1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_OK 256
15 /* Options specific to the lmtp transport. They must be in alphabetic
16 order (note that "_" comes before the lower case letters). Those starting
17 with "*" are not settable by the user but are used by the option-reading
18 software for alternative value types. Some options are stored in the transport
19 instance block so as to be publicly visible; these are flagged with opt_public.
22 optionlist lmtp_transport_options[] = {
23 { "batch_id", opt_stringptr | opt_public,
24 (void *)offsetof(transport_instance, batch_id) },
25 { "batch_max", opt_int | opt_public,
26 (void *)offsetof(transport_instance, batch_max) },
27 { "command", opt_stringptr,
28 (void *)offsetof(lmtp_transport_options_block, cmd) },
29 { "ignore_quota", opt_bool,
30 (void *)offsetof(lmtp_transport_options_block, ignore_quota) },
31 { "socket", opt_stringptr,
32 (void *)offsetof(lmtp_transport_options_block, skt) },
33 { "timeout", opt_time,
34 (void *)offsetof(lmtp_transport_options_block, timeout) }
37 /* Size of the options list. An extern variable has to be used so that its
38 address can appear in the tables drtables.c. */
40 int lmtp_transport_options_count =
41 sizeof(lmtp_transport_options)/sizeof(optionlist);
47 lmtp_transport_options_block lmtp_transport_option_defaults = {0};
48 void lmtp_transport_init(transport_instance *tblock) {}
49 BOOL lmtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
51 #else /*!MACRO_PREDEF*/
54 /* Default private options block for the lmtp transport. */
56 lmtp_transport_options_block lmtp_transport_option_defaults = {
61 FALSE /* ignore_quota */
66 /*************************************************
67 * Initialization entry point *
68 *************************************************/
70 /* Called for each instance, after its options have been read, to
71 enable consistency checks to be done, or anything else that needs
75 lmtp_transport_init(transport_instance *tblock)
77 lmtp_transport_options_block *ob =
78 (lmtp_transport_options_block *)(tblock->options_block);
80 /* Either the command field or the socket field must be set */
82 if ((ob->cmd == NULL) == (ob->skt == NULL))
83 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
84 "one (and only one) of command or socket must be set for the %s transport",
87 /* If a fixed uid field is set, then a gid field must also be set. */
89 if (tblock->uid_set && !tblock->gid_set && tblock->expand_gid == NULL)
90 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
91 "user set without group for the %s transport", tblock->name);
93 /* Set up the bitwise options for transport_write_message from the various
94 driver options. Only one of body_only and headers_only can be set. */
97 (tblock->body_only? topt_no_headers : 0) |
98 (tblock->headers_only? topt_no_body : 0) |
99 (tblock->return_path_add? topt_add_return_path : 0) |
100 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
101 (tblock->envelope_to_add? topt_add_envelope_to : 0) |
102 topt_use_crlf | topt_end_dot;
106 /*************************************************
107 * Check an LMTP response *
108 *************************************************/
110 /* This function is given an errno code and the LMTP response buffer to
111 analyse. It sets an appropriate message and puts the first digit of the
112 response code into the yield variable. If no response was actually read, a
113 suitable digit is chosen.
116 errno_value pointer to the errno value
117 more_errno from the top address for use with ERRNO_FILTER_FAIL
118 buffer the LMTP response buffer
119 yield where to put a one-digit LMTP response code
120 message where to put an error message
122 Returns: TRUE if a "QUIT" command should be sent, else FALSE
126 check_response(int *errno_value, int more_errno, uschar *buffer,
127 int *yield, uschar **message)
129 *yield = '4'; /* Default setting is to give a temporary error */
131 /* Handle response timeout */
133 if (*errno_value == ETIMEDOUT)
135 *message = string_sprintf("LMTP timeout after %s", big_buffer);
136 if (transport_count > 0)
137 *message = string_sprintf("%s (%d bytes written)", *message,
143 /* Handle malformed LMTP response */
145 if (*errno_value == ERRNO_SMTPFORMAT)
147 *message = string_sprintf("Malformed LMTP response after %s: %s",
148 big_buffer, string_printing(buffer));
152 /* Handle a failed filter process error; can't send QUIT as we mustn't
155 if (*errno_value == ERRNO_FILTER_FAIL)
157 *message = string_sprintf("transport filter process failed (%d)%s",
159 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
163 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
166 if (*errno_value == ERRNO_CHHEADER_FAIL)
169 string_sprintf("failed to expand headers_add or headers_remove: %s",
170 expand_string_message);
174 /* Handle failure to write a complete data block */
176 if (*errno_value == ERRNO_WRITEINCOMPLETE)
178 *message = US"failed to write a data block";
182 /* Handle error responses from the remote process. */
186 const uschar *s = string_printing(buffer);
187 *message = string_sprintf("LMTP error after %s: %s", big_buffer, s);
192 /* No data was read. If there is no errno, this must be the EOF (i.e.
193 connection closed) case, which causes deferral. Otherwise, leave the errno
194 value to be interpreted. In all cases, we have to assume the connection is now
197 if (*errno_value == 0)
199 *errno_value = ERRNO_SMTPCLOSED;
200 *message = string_sprintf("LMTP connection closed after %s", big_buffer);
208 /*************************************************
209 * Write LMTP command *
210 *************************************************/
212 /* The formatted command is left in big_buffer so that it can be reflected in
216 fd the fd to write to
217 format a format, starting with one of
218 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
219 ... data for the format
221 Returns: TRUE if successful, FALSE if not, with errno set
225 lmtp_write_command(int fd, const char *format, ...)
227 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
231 /*XXX see comment in smtp_write_command() regarding leaving stuff in
234 va_start(ap, format);
235 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
238 errno = ERRNO_SMTPFORMAT;
242 DEBUG(D_transport|D_v) debug_printf(" LMTP>> %s", string_from_gstring(&gs));
243 rc = write(fd, gs.s, gs.ptr);
244 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for debug and error message */
245 if (rc > 0) return TRUE;
246 DEBUG(D_transport) debug_printf("write failed: %s\n", strerror(errno));
253 /*************************************************
254 * Read LMTP response *
255 *************************************************/
257 /* This function reads an LMTP response with a timeout, and returns the
258 response in the given buffer. It also analyzes the first digit of the reply
259 code and returns FALSE if it is not acceptable.
261 FALSE is also returned after a reading error. In this case buffer[0] will be
262 zero, and the error code will be in errno.
265 f a file to read from
266 buffer where to put the response
267 size the size of the buffer
268 okdigit the expected first digit of the response
269 timeout the timeout to use
271 Returns: TRUE if a valid, non-error response was received; else FALSE
275 lmtp_read_response(FILE *f, uschar *buffer, int size, int okdigit, int timeout)
278 uschar *ptr = buffer;
279 uschar *readptr = buffer;
281 /* Ensure errno starts out zero */
285 /* Loop for handling LMTP responses that do not all come in one line. */
289 /* If buffer is too full, something has gone wrong. */
294 errno = ERRNO_SMTPFORMAT;
298 /* Loop to cover the read getting interrupted. */
305 *readptr = 0; /* In case nothing gets read */
306 sigalrm_seen = FALSE;
308 rc = Ufgets(readptr, size-1, f);
313 if (rc != NULL) break; /* A line has been read */
315 /* Handle timeout; must do this first because it uses EINTR */
317 if (sigalrm_seen) errno = ETIMEDOUT;
319 /* If some other interrupt arrived, just retry. We presume this to be rare,
320 but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes
323 else if (errno == EINTR)
325 DEBUG(D_transport) debug_printf("EINTR while reading LMTP response\n");
329 /* Handle other errors, including EOF; ensure buffer is completely empty. */
335 /* Adjust size in case we have to read another line, and adjust the
336 count to be the length of the line we are about to inspect. */
338 count = Ustrlen(readptr);
340 count += readptr - ptr;
342 /* See if the final two characters in the buffer are \r\n. If not, we
343 have to read some more. At least, that is what we should do on a strict
344 interpretation of the RFC. But accept LF as well, as we do for SMTP. */
346 if (ptr[count-1] != '\n')
350 debug_printf("LMTP input line incomplete in one buffer:\n ");
351 for (int i = 0; i < count; i++)
354 if (mac_isprint(c)) debug_printf("%c", c); else debug_printf("<%d>", c);
358 readptr = ptr + count;
362 /* Remove any whitespace at the end of the buffer. This gets rid of CR, LF
363 etc. at the end. Show it, if debugging, formatting multi-line responses. */
365 while (count > 0 && isspace(ptr[count-1])) count--;
368 DEBUG(D_transport|D_v)
374 while (*t != 0 && *t != '\n') t++;
375 debug_printf(" %s %*s\n", (s == ptr)? "LMTP<<" : " ",
382 /* Check the format of the response: it must start with three digits; if
383 these are followed by a space or end of line, the response is complete. If
384 they are followed by '-' this is a multi-line response and we must look for
385 another line until the final line is reached. The only use made of multi-line
386 responses is to pass them back as error messages. We therefore just
387 concatenate them all within the buffer, which should be large enough to
388 accept any reasonable number of lines. A multiline response may already
389 have been read in one go - hence the loop here. */
398 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
400 errno = ERRNO_SMTPFORMAT; /* format error */
404 /* If a single-line response, exit the loop */
406 if (ptr[3] != '-') break;
408 /* For a multi-line response see if the next line is already read, and if
409 so, stay in this loop to check it. */
420 if (*p == 0) break; /* No more lines to check */
423 /* End of response. If the last of the lines we are looking at is the final
424 line, we are done. Otherwise more data has to be read. */
426 if (ptr[3] != '-') break;
428 /* Move the reading pointer upwards in the buffer and insert \n in case this
429 is an error message that subsequently gets printed. Set the scanning pointer
430 to the reading pointer position. */
438 /* Return a value that depends on the LMTP return code. Ensure that errno is
439 zero, because the caller of this function looks at errno when FALSE is
440 returned, to distinguish between an unexpected return code and other errors
441 such as timeouts, lost connections, etc. */
444 return buffer[0] == okdigit;
452 /*************************************************
454 *************************************************/
456 /* See local README for interface details. For setup-errors, this transport
457 returns FALSE, indicating that the first address has the status for all; in
458 normal cases it returns TRUE, indicating that each address has its own status
462 lmtp_transport_entry(
463 transport_instance *tblock, /* data for this instantiation */
464 address_item *addrlist) /* address(es) we are working on */
468 lmtp_transport_options_block *ob =
469 (lmtp_transport_options_block *)(tblock->options_block);
470 struct sockaddr_un sockun; /* don't call this "sun" ! */
471 int timeout = ob->timeout;
472 int fd_in = -1, fd_out = -1;
473 int code, save_errno;
476 uschar *igquotstr = US"";
477 uschar *sockname = NULL;
481 DEBUG(D_transport) debug_printf("%s transport entered\n", tblock->name);
483 /* Initialization ensures that either a command or a socket is specified, but
484 not both. When a command is specified, call the common function for creating an
485 argument list and expanding the items. */
489 DEBUG(D_transport) debug_printf("using command %s\n", ob->cmd);
490 sprintf(CS buffer, "%.50s transport", tblock->name);
491 if (!transport_set_up_command(&argv, ob->cmd, TRUE, PANIC, addrlist, buffer,
495 /* If the -N option is set, can't do any more. Presume all has gone well. */
499 /* As this is a local transport, we are already running with the required
500 uid/gid and current directory. Request that the new process be a process group
501 leader, so we can kill it and all its children on an error. */
503 if ((pid = child_open(USS argv, NULL, 0, &fd_in, &fd_out, TRUE)) < 0)
505 addrlist->message = string_sprintf(
506 "Failed to create child process for %s transport: %s", tblock->name,
512 /* When a socket is specified, expand the string and create a socket. */
516 DEBUG(D_transport) debug_printf("using socket %s\n", ob->skt);
517 sockname = expand_string(ob->skt);
518 if (sockname == NULL)
520 addrlist->message = string_sprintf("Expansion of \"%s\" (socket setting "
521 "for %s transport) failed: %s", ob->skt, tblock->name,
522 expand_string_message);
525 if ((fd_in = fd_out = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
527 addrlist->message = string_sprintf(
528 "Failed to create socket %s for %s transport: %s",
529 ob->skt, tblock->name, strerror(errno));
533 /* If the -N option is set, can't do any more. Presume all has gone well. */
537 sockun.sun_family = AF_UNIX;
538 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1), sockname);
539 if(connect(fd_out, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
541 addrlist->message = string_sprintf(
542 "Failed to connect to socket %s for %s transport: %s",
543 sockun.sun_path, tblock->name, strerror(errno));
549 /* Make the output we are going to read into a file. */
551 out = fdopen(fd_out, "rb");
553 /* Now we must implement the LMTP protocol. It is like SMTP, except that after
554 the end of the message, a return code for every accepted RCPT TO is sent. This
555 allows for message+recipient checks after the message has been received. */
557 /* First thing is to wait for an initial greeting. */
559 Ustrcpy(big_buffer, US"initial connection");
560 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2',
561 timeout)) goto RESPONSE_FAILED;
563 /* Next, we send a LHLO command, and expect a positive response */
565 if (!lmtp_write_command(fd_in, "%s %s\r\n", "LHLO",
566 primary_hostname)) goto WRITE_FAILED;
568 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2',
569 timeout)) goto RESPONSE_FAILED;
571 /* If the ignore_quota option is set, note whether the server supports the
572 IGNOREQUOTA option, and if so, set an appropriate addition for RCPT. */
574 if (ob->ignore_quota)
575 igquotstr = (pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer,
576 Ustrlen(CS buffer), 0, PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
578 /* Now the envelope sender */
580 if (!lmtp_write_command(fd_in, "MAIL FROM:<%s>\r\n", return_path))
583 if (!lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
585 if (errno == 0 && buffer[0] == '4')
587 errno = ERRNO_MAIL4XX;
588 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
590 goto RESPONSE_FAILED;
593 /* Next, we hand over all the recipients. Some may be permanently or
594 temporarily rejected; others may be accepted, for now. */
597 for (address_item * addr = addrlist; addr; addr = addr->next)
599 if (!lmtp_write_command(fd_in, "RCPT TO:<%s>%s\r\n",
600 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr))
602 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
605 addr->transport_return = PENDING_OK;
609 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
610 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
611 string_printing(buffer));
612 setflag(addr, af_pass_message); /* Allow message to go to user */
613 if (buffer[0] == '5') addr->transport_return = FAIL; else
615 addr->basic_errno = ERRNO_RCPT4XX;
616 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
621 /* Now send the text of the message if there were any good recipients. */
626 transport_ctx tctx = {
634 if (!lmtp_write_command(fd_in, "DATA\r\n")) goto WRITE_FAILED;
635 if (!lmtp_read_response(out, buffer, sizeof(buffer), '3', timeout))
637 if (errno == 0 && buffer[0] == '4')
639 errno = ERRNO_DATA4XX;
640 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
642 goto RESPONSE_FAILED;
645 sigalrm_seen = FALSE;
646 transport_write_timeout = timeout;
647 Ustrcpy(big_buffer, US"sending data block"); /* For error messages */
648 DEBUG(D_transport|D_v)
649 debug_printf(" LMTP>> writing message and terminating \".\"\n");
652 ok = transport_write_message(&tctx, 0);
654 /* Failure can either be some kind of I/O disaster (including timeout),
655 or the failure of a transport filter or the expansion of added headers. */
659 buffer[0] = 0; /* There hasn't been a response */
660 goto RESPONSE_FAILED;
663 Ustrcpy(big_buffer, US"end of data"); /* For error messages */
665 /* We now expect a response for every address that was accepted above,
666 in the same order. For those that get a response, their status is fixed;
667 any that are accepted have been handed over, even if later responses crash -
668 at least, that's how I read RFC 2033. */
670 for (address_item * addr = addrlist; addr; addr = addr->next)
672 if (addr->transport_return != PENDING_OK) continue;
674 if (lmtp_read_response(out, buffer, sizeof(buffer), '2', timeout))
676 addr->transport_return = OK;
677 if (LOGGING(smtp_confirmation))
679 const uschar *s = string_printing(buffer);
680 /* de-const safe here as string_printing known to have alloc'n'copied */
681 addr->message = (s == buffer)? US string_copy(s) : US s;
684 /* If the response has failed badly, use it for all the remaining pending
685 addresses and give up. */
687 else if (errno != 0 || buffer[0] == 0)
690 check_response(&save_errno, addr->more_errno, buffer, &code,
692 addr->transport_return = (code == '5')? FAIL : DEFER;
693 for (address_item * a = addr->next; a; a = a->next)
695 if (a->transport_return != PENDING_OK) continue;
696 a->basic_errno = addr->basic_errno;
697 a->message = addr->message;
698 a->transport_return = addr->transport_return;
703 /* Otherwise, it's an LMTP error code return for one address */
707 if (buffer[0] == '4')
709 addr->basic_errno = ERRNO_DATA4XX;
710 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
712 addr->message = string_sprintf("LMTP error after %s: %s", big_buffer,
713 string_printing(buffer));
714 addr->transport_return = (buffer[0] == '5')? FAIL : DEFER;
715 setflag(addr, af_pass_message); /* Allow message to go to user */
720 /* The message transaction has completed successfully - this doesn't mean that
721 all the addresses have necessarily been transferred, but each has its status
722 set, so we change the yield to TRUE. */
725 (void) lmtp_write_command(fd_in, "QUIT\r\n");
726 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
731 /* Come here if any call to read_response, other than a response after the data
732 phase, failed. Put the error in the top address - this will be replicated
733 because the yield is still FALSE. (But omit ETIMEDOUT, as there will already be
734 a suitable message.) Analyse the error, and if if isn't too bad, send a QUIT
735 command. Wait for the response with a short timeout, so we don't wind up this
736 process before the far end has had time to read the QUIT. */
741 if (errno != ETIMEDOUT && errno != 0) addrlist->basic_errno = errno;
742 addrlist->message = NULL;
744 if (check_response(&save_errno, addrlist->more_errno,
745 buffer, &code, &(addrlist->message)))
747 (void) lmtp_write_command(fd_in, "QUIT\r\n");
748 (void) lmtp_read_response(out, buffer, sizeof(buffer), '2', 1);
751 addrlist->transport_return = (code == '5')? FAIL : DEFER;
752 if (code == '4' && save_errno > 0)
753 addrlist->message = string_sprintf("%s: %s", addrlist->message,
754 strerror(save_errno));
755 goto KILL_AND_RETURN;
757 /* Come here if there are errors during writing of a command or the message
758 itself. This error will be applied to all the addresses. */
762 addrlist->transport_return = PANIC;
763 addrlist->basic_errno = errno;
764 if (errno == ERRNO_CHHEADER_FAIL)
766 string_sprintf("Failed to expand headers_add or headers_remove: %s",
767 expand_string_message);
768 else if (errno == ERRNO_FILTER_FAIL)
769 addrlist->message = US"Filter process failure";
770 else if (errno == ERRNO_WRITEINCOMPLETE)
771 addrlist->message = US"Failed repeatedly to write data";
772 else if (errno == ERRNO_SMTPFORMAT)
773 addrlist->message = US"overlong LMTP command generated";
775 addrlist->message = string_sprintf("Error %d", errno);
777 /* Come here after errors. Kill off the process. */
781 if (pid > 0) killpg(pid, SIGKILL);
783 /* Come here from all paths after the subprocess is created. Wait for the
784 process, but with a timeout. */
788 (void)child_close(pid, timeout);
790 if (fd_in >= 0) (void)close(fd_in);
791 if (fd_out >= 0) (void)fclose(out);
794 debug_printf("%s transport yields %d\n", tblock->name, yield);
801 debug_printf("*** delivery by %s transport bypassed by -N option",
803 addrlist->transport_return = OK;
807 #endif /*!MACRO_PREDEF*/
808 /* End of transport/lmtp.c */
git://git.exim.org / users / jgh / exim.git / blob