, log_msg) != 0)
2701 smtp_yield = FALSE; /* No more messsages after dropped connection */
2702 smtp_reply = US""; /* Indicate reply already sent */
2703 message_id[0] = 0; /* Indicate no message accepted */
2704 goto TIDYUP; /* Skip to end of function */
2709 /* Handle non-SMTP and batch SMTP (i.e. non-interactive) messages. Note that
2710 we cannot take different actions for permanent and temporary rejections. */
2712 else if (acl_not_smtp != NULL)
2714 uschar *user_msg, *log_msg;
2715 rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
2718 recipients_count = 0;
2719 blackholed_by = US"non-SMTP ACL";
2723 Uunlink(spool_name);
2724 log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
2725 sender_address, log_msg);
2726 if (user_msg == NULL) user_msg = US"local configuration problem";
2727 if (smtp_batched_input)
2729 moan_smtp_batch(NULL, "%d %s", 550, user_msg);
2730 /* Does not return */
2734 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2735 give_local_error(ERRMESS_LOCAL_ACL, user_msg,
2736 US"message rejected by non-SMTP ACL: ", error_rc, data_file,
2738 /* Does not return */
2741 add_acl_headers(US"non-SMTP");
2744 if (deliver_freeze) frozen_by = US"ACL"; /* for later logging */
2745 if (queue_only_policy) queued_by = US"ACL";
2747 enable_dollar_recipients = FALSE;
2750 /* The final check on the message is to run the scan_local() function. The
2751 version supplied with Exim always accepts, but this is a hook for sysadmins to
2752 supply their own checking code. The local_scan() function is run even when all
2753 the recipients have been discarded. */
2755 lseek(data_fd, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2757 /* Arrange to catch crashes in local_scan(), so that the -D file gets
2758 deleted, and the incident gets logged. */
2760 os_non_restarting_signal(SIGSEGV, local_scan_crash_handler);
2761 os_non_restarting_signal(SIGFPE, local_scan_crash_handler);
2762 os_non_restarting_signal(SIGILL, local_scan_crash_handler);
2763 os_non_restarting_signal(SIGBUS, local_scan_crash_handler);
2765 DEBUG(D_receive) debug_printf("calling local_scan(); timeout=%d\n",
2766 local_scan_timeout);
2767 local_scan_data = NULL;
2769 os_non_restarting_signal(SIGALRM, local_scan_timeout_handler);
2770 if (local_scan_timeout > 0) alarm(local_scan_timeout);
2771 rc = local_scan(data_fd, &local_scan_data);
2773 os_non_restarting_signal(SIGALRM, sigalrm_handler);
2775 store_pool = POOL_MAIN; /* In case changed */
2776 DEBUG(D_receive) debug_printf("local_scan() returned %d %s\n", rc,
2779 os_non_restarting_signal(SIGSEGV, SIG_DFL);
2780 os_non_restarting_signal(SIGFPE, SIG_DFL);
2781 os_non_restarting_signal(SIGILL, SIG_DFL);
2782 os_non_restarting_signal(SIGBUS, SIG_DFL);
2784 /* The length check is paranoia against some runaway code, and also because
2785 (for a success return) lines in the spool file are read into big_buffer. */
2787 if (local_scan_data != NULL)
2789 int len = Ustrlen(local_scan_data);
2790 if (len > LOCAL_SCAN_MAX_RETURN) len = LOCAL_SCAN_MAX_RETURN;
2791 local_scan_data = string_copyn(local_scan_data, len);
2794 if (rc == LOCAL_SCAN_ACCEPT_FREEZE)
2796 if (!deliver_freeze) /* ACL might have already frozen */
2798 deliver_freeze = TRUE;
2799 deliver_frozen_at = time(NULL);
2800 frozen_by = US"local_scan()";
2802 rc = LOCAL_SCAN_ACCEPT;
2804 else if (rc == LOCAL_SCAN_ACCEPT_QUEUE)
2806 if (!queue_only_policy) /* ACL might have already queued */
2808 queue_only_policy = TRUE;
2809 queued_by = US"local_scan()";
2811 rc = LOCAL_SCAN_ACCEPT;
2814 /* Message accepted: remove newlines in local_scan_data because otherwise
2815 the spool file gets corrupted. Ensure that all recipients are qualified. */
2817 if (rc == LOCAL_SCAN_ACCEPT)
2819 if (local_scan_data != NULL)
2822 for (s = local_scan_data; *s != 0; s++) if (*s == '\n') *s = ' ';
2824 for (i = 0; i < recipients_count; i++)
2826 recipient_item *r = recipients_list + i;
2827 r->address = rewrite_address_qualify(r->address, TRUE);
2828 if (r->errors_to != NULL)
2829 r->errors_to = rewrite_address_qualify(r->errors_to, TRUE);
2831 if (recipients_count == 0 && blackholed_by == NULL)
2832 blackholed_by = US"local_scan";
2835 /* Message rejected: newlines permitted in local_scan_data to generate
2836 multiline SMTP responses. */
2840 uschar *istemp = US"";
2846 errmsg = local_scan_data;
2848 Uunlink(spool_name); /* Cancel this message */
2852 log_write(0, LOG_MAIN, "invalid return %d from local_scan(). Temporary "
2853 "rejection given", rc);
2856 case LOCAL_SCAN_REJECT_NOLOGHDR:
2857 log_extra_selector &= ~LX_rejected_header;
2860 case LOCAL_SCAN_REJECT:
2862 if (errmsg == NULL) errmsg = US"Administrative prohibition";
2865 case LOCAL_SCAN_TEMPREJECT_NOLOGHDR:
2866 log_extra_selector &= ~LX_rejected_header;
2869 case LOCAL_SCAN_TEMPREJECT:
2872 if (errmsg == NULL) errmsg = US"Temporary local problem";
2873 istemp = US"temporarily ";
2877 s = string_append(s, &size, &sptr, 2, US"F=",
2878 (sender_address[0] == 0)? US"<>" : sender_address);
2879 s = add_host_info_for_log(s, &size, &sptr);
2882 log_write(0, LOG_MAIN|LOG_REJECT, "%s %srejected by local_scan(): %.256s",
2883 s, istemp, string_printing(errmsg));
2887 if (!smtp_batched_input)
2889 smtp_respond(code, TRUE, errmsg);
2890 message_id[0] = 0; /* Indicate no message accepted */
2891 smtp_reply = US""; /* Indicate reply already sent */
2892 goto TIDYUP; /* Skip to end of function */
2896 moan_smtp_batch(NULL, "%d %s", code, errmsg);
2897 /* Does not return */
2902 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2903 give_local_error(ERRMESS_LOCAL_SCAN, errmsg,
2904 US"message rejected by local scan code: ", error_rc, data_file,
2906 /* Does not return */
2910 /* Reset signal handlers to ignore signals that previously would have caused
2911 the message to be abandoned. */
2913 signal(SIGTERM, SIG_IGN);
2914 signal(SIGINT, SIG_IGN);
2916 /* Ensure the first time flag is set in the newly-received message. */
2918 deliver_firsttime = TRUE;
2920 /* Update the timstamp in our Received: header to account for any time taken by
2921 an ACL or by local_scan(). The new time is the time that all reception
2922 processing is complete. */
2924 timestamp = expand_string(US"${tod_full}");
2925 tslen = Ustrlen(timestamp);
2927 memcpy(received_header->text + received_header->slen - tslen - 1,
2930 /* In MUA wrapper mode, ignore queueing actions set by ACL or local_scan() */
2934 deliver_freeze = FALSE;
2935 queue_only_policy = FALSE;
2938 /* Keep the data file open until we have written the header file, in order to
2939 hold onto the lock. In a -bh run, or if the message is to be blackholed, we
2940 don't write the header file, and we unlink the data file. If writing the header
2941 file fails, we have failed to accept this message. */
2943 if (host_checking || blackholed_by != NULL)
2946 Uunlink(spool_name);
2947 msg_size = 0; /* Compute size for log line */
2948 for (h = header_list; h != NULL; h = h->next)
2949 if (h->type != '*') msg_size += h->slen;
2952 /* Write the -H file */
2956 if ((msg_size = spool_write_header(message_id, SW_RECEIVING, &errmsg)) < 0)
2958 log_write(0, LOG_MAIN, "Message abandoned: %s", errmsg);
2959 Uunlink(spool_name); /* Lose the data file */
2963 smtp_reply = US"451 Error in writing spool file";
2964 message_id[0] = 0; /* Indicate no message accepted */
2969 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2970 give_local_error(ERRMESS_IOERR, errmsg, US"", error_rc, data_file,
2972 /* Does not return */
2978 /* The message has now been successfully received. */
2980 receive_messagecount++;
2982 /* In SMTP sessions we may receive several in one connection. After each one,
2983 we wait for the clock to tick at the level of message-id granularity. This is
2984 so that the combination of time+pid is unique, even on systems where the pid
2985 can be re-used within our time interval. We can't shorten the interval without
2986 re-designing the message-id. See comments above where the message id is
2987 created. This is Something For The Future. */
2989 message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
2990 exim_wait_tick(&message_id_tv, id_resolution);
2992 /* Add data size to written header size. We do not count the initial file name
2993 that is in the file, but we do add one extra for the notional blank line that
2994 precedes the data. This total differs from message_size in that it include the
2995 added Received: header and any other headers that got created locally. */
2998 fstat(data_fd, &statbuf);
3000 msg_size += statbuf.st_size - SPOOL_DATA_START_OFFSET + 1;
3002 /* Generate a "message received" log entry. We do this by building up a dynamic
3003 string as required. Since we commonly want to add two items at a time, use a
3004 macro to simplify the coding. We log the arrival of a new message while the
3005 file is still locked, just in case the machine is *really* fast, and delivers
3006 it first! Include any message id that is in the message - since the syntax of a
3007 message id is actually an addr-spec, we can use the parse routine to canonicize
3012 s = store_get(size);
3014 s = string_append(s, &size, &sptr, 2, US"<= ",
3015 (sender_address[0] == 0)? US"<>" : sender_address);
3016 if (message_reference != NULL)
3017 s = string_append(s, &size, &sptr, 2, US" R=", message_reference);
3019 s = add_host_info_for_log(s, &size, &sptr);
3022 if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
3023 s = string_append(s, &size, &sptr, 2, US" X=", tls_cipher);
3024 if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
3026 s = string_append(s, &size, &sptr, 2, US" CV=",
3027 tls_certificate_verified? "yes":"no");
3028 if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
3029 s = string_append(s, &size, &sptr, 3, US" DN=\"", tls_peerdn, US"\"");
3032 if (sender_host_authenticated != NULL)
3034 s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated);
3035 if (authenticated_id != NULL)
3036 s = string_append(s, &size, &sptr, 2, US":", authenticated_id);
3039 sprintf(CS big_buffer, "%d", msg_size);
3040 s = string_append(s, &size, &sptr, 2, US" S=", big_buffer);
3042 /* If an addr-spec in a message-id contains a quoted string, it can contain
3043 any characters except " \ and CR and so in particular it can contain NL!
3044 Therefore, make sure we use a printing-characters only version for the log.
3045 Also, allow for domain literals in the message id. */
3047 if (msgid_header != NULL)
3050 BOOL save_allow_domain_literals = allow_domain_literals;
3051 allow_domain_literals = TRUE;
3052 old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1,
3053 &errmsg, &start, &end, &domain, FALSE);
3054 allow_domain_literals = save_allow_domain_literals;
3056 s = string_append(s, &size, &sptr, 2, US" id=", string_printing(old_id));
3059 /* If subject logging is turned on, create suitable printing-character
3060 text. By expanding $h_subject: we make use of the MIME decoding. */
3062 if ((log_extra_selector & LX_subject) != 0 && subject_header != NULL)
3065 uschar *p = big_buffer;
3066 uschar *ss = expand_string(US"$h_subject:");
3068 /* Backslash-quote any double quotes or backslashes so as to make a
3069 a C-like string, and turn any non-printers into escape sequences. */
3072 if (*ss != 0) for (i = 0; i < 100 && ss[i] != 0; i++)
3074 if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\';
3079 s = string_append(s, &size, &sptr, 2, US" T=", string_printing(big_buffer));
3082 /* Terminate the string: string_cat() and string_append() leave room, but do
3083 not put the zero in. */
3087 /* While writing to the log, set a flag to cause a call to receive_bomb_out()
3088 if the log cannot be opened. */
3090 receive_call_bombout = TRUE;
3091 log_write(0, LOG_MAIN |
3092 (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
3093 (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
3095 receive_call_bombout = FALSE;
3097 /* Log any control actions taken by an ACL or local_scan(). */
3099 if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
3100 if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
3101 "no immediate delivery: queued by %s", queued_by);
3103 /* Create a message log file if message logs are being used and this message is
3104 not blackholed. Write the reception stuff to it. We used to leave message log
3105 creation until the first delivery, but this has proved confusing for somep
3108 if (message_logs && blackholed_by == NULL)
3112 sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, message_subdir,
3114 fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE);
3116 if (fd < 0 && errno == ENOENT)
3119 sprintf(CS temp, "msglog/%s", message_subdir);
3120 if (message_subdir[0] == 0) temp[6] = 0;
3121 (void)directory_make(spool_directory, temp, MSGLOG_DIRECTORY_MODE, TRUE);
3122 fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE);
3127 log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open message log %s: %s",
3128 spool_name, strerror(errno));
3133 FILE *message_log = fdopen(fd, "a");
3134 if (message_log == NULL)
3136 log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't fdopen message log %s: %s",
3137 spool_name, strerror(errno));
3142 uschar *now = tod_stamp(tod_log);
3143 fprintf(message_log, "%s Received from %s\n", now, s+3);
3144 if (deliver_freeze) fprintf(message_log, "%s frozen by %s\n", now,
3146 if (queue_only_policy) fprintf(message_log,
3147 "%s no immediate delivery: queued by %s\n", now, queued_by);
3148 fclose(message_log);
3153 store_reset(s); /* The store for the main log message can be reused */
3155 /* If the message is frozen, and freeze_tell is set, do the telling. */
3157 if (deliver_freeze && freeze_tell != NULL && freeze_tell[0] != 0)
3159 moan_tell_someone(freeze_tell, NULL, US"Message frozen on arrival",
3160 "Message %s was frozen on arrival by %s.\nThe sender is <%s>.\n",
3161 message_id, frozen_by, sender_address);
3165 /* Either a message has been successfully received and written to the two spool
3166 files, or an error in writing the spool has occurred for an SMTP message, or
3167 an SMTP message has been rejected because of a bad sender. (For a non-SMTP
3168 message we will have already given up because there's no point in carrying on!)
3169 In either event, we must now close (and thereby unlock) the data file. In the
3170 successful case, this leaves the message on the spool, ready for delivery. In
3171 the error case, the spool file will be deleted. Then tidy up store, interact
3172 with an SMTP call if necessary, and return.
3174 A fflush() was done earlier in the expectation that any write errors on the
3175 data file will be flushed(!) out thereby. Nevertheless, it is theoretically
3176 possible for fclose() to fail - but what to do? What has happened to the lock
3180 process_info[process_info_len] = 0; /* Remove message id */
3181 if (data_file != NULL) fclose(data_file); /* Frees the lock */
3183 /* Now reset signal handlers to their defaults */
3185 signal(SIGTERM, SIG_DFL);
3186 signal(SIGINT, SIG_DFL);
3188 /* Tell an SMTP caller the state of play, and arrange to return the SMTP return
3189 value, which defaults TRUE - meaning there may be more incoming messages from
3190 this connection. For non-SMTP callers (where there is only ever one message),
3191 the default is FALSE. */
3197 /* Handle interactive SMTP callers. After several kinds of error, smtp_reply
3198 is set to the response. However, after an ACL error or local_scan() error,
3199 the response has already been sent, and smtp_reply is an empty string to
3202 if (!smtp_batched_input)
3204 if (smtp_reply == NULL)
3206 smtp_printf("250 OK id=%s\r\n", message_id);
3209 "\n**** SMTP testing: that is not a real message id!\n\n");
3211 else if (smtp_reply[0] != 0) smtp_printf("%.1024s\r\n", smtp_reply);
3214 /* For batched SMTP, generate an error message on failure, and do
3215 nothing on success. The function moan_smtp_batch() does not return -
3216 it exits from the program with a non-zero return code. */
3218 else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
3222 /* If blackholing, we can immediately log this message's sad fate. The data
3223 file has already been unlinked, and the header file was never written to disk.
3224 We must now indicate that nothing was received, to prevent a delivery from
3227 if (blackholed_by != NULL)
3229 uschar *detail = (local_scan_data != NULL)?
3230 string_printing(local_scan_data) :
3231 string_sprintf("(%s discarded recipients)", blackholed_by);
3232 log_write(0, LOG_MAIN, "=> blackhole %s", detail);
3233 log_write(0, LOG_MAIN, "Completed");
3237 /* Reset headers so that logging of rejects for a subsequent message doesn't
3238 include them. It is also important to set header_last = NULL before exiting
3239 from this function, as this prevents certain rewrites that might happen during
3240 subsequent verifying (of another incoming message) from trying to add headers
3241 when they shouldn't. */
3243 header_list = header_last = NULL;
3245 return yield; /* TRUE if more messages (SMTP only) */
3248 /* End of receive.c */