2 * Copyright (c) 1998-2006, 2008 Proofpoint, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 SM_RCSID("@(#)$Id: collect.c,v 8.287 2013-11-22 20:51:55 ca Exp $")
18 static void eatfrom __P((char *volatile, ENVELOPE *));
19 static void collect_doheader __P((ENVELOPE *));
20 static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
21 static SM_FILE_T *collect_eoh __P((ENVELOPE *, int, int));
24 ** COLLECT_EOH -- end-of-header processing in collect()
26 ** Called by collect() when it encounters the blank line
27 ** separating the header from the message body, or when it
28 ** encounters EOF in a message that contains only a header.
32 ** numhdrs -- number of headers
33 ** hdrslen -- length of headers
36 ** NULL, or handle to open data file
39 ** end-of-header check ruleset is invoked.
40 ** envelope state is updated.
41 ** headers may be added and deleted.
43 ** opens the data file.
47 collect_eoh(e, numhdrs, hdrslen)
55 /* call the end-of-header check ruleset */
56 (void) sm_snprintf(hnum, sizeof(hnum), "%d", numhdrs);
57 (void) sm_snprintf(hsize, sizeof(hsize), "%d", hdrslen);
59 sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
61 (void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
62 3, NULL, e->e_id, NULL, NULL);
65 ** Process the header,
66 ** select the queue, open the data file.
70 return collect_dfopen(e);
74 ** COLLECT_DOHEADER -- process header in collect()
76 ** Called by collect() after it has finished parsing the header,
77 ** but before it selects the queue and creates the data file.
78 ** The results of processing the header will affect queue selection.
87 ** envelope state is updated.
88 ** headers may be added and deleted.
96 ** Find out some information from the headers.
97 ** Examples are who is the from person & the date.
100 eatheader(e, true, false);
102 if (GrabTo && e->e_sendqueue == NULL)
103 usrerr("No recipient addresses found in header");
106 ** If we have a Return-Receipt-To:, turn it into a DSN.
109 if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL)
113 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
114 if (!bitset(QHASNOTIFY, q->q_flags))
115 q->q_flags |= QHASNOTIFY|QPINGONSUCCESS;
119 ** Add an appropriate recipient line if we have none.
122 if (hvalue("to", e->e_header) != NULL ||
123 hvalue("cc", e->e_header) != NULL ||
124 hvalue("apparently-to", e->e_header) != NULL)
126 /* have a valid recipient header -- delete Bcc: headers */
127 e->e_flags |= EF_DELETE_BCC;
129 else if (hvalue("bcc", e->e_header) == NULL)
131 /* no valid recipient headers */
135 /* create a recipient field */
136 switch (NoRecipientAction)
138 case NRA_ADD_APPARENTLY_TO:
139 hdr = "Apparently-To";
147 addheader("Bcc", " ", 0, e, true);
150 case NRA_ADD_TO_UNDISCLOSED:
151 addheader("To", "undisclosed-recipients:;", 0, e, true);
157 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
159 if (q->q_alias != NULL)
162 sm_dprintf("Adding %s: %s\n",
164 addheader(hdr, q->q_paddr, 0, e, true);
171 ** COLLECT_DFOPEN -- open the message data file
173 ** Called by collect() after it has finished processing the header.
174 ** Queue selection occurs at this point, possibly based on the
175 ** envelope's recipient list and on header information.
181 ** NULL, or a pointer to an open data file,
182 ** into which the message body will be written by collect().
185 ** Calls syserr, sets EF_FATALERRS and returns NULL
186 ** if there is insufficient disk space.
187 ** Aborts process if data file could not be opened.
188 ** Otherwise, the queue is selected,
189 ** e->e_{dfino,dfdev,msgsize,flags} are updated,
190 ** and a pointer to an open data file is returned.
206 dfname = queuename(e, DATAFL_LETTER);
207 if (bitset(S_IWGRP, QueueFileMode))
208 oldumask = umask(002);
209 df = bfopen(dfname, QueueFileMode, DataFileBufferSize,
211 if (bitset(S_IWGRP, QueueFileMode))
212 (void) umask(oldumask);
215 syserr("@Cannot create %s", dfname);
216 e->e_flags |= EF_NO_BODY_RETN;
218 finis(false, true, ExitStat);
221 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
222 if (dfd < 0 || fstat(dfd, &stbuf) < 0)
226 e->e_dfdev = stbuf.st_dev;
227 e->e_dfino = stbuf.st_ino;
229 e->e_flags |= EF_HAS_DF;
234 ** COLLECT -- read & parse message header & make temp file.
236 ** Creates a temporary file name and copies the standard
237 ** input to that file. Leading UNIX-style "From" lines are
238 ** stripped off (after important information is extracted).
241 ** fp -- file to read.
242 ** smtpmode -- if set, we are running SMTP: give an RFC821
243 ** style message to say we are ready to collect
244 ** input, and never ignore a single dot to mean
246 ** hdrp -- the location to stash the header.
247 ** e -- the current envelope.
248 ** rsetsize -- reset e_msgsize?
255 ** - Data file is created and filled, and e->e_dfp is set.
256 ** - The from person may be set.
257 ** If the "enough disk space" check fails,
258 ** - syserr is called.
259 ** - e->e_dfp is NULL.
260 ** - e->e_flags & EF_FATALERRS is set.
261 ** - collect() returns.
262 ** If data file cannot be created, the process is terminated.
265 /* values for input state machine */
266 #define IS_NORM 0 /* middle of line */
267 #define IS_BOL 1 /* beginning of line */
268 #define IS_DOT 2 /* read a dot at beginning of line */
269 #define IS_DOTCR 3 /* read ".\r" at beginning of line */
270 #define IS_CR 4 /* read a carriage return */
272 /* values for message state machine */
273 #define MS_UFROM 0 /* reading Unix from line */
274 #define MS_HEADER 1 /* reading message header */
275 #define MS_BODY 2 /* reading message body */
276 #define MS_DISCARD 3 /* discarding rest of message */
279 collect(fp, smtpmode, hdrp, e, rsetsize)
283 register ENVELOPE *e;
286 register SM_FILE_T *df;
302 unsigned char peekbuf[8];
303 char bufbuf[MAXLINE];
304 #if _FFR_REJECT_NUL_BYTE
305 bool hasNUL; /* has at least one NUL input byte */
306 #endif /* _FFR_REJECT_NUL_BYTE */
309 ignrdot = smtpmode ? false : IgnrDot;
311 /* timeout for I/O functions is in milliseconds */
312 dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
314 sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
315 old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
318 headeronly = hdrp != NULL;
321 HasEightBits = false;
322 #if _FFR_REJECT_NUL_BYTE
324 #endif /* _FFR_REJECT_NUL_BYTE */
326 buflen = sizeof(bufbuf);
329 mstate = SaveFrom ? MS_HEADER : MS_UFROM;
332 ** Tell ARPANET to go ahead.
336 message("354 Enter mail, end with \".\" on a line by itself");
338 /* simulate an I/O timeout when used as sink */
343 sm_dprintf("collect\n");
348 ** This is done using two interleaved state machines.
349 ** The input state machine is looking for things like
350 ** hidden dots; the message state machine is handling
351 ** the larger picture (e.g., header versus body).
359 sm_dprintf("top, istate=%d, mstate=%d\n", istate,
367 while (!sm_io_eof(fp) && !sm_io_error(fp))
370 c = sm_io_getc(fp, SM_TIME_DEFAULT);
371 if (c == SM_IO_EOF && errno == EINTR)
373 /* Interrupted, retry */
379 if (c == SM_IO_EOF && errno == EAGAIN
383 ** Override e_message in
384 ** usrerr() as this is the
385 ** reason for failure that
386 ** should be logged for
387 ** undelivered recipients.
397 if (TrafficLogFile != NULL && !headeronly)
399 if (istate == IS_BOL)
400 (void) sm_io_fprintf(TrafficLogFile,
405 (void) sm_io_fprintf(TrafficLogFile,
409 (void) sm_io_putc(TrafficLogFile,
413 #if _FFR_REJECT_NUL_BYTE
416 #endif /* _FFR_REJECT_NUL_BYTE */
422 HasEightBits |= bitset(0x80, c);
425 sm_dprintf("istate=%d, c=%c (0x%x)\n",
426 istate, (char) c, c);
438 if (c == '\n' && !ignrdot &&
439 !bitset(EF_NL_NOT_EOL, e->e_flags))
441 else if (c == '\r' &&
442 !bitset(EF_CRLF_NOT_EOL, e->e_flags))
450 OpMode != MD_DAEMON &&
451 OpMode != MD_ARPAFTP))
454 SM_ASSERT(pbp < peekbuf +
462 if (c == '\n' && !ignrdot)
466 /* push back the ".\rx" */
467 SM_ASSERT(pbp < peekbuf +
470 if (OpMode != MD_SMTP &&
471 OpMode != MD_DAEMON &&
472 OpMode != MD_ARPAFTP)
474 SM_ASSERT(pbp < peekbuf +
489 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT,
497 if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags))
502 else if (c == '\n' && !bitset(EF_NL_NOT_EOL,
512 if (e->e_msgsize >= 0)
515 if (MaxMessageSize > 0 &&
516 !bitset(EF_TOOBIG, e->e_flags) &&
517 e->e_msgsize > MaxMessageSize)
518 e->e_flags |= EF_TOOBIG;
524 /* just put the character out */
525 if (!bitset(EF_TOOBIG, e->e_flags))
526 (void) sm_io_putc(df, SM_TIME_DEFAULT,
535 SM_ASSERT(mstate == MS_UFROM || mstate == MS_HEADER);
537 /* header -- buffer up */
538 if (bp >= &buf[buflen - 2])
542 /* out of space for header */
544 if (buflen < MEMCHUNKSIZE)
547 buflen += MEMCHUNKSIZE;
550 sm_syslog(LOG_NOTICE, e->e_id,
551 "header overflow from %s during message collect",
554 e->e_flags |= EF_CLRQUEUE;
555 e->e_status = "5.6.0";
556 usrerrenh(e->e_status,
557 "552 Headers too large");
560 buf = xalloc(buflen);
561 memmove(buf, obuf, bp - obuf);
562 bp = &buf[bp - obuf];
564 sm_free(obuf); /* XXX */
572 MaxHeadersLength > 0 &&
573 hdrslen > MaxHeadersLength)
575 sm_syslog(LOG_NOTICE, e->e_id,
576 "headers too large (%d max) from %s during message collect",
580 e->e_flags |= EF_CLRQUEUE;
581 e->e_status = "5.6.0";
582 usrerrenh(e->e_status,
583 "552 Headers too large (%d max)",
589 if (istate == IS_BOL)
596 sm_dprintf("nextstate, istate=%d, mstate=%d, line=\"%s\"\n",
597 istate, mstate, buf);
603 if (strncmp(buf, "From ", 5) == 0)
609 #endif /* ! NOTUNIX */
619 /* check for possible continuation line */
624 c = sm_io_getc(fp, SM_TIME_DEFAULT);
627 if (c == SM_IO_EOF && errno == EAGAIN
631 ** Override e_message in
632 ** usrerr() as this is the
633 ** reason for failure that
634 ** should be logged for
635 ** undelivered recipients.
643 } while (c == SM_IO_EOF && errno == EINTR);
645 (void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
646 if (c == ' ' || c == '\t')
648 /* yep -- defer this */
654 /* guaranteed by isheader(buf) */
655 SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
657 /* trim off trailing CRLF or NL */
658 if (*--bp != '\n' || *--bp != '\r')
662 if (bitset(H_EOH, chompheader(buf,
663 CHHDR_CHECK | CHHDR_USER,
679 df = collect_eoh(e, numhdrs, hdrslen);
681 e->e_flags |= EF_TOOBIG;
685 /* toss blank line */
686 if ((!bitset(EF_CRLF_NOT_EOL, e->e_flags) &&
687 bp[0] == '\r' && bp[1] == '\n') ||
688 (!bitset(EF_NL_NOT_EOL, e->e_flags) &&
694 /* if not a blank separator, write it out */
695 if (!bitset(EF_TOOBIG, e->e_flags))
698 (void) sm_io_putc(df, SM_TIME_DEFAULT,
707 if ((sm_io_eof(fp) && smtpmode) || sm_io_error(fp))
712 errmsg = "unexpected close";
714 errmsg = sm_errstring(errno);
716 sm_dprintf("collect: premature EOM: %s\n", errmsg);
718 sm_syslog(LOG_WARNING, e->e_id,
719 "collect: premature EOM: %s", errmsg);
726 if (mstate != MS_BODY)
728 /* no body or discard, so we never opened the data file */
729 SM_ASSERT(df == NULL);
730 df = collect_eoh(e, numhdrs, hdrslen);
735 /* skip next few clauses */
738 else if (sm_io_flush(df, SM_TIME_DEFAULT) != 0 || sm_io_error(df))
740 dferror(df, "sm_io_flush||sm_io_error", e);
742 finis(true, true, ExitStat);
745 else if (SuperSafe == SAFE_NO ||
746 SuperSafe == SAFE_INTERACTIVE ||
747 (SuperSafe == SAFE_REALLY_POSTMILTER && smtpmode))
749 /* skip next few clauses */
751 /* Note: updfs() is not called in this case! */
753 else if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0 && errno != EINVAL)
755 int save_errno = errno;
757 if (save_errno == EEXIST)
763 dfile = queuename(e, DATAFL_LETTER);
764 if (stat(dfile, &st) < 0)
767 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
768 dfile, (long) st.st_size);
769 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
771 dumpfd(dfd, true, true);
774 dferror(df, "bfcommit", e);
776 finis(save_errno != EEXIST, true, ExitStat);
778 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
780 dferror(df, "sm_io_getinfo", e);
782 finis(true, true, ExitStat);
785 else if (fsync(afd) < 0)
787 dferror(df, "fsync", e);
789 finis(true, true, ExitStat);
792 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
794 dferror(df, "sm_io_close", e);
796 finis(true, true, ExitStat);
801 /* everything is happily flushed to disk */
804 /* remove from available space in filesystem */
805 updfs(e, 0, 1, "collect");
808 /* An EOF when running SMTP is an error */
810 if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
821 problem = "unexpected close";
822 else if (sm_io_error(fp))
823 problem = "I/O error";
825 problem = "read timeout";
826 if (LogLevel > 0 && sm_io_eof(fp))
827 sm_syslog(LOG_NOTICE, e->e_id,
828 "collect: %s on connection from %.100s, sender=%s",
830 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
832 usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
834 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
836 syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
838 shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
841 /* don't return an error indication */
843 e->e_flags &= ~EF_FATALERRS;
844 e->e_flags |= EF_CLRQUEUE;
846 /* Don't send any message notification to sender */
847 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
849 if (QS_IS_DEAD(q->q_state))
851 q->q_state = QS_FATALERR;
854 (void) sm_io_close(df, SM_TIME_DEFAULT);
856 finis(true, true, ExitStat);
860 /* Log collection information. */
862 sm_dprintf("collect: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d\n",
863 e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel);
864 if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
866 logsender(e, e->e_msgid);
867 e->e_flags &= ~EF_LOGSENDER;
870 /* check for message too large */
871 if (bitset(EF_TOOBIG, e->e_flags))
873 e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE;
874 if (!bitset(EF_FATALERRS, e->e_flags))
876 e->e_status = "5.2.3";
877 usrerrenh(e->e_status,
878 "552 Message exceeds maximum fixed size (%ld)",
881 sm_syslog(LOG_NOTICE, e->e_id,
882 "message size (%ld) exceeds maximum (%ld)",
883 PRT_NONNEGL(e->e_msgsize),
888 /* check for illegal 8-bit data */
891 e->e_flags |= EF_HAS8BIT;
892 if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) &&
893 !bitset(EF_IS_MIME, e->e_flags))
895 e->e_status = "5.6.1";
896 usrerrenh(e->e_status, "554 Eight bit data not allowed");
901 /* if it claimed to be 8 bits, well, it lied.... */
902 if (e->e_bodytype != NULL &&
903 sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0)
904 e->e_bodytype = "7BIT";
907 #if _FFR_REJECT_NUL_BYTE
908 if (hasNUL && RejectNUL)
910 e->e_status = "5.6.1";
911 usrerrenh(e->e_status, "554 NUL byte not allowed");
913 #endif /* _FFR_REJECT_NUL_BYTE */
915 if (SuperSafe == SAFE_REALLY && !bitset(EF_FATALERRS, e->e_flags))
917 char *dfname = queuename(e, DATAFL_LETTER);
918 if ((e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
919 SM_IO_RDONLY_B, NULL)) == NULL)
921 /* we haven't acked receipt yet, so just chuck this */
922 syserr("@Cannot reopen %s", dfname);
923 finis(true, true, ExitStat);
930 /* collect statistics */
931 if (OpMode != MD_VERIFY)
934 ** Recalculate e_msgpriority, it is done at in eatheader()
935 ** which is called (in 8.12) after the header is collected,
936 ** hence e_msgsize is (most likely) incorrect.
939 e->e_msgpriority = e->e_msgsize
940 - e->e_class * WkClassFact
941 + e->e_nrcpts * WkRecipFact;
942 markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
946 (void) set_tls_rd_tmo(old_rd_tmo);
950 ** DFERROR -- signal error on writing the data file.
952 ** Called by collect(). Collect() always terminates the process
953 ** immediately after calling dferror(), which means that the SMTP
954 ** session will be terminated, which means that any error message
955 ** issued by dferror must be a 421 error, as per RFC 821.
958 ** df -- the file pointer for the data file.
959 ** msg -- detailed message.
960 ** e -- the current envelope.
966 ** Gives an error message.
967 ** Arranges for following output to go elsewhere.
972 SM_FILE_T *volatile df;
974 register ENVELOPE *e;
978 dfname = queuename(e, DATAFL_LETTER);
984 #else /* STAT64 > 0 */
986 #endif /* STAT64 > 0 */
990 e->e_flags |= EF_NO_BODY_RETN;
994 fstat64(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
995 #else /* STAT64 > 0 */
996 fstat(sm_io_getinfo(df, SM_IO_WHAT_FD, NULL), &st)
997 #endif /* STAT64 > 0 */
1000 (void) sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, dfname,
1001 SM_IO_WRONLY_B, NULL, df);
1002 if (st.st_size <= 0)
1003 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1004 "\n*** Mail could not be accepted");
1006 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1007 "\n*** Mail of at least %llu bytes could not be accepted\n",
1008 (ULONGLONG_T) st.st_size);
1009 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1010 "*** at %s due to lack of disk space for temp file.\n",
1012 avail = freediskspace(qid_printqueue(e->e_qgrp, e->e_qdir),
1017 avail *= bsize / 1024;
1018 else if (bsize < 1024)
1019 avail /= 1024 / bsize;
1020 (void) sm_io_fprintf(df, SM_TIME_DEFAULT,
1021 "*** Currently, %ld kilobytes are available for mail temp files.\n",
1025 /* Wrong response code; should be 421. */
1026 e->e_status = "4.3.1";
1027 usrerrenh(e->e_status, "452 Out of disk space for temp file");
1029 syserr("421 4.3.1 Out of disk space for temp file");
1033 syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
1034 dfname, msg, (long) geteuid(), (long) getegid());
1035 if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
1036 SM_IO_WRONLY, NULL, df) == NULL)
1037 sm_syslog(LOG_ERR, e->e_id,
1038 "dferror: sm_io_reopen(\"/dev/null\") failed: %s",
1039 sm_errstring(errno));
1042 ** EATFROM -- chew up a UNIX style from line and process
1044 ** This does indeed make some assumptions about the format
1045 ** of UNIX messages.
1048 ** fm -- the from line.
1055 ** extracts what information it can from the header,
1056 ** such as the date.
1061 static char *DowList[] =
1063 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
1066 static char *MonthList[] =
1068 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
1069 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
1076 register ENVELOPE *e;
1082 sm_dprintf("eatfrom(%s)\n", fm);
1084 /* find the date part */
1089 while (*p != '\0' && *p != ' ')
1095 /* no room for the date */
1098 if (!(isascii(*p) && isupper(*p)) ||
1099 p[3] != ' ' || p[13] != ':' || p[16] != ':')
1102 /* we have a possible date */
1103 for (dt = DowList; *dt != NULL; dt++)
1104 if (strncmp(*dt, p, 3) == 0)
1109 for (dt = MonthList; *dt != NULL; dt++)
1111 if (strncmp(*dt, &p[4], 3) == 0)
1122 /* we have found a date */
1123 (void) sm_strlcpy(buf, p, sizeof(buf));
1125 macdefine(&e->e_macro, A_TEMP, 'a', q);
1128 #endif /* ! NOTUNIX */