2 * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: headers.c,v 8.287 2004/12/03 18:29:51 ca Exp $")
18 static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *));
19 static size_t fix_mime_header __P((HDR *, ENVELOPE *));
20 static int priencode __P((char *));
21 static void put_vanilla_header __P((HDR *, char *, MCI *));
24 ** SETUPHEADERS -- initialize headers in symbol table
39 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
41 s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
42 s->s_header.hi_flags = hi->hi_flags;
43 s->s_header.hi_ruleset = NULL;
47 ** CHOMPHEADER -- process and save a header line.
49 ** Called by collect, readcf, and readqf to deal with header lines.
52 ** line -- header as a text line.
53 ** pflag -- flags for chompheader() (from sendmail.h)
54 ** hdrp -- a pointer to the place to save the header.
55 ** e -- the envelope including this header.
58 ** flags for this header.
61 ** The header is saved on the header list.
62 ** Contents of 'line' are destroyed.
65 static struct hdrinfo NormalHeader = { NULL, 0, NULL };
68 chompheader(line, pflag, hdrp, e)
74 unsigned char mid = '\0';
85 bool nullheader = false;
90 sm_dprintf("chompheader: ");
91 xputs(sm_debug_file(), line);
95 headeronly = hdrp != NULL;
99 /* strip off options */
102 if (!bitset(pflag, CHHDR_USER) && *p == '?')
107 q = strchr(++p, '?');
114 /* possibly macro conditional */
115 if (c == MACROEXPAND)
124 mid = (unsigned char) *p++;
142 mid = (unsigned char) macid(p);
143 if (bitset(0200, mid))
145 p += strlen(macname(mid)) + 2;
168 setbitn(bitidx(*p), mopts);
176 /* find canonical name */
178 while (isascii(*p) && isgraph(*p) && *p != ':')
181 while (isascii(*p) && isspace(*p))
183 if (*p++ != ':' || fname == fvalue)
186 syserr("553 5.3.0 header syntax error, line \"%s\"", line);
191 /* strip field value on front */
196 /* if the field is null, go ahead and use the default */
197 while (isascii(*p) && isspace(*p))
202 /* security scan: long field names are end-of-header */
203 if (strlen(fname) > 100)
206 /* check to see if it represents a ruleset call */
207 if (bitset(pflag, CHHDR_DEF))
211 (void) expand(fvalue, hbuf, sizeof hbuf, e);
212 for (p = hbuf; isascii(*p) && isspace(*p); )
214 if ((*p++ & 0377) == CALLSUBR)
219 strc = *p == '+'; /* strip comments? */
222 if (strtorwset(p, &endp, ST_ENTER) > 0)
225 s = stab(fname, ST_HEADER, ST_ENTER);
227 s->s_header.hi_ruleset != NULL)
228 sm_syslog(LOG_WARNING, NOQID,
229 "Warning: redefined ruleset for header=%s, old=%s, new=%s",
231 s->s_header.hi_ruleset, p);
232 s->s_header.hi_ruleset = newstr(p);
234 s->s_header.hi_flags |= H_STRIPCOMM;
240 /* see if it is a known type */
241 s = stab(fname, ST_HEADER, ST_FIND);
250 sm_dprintf("no header flags match\n");
252 sm_dprintf("header match, flags=%lx, ruleset=%s\n",
254 hi->hi_ruleset == NULL ? "<NULL>"
258 /* see if this is a resent message */
259 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
260 bitset(H_RESENT, hi->hi_flags))
261 e->e_flags |= EF_RESENT;
263 /* if this is an Errors-To: header keep track of it now */
264 if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
265 bitset(H_ERRORSTO, hi->hi_flags))
266 (void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
268 /* if this means "end of header" quit now */
269 if (!headeronly && bitset(H_EOH, hi->hi_flags))
273 ** Horrible hack to work around problem with Lotus Notes SMTP
274 ** mail gateway, which generates From: headers with newlines in
275 ** them and the <address> on the second line. Although this is
276 ** legal RFC 822, many MUAs don't handle this properly and thus
277 ** never find the actual address.
280 if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
282 while ((p = strchr(fvalue, '\n')) != NULL)
287 ** If there is a check ruleset, verify it against the header.
290 if (bitset(pflag, CHHDR_CHECK))
295 rscheckflags = RSF_COUNT;
296 if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
297 rscheckflags |= RSF_UNSTRUCTURED;
299 /* no ruleset? look for default */
303 s = stab("*", ST_HEADER, ST_FIND);
306 rs = (&s->s_header)->hi_ruleset;
307 if (bitset((&s->s_header)->hi_flags,
309 rscheckflags |= RSF_RMCOMM;
312 else if (bitset(hi->hi_flags, H_STRIPCOMM))
313 rscheckflags |= RSF_RMCOMM;
322 /* - 3 to avoid problems with " at the end */
323 /* should be sizeof(qval), not MAXNAME */
324 for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
328 /* XXX other control chars? */
329 case '\011': /* ht */
330 case '\012': /* nl */
331 case '\013': /* vt */
332 case '\014': /* np */
333 case '\015': /* cr */
340 qval[l++] = fvalue[k];
346 k += strlen(fvalue + k);
350 sm_syslog(LOG_WARNING, e->e_id,
351 "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
352 fname, rs, k, MAXNAME - 1);
354 macdefine(&e->e_macro, A_TEMP,
355 macid("{currHeader}"), qval);
356 macdefine(&e->e_macro, A_TEMP,
357 macid("{hdr_name}"), fname);
359 (void) sm_snprintf(qval, sizeof qval, "%d", k);
360 macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
362 if (bitset(H_FROM, hi->hi_flags))
363 macdefine(&e->e_macro, A_PERM,
364 macid("{addr_type}"), "h s");
365 else if (bitset(H_RCPT, hi->hi_flags))
366 macdefine(&e->e_macro, A_PERM,
367 macid("{addr_type}"), "h r");
369 #endif /* _FFR_HDR_TYPE */
370 macdefine(&e->e_macro, A_PERM,
371 macid("{addr_type}"), "h");
372 (void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
378 ** Drop explicit From: if same as what we would generate.
379 ** This is to make MH (which doesn't always give a full name)
380 ** insert the full name information in all circumstances.
385 if (!bitset(EF_RESENT, e->e_flags))
387 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
388 !bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
392 sm_dprintf("comparing header from (%s) against default (%s or %s)\n",
393 fvalue, e->e_from.q_paddr, e->e_from.q_user);
395 if (e->e_from.q_paddr != NULL &&
396 e->e_from.q_mailer != NULL &&
397 bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
398 (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
399 strcmp(fvalue, e->e_from.q_user) == 0))
403 /* delete default value for this header */
404 for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
406 if (sm_strcasecmp(fname, h->h_field) == 0 &&
407 !bitset(H_USER, h->h_flags) &&
408 !bitset(H_FORCE, h->h_flags))
412 /* user-supplied value was null */
417 /* make this look like the user entered it */
418 h->h_flags |= H_USER;
424 /* copy conditions from default case */
425 memmove((char *) mopts, (char *) h->h_mflags,
432 /* create a new node */
433 h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof *h);
434 h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
435 h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
437 memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts);
440 h->h_flags = hi->hi_flags;
441 if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
442 h->h_flags |= H_USER;
444 /* strip EOH flag if parsing MIME headers */
446 h->h_flags &= ~H_EOH;
447 if (bitset(pflag, CHHDR_DEF))
448 h->h_flags |= H_DEFAULT;
449 if (cond || mid != '\0')
450 h->h_flags |= H_CHECK;
452 /* hack to see if this is a new format message */
453 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
454 bitset(H_RCPT|H_FROM, h->h_flags) &&
455 (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
456 strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
458 e->e_flags &= ~EF_OLDSTYLE;
464 ** ALLOCHEADER -- allocate a header entry
467 ** field -- the name of the header field.
468 ** value -- the value of the field.
469 ** flags -- flags to add to h_flags.
470 ** rp -- resource pool for allocations
473 ** Pointer to a newly allocated and populated HDR.
477 allocheader(field, value, flags, rp)
486 /* find info struct */
487 s = stab(field, ST_HEADER, ST_FIND);
489 /* allocate space for new header */
490 h = (HDR *) sm_rpool_malloc_x(rp, sizeof *h);
492 h->h_value = sm_rpool_strdup_x(rp, value);
495 h->h_flags |= s->s_header.hi_flags;
496 clrbitmap(h->h_mflags);
502 ** ADDHEADER -- add a header entry to the end of the queue.
504 ** This bypasses the special checking of chompheader.
507 ** field -- the name of the header field.
508 ** value -- the value of the field.
509 ** flags -- flags to add to h_flags.
516 ** adds the field on the list of headers for this envelope.
520 addheader(field, value, flags, e)
528 HDR **hdrlist = &e->e_header;
530 /* find current place in list -- keep back pointer? */
531 for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
533 if (sm_strcasecmp(field, h->h_field) == 0)
537 /* allocate space for new header */
538 h = allocheader(field, value, flags, e->e_rpool);
543 ** INSHEADER -- insert a header entry at the specified index
545 ** This bypasses the special checking of chompheader.
548 ** idx -- index into the header list at which to insert
549 ** field -- the name of the header field.
550 ** value -- the value of the field.
551 ** flags -- flags to add to h_flags.
558 ** inserts the field on the list of headers for this envelope.
562 insheader(idx, field, value, flags, e)
569 HDR *h, *srch, *last = NULL;
571 /* allocate space for new header */
572 h = allocheader(field, value, flags, e->e_rpool);
574 /* find insertion position */
575 for (srch = e->e_header; srch != NULL && idx > 0;
576 srch = srch->h_link, idx--)
579 if (e->e_header == NULL)
584 else if (srch == NULL)
586 SM_ASSERT(last != NULL);
592 h->h_link = srch->h_link;
597 ** HVALUE -- return value of a header.
599 ** Only "real" fields (i.e., ones that have not been supplied
600 ** as a default) are used.
603 ** field -- the field name.
604 ** header -- the header list.
607 ** pointer to the value part.
608 ** NULL if not found.
615 hvalue(field, header)
621 for (h = header; h != NULL; h = h->h_link)
623 if (!bitset(H_DEFAULT, h->h_flags) &&
624 sm_strcasecmp(h->h_field, field) == 0)
630 ** ISHEADER -- predicate telling if argument is a header.
632 ** A line is a header if it has a single word followed by
633 ** optional white space followed by a colon.
635 ** Header fields beginning with two dashes, although technically
636 ** permitted by RFC822, are automatically rejected in order
637 ** to make MIME work out. Without this we could have a technically
638 ** legal header such as ``--"foo:bar"'' that would also be a legal
642 ** h -- string to check for possible headerness.
645 ** true if h is a header.
656 register char *s = h;
658 if (s[0] == '-' && s[1] == '-')
661 while (*s > ' ' && *s != ':' && *s != '\0')
667 /* following technically violates RFC822 */
668 while (isascii(*s) && isspace(*s))
674 ** EATHEADER -- run through the stored header and extract info.
677 ** e -- the envelope to process.
678 ** full -- if set, do full processing (e.g., compute
679 ** message priority). This should not be set
680 ** when reading a queue file because some info
681 ** needed to compute the priority is wrong.
682 ** log -- call logsender()?
688 ** Sets a bunch of global variables from information
689 ** in the collected header.
693 eatheader(e, full, log)
694 register ENVELOPE *e;
704 ** Set up macros for possible expansion in headers.
707 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
708 macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
709 if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
710 macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
712 macdefine(&e->e_macro, A_PERM, 'u', NULL);
714 /* full name of from person */
715 p = hvalue("full-name", e->e_header);
718 if (!rfc822_string(p))
721 ** Quote a full name with special characters
722 ** as a comment so crackaddr() doesn't destroy
723 ** the name portion of the address.
726 p = addquotes(p, e->e_rpool);
728 macdefine(&e->e_macro, A_PERM, 'x', p);
732 sm_dprintf("----- collected header -----\n");
734 for (h = e->e_header; h != NULL; h = h->h_link)
737 sm_dprintf("%s: ", h->h_field);
738 if (h->h_value == NULL)
741 sm_dprintf("<NULL>\n");
745 /* do early binding */
746 if (bitset(H_DEFAULT, h->h_flags) &&
747 !bitset(H_BINDLATE, h->h_flags))
752 xputs(sm_debug_file(), h->h_value);
755 expand(h->h_value, buf, sizeof buf, e);
758 if (bitset(H_FROM, h->h_flags))
759 expand(crackaddr(buf, e),
761 h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
762 h->h_flags &= ~H_DEFAULT;
767 xputs(sm_debug_file(), h->h_value);
771 /* count the number of times it has been processed */
772 if (bitset(H_TRACE, h->h_flags))
775 /* send to this person if we so desire */
776 if (GrabTo && bitset(H_RCPT, h->h_flags) &&
777 !bitset(H_DEFAULT, h->h_flags) &&
778 (!bitset(EF_RESENT, e->e_flags) ||
779 bitset(H_RESENT, h->h_flags)))
782 int saveflags = e->e_flags;
785 (void) sendtolist(denlstring(h->h_value, true, false),
786 NULLADDR, &e->e_sendqueue, 0, e);
790 ** Change functionality so a fatal error on an
791 ** address doesn't affect the entire envelope.
794 /* delete fatal errors generated by this address */
795 if (!bitset(EF_FATALERRS, saveflags))
796 e->e_flags &= ~EF_FATALERRS;
800 /* save the message-id for logging */
801 p = "resent-message-id";
802 if (!bitset(EF_RESENT, e->e_flags))
804 if (sm_strcasecmp(h->h_field, p) == 0)
806 e->e_msgid = h->h_value;
807 while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
809 macdefine(&e->e_macro, A_PERM, macid("{msg_id}"),
814 sm_dprintf("----------------------------\n");
816 /* if we are just verifying (that is, sendmail -t -bv), drop out now */
817 if (OpMode == MD_VERIFY)
820 /* store hop count */
821 if (hopcnt > e->e_hopcount)
823 e->e_hopcount = hopcnt;
824 (void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
825 macdefine(&e->e_macro, A_TEMP, 'c', buf);
828 /* message priority */
829 p = hvalue("precedence", e->e_header);
831 e->e_class = priencode(p);
833 e->e_timeoutclass = TOC_NONURGENT;
834 else if (e->e_class > 0)
835 e->e_timeoutclass = TOC_URGENT;
838 e->e_msgpriority = e->e_msgsize
839 - e->e_class * WkClassFact
840 + e->e_nrcpts * WkRecipFact;
843 /* check for DSN to properly set e_timeoutclass */
844 p = hvalue("content-type", e->e_header);
849 char pvpbuf[MAXLINE];
850 extern unsigned char MimeTokenTab[256];
852 /* tokenize header */
855 pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL,
856 MimeTokenTab, false);
859 /* Check if multipart/report */
860 if (pvp != NULL && pvp[0] != NULL &&
861 pvp[1] != NULL && pvp[2] != NULL &&
862 sm_strcasecmp(*pvp++, "multipart") == 0 &&
863 strcmp(*pvp++, "/") == 0 &&
864 sm_strcasecmp(*pvp++, "report") == 0)
866 /* Look for report-type=delivery-status */
869 /* skip to semicolon separator */
870 while (*pvp != NULL && strcmp(*pvp, ";") != 0)
874 if (*pvp++ == NULL || *pvp == NULL)
877 /* look for report-type */
878 if (sm_strcasecmp(*pvp++, "report-type") != 0)
882 if (*pvp == NULL || strcmp(*pvp, "=") != 0)
886 if (*++pvp != NULL &&
888 "delivery-status") == 0)
889 e->e_timeoutclass = TOC_DSN;
891 /* found report-type, no need to continue */
897 /* message timeout priority */
898 p = hvalue("priority", e->e_header);
901 /* (this should be in the configuration file) */
902 if (sm_strcasecmp(p, "urgent") == 0)
903 e->e_timeoutclass = TOC_URGENT;
904 else if (sm_strcasecmp(p, "normal") == 0)
905 e->e_timeoutclass = TOC_NORMAL;
906 else if (sm_strcasecmp(p, "non-urgent") == 0)
907 e->e_timeoutclass = TOC_NONURGENT;
908 else if (bitset(EF_RESPONSE, e->e_flags))
909 e->e_timeoutclass = TOC_DSN;
911 else if (bitset(EF_RESPONSE, e->e_flags))
912 e->e_timeoutclass = TOC_DSN;
914 /* date message originated */
915 p = hvalue("posted-date", e->e_header);
917 p = hvalue("date", e->e_header);
919 macdefine(&e->e_macro, A_PERM, 'a', p);
921 /* check to see if this is a MIME message */
922 if ((e->e_bodytype != NULL &&
923 sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
924 hvalue("MIME-Version", e->e_header) != NULL)
926 e->e_flags |= EF_IS_MIME;
928 e->e_bodytype = "8BITMIME";
930 else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
932 /* this may be an RFC 1049 message */
933 p = strpbrk(p, ";/");
934 if (p == NULL || *p == ';')
937 e->e_flags |= EF_DONT_MIME;
942 ** From person in antiquated ARPANET mode
943 ** required by UK Grey Book e-mail gateways (sigh)
946 if (OpMode == MD_ARPAFTP)
948 register struct hdrinfo *hi;
950 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
952 if (bitset(H_FROM, hi->hi_flags) &&
953 (!bitset(H_RESENT, hi->hi_flags) ||
954 bitset(EF_RESENT, e->e_flags)) &&
955 (p = hvalue(hi->hi_field, e->e_header)) != NULL)
958 if (hi->hi_field != NULL)
961 sm_dprintf("eatheader: setsender(*%s == %s)\n",
963 setsender(p, e, NULL, '\0', true);
968 ** Log collection information.
971 if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
973 logsender(e, e->e_msgid);
974 e->e_flags &= ~EF_LOGSENDER;
978 ** LOGSENDER -- log sender information
981 ** e -- the envelope to log
982 ** msgid -- the message id
990 register ENVELOPE *e;
997 char hbuf[MAXNAME + 1];
998 char sbuf[MAXLINE + 1];
999 char mbuf[MAXNAME + 1];
1001 /* don't allow newlines in the message-id */
1002 /* XXX do we still need this? sm_syslog() replaces control chars */
1006 if (l > sizeof mbuf - 1)
1007 l = sizeof mbuf - 1;
1008 memmove(mbuf, msgid, l);
1011 while ((p = strchr(p, '\n')) != NULL)
1015 if (bitset(EF_RESPONSE, e->e_flags))
1016 name = "[RESPONSE]";
1017 else if ((name = macvalue('_', e)) != NULL)
1020 else if (RealHostName == NULL)
1022 else if (RealHostName[0] == '[')
1023 name = RealHostName;
1027 (void) sm_snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName);
1028 if (RealHostAddr.sa.sa_family != 0)
1030 p = &hbuf[strlen(hbuf)];
1031 (void) sm_snprintf(p, SPACELEFT(hbuf, p),
1033 anynet_ntoa(&RealHostAddr));
1037 /* some versions of syslog only take 5 printf args */
1038 #if (SYSLOG_BUFSIZE) >= 256
1040 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1041 "from=%.200s, size=%ld, class=%d, nrcpts=%d",
1042 e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
1043 e->e_msgsize, e->e_class, e->e_nrcpts);
1047 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1048 ", msgid=%.100s", mbuf);
1051 if (e->e_bodytype != NULL)
1053 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1054 ", bodytype=%.20s", e->e_bodytype);
1057 p = macvalue('r', e);
1060 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1061 ", proto=%.20s", p);
1064 p = macvalue(macid("{daemon_name}"), e);
1067 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1068 ", daemon=%.20s", p);
1071 sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
1073 #else /* (SYSLOG_BUFSIZE) >= 256 */
1075 sm_syslog(LOG_INFO, e->e_id,
1077 e->e_from.q_paddr == NULL ? "<NONE>"
1078 : shortenstring(e->e_from.q_paddr,
1080 sm_syslog(LOG_INFO, e->e_id,
1081 "size=%ld, class=%ld, nrcpts=%d",
1082 e->e_msgsize, e->e_class, e->e_nrcpts);
1084 sm_syslog(LOG_INFO, e->e_id,
1086 shortenstring(mbuf, 83));
1089 if (e->e_bodytype != NULL)
1091 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1092 "bodytype=%.20s, ", e->e_bodytype);
1095 p = macvalue('r', e);
1098 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1099 "proto=%.20s, ", p);
1102 sm_syslog(LOG_INFO, e->e_id,
1103 "%.400srelay=%s", sbuf, name);
1104 #endif /* (SYSLOG_BUFSIZE) >= 256 */
1107 ** PRIENCODE -- encode external priority names into internal values.
1110 ** p -- priority in ascii.
1113 ** priority as a numeric level.
1125 for (i = 0; i < NumPriorities; i++)
1127 if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
1128 return Priorities[i].pri_val;
1131 /* unknown priority */
1135 ** CRACKADDR -- parse an address and turn it into a macro
1137 ** This doesn't actually parse the address -- it just extracts
1138 ** it and replaces it with "$g". The parse is totally ad hoc
1139 ** and isn't even guaranteed to leave something syntactically
1140 ** identical to what it started with. However, it does leave
1141 ** something semantically identical if possible, else at least
1142 ** syntactically correct.
1144 ** For example, it changes "Real Name <real@example.com> (Comment)"
1145 ** to "Real Name <$g> (Comment)".
1147 ** This algorithm has been cleaned up to handle a wider range
1148 ** of cases -- notably quoted and backslash escaped strings.
1149 ** This modification makes it substantially better at preserving
1150 ** the original syntax.
1153 ** addr -- the address to be cracked.
1154 ** e -- the current envelope.
1157 ** a pointer to the new version.
1163 ** The return value is saved in local storage and should
1164 ** be copied if it is to be reused.
1167 #define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend))
1170 ** Append a character to bp if we have room.
1171 ** If not, punt and return $g.
1174 #define SM_APPEND_CHAR(c) \
1184 ERROR MAXNAME must be at least 10
1185 #endif /* MAXNAME < 10 */
1189 register char *addr;
1194 int cmtlev; /* comment level in input string */
1195 int realcmtlev; /* comment level in output string */
1196 int anglelev; /* angle level in input string */
1197 int copylev; /* 0 == in address, >0 copying */
1198 int bracklev; /* bracket level for IPv6 addr check */
1199 bool addangle; /* put closing angle in output */
1200 bool qmode; /* quoting in original string? */
1201 bool realqmode; /* quoting in output string? */
1202 bool putgmac = false; /* already wrote $g */
1203 bool quoteit = false; /* need to quote next character */
1204 bool gotangle = false; /* found first '<' */
1205 bool gotcolon = false; /* found a ':' */
1211 static char buf[MAXNAME + 1];
1214 sm_dprintf("crackaddr(%s)\n", addr);
1216 /* strip leading spaces */
1217 while (*addr != '\0' && isascii(*addr) && isspace(*addr))
1221 ** Start by assuming we have no angle brackets. This will be
1222 ** adjusted later if we find them.
1225 buflim = bufend = &buf[sizeof(buf) - 1];
1227 p = addrhead = addr;
1228 copylev = anglelev = cmtlev = realcmtlev = 0;
1230 qmode = realqmode = addangle = false;
1232 while ((c = *p++) != '\0')
1235 ** Try to keep legal syntax using spare buffer space
1236 ** (maintained by buflim).
1242 /* check for backslash escapes */
1245 /* arrange to quote the address */
1246 if (cmtlev <= 0 && !qmode)
1249 if ((c = *p++) == '\0')
1260 /* check for quoted strings */
1261 if (c == '"' && cmtlev <= 0)
1264 if (copylev > 0 && SM_HAVE_ROOM)
1270 realqmode = !realqmode;
1277 /* check for comments */
1282 /* allow space for closing paren */
1290 SM_APPEND_CHAR(' ');
1311 /* syntax error: unmatched ) */
1312 if (copylev > 0 && SM_HAVE_ROOM && bp > bufhead)
1316 /* count nesting on [ ... ] (for IPv6 domain literals) */
1322 /* check for group: list; syntax */
1323 if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
1324 !gotcolon && !ColonOkInAddr)
1329 ** Check for DECnet phase IV ``::'' (host::user)
1330 ** or DECnet phase V ``:.'' syntaxes. The latter
1331 ** covers ``user@DEC:.tay.myhost'' and
1332 ** ``DEC:.tay.myhost::user'' syntaxes (bletch).
1335 if (*p == ':' || *p == '.')
1337 if (cmtlev <= 0 && !qmode)
1353 SM_APPEND_CHAR('"');
1355 /* back up over the ':' and any spaces */
1358 isascii(*--p) && isspace(*p))
1362 for (q = addrhead; q < p; )
1365 if (quoteit && c == '"')
1366 SM_APPEND_CHAR('\\');
1371 if (bp == &bufhead[1])
1374 SM_APPEND_CHAR('"');
1375 while ((c = *p++) != ':')
1380 /* any trailing white space is part of group: */
1381 while (isascii(*p) && isspace(*p))
1387 putgmac = quoteit = false;
1393 if (c == ';' && copylev <= 0 && !ColonOkInAddr)
1396 /* check for characters that may have to be quoted */
1397 if (strchr(MustQuoteChars, c) != NULL)
1400 ** If these occur as the phrase part of a <>
1401 ** construct, but are not inside of () or already
1402 ** quoted, they will have to be quoted. Note that
1403 ** now (but don't actually do the quoting).
1406 if (cmtlev <= 0 && !qmode)
1410 /* check for angle brackets */
1415 /* assume first of two angles is bogus */
1420 /* oops -- have to change our mind */
1432 SM_APPEND_CHAR('"');
1434 /* back up over the '<' and any spaces */
1437 isascii(*--p) && isspace(*p))
1441 for (q = addrhead; q < p; )
1444 if (quoteit && c == '"')
1446 SM_APPEND_CHAR('\\');
1457 SM_APPEND_CHAR('"');
1458 while ((c = *p++) != '<')
1463 putgmac = quoteit = false;
1479 else if (SM_HAVE_ROOM)
1481 /* syntax error: unmatched > */
1482 if (copylev > 0 && bp > bufhead)
1492 /* must be a real address character */
1494 if (copylev <= 0 && !putgmac)
1496 if (bp > buf && bp[-1] == ')')
1497 SM_APPEND_CHAR(' ');
1498 SM_APPEND_CHAR(MACROEXPAND);
1499 SM_APPEND_CHAR('g');
1504 /* repair any syntactic damage */
1505 if (realqmode && bp < bufend)
1507 while (realcmtlev-- > 0 && bp < bufend)
1509 if (addangle && bp < bufend)
1516 /* String too long, punt */
1518 buf[1] = MACROEXPAND;
1522 sm_syslog(LOG_ALERT, e->e_id,
1523 "Dropped invalid comments from header address");
1528 sm_dprintf("crackaddr=>`");
1529 xputs(sm_debug_file(), buf);
1535 ** PUTHEADER -- put the header part of a message from the in-core copy
1538 ** mci -- the connection information.
1539 ** hdr -- the header to put.
1540 ** e -- envelope to use.
1541 ** flags -- MIME conversion flags.
1551 putheader(mci, hdr, e, flags)
1554 register ENVELOPE *e;
1558 char buf[SM_MAX(MAXLINE,BUFSIZ)];
1562 sm_dprintf("--- putheader, mailer = %s ---\n",
1563 mci->mci_mailer->m_name);
1566 ** If we're in MIME mode, we're not really in the header of the
1567 ** message, just the header of one of the parts of the body of
1568 ** the message. Therefore MCIF_INHEADER should not be turned on.
1571 if (!bitset(MCIF_INMIME, mci->mci_flags))
1572 mci->mci_flags |= MCIF_INHEADER;
1574 for (h = hdr; h != NULL; h = h->h_link)
1576 register char *p = h->h_value;
1581 sm_dprintf(" %s: ", h->h_field);
1582 xputs(sm_debug_file(), p);
1585 /* Skip empty headers */
1586 if (h->h_value == NULL)
1589 /* heuristic shortening of MIME fields to avoid MUA overflows */
1590 if (MaxMimeFieldLength > 0 &&
1591 wordinclass(h->h_field,
1592 macid("{checkMIMEFieldHeaders}")))
1596 len = fix_mime_header(h, e);
1599 sm_syslog(LOG_ALERT, e->e_id,
1600 "Truncated MIME %s header due to field size (length = %ld) (possible attack)",
1601 h->h_field, (unsigned long) len);
1603 sm_dprintf(" truncated MIME %s header due to field size (length = %ld) (possible attack)\n",
1605 (unsigned long) len);
1609 if (MaxMimeHeaderLength > 0 &&
1610 wordinclass(h->h_field,
1611 macid("{checkMIMETextHeaders}")))
1615 len = strlen(h->h_value);
1616 if (len > (size_t) MaxMimeHeaderLength)
1618 h->h_value[MaxMimeHeaderLength - 1] = '\0';
1619 sm_syslog(LOG_ALERT, e->e_id,
1620 "Truncated long MIME %s header (length = %ld) (possible attack)",
1621 h->h_field, (unsigned long) len);
1623 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1625 (unsigned long) len);
1629 if (MaxMimeHeaderLength > 0 &&
1630 wordinclass(h->h_field,
1631 macid("{checkMIMEHeaders}")))
1635 len = strlen(h->h_value);
1636 if (shorten_rfc822_string(h->h_value,
1637 MaxMimeHeaderLength))
1639 if (len < MaxMimeHeaderLength)
1641 /* we only rebalanced a bogus header */
1642 sm_syslog(LOG_ALERT, e->e_id,
1643 "Fixed MIME %s header (possible attack)",
1646 sm_dprintf(" fixed MIME %s header (possible attack)\n",
1651 /* we actually shortened header */
1652 sm_syslog(LOG_ALERT, e->e_id,
1653 "Truncated long MIME %s header (length = %ld) (possible attack)",
1655 (unsigned long) len);
1657 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1659 (unsigned long) len);
1665 ** Suppress Content-Transfer-Encoding: if we are MIMEing
1666 ** and we are potentially converting from 8 bit to 7 bit
1667 ** MIME. If converting, add a new CTE header in
1671 if (bitset(H_CTE, h->h_flags) &&
1672 bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
1674 !bitset(M87F_NO8TO7, flags))
1677 sm_dprintf(" (skipped (content-transfer-encoding))\n");
1681 if (bitset(MCIF_INMIME, mci->mci_flags))
1685 put_vanilla_header(h, p, mci);
1689 if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
1690 !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
1691 (h->h_macro == '\0' ||
1692 (q = macvalue(bitidx(h->h_macro), e)) == NULL ||
1696 sm_dprintf(" (skipped)\n");
1700 /* handle Resent-... headers specially */
1701 if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
1704 sm_dprintf(" (skipped (resent))\n");
1708 /* suppress return receipts if requested */
1709 if (bitset(H_RECEIPTTO, h->h_flags) &&
1710 (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
1713 sm_dprintf(" (skipped (receipt))\n");
1717 /* macro expand value if generated internally */
1718 if (bitset(H_DEFAULT, h->h_flags) ||
1719 bitset(H_BINDLATE, h->h_flags))
1721 expand(p, buf, sizeof buf, e);
1726 sm_dprintf(" (skipped -- null value)\n");
1731 if (bitset(H_BCC, h->h_flags))
1733 /* Bcc: field -- either truncate or delete */
1734 if (bitset(EF_DELETE_BCC, e->e_flags))
1737 sm_dprintf(" (skipped -- bcc)\n");
1741 /* no other recipient headers: truncate value */
1742 (void) sm_strlcpyn(obuf, sizeof obuf, 2,
1752 if (bitset(H_FROM|H_RCPT, h->h_flags))
1755 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
1757 if (bitset(H_FROM, h->h_flags))
1759 commaize(h, p, oldstyle, mci, e);
1763 put_vanilla_header(h, p, mci);
1768 ** If we are converting this to a MIME message, add the
1769 ** MIME headers (but not in MIME mode!).
1773 if (bitset(MM_MIME8BIT, MimeMode) &&
1774 bitset(EF_HAS8BIT, e->e_flags) &&
1775 !bitset(EF_DONT_MIME, e->e_flags) &&
1776 !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
1777 !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
1778 hvalue("MIME-Version", e->e_header) == NULL)
1780 putline("MIME-Version: 1.0", mci);
1781 if (hvalue("Content-Type", e->e_header) == NULL)
1783 (void) sm_snprintf(obuf, sizeof obuf,
1784 "Content-Type: text/plain; charset=%s",
1788 if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
1789 putline("Content-Transfer-Encoding: 8bit", mci);
1791 #endif /* MIME8TO7 */
1794 ** PUT_VANILLA_HEADER -- output a fairly ordinary header
1797 ** h -- the structure describing this header
1798 ** v -- the value of this header
1799 ** mci -- the connection info for output
1806 put_vanilla_header(h, v, mci)
1814 char obuf[MAXLINE + 256]; /* additional length for h_field */
1816 putflags = PXLF_HEADER;
1817 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1818 putflags |= PXLF_STRIP8BIT;
1819 (void) sm_snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field);
1820 obp = obuf + strlen(obuf);
1821 while ((nlp = strchr(v, '\n')) != NULL)
1828 ** XXX This is broken for SPACELEFT()==0
1829 ** However, SPACELEFT() is always > 0 unless MAXLINE==1.
1832 if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
1833 l = SPACELEFT(obuf, obp) - 1;
1835 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
1836 putxline(obuf, strlen(obuf), mci, putflags);
1839 if (*v != ' ' && *v != '\t')
1843 /* XXX This is broken for SPACELEFT()==0 */
1844 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
1845 (int) (SPACELEFT(obuf, obp) - 1), v);
1846 putxline(obuf, strlen(obuf), mci, putflags);
1849 ** COMMAIZE -- output a header field, making a comma-translated list.
1852 ** h -- the header field to output.
1853 ** p -- the value to put in it.
1854 ** oldstyle -- true if this is an old style header.
1855 ** mci -- the connection information.
1856 ** e -- the envelope containing the message.
1862 ** outputs "p" to file "fp".
1866 commaize(h, p, oldstyle, mci, e)
1871 register ENVELOPE *e;
1876 bool firstone = true;
1877 int putflags = PXLF_HEADER;
1879 char obuf[MAXLINE + 3];
1882 ** Output the address list translated by the
1883 ** mailer and with commas.
1887 sm_dprintf("commaize(%s: %s)\n", h->h_field, p);
1889 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1890 putflags |= PXLF_STRIP8BIT;
1893 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ",
1896 /* opos = strlen(obp); */
1897 opos = strlen(h->h_field) + 2;
1901 omax = mci->mci_mailer->m_linelimit - 2;
1902 if (omax < 0 || omax > 78)
1906 ** Run through the list of values.
1911 register char *name;
1918 ** Find the end of the name. New style names
1919 ** end with a comma, old style names end with
1920 ** a space character. However, spaces do not
1921 ** necessarily delimit an old-style name -- at
1922 ** signs mean keep going.
1925 /* find end of name */
1926 while ((isascii(*p) && isspace(*p)) || *p == ',')
1933 char pvpbuf[PSBUFSIZE];
1935 res = prescan(p, oldstyle ? ' ' : ',', pvpbuf,
1936 sizeof pvpbuf, &oldp, NULL, false);
1938 #if _FFR_IGNORE_BOGUS_ADDR
1939 /* ignore addresses that can't be parsed */
1945 #endif /* _FFR_IGNORE_BOGUS_ADDR */
1947 /* look to see if we have an at sign */
1948 while (*p != '\0' && isascii(*p) && isspace(*p))
1957 while (*p != '\0' && isascii(*p) && isspace(*p))
1960 /* at the end of one complete name */
1962 /* strip off trailing white space */
1964 ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1970 ** if prescan() failed go a bit backwards; this is a hack,
1971 ** there should be some better error recovery.
1974 if (res == NULL && p > name &&
1975 !((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1980 /* translate the name to be relative */
1981 flags = RF_HEADERADDR|RF_ADDDOMAIN;
1982 if (bitset(H_FROM, h->h_flags))
1983 flags |= RF_SENDERADDR;
1985 else if (e->e_from.q_mailer != NULL &&
1986 bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
1990 q = udbsender(name, e->e_rpool);
1996 name = remotename(name, mci->mci_mailer, flags, &status, e);
2002 name = denlstring(name, false, true);
2005 ** record data progress so DNS timeouts
2006 ** don't cause DATA timeouts
2009 DataProgress = true;
2011 /* output the name with nice formatting */
2012 opos += strlen(name);
2015 if (opos > omax && !firstone)
2017 (void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
2018 putxline(obuf, strlen(obuf), mci, putflags);
2020 (void) sm_strlcpy(obp, " ", sizeof obuf);
2023 opos += strlen(name);
2027 (void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
2031 while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
2036 if (obp < &obuf[sizeof obuf])
2039 obuf[sizeof obuf - 1] = '\0';
2040 putxline(obuf, strlen(obuf), mci, putflags);
2043 ** COPYHEADER -- copy header list
2045 ** This routine is the equivalent of newstr for header lists
2048 ** header -- list of header structures to copy.
2049 ** rpool -- resource pool, or NULL
2052 ** a copy of 'header'.
2059 copyheader(header, rpool)
2060 register HDR *header;
2063 register HDR *newhdr;
2065 register HDR **tail = &ret;
2067 while (header != NULL)
2069 newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof *newhdr);
2070 STRUCTCOPY(*header, *newhdr);
2072 tail = &newhdr->h_link;
2073 header = header->h_link;
2080 ** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
2082 ** Run through all of the parameters of a MIME header and
2083 ** possibly truncate and rebalance the parameter according
2084 ** to MaxMimeFieldLength.
2087 ** h -- the header to truncate/rebalance
2088 ** e -- the current envelope
2091 ** length of last offending field, 0 if all ok.
2094 ** string modified in place
2098 fix_mime_header(h, e)
2102 char *begin = h->h_value;
2107 if (begin == NULL || *begin == '\0')
2110 /* Split on each ';' */
2111 /* find_character() never returns NULL */
2112 while ((end = find_character(begin, ';')) != NULL)
2119 len = strlen(begin);
2121 /* Shorten individual parameter */
2122 if (shorten_rfc822_string(begin, MaxMimeFieldLength))
2124 if (len < MaxMimeFieldLength)
2126 /* we only rebalanced a bogus field */
2127 sm_syslog(LOG_ALERT, e->e_id,
2128 "Fixed MIME %s header field (possible attack)",
2131 sm_dprintf(" fixed MIME %s header field (possible attack)\n",
2136 /* we actually shortened the header */
2141 /* Collapse the possibly shortened string with rest */
2142 bp = begin + strlen(begin);
2150 /* copy character by character due to overlap */
nant's projects / dragonfly.git / blob