1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2015 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* Functions concerned with routing, and the list of generic router options. */
15 /* Generic options for routers, all of which live inside router_instance
16 data blocks and which therefore have the opt_public flag set. */
18 optionlist optionlist_routers[] = {
19 { "*expand_group", opt_stringptr | opt_hidden | opt_public,
20 (void *)(offsetof(router_instance, expand_gid)) },
21 { "*expand_more", opt_stringptr | opt_hidden | opt_public,
22 (void *)(offsetof(router_instance, expand_more)) },
23 { "*expand_unseen", opt_stringptr | opt_hidden | opt_public,
24 (void *)(offsetof(router_instance, expand_unseen)) },
25 { "*expand_user", opt_stringptr | opt_hidden | opt_public,
26 (void *)(offsetof(router_instance, expand_uid)) },
27 { "*set_group", opt_bool | opt_hidden | opt_public,
28 (void *)(offsetof(router_instance, gid_set)) },
29 { "*set_user", opt_bool | opt_hidden | opt_public,
30 (void *)(offsetof(router_instance, uid_set)) },
31 { "address_data", opt_stringptr|opt_public,
32 (void *)(offsetof(router_instance, address_data)) },
33 { "address_test", opt_bool|opt_public,
34 (void *)(offsetof(router_instance, address_test)) },
35 #ifdef EXPERIMENTAL_BRIGHTMAIL
36 { "bmi_deliver_alternate", opt_bool | opt_public,
37 (void *)(offsetof(router_instance, bmi_deliver_alternate)) },
38 { "bmi_deliver_default", opt_bool | opt_public,
39 (void *)(offsetof(router_instance, bmi_deliver_default)) },
40 { "bmi_dont_deliver", opt_bool | opt_public,
41 (void *)(offsetof(router_instance, bmi_dont_deliver)) },
42 { "bmi_rule", opt_stringptr|opt_public,
43 (void *)(offsetof(router_instance, bmi_rule)) },
45 { "cannot_route_message", opt_stringptr | opt_public,
46 (void *)(offsetof(router_instance, cannot_route_message)) },
47 { "caseful_local_part", opt_bool | opt_public,
48 (void *)(offsetof(router_instance, caseful_local_part)) },
49 { "check_local_user", opt_bool | opt_public,
50 (void *)(offsetof(router_instance, check_local_user)) },
51 { "condition", opt_stringptr|opt_public|opt_rep_con,
52 (void *)offsetof(router_instance, condition) },
53 { "debug_print", opt_stringptr | opt_public,
54 (void *)offsetof(router_instance, debug_string) },
55 { "disable_logging", opt_bool | opt_public,
56 (void *)offsetof(router_instance, disable_logging) },
57 { "dnssec_request_domains", opt_stringptr|opt_public,
58 (void *)offsetof(router_instance, dnssec.request) },
59 { "dnssec_require_domains", opt_stringptr|opt_public,
60 (void *)offsetof(router_instance, dnssec.require) },
61 { "domains", opt_stringptr|opt_public,
62 (void *)offsetof(router_instance, domains) },
63 { "driver", opt_stringptr|opt_public,
64 (void *)offsetof(router_instance, driver_name) },
65 { "dsn_lasthop", opt_bool|opt_public,
66 (void *)offsetof(router_instance, dsn_lasthop) },
67 { "errors_to", opt_stringptr|opt_public,
68 (void *)(offsetof(router_instance, errors_to)) },
69 { "expn", opt_bool|opt_public,
70 (void *)offsetof(router_instance, expn) },
71 { "fail_verify", opt_bool_verify|opt_hidden|opt_public,
72 (void *)offsetof(router_instance, fail_verify_sender) },
73 { "fail_verify_recipient", opt_bool|opt_public,
74 (void *)offsetof(router_instance, fail_verify_recipient) },
75 { "fail_verify_sender", opt_bool|opt_public,
76 (void *)offsetof(router_instance, fail_verify_sender) },
77 { "fallback_hosts", opt_stringptr|opt_public,
78 (void *)offsetof(router_instance, fallback_hosts) },
79 { "group", opt_expand_gid | opt_public,
80 (void *)(offsetof(router_instance, gid)) },
81 { "headers_add", opt_stringptr|opt_public|opt_rep_str,
82 (void *)offsetof(router_instance, extra_headers) },
83 { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
84 (void *)offsetof(router_instance, remove_headers) },
85 { "ignore_target_hosts",opt_stringptr|opt_public,
86 (void *)offsetof(router_instance, ignore_target_hosts) },
87 { "initgroups", opt_bool | opt_public,
88 (void *)(offsetof(router_instance, initgroups)) },
89 { "local_part_prefix", opt_stringptr|opt_public,
90 (void *)offsetof(router_instance, prefix) },
91 { "local_part_prefix_optional",opt_bool|opt_public,
92 (void *)offsetof(router_instance, prefix_optional) },
93 { "local_part_suffix", opt_stringptr|opt_public,
94 (void *)offsetof(router_instance, suffix) },
95 { "local_part_suffix_optional",opt_bool|opt_public,
96 (void *)offsetof(router_instance, suffix_optional) },
97 { "local_parts", opt_stringptr|opt_public,
98 (void *)offsetof(router_instance, local_parts) },
99 { "log_as_local", opt_bool|opt_public,
100 (void *)offsetof(router_instance, log_as_local) },
101 { "more", opt_expand_bool|opt_public,
102 (void *)offsetof(router_instance, more) },
103 { "pass_on_timeout", opt_bool|opt_public,
104 (void *)offsetof(router_instance, pass_on_timeout) },
105 { "pass_router", opt_stringptr|opt_public,
106 (void *)offsetof(router_instance, pass_router_name) },
107 { "redirect_router", opt_stringptr|opt_public,
108 (void *)offsetof(router_instance, redirect_router_name) },
109 { "require_files", opt_stringptr|opt_public,
110 (void *)offsetof(router_instance, require_files) },
111 { "retry_use_local_part", opt_bool|opt_public,
112 (void *)offsetof(router_instance, retry_use_local_part) },
113 { "router_home_directory", opt_stringptr|opt_public,
114 (void *)offsetof(router_instance, router_home_directory) },
115 { "self", opt_stringptr|opt_public,
116 (void *)(offsetof(router_instance, self)) },
117 { "senders", opt_stringptr|opt_public,
118 (void *)offsetof(router_instance, senders) },
119 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
120 { "translate_ip_address", opt_stringptr|opt_public,
121 (void *)offsetof(router_instance, translate_ip_address) },
123 { "transport", opt_stringptr|opt_public,
124 (void *)offsetof(router_instance, transport_name) },
125 { "transport_current_directory", opt_stringptr|opt_public,
126 (void *)offsetof(router_instance, current_directory) },
127 { "transport_home_directory", opt_stringptr|opt_public,
128 (void *)offsetof(router_instance, home_directory) },
129 { "unseen", opt_expand_bool|opt_public,
130 (void *)offsetof(router_instance, unseen) },
131 { "user", opt_expand_uid | opt_public,
132 (void *)(offsetof(router_instance, uid)) },
133 { "verify", opt_bool_verify|opt_hidden|opt_public,
134 (void *)offsetof(router_instance, verify_sender) },
135 { "verify_only", opt_bool|opt_public,
136 (void *)offsetof(router_instance, verify_only) },
137 { "verify_recipient", opt_bool|opt_public,
138 (void *)offsetof(router_instance, verify_recipient) },
139 { "verify_sender", opt_bool|opt_public,
140 (void *)offsetof(router_instance, verify_sender) }
143 int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist);
147 readconf_options_routers(void)
149 struct router_info * ri;
151 readconf_options_from_list(optionlist_routers, nelem(optionlist_routers), US"ROUTERS", NULL);
153 for (ri = routers_available; ri->driver_name[0]; ri++)
155 macro_create(string_sprintf("_DRIVER_ROUTER_%T", ri->driver_name), US"y", FALSE, TRUE);
156 readconf_options_from_list(ri->options, (unsigned)*ri->options_count, US"ROUTER", ri->driver_name);
160 /*************************************************
161 * Set router pointer from name *
162 *************************************************/
164 /* This function is used for the redirect_router and pass_router options and
165 called from route_init() below.
170 ptr where to put the pointer
171 after TRUE if router must follow this one
177 set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after)
179 BOOL afterthis = FALSE;
182 for (rr = routers; rr; rr = rr->next)
184 if (Ustrcmp(name, rr->name) == 0)
189 if (rr == r) afterthis = TRUE;
193 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
194 "new_router \"%s\" not found for \"%s\" router", name, r->name);
196 if (after && !afterthis)
197 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
198 "new_router \"%s\" does not follow \"%s\" router", name, r->name);
203 /*************************************************
204 * Initialize router list *
205 *************************************************/
207 /* Read the routers section of the configuration file, and set up a chain of
208 router instances according to its contents. Each router has generic options and
209 may also have its own private options. This function is only ever called when
210 routers == NULL. We use generic code in readconf to do the work. It will set
211 values from the configuration file, and then call the driver's initialization
219 readconf_driver_init(US"router",
220 (driver_instance **)(&routers), /* chain anchor */
221 (driver_info *)routers_available, /* available drivers */
222 sizeof(router_info), /* size of info blocks */
223 &router_defaults, /* default values for generic options */
224 sizeof(router_instance), /* size of instance block */
225 optionlist_routers, /* generic options */
226 optionlist_routers_size);
228 for (r = routers; r; r = r->next)
232 /* If log_as_local is unset, its overall default is FALSE. (The accept
233 router defaults it to TRUE.) */
235 if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE;
237 /* Check for transport or no transport on certain routers */
239 if ((r->info->ri_flags & ri_yestransport) != 0 &&
240 r->transport_name == NULL &&
242 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
243 "a transport is required for this router", r->name);
245 if ((r->info->ri_flags & ri_notransport) != 0 &&
246 r->transport_name != NULL)
247 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
248 "a transport must not be defined for this router", r->name);
250 /* The "self" option needs to be decoded into a code value and possibly a
251 new domain string and a rewrite boolean. */
253 if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze;
254 else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer;
255 else if (Ustrcmp(s, "send") == 0) r->self_code = self_send;
256 else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass;
257 else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail;
258 else if (Ustrncmp(s, "reroute:", 8) == 0)
261 while (isspace(*s)) s++;
262 if (Ustrncmp(s, "rewrite:", 8) == 0)
264 r->self_rewrite = TRUE;
266 while (isspace(*s)) s++;
269 r->self_code = self_reroute;
272 else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
273 "%s is not valid for the self option", r->name, s);
275 /* If any router has check_local_user set, default retry_use_local_part
276 TRUE; otherwise its default is FALSE. */
278 if (r->retry_use_local_part == TRUE_UNSET)
279 r->retry_use_local_part = r->check_local_user;
281 /* Build a host list if fallback hosts is set. */
283 host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
285 /* Check redirect_router and pass_router are valid */
287 if (r->redirect_router_name != NULL)
288 set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
290 if (r->pass_router_name != NULL)
291 set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
293 DEBUG(D_route) debug_printf("DSN: %s %s\n", r->name,
294 r->dsn_lasthop ? "lasthop set" : "propagating DSN");
300 /*************************************************
301 * Tidy up after routing *
302 *************************************************/
304 /* Routers are entitled to keep hold of certain resources in their instance
305 blocks so as to save setting them up each time. An example is an open file.
306 Such routers must provide a tidyup entry point which is called when all routing
307 is finished, via this function. */
313 for (r = routers; r; r = r->next)
314 if (r->info->tidyup) (r->info->tidyup)(r);
319 /*************************************************
320 * Check local part for prefix *
321 *************************************************/
323 /* This function is handed a local part and a list of possible prefixes; if any
324 one matches, return the prefix length. A prefix beginning with '*' is a
328 local_part the local part to check
329 prefixes the list of prefixes
331 Returns: length of matching prefix or zero
335 route_check_prefix(const uschar *local_part, const uschar *prefixes)
339 const uschar *listptr = prefixes;
342 while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf))))
344 int plen = Ustrlen(prefix);
345 if (prefix[0] == '*')
349 for (p = local_part + Ustrlen(local_part) - (--plen);
350 p >= local_part; p--)
351 if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part;
354 if (strncmpic(prefix, local_part, plen) == 0) return plen;
362 /*************************************************
363 * Check local part for suffix *
364 *************************************************/
366 /* This function is handed a local part and a list of possible suffixes;
367 if any one matches, return the suffix length. A suffix ending with '*'
371 local_part the local part to check
372 suffixes the list of suffixes
374 Returns: length of matching suffix or zero
378 route_check_suffix(const uschar *local_part, const uschar *suffixes)
381 int alen = Ustrlen(local_part);
383 const uschar *listptr = suffixes;
386 while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf))))
388 int slen = Ustrlen(suffix);
389 if (suffix[slen-1] == '*')
391 const uschar *p, *pend;
392 pend = local_part + alen - (--slen) + 1;
393 for (p = local_part; p < pend; p++)
394 if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part);
397 if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0)
407 /*************************************************
408 * Check local part, domain, or sender *
409 *************************************************/
411 /* The checks in check_router_conditions() require similar code, so we use
412 this function to save repetition.
415 rname router name for error messages
416 type type of check, for error message
417 list domains, local_parts, or senders list
418 anchorptr -> tree for possibly cached items (domains)
419 cache_bits cached bits pointer
420 listtype MCL_DOMAIN for domain check
421 MCL_LOCALPART for local part check
422 MCL_ADDRESS for sender check
423 domloc current domain, current local part, or NULL for sender check
424 ldata where to put lookup data
425 caseless passed on to match_isinlist()
426 perror where to put an error message
428 Returns: OK item is in list
429 SKIP item is not in list, router is to be skipped
430 DEFER lookup or other defer
434 route_check_dls(uschar *rname, uschar *type, const uschar *list,
435 tree_node **anchorptr, unsigned int *cache_bits, int listtype,
436 const uschar *domloc, const uschar **ldata, BOOL caseless, uschar **perror)
438 if (!list) return OK; /* Empty list always succeeds */
440 DEBUG(D_route) debug_printf("checking %s\n", type);
442 /* The domain and local part use the same matching function, whereas sender
446 ? match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype,
448 : match_address_list(sender_address ? sender_address : US"",
449 TRUE, TRUE, &list, cache_bits, -1, 0, CUSS &sender_data)
456 *perror = string_sprintf("%s router skipped: %s mismatch", rname, type);
457 DEBUG(D_route) debug_printf("%s\n", *perror);
460 default: /* Paranoia, and keeps compilers happy */
462 *perror = string_sprintf("%s check lookup or other defer", type);
463 DEBUG(D_route) debug_printf("%s\n", *perror);
470 /*************************************************
471 * Check access by a given uid/gid *
472 *************************************************/
474 /* This function checks whether a given uid/gid has access to a given file or
475 directory. It is called only from check_files() below. This is hopefully a
476 cheapish check that does the job most of the time. Exim does *not* rely on this
477 test when actually accessing any file. The test is used when routing to make it
478 possible to take actions such as "if user x can access file y then run this
481 During routing, Exim is normally running as root, and so the test will work
482 except for NFS non-root mounts. When verifying during message reception, Exim
483 is running as "exim", so the test may not work. This is a limitation of the
486 Code in check_files() below detects the case when it cannot stat() the file (as
487 root), and in that situation it uses a setuid subprocess in which to run this
491 path the path to check
494 bits the bits required in the final component
497 FALSE errno=EACCES or ENOENT (or others from realpath or stat)
501 route_check_access(uschar *path, uid_t uid, gid_t gid, int bits)
505 uschar *rp = US realpath(CS path, CS big_buffer);
508 DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path,
509 (int)uid, (int)gid, bits);
511 if (!rp) return FALSE;
513 while ((slash = Ustrchr(sp, '/')))
516 DEBUG(D_route) debug_printf("stat %s\n", rp);
517 if (Ustat(rp, &statbuf) < 0) return FALSE;
518 if ((statbuf.st_mode &
519 ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001)
529 /* Down to the final component */
531 DEBUG(D_route) debug_printf("stat %s\n", rp);
533 if (Ustat(rp, &statbuf) < 0) return FALSE;
535 if (statbuf.st_uid == uid) bits = bits << 6;
536 else if (statbuf.st_gid == gid) bits = bits << 3;
537 if ((statbuf.st_mode & bits) != bits)
543 DEBUG(D_route) debug_printf("route_check_access() succeeded\n");
549 /*************************************************
550 * Do file existence tests *
551 *************************************************/
553 /* This function is given a colon-separated list of file tests, each of which
554 is expanded before use. A test consists of a file name, optionally preceded by
555 ! (require non-existence) and/or + for handling permission denied (+ means
556 treat as non-existing).
558 An item that contains no slashes is interpreted as a username or id, with an
559 optional group id, for checking access to the file. This cannot be done
560 "perfectly", but it is good enough for a number of applications.
563 s a colon-separated list of file tests or NULL
564 perror a pointer to an anchor for an error text in the case of a DEFER
566 Returns: OK if s == NULL or all tests are as required
567 DEFER if the existence of at least one of the files is
568 unclear (an error other than non-existence occurred);
569 DEFER if an expansion failed
570 DEFER if a name is not absolute
571 DEFER if problems with user/group
576 check_files(const uschar *s, uschar **perror)
578 int sep = 0; /* List has default separators */
579 uid_t uid = 0; /* For picky compilers */
580 gid_t gid = 0; /* For picky compilers */
581 BOOL ugid_set = FALSE;
582 const uschar *listptr;
588 DEBUG(D_route) debug_printf("checking require_files\n");
591 while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer))))
597 uschar *ss = expand_string(check);
601 if (expand_string_forcedfail) continue;
602 *perror = string_sprintf("failed to expand \"%s\" for require_files: %s",
603 check, expand_string_message);
607 /* Empty items are just skipped */
609 if (*ss == 0) continue;
611 /* If there are no slashes in the string, we have a user name or uid, with
612 optional group/gid. */
614 if (Ustrchr(ss, '/') == NULL)
618 uschar *comma = Ustrchr(ss, ',');
620 /* If there's a comma, temporarily terminate the user name/number
621 at that point. Then set the uid. */
623 if (comma != NULL) *comma = 0;
624 ok = route_finduser(ss, &pw, &uid);
625 if (comma != NULL) *comma = ',';
629 *perror = string_sprintf("user \"%s\" for require_files not found", ss);
633 /* If there was no comma, the gid is that associated with the user. */
637 if (pw != NULL) gid = pw->pw_gid; else
639 *perror = string_sprintf("group missing after numerical uid %d for "
640 "require_files", (int)uid);
646 if (!route_findgroup(comma + 1, &gid))
648 *perror = string_sprintf("group \"%s\" for require_files not found\n",
654 /* Note that we have values set, and proceed to next item */
657 debug_printf("check subsequent files for access by %s\n", ss);
662 /* Path, possibly preceded by + and ! */
667 while (isspace((*(++ss))));
673 while (isspace((*(++ss))));
678 *perror = string_sprintf("require_files: \"%s\" is not absolute", ss);
682 /* Stat the file, either as root (while routing) or as exim (while verifying
683 during message reception). */
685 rc = Ustat(ss, &statbuf);
689 debug_printf("file check: %s\n", check);
690 if (ss != check) debug_printf("expanded file: %s\n", ss);
691 debug_printf("stat() yielded %d\n", rc);
694 /* If permission is denied, and we are running as root (i.e. routing for
695 delivery rather than verifying), and the requirement is to test for access by
696 a particular uid/gid, it must mean that the file is on a non-root-mounted NFS
697 system. In this case, we have to use a subprocess that runs as the relevant
698 uid in order to do the test. */
700 if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid)
704 void (*oldsignal)(int);
706 DEBUG(D_route) debug_printf("root is denied access: forking to check "
709 /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so
710 that the child process can be waited for, just in case get here with it set
711 otherwise. Save the old state for resetting on the wait. */
713 oldsignal = signal(SIGCHLD, SIG_DFL);
716 /* If fork() fails, reinstate the original error and behave as if
717 this block of code were not present. This is the same behaviour as happens
718 when Exim is not running as root at this point. */
723 debug_printf("require_files: fork failed: %s\n", strerror(errno));
728 /* In the child process, change uid and gid, and then do the check using
729 the route_check_access() function. This does more than just stat the file;
730 it tests permissions as well. Return 0 for OK and 1 for failure. */
734 exim_setugid(uid, gid, TRUE,
735 string_sprintf("require_files check, file=%s", ss));
736 if (route_check_access(ss, uid, gid, 4)) _exit(0);
737 DEBUG(D_route) debug_printf("route_check_access() failed\n");
741 /* In the parent, wait for the child to finish */
743 while (waitpid(pid, &status, 0) < 0)
745 if (errno != EINTR) /* unexpected error, interpret as failure */
752 signal(SIGCHLD, oldsignal); /* restore */
753 if ((status == 0) == invert) return SKIP;
754 continue; /* to test the next file */
757 /* Control reaches here if the initial stat() succeeds, or fails with an
758 error other than EACCES, or no uid/gid is set, or we are not running as root.
759 If we know the file exists and uid/gid are set, try to check read access for
760 that uid/gid as best we can. */
762 if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4))
764 DEBUG(D_route) debug_printf("route_check_access() failed\n");
768 /* Handle error returns from stat() or route_check_access(). The EACCES error
769 is handled specially. At present, we can force it to be treated as
770 non-existence. Write the code so that it will be easy to add forcing for
771 existence if required later. */
776 DEBUG(D_route) debug_printf("errno = %d\n", errno);
779 if (eacces_code == 1)
781 DEBUG(D_route) debug_printf("EACCES => ENOENT\n");
782 errno = ENOENT; /* Treat as non-existent */
787 *perror = string_sprintf("require_files: error for %s: %s", ss,
793 /* At this point, rc < 0 => non-existence; rc >= 0 => existence */
795 if ((rc >= 0) == invert) return SKIP;
800 /* Come here on any of the errors that return DEFER. */
803 DEBUG(D_route) debug_printf("%s\n", *perror);
811 /*************************************************
812 * Check for router skipping *
813 *************************************************/
815 /* This function performs various checks to see whether a router should be
816 skipped. The order in which they are performed is important.
819 r pointer to router instance block
820 addr address that is being handled
821 verify the verification type
822 pw ptr to ptr to passwd structure for local user
823 perror for lookup errors
825 Returns: OK if all the tests succeed
826 SKIP if router is to be skipped
827 DEFER for a lookup defer
828 FAIL for address to be failed
832 check_router_conditions(router_instance *r, address_item *addr, int verify,
833 struct passwd **pw, uschar **perror)
836 uschar *check_local_part;
837 unsigned int *localpart_cache;
839 /* Reset variables to hold a home directory and data from lookup of a domain or
840 local part, and ensure search_find_defer is unset, in case there aren't any
844 deliver_domain_data = NULL;
845 deliver_localpart_data = NULL;
847 local_user_gid = (gid_t)(-1);
848 local_user_uid = (uid_t)(-1);
849 search_find_defer = FALSE;
851 /* Skip this router if not verifying and it has verify_only set */
853 if ((verify == v_none || verify == v_expn) && r->verify_only)
855 DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name);
859 /* Skip this router if testing an address (-bt) and address_test is not set */
861 if (address_test_mode && !r->address_test)
863 DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n",
868 /* Skip this router if verifying and it hasn't got the appropriate verify flag
871 if ((verify == v_sender && !r->verify_sender) ||
872 (verify == v_recipient && !r->verify_recipient))
874 DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n",
875 r->name, verify, r->verify_sender, r->verify_recipient);
879 /* Skip this router if processing EXPN and it doesn't have expn set */
881 if (verify == v_expn && !r->expn)
883 DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name);
887 /* Skip this router if there's a domain mismatch. */
889 if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor,
890 addr->domain_cache, TRUE, addr->domain, CUSS &deliver_domain_data,
891 MCL_DOMAIN, perror)) != OK)
894 /* Skip this router if there's a local part mismatch. We want to pass over the
895 caseful local part, so that +caseful can restore it, even if this router is
896 handling local parts caselessly. However, we can't just pass cc_local_part,
897 because that doesn't have the prefix or suffix stripped. A bit of massaging is
898 required. Also, we only use the match cache for local parts that have not had
899 a prefix or suffix stripped. */
901 if (!addr->prefix && !addr->suffix)
903 localpart_cache = addr->localpart_cache;
904 check_local_part = addr->cc_local_part;
908 localpart_cache = NULL;
909 check_local_part = string_copy(addr->cc_local_part);
911 check_local_part += Ustrlen(addr->prefix);
913 check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0;
916 if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
917 &localpartlist_anchor, localpart_cache, MCL_LOCALPART,
918 check_local_part, CUSS &deliver_localpart_data,
919 !r->caseful_local_part, perror)) != OK)
922 /* If the check_local_user option is set, check that the local_part is the
923 login of a local user. Note: the third argument to route_finduser() must be
924 NULL here, to prevent a numeric string being taken as a numeric uid. If the
925 user is found, set deliver_home to the home directory, and also set
926 local_user_{uid,gid}. */
928 if (r->check_local_user)
930 DEBUG(D_route) debug_printf("checking for local user\n");
931 if (!route_finduser(addr->local_part, pw, NULL))
933 DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n",
934 r->name, addr->local_part);
937 deliver_home = string_copy(US (*pw)->pw_dir);
938 local_user_gid = (*pw)->pw_gid;
939 local_user_uid = (*pw)->pw_uid;
942 /* Set (or override in the case of check_local_user) the home directory if
943 router_home_directory is set. This is done here so that it overrides $home from
944 check_local_user before any subsequent expansions are done. Otherwise, $home
945 could mean different things for different options, which would be extremely
948 if (r->router_home_directory)
950 uschar *router_home = expand_string(r->router_home_directory);
953 if (!expand_string_forcedfail)
955 *perror = string_sprintf("failed to expand \"%s\" for "
956 "router_home_directory: %s", r->router_home_directory,
957 expand_string_message);
963 setflag(addr, af_home_expanded); /* Note set from router_home_directory */
964 deliver_home = router_home;
968 /* Skip if the sender condition is not met. We leave this one till after the
969 local user check so that $home is set - enabling the possibility of letting
970 individual recipients specify lists of acceptable/unacceptable senders. */
972 if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
973 sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK)
976 /* This is the point at which we print out the router's debugging string if it
977 is set. We wait till here so as to have $home available for local users (and
978 anyway, we don't want too much stuff for skipped routers). */
980 debug_print_string(r->debug_string);
982 /* Perform file existence tests. */
984 if ((rc = check_files(r->require_files, perror)) != OK)
986 DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name,
987 (rc == SKIP)? "skipped" : "deferred");
991 /* Now the general condition test. */
995 DEBUG(D_route) debug_printf("checking \"condition\" \"%.80s\"...\n", r->condition);
996 if (!expand_check_condition(r->condition, r->name, US"router"))
998 if (search_find_defer)
1000 *perror = US"condition check lookup defer";
1001 DEBUG(D_route) debug_printf("%s\n", *perror);
1005 debug_printf("%s router skipped: condition failure\n", r->name);
1010 #ifdef EXPERIMENTAL_BRIGHTMAIL
1011 /* check if a specific Brightmail AntiSpam rule fired on the message */
1014 DEBUG(D_route) debug_printf("checking bmi_rule\n");
1015 if (bmi_check_rule(bmi_base64_verdict, r->bmi_rule) == 0)
1016 { /* none of the rules fired */
1018 debug_printf("%s router skipped: none of bmi_rule rules fired\n", r->name);
1023 /* check if message should not be delivered */
1024 if (r->bmi_dont_deliver && bmi_deliver == 1)
1027 debug_printf("%s router skipped: bmi_dont_deliver is FALSE\n", r->name);
1031 /* check if message should go to an alternate location */
1032 if ( r->bmi_deliver_alternate
1033 && (bmi_deliver == 0 || !bmi_alt_location)
1037 debug_printf("%s router skipped: bmi_deliver_alternate is FALSE\n", r->name);
1041 /* check if message should go to default location */
1042 if ( r->bmi_deliver_default
1043 && (bmi_deliver == 0 || bmi_alt_location)
1047 debug_printf("%s router skipped: bmi_deliver_default is FALSE\n", r->name);
1052 /* All the checks passed. */
1060 /*************************************************
1061 * Find a local user *
1062 *************************************************/
1064 /* Try several times (if configured) to find a local user, in case delays in
1065 NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam()
1066 doesn't have some kind of indication as to why it has failed. If the string
1067 given consists entirely of digits, and the third argument is not NULL, assume
1068 the string is the numerical value of the uid. Otherwise it is looked up using
1069 getpwnam(). The uid is passed back via return_uid, if not NULL, and the
1070 pointer to a passwd structure, if found, is passed back via pw, if not NULL.
1072 Because this may be called several times in succession for the same user for
1073 different routers, cache the result of the previous getpwnam call so that it
1074 can be re-used. Note that we can't just copy the structure, as the store it
1075 points to can get trashed.
1078 s the login name or textual form of the numerical uid of the user
1079 pw if not NULL, return the result of getpwnam here, or set NULL
1080 if no call to getpwnam is made (s numeric, return_uid != NULL)
1081 return_uid if not NULL, return the uid via this address
1083 Returns: TRUE if s is numerical or was looked up successfully
1087 static struct passwd pwcopy;
1088 static struct passwd *lastpw = NULL;
1089 static uschar lastname[48] = { 0 };
1090 static uschar lastdir[128];
1091 static uschar lastgecos[128];
1092 static uschar lastshell[128];
1095 route_finduser(const uschar *s, struct passwd **pw, uid_t *return_uid)
1097 BOOL cache_set = (Ustrcmp(lastname, s) == 0);
1099 DEBUG(D_uid) debug_printf("seeking password data for user \"%s\": %s\n", s,
1100 cache_set? "using cached result" : "cache not available");
1106 if (return_uid && (isdigit(*s) || *s == '-') &&
1107 s[Ustrspn(s+1, "0123456789")+1] == 0)
1109 *return_uid = (uid_t)Uatoi(s);
1114 (void)string_format(lastname, sizeof(lastname), "%s", s);
1116 /* Force failure if string length is greater than given maximum */
1118 if (max_username_length > 0 && Ustrlen(lastname) > max_username_length)
1120 DEBUG(D_uid) debug_printf("forced failure of finduser(): string "
1121 "length of %s is greater than %d\n", lastname, max_username_length);
1125 /* Try a few times if so configured; this handles delays in NIS etc. */
1130 if ((lastpw = getpwnam(CS s))) break;
1131 if (++i > finduser_retries) break;
1137 pwcopy.pw_uid = lastpw->pw_uid;
1138 pwcopy.pw_gid = lastpw->pw_gid;
1139 (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir);
1140 (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos);
1141 (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell);
1142 pwcopy.pw_name = CS lastname;
1143 pwcopy.pw_dir = CS lastdir;
1144 pwcopy.pw_gecos = CS lastgecos;
1145 pwcopy.pw_shell = CS lastshell;
1149 else DEBUG(D_uid) if (errno != 0)
1150 debug_printf("getpwnam(%s) failed: %s\n", s, strerror(errno));
1155 DEBUG(D_uid) debug_printf("getpwnam() returned NULL (user not found)\n");
1159 DEBUG(D_uid) debug_printf("getpwnam() succeeded uid=%d gid=%d\n",
1160 lastpw->pw_uid, lastpw->pw_gid);
1162 if (return_uid) *return_uid = lastpw->pw_uid;
1163 if (pw) *pw = lastpw;
1171 /*************************************************
1172 * Find a local group *
1173 *************************************************/
1175 /* Try several times (if configured) to find a local group, in case delays in
1176 NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam()
1177 doesn't have some kind of indication as to why it has failed.
1180 s the group name or textual form of the numerical gid
1181 return_gid return the gid via this address
1183 Returns: TRUE if the group was found; FALSE otherwise
1188 route_findgroup(uschar *s, gid_t *return_gid)
1193 if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0)
1195 *return_gid = (gid_t)Uatoi(s);
1201 if ((gr = getgrnam(CS s)))
1203 *return_gid = gr->gr_gid;
1206 if (++i > finduser_retries) break;
1216 /*************************************************
1217 * Find user by expanding string *
1218 *************************************************/
1220 /* Expands a string, and then looks up the result in the passwd file.
1223 string the string to be expanded, yielding a login name or a numerical
1224 uid value (to be passed to route_finduser())
1225 driver_name caller name for panic error message (only)
1226 driver_type caller type for panic error message (only)
1227 pw return passwd entry via this pointer
1228 uid return uid via this pointer
1229 errmsg where to point a message on failure
1231 Returns: TRUE if user found, FALSE otherwise
1235 route_find_expanded_user(uschar *string, uschar *driver_name,
1236 uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg)
1238 uschar *user = expand_string(string);
1242 *errmsg = string_sprintf("Failed to expand user string \"%s\" for the "
1243 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1244 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1248 if (route_finduser(user, pw, uid)) return TRUE;
1250 *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string "
1251 "\"%s\" for the %s %s", user, string, driver_name, driver_type);
1252 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1258 /*************************************************
1259 * Find group by expanding string *
1260 *************************************************/
1262 /* Expands a string and then looks up the result in the group file.
1265 string the string to be expanded, yielding a group name or a numerical
1266 gid value (to be passed to route_findgroup())
1267 driver_name caller name for panic error message (only)
1268 driver_type caller type for panic error message (only)
1269 gid return gid via this pointer
1270 errmsg return error message via this pointer
1272 Returns: TRUE if found group, FALSE otherwise
1276 route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type,
1277 gid_t *gid, uschar **errmsg)
1280 uschar *group = expand_string(string);
1284 *errmsg = string_sprintf("Failed to expand group string \"%s\" for the "
1285 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1286 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1290 if (!route_findgroup(group, gid))
1292 *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string "
1293 "\"%s\" for the %s %s", group, string, driver_name, driver_type);
1294 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1303 /*************************************************
1304 * Handle an unseen routing *
1305 *************************************************/
1307 /* This function is called when an address is routed by a router with "unseen"
1308 set. It must make a clone of the address, for handling by subsequent drivers.
1309 The clone is set to start routing at the next router.
1311 The original address must be replaced by an invented "parent" which has the
1312 routed address plus the clone as its children. This is necessary in case the
1313 address is at the top level - we don't want to mark it complete until both
1314 deliveries have been done.
1316 A new unique field must be made, so that the record of the delivery isn't a
1317 record of the original address, and checking for already delivered has
1318 therefore to be done here. If the delivery has happened, then take the base
1319 address off whichever delivery queue it is on - it will always be the top item.
1323 addr address that was routed
1324 paddr_local chain of local-delivery addresses
1325 paddr_remote chain of remote-delivery addresses
1326 addr_new chain for newly created addresses
1332 route_unseen(uschar *name, address_item *addr, address_item **paddr_local,
1333 address_item **paddr_remote, address_item **addr_new)
1335 address_item *parent = deliver_make_addr(addr->address, TRUE);
1336 address_item *new = deliver_make_addr(addr->address, TRUE);
1338 /* The invented parent is a copy that replaces the original; note that
1339 this copies its parent pointer. It has two children, and its errors_address is
1340 from the original address' parent, if present, otherwise unset. */
1343 parent->child_count = 2;
1344 parent->prop.errors_address =
1345 addr->parent ? addr->parent->prop.errors_address : NULL;
1347 /* The routed address gets a new parent. */
1349 addr->parent = parent;
1351 /* The clone has this parent too. Set its errors address from the parent. This
1352 was set from the original parent (or to NULL) - see above. We do NOT want to
1353 take the errors address from the unseen router. */
1355 new->parent = parent;
1356 new->prop.errors_address = parent->prop.errors_address;
1358 /* Copy the propagated flags and address_data from the original. */
1360 copyflag(new, addr, af_propagate);
1361 new->prop.address_data = addr->prop.address_data;
1362 new->dsn_flags = addr->dsn_flags;
1363 new->dsn_orcpt = addr->dsn_orcpt;
1366 /* As it has turned out, we haven't set headers_add or headers_remove for the
1367 * clone. Thinking about it, it isn't entirely clear whether they should be
1368 * copied from the original parent, like errors_address, or taken from the
1369 * unseen router, like address_data and the flags. Until somebody brings this
1370 * up, I propose to leave the code as it is.
1374 /* Set the cloned address to start at the next router, and put it onto the
1375 chain of new addresses. */
1377 new->start_router = addr->router->next;
1378 new->next = *addr_new;
1381 DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address);
1383 /* Make a new unique field, to distinguish from the normal one. */
1385 addr->unique = string_sprintf("%s/%s", addr->unique, name);
1387 /* If the address has been routed to a transport, see if it was previously
1388 delivered. If so, we take it off the relevant queue so that it isn't delivered
1389 again. Otherwise, it was an alias or something, and the addresses it generated
1390 are handled in the normal way. */
1392 if (addr->transport && tree_search(tree_nonrecipients, addr->unique))
1395 debug_printf("\"unseen\" delivery previously done - discarded\n");
1396 parent->child_count--;
1397 if (*paddr_remote == addr) *paddr_remote = addr->next;
1398 if (*paddr_local == addr) *paddr_local = addr->next;
1404 /*************************************************
1405 * Route one address *
1406 *************************************************/
1408 /* This function is passed in one address item, for processing by the routers.
1409 The verify flag is set if this is being called for verification rather than
1410 delivery. If the router doesn't have its "verify" flag set, it is skipped.
1413 addr address to route
1414 paddr_local chain of local-delivery addresses
1415 paddr_remote chain of remote-delivery addresses
1416 addr_new chain for newly created addresses
1417 addr_succeed chain for completed addresses
1418 verify v_none if not verifying
1419 v_sender if verifying a sender address
1420 v_recipient if verifying a recipient address
1421 v_expn if processing an EXPN address
1423 Returns: OK => address successfully routed
1424 DISCARD => address was discarded
1425 FAIL => address could not be routed
1426 DEFER => some temporary problem
1427 ERROR => some major internal or configuration failure
1431 route_address(address_item *addr, address_item **paddr_local,
1432 address_item **paddr_remote, address_item **addr_new,
1433 address_item **addr_succeed, int verify)
1437 router_instance *r, *nextr;
1438 const uschar *old_domain = addr->domain;
1442 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1443 debug_printf("routing %s\n", addr->address);
1446 /* Loop through all router instances until a router succeeds, fails, defers, or
1447 encounters an error. If the address has start_router set, we begin from there
1448 instead of at the first router. */
1450 for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
1453 struct passwd *pw = NULL;
1454 struct passwd pwcopy;
1455 address_item *parent;
1456 BOOL loop_detected = FALSE;
1461 DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name);
1463 /* Reset any search error message from the previous router. */
1465 search_error_message = NULL;
1467 /* There are some weird cases where logging is disabled */
1469 disable_logging = r->disable_logging;
1471 /* Record the last router to handle the address, and set the default
1477 /* Loop protection: If this address has an ancestor with the same address,
1478 and that ancestor was routed by this router, we skip this router. This
1479 prevents a variety of looping states when a new address is created by
1480 redirection or by the use of "unseen" on a router.
1482 If no_repeat_use is set on the router, we skip if _any_ ancestor was routed
1483 by this router, even if it was different to the current address.
1485 Just in case someone does put it into a loop (possible with redirection
1486 continually adding to an address, for example), put a long stop counter on
1487 the number of parents. */
1489 for (parent = addr->parent; parent; parent = parent->parent)
1491 if (parent->router == r)
1493 BOOL break_loop = !r->repeat_use;
1495 /* When repeat_use is set, first check the active addresses caselessly.
1496 If they match, we have to do a further caseful check of the local parts
1497 when caseful_local_part is set. This is assumed to be rare, which is why
1498 the code is written this way. */
1502 break_loop = strcmpic(parent->address, addr->address) == 0;
1503 if (break_loop && r->caseful_local_part)
1504 break_loop = Ustrncmp(parent->address, addr->address,
1505 Ustrrchr(addr->address, '@') - addr->address) == 0;
1510 DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n",
1511 r->name, parent->address);
1512 loop_detected = TRUE;
1517 /* Continue with parents, limiting the size of the dynasty. */
1519 if (loopcount++ > 100)
1521 log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address);
1527 if (loop_detected) continue;
1529 /* Default no affixes and select whether to use a caseful or caseless local
1530 part in this router. */
1532 addr->prefix = addr->suffix = NULL;
1533 addr->local_part = r->caseful_local_part?
1534 addr->cc_local_part : addr->lc_local_part;
1536 DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part,
1539 /* Handle any configured prefix by replacing the local_part address,
1540 and setting the prefix. Skip the router if the prefix doesn't match,
1541 unless the prefix is optional. */
1545 int plen = route_check_prefix(addr->local_part, r->prefix);
1548 addr->prefix = string_copyn(addr->local_part, plen);
1549 addr->local_part += plen;
1550 DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1552 else if (!r->prefix_optional)
1554 DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n",
1560 /* Handle any configured suffix likewise. */
1564 int slen = route_check_suffix(addr->local_part, r->suffix);
1567 int lplen = Ustrlen(addr->local_part) - slen;
1568 addr->suffix = addr->local_part + lplen;
1569 addr->local_part = string_copyn(addr->local_part, lplen);
1570 DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
1572 else if (!r->suffix_optional)
1574 DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n",
1580 /* Set the expansion variables now that we have the affixes and the case of
1581 the local part sorted. */
1583 router_name = r->name;
1584 deliver_set_expansions(addr);
1586 /* For convenience, the pre-router checks are in a separate function, which
1587 returns OK, SKIP, FAIL, or DEFER. */
1589 if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1592 if (rc == SKIP) continue;
1593 addr->message = error;
1598 /* All pre-conditions have been met. Reset any search error message from
1599 pre-condition tests. These can arise in negated tests where the failure of
1600 the lookup leads to a TRUE pre-condition. */
1602 search_error_message = NULL;
1604 /* Finally, expand the address_data field in the router. Forced failure
1605 behaves as if the router declined. Any other failure is more serious. On
1606 success, the string is attached to the address for all subsequent processing.
1609 if (r->address_data)
1611 DEBUG(D_route) debug_printf("processing address_data\n");
1612 deliver_address_data = expand_string(r->address_data);
1613 if (!deliver_address_data)
1615 if (expand_string_forcedfail)
1617 DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" "
1618 "(address_data): decline action taken\n", r->address_data);
1620 /* Expand "more" if necessary; DEFER => an expansion failed */
1622 yield = exp_bool(addr, US"router", r->name, D_route,
1623 US"more", r->more, r->expand_more, &more);
1624 if (yield != OK) goto ROUTE_EXIT;
1629 debug_printf("\"more\"=false: skipping remaining routers\n");
1634 else continue; /* With next router */
1639 addr->message = string_sprintf("expansion of \"%s\" failed "
1640 "in %s router: %s", r->address_data, r->name, expand_string_message);
1645 addr->prop.address_data = deliver_address_data;
1648 /* We are finally cleared for take-off with this router. Clear the the flag
1649 that records that a local host was removed from a routed host list. Make a
1650 copy of relevant fields in the password information from check_local_user,
1651 because it will be overwritten if check_local_user is invoked again while
1652 verifying an errors_address setting. */
1654 clearflag(addr, af_local_host_removed);
1658 pwcopy.pw_name = CS string_copy(US pw->pw_name);
1659 pwcopy.pw_uid = pw->pw_uid;
1660 pwcopy.pw_gid = pw->pw_gid;
1661 pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos);
1662 pwcopy.pw_dir = CS string_copy(US pw->pw_dir);
1663 pwcopy.pw_shell = CS string_copy(US pw->pw_shell);
1667 /* Run the router, and handle the consequences. */
1669 /* ... but let us check on DSN before. If this should be the last hop for DSN
1672 if (r->dsn_lasthop && !(addr->dsn_flags & rf_dsnlasthop))
1674 addr->dsn_flags |= rf_dsnlasthop;
1675 HDEBUG(D_route) debug_printf("DSN: last hop for %s\n", addr->address);
1678 HDEBUG(D_route) debug_printf("calling %s router\n", r->name);
1680 yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
1681 addr_new, addr_succeed);
1687 HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
1691 /* If succeeded while verifying but fail_verify is set, convert into
1692 a failure, and take it off the local or remote delivery list. */
1694 if (((verify == v_sender && r->fail_verify_sender) ||
1695 (verify == v_recipient && r->fail_verify_recipient)) &&
1696 (yield == OK || yield == PASS))
1698 addr->message = string_sprintf("%s router forced verify failure", r->name);
1699 if (*paddr_remote == addr) *paddr_remote = addr->next;
1700 if (*paddr_local == addr) *paddr_local = addr->next;
1705 /* PASS and DECLINE are the only two cases where the loop continues. For all
1706 other returns, we break the loop and handle the result below. */
1708 if (yield != PASS && yield != DECLINE) break;
1712 debug_printf("%s router %s for %s\n", r->name,
1713 (yield == PASS)? "passed" : "declined", addr->address);
1714 if (Ustrcmp(old_domain, addr->domain) != 0)
1715 debug_printf("domain %s rewritten\n", old_domain);
1718 /* PASS always continues to another router; DECLINE does so if "more"
1719 is true. Initialization insists that pass_router is always a following
1720 router. Otherwise, break the loop as if at the end of the routers. */
1724 if (r->pass_router != NULL) nextr = r->pass_router;
1728 /* Expand "more" if necessary */
1730 yield = exp_bool(addr, US"router", r->name, D_route,
1731 US"more", r->more, r->expand_more, &more);
1732 if (yield != OK) goto ROUTE_EXIT;
1737 debug_printf("\"more\" is false: skipping remaining routers\n");
1742 } /* Loop for all routers */
1744 /* On exit from the routers loop, if r == NULL we have run out of routers,
1745 either genuinely, or as a result of no_more. Otherwise, the loop ended
1746 prematurely, either because a router succeeded, or because of some special
1747 router response. Note that FAIL errors and errors detected before actually
1748 running a router go direct to ROUTE_EXIT from code above. */
1752 HDEBUG(D_route) debug_printf("no more routers\n");
1755 uschar *message = US"Unrouteable address";
1756 if (addr->router && addr->router->cannot_route_message)
1758 uschar *expmessage = expand_string(addr->router->cannot_route_message);
1761 if (!expand_string_forcedfail)
1762 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
1763 "cannot_route_message in %s router: %s", addr->router->name,
1764 expand_string_message);
1766 else message = expmessage;
1768 addr->user_message = addr->message = message;
1770 addr->router = NULL; /* For logging */
1779 debug_printf("%s router: defer for %s\n", r->name, addr->address);
1780 debug_printf(" message: %s\n", (addr->message == NULL)?
1781 US"<none>" : addr->message);
1786 if (yield == DISCARD) goto ROUTE_EXIT;
1788 /* The yield must be either OK or REROUTED. */
1790 if (yield != OK && yield != REROUTED)
1791 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d",
1794 /* If the yield was REROUTED, the router put a child address on the new chain
1795 as a result of a domain change of some sort (widening, typically). */
1797 if (yield == REROUTED)
1799 HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address);
1804 /* The only remaining possibility is that the router succeeded. If the
1805 translate_ip_address options is set and host addresses were associated with the
1806 address, run them through the translation. This feature is for weird and
1807 wonderful situations (the amateur packet radio people need it) or very broken
1808 networking, so it is included in the binary only if requested. */
1810 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
1812 if (r->translate_ip_address)
1815 int old_pool = store_pool;
1817 for (h = addr->host_list; h; h = h->next)
1820 uschar *oldaddress, *oldname;
1822 if (!h->address) continue;
1824 deliver_host_address = h->address;
1825 newaddress = expand_string(r->translate_ip_address);
1826 deliver_host_address = NULL;
1830 if (expand_string_forcedfail) continue;
1831 addr->basic_errno = ERRNO_EXPANDFAIL;
1832 addr->message = string_sprintf("translate_ip_address expansion "
1833 "failed: %s", expand_string_message);
1838 DEBUG(D_route) debug_printf("%s [%s] translated to %s\n",
1839 h->name, h->address, newaddress);
1840 if (string_is_ip_address(newaddress, NULL) != 0)
1842 h->address = newaddress;
1847 oldaddress = h->address;
1848 h->name = newaddress;
1852 store_pool = POOL_PERM;
1853 rc = host_find_byname(h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
1854 store_pool = old_pool;
1856 if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN)
1858 addr->basic_errno = ERRNO_UNKNOWNHOST;
1859 addr->message = string_sprintf("host %s not found when "
1860 "translating %s [%s]", h->name, oldname, oldaddress);
1866 #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */
1868 /* See if this is an unseen routing; first expand the option if necessary.
1869 DEFER can be given if the expansion fails */
1871 yield = exp_bool(addr, US"router", r->name, D_route,
1872 US"unseen", r->unseen, r->expand_unseen, &unseen);
1873 if (yield != OK) goto ROUTE_EXIT;
1875 /* Debugging output recording a successful routing */
1877 HDEBUG(D_route) debug_printf("routed by %s router%s\n", r->name,
1878 unseen? " (unseen)" : "");
1884 debug_printf(" envelope to: %s\n", addr->address);
1885 debug_printf(" transport: %s\n", (addr->transport == NULL)?
1886 US"<none>" : addr->transport->name);
1888 if (addr->prop.errors_address)
1889 debug_printf(" errors to %s\n", addr->prop.errors_address);
1891 for (h = addr->host_list; h; h = h->next)
1893 debug_printf(" host %s", h->name);
1894 if (h->address) debug_printf(" [%s]", h->address);
1895 if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
1896 else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
1897 if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
1898 if (h->dnssec != DS_UNK) debug_printf(" dnssec=%s", h->dnssec==DS_YES ? "yes" : "no");
1903 /* Clear any temporary error message set by a router that declined, and handle
1904 the "unseen" option (ignore if there are no further routers). */
1906 addr->message = NULL;
1907 if (unseen && r->next)
1908 route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new);
1910 /* Unset the address expansions, and return the final result. */
1913 if (yield == DEFER && addr->message)
1914 addr->message = expand_hide_passwords(addr->message);
1916 deliver_set_expansions(NULL);
1918 disable_logging = FALSE;
1922 /* End of route.c */