2 * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: collect.c,v 8.261 2005/02/16 23:38:51 ca Exp $")
18 static void collecttimeout __P((int));
19 static void eatfrom __P((char *volatile, ENVELOPE *));
20 static void collect_doheader __P((ENVELOPE *));
21 static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
22 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
25 ** COLLECT_EOH -- end-of-header processing in collect()
27 ** Called by collect() when it encounters the blank line
28 ** separating the header from the message body, or when it
29 ** encounters EOF in a message that contains only a header.
33 ** numhdrs -- number of headers
34 ** hdrslen -- length of headers
37 ** NULL, or handle to open data file
40 ** end-of-header check ruleset is invoked.
41 ** envelope state is updated.
42 ** headers may be added and deleted.
44 ** opens the data file.
48 collect_eoh(e, numhdrs, hdrslen)
56 /* call the end-of-header check ruleset */
57 (void) sm_snprintf(hnum, sizeof hnum, "%d", numhdrs);
58 (void) sm_snprintf(hsize, sizeof hsize, "%d", hdrslen);
60 sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
62 (void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
66 ** Process the header,
67 ** select the queue, open the data file.
71 return collect_dfopen(e);
75 ** COLLECT_DOHEADER -- process header in collect()
77 ** Called by collect() after it has finished parsing the header,
78 ** but before it selects the queue and creates the data file.
79 ** The results of processing the header will affect queue selection.
88 ** envelope state is updated.
89 ** headers may be added and deleted.
97 ** Find out some information from the headers.
98 ** Examples are who is the from person & the date.
101 eatheader(e, true, false);
103 if (GrabTo && e->e_sendqueue == NULL)
104 usrerr("No recipient addresses found in header");
107 ** If we have a Return-Receipt-To:, turn it into a DSN.
110 if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
114 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
115 if (!bitset(QHASNOTIFY, q->q_flags))
116 q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
120 ** Add an appropriate recipient line if we have none.
123 if (hvalue("to", e->e_header) != NULL ||
124 hvalue("cc", e->e_header) != NULL ||
125 hvalue("apparently-to", e->e_header) != NULL)
127 /* have a valid recipient header -- delete Bcc: headers */
128 e->e_flags |= EF_DELETE_BCC;
130 else if (hvalue("bcc", e->e_header) == NULL)
132 /* no valid recipient headers */
136 /* create a recipient field */
137 switch (NoRecipientAction)
139 case NRA_ADD_APPARENTLY_TO:
140 hdr = "Apparently-To";
148 addheader("Bcc", " ", 0, e);
151 case NRA_ADD_TO_UNDISCLOSED:
152 addheader("To", "undisclosed-recipients:;", 0, e);
158 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
160 if (q->q_alias != NULL)
163 sm_dprintf("Adding %s: %s\n",
165 addheader(hdr, q->q_paddr, 0, e);
172 ** COLLECT_DFOPEN -- open the message data file
174 ** Called by collect() after it has finished processing the header.
175 ** Queue selection occurs at this point, possibly based on the
176 ** envelope's recipient list and on header information.
182 ** NULL, or a pointer to an open data file,
183 ** into which the message body will be written by collect().
186 ** Calls syserr, sets EF_FATALERRS and returns NULL
187 ** if there is insufficient disk space.
188 ** Aborts process if data file could not be opened.
189 ** Otherwise, the queue is selected,
190 ** e->e_{dfino,dfdev,msgsize,flags} are updated,
191 ** and a pointer to an open data file is returned.
207 dfname = queuename(e, DATAFL_LETTER);
208 if (bitset(S_IWGRP, QueueFileMode))
209 oldumask = umask(002);
210 df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
212 if (bitset(S_IWGRP, QueueFileMode))
213 (void) umask(oldumask);
216 syserr("@Cannot create %s", dfname);
217 e->e_flags |= EF_NO_BODY_RETN;
219 finis(false, true, ExitStat);
222 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
223 if (dfd < 0 || fstat(dfd, &stbuf) < 0)
227 e->e_dfdev = stbuf.st_dev;
228 e->e_dfino = stbuf.st_ino;
230 e->e_flags |= EF_HAS_DF;
235 ** COLLECT -- read & parse message header & make temp file.
237 ** Creates a temporary file name and copies the standard
238 ** input to that file. Leading UNIX-style "From" lines are
239 ** stripped off (after important information is extracted).
242 ** fp -- file to read.
243 ** smtpmode -- if set, we are running SMTP: give an RFC821
244 ** style message to say we are ready to collect
245 ** input, and never ignore a single dot to mean
247 ** hdrp -- the location to stash the header.
248 ** e -- the current envelope.
249 ** rsetsize -- reset e_msgsize?
256 ** - Data file is created and filled, and e->e_dfp is set.
257 ** - The from person may be set.
258 ** If the "enough disk space" check fails,
259 ** - syserr is called.
260 ** - e->e_dfp is NULL.
261 ** - e->e_flags & EF_FATALERRS is set.
262 ** - collect() returns.
263 ** If data file cannot be created, the process is terminated.
266 static jmp_buf CtxCollectTimeout;
267 static bool volatile CollectProgress;
268 static SM_EVENT *volatile CollectTimeout = NULL;
270 /* values for input state machine */
271 #define IS_NORM 0 /* middle of line */
272 #define IS_BOL 1 /* beginning of line */
273 #define IS_DOT 2 /* read a dot at beginning of line */
274 #define IS_DOTCR 3 /* read ".\r" at beginning of line */
275 #define IS_CR 4 /* read a carriage return */
277 /* values for message state machine */
278 #define MS_UFROM 0 /* reading Unix from line */
279 #define MS_HEADER 1 /* reading message header */
280 #define MS_BODY 2 /* reading message body */
281 #define MS_DISCARD 3 /* discarding rest of message */
284 collect(fp, smtpmode, hdrp, e, rsetsize)
288 register ENVELOPE *e;
291 register SM_FILE_T *volatile df;
292 volatile bool ignrdot;
294 register char *volatile bp;
296 volatile bool inputerr;
302 volatile int hdrslen;
303 volatile int numhdrs;
305 unsigned char *volatile pbp;
306 unsigned char peekbuf[8];
307 char bufbuf[MAXLINE];
310 ignrdot = smtpmode ? false : IgnrDot;
311 dbto = smtpmode ? (int) TimeOuts.to_datablock : 0;
314 headeronly = hdrp != NULL;
317 HasEightBits = false;
319 buflen = sizeof bufbuf;
322 mstate = SaveFrom ? MS_HEADER : MS_UFROM;
323 CollectProgress = false;
326 ** Tell ARPANET to go ahead.
330 message("354 Enter mail, end with \".\" on a line by itself");
333 sm_dprintf("collect\n");
338 ** This is done using two interleaved state machines.
339 ** The input state machine is looking for things like
340 ** hidden dots; the message state machine is handling
341 ** the larger picture (e.g., header versus body).
346 /* handle possible input timeout */
347 if (setjmp(CtxCollectTimeout) != 0)
350 sm_syslog(LOG_NOTICE, e->e_id,
351 "timeout waiting for input from %s during message collect",
357 ** Override e_message in usrerr() as this
358 ** is the reason for failure that should
359 ** be logged for undelivered recipients.
364 usrerr("451 4.4.1 timeout waiting for input during message collect");
367 CollectTimeout = sm_setevent(dbto, collecttimeout, dbto);
375 sm_dprintf("top, istate=%d, mstate=%d\n", istate,
383 while (!sm_io_eof(fp) && !sm_io_error(fp))
386 c = sm_io_getc(fp, SM_TIME_DEFAULT);
387 if (c == SM_IO_EOF && errno == EINTR)
389 /* Interrupted, retry */
395 CollectProgress = true;
396 if (TrafficLogFile != NULL && !headeronly)
398 if (istate == IS_BOL)
399 (void) sm_io_fprintf(TrafficLogFile,
404 (void) sm_io_fprintf(TrafficLogFile,
408 (void) sm_io_putc(TrafficLogFile,
417 HasEightBits |= bitset(0x80, c);
420 sm_dprintf("istate=%d, c=%c (0x%x)\n",
421 istate, (char) c, c);
433 if (c == '\n' && !ignrdot &&
434 !bitset(EF_NL_NOT_EOL, e->e_flags))
436 else if (c == '\r' &&
437 !bitset(EF_CRLF_NOT_EOL, e->e_flags))
445 OpMode != MD_DAEMON &&
446 OpMode != MD_ARPAFTP))
449 SM_ASSERT(pbp < peekbuf + sizeof(peekbuf));
456 if (c == '\n' && !ignrdot)
460 /* push back the ".\rx" */
461 SM_ASSERT(pbp < peekbuf + sizeof(peekbuf));
463 if (OpMode != MD_SMTP &&
464 OpMode != MD_DAEMON &&
465 OpMode != MD_ARPAFTP)
467 SM_ASSERT(pbp < peekbuf +
482 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
490 if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags))
495 else if (c == '\n' && !bitset(EF_NL_NOT_EOL,
505 if (e->e_msgsize >= 0)
508 if (MaxMessageSize > 0 &&
509 !bitset(EF_TOOBIG, e->e_flags) &&
510 e->e_msgsize > MaxMessageSize)
511 e->e_flags |= EF_TOOBIG;
517 /* just put the character out */
518 if (!bitset(EF_TOOBIG, e->e_flags))
519 (void) sm_io_putc(df, SM_TIME_DEFAULT,
528 SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
530 /* header -- buffer up */
531 if (bp >= &buf[buflen - 2])
535 /* out of space for header */
537 if (buflen < MEMCHUNKSIZE)
540 buflen += MEMCHUNKSIZE;
541 buf = xalloc(buflen);
542 memmove(buf, obuf, bp - obuf);
543 bp = &buf[bp - obuf];
545 sm_free(obuf); /* XXX */
549 ** XXX Notice: the logic here is broken.
550 ** An input to sendmail that doesn't contain a
551 ** header but starts immediately with the body whose
552 ** first line contain characters which match the
553 ** following "if" will cause problems: those
554 ** characters will NOT appear in the output...
558 if (c >= 0200 && c <= 0237)
560 #if 0 /* causes complaints -- figure out something for 8.n+1 */
561 usrerr("Illegal character 0x%x in header", c);
571 MaxHeadersLength > 0 &&
572 hdrslen > MaxHeadersLength)
574 sm_syslog(LOG_NOTICE, e->e_id,
575 "headers too large (%d max) from %s during message collect",
579 e->e_flags |= EF_CLRQUEUE;
580 e->e_status = "5.6.0";
581 usrerrenh(e->e_status,
582 "552 Headers too large (%d max)",
587 if (istate == IS_BOL)
594 sm_dprintf("nextstate, istate=%d, mstate=%d, line = \"%s\"\n",
595 istate, mstate, buf);
601 if (strncmp(buf, "From ", 5) == 0)
607 #endif /* ! NOTUNIX */
617 /* check for possible continuation line */
622 c = sm_io_getc(fp, SM_TIME_DEFAULT);
623 } while (c == SM_IO_EOF && errno == EINTR);
625 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
626 if (c == ' ' || c == '\t')
628 /* yep -- defer this */
632 /* trim off trailing CRLF or NL */
634 if (*--bp != '\n' || *--bp != '\r')
638 if (bitset(H_EOH, chompheader(buf,
639 CHHDR_CHECK | CHHDR_USER,
655 df = collect_eoh(e, numhdrs, hdrslen);
657 e->e_flags |= EF_TOOBIG;
661 /* toss blank line */
662 if ((!bitset(EF_CRLF_NOT_EOL, e->e_flags) &&
663 bp[0] == '\r' && bp[1] == '\n') ||
664 (!bitset(EF_NL_NOT_EOL, e->e_flags) &&
670 /* if not a blank separator, write it out */
671 if (!bitset(EF_TOOBIG, e->e_flags))
674 (void) sm_io_putc(df, SM_TIME_DEFAULT,
683 if ((sm_io_eof(fp) && smtpmode) || sm_io_error(fp))
688 errmsg = "unexpected close";
690 errmsg = sm_errstring(errno);
692 sm_dprintf("collect: premature EOM: %s\n", errmsg);
694 sm_syslog(LOG_WARNING, e->e_id,
695 "collect: premature EOM: %s", errmsg);
699 /* reset global timer */
700 if (CollectTimeout != NULL)
701 sm_clrevent(CollectTimeout);
706 if (mstate != MS_BODY)
708 /* no body or discard, so we never opened the data file */
709 SM_ASSERT(df == NULL);
710 df = collect_eoh(e, numhdrs, hdrslen);
715 /* skip next few clauses */
718 else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
720 dferror(df, "sm_io_flush||sm_io_error", e);
722 finis(true, true, ExitStat);
725 else if (SuperSafe == SAFE_NO ||
726 SuperSafe == SAFE_INTERACTIVE ||
727 (SuperSafe == SAFE_REALLY_POSTMILTER && smtpmode))
729 /* skip next few clauses */
731 /* Note: updfs() is not called in this case! */
733 else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
735 int save_errno = errno;
737 if (save_errno == EEXIST)
743 dfile = queuename(e, DATAFL_LETTER);
744 if (stat(dfile, &st) < 0)
747 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
748 dfile, (long) st.st_size);
749 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
751 dumpfd(dfd, true, true);
754 dferror(df, "bfcommit", e);
756 finis(save_errno != EEXIST, true, ExitStat);
758 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
760 dferror(df, "sm_io_getinfo", e);
762 finis(true, true, ExitStat);
765 else if (fsync(afd) < 0)
767 dferror(df, "fsync", e);
769 finis(true, true, ExitStat);
772 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
774 dferror(df, "sm_io_close", e);
776 finis(true, true, ExitStat);
781 /* everything is happily flushed to disk */
784 /* remove from available space in filesystem */
785 updfs(e, 0, 1, "collect");
788 /* An EOF when running SMTP is an error */
789 if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
800 problem = "unexpected close";
801 else if (sm_io_error(fp))
802 problem = "I/O error";
804 problem = "read timeout";
805 if (LogLevel > 0 && sm_io_eof(fp))
806 sm_syslog(LOG_NOTICE, e->e_id,
807 "collect: %s on connection from %.100s, sender=%s",
809 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
811 usrerr("451 4.4.1 collect: %s on connection from %s, from=%s",
813 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
815 syserr("451 4.4.1 collect: %s on connection from %s, from=%s",
817 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
819 /* don't return an error indication */
821 e->e_flags &= ~EF_FATALERRS;
822 e->e_flags |= EF_CLRQUEUE;
824 /* Don't send any message notification to sender */
825 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
827 if (QS_IS_DEAD(q->q_state))
829 q->q_state = QS_FATALERR;
832 finis(true, true, ExitStat);
836 /* Log collection information. */
837 if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
839 logsender(e, e->e_msgid);
840 e->e_flags &= ~EF_LOGSENDER;
843 /* check for message too large */
844 if (bitset(EF_TOOBIG, e->e_flags))
846 e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
847 if (!bitset(EF_FATALERRS, e->e_flags))
849 e->e_status = "5.2.3";
850 usrerrenh(e->e_status,
851 "552 Message exceeds maximum fixed size (%ld)",
854 sm_syslog(LOG_NOTICE, e->e_id,
855 "message size (%ld) exceeds maximum (%ld)",
856 e->e_msgsize, MaxMessageSize);
860 /* check for illegal 8-bit data */
863 e->e_flags |= EF_HAS8BIT;
864 if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
865 !bitset(EF_IS_MIME, e->e_flags))
867 e->e_status = "5.6.1";
868 usrerrenh(e->e_status, "554 Eight bit data not allowed");
873 /* if it claimed to be 8 bits, well, it lied.... */
874 if (e->e_bodytype != NULL &&
875 sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0)
876 e->e_bodytype = "7BIT";
879 if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
881 char *dfname = queuename(e, DATAFL_LETTER);
882 if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
883 SM_IO_RDONLY_B, NULL)) == NULL)
885 /* we haven't acked receipt yet, so just chuck this */
886 syserr("@Cannot reopen %s", dfname);
887 finis(true, true, ExitStat);
894 /* collect statistics */
895 if (OpMode != MD_VERIFY)
898 ** Recalculate e_msgpriority, it is done at in eatheader()
899 ** which is called (in 8.12) after the header is collected,
900 ** hence e_msgsize is (most likely) incorrect.
903 e->e_msgpriority = e->e_msgsize
904 - e->e_class * WkClassFact
905 + e->e_nrcpts * WkRecipFact;
906 markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
911 collecttimeout(timeout)
914 int save_errno = errno;
917 ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD
918 ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
924 /* reset the timeout */
925 CollectTimeout = sm_sigsafe_setevent(timeout, collecttimeout,
927 CollectProgress = false;
932 CollectTimeout = NULL;
935 /* if no progress was made or problem resetting event, die now */
936 if (CollectTimeout == NULL)
939 longjmp(CtxCollectTimeout, 1);
944 ** DFERROR -- signal error on writing the data file.
946 ** Called by collect(). Collect() always terminates the process
947 ** immediately after calling dferror(), which means that the SMTP
948 ** session will be terminated, which means that any error message
949 ** issued by dferror must be a 421 error, as per RFC 821.
952 ** df -- the file pointer for the data file.
953 ** msg -- detailed message.
954 ** e -- the current envelope.
960 ** Gives an error message.
961 ** Arranges for following output to go elsewhere.
966 SM_FILE_T *volatile df;
968 register ENVELOPE *e;
972 dfname = queuename(e, DATAFL_LETTER);
978 #else /* STAT64 > 0 */
980 #endif /* STAT64 > 0 */
984 e->e_flags |= EF_NO_BODY_RETN;
988 fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
989 #else /* STAT64 > 0 */
990 fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
991 #endif /* STAT64 > 0 */
994 (void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
995 SM_IO_WRONLY_B, NULL, df);
997 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
998 "\n*** Mail could not be accepted");
1000 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1001 "\n*** Mail of at least %llu bytes could not be accepted\n",
1002 (ULONGLONG_T) st.st_size);
1003 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1004 "*** at %s due to lack of disk space for temp file.\n",
1006 avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
1011 avail *= bsize / 1024;
1012 else if (bsize < 1024)
1013 avail /= 1024 / bsize;
1014 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1015 "*** Currently, %ld kilobytes are available for mail temp files.\n",
1019 /* Wrong response code; should be 421. */
1020 e->e_status = "4.3.1";
1021 usrerrenh(e->e_status, "452 Out of disk space for temp file");
1023 syserr("421 4.3.1 Out of disk space for temp file");
1027 syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%d, gid=%d)",
1028 dfname, msg, (int) geteuid(), (int) getegid());
1029 if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
1030 SM_IO_WRONLY, NULL, df) == NULL)
1031 sm_syslog(LOG_ERR, e->e_id,
1032 "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1033 sm_errstring(errno));
1036 ** EATFROM -- chew up a UNIX style from line and process
1038 ** This does indeed make some assumptions about the format
1039 ** of UNIX messages.
1042 ** fm -- the from line.
1049 ** extracts what information it can from the header,
1050 ** such as the date.
1055 static char *DowList[] =
1057 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1060 static char *MonthList[] =
1062 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
1063 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1070 register ENVELOPE *e;
1076 sm_dprintf("eatfrom(%s)\n", fm);
1078 /* find the date part */
1083 while (*p != '\0' && *p != ' ')
1089 /* no room for the date */
1092 if (!(isascii(*p) && isupper(*p)) ||
1093 p[3] != ' ' || p[13] != ':' || p[16] != ':')
1096 /* we have a possible date */
1097 for (dt = DowList; *dt != NULL; dt++)
1098 if (strncmp(*dt, p, 3) == 0)
1103 for (dt = MonthList; *dt != NULL; dt++)
1105 if (strncmp(*dt, &p[4], 3) == 0)
1116 /* we have found a date */
1117 (void) sm_strlcpy(buf, p, sizeof(buf));
1119 macdefine(&e->e_macro, A_TEMP, 'a', q);
1122 #endif /* ! NOTUNIX */