2 * Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
16 # include <libmilter/mfapi.h>
17 # include <libmilter/mfdef.h>
20 SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.924.2.5 2006/07/07 16:29:39 ca Exp $")
27 #endif /* SASL || STARTTLS */
29 # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1)
30 static int saslmechs __P((sasl_conn_t *, char **));
33 # include <sysexits.h>
35 static SSL_CTX *srv_ctx = NULL; /* TLS server context */
36 static SSL *srv_ssl = NULL; /* per connection context */
38 static bool tls_ok_srv = false;
40 static bool NotFirstDelivery = false;
41 #endif /* _FFR_DM_ONE */
43 extern void tls_set_verify __P((SSL_CTX *, SSL *, bool));
44 # define TLS_VERIFY_CLIENT() tls_set_verify(srv_ctx, srv_ssl, \
45 bitset(SRV_VRFY_CLT, features))
49 #define SRV_NONE 0x0000 /* none... */
50 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
51 #define SRV_VRFY_CLT 0x0002 /* request a cert */
52 #define SRV_OFFER_AUTH 0x0004 /* offer AUTH */
53 #define SRV_OFFER_ETRN 0x0008 /* offer ETRN */
54 #define SRV_OFFER_VRFY 0x0010 /* offer VRFY (not yet used) */
55 #define SRV_OFFER_EXPN 0x0020 /* offer EXPN */
56 #define SRV_OFFER_VERB 0x0040 /* offer VERB */
57 #define SRV_OFFER_DSN 0x0080 /* offer DSN */
59 # define SRV_OFFER_PIPE 0x0100 /* offer PIPELINING */
61 # define SRV_NO_PIPE 0x0200 /* disable PIPELINING, sleep if used */
62 # endif /* _FFR_NO_PIPE */
63 #endif /* PIPELINING */
64 #define SRV_REQ_AUTH 0x0400 /* require AUTH */
65 #define SRV_REQ_SEC 0x0800 /* require security - equiv to AuthOptions=p */
66 #define SRV_TMP_FAIL 0x1000 /* ruleset caused a temporary failure */
68 static unsigned int srvfeatures __P((ENVELOPE *, char *, unsigned int));
70 #define STOP_ATTACK ((time_t) -1)
71 static time_t checksmtpattack __P((volatile unsigned int *, unsigned int,
72 bool, char *, ENVELOPE *));
73 static void mail_esmtp_args __P((char *, char *, ENVELOPE *, unsigned int));
74 static void printvrfyaddr __P((ADDRESS *, bool, bool));
75 static void rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *,
77 static char *skipword __P((char *volatile, char *));
78 static void setup_smtpd_io __P((void));
82 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
83 char *_remoteip, char *_localip,
84 char *_auth_id, sasl_ssf_t *_ext_ssf));
86 # define RESET_SASLCONN \
89 result = reset_saslconn(&conn, AuthRealm, remoteip, \
90 localip, auth_id, &ext_ssf); \
91 if (result != SASL_OK) \
95 # else /* SASL >= 20000 */
96 static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
97 struct sockaddr_in *_saddr_r,
98 struct sockaddr_in *_saddr_l,
99 sasl_external_properties_t *_ext_ssf));
100 # define RESET_SASLCONN \
103 result = reset_saslconn(&conn, AuthRealm, &saddr_r, \
104 &saddr_l, &ext_ssf); \
105 if (result != SASL_OK) \
109 # endif /* SASL >= 20000 */
112 extern ENVELOPE BlankEnvelope;
118 (void) sm_snprintf(buf, sizeof buf, "%d", \
119 BadRcptThrottle > 0 && n_badrcpts > BadRcptThrottle \
120 ? n_badrcpts - 1 : n_badrcpts); \
121 macdefine(&e->e_macro, A_TEMP, macid("{nbadrcpts}"), buf); \
124 #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \
128 ** SMTP -- run the SMTP protocol.
131 ** nullserver -- if non-NULL, rejection message for
132 ** (almost) all SMTP commands.
133 ** d_flags -- daemon flags
134 ** e -- the envelope.
140 ** Reads commands from the input channel and processes them.
144 ** Notice: The smtp server doesn't have a session context like the client
145 ** side has (mci). Therefore some data (session oriented) is allocated
146 ** or assigned to the "wrong" structure (esp. STARTTLS, AUTH).
147 ** This should be fixed in a successor version.
152 char *cmd_name; /* command name */
153 int cmd_code; /* internal code, see below */
156 /* values for cmd_code */
157 #define CMDERROR 0 /* bad command */
158 #define CMDMAIL 1 /* mail -- designate sender */
159 #define CMDRCPT 2 /* rcpt -- designate recipient */
160 #define CMDDATA 3 /* data -- send message text */
161 #define CMDRSET 4 /* rset -- reset state */
162 #define CMDVRFY 5 /* vrfy -- verify address */
163 #define CMDEXPN 6 /* expn -- expand address */
164 #define CMDNOOP 7 /* noop -- do nothing */
165 #define CMDQUIT 8 /* quit -- close connection and die */
166 #define CMDHELO 9 /* helo -- be polite */
167 #define CMDHELP 10 /* help -- give usage info */
168 #define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */
169 #define CMDETRN 12 /* etrn -- flush queue */
171 # define CMDAUTH 13 /* auth -- SASL authenticate */
174 # define CMDSTLS 14 /* STARTTLS -- start TLS session */
175 #endif /* STARTTLS */
176 /* non-standard commands */
177 #define CMDVERB 17 /* verb -- go into verbose mode */
178 /* unimplemented commands from RFC 821 */
179 #define CMDUNIMPL 19 /* unimplemented rfc821 commands */
180 /* use this to catch and log "door handle" attempts on your system */
181 #define CMDLOGBOGUS 23 /* bogus command that should be logged */
182 /* debugging-only commands, only enabled if SMTPDEBUG is defined */
183 #define CMDDBGQSHOW 24 /* showq -- show send queue */
184 #define CMDDBGDEBUG 25 /* debug -- set debug mode */
187 ** Note: If you change this list, remember to update 'helpfile'
190 static struct cmd CmdTab[] =
205 { "send", CMDUNIMPL },
206 { "saml", CMDUNIMPL },
207 { "soml", CMDUNIMPL },
208 { "turn", CMDUNIMPL },
210 { "auth", CMDAUTH, },
213 { "starttls", CMDSTLS, },
214 #endif /* STARTTLS */
215 /* remaining commands are here only to trap and log attempts to use them */
216 { "showq", CMDDBGQSHOW },
217 { "debug", CMDDBGDEBUG },
218 { "wiz", CMDLOGBOGUS },
223 static char *CurSmtpClient; /* who's at the other end of channel */
225 #ifndef MAXBADCOMMANDS
226 # define MAXBADCOMMANDS 25 /* maximum number of bad commands */
227 #endif /* ! MAXBADCOMMANDS */
228 #ifndef MAXHELOCOMMANDS
229 # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */
230 #endif /* ! MAXHELOCOMMANDS */
231 #ifndef MAXVRFYCOMMANDS
232 # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */
233 #endif /* ! MAXVRFYCOMMANDS */
234 #ifndef MAXETRNCOMMANDS
235 # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */
236 #endif /* ! MAXETRNCOMMANDS */
238 # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */
239 #endif /* ! MAXTIMEOUT */
242 ** Maximum shift value to compute timeout for bad commands.
243 ** This introduces an upper limit of 2^MAXSHIFT for the timeout.
248 #endif /* ! MAXSHIFT */
250 ERROR _MAXSHIFT > 31 is invalid
251 #endif /* MAXSHIFT */
254 #if MAXBADCOMMANDS > 0
255 # define STOP_IF_ATTACK(r) do \
257 if ((r) == STOP_ATTACK) \
261 #else /* MAXBADCOMMANDS > 0 */
262 # define STOP_IF_ATTACK(r) r
263 #endif /* MAXBADCOMMANDS > 0 */
267 static SM_DEBUG_T DebugLeakSmtp = SM_DEBUG_INITIALIZER("leak_smtp",
268 "@(#)$Debug: leak_smtp - trace memory leaks during SMTP processing $");
269 #endif /* SM_HEAP_CHECK */
273 bool sm_gotmail; /* mail command received */
274 unsigned int sm_nrcpts; /* number of successful RCPT commands */
278 bool sm_milterlist; /* any filters in the list? */
280 char *sm_quarmsg; /* carry quarantining across messages */
283 static bool smtp_data __P((SMTP_T *, ENVELOPE *));
285 #define MSG_TEMPFAIL "451 4.3.2 Please try again later"
288 # define MILTER_ABORT(e) milter_abort((e))
290 # define MILTER_REPLY(str) \
292 int savelogusrerrs = LogUsrErrs; \
296 case SMFIR_SHUTDOWN: \
297 if (MilterLogLevel > 3) \
299 sm_syslog(LOG_INFO, e->e_id, \
300 "Milter: %s=%s, reject=421, errormode=4", \
302 LogUsrErrs = false; \
305 bool tsave = QuickAbort; \
307 QuickAbort = false; \
308 usrerr("421 4.3.0 closing connection"); \
309 QuickAbort = tsave; \
310 e->e_sendqueue = NULL; \
314 case SMFIR_REPLYCODE: \
315 if (MilterLogLevel > 3) \
317 sm_syslog(LOG_INFO, e->e_id, \
318 "Milter: %s=%s, reject=%s", \
319 str, addr, response); \
320 LogUsrErrs = false; \
322 if (strncmp(response, "421 ", 4) == 0 \
323 || strncmp(response, "421-", 4) == 0) \
325 bool tsave = QuickAbort; \
327 QuickAbort = false; \
329 QuickAbort = tsave; \
330 e->e_sendqueue = NULL; \
338 if (MilterLogLevel > 3) \
340 sm_syslog(LOG_INFO, e->e_id, \
341 "Milter: %s=%s, reject=550 5.7.1 Command rejected", \
343 LogUsrErrs = false; \
345 usrerr("550 5.7.1 Command rejected"); \
348 case SMFIR_DISCARD: \
349 if (MilterLogLevel > 3) \
350 sm_syslog(LOG_INFO, e->e_id, \
351 "Milter: %s=%s, discard", \
353 e->e_flags |= EF_DISCARD; \
356 case SMFIR_TEMPFAIL: \
357 if (MilterLogLevel > 3) \
359 sm_syslog(LOG_INFO, e->e_id, \
360 "Milter: %s=%s, reject=%s", \
361 str, addr, MSG_TEMPFAIL); \
362 LogUsrErrs = false; \
364 usrerr(MSG_TEMPFAIL); \
367 LogUsrErrs = savelogusrerrs; \
368 if (response != NULL) \
369 sm_free(response); /* XXX */ \
373 # define MILTER_ABORT(e)
376 /* clear all SMTP state (for HELO/EHLO/RSET) */
377 #define CLEAR_STATE(cmd) \
380 /* abort milter filters */ \
383 if (smtp.sm_nrcpts > 0) \
385 logundelrcpts(e, cmd, 10, false); \
386 smtp.sm_nrcpts = 0; \
387 macdefine(&e->e_macro, A_PERM, \
388 macid("{nrcpts}"), "0"); \
391 e->e_sendqueue = NULL; \
392 e->e_flags |= EF_CLRQUEUE; \
394 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) \
395 logsender(e, NULL); \
396 e->e_flags &= ~EF_LOGSENDER; \
398 /* clean up a bit */ \
399 smtp.sm_gotmail = false; \
401 dropenvelope(e, true, false); \
402 sm_rpool_free(e->e_rpool); \
403 e = newenvelope(e, CurEnv, sm_rpool_new_x(NULL)); \
406 /* put back discard bit */ \
407 if (smtp.sm_discard) \
408 e->e_flags |= EF_DISCARD; \
410 /* restore connection quarantining */ \
411 if (smtp.sm_quarmsg == NULL) \
413 e->e_quarmsg = NULL; \
414 macdefine(&e->e_macro, A_PERM, \
415 macid("{quarantine}"), ""); \
419 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, \
421 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), \
426 /* sleep to flatten out connection load */
427 #define MIN_DELAY_LOG 15 /* wait before logging this again */
429 /* is it worth setting the process title for 1s? */
430 #define DELAY_CONN(cmd) \
431 if (DelayLA > 0 && (CurrentLA = getla()) >= DelayLA) \
435 sm_setproctitle(true, e, \
436 "%s: %s: delaying %s: load average: %d", \
437 qid_printname(e), CurSmtpClient, \
439 if (LogLevel > 8 && (dnow = curtime()) > log_delay) \
441 sm_syslog(LOG_INFO, e->e_id, \
442 "delaying=%s, load average=%d >= %d", \
443 cmd, CurrentLA, DelayLA); \
444 log_delay = dnow + MIN_DELAY_LOG; \
447 sm_setproctitle(true, e, "%s %s: %.80s", \
448 qid_printname(e), CurSmtpClient, inp); \
453 smtp(nullserver, d_flags, e)
454 char *volatile nullserver;
456 register ENVELOPE *volatile e;
458 register char *volatile p;
459 register struct cmd *volatile c = NULL;
461 auto ADDRESS *vrfyqueue;
463 volatile bool gothello; /* helo command received */
464 bool vrfy; /* set if this is a vrfy command */
465 char *volatile protocol; /* sending protocol */
466 char *volatile sendinghost; /* sending hostname */
467 char *volatile peerhostname; /* name of SMTP peer or "localhost" */
470 volatile unsigned int n_badcmds = 0; /* count of bad commands */
471 volatile unsigned int n_badrcpts = 0; /* number of rejected RCPT */
472 volatile unsigned int n_verifies = 0; /* count of VRFY/EXPN */
473 volatile unsigned int n_etrn = 0; /* count of ETRN */
474 volatile unsigned int n_noop = 0; /* count of NOOP/VERB/etc */
475 volatile unsigned int n_helo = 0; /* count of HELO/EHLO */
476 volatile int save_sevenbitinput;
478 #if _FFR_BLOCK_PROXIES
480 #endif /* _FFR_BLOCK_PROXIES */
481 volatile bool tempfail = false;
482 volatile time_t wt; /* timeout after too many commands */
483 volatile time_t previous; /* time after checksmtpattack() */
484 volatile bool lognullconnection = true;
488 char *greetcode = "220";
489 char *hostname; /* my hostname ($j) */
492 char *args[MAXSMTPARGS];
494 char cmdbuf[MAXLINE];
497 volatile bool sasl_ok;
498 volatile unsigned int n_auth = 0; /* count of AUTH commands */
501 volatile int authenticating;
508 char localip[60], remoteip[60];
509 # else /* SASL >= 20000 */
512 sasl_external_properties_t ext_ssf;
513 struct sockaddr_in saddr_l;
514 struct sockaddr_in saddr_r;
515 # endif /* SASL >= 20000 */
516 sasl_security_properties_t ssp;
518 unsigned int inlen, out2len;
520 char *volatile auth_type;
522 volatile unsigned int n_mechs;
528 volatile bool tls_active = false;
529 volatile bool smtps = bitnset(D_SMTPS, d_flags);
533 #endif /* STARTTLS */
534 volatile unsigned int features;
538 # endif /* _FFR_NO_PIPE */
539 #endif /* PIPELINING */
540 volatile time_t log_delay = (time_t) 0;
542 save_sevenbitinput = SevenBitInput;
545 smtp.sm_milterize = (nullserver == NULL);
546 smtp.sm_milterlist = false;
549 /* setup I/O fd correctly for the SMTP server */
553 if (sm_debug_active(&DebugLeakSmtp, 1))
556 sm_dprintf("smtp() heap group #%d\n", sm_heap_group());
558 #endif /* SM_HEAP_CHECK */
560 /* XXX the rpool should be set when e is initialized in main() */
561 e->e_rpool = sm_rpool_new_x(NULL);
562 e->e_macro.mac_rpool = e->e_rpool;
566 peerhostname = RealHostName;
567 if (peerhostname == NULL)
568 peerhostname = "localhost";
569 CurHostName = peerhostname;
570 CurSmtpClient = macvalue('_', e);
571 if (CurSmtpClient == NULL)
572 CurSmtpClient = CurHostName;
574 /* check_relay may have set discard bit, save for later */
575 smtp.sm_discard = bitset(EF_DISCARD, e->e_flags);
578 /* auto-flush output when reading input */
579 (void) sm_io_autoflush(InChannel, OutChannel);
580 #endif /* PIPELINING */
582 sm_setproctitle(true, e, "server %s startup", CurSmtpClient);
584 /* Set default features for server. */
585 features = ((bitset(PRIV_NOETRN, PrivacyFlags) ||
586 bitnset(D_NOETRN, d_flags)) ? SRV_NONE : SRV_OFFER_ETRN)
587 | (bitnset(D_AUTHREQ, d_flags) ? SRV_REQ_AUTH : SRV_NONE)
588 | (bitset(PRIV_NOEXPN, PrivacyFlags) ? SRV_NONE
590 | (bitset(PRIV_NOVERB, PrivacyFlags)
591 ? SRV_NONE : SRV_OFFER_VERB)))
592 | ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors)
593 ? SRV_NONE : SRV_OFFER_DSN)
595 | (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH)
596 | (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC
601 #endif /* PIPELINING */
603 | (bitnset(D_NOTLS, d_flags) ? SRV_NONE : SRV_OFFER_TLS)
604 | (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE
606 #endif /* STARTTLS */
608 if (nullserver == NULL)
610 features = srvfeatures(e, CurSmtpClient, features);
611 if (bitset(SRV_TMP_FAIL, features))
614 sm_syslog(LOG_ERR, NOQID,
615 "ERROR: srv_features=tempfail, relay=%.100s, access temporarily disabled",
617 nullserver = "450 4.3.0 Please try again later.";
623 if (bitset(SRV_NO_PIPE, features))
625 /* for consistency */
626 features &= ~SRV_OFFER_PIPE;
628 # endif /* _FFR_NO_PIPE */
629 #endif /* PIPELINING */
631 if (bitset(SRV_REQ_SEC, features))
632 SASLOpts |= SASL_SEC_NOPLAINTEXT;
634 SASLOpts &= ~SASL_SEC_NOPLAINTEXT;
638 else if (strncmp(nullserver, "421 ", 4) == 0)
644 hostname = macvalue('j', e);
646 if (AuthRealm == NULL)
647 AuthRealm = hostname;
648 sasl_ok = bitset(SRV_OFFER_AUTH, features);
650 authenticating = SASL_NOT_AUTH;
652 /* SASL server new connection */
656 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL,
659 /* use empty realm: only works in SASL > 1.5.5 */
660 result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn);
661 # else /* SASL >= 20000 */
662 /* use no realm -> realm is set to hostname by SASL lib */
663 result = sasl_server_new("smtp", AuthRealm, NULL, NULL, 0,
665 # endif /* SASL >= 20000 */
666 sasl_ok = result == SASL_OK;
670 sm_syslog(LOG_WARNING, NOQID,
671 "AUTH error: sasl_server_new failed=%d",
678 ** SASL set properties for sasl
679 ** set local/remote IP
680 ** XXX Cyrus SASL v1 only supports IPv4
682 ** XXX where exactly are these used/required?
687 localip[0] = remoteip[0] = '\0';
688 # if NETINET || NETINET6
689 in = macvalue(macid("{daemon_family}"), e);
692 strcmp(in, "inet6") == 0 ||
693 # endif /* NETINET6 */
694 strcmp(in, "inet") == 0))
696 SOCKADDR_LEN_T addrsize;
700 addrsize = sizeof(saddr_r);
701 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
703 (struct sockaddr *) &saddr_r,
706 if (iptostring(&saddr_r, addrsize,
707 remoteip, sizeof remoteip))
709 sasl_setprop(conn, SASL_IPREMOTEPORT,
712 addrsize = sizeof(saddr_l);
713 if (getsockname(sm_io_getinfo(InChannel,
716 (struct sockaddr *) &saddr_l,
719 if (iptostring(&saddr_l, addrsize,
730 # endif /* NETINET || NETINET6 */
731 # else /* SASL >= 20000 */
733 in = macvalue(macid("{daemon_family}"), e);
734 if (in != NULL && strcmp(in, "inet") == 0)
736 SOCKADDR_LEN_T addrsize;
738 addrsize = sizeof(struct sockaddr_in);
739 if (getpeername(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
741 (struct sockaddr *)&saddr_r,
744 sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r);
745 addrsize = sizeof(struct sockaddr_in);
746 if (getsockname(sm_io_getinfo(InChannel,
749 (struct sockaddr *)&saddr_l,
751 sasl_setprop(conn, SASL_IP_LOCAL,
755 # endif /* NETINET */
756 # endif /* SASL >= 20000 */
762 macdefine(&BlankEnvelope.e_macro, A_PERM,
763 macid("{auth_author}"), NULL);
767 (void) memset(&ssp, '\0', sizeof ssp);
769 /* XXX should these be options settable via .cf ? */
770 /* ssp.min_ssf = 0; is default due to memset() */
772 ssp.max_ssf = MaxSLBits;
773 ssp.maxbufsize = MAXOUTLEN;
775 ssp.security_flags = SASLOpts & SASL_SEC_MASK;
776 sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK;
781 ** external security strength factor;
782 ** currently we have none so zero
788 sasl_ok = ((sasl_setprop(conn, SASL_SSF_EXTERNAL,
789 &ext_ssf) == SASL_OK) &&
790 (sasl_setprop(conn, SASL_AUTH_EXTERNAL,
791 auth_id) == SASL_OK));
792 # else /* SASL >= 20000 */
794 ext_ssf.auth_id = NULL;
795 sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL,
796 &ext_ssf) == SASL_OK;
797 # endif /* SASL >= 20000 */
800 n_mechs = saslmechs(conn, &mechlist);
805 #endif /* STARTTLS */
808 if (smtp.sm_milterize)
812 /* initialize mail filter connection */
813 smtp.sm_milterlist = milter_init(e, &state);
817 if (MilterLogLevel > 3)
818 sm_syslog(LOG_INFO, e->e_id,
819 "Milter: initialization failed, rejecting commands");
821 nullserver = "Command rejected";
822 smtp.sm_milterize = false;
826 if (MilterLogLevel > 3)
827 sm_syslog(LOG_INFO, e->e_id,
828 "Milter: initialization failed, temp failing commands");
830 smtp.sm_milterize = false;
834 if (MilterLogLevel > 3)
835 sm_syslog(LOG_INFO, e->e_id,
836 "Milter: initialization failed, closing connection");
838 smtp.sm_milterize = false;
839 message("421 4.7.0 %s closing connection",
842 /* arrange to ignore send list */
843 e->e_sendqueue = NULL;
848 if (smtp.sm_milterlist && smtp.sm_milterize &&
849 !bitset(EF_DISCARD, e->e_flags))
854 q = macvalue(macid("{client_name}"), e);
855 SM_ASSERT(q != NULL);
856 response = milter_connect(q, RealHostAddr, e, &state);
859 case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */
861 if (MilterLogLevel > 3)
862 sm_syslog(LOG_INFO, e->e_id,
863 "Milter: connect: host=%s, addr=%s, rejecting commands",
865 anynet_ntoa(&RealHostAddr));
867 nullserver = "Command rejected";
868 smtp.sm_milterize = false;
872 if (MilterLogLevel > 3)
873 sm_syslog(LOG_INFO, e->e_id,
874 "Milter: connect: host=%s, addr=%s, temp failing commands",
876 anynet_ntoa(&RealHostAddr));
878 smtp.sm_milterize = false;
882 if (MilterLogLevel > 3)
883 sm_syslog(LOG_INFO, e->e_id,
884 "Milter: connect: host=%s, addr=%s, shutdown",
886 anynet_ntoa(&RealHostAddr));
888 smtp.sm_milterize = false;
889 message("421 4.7.0 %s closing connection",
892 /* arrange to ignore send list */
893 e->e_sendqueue = NULL;
896 if (response != NULL)
897 sm_free(response); /* XXX */
902 ** Broken proxies and SMTP slammers
903 ** push data without waiting, catch them
909 #endif /* STARTTLS */
914 char pvpbuf[PSBUFSIZE];
916 /* Ask the rulesets how long to pause */
918 r = rscap("greet_pause", peerhostname,
919 anynet_ntoa(&RealHostAddr), e,
920 &pvp, pvpbuf, sizeof(pvpbuf));
921 if (r == EX_OK && pvp != NULL && pvp[0] != NULL &&
922 (pvp[0][0] & 0377) == CANONNET && pvp[1] != NULL)
924 msecs = strtol(pvp[1], NULL, 10);
931 struct timeval timeout;
932 #if _FFR_LOG_GREET_PAUSE
933 struct timeval bp, ep, tp; /* {begin,end,total}pause */
934 #endif /* _FFR_LOG_GREET_PAUSE */
936 /* pause for a moment */
937 timeout.tv_sec = msecs / 1000;
938 timeout.tv_usec = (msecs % 1000) * 1000;
940 /* Obey RFC 2821: 4.3.5.2: 220 timeout of 5 minutes */
941 if (timeout.tv_sec >= 300)
943 timeout.tv_sec = 300;
947 /* check if data is on the socket during the pause */
948 fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
950 SM_FD_SET(fd, &readfds);
951 #if _FFR_LOG_GREET_PAUSE
952 gettimeofday(&bp, NULL);
953 #endif /* _FFR_LOG_GREET_PAUSE */
954 if (select(fd + 1, FDSET_CAST &readfds,
955 NULL, NULL, &timeout) > 0 &&
956 FD_ISSET(fd, &readfds))
958 #if _FFR_LOG_GREET_PAUSE
959 gettimeofday(&ep, NULL);
960 timersub(&ep, &bp, &tp);
961 #endif /* _FFR_LOG_GREET_PAUSE */
963 nullserver = "Command rejected";
964 sm_syslog(LOG_INFO, e->e_id,
965 #if _FFR_LOG_GREET_PAUSE
966 "rejecting commands from %s [%s] after %d seconds due to pre-greeting traffic",
967 #else /* _FFR_LOG_GREET_PAUSE */
968 "rejecting commands from %s [%s] due to pre-greeting traffic",
969 #endif /* _FFR_LOG_GREET_PAUSE */
971 anynet_ntoa(&RealHostAddr)
972 #if _FFR_LOG_GREET_PAUSE
974 (tp.tv_usec >= 500000 ? 1 : 0)
975 #endif /* _FFR_LOG_GREET_PAUSE */
982 /* If this an smtps connection, start TLS now */
991 #endif /* STARTTLS */
993 /* output the first line, inserting "ESMTP" as second word */
994 if (*greetcode == '5')
995 (void) sm_snprintf(inp, sizeof inp, "%s not accepting messages",
998 expand(SmtpGreeting, inp, sizeof inp, e);
1000 p = strchr(inp, '\n');
1003 id = strchr(inp, ' ');
1005 id = &inp[strlen(inp)];
1007 (void) sm_snprintf(cmdbuf, sizeof cmdbuf,
1008 "%s %%.*s ESMTP%%s", greetcode);
1010 (void) sm_snprintf(cmdbuf, sizeof cmdbuf,
1011 "%s-%%.*s ESMTP%%s", greetcode);
1012 message(cmdbuf, (int) (id - inp), inp, id);
1014 /* output remaining lines */
1015 while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL)
1018 if (isascii(*id) && isspace(*id))
1020 (void) sm_strlcpyn(cmdbuf, sizeof cmdbuf, 2, greetcode, "-%s");
1021 message(cmdbuf, id);
1025 if (isascii(*id) && isspace(*id))
1027 (void) sm_strlcpyn(cmdbuf, sizeof cmdbuf, 2, greetcode, " %s");
1028 message(cmdbuf, id);
1032 sendinghost = macvalue('s', e);
1034 /* If quarantining by a connect/ehlo action, save between messages */
1035 if (e->e_quarmsg == NULL)
1036 smtp.sm_quarmsg = NULL;
1038 smtp.sm_quarmsg = newstr(e->e_quarmsg);
1040 /* sendinghost's storage must outlive the current envelope */
1041 if (sendinghost != NULL)
1042 sendinghost = sm_strdup_x(sendinghost);
1043 #if _FFR_BLOCK_PROXIES
1045 #endif /* _FFR_BLOCK_PROXIES */
1047 smtp.sm_gotmail = false;
1056 OnlyOneError = true;
1057 e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS);
1059 /* setup for the read */
1063 (void) sm_io_flush(smioout, SM_TIME_DEFAULT);
1065 /* read the input line */
1066 SmtpPhase = "server cmd read";
1067 sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
1070 ** XXX SMTP AUTH requires accepting any length,
1071 ** at least for challenge/response
1076 if (sm_io_error(OutChannel) ||
1077 (p = sfgets(inp, sizeof inp, InChannel,
1078 TimeOuts.to_nextcommand, SmtpPhase)) == NULL)
1082 d = macvalue(macid("{daemon_name}"), e);
1085 /* end of file, just die */
1089 /* close out milter filters */
1093 message("421 4.4.1 %s Lost input channel from %s",
1094 MyHostName, CurSmtpClient);
1095 if (LogLevel > (smtp.sm_gotmail ? 1 : 19))
1096 sm_syslog(LOG_NOTICE, e->e_id,
1097 "lost input channel from %s to %s after %s",
1099 (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name);
1101 ** If have not accepted mail (DATA), do not bounce
1102 ** bad addresses back to sender.
1105 if (bitset(EF_CLRQUEUE, e->e_flags))
1106 e->e_sendqueue = NULL;
1110 #if _FFR_BLOCK_PROXIES
1113 size_t inplen, cmdlen;
1116 static char *http_cmds[] = { "GET", "POST",
1117 "CONNECT", "USER", NULL };
1119 inplen = strlen(inp);
1120 for (idx = 0; (http_cmd = http_cmds[idx]) != NULL;
1123 cmdlen = strlen(http_cmd);
1124 if (cmdlen < inplen &&
1125 sm_strncasecmp(inp, http_cmd, cmdlen) == 0 &&
1126 isascii(inp[cmdlen]) && isspace(inp[cmdlen]))
1128 /* Open proxy, drop it */
1129 message("421 4.7.0 %s Rejecting open proxy %s",
1130 MyHostName, CurSmtpClient);
1131 sm_syslog(LOG_INFO, e->e_id,
1132 "%s: probable open proxy: command=%.40s",
1133 CurSmtpClient, inp);
1139 #endif /* _FFR_BLOCK_PROXIES */
1141 /* clean up end of line */
1147 ** if there is more input and pipelining is disabled:
1148 ** delay ... (and maybe discard the input?)
1149 ** XXX this doesn't really work, at least in tests using
1150 ** telnet SM_IO_IS_READABLE only returns 1 if there were
1151 ** more than 2 input lines available.
1154 if (bitset(SRV_NO_PIPE, features) &&
1155 sm_io_getinfo(InChannel, SM_IO_IS_READABLE, NULL) > 0)
1158 sm_syslog(LOG_INFO, NOQID,
1159 "unauthorized PIPELINING, sleeping");
1163 # endif /* _FFR_NO_PIPE */
1164 #endif /* PIPELINING */
1167 if (authenticating == SASL_PROC_AUTH)
1172 authenticating = SASL_NOT_AUTH;
1173 message("501 5.5.2 missing input");
1178 if (*inp == '*' && *(inp + 1) == '\0')
1180 authenticating = SASL_NOT_AUTH;
1183 message("501 5.0.0 AUTH aborted");
1188 /* could this be shorter? XXX */
1190 in = xalloc(strlen(inp) + 1);
1191 result = sasl_decode64(inp, strlen(inp), in,
1192 strlen(inp), &inlen);
1193 # else /* SASL >= 20000 */
1194 out = xalloc(strlen(inp));
1195 result = sasl_decode64(inp, strlen(inp), out, &outlen);
1196 # endif /* SASL >= 20000 */
1197 if (result != SASL_OK)
1199 authenticating = SASL_NOT_AUTH;
1202 message("501 5.5.4 cannot decode AUTH parameter %s",
1206 # endif /* SASL >= 20000 */
1212 result = sasl_server_step(conn, in, inlen,
1215 # else /* SASL >= 20000 */
1216 result = sasl_server_step(conn, out, outlen,
1217 &out, &outlen, &errstr);
1218 # endif /* SASL >= 20000 */
1220 /* get an OK if we're done */
1221 if (result == SASL_OK)
1224 message("235 2.0.0 OK Authenticated");
1225 authenticating = SASL_IS_AUTH;
1226 macdefine(&BlankEnvelope.e_macro, A_TEMP,
1227 macid("{auth_type}"), auth_type);
1230 user = macvalue(macid("{auth_authen}"), e);
1232 /* get security strength (features) */
1233 result = sasl_getprop(conn, SASL_SSF,
1234 (const void **) &ssf);
1235 # else /* SASL >= 20000 */
1236 result = sasl_getprop(conn, SASL_USERNAME,
1238 if (result != SASL_OK)
1241 macdefine(&BlankEnvelope.e_macro,
1243 macid("{auth_authen}"), NULL);
1247 macdefine(&BlankEnvelope.e_macro,
1249 macid("{auth_authen}"),
1250 xtextify(user, "<>\")"));
1255 sasl_getprop(conn, SASL_REALM, (void **) &data);
1258 /* get security strength (features) */
1259 result = sasl_getprop(conn, SASL_SSF,
1261 # endif /* SASL >= 20000 */
1262 if (result != SASL_OK)
1264 macdefine(&BlankEnvelope.e_macro,
1266 macid("{auth_ssf}"), "0");
1273 (void) sm_snprintf(pbuf, sizeof pbuf,
1275 macdefine(&BlankEnvelope.e_macro,
1277 macid("{auth_ssf}"), pbuf);
1279 sm_dprintf("AUTH auth_ssf: %u\n",
1284 ** Only switch to encrypted connection
1285 ** if a security layer has been negotiated
1288 if (ssf != NULL && *ssf > 0)
1293 ** Convert I/O layer to use SASL.
1294 ** If the call fails, the connection
1298 tmo = TimeOuts.to_datablock * 1000;
1299 if (sfdcsasl(&InChannel, &OutChannel,
1302 /* restart dialogue */
1305 (void) sm_io_autoflush(InChannel,
1307 # endif /* PIPELINING */
1310 syserr("503 5.3.3 SASL TLS failed");
1313 /* NULL pointer ok since it's our function */
1315 sm_syslog(LOG_INFO, NOQID,
1316 "AUTH=server, relay=%s, authid=%.128s, mech=%.16s, bits=%d",
1318 shortenstring(user, 128),
1321 else if (result == SASL_CONTINUE)
1323 len = ENC64LEN(outlen);
1325 result = sasl_encode64(out, outlen, out2, len,
1327 if (result != SASL_OK)
1329 /* correct code? XXX */
1330 /* 454 Temp. authentication failure */
1331 message("454 4.5.4 Internal error: unable to encode64");
1333 sm_syslog(LOG_WARNING, e->e_id,
1334 "AUTH encode64 error [%d for \"%s\"]",
1337 authenticating = SASL_NOT_AUTH;
1341 message("334 %s", out2);
1343 sm_dprintf("AUTH continue: msg='%s' len=%u\n",
1348 # endif /* SASL >= 20000 */
1352 /* not SASL_OK or SASL_CONT */
1353 message("535 5.7.0 authentication failed");
1355 sm_syslog(LOG_WARNING, e->e_id,
1356 "AUTH failure (%s): %s (%d) %s",
1358 sasl_errstring(result, NULL,
1362 sasl_errdetail(conn));
1363 # else /* SASL >= 20000 */
1364 errstr == NULL ? "" : errstr);
1365 # endif /* SASL >= 20000 */
1367 authenticating = SASL_NOT_AUTH;
1372 /* don't want to do any of this if authenticating */
1375 /* echo command to transcript */
1376 if (e->e_xfp != NULL)
1377 (void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
1381 sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp);
1383 /* break off command */
1384 for (p = inp; isascii(*p) && isspace(*p); p++)
1387 while (*p != '\0' &&
1388 !(isascii(*p) && isspace(*p)) &&
1389 cmd < &cmdbuf[sizeof cmdbuf - 2])
1393 /* throw away leading whitespace */
1396 /* decode command */
1397 for (c = CmdTab; c->cmd_name != NULL; c++)
1399 if (sm_strcasecmp(c->cmd_name, cmdbuf) == 0)
1406 /* check whether a "non-null" command has been used */
1407 switch (c->cmd_code)
1411 /* avoid information leak; take first two words? */
1420 lognullconnection = false;
1427 if (e->e_id == NULL)
1428 sm_setproctitle(true, e, "%s: %.80s",
1431 sm_setproctitle(true, e, "%s %s: %.80s",
1438 ** If we are running as a null server, return 550
1439 ** to almost everything.
1442 if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags))
1444 switch (c->cmd_code)
1452 /* process normally */
1456 if (bitnset(D_ETRNONLY, d_flags) &&
1463 #if MAXBADCOMMANDS > 0
1464 /* theoretically this could overflow */
1465 if (nullserver != NULL &&
1466 ++n_badcmds > MAXBADCOMMANDS)
1468 message("421 4.7.0 %s Too many bad commands; closing connection",
1471 /* arrange to ignore send list */
1472 e->e_sendqueue = NULL;
1475 #endif /* MAXBADCOMMANDS > 0 */
1476 if (nullserver != NULL)
1478 if (ISSMTPREPLY(nullserver))
1481 usrerr("550 5.0.0 %s",
1485 usrerr("452 4.4.5 Insufficient disk space; try again later");
1490 switch (c->cmd_code)
1493 case CMDAUTH: /* sasl */
1495 if (!sasl_ok || n_mechs <= 0)
1497 message("503 5.3.3 AUTH not available");
1500 if (authenticating == SASL_IS_AUTH)
1502 message("503 5.5.0 Already Authenticated");
1505 if (smtp.sm_gotmail)
1507 message("503 5.5.0 AUTH not permitted during a mail transaction");
1513 sm_syslog(LOG_INFO, e->e_id,
1514 "SMTP AUTH command (%.100s) from %s tempfailed (due to previous checks)",
1516 usrerr("454 4.3.0 Please try again later");
1522 /* crude way to avoid crack attempts */
1523 STOP_IF_ATTACK(checksmtpattack(&n_auth, n_mechs + 1,
1526 /* make sure mechanism (p) is a valid string */
1527 for (q = p; *q != '\0' && isascii(*q); q++)
1532 while (*++q != '\0' &&
1533 isascii(*q) && isspace(*q))
1536 ismore = (*q != '\0');
1543 message("501 5.5.2 AUTH mechanism must be specified");
1547 /* check whether mechanism is available */
1548 if (iteminlist(p, mechlist, " ") == NULL)
1550 message("504 5.3.3 AUTH mechanism %.32s not available",
1557 /* could this be shorter? XXX */
1559 in = xalloc(strlen(q) + 1);
1560 result = sasl_decode64(q, strlen(q), in,
1562 # else /* SASL >= 20000 */
1563 in = sm_rpool_malloc(e->e_rpool, strlen(q));
1564 result = sasl_decode64(q, strlen(q), in,
1566 # endif /* SASL >= 20000 */
1567 if (result != SASL_OK)
1569 message("501 5.5.4 cannot BASE64 decode '%s'",
1572 sm_syslog(LOG_WARNING, e->e_id,
1573 "AUTH decode64 error [%d for \"%s\"]",
1576 authenticating = SASL_NOT_AUTH;
1579 # endif /* SASL >= 20000 */
1591 /* see if that auth type exists */
1593 result = sasl_server_start(conn, p, in, inlen,
1597 # else /* SASL >= 20000 */
1598 result = sasl_server_start(conn, p, in, inlen,
1599 &out, &outlen, &errstr);
1600 # endif /* SASL >= 20000 */
1602 if (result != SASL_OK && result != SASL_CONTINUE)
1604 message("535 5.7.0 authentication failed");
1606 sm_syslog(LOG_ERR, e->e_id,
1607 "AUTH failure (%s): %s (%d) %s",
1609 sasl_errstring(result, NULL,
1613 sasl_errdetail(conn));
1614 # else /* SASL >= 20000 */
1616 # endif /* SASL >= 20000 */
1620 auth_type = newstr(p);
1622 if (result == SASL_OK)
1624 /* ugly, but same code */
1626 /* authenticated by the initial response */
1629 /* len is at least 2 */
1630 len = ENC64LEN(outlen);
1632 result = sasl_encode64(out, outlen, out2, len,
1635 if (result != SASL_OK)
1637 message("454 4.5.4 Temporary authentication failure");
1639 sm_syslog(LOG_WARNING, e->e_id,
1640 "AUTH encode64 error [%d for \"%s\"]",
1644 authenticating = SASL_NOT_AUTH;
1649 message("334 %s", out2);
1650 authenticating = SASL_PROC_AUTH;
1654 # endif /* SASL >= 20000 */
1659 case CMDSTLS: /* starttls */
1660 DELAY_CONN("STARTTLS");
1663 message("501 5.5.2 Syntax error (no parameters allowed)");
1666 if (!bitset(SRV_OFFER_TLS, features))
1668 message("503 5.5.0 TLS not available");
1673 message("454 4.3.3 TLS not available after start");
1676 if (smtp.sm_gotmail)
1678 message("503 5.5.0 TLS not permitted during a mail transaction");
1684 sm_syslog(LOG_INFO, e->e_id,
1685 "SMTP STARTTLS command (%.100s) from %s tempfailed (due to previous checks)",
1687 usrerr("454 4.7.0 Please try again later");
1693 ** XXX do we need a temp key ?
1695 # else /* TLS_NO_RSA */
1696 # endif /* TLS_NO_RSA */
1698 # if TLS_VRFY_PER_CTX
1700 ** Note: this sets the verification globally
1702 ** it's ok since it applies only to one transaction
1705 TLS_VERIFY_CLIENT();
1706 # endif /* TLS_VRFY_PER_CTX */
1708 if (srv_ssl != NULL)
1710 else if ((srv_ssl = SSL_new(srv_ctx)) == NULL)
1712 message("454 4.3.3 TLS not available: error generating SSL handle");
1714 tlslogerr("server");
1718 # if !TLS_VRFY_PER_CTX
1720 ** this could be used if it were possible to set
1721 ** verification per SSL (connection)
1722 ** not just per SSL_CTX (global)
1725 TLS_VERIFY_CLIENT();
1726 # endif /* !TLS_VRFY_PER_CTX */
1728 rfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
1729 wfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
1731 if (rfd < 0 || wfd < 0 ||
1732 SSL_set_rfd(srv_ssl, rfd) <= 0 ||
1733 SSL_set_wfd(srv_ssl, wfd) <= 0)
1735 message("454 4.3.3 TLS not available: error set fd");
1741 message("220 2.0.0 Ready to start TLS");
1743 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
1744 # endif /* PIPELINING */
1746 SSL_set_accept_state(srv_ssl);
1748 # define SSL_ACC(s) SSL_accept(s)
1750 tlsstart = curtime();
1752 if ((r = SSL_ACC(srv_ssl)) <= 0)
1756 ssl_err = SSL_get_error(srv_ssl, r);
1757 i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
1758 TimeOuts.to_starttls, ssl_err,
1765 sm_syslog(LOG_WARNING, NOQID,
1766 "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
1767 r, ssl_err, errno, i);
1769 tlslogerr("server");
1776 ** according to the next draft of
1777 ** RFC 2487 the connection should be dropped
1780 /* arrange to ignore any current send list */
1781 e->e_sendqueue = NULL;
1785 /* ignore return code for now, it's in {verify} */
1786 (void) tls_get_info(srv_ssl, true,
1788 &BlankEnvelope.e_macro,
1789 bitset(SRV_VRFY_CLT, features));
1792 ** call Stls_client to find out whether
1793 ** to accept the connection from the client
1796 saveQuickAbort = QuickAbort;
1797 saveSuprErrs = SuprErrs;
1800 if (rscheck("tls_client",
1801 macvalue(macid("{verify}"), e),
1803 RSF_RMCOMM|RSF_COUNT,
1804 5, NULL, NOQID) != EX_OK ||
1807 extern char MsgBuf[];
1809 if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf))
1810 nullserver = newstr(MsgBuf);
1812 nullserver = "503 5.7.0 Authentication required.";
1814 QuickAbort = saveQuickAbort;
1815 SuprErrs = saveSuprErrs;
1817 tls_ok_srv = false; /* don't offer STARTTLS again */
1826 s = macvalue(macid("{cipher_bits}"), e);
1827 v = macvalue(macid("{verify}"), e);
1828 c = macvalue(macid("{cert_subject}"), e);
1829 verified = (v != NULL && strcmp(v, "OK") == 0);
1830 if (s != NULL && (cipher_bits = atoi(s)) > 0)
1833 ext_ssf = cipher_bits;
1834 auth_id = verified ? c : NULL;
1835 sasl_ok = ((sasl_setprop(conn,
1837 &ext_ssf) == SASL_OK) &&
1840 auth_id) == SASL_OK));
1841 # else /* SASL >= 20000 */
1842 ext_ssf.ssf = cipher_bits;
1843 ext_ssf.auth_id = verified ? c : NULL;
1844 sasl_ok = sasl_setprop(conn,
1846 &ext_ssf) == SASL_OK;
1847 # endif /* SASL >= 20000 */
1850 n_mechs = saslmechs(conn,
1856 /* switch to secure connection */
1857 if (sfdctls(&InChannel, &OutChannel, srv_ssl) == 0)
1861 (void) sm_io_autoflush(InChannel, OutChannel);
1862 # endif /* PIPELINING */
1867 ** XXX this is an internal error
1868 ** how to deal with it?
1869 ** we can't generate an error message
1870 ** since the other side switched to an
1871 ** encrypted layer, but we could not...
1875 nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer";
1876 syserr("STARTTLS: can't switch to encrypted layer");
1887 #endif /* STARTTLS */
1889 case CMDHELO: /* hello -- introduce yourself */
1890 case CMDEHLO: /* extended hello */
1892 if (c->cmd_code == CMDEHLO)
1895 SmtpPhase = "server EHLO";
1900 SmtpPhase = "server HELO";
1903 /* avoid denial-of-service */
1904 STOP_IF_ATTACK(checksmtpattack(&n_helo, MAXHELOCOMMANDS,
1905 true, "HELO/EHLO", e));
1908 /* RFC2821 4.1.4 allows duplicate HELO/EHLO */
1909 /* check for duplicate HELO/EHLO per RFC 1651 4.2 */
1912 usrerr("503 %s Duplicate HELO/EHLO",
1918 /* check for valid domain name (re 1123 5.2.5) */
1919 if (*p == '\0' && !AllowBogusHELO)
1921 usrerr("501 %s requires domain address",
1926 /* check for long domain name (hides Received: info) */
1927 if (strlen(p) > MAXNAME)
1929 usrerr("501 Invalid domain name");
1931 sm_syslog(LOG_INFO, CurEnv->e_id,
1932 "invalid domain name (too long) from %s",
1938 for (q = p; *q != '\0'; q++)
1948 /* only complain if strict check */
1949 ok = AllowBogusHELO;
1951 /* allow trailing whitespace */
1952 while (!ok && *++q != '\0' &&
1959 if (strchr("[].-_#:", *q) == NULL)
1963 if (*q == '\0' && ok)
1965 q = "pleased to meet you";
1966 sendinghost = sm_strdup_x(p);
1968 else if (!AllowBogusHELO)
1970 usrerr("501 Invalid domain name");
1972 sm_syslog(LOG_INFO, CurEnv->e_id,
1973 "invalid domain name (%s) from %.100s",
1979 q = "accepting invalid domain name";
1982 if (gothello || smtp.sm_gotmail)
1983 CLEAR_STATE(cmdbuf);
1986 if (smtp.sm_milterlist && smtp.sm_milterize &&
1987 !bitset(EF_DISCARD, e->e_flags))
1992 response = milter_helo(p, e, &state);
1995 case SMFIR_REPLYCODE:
1996 if (MilterLogLevel > 3)
1997 sm_syslog(LOG_INFO, e->e_id,
1998 "Milter: helo=%s, reject=%s",
2000 nullserver = newstr(response);
2001 smtp.sm_milterize = false;
2005 if (MilterLogLevel > 3)
2006 sm_syslog(LOG_INFO, e->e_id,
2007 "Milter: helo=%s, reject=Command rejected",
2009 nullserver = "Command rejected";
2010 smtp.sm_milterize = false;
2013 case SMFIR_TEMPFAIL:
2014 if (MilterLogLevel > 3)
2015 sm_syslog(LOG_INFO, e->e_id,
2016 "Milter: helo=%s, reject=%s",
2019 smtp.sm_milterize = false;
2022 case SMFIR_SHUTDOWN:
2023 if (MilterLogLevel > 3)
2024 sm_syslog(LOG_INFO, e->e_id,
2025 "Milter: helo=%s, reject=421 4.7.0 %s closing connection",
2028 smtp.sm_milterize = false;
2029 message("421 4.7.0 %s closing connection",
2031 /* arrange to ignore send list */
2032 e->e_sendqueue = NULL;
2035 if (response != NULL)
2039 ** If quarantining by a connect/ehlo action,
2040 ** save between messages
2043 if (smtp.sm_quarmsg == NULL &&
2044 e->e_quarmsg != NULL)
2045 smtp.sm_quarmsg = newstr(e->e_quarmsg);
2050 /* print HELO response message */
2051 if (c->cmd_code != CMDEHLO)
2053 message("250 %s Hello %s, %s",
2054 MyHostName, CurSmtpClient, q);
2058 message("250-%s Hello %s, %s",
2059 MyHostName, CurSmtpClient, q);
2061 /* offer ENHSC even for nullserver */
2062 if (nullserver != NULL)
2064 message("250 ENHANCEDSTATUSCODES");
2069 ** print EHLO features list
2071 ** Note: If you change this list,
2072 ** remember to update 'helpfile'
2075 message("250-ENHANCEDSTATUSCODES");
2077 if (bitset(SRV_OFFER_PIPE, features))
2078 message("250-PIPELINING");
2079 #endif /* PIPELINING */
2080 if (bitset(SRV_OFFER_EXPN, features))
2082 message("250-EXPN");
2083 if (bitset(SRV_OFFER_VERB, features))
2084 message("250-VERB");
2087 message("250-8BITMIME");
2088 #endif /* MIME8TO7 */
2089 if (MaxMessageSize > 0)
2090 message("250-SIZE %ld", MaxMessageSize);
2092 message("250-SIZE");
2094 if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features))
2097 if (bitset(SRV_OFFER_ETRN, features))
2098 message("250-ETRN");
2100 if (sasl_ok && mechlist != NULL && *mechlist != '\0')
2101 message("250-AUTH %s", mechlist);
2105 bitset(SRV_OFFER_TLS, features))
2106 message("250-STARTTLS");
2107 #endif /* STARTTLS */
2108 if (DeliverByMin > 0)
2109 message("250-DELIVERBY %ld",
2110 (long) DeliverByMin);
2111 else if (DeliverByMin == 0)
2112 message("250-DELIVERBY");
2114 /* < 0: no deliver-by */
2116 message("250 HELP");
2119 case CMDMAIL: /* mail -- designate sender */
2120 SmtpPhase = "server MAIL";
2123 /* check for validity of this command */
2124 if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags))
2126 usrerr("503 5.0.0 Polite people say HELO first");
2129 if (smtp.sm_gotmail)
2131 usrerr("503 5.5.0 Sender already specified");
2135 if (bitset(SRV_REQ_AUTH, features) &&
2136 authenticating != SASL_IS_AUTH)
2138 usrerr("530 5.7.0 Authentication required");
2143 p = skipword(p, "from");
2149 sm_syslog(LOG_INFO, e->e_id,
2150 "SMTP MAIL command (%.100s) from %s tempfailed (due to previous checks)",
2152 usrerr(MSG_TEMPFAIL);
2156 /* make sure we know who the sending host is */
2157 if (sendinghost == NULL)
2158 sendinghost = peerhostname;
2162 if (sm_debug_active(&DebugLeakSmtp, 1))
2165 sm_dprintf("smtp() heap group #%d\n",
2168 #endif /* SM_HEAP_CHECK */
2174 auth_warning(e, "%s didn't use HELO protocol",
2177 #ifdef PICKY_HELO_CHECK
2178 if (sm_strcasecmp(sendinghost, peerhostname) != 0 &&
2179 (sm_strcasecmp(peerhostname, "localhost") != 0 ||
2180 sm_strcasecmp(sendinghost, MyHostName) != 0))
2182 auth_warning(e, "Host %s claimed to be %s",
2183 CurSmtpClient, sendinghost);
2185 #endif /* PICKY_HELO_CHECK */
2187 if (protocol == NULL)
2189 macdefine(&e->e_macro, A_PERM, 'r', protocol);
2190 macdefine(&e->e_macro, A_PERM, 's', sendinghost);
2196 macdefine(&e->e_macro, A_PERM, macid("{ntries}"), "0");
2197 macdefine(&e->e_macro, A_PERM, macid("{nrcpts}"), "0");
2198 macdefine(&e->e_macro, A_PERM, macid("{nbadrcpts}"),
2200 e->e_flags |= EF_CLRQUEUE;
2201 sm_setproctitle(true, e, "%s %s: %.80s",
2203 CurSmtpClient, inp);
2205 /* do the processing */
2208 extern char *FullName;
2211 SM_FREE_CLR(FullName);
2213 /* must parse sender first */
2215 setsender(p, e, &delimptr, ' ', false);
2216 if (delimptr != NULL && *delimptr != '\0')
2219 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2221 /* Successfully set e_from, allow logging */
2222 e->e_flags |= EF_LOGSENDER;
2224 /* put resulting triple from parseaddr() into macros */
2225 if (e->e_from.q_mailer != NULL)
2226 macdefine(&e->e_macro, A_PERM,
2227 macid("{mail_mailer}"),
2228 e->e_from.q_mailer->m_name);
2230 macdefine(&e->e_macro, A_PERM,
2231 macid("{mail_mailer}"), NULL);
2232 if (e->e_from.q_host != NULL)
2233 macdefine(&e->e_macro, A_PERM,
2234 macid("{mail_host}"),
2237 macdefine(&e->e_macro, A_PERM,
2238 macid("{mail_host}"), "localhost");
2239 if (e->e_from.q_user != NULL)
2240 macdefine(&e->e_macro, A_PERM,
2241 macid("{mail_addr}"),
2244 macdefine(&e->e_macro, A_PERM,
2245 macid("{mail_addr}"), NULL);
2247 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2249 /* check for possible spoofing */
2250 if (RealUid != 0 && OpMode == MD_SMTP &&
2251 !wordinclass(RealUserName, 't') &&
2252 (!bitnset(M_LOCALMAILER,
2253 e->e_from.q_mailer->m_flags) ||
2254 strcmp(e->e_from.q_user, RealUserName) != 0))
2256 auth_warning(e, "%s owned process doing -bs",
2260 /* reset to default value */
2261 SevenBitInput = save_sevenbitinput;
2263 /* now parse ESMTP arguments */
2269 while (p != NULL && *p != '\0')
2275 /* locate the beginning of the keyword */
2281 /* skip to the value portion */
2282 while ((isascii(*p) && isalnum(*p)) || *p == '-')
2290 /* skip to the end of the value */
2291 while (*p != '\0' && *p != ' ' &&
2292 !(isascii(*p) && iscntrl(*p)) &&
2301 sm_dprintf("MAIL: got arg %s=\"%s\"\n", kp,
2302 vp == NULL ? "<null>" : vp);
2304 mail_esmtp_args(kp, vp, e, features);
2308 if (argno >= MAXSMTPARGS - 1)
2309 usrerr("501 5.5.4 Too many parameters");
2311 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2315 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2318 # if _FFR_AUTH_PASSING
2319 /* set the default AUTH= if the sender didn't */
2320 if (e->e_auth_param == NULL)
2322 /* XXX only do this for an MSA? */
2323 e->e_auth_param = macvalue(macid("{auth_authen}"),
2325 if (e->e_auth_param == NULL)
2326 e->e_auth_param = "<>";
2329 ** XXX should we invoke Strust_auth now?
2330 ** authorizing as the client that just
2331 ** authenticated, so we'll trust implicitly
2334 # endif /* _FFR_AUTH_PASSING */
2337 /* do config file checking of the sender */
2338 macdefine(&e->e_macro, A_PERM,
2339 macid("{addr_type}"), "e s");
2341 /* make the "real" sender address available */
2342 macdefine(&e->e_macro, A_TEMP, macid("{mail_from}"),
2344 #endif /* _FFR_MAIL_MACRO */
2345 if (rscheck("check_mail", addr,
2346 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2347 NULL, e->e_id) != EX_OK ||
2349 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2350 macdefine(&e->e_macro, A_PERM,
2351 macid("{addr_type}"), NULL);
2353 if (MaxMessageSize > 0 &&
2354 (e->e_msgsize > MaxMessageSize ||
2357 usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)",
2359 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2363 ** XXX always check whether there is at least one fs
2364 ** with enough space?
2365 ** However, this may not help much: the queue group
2366 ** selection may later on select a FS that hasn't
2370 if ((NumFileSys == 1 || NumQueue == 1) &&
2371 !enoughdiskspace(e->e_msgsize, e)
2372 #if _FFR_ANY_FREE_FS
2373 && !filesys_free(e->e_msgsize)
2374 #endif /* _FFR_ANY_FREE_FS */
2378 ** We perform this test again when the
2379 ** queue directory is selected, in collect.
2382 usrerr("452 4.4.5 Insufficient disk space; try again later");
2383 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2386 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2390 if (smtp.sm_milterlist && smtp.sm_milterize &&
2391 !bitset(EF_DISCARD, e->e_flags))
2396 response = milter_envfrom(args, e, &state);
2397 MILTER_REPLY("from");
2401 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2403 message("250 2.1.0 Sender ok");
2404 smtp.sm_gotmail = true;
2406 SM_EXCEPT(exc, "[!F]*")
2409 ** An error occurred while processing a MAIL command.
2410 ** Jump to the common error handling code.
2420 e->e_flags &= ~EF_PM_NOTIFY;
2424 case CMDRCPT: /* rcpt -- designate recipient */
2426 if (BadRcptThrottle > 0 &&
2427 n_badrcpts >= BadRcptThrottle)
2430 n_badrcpts == BadRcptThrottle)
2432 sm_syslog(LOG_INFO, e->e_id,
2433 "%s: Possible SMTP RCPT flood, throttling.",
2436 /* To avoid duplicated message */
2442 ** Don't use exponential backoff for now.
2443 ** Some servers will open more connections
2444 ** and actually overload the receiver even
2450 if (!smtp.sm_gotmail)
2452 usrerr("503 5.0.0 Need MAIL before RCPT");
2455 SmtpPhase = "server RCPT";
2461 /* limit flooding of our machine */
2462 if (MaxRcptPerMsg > 0 &&
2463 smtp.sm_nrcpts >= MaxRcptPerMsg)
2465 /* sleep(1); / * slow down? */
2466 usrerr("452 4.5.3 Too many recipients");
2470 if (e->e_sendmode != SM_DELIVER
2472 && (NotFirstDelivery || SM_DM_ONE != e->e_sendmode)
2473 #endif /* _FFR_DM_ONE */
2475 e->e_flags |= EF_VRFYONLY;
2479 ** If the filter will be deleting recipients,
2480 ** don't expand them at RCPT time (in the call
2481 ** to recipient()). If they are expanded, it
2482 ** is impossible for removefromlist() to figure
2483 ** out the expanded members of the original
2484 ** recipient and mark them as QS_DONTSEND.
2487 if (milter_can_delrcpts())
2488 e->e_flags |= EF_VRFYONLY;
2491 p = skipword(p, "to");
2494 macdefine(&e->e_macro, A_PERM,
2495 macid("{addr_type}"), "e r");
2496 a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr,
2498 macdefine(&e->e_macro, A_PERM,
2499 macid("{addr_type}"), NULL);
2504 usrerr("501 5.0.0 Missing recipient");
2508 if (delimptr != NULL && *delimptr != '\0')
2511 /* put resulting triple from parseaddr() into macros */
2512 if (a->q_mailer != NULL)
2513 macdefine(&e->e_macro, A_PERM,
2514 macid("{rcpt_mailer}"),
2515 a->q_mailer->m_name);
2517 macdefine(&e->e_macro, A_PERM,
2518 macid("{rcpt_mailer}"), NULL);
2519 if (a->q_host != NULL)
2520 macdefine(&e->e_macro, A_PERM,
2521 macid("{rcpt_host}"), a->q_host);
2523 macdefine(&e->e_macro, A_PERM,
2524 macid("{rcpt_host}"), "localhost");
2525 if (a->q_user != NULL)
2526 macdefine(&e->e_macro, A_PERM,
2527 macid("{rcpt_addr}"), a->q_user);
2529 macdefine(&e->e_macro, A_PERM,
2530 macid("{rcpt_addr}"), NULL);
2534 /* now parse ESMTP arguments */
2539 while (p != NULL && *p != '\0')
2545 /* locate the beginning of the keyword */
2551 /* skip to the value portion */
2552 while ((isascii(*p) && isalnum(*p)) || *p == '-')
2560 /* skip to the end of the value */
2561 while (*p != '\0' && *p != ' ' &&
2562 !(isascii(*p) && iscntrl(*p)) &&
2571 sm_dprintf("RCPT: got arg %s=\"%s\"\n", kp,
2572 vp == NULL ? "<null>" : vp);
2574 rcpt_esmtp_args(a, kp, vp, e, features);
2578 if (argno >= MAXSMTPARGS - 1)
2579 usrerr("501 5.5.4 Too many parameters");
2587 /* do config file checking of the recipient */
2588 macdefine(&e->e_macro, A_PERM,
2589 macid("{addr_type}"), "e r");
2590 if (rscheck("check_rcpt", addr,
2591 NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
2592 NULL, e->e_id) != EX_OK ||
2595 macdefine(&e->e_macro, A_PERM,
2596 macid("{addr_type}"), NULL);
2598 /* If discarding, don't bother to verify user */
2599 if (bitset(EF_DISCARD, e->e_flags))
2600 a->q_state = QS_VERIFIED;
2603 if (smtp.sm_milterlist && smtp.sm_milterize &&
2604 !bitset(EF_DISCARD, e->e_flags))
2609 response = milter_envrcpt(args, e, &state);
2614 macdefine(&e->e_macro, A_PERM,
2615 macid("{rcpt_mailer}"), NULL);
2616 macdefine(&e->e_macro, A_PERM,
2617 macid("{rcpt_host}"), NULL);
2618 macdefine(&e->e_macro, A_PERM,
2619 macid("{rcpt_addr}"), NULL);
2620 macdefine(&e->e_macro, A_PERM,
2621 macid("{dsn_notify}"), NULL);
2625 /* save in recipient list after ESMTP mods */
2626 a = recipient(a, &e->e_sendqueue, 0, e);
2630 /* no errors during parsing, but might be a duplicate */
2631 e->e_to = a->q_paddr;
2632 if (!QS_IS_BADADDR(a->q_state))
2634 if (smtp.sm_nrcpts == 0)
2636 message("250 2.1.5 Recipient ok%s",
2637 QS_IS_QUEUEUP(a->q_state) ?
2638 " (will queue)" : "");
2643 /* punt -- should keep message in ADDRESS.... */
2644 usrerr("550 5.1.1 Addressee unknown");
2653 SM_EXCEPT(exc, "[!F]*")
2655 /* An exception occurred while processing RCPT */
2656 e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY);
2663 case CMDDATA: /* data -- text of mail */
2665 if (!smtp_data(&smtp, e))
2669 case CMDRSET: /* rset -- reset state */
2671 message("451 4.0.0 Test failure");
2673 message("250 2.0.0 Reset state");
2674 CLEAR_STATE(cmdbuf);
2677 case CMDVRFY: /* vrfy -- verify address */
2678 case CMDEXPN: /* expn -- expand address */
2679 vrfy = c->cmd_code == CMDVRFY;
2680 DELAY_CONN(vrfy ? "VRFY" : "EXPN");
2684 sm_syslog(LOG_INFO, e->e_id,
2685 "SMTP %s command (%.100s) from %s tempfailed (due to previous checks)",
2686 vrfy ? "VRFY" : "EXPN",
2689 /* RFC 821 doesn't allow 4xy reply code */
2690 usrerr("550 5.7.1 Please try again later");
2693 wt = checksmtpattack(&n_verifies, MAXVRFYCOMMANDS,
2694 false, vrfy ? "VRFY" : "EXPN", e);
2696 previous = curtime();
2697 if ((vrfy && bitset(PRIV_NOVRFY, PrivacyFlags)) ||
2698 (!vrfy && !bitset(SRV_OFFER_EXPN, features)))
2701 message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)");
2703 message("502 5.7.0 Sorry, we do not allow this operation");
2705 sm_syslog(LOG_INFO, e->e_id,
2706 "%s: %s [rejected]",
2708 shortenstring(inp, MAXSHORTSTR));
2711 else if (!gothello &&
2712 bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO,
2715 usrerr("503 5.0.0 I demand that you introduce yourself first");
2721 sm_syslog(LOG_INFO, e->e_id, "%s: %s",
2723 shortenstring(inp, MAXSHORTSTR));
2729 e->e_flags |= EF_VRFYONLY;
2730 while (*p != '\0' && isascii(*p) && isspace(*p))
2734 usrerr("501 5.5.2 Argument required");
2738 /* do config file checking of the address */
2739 if (rscheck(vrfy ? "check_vrfy" : "check_expn",
2740 p, NULL, e, RSF_RMCOMM,
2741 3, NULL, NOQID) != EX_OK ||
2743 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2744 (void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
2750 t = wt - (curtime() - previous);
2755 sm_exc_raisenew_x(&EtypeQuickAbort, 1);
2756 if (vrfyqueue == NULL)
2758 usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN");
2760 while (vrfyqueue != NULL)
2762 if (!QS_IS_UNDELIVERED(vrfyqueue->q_state))
2764 vrfyqueue = vrfyqueue->q_next;
2768 /* see if there is more in the vrfy list */
2770 while ((a = a->q_next) != NULL &&
2771 (!QS_IS_UNDELIVERED(a->q_state)))
2773 printvrfyaddr(vrfyqueue, a == NULL, vrfy);
2777 SM_EXCEPT(exc, "[!F]*")
2780 ** An exception occurred while processing VRFY/EXPN
2789 case CMDETRN: /* etrn -- force queue flush */
2792 /* Don't leak queue information via debug flags */
2793 if (!bitset(SRV_OFFER_ETRN, features) || UseMSP ||
2794 (RealUid != 0 && RealUid != TrustedUid &&
2797 /* different message for MSA ? */
2798 message("502 5.7.0 Sorry, we do not allow this operation");
2800 sm_syslog(LOG_INFO, e->e_id,
2801 "%s: %s [rejected]",
2803 shortenstring(inp, MAXSHORTSTR));
2809 sm_syslog(LOG_INFO, e->e_id,
2810 "SMTP ETRN command (%.100s) from %s tempfailed (due to previous checks)",
2812 usrerr(MSG_TEMPFAIL);
2818 usrerr("500 5.5.2 Parameter required");
2822 /* crude way to avoid denial-of-service attacks */
2823 STOP_IF_ATTACK(checksmtpattack(&n_etrn, MAXETRNCOMMANDS,
2827 ** Do config file checking of the parameter.
2828 ** Even though we have srv_features now, we still
2829 ** need this ruleset because the former is called
2830 ** when the connection has been established, while
2831 ** this ruleset is called when the command is
2832 ** actually issued and therefore has all information
2833 ** available to make a decision.
2836 if (rscheck("check_etrn", p, NULL, e,
2837 RSF_RMCOMM, 3, NULL, NOQID) != EX_OK ||
2842 sm_syslog(LOG_INFO, e->e_id,
2843 "%s: ETRN %s", CurSmtpClient,
2844 shortenstring(p, MAXSHORTSTR));
2852 qgrp = name2qid(id);
2853 if (!ISVALIDQGRP(qgrp))
2855 usrerr("459 4.5.4 Queue %s unknown",
2859 for (i = 0; i < NumQueue && Queue[i] != NULL;
2861 Queue[i]->qg_nextrun = (time_t) -1;
2862 Queue[qgrp]->qg_nextrun = 0;
2863 ok = run_work_group(Queue[qgrp]->qg_wgrp,
2864 RWG_FORK|RWG_FORCE);
2865 if (ok && Errors == 0)
2866 message("250 2.0.0 Queuing for queue group %s started", id);
2875 new = (QUEUE_CHAR *) sm_malloc(sizeof(QUEUE_CHAR));
2878 syserr("500 5.5.0 ETRN out of memory");
2881 new->queue_match = id;
2882 new->queue_negate = false;
2883 new->queue_next = NULL;
2884 QueueLimitRecipient = new;
2885 ok = runqueue(true, false, false, true);
2886 sm_free(QueueLimitRecipient); /* XXX */
2887 QueueLimitRecipient = NULL;
2888 if (ok && Errors == 0)
2889 message("250 2.0.0 Queuing for node %s started", p);
2892 case CMDHELP: /* help -- give user info */
2897 case CMDNOOP: /* noop -- do nothing */
2899 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
2901 message("250 2.0.0 OK");
2904 case CMDQUIT: /* quit -- leave mail */
2905 message("221 2.0.0 %s closing connection", MyHostName);
2907 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
2908 #endif /* PIPELINING */
2910 if (smtp.sm_nrcpts > 0)
2911 logundelrcpts(e, "aborted by sender", 9, false);
2913 /* arrange to ignore any current send list */
2914 e->e_sendqueue = NULL;
2917 /* shutdown TLS connection */
2920 (void) endtls(srv_ssl, "server");
2923 #endif /* STARTTLS */
2925 if (authenticating == SASL_IS_AUTH)
2927 sasl_dispose(&conn);
2928 authenticating = SASL_NOT_AUTH;
2929 /* XXX sasl_done(); this is a child */
2934 /* avoid future 050 messages */
2938 /* close out milter filters */
2942 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
2944 e->e_flags &= ~EF_LOGSENDER;
2946 if (lognullconnection && LogLevel > 5 &&
2951 d = macvalue(macid("{daemon_name}"), e);
2956 ** even though this id is "bogus", it makes
2957 ** it simpler to "grep" related events, e.g.,
2958 ** timeouts for the same connection.
2961 sm_syslog(LOG_INFO, e->e_id,
2962 "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s",
2967 /* return to handle next connection */
2970 finis(true, true, ExitStat);
2973 /* just to avoid bogus warning from some compilers */
2976 case CMDVERB: /* set verbose mode */
2978 if (!bitset(SRV_OFFER_EXPN, features) ||
2979 !bitset(SRV_OFFER_VERB, features))
2981 /* this would give out the same info */
2982 message("502 5.7.0 Verbose unavailable");
2985 STOP_IF_ATTACK(checksmtpattack(&n_noop, MaxNOOPCommands,
2988 set_delivery_mode(SM_DELIVER, e);
2989 message("250 2.0.0 Verbose mode");
2993 case CMDDBGQSHOW: /* show queues */
2994 (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
2996 printaddr(smioout, e->e_sendqueue, true);
2999 case CMDDBGDEBUG: /* set debug mode */
3000 tTsetup(tTdvect, sizeof tTdvect, "0-99.1");
3002 message("200 2.0.0 Debug set");
3005 #else /* SMTPDEBUG */
3006 case CMDDBGQSHOW: /* show queues */
3007 case CMDDBGDEBUG: /* set debug mode */
3008 #endif /* SMTPDEBUG */
3009 case CMDLOGBOGUS: /* bogus command */
3010 DELAY_CONN("Bogus");
3012 sm_syslog(LOG_CRIT, e->e_id,
3013 "\"%s\" command from %s (%.100s)",
3014 c->cmd_name, CurSmtpClient,
3015 anynet_ntoa(&RealHostAddr));
3018 case CMDERROR: /* unknown command */
3019 #if MAXBADCOMMANDS > 0
3020 if (++n_badcmds > MAXBADCOMMANDS)
3023 message("421 4.7.0 %s Too many bad commands; closing connection",
3026 /* arrange to ignore any current send list */
3027 e->e_sendqueue = NULL;
3030 #endif /* MAXBADCOMMANDS > 0 */
3032 #if MILTER && SMFI_VERSION > 2
3033 if (smtp.sm_milterlist && smtp.sm_milterize &&
3034 !bitset(EF_DISCARD, e->e_flags))
3039 if (MilterLogLevel > 9)
3040 sm_syslog(LOG_INFO, e->e_id,
3041 "Sending \"%s\" to Milter", inp);
3042 response = milter_unknown(inp, e, &state);
3043 MILTER_REPLY("unknown");
3044 if (state == SMFIR_REPLYCODE ||
3045 state == SMFIR_REJECT ||
3046 state == SMFIR_TEMPFAIL ||
3047 state == SMFIR_SHUTDOWN)
3049 /* MILTER_REPLY already gave an error */
3053 #endif /* MILTER && SMFI_VERSION > 2 */
3055 usrerr("500 5.5.1 Command unrecognized: \"%s\"",
3056 shortenstring(inp, MAXSHORTSTR));
3060 DELAY_CONN("Unimpl");
3061 usrerr("502 5.5.1 Command not implemented: \"%s\"",
3062 shortenstring(inp, MAXSHORTSTR));
3066 DELAY_CONN("default");
3068 syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code);
3075 SM_EXCEPT(exc, "[!F]*")
3078 ** The only possible exception is "E:mta.quickabort".
3079 ** There is nothing to do except fall through and loop.
3086 ** SMTP_DATA -- implement the SMTP DATA command.
3089 ** smtp -- status of SMTP connection.
3093 ** true iff SMTP session can continue.
3096 ** possibly sends message.
3116 SmtpPhase = "server DATA";
3117 if (!smtp->sm_gotmail)
3119 usrerr("503 5.0.0 Need MAIL command");
3122 else if (smtp->sm_nrcpts <= 0)
3124 usrerr("503 5.0.0 Need RCPT (recipient)");
3127 (void) sm_snprintf(buf, sizeof buf, "%u", smtp->sm_nrcpts);
3128 if (rscheck("check_data", buf, NULL, e,
3129 RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL,
3133 #if MILTER && SMFI_VERSION > 3
3134 if (smtp->sm_milterlist && smtp->sm_milterize &&
3135 !bitset(EF_DISCARD, e->e_flags))
3139 int savelogusrerrs = LogUsrErrs;
3141 response = milter_data_cmd(e, &state);
3144 case SMFIR_REPLYCODE:
3145 if (MilterLogLevel > 3)
3147 sm_syslog(LOG_INFO, e->e_id,
3148 "Milter: cmd=data, reject=%s",
3153 if (strncmp(response, "421 ", 4) == 0
3154 || strncmp(response, "421-", 4) == 0)
3156 e->e_sendqueue = NULL;
3162 if (MilterLogLevel > 3)
3164 sm_syslog(LOG_INFO, e->e_id,
3165 "Milter: cmd=data, reject=550 5.7.1 Command rejected");
3168 usrerr("550 5.7.1 Command rejected");
3172 if (MilterLogLevel > 3)
3173 sm_syslog(LOG_INFO, e->e_id,
3174 "Milter: cmd=data, discard");
3175 e->e_flags |= EF_DISCARD;
3178 case SMFIR_TEMPFAIL:
3179 if (MilterLogLevel > 3)
3181 sm_syslog(LOG_INFO, e->e_id,
3182 "Milter: cmd=data, reject=%s",
3186 usrerr(MSG_TEMPFAIL);
3189 case SMFIR_SHUTDOWN:
3190 if (MilterLogLevel > 3)
3192 sm_syslog(LOG_INFO, e->e_id,
3193 "Milter: cmd=data, reject=421 4.7.0 %s closing connection",
3197 usrerr("421 4.7.0 %s closing connection", MyHostName);
3198 e->e_sendqueue = NULL;
3201 LogUsrErrs = savelogusrerrs;
3202 if (response != NULL)
3203 sm_free(response); /* XXX */
3205 #endif /* MILTER && SMFI_VERSION > 3 */
3207 /* put back discard bit */
3208 if (smtp->sm_discard)
3209 e->e_flags |= EF_DISCARD;
3211 /* check to see if we need to re-expand aliases */
3212 /* also reset QS_BADADDR on already-diagnosted addrs */
3213 doublequeue = false;
3214 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3216 if (QS_IS_VERIFIED(a->q_state) &&
3217 !bitset(EF_DISCARD, e->e_flags))
3219 /* need to re-expand aliases */
3222 if (QS_IS_BADADDR(a->q_state))
3224 /* make this "go away" */
3225 a->q_state = QS_DONTSEND;
3229 /* collect the text of the message */
3230 SmtpPhase = "collect";
3233 collect(InChannel, true, NULL, e, true);
3235 /* redefine message size */
3236 (void) sm_snprintf(buf, sizeof buf, "%ld", e->e_msgsize);
3237 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3240 /* rscheck() will set Errors or EF_DISCARD if it trips */
3241 (void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT,
3243 #endif /* _FFR_CHECK_EOM */
3246 milteraccept = true;
3247 if (smtp->sm_milterlist && smtp->sm_milterize &&
3249 !bitset(EF_DISCARD, e->e_flags))
3254 response = milter_data(e, &state);
3257 case SMFIR_REPLYCODE:
3258 if (MilterLogLevel > 3)
3259 sm_syslog(LOG_INFO, e->e_id,
3260 "Milter: data, reject=%s",
3262 milteraccept = false;
3267 milteraccept = false;
3268 if (MilterLogLevel > 3)
3269 sm_syslog(LOG_INFO, e->e_id,
3270 "Milter: data, reject=554 5.7.1 Command rejected");
3271 usrerr("554 5.7.1 Command rejected");
3275 if (MilterLogLevel > 3)
3276 sm_syslog(LOG_INFO, e->e_id,
3277 "Milter: data, discard");
3278 milteraccept = false;
3279 e->e_flags |= EF_DISCARD;
3282 case SMFIR_TEMPFAIL:
3283 if (MilterLogLevel > 3)
3284 sm_syslog(LOG_INFO, e->e_id,
3285 "Milter: data, reject=%s",
3287 milteraccept = false;
3288 usrerr(MSG_TEMPFAIL);
3291 case SMFIR_SHUTDOWN:
3292 if (MilterLogLevel > 3)
3293 sm_syslog(LOG_INFO, e->e_id,
3294 "Milter: data, reject=421 4.7.0 %s closing connection",
3296 milteraccept = false;
3297 usrerr("421 4.7.0 %s closing connection", MyHostName);
3301 if (response != NULL)
3305 /* Milter may have changed message size */
3306 (void) sm_snprintf(buf, sizeof buf, "%ld", e->e_msgsize);
3307 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), buf);
3309 /* abort message filters that didn't get the body & log msg is OK */
3310 if (smtp->sm_milterlist && smtp->sm_milterize)
3313 if (milteraccept && MilterLogLevel > 9)
3314 sm_syslog(LOG_INFO, e->e_id, "Milter accept: message");
3318 ** If SuperSafe is SAFE_REALLY_POSTMILTER, and we don't have milter or
3319 ** milter accepted message, sync it now
3321 ** XXX This is almost a copy of the code in collect(): put it into
3322 ** a function that is called from both places?
3325 if (milteraccept && SuperSafe == SAFE_REALLY_POSTMILTER)
3328 SM_FILE_T *volatile df;
3332 dfname = queuename(e, DATAFL_LETTER);
3333 if (sm_io_setinfo(df, SM_BF_COMMIT, NULL) < 0
3339 if (save_errno == EEXIST)
3344 if (stat(dfname, &st) < 0)
3347 syserr("@collect: bfcommit(%s): already on disk, size=%ld",
3348 dfname, (long) st.st_size);
3349 dfd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL);
3351 dumpfd(dfd, true, true);
3354 dferror(df, "bfcommit", e);
3356 finis(save_errno != EEXIST, true, ExitStat);
3358 else if ((afd = sm_io_getinfo(df, SM_IO_WHAT_FD, NULL)) < 0)
3360 dferror(df, "sm_io_getinfo", e);
3362 finis(true, true, ExitStat);
3365 else if (fsync(afd) < 0)
3367 dferror(df, "fsync", e);
3369 finis(true, true, ExitStat);
3372 else if (sm_io_close(df, SM_TIME_DEFAULT) < 0)
3374 dferror(df, "sm_io_close", e);
3376 finis(true, true, ExitStat);
3380 /* Now reopen the df file */
3381 e->e_dfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, dfname,
3382 SM_IO_RDONLY, NULL);
3383 if (e->e_dfp == NULL)
3385 /* we haven't acked receipt yet, so just chuck this */
3386 syserr("@Cannot reopen %s", dfname);
3387 finis(true, true, ExitStat);
3393 /* Check if quarantining stats should be updated */
3394 if (e->e_quarmsg != NULL)
3395 markstats(e, NULL, STATS_QUARANTINE);
3398 ** If a header/body check (header checks or milter)
3399 ** set EF_DISCARD, don't queueup the message --
3400 ** that would lose the EF_DISCARD bit and deliver
3404 if (bitset(EF_DISCARD, e->e_flags))
3405 doublequeue = false;
3407 aborting = Errors > 0;
3408 if (!(aborting || bitset(EF_DISCARD, e->e_flags)) &&
3409 (QueueMode == QM_QUARANTINE || e->e_quarmsg == NULL) &&
3410 !split_by_recipient(e))
3411 aborting = bitset(EF_FATALERRS, e->e_flags);
3415 /* Log who the mail would have gone to */
3416 logundelrcpts(e, e->e_message, 8, false);
3422 /* from now on, we have to operate silently */
3427 ** Clear message, it may contain an error from the SMTP dialogue.
3428 ** This error must not show up in the queue.
3429 ** Some error message should show up, e.g., alias database
3430 ** not available, but others shouldn't, e.g., from check_rcpt.
3433 e->e_message = NULL;
3437 ** Arrange to send to everyone.
3438 ** If sending to multiple people, mail back
3439 ** errors rather than reporting directly.
3440 ** In any case, don't mail back errors for
3441 ** anything that has happened up to
3442 ** now (the other end will do this).
3443 ** Truncate our transcript -- the mail has gotten
3444 ** to us successfully, and if we have
3445 ** to mail this back, it will be easier
3447 ** Then send to everyone.
3448 ** Finally give a reply code. If an error has
3449 ** already been given, don't mail a
3451 ** We goose error returns by clearing error bit.
3454 SmtpPhase = "delivery";
3455 (void) sm_io_setinfo(e->e_xfp, SM_BF_TRUNCATE, NULL);
3459 _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
3460 _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
3461 #endif /* NAMED_BIND */
3463 for (ee = e; ee != NULL; ee = ee->e_sibling)
3465 /* make sure we actually do delivery */
3466 ee->e_flags &= ~EF_CLRQUEUE;
3468 /* from now on, operate silently */
3469 ee->e_errormode = EM_MAIL;
3473 /* make sure it is in the queue */
3474 queueup(ee, false, true);
3480 /* send to all recipients */
3483 if (SM_DM_ONE == e->e_sendmode)
3485 if (NotFirstDelivery)
3488 e->e_sendmode = SM_QUEUE;
3493 NotFirstDelivery = true;
3496 #endif /* _FFR_DM_ONE */
3502 /* put back id for SMTP logging in putoutmsg() */
3503 oldid = CurEnv->e_id;
3506 /* issue success message */
3508 if (MessageAccept != NULL && *MessageAccept != '\0')
3512 expand(MessageAccept, msg, sizeof msg, e);
3513 message("250 2.0.0 %s", msg);
3516 #endif /* _FFR_MSG_ACCEPT */
3517 message("250 2.0.0 %s Message accepted for delivery", id);
3518 CurEnv->e_id = oldid;
3520 /* if we just queued, poke it */
3523 bool anything_to_send = false;
3526 for (ee = e; ee != NULL; ee = ee->e_sibling)
3528 if (WILL_BE_QUEUED(ee->e_sendmode))
3530 if (shouldqueue(ee->e_msgpriority, ee->e_ctime))
3532 ee->e_sendmode = SM_QUEUE;
3535 else if (QueueMode != QM_QUARANTINE &&
3536 ee->e_quarmsg != NULL)
3538 ee->e_sendmode = SM_QUEUE;
3541 anything_to_send = true;
3543 /* close all the queue files */
3545 if (ee->e_dfp != NULL)
3547 (void) sm_io_close(ee->e_dfp, SM_TIME_DEFAULT);
3552 if (anything_to_send)
3556 ** XXX if we don't do this, we get 250 twice
3557 ** because it is also flushed in the child.
3560 (void) sm_io_flush(OutChannel, SM_TIME_DEFAULT);
3561 #endif /* PIPELINING */
3562 (void) doworklist(e, true, true);
3567 if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags))
3569 e->e_flags &= ~EF_LOGSENDER;
3571 /* clean up a bit */
3572 smtp->sm_gotmail = false;
3575 ** Call dropenvelope if and only if the envelope is *not*
3576 ** being processed by the child process forked by doworklist().
3579 if (aborting || bitset(EF_DISCARD, e->e_flags))
3580 dropenvelope(e, true, false);
3583 for (ee = e; ee != NULL; ee = ee->e_sibling)
3586 QueueMode != QM_QUARANTINE &&
3587 ee->e_quarmsg != NULL)
3589 dropenvelope(ee, true, false);
3592 if (WILL_BE_QUEUED(ee->e_sendmode))
3593 dropenvelope(ee, true, false);
3596 sm_rpool_free(e->e_rpool);
3599 ** At this point, e == &MainEnvelope, but if we did splitting,
3600 ** then CurEnv may point to an envelope structure that was just
3601 ** freed with the rpool. So reset CurEnv *before* calling
3606 newenvelope(e, e, sm_rpool_new_x(NULL));
3607 e->e_flags = BlankEnvelope.e_flags;
3609 /* restore connection quarantining */
3610 if (smtp->sm_quarmsg == NULL)
3612 e->e_quarmsg = NULL;
3613 macdefine(&e->e_macro, A_PERM, macid("{quarantine}"), "");
3617 e->e_quarmsg = sm_rpool_strdup_x(e->e_rpool, smtp->sm_quarmsg);
3618 macdefine(&e->e_macro, A_PERM,
3619 macid("{quarantine}"), e->e_quarmsg);
3624 ** LOGUNDELRCPTS -- log undelivered (or all) recipients.
3628 ** msg -- message for Stat=
3629 ** level -- log level.
3630 ** all -- log all recipients.
3636 ** logs undelivered (or all) recipients
3640 logundelrcpts(e, msg, level, all)
3648 if (LogLevel <= level || msg == NULL || *msg == '\0')
3651 /* Clear $h so relay= doesn't get mislogged by logdelivery() */
3652 macdefine(&e->e_macro, A_PERM, 'h', NULL);
3654 /* Log who the mail would have gone to */
3655 for (a = e->e_sendqueue; a != NULL; a = a->q_next)
3657 if (!QS_IS_UNDELIVERED(a->q_state) && !all)
3659 e->e_to = a->q_paddr;
3660 logdelivery(NULL, NULL, a->q_status, msg, NULL,
3666 ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition
3669 ** pcounter -- pointer to a counter for this command.
3670 ** maxcount -- maximum value for this counter before we
3672 ** waitnow -- sleep now (in this routine)?
3673 ** cname -- command name for logging.
3674 ** e -- the current envelope.
3678 ** STOP_ATTACK if twice as many commands as allowed and
3682 ** Slows down if we seem to be under attack.
3686 checksmtpattack(pcounter, maxcount, waitnow, cname, e)
3687 volatile unsigned int *pcounter;
3688 unsigned int maxcount;
3693 if (maxcount <= 0) /* no limit */
3696 if (++(*pcounter) >= maxcount)
3701 if (*pcounter == maxcount && LogLevel > 5)
3703 sm_syslog(LOG_INFO, e->e_id,
3704 "%s: possible SMTP attack: command=%.40s, count=%u",
3705 CurSmtpClient, cname, *pcounter);
3707 shift = *pcounter - maxcount;
3709 if (shift > MAXSHIFT || s >= MAXTIMEOUT || s <= 0)
3712 #define IS_ATTACK(s) ((MaxChildren > 0 && *pcounter >= maxcount * 2) \
3713 ? STOP_ATTACK : (time_t) s)
3715 /* sleep at least 1 second before returning */
3716 (void) sleep(*pcounter / maxcount);
3717 s -= *pcounter / maxcount;
3718 if (s >= MAXTIMEOUT || s < 0)
3720 if (waitnow && s > 0)
3723 return IS_ATTACK(0);
3725 return IS_ATTACK(s);
3730 ** SETUP_SMTPD_IO -- setup I/O fd correctly for the SMTP server
3739 ** may change I/O fd.
3745 int inchfd, outchfd, outfd;
3747 inchfd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
3748 outchfd = sm_io_getinfo(OutChannel, SM_IO_WHAT_FD, NULL);
3749 outfd = sm_io_getinfo(smioout, SM_IO_WHAT_FD, NULL);
3750 if (outchfd != outfd)
3752 /* arrange for debugging output to go to remote host */
3753 (void) dup2(outchfd, outfd);
3757 ** if InChannel and OutChannel are stdin/stdout
3758 ** and connected to ttys
3759 ** and fcntl(STDIN, F_SETFL, O_NONBLOCKING) also changes STDOUT,
3760 ** then "chain" them together.
3763 if (inchfd == STDIN_FILENO && outchfd == STDOUT_FILENO &&
3764 isatty(inchfd) && isatty(outchfd))
3766 int inmode, outmode;
3768 inmode = fcntl(inchfd, F_GETFL, 0);
3772 sm_syslog(LOG_INFO, NOQID,
3773 "fcntl(inchfd, F_GETFL) failed: %s",
3774 sm_errstring(errno));
3777 outmode = fcntl(outchfd, F_GETFL, 0);
3781 sm_syslog(LOG_INFO, NOQID,
3782 "fcntl(outchfd, F_GETFL) failed: %s",
3783 sm_errstring(errno));
3786 if (bitset(O_NONBLOCK, inmode) ||
3787 bitset(O_NONBLOCK, outmode) ||
3788 fcntl(inchfd, F_SETFL, inmode | O_NONBLOCK) == -1)
3790 outmode = fcntl(outchfd, F_GETFL, 0);
3791 if (outmode != -1 && bitset(O_NONBLOCK, outmode))
3793 /* changing InChannel also changes OutChannel */
3794 sm_io_automode(OutChannel, InChannel);
3795 if (tTd(97, 4) && LogLevel > 9)
3796 sm_syslog(LOG_INFO, NOQID,
3797 "set automode for I (%d)/O (%d) in SMTP server",
3801 /* undo change of inchfd */
3802 (void) fcntl(inchfd, F_SETFL, inmode);
3806 ** SKIPWORD -- skip a fixed word.
3809 ** p -- place to start looking.
3810 ** w -- word to skip.
3817 ** clobbers the p data area.
3822 register char *volatile p;
3828 /* find beginning of word */
3832 /* find end of word */
3833 while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p)))
3835 while (isascii(*p) && isspace(*p))
3840 usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"",
3841 shortenstring(firstp, MAXSHORTSTR));
3850 /* see if the input word matches desired word */
3851 if (sm_strcasecmp(q, w))
3858 ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
3861 ** kp -- the parameter key.
3862 ** vp -- the value of that parameter.
3863 ** e -- the envelope.
3864 ** features -- current server features
3871 mail_esmtp_args(kp, vp, e, features)
3875 unsigned int features;
3877 if (sm_strcasecmp(kp, "size") == 0)
3881 usrerr("501 5.5.2 SIZE requires a value");
3884 macdefine(&e->e_macro, A_TEMP, macid("{msg_size}"), vp);
3886 e->e_msgsize = strtol(vp, (char **) NULL, 10);
3887 if (e->e_msgsize == LONG_MAX && errno == ERANGE)
3889 usrerr("552 5.2.3 Message size exceeds maximum value");
3892 if (e->e_msgsize < 0)
3894 usrerr("552 5.2.3 Message size invalid");
3898 else if (sm_strcasecmp(kp, "body") == 0)
3902 usrerr("501 5.5.2 BODY requires a value");
3905 else if (sm_strcasecmp(vp, "8bitmime") == 0)
3907 SevenBitInput = false;
3909 else if (sm_strcasecmp(vp, "7bit") == 0)
3911 SevenBitInput = true;
3915 usrerr("501 5.5.4 Unknown BODY type %s", vp);
3918 e->e_bodytype = sm_rpool_strdup_x(e->e_rpool, vp);
3920 else if (sm_strcasecmp(kp, "envid") == 0)
3922 if (!bitset(SRV_OFFER_DSN, features))
3924 usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
3929 usrerr("501 5.5.2 ENVID requires a value");
3934 usrerr("501 5.5.4 Syntax error in ENVID parameter value");
3937 if (e->e_envid != NULL)
3939 usrerr("501 5.5.0 Duplicate ENVID parameter");
3942 e->e_envid = sm_rpool_strdup_x(e->e_rpool, vp);
3943 macdefine(&e->e_macro, A_PERM,
3944 macid("{dsn_envid}"), e->e_envid);
3946 else if (sm_strcasecmp(kp, "ret") == 0)
3948 if (!bitset(SRV_OFFER_DSN, features))
3950 usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
3955 usrerr("501 5.5.2 RET requires a value");
3958 if (bitset(EF_RET_PARAM, e->e_flags))
3960 usrerr("501 5.5.0 Duplicate RET parameter");
3963 e->e_flags |= EF_RET_PARAM;
3964 if (sm_strcasecmp(vp, "hdrs") == 0)
3965 e->e_flags |= EF_NO_BODY_RETN;
3966 else if (sm_strcasecmp(vp, "full") != 0)
3968 usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp);
3971 macdefine(&e->e_macro, A_TEMP, macid("{dsn_ret}"), vp);
3974 else if (sm_strcasecmp(kp, "auth") == 0)
3978 char *auth_param; /* the value of the AUTH=x */
3979 bool saveQuickAbort = QuickAbort;
3980 bool saveSuprErrs = SuprErrs;
3981 bool saveExitStat = ExitStat;
3985 usrerr("501 5.5.2 AUTH= requires a value");
3988 if (e->e_auth_param != NULL)
3990 usrerr("501 5.5.0 Duplicate AUTH parameter");
3993 if ((q = strchr(vp, ' ')) != NULL)
3996 len = strlen(vp) + 1;
3997 auth_param = xalloc(len);
3998 (void) sm_strlcpy(auth_param, vp, len);
3999 if (!xtextok(auth_param))
4001 usrerr("501 5.5.4 Syntax error in AUTH parameter value");
4002 /* just a warning? */
4006 /* XXX define this always or only if trusted? */
4007 macdefine(&e->e_macro, A_TEMP, macid("{auth_author}"),
4011 ** call Strust_auth to find out whether
4012 ** auth_param is acceptable (trusted)
4013 ** we shouldn't trust it if not authenticated
4014 ** (required by RFC, leave it to ruleset?)
4019 if (strcmp(auth_param, "<>") != 0 &&
4020 (rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM,
4021 9, NULL, NOQID) != EX_OK || Errors > 0))
4025 q = e->e_auth_param;
4026 sm_dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n",
4027 auth_param, (q == NULL) ? "" : q);
4031 e->e_auth_param = "<>";
4032 # if _FFR_AUTH_PASSING
4033 macdefine(&BlankEnvelope.e_macro, A_PERM,
4034 macid("{auth_author}"), NULL);
4035 # endif /* _FFR_AUTH_PASSING */
4040 sm_dprintf("auth=\"%.100s\" trusted\n", auth_param);
4041 e->e_auth_param = sm_rpool_strdup_x(e->e_rpool,
4044 sm_free(auth_param); /* XXX */
4048 QuickAbort = saveQuickAbort;
4049 SuprErrs = saveSuprErrs;
4050 ExitStat = saveExitStat;
4053 #define PRTCHAR(c) ((isascii(c) && isprint(c)) ? (c) : '?')
4056 ** "by" is only accepted if DeliverByMin >= 0.
4057 ** We maybe could add this to the list of server_features.
4060 else if (sm_strcasecmp(kp, "by") == 0 && DeliverByMin >= 0)
4066 usrerr("501 5.5.2 BY= requires a value");
4070 e->e_deliver_by = strtol(vp, &s, 10);
4071 if (e->e_deliver_by == LONG_MIN ||
4072 e->e_deliver_by == LONG_MAX ||
4073 e->e_deliver_by > 999999999l ||
4074 e->e_deliver_by < -999999999l)
4076 usrerr("501 5.5.2 BY=%s out of range", vp);
4079 if (s == NULL || *s != ';')
4081 usrerr("501 5.5.2 BY= missing ';'");
4085 ++s; /* XXX: spaces allowed? */
4087 switch (tolower(*s))
4090 e->e_dlvr_flag = DLVR_NOTIFY;
4093 e->e_dlvr_flag = DLVR_RETURN;
4094 if (e->e_deliver_by <= 0)
4096 usrerr("501 5.5.4 mode R requires BY time > 0");
4099 if (DeliverByMin > 0 && e->e_deliver_by > 0 &&
4100 e->e_deliver_by < DeliverByMin)
4102 usrerr("555 5.5.2 time %ld less than %ld",
4103 e->e_deliver_by, (long) DeliverByMin);
4108 usrerr("501 5.5.2 illegal by-mode '%c'", PRTCHAR(*s));
4111 ++s; /* XXX: spaces allowed? */
4113 switch (tolower(*s))
4116 e->e_dlvr_flag |= DLVR_TRACE;
4121 usrerr("501 5.5.2 illegal by-trace '%c'", PRTCHAR(*s));
4125 /* XXX: check whether more characters follow? */
4129 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4134 ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line
4137 ** a -- the address corresponding to the To: parameter.
4138 ** kp -- the parameter key.
4139 ** vp -- the value of that parameter.
4140 ** e -- the envelope.
4141 ** features -- current server features
4148 rcpt_esmtp_args(a, kp, vp, e, features)
4153 unsigned int features;
4155 if (sm_strcasecmp(kp, "notify") == 0)
4159 if (!bitset(SRV_OFFER_DSN, features))
4161 usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
4166 usrerr("501 5.5.2 NOTIFY requires a value");
4169 a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY);
4170 a->q_flags |= QHASNOTIFY;
4171 macdefine(&e->e_macro, A_TEMP, macid("{dsn_notify}"), vp);
4173 if (sm_strcasecmp(vp, "never") == 0)
4175 for (p = vp; p != NULL; vp = p)
4179 s = p = strchr(p, ',');
4182 if (sm_strcasecmp(vp, "success") == 0)
4183 a->q_flags |= QPINGONSUCCESS;
4184 else if (sm_strcasecmp(vp, "failure") == 0)
4185 a->q_flags |= QPINGONFAILURE;
4186 else if (sm_strcasecmp(vp, "delay") == 0)
4187 a->q_flags |= QPINGONDELAY;
4190 usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY",
4198 else if (sm_strcasecmp(kp, "orcpt") == 0)
4200 if (!bitset(SRV_OFFER_DSN, features))
4202 usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
4207 usrerr("501 5.5.2 ORCPT requires a value");
4210 if (strchr(vp, ';') == NULL || !xtextok(vp))
4212 usrerr("501 5.5.4 Syntax error in ORCPT parameter value");
4215 if (a->q_orcpt != NULL)
4217 usrerr("501 5.5.0 Duplicate ORCPT parameter");
4220 a->q_orcpt = sm_rpool_strdup_x(e->e_rpool, vp);
4224 usrerr("555 5.5.4 %s parameter unrecognized", kp);
4229 ** PRINTVRFYADDR -- print an entry in the verify queue
4232 ** a -- the address to print.
4233 ** last -- set if this is the last one.
4234 ** vrfy -- set if this is a VRFY command.
4240 ** Prints the appropriate 250 codes.
4242 #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */
4245 printvrfyaddr(a, last, vrfy)
4246 register ADDRESS *a;
4252 if (vrfy && a->q_mailer != NULL &&
4253 !bitnset(M_VRFY250, a->q_mailer->m_flags))
4254 (void) sm_strlcpy(fmtbuf, "252", sizeof fmtbuf);
4256 (void) sm_strlcpy(fmtbuf, "250", sizeof fmtbuf);
4257 fmtbuf[3] = last ? ' ' : '-';
4258 (void) sm_strlcpy(&fmtbuf[4], "2.1.5 ", sizeof fmtbuf - 4);
4259 if (a->q_fullname == NULL)
4261 if ((a->q_mailer == NULL ||
4262 a->q_mailer->m_addrtype == NULL ||
4263 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4264 strchr(a->q_user, '@') == NULL)
4265 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s@%s>",
4266 sizeof fmtbuf - OFFF);
4268 (void) sm_strlcpy(&fmtbuf[OFFF], "<%s>",
4269 sizeof fmtbuf - OFFF);
4270 message(fmtbuf, a->q_user, MyHostName);
4274 if ((a->q_mailer == NULL ||
4275 a->q_mailer->m_addrtype == NULL ||
4276 sm_strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) &&
4277 strchr(a->q_user, '@') == NULL)
4278 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s@%s>",
4279 sizeof fmtbuf - OFFF);
4281 (void) sm_strlcpy(&fmtbuf[OFFF], "%s <%s>",
4282 sizeof fmtbuf - OFFF);
4283 message(fmtbuf, a->q_fullname, a->q_user, MyHostName);
4289 ** SASLMECHS -- get list of possible AUTH mechanisms
4292 ** conn -- SASL connection info.
4293 ** mechlist -- output parameter for list of mechanisms.
4300 saslmechs(conn, mechlist)
4304 int len, num, result;
4306 /* "user" is currently unused */
4308 result = sasl_listmech(conn, NULL,
4309 "", " ", "", (const char **) mechlist,
4310 (unsigned int *)&len, &num);
4311 # else /* SASL >= 20000 */
4312 result = sasl_listmech(conn, "user", /* XXX */
4313 "", " ", "", mechlist,
4314 (unsigned int *)&len, (unsigned int *)&num);
4315 # endif /* SASL >= 20000 */
4316 if (result != SASL_OK)
4319 sm_syslog(LOG_WARNING, NOQID,
4320 "AUTH error: listmech=%d, num=%d",
4327 sm_syslog(LOG_INFO, NOQID,
4328 "AUTH: available mech=%s, allowed mech=%s",
4329 *mechlist, AuthMechanisms);
4330 *mechlist = intersect(AuthMechanisms, *mechlist, NULL);
4334 *mechlist = NULL; /* be paranoid... */
4335 if (result == SASL_OK && LogLevel > 9)
4336 sm_syslog(LOG_WARNING, NOQID,
4337 "AUTH warning: no mechanisms");
4344 ** PROXY_POLICY -- define proxy policy for AUTH
4348 ** context -- unused.
4349 ** requested_user -- authorization identity.
4350 ** rlen -- authorization identity length.
4351 ** auth_identity -- authentication identity.
4352 ** alen -- authentication identity length.
4353 ** def_realm -- default user realm.
4354 ** urlen -- user realm length.
4355 ** propctx -- unused.
4361 ** sets {auth_authen} macro.
4365 proxy_policy(conn, context, requested_user, rlen, auth_identity, alen,
4366 def_realm, urlen, propctx)
4369 const char *requested_user;
4371 const char *auth_identity;
4373 const char *def_realm;
4375 struct propctx *propctx;
4377 if (auth_identity == NULL)
4380 macdefine(&BlankEnvelope.e_macro, A_TEMP,
4381 macid("{auth_authen}"), (char *) auth_identity);
4385 # else /* SASL >= 20000 */
4388 ** PROXY_POLICY -- define proxy policy for AUTH
4391 ** context -- unused.
4392 ** auth_identity -- authentication identity.
4393 ** requested_user -- authorization identity.
4394 ** user -- allowed user (output).
4395 ** errstr -- possible error string (output).
4402 proxy_policy(context, auth_identity, requested_user, user, errstr)
4404 const char *auth_identity;
4405 const char *requested_user;
4407 const char **errstr;
4409 if (user == NULL || auth_identity == NULL)
4411 *user = newstr(auth_identity);
4414 # endif /* SASL >= 20000 */
4419 ** INITSRVTLS -- initialize server side TLS
4422 ** tls_ok -- should tls initialization be done?
4428 ** sets tls_ok_srv which is a static variable in this module.
4429 ** Do NOT remove assignments to it!
4439 /* do NOT remove assignment */
4440 tls_ok_srv = inittls(&srv_ctx, TLS_Srv_Opts, true, SrvCertFile,
4441 SrvKeyFile, CACertPath, CACertFile, DHParams);
4444 #endif /* STARTTLS */
4446 ** SRVFEATURES -- get features for SMTP server
4449 ** e -- envelope (should be session context).
4450 ** clientname -- name of client.
4451 ** features -- default features for this invocation.
4457 /* table with options: it uses just one character, how about strings? */
4461 unsigned int srvf_flag;
4462 } srv_feat_table[] =
4464 { 'A', SRV_OFFER_AUTH },
4465 { 'B', SRV_OFFER_VERB },
4466 { 'C', SRV_REQ_SEC },
4467 { 'D', SRV_OFFER_DSN },
4468 { 'E', SRV_OFFER_ETRN },
4469 { 'L', SRV_REQ_AUTH },
4472 { 'N', SRV_NO_PIPE },
4473 # endif /* _FFR_NO_PIPE */
4474 { 'P', SRV_OFFER_PIPE },
4475 #endif /* PIPELINING */
4476 { 'R', SRV_VRFY_CLT }, /* same as V; not documented */
4477 { 'S', SRV_OFFER_TLS },
4478 /* { 'T', SRV_TMP_FAIL }, */
4479 { 'V', SRV_VRFY_CLT },
4480 { 'X', SRV_OFFER_EXPN },
4481 /* { 'Y', SRV_OFFER_VRFY }, */
4486 srvfeatures(e, clientname, features)
4489 unsigned int features;
4493 char pvpbuf[PSBUFSIZE];
4496 r = rscap("srv_features", clientname, "", e, &pvp, pvpbuf,
4500 if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
4502 if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
4503 return SRV_TMP_FAIL;
4506 ** General rule (see sendmail.h, d_flags):
4507 ** lower case: required/offered, upper case: Not required/available
4509 ** Since we can change some features per daemon, we have both
4510 ** cases here: turn on/off a feature.
4513 for (i = 1; pvp[i] != NULL; i++)
4519 if ((opt = srv_feat_table[j].srvf_opt) == '\0')
4522 sm_syslog(LOG_WARNING, e->e_id,
4523 "srvfeatures: unknown feature %s",
4529 features &= ~(srv_feat_table[j].srvf_flag);
4532 if (c == tolower(opt))
4534 features |= srv_feat_table[j].srvf_flag;
4544 ** HELP -- implement the HELP command.
4547 ** topic -- the topic we want help for.
4554 ** outputs the help file to message output.
4556 #define HELPVSTR "#vers "
4557 #define HELPVERSION 2
4564 register SM_FILE_T *hf;
4569 long sff = SFF_OPENASROOT|SFF_REGONLY;
4572 static int foundvers = -1;
4573 extern char Version[];
4575 if (DontLockReadFiles)
4577 if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail))
4578 sff |= SFF_SAFEDIRPATH;
4580 if (HelpFile == NULL ||
4581 (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL)
4585 message("502 5.3.0 Sendmail %s -- HELP not implemented",
4590 if (topic == NULL || *topic == '\0')
4601 len = strlen(topic);
4603 while (sm_io_fgets(hf, SM_TIME_DEFAULT, buf, sizeof buf) != NULL)
4607 if (foundvers < 0 &&
4608 strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0)
4612 if (sm_io_sscanf(buf + strlen(HELPVSTR), "%d",
4618 if (strncmp(buf, topic, len) == 0)
4624 /* print version if no/old vers# in file */
4625 if (foundvers < 2 && !noinfo)
4626 message("214-2.0.0 This is Sendmail version %s", Version);
4628 p = strpbrk(buf, " \t");
4630 p = buf + strlen(buf) - 1;
4636 translate_dollars(p);
4637 expand(p, inp, sizeof inp, e);
4640 message("214-2.0.0 %s", p);
4646 message("504 5.3.0 HELP topic \"%.10s\" unknown", topic);
4648 message("214 2.0.0 End of HELP info");
4650 if (foundvers != 0 && foundvers < HELPVERSION)
4653 sm_syslog(LOG_WARNING, e->e_id,
4654 "%s too old (require version %d)",
4655 HelpFile, HELPVERSION);
4657 /* avoid log next time */
4661 (void) sm_io_close(hf, SM_TIME_DEFAULT);
4666 ** RESET_SASLCONN -- reset SASL connection data
4669 ** conn -- SASL connection context
4670 ** hostname -- host name
4671 ** various connection data
4678 reset_saslconn(sasl_conn_t **conn, char *hostname,
4680 char *remoteip, char *localip,
4681 char *auth_id, sasl_ssf_t * ext_ssf)
4682 # else /* SASL >= 20000 */
4683 struct sockaddr_in *saddr_r, struct sockaddr_in *saddr_l,
4684 sasl_external_properties_t * ext_ssf)
4685 # endif /* SASL >= 20000 */
4691 result = sasl_server_new("smtp", hostname, NULL, NULL, NULL,
4694 /* use empty realm: only works in SASL > 1.5.5 */
4695 result = sasl_server_new("smtp", hostname, "", NULL, 0, conn);
4696 # else /* SASL >= 20000 */
4697 /* use no realm -> realm is set to hostname by SASL lib */
4698 result = sasl_server_new("smtp", hostname, NULL, NULL, 0,
4700 # endif /* SASL >= 20000 */
4701 if (result != SASL_OK)
4705 # if NETINET || NETINET6
4706 if (remoteip != NULL && *remoteip != '\0')
4707 result = sasl_setprop(*conn, SASL_IPREMOTEPORT, remoteip);
4708 if (result != SASL_OK)
4711 if (localip != NULL && *localip != '\0')
4712 result = sasl_setprop(*conn, SASL_IPLOCALPORT, localip);
4713 if (result != SASL_OK)
4715 # endif /* NETINET || NETINET6 */
4717 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4718 if (result != SASL_OK)
4721 result = sasl_setprop(*conn, SASL_AUTH_EXTERNAL, auth_id);
4722 if (result != SASL_OK)
4724 # else /* SASL >= 20000 */
4726 if (saddr_r != NULL)
4727 result = sasl_setprop(*conn, SASL_IP_REMOTE, saddr_r);
4728 if (result != SASL_OK)
4731 if (saddr_l != NULL)
4732 result = sasl_setprop(*conn, SASL_IP_LOCAL, saddr_l);
4733 if (result != SASL_OK)
4735 # endif /* NETINET */
4737 result = sasl_setprop(*conn, SASL_SSF_EXTERNAL, ext_ssf);
4738 if (result != SASL_OK)
4740 # endif /* SASL >= 20000 */