2 * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
12 * $FreeBSD: src/contrib/sendmail/src/headers.c,v 1.4.2.10 2003/03/29 19:33:17 gshapiro Exp $
13 * $DragonFly: src/contrib/sendmail/src/Attic/headers.c,v 1.2 2003/06/17 04:24:06 dillon Exp $
19 SM_RCSID("@(#)$Id: headers.c,v 8.266.4.5 2003/03/12 22:42:52 gshapiro Exp $")
21 static size_t fix_mime_header __P((HDR *, ENVELOPE *));
22 static int priencode __P((char *));
23 static void put_vanilla_header __P((HDR *, char *, MCI *));
26 ** SETUPHEADERS -- initialize headers in symbol table
41 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
43 s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
44 s->s_header.hi_flags = hi->hi_flags;
45 s->s_header.hi_ruleset = NULL;
49 ** CHOMPHEADER -- process and save a header line.
51 ** Called by collect, readcf, and readqf to deal with header lines.
54 ** line -- header as a text line.
55 ** pflag -- flags for chompheader() (from sendmail.h)
56 ** hdrp -- a pointer to the place to save the header.
57 ** e -- the envelope including this header.
60 ** flags for this header.
63 ** The header is saved on the header list.
64 ** Contents of 'line' are destroyed.
67 static struct hdrinfo NormalHeader = { NULL, 0, NULL };
70 chompheader(line, pflag, hdrp, e)
76 unsigned char mid = '\0';
87 bool nullheader = false;
92 sm_dprintf("chompheader: ");
97 headeronly = hdrp != NULL;
101 /* strip off options */
104 if (!bitset(pflag, CHHDR_USER) && *p == '?')
109 q = strchr(++p, '?');
116 /* possibly macro conditional */
117 if (c == MACROEXPAND)
126 mid = (unsigned char) *p++;
144 mid = (unsigned char) macid(p);
145 if (bitset(0200, mid))
146 p += strlen(macname(mid)) + 2;
167 setbitn(bitidx(*p), mopts);
175 /* find canonical name */
177 while (isascii(*p) && isgraph(*p) && *p != ':')
180 while (isascii(*p) && isspace(*p))
182 if (*p++ != ':' || fname == fvalue)
185 syserr("553 5.3.0 header syntax error, line \"%s\"", line);
190 /* strip field value on front */
195 /* if the field is null, go ahead and use the default */
196 while (isascii(*p) && isspace(*p))
201 /* security scan: long field names are end-of-header */
202 if (strlen(fname) > 100)
205 /* check to see if it represents a ruleset call */
206 if (bitset(pflag, CHHDR_DEF))
210 (void) expand(fvalue, hbuf, sizeof hbuf, e);
211 for (p = hbuf; isascii(*p) && isspace(*p); )
213 if ((*p++ & 0377) == CALLSUBR)
218 strc = *p == '+'; /* strip comments? */
221 if (strtorwset(p, &endp, ST_ENTER) > 0)
224 s = stab(fname, ST_HEADER, ST_ENTER);
226 s->s_header.hi_ruleset != NULL)
227 sm_syslog(LOG_WARNING, NOQID,
228 "Warning: redefined ruleset for header=%s, old=%s, new=%s",
230 s->s_header.hi_ruleset, p);
231 s->s_header.hi_ruleset = newstr(p);
233 s->s_header.hi_flags |= H_STRIPCOMM;
239 /* see if it is a known type */
240 s = stab(fname, ST_HEADER, ST_FIND);
249 sm_dprintf("no header flags match\n");
251 sm_dprintf("header match, flags=%lx, ruleset=%s\n",
253 hi->hi_ruleset == NULL ? "<NULL>"
257 /* see if this is a resent message */
258 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
259 bitset(H_RESENT, hi->hi_flags))
260 e->e_flags |= EF_RESENT;
262 /* if this is an Errors-To: header keep track of it now */
263 if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
264 bitset(H_ERRORSTO, hi->hi_flags))
265 (void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
267 /* if this means "end of header" quit now */
268 if (!headeronly && bitset(H_EOH, hi->hi_flags))
272 ** Horrible hack to work around problem with Lotus Notes SMTP
273 ** mail gateway, which generates From: headers with newlines in
274 ** them and the <address> on the second line. Although this is
275 ** legal RFC 822, many MUAs don't handle this properly and thus
276 ** never find the actual address.
279 if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
281 while ((p = strchr(fvalue, '\n')) != NULL)
286 ** If there is a check ruleset, verify it against the header.
289 if (bitset(pflag, CHHDR_CHECK))
294 /* no ruleset? look for default */
296 rscheckflags = RSF_COUNT;
297 if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
298 rscheckflags |= RSF_UNSTRUCTURED;
301 s = stab("*", ST_HEADER, ST_FIND);
304 rs = (&s->s_header)->hi_ruleset;
305 if (bitset((&s->s_header)->hi_flags,
307 rscheckflags |= RSF_RMCOMM;
310 else if (bitset(hi->hi_flags, H_STRIPCOMM))
311 rscheckflags |= RSF_RMCOMM;
320 /* - 3 to avoid problems with " at the end */
321 for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
325 /* XXX other control chars? */
326 case '\011': /* ht */
327 case '\012': /* nl */
328 case '\013': /* vt */
329 case '\014': /* np */
330 case '\015': /* cr */
337 qval[l++] = fvalue[k];
343 k += strlen(fvalue + k);
347 sm_syslog(LOG_WARNING, e->e_id,
348 "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
349 fname, rs, k, MAXNAME - 1);
351 macdefine(&e->e_macro, A_TEMP,
352 macid("{currHeader}"), qval);
353 macdefine(&e->e_macro, A_TEMP,
354 macid("{hdr_name}"), fname);
356 (void) sm_snprintf(qval, sizeof qval, "%d", k);
357 macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
360 ** XXX: h isn't set yet
361 ** If we really want to be precise then we have
362 ** to lookup the header (see below).
363 ** It's probably not worth the effort.
366 if (bitset(H_FROM, h->h_flags))
367 macdefine(&e->e_macro, A_PERM,
368 macid("{addr_type}"), "h s");
369 else if (bitset(H_RCPT, h->h_flags))
370 macdefine(&e->e_macro, A_PERM,
371 macid("{addr_type}"), "h r");
373 #endif /* _FFR_HDR_TYPE */
374 macdefine(&e->e_macro, A_PERM,
375 macid("{addr_type}"), "h");
376 (void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
382 ** Drop explicit From: if same as what we would generate.
383 ** This is to make MH (which doesn't always give a full name)
384 ** insert the full name information in all circumstances.
389 if (!bitset(EF_RESENT, e->e_flags))
391 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
392 !bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
396 sm_dprintf("comparing header from (%s) against default (%s or %s)\n",
397 fvalue, e->e_from.q_paddr, e->e_from.q_user);
399 if (e->e_from.q_paddr != NULL &&
400 e->e_from.q_mailer != NULL &&
401 bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
402 (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
403 strcmp(fvalue, e->e_from.q_user) == 0))
407 /* delete default value for this header */
408 for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
410 if (sm_strcasecmp(fname, h->h_field) == 0 &&
411 !bitset(H_USER, h->h_flags) &&
412 !bitset(H_FORCE, h->h_flags))
416 /* user-supplied value was null */
421 /* make this look like the user entered it */
422 h->h_flags |= H_USER;
428 /* copy conditions from default case */
429 memmove((char *) mopts, (char *) h->h_mflags,
436 /* create a new node */
437 h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof *h);
438 h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
439 h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
441 memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts);
444 h->h_flags = hi->hi_flags;
445 if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
446 h->h_flags |= H_USER;
448 /* strip EOH flag if parsing MIME headers */
450 h->h_flags &= ~H_EOH;
451 if (bitset(pflag, CHHDR_DEF))
452 h->h_flags |= H_DEFAULT;
453 if (cond || mid != '\0')
454 h->h_flags |= H_CHECK;
456 /* hack to see if this is a new format message */
457 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
458 bitset(H_RCPT|H_FROM, h->h_flags) &&
459 (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
460 strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
462 e->e_flags &= ~EF_OLDSTYLE;
468 ** ADDHEADER -- add a header entry to the end of the queue.
470 ** This bypasses the special checking of chompheader.
473 ** field -- the name of the header field.
474 ** value -- the value of the field.
475 ** flags -- flags to add to h_flags.
482 ** adds the field on the list of headers for this envelope.
486 addheader(field, value, flags, e)
495 HDR **hdrlist = &e->e_header;
497 /* find info struct */
498 s = stab(field, ST_HEADER, ST_FIND);
500 /* find current place in list -- keep back pointer? */
501 for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
503 if (sm_strcasecmp(field, h->h_field) == 0)
507 /* allocate space for new header */
508 h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof *h);
510 h->h_value = sm_rpool_strdup_x(e->e_rpool, value);
514 h->h_flags |= s->s_header.hi_flags;
515 clrbitmap(h->h_mflags);
520 ** HVALUE -- return value of a header.
522 ** Only "real" fields (i.e., ones that have not been supplied
523 ** as a default) are used.
526 ** field -- the field name.
527 ** header -- the header list.
530 ** pointer to the value part.
531 ** NULL if not found.
538 hvalue(field, header)
544 for (h = header; h != NULL; h = h->h_link)
546 if (!bitset(H_DEFAULT, h->h_flags) &&
547 sm_strcasecmp(h->h_field, field) == 0)
553 ** ISHEADER -- predicate telling if argument is a header.
555 ** A line is a header if it has a single word followed by
556 ** optional white space followed by a colon.
558 ** Header fields beginning with two dashes, although technically
559 ** permitted by RFC822, are automatically rejected in order
560 ** to make MIME work out. Without this we could have a technically
561 ** legal header such as ``--"foo:bar"'' that would also be a legal
565 ** h -- string to check for possible headerness.
568 ** true if h is a header.
579 register char *s = h;
581 if (s[0] == '-' && s[1] == '-')
584 while (*s > ' ' && *s != ':' && *s != '\0')
590 /* following technically violates RFC822 */
591 while (isascii(*s) && isspace(*s))
597 ** EATHEADER -- run through the stored header and extract info.
600 ** e -- the envelope to process.
601 ** full -- if set, do full processing (e.g., compute
602 ** message priority). This should not be set
603 ** when reading a queue file because some info
604 ** needed to compute the priority is wrong.
605 ** log -- call logsender()?
611 ** Sets a bunch of global variables from information
612 ** in the collected header.
616 eatheader(e, full, log)
617 register ENVELOPE *e;
627 ** Set up macros for possible expansion in headers.
630 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
631 macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
632 if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
633 macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
635 macdefine(&e->e_macro, A_PERM, 'u', NULL);
637 /* full name of from person */
638 p = hvalue("full-name", e->e_header);
641 if (!rfc822_string(p))
644 ** Quote a full name with special characters
645 ** as a comment so crackaddr() doesn't destroy
646 ** the name portion of the address.
649 p = addquotes(p, e->e_rpool);
651 macdefine(&e->e_macro, A_PERM, 'x', p);
655 sm_dprintf("----- collected header -----\n");
657 for (h = e->e_header; h != NULL; h = h->h_link)
660 sm_dprintf("%s: ", h->h_field);
661 if (h->h_value == NULL)
664 sm_dprintf("<NULL>\n");
668 /* do early binding */
669 if (bitset(H_DEFAULT, h->h_flags) &&
670 !bitset(H_BINDLATE, h->h_flags))
678 expand(h->h_value, buf, sizeof buf, e);
681 if (bitset(H_FROM, h->h_flags))
682 expand(crackaddr(buf, e),
684 h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
685 h->h_flags &= ~H_DEFAULT;
694 /* count the number of times it has been processed */
695 if (bitset(H_TRACE, h->h_flags))
698 /* send to this person if we so desire */
699 if (GrabTo && bitset(H_RCPT, h->h_flags) &&
700 !bitset(H_DEFAULT, h->h_flags) &&
701 (!bitset(EF_RESENT, e->e_flags) ||
702 bitset(H_RESENT, h->h_flags)))
705 int saveflags = e->e_flags;
708 (void) sendtolist(denlstring(h->h_value, true, false),
709 NULLADDR, &e->e_sendqueue, 0, e);
713 ** Change functionality so a fatal error on an
714 ** address doesn't affect the entire envelope.
717 /* delete fatal errors generated by this address */
718 if (!bitset(EF_FATALERRS, saveflags))
719 e->e_flags &= ~EF_FATALERRS;
723 /* save the message-id for logging */
724 p = "resent-message-id";
725 if (!bitset(EF_RESENT, e->e_flags))
727 if (sm_strcasecmp(h->h_field, p) == 0)
729 e->e_msgid = h->h_value;
730 while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
735 sm_dprintf("----------------------------\n");
737 /* if we are just verifying (that is, sendmail -t -bv), drop out now */
738 if (OpMode == MD_VERIFY)
741 /* store hop count */
742 if (hopcnt > e->e_hopcount)
744 e->e_hopcount = hopcnt;
745 (void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
746 macdefine(&e->e_macro, A_TEMP, 'c', buf);
749 /* message priority */
750 p = hvalue("precedence", e->e_header);
752 e->e_class = priencode(p);
754 e->e_timeoutclass = TOC_NONURGENT;
755 else if (e->e_class > 0)
756 e->e_timeoutclass = TOC_URGENT;
759 e->e_msgpriority = e->e_msgsize
760 - e->e_class * WkClassFact
761 + e->e_nrcpts * WkRecipFact;
764 /* message timeout priority */
765 p = hvalue("priority", e->e_header);
768 /* (this should be in the configuration file) */
769 if (sm_strcasecmp(p, "urgent") == 0)
770 e->e_timeoutclass = TOC_URGENT;
771 else if (sm_strcasecmp(p, "normal") == 0)
772 e->e_timeoutclass = TOC_NORMAL;
773 else if (sm_strcasecmp(p, "non-urgent") == 0)
774 e->e_timeoutclass = TOC_NONURGENT;
777 #if _FFR_QUEUERETURN_DSN
778 /* If no timeoutclass picked and it's a DSN, use that timeoutclass */
779 if (e->e_timeoutclass == TOC_NORMAL && bitset(EF_RESPONSE, e->e_flags))
780 e->e_timeoutclass = TOC_DSN;
781 #endif /* _FFR_QUEUERETURN_DSN */
783 /* date message originated */
784 p = hvalue("posted-date", e->e_header);
786 p = hvalue("date", e->e_header);
788 macdefine(&e->e_macro, A_PERM, 'a', p);
790 /* check to see if this is a MIME message */
791 if ((e->e_bodytype != NULL &&
792 sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
793 hvalue("MIME-Version", e->e_header) != NULL)
795 e->e_flags |= EF_IS_MIME;
797 e->e_bodytype = "8BITMIME";
799 else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
801 /* this may be an RFC 1049 message */
802 p = strpbrk(p, ";/");
803 if (p == NULL || *p == ';')
806 e->e_flags |= EF_DONT_MIME;
811 ** From person in antiquated ARPANET mode
812 ** required by UK Grey Book e-mail gateways (sigh)
815 if (OpMode == MD_ARPAFTP)
817 register struct hdrinfo *hi;
819 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
821 if (bitset(H_FROM, hi->hi_flags) &&
822 (!bitset(H_RESENT, hi->hi_flags) ||
823 bitset(EF_RESENT, e->e_flags)) &&
824 (p = hvalue(hi->hi_field, e->e_header)) != NULL)
827 if (hi->hi_field != NULL)
830 sm_dprintf("eatheader: setsender(*%s == %s)\n",
832 setsender(p, e, NULL, '\0', true);
837 ** Log collection information.
840 if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
842 logsender(e, e->e_msgid);
843 e->e_flags &= ~EF_LOGSENDER;
847 ** LOGSENDER -- log sender information
850 ** e -- the envelope to log
851 ** msgid -- the message id
859 register ENVELOPE *e;
866 char hbuf[MAXNAME + 1];
867 char sbuf[MAXLINE + 1];
868 char mbuf[MAXNAME + 1];
870 /* don't allow newlines in the message-id */
871 /* XXX do we still need this? sm_syslog() replaces control chars */
875 if (l > sizeof mbuf - 1)
877 memmove(mbuf, msgid, l);
880 while ((p = strchr(p, '\n')) != NULL)
884 if (bitset(EF_RESPONSE, e->e_flags))
886 else if ((name = macvalue('_', e)) != NULL)
889 else if (RealHostName == NULL)
891 else if (RealHostName[0] == '[')
896 (void) sm_snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName);
897 if (RealHostAddr.sa.sa_family != 0)
899 p = &hbuf[strlen(hbuf)];
900 (void) sm_snprintf(p, SPACELEFT(hbuf, p),
902 anynet_ntoa(&RealHostAddr));
906 /* some versions of syslog only take 5 printf args */
907 #if (SYSLOG_BUFSIZE) >= 256
909 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
910 "from=%.200s, size=%ld, class=%d, nrcpts=%d",
911 e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
912 e->e_msgsize, e->e_class, e->e_nrcpts);
916 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
917 ", msgid=%.100s", mbuf);
920 if (e->e_bodytype != NULL)
922 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
923 ", bodytype=%.20s", e->e_bodytype);
926 p = macvalue('r', e);
929 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
933 p = macvalue(macid("{daemon_name}"), e);
936 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
937 ", daemon=%.20s", p);
940 sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
942 #else /* (SYSLOG_BUFSIZE) >= 256 */
944 sm_syslog(LOG_INFO, e->e_id,
946 e->e_from.q_paddr == NULL ? "<NONE>"
947 : shortenstring(e->e_from.q_paddr,
949 sm_syslog(LOG_INFO, e->e_id,
950 "size=%ld, class=%ld, nrcpts=%d",
951 e->e_msgsize, e->e_class, e->e_nrcpts);
953 sm_syslog(LOG_INFO, e->e_id,
955 shortenstring(mbuf, 83));
958 if (e->e_bodytype != NULL)
960 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
961 "bodytype=%.20s, ", e->e_bodytype);
964 p = macvalue('r', e);
967 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
971 sm_syslog(LOG_INFO, e->e_id,
972 "%.400srelay=%s", sbuf, name);
973 #endif /* (SYSLOG_BUFSIZE) >= 256 */
976 ** PRIENCODE -- encode external priority names into internal values.
979 ** p -- priority in ascii.
982 ** priority as a numeric level.
994 for (i = 0; i < NumPriorities; i++)
996 if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
997 return Priorities[i].pri_val;
1000 /* unknown priority */
1004 ** CRACKADDR -- parse an address and turn it into a macro
1006 ** This doesn't actually parse the address -- it just extracts
1007 ** it and replaces it with "$g". The parse is totally ad hoc
1008 ** and isn't even guaranteed to leave something syntactically
1009 ** identical to what it started with. However, it does leave
1010 ** something semantically identical if possible, else at least
1011 ** syntactically correct.
1013 ** For example, it changes "Real Name <real@example.com> (Comment)"
1014 ** to "Real Name <$g> (Comment)".
1016 ** This algorithm has been cleaned up to handle a wider range
1017 ** of cases -- notably quoted and backslash escaped strings.
1018 ** This modification makes it substantially better at preserving
1019 ** the original syntax.
1022 ** addr -- the address to be cracked.
1023 ** e -- the current envelope.
1026 ** a pointer to the new version.
1032 ** The return value is saved in local storage and should
1033 ** be copied if it is to be reused.
1036 #define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend))
1039 ** Append a character to bp if we have room.
1040 ** If not, punt and return $g.
1043 #define SM_APPEND_CHAR(c) \
1053 ERROR MAXNAME must be at least 10
1054 #endif /* MAXNAME < 10 */
1058 register char *addr;
1063 int cmtlev; /* comment level in input string */
1064 int realcmtlev; /* comment level in output string */
1065 int anglelev; /* angle level in input string */
1066 int copylev; /* 0 == in address, >0 copying */
1067 int bracklev; /* bracket level for IPv6 addr check */
1068 bool addangle; /* put closing angle in output */
1069 bool qmode; /* quoting in original string? */
1070 bool realqmode; /* quoting in output string? */
1071 bool putgmac = false; /* already wrote $g */
1072 bool quoteit = false; /* need to quote next character */
1073 bool gotangle = false; /* found first '<' */
1074 bool gotcolon = false; /* found a ':' */
1080 static char buf[MAXNAME + 1];
1083 sm_dprintf("crackaddr(%s)\n", addr);
1085 /* strip leading spaces */
1086 while (*addr != '\0' && isascii(*addr) && isspace(*addr))
1090 ** Start by assuming we have no angle brackets. This will be
1091 ** adjusted later if we find them.
1094 buflim = bufend = &buf[sizeof(buf) - 1];
1096 p = addrhead = addr;
1097 copylev = anglelev = cmtlev = realcmtlev = 0;
1099 qmode = realqmode = addangle = false;
1101 while ((c = *p++) != '\0')
1104 ** Try to keep legal syntax using spare buffer space
1105 ** (maintained by buflim).
1111 /* check for backslash escapes */
1114 /* arrange to quote the address */
1115 if (cmtlev <= 0 && !qmode)
1118 if ((c = *p++) == '\0')
1129 /* check for quoted strings */
1130 if (c == '"' && cmtlev <= 0)
1133 if (copylev > 0 && SM_HAVE_ROOM)
1139 realqmode = !realqmode;
1146 /* check for comments */
1151 /* allow space for closing paren */
1159 SM_APPEND_CHAR(' ');
1180 /* syntax error: unmatched ) */
1181 if (copylev > 0 && SM_HAVE_ROOM)
1185 /* count nesting on [ ... ] (for IPv6 domain literals) */
1191 /* check for group: list; syntax */
1192 if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
1193 !gotcolon && !ColonOkInAddr)
1198 ** Check for DECnet phase IV ``::'' (host::user)
1199 ** or DECnet phase V ``:.'' syntaxes. The latter
1200 ** covers ``user@DEC:.tay.myhost'' and
1201 ** ``DEC:.tay.myhost::user'' syntaxes (bletch).
1204 if (*p == ':' || *p == '.')
1206 if (cmtlev <= 0 && !qmode)
1222 SM_APPEND_CHAR('"');
1224 /* back up over the ':' and any spaces */
1227 isascii(*--p) && isspace(*p))
1231 for (q = addrhead; q < p; )
1234 if (quoteit && c == '"')
1236 SM_APPEND_CHAR('\\');
1244 if (bp == &bufhead[1])
1247 SM_APPEND_CHAR('"');
1248 while ((c = *p++) != ':')
1253 /* any trailing white space is part of group: */
1254 while (isascii(*p) && isspace(*p))
1260 putgmac = quoteit = false;
1266 if (c == ';' && copylev <= 0 && !ColonOkInAddr)
1269 /* check for characters that may have to be quoted */
1270 if (strchr(MustQuoteChars, c) != NULL)
1273 ** If these occur as the phrase part of a <>
1274 ** construct, but are not inside of () or already
1275 ** quoted, they will have to be quoted. Note that
1276 ** now (but don't actually do the quoting).
1279 if (cmtlev <= 0 && !qmode)
1283 /* check for angle brackets */
1288 /* assume first of two angles is bogus */
1293 /* oops -- have to change our mind */
1305 SM_APPEND_CHAR('"');
1307 /* back up over the '<' and any spaces */
1310 isascii(*--p) && isspace(*p))
1314 for (q = addrhead; q < p; )
1317 if (quoteit && c == '"')
1319 SM_APPEND_CHAR('\\');
1330 SM_APPEND_CHAR('"');
1331 while ((c = *p++) != '<')
1336 putgmac = quoteit = false;
1352 else if (SM_HAVE_ROOM)
1354 /* syntax error: unmatched > */
1365 /* must be a real address character */
1367 if (copylev <= 0 && !putgmac)
1369 if (bp > buf && bp[-1] == ')')
1370 SM_APPEND_CHAR(' ');
1371 SM_APPEND_CHAR(MACROEXPAND);
1372 SM_APPEND_CHAR('g');
1377 /* repair any syntactic damage */
1378 if (realqmode && bp < bufend)
1380 while (realcmtlev-- > 0 && bp < bufend)
1382 if (addangle && bp < bufend)
1389 /* String too long, punt */
1391 buf[1] = MACROEXPAND;
1395 sm_syslog(LOG_ALERT, e->e_id,
1396 "Dropped invalid comments from header address");
1401 sm_dprintf("crackaddr=>`");
1408 ** PUTHEADER -- put the header part of a message from the in-core copy
1411 ** mci -- the connection information.
1412 ** hdr -- the header to put.
1413 ** e -- envelope to use.
1414 ** flags -- MIME conversion flags.
1424 putheader(mci, hdr, e, flags)
1427 register ENVELOPE *e;
1431 char buf[SM_MAX(MAXLINE,BUFSIZ)];
1435 sm_dprintf("--- putheader, mailer = %s ---\n",
1436 mci->mci_mailer->m_name);
1439 ** If we're in MIME mode, we're not really in the header of the
1440 ** message, just the header of one of the parts of the body of
1441 ** the message. Therefore MCIF_INHEADER should not be turned on.
1444 if (!bitset(MCIF_INMIME, mci->mci_flags))
1445 mci->mci_flags |= MCIF_INHEADER;
1447 for (h = hdr; h != NULL; h = h->h_link)
1449 register char *p = h->h_value;
1454 sm_dprintf(" %s: ", h->h_field);
1458 /* Skip empty headers */
1459 if (h->h_value == NULL)
1462 /* heuristic shortening of MIME fields to avoid MUA overflows */
1463 if (MaxMimeFieldLength > 0 &&
1464 wordinclass(h->h_field,
1465 macid("{checkMIMEFieldHeaders}")))
1469 len = fix_mime_header(h, e);
1472 sm_syslog(LOG_ALERT, e->e_id,
1473 "Truncated MIME %s header due to field size (length = %ld) (possible attack)",
1474 h->h_field, (unsigned long) len);
1476 sm_dprintf(" truncated MIME %s header due to field size (length = %ld) (possible attack)\n",
1478 (unsigned long) len);
1482 if (MaxMimeHeaderLength > 0 &&
1483 wordinclass(h->h_field,
1484 macid("{checkMIMETextHeaders}")))
1488 len = strlen(h->h_value);
1489 if (len > (size_t) MaxMimeHeaderLength)
1491 h->h_value[MaxMimeHeaderLength - 1] = '\0';
1492 sm_syslog(LOG_ALERT, e->e_id,
1493 "Truncated long MIME %s header (length = %ld) (possible attack)",
1494 h->h_field, (unsigned long) len);
1496 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1498 (unsigned long) len);
1502 if (MaxMimeHeaderLength > 0 &&
1503 wordinclass(h->h_field,
1504 macid("{checkMIMEHeaders}")))
1508 len = strlen(h->h_value);
1509 if (shorten_rfc822_string(h->h_value,
1510 MaxMimeHeaderLength))
1512 if (len < MaxMimeHeaderLength)
1514 /* we only rebalanced a bogus header */
1515 sm_syslog(LOG_ALERT, e->e_id,
1516 "Fixed MIME %s header (possible attack)",
1519 sm_dprintf(" fixed MIME %s header (possible attack)\n",
1524 /* we actually shortened header */
1525 sm_syslog(LOG_ALERT, e->e_id,
1526 "Truncated long MIME %s header (length = %ld) (possible attack)",
1528 (unsigned long) len);
1530 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1532 (unsigned long) len);
1538 ** Suppress Content-Transfer-Encoding: if we are MIMEing
1539 ** and we are potentially converting from 8 bit to 7 bit
1540 ** MIME. If converting, add a new CTE header in
1544 if (bitset(H_CTE, h->h_flags) &&
1545 bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
1547 !bitset(M87F_NO8TO7, flags))
1550 sm_dprintf(" (skipped (content-transfer-encoding))\n");
1554 if (bitset(MCIF_INMIME, mci->mci_flags))
1558 put_vanilla_header(h, p, mci);
1562 if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
1563 !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
1564 (h->h_macro == '\0' ||
1565 (q = macvalue(bitidx(h->h_macro), e)) == NULL ||
1569 sm_dprintf(" (skipped)\n");
1573 /* handle Resent-... headers specially */
1574 if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
1577 sm_dprintf(" (skipped (resent))\n");
1581 /* suppress return receipts if requested */
1582 if (bitset(H_RECEIPTTO, h->h_flags) &&
1583 (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
1586 sm_dprintf(" (skipped (receipt))\n");
1590 /* macro expand value if generated internally */
1591 if (bitset(H_DEFAULT, h->h_flags) ||
1592 bitset(H_BINDLATE, h->h_flags))
1594 expand(p, buf, sizeof buf, e);
1599 sm_dprintf(" (skipped -- null value)\n");
1604 if (bitset(H_BCC, h->h_flags))
1606 /* Bcc: field -- either truncate or delete */
1607 if (bitset(EF_DELETE_BCC, e->e_flags))
1610 sm_dprintf(" (skipped -- bcc)\n");
1614 /* no other recipient headers: truncate value */
1615 (void) sm_strlcpyn(obuf, sizeof obuf, 2,
1625 if (bitset(H_FROM|H_RCPT, h->h_flags))
1628 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
1630 if (bitset(H_FROM, h->h_flags))
1632 commaize(h, p, oldstyle, mci, e);
1636 put_vanilla_header(h, p, mci);
1641 ** If we are converting this to a MIME message, add the
1642 ** MIME headers (but not in MIME mode!).
1646 if (bitset(MM_MIME8BIT, MimeMode) &&
1647 bitset(EF_HAS8BIT, e->e_flags) &&
1648 !bitset(EF_DONT_MIME, e->e_flags) &&
1649 !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
1650 !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
1651 hvalue("MIME-Version", e->e_header) == NULL)
1653 putline("MIME-Version: 1.0", mci);
1654 if (hvalue("Content-Type", e->e_header) == NULL)
1656 (void) sm_snprintf(obuf, sizeof obuf,
1657 "Content-Type: text/plain; charset=%s",
1661 if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
1662 putline("Content-Transfer-Encoding: 8bit", mci);
1664 #endif /* MIME8TO7 */
1667 ** PUT_VANILLA_HEADER -- output a fairly ordinary header
1670 ** h -- the structure describing this header
1671 ** v -- the value of this header
1672 ** mci -- the connection info for output
1679 put_vanilla_header(h, v, mci)
1689 putflags = PXLF_HEADER;
1690 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1691 putflags |= PXLF_STRIP8BIT;
1692 (void) sm_snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field);
1693 obp = obuf + strlen(obuf);
1694 while ((nlp = strchr(v, '\n')) != NULL)
1699 if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
1700 l = SPACELEFT(obuf, obp) - 1;
1702 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
1703 putxline(obuf, strlen(obuf), mci, putflags);
1706 if (*v != ' ' && *v != '\t')
1709 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
1710 (int) (SPACELEFT(obuf, obp) - 1), v);
1711 putxline(obuf, strlen(obuf), mci, putflags);
1714 ** COMMAIZE -- output a header field, making a comma-translated list.
1717 ** h -- the header field to output.
1718 ** p -- the value to put in it.
1719 ** oldstyle -- true if this is an old style header.
1720 ** mci -- the connection information.
1721 ** e -- the envelope containing the message.
1727 ** outputs "p" to file "fp".
1731 commaize(h, p, oldstyle, mci, e)
1736 register ENVELOPE *e;
1741 bool firstone = true;
1742 int putflags = PXLF_HEADER;
1743 char obuf[MAXLINE + 3];
1746 ** Output the address list translated by the
1747 ** mailer and with commas.
1751 sm_dprintf("commaize(%s: %s)\n", h->h_field, p);
1753 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1754 putflags |= PXLF_STRIP8BIT;
1757 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ",
1759 opos = strlen(h->h_field) + 2;
1763 omax = mci->mci_mailer->m_linelimit - 2;
1764 if (omax < 0 || omax > 78)
1768 ** Run through the list of values.
1773 register char *name;
1780 ** Find the end of the name. New style names
1781 ** end with a comma, old style names end with
1782 ** a space character. However, spaces do not
1783 ** necessarily delimit an old-style name -- at
1784 ** signs mean keep going.
1787 /* find end of name */
1788 while ((isascii(*p) && isspace(*p)) || *p == ',')
1794 char pvpbuf[PSBUFSIZE];
1796 (void) prescan(p, oldstyle ? ' ' : ',', pvpbuf,
1797 sizeof pvpbuf, &oldp, NULL);
1800 /* look to see if we have an at sign */
1801 while (*p != '\0' && isascii(*p) && isspace(*p))
1810 while (*p != '\0' && isascii(*p) && isspace(*p))
1813 /* at the end of one complete name */
1815 /* strip off trailing white space */
1817 ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1824 /* translate the name to be relative */
1825 flags = RF_HEADERADDR|RF_ADDDOMAIN;
1826 if (bitset(H_FROM, h->h_flags))
1827 flags |= RF_SENDERADDR;
1829 else if (e->e_from.q_mailer != NULL &&
1830 bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
1834 q = udbsender(name, e->e_rpool);
1840 name = remotename(name, mci->mci_mailer, flags, &status, e);
1846 name = denlstring(name, false, true);
1849 ** record data progress so DNS timeouts
1850 ** don't cause DATA timeouts
1853 DataProgress = true;
1855 /* output the name with nice formatting */
1856 opos += strlen(name);
1859 if (opos > omax && !firstone)
1861 (void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
1862 putxline(obuf, strlen(obuf), mci, putflags);
1864 (void) sm_strlcpy(obp, " ", sizeof obp);
1867 opos += strlen(name);
1871 (void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
1875 while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
1881 putxline(obuf, strlen(obuf), mci, putflags);
1884 ** COPYHEADER -- copy header list
1886 ** This routine is the equivalent of newstr for header lists
1889 ** header -- list of header structures to copy.
1890 ** rpool -- resource pool, or NULL
1893 ** a copy of 'header'.
1900 copyheader(header, rpool)
1901 register HDR *header;
1904 register HDR *newhdr;
1906 register HDR **tail = &ret;
1908 while (header != NULL)
1910 newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof *newhdr);
1911 STRUCTCOPY(*header, *newhdr);
1913 tail = &newhdr->h_link;
1914 header = header->h_link;
1921 ** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
1923 ** Run through all of the parameters of a MIME header and
1924 ** possibly truncate and rebalance the parameter according
1925 ** to MaxMimeFieldLength.
1928 ** h -- the header to truncate/rebalance
1929 ** e -- the current envelope
1932 ** length of last offending field, 0 if all ok.
1935 ** string modified in place
1939 fix_mime_header(h, e)
1943 char *begin = h->h_value;
1948 if (begin == NULL || *begin == '\0')
1951 /* Split on each ';' */
1952 while ((end = find_character(begin, ';')) != NULL)
1959 len = strlen(begin);
1961 /* Shorten individual parameter */
1962 if (shorten_rfc822_string(begin, MaxMimeFieldLength))
1964 if (len < MaxMimeFieldLength)
1966 /* we only rebalanced a bogus field */
1967 sm_syslog(LOG_ALERT, e->e_id,
1968 "Fixed MIME %s header field (possible attack)",
1971 sm_dprintf(" fixed MIME %s header field (possible attack)\n",
1976 /* we actually shortened the header */
1981 /* Collapse the possibly shortened string with rest */
1982 bp = begin + strlen(begin);
1990 /* copy character by character due to overlap */