Index: stable/4/contrib/sendmail/FREEBSD-upgrade =================================================================== --- stable/4/contrib/sendmail/FREEBSD-upgrade (revision 71887) +++ stable/4/contrib/sendmail/FREEBSD-upgrade (revision 71888) @@ -1,49 +1,64 @@ $FreeBSD$ -sendmail 8.11.1 +sendmail 8.11.2 originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/ For the import of sendmail, the following files were removed: + Build + cf/cf/Build cf/cf/generic-bsd4.4.cf cf/cf/generic-hpux10.cf cf/cf/generic-hpux9.cf cf/cf/generic-linux.cf + cf/cf/generic-nextstep3.3.cf cf/cf/generic-osf1.cf cf/cf/generic-solaris2.cf cf/cf/generic-sunos4.1.cf cf/cf/generic-ultrix4.cf devtools/* doc/op/op.ps + libmilter/Build + libsmdb/Build + libsmutil/Build + mail.local/Build mail.local/mail.local.0 + mailstats/Build mailstats/mailstats.0 + makemap/Build makemap/makemap.0 + praliases/Build praliases/praliases.0 + rmail/Build rmail/rmail.0 + sendmail/Build sendmail/aliases.0 sendmail/mailq.0 + sendmail/makesendmail sendmail/newaliases.0 sendmail/sendmail.0 sendmail/sysexits.h + smrsh/Build smrsh/smrsh.0 + vacation/Build vacation/vacation.0 The following directories were renamed: sendmail -> src Imported using: - cvs import -m 'Import sendmail 8.11.1' \ - src/contrib/sendmail SENDMAIL v8_11_1 + cvs import -m 'Import sendmail 8.11.2' \ + src/contrib/sendmail SENDMAIL v8_11_2 To make local changes to sendmail, simply patch and commit to the main branch (aka HEAD). Never make local changes on the vendor (SENDMAIL) branch. All local changes should be submitted to the Sendmail Consortium for inclusion in the next vendor release. gshapiro@FreeBSD.org -30-September-2000 +21-January-2001 Index: stable/4/contrib/sendmail/INSTALL =================================================================== --- stable/4/contrib/sendmail/INSTALL (revision 71887) +++ stable/4/contrib/sendmail/INSTALL (revision 71888) @@ -1,33 +1,38 @@ Installing sendmail Note: as of sendmail 8.9, a new build architecture is in place that allows you to use the "Build" shell script in any of the program directories. On many environments this will do everything for you, no fuss, no muss. 1. Read all the README files noted in the INTRODUCTION section of the README file in this top-level directory. 2. Create any necessary site configuration build files, as noted in devtools/Site/README. 3. In the sendmail/ directory, run "sh Build" (see sendmail/README for details). 4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc file best matches your environment to config.mc, where config can be any name. Next, tailor it as explained in cf/README. Then run "sh Build config.cf". 5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose location varies from operating system to operating system, but is usually in /usr/sbin or /usr/lib). 6. Install config.cf as /etc/mail/sendmail.cf and install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh Build install". 7. For each of the associated sendmail utilities (makemap, mailstats, etc.), read the README in the utility's directory. When you are ready to install it, back up your installed version and type "sh Build install". -$Revision: 8.3.16.1 $, Last updated $Date: 2000/05/09 20:20:44 $ +8. If you are upgrading from an older version of sendmail and are using any + database maps, be sure to rebuild them with the new version of makemap, + in case you are now using a different (and thereby incompatible) version + of Berkeley DB. + +$Revision: 8.3.16.2 $, Last updated $Date: 2000/12/30 06:24:03 $ Index: stable/4/contrib/sendmail/PGPKEYS =================================================================== --- stable/4/contrib/sendmail/PGPKEYS (revision 71887) +++ stable/4/contrib/sendmail/PGPKEYS (revision 71888) @@ -1,392 +1,535 @@ This file contains the PGP keys used to sign the various versions of sendmail. You can add them to your PGP keyring using: PGP 2.X: pgp -ka PGPKEYS PGP 5.X: pgpk -a PGPKEYS Other versions of PGP may require you to separate each key into a separate file and add them one at a time. Type Bits KeyID Created Expires Algorithm Use pub 1024 0x16F4CCE9 1999-06-23 ---------- RSA Sign & Encrypt f16 Fingerprint16 = 18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D uid Sendmail Security -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 5.0 for non-commercial use mQCNAzdxaGsAAAEEALq7JPrdyXCm3DdJEKR9miP8/B9vrferOBoNimPFceDEqCpm 0RiJtnGhUJwt/HZZhiGDWPYTIa7VajfxiEzJ7LZH+/uXgQFVN27fPwoNKCI+7sr3 FnRs3Xapojn3d3LZSHagTh+VTuG5LxbP/m//sj2Rw1MMPw1b7sApykAW9MzpAAUR tDJTZW5kbWFpbCBTZWN1cml0eSA8c2VuZG1haWwtc2VjdXJpdHlAc2VuZG1haWwu b3JnPokAlQMFEDdxaGvAKcpAFvTM6QEB1bsD/jj+vTodXqoJphCrBLwFmwymopZp /HHu8o8FURlL6jQ6ihCruCw6PxNMzSdgmnOgyXxyRZIVO1pUyWf/RnS/r09tPLlq nZxdAPquhB2pkawvFp+Y///lb92SgfbS3/dtSDDAJ8FO+CDUKS5dKuZ6vSDU6ezH BDYjhd6pPYVd5hz3iQCVAwUQN3Fv9XxLZ22gDhVjAQH4BQQAuCNG977A4v0xjQi8 AJsJmlS5mKMqn/Lw+sl1h4yQwF2vzNDdxhNWjZVziK3lUIUPh86u8m5CSdN2BB1Y 1RawLvyfpl4b9KtyXxF4fh2BYmygJ4iG+WxhpaT5RS0eFvsSefO7/w13bx5U0Z7A YfHMt7+CKHm7bAx3l17g3I9aCMCJAJUDBRA3cXDdzx61AyIyegEBAeZmA/4zCJxF aathJ0soRJOcyRDzHKbAqlShF+Mx0tzcwbE3hAZrIqJ3TRK2MbrsBNnkFHPuPF0e eKr7TQsXOa+ig57wlHsCOc/fd9jLITjSYKxrQuZz3CrNefPKvv6v6Ctc6TT4GwhC zHglLC9Bfy9zgbv2wHswRvQBmRlCaERH3HLb1okAlQMFEDd41z8j5GLUv3ukIQEB 9WcD/iFFF2kfSTyD+IfcLl4WCaYSeD/q/fAplpOOZWnC9PB1x3YrMHn/H8zd3S5B 05D8+MR/QL8n8/5P+pyHa4VNRbeX8g8E34ocZf48y6FeqGi8qmcTBJDgqUTO5yMu t+b57G2pAIzasGcoZDqC3aJnFKwPjGRxnUFJaxlogrbUYCNOiQCVAwUQN3jwKW9S k9ijm6ZVAQEtugP/ewRrMCdhCbWsSUOrYn1a/pfN2KiJbhs0YyOyWbU6RvJiSFY1 0BNAxYTbymHDOn2UhUhCrUpqatmgCuxmUsoH2Y4AAFC/94/oltwDUfnw6muqqn2K 7AelRBbJ5wUs65pHu8kfzVB5wJh8eDacKFkK0lqgtRQCE0suhqCSFUfvtzuJAJUD BRA3fTCCXx7Ib4gMnlUBAWddA/oD0RKLIkLspmJC3ccmkncviMSv0rME4vY0NIfm IC0zsYITlU/E6H/CqVmU4Hmr5hmr5GUNNtrVZ0oLH1PUjobmZcTITJZbQSS2nY02 N6JZT5BSAwQBfUfSMwURISRQBUOfi1kLqYk3f6UTee37/+Ig2kb388T6ClcXCv82 FrZuwIkAPwMFEDd9MMTU3njYeCkb2BEC7QAAn2sVWl+Q9a+4a34v827M0O6HpMrL AJ9bLmUFO/+pyIRb3brK/v1RtERawIkAlQMFEDd9O7oA8tkJ67sbQQEBipcD/2rE vofXLeEeujkhI13qbDL5dEqPHY19eboF29xBCY1kR9Xqbu6G4Q8pgIHUDg/TRK+w RdBUjQlDspQEhrM3XEtZ+QJalfk2IoV1Z9uuQM8voYPINnpPe7Q/seibHirMdp4f J/xLPs3d5gApNtarxwdFOBY3YkHkkoqza1BxmB2YiQA/AwUQN32KFYMCoaE+3wLq EQK1IwCfR+jVCbESixyB0XR6zDsGf8n4GPoAoM3OjreUcSFSl/4kgaV8DbPNLTVn iQCVAwUQN32XGgD83u1ILnWNAQGa+AP+KUsOgU8tvJwSiulcU/pXS2gS1N6W54B5 C3JKioPdgH6lKNO1cOoV6c1ZoG7SFlvsHm2DjRherLEwRhBWkmHlyjLpKW6mYXZ/ MGLrf74UeTG4bKb0R4As8mLG0z2vqlPNtfyt+8SUoQ2JT0MFRc2FGQChxizenGZS B7T1MccjIM+JAHUDBRA3fa3dcslC2OpaI3kBAQhhAv9BkSO1zWkxiWc7uLQjO9lf +YhF9f/SX7/6Od6hKo/YRubK8fcozKXlJ64CJ+iGSMrRIZGXKBIyXyRx5Qed14jK fGCYzqGv1IpMHIWJPLxJl5Xyi9jIna8yTc6FRWm8aYCJAD8DBRA3gbAczsKIjL9q TKERAhdDAJwKqcVkm9TBCmutXxwVTcffjINlBgCgrMqc6UOHlUtZps33xWZLgZh4 awiJAJUDBRA3g9C+TCpm+b/C9j0BAaJMBACskZxjnZbvDgm0qdvESy5+jcluxTh5 fUeHDpnkfOP0AUAe8Ykwt8syWOQZ+3Midez8JqTAu+uvNbUckuR5XL8nMYpN06og jg1TCgjLito6IptqYUZgWFvGDCdDgC+m8vw7pUbqh59mDTe0X5Q/x9Cu5JxfhxnX TNBQ+pI8lLAmsYkAlQMFEDeD0Jt3HZKuiXLHwQEBMZoD/2FaLFJ03tEAfNQhLmSg unWVakXz8udE+pY7IWi6LJGu5iwtIDJ/r0nCrJ6/aqzu9JLpGhfTnhPPCXlz4Nfh riRz12cv2Rlg+gI3Y0Fiju5eo5TWnu+qB36vQsv73xpfQ7oCmoVY2ZntQVBaf8dy FrAdFBf1y33xWo58zRsg2u2h =g1qL -----END PGP PUBLIC KEY BLOCK----- Type Bits KeyID Created Expires Algorithm Use +pub 1024 0xCC374F2D 2000-12-14 ---------- RSA Sign & Encrypt +f16 Fingerprint16 = 59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1 +uid Sendmail Signing Key/2001 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGPfreeware 5.0i for non-commercial use + +mQCNAzo5SykAAAEEANNKa1jxgODYsmC5w2FJj14JFX3MnF9yt+NblOrqXvjzs8fp +l4qWCoEOsN6tueeNRAytrGTUFe5M+fJ/ddx9yRKuzjv6WxSeYsWHzXxMD2M6WWyn +eCK43LhCAd1uuNoYrTdJFnADOrz7YiMu/N8+8IvBhM5ozEH7pzgi20fMN08tAAUR +tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAxIDxzZW5kbWFpbEBTZW5kbWFpbC5P +Ukc+iQCVAwUQOjlLKTgi20fMN08tAQF1YgP7BmBeA8wCY8sNlENCgMbYcgkqrmtO +aDzCRwALiIDEC63i317iiopRq8wH8ZQcJewvmQDQKWgdZnpJbpAONLR8gzk0t995 +0wKHRgtGtzR8x8RtSXZ9yiC4AjxkLXogaOYtJk+ZXayX1VFCJ0lMoxRsNtTfXyHK +RN0lMnJwaRPE3FqJAJUDBRA6OU38nBy94uNcVjUBARTzA/9rapch15EjSgZIywSY +e53l0EfoqsUqKzCSoRGZqv+hJzpRVQ+R+D037pSV07OItK2q0nYGLZqH5ApLgXAG +/SPlEYPnUzCooijIr/RsLU954lp1HDNuqUZfUs1ukk/f7wHmshsP3LS6zyvqnHR+ +va9fzU3wo5ZRv1ItWIL3b68+uIkAlQMFEDo5TglvUpPYo5umVQEBbqAD/Aj63aIn +4f6W57E7APvhkP0FhWcrCp9sGu0+EdUP2lnn7KEn02D1hwx4mDLcJcFxikfXXVvh ++Cfpr54oP0CWNpcpXVssS5CZoYoC8e8W0YoVkvYnxmHFDjnGRzwKDT88FdZYnbiS +JWxlUkcOs45bOdOTE7pIeBwe9MJK/zCwrbmYiQCVAwUQOjlOGO9YlmTUMuGdAQGy +YwP/fVIA/Y7SH+MxlALWNHOVOiPF6KdrZxOoB/Ya1G8uNCS5PttePZm/ZSoyVLSX +QsJG1Xe/3YPXDobuPdRuC+Kpzli6upCHG0jbsH7/m/EPyATxPP6GvpU/eVK1a3el +8aLl7J0m6NSEh349AbFAzCRhrRl9N/jIPt7rys61ELIMp/GJAJUDBRA6OU4wfEtn +baAOFWMBAYELBACtu0kG7v4QYs2lJXIpdw7Bwl2/WNyH8mFhrqNgbAE9+Fsh4HAP +nCBHf3qbjH4/Q3j4QNkDLor2HYIhnW8Hz21At//5/eEm/uJj2vsOjfKFYpGtwf/L +VHQCQDbNFrxi8pLtwQARNL8M0ONT1rxNg5xyv0/3IWeo9GblkV3hdKO1sYkAlQMF +EDo5TlnAKcpAFvTM6QEB9s4D/23DDLInFj4NoaO0MI+ZLWo1M8SXd/sWC32IYY+P +dqABtONUNvVnaz2wSZxb2tKXcuju4DtsMrZFttcEQ6W4zaaGpcg6Hq6UqHGL0UAE +2tkcJePvkIhJ/FokoEQnoAlj8IdxjK56gCT4Z7OOSmQEcNTcjmH5Z1AZUnTkIImT +hFRuiQCVAwUQOjlOqNbgof5PvirdAQGzAQP7BtqC0bhCybf+P4ESP7XwSYVuSZvM +LLrpkA017MQgf5BCHfh6x/r7NxGH4OOTnZwcKQJHJ0NzAxtmWCe3YjxLHMUlfRcK +MIBQF5UhPTOkCo2XFDNIuQ/Tayj1D3Go1JHSRqfxe8et2U1SZi74JMMo+B7o+utX +dUNzbv5QbD7yydGJAJUDBRA6OWaRmAfmW9hLWSEBAegOBACgsFNvkidMRX08xGEN +oX3elJj5Ib/zYYvR7Ui/b27haw9KtuUNct0aRtb+MAb9sXb+0hphDR2W//AxSDgG +Qh6ZiEO9c0xw74XX7MrSpwcgom4jJLxGN0fEx1YGmMF1LGmmlE8UWC+FJdVVnW8v +m98v3zEmRaHvDnklGvFsgItw3okAlQMFEDo5anTObntw7cbX6wEBKGUD/0aIxmvb +kwPlV27sCl6QGy+C3hIJTtz0go6wRh+X0wrP0G5c5OBlg12GqOYP/WlGEs7Qy8GU +exXFZxF5kBtFgUiHLq5XxWsAv4DVyrtu3wtpFu9P+smKuMQWvUah5x2R5AdsyH2/ +/nn2tMcHqwsgwK/l2cd7ObtfZXoYyH4ZU+3SiQCVAwUQOjrpa88etQMiMnoBAQHp +JgP9ENhWpB1jv9xrUDy6XCIEdx8hoSVFT/+PaiPhyRwEY1+sW6L68NeTPWnDAcuF +y95sZlBl6xKIykf5sG0Cb8/Y8HMIIjuiet3nYTd4ehKE6/byOwwVNwe4zu65+kGz +YT0NF8CaZ2zBFV9wM8JnM+BHshxu1X+4u57oTbenXCNBOmGJAEYEEBECAAYFAjo6 +70YACgkQAm4U2qPreYrl9QCfRFB0hJDrDCWjuVTFXdEg7/R7uKYAn2Aqn2DJ5eai +Q5JHhAnY4uS8iOiciQCVAwUQOjt6hV8eyG+IDJ5VAQEMlAQAiMUmNGEmYcX74SLE +LD46olA0CxMlOBARFCFd7SOG3vY8IKshHNr8D9fYhz6MulGOfJl0XXrcWWDW8KwS +LPsJMIAB3NSe2h/ZEqnOp4A4E+AlNZJyGrmPwhBoNs4jsXSzlZTeOxh3GTJrCiMY +qe9v9NJkntmjrubyUe0HZrM5tkmJAJUDBRA6Ovq+4dT8FObQdHEBAfO9A/9dP1q1 +bpbYRT23pqJLPWjXDKqld5dwaJy6SDyqi3kD+jtzWsmA6rRTWuA5Ykq/Ugj1CENl +s/bgptFd38uMDh6F4WHpOGMcXx7OKqTzwlm87MBnuZ/rjqJDf+HwJWcwqebh9ADE +k2acJjQBPOsOOmPatbnOSKGh8JbK/Xng7ZGHBYkAPwMFEDo7lA/OwoiMv2pMoREC +uxoAoPrizznbyWF1kFGSzWOjPWdIkdMmAJ9xXra4pgV1uAKrRYE1zIOCp6TDcokA +dQMFEDo7lwes4VzBBNt7HQEBivUC/iRk6/XsetmOW2RPqEIvOvleZSyNtmgkeMva ++Q57Js1jDNA6DZTperfbl6Mwt0eVnZxH59l7apSWwl7ZGsum5AjZr0cuWyX+gMg3 +wBLI6dG1a0+y4tCnBKfPHDSTqqMKGYkARgQQEQIABgUCOjuApgAKCRDbzEgBadC1 +viYIAJ90YPSCIMcIhcyzzdqwVSlpIMSp+wCdFZH4YnjW1eFfzfym5tSbxiRVWCaJ +AJUDBRA6POfsAPLZCeu7G0EBAUUoBACQdVkXeAia2QuOD0J0OH5lSILg3xTam1Vp +JXpj70m/kmlzAR71BIgCFTeTsg1IhY/08cLBqEwksv7nLt+1FSxHCNt8o+SLkA24 +iMIBb7JeOHxkP8QZdiBbLSEvEE+4Dak9LaxqlLvw+u+fxCmw9er610OTr5zUq5cb +POpMdl91r4kAlQMFEDo9NvgGfl7Yv7VlaQEBdJ0EALPhVgdb1IkNKgd5QCM1rHz1 +SqXVH40tOrMuSx6g1eW5Sv1Eg+xwYsCx9jICzVFntXZic11oWUqEVV6icvKZ207z +aWTVQneBGEBZXa1q+8WxaxPTfBgxhuxF7iKVBQ2JOzjPo8K43wHfZVP90iwFVJHm +jJ6uIUj4EdMVJ1WwHbfG +=XS0J +-----END PGP PUBLIC KEY BLOCK----- + +Type Bits KeyID Created Expires Algorithm Use +pub 1024 0xE35C5635 1999-12-13 ---------- RSA Sign & Encrypt +f16 Fingerprint16 = 81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D +uid Sendmail Signing Key/2000 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGPfreeware 5.0i for non-commercial use + +mQCNAzhVRnYAAAEEALjBKz/mDHemTNA+hNjGcruAJm6Blc9ZIGHPthQWkFt0ca70 +w0U8TBbK/m03WdMvq+PaZAb8EG5uqXctZKwmWIIGB7nRBLLnj42er8XwUfAT8KNJ +PQ1p9x9zFWZc3byC8ekg8l+CK/hJLFhGTSGjx8nHv+LvPis/mpwcveLjXFY1AAUR +tDFTZW5kbWFpbCBTaWduaW5nIEtleS8yMDAwIDxzZW5kbWFpbEBTZW5kbWFpbC5P +Ukc+iQCVAwUQOFVGdpwcveLjXFY1AQG2vgP/QRG6TqsmJgixf27F2IFgoJLUU+7C +ZmD1qNT9yL/1JMbE8pnzxOk64w8D47ZiDwr9dp3EzH8EpmV/eIpxLNYV7/Y+W59J +8+EY2T9mzVmp0YGOMFYt8lLVw6NKqya19adQ80dDzkkmwRHfY514+9+DPbc6TvHR +jNzo0SuetBiWW+2JAJUDBRA4VUa8b1KT2KObplUBAbtYA/491EG5lsbr09oV0g/e +RSfxliLj+lCJdQiicwYeqHX5dZeB04yz3wUFovIff8dY01KcITXBL9TtDfarz5Pl +nelUg5cIlKn7kxCeUP0ggA/tz6Zlg3v/LkoIqsUqrodqscjLPt2JTWPJYWYaVjM9 +fqXiXRXlVcy2urx6uEucvkjYY4kAlQMFEDhVRs3vWJZk1DLhnQEBwoYD/1zxfMMP +pqj3HV3d9q1esyvZdPACiAH+1CJVmtcIV8TjO5qYulxz2TEtd/JLqdYsgUgf2N8T +/ClMtfEReSTmVNWIsINAA75P16uIkDYZ8Tmo4XYOf80voeOhWlAwpyLQGIN3GVX+ +gLmC/9Fw2wo0E3LsCrUfXREZQTSXMqIe3YPJiQCVAwUQOFVG8XxLZ22gDhVjAQEA +SwQAuIEC9CZfKcxAImFBvwqfJYrnKtWPorEV3QtqAN4WaCLFvI8jZJEPJJEf61N9 +aucpO/qj6x/iwu2k92E/T5FRVUiFKzXZb5bWm+qI5c+ynBZq34s+qvAq7Sx0gXxJ +qimu4ZekACORdeRsILzgRYwGHA45SRONvTY5t9xGoRrsQcuJAJUDBRA4VUm8zx61 +AyIyegEBAczRA/0UjYKC81NSK+a9XNl83ANI/o0TZfqpsjotHl+Gagb3NWQTFe/3 +AjkDovLk24fB7cPEwcj7Y4oX0g61pH3DAyPK+Zo1VbYTPSEU9ljVB042YLz12EMe +c+eD6k2yC//vVK8BJ6Iefh/gXg7Mb+Dis1YBMg9d+23p901DJi6OeZqJK4kAlQMF +EDhVTYtuAhsP7LmozwEBBGgEAIVaUCZ3hplEkX5yBBPOccaTV4uioK/8tzahAC9h +kN8slolrnvj9fQFMFEltDZSzIqn2855JCT8+ZoIdmGsJ6SyIfv2vlunMIsNfZiy1 +jE3jTJ3KEX98fg1h0SBGyzsaMHJd/NzdRiXbmqC/yQOj8eO/RRK3okAPdliVzNx1 +BjpaiQCVAwUQOFVRDAx2JIpOldm1AQFRvQP/RquJhO+TZJI2nZPUiGsjwHVe/WNT +SQM3nIVyO/mwCFqIPmzywqwn3OsC50S68Bif7PwMToFQKcgNUOwQtZNyp4aico2v +VLkxjbpAorqdNDkALdwFWziWIHZRZQ1BVEQDXj5sRoHpsQCmNjrYHh8mFYeVcMv/ +QMRebEt4BRQDXgaJAJUDBRA4VVFnXx7Ib4gMnlUBAXANA/9tmgZGCOUtMC2Xwa1W +iLhYPiq1aSKOuErkalryTUg98qEOQuRxGyunJOZ5cR6ynfJcZwV1N5CXlb7kv1el +M4iixtcBcytgauH/hgmBOt3oG5jhDoVTaFhFwCXaKOLQJueKeV4AslohDRY4oRhk +WIVt3oue1nGpNxzSNRIRE3Mgi4kAPwMFEDhVUa0EgEc5fjtIOhECFNwAoKOO0KUW +ehHMvIkketv0s9213ojkAKCpp6gMpNRbz90FH6zoM9nsXd3H2okAlQMFEDhVUy8S +pjY8FSuHJQEBsscD/3/P1dO/DohAsUx6e024AIoAqj+PFZXwhj1hkN6UoRRgD0Is +x81+oDSrukhBlMvhRcGMEAnUltHk6FBXgIXaOPc8dbFyTEd4Gwyo0HH1aFxiS3LO +cs74huxWaJGzWY8o5hHGItZ/sLRhrC5t3Rza87tMXRqBUNGmFeJbIkaJi4TdiQCV +AwUQOFVV1wDy2QnruxtBAQFKUgP/Su59Zw7pmtq9vqaxYT2JFP0PBlSRpM4dA6hZ +MfkZzXTLQtUM4xZ/CTdMeLdzB4hhuY1ZFXsA0FGxrmfp1YBYEQCvShFQBXafMtKU +goifwJjf2rOkcg/aW15ZscJilM1SXm+VFM0DR1LT3nSeFucwRhq9i29tQgTuWtvj +KRLDRDmJAJUDBRA4VV4TAPze7UgudY0BARa8BACvWUEN7KFh74rnGf+OVBM/4q0i +revTdp45qmMtoR7UA1rU9e+fucv3o9tW1RLjz60eMCXqCEsVfMhqiSokszCIENU/ +n0VJQv2/8bqUkilvJD4L6vyixCUt7KiISIJjvc5mSaeRRiuOPda6IhrBJArU+Dkv +qlCdM78H4XEgGPoAsokAlQMFEDhVZDctWQ7R0tKsjQEBWowD/RqAe7GBmSt3bio/ +wNKbxfTPNQYJW5scK2XkA+6iSlBmM9kVxVLd9/hYrovWWHAaVjt2mmA60K98xuX5 +r9oLtsAV2CWw2+zAMeCicKqSx+4Qn8Cl/lujj/KIdEHphr1gDai0HBczeCwsQKX1 +z8n1YWzztBrGuFfpWexFuchR/KnHiQCVAwUQOFVn+ncdkq6JcsfBAQGXnAQAkF57 +i8b59pIlxqJ98waDtmyFPebj+otP9HEGqUdin2EqZaF0D3wKpemJU5CPvQiE7+8Q +FllVn3DQT1FkbmSmFAu6o/T1AYxNlJUs6lts+3RBNB2pgW2Kg/jgDI8TadEt40nV +sWualuu3wwv4/1EuRArmChZZYw48uEs1Sd7JVrKJAD8DBRA4VWhegwKhoT7fAuoR +AlsxAJ4rOAUIdCCTGy7vLm0jrkIQBsgb3ACghD7HPZATPu9dEWN9u+iIesRQcq+J +AJUDBRA4VWsRmAfmW9hLWSEBAfO1A/0cQkcmiObBST7kMokcLaVoV4agrBUcSgt4 +sfEYjZD2Jwa/yTcD/Q5iPEBvsU82vuSxMgznQQzQ5a/iQ4zo3aC4pCJdYWLd7Hsf +Nb5YGZW8Qk2wwABIfaH8p047Akcfg6QyohSGCDi+XtKyYc0aV/qsyedSNrrIwut+ +O8BQFL2RTIkARgQQEQIABgUCOFV7rgAKCRBBmwi5FiBlLDWSAJ4nAq0EdKIqZ9bX +hmaMODm9mIDlDwCcDskeOGPiG8JQXPquafgc/PucTUqJAJUDBRA4VX174dT8FObQ +dHEBARU5A/9O/D/OGOqH/mn4kZT1qIEh/jBMvTvHov0NhBq1HlPplhe5iZcG8hM9 +N94zP1hZmsYJg4dn+DFw21LVEWQ8y0TbygA4YyxbLq4El40GXAN9/LvVuelY4Luc +CNoqJKUrRR2Pd+PLEvZEcIqeDu0+dVS0uuXptMPqHYD2UMoNbl7q14kBFQMFEDhV +YDaDyJl8YW+H3QEBuFMH+wRYTwfWgXJDQJ4v7T9zOvkdAVfZs0AgZUPSRKowwcV7 +rKUazJ9CwmdKUCVBpMPgePYy8x5Wc8tkScvAxlCV+wPhyn/V5cbDdL80QduMLVFW +BILNwAkviNFPpEdjxZvCpBxG9pQIp/8YI7fRaCkJR5Q5bp++/2VbWa7YHGiWjLVW +6T2z8dCxAplxC517qzQlo7i4pX34W7qNz0b89+RAgwWJXaFjXPQDv0sTwnRZBwrV +q/V9TA/LY7qmVspylvu0w64NdtiUqnTa5jS/9BZtFf3eyOezqSIEwRkQC6My/JQx +BKvXspdbJDnrJxD0D0B2eTWa3MQD7BK+WC1RRkTjvyqJAJUDBRA4Vt0jBn5e2L+1 +ZWkBAekjA/47X/leujEhaUEjj9hMyDY6/8HbgxwNyUd+Sx6i9FK+vhAGq8s07dTt +y9brozqixmHCGYPyvvVkcsVpeQlEWoXc750hbj5a/Et1m3C1J6vGn979f0do144Z +iiVpzTCh1LZHH5rALd5tuaNcD5MbOYQeP0vDVcJm2GQzm+IdjGtzPw== +=RnIu +-----END PGP PUBLIC KEY BLOCK----- + +Type Bits KeyID Created Expires Algorithm Use pub 1024 0xA39BA655 1999-01-04 ---------- RSA Sign & Encrypt f16 Fingerprint16 = 25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71 uid Sendmail Signing Key/1999 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3a mQCNAzaRMIoAAAEEAMWVJpGkwKWD6GFDUHtV6AUDzwSAXiWc6UinY7EpCLwFdYu9 Le06VwQt8H9Xtb/2jrXDV61Wu0IDJub6g7PZxWxU8WHVnMX4aBT5WOCBpwFRme3u idwCAbHuEJs12FQ3Tf+4CZ3R9uxlAovRaY6g3fJ7gtAc9HAjMW9Sk9ijm6ZVAAUR tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk5IDxzZW5kbWFpbEBTZW5kbWFpbC5P Ukc+iQCVAwUQNpEwi29Sk9ijm6ZVAQF3LQQAgpuD3UA69w5FjCAfY1iYBsaGJ31V 1IyFQbo5fAnVo8PMQzioqbsn2U1y1rRkf//gt8T5oVo6Q3e5oWQF/vcruEP2WUSZ 1BkV7zDWLsa6octYIEt4Rdr6gBxokzP0/Z7Ck0WOfSxEAGXbHZ6NpbcfNdIZAxhZ WPqcem3zEwoK/l2JAJUDBRA2kTK271iWZNQy4Z0BAQltA/9b1Xtp6Sqr8LtBAUax ziRYYmlIENgkYJGPrF5iB17d1M+aMyJ1IzdjKHaoa2+WpWYhzT7RalcxkrvXZEN7 hTC5XqsmkGXeg2oiwJPCVTUoJY0goJKiMXI/zYcLGAxTnYr3rUevr+vOQyXPx6Ld AUCXcsD8LFQWR9iQTgTOBVSOhYkAlQMFEDaRMloj5GLUv3ukIQEBjh4D/RbqKENF 51C6DrwE5IJrpIZ227mQwFzu3olcF3v0sOoHv9Iqw0iebEM8D9z2t6XiGNSgfmQy EUhQ2gTLfbkz9lSUjUaH+ziN10SXSd0x63n2xqrk9XaG8YCWJOcMe+N5Gh7UGniS UD9XQNBLoqnOL1FpScAC3F+KsH4kCKLQD1KJiQCVAwUQNpEwwXxLZ22gDhVjAQEC GAP8Cle48mxG5TcrAglAXs25YBLhHK21tnSWrd8j0PdID7+9AKongjZOKxyAnFkZ RNXDArmG+FVA0DAJatiFXikqpgyHAM/QKSCSjBEOru3Og+3qV/oFQjAVPfLQbFPb 6i1TIWzvYTp9L4TlzqUM3OF51Mx07W1S+qCciozA/0GqFGiJAJUDBRA2kTthAPLZ Ceu7G0EBARPzBACbuAlTHMobN3Lw3YvsOUgwWHFLqKXLNTu59ozZUL4da/E+Aszj MgE8343pV9Nwm/aHGXRNiAEOftrb+DdU1jcaFgwsrWnXK9NmnpAYbMkoOb8Om1Nx E/5u0dIxypXO8ziyQIfkElsOVzhPzct9wZKh4qt2uLGcVWXeFnf23VRb4IkAlAMF EDaRU60Gfl7Yv7VlaQEB46QD+IGxaViR7rQv6r1sAZJzxC6vMpMK5tgk/47gC6jm 8STb2DYvz/5KNYTkUDRB/85Uy8jY8jabkalWBNN6z/Cpod9ysSjSOKNBQ+6MMhXc qXWKakxZIa0rIVNEYaRTAbVU4J1aXRdh7BtC2nEqf3SQD3c9HDLA3p1W8g8ZyHwr QXqJAJUDBRA2kVJAXx7Ib4gMnlUBAX7IA/4mKF8EGahmbNXA8wcH4K2r6LzRLXsE f444U7hWQRW1fCxDJz4DOodUO3aENzzWjfxL8BtoosuDTJeKGXoa+5S9bCmtaksm 86G20UuDx/vt1Ol+hZFW8q+bSS2bsAKLvXZVDnURtDu6nzdNR6Lt61ahsUDo4nLw iiKUZeMdE2S+H4kAdQMFEDaRV+is4VzBBNt7HQEBLbMC/2wuZQqaLrLUm5raynph rllKT+mQQSTedTACKjnpT4LE65YYGGFDrIMS151lQ1OVvu0DpGzmQ5b9kFNGp0GZ giXndPbvmwPpOn4ONmCo/zZFWryNQKuqPn2EN4rPhngjRokAPwMFEDaRbhPU3njY eCkb2BECLnMAn3t8IsH2yr+vd+1IWstXMCUwzBZnAKCtq5l+00/EYeH8PXhrhIIS 9EquTokAdQMFEDaRvApyyULY6lojeQEBQa8DALEmw8SIvCjwo55yu9p26czt/ohn D1IdJPepf1H5X+QY99kUpsxb+Csnz5VSfNz7dSJxvhwsB0gJityk/YX8uOcEfvsK NsABSN/fcLCnzlwO0SNGDPJc4KHTFXHfVy4SgA== =f3oA -----END PGP PUBLIC KEY BLOCK----- Type Bits KeyID Created Expires Algorithm Use pub 1024 0xD432E19D 1998-03-14 ---------- RSA Sign & Encrypt f16 Fingerprint16 = F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26 uid Sendmail Signing Key/1998 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQCNAzUKkdIAAAEEAKvdxY+iy7eLqxP5StbpZuxYNPWLye98bXA8oKwrEm1vy7Xq LBg3uNXjlMtwcNW/r+oFu5A++2R+1qC7w/0867C+52D2zkfGRH3hn9Lh6YaA5uIP LPbMGB3Tepbtj/lAtOJb7JKdybF7fkxkEUmwhuA5kAo1rKKWNu9YlmTUMuGdAAUT tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk4IDxzZW5kbWFpbEBTZW5kbWFpbC5P Ukc+iQCVAwUQNQqUqXxLZ22gDhVjAQHaYQQAiFITCRAEKhLlgjcFlehTDmVMFb92 1jiclN6377xe+A2zEtq4p3R8IwwiVTGeBzs0Zmnrlo+fAdVFYBjIYCtwKVTwd72U v6kxX40CjNkx6q264hUjILOumQ2P85/Aqg7wmnK9vM85CkmhKwu7b1OHsY+EFAlo U9CWyVjwSQqzHnaJAJUDBRA1CpJ4I+Ri1L97pCEBAcRtA/0czuj3hK7YiVL3zZaV EUnqw30auexjm0D+LhPpsHN7OM3im3z4+/4Pv2O2CH7nZhAsgRN9N+qdf3fCVGHq Y/ULkdsxKNbPEjSEWI+dqUWj6EyMSewKvBo7Zvljii6tBsM48ohtkWTo4B1/SuJb FM5TgXu2PMTgWHsT2DFb82wb/YkAlQMFEDUKkmfBnB0lEtNGHQEBmCwEALZgc6V1 mvRL/dqtGwdt38Uuw430cdM1Nk0FlkQsGXVWY49A1yrLAcuPQi8wzx4GS0LhtIeo vmrQ91DBaKxvxkboqM4orYf7PB5exSS9RQlTN2ezaf6IT9hVJHtXoYxU51Iny7hp r5t8L7od0gue9SNsLWjW9PZH1eKz83/g5VJZiQCVAwUQNQqSVu9YlmTUMuGdAQEv nwP9GvBao9wPX0r1aplZgkUItDwWGBbF8qQLgX5rM8b8IAxvHboIp8fbCkzhVxI7 v0IdYc0u1hrY3YfCNNbELu09JEcvtsl3hhmXnalOxCEdjoMUiHSb5f04sTBNOhD6 IWQqixDizoVzW5XljHBvgxWJhBus/dPJ6hdZPahioVd0oLiJAJUDBRA1CqZRAPLZ Ceu7G0EBAYlJBACumnB7zeAOpuj0y9h0Cgh0DleNWnqpHzTus4lbt3vw/cMpKmXt nGxMb4HE9rp6CHuuy3NumH9JHa9lwgb0T6bc0Zbc+LX1j0tKMC4BIsfEbFiOMSXU P+meyMUGY67VysVEeTqCgG4FqK7yOhnJsxjwDxJTIlrMoYwSSmsF4/R8Y4kAlQMF EDULPLgGfl7Yv7VlaQEBWZ0EALAGPhQbVEPTp2Hfm76ZRWjYJ8iDn98znfsHRYhS A/yIXF17eDtSkYU/ANOPNT8g5fOCWKjfLTJX4Al78rbHeGeKS+eO21WQCh8AF7Bv vZZWJZ0CyNnO++hzyamsOG1Z5Lrt/WQQPK4Jv5ZyqK3f2nGDufHuyQuIXxsdd+BX oqp3iQEVAwUQNQwe/ReiaPz3pQGjAQFowAgAk2fARyp4iyRl89ZZHGY09HpRbwQS 4jeDIEkBPBpSCBXIELgR7UonSoTwHD0nGHuwgdil5Zjl3PAlQJdo47Sh+hLCMoN/ mg0aI0vSnOxnnVgIcAigzlEAe03R12frWp32SjXJE1GdeFQWlzkk/6BoujKybvI1 oRr8OeAb8WzwmUr0c4VITEdb/J5c85yriHIuWpqYWIq5gb7evdj6JTKXly3gFp9R bwwd2tjlHYu6O7dHuEsmm4n4iK3rEglILvWIoS4kVV80v6IUE3xgLAVf7tnF5iNc nXcA386xUBB17zNvJDiUrciX17TuZsIVvIQnB519NN/ZVr1KpHSbLgMyZokBFQMF EDUMH1shtWni44zO8QEBGOEH+gKn6blq8L2AJ7Q2Pcw26Do4J9xlRPFKrDgAgy6y U9x509y4BeAZ6yn9RV0iGwhgzbdd57QrUpgcYNKGXSC/tJZZj2h3CZ06m1zaGtJ0 ig0dN7MU9gqZZMLy9f1EZmCwXeZHXL8t8lUMv8KEoq8+vvghCRvDNUgyQpkwcIOh rSu9yJ+OeJ8SpucL0ebJE3MmP2JYmqBCBg3pbr8bWvzjZ2Ny40OiyRnuXFP/jC2f ll6oMi8rOpWhjTTuHyrWEG9AxI8xeI5WsEOrJHH6stlmXJM1NtlJQ0D3qCdLn81M vitLgTPb/xUepRkFdBhZESG5BPDwT5hm1w7m7yhVohcH8AOJAJUDBRA1C3M0THwE EmD/AfUBAbzlA/9nDPPyBD9T1ygEHBsS2ZztO7enSk9DaYmt2jsqQ413UnpbhybR zZiuHXpqgG1p5GkYjP2Cw1DtT/dHu2nrD6Mf9j/4QYaRi0sdWLMTKVFPDlT+j1G0 Ag7/yCMhPv2xr3JOLPppCFiYPkdqRfmKnCWdCtrXmBvu4EiLTj1IXtc1WIkAlQMF EDUMLbdfHshviAyeVQEBQOUD/0QsDaDnzgcQHbtvJvDM0x+JYuejbvQEXh6k/cDP dLIC8XLZMd0uuAWE12SL1pm6J0q6+csKELascFKyOWTRoNrkWC5m1ltgRuyfXq3z Ur9SfL0KlfWFLXRsmGRd5V37u5H9kRjeTRlyiOeAcAMzaLunI9dK8sWet4p03GLy GOHQiQCVAwUQNQrIVW2DN4pRurLtAQG7gQP6AxTbsJ3Az+bwEgymYYo7EWADJGoB e1r48/0YjocxddhcXJSGL5dRNqY8NURSyvw/dDtjH81mVIbRlZR0QS4D2Jp94Q5/ mrWyqBW6Ah1EFtihncY3o/g1sxEC0hIj0/CklQmNttxeIGt1rRVyKxHa0tYkDtNW w+y5xZQSkE0yin2JAJUDBRA1CrJtdMsnjUUcGpkBAQ11A/4rp8Oy2cVbkrHHIxxM 2dML/tqNOgOGaB5tEISgtpv9xy1sVuEEA5T6rQJefeC0K00M3Mb3Sy4uumSaX3Io yTQr3XD3FZ4Q0n0AWR0ppRBvepqINfn/yeNF7268SDIMstQjlD9GzyCobqrR+VLT pxF7wXqyHcLyfqQjRiM9ZNTzAokAlQMFEDUKyAd3HZKuiXLHwQEB0+cEAJ308jCg rgWPcSstZH8Q8AoQajdxYMqImoQaqxC8zWjX7BK57pEFLelI3uXqkeEyqIGH0Yqc SvHQSSe2vLe3DohfGraCL2VK+b3Dw9IOaff4+ZFlxLVsqNiq13Z6aqRuKJ5uNjhI 0q9PPBZ8xzOMGfa3cMmW18INJvrVyTu3ENXUiQCVAgUQNQqcZHfUAfkkYu7tAQFr tAQA45cSUfYgq3d0RGx3RLUL0H+Bku5xMH2YuRJfpEI/Oc0Z1l/G7AfoR0pTqo9p uCu21glCUWm4TvUEaGJjT7q2pmcoLO3LCavNVAZHNTPQvjJgu/Z8+290yR9Ln/f8 4F1/zcRe4Gakq2weDM+h3gH914vXW7FoGJePc1X+azQ7pYCJARUDBRA1DBz15mc5 PORZW/UBATL3B/0aknENUHmJ6+axITL1ZODUe/KqFmLRgvCl2g///FtMHlMCUyWy q+MkyiHyjbgh1eN6gsCHUSHiROQdXMRRSxZm4FVsjznisjybCqzd93lBQQyKJ6XX KWu9SjJq/b6yg83byTgHZRW6kwjmDal97kVyHtV1WZBGDJ+v9nCY2tSvqujtNQbJ LWrHp447BSIXBBpMkF/J+cbl7yZLiUN8I1SnLYYttmKOtfD33eL41oKT2LK+j8sI kCd4XbcGoMJ+DExDVhFeiwwXWzomvTP42Wv0b8DYI+xeuE+AyARxJ5AVbGUBl4sZ qVuNMDZWhc0GLpT10RUeJ5HJVAGIWB2fLIsE =ljft -----END PGP PUBLIC KEY BLOCK----- Type Bits KeyID Created Expires Algorithm Use pub 1024 0x12D3461D 1997-05-07 ---------- RSA Sign & Encrypt f16 Fingerprint16 = CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11 uid Sendmail Signing Key/1997 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQCNAzNwqnIAAAEEAL1KqbRgVm9kp9OHLkKGb1tbT8rwEIeeh8KKSKJyDFiV6lZG wbEa8OC5vokXvjsJtJvvhMfrG5OYc1Q1sLzPXXBYzenzXFrPaXDO8F9DE8B5VTuy yY7g3LVr0VZYfi+ZsNdOFGNLdwLz6a8GHBHdmAn6z+FKjMSbdMGcHSUS00YdAAUR tDFTZW5kbWFpbCBTaWduaW5nIEtleS8xOTk3IDxzZW5kbWFpbEBTZW5kbWFpbC5P Ukc+iQCVAwUQM3D1KcGcHSUS00YdAQGKTgP9E9r2jv1hB+q5yvJKyTWHiIS8oU5W eLzdoFlRJUw74M5WBh0/AkcTMfv0BpCDMxu4zskDJ7L+urFRIsf9op5w6YjdsM15 AvuCtWqgExRkdoac9WRCFNZ77WPQ4ul018k9EIpurIPaojLs5j2Q0+9vOXrtJmXj S72Ol9nQFU/hl46JAHUDBRAzcoIxrOFcwQTbex0BAXvAAv4yS5fkL38pJTUJrijI XhaHLV1Rq3XfTdQ2HuMG+rF9nxdBCz3a/YCWJSPvE11sINDTSni43BwbsXWqaxvs UKD2fqgXB88zueY7rOt8rqi+PRMZ95QUFTgUP0kAN2+U2SmJAJUDBRAzcYIwAPLZ Ceu7G0EBAdysBAClk5f+3LazjkjGZiEVRPBKyUYJDqx0j9phgVkqWRje9ot/ya4z N+Zm8e+MGyIk6BfMi1QluMJUqPGY1p/mvLPMkiKhwYXHG3kymto8CMSF415mLxIP /6P3SwCyRzJeEcBxKgXlwDwelj2joa1fWZH+rC1ZuZ5FCaiiyKvjSCqb5okAlQMF EDNx7IPhx4Y6UUEd4QEBrfED/0tP5eMU4G4CDEAyV6susGl8WUSJCkfGjK8Z22V1 vM4TLiVLSf7cec5tE6iau8IzumBgRV2kQWOz0+q1VBOStUOJQCGfwC81ou+74eTt ThL8m9oJ44Y0JrQpztW7iBqU0KYsAgf95BtArvTqKqG2kLTlBVbjwb6PBqkyzm3C 6ZbMiQCVAwUQM3Gq0iluPWNaXACpAQFikwQAxYQKEPFIzF/5SyMiktsuNNLMYolh UsNEUpU63+Yxhr9ofK7dMZFwaTHaEnCZ/zhjRRA6R+BjBOmnkD/W7fG/i94naJRV rMejqJhfZhHYqbMN07yxGdjV47neghSoN4zddZdfLq4gEPD+MN3rVTDnO+xpHzLP 4jxqAda/0eKSFQyJAHUDBRAzcZsLcslC2OpaI3kBAX9cAv9K9QaxgI8kjyVJkVxY KJuYE9PPXgjmQvqx7gS+HFm97ZTROEYhhNek7EFD+XJpVQ62KlQxNUaWe4VnNmZN 2QQyvRhNvE0bPC+rBKoi6np6Vha0NqWDA80xos3oswpj/+iJAJUDBRAzcRiTBn5e 2L+1ZWkBAY5YBACLvAw9AoqvMqnUVR4aXSkzK+s5aQG9hDDHac2FWsG66HLhh+Ux HI5Cvnke7CF+qglNzDU7HpoIdDFovRgQkfGnB/I7Cy6ax1aRJpLc+JNXkwbDDcZw 9sXnMMymNl4xn0vUOyrnT2GIwLwFL/t5JIUqovm3mZ2SpL3FxKNWyxgDX4kAlQMF EDNw+VVfHshviAyeVQEBrtsD/AtwAvvAduNZMFL9du224fvVZ16of9P5vLVB6tF3 WKvo39FsFjOLr1xgZn5TWc09i1sVK6swi8O+IgcNLq7CLxRYaXpTjObbphktDVnU 2uWwc3wHzFA7nNAT9ACEa7gDc1GxFrJQ6QyjJVK4f2n3EyJxc9E1rBIoCSNnmBHh vqJViQCVAwUQM3D6ZHcdkq6JcsfBAQGNFQP8CeATNOacSrL+x7JaFf2AlANLwZAo G68VE/JMcUgGBCZdo6cptg1uBFgzWaOVq+aQU7AKkwLmbyMvCX04PS0tswnkSl5w DTLgSmmOH5elIWWrv5J9MXrlsniIzc1MSokENMOaKIEWuC4yCgE00nBj8q2GfDRh J816g1ndGU9zErmJAJUDBRAzcZZKH9vgQ8ZSyXEBAT6zBACDaXRCrBqqCmjIZ/xN EQcXQF6VKoDFfMUXSgvRaJP0LRuBmbRuWQRZe+OIGA7vKWtvPti40bm3O4b8rESG MMAxARn2PS7VPfOhrRNaVGV/s3NX8GkrPxYD+MuFVHoI3QKiKa/fzxDYMX3rTh6X 4ISe4cS5O/J6VCEKIjPvoVVFF4kAlQMFEDNxljgoffu9cgNgzQEBEyoD/3Ca0oBU AuCJUsrPyFYVr5r9FYOWtvOZ/b8IynIXjxD2Lin9AlX2ijLFDJR0lbDoBVPM4IVt 4rb/yr9D71LU3plxKn+G9JdFpNK9IWJGqsn8iRmbnoERbbVzvZHVx6qA4qvRTt8s TJYN+ueKng42DVvZVZQLWZv9mdDUKH9i7r7/iQCVAwUQM3EH4IY/IR3IPsbJAQG+ pgP7B8mo+OP0lN6KRK83pje5wctThDHF7OMW9tSKXMqGUMEa8+GWrOrazyT+5R30 cOHUnz3iNkjHaO2/3jLZ7VZTrewYGD7VSg5d5RW9PMCSm+MaJiHLVWKxS3exHHWK b62c3mao1zRz5Oj468cRXnHABNaLt3CmMVvKUpAi3d/W7V2JARUDBRAzcQGwIbVp 4uOMzvEBAZc6B/0eqipGA88c3bxT0NXZoQtePdVen6Ub3BJiR72E3YA2kZx4Bi1B pcJIAw/HhRx9vkc3EmwJkPCn1o1pnYnuMZTgGYH3KAV6WFsT/Yqp0KaHYLzHLCJP CVKI29DClbI+LOw3sHWuG9ZHK/y26ue3Bd16dJzs7Wa3ryyqeZGi3gWijHbtVcgA laNicb0QuWcMXsNYy2E62kP7tZIRR88cv3KVOlbEB/qEOZ8tYbk5UaI6ccZfIO2c Oyo2xakKmw92DyqRdbNKbf6yFZLPYJbGZHsJeI89m+MyU+av7iIhh/ky1mSrZW63 dPnQvE6sw2BpFS6L3hmtArLHWJKBSm8N3vobiQCVAwUQM3D5Rb3aj9Y/6n39AQGw owP+Iu/HfZLks9GdaTXata1YEwC42GJFxB3+8Pgy+ZOimffkF/CFlYWBthD9Zwqb NEQanNqQGLOtHgCX4JFLia+FktAX2hy92ciTcSFG9sVsaEHrWnjQRfh4OhqJa/D6 rtud9sPWjx7TY2s+8BDZxjgNnq+gTCDnhRKvpsLHl9BogAyJAJUDBRAzcPU2I+Ri 1L97pCEBAYxXA/0cleagkyPhJZoZ2PfqtB3iN9/OcFLZCC4HDTdtpdOundLMTZe3 WtjCdETnLCXQGOMghdf9fnuU6Em5xPDnXRi+xvMo1/WN+m5n/xfui6qZtUBrZp2D 35OUFjD6Wr2DGthKb1263P0pbdcCUAZkvqgTHasJfMeSDZR9bAcz77o7YYkAlQMF EDUKj4B8S2dtoA4VYwEBHSkEAMOsCwolhlXpbhG1tz35lxdMa/dBCB+JokHvGH5B JZNEARGpjlA7Q6oEYGtpTuIwj2lRqgiS7d3M/qCKL0HlrlMDOcBbNdjC6JZuVgnA LEG2m+r6YZlLratpkK9rI/SeSpwz2AfmrC89PI+C9Pcysj+EH4hV8WyETjcNA0le 5UANiQA/AwUQNNg0q1F+HqlP3KvBEQIVngCguFDiBO3ZJR9RN9L0Vmg+/yMX7KMA n2tSLsf98uStHSQOzboE0KgghjybiQCVAwUQM8wrnM7nzgldNyzFAQFfGAP8DWSO R5ELTdPUugVgB26FStcadMS44is1JWwRT8NkRiewBP1cvVwS3c6zS75qdXNoAz3g UklXw90/CeviKHNA1wHOupsMCxwPqy91Uo5SOT49vTOuHZ5HQxY17WfTgFXUUFx7 RQTB+ga9BpGedHq0Fm5kfvH4L4Fdn1vOpEmsakg= =9d88 -----END PGP PUBLIC KEY BLOCK----- Type Bits KeyID Created Expires Algorithm Use pub 1024 0xBF7BA421 1995-02-23 ---------- RSA Sign & Encrypt f16 Fingerprint16 = C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29 uid Eric P. Allman -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQCNAy9MzZsAAAEEAK3o3N9W8Ynb47vNtIqUvdjYYl/nEt/hddhumsDNqt/icanP 7x9VTS1bCfKmAEQ86DSkWRWZmhIpExbcqmuRtixn/RfDHzJ4hU/wAd6kAzUTVIfY wLC5NinszKoaqlBWlQkWKW/2GbryLmYIRhIDOKkIBxSgskpShSPkYtS/e6QhAAUR tCVFcmljIFAuIEFsbG1hbiA8ZXJpY0BJblJlZmVyZW5jZS5DT00+iQCVAwUQMv+v Pr3aj9Y/6n39AQF3hAQApIJUr5W7b1wvi+WVGVc9iWtmKB3U/O7iddjeqeOWCx+P 6XgD94rkSanFbfCT4Sq8HQNbtTDtBVYFU0SD6GTH5SZ93FUQ6h0OAW5cueHGnfH6 s+a2N87pPVKxh/brycLvr08to2TvRTbxbebPkF6UWOlurdPI1Ga4kgLZF0Ppwd6J AJUDBRAyWFEdXuWsrmbLc90BAaE6BACqO5uGZQ1rLrFxOi9ljDghYmDRLFI0x1ls NWh//FAGduRs3N+NemP715N/8vH4n+nY0u0xfPDMi5UklmD1l4EHJlHxNvrXNnQl I7gLkkKxvCly/hjbKiMciDtpnUYGa8dgSy/nru6J8QSpOhXbs+UeMsY8xtPYTZqp e5fNjWhVJrQjRXJpYyBQLiBBbGxtYW4gPGVyaWNAUmVmZXJlbmNlLkNPTT6JAJUD BRAyHkUOgEp1EPeh9ysBAZxGBACWWXNNwG/3fWmGFhDi0eFVSQXbIPK9nOk6/kSM 5hKqESarPrLsVNapNu5s2BSac4qi6xrrV+4SCEcEkkfESbG/3nXx6ieuxswLim03 BTHvsceFjjPUN9X+Hny0LEbHbcwACHPq+yGgQ9kEYLmzMM6/9kaIy+56Iy/PbAyT ARKGOrQgRXJpYyBQLiBBbGxtYW4gPGVyaWNAVXNlbml4Lk9SRz60IkVyaWMgUC4g QWxsbWFuIDxlcmljQFNlbmRtYWlsLk9SRz6JAD8DBRA0qiAaXtpa2zmNWFARAkMb AJ9sSKb6Aj1fwF8QyDH5rArzoWOXYgCgj0OcgAVTjMHV1BaAKDvq+dfASKG0JUVy aWMgUC4gQWxsbWFuIDxlcmljQENTLkJlcmtlbGV5LkVEVT6JANUDBRAxPmCOSSSp RrHt/oUBAVdpBf9fXDKX23m0mI35fy8GkH2n6p+2j+r5fTCsJr0ShtXA1E8BS3XR Z9wPPbi925UoT0uBc8bAZhSwMMX19hVKyvo8tjmy3nRhhjfOZKTprjAGHDOQnfce UY2URhmM2ELkKioY3jVYnoTSiL5tLXDUfii/frwEG7ZY31LW1YErCKMl4lqlZucK XF7n7gijTPebGAYckU2XP1y0n5YZrNq4WQBv+6wgDD4wqtDiyCG1/O2jh7eJ1UDF 3FvDOEfdcgKoID2JAJUDBRAvbcy3g3t4fqRAn2UBAW2nBACXg7tSyMU+Jj9NBrjg DLnYEoKWV0F++dWHqM0WisDOCwU+v51BUP/VJdqEwWc6CdUrbNbTHCVCG/3D0set DuvmkxBKpBsljN7gxDTfUEMciCrdtlEh/jJ5YZ1ofSujxIHjYZ6OJg/4x9AgdJ5O EsDUvK2fEI3+dFGRYrw2XUOqeokAVQMFEC9SbfUeUtMXXNLGGQEBz58B/AuGcYU/ mNixrR5QYndJVmarw/0ewfRJMXzYXCn+9TFYy8gul9K6Mu3/zv3Z2BzB92sdsbVC rXlcazNrR/gedMGJAJUDBRAvUm2lI+Ri1L97pCEBAdDhA/9YP8KoUDp/YmSekMBU 4myhSpFsCW5Fs6I07Cwn84Q/hkZ9myG+rGxUltBry2Z7CMcwQABa9D254FjV/BR6 eVIgADSBIR2U3DSrEgSP0qGdT5yFCrbP5HOge59/b/0CknBlDvBLLD3HW+OrwOaQ cF/4gBUnbMJ01gZEY36IFgXsvokAdQMFEC/gXgxqmwnIWCbPjQEBQwIDAJRi8+tW be7gQpW5ZSriDbss6J3/dd/WDspD4WnwnoiNMFKzVDVRbZGAMjsSqsLCJSywdIus P7eLs0kayCx0ov7UcF/O6N0MYw/jy6NkFtiSND6TqtJ7Pc2SZcjetbpIkA== =StEG -----END PGP PUBLIC KEY BLOCK----- Type Bits KeyID Created Expires Algorithm Use sec+ 1024 0xA00E1563 1998-03-07 ---------- RSA Sign & Encrypt f16 Fingerprint16 = 66 39 58 9A 83 5F 52 26 88 E4 59 36 5A 94 D9 48 uid Gregory Neil Shapiro uid Gregory Neil Shapiro -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQCNAzUB04kAAAEEANHOOWZH9BdsPi8071kHB49qWAWL7OjoUk2NpItw5D9o/sRa jZbBwtvPSjx+/cC1Nka+apIuXGccjBzpu71DJFLxIYEk+MW33bSgymI19utPS1b7 yHetCa6T3ggBsdSH3+gLbyK0bt+suRxxiAC6719HqHvUxuGWnHxLZ22gDhVjAAUR tCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwub3JnPokA lQMFEDUB04l8S2dtoA4VYwEBL7gEAIcDsmzwlzI5+KYILkeUmoOWeoOunDZ7ZRv9 KvATWccEJdcdjGk4VPKtAGYWgPJBweLAaeZBHo5+cB/w4Ho+sPavHJoaXqk20u5T AtIv/DUKcPcE6MVvOYuWUsnHGuWDeSke/KKA1uRw7KEn8vDlBYktUres8ifHLGy0 JM+aEs26iQCVAwUQNQnbcr3aj9Y/6n39AQGzkgQAhcwsoDO9Rl2oQSUYZpvcxUHF rroqSQFejRRfTCT2a3ejQDckeFTqT2VcLGv+QH+7sQFnRAlJrTWU6U/BoLsf3qnu dSijd2DiiCTQ5F88SBQjlRyxvXpQXOWGlmemmkV6kry/px4MaFAyF/35HCo0Rzd9 S0brLFgrCiTzAS7/wRCJAJUDBRA1Cd2jI+Ri1L97pCEBAYw4BACh5m75gsGcClEX LUcxIOaANG2YNSr9r1lmHxcDq0V3Gpv02IauADL1+DX6o3sD+dX+WJxyAM7F8QBC up2ZtADL1uxiGz+AarDT4qzXyUeQnB47tkhPTnlcO60srtgkRKNex+lAuzzbWSAT vZpS4C90ZJASwMGr+M73V/66cwKA/4kAlQMFEDUVydtfHshviAyeVQEBwUMD/AoR E9p0DSgbPpSdojFok7BEe8fHLwJR31fBWetLOk5nsHuAHWBCasO9bmjgG8vls8YS iTkoJAMxXN03i1bRNL5X3F5Ex1HzrkjEsn51Fcx4Jyp3blXlf4yOBN2t+2DM8DfR vy1yVrvKtZ1TEhjM0zoG1DqjN8zf/hG23t+1rGZ3iQEVAwUQNRXjouNaWM2W6V8r AQEHowf/ZTBh0jzRC+oJHb/uewa/vnufEFeWoGZt5U9KZoKooUcZZ82RyZhzJzC2 /5zQQQI9vY+Gh/bL+o7Eaj8+FlbXN9N31E/BhxTtR/v2FTr0HHn/kXKriG/Wjwpr Rj2hF9fu5HTVD0Bp3A/uQ4bUO9xT7edKGtQWgXEN77/xbD+LGrZ8CTFSohA+WIyr tgwL214ASBDv8j++V4lpTkzyJSjuFTL019hsjkeE4FvCXbELfvsVX0SOZK9Q45I+ sgvsAZ0BBpasfaY47WShYGhTvvp2r/Z8xgy2erw4vhKz3jJCVmkK1cmAM0IvhwFn LSYfxI/T/1zEUj+56XTMc4C3dltXfYkAlQMFEDUV9Q08YShHTKshIQEBY7cD/2Rw Bu6ZJAoJaGKzbBOwEQG2JV3/o5W0Z/Tfy9x3kUDecgqEKN2M0b9zCkzCprotGNhJ 3KXvva3XL2H9AlJd5aorcmvNSph38rPlP35Tt3xWXMBrB1CNR79WMZU+Wx1TlJMf i8EFURUkjD9WXRsn5P9ncPPKBGcCJ3MfA4LQvvvqiQCVAwUQNRZkreTJ6ktPts0d AQGsMwP/beohoVn7bcp9kkYW0d3mAlbZyrDzbi6Q+C0lS9s67g4k/QzWLY8vZAYc ywC2KDQjoc1mnw1bJ+S6u5WmMTnfrmXs8vUMpmM3no+ZIlk8FB6tdkKcIu3yuAd9 CFz62uxnekRRCoIFnWadeZSyxOmdxtO99MUaM9D8Ob1fOH6vPWOJAJUDBRA1GUPT vFYqkcU0pUkBAXQVA/42rM5+DyOA2VoCCkYa0VgIuA5ECROFnwigcY8mxQx9D/Xv 30Z0ePR4Bigur/eXqCC0Tt0cy213SUpED38xsXtmchK2lpCH5RlIwbr2SZKNWGSZ jGlSCRbLT2xo+WYxvXcUL0q4NYgG5gXG4lXUf8yyuo/MztQlBkPsoO2SLLX3MIkA dQMFEDVqLI6s4VzBBNt7HQEB/asC/igF9ebzNWnIlug1gienj8d31znRL1YKcn0h e5b5N2XPIXQ3cOBQxlufuHVZKL0Cir5MSozxnEsavqKSGhGQuEnvv6lbYh0/OJgo eB40EDPnPGjv6kcexzOB4rUOYr46w4kAlQMFEDVq3TUpbj1jWlwAqQEBqKQEAL9n C6RFsBFabbAw0ScsmW9ir/0Zz28pBmxMkUY8RL9Kk6jEkwCa3phztMao3qGajqXd iw5hzfAOdY+eWPXq/sqE2f81uU2TaFCsVq++rAcDqxhZ1p47xfGcBtVBTpgAl+9s 8h33IsggglCumuhBkyCwOBFZ2JiN+BUAv6LbUvBWiQCVAwUQNYgrcJqnRzvJFyx1 AQGiCgP+LLh7c6FxqVQbgm3qpwgReYryaQQx8sdksX1gZ6jIEC5gYTDh+vHmUJdi 16I7Pz02e9R2yOsKU6e+zhCTauHtSM0CGYn9OdLx96WpJv6nul/KI8eztyV6Dl4k T8rFbuo0qs8Ib9exDmkdRh78Ihbask69R1w/OwLIlKesOiLo04eJAJUDBRA1x/fK P2UweumbYhUBAZCzA/0UQ5AB890HbWnvVHP9PdDT8KpIQYg7wm5aStpinY2/jfwA zl+kvaAwL6nTsTJiWNLfZj4rLn0JsG8176/lyl4Lk6QLkbGyBD+/u8tD6yL0NzYW lLIBwhxL8W8Fw889OKci72b6rrTcQNNEw2eZiSeTGJBQdZ4quDQZOthwtMEEe4kA lQMFEDXQKC8offu9cgNgzQEBXYAEAJSZ+CEGKswFmmQqO2t0WaO9SKZxxXtnGe/Z +M8emTESQecZ5oC4Sc+M9c6YE8jSH5CgDD4R5EHKeWXsVfFMV8wetcjgB9AicCnl ki2hVT38Rf+b1go4lbKpPjKf+V32Xs/s/kblZ3SX11aOF7pkQCV2W1ebkZ+Tnim2 Ec+pwLKytCxHcmVnb3J5IE5laWwgU2hhcGlybyA8Z3NoYXBpcm9Ac2VuZG1haWwu Y29tPokAlQMFEDUUq258S2dtoA4VYwEBrTQD/A8sNe02YWwDwQx1sHMoDeCN3hjV 9lCdWlPa1Aj4Wsw4Jgf3Q1x+n2lmAUtov20tXVxtXohCjC0dNNyGZlIOKOXN/R8g 6g3KkdAhENarH9Fibw/XaXC/VTnvvv5QQWNT3VGUDp9lMj/rUu8LjrxNwANWcSfU 5mjUg0d0CFmYTqxqiQCVAwUQNRSr6L3aj9Y/6n39AQH0rAP/U8iMjZuwXGr280uC FtEpEkSqlNvxFW+C4K+89jluK2o+6zhUu/N73nJM7HHt7kA40FaH9TJfxnTR3VDR KbkpmZ1zPfrkgf+fE/rQgKn8enk8fWCMBdEDTjiCjXIoNNLK1Pyv0/x0yWt+n8kY RaS4GV/d5nilK7lFx/uISOZmQ3uJARUDBRA1FePa41pYzZbpXysBAYYMCACIMf6P Og0RgQS1QVpFrlUR2zQCEIv/ioWNGdXD43FDWkuyPmOGjOY8jpIYi7I2HBLtpbXR WNl00ignGWcMhGzdZqK+K55cyDTIC14vGFc7SUKMcQUOEVfyMtytMYvNr+95EBGM qlfUYxhoqfkguC3ZCmZvu2exdGndSXuxDA8d0KcjxDRAuIqfh7gekQTEkILf5Xkf nSwsEdFwthW/vAWXYSNNF/L8Q5SXVi35ez0qqMJTa1rSzoRGkBKcxplJZ7YQfnBu zp25LaeiF66UT9/6tAggKOfkqD/r7UwfVHYGK86HuzAdfepOv+hIrhouZZiXhkFQ 4ypAkFgaXj1AOgFTiQCVAwUQNRZkweTJ6ktPts0dAQHMqgP8DwJsWJUP7yELDOxc x8Zh2EY78w1J94CTcYQPqF8+xaVpFdAt1tw1P6/KW0kjq2arfMW+xleXRhvchB/l 8kzjmocDIQx6C7x0rf4rwG7ZxulZgqI1NrB8EnIPzPBBeBP4aKdtGOg8S8585iH4 zrWpW6Z/KOXQcDGge34pdN7JV9uJAJUDBRA1FmuyPGEoR0yrISEBAcsCBAChTZnQ nS6PYAYp8OOB7/0evMSug+0PSGkxEzYZVcr/WUgijfsZ+DfVOYtXwKvuL3O+yUeK oP3Uqs9wKMTr8tVIv8geoFYoxLuHD3P4EOYxjOI8Yk9/bNRT4E0NoEJQi58OIzwz ORBztEhCFLWz/SCBpoXfMpLmplmxEUcHkj0ryokAlQMFEDUZQ9+8ViqRxTSlSQEB mKgD/ibbOd/iRJ+cvaGSzns0hsz4nSFJdn2C09Bz4OPlIF6uslaeG7GR/fm7p8Qg PPd5907mvMRStaK+gYLv3h50Nz9ckUvPB3erW/Xy7txCk1idI21b2QaAbmAYQ1r1 HrFQXogDY/Pblj2pMYXC0sX4efQSbc5OTRr6W6ijqxRXNJQkiQCVAwUQNR+ubCPk YtS/e6QhAQHiiwQAl9sGXG/TxwGyacjrgG6wTAz/PYhh+0CGDFjyC0wPXQjE/ICI 6/kjl6fYNhFQdRNPYhfY48TWk9iqIiInpylk5ieLzJD62yrUlXCZH5xx/MA3PzD5 xczRO74R+4lVxuI/zGXdQMGm+P0ydzAma3gOhyN+85XzzFy/QOtPMihffLeJAHUD BRA1aizMrOFcwQTbex0BAZP8Av0d+FY9zxS1okG2rXQFubkDoBREChWnKMSO+y+F Kj2rDExoSt7EXn44DQWd8a3nz45u2Csr/JsntN9zr2OjOA3AUEsXyHmHHjDRQlaj a5G7aHDRz4zaCDrxGiIMO5d1AfqJAJUDBRA1auWNKW49Y1pcAKkBActRA/4nLsGd +N2OAiRhJvCZzLu6xhUEjMHwYJvxtYzcp2R3dFczbtgWKl8BGkeA91Gwm2ESu650 WOyT5f9GC1T+zSZc8j0voZJOEMBxefrCA4jlwRA51CplYm7nbBaHk1OVER7zUYCB olZLkgqCjUA39HvMZ/WhQoIAXpKMpU2zSCtTPYkAlQMFEDWILQyap0c7yRcsdQEB TEQEAIElJUWiqoKT9X7TnHHlIHTSDhqVbsQdNjhB9g/hs5Rpl/pgDRCX1o32C2JT b1OkjlWMd2RtKFcSCSYTqDKwmnxQfxvo/SgM0Gv3V5dpTlNc35g0gksgJGiozEIO /6Hn6GHjrRh4fpRmv8ySHfzeJJq6+JttLy8uRmvywC4FSfp/iQCVAwUQNcf3kD9l MHrpm2IVAQGu2AP+MjnlXXhtUH+i1V82j/Az5N+qwWKJbbQK2Qd95oE43BI8ES+8 0MAuP58oA9XikkcFX6Lqunvv2FRC5hsi+SsSXx67poMsQzk71mqxDR+dY+iCw36O BLK2NtITxxAIKQwj79xNqzgsfm3cpti32t+C/kGkYbONonZHz5uhAG+N0jQ= =idnw -----END PGP PUBLIC KEY BLOCK----- -$Revision: 8.5 $, Last updated $Date: 1999/11/23 19:08:03 $ +$Revision: 8.5.16.3 $, Last updated $Date: 2000/12/19 22:33:12 $ Index: stable/4/contrib/sendmail/RELEASE_NOTES =================================================================== --- stable/4/contrib/sendmail/RELEASE_NOTES (revision 71887) +++ stable/4/contrib/sendmail/RELEASE_NOTES (revision 71888) @@ -1,7211 +1,7330 @@ SENDMAIL RELEASE NOTES - $Id: RELEASE_NOTES,v 8.561.2.5.2.125 2000/09/27 06:25:28 gshapiro Exp $ + $Id: RELEASE_NOTES,v 8.561.2.5.2.181 2000/12/28 23:56:46 gshapiro Exp $ This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.11.2/8.11.2 2000/12/29 + Prevent a segmentation fault when trying to set a class in + address test mode due to a negative array index. Audit + other array indexing. This bug is not believed to be + exploitable. Noted by Michal Zalewski of the "Internet for + Schools" project (IdS). + Add an FFR (for future release) to drop privileges when using + address test mode. This will be turned on in 8.12. It can + be enabled by compiling with: + APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') + in your devtools/Site/site.config.m4 file. Suggested by + Michal Zalewski of the "Internet for Schools" project (IdS). + Fix potential problem with Cyrus-SASL security layer which may have + caused I/O errors, especially for mechanism DIGEST-MD5. + When QueueSortOrder was set to host, sendmail might not read + enough of the queue file to determine the host, making the + sort sub-optimal. Problem noted by Jeff Earickson of + Colby College. + Don't issue DSNs for addresses which use the NOTIFY parameter (per + RFC 1891) but don't have FAILURE as value. + Initialize Cyrus-SASL library before the SMTP daemon is started. + This implies that every change to SASL related files requires + a restart of the daemon, e.g., Sendmail.conf, new SASL + mechanisms (in form of shared libraries). + Properly set the STARTTLS related macros during a queue run for + a cached connection. Bug reported by Michael Kellen of + NxNetworks, Inc. + Log the server name in relay= for ruleset tls_server instead of the + client name. + Include original length of bad field/header when reporting + MaxMimeHeaderLength problems. Requested by Ulrich Windl of + the Universitat Regensburg. + Fix delivery to set-user-ID files that are expanded from aliases in + DeliveryMode queue. Problem noted by Ric Anderson of the + University of Arizona. + Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano + of Collective Technologies. + Avoid using a negative argument for sleep() calls when delaying answers + to EXPN/VRFY commands on systems which respond very slowly. + Problem noted by Mikolaj J. Habryn of Optus Internet + Engineering. + Make sure the F=u flag is set in the default prog mailer + definition. Problem noted by Kari Hurtta of the Finnish + Meteorological Institute. + Fix IPv6 check for unspecified addresses. Patch from + Jun-ichiro itojun Hagino of the KAME Project. + Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish + Meteorological Institute. + Fix parsing of DaemonPortOptions and ClientPortOptions. Read all + of the parameters to find Family= setting before trying to + interpret Addr= and Port=. Problem noted by Valdis + Kletnieks of Virginia Tech. + When delivering to a file directly from an alias, do not call + initgroups(); instead use the DefaultUser group information. + Problem noted by Marc Schaefer of ALPHANET NF. + RunAsUser now overrides the ownership of the control socket, if + created. Otherwise, sendmail can not remove it upon + close. Problem noted by Werner Wiethege. + Fix ConnectionRateThrottle counting as the option is the number of + overall connections, not the number of connections per + socket. A future version may change this to per socket + counting. + Portability: + Clean up libsmdb so it functions properly on platforms + where sizeof(u_int32_t) != sizeof(size_t). Problem + noted by Rein Tollevik of Basefarm AS. + Fix man page formatting for compatibility with Solaris' + whatis. From Stephen Gildea of InTouch Systems, Inc. + UnixWare 7 includes snprintf() support. From Larry + Rosenman. + IPv6 changes for platforms using KAME. Patch from + Jun-ichiro itojun Hagino of the KAME Project. + Avoid a typedef compile conflict with Berkeley DB 3.X and + Solaris 2.5 or earlier. Problem noted by Bob Hughes + of Pacific Access. + Add preliminary support for AIX 5. Contributed by + Valdis Kletnieks of Virginia Tech. + Solaris 9 load average support from Andrew Tucker of Sun + Microsystems. + CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') + is used. Problem noted by Phil Homewood of Asia Online, + patch from Neil Rickert of Northern Illinois University. + CONFIG: Change the default DNS based blacklist server for + FEATURE(`dnsbl') to blackholes.mail-abuse.org. + CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., + implicitly assume canonical host names. + CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on + patch by Motonori Nakamura of Kyoto University. + CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of + Virginia Tech. + CONFIG: Pass the illegal header form through untouched + instead of making it worse. Problem noted by Motonori + Nakamura of Kyoto University. + CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). + CONTRIB: qtool.pl: An empty queue is not an error. Problem noted + by Jan Krueger of digitalanswers communications consulting + gmbh. + CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark + Roth of the University of Illinois at Urbana-Champaign. + DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 + variables into bldOS, bldREL, and bldARCH to prevent + namespace collisions. Problem noted by Motonori Nakamura + of Kyoto University. + RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It + causes some changes in behavior and may break rmail for + installations where sendmail is actually a wrapper to + another MTA. The change will re-appear in a future + version. + SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, + and SunOS 5.8. Requested by Jeff A. Earickson of Colby + College and John Beck of Sun Microsystems. + VACATION: Fix pattern matching for addresses to ignore. + VACATION: Don't reply to addresses of the form owner-* + or *-owner. + New Files: + cf/ostype/aix5.m4 + contrib/buildvirtuser + devtools/OS/AIX.5.0 + 8.11.1/8.11.1 2000/09/27 Fix SMTP EXPN command output if the address expands to a single name. Fix from John Beck of Sun Microsystems. Don't try STARTTLS in the client if the PRNG has not been properly seeded. This problem only occurs on systems without /dev/urandom. Problem detected by Jan Krueger of digitalanswers communications consulting gmbh and Neil Rickert of Northern Illinois University. Don't use the . and .. directories when expanding QueueDirectory wildcards. Do not try to cache LDAP connections across processes as a parent process may close the connection before the child process has completed. Problem noted by Lai Yiu Fai of the Hong Kong University of Science and Technology and Wolfgang Hottgenroth of UUNET. Use Timeout.fileopen to limit the amount of time spent trying to read the LDAP secret from a file. Prevent SIGTERM from removing a command line submitted item after the user submits the message and before the first delivery attempt completes. Problem noted by Max France of AlphaNet. Fix from Neil Rickert of Northern Illinois University. Deal correctly with MaxMessageSize restriction if message size is - greater than 2^31. + greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman + of EarthLink. Turn off queue checkpointing if CheckpointInterval is set to zero. Treat an empty home directory (from getpw*() or $HOME) as non-existent instead of treating it as /. Problem noted by Todd C. Miller of Courtesan Consulting. Don't drop duplicate headers when reading a queued item. Problem noted by Motonori Nakamura of Kyoto University. Avoid bogus error text when logging the savemail panic "cannot save rejected email anywhere". Problem noted by Marc G. Fournier of Acadia University. If an LDAP search fails because the LDAP server went down, close the map so subsequent searches reopen the map. If there are multiple LDAP servers, the down server will be skipped and one of the others may be able to take over. Set the ${load_avg} macro to the current load average, not the previous load average query result. If a non-optional map used in a check_* ruleset can't be opened, return a temporary failure to the remote SMTP client instead of ignoring the map. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. Avoid a race condition when queuing up split envelopes by saving the split envelopes before the original envelope. Fix a bug in the PH_MAP code which caused mail to bounce instead of defer if the PH server could not be contacted. From Mark Roth of the University of Illinois at Urbana-Champaign. Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and ETRN. Problem noted by Erik R. Leo of SoVerNet. Change error code for unrecognized parameters to the SMTP MAIL and RCPT commands from 501 to 555 per RFC 1869. Problem reported to Postfix by Robert Norris of Monash University. Prevent overwriting the argument of -B on certain OS. Problem noted by Matteo Gelosa of I.NET S.p.A. Use the proper routine for freeing memory with Netscape's LDAP client libraries. Patch from Paul Hilchey of the University of British Columbia. Portability: Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} instead of defining it in conf.h so users can override the setting. Suggested by Henrik Nordstrom of Ericsson. On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of /usr/lib/sendmail for rmail and vacation. From Jeff A. Earickson of Colby College. On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which does not exist). From Jeff A. Earickson of Colby College. Avoid using the UCB subsystem on NCR MP-RAS 3.x. From Tom Moore of NCR. NeXT 3.X and 4.X installs man pages in /usr/man. From Hisanori Gogota of NTT/InterCommunicationCenter. Solaris 8 and later include /var/run. The default PID file location is now /var/run/sendmail.pid. From John Beck of Sun Microsystems. SFIO includes snprintf() for those operating systems which do not. From Todd C. Miller of Courtesan Consulting. CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. Problem noted by Kaspar Brand of futureLab AG. CONFIG: Change 553 SMTP reply code to 501 to avoid problems with errors in the MAIL address. CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem noted by Ron Jarrell of Virginia Tech. CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). Contributed by John Beck of Sun Microsystems. CONFIG: Set confFROM_HEADER such that the mail hub can possibly add GECOS information for an address. This more closely matches pre-8.10 nullclient behavior. From Per Hedeland of Ericsson. CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for SMTP to all *smtp* mailers and those for RELAY to the relay mailer as described in cf/README. MAIL.LOCAL: Open the mailbox as the recipient not root so quotas are obeyed. Problem noted by Damian Kuczynski of NIK. MAKEMAP: Do not change a map's owner to the TrustedUser if using makemap to 'unmake' the map. RMAIL: Avoid overflowing the list of recipients being passed to sendmail. RMAIL: Invoke sendmail with '-G' to indicate this is a gateway submission. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. VACATION: Read the complete message to avoid "broken pipe" signals. VACATION: Do not cut off vacation.msg files which have a single dot as the only character on the line. New Files: cf/ostype/solaris8.m4 8.11.0/8.11.0 2000/07/19 SECURITY: If sendmail is installed as a non-root set-user-ID binary (not the normal case), some operating systems will still keep a saved-uid of the effective-uid when sendmail tries to drop all of its privileges. If sendmail needs to drop these privileges and the operating system doesn't set the saved-uid as well, exit with an error. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. SECURITY: sendmail depends on snprintf() NUL terminating the string it populates. It is possible that some broken implementations of snprintf() exist that do not do this. Systems in this category should compile with -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your system and report broken implementations to sendmail-bugs@sendmail.org and your OS vendor. Problem noted by Slawomir Piotrowski of TELSAT GP. Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). Implementation influenced by the example programs of OpenSSL and the work of Lutz Jaenicke of TU Cottbus. Add new STARTTLS related options CACERTPath, CACERTFile, ClientCertFile, ClientKeyFile, DHParameters, RandFile, ServerCertFile, and ServerKeyFile. These are documented in cf/README and doc/op/op.*. New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, ${server_name}, and ${server_addr}. These are documented in cf/README and doc/op/op.*. Add support for the Entropy Gathering Daemon (EGD) for better random data. New DontBlameSendmail option InsufficientEntropy for systems which don't properly seed the PRNG for OpenSSL but want to try to use STARTTLS despite the security problems. Support the security layer in SMTP AUTH for mechanisms which support encryption. Based on code contributed by Tim Martin of CMU. Add new macro ${auth_ssf} to reflect the SMTP AUTH security strength factor. LDAP's -1 (single match only) flag was not honored if the -z (delimiter) flag was not given. Problem noted by ST Wong of the Chinese University of Hong Kong. Fix from Mark Adamson of CMU. Add more protection from accidentally tripping OpenLDAP 1.X's ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). Suggested by Kurt Zeilenga of OpenLDAP. Fix the default family selection for DaemonPortOptions. As documented, unless a family is specified in a DaemonPortOptions option, "inet" is the default. It is also the default if no DaemonPortOptions value is set. Therefore, IPv6 users should configure additional sockets by adding DaemonPortOptions settings with Family=inet6 if they wish to also listen on IPv6 interfaces. Problem noted by Jun-ichiro itojun Hagino of the KAME Project. Set ${if_family} when setting ${if_addr} and ${if_name} to reflect the interface information for an outgoing connection. Not doing so was creating a mismatch between the socket family and address used in subsequent connections if the M=b modifier was set in DaemonPortOptions. Problem noted by John Beck of Sun Microsystems. If DaemonPortOptions modifier M=b is used, determine the socket family based on the IP address. ${if_family} is no longer persistent (i.e., saved in qf files). Patch from John Beck of Sun Microsystems. sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} macros for both the incoming interface address/family and the outgoing interface address/family. In order for M=b modifier in DaemonPortOptions to work properly, preserve the incoming information in the queue file for later delivery attempts. Use SMTP error code and enhanced status code from check_relay in responses to commands. Problem noted by Jeff Wasilko of smoe.org. Add more vigilance in checking for putc() errors on output streams to protect from a bug in Solaris 2.6's putc(). Problem noted by Graeme Hewson of Oracle. The LDAP map -n option (return attribute names only) wasn't working. Problem noted by Ajay Matia. Under certain circumstances, an address could be listed as deferred but would be bounced back to the sender as failed to be delivered when it really should have been queued. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. Prevent a segmentation fault in a child SMTP process from getting the SMTP transaction out of sync. Problem noted by Per Hedeland of Ericsson. Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT is defined to avoid a core dump due to incompatibilities between sfio and stdio. Problem noted by Neil Rickert of Northern Illinois University. Don't log useless envelope ID on initial connection log. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Convert the free disk space shown in a control socket status query to kilobyte units. If TryNullMXList is True and there is a temporary DNS failure looking up the hostname, requeue the message for a later attempt. Problem noted by Ari Heikkinen of Pohjois-Savo Polytechnic. Under the proper circumstances, failed connections would be recorded as "Bad file number" instead of "Connection failed" in the queue file and persistent host status. Problem noted by Graeme Hewson of Oracle. Avoid getting into an endless loop if a non-hoststat directory exists within the hoststatus directory (e.g., lost+found). Patch from Valdis Kletnieks of Virginia Tech. Make sure Timeout.queuereturn=now returns a bounce message to the sender. Problem noted by Per Hedeland of Ericsson. If a message data file can't be opened at delivery time, panic and abort the attempt instead of delivering a message that states "<<< No Message Collected >>>". Fixup the GID checking code from 8.10.2 as it was overly restrictive. Problem noted by Mark G. Thomas of Mark G. Thomas Consulting. Preserve source port number instead of replacing it with the ident port number (113). Document the queue status characters in the mailq man page. Suggested by Ulrich Windl of the Universitat Regensburg. Process queued items in which none of the recipient addresses have host portions (or there are no recipients). Problem noted by Valdis Kletnieks of Virginia Tech. If a cached LDAP connection is used for multiple maps, make sure only the first to open the connection is allowed to close it so a later map close doesn't break the connection for other maps. Problem noted by Wolfgang Hottgenroth of UUNET. Netscape's LDAP libraries do not support Kerberos V4 authentication. Patch from Rainer Schoepf of the University of Mainz. Provide workaround for inconsistent handling of data passed via callbacks to Cyrus SASL prior to version 1.5.23. Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission noted by Ulrich Windl of the Universitat Regensburg. Portability: Add the ability to read IPv6 interface addresses into class 'w' under FreeBSD (and possibly others). From Jun Kuriyama of IMG SRC, Inc. and the FreeBSD Project. Replace code for finding the number of CPUs on HPUX. NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not work properly causing problems if the accept() fails and the socket needs to be reopened. Patch from Tom Moore of NCR. NetBSD uses a .0 extension of formatted man pages. From Andrew Brown of Crossbar Security. Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED for calls to getipnodebyname(). The Linux implementation is broken so AI_ADDRCONFIG is stripped under Linux. From John Beck of Sun Microsystems and John Kennedy of Cal State University, Chico. CONFIG: Catch invalid addresses containing a ',' at the wrong place. Patch from Neil Rickert of Northern Illinois University. CONFIG: New variables for the new sendmail options: confCACERT_PATH CACERTPath confCACERT CACERTFile confCLIENT_CERT ClientCertFile confCLIENT_KEY ClientKeyFile confDH_PARAMETERS DHParameters confRAND_FILE RandFile confSERVER_CERT ServerCertFile confSERVER_KEY ServerKeyFile CONFIG: Provide basic rulesets for TLS policy control and add new tags to the access database to support these policies. See cf/README for more information. CONFIG: Add TLS information to the Received: header. CONFIG: Call tls_client ruleset from check_mail in case it wasn't called due to a STARTTLS command. CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent instead of temporary. CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with the access map and relaying to a domain without using a To: tag. Problem noted by Mark G. Thomas of Mark G. Thomas Consulting. CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of RootsWeb.com. CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and forwarding to make it as close to the old behavior as possible. Problem noted by George W. Baltz of the University of Maryland. CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From Wilfredo Sanchez of Apple Computer, Inc. CONFIG: Changed the map names used by FEATURE(`ldap_routing') from ldap_mailhost and ldap_mailroutingaddress to ldapmh and ldapmra as underscores in map names cause problems if underscore is in OperatorChars. Problem noted by Bob Zeitz of the University of Alberta. CONFIG: Apply blacklist_recipients also to hosts in class {w}. Patch from Michael Tratz of Esosoft Corporation. CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. CONTRIB: Add link_hash.sh to create symbolic links to the hash of X.509 certificates. CONTRIB: passwd-to-alias.pl: More protection from special characters; treat special shells as root aliases; skip entries where the GECOS full name and username match. From Ulrich Windl of the Universitat Regensburg. CONTRIB: qtool.pl: Add missing last_modified_time method and fix a typo. Patch from Graeme Hewson of Oracle. CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue and sendmail. Patch from Graeme Hewson of Oracle. CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as subroutine Patch from Graeme Hewson of Oracle. CONTRIB: Add movemail.pl (move old mail messages between queues by calling re-mqueue.pl) and movemail.conf (configuration script for movemail.pl). From Graeme Hewson of Oracle. CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to makemap). From Derek J. Balling of Yahoo,Inc. DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any extension modifications (e.g., MAN8EXT) to the installation target. Patch from James Ralston of Carnegie Mellon University. DEVTOOLS: Add support for SunOS 5.9. DEVTOOLS: New option confLN contains the command used to create links. LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not reported. MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of Denman Tire Corporation. MAIL.LOCAL: Prevent a possible DoS attack when compiled with -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. MAILSTATS: Fix usage statement (-p and -o are optional). MAKEMAP: Change man page layout as workaround for problem with nroff and -man on Solaris 7. Patch from Larry Williamson. RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of Black Diamond Equipment, Limited. RMAIL: Prevent a segmentation fault if the incoming message does not have a From line. VACATION: Read all of the headers before deciding whether or not to respond instead of stopping after finding recipient. Added Files: cf/ostype/darwin.m4 contrib/cidrexpand contrib/link_hash.sh contrib/movemail.conf contrib/movemail.pl devtools/OS/SunOS.5.9 test/t_snprintf.c 8.10.2/8.10.2 2000/06/07 SECURITY: Work around broken Linux setuid() implementation. On Linux, a normal user process has the ability to subvert the setuid() call such that it is impossible for a root process to drop its privileges. Problem noted by Wojciech Purczynski of elzabsoft.pl. SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), initgroups(), and chroot() calls. Added Files: test/t_setuid.c 8.10.1/8.10.1 2000/04/06 SECURITY: Limit the choice of outgoing (client-side) SMTP Authentication mechanisms to those specified in AuthMechanisms to prevent information leakage. We do not recommend use of PLAIN for outgoing mail as it sends the password in clear text to possibly untrusted servers. See cf/README's DefaultAuthInfo section for additional information. Copy the ident argument for openlog() to avoid problems on some OSs. Based on patch from Rob Bajorek from Webhelp.com. Avoid bogus error message when reporting an alias line as too long. Avoid bogus socket error message if sendmail.cf version level is greater than sendmail binary supported version. Patch from John Beck of Sun Microsystems. Prevent a malformed ruleset (missing right hand side) from causing a segmentation fault when using address test mode. Based on patch from John Beck of Sun Microsystems. Prevent memory leak from use of NIS maps and yp_match(3). Problem noted by Gil Kloepfer of the University of Texas at Austin. Fix queue file permission checks to allow for TrustedUser ownership. Change logging of errors from the trust_auth ruleset to LogLevel 10 or higher. Avoid simple password cracking attacks against SMTP AUTH by using exponential delay after too many tries within one connection. Encode an initial empty AUTH challenge as '=', not as empty string. Avoid segmentation fault on EX_SOFTWARE internal error logs. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. Ensure that a header check which resolves to $#discard actually discards the message. Emit missing value warnings for aliases with no right hand side when newaliases is run instead of only when delivery is attempted to the alias. Remove AuthOptions missing value warning for consistency with other flag options. Portability: SECURITY: Specify a run-time shared library search path for AIX 4.X instead of using the dangerous AIX 4.X linker semantics. AIX 4.X users should consult sendmail/README for further information. Problem noted by Valdis Kletnieks of Virginia Tech. Avoid use of strerror(3) call. Problem noted by Charles Levert of Ecole Polytechnique de Montreal. DGUX requires -lsocket -lnsl and has a non-standard install program. From Tim Boyer of Denman Tire Corporation. HPUX 11.0 has a broken res_search() function. Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X from J. P. McCann of E I A. Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). Problem noted by Michael Long of Info Avenue Internet Services, LLC. Modern (post-199912) OpenBSD versions include working strlc{at,py}(3) functions. From Todd C. Miller of Courtesan Consulting. SINIX doesn't have random(3). From Gerald Rinske of Siemens Business Services. CONFIG: Change error message about unresolvable sender domain to include the sender address. Proposed by Wolfgang Rupprecht of WSRCC. CONFIG: Fix usenet mailer calls. CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS to be backward compatible with 8.9. CONFIG: Change handling of default case @domain for virtusertable to allow for +*@domain to deal with +detail. CONTRIB: Remove converting.sun.configs -- it is obsolete. DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki of NEC. DEVTOOLS: Add to NCR platform list and include the architecture (i486). From Tom J. Moore of NCR. DEVTOOLS: SECURITY: Change method of linking with sendmail utility libraries to work around the AIX 4.X and SunOS 4.X linker's overloaded -L option. Problem noted by Valdis Kletnieks of Virginia Tech. DEVTOOLS: configure.sh was overriding the user's choice for confNROFF. Problem noted by Glenn A. Malling of Syracuse University. DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added for other internal projects but included in the open source release. LIBSMDB: Check for ".db" instead of simply "db" at the end of the map name to determine whether or not to add the extension. This fixes makemap when building the userdb file. Problem noted by Andrew J Cole of the University of Leeds. LIBSMDB: Allow a database to be opened for updating and created if it doesn't already exist. Problem noted by Rand Wacker of Sendmail. LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are available, fall back to NDBM if NEWDB open fails. This fixes praliases. Patch from John Beck of Sun Microsystems. LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted as SFF_NOWRFILES. OP.ME: Clarify some issues regarding mailer flags. Suggested by Martin Mokrejs of The Charles University and Neil Rickert of Northern Illinois University. PRALIASES: Restore 8.9.X functionality of being able to search for particular keys in a database by specifying the keys on the command line. Man page updated accordingly. Patch from John Beck of Sun Microsystems. VACATION: SunOS 4.X portability from Charles Levert of Ecole Polytechnique de Montreal. VACATION: Fix -t option which is ignored but available for compatibility with Sun's version, based on patch from Volker Dobler of Infratest Burke. Added Files: devtools/M4/UNIX/smlib.m4 devtools/OS/OSF1.V5.0 Deleted Files: contrib/converting.sun.configs Deleted Directories (already done in 8.10.0 but not listed): doc/intro doc/usenix doc/changes 8.10.0/8.10.0 2000/03/01 ************************************************************* * The engineering department at Sendmail, Inc. has suffered * * the tragic loss of a key member of our engineering team. * * Julie Van Bourg was the Vice President of Engineering * * at Sendmail, Inc. during the development and deployment * * of this release. It was her vision, dedication, and * * support that has made this release a success. Julie died * * on October 26, 1999 of cancer. We have lost a leader, a * * coach, and a friend. * * * * This release is dedicated to her memory and to the joy, * * strength, ideals, and hope that she brought to all of us. * * Julie, we miss you! * ************************************************************* SECURITY: The safe file checks now back track through symbolic links to make sure the files can't be compromised due to poor permissions on the parent directories of the symbolic link target. SECURITY: Only root, TrustedUser, and users in class t can rebuild the alias map. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS). SECURITY: There is a potential for a denial of service attack if the AutoRebuildAliases option is set as a user can kill the sendmail process while it is rebuilding the aliases file (leaving it in an inconsistent state). This option and its use is deprecated and will be removed from a future version of sendmail. SECURITY: Make sure all file descriptors (besides stdin, stdout, and stderr) are closed before restarting sendmail. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS). Begin using /etc/mail/ for sendmail related files. This affects a large number of files. See cf/README for more details. The directory structure of the distribution has changed slightly for easier code sharing among the programs. Support SMTP AUTH (see RFC 2554). New macros for this purpose are ${auth_authen}, ${auth_type}, and ${auth_author} which hold the client's authentication credentials, the mechanism used for authentication, and the authorization identity (i.e., the AUTH= parameter if supplied). Based on code contributed by Tim Martin of CMU. On systems which use the Torek stdio library (all of the BSD distributions), use memory-buffered files to reduce file system overhead by not creating temporary files on disk. Contributed by Exactis.com, Inc. New option DataFileBufferSize to control the maximum size of a memory-buffered data (df) file before a disk-based file is used. Contributed by Exactis.com, Inc. New option XscriptFileBufferSize to control the maximum size of a memory-buffered transcript (xf) file before a disk-based file is used. Contributed by Exactis.com, Inc. sendmail implements RFC 2476 (Message Submission), e.g., it can now listen on several different ports. Use: O DaemonPortOptions=Name=MSA, Port=587, M=E to run a Message Submission Agent (MSA); this is turned on by default in m4-generated .cf files; it can be turned off with FEATURE(`no_default_msa'). The 'XUSR' SMTP command is deprecated. Mail user agents should begin using RFC 2476 Message Submission for initial user message submission. XUSR may disappear from a future release. The new '-G' (relay (gateway) submission) command line option indicates that the message being submitted from the command line is for relaying, not initial submission. This means the message will be rejected if the addresses are not fully qualified and no canonicalization will be done. Future releases may even reject improperly formed messages. The '-U' (initial user submission) command line option is deprecated and may be removed from a future release. Mail user agents should begin using '-G' to indicate that this is a relay submission (the inverse of -U). The next release of sendmail will assume that any message submitted from the command line is an initial user submission and act accordingly. If sendmail doesn't have enough privileges to run a .forward program or deliver to file as the owner of that file, the address is marked as unsafe. This means if RunAsUser is set, users won't be able to use programs or delivery to files in their .forward files. Administrators can override this by setting the DontBlameSendmail option to the new setting NonRootSafeAddr. Allow group or world writable directories if the sticky bit is set on the directory and DontBlameSendmail is set to TrustStickyBit. Based on patch from Chris Metcalf of InCert Software. Prevent logging of unsafe directory paths for non-existent forward files if the new DontWarnForwardFileInUnsafeDirPath bit is set in the DontBlameSendmail option. Requested by many. New Timeout.control option to limit the total time spent satisfying a control socket request. New Timeout.resolver options for controlling BIND resolver settings: Timeout.resolver.retrans Sets the resolver's retransmission time interval (in seconds). Sets both Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. Timeout.resolver.retrans.first Sets the resolver's retransmission time interval (in seconds) for the first attempt to deliver a message. Timeout.resolver.retrans.normal Sets the resolver's retransmission time interval (in seconds) for all resolver lookups except the first delivery attempt. Timeout.resolver.retry Sets the number of times to retransmit a resolver query. Sets both Timeout.resolver.retry.first and Timeout.resolver.retry.normal. Timeout.resolver.retry.first Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. Timeout.resolver.retry.normal Sets the number of times to retransmit a resolver query for all resolver lookups except the first delivery attempt. Contributed by Exactis.com, Inc. Support multiple queue directories. To use multiple queues, supply a QueueDirectory option value ending with an asterisk. For example, /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with 'q' in /var/spool/mqueue as queue directories. Keep in mind, the queue directory structure should not be changed while sendmail is running. Queue runs create a separate process for running each queue unless the verbose flag is given on a non-daemon queue run. New items are randomly assigned to a queue. Contributed by Exactis.com, Inc. Support different directories for qf, df, and xf queue files; if subdirectories or symbolic links to directories of those names exist in the queue directories, they are used for the corresponding queue files. Keep in mind, the queue directory structure should not be changed while sendmail is running. Proposed by Mathias Koerber of Singapore Telecommunications Ltd. New queue file naming system which uses a filename guaranteed to be unique for 60 years. This allows queue IDs to be assigned without fancy file system locking. Queued items can be moved between queues easily. Contributed by Exactis.com, Inc. Messages which are undeliverable due to temporary address failures (e.g., DNS failure) will now go to the FallBackMX host, if set. Contributed by Exactis.com, Inc. New command line option '-L tag' which sets the identifier used for syslog. Contributed by Exactis.com, Inc. QueueSortOrder=Filename will sort the queue by filename. This avoids opening and reading each queue file when preparing to run the queue. Contributed by Exactis.com, Inc. Shared memory counters and microtimers functionality has been donated by Exactis.com, Inc. The SCCS ID tags have been replaced with RCS ID tags. Allow trusted users (those on a T line or in $=t) to set the QueueDirectory (Q) option without an X-Authentication-Warning: being added. Suggested by Michael K. Sanders. IPv6 support based on patches from John Kennedy of Cal State University, Chico, Motonori Nakamura of Kyoto University, and John Beck of Sun Microsystems. In low-disk space situations, where sendmail would previously refuse connections, still accept them, but only allow ETRN commands. Suggested by Mathias Koerber of Singapore Telecommunications Ltd. The [IPC] builtin mailer now allows delivery to a UNIX domain socket on systems which support them. This can be used with LMTP local delivery agents which listen on a named socket. An example mailer might be: Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, S=10, R=20/40, T=DNS/RFC822/X-Unix, A=FILE /var/run/lmtpd Code contributed by Lyndon Nerenberg of Messaging Direct. The [TCP] builtin mailer name is now deprecated. Use [IPC] instead. The first mailer argument in the [IPC] mailer is now checked for a legitimate value. Possible values are TCP (for TCP/IP connections), IPC (which will be deprecated in a future version), and FILE (for UNIX domain socket delivery). PrivacyOptions=goaway no longer includes the noetrn and the noreceipts flags. PrivacyOptions=nobodyreturn instructs sendmail not to include the body of the original message on delivery status notifications. Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted by Dan Bernstein, fix from Robert Harker of Harker Systems. Accept the SMTP RSET command even when rejecting commands due to TCP Wrappers or the check_relay ruleset. Problem noted by Steve Schweinhart of America Online. Warn if OperatorChars is set multiple times. OperatorChars should not be set after rulesets are defined. Suggested by Mitchell Blank Jr of Exec-PC. Do not report temporary failure on delivery to files. In interactive delivery mode, this would result in two SMTP responses after the DATA command. Problem noted by Nik Conwell of Boston University. Check file close when mailing to files. Problem noted by Nik Conwell of Boston University. Avoid a segmentation fault when using the LDAP map. Patch from Curtis W. Hillegas of Princeton University. Always bind to the LDAP server regardless of whether you are using ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of @Home Network. New ruleset trust_auth to determine whether a given AUTH= parameter of the MAIL command should be trusted. See SMTP AUTH, cf/README, and doc/op/op.ps. Allow new named config file rules check_vrfy, check_expn, and check_etrn for VRFY, EXPN, and ETRN commands, respectively, similar to check_rcpt etc. Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, ${mail_mailer}, ${mail_host}, ${mail_addr} that hold the results of parsing the RCPT and MAIL arguments, i.e. the resolved triplet from $#mailer $@host $:addr. From Kari Hurtta of the Finnish Meteorological Institute. New macro ${client_resolve} which holds the result of the resolve call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed by Kari Hurtta of the Finnish Meteorological Institute. New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold the corresponding DSN parameter values. Proposed by Mathias Herberts. New macro ${msg_size} which holds the value of the SIZE= parameter, i.e., usually the size of the message (in an ESMTP dialogue), before the message has been collected, thereafter it holds the message size as computed by sendmail (and can be used in check_compat). The macro ${deliveryMode} now specifies the current delivery mode sendmail is using instead of the value of the DeliveryMode option. New macro ${ntries} holds the number of delivery attempts. Drop explicit From: if same as what would be generated only if it is a local address. From Motonori Nakamura of Kyoto University. Write pid to file also if sendmail only processes the queue. Proposed by Roy J. Mongiovi of Georgia Tech. Log "low on disk space" only when necessary. New macro ${load_avg} can be used to check the current load average. Suggested by Scott Gifford of The Internet Ramp. Return-Receipt-To: header implies DSN request if option RrtImpliesDsn is set. Flag -S for maps to specify the character which is substituted for spaces (instead of the default given by O BlankSub). Flag -D for maps: perform no lookup in deferred delivery mode. This flag is set by default for the host map. Based on a proposal from Ian MacPhedran of the University of Saskatchewan. Open maps only on demand, not at startup. Log warning about unsupported IP address families. New option MaxHeadersLength allows to specify a maximum length of the sum of all headers. This can be used to prevent a denial-of-service attack. New option MaxMimeHeaderLength which limits the size of MIME headers and parameters within those headers. This option is intended to protect mail user agents from buffer overflow attacks. Added option MaxAliasRecursion to specify the maximum depth of alias recursion. New flag F=6 for mailers to strip headers to seven bit. Map type syslog to log the key via syslogd. Entries in the alias file can be continued by putting a backslash directly before the newline. New option DeadLetterDrop to define the location of the system-wide dead.letter file, formerly hardcoded to /usr/tmp/dead.letter. If this option is not set (the default), sendmail will not attempt to save to a system-wide dead.letter file if it can not bounce the mail to the user nor postmaster. Instead, it will rename the qf file as it has in the past when the dead.letter file could not be opened. New option PidFile to define the location of the pid file. The value of this option is macro expanded. New option ProcessTitlePrefix specifies a prefix string for the process title shown in 'ps' listings. New macros for use with the PidFile and ProcessTitlePrefix options (along with the already existing macros): ${daemon_info} Daemon information, e.g. SMTP+queueing@00:30:00 ${daemon_addr} Daemon address, e.g., 0.0.0.0 ${daemon_family} Daemon family, e.g., inet, inet6, etc. ${daemon_name} Daemon name, e.g., MSA. ${daemon_port} Daemon port, e.g., 25 ${queue_interval} Queue run interval, e.g., 00:30:00 New macros especially for virtual hosting: ${if_name} hostname of interface of incoming connection. ${if_addr} address of interface of incoming connection. The latter is only set if the interface does not belong to the loopback net. If a message being accepted via a method other than SMTP and would be rejected by a header check, do not send the message. Suggested by Phil Homewood of Mincom Pty Ltd. Don't strip comments for header checks if $>+ is used instead of $>. Provide header value as quoted string in the macro ${currHeader} (possibly truncated to MAXNAME). Suggested by Jan Krueger of Unix-AG of University of Hannover. The length of the header value is stored in ${hdrlen}. H*: allows to specify a default ruleset for header checks. This ruleset will only be called if the individual header does not have its own ruleset assigned. Suggested by Jan Krueger of Unix-AG of University of Hannover. The name of the header field stored in ${hdr_name}. Comments (i.e., text within parentheses) in rulesets are not removed if the config file version is greater than or equal to 9. For example, "R$+ ( 1 ) $@ 1" matches the input "token (1)" but does not match "token". Avoid removing the Content-Transfer-Encoding MIME header on MIME messages. Problem noted by Sigurbjorn B. Larusson of Multimedia Consumer Services. Fix from Per Hedeland of Ericsson. Avoid duplicate Content-Transfer-Encoding MIME header on messages with 8-bit text in headers. Problem noted by Per Steinar Iversen of Oslo College. Fix from Per Hedeland of Ericsson. Avoid keeping maps locked longer than necessary when re-opening a modified database map file. Problem noted by Chris Adams of Renaissance Internet Services. Resolving to the $#error mailer with a temporary failure code (e.g., $#error $@ tempfail $: "400 Temporary failure") will now queue up the message instead of bouncing it. Be more liberal in acceptable responses to an SMTP RSET command as standard does not provide any indication of what to do when something other than 250 is received. Based on a patch from Steve Schweinhart of America Online. New option TrustedUser allows to specify a user who can own important files instead of root. This requires HASFCHOWN. Fix USERDB conditional so compiling with NEWDB or HESIOD and setting USERDB=0 works. Fix from Jorg Zanger of Schock. Fix another instance (similar to one in 8.9.3) of a network failure being mis-logged as "Illegal Seek" instead of whatever really went wrong. From John Beck of Sun Microsystems. $? tests also whether the macro is non-null. Print an error message if a mailer definition contains an invalid equate name. New mailer equate /= to specify a directory to chroot() into before executing the mailer program. Suggested by Igor Vinokurov. New mailer equate W= to specify the maximum time to wait for the mailer to return after sending all data to it. Only free memory from the process list when adding a new process into a previously filled slot. Previously, the memory was freed at removal time. Since removal can happen in a signal handler, this may leave the memory map in an inconsistent state. Problem noted by Jeff A. Earickson and David Cooley of Colby College. When using the UserDB @hostname catch-all, do not try to lookup local users in the passwd file. The UserDB code has already decided the message will be passed to another host for processing. Fix from Tony Landells of Burdett Buckeridge Young Limited. Support LDAP authorization via either a file containing the password or Kerberos V4 using the new map options '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The distinguished_name is who to login as. The method can be one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or LDAP_AUTH_KRBV4. The filename is the file containing the secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense of Stanford University. The ldapx map has been renamed to ldap. The use of ldapx is deprecated and will be removed in a future version. If the result of an LDAP search returns a multi-valued attribute and the map has the column delimiter set, it turns that response into a delimiter separated string. The LDAP map will traverse multiple entries as well. LDAP alias maps automatically set the column delimiter to the comma. Based on patch from Booker Bense of Stanford University and idea from Philip A. Prindeville of Mirapoint, Inc. Support return of multiple values for a single LDAP lookup. The values to be returned should be in a comma separated string. For example, `-v "email,emailother"'. Patch from Curtis W. Hillegas of Princeton University. Allow the use of LDAP for alias maps. If no LDAP attributes are specified in an LDAP map declaration, all attributes found in the match will be returned. Prevent commas in quoted strings in the AliasFile value from breaking up a single entry into multiple entries. This is needed for LDAP alias file specifications to allow for comma separated key and value strings. Keep connections to LDAP server open instead of opening and closing for each lookup. To reduce overhead, sendmail will cache connections such that multiple maps which use the same host, port, bind DN, and authentication will only result in a single connection to that host. Put timeout in the proper place for USE_LDAP_INIT. Be more careful about checking for errors and freeing memory on LDAP lookups. Use asynchronous LDAP searches to save memory and network resources. Do not copy LDAP query results if the map's match only flag is set. Increase portability to the Netscape LDAP libraries. Change the parsing of the LDAP filter specification. '%s' is still replaced with the literal contents of the map lookup key -- note that this means a lookup can be done using the LDAP special characters. The new '%0' token can be used instead of '%s' to encode the key buffer according to RFC 2254. For example, if the LDAP map specification contains '-k "(user=%s)"' and a lookup is done on "*", this would be equivalent to '-k "(user=*)"' -- matching ANY record with a user attribute. Instead, if the LDAP map specification contains '-k "(user=%0)"' and a lookup is done on "*", this would be equivalent to '-k "(user=\2A)"' -- matching a user with the name "*". New LDAP map flags: "-1" requires a single match to be returned, if more than one is returned, it is equivalent to no records being found; "-r never|always|search|find" sets the LDAP alias dereference option; "-Z size" limits the number of matches to return. New option LDAPDefaultSpec allows a default map specification for LDAP maps. The value should only contain LDAP specific settings such as "-h host -p port -d bindDN", etc. The settings will be used for all LDAP maps unless they are specified in the individual map specification ('K' command). This option should be set before any LDAP maps are defined. Prevent an NDBM alias file opening loop when the NDBM open continually fails. Fix from Roy J. Mongiovi of Georgia Tech. Reduce memory utilization for smaller symbol table entries. In particular, class entries get much smaller, which can be important if you have large classes. On network-related temporary failures, record the hostname which gave error in the queued status message. Requested by Ulrich Windl of the Universitat Regensburg. Add new F=% mailer flag to allow for a store and forward configuration. Mailers which have this flag will not attempt - delivery on initial recipient of a message or on queue runs + delivery on initial receipt of a message or on queue runs unless the queued message is selected using one of the -qI/-qR/-qS queue run modifiers or an ETRN request. Code provided by Philip Guenther of Gustavus Adolphus College. New option ControlSocketName which, when set, creates a daemon control socket. This socket allows an external program to control and query status from the running sendmail daemon via a named socket, similar to the ctlinnd interface to the INN news server. Access to this interface is controlled by the UNIX file permissions on the named socket on most UNIX systems (see sendmail/README for more information). An example control program is provided as contrib/smcontrol.pl. Change the default values of QueueLA from 8 to (8 * numproc) and RefuseLA from 12 to (12 * numproc) where numproc is the number of processors online on the system (if that can be determined). For single processor machines, this change has no effect. Don't return body of message to postmaster on "Too many hops" bounces. Based on fix from Motonori Nakamura of Kyoto University. Give more detailed DSN descriptions for some cases. Patch from Motonori Nakamura of Kyoto University. Logging of alias, forward file, and UserDB expansion now happens at LogLevel 11 or higher instead of 10 or higher. Logging of an envelope's complete delivery (the "done" message) now happens at LogLevel 10 or higher instead of 11 or higher. Logging of TCP/IP or UNIX standard input connections now happens at LogLevel 10 or higher. Previously, only TCP/IP connections were logged, and on at LogLevel 12 or higher. Setting LogLevel to 10 will now assist users in tracking frequent connection-based denial of service attacks. Log basic information about authenticated connections at LogLevel 10 or higher. Log SMTP Authentication mechanism and author when logging the sender information (from= syslog line). Log the DSN code for each recipient if one is available as a new equate (dsn=). Macro expand PostmasterCopy and DoubleBounceAddress options. New "ph" map for performing ph queries in rulesets. More information is available at - http://www-wsg.cso.uiuc.edu/sendmail/patches/. - Contributed by Mark Roth of the University of Illinois at - Urbana-Champaign. + http://www-dev.cso.uiuc.edu/sendmail/. Contributed by Mark + Roth of the University of Illinois at Urbana-Champaign. Detect temporary lookup failures in the host map if looking up a bracketed IP address. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Do not report a Remote-MTA on local deliveries. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. When a forward file points to an alias which runs a program, run the program as the default user and the default group, not the forward file user. This change also assures the :include: directives in aliases are also processed using the default user and group. Problem noted by Sergiu Popovici of DNT Romania. Prevent attempts to save a dead.letter file for a user with no home directory (/no/such/directory). Problem noted by Michael Brown of Finnigan FT/MS. Include message delay and number of tries when logging that a message has been completely delivered (LogLevel of 10 or above). Suggested by Nick Hilliard of Ireland Online. Log the sender of a message even if none of the recipients were accepted. If some of the recipients were rejected, it is helpful to know the sender of the message. Check the root directory (/) when checking a path for safety. Problem noted by John Beck of Sun Microsystems. Prevent multiple responses to the DATA command if DeliveryMode is interactive and delivering to an alias which resolves to multiple files. Macros in the helpfile are expanded if the helpfile version is 2 or greater (see below); the help function doesn't print the version of sendmail any longer, instead it is placed in the helpfile ($v). Suggested by Chuck Foster of UUNET PIPEX. Additionally, comment lines (starting with #) are skipped and a version line (#vers) is introduced. The helpfile version for 8.10.0 is 2, if no version or an older version is found, a warning is logged. The '#vers' directive should be placed at the top of the help file. Use fsync() when delivering to a file to guarantee the delivery to disk succeeded. Suggested by Nick Christenson. If delivery to a file is unsuccessful, truncate the file back to its length before the attempt. If a forward points to a filename for delivery, change to the user's uid before checking permissions on the file. This allows delivery to files on NFS mounted directories where root is remapped to nobody. Problem noted by Harald Daeubler of Universitaet Ulm. purgestat and sendmail -bH purge only expired (Timeout.hoststatus) host status files, not all files. Any macros stored in the class $={persistentMacros} will be saved in the queue file for the message and set when delivery is attempted on the queued item. Suggested by Kyle Jones of Wonderworks Inc. Add support for storing information between rulesets using the new macro map class. This can be used to store information between queue runs as well using $={persistentMacros}. Based on an idea from Jan Krueger of Unix-AG of University of Hannover. New map class arith to allow for computations in rules. The operation (+, -, *, /, l (for less than), and =) is given as key. The two operands are specified as arguments; the lookup returns the result of the computation. For example, "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and "$(arith + $@ 4 $@ 2 $)" will return "6". Add new syntax for header declarations which decide whether to include the header based on a macro rather than a mailer flag: H?${MyMacro}?X-My-Header: ${MyMacro} This should be used along with $={persistentMacros}. It can be used for adding headers to a message based on the results of check_* and header check rulesets. Allow new named config file rule check_eoh which is called after all of the headers have been collected. The input to the ruleset the number of headers and the size of all of the headers in bytes separated by $|. This ruleset along with the macro storage map can be used to correlate information gathered between headers and to check for missing headers. See cf/README or doc/op/op.ps for an example. Change the default for the MeToo option to True to correspond to the clarification in the DRUMS SMTP Update spec. This option is deprecated and will be removed from a future version. Change the sendmail binary default for SendMimeErrors to True. Change the sendmail binary default for SuperSafe to True. Display ruleset names in debug and address test mode output if referencing a named ruleset. New mailer equate m= which will limit the number of messages delivered per connection on an SMTP or LMTP mailer. Improve QueueSortOrder=Host by reversing the hostname before using it to sort. Now all the same domains are really run through the queue together. If they have the same MX host, then they will have a much better opportunity to use the connection cache if available. This should be a reasonable performance improvement. Patch from Randall Winchester of the University of Maryland. If a message is rejected by a header check ruleset, log who would have received the message if it had not been rejected. New "now" value for Timeout.queuereturn to bounce entries from the queue immediately. No delivery attempt is made. Increase sleeping time exponentially after too many "bad" commands up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- COMMANDS). New option ClientPortOptions similar to DaemonPortOptions but for outgoing connections. New suboptions for DaemonPortOptions: Name (a name used for error messages and logging) and Modifiers, i.e. a require authentication b bind to interface through which mail has been received c perform hostname canonification f require fully qualified hostname h use name of interface for outgoing HELO command C don't perform hostname canonification E disallow ETRN (see RFC 2476) New suboption for ClientPortOptions: Modifiers, i.e. h use name of interface for HELO command The version number for queue files (qf) has been incremented to 4. Log unacceptable HELO/EHLO domain name attempts if LogLevel is set to 10 or higher. Suggested by Rick Troxel of the National Institutes of Health. If a mailer dies, print the status in decimal instead of octal format. Suggested by Michael Shapiro of Sun Microsystems. Limit the length of all MX records considered for delivery to 8k. Move message priority from sender to recipient logging. Suggested by Ulrich Windl of the Universitat Regensburg. Add support for Berkeley DB 3.X. Add fix for Berkeley DB 2.X fcntl() locking race condition. Requires a post-2.7.5 version of Berkeley DB. Support writing traffic log (sendmail -X option) to a FIFO. Patch submitted by Rick Heaton of Network Associates, Inc. Do not ignore Timeout settings in the .cf file when a Timeout sub-options is set on the command line. Problem noted by Graeme Hewson of Oracle. Randomize equal preference MX records each time delivery is attempted via a new connection to a host instead of once per session. Suggested by Scott Salvidio of Compaq. Implement enhanced status codes as defined by RFC 2034. Add [hostname] to class w for the names of all interfaces unless DontProbeInterfaces is set. This is useful for sending mails to hosts which have dynamically assigned names. If a message is bounced due to bad MIME conformance, avoid bouncing the bounce for the same reason. If the body is not 8-bit clean, and EightBitMode isn't set to pass8, the body will not be included in the bounce. Problem noted by Valdis Kletnieks of Virginia Tech. The timeout for sending a message via SMTP has been changed from '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which simply checks for progress on sending data every 5 minutes. This will detect the inability to send information quicker and reduce the number of processes simply waiting to timeout. Prevent a segmentation fault on systems which give a partial filled interface address structure when loading the system network interface addresses. Fix from Reinier Bezuidenhout of Nanoteq. Add a compile-time configuration macro, MAXINTERFACES, which indicates the number of interfaces to read when probing for hostnames and IP addresses for class w ($=w). The default value is 512. Based on idea from Reinier Bezuidenhout of Nanoteq. If the RefuseLA option is set to 0, do not reject connections based on load average. Allow ruleset 0 to have a name. Problem noted by Neil Rickert of Northern Illinois University. Expand the Return-Path: header at delivery time, after "owner-" envelope splitting has occurred. Don't try to sort the queue if there are no entries. Patch from Luke Mewburn from RMIT University. Add a "/quit" command to address test mode. Include the proper sender in the UNIX "From " line and Return-Path: header when undeliverable mail is saved to ~/dead.letter. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. The contents of a class can now be copied to another class using the syntax: "C{Dest} $={Source}". This would copy all of the items in class $={Source} into the class $={Dest}. Include original envelope's error transcript in bounces created for split (owner-) envelopes to see the original errors when the recipients were added. Based on fix from Motonori Nakamura of Kyoto University. Show reason for permanent delivery errors directly after the addresses. From Motonori Nakamura of Kyoto University. Prevent a segmentation fault when bouncing a split-envelope message. Patch from Motonori Nakamura of Kyoto University. If the specification for the queue run interval (-q###) has a syntax error, consider the error fatal and exit. Pay attention to CheckpointInterval during LMTP delivery. Problem noted by Motonori Nakamura of Kyoto University. On operating systems which have setlogin(2), use it to set the login name to the RunAsUserName when starting as a daemon. This is for delivery to programs which use getlogin(). Based on fix from Motonori Nakamura of Kyoto University. Differentiate between "command not implemented" and "command unrecognized" in the SMTP dialogue. Strip returns from forward and include files. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. Prevent a core dump when using 'sendmail -bv' on an address which resolves to the $#error mailer with a temporary failure. Based on fix from Neil Rickert of Northern Illinois University. Prevent multiple deliveries of a message with a "non-local alias" pointing to a local user, if canonicalization fails the message was requeued *and* delivered to the alias. If an invalid ruleset is declared, the ruleset name could be ignored and its rules added to S0. Instead, ignore the ruleset lines as well. Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient success DSN fields as well as duplicate entries for a single address due to S5 and UserDB processing. Problems noted by Kari Hurtta of the Finnish Meteorological Institute. Turn off timeouts when exiting sendmail due to an interrupt signal to prevent the timeout from firing during the exit process. Problem noted by Michael Shapiro of Sun Microsystems. Do not append @MyHostName to non-RFC822 addresses output by the EXPN command or on Final-Recipient: and X-Actual-Recipient: DSN headers. Non-RFC822 addresses include deliveries to programs, file, DECnet, etc. Fix logic for determining if a local user is using -f or -bs to spoof their return address. Based on idea from Neil Rickert of Northern Illinois University and patch from Per Hedeland of Ericsson. Report the proper UID in the bounce message if an :include: file is owned by a uid that doesn't map to a username and the :include: file contains delivery to a file or program. Problem noted by John Beck of Sun Microsystems. Avoid the attempt of trying to send a second SMTP QUIT command if the remote server responds to the first QUIT with a 4xx response code and drops the connection. This behavior was noted by Ulrich Windl of the Universitat Regensburg when sendmail was talking to the Mercury 1.43 MTA. If a hostname lookup times out and ServiceSwitchFile is set but the file is not present, the lookup failure would be marked as a permanent failure instead of a temporary failure. Fix from Russell King of the ARM Linux Project. Handle aliases or forwards which deliver to programs using tabs instead of spaces between arguments. Problem noted by Randy Wormser. Fix from Neil Rickert of Northern Illinois University. Allow MaxRecipientsPerMessage option to be set on the command line by normal users (e.g., sendmail won't drop its root privileges) to allow overrides for message submission via 'sendmail -bs'. Set the names for help file and statistics file to "helpfile" and "statistics", respectively, if no parameters are given for them in the .cf file. Avoid bogus 'errbody: I/O Error -7' log messages when sending success DSN messages for messages relayed to non-DSN aware systems. Problem noted by Juergen Georgi of RUS University of Stuttgart and Kyle Tucker of Parexel International. Prevent +detail information from interfering with local delivery to multiple users in the same transaction (F=m). Add H_FORCE flag for the X-Authentication-Warning: header, so it will be added even if one already exists. Problem noted by Michal Zalewski of Marchew Industries. Stop processing SMTP commands if the SMTP connection is dropped. This prevents a remote system from flooding the connection with commands and then disconnecting. Previously, the server would process all of the buffered commands. Problem noted by Michal Zalewski of Marchew Industries. Properly process user-supplied headers beginning with '?'. Problem noted by Michal Zalewski of Marchew Industries. If multiple header checks resolve to the $#error mailer, use the last permanent (5XX) failure if any exist. Otherwise, use the last temporary (4XX) failure. RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch from Ronald F. Guilmette of Infinite Monkeys & Co. Timeout.ident now defaults to 5 seconds instead of 30 seconds to prevent the now common delays associated with mailing to a site which drops IDENT packets. Suggested by many. Persistent host status data is not reloaded disk when current data is available in the in-memory cache. Problem noted by Per Hedeland of Ericsson. mailq displays unprintable characters in addresses as their octal representation and a leading backslash. This avoids problems with "unprintable" characters. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS). The mail line length limit (L= equate) was adding the '!' indicator one character past the limit. This would cause subsequent hops to break the line again. The '!' is now placed in the last column of the limit if the line needs to be broken. Problem noted by Joe Pruett of Q7 Enterprises. Based on fix from Per Hedeland of Ericsson. If a resolver ANY query is larger than the UDP packet size, the resolver will fall back to TCP. However, some misconfigured firewalls black 53/TCP so the ANY lookup fails whereas an MX or A record might succeed. Therefore, don't fail on ANY queries. If an SMTP recipient is rejected due to syntax errors in the address, do not send an empty postmaster notification DSN to the postmaster. Problem noted by Neil Rickert of Northern Illinois University. Allow '_' and '.' in map names when parsing a sequence map specification. Patch from William Setzer of North Carolina State University. Fix hostname in logging of read timeouts for the QUIT command on cached connections. Problem noted by Neil Rickert of Northern Illinois University. Use a more descriptive entry to log "null" connections, i.e., "host did not issue MAIL/EXPN/VRFY/ETRN during connection". Fix a file descriptor leak in ONEX mode. Portability: Reverse signal handling logic such that sigaction(2) with the SA_RESTART flag is the preferred method and the other signal methods are only tried if SA_RESTART is not available. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. AIX 4.x supports the sa_len member of struct sockaddr. This allows network interface probing to work properly. Fix from David Bronder of the University of Iowa. AIX 4.3 has snprintf() support. Use "PPC" as the architecture name when building under AIX. This will be reflected in the obj.* directory name. Apple Darwin support based on Apple Rhapsody port. Fixed AIX 'make depend' method from Valdis Kletnieks of Virginia Tech. Digital UNIX has uname(2). GNU Hurd updates from Mark Kettenis of the University of Amsterdam. Improved HPUX 11.0 portability. Properly determine the number of CPUs on FreeBSD 2.X, FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. Remove special IRIX ABI cases from Build script and the OS files. Use the standard 'cc' options used by SGI in building the operating system. Users can override the defaults by setting confCC and confLIBSEARCHPATH appropriately. IRIX nsd map support from Bob Mende of SGI. Minor devtools fixes for IRIX from Bob Mende of SGI. Linux patch for IP_SRCROUTE support from Joerg Dorchain of MW EDV & ELECTRONIC. Linux now uses /usr/sbin for confEBINDIR in the build system. From MATSUURA Takanori of Osaka University. Remove special treatment for Linux PPC in the build system. From MATSUURA Takanori of Osaka University. Motorolla UNIX SYSTEM V/88 Release 4.0 support from Sergey Rusanov of the Republic of Udmurtia. NCR MP-RAS 3.x includes regular expression support. From Tom J. Moore of NCR. NEC EWS-UX/V series settings for _PATH_VENDOR_CF and _PATH_SENDMAILPID from Oota Toshiya of NEC Computers Group Planning Division. Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 1024 in conf.h. Since confENVDEF would be used, use that value in conf.h. Use NeXT's NETINFO to get domain name. From Gerd Knops of BITart Consulting. Use NeXT's NETINFO for alias and hostname resolution if AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are defined. Patch from Wilfredo Sanchez of Apple Computer, Inc. NeXT portability tweaks. Problems reported by Dragan Milicic of the University of Utah and J. P. McCann of E I A. New compile flag FAST_PID_RECYCLE: set this if your system can reuse the same PID in the same second. New compile flag HASFCHOWN: set this if your OS has fchown(2). New compile flag HASRANDOM: set this to 0 if your OS does not have random(3). rand() will be used instead. New compile flag HASSRANDOMDEV: set this if your OS has srandomdev(3). New compile flag HASSETLOGIN: set this if your OS has setlogin(2). Replace SINIX and ReliantUNIX support with version specific SINIX files. From Gerald Rinske of Siemens Business Services. Use the 60-second load average instead of the 5 second load average on Compaq Tru64 UNIX (formerly Digital UNIX). From Chris Teakle of the University of Qld. Use ANSI C by default for Compaq Tru64 UNIX. Suggested by Randall Winchester of Swales Aerospace. Correct setgroups() prototype for Compaq Tru64 UNIX. Problem noted by Randall Winchester of Swales Aerospace. Hitachi 3050R/3050RX and 3500 Workstations running HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori NAKAMURA of Kyoto University. New compile flag NO_GETSERVBYNAME: set this to disable use of getservbyname() on systems which can not lookup a service by name over NIS, such as HI-UX. Patch from Motonori NAKAMURA of Kyoto University. Use devtools/bin/install.sh on SCO 5.x. Problem noted by Sun Wenbing of the China Engineering and Technology Information Network. make depend didn't work properly on UNIXWARE 4.2. Problem noted by Ariel Malik of Netology, Ltd. Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, and OpenBSD. A recent Compaq Ultrix 4.5 Y2K patch has broken detection of local_hostname_length(). See sendmail/README for more details. Problem noted by Allan E Johannesen of Worcester Polytechnic Institute. CONFIG: Begin using /etc/mail/ for sendmail related files. This affects a large number of files. See cf/README for more details. CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including trailing slash) for the mail settings directory. CONFIG: Increment version number of config file to 9. CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been deprecated and may be removed from a future release. BSD/OS users should begin using OSTYPE(`bsdi'). CONFIG: OpenBSD 2.4 installs mail.local non-setuid root. This requires a new OSTYPE(`openbsd'). From Todd C. Miller of Courtesan Consulting. CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. CONFIG: A syntax error in check_mail would cause fake top-level domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to be improperly rejected as unresolvable. CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of DNS server, rejection message) and can be included multiple times. CONFIG: New FEATURE(`relay_mail_from') allows relaying if the mail sender is listed as RELAY in the access map (and tagged with From:). CONFIG: Optional tagging of LHS in the access map (Connect:, From:, To:) to enable finer control. CONFIG: New FEATURE(`ldap_routing') implements LDAP address routing. See cf/README for a complete description of the new functionality. CONFIG: New variables for the new sendmail options: confAUTH_MECHANISMS AuthMechanisms confAUTH_OPTIONS AuthOptions confCLIENT_OPTIONS ClientPortOptions confCONTROL_SOCKET_NAME ControlSocketName confDEAD_LETTER_DROP DeadLetterDrop confDEF_AUTH_INFO DefaultAuthInfo confDF_BUFFER_SIZE DataFileBufferSize confLDAP_DEFAULT_SPEC LDAPDefaultSpec confMAX_ALIAS_RECURSION MaxAliasRecursion confMAX_HEADERS_LENGTH MaxHeadersLength confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength confPID_FILE PidFile confPROCESS_TITLE_PREFIX ProcessTitlePrefix confRRT_IMPLIES_DSN RrtImpliesDsn confTO_CONTROL Timeout.control confTO_RESOLVER_RETRANS Timeout.resolver.retrans confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal confTO_RESOLVER_RETRY Timeout.resolver.retry confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal confTRUSTED_USER TrustedUser confXF_BUFFER_SIZE XscriptFileBufferSize CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), which takes the options as argument and can be used multiple times; see cf/README for details. CONFIG: Add a fifth mailer definition to MAILER(`smtp') called "dsmtp". This mail provides on-demand delivery using the F=% mailer flag described above. The "dsmtp" mailer definition uses the new DSMTP_MAILER_ARGS which defaults to "IPC $h". CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, and RELAY_MAILER_MAXMSGS for setting the m= equate for the local, smtp, and relay mailers respectively. CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting the DSN Diagnostic-Code type for the local mailer. The value should be changed with care. CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type for the local mailer to the proper value of "SMTP". CONFIG: All included maps are no longer optional by default; if there there is a problem with a map, sendmail will complain. CONFIG: Removed root from class E; use EXPOSED_USER(`root') to get the old behavior. Suggested by Joe Pruett of Q7 Enterprises. CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which will not be masqueraded. Proposed by Arne Wichmann of MPI Saarbruecken, Griff Miller of PGS Tensor, Jayme Cox of Broderbund Software Inc. CONFIG: A list of exceptions for FEATURE(`nocanonify') can be specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which are passed to $[ ... $] for canonification. Based on an idea from Neil Rickert of Northern Illinois University. CONFIG: If `canonify_hosts' is specified as parameter for FEATURE(`nocanonify') then addresses which have only a hostname, e.g., , will be canonified. CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is nevertheless added to addresses with more than one component in it. CONFIG: Canonification is no longer attempted for any host or domain in class 'P' ($=P). CONFIG: New class for matching virtusertable entries $={VirtHost} that can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. FEATURE(`virtuser_entire_domain') can be used to apply this class also to entire subdomains. Hosts in this class are treated as canonical in SCanonify2, i.e., a trailing dot is added. CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, include $={VirtHost} in $=R (hosts allowed to relay). CONFIG: FEATURE(`generics_entire_domain') can be used to apply the genericstable also to subdomains of $=G. CONFIG: Pass "+detail" as %2 for virtusertable lookups. Patch from Noam Freedman from University of Chicago. CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested by Raymond S Brand of rsbx.net. CONFIG: Allow @domain in genericstable to override masquerading. Suggested by Owen Duffy from Owen Duffy & Associates. CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve Hubert of University of Washington. CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as GNU is now the canonical system name. From Mark Kettenis of the University of Amsterdam. CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. CONFIG: Do not include '=' in option expansion if there is no value associated with the option. From Andrew Brown of Graffiti World Wide, Inc. CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed by Philip A. Prindeville of Enteka Enterprise Technology Services. CONFIG: MAILER(`cyrus') was not preserving case for mail folder names. Problem noted by Randall Winchester of Swales Aerospace. CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags for the relay mailer. Suggested by Doug Hughes of Auburn University and Brian Candler. CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: header) by default. Suggested by Per Hedeland of Ericsson. CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. Suggested by Kari Hurtta of the Finnish Meteorological Institute. CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; i.e., to set, add, or delete flags. CONFIG: If SMTP AUTH is used then relaying is allowed for any user who authenticated via a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(`list of mechanisms'). CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay after check_rcpt and allows for exceptions from the checks. CONFIG: Map declarations have been moved into their associated feature files to allow greater flexibility in use of sequence maps. Suggested by Per Hedeland of Ericsson. CONFIG: New macro LOCAL_MAILER_EOL to override the default end of line string for the local mailer. Requested by Il Oh of Willamette Industries, Inc. CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is converted to CONFIG: Reject bogus return address of <@@hostname>, generated by Sun's older, broken configuration files. CONFIG: FEATURE(`nullclient') now provides the full rulesets of a normal configuration, allowing anti-spam checks to be performed. CONFIG: Don't return a permanent error (Relaying denied) if ${client_name} can't be resolved just temporarily. Suggested by Kari Hurtta of the Finnish Meteorological Institute. CONFIG: Change numbered rulesets into named (which still can be accessed by their numbers). CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial which describes whether to disallow "!" in the local part of an address. CONFIG: Call Local_localaddr from localaddr (S5) which can be used to rewrite an address from a mailer which has the F=5 flag set. If the ruleset returns a mailer, the appropriate action is taken, otherwise the returned tokens are ignored. CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. The latter is kept around for backward compatibility. CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, where "D.S.N" is an RFC 1893 compliant error code. CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). CONFIG: Remove second space between username and date in UNIX From_ line. Noted by Allan E Johannesen of Worcester Polytechnic Institute. CONFIG: Make sure all of the mailers have complete T= equates. CONFIG: Extend FEATURE(`local_procmail') so it can now take arguments overriding the mailer program, arguments, and mailer definition flags. This makes it possible to use other programs such as maildrop for local delivery. CONFIG: Emit warning if FEATURE(`local_lmtp') or FEATURE(`local_procmail') is given after MAILER(`local'). Patch from Richard A. Nelson of IBM. CONFIG: Add SMTP Authentication information to Received: header default value (confRECEIVED_HEADER). CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a local mailer. Problem noted by Per Hedeland of Ericsson. CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the University of California at Berkeley. CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of Illinois at Urbana-Champaign. CONTRIB: etrn.pl now recognizes bogus host names. Patch from Bruce Barnett of GE's R&D Lab. CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle Corporation UK. CONTRIB: Added qtool.pl to assist in managing the queues. DEVTOOLS: Prevent user environment variables from interfering with the Build scripts. Problem noted by Ezequiel H. Panepucci of Yale University. DEVTOOLS: 'Build -M' will display the obj.* directory which will be used for building. DEVTOOLS: 'Build -A' will display the architecture that would be used for a fresh build. DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. DEVTOOLS: New variable confRANLIBOPTS for the options to send to ranlib. DEVTOOLS: 'Build -O ' will have the object files build in /obj.*. Suggested by Bryan Costales of Exactis. DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the building of the man pages when defined. Suggested by Bryan Costales. DEVTOOLS: New variables confNO_HELPFILE_INSTALL and confNO_STATISTICS_INSTALL which will prevent the installation of the sendmail helpfile and statistics file respectively. Suggested by Bryan Costales. DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske of Siemens Business Services. DEVTOOLS: New variable confSTDIO_TYPE which defines the type of stdio library. The new buffered file I/O depends on the Torek stdio library. This option can be either portable or torek. DEVTOOLS: New variables confSRCADD and confSMSRCADD which correspond to confOBJADD and confSMOBJADD respectively. They should contain the C source files for the object files listed in confOBJADD and confSMOBJADD. These file names will be passed to the 'make depend' stage of compilation. DEVTOOLS: New program specific variables for each of the programs in the sendmail distribution. Each has the form `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. The new variables are conf_prog_ENVDEF, conf_prog_LIBS, conf_prog_SRCADD, and conf_prog_OBJADD. DEVTOOLS: Build system redesign. This should have little affect on building the distribution, but documentation on the changes are in devtools/README. DEVTOOLS: Don't allow 'Build -f file' if an object directory already exists. Suggested by Valdis Kletnieks of Virginia Tech. DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies the path to the sendmail source directory. confSRCDIR is a new variable which identifies the root of the source directories for all of the programs in the distribution. DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build time. They can both still be overridden by setting the m4 macro. DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for build configurations, and places objects in obj.prefix.*/. Complains as 'Build -f file' does for existing object directories. Suggested by Tom Smith of Digital Equipment Corporation. DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted manual pages in the directory tree specified by confMANROOTMAN. DEVTOOLS: If formatting the manual pages fails, copy in the preformatted pages from the distribution. The new variable confCOPY specifies the copying program. DEVTOOLS: Defining confFORCE_RMAIL will install rmail without question. Suggested by Terry Lambert of Whistle Communications. DEVTOOLS: confSTFILE and confHFFILE can be used to change the names of the installed statistics and help files, respectively. DEVTOOLS: Remove spaces in `uname -r` output when determining operating system identity. Problem noted by Erik Wachtenheim of Dartmouth College. DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that will be search for the libraries specified in confLIBSEARCH. Defaults to "/lib /usr/lib /usr/shlib". DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying how to strip binaries. These are used by the new install-strip target. DEVTOOLS: New config file site.post.m4 which is included after the others (if it exists). DEVTOOLS: Change order of LIBS: first product specific libraries then the default ones. MAIL.LOCAL: Will not be installed setuid root. To use mail.local as local delivery agent without LMTP mode, use MODIFY_MAILER_FLAGS(`LOCAL', `+S') to set the S flag. MAIL.LOCAL: Do not reject addresses which would otherwise be accepted by sendmail. Suggested by Neil Rickert of Northern Illinois University. MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 8BITMIME in the LHLO response. Suggested by Kari Hurtta of the Finnish Meteorological Institute. MAIL.LOCAL: Add support for the maillock() routines by defining MAILLOCK when compiling. Also requires linking with -lmail. Patch from Neil Rickert of Northern Illinois University. MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is defined when compiling. Automatically set for Solaris 2.3 and later. Patch from Neil Rickert of Northern Illinois University. MAIL.LOCAL: Move the initialization of the 'notifybiff' address structure to the beginning of the program. This ensures that the getservbyname() is done before any seteuid to a possibly unauthenticated user. If you are using NIS+ and secure RPC on a Solaris system, this avoids syslog messages such as, "authdes_refresh: keyserv(1m) is unable to encrypt session key." Patch from Neil Rickert of Northern Illinois University. MAIL.LOCAL: Support group writable mail spool files when MAILGID is set to the gid to use (-DMAILGID=6) when compiling. Patch from Neil Rickert of Northern Illinois University. MAIL.LOCAL: When a mail message included lines longer than 2046 characters (in LMTP mode), mail.local split the incoming line up into 2046-character output lines (excluding the newline). If an input line was 2047 characters long (excluding CR-LF) and the last character was a '.', mail.local saw it as the end of input, transfered it to the user mailbox and tried to write an `ok' back to sendmail. If the message was much longer, both sendmail and mail.local would deadlock waiting for each other to read what they have written. Problem noted by Peter Jeremy of Alcatel Australia Limited. MAIL.LOCAL: New option -b to return a permanent error instead of a temporary error if a mailbox exceeds quota. Suggested by Neil Rickert of Northern Illinois University. MAIL.LOCAL: The creation of a lockfile is subject to a global timeout to avoid starvation. MAIL.LOCAL: Properly parse addresses with multiple quoted local-parts. Problem noted by Ronald F. Guilmette of Infinite Monkeys & Co. MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. MAILSTATS: New -p option to invoke program mode in which stats are printed in a machine readable fashion and the stats file is reset. Patch from Kevin Hildebrand of the University of Maryland. MAKEMAP: If running as root, automatically change the ownership of generated maps to the TrustedUser as specified in the sendmail configuration file. MAKEMAP: New -C option to accept an alternate sendmail configuration file to use for finding the TrustedUser option. MAKEMAP: New -u option to dump (unmap) a database. Based on code contributed by Roy Mongiovi of Georgia Tech. MAKEMAP: New -e option to allow empty values. Suggested by Philip A. Prindeville of Enteka Enterprise Technology Services. MAKEMAP: Compile cleanly on 64-bit operating systems. Problem noted by Gerald Rinske of Siemens Business Services. OP.ME: Correctly document interaction between F=S and U= mailer equates. Problem noted by Bob Halley of Internet Engines. OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle Corporation UK. OP.ME: The Timeout [r] option was incorrectly listed as "safe" (e.g., sendmail would not drop root privileges if the option was specified on the command line). Problem noted by Todd C. Miller of Courtesan Consulting. PRALIASES: Handle the hash and btree map specifications for Berkeley DB. Patch from Brian J. Coan of the Institute for Global Communications. PRALIASES: Read the sendmail.cf file for the location(s) of the alias file(s) if the -f option is not used. Patch from John Beck of Sun Microsystems. PRALIASES: New -C option to specify an alternate sendmail configuration file to use for finding alias file(s). Patch from John Beck of Sun Microsystems. SMRSH: allow shell commands echo, exec, and exit. Allow command lists using || and &&. Based on patch from Brian J. Coan of the Institute for Global Communications. SMRSH: Update README for the new Build system. From Tim Pierce of RootsWeb Genealogical Data Cooperative. VACATION: Added vacation auto-responder to sendmail distribution. LIBSMDB: Added abstracted database library. Works with Berkeley DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. Changed Files: The Build script in the various program subdirectories are no longer symbolic links. They are now scripts which execute the actual Build script in devtools/bin. All the manual pages are now written against -man and not -mandoc as they were previously. Add a simple Makefile to every directory so make instead of Build will work (unless parameters are required for Build). New Directories: devtools/M4/UNIX include libmilter libsmdb libsmutil vacation Renamed Directories: BuildTools => devtools src => sendmail Deleted Files: cf/m4/nullrelay.m4 devtools/OS/Linux.ppc devtools/OS/ReliantUNIX devtools/OS/SINIX sendmail/ldap_map.h New Files: INSTALL PGPKEYS cf/cf/generic-linux.cf cf/cf/generic-linux.mc cf/feature/delay_checks.m4 cf/feature/dnsbl.m4 cf/feature/generics_entire_domain.m4 cf/feature/no_default_msa.m4 cf/feature/relay_mail_from.m4 cf/feature/virtuser_entire_domain.m4 cf/mailer/qpage.m4 cf/ostype/bsdi.m4 cf/ostype/hpux11.m4 cf/ostype/openbsd.m4 contrib/bounce-resender.pl contrib/domainmap.m4 contrib/qtool.8 contrib/qtool.pl devtools/M4/depend/AIX.m4 devtools/M4/list.m4 devtools/M4/string.m4 devtools/M4/subst_ext.m4 devtools/M4/switch.m4 devtools/OS/Darwin devtools/OS/GNU devtools/OS/SINIX.5.43 devtools/OS/SINIX.5.44 devtools/OS/m88k devtools/bin/find_in_path.sh mail.local/Makefile mailstats/Makefile makemap/Makefile praliases/Makefile rmail/Makefile sendmail/Makefile sendmail/bf.h sendmail/bf_portable.c sendmail/bf_portable.h sendmail/bf_torek.c sendmail/bf_torek.h sendmail/shmticklib.c sendmail/statusd_shm.h sendmail/timers.c sendmail/timers.h smrsh/Makefile vacation/Makefile Renamed Files: cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 sendmail/cdefs.h => include/sendmail/cdefs.h sendmail/sendmail.hf => sendmail/helpfile sendmail/mailstats.h => include/sendmail/mailstats.h sendmail/pathnames.h => include/sendmail/pathnames.h sendmail/safefile.c => libsmutil/safefile.c sendmail/snprintf.c => libsmutil/snprintf.c sendmail/useful.h => include/sendmail/useful.h cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 Copied Files: cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 8.9.3/8.9.3 1999/02/04 SECURITY: Limit message headers to a maximum of 32K bytes (total of all headers in a single message) to prevent a denial of service attack. This limit will be configurable in 8.10. Problem noted by Michal Zalewski of the "Internet for Schools" project (IdS). Prevent segmentation fault on an LDAP lookup if the LDAP map was closed due to an earlier failure. Problem noted by Jeff Wasilko of smoe.org. Fix from Booker Bense of Stanford University and Per Hedeland of Ericsson. Preserve the order of the MIME headers in multipart messages when performing the MIME header length check. This will allow PGP signatures to function properly. Problem noted by Lars Hecking of University College, Cork, Ireland. If ruleset 5 rewrote the local address to an :include: directive, the delivery would fail with an "aliasing/forwarding loop broken" error. Problem noted by Eric C Hagberg of Morgan Stanley. Fix from Per Hedeland of Ericsson. Allow -T to work for bestmx maps. Fix from Aaron Schrab of ExecPC Internet Systems. During the transfer of a message in an SMTP transaction, if a TCP timeout occurs, the message would be properly queued for later retry but the failure would be logged as "Illegal Seek" instead of a timeout. Problem noted by Piotr Kucharski of the Warsaw School of Economics (SGH) and Carles Xavier Munyoz Baldo of CTV Internet. Prevent multiple deliveries on a self-referencing alias if the F=w mailer flag is not set. Problem noted by Murray S. Kucherawy of Concentric Network Corporation and Per Hedeland of Ericsson. Do not strip empty headers but if there is no value and a default is defined in sendmail.cf, use the default. Problem noted by Philip Guenther of Gustavus Adolphus College and Christopher McCrory of Netus, Inc. Don't inherit information about the sender (notably the full name) in SMTP (-bs) mode, since this might be called from inetd. Accept any 3xx reply code in response to DATA command instead of requiring 354. This change will match the wording to be published in the updated SMTP specification from the DRUMS group of the IETF. Portability: AIX 4.2.0 or 4.2.1 may become updated by the fileset bos.rte.net level 4.2.0.2. This introduces the softlink /usr/lib/libbind.a which should not be used. It conflicts with the resolver built into libc.a. "bind" has been removed from the confLIBSEARCH BuildTools variable. Users who have installed BIND 8.X will have to add it back in their site.config.m4 file. Problem noted by Ole Holm Nielsen of the Technical University of Denmark. CRAY TS 10.0.x from Sven Nielsen of San Diego Supercomputer Center. Improved LDAP version 3 integration based on input from Kurt D. Zeilenga of the OpenLDAP Foundation, John Beck of Sun Microsystems, and Booker Bense of Stanford University. Linux doesn't have a standard way to get the timezone between different releases. Back out the change in 8.9.2 and don't attempt to derive a timezone. Problem reported by Igor S. Livshits of the University of Illinois at Urbana-Champaign and Michael Dickens of Tetranet Communications. Reliant UNIX, the new name for SINIX, from Gert-Jan Looy of Siemens/SNI. SunOS 5.8 from John Beck of Sun Microsystems. CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper timezone. Problem noted by Petr Lampa of Technical University of Brno. CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly when using FEATURE(bestmx_is_local). Patch from Neil W. Rickert of Northern Illinois University. CONFIG: Properly handle source routed and %-hack addresses on hosts which the mailertable remaps to local:. Patch from Neil W. Rickert of Northern Illinois University. CONFIG: Internal fixup of mailertable local: map value. Patch from Larry Parmelee of Cornell University. CONFIG: Only add back +detail from host portion of mailer triplet on local mailer triplets if it was originally +detail. Patch from Neil W. Rickert of Northern Illinois University. CONFIG: The bestmx_is_local checking done in check_rcpt would cause later checks to fail. Patch from Paul J Murphy of MIDS Europe. New Files: BuildTools/OS/CRAYTS.10.0.x BuildTools/OS/ReliantUNIX BuildTools/OS/SunOS.5.8 8.9.2/8.9.2 1998/12/30 SECURITY: Remove five second sleep on accepting daemon connections due to an accept() failure. This sleep could be used for a denial of service attack. Do not silently ignore queue files with names which are too long. Patch from Bryan Costales of InfoBeat, Inc. Do not store failures closing an SMTP session in persistent host status. Reported by Graeme Hewson of Oracle Corporation UK. Allow symbolic link forward files if they are in safe directories. Problem noted by Andreas Schott of the Max Planck Society. Missing columns in a text map could cause a segmentation fault. Fix from David Lee of the University of Durham. Note that for 8.9.X, PrivacyOptions=goaway also includes the noetrn flag. This is scheduled to change in a future version of sendmail. Problem noted by Theo Van Dinter of Chrysalis Symbolic Designa and Alan Brown of Manawatu Internet Services. When trying to do host canonification in a Wildcard MX environment, try an MX lookup of the hostname without the default domain appended. Problem noted by Olaf Seibert of Polderland Language & Speech Technology. Reject SMTP RCPT To: commands with only comments (i.e. 'RCPT TO: (comment)'. Problem noted by Earle Ake of Hassler Communication Systems Technology, Inc. Handle any number of %s in the LDAP filter spec. Patch from Per Hedeland of Ericsson. Clear ldapx open timeouts even if the map open failed to prevent a segmentation fault. Patch from Wayne Knowles of the National Institute of Water & Atmospheric Research Ltd. Do not syslog envelope clone messages when using address verification (-bv). Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Continue to perform queue runs while in daemon mode even if the daemon is rejecting connections due to a disk full condition. Problem noted by JR Oldroyd of TerraNet Internet Services. Include full filename on installation of the sendmail.hf file in case the $HFDIR directory does not exist. Problem noted by Josef Svitak of Montana State University. Close all maps when exiting the process with one exception. Berkeley DB can use internal shared memory locking for its memory pool. Closing a map opened by another process will interfere with the shared memory and locks of the parent process leaving things in a bad state. For Berkeley DB, only close the map if the current process is also the one that opened the map, otherwise only close the map file descriptor. Thanks to Yoseff Francus of Collective Technologies for volunteering his system for extended testing. Avoid null pointer dereference on XDEBUG output for SMTP reply failures. Problem noted by Carlos Canau of EUnet Portugal. On mailq and hoststat listings being piped to another program, such as more, if the pipe closes (i.e., the user quits more), stop sending output and exit. Patch from Allan E Johannesen of Worcester Polytechnic Institute. In accordance with the documentation, LDAP map lookup failures are now considered temporary failures instead of permanent failures unless the -t flag is used in the map definition. Problem noted by Booker Bense of Stanford University and Eric C. Hagberg of Morgan Stanley. Fix by one error reporting on long alias names. Problem noted by H. Paul Hammann of the Missouri Research and Education Network. Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem noted by Barry S. Finkel of Argonne National Laboratory. When automatically converting from 8 bit to quoted printable MIME, be careful not to miss a multi-part boundary if that boundary is preceded by a boundary-like line. Problem noted by Andreas Raschle of Ansid Inc. Fix from Kari Hurtta of the Finnish Meteorological Institute. Avoid bogus reporting of "LMTP tobuf overflow" when the buffer has enough space for the additional address. Problem noted by Steve Cliffe of the University of Wollongong. Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem noted by Alex Vorobiev of Swarthmore College. If the check_compat ruleset resolves to the $#discard mailer, discard the current recipient. Unlike check_relay, check_mail, and check_rcpt, the entire envelope is not discarded. Problem noted by RZ D. Rahlfs. Fix from Claus Assmann of Christian-Albrechts-University of Kiel. Avoid segmentation fault when reading ServiceSwitchFile files with bogus formatting. Patch from Kari Hurtta of the Finnish Meteorological Institute. Support Berkeley DB 2.6.4 API change. OP.ME: Pages weren't properly output on duplexed printers. Fix from Matthew Black of CSU Long Beach. Portability: Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase option structure. Problem noted by Ashley M. Kirchner of Photo Craft Laboratories, Inc. Break out IP address to hostname translation for reading network interface addresses into class 'w'. Patch from John Kennedy of Cal State University, Chico. AIX 4.x use -qstrict with -O3 to prevent the optimized from changing the semantics of the compiled program. From Simon Travaglia of the University of Waikato, New Zealand. FreeBSD 2.2.2 and later support setusercontext(). From Peter Wemm of DIALix. FreeBSD 3.x fix from Peter Wemm of DIALix. IRIX 5.x has a syslog buffer size of 512 bytes. From Nao NINOMIYA of Utsunomiya University. IRIX 6.5 64-bit Build support. LDAP Version 3 support from John Beck and Ravi Iyer of Sun Microsystems. Linux does not implement seteuid() properly. From John Kennedy of Cal State University, Chico. Linux timezone type was set improperly. From Takeshi Itoh of Bits Co., Ltd. NCR MP-RAS 3.x needs -lresolv for confLIBS. From Tom J. Moore of NCR. NeXT 4.x correction to man page path. From J. P. McCann of E I A. System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) from Paul Gampe of the Asia Pacific Network Information Center. ULTRIX now requires an optimization limit of 970 from Allan E Johannesen of Worcester Polytechnic Institute. Fix extern declaration for sm_dopr(). Fix from Henk van Oers of Algemeen Nederlands Persbureau. CONFIG: Catch @hostname,user@anotherhost.domain as relaying. Problem noted by Mark Rogov of AirMedia, Inc. Fix from Claus Assmann of Christian-Albrechts-University of Kiel. CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as there are multiple RBL's available and the MAPS RBL may not be the one in use. Suggested by Alan Brown of Manawatu Internet Services. CONFIG: Properly strip route addresses (i.e., @host1:user@host2) when stripping down a recipient address to check for relaying. Patch from Claus Assmann of Christian-Albrechts-University of Kiel and Neil W Rickert of Northern Illinois University. CONFIG: Allow the access database to override RBL lookups. Patch from Claus Assmann of Christian-Albrechts-University of Kiel. CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch Dot Com. CONFIG: Fixed check for deferred delivery mode warning. Patch from Claus Assmann of Christian-Albrechts-University of Kiel and Per Hedeland of Ericsson. CONFIG: If a recipient using % addressing is used, e.g. user%site@othersite, and othersite's MX records are now checked for local hosts if FEATURE(relay_based_on_MX) is used. Problem noted by Alexander Litvin of Lucky Net Ltd. Patch from Alexander Litvin of Lucky Net Ltd and Claus Assmann of Christian-Albrechts-University of Kiel. MAIL.LOCAL: Prevent warning messages from appearing in the LMTP stream. Do not allow more than one response per recipient. MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix from John Beck of Sun Microsystems. MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from John Beck of Sun Microsystems. MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in the envelope From header. MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. Problem noted by Glenn A. Malling of Syracuse University. MAILSTATS: Document msgsrej and msgsdis fields in the man page. Problem noted by Richard Wong of Princeton University. MAKEMAP: Build group list so group writable files are allowed with the -s flag. Problem noted by Curt Sampson of Internet Portal Services, Inc. PRALIASES: Automatically handle alias files created without the NULL byte at the end of the key. Patch from John Beck of Sun Microsystems. PRALIASES: Support Berkeley DB 2.6.4 API change. New Files: BuildTools/OS/IRIX64.6.5 BuildTools/OS/UnixWare.5.i386 cf/ostype/unixware7.m4 contrib/smcontrol.pl src/control.c 8.9.1/8.9.1 1998/07/02 If both an OS specific site configuration file and a generic site.config.m4 file existed, only the latter was used instead of both. Problem noted by Geir Johannessen of the Norwegian University of Science and Technology. Fix segmentation fault while converting 8 bit to 7 bit MIME multipart messages by trying to write to an unopened file descriptor. Fix from Kari Hurtta of the Finnish Meteorological Institute. Do not assume Message: and Text: headers indicate the end of the header area when parsing MIME headers. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Setting the confMAN#SRC Build variable would only effect the installation commands. The man pages would still be built with .0 extensions. Problem noted by Bryan Costales of InfoBeat, Inc. Installation of manual pages didn't honor the DESTDIR environment variable. Problem noted by Bryan Costales of InfoBeat, Inc. If the check_relay ruleset resolved to the discard mailer, messages were still delivered. Problem noted by Mirek Luc of NASK. Mail delivery to files would fail with an Operating System Error if sendmail was not running as root, i.e., RunAsUser was set. Problem noted by Leonard N. Zubkoff of Dandelion Digital. Prevent MinQueueAge from interfering from queued items created in the future, i.e., if the system clock was set ahead and then back. Problem noted by Michael Miller of the University of Natal, Pietermaritzburg. Do not advertise ETRN support in ESTMP EHLO reply if noetrn is set in the PrivacyOptions option. Fix from Ted Rule of Flextech TV. Log invalid persistent host status file lines instead of bouncing the message. Problem noted by David Lindes of DaveLtd Enterprises. Move creation of empty sendmail.st file from installation to compilation. Installation may be done from a read-only mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric Anderson of the Oasis Research Center, Inc. Enforce the maximum number of User Database entries limit. Problem noted by Gary Buchanan of Credence Systems Inc. Allow dead.letter files in root's home directory. Problem noted by Anna Ullman of Sun Microsystems. Program deliveries in forward files could be marked unsafe if any directory listed in the ForwardPath option did not exist. Problem noted by Jorg Bielak of Coastal Web Online. Do not trust the length of the address structure returned by gethostbyname(). Problem noted by Chris Evans of Oxford University. If the SIZE= MAIL From: ESMTP parameter is too large, use the 5.3.4 DSN status code instead of 5.2.2. Similarly, for non-local deliveries, if the message is larger than the mailer maximum message size, use 5.3.4 instead of 5.2.3. Suggested by Antony Bowesman of Fujitsu/TeaWARE Mail/MIME System. Portability: Fix the check for an IP address reverse lookup for use in $&{client_name} on 64 bit platforms. From Gilles Gallot of Institut for Development and Resources in Intensive Scientific computing. BSD-OS uses .0 for man page extensions. From Jeff Polk of BSDI. DomainOS detection for Build. Also, version 10.4 and later ship a unistd.h. Fixes from Takanobu Ishimura of PICT Inc. NeXT 4.x uses /usr/lib/man/cat for its man pages. From J. P. McCann of E I A. SCO 4.X and 5.X include NDBM support. From Vlado Potisk of TEMPEST, Ltd. CONFIG: Do not pass spoofed PTR results through resolver for qualification. Problem noted by Michiel Boland of Digital Valley Internet Professionals; fix from Kari Hurtta of the Finnish Meteorological Institute. CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, BITNET, and DECNET addresses for resolvable senders. Problem noted by Alexander Litvin of Lucky Net Ltd. CONFIG: Work around Sun's broken configuration which sends bounce messages as coming from @@hostname instead of <>. LMTP would not accept @@hostname. OP.ME: Corrections to complex sendmail startup script from Rick Troxel of the National Institutes of Health. RMAIL: Do not install rmail by default, require 'make force-install' as this rmail isn't the same as others. Suggested by Kari Hurtta of the Finnish Meteorological Institute. New Files: BuildTools/OS/DomainOS.10.4 8.9.0/8.9.0 1998/05/19 SECURITY: To prevent users from reading files not normally readable, sendmail will no longer open forward, :include:, class, ErrorHeader, or HelpFile files located in unsafe (i.e., group or world writable) directory paths. Sites which need the ability to override security can use the DontBlameSendmail option. See the README file for more information. SECURITY: Problems can occur on poorly managed systems, specifically, if maps or alias files are in world writable directories. This fixes the change added to 8.8.6 to prevent links in these world writable directories. SECURITY: Make sure ServiceSwitchFile option file is not a link if it is in a world writable directory. SECURITY: Never pass a tty to a mailer -- if a mailer can get at the tty it may be able to push bytes back to the senders input. Unfortunately this breaks -v mode. Problem noted by Wietse Venema of the Global Security Analysis Lab at IBM T.J. Watson Research. SECURITY: Empty group list if DontInitGroups is set to true to prevent program deliveries from picking up extra group privileges. Problem reported by Wolfgang Ley of DFN-CERT. SECURITY: The default value for DefaultUser is now set to the uid and gid of the first existing user mailnull, sendmail, or daemon that has a non-zero uid. If none of these exist, sendmail reverts back to the old behavior of using uid 1 and gid 1. This is a security problem for Linux which has chosen that uid and gid for user bin instead of daemon. If DefaultUser is set in the configuration file, that value overrides this default. SECURITY: Since 8.8.7, the check for non-setuid binaries interfered with setting an alternate group id for the RunAsUser option. Problem noted by Randall Winchester of the University of Maryland. Add support for Berkeley DB 2.X. Based on patch from John Kennedy of Cal State University, Chico. Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users which previously defined OLD_NEWDB=1 must now upgrade to the current version of Berkeley DB. Added support for regular expressions using the new map class regex. From Jan Krueger of Unix-AG of University of Hannover. Support for BIND 8.1.1's hesiod for hesiod maps and hesiod UserDatabases from Randall Winchester of the University of Maryland. Allow any shell for user shell on program deliveries on V1 configurations for backwards compatibility on machines which do not have getusershell(). Fix from John Beck of Sun Microsystems. On operating systems which change the process title by reusing the argument vector memory, sendmail could corrupt memory if the last argument was either "-q" or "-d". Problem noted by Frank Langbein of the University of Stuttgart. Support Local Mail Transfer Protocol (LMTP) between sendmail and mail.local on the F=z flag. Macro-expand the contents of the ErrMsgFile. Previously this was only done if you had magic characters (0x81) to indicate macro expansion. Now $x will be expanded. This means that real dollar signs have to be backslash escaped. TCP Wrappers expects "unknown" in the hostname argument if the reverse DNS lookup for the incoming connection fails. Problem noted by Randy Grimshaw of Syracuse University and Wietse Venema of the Global Security Analysis Lab at IBM T.J. Watson Research. DSN success bounces generated from an invocation of sendmail -t would be sent to both the sender and MAILER-DAEMON. Problem noted by Claus Assmann of Christian-Albrechts-University of Kiel. Avoid "Error 0" messages on delivery mailers which exit with a valid exit value such as EX_NOPERM. Fix from Andreas Luik of ISA Informationssysteme GmbH. Tokenize $&x expansions on right hand side of rules. This eliminates the need to use tricks like $(dequote "" $&{client_name} $) to cause the ${client_name} macro to be properly tokenized. Add the MaxRecipientsPerMessage option: this limits the number of recipients that will be accepted in a single SMTP transaction. After this number is reached, sendmail starts returning "452 Too many recipients" to all RCPT commands. This can be used to limit the number of recipients per envelope (in particular, to discourage use of the server for spamming). Note: a better approach is to restrict relaying entirely. Fixed pointer initialization for LDAP lmap struct, fixed -s option to ldapx map and added timeout for ldap_open call to avoid hanging sendmail in the event of hung LDAP servers. Patch from Booker Bense of Stanford University. Allow multiple -qI, -qR, or -qS queue run limiters. For example, '-qRfoo -qRbar' would deliver mail to recipients with foo or bar in their address. Patch from Allan E Johannesen of Worcester Polytechnic Institute. The bestmx map will now return a list of the MX servers for a host if passed a column delimiter via the -z map flag. This can be used to check if the server is an MX server for the recipient of a message. This can be used to help prevent relaying. Patch from Mitchell Blank Jr of Exec-PC. Mark failures for the *file* mailer and return bounce messages to the sender for those failures. Prevent bogus syslog timestamps on errors in sendmail.cf by preserving the TZ environment variable until TimeZoneSpec has been determined. Problem noted by Ralf Hildebrandt of Technical University of Braunschweig. Patch from Per Hedeland of Ericsson. Print test input in address test mode when input is not from the tty when the -v flag is given (i.e., sendmail -bt -v) to make output easier to decipher. Problem noted by Aidan Nichol of Procter & Gamble. The LDAP map -s flag was not properly parsed and the error message given included the remainder of the arguments instead of solely the argument in error. Problem noted by Aidan Nichol of Procter & Gamble. New DontBlameSendmail option. This option allows administrators to bypass some of sendmail's file security checks at the expense of system security. This should only be used if you are absolutely sure you know the consequences. The available DontBlameSendmail options are: Safe AssumeSafeChown ClassFileInUnsafeDirPath ErrorHeaderInUnsafeDirPath GroupWritableDirPathSafe GroupWritableForwardFileSafe GroupWritableIncludeFileSafe GroupWritableAliasFile HelpFileinUnsafeDirPath WorldWritableAliasFile ForwardFileInGroupWritableDirPath IncludeFileInGroupWritableDirPath ForwardFileInUnsafeDirPath IncludeFileInUnsafeDirPath ForwardFileInUnsafeDirPathSafe IncludeFileInUnsafeDirPathSafe MapInUnsafeDirPath LinkedAliasFileInWritableDir LinkedClassFileInWritableDir LinkedForwardFileInWritableDir LinkedIncludeFileInWritableDir LinkedMapInWritableDir LinkedServiceSwitchFileInWritableDir FileDeliveryToHardLink FileDeliveryToSymLink WriteMapToHardLink WriteMapToSymLink WriteStatsToHardLink WriteStatsToSymLink RunProgramInUnsafeDirPath RunWritableProgram New DontProbeInterfaces option to turn off the inclusion of all the interface names in $=w on startup. In particular, if you have lots of virtual interfaces, this option will speed up startup. However, unless you make other arrangements, mail sent to those addresses will be bounced. Automatically create alias databases if they don't exist and AutoRebuildAliases is set. Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. Suggested by Christophe Wolfhugel of the Institut Pasteur. Add PrivacyOptions=noverb flag to disable the SMTP VERB command. When determining the client host name ($&{client_name} macro), do a forward (A) DNS lookup on the result of the PTR lookup and compare results. If they differ or if the PTR lookup fails, &{client_name} will contain the IP address surrounded by square brackets (e.g., [127.0.0.1]). New map flag: -Tx appends "x" to lookups that return temporary failure (i.e, it is like -ax for the temporary failure case, in contrast to the success case). New syntax to do limited checking of header syntax. A config line of the form: HHeader: $>Ruleset causes the indicated Ruleset to be invoked on the Header when read. This ruleset works like the check_* rulesets -- that is, it can reject mail on the basis of the contents. Limit the size of the HELO/EHLO parameter to prevent spammers from hiding their connection information in Received: headers. When SingleThreadDelivery is active, deliveries to locked hosts are skipped. This will cause the delivering process to try the next MX host or queue the message if no other MX hosts are available. Suggested by Alexander Litvin. The [FILE] mailer type now delivers to the file specified in the A= equate of the mailer definition instead of $u. It also obeys all of the F= mailer flags such as the MIME 7/8 bit conversion flags. This is useful for defining a mailer which delivers to the same file regardless of the recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). Do not assume the identity of a remote connection is root@localhost if the remote connection closes the socket before the remote identity can be queried. Change semantics of the F=S mailer flag back to 8.7.5 behavior. Some mailers, including procmail, require that the real uid is left unchanged by sendmail. Problem noted by Per Hedeland of Ericsson. No longer is the src/obj*/Makefile selected from a large list -- it is now generated using the information in BuildTools/OS/ -- some of the details are determined dynamically via BuildTools/bin/configure.sh. The other programs in the sendmail distribution -- mail.local, mailstats, makemap, praliases, rmail, and smrsh -- now use the new Build method which creates an operating system specific Makefile using the information in BuildTools. Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., a failure on one message won't affect future messages to the same host). This is necessary if the remote host sends a 451 error if the domain of the sender does not resolve as is common in anti-spam configurations. Problem noted by Mitchell Blank Jr of Exec-PC. New "discard" mailer for check_* rulesets and header checking rulesets. If one of the above rulesets resolves to the $#discard mailer, the commands will be accepted but the message will be completely discarded after it is accepting. This means that even if only one of the recipients resolves to the $#discard mailer, none of the recipients will receive the mail. Suggested by Brian Kantor. All but the last cloned envelope of a split envelope were queued instead of being delivered. Problem noted by John Caruso of CNET: The Computer Network. Fix deadlock situation in persistent host status file locking. Syslog an error if a user forward file could not be read due to an error. Patch from John Beck of Sun Microsystems. Use the first name returned on machine lookups when canonifying a hostname via NetInfo. Patch from Timm Wetzel of GWDG. Clear the $&{client_addr}, $&{client_name}, and $&{client_port} macros when delivering a bounce message to prevent rejection by a check_compat ruleset which uses these macros. Problem noted by Jens Hamisch of AgiX Internetservices GmbH. If the check_relay ruleset resolves to the the error mailer, the error in the $: portion of the resolved triplet is used in the rejection message given to the remote machine. Suggested by Scott Gifford of The Internet Ramp. Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros before calling the check_relay ruleset. Suggested by Scott Gifford of The Internet Ramp. Sendmail would get a segmentation fault if a mailer exited with an exit code of 79. Problem noted by Aaron Schrab of ExecPC Internet. Fix from Christophe Wolfhugel of the Pasteur Institute. Separate snprintf/vsnprintf routines into separate file for use by mail.local. Allow multiple map lookups on right hand side, e.g., R$* $( host $1 $) $| $( passwd $1 $). Patch from Christophe Wolfhugel of the Pasteur Institute. Properly generate success DSN messages if requested for aliases which have owner- aliases. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Properly display delayed-expansion macros ($&{macroname}) in address test mode (-bt). Problem noted by Bryan Costales of InfoBeat, Inc. -qR could sometimes match names incorrectly. Problem noted by Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. Include a magic number and version in the StatusFile for the mailstats command. Record the number of rejected and discarded messages in the StatusFile for display by the mailstats command. Patch from Randall Winchester of the University of Maryland. IDENT returns where the OSTYPE field equals "OTHER" now list the user portion as IDENT:username@site instead of username@site to differentiate the two. Suggested by Kari Hurtta of the Finnish Meteorological Institute. Enforce timeout for LDAP queries. Patch from Per Hedeland of Ericsson. Change persistent host status filename substitution so '/' is replaced by ':' instead of '|' to avoid clashes. Also avoid clashes with hostnames with leading dots. Fix from Mitchell Blank Jr. of Exec-PC. If the system lock table is full, only attempt to create a new queue entry five times before giving up. Previously, it was attempted indefinitely which could cause the partition to run out of inodes. Problem noted by Suzie Weigand of Stratus Computer, Inc. In verbose mode, warn if the sendmail.cf version is less than the currently supported version. Sorting for QueueSortOrder=host is now case insensitive. Patch from Randall S. Winchester of the University of Maryland. Properly quote a full name passed via the -F command line option, the Full-Name: header, or the NAME environment variable if it contains characters which must be quoted. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. Avoid possible race condition that unlocked a mail job before releasing the transcript file on systems that use flock(2). In some cases, this might result in a "Transcript Unavailable" message in error bounces. Accept SMTP replies which contain only a reply code and no accompanying text. Problem noted by Fernando Fraticelli of Digital Equipment Corporation. Portability: AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura of Kyoto University. AIX 4.2 requires before . Patch from Randall S. Winchester of the University of Maryland. AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. CRAY T3E from Manu Mahonen of Center for Scientific Computing in Finland. Digital UNIX now uses statvfs for determining free disk space. Patch from Randall S. Winchester of the University of Maryland. HP-UX 11.x from Richard Allen of Opin Kerfi HF and Regis McEwen of Progress Software Corporation. IRIX 64 bit fixes from Kari Hurtta of the Finnish Meteorological Institute. IRIX 6.2 configuration fix for mail.local from Michael Kyle of CIC/Advanced Computing Laboratory. IRIX 6.5 from Thomas H Jones II of SGI. IRIX 6.X load average code from Bob Mende of SGI. QNX from Glen McCready . SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links to sendmail. Install with group bin instead of kmem as kmem does not exist. From Guillermo Freige of Gobernacion de la Pcia de Buenos Aires and Paul Fischer of BTG, Inc. SunOS 4.X does not include memmove(). Patch from Per Hedeland of Ericsson. SunOS 5.7 includes getloadavg() function for determining load average. Patch from John Beck of Sun Microsystems. CONFIG: Increment version number of config file. CONFIG: add DATABASE_MAP_TYPE to set the default type of database map for the various maps. The default is hash. Patch from Robert Harker of Harker Systems. CONFIG: new confEBINDIR m4 variable for defining the executable directory for certain programs. CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for local mail delivery. By the default, /usr/libexec/mail.local is used. This is expected to be the mail.local shipped with 8.9 which is LMTP capable. The path is based on the new confEBINDIR m4 variable. CONFIG: Use confEBINDIR in determining path to smrsh for FEATURE(smrsh). Note that this changes the default from /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to include $z/.forward.$w+$h and $z/.forward+$h which allow the user to setup different .forward files for user+detail addressing. CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, DontProbeInterfaces, and DontBlameSendmail options. CONFIG: by default do not allow relaying (that is, accepting mail from outside your domain and sending it to another host outside your domain). CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from any site to any site. CONFIG: new FEATURE(relay_entire_domain) allows any host in your domain as defined by the 'm' class ($=m) to relay. CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on the MX records of the host portion of an incoming recipient. CONFIG: new FEATURE(access_db) which turns on the access database feature. This database give you the ability to allow or refuse to accept mail from specified domains for administrative reasons. By default, names that are listed as "OK" in the access db are domain names, not host names. CONFIG: new confCR_FILE m4 variable for defining the name of the file used for class 'R'. Defaults to /etc/mail/relay-domains. CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) to add items to class 'R' ($=R) for hosts allowed to relay. CONFIG: new FEATURE(relay_hosts_only) to change the behavior of FEATURE(access_db) and class 'R' to lookup individual host names only. CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient using % addressing is used, e.g. user%site@othersite, and othersite is in class 'R', the check_rcpt ruleset will strip @othersite and recheck user@site for relaying. This feature changes that behavior. It should not be needed for most installations. CONFIG: new FEATURE(relay_local_from) to allow relaying if the domain portion of the mail sender is a local host. This should only be used if absolutely necessary as it opens a window for spammers. Patch from Randall S. Winchester of the University of Maryland. CONFIG: new FEATURE(blacklist_recipients) turns on the ability to block incoming mail destined for certain recipient usernames, hostnames, or addresses. CONFIG: By default, MAIL FROM: commands in the SMTP session will be refused if the host part of the argument to MAIL FROM: cannot be located in the host name service (e.g., DNS). CONFIG: new FEATURE(accept_unresolvable_domains) accepts unresolvable hostnames in MAIL FROM: SMTP commands. CONFIG: new FEATURE(accept_unqualified_senders) accepts MAIL FROM: senders which do not include a domain. CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the Realtime Blackhole List. You can specify the RBL name server to contact by specifying it as an optional argument. The default is rbl.maps.vix.com. For details, see http://maps.vix.com/rbl/. CONFIG: Call Local_check_relay, Local_check_mail, and Local_check_rcpt from check_relay, check_mail, and check_rcpt. Users with local rulesets should place the rules using LOCAL_RULESETS. If a Local_check_* ruleset returns $#OK, the message is accepted. If the ruleset returns a mailer, the appropriate action is taken, else the return of the ruleset is ignored. CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by default to support file, :include:, and program deliveries. CONFIG: Remove the default for confDEF_USER_ID so the binary can pick the proper default value. See the SECURITY note above for more information. CONFIG: FEATURE(nodns) now warns the user that the feature is a no-op. Patch from Kari Hurtta of the Finnish Meteorological Institute. CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to daemon since DEC's /bin/mail will drop the envelope sender if run as mailnull. See the Digital UNIX section of src/README for more information. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. CONFIG: .cf files are now stored in the same directory with the .mc files instead of in the obj directory. CONFIG: New options confSINGLE_LINE_FROM_HEADER, confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for setting SingleLineFromHeader, AllowBogusHELO, and MustQuoteChars respectively. MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This SMTP-like protocol allows detailed reporting of delivery status on a per-user basis. Code donated by John Myers of CMU (now of Netscape). MAIL.LOCAL: HP-UX support from Randall S. Winchester of the University of Maryland. NOTE: mail.local is not compatible with the stock HP-UX mail format. Be sure to read mail.local/README. MAIL.LOCAL: Prevent other mail delivery agents from stealing a mailbox lock. Patch from Randall S. Winchester of the University of Maryland. MAIL.LOCAL: glibc portability from John Kennedy of Cal State University, Chico. MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish Meteorological Institute. MAILSTATS: Display the number of rejected and discarded messages in the StatusFile. Patch from Randall Winchester of the University of Maryland. MAKEMAP: New -s flag to ignore safety checks on database map files such as linked files in world writable directories. MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. PRALIASES: Add support for Berkeley DB 2.X. PRALIASES: Do not automatically include NDBM support. Problem noted by Ralf Hildebrandt of the Technical University of Braunschweig. RMAIL: Improve portability for other platforms. Patches from Randall S. Winchester of the University of Maryland and Kari Hurtta of the Finnish Meteorological Institute. Changed Files: src/Makefiles/Makefile.* files have been modified to use the new build mechanism and are now BuildTools/OS/*. src/makesendmail changed to symbolic link to src/Build. New Files: BuildTools/M4/header.m4 BuildTools/M4/depend/BSD.m4 BuildTools/M4/depend/CC-M.m4 BuildTools/M4/depend/NCR.m4 BuildTools/M4/depend/Solaris.m4 BuildTools/M4/depend/X11.m4 BuildTools/M4/depend/generic.m4 BuildTools/OS/AIX.4.2 BuildTools/OS/AIX.4.x BuildTools/OS/CRAYT3E.2.0.x BuildTools/OS/HP-UX.11.x BuildTools/OS/IRIX.6.5 BuildTools/OS/NEXTSTEP.4.x BuildTools/OS/NeXT.4.x BuildTools/OS/NetBSD.8.3 BuildTools/OS/QNX BuildTools/OS/SunOS.5.7 BuildTools/OS/dcosx.1.x.NILE BuildTools/README BuildTools/Site/README BuildTools/bin/Build BuildTools/bin/configure.sh BuildTools/bin/find_m4.sh BuildTools/bin/install.sh Makefile cf/cf/Build cf/cf/generic-hpux10.cf cf/feature/accept_unqualified_senders.m4 cf/feature/accept_unresolvable_domains.m4 cf/feature/access_db.m4 cf/feature/blacklist_recipients.m4 cf/feature/loose_relay_check.m4 cf/feature/local_lmtp.m4 cf/feature/promiscuous_relay.m4 cf/feature/rbl.m4 cf/feature/relay_based_on_MX.m4 cf/feature/relay_entire_domain.m4 cf/feature/relay_hosts_only.m4 cf/feature/relay_local_from.m4 cf/ostype/qnx.m4 contrib/doublebounce.pl mail.local/Build mail.local/Makefile.m4 mail.local/README mailstats/Build mailstats/Makefile.m4 makemap/Build makemap/Makefile.m4 praliases/Build praliases/Makefile.m4 rmail/Build rmail/Makefile.m4 rmail/rmail.0 smrsh/Build smrsh/Makefile.m4 src/Build src/Makefile.m4 src/snprintf.c Deleted Files: cf/cf/Makefile (replaced by Makefile.dist) mail.local/Makefile mail.local/Makefile.dist mailstats/Makefile mailstats/Makefile.dist makemap/Makefile makemap/Makefile.dist praliases/Makefile praliases/Makefile.dist rmail/Makefile smrsh/Makefile smrsh/Makefile.dist src/Makefile src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) src/Makefiles/Makefile.SMP_DC.OSx.NILE (renamed BuildTools/OS/dcosx.1.x.NILE) src/Makefiles/Makefile.Utah (obsolete platform) Renamed Files: READ_ME => README cf/cf/Makefile.dist => Makefile cf/cf/obj/* => cf/cf/* src/READ_ME => src/README 8.8.8/8.8.8 1997/10/24 If the check_relay ruleset failed, the relay= field was logged incorrectly. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. If /usr/tmp/dead.letter already existed, sendmail could not add additional bounces to it. Problem noted by Thomas J. Arseneault of SRI International. If an SMTP mailer used a non-standard port number for the outgoing connection, it would be displayed incorrectly in verbose mode. Problem noted by John Kennedy of Cal State University, Chico. Log the ETRN parameter specified by the client before altering them to internal form. Suggested by Bob Kupiec of GES-Verio. EXPN and VRFY SMTP commands on malformed addresses were logging as User unknown with bogus delay= values. Change them to log the same as compliant addresses. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. Ignore the debug resolver option unless using sendmail debug trace option for resolver. Problem noted by Greg Nichols of Wind River Systems. If SingleThreadDelivery was enabled and the remote server returned a protocol error on the DATA command, the connection would be closed but the persistent host status file would not be unlocked so other sendmail processes could not deliver to that host. Problem noted by Peter Wemm of DIALix. If queueing up a message due to an expensive mailer, don't increment the number of delivery attempts or set the last delivery attempt time so the message will be delivered on the next queue run regardless of MinQueueAge. Problem noted by Brian J. Coan of the Institute for Global Communications. Authentication warnings of "Processed from queue _directory_" and "Processed by _username_ with -C _filename_" would be logged with the incorrect timestamp. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. Use a better heuristic for detecting GDBM. Log null connections on dropped connections. Problem noted by Jon Lewis of Florida Digital Turnpike. If class dbm maps are rebuilt, sendmail will now detect this and reopen the map. Previously, they could give stale results during a single message processing (but would recover when the next message was received). Fix from Joe Pruett of Q7 Enterprises. Do not log failures such as "User unknown" on -bv or SMTP VRFY requests. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. Do not send a bounce message back to the sender regarding bad recipients if the SMTP connection is dropped before the message is accepted. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. Use "localhost" instead of "[UNIX: localhost]" when connecting to sendmail via a UNIX pipe. This will allow rulesets using $&{client_name} to process without sending the string through dequote. Problem noted by Alan Barrett of Internet Africa. A combination of deferred delivery mode, a double bounce situation, and the inability to save a bounce message to /var/tmp/dead.letter would cause sendmail to send a bounce to postmaster but not remove the offending envelope from the queue causing it to create a new bounce message each time the queue was run. Problem noted by Brad Doctor of Net Daemons Associates. Remove newlines from hostname information returned via DNS. There are no known security implications of newlines in hostnames as sendmail filters newlines in all vital areas; however, this could cause confusing error messages. Starting with sendmail 8.8.6, mail sent with the '-t' option would be rejected if any of the specified addresses were bad. This behavior was modified to only reject the bad addresses and not the entire message. Problem noted by Jozsef Hollosi of SuperNet, Inc. Use Timeout.fileopen when delivering mail to a file. Suggested by Bryan Costales of InfoBeat, Inc. Display the proper Final-Recipient on DSN messages for non-SMTP mailers. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. An error in calculating the available space in the list of addresses for logging deliveries could cause an address to be silently dropped. Include the initial user environment if sendmail is restarted via a HUP signal. This will give room for the process title. Problem noted by Jon Lewis of Florida Digital Turnpike. Mail could be delivered without a body if the machine does not support flock locking and runs out of processes during delivery. Fix from Chuck Lever of the University of Michigan. Drop recipient address from 251 and 551 SMTP responses per RFC 821. Problem noted by Kari E. Hurtta of the Finnish Meteorological Institute. Make sure non-rebuildable database maps are opened before the rebuildable maps (i.e., alias files) in case the database maps are needed for verifying the left hand side of the aliases. Problem noted by Lloyd Parkes of Victoria University. Make sure sender RFC822 source route addresses are alias expanded for bounce messages. Problem noted by Juergen Georgi of RUS University of Stuttgart. Minor lint fixes. Return a temporary error instead of a permanent error if an LDAP map search returns an error. This will allow sequenced maps which use other LDAP servers to be checked. Fix from Booker Bense of Stanford University. When automatically converting from quoted printable to 8bit text do not pad bare linefeeds with a space. Problem noted by Theo Nolte of the University of Technology Aachen, Germany. Portability: Non-standard C compilers may have had a problem compiling conf.c due to a standard C external declaration of setproctitle(). Problem noted by Ted Roberts of Electronic Data Systems. AUX: has a broken O_EXCL implementation. Reported by Jim Jagielski of jaguNET Access Services. BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. Digital UNIX: Digital UNIX (and possibly others) moves loader environment variables into the loader memory area. If one of these environment variables (such as LD_LIBRARY_PATH) was the last environment variable, an invalid memory address would be used by the process title routine causing memory corruption. Problem noted by Sam Hartman of Mesa Internet Systems. GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused chownsafe() to always return 0 even if the OS does not permit file giveaways. Problem noted by Yasutaka Sumi of The University of Tokyo. IRIX6: Syslog buffer size set to 512 bytes. Reported by Gerald Rinske of Siemens Business Services VAS. Linux: Pad process title with NULLs. Problem noted by Jon Lewis of Florida Digital Turnpike. SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an incorrect value for the number of interfaces. Problem noted by Chris Loelke of JetStream Internet Services. SINIX: Update for Makefile and syslog buffer size from Gerald Rinske of Siemens Business Services VAS. Solaris: Make sure HASGETUSERSHELL setting for SunOS is not used on a Solaris machine. Problem noted by Stephen Ma of Jtec Pty Limited. CONFIG: SINIX: Update from Gerald Rinske of Siemens Business Services VAS. MAKEMAP: Use a better heuristic for detecting GDBM. CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of Ericsson. 8.8.7/8.8.7 1997/08/03 If using Berkeley DB on systems without O_EXLOCK (open a file with an exclusive lock already set -- i.e., almost all systems except 4.4-BSD derived systems), the initial attempt at rebuilding aliases file if the database didn't already exist would fail. Patch from Raymund Will of LST Software GmbH. Bogus incoming SMTP commands would reset the SMTP conversation. Problem noted by Fredrik Jönsson of the Royal Institute of Technology, Stockholm. Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), some environments could give "multiple definitions" for these routines during compilation. If using TCP Wrappers, assume that these routines are included as though they were in the C library. Patch from Robert La Ferla. When a NEWDB database map was rebuilt at the same time it was being used by a queue run, the maps could be left locked for the duration of the queue run, causing other processes to hang. Problem noted by Kendall Libby of Shore.NET. In some cases, NoRecipientAction=add-bcc was being ignored, so the mail was passed on without any recipient header. This could cause problems downstream. Problem noted by Xander Jansen of SURFnet ExpertiseCentrum. Give error when GDBM is used with sendmail. GDBM's locking and linking of the .dir and .pag files interferes with sendmail's locking and security checks. Problems noted by Fyodor Yarochkin of the Kyrgyz Republic FreeNet. Don't fsync qf files if SuperSafe option is not set. Avoid extra calls to gethostbyname for addresses for which a gethostbyaddr found no value. Also, ignore any returns from gethostbyaddr that look like a dotted quad. If PTR lookup fails when looking up an SMTP peer, don't tag it as "may be forged", since at the network level we pretty much have to assume that the information is good. In some cases, errors during an SMTP session could leave files open or locked. Better handling of missing file descriptors (0, 1, 2) on startup. Better handling of non-setuid binaries -- avoids certain obnoxious errors during testing. Errors in file locking of NEWDB maps had the incorrect file name printed in the error message. If the AllowBogusHELO option were set and an EHLO with a bad or missing parameter were issued, the EHLO behaved like a HELO. Load limiting never kicked in for incoming SMTP transactions if the DeliveryMode=background and any recipient was an alias or had a .forward file. From Nik Conwell of Boston University. On some non-Posix systems, the decision of whether chown(2) permits file giveaway was undefined. From Tetsu Ushijima of the Tokyo Institute of Technology. Fix race condition that could cause the body of a message to be lost (so only the header was delivered). This only occurs on systems that do not use flock(2), and only when a queue runner runs during a critical section in another message delivery. Based on a patch from Steve Schweinhart of Results Computing. If a qf file was found in a mail queue directory that had a problem (wrong ownership, bad format, etc.) and the file name was exactly MAXQFNAME bytes long, then instead of being tried once, it would be tried on every queue run. Problem noted by Bryan Costales of Mercury Mail. If the system supports an st_gen field in the status structure, include it when reporting that a file has changed after open. This adds a new compile flag, HAS_ST_GEN (0/1 option). This out to be checked as well as reported, since it is theoretically possible for an attacker to remove a file after it is opened and replace it with another file that has the same i-number, but some filesystems (notably AFS) return garbage in this field, and hence always look like the file has changed. As a practical matter this is not a security problem, since the files can be neither hard nor soft links, and on no filesystem (that I am aware of) is it possible to have two files on the same filesystem with the same i-number simultaneously. Delete the root Makefile from the distribution -- it is only for use internally, and does not work at customer sites. Fix botch that caused the second MAIL FROM: command in a single transaction to clear the entire transaction. Problem noted by John Kennedy of Cal State University, Chico. Work properly on machines that have _PATH_VARTMP defined without a trailing slash. (And a pox on vendors that decide to ignore the established conventions!) Problem noted by Gregory Neil Shapiro of WPI. Internal changes to make it easier to add another protocol family (intended for IPv6). Patches are from John Kennedy of CSU Chico. In certain cases, 7->8 bit MIME decoding of Base64 text could leave an extra space at the beginning of some lines. Problem noted by Charles Karney of Princeton University; fix based on a patch from Christophe Wolfhugel. Portability: Allow _PATH_VENDOR_CF to be set in Makefile for consistency with the _Sendmail_ book, 2nd edition. Note that the book is actually wrong: _PATH_SENDMAILCF should be used instead. AIX 3.x: Include . Patch from Gene Rackow of Argonne National Laboratory. OpenBSD from from Paul DuBois of the University of Wisconsin. RISC/os 4.0 from Paul DuBois of the University of Wisconsin. SunOS: Include to fix warning from util.c. From James Aldridge of EUnet Ltd. Solaris: Change STDIR (location of status file) to /etc/mail in Makefiles. Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from Makefiles. Use NEWDB on Linux instead. NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl exists but behaves differently than other OSes. Add SIOCGIFNUM_IS_BROKEN compile flag to get around the problem. Problem noted by Tom Moore of NCR Corp. HP-UX 9.x: fix compile warnings for old select API. Problem noted by Tom Smith of Digital Equipment Corp. UnixWare 2.x: compile warnings on offsetof macro. Problem noted by Tom Good of the Community Access Information Resource Network SCO 4.2: compile problems caused by a change in the type of the "length" parameters passed to accept, getpeername, getsockname, and getsockopt. Adds new compile flags SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported by Tom Good of St. Vincent's North Richmond Community Mental Health Center Residential Services. AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Suggested by Brett Hogden of Rochester Gas & Electric Corp. Linux: avoid compile problem for versions of that #define both setjmp and longjmp. Problem pointed out by J.R. Oldroyd of TerraNet. CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) from Christopher Durham of SCO. CONFIG: NEXTSTEP: define confCW_FILE to /etc/sendmail/sendmail.cw to match the usual configuration. Patch from Dennis Glatting of PlainTalk. CONFIG: MAILER(fax) called a program that hasn't existed for a long time. Convert to use the HylaFAX 4.0 conventions. Suggested by Harry Styron. CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These are the rulesets in use on sendmail.org. MAKEMAP: give error on GDBM files. MAIL.LOCAL: Make error messages a bit more explicit, for example, telling more details on what actually changed when "file changed after open". CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw files. CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. NEW FILES: src/Makefiles/Makefile.OpenBSD src/Makefiles/Makefile.RISCos.4_0 test/t_exclopen.c cf/ostype/sco-uw-2.1.m4 DELETED FILES: Makefile 8.8.6/8.8.6 1997/06/14 ************************************************************* * The extensive assistance of Gregory Neil Shapiro of WPI * * in preparing this release is gratefully appreciated. * * Sun Microsystems has also provided resources toward * * continued sendmail development. * ************************************************************* SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open mode bits set to create a file that is a symbolic link that points nowhere. This makes it possible to create a root owned file in an arbitrary directory by inserting the symlink into a writable directory after the initial lstat(2) check determined that the file did not exist. The only verified example of a system having these odd semantics for O_EXCL and symbolic links was HP-UX prior to version 9.07. Most systems do not have the problem, since a exclusive create of a file disallows symbolic links. Systems that have been verified to NOT have the problem include AIX 3.x, *BSD, DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, and Ultrix. This is a potential exposure on systems that have this bug and which do not have a MAILER-DAEMON alias pointing at a legitimate account, since this will cause old mail to be dropped in /var/tmp/dead.letter. SECURITY: Problems can occur on poorly managed systems, specifically, if maps or alias files are in world writable directories. If your system has alias maps in writable directories, it is potentially possible for an attacker to replace the .db (or .dir and .pag) files by symbolic links pointing at another database; this can be used either to expose information (e.g., by pointing an alias file at /etc/spwd.db and probing for accounts), or as a denial-of-service attack (by trashing the password database). The fix disallows symbolic links entirely when rebuilding alias files or on maps that are in writable directories, and always warns on writable directories; 8.9 will probably consider writable directories to be fatal errors. This does not represent an exposure on systems that have alias files in unwritable system directories. SECURITY: disallow .forward or :include: files that are links (hard or soft) if the parent directory (or any directory in the path) is writable by anyone other than the owner. This is similar to the previous case for user files. This change should not affect most systems, but is necessary to prevent an attacker who can write the directory from pointing such files at other files that are readable only by the owner. SECURITY: Tighten safechown rules: many systems will say that they have a safe (restricted to root) chown even on files that are mounted from another system that allows owners to give away files. The new rules are very strict, trusting file ownership only in those few cases where the system has been verified to be at least as paranoid as necessary. However, it is possible to relax the rules to partially trust the ownership if the directory path is not world or group writable. This might allow someone who has a legitimate :include: file (referenced directly from /etc/aliases) to become another non-root user if the :include: file is in a non-writable directory on an NFS-mounted filesystem where the local system says that giveaway is denied but it is actually permitted. I believe this to be a very small set of cases. If in doubt, do not point :include: aliases at NFS-mounted filesystems. SECURITY: When setting a numeric group id using the RunAsUser option (e.g., "O RunAsUser=10:20", the group id would not be set. Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. The user id was still set properly. Problem noted by Uli Pralle of the Technical University of Berlin. Save the initial gid set for use when checking for if the PrivacyOptions=restrictmailq option is set. Problem reported by Wolfgang Ley of DFN-CERT. Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a failure on one message won't affect future messages to the same host). IP source route printing had an "off by one" error that would affect any options that came after the route option. Patch from Theo de Raadt. The "Message is too large" error didn't successfully bounce the error back to the sender. Problem reported by Stephen More of PSI; patch from Gregory Neil Shapiro of WPI. Change SMTP status code 553 to map into Extended code 5.1.0 (instead of 5.1.3); it apparently gets used in multiple ways. Suggested by John Myers of Portola Communications. Fix possible extra null byte generated during collection if errors occur at the beginning of the stream. Patch contributed by Andrey A. Chernov and Gregory Neil Shapiro. Code changes to avoid possible reentrant call of malloc/free within a signal handler. Problem noted by John Beck of Sun Microsystems. Move map initialization to be earlier so that check_relay ruleset will have the latest version of the map data. Problem noted by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. If there are fatal errors during the collection phase (e.g., message too large) don't send the bogus message. Avoid "cannot open xfAAA00000" messages when sending to aliases that have errors and have owner- aliases. Problem noted by Michael Barber of MTU; fix from Gregory Neil Shapiro of WPI. Avoid null pointer dereference on illegal Boundary= parameters in multipart/mixed Content-Type: header. Problem noted by Richard Muirden of RMIT University. Always print error messages during newaliases (-bi) even if the ErrorMode is not set to "print". Fix from Gregory Neil Shapiro. Test mode could core dump if you did a /map lookup in an optional map that could not be opened. Based on a fix from John Beck of Sun Microsystems. If DNS is misconfigured so that the last MX record tried points to a host that does not have an A record, but other MX records pointed to something reasonable, don't bounce the message with a "host unknown" error. Note that this should really be fixed in the zone file for the domain. Problem noted by Joe Rhett of Navigist, Inc. If a map fails (e.g., DNS times out) on all recipient addresses, mark the message as having been tried; otherwise the next queue run will not realize that this is a second attempt and will retry immediately. Problem noted by Bryan Costales of Mercury Mail. If the clock is set backwards, and a MinQueueAge is set, no jobs will be run until the later setting of the clock is reached. "Problem" (I use the term loosely) noted by Eric Hagberg of Morgan Stanley. If the load average rises above the cutoff threshold (above which sendmail will not process the queue at all) during a queue run, abort the queue run immediately. Problem noted by Bryan Costales of Mercury Mail. The variable queue processing algorithm (based on the message size, number of recipients, message precedence, and job age) was non-functional -- either the entire queue was processed or none of the queue was processed. The updated algorithm does no queue run if a single recipient zero size job will not be run. If there is a fatal ("panic") message that will cause sendmail to die immediately, never hold the error message for future printing. Force ErrorMode=print in -bt mode so that all errors are printed regardless of the setting of the ErrorMode option in the configuration file. Patch from Gregory Neil Shapiro. New compile flag HASSTRERROR says that this OS has the strerror(3) routine available in one of the libraries. Use it in conf.h. The -m (match only) flag now works on host class maps. If class hash or btree maps are rebuilt, sendmail will now detect this and reopen the map. Previously, they could give erroneous results during a single message processing (but would recover when the next message was received). Don't delete zero length queue files when doing queue runs until the files are at least ten minutes old. This avoids a potential race condition: the creator creates the qf file, getting back a file descriptor. The queue runner locks it and deletes it because it is zero length. The creator then writes the descriptor that is now for a disconnected file, and the job goes away. Based on a suggestion by Bryan Costales. When determining the "validated" host name ($_ macro), do a forward (A) DNS lookup on the result of the PTR lookup and compare results. If they differ or if the PTR lookup fails, tag the address as "may be forged". Log null connections (i.e., hosts that connect but do not do any substantive activity on the connection before disconnecting; "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. Always permit "writes" to /dev/null regardless of the link count. This is safe because /dev/null is special cased, and no open or write is ever actually attempted. Patch from Villy Kruse of TwinCom. If a message cannot be sent because of a 552 (exceeded storage allocation) response to the MAIL FROM:<>, and a SIZE= parameter was given, don't return the body in the bounce, since there is a very good chance that the message will double-bounce. Fix possible line truncation if a quoted-printable had an =00 escape in the body. Problem noted by Charles Karney of the Princeton Plasma Physics Laboratory. Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. Problem noted by Kari Hurtta of the Finnish Meteorological Institute. The MaxDaemonChildren option wasn't applying to queue runs as documented. Note that this increases the potential denial of service problems with this option: an attacker can connect many times, and thereby lock out queue runs as well as incoming connections. If you use this option, you should run the "sendmail -bd" and "sendmail -q30m" jobs separately to avoid this attack. Failure to limit noted by Matthew Dillon of BEST Internet Communications. Always give a message in newaliases if alias files cannot be opened instead of failing silently. Suggested by Gregory Neil Shapiro. This change makes the code match the O'Reilly book (2nd edition). Some older versions of the resolver could return with h_errno == -1 if no name server could be reached, causing mail to bounce instead of queueing. Treat this like TRY_AGAIN. Fix from John Beck of SunSoft. If a :include: file is owned by a user that does not have an entry in the passwd file, sendmail could dereference a null pointer. Problem noted by Satish Mynam of Sun Microsystems. Take precautions to make sure that the SMTP protocol cannot get out of sync if (for example) an alias file cannot be opened. Fix a possible race condition that can cause a SIGALRM to come in immediately after a SIGHUP, causing the new sendmail to die. Avoid possible hang on SVr3 systems when doing child reaping. Patch from Villy Kruse of TwinCom. Ignore improperly formatted SMTP reply codes. Previously these were partially processed, which could cause confusing error returns. Fix possible bogus pointer dereference when doing ldapx map lookups on some architectures. Portability: A/UX: from Jim Jagielski of NASA/GSFC. glibc: SOCK_STREAM was changed from a #define to an enum, thus breaking #ifdef SOCK_STREAM. Only option seems to be to assume SOCK_STREAM if __GNU_LIBRARY__ is defined. Problem reported by A Sun of the University of Washington. Solaris: use SIOCGIFNUM to get the number of interfaces on the system rather than guessing at compile time. Patch contributed by John Beck of Sun Microsystems. Intel Paragon: from Wendy Lin of Purdue University. GNU Hurd: from Miles Bader of the GNU project. RISC/os 4.50 from Harlan Stenn of PFCS Corporation. ISC Unix: wait never returns if SIGCLD signals are blocked. Unfortunately releasing them opens a race condition, but there appears to be no fix for this. Patch from Gregory Neil Shapiro. BIND 8.1 for IPv6 compatibility from John Kennedy. Solaris: a bug in strcasecmp caused characters with the high order bit set to apparently randomly match letters -- for example, $| (0233) matches "i" and "I". Problem noted by John Gregson of the University of Cambridge. IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From Kari Hurtta. IRIX 6.x: Create Makefiles for systems that claim to be IRIX64 but are 6.2 or higher (so use the regular IRIX Makefile). IRIX 6.x: Fix load average computation on 64 bit kernels. Problem noted by Eric Hagberg of Morgan Stanley. CONFIG: Some canonification was still done for UUCP-like addresses even if FEATURE(nocanonify) was set. Problem pointed out by Brian Candler. CONFIG: In some cases UUCP mailers wouldn't properly recognize all local names as local. Problem noted by Jeff Polk of BSDI; fix provided by Gregory Neil Shapiro. CONFIG: The "local:user" syntax entries in mailertables and other "mailer:user" syntax locations returned an incorrect value for the $h macro. Problem noted by Gregory Neil Shapiro. CONFIG: Retain "+detail" information when forwarding mail to a MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip Guenther of Gustavus Adolphus College. CONFIG: Make sure user+detail works for FEATURE(virtusertable); rules are the same as for aliasing. Based on a patch from Gregory Neil Shapiro. CONFIG: Break up parsing rules into several pieces; this should have no functional change in this release, but makes it possible to have better anti-spam rulesets in the future. CONFIG: Disallow double dots in host names to avoid having the HostStatusDirectory store status under the wrong name. In some cases this can be used as a denial-of-service attack. Problem noted by Ron Jarrell of Virginia Tech, patch from Gregory Neil Shapiro. CONFIG: Don't use F=m (multiple recipients per invocation) for MAILER(procmail), but do pass F=Pn9 (include Return-Path:, don't include From_, and convert to 8-bit). Suggestions from Kimmo Suominen and Roderick Schertler. CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were being masqueraded as though FEATURE(masquerade_entire_domain) was specified, even when it wasn't. MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't "slip in" a symbolic link between the lstat(2) call and the exclusive open. This is only a problem on System V derived systems that allow an exclusive create on files that are symbolic links pointing nowhere. MAIL.LOCAL: If the final mailbox close() failed, the user id was not reset back to root, which on some systems would cause later mailboxes to fail. Also, any partial message would not be truncated, which could result in repeated deliveries. Problem noted by Bruce Evans via Peter Wemm (FreeBSD developers). MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar change to the sendmail map code was made in 8.8.3. Problem noted by Gregory Neil Shapiro. MAKEMAP: Give warnings on file problems such as map files that are symbolic links; although makemap is not setuid root, it is often run as root and hence has the potential for the same sorts of problems as alias rebuilds. MAKEMAP: Change compilation so that it will link properly on NEXTSTEP. CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. Accept an optional list of arguments following the server name for the ETRN arguments to use (instead of $=w). Other miscellaneous bug fixes. From Christian von Roques via John Beck of Sun Microsystems. CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This Perl script converts GECOS information in the /etc/passwd file into aliases, allowing for faster access to full name lookups; it is also clever about adding aliases (to root) for system accounts. NEW FILES: src/safefile.c cf/ostype/gnuhurd.m4 cf/ostype/irix6.m4 contrib/passwd-to-alias.pl src/Makefiles/Makefile.IRIX64.6.1 src/Makefiles/Makefile.IRIX64.6.x RENAMED FILES: src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 8.8.5/8.8.5 1997/01/21 SECURITY: Clear out group list during startup. Without this, sendmail will continue to run with the group permissions of the caller, even if RunAsUser is specified. SECURITY: Make purgestat (-bH) be root-only. This is not in response to any known attack, but it's best to be conservative. Suggested by Peter Wemm of DIALix. SECURITY: Fix buffer overrun problem in MIME code that has possible security implications. Patch from Alex Garthwaite of the University of Pennsylvania. Use of a -f flag with a phrase attached (e.g., "-f 'Full Name '") would truncate the address after "Full". Although the -f syntax is incorrect (since it is in the envelope, it shouldn't have comments and full names), the failure mode was unnecessarily awful. Fix a possible null pointer dereference when converting 8-bit data to a 7-bit format. Problem noted by Jim Hutchins of Sandia National Labs and David James of British Telecom. Clear out stale state that affected F=9 on SMTP mailers in queue runs. Although this really shouldn't be used (F=9 is for final delivery only, and using it on an SMTP mailer makes it possible for a message to be converted from 8->7->8->7 bits several times), it shouldn't have failed with a syserr. Problem noted by Eric Hagberg of Morgan Stanley. _Really_ fix the multiple :maildrop code in the user database module. Patch from Roy Mongiovi of Georgia Tech. Let F lines in the configuration file actually read root-only files if the configuration file is safe. Based on a patch from Keith Reynolds of SCO. ETRN followed by QUIT would hold the connection open until the queue run completed. Problem noted by Truck Lewis of TDK Semiconductor Corp. It turns out that despite the documentation, the TCP wrappers library does _not_ log rejected connections. Do the logging ourselves. Problem noted by Fletcher Mattox of the University of Texas at Austin. If sendmail finds a qf file in its queue directory that is an unknown version (e.g., when backing out to an old version), the error is reported on every queue run. Change it to only give the error once (and rename the qf => Qf). Patch from William A. Gianopoulos of Raytheon Company. Start a new session when doing background delivery; currently it ignored signals but didn't start a new signal, that caused some problems if a background process tried to send mail under certain circumstances. Problem noted by Eric Hagberg of Morgan Stanley; fix from Kari Hurtta. Simplify test for skipping a queue run to just check if the current load average is >= the queueing load average. Previously the check factored in some other parameters that caused it to essentially never skip the queue run. Patch from Bryan Costales. If the SMTP server is running in "nullserver" mode (that is, it is rejecting all commands), start sleeping after MAXBADCOMMAND (25) commands; this helps prevent a bad guy from putting you into a tight loop as a denial-of-service attack. Based on an e-mail conversation with Brad Knowles of AOL. Slow down when too many "light weight" commands have been issued; this helps prevent a class of denial-of-service attacks. The current values and defaults are: MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR MAXHELOCOMMANDS 3 HELO, EHLO MAXVRFYCOMMANDS 6 VRFY, EXPN MAXETRNCOMMANDS 8 ETRN These will probably be configurable in a future release. On systems that have uid_t typedefed to be an unsigned short, programs that had the F=S flag and no U= equate would be invoked with the real uid set to 65535 rather than being left unchanged. In some cases, NOTIFY=NEVER was not being honored. Problem noted by Steve Hubert of the University of Washington, Seattle. Mail that was Quoted-Printable encoded and had a soft line break on the last line (i.e., an incomplete continuation) had the last line dropped. Since this appears to be illegal it isn't clear what to do with it, but flushing the last line seems to be a better "fail soft" approach. Based on a patch from Eric Hagberg. If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a bogus HELO command still causes the "Polite people say HELO first" error message. Problem pointed out by Chris Thomas of UCLA; patch from John Beck of SunSoft. Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set - in PrivacyOptions. The -q shouldn't turn this command off. - Problem noted by Murray Kucherawy of Pacific Bell Internet; - based on a patch from Gregory Neil Shapiro of WPI. + in PrivacyOptions. The -q shouldn't turn this command off. + Problem noted by Murray Kucherawy of Pacific Bell Internet; + based on a patch from Gregory Neil Shapiro of WPI. Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) in a DATA transaction to be sticky; these can occur because a message is too large, and smaller messages should still go through. Problem noted by Matt Dillon of Best Internet Communications. In some cases bounces were saved in /var/tmp/dead.letter even if they had been successfully delivered to the envelope sender. Problem noted Eric Hagberg of Morgan Stanley; solution from Gregory Neil Shapiro of WPI. Give better diagnostics on long alias lines. Based on code contributed by Patrick Gosling of the University of Cambridge. Increase the number of virtual interfaces that will be probed for alternate names. Problem noted by Amy Rich of Shore.Net. PORTABILITY: UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from Toshiaki Nomura of Fujitsu Limited. SunOS with LDAP support: compile problems with struct timeval. Patch from Nick Cuccia of TCSI Corporation. SCO: from Keith Reynolds of SCO. Solaris: kstat load average computation wasn't being used. Fixes from Michael Ju. Tokarev of Telecom Service, JSC (Moscow). OpenBSD: from Jason Downs of teeny.org. Altos System V: from Tim Rice. Solaris 2.5: from Alan Perry of SunSoft. Solaris 2.6: from John Beck of SunSoft. Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli of Pratt & Whitney . CONFIG: It seems that I hadn't gotten the Received: line syntax _just_right_ yet. Tweak it again. I'll omit the names of the "contributors" (quantity two) in this one case. As of now, NO MORE DISCUSSION about the syntax of the Received: line. CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), it never inserts that class into the output file. Fix it so it will honor EXPOSED_USER but will _not_ include root automatically in this class. Problem noted by Ronan KERYELL of Centre de Recherche en Informatique de l'École Nationale Supérieure des Mines de Paris (CRI-ENSMP). CONFIG: Clean up handling of "local:" syntax in relay specifications such as LUSER_RELAY. This change permits the following syntaxes: ``local:'' will send to the same user on the local machine (e.g., in a mailertable entry for "host", ``local:'' will cause an address addressed to user@host to go to user on the local machone). ``local:user'' will send to the named user on the local machine. ``local:user@host'' is equivalent to ``local:user'' (the host is ignored). In all cases, the original user@host is passed in $@ (i.e., the detail information). Inspired by a report from Michael Fuhr. CONFIG: Strip quotes from the first word of an "error:" host indication. This lets you set (for example) the LUSER_RELAY to be ``error:\"5.1.1\" Your Message Here''. Note the use of the \" so that the resulting string is properly quoted. Problem noted by Gregory Neil Shapiro of WPI. OP.ME: documentation was inconsistent about whether sendmail did a NOOP or a RSET to probe the connection (it does a RSET). Inconsistency noted by Deeran Peethamparam. OP.ME: insert additional blank pages so it will print properly on a duplex printer. From Matthew Black of Cal State University, Long Beach. 8.8.4/8.8.4 1996/12/02 SECURITY: under some circumstances, an attacker could get additional permissions by hard linking to files that were group writable by the attacker. The solution is to disallow any files that have hard links -- this will affect .forward, :include:, and output files. Problem noted by Terry Kyriacopoulos of Interlog Internet Services. As a workaround, set UnsafeGroupWrites -- always a good idea. SECURITY: the TryNullMXList (w) option should not be safe -- if it is, it is possible to do a denial-of-service attack on MX hosts that rely on the use of the null MX list. There is no danger if you have this option turned off (the default). Problem noted by Dan Bernstein. Also, make the DontInitGroups unsafe. I know of no specific attack against this, although a denial-of-service attack is probably possible, but in theory you should not be able to safely tweak anything that affects the permissions that are used when mail is delivered. Purgestat could go into an infinite loop if one of the host status directories somehow became empty. Problem noted by Roy Mongiovi of Georgia Tech. Processes got "lost" when counting children due to a race condition. This caused "proc_list_probe: lost pid" messages to be logged. Problem noted by several people. On systems with System V SIGCLD child signal semantics (notably AIX and HP-UX), mail transactions would print the message "451 SMTP-MAIL: lost child: No child processes". Problem noted by several people. Miscellaneous compiler warnings on picky compilers (or when setting gcc to high warning levels). From Tom Moore of NCR Corp. SMTP protocol errors, and most errors on MAIL FROM: lines should not be persistent between runs, since they are based on the message rather than the host. Problem noted by Matt Dillon of Best Internet Communications. The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore of NCR (a.k.a., AT&T Global Information Solutions). Avoid the possibility of having a child daemon run to completion (including closing the SMTP socket) before the parent has had a chance to close the socket; this can cause the parent to hang for a long time waiting for the socket to drain. Patch from Don Lewis of TDK Semiconductor. If the fork() failed in a queue run, the queue runners would not be rescheduled (so queue runs would stop). Patch from Don Lewis. Some error conditions in ETRN could cause output without an SMTP status code. Problem noted by Don Lewis. Multiple :maildrop addresses in the user database didn't work properly. Patch from Roy Mongiovi of Georgia Tech. Add ".db" automatically onto any user database spec that does not already have it; this is for consistency with makemap, the K line, and the documentation. Inconsistency pointed out by Roy Mongiovi. Allow sendmail to be properly called in nohup mode. Patch from Kyle Jones of UUNET. Change ETRN to ignore but still update host status files; previously it would ignore them and not save the updated status, which caused stale information to be maintained. Based on a patch from Christopher Davis of Kapor Enterprises Inc. Also, have ETRN ignore the MinQueueAge option. Patch long term host status to recover more gracefully from an empty host status file condition. Patch from NAKAMURA Motonori of Kyoto University. Several patches to signal handling code to fix potential race conditions from Don Lewis. Make it possible to compile with -DDAEMON=0 (previously it had some compile errors). This turns DAEMON, QUEUE, and SMTP into 0/1 compilation flags. Note that DAEMON is an obsolete compile flag; use NETINET instead. Solution based on a patch from Bryan Costales. PORTABILITY FIXES: AIX4: getpwnam() and getpwuid() do a sequential scan of the /etc/security/passwd file when called as root. This is very slow on some systems. To speed it up, use the (undocumented) _getpw{nam,uid}_shadow() routines. Patch from Chris Thomas of UCLA/OAC Systems Group. SCO 5.x: include -lprot in the Makefile. Patch from Bill Glicker of Burrelle's Information Service. NEWS-OS 4.x: need a definition for MODE_T to compile. Patch from Makoto MATSUSHITA of Osaka University. SunOS 4.0.3: compile problems. Patches from Andrew Cole of Leeds University and SASABE Tetsuro of the University of Tokyo. DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support Services, Inc. Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. I believe this to have only been a problem if you compiled with -DUSE_VENDOR_CF_PATH -- another reason to stick with /etc/sendmail.cf as your One True Path. Digital UNIX (OSF/1 on Alpha) load average computation from Martin Laubach of the Technischen Universität Wien. CONFIG: change default Received: line to be multiple lines rather than one long one. By popular demand. MAIL.LOCAL: warnings weren't being logged on some systems. Patch from Jerome Berkman of U.C. Berkeley. MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs to take a very long time. Problem noted by Yoshiro YONEYA of NTT Software Corporation. CONTRIB: add etrn.pl, contributed by John Beck. NEW FILES: contrib/etrn.pl 8.8.3/8.8.3 1996/11/17 SECURITY: it was possible to get a root shell by lying to sendmail about argv[0] and then sending it a signal. Problem noted by Leshka Zakharoff on the best-of-security list. Log sendmail binary version number in "Warning: .cf version level (%d) exceeds program functionality (%d) message" -- this should make it clearer to people that they are running the wrong binary. Fix a problem that occurs when you open an SMTP connection and then do one or more ETRN commands followed by a MAIL command; at the end of the DATA phase sendmail would incorrectly report "451 SMTP-MAIL: lost child: No child processes". Problem noted by Eric Bishop of Virginia Tech. When doing text-based host canonification (typically /etc/hosts lookup), a null host name would match any /etc/hosts entry with space at the end of the line. Problem noted by Steve Hubert of the University of Washington, Seattle. 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. Problem reported by Tom Smith of Digital Equipment Corp. Increase the size of the DNS answer buffer -- the standard UDP packet size PACKETSZ (512) is not sufficient for some nameserver answers containing very many resource records. The resolver may also switch to TCP and retry if it detects UDP packet overflow. Also, allow for the fact that the resolver routines res_query and res_search return the size of the *un*truncated answer in case the supplied answer buffer it not big enough to accommodate the entire answer. Patch from Eric Wassenaar. Improvements to MaxDaemonChildren code. If you think you have too many children, probe the ones you have to verify that they are still around. Suggested by Jared Mauch of CICnet, Inc. Also, do this probe before growing the vector of children pids; this previously caused the vector to grow indefinitely due to a race condition. Problem reported by Kyle Jones of UUNET. On some architectures, (from the Berkeley DB library) defines O_EXLOCK to zero; this fools the map compilation code into thinking that it can avoid race conditions by locking on open. Change it to check for O_EXLOCK non-zero. Problem noted by Leif Erlingsson of Data Lege. Always call res_init() on startup (if compiled in, of course) to allow the sendmail.cf file to tweak resolver flags; without it, flag tweaks in ResolverOptions are ignored. Patch from Andrew Sun of Merrill Lynch. Improvements to host status printing code. Suggested by Steve Hubert of the University of Washington, Seattle. Change MinQueueAge option processing to do the check for the job age when reading the queue file, rather than at the end; this avoids parsing the addresses, which can do DNS lookups. Problem noted by John Beck of InReference, Inc. When MIME was being 7->8 bit decoded, "From " lines weren't being properly escaped. Problem noted by Peter Nilsson of the University of Linkoping. In some cases, sendmail would retain root permissions during queue runs even if RunAsUser was set. Problem noted by Mark Thomas of Mark G. Thomas Consulting. If the F=l flag was set on an SMTP mailer to indicate that it is actually local delivery, and NOTIFY=SUCCESS is specified in the envelope, and the receiving SMTP server speaks DSN, then the DSN would be both generated locally and propagated to the other end. The U= mailer field didn't correctly extract the group id if the user id was numeric. Problem noted by Kenneth Herron of MCI Telecommunications Communications. If a message exceeded the fixed maximum size on input, the body of the message was included in the bounce. Note that this did not occur if it exceeded the maximum _output_ size. Problem reported by Kyle Jones of UUNET. PORTABILITY FIXES: AIX4: 4.1 doesn't have a working setreuid(2); change the AIX4 defines to use seteuid(2) instead, which works on 4.1 as well as 4.2. Problem noted by Håkan Lindholm of interAF, Sweden. AIX4: use tzname[] vector to determine time zone name. Patch from NAKAMURA Motonori of Kyoto University. MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. Contributed by Paul DuBois . Solaris: kstat(3k) support for retrieving the load average. This adds the LA_KSTAT definition for LA_TYPE. The outline of the implementation was contributed by Michael Tokarev of Telecom Service, JSC, Moscow. HP-UX 10.0 gripes about the (perfectly legal!) forward declaration of struct rusage at the top of conf.h; change it to only be included if you are using gcc, which is apparently the only compiler that requires it in the first place. Problem noted by Jeff Earickson of Colby College. IRIX: don't default to using gcc. IRIX is a civilized operating system that comes with a decent compiler by default. Problem noted by Barry Bouwsma and Kari Hurtta. CONFIG: specify F=9 as default in FEATURE(local_procmail) for consistency with other local mailers. Inconsistency pointed out by Teddy Hogeborn . CONFIG: if the "limited best mx" feature is used (to reduce DNS overhead) as part of the bestmx_is_local feature, the domain part was dropped from the name. Patch from Steve Hubert of the University of Washington, Seattle. CONFIG: catch addresses of the form "user@.dom.ain"; these could end up being translated to the null host name, which would return any entry in /etc/hosts that had a space at the end of the line. Problem noted by Steve Hubert of the University of Washington, Seattle. CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer Polytechnic Institute. MAKEMAP: tweak hash and btree parameters for better performance. Patch from Matt Dillon of Best Internet Communications. NEW FILES: src/Makefiles/Makefile.Linux.ppc cf/ostype/aix4.m4 cf/ostype/mklinux.m4 8.8.2/8.8.2 1996/10/18 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch changed the code but didn't fix the problem. PORTABILITY FIXES: Solaris: Don't use the system getusershell(3); it can apparently corrupt the heap in some circumstances. Problem found by Ken Pizzini of Spry, Inc. OP.ME: document several mailer flags that were accidentally omitted from this document. These flags were F=d, F=j, F=R, and F=9. CONFIG: no changes. 8.8.1/8.8.1 1996/10/17 SECURITY: unset all environment variables that the resolver will examine during queue runs and daemon mode. Problem noted by Dan Bernstein of the University of Illinois at Chicago. SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain message could overflow a buffer if it was converted back to 8 bits. This caused core dumps and has the potential for a remote attack. Problem first noted by Gregory Shapiro of WPI. Avoid duplicate deliveries of error messages on systems that don't have flock(2) support. Patch from Motonori Nakamura of Kyoto University. Ignore null FallBackMX (V) options. If this option is null (as opposed to undefined) it can cause "null signature" syserrs on illegal host names. If a Base64 encoded text/plain message has no trailing newline in the encoded text, conversion back to 8 bits will drop the final line. Problem noted by Pierre David. If running with a RunAsUser, sendmail would give bogus "cannot setuid" (or seteuid, or setreuid) messages on some systems. Problem pointed out by Jordan Mendelson of Web Services, Inc. Always print error messages in -bv mode -- previously, -bv would be absolutely silent on errors if the error mode was sent to (say) mail-back. Problem noted by Kyle Jones of UUNET. If -qI/R/S is set (or the ETRN command is used), ignore all long term host status. This is necessary because it is common to do this when you know a host has just come back up. Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 4.2. Excessive permissiveness noted by Lee Flight of the University of Leicester. If a service (such as NIS) is specified as the last entry in the service switch, but that service is not compiled in, sendmail would return a temporary failure when an entry was not found in the map. This caused the message to be queued instead of bouncing immediately. Problem noted by Harry Edmon of the University of Washington. PORTABILITY FIXES: Solaris 2.3 had compilation problems in conf.c. Several people pointed this out. NetBSD from Charles Hannum of MIT. AIX4 improvements based on info from Steve Bauer of South Dakota School of Mines & Technology. CONFIG: ``error:code message'' syntax was broken in virtusertable. Patch from Gil Kloepfer Jr. CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set using MASQUERADE_DOMAIN) were not masqueraded unless they were also in $=w. Problem noted by Zoltan Basti of Softec. MAIL.LOCAL: patches to compile and link cleanly on AIX. Based on a patch from Eric Hagberg of Morgan Stanley. MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan of Stanford via Robert La Ferla. 8.8.0/8.8.0 1996/09/26 Under some circumstances, Bcc: headers would not be properly deleted. Pointed out by Jonathan Kamens of OpenVision. Log a warning if the sendmail daemon is invoked without a full pathname, which prevents "kill -1" from working. I was urged to put this in by Andrey A. Chernov of DEMOS (Russia). Fix small buffer overflow. Since the data in this buffer was not read externally, there was no security problem (and in fact probably wouldn't really overflow on most compilers). Pointed out by KIZU takashi of Osaka University. Fix problem causing domain literals such as [1.2.3.4] to be ignored if a FallbackMXHost was specified in the configuration file -- all mail would be sent to the fallback even if the original host was accessible. Pointed out by Munenari Hirayama of NSC (Japan). A message that didn't terminate with a newline would (sometimes) not have the trailing "." added properly in the SMTP dialogue, causing SMTP to hang. Patch from Per Hedeland of Ericsson. The DaemonPortOptions suboption to bind to a particular address was incorrect and nonfunctional due to a misunderstanding of the semantics of binding on a passive socket. Patch from NIIBE Yutaka of Mitsubishi Research Institute. Increase the number of MX hosts for a single name to 100 to better handle the truly huge service providers such as AOL, which has 13 at the moment (and climbing). In order to avoid trashing memory, the buffer for all names has only been slightly increased in size, to 12.8K from 10.2K -- this means that if a single name had 100 MX records, the average size of those records could not exceed 128 bytes. Requested by Brad Knowles of America On Line. Restore use of IDENT returns where the OSTYPE field equals "OTHER". Urged by Dan Bernstein of U.C. Berkeley. Print q_statdate and q_specificity in address structure debugging printout. Expand MCI structure flag bits for debugging output. Support IPv6-style domain literals, which can have colons between square braces. Log open file descriptors for the "cannot dup" messages in deliver(); this is an attempt to track down a bug that one person seems to be having (it may be a Solaris bug!). DSN NOTIFY parameters were not properly propagated across queue runs; this caused the NOTIFY info to sometimes be lost. Problem pointed out by Claus Assmann of the Christian-Albrechts-University of Kiel. The statistics gathered in the sendmail.st file were too high; in some cases failures (e.g., user unknown or temporary failure) would count as a delivery as far as the statistics were concerned. Problem noted by Tom Moore of AT&T GIS. Systems that don't have flock() would not send split envelopes in the initial run. Problem pointed out by Leonard Zubkoff of Dandelion Digital. Move buffer overflow checking -- these primarily involve distrusting results that may come from NIS and DNS. 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't include and hence had the wrong pathnames for a few things like /var/tmp. Reported by Matthew Green. Conditions were reversed for the Priority: header, resulting in all values being interpreted as non-urgent except for non-urgent, which was interpreted as normal. Patch from Bryan Costales. The -o (optional) flag was being ignored on hash and btree maps since 8.7.2. Fix from Bryan Costales. Content-Types listed in class "q" will always be encoded as Quoted-Printable (or more accurately, will never be encoded as base64). The class can have primary types (e.g., "text") or full types (e.g., "text/plain"). Based on a suggestion by Marius Olafsson of the University of Iceland. Define ${envid} to be the original envelope id (from the ESMTP DSN dialogue) so it can be passed to programs in mailers. Define ${bodytype} to be the body type (from the -B flag or the BODY= ESMTP parameter) so it can be passed to programs in mailers. Cause the VRFY command to return 252 instead of 250 unless the F=q flag is set in the mailer descriptor. Suggested by John Myers of CMU. Implement ESMTP ETRN command to flush the queue for a specific host. The command takes a host name; data for that host is immediately (and asynchronously) flushed. Because this shares the -qR implementation, other hosts may be attempted, but there should be no security implications. Implementation from John Beck of InReference, Inc. See RFC 1985 for details. Add three new command line flags to pass in DSN parameters: -V envid (equivalent to ENVID=envid on the MAIL command), -R ret (equivalent to RET=ret on the MAIL command), and -Nnotify (equivalent to NOTIFY=notify on the RCPT command). Note that the -N flag applies to all recipients; there is no way to specify per-address notifications on the command line, nor is there an equivalent for the ORCPT= per-address parameter. Restore LogLevel option to be safe (it can only be increased); apparently I went into paranoid mode between 8.6 and 8.7 and made it unsafe. Pointed out by Dabe Murphy of the University of Maryland. New logging on log level 15: all SMTP traffic. Patches from Andrew Gross of San Diego Supercomputer Center. NetInfo property value searching code wasn't stopping when it found a match. This was causing the wrong values to be found (and had a memory leak). Found by Bastian Schleuter of TU-Berlin. Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed out by Bill Wisner of Electronics for Imaging that you can't use the bracket address form for the MAIL_HUB macro, since that causes the brackets to remain in the envelope recipient address used for delivery. The simple fix (stripping off the brackets in the config file) breaks the use of IP literal addresses. This flag will solve that problem. Add MustQuoteChars option. This is a list of characters that must be quoted if they are found in the phrase part of an address (that is, the full name part). The characters @,;:\()[] are always in this list and cannot be removed. The default is this list plus . and ' to match RFC 822. Add AllowBogusHELO option; if set, sendmail will allow HELO commands that do not include a host name for back compatibility with some stupid SMTP clients. Setting this violates RFC 1123 section 5.2.5. Add MaxDaemonChildren option; if this is set, sendmail will start rejecting connections if it has more than this many outstanding children accepting mail. Note that you may see more processes than this because of outgoing mail; this is for incoming connections only. Add ConnectionRateThrottle option. If set to a positive value, the number of incoming SMTP connections that will be permitted in a single second is limited to this number. Connections are not refused during this time, just deferred. The intent is to flatten out demand so that load average limiting can kick in. It is less radical than MaxDaemonChildren, which will stop accepting connections even if all the connections are idle (e.g., due to connection caching). Add Timeout.hoststatus option. This interval (defaulting to 30m) specifies how long cached information about the state of a host will be kept before they are considered stale and the host is retried. If you are using persistent host status (i.e., the HostStatusDirectory option is set) this will apply between runs; otherwise, it applies only within a single queue run and hence is useful only for hosts that have large queues that take a very long time to run. Add SingleLineFromHeader option. If set, From: headers are coerced into being a single line even if they had newlines in them when read. This is to get around a botch in Lotus Notes. Text class maps were totally broken -- if you ever retrieved the last item in a table it would be truncated. Problem noted by Gregory Neil Shapiro of WPI. Extend the lines printed by the mailq command (== the -bp flag) when -v is given to 120 characters; this allows more information to be displayed. Suggested by Gregory Neil Shapiro of WPI. Allow macro definitions (`D' lines) with unquoted commas; previously this was treated as end-of-input. Problem noted by Bryan Costales. The RET= envelope parameter (used for DSNs) wasn't properly written to the queue file. Fix from John Hughes of Atlantic Technologies, Inc. Close /var/tmp/dead.letter after a successful write -- otherwise if this happens in a queue run it can cause nasty delays. Problem noted by Mark Horton of AT&T. If userdb entries pointed to userdb entries, and there were multiple values for a given key, the database cursor would get trashed by the recursive call. Problem noted by Roy Mongiovi of Georgia Tech. Fixed by reading all the values and creating a comma-separated list; thus, the -v output will be somewhat different for this case. Fix buffer allocation problem with Hesiod-based userdb maps when HES_GETMAILHOST is defined. Based on a patch by Betty Lee of Stanford University. When envelopes were split due to aliases with owner- aliases, and there was some error on one of the lists, more than one of the owners would get the message. Problem pointed out by Roy Mongiovi of Georgia Tech. Detect excessive recursion in macro expansions, e.g., $X defined in terms of $Y which is defined in terms of $X. Problem noted by Bryan Costales; patch from Eric Wassenaar. When using F=U to get "ugly UUCP" From_ lines, a buffer could in some cases get trashed causing bogus From_ lines. Fix from Kyle Jones of UUNET. When doing load average initialization, if the nlist call for avenrun failed, the second and subsequent lookups wouldn't notice that fact causing bogus load averages to be returned. Noted by Casper Dik of Sun Holland. Fix problem with incompatibility with some versions of inet_aton that have changed the return value to unsigned, so a check for an error return of -1 doesn't work. Use INADDR_NONE instead. This could cause mail to addresses such as [foo.com] to bounce or get dropped. Problem noted by Christophe Wolfhugel of the Pasteur Institute. DSNs were inconsistent if a failure occurred during the DATA phase rather than the RCPT phase: the Action: would be correct, but the detailed status information would be wrong. Problem noted by Bob Snyder of General Electric Company. Add -U command line flag and the XUSR ESMTP extension, both indicating that this is the initial MUA->MTA submission. The flag current does nothing, but in future releases (when MUAs start using these flags) it will probably turn on things like DNS canonification. Default end-of-line string (E= specification on mailer [M] lines) to \r\n on SMTP mailers. Default remains \n on non-SMTP mailers. Change the internal definition for the *file* and *include* mailers to have $u in the argument vectors so that they aren't misinterpreted as SMTP mailers and thus use \r\n line termination. This will affect anyone who has redefined either of these in their configuration file. Don't assume that IDENT servers close the connection after a query; responses can be newline terminated. From Terry Kennedy of St. Peter's College. Avoid core dumps on erroneous configuration files that have $#mailer with nothing following. From Bryan Costales. Avoid null pointer dereference with high debug values in unlockqueue. Fix from Randy Martin of Clemson University. Fix possible buffer overrun when expanding very large macros. Fix from Kyle Jones of UUNET. After 25 EXPN or VRFY commands, start pausing for a second before processing each one. This avoids a certain form of denial of service attack. Potential attack pointed out by Bryan Costales. Allow new named (not numbered!) config file rules to do validity checking on SMTP arguments: check_mail for MAIL commands and check_rcpt for RCPT commands. These rulesets can do anything they want; their result is ignored unless they resolve to the $#error mailer, in which case the indicated message is printed and the command is rejected. Similarly, the check_compat ruleset is called before delivery with "from_addr $| to_addr" (the $| is a meta-symbol used to separate the two addresses); it can give a "this sender can't send to this recipient" notification. Note that this patch allows $| to stand alone in rulesets. Define new macros ${client_name}, ${client_addr}, and ${client_port} that have the name, IP address, and port number (respectively) of the SMTP client (that is, the entity at the other end of the connection. These can be used in (e.g.) check_rcpt to verify that someone isn't trying to relay mail through your host inappropriately. Be sure to use the deferred evaluation form, for example $&{client_name}, to avoid having these bound when sendmail reads the configuration file. Add new config file rule check_relay to check the incoming connection information. Like check_compat, it is passed the host name and host address separated by $| and can reject connections on that basis. Allow IDA-style recursive function calls. Code contributed by Mark Lovell and Paul Vixie. Eliminate the "No ! in UUCP From address!" message" -- instead, create a virtual UUCP address using either a domain address or the $k macro. Based on code contributed by Mark Lovell and Paul Vixie. Add Stanford LDAP map. Requires special libraries that are not included with sendmail. Contributed by Booker C. Bense ; contact him for support. See also the src/READ_ME file. Allow -dANSI to turn on ANSI escape sequences in debug output; this puts metasymbols (e.g., $+) in reverse video. Really useful only for debugging deep bits of code where it is important to distinguish between the single-character metasymbol $+ and the two characters $, +. Changed ruleset 89 (executed in dumpstate()) to a named ruleset, debug_dumpstate. Add new UnsafeGroupWrites option; if set, .forward and :include: files that are group writable are considered "unsafe" -- that is, programs and files referenced from such files are not valid recipients. Delete bogosity test for FallBackMX host; this prevented it to be a name that was not in DNS or was a domain-literal. Problem noted by Tom May. Change the introduction to error messages to more clearly delineate permanent from temporary failures; if both existed in a single message it could be confusing. Suggested by John Beck of InReference, Inc. The IngoreDot (i) option didn't work for lines that were terminated with CRLF. Problem noted by Ted Stockwell of Secure Computing Corporation. Add a heuristic to improve the handling of unbalanced `<' signs in message headers. Problem reported by Matt Dillon of Best Internet Communications. Check for bogus characters in the 0200-0237 range; since these are used internally, very strange errors can occur if those characters appear in headers. Problem noted by Anders Gertz of Lysator. Implement 7 -> 8 bit MIME conversions. This only takes place if the recipient mailer has the F=9 flag set, and only works on text/plain body types. Code contributed by Marius Olafsson of the University of Iceland. Special case "postmaster" name so that it is always treated as lower case in alias files regardless of configuration settings; this prevents some potential problems where "Postmaster" or "POSTMASTER" might not match "postmaster". In most cases this change is a no-op. The -o map flag was ignored for text maps. Problem noted by Bryan Costales. The -a map flag was ignored for dequote maps. Problem noted by Bryan Costales. Fix core dump when a lookup of a class "prog" map returns no response. Patch from Bryan Costales. Log instances where sendmail is deferring or rejecting connections on LogLevel 14. Suggested by Kyle Jones of UUNET. Include port number in process title for network daemons. Suggested by Kyle Jones of UUNET. Send ``double bounces'' (errors that occur when sending an error message) to the address indicated in the DoubleBounceAddress option (default: postmaster). Previously they were always sent to postmaster. Suggested by Kyle Jones of UUNET. Add new mode, -bD, that acts like -bd in all respects except that it runs in foreground. This is useful for using with a wrapper that "watches" system services. Suggested by Kyle Jones of UUNET. Fix botch in spacing around (parenthesized) comments in addresses when the comment comes before the address. Patch from Motonori Nakamura of Kyoto University. Use the prefix "Postmaster notify" on the Subject: lines of messages that are being bounced to postmaster, rather than "Returned mail". This permits the person who is postmaster more easily determine what messages are to their role as postmaster versus bounces to mail they actually sent. Based on a suggestion by Motonori Nakamura. Add new value "time" for QueueSortOrder option; this causes the queue to be sorted strictly by the time of submission. Note that this can cause very bad behavior over slow lines (because large jobs will tend to delay small jobs) and on nodes with heavy traffic (because old things in the queue for hosts that are down delay processing of new jobs). Also, this does not guarantee that jobs will be delivered in submission order unless you also set DeliveryMode=queue. In general, it should probably only be used on the command line, and only in conjunction with -qRhost.domain. In fact, there are very few cases where it should be used at all. Based on an implementation by Motonori Nakamura. If a map lookup in ruleset 5 returns tempfail, queue the message in the same manner as other rulesets. Previously a temporary failure in ruleset 5 was ignored. Patch from Booker Bense of Stanford University. Don't proceed to the next MX host if an SMTP MAIL command returns a 5yz (permanent failure) code. The next MX host will still be tried if the connection cannot be opened in the first place or if the MAIL command returns a 4yz (temporary failure) code. (It's hard to know what to do here, since neither RFC 974 nor RFC 1123 specify when to proceed to the next MX host.) Suggested by Jonathan Kamens of OpenVision, Inc. Add new "-t" flag for map definitions (the "K" line in the .cf file). This causes map lookups that get a temporary failure (e.g., name server failure) to _not_ defer the delivery of the message. This should only be used if your configuration file is prepared to do something sensible in this case. Based on an idea by Gregory Shapiro of WPI. Fix problem finding network interface addresses. Patch from Motonori Nakamura. Don't reject qf entries that are not owned by your effective uid if you are not running setuid; this makes management of certain kinds of firewall setups difficult. Patch suggested by Eamonn Coleman of Qualcomm. Add persistent host status. This keeps the information normally maintained within a single queue run in disk files that are shared between sendmail instances. The HostStatusDirectory is the directory in which the information is maintained. If not set, persistent host status is turned off. If not a full pathname, it is relative to the queue directory. A common value is ".hoststat". There are also two new operation modes: * -bh prints the status of hosts that have had recent connections. * -bH purges the host statuses. No attempt is made to save recent status information. This feature was originally written by Paul Vixie of Vixie Enterprises for KJS and adapted for V8 by Mark Lovell of Bigrock Consulting. Paul's funding of Mark and Mark's patience with my insistence that things fit cleanly into the V8 framework is gratefully appreciated. New SingleThreadDelivery option (requires HostStatusDirectory to operate). Avoids letting two sendmails on the local machine open connections to the same remote host at the same time. This reduces load on the other machine, but can cause mail to be delayed (for example, if one sendmail is delivering a huge message, other sendmails won't be able to send even small messages). Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce ConnectionCacheSize to avoid running out of per-process file descriptors. Based on the persistent host status code contributed by Paul Vixie and Mark Lovell. Allow sending to non-simple files (e.g., /dev/null) even if the SafeFileEnvironment option is set. Problem noted by Bryan Costales. The -qR flag mistakenly matched flags in the "R" line of the queue file. Problem noted by Bryan Costales. If a job was aborted using the interrupt signal (e.g., control-C from the keyboard), on some occasions an empty df file would be left around; these would collect in the queue directory. Problem noted by Bryan Costales. Change the makesendmail script to enhance the search for Makefiles based on release number. For example, on SunOS 5.5.1, it will search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then Makefile.SunOS.5.x (in addition to the other rules, e.g., adding $arch). Problem noted by Jason Mastaler of Atlanta Webmasters. When creating maps using "newaliases", always map the keys to lower case when creating the map unless the -f flag is specified on the map itself. Previously this was done based on the F=u flag in the local mailer, which meant you could create aliases that you could never access. Problem noted by Bob Wu of DEC. When a job was read from the queue, the bits causing notification on failure or delay were always set. This caused those notifications to be sent even if NOTIFY=NEVER had been specified. Problem noted by Steve Hubert of the University of Washington, Seattle. Add new configurable routine validate_connection (in conf.c). This lets you decide if you are willing to accept traffic from this host. If it returns FALSE, all SMTP commands will return "550 Access denied". -DTCPWRAPPERS will include support for TCP wrappers; you will need to add -lwrap to the link line. (See src/READ_ME for details.) Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster bounces. Some people seemed to think that this could be confusing (even though it is true). Suggested by Motonori Nakamura. Add new RunAsUser option; this causes sendmail to do a setuid to that user early in processing to avoid potential security problems. However, this means that all .forward and :include: files must be readable by that user, and all files to be written must be writable by that user and all programs will be executed by that user. It is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security. However, it should be useful on firewalls and other places where users don't have accounts and the aliases file is well constrained. Add Timeout.iconnect. This is like Timeout.connect except it is used only on the first attempt to delivery to an address. It could be set to be lower than Timeout.connect on the principle that the mail should go through quickly to responsive hosts; less responsive hosts get to wait for the next queue run. Fix a problem on Solaris that occasionally causes programs (such as vacation) to hang with their standard input connected to a UDP port. It also created some signal handling problems. The problems turned out to be an interaction between vfork(2) and some of the libraries, particularly NIS/NIS+. I am indebted to Tor Egge for this fix. Change user class map to do the same matching that actual delivery will do instead of just a /etc/passwd lookup. This adds fuzzy matching to the user map. Patch from Dan Oscarsson. The Timeout.* options are not safe -- they can be used to create a denial-of-service attack. Problem noted by Christophe Wolfhugel. Don't send PostmasterCopy messages in the event of a "delayed" notification. Suggested by Barry Bouwsma. Don't advertise "VERB" ESMTP extension if the "noexpn" privacy option is set, since this disables VERB mode. Suggested by John Hawkinson of MIT. Complain if the QueueDirectory (Q) option is not set. Problem noted by Motonori Nakamura of Kyoto University. Only queue messages on transient .forward open failures if there were no successful opens. The previous behavior caused it to queue even if a "fall back" .forward was found. Problem noted by Ann-Kian Yeo of the Dept. of Information Systems and Computer Science (DISCS), NUS, Singapore. Don't do 8->7 bit conversions when bouncing a MIME message that is bouncing because of a MIME error during 8->7 bit conversion; the encapsulated message will bounce again, causing a loop. Problem noted by Steve Hubert of the University of Washington. Create xf (transcript) files using the TempFileMode option value instead of 0644. Suggested by Ann-Kian Yeo of the National University of Singapore. Print errors if setgid/setuid/etc. fail during delivery. This helps detect cases where DefaultUid is set to something that the system can't cope with. PORTABILITY FIXES: Support for AIX/RS 2.2.1 from Mark Whetzel of Western Atlas International. Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell . On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only work on the first recipient of a message due to a bug in the getpwent family. If this is something you use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a workaround. From Maximum Entropy of Sanford C. Bernstein and Associates. FreeBSD 1.1.5.1 uname -r returns a string containing parentheses, which breaks makesendmail. Reported by Piero Serini . Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of Systems and Computer Technology Corporation. Solaris 2.x: omit the UUCP grade parameter (-g flag) because it is system-dependent. Problem noted by J.J. Bailey of Bailey Computer Consulting. Pyramid NILE running DC/OSx support from Earle F. Ake of Hassler Communication Systems Technology, Inc. HP-UX 10.x compile glitches, reported by Anne Brink of the U.S. Army and James Byrne of Harte & Lyne Limited. NetBSD from Matthew Green of the NetBSD crew. SCO 5.x from Keith Reynolds of SCO. IRIX 6.2 from Robert Tarrall of the University of Colorado and Kari Hurtta of the Finnish Meteorological Institute. UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. Lopez, CICA (Seville). NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. PTX 3.2.0 from Kenneth Stailey of the US Department of Labor Employment Standards Administration. Altos System V (5.3.1) from Tim Rice of Multitalents. Concurrent Systems Corporation Maxion from Donald R. Laster Jr. NetInfo maps (improved debugging and multi-valued aliases) from Adrian Steinmann of Steinmann Consulting. ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) from Eric Schnoebelen of Convex. Linux 2.0 mail.local patches from Horst von Brand. NEXTSTEP 3.x compilation from Robert La Ferla. NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. Solaris 2.5 configuration fixes for mail.local by Jim Davis of the University of Arizona. Solaris 2.5 has a working setreuid. Noted by David Linn of Vanderbilt University. Solaris changes for praliases, makemap, mailstats, and smrsh. Previously you had to add -DSOLARIS in Makefile.dist; this auto-detects. Based on a patch from Randall Winchester of the University of Maryland. CONFIG: add generic-nextstep3.3.mc file. Contributed by Robert La Ferla of Hot Software. CONFIG: allow mailertables to resolve to ``error:code message'' (where "code" is an exit status) on domains (previously worked only on hosts). Patch from Cor Bosman of Xs4all Foundation. CONFIG: hooks for IPv6-style domain literals. CONFIG: predefine ALIAS_FILE and change the prototype file so that if it is undefined the AliasFile option is never set; this should be transparent for most everyone. Suggested by John Myers of CMU. CONFIG: add FEATURE(limited_masquerade). Without this feature, any domain listed in $=w is masqueraded. With it, only those domains listed in a MASQUERADE_DOMAIN macro are masqueraded. CONFIG: add FEATURE(masquerade_entire_domain). This causes masquerading specified by MASQUERADE_DOMAIN to apply to all hosts under those domains as well as the domain headers themselves. For example, if a configuration had MASQUERADE_DOMAIN(foo.com), then without this feature only foo.com would be masqueraded; with it, *.foo.com would be masqueraded as well. Based on an implementation by Richard (Pug) Bainter of U. Texas. CONFIG: add FEATURE(genericstable) to do a more general rewriting of outgoing addresses. Defaults to ``hash -o /etc/genericstable''. Keys are user names; values are outgoing mail addresses. Yes, this does overlap with the user database, and figuring out just when to use which one may be tricky. Based on code contributed by Richard (Pug) Bainter of U. Texas with updates from Per Hedeland of Ericsson. CONFIG: add FEATURE(virtusertable) to do generalized rewriting of incoming addresses. Defaults to ``hash -o /etc/virtusertable''. Keys are either fully qualified addresses or just the host part (with the @ sign). For example, a table containing: info@foo.com foo-info info@bar.com bar-info @baz.org jane@elsewhere.net would send all mail destined for info@foo.com to foo-info (which is presumably an alias), mail addressed to info@bar.com to bar-info, and anything addressed to anyone at baz.org will be sent to jane@elsewhere.net. The names foo.com, bar.com, and baz.org must all be in $=w. Based on discussions with a great many people. CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. Suggested by Richard Bainter. CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the "fax" mailer. CONFIG: allow mailertable entries to resolve to local:user; this passes the original user@host in to procmail-style local mailers as the "detail" information to allow them to do additional clever processing. From Joe Pruett of Teleport Corporation. Delivery to the original user can be done by specifying "local:" (with nothing after the colon). CONFIG: allow any context that takes "mailer:domain" to also take "mailer:user@domain" to force mailing to the given user; "local:user" can also be used to do local delivery. This applies on *_RELAY and in the mailertable entries. Based on a suggestion by Ribert Kiessling of Easynet. CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that limits the possible domains; this reduces the number of DNS lookups required to support this feature. For example, FEATURE(bestmx_is_local, my.site.com) limits the lookups to domains under my.site.com. Code contributed by Anthony Thyssen . CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, such as the check_rcpt ruleset. Suggested by Gregory Shapiro of WPI. CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the event you have to define local mailers. Suggested by Gregory Shapiro of WPI. CONFIG: fix cases where a three- (or more-) stage route-addr could be misinterpreted as a list:...; syntax. Based on a patch by Vlado Potisk . CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is remotely connected. The address host!user was being converted to host!user@thishost instead of host!user@uurelay. Problem noted by William Gianopoulos of Raytheon Company. CONFIG: add confTO_ICONNECT to set Timeout.iconnect. CONFIG: change FEATURE(redirect) message from "User not local" to "User has moved"; the former wording was confusing if the new address is still on the local host. Based on a suggestion by Andreas Luik. CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). However, the class is not pre-initialized to contain root. Suggested by Gregory Neil Shapiro. CONTRIB: Remove XLA code at the request of the author, Christophe Wolfhugel. CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note well: this produces a slightly different mailbox format (no Content-Length: headers), file ownerships and modes are different (not owned by group mail; mode 600 instead of 660), and the local mailer flags will have to be tweaked (make them match bsd4.4) in order to use this mailer. Patches from Paul Hammann of the Missouri Research and Education Network. MAIL.LOCAL: in some cases it could return EX_OK even though there was a delivery error, such as if the ownership on the file was wrong or the mode changed between the initial stat and the open. Problem reported by William Colburn of the New Mexico Institute of Mining and Technology. MAILSTATS: handle zero length files more reliably. Patch from Bryan Costales. MAILSTATS: add man page contributed by Keith Bostic of BSDI. MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't honored. Fix from Michael Scott Shappe. PRALIASES: add man page contributed by Keith Bostic of BSDI. NEW FILES: src/Makefiles/Makefile.AIX.2 src/Makefiles/Makefile.IRIX.6.2 src/Makefiles/Makefile.maxion src/Makefiles/Makefile.NCR.MP-RAS.3.x src/Makefiles/Makefile.SCO.5.x src/Makefiles/Makefile.UXPDSV20 mailstats/mailstats.8 praliases/praliases.8 cf/cf/generic-nextstep3.3.mc cf/feature/genericstable.m4 cf/feature/limited_masquerade.m4 cf/feature/masquerade_entire_domain.m4 cf/feature/virtusertable.m4 cf/ostype/aix2.m4 cf/ostype/altos.m4 cf/ostype/maxion.m4 cf/ostype/solaris2.ml.m4 cf/ostype/uxpds.m4 contrib/re-mqueue.pl DELETED FILES: src/Makefiles/Makefile.Solaris contrib/xla/README contrib/xla/xla.c RENAMED FILES: src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 8.7.6/8.7.3 1996/09/17 SECURITY: It is possible to force getpwuid to fail when writing the queue file, causing sendmail to fall back to running programs as the default user. This is not exploitable from off-site. Workarounds include using a unique user for the DefaultUser (old u & g options) and using smrsh as the local shell. SECURITY: fix some buffer overruns; in at least one case this allows a local user to get root. This is not known to be exploitable from off-site. The workaround is to disable chfn(1) commands. 8.7.5/8.7.3 1996/03/04 Fix glitch in 8.7.4 when putting certain internal lines; this can in some case cause connections to hang or messages to have extra spaces in odd places. Patch from Eric Wassenaar; reports from Eric Hall of Chiron Corporation, Stephen Hansen of Stanford University, Dean Gaudet of HotWired, and others. 8.7.4/8.7.3 1996/02/18 SECURITY: In some cases it was still possible for an attacker to insert newlines into a queue file, thus allowing access to any user (except root). CONFIG: no changes -- it is not a bug that the configuration version number is unchanged. 8.7.3/8.7.3 1995/12/03 Fix botch in name server timeout in RCPT code; this problem caused two responses in SMTP, which breaks things horribly. Fix from Gregory Neil Shapiro of WPI. Verify that L= value on M lines cannot be negative, which could cause negative array subscripting. Not a security problem since this has to be in the config file, but it could have caused core dumps. Pointed out by Bryan Costales. Fix -d21 debug output for long macro names. Pointed out by Bryan Costales. PORTABILITY FIXES: SCO doesn't have ftruncate. From Bill Aten of Computerizers. IBM's version of arpa/nameser.h defaults to the wrong byte order. Tweak it to work properly. Based on fixes from Fletcher Mattox of UTexas and Betty Lee of Stanford University. CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. Deficiency pointed out by Bryan Costales of ICSI. 8.7.2/8.7.2 1995/11/19 REALLY fix the backslash escapes in SmtpGreetingMessage, OperatorChars, and UnixFromLine options. They were not properly repaired in 8.7.1. Completely delete the Bcc: header if and only if there are other valid recipient headers (To:, Cc: or Apparently-To:, the last being a historic botch, of course). If Bcc: is the only recipient header in the message, its value is tossed, but the header name is kept. The old behavior (always keep the header name and toss the value) allowed primary recipients to see that a Bcc: went to _someone_. Include queue id on ``Authentication-Warning: : set sender to
using -f'' syslog messages. Suggested by Kari Hurtta. If a sequence or switch map lookup entry gets a tempfail but then continues on to another map type, but the name is not found, return a temporary failure from the sequence or switch map. For example, if hosts search ``dns files'' and DNS fails with a tempfail, the hosts map will go on and search files, but if it fails the whole thing should be a tempfail, not a permanent (host unknown) failure, even though that is the failure in the hosts.files map. This error caused hard bounces when it should have requeued. Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo owned by bar mode 700 and inbox being setuid bar stopped working properly due to excessive paranoia. Pointed out by John Hawkinson of Panix. An SMTP RCPT command referencing a host that gave a nameserver timeout would return a 451 command (8.6 accepted it and queued it locally). Revert to the 8.6 behavior in order to simplify queue management for clustered systems. Suggested by Gregory Neil Shapiro of WPI. The same problem could break MH, which assumes that the SMTP session will succeed (tsk, tsk -- mail gets lost!); this was pointed out by Stuart Pook of Infobiogen. Fix possible buffer overflow in munchstring(). This was not a security problem because you couldn't specify any argument to this without first giving up root privileges, but it is still a good idea to avoid future problems. Problem noted by John Hawkinson and Sam Hartman of MIT. ``452 Out of disk space for temp file'' messages weren't being printed. Fix from David Perlin of Nanosoft. Don't advertise the ESMTP DSN extension if the SendMimeErrors option is not set, since this is required to get the actual DSNs created. Problem pointed out by John Gardiner Myers of CMU. Log permission problems that cause .forward and :include: files to be untrusted or ignored on log level 12 and higher. Suggested by Randy Martin of Clemson University. Allow user ids in U= clauses of M lines to have hyphens and underscores. Fix overcounting of recipients -- only happened when sending to an alias. Pointed out by Mark Andrews of SGI and Jack Woolley of Systems and Computer Technology Corporation. If a message is sent to an address that fails, the error message that is returned could show some extraneous "success" information included even if the user did not request success notification, which was confusing. Pointed out by Allan Johannesen of WPI. Config files that had no AliasFile definition were defaulting to using /etc/aliases; this caused problems with nullclient configurations. Change it back to the 8.6 semantics of having no local alias file unless it is declared. Problem noted by Charles Karney of Princeton University. Fix compile problem if NOTUNIX is defined. Pointed out by Bryan Costales of ICSI. Map lookups of class "userdb" maps were always case sensitive; they should be controlled by the -f flag like other maps. Pointed out by Bjart Kvarme . Fix problem that caused some addresses to be passed through ruleset 5 even when they were tagged as "sticky" by prefixing the address with an "@". Patch from Thomas Dwyer III of Michigan Technological University. When converting a message to Quoted-Printable, prevent any lines with dots alone on a line by themselves. This is because of the preponderance of broken mailers that still get this wrong. Code contributed by Per Hedeland of Ericsson. Fix F{macro}/file construct -- it previously did nothing. Pointed out by Bjart Kvarme of USIT/UiO (Norway). Announce whether a cached connection is SMTP or ESMTP (in -v mode). Requested by Allan Johannesen. Delete check for text format of alias files -- it should be legal to have the database format of the alias files without the text version. Problem pointed out by Joe Rhett of Navigist, Inc. If "Ot" was specified with no value, the TZ variable was not properly imported from the environment. Pointed out by Frank Crawford . Some architectures core dumped on "program" maps that didn't have extra arguments. Patch from Booker C. Bense of Stanford University. Queue run processes would re-spawn daemons when given a SIGHUP; only the parent should do this. Fix from Brian Coan of the Association for Progressive Communications. If MinQueueAge was set and a message was considered but not run during a queue run and the Timeout.queuereturn interval was reached, a "timed out" error message would be returned that didn't include the failed address (and claimed to be a warning even though it was fatal). The fix is to not return such messages until they are actually tried, i.e., in the next MinQueueAge interval. Problem noted by Rein Tollevik of SINTEF RUNIT, Oslo. Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions that have the hes_getmailhost() routine. DEC Hesiod distributions do not have this routine. Based on a patch from Betty Lee of Stanford University. Extensive cleanups to map open code to handle a locking race condition in ndbm, hash, and btree format database files on some (most non-4.4-BSD based) OS architectures. This should solve the occasional "user unknown" problem during alias rebuilds that has plagued me for quite some time. Based on a patch from Thomas Dwyer III of Michigan Technological University. PORTABILITY FIXES: Solaris: Change location of newaliases and mailq from /usr/ucb to /usr/bin to match Sun settings. From James B. Davis of TCI. DomainOS: Makefile.DomainOS doesn't require -ldbm. From Don Lewis of Silicon Systems. HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x so that the makesendmail script will find it. Pointed out by Richard Allen of the University of Iceland. Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which isn't supported on all compilers. UXPDS: compilation fixes from Diego R. Lopez. CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. CONFIG: Minor glitch in S21 -- attachment of local domain name didn't have trailing dot. From Jim Hickstein of Teradyne. CONFIG: Fix best_mx_is_local feature to allow nested addresses such as user%host@thishost. From Claude Scarpelli of Infobiogen (France). CONFIG: OSTYPE(hpux10) failed to define the location of the help file. Pointed out by Hannu Martikka of Nokia Telecommunications. CONFIG: Diagnose some inappropriate ordering in configuration files, such as FEATURE(smrsh) listed after MAILER(local). Based on a bug report submitted by Paul Hoffman of Proper Publishing. CONFIG: Make OSTYPE files consistently not override settings that have already been set. Previously it worked differently for different files. CONFIG: Change relay mailer to do masquerading like 8.6 did. My take is that this is wrong, but the change was causing problems for some people. From Per Hedeland of Ericsson. CONTRIB: bitdomain.c patch from John Gardiner Myers ; portability changes for Posix environments (no functional changes). 8.7.1/8.7.1 1995/10/01 Old macros that have become options (SmtpGreetingMessage, OperatorChars, and UnixFromLine) didn't allow backslash escapes in the options, where they previously had. Bug pointed out by John Hawkinson of MIT. Fix strange case of an executable called by a program map that returns a value but also a non-zero exit status; this would give contradictory results in the higher level; in particular, the default clause in the map lookup would be ignored. Change to ignore the value if the program returns non-zero exit status. From Tom Moore of AT&T GIS. Shorten parameters passed to syslog() in some contexts to avoid a bug in many vendors' implementations of that routine. Although this isn't really a bug in sendmail per se, and my solution has to assume that syslog() has at least a 1K buffer size internally (I know some vendors have shortened this dramatically -- they're on their own), sendmail is a popular target. Also, limit the size of %s arguments in sprintf. These both have possible security implications. Solutions suggested by Casper Dik of Sun's Network Security Group (Holland), Mark Seiden, and others. Fix a problem that might cause a non-standard -B (body type) parameter to be passed to the next server with undefined results. This could have security implications. If a filesystem was at > 100% utilization, the freediskspace() routine incorrectly returned an error rather than zero. Problem noted by G. Paul Ziemba of Alantec. Change MX sort order so that local hostnames (those in $=w) always sort first within a given preference. This forces the bestmx map to always return the local host first, if it is included in the list of highest priority MX records. From K. Robert Elz. Avoid some possible null pointer dereferences. Fixes from Randy Martin When sendmail starts up on systems that have no fully qualified domain name (FQDN) anywhere in the first matching host map (e.g., /etc/hosts if the hosts service searches "files dns"), sendmail would sleep to try to find a FQDN, which it really really needs. This has been changed to fall through to the next map type if it can't find a FQDN -- i.e., if the hosts file doesn't have a FQDN, it will try dns even though the short name was found in /etc/hosts. This is probably a crock, but many people have hosts files without FQDNs. Remember: domain names are your friends. Log a high-priority message if you can't find your FQDN during startup. Suggested by Simon Barnes of Schlumberger Limited. When using Hesiod, initialize it early to improve error reporting. Patch from Don Lewis of Silicon Systems, Inc. Apparently at least some versions of Linux have a 90 !minute! TCP connection timeout in the kernel. Add a new "connect" timeout to limit this time. Defaults to zero (use whatever the kernel provides). Based on code contributed by J.R. Oldroyd of TerraNet. Under some circumstances, a failed message would not be properly removed from the queue, causing tons of bogus error messages. (This fix eliminates the problematic EF_KEEPQUEUE flag.) Problem noted by Allan E Johannesen and Gregory Neil Shapiro of WPI. PORTABILITY FIXES: On IRIX 5.x, there was an inconsistency in the setting of sendmail.st location. Change the Makefile to install it in /var/sendmail.st to match the OSTYPE file and SGI standards. From Andre . Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) from Diego R. Lopez . Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. LUNA 2 Mach patches from Motonori Nakamura. SunOS Makefile was including -ldbm, which is for the old dbm library. The ndbm library is part of libc. CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with ``local configuration error'' in nullclient configuration. Patch from Gregory Neil Shapiro of WPI. CONFIG: don't allow an alias file in nullclient configurations -- since all addresses are relayed, they give errors during rebuild. Suggested by Per Hedeland of Ericsson. CONFIG: local mailer on Solaris 2 should always get a -f flag because otherwise the F=S causes the From_ line to imply that root is the sender. Problem pointed out by Claude Scarpelli of Infobiogen (France). NEW FILES: cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) src/Makefiles/Makefile.UXPDS 8.7/8.7 1995/09/16 Fix a problem that could cause sendmail to run out of file descriptors due to a trashed data structure after a vfork. Fix from Brian Coan of the Institute for Global Communications. Change the VRFY response if you have disabled VRFY -- some people seemed to think that it was too rude. Avoid reference to uninitialized file descriptor if HASFLOCK was not defined. This was used "safely" in the sense that it only did a stat, but it would have set the map modification time improperly. Problem pointed out by Roy Mongiovi of Georgia Tech. Clean up the Subject: line on warning messages and return receipts so that they don't say "Returned mail:"; this can be confusing. Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is useful enough to make it worthwhile printing on "-d". Avoid logging alias statistics every time you read the alias file on systems with no database method compiled in. If you have a name with a trailing dot, and you try looking it up using gethostbyname without the dot (for /etc/hosts compatibility), be sure to turn off RES_DEFNAMES and RES_DNSRCH to avoid finding the wrong name accidentally. Problem noted by Charles Amos of the University of Maryland. Don't do timeouts in collect if you are not running SMTP. There is nothing that says you can't have a long running program piped into sendmail (possibly via /bin/mail, which just execs sendmail). Problem reported by Don "Truck" Lewis of Silicon Systems. Try gethostbyname() even if the DNS lookup fails iff option I is not set. This allows you to have hosts listed in NIS or /etc/hosts that are not known to DNS. It's normally a bad idea, but can be useful on firewall machines. This should really be broken out on a separate flag, I suppose. Avoid compile warnings against BIND 4.9.3, which uses function prototypes. From Don Lewis of Silicon Systems. Avoid possible incorrect diagnosis of DNS-related errors caused by things like attempts to resolve uucp names using $[ ... $] -- the fix is to clear h_errno at appropriate times. From Kyle Jones of UUNET. SECURITY: avoid denial-of-service attacks possible by destroying the alias database file by setting resource limits low. This involves adding two new compile-time options: HASSETRLIMIT (indicating that setrlimit(2) support is available) and HASULIMIT (indicating that ulimit(2) support is available -- the Release 3 form is used). The former is assumed on BSD-based systems, the latter on System V-based systems. Attack noted by Phil Brandenberger of Swarthmore University. New syntaxes in test (-bt) mode: ``.Dmvalue'' will define macro "m" to "value". ``.Ccvalue'' will add "value" to class "c". ``=Sruleset'' will dump the contents of the indicated ruleset. ``=M'' will display the known mailers. ``-ddebug-spec'' is equivalent to the command-line -d debug flag. ``$m'' will print the value of macro $m. ``$=c'' will print the contents of class $=c. ``/mx host'' returns the MX records for ``host''. ``/parse address'' will parse address, returning the value of crackaddr (essentially, the comment information) and the parsed address. ``/try mailer address'' will rewrite address into the form it will have when presented to the indicated mailer. ``/tryflags flags'' will set flags used by parsing. The flags can be `H' for header or `E' for envelope, and `S' for sender or `R' for recipient. These can be combined, so `HR' sets flags for header recipients. ``/canon hostname'' will try to canonify hostname and return the result. ``/map mapname key'' will look up `key' in the indicated `mapname' and return the result. Somewhat better handling of UNIX-domain socket addresses -- it should show the pathname rather than hex bytes. Restore ``-ba'' mode -- this reads a file from stdin and parses the header for envelope sender information and uses CR-LF as message terminators. It was thought to be obsolete (used only for Arpanet NCP protocols), but it turns out that the UK ``Grey Book'' protocols require that functionality. Fix a fix in previous release -- if gethostname and gethostbyname return a name without dots, and if an attempt to canonify that name fails, wait one minute and try again. This can result in an extra 60 second delay on startup if your system hostname (as returned by hostname(1)) has no dot and no names listed in /etc/hosts or your NIS map have a dot. Check for proper domain name on HELO and EHLO commands per RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III of Michigan Technological University. Relax chownsafe rules slightly -- old version said that if you can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, if fpathconf returned EINVAL or ENOSYS), assume that chown is not safe. The new version falls back to whether you are on a BSD system or not. This is important for SunOS, which apparently always returns one of those error codes. This impacts whether you can mail to files or not. Syntax errors such as unbalanced parentheses in the configuration file could be omitted if you had "Oem" prior to the syntax error in the config file. Change to always print the error message. It was especially weird because it would cause a "warning" message to be sent to the Postmaster for every message sent (but with no transcript). Problem noted by Gregory Paris of Motorola. Rewrite collect and putbody to handle full 8-bit data, including zero bytes. These changes are internally extensive, but should have minimal impact on external function. Allow full words for option names -- if the option letter is (apparently) a space, then take the word following -- e.g., O MatchGECOS=TRUE The full list of old and new names is as follows: 7 SevenBitInput 8 EightBitMode A AliasFile a AliasWait B BlankSub b MinFreeBlocks/MaxMessageSize C CheckpointInterval c HoldExpensive D AutoRebuildAliases d DeliveryMode E ErrorHeader e ErrorMode f SaveFromLine F TempFileMode G MatchGECOS H HelpFile h MaxHopCount i IgnoreDots I ResolverOptions J ForwardPath j SendMimeErrors k ConnectionCacheSize K ConnectionCacheTimeout L LogLevel l UseErrorsTo m MeToo n CheckAliases O DaemonPortOptions o OldStyleHeaders P PostmasterCopy p PrivacyOptions Q QueueDirectory q QueueFactor R DontPruneRoutes r, T Timeout S StatusFile s SuperSafe t TimeZoneSpec u DefaultUser U UserDatabaseSpec V FallbackMXHost v Verbose w TryNullMXList x QueueLA X RefuseLA Y ForkEachJob y RecipientFactor z ClassFactor Z RetryFactor The old macros that passed information into sendmail have been changed to options; those correspondences are: $e SmtpGreetingMessage $l UnixFromLine $o OperatorChars $q (deleted -- not necessary) To avoid possible problems with an older sendmail, configuration level 6 is accepted by this version of sendmail; any config file using the new names should specify "V6" in the configuration. Change address parsing to properly note that a phrase before a colon and a trailing semicolon are essentially the same as text outside of angle brackets (i.e., sendmail should treat them as comments). This is to handle the ``group name: addr1, addr2, ..., addrN;'' syntax (it will assume that ``group name:'' is a comment on the first address and the ``;'' is a comment on the last address). This requires config file support to get right. It does understand that :: is NOT this syntax, and can be turned off completely by setting the ColonOkInAddresses option. Level 6 config files added with new mailer flags: A Addresses are aliasable. i Do udb rewriting on envelope as well as header sender lines. Applies to the from address mailer flags rather than the recipient mailer flags. j Do udb rewriting on header recipient addresses. Applies to the sender mailer flags rather than the recipient mailer flags. k Disable check for loops when doing HELO command. o Always run as the mail recipient, even on local delivery. w Check for an /etc/passwd entry for this user. 5 Pass addresses through ruleset 5. : Check for :include: on this address. | Check for |program on this address. / Check for /file on this address. @ Look up sender header addresses in the user database. Applies to the mailer flags for the mailer corresponding to the envelope sender address, rather than to recipient mailer flags. Pre-level 6 configuration files set A, w, 5, :, |, /, and @ on the "local" mailer, the o flag on the "prog" and "*file*" mailers, and the ColonOkInAddresses option. Eight-to-seven bit MIME conversions. This borrows ideas from John Beck of Hewlett-Packard, who generously contributed their implementation to me, which I then didn't use (see mime.c for an explanation of why). This adds the EightBitMode option (a.k.a. `8') and an F=8 mailer flag to control handling of 8-bit data. These have to cope with two types of 8-bit data: unlabelled 8-bit data (that is, 8-bit data that is entered without declaring it as 8-bit MIME -- technically this is illegal according to the specs) and labelled 8-bit data (that is, it was declared as 8BITMIME in the ESMTP session or by using the -B8BITMIME command line flag). If the F=8 mailer flag is set then 8-bit data is sent to non-8BITMIME machines instead of converting to 7 bit (essentially using just-send-8 semantics). The values for EightBitMode are: m convert unlabelled 8-bit input to 8BITMIME, and do any necessary conversion of 8BITMIME to 7BIT (essentially, the full MIME option). p pass unlabelled 8-bit input, but convert labelled 8BITMIME input to 7BIT as required (default). s strict adherence: reject unlabelled 8-bit input, convert 8BITMIME to 7BIT as required. The F=8 flag is ignored. Unlabelled 8-bit data is rejected in mode `s' regardless of the setting of F=8. Add new internal class 'n', which is the set of MIME Content-Types which can not be 8 to 7 bit encoded because of other considerations. Types "multipart/*" and "message/*" are never directly encoded (although their components can be). Add new internal class 's', which is the set of subtypes of the MIME message/* content type that can be treated as though they are an RFC822 message. It is predefined to have "rfc822". Suggested By Kari Hurtta. Add new internal class 'e'. This is the set of MIME Content-Transfer-Encodings that can be converted to a seven bit format (Quoted-Printable or Base64). It is preinitialized to contain "7bit", "8bit", and "binary". Add C=charset mailer parameter and the the DefaultCharSet option (no short name) to set the default character set to use in the Content-Type: header when doing encoding of an 8-bit message which isn't marked as MIME into MIME format. If the C= parameter is set on the Envelope From address, use that as the default encoding; else use the DefaultCharSet option. If neither is set, it defaults to "unknown-8bit" as suggested by RFC 1428 section 3. Allow ``U=user:group'' field in mailer definition to set a default user and group that a mailer will be executed as. This overrides the 'u' and 'g' options, and if the `F=S' flag is also set, it is the uid/gid that will always be used (that is, the controlling address is ignored). The values may be numeric or symbolic; if only a symbolic user is given (no group) that user's default group in the passwd file is used as the group. Based on code donated by Chip Rosenthal of Unicom. Allow `u' option to also accept user:group as a value, in the same fashion as the U= mailer option. Add the symbolic time zone name in the Arpanet format dates (as a comment). This adds a new compile-time configuration flag: TZ_TYPE can be set to TZ_TM_NAME (use the value of (struct tm *)->tm_name), TZ_TM_ZONE (use the value of (struct tm *)->tm_zone), TZ_TZNAME (use extern char *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use timezone()), or TZ_NONE (don't include the comment). Code from Chip Rosenthal. The "Timeout" option (formerly "r") is extended to allow suboptions. For example, O Timeout.helo = 2m There are also two new suboptions "queuereturn" and "queuewarn"; these subsume the old T option. Thus, to set them both the preferred new syntax is O Timeout.queuereturn = 5d O Timeout.queuewarn = 4h Sort queue by host name instead of by message priority if the QueueSortOrder option (no short name) is set is set to ``host''. This makes better use of the connection cache, but may delay more ``interactive'' messages behind large backlogs under some circumstances. This is probably a good option if you have high speed links or don't do lots of ``batch'' messages, but less good if you are using something like PPP on a 14.4 modem. Based on code contributed by Roy Mongiovi of Georgia Tech (my main contribution was to make it configurable). Save i-number of df file in qf file to simplify rebuilding of queue after disastrous disk crash. Suggested by Kyle Jones of UUNET; closely based on code from KJS DECWRL code written by Paul Vixie. NOTA BENE: The qf files produced by 8.7 are NOT back compatible with 8.6 -- that is, you can convert from 8.6 to 8.7, but not the other direction. Add ``F=d'' mailer flag to disable all use of angle brackets in route-addrs in envelopes; this is because in some cases they can be sent to the shell, which interprets them as I/O redirection. Don't include error file (option E) with return-receipts; this can be confusing. Don't send "Warning: cannot send" messages to owner-* or *-request addresses. Suggested by Christophe Wolfhugel of the Institut Pasteur, Paris. Allow -O command line flag to set long form options. Add "MinQueueAge" option to set the minimum time between attempts to run the queue. For example, if the queue interval (-q value) is five minutes, but the minimum queue age is fifteen minutes, jobs won't be tried more often than once every fifteen minutes. This can be used to give you more responsiveness if your delivery mode is set to queue-only. Allow "fileopen" timeout (default: 60 seconds) for opening :include: and .forward files. Add "-k", "-v", and "-z" flags to map definitions; these set the key field name, the value field name, and the field delimiter. The field delimiter can be a single character or the sequence "\t" or "\n" for tab or newline. These are for use by NIS+ and similar access methods. Change maps to always strip quotes before lookups; the -q flag turns off this behavior. Suggested by Motonori Nakamura. Add "nisplus" map class. Takes -k and -v flags to choose the key and value field names respectively. Code donated by Sun Microsystems. Add "hesiod" map class. The "file name" is used as the "HesiodNameType" parameter to hes_resolve(3). Returns the first value found for the match. Code donated by Scott Hutton of Indiana University. Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to specify the name of the property that is searched as the key and a -v flag to specify the name of the property that is returned as the value (defaults to "members"). The default map is "/aliases". Some code based on code contributed by Robert La Ferla of Hot Software. Add "text" map class. This does slow, linear searches through text files. The -z flag specifies a column delimiter (defaults to any sequence of white space), the -k flag sets the key column number, and the -v flag sets the value column number. Lines beginning with `#' are treated as comments. Add "program" map class to execute arbitrary programs. The search key is presented as the last argument; the output is one line read from the programs standard output. Exit statuses are from sysexits.h. Add "sequence" map class -- searches maps in sequence until it finds a match. For example, the declarations: Kmap1 ... Kmap2 ... Kmapseq sequence map1 map2 defines a map "mapseq" that first searches map1; if the value is found it is returned immediately, otherwise map2 is searched and the value returned. Add "switch" map class. This is much like "sequence" except that the ordering is fetched from an external file, usually the system service switch. The parameter is the name of the service to switch on, and the maps that it will use are the name of the switch map followed by ".service_type". For example, if the declaration of the map is Ksample switch hosts and the system service switch specifies that hosts are looked up using dns and nis in that order, then this is equivalent to Ksample sequence sample.dns sample.nis The subordinate maps (sample.*) must already be defined. Add "user" map class -- looks up users using getpwnam. Takes a "-v field" flag on the definition that tells what passwd entry to return -- legal values are name, passwd, uid, gid, gecos, dir, and shell. Generally expected to be used with the -m (matchonly) flag. Add "bestmx" map class -- returns the best MX value for the host listed as the value. If there are several "best" MX records for this host, one will be chosen at random. Add "userdb" map class -- looks up entries in the user database. The "file name" is actually the tag that will be used, typically "mailname". If there are multiple entries matching the name, the one chosen is undefined. Add multiple queue timeouts (both return and warning). These are set by the Precedence: or Priority: header fields to one of three values. If a Priority: is set and has value "normal", "urgent", or "non-urgent" the corresponding timeouts are used. If no priority is set, the Precedence: is consulted; if negative, non-urgent timeouts are used; if greater than zero, urgent timeouts are used. Otherwise, normal timeouts are used. The timeouts are set by setting the six timeouts queue{warn,return}.{urgent,normal,non-urgent}. Fix problem when a mail address is resolved to a $#error mailer with a temporary failure indication; it works in SMTP, but when delivering locally the mail is silently discarded. This patch, from Kyle Jones of UUNET, bounces it instead of queueing it (queueing is very hard). When using /etc/hosts or NIS-style lookups, don't assume that the first name in the list is the best one -- instead, search for the first one with a dot. For example, if an /etc/hosts entry reads 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU this change will use the second name as the canonical machine name instead of the initial, unqualified name. Change dequote map to replace spaces in quoted text with a value indicated by the -s flag on the dequote map definition. For example, ``Mdequote dequote -s_'' will change "Foo Bar" into an unquoted Foo_Bar instead of leaving it quoted (because of the space character). Suggested by Dan Oscarsson for use in X.400 addresses. Implement long macro names as ${name}; long class names can be similarly referenced as $={name} and $~{name}. Definitions are (e.g.) ``D{name}value''. Names that have a leading lower case letter or punctuation characters are reserved for internal use by sendmail; i.e., config files should use names that begin with a capital letter. Based on code contributed by Dan Oscarsson. Fix core dump if getgrgid returns a null group list (as opposed to an empty group list, that is, a pointer to a list with no members). Fix from Andrew Chang of Sun Microsystems. Fix possible core dump if malloc fails -- if the malloc in xalloc failed, it called syserr which called newstr which called xalloc.... The newstr is now avoided for "panic" messages. Reported by Stuart Kemp of James Cook University. Improve connection cache timeouts; previously, they were not even checked if you were delivering to anything other than an IPC-connected host, so a series of (say) local mail deliveries could cause cached connections to be open much longer than the specified timeout. If an incoming message exceeds the maximum message size, stop writing the incoming bytes to the queue data file, since this can fill your mqueue partition -- this is a possible denial-of-service attack. Don't reject all numeric local user names unless HESIOD is defined. It turns out that Posix allows all-numeric user names. Fix from Tony Sanders of BSDI. Add service switch support. If the local OS has a service switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf on DEC systems) that will be used; otherwise, it falls back to using a local mechanism based on the ServiceSwitchFile option (default: /etc/service.switch). For example, if the service switch lists "files" and "nis" for the aliases service, that will be the default lookup order. the "files" ("local" on DEC) service type expands to any alias files you listed in the configuration file, even if they aren't actually file lookups. Option I (NameServerOptions) no longer sets the "UseNameServer" variable which tells whether or not DNS should be considered canonical. This is now determined based on whether or not "dns" is in the service list for "hosts". Add preliminary support for the ESMTP "DSN" extension (Delivery Status Notifications). DSN notifications override Return-Receipt-To: headers, which are bogus anyhow -- support for them has been removed. Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer definitions to define the types used in DSN returns for MTA names, addresses, and diagnostics respectively. Extend heuristic to force running in ESMTP mode to look for the five-character string "ESMTP" anywhere in the 220 greeting message (not just the second line). This is to provide better compatibility with other ESMTP servers. Print sequence number of job when running the queue so you can easily see how much progress you have made. Suggested by Peter Wemm of DIALix. Map newlines to spaces in logged message-ids; some versions of syslog truncate the rest of the line after newlines. Suggested by Fletcher Mattox of U. Texas. Move up forking for job runs so that if a message is split into multiple envelopes you don't get "fork storms" -- this also improves the connection cache utilization. Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for the purposes of refusing to send error returns. Suggested by Motonori Nakamura of Ritsumeikan University. Relax rules on when a file can be written when referenced from the aliases file: use the default uid/gid instead of the real uid/gid. This allows you to create a file owned by and writable only by the default uid/gid that will work all the time (without having the setuid bit set). Change suggested by Shau-Ping Lo and Andrew Cheng of Sun Microsystems. Add "DialDelay" option (no short name) to provide an "extra" delay for dial on demand systems. If this is non-zero and a connect fails, sendmail will wait this long and then try again. If it takes longer than the kernel timeout interval to establish the connection, this option can give the network software time to establish the link. The default units are seconds. Move logging of sender information to be as early as possible; previously, it could be delayed a while for SMTP mail sent to aliases. Suggested by Brad Knowles of the Defense Information Systems Agency. Call res_init() before setting RES_DEBUG; this is required by BIND 4.9.3, or so I'm told. From Douglas Anderson of the National Computer Security Center. Add xdelay= field in logs -- this is a transaction delay, telling you how long it took to deliver to this address on the last try. It is intended to be used for sorting mailing lists to favor "quick" addresses. Provided for use by the mailprio scripts (see below). If a map cannot be opened, and that map is non-optional, and an address requires that map for resolution, queue the map instead of bouncing it. This involves creating a pseudo-class of maps called "bogus-map" -- if a required map cannot be opened, the class is changed to bogus-map; all queries against bogus-map return "tempfail". The bogus-map class is not directly accessible. A sample implementation was donated by Jem Taylor of Glasgow University Computing Service. Fix a possible core dump when mailing to a program that talks SMTP on its standard input. Fix from Keith Moore of the University of Kentucky. Make it possible to resolve filenames to $#local $: @ /filename; previously, the "@" would cause it to not be recognized as a file. Problem noted by Brian Hill of U.C. Davis. Accept a -1 signal to re-exec the daemon. This only works if argv[0] is a full path to sendmail. Fix bug in "addr=..." field in O option on little-endian machines -- the network number wasn't being converted to network byte order. Patch from Kurt Lidl of Pix Technologies Corporation. Pre-initialize the resolver early on; this is to avoid a bug with BIND 4.9.3 that can cause the _res.retry field to get reset to zero, causing all name server lookups to time out. Fix from Matt Day of Artisoft. Restore T line (trusted users) in config file -- but instead of locking out the -f flag, they just tell whether or not an X-Authentication-Warning: will be added. This really just creates new entries in class 't', so "Ft/file/name" can be used to read trusted user names from a file. Trusted users are also allowed to execute programs even if they have a shell that isn't in /etc/shells. Improve NEWDB alias file rebuilding so it will create them properly if they do not already exist. This had been a MAYBENEXTRELEASE feature in 8.6.9. Check for @:@ entry in NIS maps before starting up to avoid (but not prevent, sigh) race conditions. This ought to be handled properly in ypserv, but isn't. Suggested by Michael Beirne of Motorola. Refuse connections if there isn't enough space on the filesystem holding the queue. Contributed by Robert Dana of Wolf Communications. Skip checking for directory permissions in the path to a file when checking for file permissions iff setreuid() succeeded -- it is unnecessary in that case. This avoids significant performance problems when looking for .forward files. Based on a suggestion by Win Bent of USC. Allow symbolic ruleset names. Syntax can be "Sname" to get an arbitrary ruleset number assigned or "Sname = integer" to assign a specific ruleset number. Reference is $>name_or_number. Names can be composed of alphas, digits, underscore, or hyphen (first character must be non-numeric). Allow -o flag on AliasFile lines to make the alias file optional. From Bryan Costales of ICSI. Add NoRecipientAction option to handle the case where there is no legal recipient header in the message. It can take on values: None Leave the message as is. The message will be passed on even though it is in technically illegal syntax. Add-To Add a To: header with any recipients that it can find from the envelope. This risks exposing Bcc: recipients. Add-Apparently-To Add an Apparently-To: header. This has almost no redeeming social value, and is provided only for back compatibility. Add-To-Undisclosed Add a header reading To: undisclosed-recipients:; which will have the effect of making the message legal without exposing Bcc: recipients. Add-Bcc To add an empty Bcc: header. There is a chance that mailers down the line will delete this header, which could cause exposure of Bcc: recipients. The default is NoRecipientAction=None. Truncate (rather than delete) Bcc: lines in the header. This should prevent later sendmails (at least, those that don't themselves delete Bcc:) from considering this message to be non-conforming -- although it does imply that non-blind recipients can see that a Bcc: was sent, albeit not to whom. Add SafeFileEnvironment option. If declared, files named as delivery targets must be regular files in addition to the regular checks. Also, if the option is non-null then it is used as the name of a directory that is used as a chroot(2) environment for the delivery; the file names listed in an alias or forward should include the name of this root. For example, if you run with O SafeFileEnvironment=/arch then aliases should reference "/arch/rest/of/path". If a value is given, sendmail also won't try to save to /usr/tmp/dead.letter (instead it just leaves the job in the queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. Support -A flag for alias files; this will comma concatenate like entries. For example, given the aliases: list: member1 list: member2 and an alias file declared as: OAhash:-A /etc/aliases the final alias inserted will be "list: member1,member2"; without -A you will get an error on the second and subsequent alias for "list". Contributed by Bryan Costales of ICSI. Line-buffer transcript file. Suggested by Liudvikas Bukys. Fix a problem that could cause very long addresses to core dump in some special circumstances. Problem pointed out by Allan Johannesen. (Internal change.) Change interface to expand() (macro expansion) to be simpler and more consistent. Delete check for funny qf file names. This didn't really give any extra security and caused some people some problems. (If you -really- want this, define PICKY_QF_NAME_CHECK at compile time.) Suggested by Kyle Jones of UUNET. (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and merge with DSN code; this is simpler and more consistent. This may affect some people who have written their own checkcompat() routine. (Internal change.) Eliminate `D' line in qf file. The df file is now assumed to be the same name as the qf file (with the `q' changed to a `d', of course). Avoid forking for delivery if all recipient mailers are marked as "expensive" -- this can be a major cost on some systems. Essentially, this forces sendmail into "queue only" mode if all it is going to do is queue anyway. Avoid sending a null message in some rather unusual circumstances (specifically, the RCPT command returns a temporary failure but the connection is lost before the DATA command). Fix from Scott Hammond of Secure Computing Corporation. Change makesendmail to use a somewhat more rational naming scheme: Makefiles and obj directories are named $os.$rel.$arch, where $os is the operating system (e.g., SunOS), $rel is the release number (e.g., 5.3), and $arch is the machine architecture (e.g., sun4). Any of these can be omitted, and anything after the first dot in a release number can be replaced with "x" (e.g., SunOS.4.x.sun4). The previous version used $os.$arch.$rel and was rather less general. Change makesendmail to do a "make depend" in the target directory when it is being created. This involves adding an empty "depend:" entry in most Makefiles. Ignore IDENT return value if the OSTYPE field returns "OTHER", as indicated by RFC 1413. Pointed out by Kari Hurtta of the Finnish Meteorological Institute. Fix problem that could cause multiple responses to DATA command on header syntax errors (e.g., lines beginning with colons). Problem noted by Jens Thomassen of the University of Oslo. Don't let null bytes in headers cause truncation of the rest of the header. Log Authentication-Warning:s. Suggested by Motonori Nakamura. Increase timeouts on message data puts to allow time for receivers to canonify addresses in headers on the fly. This is still a rather ugly heuristic. From Motonori Nakamura. Add "HasWildcardMX" suboption to ResolverOptions; if set, MX records are not used when canonifying names, and when MX lookups are done for addressing they must be fully qualified. This is useful if you have a wildcard MX record, although it may cause other problems. In general, don't use wildcard MX records. Patch from Motonori Nakamura. Eliminate default two-line SMTP greeting message. Instead of adding an extra "ESMTP spoken here" line, the word "ESMTP" is added between the first and second word of the first line of the greeting message (i.e., immediately after the host name). This eliminates the need for the BROKEN_SMTP_PEERS compile flag. Old sendmails won't see the ESMTP, but that's acceptable because SIZE was the only useful extension that old sendmails understand. Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 invoked state dumps. From Masaharu Onishi. Allow on-line comments in .forward and :include: files; they are introduced by the string "#@#", where is a space or a tab. This is intended for native representation of non-ASCII sets such as Japanese, where existing encodings would be unreadable or would lose data -- for example, NAKAMURA Motonori (romanized/less information) =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= (with MIME encoding, not human readable) #@# ^[$BCfB<^[(B ^[$BAGE5^[(B (native encoding with ISO-2022-JP) The last form is human readable in the Japanese environment. Based on a fix from (surprise!) Motonori Nakamura. Don't make SMTP error returns on MAIL FROM: line be "sticky" for all messages to that host; these are most frequently associated with addresses rather than the host, with the exception of 421 (service shutting down). The effect was to cause queues to sometimes take an excessive time to flush. Reported by Robert Sargent of Southern Geographics Technologies and Eric Prestemon of American University. Add Nice=N mailer option to set the niceness at which a mailer will run. This is actually a relative niceness (that is, an increment on the background value). Log queue runs that are skipped due to high loads. They are logged at LOG_INFO priority iff the log level is > 8. Contributed by Bruce Nagel of Data General. Allow the error mailer to accept a DSN-style error status code instead of an sysexits status code in the host part. Anything with a dot will be interpreted as a DSN-style code. Add new mailer flag: F=3 will tell translations to Quoted-Printable to encode characters that might be munged by an EBCDIC system in addition to the set required by RFC 1521. The additional characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. (Think of "IBM 360" as the mnemonic for this flag.) Change check for mailing to files to look for a pathname of [FILE] rather than looking for the mailer named *file*. The mapping of leading slashes still goes to the *file* mailer. This allows you to implement the *file* mailer as a separate program, for example, to insert a Content-Length: header or do special security policy. However, note that the usual initial checking for the file permissions is still done, and the program in question needs to be very careful about how it does the file write to avoid security problems. Be able to read ~root/.forward even if the path isn't accessible to regular users. This is disrecommended because sendmail sometimes does not run as root (e.g., when an unsafe option is specified on the command line), but should otherwise be safe because .forward files must be owned by the user for whom mail is being forwarded, and cannot be a symbolic link. Suggested by Forrest Aldrich of Wang Laboratories. Add new "HostsFile" option that is the pathname to the /etc/hosts file. This is used for canonifying hostnames when the service type is "files". Implement programs on F (read class from file) line. The syntax is Fc|/path/to/program to read the output from the program into class "c". Probe the network interfaces to find alternate names for this host. Requires the SIOCGIFCONF ioctl call. Code contributed by SunSoft. Add "E" configuration line to set or propagate environment variables into children. "E" will propagate the named variable from the environment when sendmail was invoked into any children it calls; "E=" sets the named variable to the indicated value. Any variables not explicitly named will not be in the child environment. However, sendmail still forces an "AGENT=sendmail" environment variable, in part to enforce at least one environment variable, since many programs and libraries die horribly if this is not guaranteed. Change heuristic for rebuilding both NEWDB and NDBM versions of alias databases -- new algorithm looks for the substring "/yp/" in the file name. This is more portable and involves less overhead. Suggested by Motonori Nakamura. Dynamically allocate the queue work list so that you don't lose jobs in large queue runs. The old QUEUESIZE compile parameter is replaced by QUEUESEGSIZE (the unit of allocation, which should not need to be changed) and the MaxQueueRunSize option, which is the absolute maximum number of jobs that will ever be handled in a single queue run. Based on code contributed by Brian Coan of the Institute for Global Communications. Log message when a message is dropped because it exceeds the maximum message size. Suggested by Leo Bicknell of Virginia Tech. Allow trusted users (those on a T line or in $=t) to use -bs without an X-Authentication-Warning: added. Suggested by Mark Thomas of Mark G. Thomas Consulting. Announce state of compile flags on -d0.1 (-d0.10 throws in the OS-dependent defines). The old semantic of -d0.1 to not run the daemon in background has been moved to -d99.100, and the old 52.5 flag (to avoid disconnect() from closing all output files) has been moved to 52.100. This makes things more consistent (flags below .100 don't change semantics) and separates out the backgrounding so that it doesn't happen automatically on other unrelated debugging flags. If -t is used but no addresses are found in the header, give an error message rather than just doing nothing. Fix from Motonori Nakamura. On systems (like SunOS) where the effective gid is not necessarily included in the group list returned by getgroups(), the `restrictmailq' option could sometimes cause an authorized user to not be able to use `mailq'. Fix from Charles Hannum of MIT. Allow symbolic service names for [IPC] mailers. Suggested by Gerry Magennis of Logica International. Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs when running DNS. For example, if the name FTP.Foo.ORG is a CNAME for Cruft.Foo.ORG, then when sitting on a machine in the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" if this option is not set, or "FTP.Foo.ORG" if it is set. This is technically illegal under RFC 822 and 1123, but the IETF is moving toward legalizing it. Note that turning on this option is not sufficient to guarantee that a downstream neighbor won't rewrite the address for you. Add "-m" flag to makesendmail script -- this tells you what object directory and Makefile it will use, but doesn't actually do the make. Do some additional checking on the contents of the qf file to try to detect attacks against the qf file. In particular, abort on any line beginning "From ", and add an "end of file" line -- any data after that line is prohibited. Always use /etc/sendmail.cf, regardless of the arbitrary vendor choices. This can be overridden in the Makefile by using either -DUSE_VENDOR_CF_PATH to get the vendor location (to the extent that we know it) or by defining _PATH_SENDMAILCF (which is a "hard override"). This allows sendmail 8 to have more consistent installation instructions. Allow macros on `K' line in config file. Suggested by Andrew Chang of Sun Microsystems. Improved symbol table hash function from Eric Wassenaar. This one is at least 50% faster. Fix problem that didn't notice that timeout on file open was a transient error. Fix from Larry Parmelee of Cornell University. Allow comments (lines beginning with a `#') in files read for classes. Suggested by Motonori Nakamura. Make SIGINT (usually ^C) in test mode return to the prompt instead of dropping out entirely. This makes testing some of the name server lookups easier to deal with when there are hung servers. From Motonori Nakamura. Add new ${opMode} macro that is set to the current operation mode (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by Claude Marinier . Add new delivery mode (Odd) that defers all map lookups to queue runs. Kind of like queue-only mode (Odq) except it tries to avoid any external service requests; for dial-on-demand hosts that want to minimize DNS lookups when mail is being queued. For this to work you will also have to make sure that gethostbyname of your local host name does not do a DNS lookup. Improved handling of "out of space" conditions from John Myers of Carnegie Mellon. Improved security for mailing to files on systems that have fchmod(2) support. Improve "cannot send message for N days" message -- now says "could not send for past N days". Suggested by Tom Moore of AT&T Global Information Solutions. Less misleading Subject: line on messages sent to postmaster only. From Motonori Nakamura. Avoid duplicate error messages on bad command line flags. From Motonori Nakamura. Better error message for case where ruleset 0 falls off the end or otherwise does not resolve to a canonical triple. Fix a problem that could cause multiple bounce messages if a bad address was sent along with a good address to an SMTP site where that SMTP site returned a 4yz code in response to the final dot of the data. Problem reported by David James of British Telecom. Add "volatile" declarations so that gcc -O2 will work. Patches from Alexander Dupuy of System Management ARTS. Delete duplicates in MX lists -- believe it or not, there are sites that list the same host twice in an MX list. This deletion only works on adjacent preferences, so an MX list that had A=5, B=10, A=15 would leave both As, but one that had A=5, A=10, B=15 would reduce to A, B. This is intentional, just in case there is something weird I haven't thought of. Suggested by Barry Shein of Software Tool & Die. SECURITY: .forward files cannot be symbolic links. If they are, a bad guy can read your private files. PORTABILITY FIXES: Solaris 2 from Rob McMahon . System V Release 4 from Motonori Nakamura of Ritsumeikan University. This expands the disk size checking to include all (?) SVR4 configurations. System V Release 4 from Kimmo Suominen -- initgroups(3) and setrlimit(2) are both available. System V Release 4 from sob@sculley.ffg.com -- some versions apparently "have EX_OK defined in other headerfiles." Linux Makefile typo. Linux getusershell(3) is broken in Slackware 2.0 -- from Andrew Pam of Xanadu Australia. More Linux tweaking from John Kennedy of California State University, Chico. Cray changes from Eric Wassenaar: ``On Cray, shorts, ints, and longs are all 64 bits, and all structs are multiples of 64 bits. This means that the sizeof operator returns only multiples of 8. This requires adaptation of code that really deals with 32 bit or 16 bit fields, such as IP addresses or nameserver fields.'' DG/UX 5.4.3 from Mark T. Robinson . To get the old behavior, use -DDGUX_5_4_2. DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment variable to fix bogus /bin/mail behavior. Tandem NonStop-UX from Rick McCarty . This also cleans up some System V Release 4 compile problems. Solaris 2: sendmail.cw file should be in /etc/mail to match all the other configuration files. Fix from Glenn Barry of Emory University. Solaris 2.3: compile problem in conf.c. Fix from Alain Nissen of the University of Liege, Belgium. Ultrix: freespace calculation was incorrect. Fix from Takashi Kizu of Osaka University. SVR4: running in background gets a SIGTTOU because the emulation code doesn't realize that "getpeername" doesn't require reading the file. Fix from Peter Wemm of DIALix. Solaris 2.3: due to an apparent bug in the socket emulation library, sockets can get into a "wedged" state where they just return EPROTO; closing and re-opening the socket clears the problem. Fix from Bob Manson of Ohio State University. Hitachi 3050R & 3050RX running HI-UX/WE2: portability fixes from Akihiro Hashimoto ("Hash") of Chiba University. AIX changes to allow setproctitle to work from Rainer Schöpf of Zentrum für Datenverarbeitung der Universität Mainz. AIX changes for load average from Ed Ravin of NASA/Goddard. SCO Unix from Chip Rosenthal of Unicom (code was using the wrong statfs call). ANSI C fixes from Adam Glass (NetBSD project). Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers University. DG-UX fixes from Bruce Nagel of Data General. IRIX64 updates from Mark Levinson of the University of Rochester Medical Center. Altos System V (``the first UNIX/XENIX merge the Altos did for their Series 1000 & Series 2000 line; their merged code was licensed back to AT&T and Microsoft and became System V release 3.2'') from Tim Rice . OSF/1 running on Intel Paragon from Jeff A. Earickson of Intel Scalable Systems Division. Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson . System V Release 4 (statvfs semantic fix) from Alain Durand of I.M.A.G. HP-UX 10.x multiprocessor load average changes from Scott Hutton and Jeff Sumler of Indiana University. Cray CSOS from Scott Bolte of Cray Computer Corporation. Unicos 8.0 from Douglas K. Rand of the University of North Dakota, Scientific Computing Center. Solaris 2.4 fixes from Sanjay Dani of Dani Communications. ConvexOS 11.0 from Christophe Wolfhugel. IRIX 4.0.5 from David Ashton-Reader of CADcentre. ISC UNIX from J. J. Bailey. HP-UX 9.xx on the 8xx series machines from Remy Giraud of Meteo France. HP-UX configuration from Tom Lane . IRIX 5.2 and 5.3 from Kari E. Hurtta. FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. Omron LUNA unios-b, mach from Motonori Nakamura. NEC EWS-UX/V 4.2 from Motonori Nakamura. NeXT 2.1 from Bryan Costales. AUX patch thanks to Mike Erwin of Apple Computer. HP-UX 10.0 from John Beck of Hewlett-Packard. Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a non-DEC resolver. Suggested by Allan Johannesen. UnixWare 2.0 fixes from Petr Lampa of the Technical University of Brno (Czech Republic). KSR OS 1.2.2 support from Todd Miller of the University of Colorado. UX4800 support from Kazuhisa Shimizu of NEC. MAKEMAP: allow -d flag to allow insertion of duplicate aliases in type ``btree'' maps. The semantics of this are undefined for regular maps, but it can be useful for the user database. MAKEMAP: lock database file while rebuilding to avoid sendmail lookups while the rebuild is going on. There is a race condition between the open(... O_TRUNC ...) and the lock on the file, but it should be quite small. SMRSH: sendmail restricted shell added to the release. This can be used as an alternative to /bin/sh for the "prog" mailer, giving the local administrator more control over what programs can be run from sendmail. MAIL.LOCAL: add this local mailer to the tape. It is not really part of the release proper, and isn't fully supported; in particular, it does not run on System V based systems and never will. CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon to allow rmail to compile on systems that don't have function prototypes and systems that don't have snprintf. CONTRIB: add the "mailprio" scripts that will help you sort mailing lists by transaction delay times so that addresses that respond quickly get sent first. This is to prevent very sluggish servers from delaying other peoples' mail. Contributed by Tony Sanders of BSDI. CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders of BSDI. This has a lot of comments to help people out. CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, put this on the m4 command line. On GNU m4 (which supports the __file__ primitive) you can run m4 in an arbitrary directory -- use either: m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf or m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf On other versions of m4 that don't support __file__, you can use: m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... (Note the trailing slash on the _CF_DIR_ definition.) Old versions of m4 will default to _CF_DIR_=.. for back compatibility. CONFIG: fix mail from <> so it will properly convert to MAILER-DAEMON on local addresses. CONFIG: fix code that was supposed to catch colons in host names. Problem noted by John Gardiner Myers of CMU. CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. From Paul Riddle of the University of Maryland, Baltimore County. CONFIG: Catch and reject "." as a host address. CONFIG: Generalize domaintable to look up all domains, not just unqualified ones. CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it was never used and didn't work anyway. CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer and d on all mailers in the UUCP class. CONFIG: Allow "user+detail" to be aliased specially: it will first look for an alias for "user+detail", then for "user+*", and finally for "user". This is intended for forwarding mail for system aliases such as root and postmaster to a centralized hub. CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. The F=8 flag is also set on the "relay" mailer, since this is expected to be another sendmail. CONFIG: avoid qualifying all UUCP addresses sent via SMTP with the name of the UUCP_RELAY -- in some cases, this is the wrong value (e.g., when we have local UUCP connections), and this can create unreplyable addresses. From Chip Rosenthal of Unicom. CONFIG: add confRECEIVED_HEADER to change the format of the Received: header inserted into all messages. Suggested by Gary Mills of the University of Manitoba. CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) to get the old behavior. I did this upon observing that almost everyone needed this feature, and that the concept I was trying to make happen didn't work with some user agents anyway. FEATURE(notsticky) still works, but it is a no-op. CONFIG: Add LUSER_RELAY -- the host to which unrecognized user names are sent, rather than immediately diagnosing them as User Unknown. CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, and RELAY_MAILER_ARGS to set the arguments for the indicated mailers. All default to "IPC $h". Patch from Larry Parmelee of Cornell University. CONFIG: pop mailer needs F=n flag to avoid "annoying side effects on the client side" and F=P to get an appropriate return-path. From Kimmo Suominen. CONFIG: add FEATURE(local_procmail) to use the procmail program as the local mailer. For addresses of the form "user+detail" the "detail" part is passed to procmail via the -a flag. Contributed by Kimmo Suominen. CONFIG: add MAILER(procmail) to add an interface to procmail for use from mailertables. This lets you execute arbitrary procmail scripts. Contributed by Kimmo Suominen. CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From Paul Southworth of CICNet Systems Support. CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. This causes the null return path to be rewritten as MAILER-DAEMON; otherwise UUCP gets horribly confused. From Michael Hohmuth of Technische Universitat Dresden. CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that list us as the best possible MX record to be treated as though they were local (essentially, assume that they are included in $=w). This can cause additional DNS traffic, but is easier to administer if this fits your local model. It does not work reliably if there are multiple hosts that share the best MX preference. Code contributed by John Oleynick of Rutgers. CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted SHell) instead of /bin/sh as the program used for delivery to programs. If an argument is included, it is used as the path to smrsh; otherwise, /usr/local/etc/smrsh is assumed. CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the size of messages to the local and procmail mailers respectively. Contributed by Brad Knowles of the Defense Information Systems Agency. CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments (just like text outside of angle brackets) in order to properly deal with ``group: addr1, ... addrN;'' syntax. CONFIG: Require OSTYPE macro (the defaults really don't apply to any real systems any more) and tweak the DOMAIN macro so that it is less likely that users will accidentally use the Berkeley defaults. Also, create some generic files that really can be used in the real world. CONFIG: Add new configuration macros to set character sets for messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. The old name will still be accepted for a while at least. CONFIG: Implement DECNET_RELAY as spec for host to which DECNET mail (.DECNET pseudo-domain or node::user) will be sent. As with all relays, it can be ``mailer:hostname''. Suggested by Scott Hutton. CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed by Barb Dijker of Labyrinth Computer Services. CONFIG: change confCHECK_ALIASES to default to False -- it has poor performance for large alias files, and this confused many people. CONFIG: Add confCF_VERSION to append local information to the configuration version number displayed during SMTP startup. CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it would only work when locally addressed. Fix from Edvard Tuinder of Cistron Internet Services. CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option "n" (CheckAliases) is set when rebuilding alias database. Based on code contributed by Claude Marinier. CONFIG: Allow mailertable to have values of the form ``error:code message''. The ``code'' is a status code derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. Contributed by David James . CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of sender domains that will be replaced with the masquerade name. These domains will not be treated as local, but if mail passes through with sender addresses in those domains they will be replaced by the masquerade name. These can also be specified in a file using MASQUERADE_DOMAIN_FILE(filename). CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope as well as the header. Substantial improvements to this code were contributed by Per Hedeland. CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be accessed from a mailertable to do CCSO ph lookups. Contributed by Kimmo Suominen. CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be used to define cyrus and cyrusbb mailers (for IMAP support). Contributed by John Gardiner Myers of Carnegie Mellon. CONFIG: add confUUCP_MAILER to select default mailer to use for UUCP addressing. Suggested by Tom Moore of AT&T GIS. NEW FILES: cf/cf/cs-hpux10.mc cf/cf/cs-solaris2.mc cf/cf/cyrusproto.mc cf/cf/generic-bsd4.4.mc cf/cf/generic-hpux10.mc cf/cf/generic-hpux9.mc cf/cf/generic-osf1.mc cf/cf/generic-solaris2.mc cf/cf/generic-sunos4.1.mc cf/cf/generic-ultrix4.mc cf/cf/huginn.cs.mc cf/domain/berkeley-only.m4 cf/domain/generic.m4 cf/feature/bestmx_is_local.m4 cf/feature/local_procmail.m4 cf/feature/masquerade_envelope.m4 cf/feature/smrsh.m4 cf/feature/stickyhost.m4 cf/feature/use_ct_file.m4 cf/m4/cfhead.m4 cf/mailer/cyrus.m4 cf/mailer/mail11.m4 cf/mailer/phquery.m4 cf/mailer/procmail.m4 cf/ostype/amdahl-uts.m4 cf/ostype/bsdi2.0.m4 cf/ostype/hpux10.m4 cf/ostype/irix5.m4 cf/ostype/isc4.1.m4 cf/ostype/ptx2.m4 cf/ostype/unknown.m4 contrib/bsdi.mc contrib/mailprio contrib/rmail.oldsys.patch mail.local/mail.local.0 makemap/makemap.0 smrsh/README smrsh/smrsh.0 smrsh/smrsh.8 smrsh/smrsh.c src/Makefiles/Makefile.CSOS src/Makefiles/Makefile.EWS-UX_V src/Makefiles/Makefile.HP-UX.10 src/Makefiles/Makefile.IRIX.5.x src/Makefiles/Makefile.IRIX64 src/Makefiles/Makefile.ISC src/Makefiles/Makefile.KSR src/Makefiles/Makefile.NEWS-OS.4.x src/Makefiles/Makefile.NEWS-OS.6.x src/Makefiles/Makefile.NEXTSTEP src/Makefiles/Makefile.NonStop-UX src/Makefiles/Makefile.Paragon src/Makefiles/Makefile.SCO.3.2v4.2 src/Makefiles/Makefile.SunOS.5.3 src/Makefiles/Makefile.SunOS.5.4 src/Makefiles/Makefile.SunOS.5.5 src/Makefiles/Makefile.UNIX_SV.4.x.i386 src/Makefiles/Makefile.uts.systemV src/Makefiles/Makefile.UX4800 src/aliases.0 src/mailq.0 src/mime.c src/newaliases.0 src/sendmail.0 test/t_seteuid.c RENAMED FILES: cf/cf/alpha.mc => cf/cf/s2k-osf1.mc cf/cf/chez.mc => cf/cf/chez.cs.mc cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 cf/ostype/irix.m4 => cf/ostype/irix4.m4 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 src/Makefile.* => src/Makefiles/Makefile.* src/Makefile.AUX => src/Makefiles/Makefile.A-UX src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS src/Makefile.DGUX => src/Makefiles/Makefile.dgux src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 OBSOLETED FILES: cf/cf/cogsci.mc cf/cf/cs-exposed.mc cf/cf/cs-hidden.mc cf/cf/hpux-cs-hidden.mc cf/cf/knecht.mc cf/cf/osf1-cs-hidden.mc cf/cf/sunos3.5-cs-exposed.mc cf/cf/sunos3.5-cs-hidden.mc cf/cf/sunos4.1-cs-hidden.mc cf/cf/ultrix4.1-cs-hidden.mc cf/domain/cs-hidden.m4 contrib/rcpt-streaming src/Makefiles/Makefile.SunOS.5.x 8.6.13/8.6.12 1996/01/25 SECURITY: In some cases it was still possible for an attacker to insert newlines into a queue file, thus allowing access to any user (except root). CONFIG: no changes -- it is not a bug that the configuration version number is unchanged. 8.6.12/8.6.12 1995/03/28 Fix to IDENT code (it was getting the size of the reply buffer too small, so nothing was ever accepted). Fix from several people, including Allan Johannesen, Shane Castle of the Boulder County Information Services, and Jeff Smith of Warwick University (all arrived within a few hours of each other!). Fix a problem that could cause large jobs to run out of file descriptors on systems that use vfork() rather than fork(). 8.6.11/8.6.11 1995/03/08 The ``possible attack'' message would be logged more often than necessary if you are using Pine as a user agent. The wrong host would be reported in the ``possible attack'' message when attempted from IDENT. In some cases the syslog buffer could be overflowed when reporting the ``possible attack'' message. This can cause denial of service attacks. Truncate the message to 80 characters to prevent this problem. When reading the IDENT response a loop is needed around the read from the network to ensure that you don't get partial lines. Password entries without any shell listed (that is, a null shell) wouldn't match as "ok". Problem noted by Rob McMahon. When running BIND 4.9.x a problem could occur because the _res.options field is initialized differently than it was historically -- this requires that sendmail call res_init before it tweaks any bits. Fix an incompatibility in openxscript() between the file open mode and the stdio mode passed to fdopen. This caused UnixWare 2.0 to have conniptions. Fix from Martin Sohnius of Novell Labs Europe. Fix problem with static linking of local getopt routine when using GNU's ld command. Fix from John Kennedy of Cal State Chico. It was possible to turn off privacy flags. Problem noted by *Hobbit*. Be more paranoid about writing files. Suggestions by *Hobbit* and Liudvikas Bukys. MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) from Spider Boardman. CONFIG: No changes (version number only, to keep it in sync with the binaries). 8.6.10/8.6.10 1995/02/10 SECURITY: Diagnose bogus values to some command line flags that could allow trash to get into headers and qf files. Validate the name of the user returned by the IDENT protocol. Some systems that really dislike IDENT send intentionally bogus information. Problem pointed out by Michael Bushnell of the Free Software Foundation. Has some security implications. Fix a problem causing error messages about DNS problems when the host name contained a percent sign to act oddly because it was passed as a printf-style format string. In some cases this could cause core dumps. Avoid possible buffer overrun in returntosender() if error message is quite long. From Fletcher Mattox of the University of Texas. Fix a problem that would silently drop "too many hops" error messages if and only if you were sending to an alias. From Jon Giltner of the University of Colorado and Dan Harton of Oak Ridge National Laboratory. Fix a bug that caused core dumps on some systems if -d11.2 was set and e->e_message was null. Fix from Bruce Nagel of Data General. Fix problem that can still cause df files to be left around after "hop count exceeded" messages. Fix from Andrew Chang and Shau-Ping Lo of SunSoft. Fix a problem that can cause buffer overflows on very long user names (as might occur if you piped to a program with a lot of arguments). Avoid returning an error and re-queueing if the host signature is null; this can occur on addresses like ``user@.''. Problem noted by Wesley Craig and the University of Michigan. Avoid possible calls to malloc(0) if MCI caching is turned off. Bug fix from Pierre David of the Laboratoire Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), Universite de Versailles - St Quentin, and Jacky Thibault. Make a local copy of the line being sent via senttolist() -- in some cases, buffers could get trashed by map lookups causing it to do unexpected things. This also simplifies some of the map code. CONFIG: No changes (version number only, to keep it in sync with the binaries). 8.6.9/8.6.9 1994/04/19 Do all mail delivery completely disconnected from any terminal. This provides consistency with daemon delivery and may have some security implications. Make sure that malloc doesn't get called with zero size, since that fails on some systems. Reported by Ed Hill of the University of Iowa. Fix multi-line values for $e (SMTP greeting message). Reported by Mike O'Connor of Ford Motor Company. Avoid syserr if no NIS domain name is defined, but the map it is trying to open is optional. From Win Bent of USC. Changes for picky compilers from Ed Gould of Digital Equipment. Hesiod support for UDB from Todd Miller of the University of Colorado. Use "hesiod" as the service name in the U option. Fix a problem that failed to set the "authentic" host name (that is, the one derived from the socket info) if you called sendmail -bs from inetd. Based on code contributed by Todd Miller (this problem was also reported by Guy Helmer of Dakota State University). This also fixes a related problem reported by Liudvikas Bukys of the University of Rochester. Parameterize "nroff -h" in all the Makefiles so people with variant versions can use them easily. Suggested by Peter Collinson of Hillside Systems. SMTP "MAIL" commands with multiple ESMTP parameters required two spaces between parameters instead of one. Reported by Valdis Kletnieks of Virginia Tech. Reduce the number of system calls during message collection by using global timeouts around the collect() loop. This code was contributed by Eric Wassenaar. If the initial hostname name gathering results in a name without a dot (usually caused by NIS misconfiguration) and BIND is compiled in, directly access DNS to get the canonical name. This should make life easier for Solaris systems. If it still can't be resolved, and if the name server is listed as "required", try again in 30 seconds. If that also fails, exit immediately to avoid bogus "config error: mail loops back to myself" messages. Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error message to explain how much space was available and sound a bit less threatening. Suggested by Stan Janet of the National Institute of Standards and Technology. If mail is delivered to an alias that has an owner, deliver any requested return-receipt immediately, and strip the Return-Receipt-To: header from the subsequent message. This prevents a certain class of denial of service attack, arguably gives more reasonable semantics, and moves things more towards what will probably become a network standard. Suggested by Christopher Davis of Kapor Enterprises. Add a "noreceipts" privacy flag to turn off all return receipts without recompiling. Avoid printing ESMTP parameters as part of the error message if there are errors during parsing. This change is purely cosmetic. Avoid sending out error messages during the collect phase of SMTP; there is an MVS mailer from UCLA that gets confused by this. Of course, I think it's their bug.... Check for the $j macro getting undefined, losing a dot, or getting lost from $=w in the daemon before accepting a connection; if it is, it dumps state, prints a LOG_ALERT message, and drops core for debugging. This is an attempt to track down a bug that I thought was long since gone. If you see this, please forward the log fragment to sendmail@sendmail.ORG. Change OLD_NEWDB from a #ifdef to a #if so it can be turned off with -DOLD_NEWDB=0 on the command line. From Christophe Wolfhugel. Instead of trying to truncate the listen queue for the server SMTP port when the load average is too high, just close the port completely and reopen it later as needed. This ensures that the other end gets a quick "connection refused" response, and that the connection can be recovered later. In particular, some socket emulations seem to get confused if you tweak the listen queue size around and can never start listening to connections again. The down side is that someone could start up another daemon process in the interim, so you could have multiple daemons all not listening to connections; this could in turn cause the sendmail.pid file to be incorrect. A better approach might be to accept the connection and give a 421 code, but that could break other mailers in mysterious ways and have paging behavior implications. Fix a glitch in TCP-level debugging that caused flag 16.101 to set debugging on the wrong socket. From Eric Wassenaar. When creating a df* temporary file, be sure you truncate any existing data in the file -- otherwise system crashes and the like could result in extra data being sent. DOC: Replace the CHANGES-R5-R8 readme file with a paper in the doc directory. This includes some additional information. CONFIG: change UUCP rules to never add $U! or $k! on the front of recipient envelope addresses. This should have been handled by the $&h trick, but broke if people were mixing domainized and UUCP addresses. They should probably have converted all the way over to uucp-uudom instead of uucp-{new,old}, but the failure mode was to loop the mail, which was bad news. Portability fixes: Newer BSDI systems (several people). Older BSDI systems from Christophe Wolfhugel. Intergraph CLIX, from Paul Southworth of CICNet. UnixWare, from Evan Champion. NetBSD from Adam Glass. Solaris from Quentin Campbell of the University of Newcastle upon Tyne. IRIX from Dean Cookson and Bill Driscoll of Mitre Corporation. NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. SunOS (it has setsid() and setvbuf() calls) from Jonathan Kamens of OpenVision Technologies. HP-UX from Tor Lillqvist. New Files: src/Makefile.CLIX src/Makefile.NCR3000 doc/changes/Makefile doc/changes/changes.me doc/changes/changes.ps 8.6.8/8.6.6 1994/03/21 SECURITY: it was possible to read any file as root using the E (error message) option. Reported by Richard Jones; fixed by Michael Corrigan and Christophe Wolfhugel. 8.6.7/8.6.6 1994/03/14 SECURITY: it was possible to get root access by using weird values to the -d flag. Thanks to Alain Durand of INRIA for forwarding me the notice from the bugtraq list. 8.6.6/8.6.6 1994/03/13 SECURITY: the ability to give files away on System V-based systems proved dangerous -- don't run as the owner of a :include: file on a system that allows giveaways. Unfortunately, this also applies to determining a valid shell. IMPORTANT: Previous versions weren't expiring old connections in the connection cache for a long time under some circumstances. This could result in resource exhaustion, both at your end and at the other end. This checks the connections for timeouts much more frequently. From Doug Anderson of NCSC. Fix a glitch that snuck in that caused programs to be run as the sender instead of the recipient if the mail was from a local user to another local user. From Motonori Nakamura of Kyoto University. Fix "wildcard" on /etc/shells matching -- instead of looking for "*", look for "/SENDMAIL/ANY/SHELL/". From Bryan Costales of ICSI. Change the method used to declare the "statfs" availability; instead of HASSTATFS and/or HASUSTAT with a ton of tweaking in conf.c, there is a single #define called SFS_TYPE which takes on one of six values (SFS_NONE for no statfs availability, SFS_USTAT for the ustat(2) syscall, SFS_4ARGS for a four argument statfs(2) call, and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument statfs(2) call with the declarations in , , or respectively). Fix glitch in NetInfo support that could return garbage if there was no "/locations/sendmail" property. From David Meyer of the University of Virginia. Change HASFLOCK from defined/not-defined to a 0/1 definition to allow Linux to turn it off even though it is a BSD-like system. Allow setting of "ident" timeout to zero to turn off the ident protocol entirely. Make 7-bit stripping local to a connection (instead of to a mailer); this allows you to specify that SMTP is a 7-bit channel, but revert to 8-bit should it advertise that it supports 8BITMIME. You still have to specify mailer flag 7 to get this stripping at all. Improve makesendmail script so it handles more cases automatically. Tighten up restrictions on taking ownership of :include: files to avoid problems on systems that allow you to give away files. Fix a problem that made it impossible to rebuild the alias file if it was on a read-only file system. From Harry Edmon of the University of Washington. Improve MX randomization function. From John Gardiner Myers of CMU. Fix a minor glitch causing a bogus message to be printed (used %s instead of %d in a printf string for the line number) when a bad queue file was read. From Harry Edmon. Allow $s to remain NULL on locally generated mail. I'm not sure this is necessary, but a lot of people have complained about it, and there is a legitimate question as to whether "localhost" is legal as an 822-style domain. Fix a problem with very short line lengths (mailer L= flag) in headers. This causes a leading space to be added onto continuation lines (including in the body!), and also tries to wrap headers containing addresses (From:, To:, etc) intelligently at the shorter line lengths. Problem Reported by Lars-Johan Liman of SUNET Operations Center. Log the real user name when logging syserrs, since these can have security implications. Suggested by several people. Fix address logging of cached connections -- it used to always log the numeric address as zero. This is a somewhat bogus implementation in that it does an extra system call, but it should be an inexpensive one. Fix from Motonori Nakamura. Tighten up handling of short syslog buffers even more -- there were cases where the outgoing relay= name was too long to share a line with delay= and mailer= logging. Limit the overhead on split envelopes to one open file descriptor per envelope -- previously the overhead was three descriptors. This was in response to a problem reported by P{r (Pell) Emanuelsson. Fixes to better handle the case of unexpected connection closes; this redirects the output to the transcript so the info is not lost. From Eric Wassenaar. Fix potential string overrun if you macro evaluate a string that has a naked $ at the end. Problem noted by James Matheson . Make default error number on $#error messages 553 (``Requested action not taken: mailbox name not allowed'') instead of 501 (``Syntax error in parameters or arguments'') to avoid bogus "protocol error" messages. Strip off any existing trailing dot on names during $[ ... $] lookup. This prevents it from ending up with two dots on the end of dot terminated names. From Wesley Craig of the University of Michigan and Bryan Costales of ICSI. Clean up file class reading so that the debugging information is more informative. It hadn't been using setclass, so you didn't see the class items being added. Avoid core dump if you are running a version of sendmail where NIS is compiled in, and you specify an NIS map, but NIS is not running. Fix from John Oleynick of Rutgers. Diagnose bizarre case where res_search returns a failure value, but sets h_errno to a success value. Make sure that "too many hops" messages are considered important enough to send an error to the Postmaster (that is, the address specified in the P option). This fix should help problems that cause the df file to be left around sometimes -- unfortunately, I can't seem to reproduce the problem myself. Avoid core dump (null pointer reference) on EXPN command; this only occurred if your log level was set to 10 or higher and the target account was an alias or had a .forward file. Problem noted by Janne Himanka. Avoid "denial of service" attacks by someone who is flooding your SMTP port with bad commands by shutting the connection after 25 bad commands are issued. From Kyle Jones of UUNET. Fix core dump on error messages with very long "to" buffers; fmtmsg overflows the message buffer. Fixed by trimming the to address to 203 characters. Problem reported by John Oleynick. Fix configuration for HASFLOCK -- there were some spots where a #ifndef was incorrectly #ifdef. Pointed out by George Baltz of the University of Maryland. Fix a typo in savemail() that could cause the error message To: lists to be incorrect in some places. From Motonori Nakamura. Fix a glitch that can cause duplicate error messages on split envelopes where an address on one of the lists has a name server failure. Fix from Voradesh Yenbut of the University of Washington. Fix possible bogus pointer reference on ESMTP parameters that don't have an ``=value'' part. CNAME loops caused an error message to be generated, but also re-queued the message. Changed to just re-queue the message (it's really hard to just bounce it because of the weird way the name server works in the presence of CNAME loops). Problem noted by James M.R.Matheson of Cambridge University. Avoid giving ``warning: foo owned process doing -bs'' messages if they use ``MAIL FROM:'' where foo is their true user name. Suggested by Andreas Stolcke of ICSI. Change the NAMED_BIND compile flag to be a 0/1 flag so you can override it easily in the Makefile -- that is, you can turn it off using -DNAMED_BIND=0. If a gethostbyname(...) of an address with a trailing dot fails, try it without the trailing dot. This is because if you have a version of gethostbyname() that falls back to NIS or the /etc/hosts file it will fail to find perfectly reasonable names that just don't happen to be dot terminated in the hosts file. You don't want to strip the dot first though because we're trying to ensure that country names that match one of your subdomains get a chance. PRALIASES: fix bogus output on non-null-terminated strings. From Bill Gianopoulos of Raytheon. CONFIG: Avoid rewriting anything that matches $w to be $j. This was in code intended to only catch the self-literal address (that is, [1.2.3.4], where 1.2.3.4 is your IP address), but the code was broken. However, it will still do this if $M is defined; this is necessary to get client configurations to work (sigh). Note that this means that $M overrides :mailname entries in the user database! Problem noted by Paul Southworth. CONFIG: Fix definition of Solaris help file location. From Steve Cliffe . CONFIG: Fix bug that broke news.group.USENET mappings. CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, and USENET_MAILER_MAX to tweak the maximum message size for various mailers. CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] instead of assuming that it is "inews" for consistency with other mailers. From Michael Corrigan of UC San Diego. CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, qualify the address in the SMTP envelope as user@{relay|hub} instead of user@$j. From Bill Wisner of The Well. CONFIG: Fix route-addr syntax in nullrelay configuration set. CONFIG: Don't turn off case mapping of user names in the local mailer for IRIX. This was different than most every other system. CONFIG: Avoid infinite loops on certainly list:; syntaxes in envelope. Noted by Thierry Besancon . CONFIG: Don't include -z by default on uux line -- most systems don't want it set by default. Pointed out by Philippe Michel of Thomson CSF. CONFIG: Fix some bugs with mailertables -- for example, if your host name was foo.bar.ray.com and you matched against ".ray.com", the old implementation bound %1 to "bar" instead of "foo.bar". Also, allow "." in the mailertable to match anything -- essentially, take over SMART_HOST. This also moves matching of explicit local host names before the mailertable so they don't have to be special cased in the mailertable data. Reported by Bill Gianopoulos of Raytheon; the fix for the %1 binding problem was contributed by Nicholas Comanos of the University of Sydney. CONFIG: Don't include "root" in class $=L (users to deliver locally, even if a hub or relay exists) by default. This is because of the known bug where definition of both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore both and deliver into the local mailbox. CONFIG: Move up bitdomain and uudomain handling so that they are done before .UUCP class matching; uudomain was reported as ineffective before. This also frees up diversion 8 for future use. Problem reported by Kimmo Suominen. CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) into host names. As pointed out by Jonathan Kamens, these are often used because either the forward or reverse mapping is broken; this translation makes it broken again. DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo Suominen. Portability fixes: Unicos from David L. Kensiski of Sterling Software. DomainOS from Don Lewis of Silicon Systems. GNU m4 1.0.3 from Karst Koymans of Utrecht University. Convex from Kimmo Suominen . NetBSD from Adam Glass . BSD/386 from Tony Sanders of BSDI. Apollo from Eric Wassenaar. DGUX from Doug Anderson. Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. NEW FILES: src/Makefile.DomainOS src/Makefile.PTX src/Makefile.SunOS.5.1 src/Makefile.SunOS.5.2 src/Makefile.SunOS.5.x src/mailq.1 cf/ostype/domainos.m4 doc/op/Makefile doc/intro/Makefile doc/usenix/Makefile 8.6.5/8.6.5 1994/01/13 Security fix: /.forward could be owned by anyone (the test to allow root to own any file was backwards). From Bob Campbell at U.C. Berkeley. Security fix: group ids were not completely set when programs were invoked. This caused programs to have group permissions they should not have had (usually group daemon instead of their own group). In particular, Perl scripts would refuse to run. Security: check to make sure files that are written are not symbolic links (at least under some circumstances). Although this does not respond to a specific known attack, it's just a good idea. Suggested by Christian Wettergren. Security fix: if a user had an NFS mounted home directory on a system with a restricted shell listed in their /etc/passwd entry, they could still execute any program by putting that in their .forward file. This fix prevents that by insisting that their shell appear in /etc/shells before allowing a .forward to execute a program or write a file. You can disable this by putting "*" in /etc/shells. It also won't permit world-writable :include: files to reference programs or files (there's no way to disable this). These behaviors are only one level deep -- for example, it is legal for a world-writable :include: file to reference an alias that writes a file, on the assumption that the alias file is well controlled. Security fix: root was not treated suspiciously enough when looking into subdirectories. This would potentially allow a cracker to examine files that were publicly readable but in a non-publicly searchable directory. Fix a problem that causes an error on QUIT on a cached connection to create problems on the current job. These are typically unrelated, so errors occur in the wrong place. Reset CurrentLA in sendall() -- this makes sendmail queue runs more responsive to load average, and fixes a problem that ignored the load average in locally generated mail. From Eric Wassenaar. Fix possible core dump on aliases with null LHS. From John Orthoefer of BB&N. Revert to using flock() whenever possible -- there are just too many bugs in fcntl() locking, particularly over NFS, that cause sendmail to fail in perverse ways. Fix a bug that causes the connection cache to get confused when sending error messages. This resulted in "unexpected close" messages. It should fix itself on the following queue run. Problem noted by Liudvikas Bukys of the University of Rochester. Include $k in $=k as documented in the Install & Op Guide. This seems odd, but it was documented.... From Michael Corrigan of UCSD. Fix problem that caused :include:s from alias files to be forced to be owned by root instead of daemon (actually DefUid). From Tim Irvin. Diagnose unrecognized I option values -- from Mortin Forssen of the Chalmers University of Technology. Make "error" mailer work consistently when there is no error code associated with it -- previously it returned OK even though there was a real problem. Now it assumes EX_UNAVAILABLE. Fix bug that caused the last header line of messages that had no body and which were terminated with EOF instead of "." to be discarded. Problem noted by Liudvikas Bukys. Fix core dump on SMTP mail to programs that failed -- it tried to go to a "next MX host" when none existed, causing a core dump. From der Mouse at McGill University. Change IDENTPROTO from a defined/not defined to a 0/1 switch; this makes it easier to turn it off (using -DIDENTPROTO=0 in the Makefile). From der Mouse. Fix YP_MASTER_NAME store to use the unupdated result of gethostname() (instead of myhostname(), which tries to fully qualify the name) to be consistent with SunOS. If your hostname is unqualified, this fixes transfers to slave servers. Bug noted by Keith McMillan of Ameritech Services, Inc. Fix Ultrix problem: gethostbyname() can return a very large (> 500) h_length field, which causes the sockaddr to be trashed. Use the size of the sockaddr instead. Fix from Bob Manson of Ohio State. Don't assume "-a." on host lookups if NAMED_BIND is not defined -- this confuses gethostbyname on hosts file lookups, which doesn't understand the trailing dot convention. Log SMTP server subprocesses that die with a signal instead of from a clean exit. If you don't have option "I" set, don't assume that a DNS "host unknown" message is authoritative -- it might still be found in /etc/hosts. Fix a problem that would cause Deferred: messages to be sent as the subject of an error message, even though the actual cause of a message was more severe than that. Problem noted by Chris Seabrook of OSSI. Fix race condition in DBM alias file locking. From Kyle Jones of UUNET. Limit delivery syslog line length to avoid bugs in some versions of syslog(3). This adds a new compile time variable SYSLOG_BUFSIZE. From Jay Plett of Princeton University, which is in turn derived from IDA. Fix quotes inside of comments in addresses -- previously it insisted that they be balanced, but the 822 spec says that they should be ignored. Dump open file state to syslog upon receiving SIGUSR1 (for debugging). This also evaluates ruleset 89, if set (with the null input), and logs the result. This should be used sparingly, since the rewrite process is not reentrant. Change -qI, -qR, and -qS flags to be case-insensitive as documented in the Bat Book. If the mailer returned EX_IOERR or EX_OSERR, sendmail did not return an error message and did not requeue the message. Fix based on code from Roland Dirlewanger of Reseau Regional Aquarel, Bordeaux, France. Fix a problem that caused a seg fault if you got a 421 error code during some parts of connection initialization. I've only seen this when talking to buggy mailers on the other end, but it shouldn't give a seg fault in any case. From Amir Plivatsky. Fix core dump caused by a ruleset call that returns null. Fix from Bryan Costales of ICSI. Full-Name: field was being ignored. Fix from Motonori Nakamura of Kyoto University. Fix a possible problem with very long input lines in setproctitle. From P{r Emanuelsson. Avoid putting "This is a warning message" out on return receipts. Suggested by Douglas Anderson. Detect loops caused by recursive ruleset calls. Suggested by Bryan Costales. Initialize non-alias maps during alias rebuilds -- they may be needed for parsing. Problem noted by Douglas Anderson. Log sender address even if no message was collected in SMTP (e.g., if all RCPTs failed). Suggested by Motonori Nakamura. Don't reflect the owner-list contents into the envelope sender address if the value contains ", :, /, or | (to avoid illegal addresses appearing there). Efficiency hack for toktype macro -- from Craig Partridge of BB&N. Clean up DNS error printing so that a host name is always included. Remember to set $i during queue runs. Reported by Stephen Campbell of Dartmouth University. If the environment variable HOSTALIASES is set, use it during canonification as the name of a file with per-user host translations so that headers are properly mapped. Reported by Anne Bennett of Concordia University. Avoid printing misleading error message if SMTP mailer (not using [IPC]) should die on a core dump. Avoid incorrect diagnosis of "file 1 closed" when it is caused by the other end closing the connection. From Dave Morrison of Oracle. Improve several of the error messages printed by "mailq" to include a host name or other useful information. Add NetInfo preliminary support for NeXT systems. From Vince DeMarco. Fix a glitch that sometimes caused :include:s that pointed to NFS filesystems that were down to give an "aliasing/ forwarding loop broken" message instead of queueing the message for retry. Noted by William C Fenner of the NRL Connection Machine Facility. Fix a problem that could cause a core dump if the input sequence had (or somehow acquired) a \231 character. Make sure that route-addrs always have around them in non-SMTP envelopes (SMTP envelopes already do this properly). Avoid weird headers on unbalanced punctuation of the form: ``Joe User ; this has uucp-dom semantics but old UUCP syntax. This also permits "uucp-old" as an alias for "uucp" and "uucp-new" as a synonym for "suucp" for consistency. CONFIG: add POP mailer support (from Kimmo Suominen ). CONFIG: drop CSNET_RELAY support -- CSNET is long gone. CONFIG: fix bug caused with domain literal addresses (e.g., ``[128.32.131.12]'') when FEATURE(allmasquerade) was set; it would get an additional @masquerade.host added to the address. Problem noted by Peter Wan of Georgia Tech. CONFIG: make sure that the local UUCP name is in $=w. From Jim Murray of Stratus. CONFIG: changes to UUCP rewriting to simulate IDA-style "V" mailer flag. Briefly, if you are sending to host "foo", then it rewrites "foo!...!baz" to "...!baz", "foo!baz" remains "foo!baz", and anything else has the local name prepended. CONFIG: portability fixes for HP-UX. DOC: several minor problems fixed in the Install & Op Guide. MAKEMAP: fix core dump problem on lines that are too long or which lack newline. From Mark Delany. MAILSTATS: print sums of columns (total messages & kbytes in and out of the system). From Tom Ferrin of UC San Francisco Computer Graphics Lab. SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: On HP-UX, /etc/sendmail.cf has been moved to /usr/lib/sendmail.cf to match HP sendmail. Permissions have been tightened up on world-writable :include: files and accounts that have shells that are not listed in /etc/shells. This may cause some .forward files that have worked before to start failing. SIGUSR1 dumps some state to the log. NEW FILES: src/Makefile.DGUX src/Makefile.Dynix src/Makefile.FreeBSD src/Makefile.Mach386 src/Makefile.NetBSD src/Makefile.RISCos src/Makefile.SCO src/Makefile.SVR4 src/Makefile.Titan cf/mailer/pop.m4 cf/ostype/bsdi1.0.m4 cf/ostype/dgux.m4 cf/ostype/dynix3.2.m4 cf/ostype/sco3.2.m4 makemap/Makefile.dist praliases/Makefile.dist 8.6.4/8.6.4 1993/10/31 Repair core-dump problem (write to read-only memory segment) if you fall back to the return-to-Postmaster case in savemail. Problem reported by Richard Liu. Immediately diagnose bogus sender addresses in SMTP. This makes quite certain that crackers can't use this class of attack. Reliability Fix: check return value from fclose() and fsync() in a few critical places. Minor problem in initsys() that reversed a condition for redirecting the output channel on queue runs. It's not clear this code even does anything. From Eric Wassenaar of the Dutch National Institute for Nuclear and High-Energy Physics. Fix some problems that caused queue runs to do "too much work", such as double-reading the Errors-To: header. From Eric Wassenaar. Error messages on writing the temporary file (including the data file) were getting suppressed in SMTP -- this fix causes them to be properly reported. From Eric Wassenaar. Some changes to support AF_UNIX sockets -- this will only really become relevant in the next release, but some people need it for local patches. From Michael Corrigan of UC San Diego. Use dynamically allocated memory (instead of static buffers) for macros defined in initsys() and settime(); since these can have different values depending on which envelope they are in. From Eric Wassenaar. Improve logging to show ctladdr on to= logging; this tells you what uid/gid processes ran as. Fix a problem that caused error messages to be discarded if the sender address was unparseable for some reason; this was supposed to fall back to the "return to postmaster" case. Improve aliaswait backoff algorithm. Portability patches for Linux (8.6.3 required another header file) (from Karl London) and SCO UNIX. CONFIG: patch prog mailer to not strip host name off of envelope addresses (so that it matches local again). From Christopher Davis. CONFIG: change uucp-dom mailer so that "<>" translates to $n; this prevents uux from seeing lines with null names like ``From Sat Oct 30 14:55:31 1993''. From Motonori Nakamura of Kyoto University. CONFIG: handle syntax correctly. This isn't legal, but it shouldn't fail miserably. From Motonori Nakamura. 8.6.2/8.6.2 1993/10/15 Put a "successful delivery" message in the transcript for addresses that get return-receipts. Put a prominent "this is only a warning" message in warning messages -- some people don't read carefully enough and end up sending the message several times. Include reason for temporary failure in the "warning" return message. Currently, it just says "cannot send for four hours". Fix the "Original message received" time generated for returntosender messages. It was previously listed as the current time. Bug reported by Eric Hagberg of Cornell University Medical College. If there is an error when writing the body of a message, don't send the trailing dot and wait for a response in sender SMTP, as this could cause the connection to hang up under some bizarre circumstances. From Eric Wassenaar. Fix some server SMTP synchronization problems caused when connections fail during message collection. From Eric Wassenaar. Fix a problem that can cause srvrsmtp to reject mail if the name server is down -- it accepts the RCPT but rejects the DATA command. Problem reported by Jim Murray of Stratus. Fix a problem that can cause core dumps if the config file incorrectly resolves to a null hostname. Reported by Allan Johannesen of WPI. Non-root use of -C flag, dangerous -f flags, and use of -oQ by non-root users were not put into X-Authentication-Warning:s as intended because the config file hadn't set the PrivacyOptions yet. Fix from Sven-Ove Westberg of the University of Lulea. Under very odd circumstances, the alias file rebuild code could get confused as to whether a database was open or not. Check "vendor code" on the end of V lines -- this is intended to provide a hook for vendor-specific configuration syntax. (This is a "new feature", but I've made an exception to my rule in a belief that this is a highly exceptional case.) Portability fixes for DG/UX (from Douglas Anderson of NCSC), SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 (from Jon Forrest of UC Berkeley) CONFIG: fix ``mailer:host'' form of UUCP relay naming. 8.6.1/8.6 1993/10/08 Portability fixes for A/UX and Encore UMAX V. Fix error message handling -- if you had a name server down causing an error during parsing, that message was never propagated to the queue file. 8.6/8.6 1993/10/05 Configuration cleanup: make it easier to undo IDENTPROTO in conf.h (other systems have the same bug). If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume getdtablesize() instead of sysconf(); a disturbingly large number of systems defined _SC_OPEN_MAX in the header files but don't have the syscall. Another patch to really truly ignore MX records in getcanonname if trymx == FALSE. Fix problem that caused the "250 IAA25499 Message accepted for delivery" message to be omitted if there was an error in the header of the message (e.g., a bad Errors-To: line). Pointed out by Michael Corrigan of UCSD. Announce name of host we are chatting when we get errors; this is an IDA-ism suggested by Christophe Wolfhugel. Portability fixes for Alpha OSF/1 (from Anthony Baxter of the Australian Artificial Intelligence Institute), SCO Unix (from Murray Kucherawy of Hookup Communication Corp.), NeXT (from Vince DeMarco and myself), Linux (from Karl London ), BSDI (from Christophe Wolfhugel, and SVR4 on Dell (from Kimmo Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. Some changes to get around gcc optimizer bugs. From Takahiro Kanbe. Fix error recovery in queueup if another tf file of the same name already exists. Problem stumbled over by Bill Wisner of The Well. Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. Problem noted by Keith McMillan of Ameritech Services. Deal with group permissions properly when opening .forward and :include: files. This relaxes the 8.1C restrictions slightly more. This includes proper setting of groups when reading :include: files, allowing you to read some files that you should be able to read but have previously been denied unless you owned them or they had "other" read permission. Make certain that $j is in $=w (after the .cf is read) so that if the user is forced to override some silly system, MX suppression will still work. Fix a couple of efficiency problems where newstr was double- calling expensive routines. In at least one case, it wasn't guaranteed that they would always return the same result. Problem noted by Christophe Wolfhugel. Fix null pointer dereference in putoutmsg -- only on an error condition from a non-SMTP mailer. From Motonori Nakamura. Macro expand "C" line class definitions before scanning so that "CX $Z" works. Fix problem that caused error message to be sent while still trying to send the original message if the connection is closed during a DATA command after getting an error on an RCPT command (pretty obscure). Problem reported by John Myers of CMU. Fix reply to NOOP to be 250 instead of 200 -- this is a long term bug. Fix a nasty bug causing core dumps when returning the "warning: cannot deliver for N hours -- will keep trying" message; it only occurred if you had PostmasterCopy set and only on some architectures. Although sendmail would keep trying, it would send error messages on each queue interval. This is an important fix. Allow u and g options to take user and group names respectively. Don't do a chdir into the queue directory in -bt mode to make ruleset testing a bit easier. Don't allow users to turn off logging (using -oL) on the command line -- command line can only raise, not lower, logging level. Set $u to the original recipient on the SMTP transaction or on the command line. This is only done if there is exactly one recipient. Technically, this does not meet the specs, because it does not guarantee a domain on the address. Fix a problem that dumped error messages on bad addresses if you used the -t flag. Problem noted by Josh Smith of Harvey Mudd College. Given an address such as `` '', auto-quote the first ``'' part, giving ``"" ''. This is to avoid the problem of people who use angle brackets in their full name information. Fix a null pointer dereference if you set option "l", have an Errors-To: header in the message, and have Errors-To: defined in the config file H lines. From J.R. Oldroyd. Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get wrong when compiling. Suggested by Rick McCarty of TI. Fix a problem that could pass negative SIZE parameter if the df file got lost; this would cause servers to always give a temporary failure, making the problem even worse. Problem noted by Allan Johannesen of WPI. Add "ident" timeout (one of the "r" option selectors) for IDENT protocol timeouts (30s default). Requested by Murray Kucherawy of HookUp Communication Corp. to handle bogus PC TCP/IP implementations. Change $w default definition to be just the first component of the domain name on config level 5. The $j macro defaults to the FQDN; $m remains as before. This lets well-behaved config files use any of the short, long, or subdomain names. Add makesendmail script in src to try to automate multi-architecture builds. I know, this is sub-optimal, but it is still helpful. Fix very obscure race condition that can cause a queue run to get a queue file for an already completed job. This problem has existed for years. Problem noted by the long suffering Allan Johannesen of WPI. Fix a problem that caused the raw sender name to be passed to udbsender instead of the canonified name -- this caused it to sometimes miss records that it should have found. Relax check of name on HELO packet so that a program using -bs that claims to be itself works properly. Restore rewriting of $: part of address through 2, R, 4 in buildaddr -- this requires passing a lot of flags to get it right. Unlike old versions, this ONLY rewrites recipient addresses, not sender addresses. Fix a bug that caused core dumps in config files that cannot resolve /file/name style addresses. Fix from Jonathan Kamens of OpenVision Technologies. Fix problem with fcntl locking that can cause error returns to be lost if the lock is lost; this required fully queueing everything, dropping the envelope (so errors would get returned), and then re-reading the queue from scratch. Fix a problem that caused aliases that redefine an otherwise true address to still send to the original address if and only if the alias failed in certain bizarre ways (e.g, if they pointed at a list:; syntax address). Problem pointed out by Jonathan Kamens. Remove support for frozen configuration files. They caused more trouble than it was worth. Fix problem that can cause error messages to get ignored when using both -odb and -t flags. Problem noted by Rob McNicholas at U.C. Berkeley. Include all "normal" variations on hostname in $=w. For example, if the host name is vangogh.cs.berkeley.edu, $=w will contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. Add "restrictqrun" privacy flag -- without this, anyone can run the queue. Reset SmtpPhase global on initial connection creation so that messages don't come out with stale information. Pass an "ext" argument to lockfile so that error/log messages will properly reflect the true filename being locked. Put all [...] address forms into $=w -- this eliminates the need for MAXIPADDR in conf.h. Suggested by John Gardiner Myers of CMU. Fix a bug that can cause qf files to be left around even after an SMTP RSET command. Problem and fix from Michael Corrigan. Don't send a PostmasterCopy to errors when the Precedence: is negative. Error reports still go to the envelope sender address. Add LA_SHORT for load averages. Lock sendmail.st file when posting statistics. Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to set the size of the TCP send and receive buffers; if you run over a slow slip line you may need to set these down (although it would be better to fix the SLIP implementation so that it's not necessary to recompile every program that does bulk data transfer). Allow null defaults on $( ... $) lookups. Problem reported by Amir Plivatsky. Diagnose crufty S and V config lines. This resulted from an observation that some people were using the SITE macro without the SITECONFIG macro first, which was causing bogus config files that were not caught. Fix makemap -f flag to turn off case folding (it was turning it on instead). THIS IS A USER VISIBLE CHANGE!!! Fix a problem that caused multiple error messages to be sent if you used "sendmail -t -oem -odb", your system uses fcntl locking, and one of the recipient addresses is unknown. Reset uid earlier in include() so that recursive .forwards or :include:s don't use the wrong uid. If file descriptor 0, 1, or 2 was closed when sendmail was called, the code to recover the descriptor was broken. This sometimes (only sometimes) caused problems with the alias file. Fix from Motonori Nakamura. Fix a problem that caused aliaswait to go into infinite recursion if the @:@ metasymbol wasn't found in the alias file. Improve error message on newaliases if database files cannot be opened or if running with no database format defined. Do a better estimation of the size of error messages when NoReturn is set. Problem noted by P{r (Pell) Emanuelsson. Fix a problem causing the "c" option (don't connect to expensive mailers) to be ignored in SMTP. Problem noted and the solution suggested by Robert Elz of The University of Melbourne. Improve connection caching algorithm by passing "[host]" to hostsignature, which strips the square brackets and returns the real name. This allows mailertable entries to match regular entries. Re-enable Return-Receipt-To: -- people seem to want this stupid feature, even if it doesn't work right. Catch and log attempts to try the "wiz" command in server SMTP. This also ups the log level from LOG_NOTICE to LOG_CRIT. Be more generous at assigning $z to the home directory -- do this for programs that are specified through a .forward file. Fix from Andrew Chang of Sun Microsystems. Always save a fatal error message in preference to a non-fatal error message so that the "subject" line of return messages is the best possible. CONFIG: reduce the number of quotes needed to quote configuration parameters with commas: two quotes should work now, e.g., define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom connections (domain-ized UUCP). CONFIG: fix bug in default maps (-o must be before database file name). Pointed out by Christophe Wolfhugel. CONFIG: add FEATURE(nodns) to state that we are not relying on DNS. This would presumably be used in UUCP islands. CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). CONFIG: log $u in Received: line. This is in technical violation of the standards, since it doesn't guarantee a domain on the address. CONFIG: don't assume "m" in local mailer flags -- this means that if you redefine LOCAL_MAILER_FLAGS you will have to include the "m" flag should you want it. Apparently some Solaris 2.2 installations can't handle multiple local recipients. Problem noted by Josh Smith. CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). CONFIG: change default version level from 4 to 5. CONFIG: add FEATURE(nullclient) to create a config file that forwards all mail to a hub without ever looking at the addresses in any detail. CONFIG: properly strip mailer: information off of relays when used to change .BITNET form into %-hack form. CONFIG: fix a problem that caused infinite loops if presented with an address such as "!foo". CONFIG: check for self literal (e.g., [128.32.131.12]) even if the reverse "PTR" mapping is broken. There's a better way to do this, but the change is fairly major and I want to hold it for another release. Problem noted by Bret Marquis. 8.5/8.5 1993/07/23 Serious bug: if you used a command line recipient that was unknown sendmail would not send a return message (it was treating everything as though it had an SMTP-style client that would do the return itself). Problem noted by Josh Smith. Change "trymx" option in getcanonname() to ignore all MX data, even during a T_ANY query. This actually didn't break anything, because the only time you called getcanonname with !trymx was if you already knew there were no MX records, but it is somewhat cleaner. From Motonori Nakamura. Don't call getcanonname from getmxrr if you already know there are no DNS records matching the name. Fix a problem causing error messages to always include "The original message was received ... from localhost". The correct original host information is now included. Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their version of "test" doesn't have the -x flag). Change it to use -f instead. From John Myers. CONFIG: 8.4 mistakenly set the default SMTP-style mailer to esmtp -- it should be smtp. CONFIG: send all relayed mail using confRELAY_MAILER (defaults to "relay" (a variant of "smtp") if MAILER(smtp) is used, else "suucp" if MAILER(uucp) is used, else "unknown"); this cleans up the configs somewhat. This fixes a serious problem that caused route-addrs to get mistaken as relays, pointed out by John Myers. WARNING: this also causes the default on SMART_HOST to change from "suucp" to "relay" if you have MAILER(smtp) specified. 8.4/8.4 1993/07/22 Add option `w'. If you receive a message that comes to you because you are the best (lowest preference) target of an MX, and you haven't explicitly recognized the source MX host in your .cf file, this option will cause you to try the target host directly (as if there were no MX for it at all). If `w' is not set, this case is a configuration error. Beware: if `w' is set, senders may get bogus errors like "message timed out" or "host unknown" for problems that are really configuration errors. This option is disrecommended, provided only for compatibility with UIUC sendmail. Fix a problem that caused the incoming socket to be left open when sendmail forks after the DATA command. This caused calling systems to wait in FIN_WAIT_2 state until the entire list was processed and the child closed -- a potentially prodigious amount of time. Problem noted by Neil Rickert. Fix problem (created in 6.64) that caused mail sent to multiple addresses, one of which was a bad address, to completely suppress the sending of the message. This changes handling of EF_FATALERRS somewhat, and adds an EF_GLOBALERRS flag. This also fixes a potential problem with duplicate error messages if there is a syntax error in the header of a message that isn't noticed until late in processing. Original problem pointed out by Josh Smith of Harvey Mudd College. This release includes quite a bit of dickering with error handling (see below). Back out SMTP transaction if MAIL gets nested 501 error. This will only hurt already-broken software and should help humans. Fix a problem that broke aliases when neither NDBM nor NEWDB were compiled in. It would never read the alias file. Repair unbalanced `)' and `>' (the "open" versions are already repaired). Logging of "done" in dropenvelope() was incorrect: it would log this even when the queue file still existed. Change this to only log "done" (at log level 11) when the queue file is actually removed. From John Myers. Log "lost connection" in server SMTP at log level 20 if there is no pending transaction. Some senders just close the connection rather than sending QUIT. Fix a bug causing getmxrr to add a dot to the end of unqualified domains that do not have MX records -- this would cause the subsequent host name lookup to fail. The problem only occurred if you had FEATURE(nocanonify) set. Problem noted by Rick McCarty of Texas Instruments. Fix invocation of setvbuf when passed a -X flag -- I had unwittingly used an ANSI C extension, and this caused core dumps on some machines. Diagnose self-destructive alias loops on RCPT as well as EXPN. Previously it just gave an empty send queue, which then gave either "Need RCPT (recipient)" at the DATA (confusing, since you had given an RCPT command which returned 250) or just dropped the email, depending on whether you were running VERBose mode. Now it usually diagnoses this case as "aliasing/forwarding loop broken". Unfortunately, it still doesn't adequately diagnose some true error conditions. Add internal concept of "warning messages" using 6xx codes. These are not reported only to Postmaster. Unbalanced parens, brackets, and quotes are printed as 653 codes. They are always mapped to 5xx codes before use in SMTP. Clean up error messages to tell both the actual address that failed and the alias they arose from. This makes it somewhat easier to diagnose problems. Difficulty noted by Motonori Nakamura. Fix a problem that inappropriately added a ctladdr to addresses that shouldn't have had one during a queue run. This caused error messages to be handled differently during a queue run than a direct run. Don't print the qf name and line number if you get errors during the direct run of the queue from srvrsmtp -- this was just extra stuff for users to crawl through. Put command line flags on second line of pid file so you can auto-restart the daemon with all appropriate arguments. Use "kill `head -1 /etc/sendmail.pid`" to stop the daemon, and "eval `tail -1 /etc/sendmail.pid`" to restart it. Remove the ``setuid(getuid())'' in main -- this caused the IDENT daemon to screw up. This required that I change HASSETEUID to HASSETREUID and complicate the mode changing somewhat because both Ultrix and SunOS seem to have a bug causing seteuid() to set the saved uid as well as the effective. The program test/t_setreuid.c will test to see if your implementation of setreuid(2) is appropriately functional. The FallBackMX (option V) handling failed to properly identify fallback to yourself -- most of the code was there, but it wasn't being enabled. Problem noted by Murray Kucherawy of the University of Waterloo. Change :include: open timeout from ETIMEDOUT to an internal code EOPENTIMEOUT; this avoids adding "during SmtpPhase with CurHostName" in error messages, which can be confusing. Reported by Jonathan Kamens of OpenVision Technologies. Back out setpgrp (setpgid on POSIX systems) call to reset the process group id. The original fix was to get around some problems with recalcitrant MUAs, but it breaks any call from a shell that creates a process group id different from the process id. I could try to fix this by diddling the tty owner (using tcsetpgrp or equivalent) but this is too likely to break other things. Portability changes: Support -M as equivalent to -oM on Ultrix -- apparently DECnet calls sendmail with -MrDECnet -Ms -bs instead of using standard flags. Oh joy. This behavior reported by Jon Giltner of University of Colorado. SGI IRIX -- this includes several changes that should help other strict ANSI compilers. SCO Unix -- from Murray Kucherawy of HookUp Communication Corporation. Solaris running the Sun C compiler (which despite the documentation apparently doesn't define __STDC__ by default). ConvexOS from Eric Schnoebelen of Convex. Sony NEWS workstations and Omron LUNA workstations from Motonori Nakamura. CONFIG: add confTRY_NULL_MX_LIST to set option `w'. CONFIG: delete `C' and `e' from default SMTP mailers flags; several people have made a good argument that this creates more problems than it solves (although this may prove painful in the short run). CONFIG: generalize all the relays to accept a "mailer:host" format. CONFIG: move local processing in ruleset 0 into a new ruleset 98 (8 on old sendmail). Domain literal [a.b.c.d] addresses are also passed through this ruleset. CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, internet-style addresses would "fall off the end" of ruleset zero and be interpreted as local -- however, the angle brackets confused the recursive call. These are now diagnosed as "Unrecognized host name". CONFIG: USENET rules weren't included in S0 because of a mistaken ifdef(`_MAILER_USENET_') instead of ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik of SINTEF RUNIT, Oslo. CONFIG: move up LOCAL_RULE_0 processing so that it happens very early in ruleset 0; this allows .mc authors to bypass things like the "short circuit" code for local addresses. Prompted by a comment by Bill Wisner of The Well. CONFIG: add confSMTP_MAILER to define the mailer used (smtp or esmtp) to send SMTP mail. This allows you to default to esmtp but use a mailertable or other override to deal with broken servers. This logic was pointed out to me by Bill Wisner. Ditto for confLOCAL_MAILER. Changes to cf/sh/makeinfo.sh to make it portable to SVR4 environments. Ugly as sin. 8.3/8.3 1993/07/13 Fix setuid problems introduced in 8.2 that caused messages like "Cannot create qfXXXXXX: Invalid argument" or "Cannot reopen dfXXXXXX: Permission denied". This involved a new compile flag "HASSETEUID" that takes the place of the old _POSIX_SAVED_IDS -- it turns out that the POSIX interface is broken enough to break some systems badly. This includes some fixes for HP-UX. Also fixes problems where the real uid is not reset properly on startup (from Neil Rickert). Fix a problem that caused timed out messages to not report the addresses that timed out. Error messages are also more "user friendly". Drop required bandwidth on connections from 64 bytes/sec to 16 bytes/sec. Further Solaris portability changes -- doesn't require the BSD compatibility library. This also adds a new "HASGETDTABLESIZE" compile flag which can be used if you want to use getdtablesize(2) instead of sysconf(2). These are loosely based on changes from David Meyer at University of Oregon. This now seems to work, at least for quick test cases. Fix a problem that can cause duplicate error messages to be sent if you are in SMTP, you send to multiple addresses, and at least one of those addresses is good and points to an account that has a .forward file (whew!). Fix a problem causing messages to be discarded if checkcompat() returned EX_TEMPFAIL (because it didn't properly mark the "to" address). Problem noted by John Myers. Fix dfopen to return NULL if the open failed; I was depending on fdopen(-1) returning NULL, which isn't the case. This isn't serious, but does result in weird error diagnoses. From Michael Corrigan. CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of messages sent through UUCP-family mailers. Suggested by Bill Wisner of The Well. CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, include a "uucp-dom" mailer that uses domain-style addressing. Suggested by Bill Wisner. CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by Christophe Wolfhugel. CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 8.2/8.2 1993/07/11 Don't drop out on config file parse errors in -bt mode. On older configuration files, assume option "l" (use Errors-To header) for back compatibility. NOTE: this DOES NOT imply an endorsement of the Errors-To: header in any way. Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? Don't log errors on EHLO -- it isn't a "real" error for an old SMTP server to give an error on this command, and logging it in the transcript can be confusing. Fix from Bill Wisner. IRIX compatibility changes provided by Dan Rich . Solaris 2 compatibility changes. Provided by Bob Cunningham , John Oleynick Debugging: -d17 was overloaded (hostsignature and usersmtp.c); move usersmtp (smtpinit and smtpmailfrom) to -d18 to match the other flags in that file. Flush transcript before fork in mailfile(). From Eric Wassenaar. Save h_errno in mci struct and improve error message display. Changes from Eric Wassenaar. Open /dev/null for the transcript if the create of the xf file failed; this avoids at least one possible null pointer reference in very weird cases. From Eric Wassenaar. Clean up statistics gathering; it was over-reporting because of forks. From Eric Wassenaar. Fix problem that causes old Return-Path: line to override new Return-Path: line (conf.c needs H_FORCE to avoid re-using old value). From Motonori Nakamura. Fix broken -m flag in K definition -- even if -m (match only) was specified, it would still replace the key with the value. Noted by Rick McCarty of Texas Instruments. If the name server timed out over several days, no "timed out" message would ever be sent back. The timeout code has been moved from markfailure() to dropenvelope() so that all such failures should be diagnosed. Pointed out by Christophe Wolfhugel and others. Relax safefile() constraints: directories in an include or forward path must be readable by self if the controlling user owns the entry, readable by all otherwise (e.g., when reading your .forward file, you have to own and have X permission in it; everyone needs X permission in the root and directories leading up to your home); include files must be readable by anyone, but need not be owned by you. If _POSIX_SAVED_IDS is defined, setuid to the owner before reading a .forward file; this gets around some problems on NFS mounts if root permission is not exported and the user's home directory isn't x'able. Additional NeXT portability enhancements from Axel Zinser. Additional HP-UX portability enhancements from Brian Bullen. Add a timeout around SMTP message writes; this assumes you can get throughput of at least 64 bytes/second. Note that this does not impact the "datafinal" default, which is separate; this is just intended to work around network clogs that will occur before the final dot is sent. From Eric Wassenaar. Change map code to set the "include null" flag adaptively -- it initially tries both, but if it finds anything matching without a null it never tries again with a null and vice versa. If -N is specified, it never tries without the null and creates new maps with a null byte. If -O is specified, it never tries with the null (for efficiency). If -N and -O are specified, you get -NO (get it?) lookup at all, so this would be a bad idea. If you don't specify either -N or -O, it adapts. Fix recognition of "same from address" so that MH submissions will insert the appropriate full name information; this used to work and got broken somewhere along the way. Some changes to eliminate some unnecessary SYSERRs in the log. For example, if you lost a connection, don't bother reporting that fact on the connection you lost. Add some "extended debugging" flags to try to track down why we get occasional problems with file descriptor one being closed when execing a mailer; it seems to only happen when there has been another error in the same transaction. This requires XDEBUG, defined by default in conf.h. Add "-X filename" command line flag, which logs both sides of all SMTP transactions. This is intended ONLY for debugging bad implementations of other mailers; start it up, send a message from a mailer that is failing, and then kill it off and examine the indicated log. This output is not intended to be particularly human readable. This also adds the HASSETVBUF compile flag, defaulted on if your compiler defines __STDC__. CONFIG: change SMART_HOST to override an SMTP mailer. If you have a local net that should get direct connects, you will need to use LOCAL_NET_CONFIG to catch these hosts. See cf/README for an example. CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle sites that don't use the -d flag. CONFIG: hide recipient addresses as well as sender addresses behind $M if FEATURE(allmasquerade) is specified; this has been requested by several people, but can break local aliases. For example, if you mail to "localalias" this will be rewritten as "localalias@masqueradehost"; although initial delivery will work, replies will be broken. Use it sparingly. CONFIG: add FEATURE(domaintable). This maps unqualified domains to qualified domains in headers. I believe this is largely equivalent to the IDA feature of the same name. CONFIG: use $U as UUCP name instead of $k. This permits you to override the "system name" as your UUCP name -- in particular, to use domain-ized UUCP names. From Bill Wisner of The Well. CONFIG: create new mailer "esmtp" that always tries EHLO first. This is currently unused in the config files, but could be used in a mailertable entry. 8.1C/8.1B 1993/06/27 Serious security bug fix: it was possible to read any file on the system, regardless of ownership and permissions. If a subroutine returns a fully qualified address, return it immediately instead of feeding it back into rewriting. This fixes a problem with mailertable lookups. CONFIG: fix some M4 frotz (concat => CONCAT) 8.1B/8.1A 1993/06/12 Serious bug fix: pattern matching backup algorithm stepped by two tokens in classes instead of one. Found by Claus Assmann at University of Kiel, Germany. 8.1A/8.1A 1993/06/08 Another mailertable fix.... 8.1/8.1 1993/06/07 4.4BSD freeze. No semantic changes. Index: stable/4/contrib/sendmail/cf/README =================================================================== --- stable/4/contrib/sendmail/cf/README (revision 71887) +++ stable/4/contrib/sendmail/cf/README (revision 71888) @@ -1,3238 +1,3260 @@ SENDMAIL CONFIGURATION FILES This document describes the sendmail configuration files. This package requires a post-V7 version of m4; if you are running the 4.2bsd, SysV.2, or 7th Edition version. SunOS's /usr/5bin/m4 or BSD-Net/2's m4 both work. GNU m4 version 1.1 or later also works. Unfortunately, the M4 on BSDI 1.0 doesn't work -- you'll have to use a Net/2 or GNU version. GNU m4 is available from ftp://ftp.gnu.org/pub/gnu/m4/m4-1.4.tar.gz (check for the -latset version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x +latest version). EXCEPTIONS: DEC's m4 on Digital UNIX 4.x is broken (3.x is fine). Use GNU m4 on this platform. To get started, you may want to look at tcpproto.mc (for TCP-only sites), uucpproto.mc (for UUCP-only sites), and clientproto.mc (for clusters of clients using a single mail host). Others are versions previously used at Berkeley. For example, ucbvax has gone away, but ucbvax.mc demonstrates some interesting techniques. ******************************************************************* *** BE SURE YOU CUSTOMIZE THESE FILES! They have some *** *** Berkeley-specific assumptions built in, such as the name *** *** of their UUCP-relay. You'll want to create your own *** *** domain description, and use that in place of *** *** domain/Berkeley.EDU.m4. *** ******************************************************************* +--------------------------+ | INTRODUCTION AND EXAMPLE | +--------------------------+ Configuration files are contained in the subdirectory "cf", with a suffix ".mc". They must be run through "m4" to produce a ".cf" file. You must pre-load "cf.m4": m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf Alternatively, you can simply: cd ${CFDIR}/cf ./Build config.cf where ${CFDIR} is the root of the cf directory and config.mc is the name of your configuration file. If you are running a version of M4 that understands the __file__ builtin (versions of GNU m4 >= 0.75 do this, but the versions distributed with 4.4BSD and derivatives do not) or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory. For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash! For example: m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf Let's examine a typical .mc file: divert(-1) # # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # # This is a Berkeley-specific configuration file for HP-UX 9.x. # It applies only to the Computer Science Division at Berkeley, # and should not be used elsewhere. It is provided on the sendmail # distribution as a sample only. To create your own configuration # file, create an appropriate domain file in ../domain, change the # `DOMAIN' macro below to reference that file, and copy the result # to a name of your own choosing. # divert(0) The divert(-1) will delete the crud in the resulting output file. The copyright notice can be replaced by whatever your lawyers require; our lawyers require the one that is included in these files. A copyleft is a copyright by another name. The divert(0) restores regular output. VERSIONID(`') VERSIONID is a macro that stuffs the version information into the resulting file. You could use SCCS, RCS, CVS, something else, or omit it completely. This is not the same as the version id included in SMTP greeting messages -- this is defined in m4/version.m4. OSTYPE(`hpux9')dnl You must specify an OSTYPE to properly configure things such as the pathname of the help and status files, the flags needed for the local mailer, and other important things. If you omit it, you will get an error when you try to build the configuration. Look at the ostype directory for the list of known operating system types. DOMAIN(`CS.Berkeley.EDU')dnl This example is specific to the Computer Science Division at Berkeley. You can use "DOMAIN(`generic')" to get a sufficiently bland definition that may well work for you, or you can create a customized domain definition appropriate for your environment. MAILER(`local') MAILER(`smtp') These describe the mailers used at the default CS site. The local mailer is always included automatically. Beware: MAILER declarations should always be at the end of the configuration file, and MAILER(`smtp') should always precede MAILER(`procmail'), and MAILER(`uucp'). The general rules are that the order should be: VERSIONID OSTYPE DOMAIN FEATURE local macro definitions MAILER LOCAL_RULE_* LOCAL_RULESETS There are a few exceptions to this rule. Local macro definitions which influence a FEATURE() should be done before that feature. For example, a define(`PROCMAIL_MAILER_PATH', ...) should be done before FEATURE(`local_procmail'). +----------------------------+ | A BRIEF INTRODUCTION TO M4 | +----------------------------+ Sendmail uses the M4 macro processor to ``compile'' the configuration files. The most important thing to know is that M4 is stream-based, that is, it doesn't understand about lines. For this reason, in some places you may see the word ``dnl'', which stands for ``delete through newline''; essentially, it deletes all characters starting at the ``dnl'' up to and including the next newline character. In most cases sendmail uses this only to avoid lots of unnecessary blank lines in the output. Other important directives are define(A, B) which defines the macro ``A'' to have value ``B''. Macros are expanded as they are read, so one normally quotes both values to prevent expansion. For example, define(`SMART_HOST', `smart.foo.com') One word of warning: M4 macros are expanded even in lines that appear to be comments. For example, if you have # See FEATURE(`foo') above it will not do what you expect, because the FEATURE(`foo') will be expanded. This also applies to # And then define the $X macro to be the return address because ``define'' is an M4 keyword. If you want to use them, surround them with directed quotes, `like this'. +----------------+ | FILE LOCATIONS | +----------------+ sendmail 8.9 has introduced a new configuration directory for sendmail related files, /etc/mail. The new files available for sendmail 8.9 -- the class {R} /etc/mail/relay-domains and the access database /etc/mail/access -- take advantage of this new directory. Beginning with 8.10, all files will use this directory by default (some options may be set by OSTYPE() files). This new directory should help to restore uniformity to sendmail's file locations. Below is a table of some of the common changes: Old filename New filename ------------ ------------ /etc/bitdomain /etc/mail/bitdomain /etc/domaintable /etc/mail/domaintable /etc/genericstable /etc/mail/genericstable /etc/uudomain /etc/mail/uudomain /etc/virtusertable /etc/mail/virtusertable /etc/userdb /etc/mail/userdb /etc/aliases /etc/mail/aliases /etc/sendmail/aliases /etc/mail/aliases /etc/ucbmail/aliases /etc/mail/aliases /usr/adm/sendmail/aliases /etc/mail/aliases /usr/lib/aliases /etc/mail/aliases /usr/lib/mail/aliases /etc/mail/aliases /usr/ucblib/aliases /etc/mail/aliases /etc/sendmail.cw /etc/mail/local-host-names /etc/mail/sendmail.cw /etc/mail/local-host-names /etc/sendmail/sendmail.cw /etc/mail/local-host-names /etc/sendmail.ct /etc/mail/trusted-users /etc/sendmail.oE /etc/mail/error-header /etc/sendmail.hf /etc/mail/helpfile /etc/mail/sendmail.hf /etc/mail/helpfile /usr/ucblib/sendmail.hf /etc/mail/helpfile /etc/ucbmail/sendmail.hf /etc/mail/helpfile /usr/lib/sendmail.hf /etc/mail/helpfile /usr/share/lib/sendmail.hf /etc/mail/helpfile /usr/share/misc/sendmail.hf /etc/mail/helpfile /share/misc/sendmail.hf /etc/mail/helpfile /etc/service.switch /etc/mail/service.switch /etc/sendmail.st /etc/mail/statistics /etc/mail/sendmail.st /etc/mail/statistics /etc/mailer/sendmail.st /etc/mail/statistics /etc/sendmail/sendmail.st /etc/mail/statistics /usr/lib/sendmail.st /etc/mail/statistics /usr/ucblib/sendmail.st /etc/mail/statistics Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR to create the pathnames. The default value of this variable is `/etc/mail/'. If you set this macro to a different value, you MUST include a trailing slash. +--------+ | OSTYPE | +--------+ You MUST define an operating system environment, or the configuration file build will puke. There are several environments available; look at the "ostype" directory for the current list. This macro changes things like the location of the alias file and queue directory. Some of these files are identical to one another. It is IMPERATIVE that the OSTYPE occur before any MAILER definitions. In general, the OSTYPE macro should go immediately after any version information, and MAILER definitions should always go last. Operating system definitions are usually easy to write. They may define the following variables (everything defaults, so an ostype file may be empty). Unfortunately, the list of configuration-supported systems is not as broad as the list of source-supported systems, since many of the source contributors do not include corresponding ostype files. ALIAS_FILE [/etc/mail/aliases] The location of the text version of the alias file(s). It can be a comma-separated list of names (but be sure you quote values with commas in them -- for example, use define(`ALIAS_FILE', `a,b') to get "a" and "b" both listed as alias files; otherwise the define() primitive only sees "a"). HELP_FILE [/etc/mail/helpfile] The name of the file containing information printed in response to the SMTP HELP command. QUEUE_DIR [/var/spool/mqueue] The directory containing queue files. To use multiple queues, supply a value ending with an asterisk. For example, /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with 'q' in /var/spool/mqueue as queue directories. The names 'qf', 'df', and 'xf' are used as specific subdirectories for the corresponding queue file types. STATUS_FILE [/etc/mail/statistics] The file containing status information. LOCAL_MAILER_PATH [/bin/mail] The program used to deliver local mail. LOCAL_MAILER_FLAGS [Prmn9] The flags used by the local mailer. The flags lsDFMAw5:/|@q are always included. LOCAL_MAILER_ARGS [mail -d $u] The arguments passed to deliver local mail. LOCAL_MAILER_MAX [undefined] If defined, the maximum size of local mail that you are willing to accept. LOCAL_MAILER_MAXMSGS [undefined] If defined, the maximum number of messages to deliver in a single connection. Only useful for LMTP local mailers. LOCAL_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data that ARRIVE from an address that resolves to the local mailer and which are converted to MIME will be labeled with this character set. LOCAL_MAILER_EOL [undefined] If defined, the string to use as the end of line for the local mailer. LOCAL_MAILER_DSN_DIAGNOSTIC_CODE [X-Unix] The DSN Diagnostic-Code value for the local mailer. This should be changed with care. LOCAL_SHELL_PATH [/bin/sh] The shell used to deliver piped email. LOCAL_SHELL_FLAGS [eu9] The flags used by the shell mailer. The flags lsDFM are always included. LOCAL_SHELL_ARGS [sh -c $u] The arguments passed to deliver "prog" mail. LOCAL_SHELL_DIR [$z:/] The directory search path in which the shell should run. USENET_MAILER_PATH [/usr/lib/news/inews] The name of the program used to submit news. USENET_MAILER_FLAGS [rsDFMmn] The mailer flags for the usenet mailer. USENET_MAILER_ARGS [-m -h -n] The command line arguments for the usenet mailer. USENET_MAILER_MAX [100000] The maximum size of messages that will be accepted by the usenet mailer. SMTP_MAILER_FLAGS [undefined] Flags added to SMTP mailer. Default flags are `mDFMuX' for all SMTP-based mailers; the "esmtp" mailer adds `a'; "smtp8" adds `8'; and "dsmtp" adds `%'. RELAY_MAILER_FLAGS [undefined] Flags added to the relay mailer. Default flags are `mDFMuX' for all SMTP-based mailers; the relay mailer adds `a8'. If this is not defined, then SMTP_MAILER_FLAGS is used. SMTP_MAILER_MAX [undefined] The maximum size of messages that will be transported using the smtp, smtp8, esmtp, or dsmtp mailers. SMTP_MAILER_MAXMSGS [undefined] If defined, the maximum number of messages to deliver in a single connection for the smtp, smtp8, esmtp, or dsmtp mailers. SMTP_MAILER_ARGS [TCP $h] The arguments passed to the smtp mailer. About the only reason you would want to change this would be to change the default port. ESMTP_MAILER_ARGS [TCP $h] The arguments passed to the esmtp mailer. SMTP8_MAILER_ARGS [TCP $h] The arguments passed to the smtp8 mailer. DSMTP_MAILER_ARGS [TCP $h] The arguments passed to the dsmtp mailer. RELAY_MAILER_ARGS [TCP $h] The arguments passed to the relay mailer. RELAY_MAILER_MAXMSGS [undefined] If defined, the maximum number of messages to deliver in a single connection for the relay mailer. SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. UUCP_MAILER_PATH [/usr/bin/uux] The program used to send UUCP mail. UUCP_MAILER_FLAGS [undefined] Flags added to UUCP mailer. Default flags are `DFMhuU' (and `m' for uucp-new mailer, minus `U' for uucp-dom mailer). UUCP_MAILER_ARGS [uux - -r -z -a$g -gC $h!rmail ($u)] The arguments passed to the UUCP mailer. UUCP_MAILER_MAX [100000] The maximum size message accepted for transmission by the UUCP mailers. UUCP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data that ARRIVE from an address that resolves to one of the UUCP mailers and which are converted to MIME will be labeled with this character set. FAX_MAILER_PATH [/usr/local/lib/fax/mailfax] The program used to submit FAX messages. FAX_MAILER_ARGS [mailfax $u $h $f] The arguments passed to the FAX mailer. FAX_MAILER_MAX [100000] The maximum size message accepted for transmission by FAX. POP_MAILER_PATH [/usr/lib/mh/spop] The pathname of the POP mailer. POP_MAILER_FLAGS [Penu] Flags added to POP mailer. Flags lsDFMq are always added. POP_MAILER_ARGS [pop $u] The arguments passed to the POP mailer. PROCMAIL_MAILER_PATH [/usr/local/bin/procmail] The path to the procmail program. This is also used by FEATURE(`local_procmail'). PROCMAIL_MAILER_FLAGS [SPhnu9] Flags added to Procmail mailer. Flags DFM are always set. This is NOT used by FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS instead. PROCMAIL_MAILER_ARGS [procmail -Y -m $h $f $u] The arguments passed to the Procmail mailer. This is NOT used by FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS instead. PROCMAIL_MAILER_MAX [undefined] If set, the maximum size message that will be accepted by the procmail mailer. MAIL11_MAILER_PATH [/usr/etc/mail11] The path to the mail11 mailer. MAIL11_MAILER_FLAGS [nsFx] Flags for the mail11 mailer. MAIL11_MAILER_ARGS [mail11 $g $x $h $u] Arguments passed to the mail11 mailer. PH_MAILER_PATH [/usr/local/etc/phquery] The path to the phquery program. PH_MAILER_FLAGS [ehmu] Flags for the phquery mailer. Flags nrDFM are always set. PH_MAILER_ARGS [phquery -- $u] -- arguments to the phquery mailer. CYRUS_MAILER_FLAGS [Ah5@/:|] The flags used by the cyrus mailer. The flags lsDFMnPq are always included. CYRUS_MAILER_PATH [/usr/cyrus/bin/deliver] The program used to deliver cyrus mail. CYRUS_MAILER_ARGS [deliver -e -m $h -- $u] The arguments passed to deliver cyrus mail. CYRUS_MAILER_MAX [undefined] If set, the maximum size message that will be accepted by the cyrus mailer. CYRUS_MAILER_USER [cyrus:mail] The user and group to become when running the cyrus mailer. CYRUS_BB_MAILER_FLAGS [u] The flags used by the cyrusbb mailer. The flags lsDFMnP are always included. CYRUS_BB_MAILER_ARGS [deliver -e -m $u] The arguments passed to deliver cyrusbb mail. confEBINDIR [/usr/libexec] The directory for executables. Currently used for FEATURE(`local_lmtp') and FEATURE(`smrsh'). QPAGE_MAILER_FLAGS [mDFMs] The flags used by the qpage mailer. QPAGE_MAILER_PATH [/usr/local/bin/qpage] The program used to deliver qpage mail. QPAGE_MAILER_ARGS [qpage -l0 -m -P$u] The arguments passed to deliver qpage mail. QPAGE_MAILER_MAX [4096] If set, the maximum size message that will be accepted by the qpage mailer. Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS: MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of the macro Name_MAILER_FLAGS and change can be: flags that should be used directly (thus overriding the default value), or if it starts with `+' (`-') then those flags are added to (removed from) the default value. Example: MODIFY_MAILER_FLAGS(`LOCAL', `+e') will add the flag `e' to LOCAL_MAILER_FLAGS. WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS unconditionally, i.e., without respecting any definitions in an OSTYPE setting. +---------+ | DOMAINS | +---------+ You will probably want to collect domain-dependent defines into one file, referenced by the DOMAIN macro. For example, the Berkeley domain file includes definitions for several internal distinguished hosts: UUCP_RELAY The host that will accept UUCP-addressed email. If not defined, all UUCP sites must be directly connected. BITNET_RELAY The host that will accept BITNET-addressed email. If not defined, the .BITNET pseudo-domain won't work. DECNET_RELAY The host that will accept DECNET-addressed email. If not defined, the .DECNET pseudo-domain and addresses of the form node::user will not work. FAX_RELAY The host that will accept mail to the .FAX pseudo-domain. The "fax" mailer overrides this value. -LOCAL_RELAY DEPRECATED. The site that will handle unqualified - names -- that is, names with out an @domain extension. - If not set, they are assumed to belong on this machine. - This allows you to have a central site to store a - company- or department-wide alias database. This - only works at small sites, and only with some user - agents. +LOCAL_RELAY The site that will handle unqualified names -- that + is, names with out an @domain extension. + Normally MAIL_HUB is preferred for this function. + LOCAL_RELAY is mostly useful in conjunction with + FEATURE(stickyhost) -- see the discussion of + stickyhost below. If not set, they are assumed to + belong on this machine. This allows you to have a + central site to store a company- or department-wide + alias database. This only works at small sites, + and only with some user agents. LUSER_RELAY The site that will handle lusers -- that is, apparently local names that aren't local accounts or aliases. To specify a local user instead of a site, set this to ``local:username''. Any of these can be either ``mailer:hostname'' (in which case the mailer is the internal mailer name, such as ``uucp-new'' and the hostname is the name of the host as appropriate for that mailer) or just a ``hostname'', in which case a default mailer type (usually ``relay'', a variant on SMTP) is used. WARNING: if you have a wildcard MX record matching your domain, you probably want to define these to have a trailing dot so that you won't get the mail diverted back to yourself. The domain file can also be used to define a domain name, if needed (using "DD") and set certain site-wide features. If all hosts at your site masquerade behind one email name, you could also use MASQUERADE_AS here. You do not have to define a domain -- in particular, if you are a single machine sitting off somewhere, it is probably more work than it's worth. This is just a mechanism for combining "domain dependent knowledge" into one place. +---------+ | MAILERS | +---------+ There are fewer mailers supported in this version than the previous version, owing mostly to a simpler world. As a general rule, put the MAILER definitions last in your .mc file, and always put MAILER(`smtp') before MAILER(`uucp') and MAILER(`procmail') -- several features and definitions will modify the definition of mailers, and the smtp mailer modifies the UUCP mailer. Moreover, MAILER(`cyrus'), MAILER(`pop'), MAILER(`phquery'), and MAILER(`usenet') must be defined after MAILER(`local'). local The local and prog mailers. You will almost always need these; the only exception is if you relay ALL your mail to another site. This mailer is included automatically. smtp The Simple Mail Transport Protocol mailer. This does not hide hosts behind a gateway or another other such hack; it assumes a world where everyone is running the name server. This file actually defines five mailers: "smtp" for regular (old-style) SMTP to other servers, "esmtp" for extended SMTP to other servers, "smtp8" to do SMTP to other servers without converting 8-bit data to MIME (essentially, this is your statement that you know the other end is 8-bit clean even if it doesn't say so), "dsmtp" to do on demand delivery, and "relay" for transmission to the RELAY_HOST, LUSER_RELAY, or MAIL_HUB. uucp The UNIX-to-UNIX Copy Program mailer. Actually, this defines two mailers, "uucp-old" (a.k.a. "uucp") and "uucp-new" (a.k.a. "suucp"). The latter is for when you know that the UUCP mailer at the other end can handle multiple recipients in one transfer. If the smtp mailer is also included in your configuration, two other mailers ("uucp-dom" and "uucp-uudom") are also defined [warning: you MUST specify MAILER(smtp) before MAILER(uucp)]. When you include the uucp mailer, sendmail looks for all names in class {U} and sends them to the uucp-old mailer; all names in class {Y} are sent to uucp-new; and all names in class {Z} are sent to uucp-uudom. Note that this is a function of what version of rmail runs on the receiving end, and hence may be out of your control. See the section below describing UUCP mailers in more detail. usenet Usenet (network news) delivery. If this is specified, an extra rule is added to ruleset 0 that forwards all local email for users named ``group.usenet'' to the ``inews'' program. Note that this works for all groups, and may be considered a security problem. fax Facsimile transmission. This is experimental and based on Sam Leffler's HylaFAX software. For more information, - see http://www.vix.com/hylafax/. + see http://www.hylafax.org/. pop Post Office Protocol. procmail An interface to procmail (does not come with sendmail). This is designed to be used in mailertables. For example, a common question is "how do I forward all mail for a given domain to a single person?". If you have this mailer defined, you could set up a mailertable reading: host.com procmail:/etc/procmailrcs/host.com with the file /etc/procmailrcs/host.com reading: :0 # forward mail for host.com ! -oi -f $1 person@other.host This would arrange for (anything)@host.com to be sent to person@other.host. Within the procmail script, $1 is the name of the sender and $2 is the name of the recipient. If you use this with FEATURE(`local_procmail'), the FEATURE should be listed first. mail11 The DECnet mail11 mailer, useful only if you have the mail11 program from gatekeeper.dec.com:/pub/DEC/gwtools (and DECnet, of course). This is for Phase IV DECnet support; if you have Phase V at your site you may have additional problems. phquery The phquery program. This is somewhat counterintuitively referenced as the "ph" mailer internally. It can be used to do CCSO name server lookups. The phquery program, which this mailer uses, is distributed with the ph client. cyrus The cyrus and cyrusbb mailers. The cyrus mailer delivers to a local cyrus user. this mailer can make use of the "user+detail@local.host" syntax; it will deliver the mail to the user's "detail" mailbox if the mailbox's ACL permits. The cyrusbb mailer delivers to a system-wide cyrus mailbox if the mailbox's ACL permits. The cyrus mailer must be defined after the local mailer. qpage A mailer for QuickPage, a pager interface. See http://www.qpage.org/ for further information. The local mailer accepts addresses of the form "user+detail", where the "+detail" is not used for mailbox matching but is available to certain local mail programs (in particular, see FEATURE(`local_procmail')). For example, "eric", "eric+sendmail", and "eric+sww" all indicate the same user, but additional arguments , "sendmail", and "sww" may be provided for use in sorting mail. +----------+ | FEATURES | +----------+ Special features can be requested using the "FEATURE" macro. For example, the .mc line: FEATURE(`use_cw_file') tells sendmail that you want to have it read an /etc/mail/local-host-names file to get values for class {w}. The FEATURE may contain up to 9 optional parameters -- for example: FEATURE(`mailertable', `dbm /usr/lib/mailertable') The default database map type for the table features can be set with define(`DATABASE_MAP_TYPE', `dbm') which would set it to use ndbm databases. The default is the Berkeley DB hash database format. Note that you must still declare a database map type if you specify an argument to a FEATURE. DATABASE_MAP_TYPE is only used if no argument is given for the FEATURE. It must be specified before any feature that uses a map. Available features are: use_cw_file Read the file /etc/mail/local-host-names file to get alternate names for this host. This might be used if you were on a host that MXed for a dynamic set of other hosts. If the set is static, just including the line "Cw ..." (where the names are fully qualified domain names) is probably superior. The actual filename can be overridden by redefining confCW_FILE. use_ct_file Read the file /etc/mail/trusted-users file to get the names of users that will be ``trusted'', that is, able to set their envelope from address using -f without generating a warning message. The actual filename can be overridden by redefining confCT_FILE. redirect Reject all mail addressed to "address.REDIRECT" with a ``551 User has moved; please try
'' message. If this is set, you can alias people who have left to their new address with ".REDIRECT" appended. nouucp Don't route UUCP addresses. This feature takes one parameter: `reject': reject addresses which have "!" in the local part unless it originates from a system that is allowed to relay. `nospecial': don't do anything special with "!". Warnings: 1. See the NOTICE in the ANTI-SPAM section. 2. don't remove "!" from OperatorChars if `reject' is given as parameter. nocanonify Don't pass addresses to $[ ... $] for canonification - by default. It can be changed by setting the - DaemonPortOptions modifiers (M=). That is, + by default, i.e., host/domain names are considered canonical, + except for unqualified names, which must not be used in this + mode (violation of the standard). It can be changed by + setting the DaemonPortOptions modifiers (M=). That is, FEATURE(`nocanonify') will be overridden by setting the 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, it can be emulated by setting the 'C' flag (DaemonPortOptions=Modifiers=C). This would generally only be used by sites that only act as mail gateways or which have user agents that do full canonification themselves. You may also want to use "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off the usual resolver options that do a similar thing. An exception list for FEATURE(`nocanonify') can be specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which are nevertheless passed to $[ ... $] for canonification. This is useful to turn on canonification for local domains, e.g., use CANONIFY_DOMAIN(`my.domain my') to canonify addresses which end in "my.domain" or "my". Another way to require canonification in the local domain is CANONIFY_DOMAIN(`$=m'). A trailing dot is added to addresses with more than one component in it such that other features which expect a trailing dot (e.g., virtusertable) will still work. If `canonify_hosts' is specified as parameter, i.e., FEATURE(`nocanonify', `canonify_hosts'), then addresses which have only a hostname, e.g., , will be canonified (and hopefully fully qualified), too. -stickyhost If set, email sent to "user@local.host" are marked - as "sticky" -- that is, the local addresses aren't - matched against UDB and don't go through ruleset 5. - This is used if you want a set up where "user" is - not necessarily the same as "user@local.host", e.g., - to make a distinct domain-wide namespace. Prior to - 8.7 this was the default, and notsticky was used to - turn this off. +stickyhost This feature is sometimes used with LOCAL_RELAY, + although it can be used for a different effect with + MAIL_HUB. + When used with without MAIL_HUB, email sent to + "user@local.host" are marked as "sticky" -- that + is, the local addresses aren't matched against UDB, + don't go through ruleset 5, and are not forwarded to + the LOCAL_RELAY (if defined). + + With MAIL_HUB, mail addressed to "user@local.host" + is forwarded to the mail hub, with the envelope + address still remaining "user@local.host". + Without stickyhost, the envelope would be changed + to "user@mail_hub", in order to protect against + mailing loops. + mailertable Include a "mailer table" which can be used to override routing for particular domains (which are not in class {w}, i.e. local host names). The argument of the FEATURE may be the key definition. If none is specified, the definition used is: hash /etc/mail/mailertable Keys in this database are fully qualified domain names or partial domains preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain not covered by other keys. Values must be of the form: mailer:domain where "mailer" is the internal mailer name, and "domain" is where to send the message. These maps are not reflected into the message header. As a special case, the forms: local:user will forward to the indicated user using the local mailer, local: will forward to the original user in the e-mail address using the local mailer, and error:code message error:D.S.N:code message will give an error message with the indicated SMTP reply code and message, where D.S.N is an RFC 1893 compliant error code. domaintable Include a "domain table" which can be used to provide domain name mapping. Use of this should really be limited to your own domains. It may be useful if you change names (e.g., your company changes names from oldname.com to newname.com). The argument of the FEATURE may be the key definition. If none is specified, the definition used is: hash /etc/mail/domaintable The key in this table is the domain name; the value is the new (fully qualified) domain. Anything in the domaintable is reflected into headers; that is, this is done in ruleset 3. bitdomain Look up bitnet hosts in a table to try to turn them into internet addresses. The table can be built using the bitdomain program contributed by John Gardiner Myers. The argument of the FEATURE may be the key definition; if none is specified, the definition used is: hash /etc/mail/bitdomain Keys are the bitnet hostname; values are the corresponding internet hostname. uucpdomain Similar feature for UUCP hosts. The default map definition is: hash /etc/mail/uudomain At the moment there is no automagic tool to build this database. always_add_domain Include the local host domain even on locally delivered mail. Normally it is not added on unqualified names. However, if you use a shared message store but do not use the same user name space everywhere, you may need the host name on local names. allmasquerade If masquerading is enabled (using MASQUERADE_AS), this feature will cause recipient addresses to also masquerade as being from the masquerade host. Normally they get the local hostname. Although this may be right for ordinary users, it can break local aliases. For example, if you send to "localalias", the originating sendmail will find that alias and send to all members, but send the message with "To: localalias@masqueradehost". Since that alias likely does not exist, replies will fail. Use this feature ONLY if you can guarantee that the ENTIRE namespace on your masquerade host supersets all the local entries. limited_masquerade Normally, any hosts listed in class {w} are masqueraded. If this feature is given, only the hosts listed in class {M} (see below: MASQUERADE_DOMAIN) are masqueraded. This is useful if you have several domains with disjoint namespaces hosted on the same machine. masquerade_entire_domain If masquerading is enabled (using MASQUERADE_AS) and MASQUERADE_DOMAIN (see below) is set, this feature will cause addresses to be rewritten such that the masquerading domains are actually entire domains to be hidden. All hosts within the masquerading domains will be rewritten to the masquerade name (used in MASQUERADE_AS). For example, if you have: MASQUERADE_AS(`masq.com') MASQUERADE_DOMAIN(`foo.org') MASQUERADE_DOMAIN(`bar.com') then *foo.org and *bar.com are converted to masq.com. Without this feature, only foo.org and bar.com are masqueraded. NOTE: only domains within your jurisdiction and current hierarchy should be masqueraded using this. genericstable This feature will cause unqualified addresses (i.e., without a domain) and addresses with a domain listed in class {G} to be looked up in a map and turned into another ("generic") form, which can change both the domain name and the user name. This is similar to the userdb functionality. The same types of addresses as for masquerading are looked up, i.e., only header sender addresses unless the allmasquerade and/or masquerade_envelope features are given. Qualified addresses must have the domain part in class {G}; entries can be added to this class by the macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). The argument of FEATURE(`genericstable') may be the map definition; the default map definition is: hash /etc/mail/genericstable The key for this table is either the full address, the domain (with a leading @; the localpart is passed as first argument) or the unqualified username (tried in the order mentioned); the value is the new user address. If the new user address does not include a domain, it will be qualified in the standard manner, i.e., using $j or the masquerade name. Note that the address being looked up must be fully qualified. For local mail, it is necessary to use FEATURE(`always_add_domain') for the addresses to be qualified. The "+detail" of an address is passed as %1, so entries like old+*@foo.org new+%1@example.com gen+*@foo.org %1@example.com and other forms are possible. generics_entire_domain If the genericstable is enabled and GENERICS_DOMAIN or GENERICS_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {G}. virtusertable A domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine. For example, if the virtuser table contained: info@foo.com foo-info info@bar.com bar-info joe@bar.com error:nouser No such user here jax@bar.com error:D.S.N:unavailable Address invalid @baz.org jane@example.net then mail addressed to info@foo.com will be sent to the address foo-info, mail addressed to info@bar.com will be delivered to bar-info, and mail addressed to anyone at baz.org will be sent to jane@example.net, mail to joe@bar.com will be rejected with the specified error message, and mail to jax@bar.com will also have a RFC 1893 compliant error code D.S.N. The username from the original address is passed as %1 allowing: @foo.org %1@example.com meaning someone@foo.org will be sent to someone@example.com. Additionally, if the local part consists of "user+detail" then "detail" is passed as %2 when a match against user+* is attempted, so entries like old+*@foo.org new+%2@example.com gen+*@foo.org %2@example.com +*@foo.org %1+%2@example.com and other forms are possible. Note: to preserve "+detail" for a default case (@domain) +*@domain must be used as exemplified above. All the host names on the left hand side (foo.com, bar.com, and baz.org) must be in class {w} or class {VirtHost}, the latter can be defined by the macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). If VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are added to class {R}, i.e., relaying is allowed to (and from) those domains. The default map definition is: hash /etc/mail/virtusertable A new definition can be specified as the second argument of the FEATURE macro, such as FEATURE(`virtusertable', `dbm /etc/mail/virtusers') virtuser_entire_domain If the virtusertable is enabled and VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {VirtHost}. ldap_routing Implement LDAP-based e-mail recipient routing according to the Internet Draft draft-lachman-laser-ldap-mail-routing-01. This provides a method to re-route addresses with a domain portion in class {LDAPRoute} to either a different mail host or a different address. Hosts can be added to this class using LDAPROUTE_DOMAIN and LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). See the LDAP ROUTING section below for more information. nodns If you aren't running DNS at your site (for example, you are UUCP-only connected). It's hard to consider this a "feature", but hey, it had to go somewhere. Actually, as of 8.7 this is a no-op -- remove "dns" from the hosts service switch entry instead. nullclient This is a special case -- it creates a configuration file containing nothing but support for forwarding all mail to a central hub via a local SMTP-based network. The argument is the name of that hub. The only other feature that should be used in conjunction with this one is FEATURE(`nocanonify'). No mailers should be defined. No aliasing or forwarding is done. local_lmtp Use an LMTP capable local mailer. The argument to this feature is the pathname of an LMTP capable mailer. By default, mail.local is used. This is expected to be the mail.local which came with the 8.9 distribution which is LMTP capable. The path to mail.local is set by the confEBINDIR m4 variable -- making the default LOCAL_MAILER_PATH /usr/libexec/mail.local. WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, i.e., without respecting any definitions in an OSTYPE setting. local_procmail Use procmail or another delivery agent as the local mailer. The argument to this feature is the pathname of the delivery agent, which defaults to PROCMAIL_MAILER_PATH. Note that this does NOT use PROCMAIL_MAILER_FLAGS or PROCMAIL_MAILER_ARGS for the local mailer; tweak LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or specify the appropriate parameters. When procmail is used, the local mailer can make use of the "user+indicator@local.host" syntax; normally the +indicator is just tossed, but by default it is passed as the -a argument to procmail. This feature can take up to three arguments: 1. Path to the mailer program [default: /usr/local/bin/procmail] 2. Argument vector including name of the program [default: procmail -Y -a $h -d $u] 3. Flags for the mailer [default: SPfhn9] Empty arguments cause the defaults to be taken. For example, this allows it to use the maildrop (http://www.flounder.net/~mrsam/maildrop/) mailer instead by specifying: FEATURE(`local_procmail', `/usr/local/bin/maildrop', `maildrop -d $u') or scanmails using: FEATURE(`local_procmail', `/usr/local/bin/scanmails') WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally, i.e., without respecting any definitions in an OSTYPE setting. bestmx_is_local Accept mail as though locally addressed for any host that lists us as the best possible MX record. This generates additional DNS traffic, but should be OK for low to medium traffic hosts. The argument may be a set of domains, which will limit the feature to only apply to these domains -- this will reduce unnecessary DNS traffic. THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH WILDCARD MX RECORDS!!! If you have a wildcard MX record that matches your domain, you cannot use this feature. smrsh Use the SendMail Restricted SHell (smrsh) provided with the distribution instead of /bin/sh for mailing to programs. This improves the ability of the local system administrator to control what gets run via e-mail. If an argument is provided it is used as the pathname to smrsh; otherwise, the path defined by confEBINDIR is used for the smrsh binary -- by default, /usr/libexec/smrsh is assumed. promiscuous_relay By default, the sendmail configuration files do not permit mail relaying (that is, accepting mail from outside your local host (class {w}) and sending it to another host than your local host). This option sets your site to allow mail relaying from any site to any site. In almost all cases, it is better to control relaying more carefully with the access map, class {R}, or authentication. Domains can be added to class {R} by the macros RELAY_DOMAIN or RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below). relay_entire_domain By default, only hosts listed as RELAY in the access db will be allowed to relay. This option also allows any host in your domain as defined by class {m}. relay_hosts_only By default, names that are listed as RELAY in the access db and class {R} are domain names, not host names. For example, if you specify ``foo.com'', then mail to or from foo.com, abc.foo.com, or a.very.deep.domain.foo.com will all be accepted for relaying. This feature changes the behaviour to lookup individual host names only. relay_based_on_MX Turns on the ability to allow relaying based on the MX records of the host portion of an incoming recipient; that is, if an MX record for host foo.com points to your site, you will accept and relay mail addressed to foo.com. See description below for more information before using this feature. Also, see the KNOWNBUGS entry regarding bestmx map lookups. FEATURE(`relay_based_on_MX') does not necessarily allow routing of these messages which you expect to be allowed, if route address syntax (or %-hack syntax) is used. If this is a problem, add entries to the access-table or use FEATURE(`loose_relay_check'). relay_mail_from Allows relaying if the mail sender is listed as RELAY in the access map. If an optional argument `domain' is given, the domain portion of the mail sender is checked too. This should only be used if absolutely necessary as the sender address can be easily forged. Use of this feature requires the "From:" tag be prepended to the key in the access map; see the discussion of tags and FEATURE(`relay_mail_from') in the section on ANTI-SPAM CONFIGURATION CONTROL. relay_local_from Allows relaying if the domain portion of the mail sender is a local host. This should only be used if absolutely necessary as it opens a window for spammers. Specifically, they can send mail to your mail server that claims to be from your domain (either directly or via a routed address), and you will go ahead and relay it out to arbitrary hosts on the Internet. accept_unqualified_senders Normally, MAIL FROM: commands in the SMTP session will be refused if the connection is a network connection and the sender address does not include a domain name. If your setup sends local mail unqualified (i.e., MAIL FROM: ), you will need to use this feature to accept unqualified sender addresses. Setting the DaemonPortOptions modifier 'u' overrides the default behavior, i.e., unqualified addresses are accepted even without this FEATURE. If this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used to enforce fully qualified addresses. accept_unresolvable_domains Normally, MAIL FROM: commands in the SMTP session will be refused if the host part of the argument to MAIL FROM: cannot be located in the host name service (e.g., an A or MX record in DNS). If you are inside a firewall that has only a limited view of the Internet host name space, this could cause problems. In this case you probably want to use this feature to accept all domains on input, even if they are unresolvable. access_db Turns on the access database feature. The access db gives you the ability to allow or refuse to accept mail from specified domains for administrative reasons. By default, the access database specification is: hash /etc/mail/access The format of the database is described in the anti-spam configuration control section later in this document. blacklist_recipients Turns on the ability to block incoming mail for certain recipient usernames, hostnames, or addresses. For example, you can block incoming mail to user nobody, host foo.mydomain.com, or guest@bar.mydomain.com. These specifications are put in the access db as described in the anti-spam configuration control section later in this document. +delay_checks The rulesets check_mail and check_relay will not be called + when a client connects or issues a MAIL command, respectively. + Instead, those rulesets will be called by the check_rcpt + ruleset; they will be skipped under certain circumstances. + See "Delay all checks" in "ANTI-SPAM CONFIGURATION CONTROL". + rbl This feature is deprecated! Please use dnsbl instead. Turns on rejection of hosts found in the Realtime Blackhole List. If an argument is provided it is used as the domain in which blocked hosts are listed; otherwise, the main RBL domain rbl.maps.vix.com is used. For details, see http://maps.vix.com/rbl/. dnsbl Turns on rejection of hosts found in an DNS based rejection list. If an argument is provided it is used as the domain in which blocked hosts are listed; otherwise it defaults to - rbl.maps.vix.com. An explanation for an DNS based rejection - list can be found http://maps.vix.com/rbl/. A second argument - can be used to change the default error message of - Mail from $&{client_addr} refused by blackhole site SERVER - where SERVER is replaced by the first argument. This feature - can be included several times to query different DNS based - rejection lists. + blackholes.mail-abuse.org. An explanation for an DNS based + rejection list can be found http://mail-abuse.org/rbl/. A + second argument can be used to change the default error + message of Mail from $&{client_addr} refused by blackhole site + SERVER where SERVER is replaced by the first argument. This + feature can be included several times to query different DNS + based rejection lists. loose_relay_check Normally, if % addressing is used for a recipient, e.g. user%site@othersite, and othersite is in class {R}, the check_rcpt ruleset will strip @othersite and recheck user@site for relaying. This feature changes that behavior. It should not be needed for most installations. no_default_msa Don't generate the default MSA daemon, i.e., DAEMON_OPTIONS(`Port=587,Name=MSA,M=E') To define a MSA daemon with other parameters, use this FEATURE and introduce new settings via DAEMON_OPTIONS(). +-------+ | HACKS | +-------+ Some things just can't be called features. To make this clear, they go in the hack subdirectory and are referenced using the HACK macro. These will tend to be site-dependent. The release includes the Berkeley-dependent "cssubdomain" hack (that makes sendmail accept local names in either Berkeley.EDU or CS.Berkeley.EDU; this is intended as a short-term aid while moving hosts into subdomains. +--------------------+ | SITE CONFIGURATION | +--------------------+ ***************************************************** * This section is really obsolete, and is preserved * * only for back compatibility. You should plan on * * using mailertables for new installations. In * * particular, it doesn't work for the newer forms * * of UUCP mailers, such as uucp-uudom. * ***************************************************** Complex sites will need more local configuration information, such as lists of UUCP hosts they speak with directly. This can get a bit more tricky. For an example of a "complex" site, see cf/ucbvax.mc. The SITECONFIG macro allows you to indirectly reference site-dependent configuration information stored in the siteconfig subdirectory. For example, the line SITECONFIG(`uucp.ucbvax', `ucbvax', `U') reads the file uucp.ucbvax for local connection information. The second parameter is the local name (in this case just "ucbvax" since it is locally connected, and hence a UUCP hostname). The third parameter is the name of both a macro to store the local name (in this case, {U}) and the name of the class (e.g., {U}) in which to store the host information read from the file. Another SITECONFIG line reads SITECONFIG(`uucp.ucbarpa', `ucbarpa.Berkeley.EDU', `W') This says that the file uucp.ucbarpa contains the list of UUCP sites connected to ucbarpa.Berkeley.EDU. Class {W} will be used to store this list, and $W is defined to be ucbarpa.Berkeley.EDU, that is, the name of the relay to which the hosts listed in uucp.ucbarpa are connected. [The machine ucbarpa is gone now, but this out-of-date configuration file has been left around to demonstrate how you might do this.] Note that the case of SITECONFIG with a third parameter of ``U'' is special; the second parameter is assumed to be the UUCP name of the local site, rather than the name of a remote site, and the UUCP name is entered into class {w} (the list of local hostnames) as $U.UUCP. The siteconfig file (e.g., siteconfig/uucp.ucbvax.m4) contains nothing more than a sequence of SITE macros describing connectivity. For example: SITE(`cnmat') SITE(`sgi olympus') The second example demonstrates that you can use two names on the same line; these are usually aliases for the same host (or are at least in the same company). +--------------------+ | USING UUCP MAILERS | +--------------------+ It's hard to get UUCP mailers right because of the extremely ad hoc nature of UUCP addressing. These config files are really designed for domain-based addressing, even for UUCP sites. There are four UUCP mailers available. The choice of which one to use is partly a matter of local preferences and what is running at the other end of your UUCP connection. Unlike good protocols that define what will go over the wire, UUCP uses the policy that you should do what is right for the other end; if they change, you have to change. This makes it hard to do the right thing, and discourages people from updating their software. In general, if you can avoid UUCP, please do. The major choice is whether to go for a domainized scheme or a non-domainized scheme. This depends entirely on what the other end will recognize. If at all possible, you should encourage the other end to go to a domain-based system -- non-domainized addresses don't work entirely properly. The four mailers are: uucp-old (obsolete name: "uucp") This is the oldest, the worst (but the closest to UUCP) way of sending messages accros UUCP connections. It does bangify everything and prepends $U (your UUCP name) to the sender's address (which can already be a bang path itself). It can only send to one address at a time, so it spends a lot of time copying duplicates of messages. Avoid this if at all possible. uucp-new (obsolete name: "suucp") The same as above, except that it assumes that in one rmail command you can specify several recipients. It still has a lot of other problems. uucp-dom This UUCP mailer keeps everything as domain addresses. Basically, it uses the SMTP mailer rewriting rules. This mailer is only included if MAILER(`smtp') is also specified. Unfortunately, a lot of UUCP mailer transport agents require bangified addresses in the envelope, although you can use domain-based addresses in the message header. (The envelope shows up as the From_ line on UNIX mail.) So.... uucp-uudom This is a cross between uucp-new (for the envelope addresses) and uucp-dom (for the header addresses). It bangifies the envelope sender (From_ line in messages) without adding the local hostname, unless there is no host name on the address at all (e.g., "wolf") or the host component is a UUCP host name instead of a domain name ("somehost!wolf" instead of "some.dom.ain!wolf"). This is also included only if MAILER(`smtp') is also specified. Examples: On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following summarizes the sender rewriting for various mailers. Mailer sender rewriting in the envelope ------ ------ ------------------------- uucp-{old,new} wolf grasp!wolf uucp-dom wolf wolf@grasp.insa-lyon.fr uucp-uudom wolf grasp.insa-lyon.fr!wolf uucp-{old,new} wolf@fr.net grasp!fr.net!wolf uucp-dom wolf@fr.net wolf@fr.net uucp-uudom wolf@fr.net fr.net!wolf uucp-{old,new} somehost!wolf grasp!somehost!wolf uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf If you are using one of the domainized UUCP mailers, you really want to convert all UUCP addresses to domain format -- otherwise, it will do it for you (and probably not the way you expected). For example, if you have the address foo!bar!baz (and you are not sending to foo), the heuristics will add the @uucp.relay.name or @local.host.name to this address. However, if you map foo to foo.host.name first, it will not add the local hostname. You can do this using the uucpdomain feature. +-------------------+ | TWEAKING RULESETS | +-------------------+ For more complex configurations, you can define special rules. The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing the names. Any modifications made here are reflected in the header. A common use is to convert old UUCP addresses to SMTP addresses using the UUCPSMTP macro. For example: LOCAL_RULE_3 UUCPSMTP(`decvax', `decvax.dec.com') UUCPSMTP(`research', `research.att.com') will cause addresses of the form "decvax!user" and "research!user" to be converted to "user@decvax.dec.com" and "user@research.att.com" respectively. This could also be used to look up hosts in a database map: LOCAL_RULE_3 R$* < @ $+ > $* $: $1 < @ $(hostmap $2 $) > $3 This map would be defined in the LOCAL_CONFIG portion, as shown below. Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules. For example, new rules are needed to parse hostnames that you accept via MX records. For example, you might have: LOCAL_RULE_0 R$+ <@ host.dom.ain.> $#uucp $@ cnmat $: $1 < @ host.dom.ain.> You would use this if you had installed an MX record for cnmat.Berkeley.EDU pointing at this host; this rule catches the message and forwards it on using UUCP. You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2. These rulesets are normally empty. A similar macro is LOCAL_CONFIG. This introduces lines added after the boilerplate option setting but before rulesets. Do not declare rulesets in the LOCAL_CONFIG section. It can be used to declare local database maps or whatever. For example: LOCAL_CONFIG Khostmap hash /etc/mail/hostmap Kyplocal nis -m hosts.byname +---------------------------+ | MASQUERADING AND RELAYING | +---------------------------+ You can have your host masquerade as another using MASQUERADE_AS(`host.domain') This causes mail being sent to be labeled as coming from the indicated host.domain, rather than $j. One normally masquerades as one of one's own subdomains (for example, it's unlikely that Berkeley would choose to masquerade as an MIT site). This behaviour is modified by a plethora of FEATUREs; in particular, see masquerade_envelope, allmasquerade, limited_masquerade, and masquerade_entire_domain. The masquerade name is not normally canonified, so it is important that it be your One True Name, that is, fully qualified and not a CNAME. However, if you use a CNAME, the receiving side may canonify it for you, so don't think you can cheat CNAME mapping this way. Normally the only addresses that are masqueraded are those that come from this host (that is, are either unqualified or in class {w}, the list of local domain names). You can augment this list, which is realized by class {M} using MASQUERADE_DOMAIN(`otherhost.domain') The effect of this is that although mail to user@otherhost.domain will not be delivered locally, any mail including any user@otherhost.domain will, when relayed, be rewritten to have the MASQUERADE_AS address. This can be a space-separated list of names. If these names are in a file, you can use MASQUERADE_DOMAIN_FILE(`filename') to read the list of names from the indicated file (i.e., to add elements to class {M}). To exempt hosts or subdomains from being masqueraded, you can use MASQUERADE_EXCEPTION(`host.domain') This can come handy if you want to masquerade a whole domain except for one (or a few) host(s). Normally only header addresses are masqueraded. If you want to masquerade the envelope as well, use FEATURE(`masquerade_envelope') There are always users that need to be "exposed" -- that is, their internal site name should be displayed instead of the masquerade name. Root is an example (which has been "exposed" by default prior to 8.10). You can add users to this list using EXPOSED_USER(`usernames') This adds users to class {E}; you could also use something like FE/etc/mail/exposed-users You can also arrange to relay all unqualified names (that is, names without @host) to a relay host. For example, if you have a central email server, you might relay to that host so that users don't have to have .forward files or aliases. You can do this using define(`LOCAL_RELAY', `mailer:hostname') The ``mailer:'' can be omitted, in which case the mailer defaults to "relay". There are some user names that you don't want relayed, perhaps because of local aliases. A common example is root, which may be locally aliased. You can add entries to this list using LOCAL_USER(`usernames') This adds users to class {L}; you could also use something like FL/etc/mail/local-users If you want all incoming mail sent to a centralized hub, as for a shared /var/spool/mail scheme, use define(`MAIL_HUB', `mailer:hostname') Again, ``mailer:'' defaults to "relay". If you define both LOCAL_RELAY and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB. Note: there is a (long standing) bug which keeps this combination from working for addresses of the form user+detail. Names in class {L} will be delivered locally, so you MUST have aliases or .forward files for them. For example, if you are on machine mastodon.CS.Berkeley.EDU and you have FEATURE(`stickyhost'), the following combinations of settings will have the indicated effects: email sent to.... eric eric@mastodon.CS.Berkeley.EDU LOCAL_RELAY set to mail.CS.Berkeley.EDU (delivered locally) mail.CS.Berkeley.EDU (no local aliasing) (aliasing done) MAIL_HUB set to mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU (aliasing done) (aliasing done) Both LOCAL_RELAY and mail.CS.Berkeley.EDU mammoth.CS.Berkeley.EDU MAIL_HUB set as above (no local aliasing) (aliasing done) If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and MAIL_HUB act identically, with MAIL_HUB taking precedence. If you want all outgoing mail to go to a central relay site, define SMART_HOST as well. Briefly: LOCAL_RELAY applies to unqualified names (e.g., "eric"). MAIL_HUB applies to names qualified with the name of the local host (e.g., "eric@mastodon.CS.Berkeley.EDU"). SMART_HOST applies to names qualified with other hosts or bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU" or "eric@[127.0.0.1]"). However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY, DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you really want absolutely everything to go to a single central site you will need to unset all the other relays -- or better yet, find or build a minimal config file that does this. For duplicate suppression to work properly, the host name is best specified with a terminal dot: define(`MAIL_HUB', `host.domain.') note the trailing dot ---^ +--------------+ | LDAP ROUTING | +--------------+ FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft LDAP Schema for Intranet Mail Routing (draft-lachman-laser-ldap-mail-routing-01). This feature enables LDAP-based rerouting of a particular address to either a different host or a different address. The LDAP lookup is first attempted on the full address (e.g., user@example.com) and then on the domain portion (e.g., @example.com). Be sure to setup your domain for LDAP routing using LDAPROUTE_DOMAIN(), e.g.: LDAPROUTE_DOMAIN(`example.com') By default, the feature will use the schemas as specified in the draft and will not reject addresses not found by the LDAP lookup. However, this behavior can be changed by giving additional arguments to the FEATURE() command: FEATURE(`ldap_routing', , , ) where is a map definition describing how to lookup an alternative mail host for a particular address; is a map definition describing how to lookup an alternative address for a particular address; and the argument, if present and not the word "passthru", dictates that mail should be bounced if neither a mailHost nor mailRoutingAddress is found. The default map definition is: ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0)) The default map definition is: ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0)) Note that neither includes the LDAP server hostname (-h server) or base DN (-b o=org,c=COUNTRY), both necessary for LDAP queries. It is presumed that your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with these settings. If this is not the case, the map definitions should be changed as described above. The following possibilities exist as a result of an LDAP lookup on an address: mailHost is mailRoutingAddress is Results in ----------- --------------------- ---------- set to a set mail delivered to "local" host mailRoutingAddress set to a not set delivered to "local" host original address set to a set mailRoutingAddress remote host relayed to mailHost set to a not set original address remote host relayed to mailHost not set set mail delivered to mailRoutingAddress not set not set delivered to original address *OR* bounced as unknown user The term "local" host above means the host specified is in class {w}. Note that the last case depends on whether the third argument is given to the FEATURE() command. The default is to deliver the message to the original address. The LDAP entries should be set up with an objectClass of inetLocalMailRecipient and the address be listed in a mailLocalAddress attribute. If present, there must be only one mailHost attribute and it must contain a fully qualified host name as its value. Similarly, if present, there must be only one mailRoutingAddress attribute and it must contain an RFC 822 compliant address. Some example LDAP records (in ldif format): dn: uid=tom, o=example.com, c=US objectClass: inetLocalMailRecipient mailLocalAddress: tom@example.com mailRoutingAddress: thomas@mailhost.example.com This would deliver mail for tom@example.com to thomas@mailhost.example.com. dn: uid=dick, o=example.com, c=US objectClass: inetLocalMailRecipient mailLocalAddress: dick@example.com mailHost: eng.example.com This would relay mail for dick@example.com to the same address but redirect the mail to MX records listed for the host eng.example.com. dn: uid=harry, o=example.com, c=US objectClass: inetLocalMailRecipient mailLocalAddress: harry@example.com mailHost: mktmail.example.com mailRoutingAddress: harry@mkt.example.com This would relay mail for harry@example.com to the MX records listed for the host mktmail.example.com using the new address harry@mkt.example.com when talking to that host. dn: uid=virtual.example.com, o=example.com, c=US objectClass: inetLocalMailRecipient mailLocalAddress: @virtual.example.com mailHost: server.example.com mailRoutingAddress: virtual@example.com This would send all mail destined for any username @virtual.example.com to the machine server.example.com's MX servers and deliver to the address virtual@example.com on that relay machine. +---------------------------------+ | ANTI-SPAM CONFIGURATION CONTROL | +---------------------------------+ The primary anti-spam features available in sendmail are: * Relaying is denied by default. * Better checking on sender information. * Access database. * Header checks. Relaying (transmission of messages from a site outside your host (class {w}) to another site except yours) is denied by default. Note that this changed in sendmail 8.9; previous versions allowed relaying by default. If you really want to revert to the old behaviour, you will need to use FEATURE(`promiscuous_relay'). You can allow certain domains to relay through your server by adding their domain name or IP address to class {R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database (described below). The file consists (like any other file based class) of entries listed on separate lines, e.g., sendmail.org 128.32 1:2:3:4:5:6:7 host.mydomain.com If you use FEATURE(`relay_entire_domain') then any host in any of your local domains (that is, class {m}) will be relayed (that is, you will accept mail either to or from any host in your domain). You can also allow relaying based on the MX records of the host portion of an incoming recipient address by using FEATURE(`relay_based_on_MX') For example, if your server receives a recipient of user@domain.com and domain.com lists your server in its MX records, the mail will be accepted for relay to domain.com. Note that this will stop spammers from using your host to relay spam but it will not stop outsiders from using your server as a relay for their site (that is, they set up an MX record pointing to your mail server, and you will relay mail addressed to them without any prior arrangement). Along the same lines, FEATURE(`relay_local_from') will allow relaying if the sender specifies a return path (i.e. MAIL FROM: ) domain which is a local domain. This a dangerous feature as it will allow spammers to spam using your mail server by simply specifying a return address of user@your.domain.com. It should not be used unless absolutely necessary. A slightly better solution is FEATURE(`relay_mail_from') which allows relaying if the mail sender is listed as RELAY in the access map. If an optional argument `domain' is given, the domain portion of the mail sender is also checked to allowing relaying. This option only works together with the tag From: for the LHS of the access map entries (see below: Finer control...). If source routing is used in the recipient address (i.e. RCPT TO: ), sendmail will check user@site.com for relaying if othersite.com is an allowed relay host in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used, or the access database if FEATURE(`access_db') is used. To prevent the address from being stripped down, use: FEATURE(`loose_relay_check') If you think you need to use this feature, you probably do not. This should only be used for sites which have no control over the addresses that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. NOTICE: It is possible to relay mail through a system which the anti-relay rules do not prevent: the case of a system that does use FEATURE(`nouucp', `nospecial') (system A) and relays local messages to a mail hub (e.g., via LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use FEATURE(`nouucp') at all, addresses of the form would be relayed to . System A doesn't recognize `!' as an address separator and therefore forwards it to the mail hub which in turns relays it because it came from a trusted local host. So if a mailserver allows UUCP (bang-format) addresses, all systems from which it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, or special case rules in ruleset 3 cannot locate). If you want to continue to accept such domains, e.g., because you are inside a firewall that has only a limited view of the Internet host name space (note that you will not be able to return mail to them unless you have some "smart host" forwarder), use FEATURE(`accept_unresolvable_domains') sendmail will also refuse mail if the MAIL FROM: parameter is not fully qualified (i.e., contains a domain as well as a user). If you want to continue to accept such senders, use FEATURE(`accept_unqualified_senders') Setting the DaemonPortOptions modifier 'u' overrides the default behavior, i.e., unqualified addresses are accepted even without this FEATURE. If this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used to enforce fully qualified addresses. An ``access'' database can be created to accept or reject mail from selected domains. For example, you may choose to reject all mail originating from known spammers. To enable such a database, use FEATURE(`access_db') The FEATURE macro can accept a second parameter giving the key file definition for the database; for example FEATURE(`access_db', `hash /etc/mail/access') Remember, since /etc/mail/access is a database, after creating the text file as described below, you must use makemap to create the database map. For example: makemap hash /etc/mail/access < /etc/mail/access The table itself uses e-mail addresses, domain names, and network numbers as keys. For example, spammer@aol.com REJECT cyberspammer.com REJECT 192.168.212 REJECT would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), and any host on the 192.168.212.* network. The value part of the map can contain: OK Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable. RELAY Accept mail addressed to the indicated domain or received from the indicated domain for relaying through your SMTP server. RELAY also serves as an implicit OK for the other checks. REJECT Reject the sender or recipient with a general purpose message. DISCARD Discard the message completely using the - $#discard mailer. For sender addresses it - indicates that you should discard anything - received from the indicated domain. If it - is used for recipients, it affects only - the designated recipients, not the whole - message. + $#discard mailer. If it is used in check_compat, + it affects only the designated recipient, not + the whole message as it does in all other cases. + This should only be used if really necessary. ### any text where ### is an RFC 821 compliant error code and "any text" is a message to return for the command. The string should be quoted to avoid surprises, e.g., sendmail may remove spaces otherwise. ERROR:### any text as above, but useful to mark error messages as such. ERROR:D.S.N:### any text where D.S.N is an RFC 1893 compliant error code and the rest as above. For example: cyberspammer.com ERROR:"550 We don't accept mail from spammers" okay.cyberspammer.com OK sendmail.org RELAY 128.32 RELAY 1:2:3:4:5:6:7 RELAY [127.0.0.3] OK [1:2:3:4:5:6:7:8] OK would accept mail from okay.cyberspammer.com, but would reject mail from all other hosts at cyberspammer.com with the indicated message. It would allow relaying mail from and to any hosts in the sendmail.org domain, and allow relaying from the 128.32.*.* network and the IPv6 1:2:3:4:5:6:7:* network. The latter two entries are for checks against ${client_name} if the IP address doesn't resolve to a hostname (or is considered as "may be forged"). Warning: if you change the RFC 821 compliant error code from the default value of 550, then you should probably also change the RFC 1893 compliant error code to match it. For example, if you use user@example.com 450 mailbox full the error returned would be "450 4.0.0 mailbox full" which is wrong. Use "450 4.2.2 mailbox full" or "ERROR:4.2.2:450 mailbox full" instead. Note, UUCP users may need to add hostname.UUCP to the access database or class {R}. If you also use: FEATURE(`relay_hosts_only') then the above example will allow relaying for sendmail.org, but not hosts within the sendmail.org domain. Note that this will also require hosts listed in class {R} to be fully qualified host names. You can also use the access database to block sender addresses based on the username portion of the address. For example: FREE.STEALTH.MAILER@ ERROR:550 Spam not accepted Note that you must include the @ after the username to signify that this database entry is for checking only the username portion of the sender address. If you use: FEATURE(`blacklist_recipients') then you can add entries to the map for local users, hosts in your domains, or addresses in your domain which should not receive mail: badlocaluser@ ERROR:550 Mailbox disabled for this username host.mydomain.com ERROR:550 That host does not accept mail user@otherhost.mydomain.com ERROR:550 Mailbox disabled for this recipient This would prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address user@otherhost.mydomain.com from receiving mail. Please note: a local username must be now tagged with an @ (this is consistent with the check of the sender address, and hence it is possible to distinguish between hostnames and usernames). Enabling this feature will keep you from sending mails to all addresses that have an error message or REJECT as value part in the access map. Taking the example from above: spammer@aol.com REJECT cyberspammer.com REJECT Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com. There is also a ``Realtime Blackhole List'' run by the MAPS project at http://maps.vix.com/. This is a database maintained in DNS of spammers. To use this database, use FEATURE(`dnsbl') This will cause sendmail to reject mail from any site in the Realtime Blackhole List database. You can specify an alternative RBL domain to check by specifying an argument to the FEATURE. -A second argument can be used to change the default error message -Mail from $&{client_addr} refused by blackhole site DOMAIN -where DOMAIN is replaced by the first argument. This FEATURE can -be included several times to query different DNS based rejection -lists, e.g., the dial-up user list (see http://maps.vix.com/dul/). +The default error message is + Mail from $&{client_addr} refused by blackhole site DOMAIN + +where DOMAIN is the first argument of the feature. A second argument +can be used to specify a different text. This FEATURE can be +included several times to query different DNS based rejection lists, +e.g., the dial-up user list (see http://maps.vix.com/dul/). + The features described above make use of the check_relay, check_mail, and check_rcpt rulesets. If you wish to include your own checks, you can put your checks in the rulesets Local_check_relay, Local_check_mail, and Local_check_rcpt. For example if you wanted to block senders with all numeric usernames (i.e. 2312343@bigisp.com), you would use Local_check_mail and the new regex map: LOCAL_CONFIG Kallnumbers regex -a@MATCH ^[0-9]+$ LOCAL_RULESETS SLocal_check_mail # check address against various regex checks R$* $: $>Parse0 $>3 $1 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) R@MATCH $#error $: 553 Header Error These rules are called with the original arguments of the corresponding check_* ruleset. If the local ruleset returns $#OK, no further checking is done by the features described above and the mail is accepted. If the local ruleset resolves to a mailer (such as $#error or $#discard), the appropriate action is taken. Otherwise, the results of the local rewriting are ignored. Finer control by using tags for the LHS of the access map Read this section only if the options listed so far are not sufficient for your purposes. There is now the option to tag entries in the access map according to their type. Three tags are available: Connect: connection information (${client_addr}, ${client_name}) From: sender To: recipient If the required item is looked up in a map, it will be tried first with the corresponding tag in front, then (as fallback to enable backward compatibility) without any tag. For example, From:spammer@some.dom REJECT To:friend.domain RELAY Connect:friend.domain OK Connect:from.domain RELAY From:good@another.dom OK From:another.dom REJECT This would deny mails from spammer@some.dom but you could still send mail to that address even if FEATURE(`blacklist_recipients') is enabled. Your system will allow relaying to friend.domain, but not from it (unless enabled by other means). Connections from that domain will be allowed even if it ends up in one of the DNS based rejection lists. Relaying is enabled from from.domain but not to it (since relaying is based on the connection information for outgoing relaying, the tag Connect: must be used; for incoming relaying, which is based on the recipient address, To: must be used). The last two entries allow mails from good@another.dom but reject mail from all other addresses with another.dom as domain part. Delay all checks By using FEATURE(`delay_checks') the rulesets check_mail and check_relay will not be called when a client connects or issues a MAIL command, respectively. Instead, those rulesets will be called by the check_rcpt ruleset; they will be skipped if a sender has been authenticated using a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). If check_mail returns an error then the RCPT TO command will be rejected with that error. If it returns some other result starting with $# then check_relay will be skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay will be skipped. This has an interesting side effect: if your domain is my.domain and you have my.domain RELAY in the access map, then all e-mail with a sender address of gets through, even if check_relay would reject it (e.g., based on the hostname or IP address). This allows spammers to get around DNS based blacklist by faking the sender address. To avoid this problem you have to use tagged entries: To:my.domain RELAY Connect:my.domain RELAY if you need those entries at all (class {R} may take care of them). FEATURE(`delay_checks') can take an optional argument: FEATURE(`delay_checks', `friend') enables spamfriend test FEATURE(`delay_checks', `hater') enables spamhater test If such an argument is given, the recipient will be looked up in the access map (using the tag To:). If the argument is `friend', then the other rulesets will be skipped if the recipient address is found and has RHS spamfriend. If the argument is `hater', then the other rulesets will be applied if the recipient address is found and has RHS spamhater. This allows for simple exceptions from the tests, e.g., by activating the spamfriend option and having To:abuse@ SPAMFRIEND in the access map, mail to abuse@localdomain will get through. It is also possible to specify a full address or an address with +detail: To:abuse@abuse.my.domain SPAMFRIEND To:me+abuse@ SPAMFRIEND Header Checks You can also reject mail on the basis of the contents of headers. This is done by adding a ruleset call to the 'H' header definition command in sendmail.cf. For example, this can be used to check the validity of a Message-ID: header: LOCAL_RULESETS HMessage-Id: $>CheckMessageId SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error The alternative format: HSubject: $>+CheckSubject that is, $>+ instead of $>, gives the full Subject: header including comments to the ruleset (comments in parentheses () are stripped by default). A default ruleset for headers which don't have a specific ruleset defined for them can be given by: H*: $>CheckHdr After all of the headers are read, the check_eoh ruleset will be called for any final header-related checks. The ruleset is called with the number of headers and the size of all of the headers in bytes separated by $|. One example usage is to reject messages which do not have a Message-Id: header. However, the Message-Id: header is *NOT* a required header and is not a guaranteed spam indicator. This ruleset is an example and should probably not be used in production. LOCAL_CONFIG Kstorage macro LOCAL_RULESETS HMessage-Id: $>CheckMessageId SCheckMessageId # Record the presence of the header R$* $: $(storage {MessageIdCheck} $@ OK $) $1 R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error Scheck_eoh # Check the macro R$* $: < $&{MessageIdCheck} > # Clear the macro for the next message R$* $: $(storage {MessageIdCheck} $) $1 # Has a Message-Id: header R< $+ > $@ OK # Allow missing Message-Id: from local mail R$* $: < $&{client_name} > R< > $@ OK R< $=w > $@ OK # Otherwise, reject the mail R$* $#error $: 553 Header Error +----------+ | STARTTLS | +----------+ In this text, cert will be used as an abreviation for X.509 certificate, DN is the distinguished name of a cert, and CA is a certification authority. Macros related to STARTTLS are: ${cert_issuer} holds the DN of the CA (the cert issuer). ${cert_subject} holds the DN of the cert (called the cert subject). ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2. ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. ${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm used for the connection. ${verify} holds the result of the verification of the presented cert. Possible values are: OK verification succeeded. NO no cert presented. FAIL cert presented but could not be verified, e.g., the signing CA is missing. NONE STARTTLS has not been performed. TEMP temporary error occurred. PROTOCOL some protocol error occurred. SOFTWARE STARTTLS handshake failed. ${server_name} the name of the server of the current outgoing SMTP connection. ${server_addr} the address of the server of the current outgoing SMTP connection. Relaying SMTP STARTTLS can allow relaying for senders who have successfully authenticated themselves. This is done in the ruleset RelayAuth. If the verification of the cert failed (${verify} != OK), relaying is subject to the usual rules. Otherwise the DN of the issuer is looked up in the access map using the tag CERTISSUER. If the resulting value is RELAY, relaying is allowed. If it is SUBJECT, the DN of the cert subject is looked up next in the access map. using the tag CERTSUBJECT. If the value is RELAY, relaying is allowed. To make things a bit more flexible (or complicated), the values for ${cert_issuer} and ${cert_subject} can be optionally modified by regular expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and _CERT_REGEX_SUBJECT_, respectively. To avoid problems with those macros in rulesets and map lookups, they are modified as follows: each non-printable character and the characters '<', '>', '(', ')', '"', '+' are replaced by their HEX value with a leading '+'. For example: /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email= darth+cert@endmail.org is encoded as: /C=US/ST=California/O=endmail.org/OU=private/CN= Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org (line breaks have been inserted for readability). Of course it is also possible to write a simple rulesets that allows relaying for everyone who can present a cert that can be verified, e.g., LOCAL_RULESETS SLocal_check_rcpt R$* $: $&{verify} ROK $# OK Allowing Connections The rulesets tls_server and tls_client are used to decide whether an SMTP connection is accepted (or should continue). tls_server is called when sendmail acts as client after a STARTTLS command (should) have been issued. The parameter is the value of ${verify}. tls_client is called when sendmail acts as server, after a STARTTLS command has been issued, and from check_mail. The parameter is the value of ${verify} and STARTTLS or MAIL, respectively. Both rulesets behave the same. If no access map is in use, the connection will be accepted unless ${verify} is SOFTWARE, in which case the connection is always aborted. Otherwise, ${client_name} (${server_name}) is looked up in the access map using the tag TLS_Srv (or TLS_Clt), which is done with the ruleset LookUpDomain. If no entry is found, ${client_addr} (${server_addr}) is looked up in the access map (same tag, ruleset LookUpAddr). If this doesn't result in an entry either, just the tag is looked up in the access map (included the trailing :). The result of the lookups is then used to call the ruleset tls_connection, which checks the requirement specified by the RHS in the access map against the actual parameters of the current TLS connection, esp. ${verify} and ${cipher_bits}. Legal RHSs in the access map are: VERIFY verification must have succeeded VERIFY:bits verification must have succeeded and ${cipher_bits} must be greater than or equal bits. ENCR:bits ${cipher_bits} must be greater than or equal bits. The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary or permanent error. The default is a temporary error code (403 4.7.0) unless the macro TLS_PERM_ERR is set during generation of the .cf file. If a certain level of encryption is required, then it might also be possible that this level is provided by the security layer from a SASL algorithm, e.g., DIGEST-MD5. Example: e-mail send to secure.example.com should only use an encrypted connection. e-mail received from hosts within the laptop.example.com domain should only be accepted if they have been authenticated. TLS_Srv:secure.example.com ENCR:112 TLS_Clt:laptop.example.com PERM+VERIFY:112 Received: Header The Received: header reveals whether STARTTLS has been used. It contains an extra line: (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify}) +---------------------+ | SMTP AUTHENTICATION | +---------------------+ The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be used in anti-relay rulesets to allow relaying for those users that authenticated themselves. A very simple example is: SLocal_check_rcpt R$* $: $&{auth_type} R$+ $# OK which checks whether a user has successfully authenticated using any available mechanism. Depending on the setup of the CYRUS SASL library, more sophisticated rulesets might be required, e.g., SLocal_check_rcpt R$* $: $&{auth_type} $| $&{auth_authen} RDIGEST-MD5 $| $+@$=w $# OK to allow relaying for users that authenticated using DIGEST-MD5 and have an identity in the local domains. The ruleset Strust_auth is used to determine whether a given AUTH= parameter (that is passed to this ruleset) should be trusted. This ruleset may make use of the other ${auth_*} macros. Only if the ruleset resolves to the error mailer, the AUTH= parameter is not trusted. A user supplied ruleset Local_trust_auth can be written to modify the default behavior, which only trust the AUTH= parameter if it is identical to the authenticated user. Per default, relaying is allowed for any user who authenticated via a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(`list of mechanisms') +For example: +TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5') If the selected mechanism provides a security layer the number of bits used for the key of the symmetric cipher is stored in the macro ${auth_ssf}. +--------------------------------+ | ADDING NEW MAILERS OR RULESETS | +--------------------------------+ Sometimes you may need to add entirely new mailers or rulesets. They should be introduced with the constructs MAILER_DEFINITIONS and LOCAL_RULESETS respectively. For example: MAILER_DEFINITIONS Mmymailer, ... ... LOCAL_RULESETS Smyruleset ... #if _FFR_MILTER -+---------------------------+ -| ADDING NEW MAILER FILTERS | -+---------------------------+ ++-------------------------+ +| ADDING NEW MAIL FILTERS | ++-------------------------+ Sendmail supports mail filters to filter incoming SMTP messages according to the "Sendmail Mail Filter API" documentation. These filters can be configured in your mc file using the two commands: MAIL_FILTER(`name', `equates') INPUT_MAIL_FILTER(`name', `equates') The first command, MAIL_FILTER(), simply defines a filter with the given name and equates. For example: MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') This creates the equivalent sendmail.cf entry: Xarchive, S=local:/var/run/archivesock, F=R The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name of the filter such that the filter will actually be called by sendmail. For example, the two commands: INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') are equivalent to the three commands: MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R') MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T') define(`confINPUT_MAIL_FILTERS', `archive, spamcheck') In general, INPUT_MAIL_FILTER() should be used unless you need to define more filters than you want to use for `confINPUT_MAIL_FILTERS'. Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER() commands will clear the list created by the prior INPUT_MAIL_FILTER() commands. #endif /* _FFR_MILTER */ +-------------------------------+ | NON-SMTP BASED CONFIGURATIONS | +-------------------------------+ These configuration files are designed primarily for use by SMTP-based sites. They may not be well tuned for UUCP-only or UUCP-primarily nodes (the latter is defined as a small local net connected to the rest of the world via UUCP). However, there is one hook to handle some special cases. You can define a ``smart host'' that understands a richer address syntax using: define(`SMART_HOST', `mailer:hostname') In this case, the ``mailer:'' defaults to "relay". Any messages that can't be handled using the usual UUCP rules are passed to this host. If you are on a local SMTP-based net that connects to the outside world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules. For example: define(`SMART_HOST', `uucp-new:uunet') LOCAL_NET_CONFIG R$* < @ $* .$m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 This will cause all names that end in your domain name ($m) via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet. If you have FEATURE(`nocanonify'), you may need to omit the dots after the $m. If you are running a local DNS inside your domain which is not otherwise connected to the outside world, you probably want to use: define(`SMART_HOST', `smtp:fire.wall.com') LOCAL_NET_CONFIG R$* < @ $* . > $* $#smtp $@ $2. $: $1 < @ $2. > $3 That is, send directly only to things you found in your DNS lookup; anything else goes through SMART_HOST. You may need to turn off the anti-spam rules in order to accept UUCP mail with FEATURE(`promiscuous_relay') and FEATURE(`accept_unresolvable_domains'). +-----------+ | WHO AM I? | +-----------+ Normally, the $j macro is automatically defined to be your fully qualified domain name (FQDN). Sendmail does this by getting your host name using gethostname and then calling gethostbyname on the result. For example, in some environments gethostname returns only the root of the host name (such as "foo"); gethostbyname is supposed to return the FQDN ("foo.bar.com"). In some (fairly rare) cases, gethostbyname may fail to return the FQDN. In this case you MUST define confDOMAIN_NAME to be your fully qualified domain name. This is usually done using: Dmbar.com define(`confDOMAIN_NAME', `$w.$m')dnl +-----------------------------------+ | ACCEPTING MAIL FOR MULTIPLE NAMES | +-----------------------------------+ If your host is known by several different names, you need to augment class {w}. This is a list of names by which your host is known, and anything sent to an address using a host name in this list will be treated as local mail. You can do this in two ways: either create the file /etc/mail/local-host-names containing a list of your aliases (one per line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add ``LOCAL_DOMAIN(`alias.host.name')''. Be sure you use the fully-qualified name of the host, rather than a short name. If you want to have different address in different domains, take a look at the virtusertable feature, which is also explained at http://www.sendmail.org/virtual-hosting.html +--------------------+ | USING MAILERTABLES | +--------------------+ To use FEATURE(`mailertable'), you will have to create an external database containing the routing information for various domains. For example, a mailertable file in text format might be: .my.domain xnet:%1.my.domain uuhost1.my.domain uucp-new:uuhost1 .bitnet smtp:relay.bit.net This should normally be stored in /etc/mail/mailertable. The actual database version of the mailertable is built using: makemap hash /etc/mail/mailertable < /etc/mail/mailertable The semantics are simple. Any LHS entry that does not begin with a dot matches the full host name indicated. LHS entries beginning with a dot match anything ending with that domain name (including the leading dot) -- that is, they can be thought of as having a leading ".+" regular expression pattern for a non-empty sequence of characters. Matching is done in order of most-to-least qualified -- for example, even though ".my.domain" is listed first in the above example, an entry of "uuhost1.my.domain" will match the second entry since it is more explicit. Note: e-mail to "user@my.domain" does not match any entry in the above table. You need to have something like: my.domain esmtp:host.my.domain The RHS should always be a "mailer:host" pair. The mailer is the configuration name of a mailer (that is, an {M} line in the sendmail.cf file). The "host" will be the hostname passed to that mailer. In domain-based matches (that is, those with leading dots) the "%1" may be used to interpolate the wildcarded part of the host name. For example, the first line above sends everything addressed to "anything.my.domain" to that same host name, but using the (presumably experimental) xnet mailer. In some cases you may want to temporarily turn off MX records, particularly on gateways. For example, you may want to MX everything in a domain to one machine that then forwards it directly. To do this, you might use the DNS configuration: *.domain. IN MX 0 relay.machine and on relay.machine use the mailertable: .domain smtp:[gateway.domain] The [square brackets] turn off MX records for this host only. If you didn't do this, the mailertable would use the MX record again, which would give you an MX loop. +--------------------------------+ | USING USERDB TO MAP FULL NAMES | +--------------------------------+ The user database was not originally intended for mapping full names to login names (e.g., Eric.Allman => eric), but some people are using it that way. (it is recommended that you set up aliases for this purpose instead -- since you can specify multiple alias files, this is fairly easy.) The intent was to locate the default maildrop at a site, but allow you to override this by sending to a specific host. If you decide to set up the user database in this fashion, it is imperative that you not use FEATURE(`stickyhost') -- otherwise, e-mail sent to Full.Name@local.host.name will be rejected. To build the internal form of the user database, use: makemap btree /etc/mail/userdb < /etc/mail/userdb.txt As a general rule, it is an extremely bad idea to using full names as e-mail addresses, since they are not in any sense unique. For example, the UNIX software-development community has at least two well-known Peter Deutsches, and at one time Bell Labs had two Stephen R. Bournes with offices along the same hallway. Which one will be forced to suffer the indignity of being Stephen_R_Bourne_2? The less famous of the two, or the one that was hired later? Finger should handle full names (and be fuzzy). Mail should use handles, and not be fuzzy. +--------------------------------+ | MISCELLANEOUS SPECIAL FEATURES | +--------------------------------+ Plussed users Sometimes it is convenient to merge configuration on a centralized mail machine, for example, to forward all root mail to a mail server. In this case it might be useful to be able to treat the root addresses as a class of addresses with subtle differences. You can do this using plussed users. For example, a client might include the alias: root: root+client1@server On the server, this will match an alias for "root+client1". If that is not found, the alias "root+*" will be tried, then "root". +----------------+ | SECURITY NOTES | +----------------+ A lot of sendmail security comes down to you. Sendmail 8 is much more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular: * Make sure the aliases file isn't writable except by trusted system personnel. This includes both the text and database version. * Make sure that other files that sendmail reads, such as the mailertable, are only writable by trusted system personnel. * The queue directory should not be world writable PARTICULARLY if your system allows "file giveaways" (that is, if a non-root user can chown any file they own to any other user). * If your system allows file giveaways, DO NOT create a publically writable directory for forward files. This will allow anyone to steal anyone else's e-mail. Instead, create a script that copies the .forward file from users' home directories once a night (if you want the non-NFS-mounted forward directory). * If your system allows file giveaways, you'll find that sendmail is much less trusting of :include: files -- in particular, you'll have to have /SENDMAIL/ANY/SHELL/ in /etc/shells before they will be trusted (that is, before files and programs listed in them will be honored). In general, file giveaways are a mistake -- if you can turn them off, do so. +--------------------------------+ | TWEAKING CONFIGURATION OPTIONS | +--------------------------------+ There are a large number of configuration options that don't normally need to be changed. However, if you feel you need to tweak them, you can define the following M4 variables. This list is shown in four columns: the name you define, the default value for that definition, the option or macro that is affected (either Ox for an option or Dx for a macro), and a brief description. Greater detail of the semantics can be found in the Installation and Operations Guide. Some options are likely to be deprecated in future versions -- that is, the option is only included to provide back-compatibility. These are marked with "*". Remember that these options are M4 variables, and hence may need to be quoted. In particular, arguments with commas will usually have to be ``double quoted, like this phrase'' to avoid having the comma confuse things. This is common for alias file definitions and for the read timeout. M4 Variable Name Configuration Description & [Default] ================ ============= ======================= confMAILER_NAME $n macro [MAILER-DAEMON] The sender name used for internally generated outgoing messages. confDOMAIN_NAME $j macro If defined, sets $j. This should only be done if your system cannot determine your local domain name, and then it should be set to $w.Foo.COM, where Foo.COM is your domain name. confCF_VERSION $Z macro If defined, this is appended to the configuration version name. confFROM_HEADER From: [$?x$x <$g>$|$g$.] The format of an internally generated From: address. confRECEIVED_HEADER Received: [$?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u; $|; $.$b] The format of the Received: header in messages passed through this host. It is unwise to try to change this. confCW_FILE Fw class [/etc/mail/local-host-names] Name of file used to get the local additions to class {w} (local host names). confCT_FILE Ft class [/etc/mail/trusted-users] Name of file used to get the local additions to class {t} (trusted users). confCR_FILE FR class [/etc/mail/relay-domains] Name of file used to get the local additions to class {R} (hosts allowed to relay). confTRUSTED_USERS Ct class [no default] Names of users to add to the list of trusted users. This list always includes root, uucp, and daemon. See also FEATURE(`use_ct_file'). confTRUSTED_USER TrustedUser [no default] Trusted user for file ownership and starting the daemon. Not to be confused with confTRUSTED_USERS (see above). confSMTP_MAILER - [esmtp] The mailer name used when SMTP connectivity is required. One of "smtp", "smtp8", "esmtp", or "dsmtp". confUUCP_MAILER - [uucp-old] The mailer to be used by default for bang-format recipient addresses. See also discussion of class {U}, class {Y}, and class {Z} in the MAILER(`uucp') section. confLOCAL_MAILER - [local] The mailer name used when local connectivity is required. Almost always "local". confRELAY_MAILER - [relay] The default mailer name used for relaying any mail (e.g., to a BITNET_RELAY, a SMART_HOST, or whatever). This can reasonably be "uucp-new" if you are on a UUCP-connected site. confSEVEN_BIT_INPUT SevenBitInput [False] Force input to seven bits? confEIGHT_BIT_HANDLING EightBitMode [pass8] 8-bit data handling confALIAS_WAIT AliasWait [10m] Time to wait for alias file rebuild until you get bored and decide that the apparently pending rebuild failed. confMIN_FREE_BLOCKS MinFreeBlocks [100] Minimum number of free blocks on queue filesystem to accept SMTP mail. (Prior to 8.7 this was minfree/maxsize, where minfree was the number of free blocks and maxsize was the maximum message size. Use confMAX_MESSAGE_SIZE for the second value now.) confMAX_MESSAGE_SIZE MaxMessageSize [infinite] The maximum size of messages that will be accepted (in bytes). confBLANK_SUB BlankSub [.] Blank (space) substitution character. confCON_EXPENSIVE HoldExpensive [False] Avoid connecting immediately to mailers marked expensive. confCHECKPOINT_INTERVAL CheckpointInterval [10] Checkpoint queue files every N recipients. confDELIVERY_MODE DeliveryMode [background] Default delivery mode. confAUTO_REBUILD AutoRebuildAliases [False] Automatically rebuild alias file if needed. There is a potential for a denial of service attack if this is set. This option is deprecated and will be removed from a future version. confERROR_MODE ErrorMode [print] Error message mode. confERROR_MESSAGE ErrorHeader [undefined] Error message header/file. confSAVE_FROM_LINES SaveFromLine Save extra leading From_ lines. confTEMP_FILE_MODE TempFileMode [0600] Temporary file mode. confMATCH_GECOS MatchGECOS [False] Match GECOS field. confMAX_HOP MaxHopCount [25] Maximum hop count. confIGNORE_DOTS* IgnoreDots [False; always False in -bs or -bd mode] Ignore dot as terminator for incoming messages? confBIND_OPTS ResolverOptions [undefined] Default options for DNS resolver. confMIME_FORMAT_ERRORS* SendMimeErrors [True] Send error messages as MIME- encapsulated messages per RFC 1344. confFORWARD_PATH ForwardPath [$z/.forward.$w:$z/.forward] The colon-separated list of places to search for .forward files. N.B.: see the Security Notes section. confMCI_CACHE_SIZE ConnectionCacheSize [2] Size of open connection cache. confMCI_CACHE_TIMEOUT ConnectionCacheTimeout [5m] Open connection cache timeout. confHOST_STATUS_DIRECTORY HostStatusDirectory [undefined] If set, host status is kept on disk between sendmail runs in the named directory tree. This need not be a full pathname, in which case it is interpreted relative to the queue directory. confSINGLE_THREAD_DELIVERY SingleThreadDelivery [False] If this option and the HostStatusDirectory option are both set, single thread deliveries to other hosts. That is, don't allow any two sendmails on this host to connect simultaneously to any other single host. This can slow down delivery in some cases, in particular since a cached but otherwise idle connection to a host will prevent other sendmails from connecting to the other host. confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to deliver error messages. This should not be necessary because of general acceptance of the envelope/header distinction. confLOG_LEVEL LogLevel [9] Log level. confME_TOO MeToo [True] Include sender in group expansions. This option is deprecated and will be removed from a future version. confCHECK_ALIASES CheckAliases [False] Check RHS of aliases when running newaliases. Since this does DNS lookups on every address, it can slow down the alias rebuild process considerably on large alias files. confOLD_STYLE_HEADERS* OldStyleHeaders [True] Assume that headers without special chars are old style. confCLIENT_OPTIONS ClientPortOptions [none] Options for outgoing SMTP client connections. confPRIVACY_FLAGS PrivacyOptions [authwarnings] Privacy flags. confCOPY_ERRORS_TO PostmasterCopy [undefined] Address for additional copies of all error messages. confQUEUE_FACTOR QueueFactor [600000] Slope of queue-only function. confDONT_PRUNE_ROUTES DontPruneRoutes [False] Don't prune down route-addr syntax addresses to the minimum possible. confSAFE_QUEUE* SuperSafe [True] Commit all messages to disk before forking. confTO_INITIAL Timeout.initial [5m] The timeout waiting for a response on the initial connect. confTO_CONNECT Timeout.connect [0] The timeout waiting for an initial connect() to complete. This can only shorten connection timeouts; the kernel silently enforces an absolute maximum (which varies depending on the system). confTO_ICONNECT Timeout.iconnect [undefined] Like Timeout.connect, but applies only to the very first attempt to connect to a host in a message. This allows a single very fast pass followed by more careful delivery attempts in the future. confTO_HELO Timeout.helo [5m] The timeout waiting for a response to a HELO or EHLO command. confTO_MAIL Timeout.mail [10m] The timeout waiting for a response to the MAIL command. confTO_RCPT Timeout.rcpt [1h] The timeout waiting for a response to the RCPT command. confTO_DATAINIT Timeout.datainit [5m] The timeout waiting for a 354 response from the DATA command. confTO_DATABLOCK Timeout.datablock [1h] The timeout waiting for a block during DATA phase. confTO_DATAFINAL Timeout.datafinal [1h] The timeout waiting for a response to the final "." that terminates a message. confTO_RSET Timeout.rset [5m] The timeout waiting for a response to the RSET command. confTO_QUIT Timeout.quit [2m] The timeout waiting for a response to the QUIT command. confTO_MISC Timeout.misc [2m] The timeout waiting for a response to other SMTP commands. confTO_COMMAND Timeout.command [1h] In server SMTP, the timeout waiting for a command to be issued. confTO_IDENT Timeout.ident [5s] The timeout waiting for a response to an IDENT query. confTO_FILEOPEN Timeout.fileopen [60s] The timeout waiting for a file (e.g., :include: file) to be opened. confTO_CONTROL Timeout.control [2m] The timeout for a complete control socket transaction to complete. confTO_QUEUERETURN Timeout.queuereturn [5d] The timeout before a message is returned as undeliverable. confTO_QUEUERETURN_NORMAL Timeout.queuereturn.normal [undefined] As above, for normal priority messages. confTO_QUEUERETURN_URGENT Timeout.queuereturn.urgent [undefined] As above, for urgent priority messages. confTO_QUEUERETURN_NONURGENT Timeout.queuereturn.non-urgent [undefined] As above, for non-urgent (low) priority messages. confTO_QUEUEWARN Timeout.queuewarn [4h] The timeout before a warning message is sent to the sender telling them that the message has been deferred. confTO_QUEUEWARN_NORMAL Timeout.queuewarn.normal [undefined] As above, for normal priority messages. confTO_QUEUEWARN_URGENT Timeout.queuewarn.urgent [undefined] As above, for urgent priority messages. confTO_QUEUEWARN_NONURGENT Timeout.queuewarn.non-urgent [undefined] As above, for non-urgent (low) priority messages. confTO_HOSTSTATUS Timeout.hoststatus [30m] How long information about host statuses will be maintained before it is considered stale and the host should be retried. This applies both within a single queue run and to persistent information (see below). confTO_RESOLVER_RETRANS Timeout.resolver.retrans [varies] Sets the resolver's retransmition time interval (in seconds). Sets both Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first [varies] Sets the resolver's retransmition time interval (in seconds) for the first attempt to deliver a message. confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal [varies] Sets the resolver's retransmition time interval (in seconds) for all resolver lookups except the first delivery attempt. confTO_RESOLVER_RETRY Timeout.resolver.retry [varies] Sets the number of times to retransmit a resolver query. Sets both Timeout.resolver.retry.first and Timeout.resolver.retry.normal. confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first [varies] Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal [varies] Sets the number of times to retransmit a resolver query for all resolver lookups except the first delivery attempt. confTIME_ZONE TimeZoneSpec [USE_SYSTEM] Time zone info -- can be USE_SYSTEM to use the system's idea, USE_TZ to use the user's TZ envariable, or something else to force that value. confDEF_USER_ID DefaultUser [1:1] Default user id. confUSERDB_SPEC UserDatabaseSpec [undefined] User database specification. confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX for a host and other arrangements haven't been made, try connecting to the host directly; normally this would be a config error. confQUEUE_LA QueueLA [varies] Load average at which queue-only function kicks in. Default values is (8 * numproc) where numproc is the number of processors online (if that can be determined). confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP connections are refused. Default values is (12 * numproc) where numproc is the number of processors online (if that can be determined). confMAX_ALIAS_RECURSION MaxAliasRecursion [10] Maximum depth of alias recursion. confMAX_DAEMON_CHILDREN MaxDaemonChildren [undefined] The maximum number of children the daemon will permit. After this number, connections will be rejected. If not set or <= 0, there is no limit. confMAX_HEADERS_LENGTH MaxHeadersLength - [undefined] Maximum length of the sum + [32768] Maximum length of the sum of all headers. confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength [undefined] Maximum length of certain MIME header field values. confCONNECTION_RATE_THROTTLE ConnectionRateThrottle [undefined] The maximum number of connections permitted per second. After this many connections are accepted, further connections will be delayed. If not set or <= 0, there is no limit. confWORK_RECIPIENT_FACTOR RecipientFactor [30000] Cost of each recipient. confSEPARATE_PROC ForkEachJob [False] Run all deliveries in a separate process. confWORK_CLASS_FACTOR ClassFactor [1800] Priority multiplier for class. confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt. confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, or Time. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the queue run interval low for better responsiveness without trying all jobs in each run. confDEF_CHAR_SET DefaultCharSet [unknown-8bit] When converting unlabeled 8 bit input to MIME, the character set to use by default. confSERVICE_SWITCH_FILE ServiceSwitchFile [/etc/mail/service.switch] The file to use for the service switch on systems that do not have a system-defined switch. confHOSTS_FILE HostsFile [/etc/hosts] The file to use when doing "file" type access of hosts names. confDIAL_DELAY DialDelay [0s] If a connection fails, wait this long and try again. Zero means "don't retry". This is to allow "dial on demand" connections to have enough time to complete a connection. confNO_RCPT_ACTION NoRecipientAction [none] What to do if there are no legal recipient fields (To:, Cc: or Bcc:) in the message. Legal values can be "none" to just leave the nonconforming message as is, "add-to" to add a To: header with all the known recipients (which may expose blind recipients), "add-apparently-to" to do the same but use Apparently-To: instead of To:, "add-bcc" to add an empty Bcc: header, or "add-to-undisclosed" to add the header ``To: undisclosed-recipients:;''. confSAFE_FILE_ENV SafeFileEnvironment [undefined] If set, sendmail will do a chroot() into this directory before writing files. confCOLON_OK_IN_ADDR ColonOkInAddr [True unless Configuration Level > 6] If set, colons are treated as a regular character in addresses. If not set, they are treated as the introducer to the RFC 822 "group" syntax. Colons are handled properly in route-addrs. This option defaults on for V5 and lower configuration files. confMAX_QUEUE_RUN_SIZE MaxQueueRunSize [0] If set, limit the maximum size of any given queue run to this number of entries. Essentially, this will stop reading each queue directory after this number of entries are reached; it does _not_ pick the highest priority jobs, so this should be as large as your system can tolerate. If not set, there is no limit. confDONT_EXPAND_CNAMES DontExpandCnames [False] If set, $[ ... $] lookups that do DNS based lookups do not expand CNAME records. This currently violates the published standards, but the IETF seems to be moving toward legalizing this. For example, if "FTP.Foo.ORG" is a CNAME for "Cruft.Foo.ORG", then with this option set a lookup of "FTP" will return "FTP.Foo.ORG"; if clear it returns "Cruft.FOO.ORG". N.B. you may not see any effect until your downstream neighbors stop doing CNAME lookups as well. confFROM_LINE UnixFromLine [From $g $d] The From_ line used when sending to files or programs. confSINGLE_LINE_FROM_HEADER SingleLineFromHeader [False] From: lines that have embedded newlines are unwrapped onto one line. confALLOW_BOGUS_HELO AllowBogusHELO [False] Allow HELO SMTP command that does not include a host name. confMUST_QUOTE_CHARS MustQuoteChars [.'] Characters to be quoted in a full name phrase (@,;:\()[] are automatic). confOPERATORS OperatorChars [.:%@!^/[]+] Address operator characters. confSMTP_LOGIN_MSG SmtpGreetingMessage [$j Sendmail $v/$Z; $b] The initial (spontaneous) SMTP greeting message. The word "ESMTP" will be inserted between the first and second words to convince other sendmails to try to speak ESMTP. confDONT_INIT_GROUPS DontInitGroups [False] If set, the initgroups(3) routine will never be invoked. You might want to do this if you are running NIS and you have a large group map, since this call does a sequential scan of the map; in a large site this can cause your ypserv to run essentially full time. If you set this, agents run on behalf of users will only have their primary (/etc/passwd) group permissions. confUNSAFE_GROUP_WRITES UnsafeGroupWrites [False] If set, group-writable :include: and .forward files are considered "unsafe", that is, programs and files cannot be directly referenced from such files. World-writable files are always considered unsafe. confCONNECT_ONLY_TO ConnectOnlyTo [undefined] override connection address (for testing). confCONTROL_SOCKET_NAME ControlSocketName [undefined] Control socket for daemon management. confDOUBLE_BOUNCE_ADDRESS DoubleBounceAddress [postmaster] If an error occurs when sending an error message, send that "double bounce" error message to this address. confDEAD_LETTER_DROP DeadLetterDrop [undefined] Filename to save bounce messages which could not be returned to the user or sent to postmaster. If not set, the queue file will be renamed. confRRT_IMPLIES_DSN RrtImpliesDsn [False] Return-Receipt-To: header implies DSN request. confRUN_AS_USER RunAsUser [undefined] If set, become this user when reading and delivering mail. Causes all file reads (e.g., .forward and :include: files) to be done as this user. Also, all programs will be run as this user, and all output files will be written as this user. Intended for use only on firewalls where users do not have accounts. confMAX_RCPTS_PER_MESSAGE MaxRecipientsPerMessage [infinite] If set, allow no more than the specified number of recipients in an SMTP envelope. Further recipients receive a 452 error code (i.e., they are deferred for the next delivery attempt). confDONT_PROBE_INTERFACES DontProbeInterfaces [False] If set, sendmail will _not_ insert the names and addresses of any local interfaces into class {w} (list of known "equivalent" addresses). If you set this, you must also include some support for these addresses (e.g., in a mailertable entry) -- otherwise, mail to addresses in this list will bounce with a configuration error. confPID_FILE PidFile [system dependent] Location of pid file. confPROCESS_TITLE_PREFIX ProcessTitlePrefix [undefined] Prefix string for the process title shown on 'ps' listings. confDONT_BLAME_SENDMAIL DontBlameSendmail [safe] Override sendmail's file safety checks. This will definitely compromise system security and should not be used unless absolutely necessary. confREJECT_MSG - [550 Access denied] The message given if the access database contains REJECT in the value portion. confDF_BUFFER_SIZE DataFileBufferSize [4096] The maximum size of a memory-buffered data (df) file before a disk-based file is used. confXF_BUFFER_SIZE XScriptFileBufferSize [4096] The maximum size of a memory-buffered transcript (xf) file before a disk-based file is used. confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5] List of authentication mechanisms for AUTH (separated by spaces). The advertised list of authentication mechanisms will be the intersection of this list and the list of available mechanisms as determined by the CYRUS SASL library. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Filename that contains authentication information for outgoing connections. This file must contain the user id, the authorization id, the password (plain text), and the realm to use, each on a separate line and must be readable by root (or the trusted user) only. If no realm is specified, $j is used. NOTE: Currently, AuthMechanisms is used to determine the list of mechanisms to use on an outgoing connection. Sites which require a different list of mechanisms for incoming connections and outgoing connections will have the ability to do this in 8.11 by specifying a list of mechanisms as the fifth line of the DefaultAuthInfo file. If no mechanisms are given in the file, AuthMechanisms is used. The code for doing so is included as in the sendmail source code but disabled. It can be enabled by recompiling sendmail with: -D_FFR_DEFAUTHINFO_MECHS confAUTH_OPTIONS AuthOptions [undefined] If this options is 'A' then the AUTH= parameter for the MAIL FROM command is only issued when authentication succeeded. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP specific settings such as "-h host -p port -d bindDN", etc. The settings will be used for all LDAP maps unless they are specified in the individual map specification ('K' command). confCACERT_PATH CACERTPath [undefined] Path to directory with certs of CAs. confCACERT CACERTFile [undefined] File containing one CA cert. confSERVER_CERT ServerCertFile [undefined] File containing the cert of the server, i.e., this cert is used when sendmail acts as server. confSERVER_KEY ServerKeyFile [undefined] File containing the private key belonging to the server cert. confCLIENT_CERT ClientCertFile [undefined] File containing the cert of the client, i.e., this cert is used when sendmail acts as client. confCLIENT_KEY ClientKeyFile [undefined] File containing the private key belonging to the client cert. confDH_PARAMETERS DHParameters [undefined] File containing the DH parameters. confRAND_FILE RandFile [undefined] File containing random data (use prefix file:) or the name of the UNIX socket if EGD is used (use prefix egd:). STARTTLS requires this option if the compile flag HASURANDOM is not set (see sendmail/README). See also the description of OSTYPE for some parameters that can be tweaked (generally pathnames to mailers). DaemonPortOptions are a special case since multiple daemons can be defined. This can be done via DAEMON_OPTIONS(`field1=value1,field2=value2,...') If DAEMON_OPTIONS is not used, then the default is DAEMON_OPTIONS(`Port=smtp, Name=MTA') DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') If you use one DAEMON_OPTIONS macro, it will alter the parameters of the first of these. The second will still be defaulted; it represents a "Message Submission Agent" (MSA) as defined by RFC 2476 (see below). To turn off the default definition for the MSA, use FEATURE(`no_default_msa') (see also FEATURES). If you use additional DAEMON_OPTIONS macros, they will add additional daemons. Example 1: To change the port for the SMTP listener, while still using the MSA default, use DAEMON_OPTIONS(`Port=925, Name=MTA') Example 2: To change the port for the MSA daemon, while still using the default SMTP port, use FEATURE(`no_default_msa') DAEMON_OPTIONS(`Name=MTA') DAEMON_OPTIONS(`Port=987, Name=MSA, M=E') Note that if the first of those DAEMON_OPTIONS lines were omitted, then there would be no listener on the standard SMTP port. Example 3: To listen on both IPv4 and IPv6 interfaces, use DAEMON_OPTIONS(`Name=MTA-v4, Family=inet') DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6') A "Message Submission Agent" still uses all of the same rulesets for processing the message (and therefore still allows message rejection via the check_* rulesets). In accordance with the RFC, the MSA will ensure that all domains in the envelope are fully qualified if the message is relayed to another MTA. It will also enforce the normal address syntax rules and log error messages. Additionally, by using the M=a modifier you can require authentication before messages are accepted by the MSA. Finally, the M=E modifier shown above disables ETRN as required by RFC 2476. +-----------+ | HIERARCHY | +-----------+ Within this directory are several subdirectories, to wit: m4 General support routines. These are typically very important and should not be changed without very careful consideration. cf The configuration files themselves. They have ".mc" suffixes, and must be run through m4 to become complete. The resulting output should have a ".cf" suffix. ostype Definitions describing a particular operating system type. These should always be referenced using the OSTYPE macro in the .mc file. Examples include "bsd4.3", "bsd4.4", "sunos3.5", and "sunos4.1". domain Definitions describing a particular domain, referenced using the DOMAIN macro in the .mc file. These are site dependent; for example, "CS.Berkeley.EDU.m4" describes hosts in the CS.Berkeley.EDU subdomain. mailer Descriptions of mailers. These are referenced using the MAILER macro in the .mc file. sh Shell files used when building the .cf file from the .mc file in the cf subdirectory. feature These hold special orthogonal features that you might want to include. They should be referenced using the FEATURE macro. hack Local hacks. These can be referenced using the HACK macro. They shouldn't be of more than voyeuristic interest outside the .Berkeley.EDU domain, but who knows? siteconfig Site configuration -- e.g., tables of locally connected UUCP sites. +------------------------+ | ADMINISTRATIVE DETAILS | +------------------------+ The following sections detail usage of certain internal parts of the sendmail.cf file. Read them carefully if you are trying to modify the current model. If you find the above descriptions adequate, these should be {boring, confusing, tedious, ridiculous} (pick one or more). RULESETS (* means built in to sendmail) 0 * Parsing 1 * Sender rewriting 2 * Recipient rewriting 3 * Canonicalization 4 * Post cleanup 5 * Local address rewrite (after aliasing) 1x mailer rules (sender qualification) 2x mailer rules (recipient qualification) 3x mailer rules (sender header qualification) 4x mailer rules (recipient header qualification) 5x mailer subroutines (general) 6x mailer subroutines (general) 7x mailer subroutines (general) 8x reserved 90 Mailertable host stripping 96 Bottom half of Ruleset 3 (ruleset 6 in old sendmail) 97 Hook for recursive ruleset 0 call (ruleset 7 in old sendmail) 98 Local part of ruleset 0 (ruleset 8 in old sendmail) 99 Guaranteed null (for debugging) MAILERS 0 local, prog local and program mailers 1 [e]smtp, relay SMTP channel 2 uucp-* UNIX-to-UNIX Copy Program 3 netnews Network News delivery 4 fax Sam Leffler's HylaFAX software 5 mail11 DECnet mailer MACROS A B Bitnet Relay C DECnet Relay D The local domain -- usually not needed E reserved for X.400 Relay F FAX Relay G H mail Hub (for mail clusters) I J K L Luser Relay M Masquerade (who you claim to be) N O P Q R Relay (for unqualified names) S Smart Host T U my UUCP name (if you have a UUCP connection) V UUCP Relay (class {V} hosts) W UUCP Relay (class {W} hosts) X UUCP Relay (class {X} hosts) Y UUCP Relay (all other hosts) Z Version number CLASSES A B domains that are candidates for bestmx lookup C D E addresses that should not seem to come from $M F hosts this system forward for G domains that should be looked up in genericstable H I J K L addresses that should not be forwarded to $R M domains that should be mapped to $M N host/domains that should not be mapped to $M O operators that indicate network operations (cannot be in local names) P top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc. Q R domains this system is willing to relay (pass anti-spam filters) S T U locally connected UUCP hosts V UUCP hosts connected to relay $V W UUCP hosts connected to relay $W X UUCP hosts connected to relay $X Y locally connected smart UUCP hosts Z locally connected domain-ized UUCP hosts . the class containing only a dot [ the class containing only a left bracket M4 DIVERSIONS 1 Local host detection and resolution 2 Local Ruleset 3 additions 3 Local Ruleset 0 additions 4 UUCP Ruleset 0 additions 5 locally interpreted names (overrides $R) 6 local configuration (at top of file) 7 mailer definitions 8 DNS based blacklists 9 special local rulesets (1 and 2) -$Revision: 8.383.2.1.2.24 $, Last updated $Date: 2000/09/24 02:05:54 $ +$Revision: 8.383.2.1.2.35 $, Last updated $Date: 2000/12/17 17:19:11 $ Index: stable/4/contrib/sendmail/cf/cf/Makefile =================================================================== --- stable/4/contrib/sendmail/cf/cf/Makefile (revision 71887) +++ stable/4/contrib/sendmail/cf/cf/Makefile (revision 71888) @@ -1,165 +1,165 @@ # # Makefile for configuration files. # -# $Id: Makefile,v 8.40.8.3 2000/08/08 22:23:30 gshapiro Exp $ +# $Id: Makefile,v 8.40.8.4 2000/10/26 18:27:44 gshapiro Exp $ # # # Create configuration files using "m4 ../m4/cf.m4 file.mc > file.cf"; # this may be easier than tweaking the Makefile. You do need to # have a fairly modern M4 available (GNU m4 works). On SunOS, use # /usr/5bin/m4. # M4= m4 CFDIR= .. CHMOD= chmod ROMODE= 444 RM= rm -f .SUFFIXES: .mc .cf .mc.cf: $(RM) $@ $(M4) ${CFDIR}/m4/cf.m4 $*.mc > $@ || ( $(RM) $@ && exit 1 ) $(CHMOD) $(ROMODE) $@ GENERIC=generic-bsd4.4.cf generic-hpux9.cf generic-hpux10.cf \ - generic-linux.cf \ + generic-linux.cf generic-nextstep3.3.cf \ generic-osf1.cf generic-solaris2.cf \ generic-sunos4.1.cf generic-ultrix4.cf -BERKELEY=cs-hpux9.cf cs-osf1.cf cs-solaris2.cf \ +BERKELEY=cs-hpux9.cf cs-hpux10.cf cs-osf1.cf cs-solaris2.cf \ cs-sunos4.1.cf cs-ultrix4.cf \ s2k-osf1.cf s2k-ultrix4.cf \ chez.cs.cf huginn.cs.cf mail.cs.cf mail.eecs.cf mailspool.cs.cf \ python.cs.cf ucbarpa.cf ucbvax.cf vangogh.cs.cf OTHER= knecht.cf ALL= $(GENERIC) $(BERKELEY) $(OTHER) all: $(ALL) berkeley: $(BERKELEY) generic: $(GENERIC) other: $(OTHER) clean cleandir: $(RM) $(ALL) core depend install: # this is overkill, but.... M4FILES=\ ${CFDIR}/domain/Berkeley.EDU.m4 \ ${CFDIR}/domain/CS.Berkeley.EDU.m4 \ ${CFDIR}/domain/EECS.Berkeley.EDU.m4 \ ${CFDIR}/domain/S2K.Berkeley.EDU.m4 \ ${CFDIR}/domain/berkeley-only.m4 \ ${CFDIR}/domain/generic.m4 \ ${CFDIR}/feature/accept_unqualified_senders.m4 \ ${CFDIR}/feature/accept_unresolvable_domains.m4 \ ${CFDIR}/feature/access_db.m4 \ ${CFDIR}/feature/allmasquerade.m4 \ ${CFDIR}/feature/always_add_domain.m4 \ ${CFDIR}/feature/bestmx_is_local.m4 \ ${CFDIR}/feature/bitdomain.m4 \ ${CFDIR}/feature/blacklist_recipients.m4 \ ${CFDIR}/feature/dnsbl.m4 \ ${CFDIR}/feature/domaintable.m4 \ ${CFDIR}/feature/generics_entire_domain.m4 \ ${CFDIR}/feature/genericstable.m4 \ ${CFDIR}/feature/ldap_routing.m4 \ ${CFDIR}/feature/limited_masquerade.m4 \ ${CFDIR}/feature/local_lmtp.m4 \ ${CFDIR}/feature/local_procmail.m4 \ ${CFDIR}/feature/loose_relay_check.m4 \ ${CFDIR}/feature/mailertable.m4 \ ${CFDIR}/feature/masquerade_entire_domain.m4 \ ${CFDIR}/feature/masquerade_envelope.m4 \ ${CFDIR}/feature/no_default_msa.m4 \ ${CFDIR}/feature/nocanonify.m4 \ ${CFDIR}/feature/nodns.m4 \ ${CFDIR}/feature/notsticky.m4 \ ${CFDIR}/feature/nouucp.m4 \ ${CFDIR}/feature/nullclient.m4 \ ${CFDIR}/feature/promiscuous_relay.m4 \ ${CFDIR}/feature/rbl.m4 \ ${CFDIR}/feature/redirect.m4 \ ${CFDIR}/feature/relay_based_on_MX.m4 \ ${CFDIR}/feature/relay_entire_domain.m4 \ ${CFDIR}/feature/relay_hosts_only.m4 \ ${CFDIR}/feature/relay_local_from.m4 \ ${CFDIR}/feature/relay_mail_from.m4 \ ${CFDIR}/feature/smrsh.m4 \ ${CFDIR}/feature/stickyhost.m4 \ ${CFDIR}/feature/use_ct_file.m4 \ ${CFDIR}/feature/use_cw_file.m4 \ ${CFDIR}/feature/uucpdomain.m4 \ ${CFDIR}/feature/virtuser_entire_domain.m4 \ ${CFDIR}/feature/virtusertable.m4 \ ${CFDIR}/hack/cssubdomain.m4 \ ${CFDIR}/m4/cf.m4 \ ${CFDIR}/m4/cfhead.m4 \ ${CFDIR}/m4/proto.m4 \ ${CFDIR}/m4/version.m4 \ ${CFDIR}/mailer/cyrus.m4 \ ${CFDIR}/mailer/fax.m4 \ ${CFDIR}/mailer/local.m4 \ ${CFDIR}/mailer/mail11.m4 \ ${CFDIR}/mailer/phquery.m4 \ ${CFDIR}/mailer/pop.m4 \ ${CFDIR}/mailer/procmail.m4 \ ${CFDIR}/mailer/qpage.m4 \ ${CFDIR}/mailer/smtp.m4 \ ${CFDIR}/mailer/usenet.m4 \ ${CFDIR}/mailer/uucp.m4 \ ${CFDIR}/ostype/aix2.m4 \ ${CFDIR}/ostype/aix3.m4 \ ${CFDIR}/ostype/aix4.m4 \ ${CFDIR}/ostype/altos.m4 \ ${CFDIR}/ostype/amdahl-uts.m4 \ ${CFDIR}/ostype/aux.m4 \ ${CFDIR}/ostype/bsd4.3.m4 \ ${CFDIR}/ostype/bsd4.4.m4 \ ${CFDIR}/ostype/bsdi.m4 \ ${CFDIR}/ostype/bsdi1.0.m4 \ ${CFDIR}/ostype/bsdi2.0.m4 \ ${CFDIR}/ostype/dgux.m4 \ ${CFDIR}/ostype/domainos.m4 \ ${CFDIR}/ostype/dynix3.2.m4 \ ${CFDIR}/ostype/gnu.m4 \ ${CFDIR}/ostype/hpux10.m4 \ ${CFDIR}/ostype/hpux11.m4 \ ${CFDIR}/ostype/hpux9.m4 \ ${CFDIR}/ostype/irix4.m4 \ ${CFDIR}/ostype/irix5.m4 \ ${CFDIR}/ostype/irix6.m4 \ ${CFDIR}/ostype/isc4.1.m4 \ ${CFDIR}/ostype/linux.m4 \ ${CFDIR}/ostype/maxion.m4 \ ${CFDIR}/ostype/mklinux.m4 \ ${CFDIR}/ostype/nextstep.m4 \ ${CFDIR}/ostype/openbsd.m4 \ ${CFDIR}/ostype/osf1.m4 \ ${CFDIR}/ostype/powerux.m4 \ ${CFDIR}/ostype/ptx2.m4 \ ${CFDIR}/ostype/qnx.m4 \ ${CFDIR}/ostype/riscos4.5.m4 \ ${CFDIR}/ostype/sco-uw-2.1.m4 \ ${CFDIR}/ostype/sco3.2.m4 \ ${CFDIR}/ostype/sinix.m4 \ ${CFDIR}/ostype/solaris2.m4 \ ${CFDIR}/ostype/solaris2.ml.m4 \ ${CFDIR}/ostype/solaris2.pre5.m4 \ ${CFDIR}/ostype/solaris8.m4 \ ${CFDIR}/ostype/sunos3.5.m4 \ ${CFDIR}/ostype/sunos4.1.m4 \ ${CFDIR}/ostype/svr4.m4 \ ${CFDIR}/ostype/ultrix4.m4 \ ${CFDIR}/ostype/unixware7.m4 \ ${CFDIR}/ostype/unknown.m4 \ ${CFDIR}/ostype/uxpds.m4 $(ALL): $(M4FILES) $(BERKELEY): $(M4FILES) $(GENERIC): $(M4FILES) $(OTHER): $(M4FILES) Index: stable/4/contrib/sendmail/cf/feature/dnsbl.m4 =================================================================== --- stable/4/contrib/sendmail/cf/feature/dnsbl.m4 (revision 71887) +++ stable/4/contrib/sendmail/cf/feature/dnsbl.m4 (revision 71888) @@ -1,25 +1,25 @@ divert(-1) # # Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # divert(0) ifdef(`_DNSBL_R_',`dnl',`dnl -VERSIONID(`$Id: dnsbl.m4,v 8.18 1999/08/03 04:30:56 gshapiro Exp $')') +VERSIONID(`$Id: dnsbl.m4,v 8.18.16.1 2000/11/22 01:13:21 ca Exp $')') divert(-1) -define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`rbl.maps.vix.com',_ARG_)')dnl +define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{client_addr} " refused by blackhole site '_DNSBL_SRV_`"',`_ARG2_')')dnl divert(8) # DNS based IP address spam list _DNSBL_SRV_ R$* $: $&{client_addr} R::ffff:$-.$-.$-.$- $: $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $) R$-.$-.$-.$- $: $(host $4.$3.$2.$1._DNSBL_SRV_. $: OK $) ROK $: OKSOFAR R$+ $#error $@ 5.7.1 $: _DNSBL_MSG_ divert(-1) Index: stable/4/contrib/sendmail/cf/m4/proto.m4 =================================================================== --- stable/4/contrib/sendmail/cf/m4/proto.m4 (revision 71887) +++ stable/4/contrib/sendmail/cf/m4/proto.m4 (revision 71888) @@ -1,2097 +1,2105 @@ divert(-1) # # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # divert(0) -VERSIONID(`$Id: proto.m4,v 8.446.2.5.2.29 2000/09/15 04:45:14 gshapiro Exp $') +VERSIONID(`$Id: proto.m4,v 8.446.2.5.2.38 2000/12/28 03:37:28 ca Exp $') MAILER(local)dnl # level CF_LEVEL config file format V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley') divert(-1) # do some sanity checking ifdef(`__OSTYPE__',, `errprint(`*** ERROR: No system type defined (use OSTYPE macro) ')') # pick our default mailers ifdef(`confSMTP_MAILER',, `define(`confSMTP_MAILER', `esmtp')') ifdef(`confLOCAL_MAILER',, `define(`confLOCAL_MAILER', `local')') ifdef(`confRELAY_MAILER',, `define(`confRELAY_MAILER', `ifdef(`_MAILER_smtp_', `relay', `ifdef(`_MAILER_uucp', `uucp-new', `unknown')')')') ifdef(`confUUCP_MAILER',, `define(`confUUCP_MAILER', `uucp-old')') define(`_SMTP_', `confSMTP_MAILER')dnl for readability only define(`_LOCAL_', `confLOCAL_MAILER')dnl for readability only define(`_RELAY_', `confRELAY_MAILER')dnl for readability only define(`_UUCP_', `confUUCP_MAILER')dnl for readability only # back compatibility with old config files ifdef(`confDEF_GROUP_ID', `errprint(`*** confDEF_GROUP_ID is obsolete. Use confDEF_USER_ID with a colon in the value instead. ')') ifdef(`confREAD_TIMEOUT', `errprint(`*** confREAD_TIMEOUT is obsolete. Use individual confTO_ parameters instead. ')') ifdef(`confMESSAGE_TIMEOUT', `define(`_ARG_', index(confMESSAGE_TIMEOUT, /)) ifelse(_ARG_, -1, `define(`confTO_QUEUERETURN', confMESSAGE_TIMEOUT)', `define(`confTO_QUEUERETURN', substr(confMESSAGE_TIMEOUT, 0, _ARG_)) define(`confTO_QUEUEWARN', substr(confMESSAGE_TIMEOUT, eval(_ARG_+1)))')') ifdef(`confMIN_FREE_BLOCKS', `ifelse(index(confMIN_FREE_BLOCKS, /), -1,, `errprint(`*** compound confMIN_FREE_BLOCKS is obsolete. Use confMAX_MESSAGE_SIZE for the second part of the value. ')')') # Sanity check on ldap_routing feature # If the user doesn't specify a new map, they better have given as a # default LDAP specification which has the LDAP base (and most likely the host) ifdef(`confLDAP_DEFAULT_SPEC',, `ifdef(`_LDAP_ROUTING_WARN_', `errprint(` WARNING: Using default FEATURE(ldap_routing) map definition(s) without setting confLDAP_DEFAULT_SPEC option. ')')')dnl # clean option definitions below.... define(`_OPTION', `ifdef(`$2', `O $1`'ifelse(defn(`$2'), `',, `=$2')', `#O $1`'ifelse(`$3', `',,`=$3')')')dnl dnl required to "rename" the check_* rulesets... define(`_U_',ifdef(`_DELAY_CHECKS_',`',`_')) dnl default relaying denied message ifdef(`confRELAY_MSG', `', `define(`confRELAY_MSG', `"550 Relaying denied"')') divert(0)dnl # override file safeties - setting this option compromises system security, # addressing the actual file configuration problem is preferred # need to set this before any file actions are encountered in the cf file _OPTION(DontBlameSendmail, `confDONT_BLAME_SENDMAIL', `safe') # default LDAP map specification # need to set this now before any LDAP maps are defined _OPTION(LDAPDefaultSpec, `confLDAP_DEFAULT_SPEC', `-h localhost') ################## # local info # ################## Cwlocalhost ifdef(`USE_CW_FILE', `# file containing names of hosts for which we receive email Fw`'confCW_FILE', `dnl') # my official domain name # ... `define' this only if sendmail cannot automatically determine your domain ifdef(`confDOMAIN_NAME', `Dj`'confDOMAIN_NAME', `#Dj$w.Foo.COM') CP. ifdef(`UUCP_RELAY', `# UUCP relay host DY`'UUCP_RELAY CPUUCP ')dnl ifdef(`BITNET_RELAY', `# BITNET relay host DB`'BITNET_RELAY CPBITNET ')dnl ifdef(`DECNET_RELAY', `define(`_USE_DECNET_SYNTAX_', 1)dnl # DECnet relay host DC`'DECNET_RELAY CPDECNET ')dnl ifdef(`FAX_RELAY', `# FAX relay host DF`'FAX_RELAY CPFAX ')dnl # "Smart" relay host (may be null) DS`'ifdef(`SMART_HOST', SMART_HOST) ifdef(`LUSER_RELAY', `dnl # place to which unknown users should be forwarded Kuser user -m -a<> DL`'LUSER_RELAY', `dnl') # operators that cannot be in local usernames (i.e., network indicators) CO @ % ifdef(`_NO_UUCP_', `', `!') # a class with just dot (for identifying canonical names) C.. # a class with just a left bracket (for identifying domain literals) C[[ ifdef(`_ACCESS_TABLE_', `dnl # access_db acceptance class C{Accept}OK RELAY ifdef(`_DELAY_CHECKS_',`dnl ifdef(`_BLACKLIST_RCPT_',`dnl # possible access_db RHS for spam friends/haters C{SpamTag}SPAMFRIEND SPAMHATER')')', `dnl') ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_',`dnl',`dnl # Resolve map (to check if a host exists in check_mail) Kresolve host -a -T') ifdef(`_FFR_5_', `# macro storage map Kmacro macro') ifdef(`confCR_FILE', `dnl # Hosts for which relaying is permitted ($=R) FR`'confCR_FILE', `dnl') define(`TLS_SRV_TAG', `TLS_Srv')dnl define(`TLS_CLT_TAG', `TLS_Clt')dnl define(`TLS_TRY_TAG', `Try_TLS')dnl define(`TLS_OFF_TAG', `Offer_TLS')dnl dnl this may be useful in other contexts too ifdef(`_ARITH_MAP_', `', `# arithmetic map define(`_ARITH_MAP_', `1')dnl Karith arith') ifdef(`_ACCESS_TABLE_', `dnl # possible values for tls_connect in access map C{tls}VERIFY ENCR', `dnl') ifdef(`_CERT_REGEX_ISSUER_', `dnl # extract relevant part from cert issuer KCERTIssuer regex _CERT_REGEX_ISSUER_', `dnl') ifdef(`_CERT_REGEX_SUBJECT_', `dnl # extract relevant part from cert subject KCERTSubject regex _CERT_REGEX_SUBJECT_', `dnl') # who I send unqualified names to (null means deliver locally) DR`'ifdef(`LOCAL_RELAY', LOCAL_RELAY) # who gets all local email traffic ($R has precedence for unqualified names) DH`'ifdef(`MAIL_HUB', MAIL_HUB) # dequoting map Kdequote dequote divert(0)dnl # end of nullclient diversion # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root undivert(5)dnl ifdef(`_VIRTHOSTS_', `CR$={VirtHost}', `dnl') # who I masquerade as (null for no masquerading) (see also $=M) DM`'ifdef(`MASQUERADE_NAME', MASQUERADE_NAME) # my name for error messages ifdef(`confMAILER_NAME', `Dn`'confMAILER_NAME', `#DnMAILER-DAEMON') undivert(6)dnl LOCAL_CONFIG include(_CF_DIR_`m4/version.m4') ############### # Options # ############### # strip message body to 7 bits on input? _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') # 8-bit data handling _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `adaptive') # wait for alias file rebuild (default units: minutes) _OPTION(AliasWait, `confALIAS_WAIT', `5m') # location of alias file _OPTION(AliasFile, `ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') # minimum number of free blocks on filesystem _OPTION(MinFreeBlocks, `confMIN_FREE_BLOCKS', `100') # maximum message size _OPTION(MaxMessageSize, `confMAX_MESSAGE_SIZE', `1000000') # substitution for space (blank) characters _OPTION(BlankSub, `confBLANK_SUB', `_') # avoid connecting to "expensive" mailers on initial submission? _OPTION(HoldExpensive, `confCON_EXPENSIVE', `False') # checkpoint queue runs after every N successful deliveries _OPTION(CheckpointInterval, `confCHECKPOINT_INTERVAL', `10') # default delivery mode _OPTION(DeliveryMode, `confDELIVERY_MODE', `background') # automatically rebuild the alias database? # NOTE: There is a potential for a denial of service attack if this is set. # This option is deprecated and will be removed from a future version. _OPTION(AutoRebuildAliases, `confAUTO_REBUILD', `False') # error message header/file _OPTION(ErrorHeader, `confERROR_MESSAGE', `MAIL_SETTINGS_DIR`'error-header') # error mode _OPTION(ErrorMode, `confERROR_MODE', `print') # save Unix-style "From_" lines at top of header? _OPTION(SaveFromLine, `confSAVE_FROM_LINES', `False') # temporary file mode _OPTION(TempFileMode, `confTEMP_FILE_MODE', `0600') # match recipients against GECOS field? _OPTION(MatchGECOS, `confMATCH_GECOS', `False') # maximum hop count _OPTION(MaxHopCount, `confMAX_HOP', `17') # location of help file O HelpFile=ifdef(`HELP_FILE', HELP_FILE, `MAIL_SETTINGS_DIR`'helpfile') # ignore dots as terminators in incoming messages? _OPTION(IgnoreDots, `confIGNORE_DOTS', `False') # name resolver options _OPTION(ResolverOptions, `confBIND_OPTS', `+AAONLY') # deliver MIME-encapsulated error messages? _OPTION(SendMimeErrors, `confMIME_FORMAT_ERRORS', `True') # Forward file search path _OPTION(ForwardPath, `confFORWARD_PATH', `/var/forward/$u:$z/.forward.$w:$z/.forward') # open connection cache size _OPTION(ConnectionCacheSize, `confMCI_CACHE_SIZE', `2') # open connection cache timeout _OPTION(ConnectionCacheTimeout, `confMCI_CACHE_TIMEOUT', `5m') # persistent host status directory _OPTION(HostStatusDirectory, `confHOST_STATUS_DIRECTORY', `.hoststat') # single thread deliveries (requires HostStatusDirectory)? _OPTION(SingleThreadDelivery, `confSINGLE_THREAD_DELIVERY', `False') # use Errors-To: header? _OPTION(UseErrorsTo, `confUSE_ERRORS_TO', `False') # log level _OPTION(LogLevel, `confLOG_LEVEL', `10') # send to me too, even in an alias expansion? _OPTION(MeToo, `confME_TOO', `True') # verify RHS in newaliases? _OPTION(CheckAliases, `confCHECK_ALIASES', `False') # default messages to old style headers if no special punctuation? _OPTION(OldStyleHeaders, `confOLD_STYLE_HEADERS', `False') # SMTP daemon options ifelse(defn(`confDAEMON_OPTIONS'), `', `dnl', `errprint(WARNING: `confDAEMON_OPTIONS' is no longer valid. See cf/README for more information. )'dnl `DAEMON_OPTIONS(`confDAEMON_OPTIONS')') ifelse(defn(`_DPO_'), `', `ifdef(`_NETINET6_', `O DaemonPortOptions=Name=MTA-IPv4, Family=inet O DaemonPortOptions=Name=MTA-IPv6, Family=inet6',`O DaemonPortOptions=Name=MTA')', `_DPO_') ifdef(`_NO_MSA_', `dnl', `O DaemonPortOptions=Port=587, Name=MSA, M=E') # SMTP client options _OPTION(ClientPortOptions, `confCLIENT_OPTIONS', `Address=0.0.0.0') # privacy flags _OPTION(PrivacyOptions, `confPRIVACY_FLAGS', `authwarnings') # who (if anyone) should get extra copies of error messages _OPTION(PostmasterCopy, `confCOPY_ERRORS_TO', `Postmaster') # slope of queue-only function _OPTION(QueueFactor, `confQUEUE_FACTOR', `600000') # queue directory O QueueDirectory=ifdef(`QUEUE_DIR', QUEUE_DIR, `/var/spool/mqueue') # timeouts (many of these) _OPTION(Timeout.initial, `confTO_INITIAL', `5m') _OPTION(Timeout.connect, `confTO_CONNECT', `5m') _OPTION(Timeout.iconnect, `confTO_ICONNECT', `5m') _OPTION(Timeout.helo, `confTO_HELO', `5m') _OPTION(Timeout.mail, `confTO_MAIL', `10m') _OPTION(Timeout.rcpt, `confTO_RCPT', `1h') _OPTION(Timeout.datainit, `confTO_DATAINIT', `5m') _OPTION(Timeout.datablock, `confTO_DATABLOCK', `1h') _OPTION(Timeout.datafinal, `confTO_DATAFINAL', `1h') _OPTION(Timeout.rset, `confTO_RSET', `5m') _OPTION(Timeout.quit, `confTO_QUIT', `2m') _OPTION(Timeout.misc, `confTO_MISC', `2m') _OPTION(Timeout.command, `confTO_COMMAND', `1h') _OPTION(Timeout.ident, `confTO_IDENT', `5s') _OPTION(Timeout.fileopen, `confTO_FILEOPEN', `60s') _OPTION(Timeout.control, `confTO_CONTROL', `2m') _OPTION(Timeout.queuereturn, `confTO_QUEUERETURN', `5d') _OPTION(Timeout.queuereturn.normal, `confTO_QUEUERETURN_NORMAL', `5d') _OPTION(Timeout.queuereturn.urgent, `confTO_QUEUERETURN_URGENT', `2d') _OPTION(Timeout.queuereturn.non-urgent, `confTO_QUEUERETURN_NONURGENT', `7d') _OPTION(Timeout.queuewarn, `confTO_QUEUEWARN', `4h') _OPTION(Timeout.queuewarn.normal, `confTO_QUEUEWARN_NORMAL', `4h') _OPTION(Timeout.queuewarn.urgent, `confTO_QUEUEWARN_URGENT', `1h') _OPTION(Timeout.queuewarn.non-urgent, `confTO_QUEUEWARN_NONURGENT', `12h') _OPTION(Timeout.hoststatus, `confTO_HOSTSTATUS', `30m') _OPTION(Timeout.resolver.retrans, `confTO_RESOLVER_RETRANS', `5s') _OPTION(Timeout.resolver.retrans.first, `confTO_RESOLVER_RETRANS_FIRST', `5s') _OPTION(Timeout.resolver.retrans.normal, `confTO_RESOLVER_RETRANS_NORMAL', `5s') _OPTION(Timeout.resolver.retry, `confTO_RESOLVER_RETRY', `4') _OPTION(Timeout.resolver.retry.first, `confTO_RESOLVER_RETRY_FIRST', `4') _OPTION(Timeout.resolver.retry.normal, `confTO_RESOLVER_RETRY_NORMAL', `4') # should we not prune routes in route-addr syntax addresses? _OPTION(DontPruneRoutes, `confDONT_PRUNE_ROUTES', `False') # queue up everything before forking? _OPTION(SuperSafe, `confSAFE_QUEUE', `True') # status file O StatusFile=ifdef(`STATUS_FILE', `STATUS_FILE', `MAIL_SETTINGS_DIR`'statistics') # time zone handling: # if undefined, use system default # if defined but null, use TZ envariable passed in # if defined and non-null, use that info ifelse(confTIME_ZONE, `USE_SYSTEM', `#O TimeZoneSpec=', confTIME_ZONE, `USE_TZ', `O TimeZoneSpec=', `O TimeZoneSpec=confTIME_ZONE') # default UID (can be username or userid:groupid) _OPTION(DefaultUser, `confDEF_USER_ID', `mailnull') # list of locations of user database file (null means no lookup) _OPTION(UserDatabaseSpec, `confUSERDB_SPEC', `MAIL_SETTINGS_DIR`'userdb') # fallback MX host _OPTION(FallbackMXhost, `confFALLBACK_MX', `fall.back.host.net') # if we are the best MX host for a site, try it directly instead of config err _OPTION(TryNullMXList, `confTRY_NULL_MX_LIST', `False') # load average at which we just queue messages _OPTION(QueueLA, `confQUEUE_LA', `8') # load average at which we refuse connections _OPTION(RefuseLA, `confREFUSE_LA', `12') # maximum number of children we allow at one time _OPTION(MaxDaemonChildren, `confMAX_DAEMON_CHILDREN', `12') # maximum number of new connections per second -_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `3') +_OPTION(ConnectionRateThrottle, `confCONNECTION_RATE_THROTTLE', `0') # work recipient factor _OPTION(RecipientFactor, `confWORK_RECIPIENT_FACTOR', `30000') # deliver each queued job in a separate process? _OPTION(ForkEachJob, `confSEPARATE_PROC', `False') # work class factor _OPTION(ClassFactor, `confWORK_CLASS_FACTOR', `1800') # work time factor _OPTION(RetryFactor, `confWORK_TIME_FACTOR', `90000') # shall we sort the queue by hostname first? _OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority') # minimum time in queue before retry _OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m') # default character set _OPTION(DefaultCharSet, `confDEF_CHAR_SET', `iso-8859-1') # service switch file (ignored on Solaris, Ultrix, OSF/1, others) _OPTION(ServiceSwitchFile, `confSERVICE_SWITCH_FILE', `MAIL_SETTINGS_DIR`'service.switch') # hosts file (normally /etc/hosts) _OPTION(HostsFile, `confHOSTS_FILE', `/etc/hosts') # dialup line delay on connection failure _OPTION(DialDelay, `confDIAL_DELAY', `10s') # action to take if there are no recipients in the message _OPTION(NoRecipientAction, `confNO_RCPT_ACTION', `add-to-undisclosed') # chrooted environment for writing to files _OPTION(SafeFileEnvironment, `confSAFE_FILE_ENV', `/arch') # are colons OK in addresses? _OPTION(ColonOkInAddr, `confCOLON_OK_IN_ADDR', `True') # how many jobs can you process in the queue? _OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `10000') # shall I avoid expanding CNAMEs (violates protocols)? _OPTION(DontExpandCnames, `confDONT_EXPAND_CNAMES', `False') # SMTP initial login message (old $e macro) _OPTION(SmtpGreetingMessage, `confSMTP_LOGIN_MSG', `$j Sendmail $v ready at $b') # UNIX initial From header format (old $l macro) _OPTION(UnixFromLine, `confFROM_LINE', `From $g $d') # From: lines that have embedded newlines are unwrapped onto one line _OPTION(SingleLineFromHeader, `confSINGLE_LINE_FROM_HEADER', `False') # Allow HELO SMTP command that does not `include' a host name _OPTION(AllowBogusHELO, `confALLOW_BOGUS_HELO', `False') # Characters to be quoted in a full name phrase (@,;:\()[] are automatic) _OPTION(MustQuoteChars, `confMUST_QUOTE_CHARS', `.') # delimiter (operator) characters (old $o macro) _OPTION(OperatorChars, `confOPERATORS', `.:@[]') # shall I avoid calling initgroups(3) because of high NIS costs? _OPTION(DontInitGroups, `confDONT_INIT_GROUPS', `False') # are group-writable `:include:' and .forward files (un)trustworthy? _OPTION(UnsafeGroupWrites, `confUNSAFE_GROUP_WRITES', `True') # where do errors that occur when sending errors get sent? _OPTION(DoubleBounceAddress, `confDOUBLE_BOUNCE_ADDRESS', `postmaster') # where to save bounces if all else fails _OPTION(DeadLetterDrop, `confDEAD_LETTER_DROP', `/var/tmp/dead.letter') # what user id do we assume for the majority of the processing? _OPTION(RunAsUser, `confRUN_AS_USER', `sendmail') # maximum number of recipients per SMTP envelope _OPTION(MaxRecipientsPerMessage, `confMAX_RCPTS_PER_MESSAGE', `100') # shall we get local names from our installed interfaces? _OPTION(DontProbeInterfaces, `confDONT_PROBE_INTERFACES', `False') # Return-Receipt-To: header implies DSN request _OPTION(RrtImpliesDsn, `confRRT_IMPLIES_DSN', `False') # override connection address (for testing) _OPTION(ConnectOnlyTo, `confCONNECT_ONLY_TO', `0.0.0.0') # Trusted user for file ownership and starting the daemon _OPTION(TrustedUser, `confTRUSTED_USER', `root') # Control socket for daemon management _OPTION(ControlSocketName, `confCONTROL_SOCKET_NAME', `/var/spool/mqueue/.control') # Maximum MIME header length to protect MUAs _OPTION(MaxMimeHeaderLength, `confMAX_MIME_HEADER_LENGTH', `0/0') # Maximum length of the sum of all headers _OPTION(MaxHeadersLength, `confMAX_HEADERS_LENGTH', `32768') # Maximum depth of alias recursion _OPTION(MaxAliasRecursion, `confMAX_ALIAS_RECURSION', `10') # location of pid file _OPTION(PidFile, `confPID_FILE', `/var/run/sendmail.pid') # Prefix string for the process title shown on 'ps' listings _OPTION(ProcessTitlePrefix, `confPROCESS_TITLE_PREFIX', `prefix') # Data file (df) memory-buffer file maximum size _OPTION(DataFileBufferSize, `confDF_BUFFER_SIZE', `4096') # Transcript file (xf) memory-buffer file maximum size _OPTION(XscriptFileBufferSize, `confXF_BUFFER_SIZE', `4096') # list of authentication mechanisms _OPTION(AuthMechanisms, `confAUTH_MECHANISMS', `GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5') # default authentication information for outgoing connections _OPTION(DefaultAuthInfo, `confDEF_AUTH_INFO', `MAIL_SETTINGS_DIR`'default-auth-info') # SMTP AUTH flags _OPTION(AuthOptions, `confAUTH_OPTIONS', `') ifdef(`_FFR_MILTER', ` # Input mail filters _OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') # Milter options _OPTION(Milter.macros.connect, `confMILTER_MACROS_CONNECT', `') _OPTION(Milter.macros.helo, `confMILTER_MACROS_HELO', `') _OPTION(Milter.macros.envfrom, `confMILTER_MACROS_ENVFROM', `') _OPTION(Milter.macros.envrcpt, `confMILTER_MACROS_ENVRCPT', `')') # CA directory _OPTION(CACERTPath, `confCACERT_PATH', `') # CA file _OPTION(CACERTFile, `confCACERT', `') # Server Cert _OPTION(ServerCertFile, `confSERVER_CERT', `') # Server private key _OPTION(ServerKeyFile, `confSERVER_KEY', `') # Client Cert _OPTION(ClientCertFile, `confCLIENT_CERT', `') # Client private key _OPTION(ClientKeyFile, `confCLIENT_KEY', `') # DHParameters (only required if DSA/DH is used) _OPTION(DHParameters, `confDH_PARAMETERS', `') # Random data source (required for systems without /dev/urandom under OpenSSL) _OPTION(RandFile, `confRAND_FILE', `') ifdef(`confQUEUE_FILE_MODE', `# queue file mode (qf files) O QueueFileMode=confQUEUE_FILE_MODE ') ########################### # Message precedences # ########################### Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 ##################### # Trusted users # ##################### # this is equivalent to setting class "t" ifdef(`_USE_CT_FILE_', `', `#')Ft`'ifdef(`confCT_FILE', confCT_FILE, `MAIL_SETTINGS_DIR`'trusted-users') Troot Tdaemon ifdef(`_NO_UUCP_', `dnl', `Tuucp') ifdef(`confTRUSTED_USERS', `T`'confTRUSTED_USERS', `dnl') ######################### # Format of headers # ######################### ifdef(`confFROM_HEADER',, `define(`confFROM_HEADER', `$?x$x <$g>$|$g$.')')dnl H?P?Return-Path: <$g> HReceived: confRECEIVED_HEADER H?D?Resent-Date: $a H?D?Date: $a H?F?Resent-From: confFROM_HEADER H?F?From: confFROM_HEADER H?x?Full-Name: $x # HPosted-Date: $a # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> # ###################################################################### ###################################################################### ##### ##### REWRITING RULES ##### ###################################################################### ###################################################################### ############################################ ### Ruleset 3 -- Name Canonicalization ### ############################################ Scanonify=3 # handle null input (translate to <@> special case) R$@ $@ <@> # strip group: syntax (not inside angle brackets!) and trailing semicolon R$* $: $1 <@> mark addresses R$* < $* > $* <@> $: $1 < $2 > $3 unmark R@ $* <@> $: @ $1 unmark @host:... R$* :: $* <@> $: $1 :: $2 unmark node::addr R:`include': $* <@> $: :`include': $1 unmark :`include':... R$* [ IPv6 $- ] <@> $: $1 [ IPv6 $2 ] unmark IPv6 addr R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon R$* : $* <@> $: $2 strip colon if marked R$* <@> $: $1 unmark R$* ; $1 strip trailing semi +R$* < $+ :; > $* $@ $2 :; <@> catch R$* < $* ; > $1 < $2 > bogus bracketed semi # null input now results from list:; syntax R$@ $@ :; <@> # strip angle brackets -- note RFC733 heuristic to get innermost item R$* $: < $1 > housekeeping <> R$+ < $* > < $2 > strip excess on left R< $* > $+ < $1 > strip excess on right R<> $@ < @ > MAIL FROM:<> case R< $+ > $: $1 remove housekeeping <> ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl # make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later R@ $+ , $+ @ $1 : $2 change all "," to ":" # localize and dispose of route-based addresses R@ $+ : $+ $@ $>Canonify2 < @$1 > : $2 handle dnl',`dnl # strip route address <@a,@b,@c:user@d> -> R@ $+ , $+ $2 R@ $+ : $+ $2 dnl') # find focus for list syntax R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax R $+ : $* ; $@ $1 : $2; list syntax # find focus for @ syntax addresses R$+ @ $+ $: $1 < @ $2 > focus on domain R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical # do some sanity checking R$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs ifdef(`_NO_UUCP_', `dnl', `# convert old-style addresses to a domain-based address R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains ') ifdef(`_USE_DECNET_SYNTAX_', `# convert node::user addresses into a domain-based address R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr ', `dnl') # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name R$* $@ $>Canonify2 $1 ################################################ ### Ruleset 96 -- bottom half of ruleset 3 ### ################################################ SCanonify2=96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain ifdef(`_NO_UUCP_', `dnl', `R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain') # check for IPv6 domain literal (save quoted form) R$* < @ [ IPv6 $- ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr R$- $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal R$- $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 $1 ] > $4 canon IP addr # check for IPv4 domain literal R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr ifdef(`_DOMAIN_TABLE_', `dnl # look up domains in the domain table R$* < @ $+ > $* $: $1 < @ $(domaintable $2 $) > $3', `dnl') undivert(2)dnl LOCAL_RULE_3 ifdef(`_BITDOMAIN_TABLE_', `dnl # handle BITNET mapping R$* < @ $+ .BITNET > $* $: $1 < @ $(bitdomain $2 $: $2.BITNET $) > $3', `dnl') ifdef(`_UUDOMAIN_TABLE_', `dnl # handle UUCP mapping R$* < @ $+ .UUCP > $* $: $1 < @ $(uudomain $2 $: $2.UUCP $) > $3', `dnl') ifdef(`_NO_UUCP_', `dnl', `ifdef(`UUCP_RELAY', `# pass UUCP addresses straight through R$* < @ $+ . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `# if really UUCP, handle it immediately ifdef(`_CLASS_U_', `R$* < @ $=U . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') ifdef(`_CLASS_V_', `R$* < @ $=V . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') ifdef(`_CLASS_W_', `R$* < @ $=W . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') ifdef(`_CLASS_X_', `R$* < @ $=X . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') ifdef(`_CLASS_Y_', `R$* < @ $=Y . UUCP > $* $@ $1 < @ $2 . UUCP . > $3', `dnl') ifdef(`_NO_CANONIFY_', `dnl', `dnl # try UUCP traffic as a local address R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3') ')') # hostnames ending in class P are always canonical R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 dnl apply the next rule only for hostnames not in class P dnl this even works for phrases in class P since . is in class P dnl which daemon flags are set? R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 dnl the other rules in this section only apply if the hostname dnl does not end in class P hence no further checks are done here dnl if this ever changes make sure the lookups are "protected" again! ifdef(`_NO_CANONIFY_', `dnl dnl do not canonify unless: dnl domain ends in class {Canonify} (this does not work if the intersection dnl with class P is non-empty) dnl or {daemon_flags} has c set # pass to name server to make hostname canonical if in class {Canonify} R$* $| $* < @ $* $={Canonify} > $* $: $2 < @ $[ $3 $4 $] > $5 # pass to name server to make hostname canonical if requested R$* c $* $| $* < @ $* > $* $: $3 < @ $[ $4 $] > $5 dnl trailing dot? -> do not apply _CANONIFY_HOSTS_ R$* $| $* < @ $+ . > $* $: $2 < @ $3 . > $4 # add a trailing dot to qualified hostnames so other rules will work R$* $| $* < @ $+.$+ > $* $: $2 < @ $3.$4 . > $5 ifdef(`_CANONIFY_HOSTS_', `dnl dnl this should only apply to unqualified hostnames dnl but if a valid character inside an unqualified hostname is an OperatorChar dnl then $- does not work. # lookup unqualified hostnames R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4', `dnl')', `dnl dnl _NO_CANONIFY_ is not set: canonify unless: dnl {daemon_flags} contains CC (do not canonify) +dnl but add a trailing dot to qualified hostnames so other rules will work +dnl should we do this for every hostname: even unqualified? +R$* CC $* $| $* < @ $+.$+ > $* $: $3 < @ $4.$5 . > $6 R$* CC $* $| $* $: $3 # pass to name server to make hostname canonical R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4') dnl remove {daemon_flags} for other cases R$* $| $* $: $2 # local host aliases and pseudo-domains are always canonical R$* < @ $=w > $* $: $1 < @ $2 . > $3 ifdef(`_MASQUERADE_ENTIRE_DOMAIN_', `R$* < @ $* $=M > $* $: $1 < @ $2 $3 . > $4', `R$* < @ $=M > $* $: $1 < @ $2 . > $3') ifdef(`_VIRTUSER_TABLE_', `dnl dnl virtual hosts are also canonical ifdef(`_VIRTUSER_ENTIRE_DOMAIN_', `R$* < @ $* $={VirtHost} > $* $: $1 < @ $2 $3 . > $4', `R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3')', `dnl') dnl remove superfluous dots (maybe repeatedly) which may have been added dnl by one of the rules before R$* < @ $* . . > $* $1 < @ $2 . > $3 ################################################## ### Ruleset 4 -- Final Output Post-rewriting ### ################################################## Sfinal=4 +R$+ :; <@> $@ $1 : handle R$* <@> $@ handle <> and list:; # strip trailing dot off possibly canonical name R$* < @ $+ . > $* $1 < @ $2 > $3 # eliminate internal code R$* < @ *LOCAL* > $* $1 < @ $j > $2 # externalize local domain info R$* < $+ > $* $1 $2 $3 defocus R@ $+ : @ $+ : $+ @ $1 , @ $2 : $3 canonical R@ $* $@ @ $1 ... and exit ifdef(`_NO_UUCP_', `dnl', `# UUCP must always be presented in old form R$+ @ $- . UUCP $2!$1 u@h.UUCP => h!u') ifdef(`_USE_DECNET_SYNTAX_', `# put DECnet back in :: form R$+ @ $+ . DECNET $2 :: $1 u@h.DECNET => h::u', `dnl') # delete duplicate local names R$+ % $=w @ $=w $1 @ $2 u%host@host => u@host ############################################################## ### Ruleset 97 -- recanonicalize and call ruleset zero ### ### (used for recursive calls) ### ############################################################## SRecurse=97 R$* $: $>canonify $1 R$* $@ $>parse $1 ###################################### ### Ruleset 0 -- Parse Address ### ###################################### Sparse=0 R$* $: $>Parse0 $1 initial parsing R<@> $#_LOCAL_ $: <@> special case error msgs R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing # # Parse0 -- do initial syntax checking and eliminate local addresses. # This should either return with the (possibly modified) input # or return with a #error mailer. It should not return with a # #mailer other than the #error mailer. # SParse0 R<@> $@ <@> special case error msgs R$* : $* ; <@> $#error $@ 5.1.3 $: "501 List:; syntax illegal for recipient addresses" R@ <@ $* > < @ $1 > catch "@@host" bogosity R<@ $+> $#error $@ 5.1.3 $: "501 User address required" R$* $: <> $1 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "501 Colon illegal in host name part" R<> $* $1 R$* < @ . $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" dnl comma only allowed before @; this check is not complete R$* , $~O $* $#error $@ 5.1.2 $: "501 Invalid route address" # now delete the local info -- note $=O to find characters that cause forwarding R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here R< @ $+ > $#error $@ 5.1.3 $: "501 User address required" R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" R< @ *LOCAL* > $#error $@ 5.1.3 $: "501 User address required" R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 # # Parse1 -- the bottom half of ruleset 0. # SParse1 ifdef(`_LDAP_ROUTING_', `dnl # handle LDAP routing for hosts in $={LDAPRoute} R$+ < @ $={LDAPRoute} . > $: $>LDAPExpand <$1 < @ $2 . >> <$1 @ $2>', `dnl') ifdef(`_MAILER_smtp_', `# handle numeric address spec dnl there is no check whether this is really an IP number R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path R$* < @ [ IPv6 $- ] : > $* $#_SMTP_ $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 $2 ] > $3 no smarthost: send R$* < @ [ $+ ] : > $* $#_SMTP_ $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer R$* < @ [ $+ ] : $+ > $* $#_SMTP_ $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer', `dnl') ifdef(`_VIRTUSER_TABLE_', `dnl # handle virtual users R$+ $: $1 Mark for lookup ifdef(`_VIRTUSER_ENTIRE_DOMAIN_', `R $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@ $1 $: @ $) > $1 < @ $2 $3 . >', `R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >') R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . > dnl try default entry: @domain dnl +*@domain R<@> $+ + $+ < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > dnl @domain if +detail exists R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > dnl without +detail (or no match) R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ $: $1 R $+ $: $1 R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< $+ > $+ < @ $+ > $: $>Recurse $1', `dnl') # short circuit local delivery so forwarded email works ifdef(`_MAILER_usenet_', `dnl R$+ . USENET < @ $=w . > $#usenet $@ usenet $: $1 handle usenet specially', `dnl') ifdef(`_STICKY_LOCAL_DOMAIN_', `R$+ < @ $=w . > $: < $H > $1 < @ $2 . > first try hub R< $+ > $+ < $+ > $>MailerToTriple < $1 > $2 < $3 > yep .... dnl $H empty (but @$=w.) R< > $+ + $* < $+ > $#_LOCAL_ $: $1 + $2 plussed name? R< > $+ < $+ > $#_LOCAL_ $: @ $1 nope, local address', `R$=L < @ $=w . > $#_LOCAL_ $: @ $1 special local names R$+ < @ $=w . > $#_LOCAL_ $: $1 regular local name') ifdef(`_MAILER_TABLE_', `dnl # not local -- try mailer table lookup R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name R< $+ . > $* $: < $1 > $2 strip trailing dot R< $+ > $* $: < $(mailertable $1 $) > $2 lookup dnl it is $~[ instead of $- to avoid matches on IPv6 addresses R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? R< $+ > $* $: $>Mailertable <$1> $2 try domain', `dnl') undivert(4)dnl UUCP rules from `MAILER(uucp)' ifdef(`_NO_UUCP_', `dnl', `# resolve remotely connected UUCP links (if any) ifdef(`_CLASS_V_', `R$* < @ $=V . UUCP . > $* $: $>MailerToTriple < $V > $1 <@$2.UUCP.> $3', `dnl') ifdef(`_CLASS_W_', `R$* < @ $=W . UUCP . > $* $: $>MailerToTriple < $W > $1 <@$2.UUCP.> $3', `dnl') ifdef(`_CLASS_X_', `R$* < @ $=X . UUCP . > $* $: $>MailerToTriple < $X > $1 <@$2.UUCP.> $3', `dnl')') # resolve fake top level domains by forwarding to other hosts ifdef(`BITNET_RELAY', `R$*<@$+.BITNET.>$* $: $>MailerToTriple < $B > $1 <@$2.BITNET.> $3 user@host.BITNET', `dnl') ifdef(`DECNET_RELAY', `R$*<@$+.DECNET.>$* $: $>MailerToTriple < $C > $1 <@$2.DECNET.> $3 user@host.DECNET', `dnl') ifdef(`_MAILER_pop_', `R$+ < @ POP. > $#pop $: $1 user@POP', `dnl') ifdef(`_MAILER_fax_', `R$+ < @ $+ .FAX. > $#fax $@ $2 $: $1 user@host.FAX', `ifdef(`FAX_RELAY', `R$*<@$+.FAX.>$* $: $>MailerToTriple < $F > $1 <@$2.FAX.> $3 user@host.FAX', `dnl')') ifdef(`UUCP_RELAY', `# forward non-local UUCP traffic to our UUCP relay R$*<@$*.UUCP.>$* $: $>MailerToTriple < $Y > $1 <@$2.UUCP.> $3 uucp mail', `ifdef(`_MAILER_uucp_', `# forward other UUCP traffic straight to UUCP R$* < @ $+ .UUCP. > $* $#_UUCP_ $@ $2 $: $1 < @ $2 .UUCP. > $3 user@host.UUCP', `dnl')') ifdef(`_MAILER_usenet_', ` # addresses sent to net.group.USENET will get forwarded to a newsgroup R$+ . USENET $#usenet $@ usenet $: $1', `dnl') ifdef(`_LOCAL_RULES_', `# figure out what should stay in our local mail system undivert(1)', `dnl') # pass names that still have a host to a smarthost (if defined) R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names ifdef(`_MAILER_smtp_', `R$* < @$* > $* $#_SMTP_ $@ $2 $: $1 < @ $2 > $3 user@host.domain', `R$* < @$* > $* $#error $@ 5.1.2 $: "501 Unrecognized host name " $2') # handle locally delivered names R$=L $#_LOCAL_ $: @ $1 special local names R$+ $#_LOCAL_ $: $1 regular local names ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### SLocal_localaddr Slocaladdr=5 R$+ $: $1 $| $>"Local_localaddr" $1 R$+ $| $#$* $#$2 R$+ $| $* $: $1 ifdef(`_FFR_5_', ` # Preserve host in a macro R$+ $: $(macro {LocalAddrHost} $) $1 R$+ @ $+ $: $(macro {LocalAddrHost} $@ @ $2 $) $1') ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', `', ` # deal with plussed users so aliases work nicely R$+ + * $#_LOCAL_ $@ $&h $: $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') R$+ + $* $#_LOCAL_ $@ + $2 $: $1 + *`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') ') # prepend an empty "forward host" on the front R$+ $: <> $1 ifdef(`LUSER_RELAY', `dnl # send unrecognized local users to a relay host ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', ` R< > $+ + $* $: < ? $L > <+ $2> $(user $1 $) look up user+ R< > $+ $: < ? $L > < > $(user $1 $) look up user R< ? $* > < $* > $+ <> $: < > $3 $2 found; strip $L R< ? $* > < $* > $+ $: < $1 > $3 $2 not found', ` R< > $+ $: < $L > $(user $1 $) look up user R< $* > $+ <> $: < > $2 found; strip $L')', `dnl') # see if we have a relay or a hub R< > $+ $: < $H > $1 try hub R< > $+ $: < $R > $1 try relay ifdef(`_PRESERVE_LOCAL_PLUS_DETAIL_', ` R< > $+ $@ $1', ` R< > $+ $: < > < $1 <> $&h > nope, restore +detail R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#_LOCAL_ $@ $2 $: @ $1`'ifdef(`_FFR_5_', ` $&{LocalAddrHost}') strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in R$+ <> + $* $: $1 + $2 check whether +detail R$+ <> $* $: $1 else discard') R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension R< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > ifdef(`_MAILER_TABLE_', `dnl ################################################################### ### Ruleset 90 -- try domain part of mailertable entry ### dnl input: LeftPartOfDomain FullAddress ################################################################### SMailertable=90 dnl shift and check dnl %2 is not documented in cf/README R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 dnl it is $~[ instead of $- to avoid matches on IPv6 addresses R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again dnl is $2 always empty? R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? dnl return full address R< $* > $* $@ $2 no mailertable match', `dnl') ################################################################### ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### dnl input: in general: <[mailer:]host> lp<@domain>rest dnl <> address -> address dnl -> error dnl -> error dnl lp<@domain>rest -> mailer host user dnl address -> mailer host address dnl address -> address dnl <[IPv6 number]> address -> relay number address dnl address -> relay host address ################################################################### SMailerToTriple=95 R< > $* $@ $1 strip off null relay R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< local : $* > $* $>CanonLocal < $1 > $2 R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host R< [ IPv6 $+ ] > $* $#_RELAY_ $@ $(dequote $1 $) $: $2 use unqualified mailer R< $+ > $* $#_RELAY_ $@ $1 $: $2 use unqualified mailer ################################################################### ### Ruleset CanonLocal -- canonify local: syntax ### dnl input: address dnl <@host> : rest -> Recurse rest dnl p1 $=O p2 <@host> -> Recurse p1 $=O p2 dnl <> user <@host> rest -> local user@host user dnl <> user -> local user user dnl lp <@domain> rest -> lp <@host> [cont] dnl lp <@host> rest -> local lp@host user dnl lp -> local lp user ################################################################### SCanonLocal # strip local host from routed addresses R< $* > < @ $+ > : $+ $@ $>Recurse $3 R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 # strip trailing dot from any host name that may appear R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > # handle local: syntax -- use old user, either with or without host R< > $* < @ $* > $* $#_LOCAL_ $@ $1@$2 $: $1 R< > $+ $#_LOCAL_ $@ $1 $: $1 # handle local:user@host syntax -- ignore host part R< $+ @ $+ > $* < @ $* > $: < $1 > $3 < @ $4 > # handle local:user syntax R< $+ > $* <@ $* > $* $#_LOCAL_ $@ $2@$3 $: $1 R< $+ > $* $#_LOCAL_ $@ $2 $: $1 ################################################################### ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### SMasqHdr=93 ifdef(`_GENERICS_TABLE_', `dnl # handle generics database ifdef(`_GENERICS_ENTIRE_DOMAIN_', dnl if generics should be applied add a @ as mark `R$+ < @ $* $=G . > $: < $1@$2$3 > $1 < @ $2$3 . > @ mark', `R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark') R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark dnl workspace: either user<@domain> or user <@domain> @ dnl ignore the first case for now dnl if it has the mark lookup full address R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > dnl workspace: ... or user <@domain> dnl no match, try user+detail@domain R<@$+ + $* @ $+> $+ < @ $+ > $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > R<@$+ + $* @ $+> $+ < @ $+ > $: < $(generics $1@$3 $: $) > $4 < @ $5 > dnl no match, remove mark R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > dnl no match, try @domain for exceptions R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > dnl workspace: ... or user <@domain> dnl no match, try local part R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified R< > $* $: $1 not found', `dnl') # do not masquerade anything in class N R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > # special case the users that should be exposed R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed ifdef(`_MASQUERADE_ENTIRE_DOMAIN_', `R$=E < @ $* $=M . > $@ $1 < @ $2 $3 . >', `R$=E < @ $=M . > $@ $1 < @ $2 . >') ifdef(`_LIMITED_MASQUERADE_', `dnl', `R$=E < @ $=w . > $@ $1 < @ $2 . >') # handle domain-specific masquerading ifdef(`_MASQUERADE_ENTIRE_DOMAIN_', `R$* < @ $* $=M . > $* $: $1 < @ $2 $3 . @ $M > $4 convert masqueraded doms', `R$* < @ $=M . > $* $: $1 < @ $2 . @ $M > $3 convert masqueraded doms') ifdef(`_LIMITED_MASQUERADE_', `dnl', `R$* < @ $=w . > $* $: $1 < @ $2 . @ $M > $3') R$* < @ *LOCAL* > $* $: $1 < @ $j . @ $M > $2 R$* < @ $+ @ > $* $: $1 < @ $2 > $3 $M is null R$* < @ $+ @ $+ > $* $: $1 < @ $3 . > $4 $M is not null ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### SMasqEnv=94 ifdef(`_MASQUERADE_ENVELOPE_', `R$+ $@ $>MasqHdr $1', `R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2') ################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ################################################################### SParseLocal=98 undivert(3)dnl LOCAL_RULE_0 ifdef(`_LDAP_ROUTING_', `dnl SLDAPExpand # do the LDAP lookups R<$+><$+> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> # if mailRoutingAddress and local or non-existant mailHost, # return the new mailRoutingAddress R< $+ > < $=w > < $+ > < $+ > $@ $>Parse0 $>canonify $1 R< $+ > < > < $+ > < $+ > $@ $>Parse0 $>canonify $1 # if mailRoutingAddress and non-local mailHost, # relay to mailHost with new mailRoutingAddress R< $+ > < $+ > < $+ > < $+ > $#_RELAY_ $@ $2 $: $>canonify $1 # if no mailRoutingAddress and local mailHost, # return original address R< > < $=w > <$+> <$+> $@ $2 # if no mailRoutingAddress and non-local mailHost, # relay to mailHost with original address R< > < $+ > <$+> <$+> $#_RELAY_ $@ $1 $: $2 # if no mailRoutingAddress and no mailHost, # try @domain R< > < > <$+> <$+ @ $+> $@ $>LDAPExpand <$1> <@ $3> # if no mailRoutingAddress and no mailHost and this was a domain attempt, ifelse(_LDAP_ROUTING_, `_MUST_EXIST_', `dnl # user does not exist R< > < > <$+> <@ $+> $#error $@ nouser $: "550 User unknown"', `dnl # return the original address R< > < > <$+> <@ $+> $@ $1')', `dnl') ifelse(substr(confDELIVERY_MODE,0,1), `d', `errprint(`WARNING: Antispam rules not available in deferred delivery mode. ')') ifdef(`_ACCESS_TABLE_', `dnl ###################################################################### ### LookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) dnl must not be empty ### <$3> -- passthru (additional data passed unchanged through) ### <$4> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag dnl returns: dnl ###################################################################### SLookUpDomain dnl remove IPv6 mark and dequote address dnl it is a bit ugly because it is checked on each "iteration" R<[IPv6 $-]> <$+> <$*> <$*> $: <[$(dequote $1 $)]> <$2> <$3> <$4> dnl workspace dnl lookup with tag (in front, no delimiter here) R<$*> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5> dnl workspace ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest R <$+.$+> <$+> <$*> <$- $-> $: < $(access $5`'_TAG_DELIM_`'.$2 $: ? $) > <$1.$2> <$3> <$4> <$5 $6>', `dnl') dnl lookup without tag? R <$+> <$+> <$*> <+ $*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> ifdef(`_FFR_LOOKUPDOTDOMAIN', `dnl omit first component: lookup .rest R <$+.$+> <$+> <$*> <+ $*> $: < $(access .$2 $: ? $) > <$1.$2> <$3> <$4> <+ $5>', `dnl') dnl lookup IP address (no check is done whether it is an IP number!) R <[$+.$-]> <$+> <$*> <$*> $@ $>LookUpDomain <[$1]> <$3> <$4> <$5> dnl lookup IPv6 address +R <[$+::$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> R <[$+:$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> dnl not found, but subdomain: try again R <$+.$+> <$+> <$*> <$*> $@ $>LookUpDomain <$2> <$3> <$4> <$5> dnl not found, no subdomain: return default R <$+> <$+> <$*> <$*> $@ <$2> <$3> dnl return result of lookup R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> ###################################################################### ### LookUpAddress -- search for host address in access database ### ### Parameters: ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) dnl must not be empty ### <$3> -- passthru (additional data passed through) ### <$4> -- mark (must be <(!|+) single-token>) ### ! does lookup only with tag ### + does lookup with and without tag dnl returns: dnl ###################################################################### SLookUpAddress dnl lookup with tag R<$+> <$+> <$*> <$- $+> $: < $(access $5`'_TAG_DELIM_`'$1 $: ? $) > <$1> <$2> <$3> <$4 $5> dnl lookup without tag R <$+> <$+> <$*> <+ $+> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> dnl no match; IPv6: remove last part +R <$+::$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> R <$+:$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> dnl no match; IPv4: remove last part R <$+.$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> dnl no match: return default R <$+> <$+> <$*> <$*> $@ <$2> <$3> dnl match: return result R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4>', `dnl') ###################################################################### ### CanonAddr -- Convert an address into a standard form for ### relay checking. Route address syntax is ### crudely converted into a %-hack address. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed address, not in source route form dnl user%host%host<@domain> dnl host!user<@domain> ###################################################################### SCanonAddr R$* $: $>Parse0 $>canonify $1 make domain canonical ifdef(`_USE_DEPRECATED_ROUTE_ADDR_',`dnl R< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route R$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. R$* < @ $+ > : $* $3 $1 < @ $2 > dnl') ###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly ### $* $=m or the access database. ### Check user portion for host separators. ### ### Parameters: ### $1 -- full recipient address ### ### Returns: ### parsed, non-local-relaying address ###################################################################### SParseRecipient dnl mark and canonify address R$* $: $>CanonAddr $1 dnl workspace: localpart<@domain[.]> R $* < @ $* . > $1 < @ $2 > strip trailing dots dnl workspace: localpart<@domain> R $- < @ $* > $: $(dequote $1 $) < @ $2 > dequote local part # if no $=O character, no host in the user portion, we are done R $* $=O $* < @ $* > $: $1 $2 $3 < @ $4> dnl no $=O in localpart: return R $* $@ $1 dnl workspace: localpart<@domain>, where localpart contains $=O dnl mark everything which has an "authorized" domain with ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl # if we relay, check username portion for user%host so host can be checked also R $* < @ $* $=m > $: $1 < @ $2 $3 >', `dnl') ifdef(`_RELAY_MX_SERVED_', `dnl dnl do "we" ($=w) act as backup MX server for the destination domain? R $* < @ $+ > $: < : $(mxserved $2 $) : > < $1 < @$2 > > R < : $* : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 dnl yes: mark it as R < $* : $=w. : $* > < $+ > $: $4 dnl no: put old mark back R < : $* : > < $+ > $: $2', `dnl') dnl workspace: <(NO|RELAY)> localpart<@domain>, where localpart contains $=O dnl if mark is then change it to if domain is "authorized" ifdef(`_RELAY_HOSTS_ONLY_', `R $* < @ $=R > $: $1 < @ $2 > ifdef(`_ACCESS_TABLE_', `dnl R $* < @ $+ > $: <$(access To:$2 $: NO $)> $1 < @ $2 > R $* < @ $+ > $: <$(access $2 $: NO $)> $1 < @ $2 >',`dnl')', `R $* < @ $* $=R > $: $1 < @ $2 $3 > ifdef(`_ACCESS_TABLE_', `dnl R $* < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To> R<$+> <$+> $: <$1> $2',`dnl')') R $* < @ $* > $@ $>ParseRecipient $1 R<$-> $* $@ $2 ###################################################################### ### check_relay -- check hostname/address on SMTP startup ###################################################################### SLocal_check_relay Scheck`'_U_`'relay R$* $: $1 $| $>"Local_check_relay" $1 R$* $| $* $| $#$* $#$3 R$* $| $* $| $* $@ $>"Basic_check_relay" $1 $| $2 SBasic_check_relay # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 ifdef(`_ACCESS_TABLE_', `dnl dnl workspace: {client_name} $| {client_addr} R$+ $| $+ $: $>LookUpDomain < $1 > < $2 > <+Connect> dnl workspace: <{client_addr}> R <$+> $: $>LookUpAddress < $1 > < $1 > <+Connect> no: another lookup dnl workspace: <{client_addr}> R < $+ > $: $1 found nothing dnl workspace: <{client_addr}> dnl or {client_addr} R<$={Accept}> < $* > $@ $1 return value of lookup R $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') R $* $#discard $: discard dnl error tag R <$*> $#error $@ $1.$2.$3 $: $4 R <$*> $#error $: $1 dnl generic error from access map R<$+> <$*> $#error $: $1', `dnl') ifdef(`_RBL_',`dnl # DNS based IP address spam list R$* $: $&{client_addr} R::ffff:$-.$-.$-.$- $: $(host $4.$3.$2.$1._RBL_. $: OK $) R$-.$-.$-.$- $: $(host $4.$3.$2.$1._RBL_. $: OK $) ROK $: OKSOFAR R$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by blackhole site _RBL_"', `dnl') undivert(8) ###################################################################### ### check_mail -- check SMTP ``MAIL FROM:'' command argument ###################################################################### SLocal_check_mail Scheck`'_U_`'mail R$* $: $1 $| $>"Local_check_mail" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_mail" $1 SBasic_check_mail # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 # authenticated? dnl done first: we can require authentication for every mail transaction dnl workspace: address as given by MAIL FROM: (sender) R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL R$* $| $#$+ $#$2 dnl undo damage: remove result of tls_client call R$* $| $* $: $1 dnl workspace: address as given by MAIL FROM: R<> $@ we MUST accept <> (RFC 1123) ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl dnl do some additional checks dnl no user@host dnl no user@localhost (if nonlocal sender) dnl this is a pretty simple canonification, it will not catch every case dnl just make sure the address has <> around it (which is required by dnl the RFC anyway, maybe we should complain if they are missing...) dnl dirty trick: if it is user@host, just add a dot: user@host. this will dnl not be modified by host lookups. R$+ $: $1 R<$+> $: <@> <$1> R$+ $: <@> <$1> dnl workspace: <@>
dnl prepend daemon_flags R$* $: $&{daemon_flags} $| $1 dnl workspace: ${daemon_flags} $| <@>
dnl do not allow these at all or only from local systems? R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > dnl accept unqualified sender: change mark to avoid test R$* u $* $| <@> < $* > $: < $3 > dnl workspace: ${daemon_flags} $| <@>
dnl or:
dnl or:
dnl remove daemon_flags R$* $| $* $: $2 # handle case of @localhost on address R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > ifdef(`_NO_UUCP_', `dnl', `R<@> < $* @ localhost.UUCP > $: < ? $&{client_name} > < $1 @ localhost.UUCP >') dnl workspace: < ? $&{client_name} > dnl or: <@>
dnl or:
(thanks to u in ${daemon_flags}) R<@> $* $: $1 no localhost as domain dnl workspace: < ? $&{client_name} > dnl or:
dnl or:
(thanks to u in ${daemon_flags}) R $* $: $2 local client: ok R <$+> $#error $@ 5.5.4 $: "501 Real domain name required for sender address" dnl remove (happens only if ${client_name} == "" or u in ${daemon_flags}) R $* $: $1') dnl workspace: address (or
) R$* $: $>CanonAddr $1 canonify sender address and mark it dnl workspace: CanonicalAddress (i.e. address in canonical form localpart<@host>) dnl there is nothing behind the <@host> so no trailing $* needed R $* < @ $+ . > $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) R $* < @ $* $=P > $: $1 < @ $2 $3 > dnl workspace CanonicalAddress where mark is ? or OK ifdef(`_ACCEPT_UNRESOLVABLE_DOMAINS_', `R $* < @ $+ > $: $1 < @ $2 > ... unresolvable OK', `R $* < @ $+ > $: $) > $1 < @ $2 > R> $* < @ $+ > $: <$2> $3 < @ $4 >') dnl workspace CanonicalAddress where mark is ?, OK, PERM, TEMP dnl mark is ? iff the address is user (wo @domain) ifdef(`_ACCESS_TABLE_', `dnl # check sender address: user@address, user@, address dnl should we remove +ext from user? dnl workspace: CanonicalAddress where mark is: ?, OK, PERM, TEMP R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| R<$+> $+ $: @<$1> <$2> $| dnl workspace: @ $| <@type:address> .... dnl $| is used as delimiter, otherwise false matches may occur: > dnl will only return user<@domain when "reversing" the args R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <> dnl workspace: <@> $| R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result dnl workspace: # retransform for further use dnl required form: dnl CanonicalAddress R <$+> <$*> $: <$1> $2 no match R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it', `dnl') dnl workspace CanonicalAddress dnl mark is ? iff the address is user (wo @domain) ifdef(`_ACCEPT_UNQUALIFIED_SENDERS_',`dnl',`dnl # handle case of no @domain on address dnl prepend daemon_flags R $* $: $&{daemon_flags} $| $1 dnl accept unqualified sender: change mark to avoid test R$* u $* $| $* $: $3 dnl remove daemon_flags R$* $| $* $: $2 R $* $: < ? $&{client_name} > $1 R $* $@ ...local unqualed ok R $* $#error $@ 5.5.4 $: "501 Domain name required for sender address " $&f ...remote is not') # check results R $* $: @ $1 mark address: nothing known about it R $* $@ R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" R $* $#error $@ 5.1.8 $: "501 Domain of sender address " $&f " does not exist" ifdef(`_ACCESS_TABLE_', `dnl R<$={Accept}> $* $# $1 R $* $#discard $: discard R $* $#error ifdef(`confREJECT_MSG', `$: "confREJECT_MSG"', `$@ 5.7.1 $: "550 Access denied"') dnl error tag R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 dnl generic error from access map R<$+> $* $#error $: $1 error from access db', `dnl') ###################################################################### ### check_rcpt -- check SMTP ``RCPT TO:'' command argument ###################################################################### SLocal_check_rcpt Scheck`'_U_`'rcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1 SBasic_check_rcpt # check for deferred delivery mode R$* $: < ${deliveryMode} > $1 R< d > $* $@ deferred R< $* > $* $: $2 ifdef(`_REQUIRE_QUAL_RCPT_', `dnl # require qualified recipient? R$+ $: $1 R<$+> $: <@> <$1> R$+ $: <@> <$1> dnl prepend daemon_flags R$* $: $&{daemon_flags} $| $1 dnl workspace: ${daemon_flags} $| <@>
dnl do not allow these at all or only from local systems? R$* r $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > R < $* > $: <$1> R < $* > $: <$1> R <$+> $#error $@ 5.5.4 $: "553 Domain name required" dnl remove daemon_flags for other cases R$* $| <@> $* $: $2', `dnl') ifdef(`_LOOSE_RELAY_CHECK_',`dnl R$* $: $>CanonAddr $1 R$* < @ $* . > $1 < @ $2 > strip trailing dots', `R$* $: $>ParseRecipient $1 strip relayable hosts') ifdef(`_BESTMX_IS_LOCAL_',`dnl ifelse(_BESTMX_IS_LOCAL_, `', `dnl # unlimited bestmx R$* < @ $* > $* $: $1 < @ $2 @@ $(bestmx $2 $) > $3', `dnl # limit bestmx to $=B R$* < @ $* $=B > $* $: $1 < @ $2 $3 @@ $(bestmx $2 $3 $) > $4') R$* $=O $* < @ $* @@ $=w . > $* $@ $>"Basic_check_rcpt" $1 $2 $3 R$* < @ $* @@ $=w . > $* $: $1 < @ $3 > $4 R$* < @ $* @@ $* > $* $: $1 < @ $2 > $4') ifdef(`_BLACKLIST_RCPT_',`dnl ifdef(`_ACCESS_TABLE_', `dnl # blacklist local users or any host from receiving mail R$* $: $1 dnl user is now tagged with @ to be consistent with check_mail dnl and to distinguish users from hosts (com would be host, com@ would be user) R $+ < @ $=w > $: <> <$1 < @ $2 >> $| R $+ < @ $* > $: <> <$1 < @ $2 >> $| R $+ $: <> <$1> $| dnl $| is used as delimiter, otherwise false matches may occur: > dnl will only return user<@domain when "reversing" the args R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+To> $| <$2> <> R<@> <$*> $| <$*> $: <$2> <$1> reverse result R <$*> $: @ $1 mark address as no match R<$={Accept}> <$*> $: @ $2 mark address as no match ifdef(`_DELAY_CHECKS_',`dnl dnl we have to filter these because otherwise they would be interpreted dnl as generic error message... dnl error messages should be "tagged" by prefixing them with error: ! dnl that would make a lot of things easier. dnl maybe we should stop checks already here (if SPAM_xyx)? R<$={SpamTag}> <$*> $: @ $2 mark address as no match') R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" R $* $#discard $: discard dnl error tag R $* $#error $@ $1.$2.$3 $: $4 R $* $#error $: $1 dnl generic error from access map R<$+> $* $#error $: $1 error from access db R@ $* $1 remove mark', `dnl')', `dnl') ifdef(`_PROMISCUOUS_RELAY_', `divert(-1)') # authenticated? dnl do this unconditionally? this requires to manage CAs carefully dnl just because someone has a CERT signed by a "trusted" CA dnl does not mean we want to allow relaying for her, dnl either use a subroutine or provide something more sophisticated dnl this could for example check the DN (maybe an access map lookup) R$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated? R$* $| $# $+ $# $2 error/ok? R$* $| $* $: $1 no # authenticated by a trusted mechanism? R$* $: $1 $| $&{auth_type} dnl empty ${auth_type}? R$* $| $: $1 dnl mechanism ${auth_type} accepted? dnl use $# to override further tests (delay_checks): see check_rcpt below R$* $| $={TrustAuthMech} $# RELAYAUTH dnl undo addition of ${auth_type} R$* $| $* $: $1 -dnl workspace: localpart<@domain> +dnl workspace: localpart<@domain> | localpart ifelse(defn(`_NO_UUCP_'), `r', -`R$* ! $* < @ $* > $: $2 < @ BANG_PATH >', `dnl') +`R$* ! $* < @ $* > $: $2 < @ BANG_PATH > +R$* ! $* $: $2 < @ BANG_PATH >', `dnl') # anything terminating locally is ok ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl R$+ < @ $* $=m > $@ RELAYTO', `dnl') R$+ < @ $=w > $@ RELAYTO ifdef(`_RELAY_HOSTS_ONLY_', `R$+ < @ $=R > $@ RELAYTO ifdef(`_ACCESS_TABLE_', `dnl R$+ < @ $+ > $: <$(access To:$2 $: ? $)> <$1 < @ $2 >> dnl workspace: > R <$+ < @ $+ >> $: <$(access $2 $: ? $)> <$1 < @ $2 >>',`dnl')', `R$+ < @ $* $=R > $@ RELAYTO ifdef(`_ACCESS_TABLE_', `dnl R$+ < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To>',`dnl')') ifdef(`_ACCESS_TABLE_', `dnl dnl workspace: > R $* $@ RELAYTO R<$*> <$*> $: $2',`dnl') ifdef(`_RELAY_MX_SERVED_', `dnl # allow relaying for hosts which we MX serve R$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > dnl this must not necessarily happen if the client is checked first... R< : $* : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 R<$* : $=w . : $*> $* $@ RELAYTO R< : $* : > $* $: $2', `dnl') # check for local user (i.e. unqualified address) R$* $: $1 R $* < @ $+ > $: $1 < @ $2 > # local user is ok dnl is it really? the standard requires user@domain, not just user dnl but we should accept it anyway (maybe making it an option: dnl RequireFQDN ?) dnl postmaster must be accepted without domain (DRUMS) ifdef(`_REQUIRE_QUAL_RCPT_', `dnl R postmaster $@ TOPOSTMASTER # require qualified recipient? dnl prepend daemon_flags R $+ $: $&{daemon_flags} $| $1 dnl workspace: ${daemon_flags} $| localpart dnl do not allow these at all or only from local systems? dnl r flag? add client_name R$* r $* $| $+ $: < ? $&{client_name} > $3 dnl no r flag: relay to local user (only local part) # no qualified recipient required R$* $| $+ $@ RELAYTOLOCAL dnl client_name is empty R $+ $@ RELAYTOLOCAL dnl client_name is local R $+ $@ RELAYTOLOCAL dnl client_name is not local R $+ $#error $@ 5.5.4 $: "553 Domain name required"', `dnl dnl no qualified recipient required R $+ $@ RELAYTOLOCAL') dnl it is a remote user: remove mark and then check client R<$+> $* $: $2 dnl currently the recipient address is not used below # anything originating locally is ok # check IP address R$* $: $&{client_addr} R$@ $@ RELAYFROM originated locally R0 $@ RELAYFROM originated locally R$=R $* $@ RELAYFROM relayable IP address ifdef(`_ACCESS_TABLE_', `dnl R$* $: $>LookUpAddress <$1> <$1> <+Connect> R $* $@ RELAYFROM relayable IP address R<$*> <$*> $: $2', `dnl') R$* $: [ $1 ] put brackets around it... R$=w $@ RELAYFROM ... and see if it is local ifdef(`_RELAY_DB_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl ifdef(`_RELAY_LOCAL_FROM_', `define(`_RELAY_MAIL_FROM_', `1')')dnl ifdef(`_RELAY_MAIL_FROM_', `dnl dnl input: {client_addr} or something "broken" dnl just throw the input away; we do not need it. # check whether FROM is allowed to use system as relay R$* $: $>CanonAddr $&f ifdef(`_RELAY_LOCAL_FROM_', `dnl # check whether local FROM is ok R $+ < @ $=w . > $@ RELAYFROMMAIL FROM local', `dnl') ifdef(`_RELAY_DB_FROM_', `dnl R $+ < @ $+ . > $1 < @ $2 > remove trailing dot R $+ < @ $+ > $: $1 < @ $2 > $| $>SearchList $| ifdef(`_RELAY_DB_FROM_DOMAIN_', `') <> R$* $@ RELAYFROMMAIL RELAY FROM sender ok', `dnl ifdef(`_RELAY_DB_FROM_DOMAIN_', `errprint(`*** ERROR: _RELAY_DB_FROM_DOMAIN_ requires _RELAY_DB_FROM_ ')', `dnl') dnl')', `dnl') # check client name: first: did it resolve? dnl input: ignored R$* $: < $&{client_resolve} > R $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} dnl ${client_resolve} should be OK, so go ahead R$* $: $&{client_name} # pass to name server to make hostname canonical R $* $~P $: $[ $1 $2 $] R$* . $1 strip trailing dots dnl should not be necessary since it has been done for client_addr already R $@ RELAYFROM ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl R $* $=m $@ RELAYFROM', `dnl') R $=w $@ RELAYFROM ifdef(`_RELAY_HOSTS_ONLY_', `R $=R $@ RELAYFROM ifdef(`_ACCESS_TABLE_', `dnl R $* $: <$(access Connect:$1 $: ? $)> <$1> R <$*> $: <$(access $1 $: ? $)> <$1>',`dnl')', `R $* $=R $@ RELAYFROM ifdef(`_ACCESS_TABLE_', `dnl R $* $: $>LookUpDomain <$1> <$1> <+Connect>',`dnl')') ifdef(`_ACCESS_TABLE_', `dnl R $* $@ RELAYFROM R<$*> <$*> $: $2',`dnl') # anything else is bogus R$* $#error $@ 5.7.1 $: confRELAY_MSG divert(0) ifdef(`_DELAY_CHECKS_',`dnl # turn a canonical address in the form user<@domain> # qualify unqual. addresses with $j dnl it might have been only user (without <@domain>) SFullAddr R$* <@ $+ . > $1 <@ $2 > R$* <@ $* > $@ $1 <@ $2 > R$+ $@ $1 <@ $j > # call all necessary rulesets Scheck_rcpt dnl this test should be in the Basic_check_rcpt ruleset dnl which is the correct DSN code? # R$@ $#error $@ 5.1.3 $: "553 Recipient address required" R$+ $: $1 $| $>checkrcpt $1 dnl now we can simply stop checks by returning "$# xyz" instead of just "ok" R$+ $| $#$* $#$2 R$+ $| $* $: $>FullAddr $>CanonAddr $1 ifdef(`_SPAM_FH_', `dnl lookup user@ and user@address ifdef(`_ACCESS_TABLE_', `', `errprint(`*** ERROR: FEATURE(`delay_checks', `argument') requires FEATURE(`access_db') ')')dnl dnl one of the next two rules is supposed to match dnl this code has been copied from BLACKLIST... etc dnl and simplified by omitting some < >. R $+ < @ $=w > $: <> $1 < @ $2 > $| R $+ < @ $* > $: <> $1 < @ $2 > $| dnl R $@ something_is_very_wrong_here # lookup the addresses only with To tag R<> $* $| <$+> $: <@> $1 $| $>SearchList $| <$2> <> R<@> $* $| $* $: $2 $1 reverse result dnl', `dnl') ifdef(`_SPAM_FRIEND_', `# is the recipient a spam friend? ifdef(`_SPAM_HATER_', `errprint(`*** ERROR: define either SpamHater or SpamFriend ')', `dnl') R $+ $@ SPAMFRIEND R<$*> $+ $: $2', `dnl') ifdef(`_SPAM_HATER_', `# is the recipient no spam hater? R $+ $: $1 spam hater: continue checks R<$*> $+ $@ NOSPAMHATER everyone else: stop dnl',`dnl') dnl run further checks: check_mail dnl should we "clean up" $&f? R$* $: $1 $| $>checkmail <$&f> R$* $| $#$* $#$2 dnl run further checks: check_relay R$* $: $1 $| $>checkrelay $&{client_name} $| $&{client_addr} R$* $| $#$* $#$2 R$* $| $* $: $1 ', `dnl') ifdef(`_ACCESS_TABLE_', `dnl ###################################################################### ### SearchList: search a list of items in the access map ### Parameters: ### $| ... <> dnl maybe we should have a @ (again) in front of the mark to dnl avoid errorneous matches (with error messages?) dnl if we can make sure that tag is always a single token dnl then we can omit the delimiter $|, otherwise we need it dnl to avoid errorneous matchs (first rule: H: if there dnl is that mark somewhere in the list, it will be taken). dnl moreover, we can do some tricks to enforce lookup with dnl the tag only, e.g.: ### where "exact" is either "+" or "!": ### <+ TAG> lookup with and w/o tag ### lookup with tag dnl Warning: + and ! should be in OperatorChars (otherwise there must be dnl a blank between them and the tag. ### possible values for "mark" are: ### H: recursive host lookup (LookUpDomain) dnl A: recursive address lookup (LookUpAddress) [not yet required] ### E: exact lookup, no modifications ### F: full lookup, try user+ext@domain and user@domain ### U: user lookup, try user+ext and user (input must have trailing @) ### return: or (not found) ###################################################################### # class with valid marks for SearchList dnl if A is activated: add it C{src}E F H U SSearchList # mark H: lookup domain R<$+> $| <$*> $: <$1> $| <@> $>LookUpDomain <$2> <$3> <$1> R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> dnl A: NOT YET REQUIRED dnl R<$+> $| <$*> $: <$1> $| <@> $>LookUpAddress <$2> <$3> <$1> dnl R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> dnl lookup of the item with tag dnl this applies to F: U: E: R<$- $-> $| <$={src}:$+> <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$4 $: $3:$4 $)> <$5> dnl no match, try without tag R<+ $-> $| <$={src}:$+> <$*> $: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4> dnl do we really have to distinguish these cases? dnl probably yes, there might be a + in the domain part (is that allowed?) dnl user+detail lookups: should it be: dnl user+detail, user+*, user; just like aliases? R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@$5 $: F:$3 + $4@$5$)> <$6> R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5> dnl user lookups are always with trailing @ dnl do not remove the @ from the lookup: dnl it is part of the +detail@ which is omitted for the lookup R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2`'_TAG_DELIM_`'$3@ $: U:$3 + $4$)> <$5> dnl no match, try without tag R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4> dnl no match, try rest of list R<$+> $| <$={src}:$+> <$+> $@ $>SearchList <$1> $| <$4> dnl no match, list empty: return failure R<$+> $| <$={src}:$+> <> $@ dnl got result, return it R<$+> $| <$+> <$*> $@ <$2> dnl return result from recursive invocation R<$+> $| <$+> $@ <$2>', `dnl') # is user trusted to authenticate as someone else? dnl AUTH= parameter from MAIL command Strust_auth R$* $: $&{auth_type} $| $1 # required by RFC 2554 section 4. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" dnl seems to be useful... R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical dnl call user supplied code R$* $| $* $: $1 $| $>"Local_trust_auth" $1 R$* $| $#$* $#$2 dnl default: error R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} dnl empty ruleset definition so it can be called SLocal_trust_auth ifdef(`_FFR_TLS_O_T', `dnl Soffer_tls R$* $: $>LookUpDomain <$&{client_name}> <> R$* $: $>LookUpAddress <$&{client_addr}> <> R$* $: <$(access TLS_OFF_TAG: $: ? $)> R$* $@ OK R <> $#error $@ 5.7.1 $: "550 do not offer TLS for " $&{client_name} " ["$&{client_addr}"]" Stry_tls R$* $: $>LookUpDomain <$&{server_name}> <> R$* $: $>LookUpAddress <$&{server_addr}> <> R$* $: <$(access TLS_TRY_TAG: $: ? $)> R$* $@ OK -R <> $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" +R$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" ')dnl # is connection with client "good" enough? (done in server) # input: ${verify} $| (MAIL|STARTTLS) dnl MAIL: called from check_mail dnl STARTTLS: called from smtp() after STARTTLS has been accepted Stls_client ifdef(`_ACCESS_TABLE_', `dnl dnl ignore second arg for now dnl maybe use it to distinguish permanent/temporary error? dnl if MAIL: permanent (STARTTLS has not been offered) dnl if STARTTLS: temporary (offered but maybe failed) R$* $| $* $: $1 $| $>LookUpDomain <$&{client_name}> <> R$* $| $* $: $1 $| $>LookUpAddress <$&{client_addr}> <> dnl do a default lookup: just TLS_CLT_TAG R$* $| $* $: $1 $| <$(access TLS_CLT_TAG`'_TAG_DELIM_ $: ? $)> R$* $@ $>"tls_connection" $1', `dnl R$* $| $* $@ $>"tls_connection" $1') # is connection with server "good" enough? (done in client) dnl i.e. has the server been authenticated and is encryption active? dnl called from deliver() after STARTTLS command # input: ${verify} Stls_server ifdef(`_ACCESS_TABLE_', `dnl R$* $: $1 $| $>LookUpDomain <$&{server_name}> <> R$* $| $* $: $1 $| $>LookUpAddress <$&{server_addr}> <> dnl do a default lookup: just TLS_SRV_TAG R$* $| $* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> R$* $@ $>"tls_connection" $1', `dnl R$* $@ $>"tls_connection" $1') Stls_connection ifdef(`_ACCESS_TABLE_', `dnl dnl common ruleset for tls_{client|server} dnl input: $&{verify} $| [<>] dnl remove optional <> R$* $| <$*>$* $: $1 $| <$2> dnl permanent or temporary error? R$* $| $: $1 $| <503:5.7.0> <$2 $3> R$* $| $: $1 $| <403:4.7.0> <$2 $3> dnl default case depends on TLS_PERM_ERR R$* $| <$={tls} $*> $: $1 $| <$2 $3> dnl deal with TLS handshake failures: abort RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." dnl no i.e. not requirements in the access map dnl use default error RSOFTWARE $| $* $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake failed." R$* $| <$*> $: <$2> $1 R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> $1 dnl some other value in access map: accept dnl this also allows to override the default case (if used) R$* $| $* $@ OK # authentication required: give appropriate error # other side did authenticate (via STARTTLS) dnl workspace: <{VERIFY,ENCR}[:BITS]> ${verify} dnl only verification required and it succeeded R<$*> OK $@ OK dnl verification required + some level of encryption R<$*> OK $: <$1> dnl just some level of encryption required R<$*> $* $: <$1> dnl verification required but ${verify} is not set R<$-:$+> $#error $@ $2 $: $1 " authentication required" R<$-:$+> FAIL $#error $@ $2 $: $1 " authentication failed" R<$-:$+> NO $#error $@ $2 $: $1 " not authenticated" R<$-:$+> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" dnl some other value for ${verify} R<$-:$+> $+ $#error $@ $2 $: $1 " authentication failure " $4 dnl some level of encryption required: get the maximum level R<$*> $: <$1> $>max $&{cipher_bits} : $&{auth_ssf} dnl compare required bits with actual bits R<$*> $- $: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $) R<$-:$+><$-:$-> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 Smax dnl compute the max of two values separated by : R: $: 0 R:$- $: $1 R$-: $: $1 R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 RTRUE:$-:$- $: $2 R$-:$-:$- $: $2', `dnl use default error dnl deal with TLS handshake failures: abort RSOFTWARE $#error $@ ifdef(`TLS_PERM_ERR', `5.7.0', `4.7.0') $: "ifdef(`TLS_PERM_ERR', `503', `403') TLS handshake."') SRelayAuth # authenticated? dnl we do not allow relaying for anyone who can present a cert dnl signed by a "trusted" CA. For example, even if we put verisigns dnl CA in CERTPath so we can authenticate users, we do not allow dnl them to abuse our server (they might be easier to get hold of, dnl but anyway). dnl so here is the trick: if the verification succeeded dnl we look up the cert issuer in the access map dnl (maybe after extracting a part with a regular expression) dnl if this returns RELAY we relay without further questions dnl if it returns SUBJECT we perform a similar check on the dnl cert subject. R$* $| OK $: $1 R$* $| $* $@ NO not authenticated ifdef(`_ACCESS_TABLE_', `dnl ifdef(`_CERT_REGEX_ISSUER_', `dnl R$* $: $1 $| $(CERTIssuer $&{cert_issuer} $)', `R$* $: $1 $| $&{cert_issuer}') R$* $| $+ $: $1 $| $(access CERTISSUER:$2 $) dnl use $# to stop further checks (delay_check) R$* $| RELAY $# RELAYCERTISSUER ifdef(`_CERT_REGEX_SUBJECT_', `dnl R$* $| SUBJECT $: $1 $| <@> $(CERTSubject $&{cert_subject} $)', `R$* $| SUBJECT $: $1 $| <@> $&{cert_subject}') R$* $| <@> $+ $: $1 $| <@> $(access CERTSUBJECT:$2 $) R$* $| <@> RELAY $# RELAYCERTSUBJECT R$* $| $* $: $1', `dnl') undivert(9)dnl LOCAL_RULESETS ifdef(`_FFR_MILTER', ` # ###################################################################### ###################################################################### ##### `##### MAIL FILTER DEFINITIONS' ##### ###################################################################### ###################################################################### _MAIL_FILTERS_') # ###################################################################### ###################################################################### ##### `##### MAILER DEFINITIONS' ##### ###################################################################### ###################################################################### undivert(7)dnl MAILER_DEFINITIONS Index: stable/4/contrib/sendmail/cf/m4/version.m4 =================================================================== --- stable/4/contrib/sendmail/cf/m4/version.m4 (revision 71887) +++ stable/4/contrib/sendmail/cf/m4/version.m4 (revision 71888) @@ -1,18 +1,18 @@ divert(-1) # # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # -VERSIONID(`$Id: version.m4,v 8.39.4.14 2000/09/19 07:28:06 gshapiro Exp $') +VERSIONID(`$Id: version.m4,v 8.39.4.21 2000/12/29 18:22:15 gshapiro Exp $') # divert(0) # Configuration version number -DZ8.11.1`'ifdef(`confCF_VERSION', `/confCF_VERSION') +DZ8.11.2`'ifdef(`confCF_VERSION', `/confCF_VERSION') Index: stable/4/contrib/sendmail/contrib/domainmap.m4 =================================================================== --- stable/4/contrib/sendmail/contrib/domainmap.m4 (revision 71887) +++ stable/4/contrib/sendmail/contrib/domainmap.m4 (revision 71888) @@ -1,91 +1,103 @@ divert(-1)changequote(<<, >>)<< ----------------------------------------------------------------------------- FEATURE(domainmap) Macro The existing virtusertable feature distributed with sendmail is a good basic approach to virtual hosting, but it is missing a few key features: 1. Ability to have a different map for each domain. 2. Ability to perform virtual hosting for domains which are not in $=w. 3. Ability to use a centralized network-accessible database (such as PH) which is keyed on username alone (as opposed to the fully-qualified email address). The FEATURE(domainmap) macro neatly solves these problems. The basic syntax of the macro is: FEATURE(domainmap, `domain.com', `map definition ...')dnl To illustrate how it works, here is an example: FEATURE(domainmap, `foo.com', `dbm -o /etc/mail/foo-users')dnl In this example, mail sent to user@foo.com will be rewritten by the domainmap. The username will be looked up in the DBM map /etc/mail/foo-users, which looks like this: jsmith johnsmith@mailbox.foo.com jdoe janedoe@sandbox.bar.com So mail sent to jsmith@foo.com will be relayed to johnsmith@mailbox.foo.com, and mail sent to jdoe@foo.com will be relayed to janedoe@sandbox.bar.com. The FEATURE(domainmap) Macro supports the user+detail syntax by stripping off the +detail portion before the domainmap lookup and tacking it back on to the result. Using the example above, mail sent to jsmith+sometext@foo.com will be rewritten as johnsmith+sometext@mailbox.foo.com. If one of the elements in the $=w class (i.e., "local" delivery hosts) is a domain specified in a FEATURE(domainmap) entry, you need to use the LOCAL_USER(username) macro to specify the list of users for whom domainmap lookups should not be done. To use this macro, simply copy this file into the cf/feature directory in the sendmail source tree. For more information, please see the following URL: http://www-wsg.cso.uiuc.edu/sendmail/patches/domainmap.html Feedback is welcome. Mark D. Roth ----------------------------------------------------------------------------- >>changequote(`, ')undivert(-1)divert ifdef(`_DOMAIN_MAP_',`',`dnl LOCAL_RULE_0 # do mapping for domains where applicable R$* $=O $* <@ $={MappedDomain} .> $@ $>Recurse $1 $2 $3 Strip extraneous routing R$+ <@ $={MappedDomain} .> $>DomainMapLookup $1 <@ $2 .> domain mapping LOCAL_RULESETS ########################################################################### ### Ruleset DomainMapLookup -- special rewriting for mapped domains ### ########################################################################### SDomainMapLookup R $=L <@ $=w .> $@ $1 <@ $2 .> weed out local users, in case # Cw contains a mapped domain -R $+ <@ $+> $: $1 <@ $2 > < $2 > find domain +ifdef(`DOMAINMAP_NO_REGEX',`dnl +R $+ <@ $+> $: $1 <@ $2> <$2> find domain R $+ <$+> <$+ . $+> $1 <$2> < $(dequote $3 "_" $4 $) > # change "." to "_" R $+ <$+> <$+ .> $: $1 <$2> < $(dequote "domain_" $3 $) > # prepend "domain_" +dnl',`dnl +R $+ <@ $+> $: $1 <@ $2> <$2 :NOTDONE:> find domain +R $+ <$+> <$+ . :NOTDONE:> $1 <$2> < $(domainmap_regex $3 $: $3 $) > +# change "." and "-" to "_" +R $+ <$+> <$+> $: $1 <$2> < $(dequote "domain_" $3 $) > +# prepend "domain_" +dnl') R $+ <$+> <$+> $: $1 <$2> <$3> $1 find user name R $+ <$+> <$+> $+ + $* $: $1 <$2> <$3> $4 handle user+detail syntax R $+ <$+> <$+> $+ $: $1 <$2> $( $3 $4 $: $) # do actual domain map lookup R $+ <$+> $#error $@ 5.1.1 $: "550 email address lookup in domain map failed" R $+ <@ $+> $* $* $#dsmtp $@ localhost $: $1 @ $2 # queue it up for later delivery R $+ + $* <$+> $+ @ $+ $: $1 + $2 <$3> $4 + $2 @ $5 # reset original user+detail R $+ <$+> $+ $@ $>Recurse $3 recanonify -define(`_DOMAIN_MAP_',`1')') +ifdef(`DOMAINMAP_NO_REGEX',`',`dnl LOCAL_CONFIG +K domainmap_regex regex -a.:NOTDONE: -s1,2 -d_ (.*)[-\.]([^-\.]*)$ +')define(`_DOMAIN_MAP_',`1')') + +LOCAL_CONFIG C{MappedDomain} _ARG_ -K `domain_'translit(_ARG_, `.', `_') _ARG2_ -T +K `domain_'translit(_ARG_, `.-', `__') _ARG2_ -T Index: stable/4/contrib/sendmail/contrib/qtool.8 =================================================================== --- stable/4/contrib/sendmail/contrib/qtool.8 (revision 71887) +++ stable/4/contrib/sendmail/contrib/qtool.8 (revision 71888) @@ -1,206 +1,206 @@ .\" Copyright (c) 1999 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: qtool.8,v 8.9 1999/08/26 00:04:10 cying Exp $ +.\" $Id: qtool.8,v 8.9.16.2 2000/12/15 19:50:41 gshapiro Exp $ .\" -.TH QTOOL 8 "July 12, 1999" +.TH QTOOL 8 "$Date: 2000/12/15 19:50:41 $" .SH NAME -.B qtool +qtool \- manipulate sendmail queues .SH SYNOPSIS .B qtool.pl .RB [options] target_directory source [source ...] .PP .B qtool.pl [-d/-b] .RB [options] source [source ...] .SH DESCRIPTION .B Qtool moves the queue files used by sendmail between queues. It uses the same locking mechanism as sendmail so can be safely used while sendmail is running. .PP With no options, .B qtool will move any queue files as specified by \fIsource\fP into \fItarget_directory\fP. \fISource\fP can be either an individual queue control file, a queue file id, or a queue directory. .PP If the -d option is specified, qtool will delete the messages specified by source instead of moving them. .PP If the -b option is specified, the selected messages will be bounced by running sendmail with the -OTimeout.queuereturn=now option. .SS Options .TP \fB\-b\fP Bounce all of the messages specified by source. The messages will be bounced immediately. No attempt will be made to deliver the messages. .TP \fB\-d\fP Delete all of the messages specified by source. .TP \fB\-e\fP \fIperl_expression\fP Evalute \fIperl_expression\fP for each queue file as specified by \fIsource\fP. If \fIperl_expression\fP evaluates to true, then that queue file is moved. See below for more detail on \fIperl_expression\fP. .TP \fB\-s\fP \fIseconds\fP Move only the queue files specified by \fIsource\fP that have a modification time older than \fIseconds\fP. .SS Perl Expressions You can use any valid perl expression. Inside the expression you have access to a hash that contains many of the fields in the control file as well as some other data about that queued message. The hash is called \fI%msg\fP. If a field has multiple values (e.g. 'Recipient'), it will be returned as an array, otherwise it will be returned as a scalar. Through \fI%msg\fP, you can access the following variables: .TP \fBauth\fP AUTH= parameter. .TP \fBbody_type\fP Body type (\fB8BITMIME\fP, \fB7BIT\fP, or undefined). .TP \fBbody_last_mod_time\fP The last time the body was modified since the epoch in seconds. .TP \fBbody_size\fP The size of the body file in bytes. .TP \fBcharset\fP Character set (for future use). .TP \fBcontent-length\fP Content-Length: header value (Solaris sendmail only). .TP \fBcontrolling_user\fP The controlling user. .TP \fBcontrol_last_mod_time\fP The last time the body was modified since the epoch in seconds. .TP \fBcontrol_size\fP The size of the control file in bytes. .TP \fBcreation_time\fP The time when the control file was created. .TP \fBdata_file_name\fP The data file name (deprecated). .TP \fBenvid\fP Original envelope id form ESMTP. .TP \fBerror_recipient\fP The error recipient (deprecated). .TP \fBflags\fP Array of characters that can be the following values: .PD 0 .RS +8 .TP 8 w warning message has been sent .TP 8 r This is an error respone or DSN .TP 8 8 has 8 bit data in body .TP 8 b delete Bcc: headers .TP 8 d envelope has DSN RET= parameter .TP 8 n don't return body .PD .RE .TP \fBheaders\fP This is a Perl hash where the keys are rfc822 field names and the values are rfc822 field values. If a field has only one value it will be returned as a string. If a field has more than one value (e.g. 'Received') it will be returned as a list of strings. .TP \fBinode_number\fP The inode number for the data (body) file. .TP \fBnext_delivery_time\fP Earliest time of next delivery attempt. .TP \fBnum_delivery_attempts\fP Number of delivery attempts that have been made. .TP \fBmacro\fP Defined macro. .TP \fBmessage\fP Envelope status message. .TP \fBoriginal_recipient\fP Original recipient (ORCPT= parameter). .TP \fBpriority\fP Adjusted priority of message. .TP \fBrecipient\fP Array of character flags followed by colon and recipient name. Flags: .PD 0 .RS +8 .TP 8 N Has NOTIFY= parameter. .TP 8 S Success DSN requested. .TP 8 F Failure DSN requested. .TP 8 D Delay DSN requested. .TP 8 P Primary address (not the result of alias/forward expansion). .PD .RE .TP \fBsender\fP Sender .TP \fBversion\fP Version of control file. .SH EXAMPLES .TP \fBqtool.pl q2 q1\fP Moves all of the queue files in queue q1 to queue q2. .TP \fBqtool.pl q2 q1/d6CLQh100847\fP Moves the message with id d6CLQh100847 in queue q1 to queue q2. .TP \fBqtool.pl q2 q1/qfd6CLQh100847\fP Moves the message with id d6CLQh100847 in queue q1 to queue q2. .TP \fBqtool.pl q2 q1/dfd6CLQh100847\fP Moves the message with id d6CLQh100847 in queue q1 to queue q2. .TP \fBqtool.pl -e '$msg{num_delivery_attempts} == 3' /q2 /q1\fP Moves all of the queue files that have had three attempted deliveries from queue q1 to queue q2. .SH SEE ALSO sendmail(8) .SH HISTORY The .B qtool command appeared in sendmail 8.10. Index: stable/4/contrib/sendmail/contrib/qtool.pl =================================================================== --- stable/4/contrib/sendmail/contrib/qtool.pl (revision 71887) +++ stable/4/contrib/sendmail/contrib/qtool.pl (revision 71888) @@ -1,1190 +1,1189 @@ #!/usr/bin/env perl ## ## Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. ## All rights reserved. ## -## $Id: qtool.pl,v 8.15.16.2 2000/09/17 17:04:22 gshapiro Exp $ +## $Id: qtool.pl,v 8.15.16.4 2000/11/30 07:14:01 gshapiro Exp $ ## use strict; use File::Basename; use File::Copy; use File::Spec; use Fcntl qw(:flock :DEFAULT); use Getopt::Std; ## ## QTOOL ## This program is for moving files between sendmail queues. It is ## pretty similar to just moving the files manually, but it locks the files ## the same way sendmail does to prevent problems. ## ## The syntax is the reverse of mv (ie. the target argument comes ## first). This lets you pick the files you want to move using find and ## xargs. ## ## Since you cannot delete queues while sendmail is running, QTOOL ## assumes that when you specify a directory as a source, you mean that you ## want all of the queue files within that directory moved, not the ## directory itself. ## ## There is a mechanism for adding conditionals for moving the files. ## Just create an Object with a check_move(source, dest) method and add it ## to the $conditions object. See the handling of the '-s' option for an ## example. ## ## ## OPTION NOTES ## ## The -e option: ## The -e option takes any valid perl expression and evaluates it ## using the eval() function. Inside the expression the variable ## '$msg' is bound to the ControlFile object for the current source ## queue message. This lets you check for any value in the message ## headers or the control file. Here's an example: ## ## ./qtool.pl -e '$msg->{num_delivery_attempts} >= 2' /q1 /q2 ## ## This would move any queue files whose number of delivery attempts ## is greater than or equal to 2 from the queue 'q2' to the queue 'q1'. ## ## See the function ControlFile::parse for a list of available ## variables. ## my %opts; my %sources; my $dst_name; my $destination; my $source_name; my $source; my $result; my $action; my $new_condition; my $conditions = new Compound(); Getopt::Std::getopts('bde:s:', \%opts); sub move_action { my $source = shift; my $destination = shift; $result = $destination->add($source); if ($result) { print("$result.\n"); } } sub delete_action { my $source = shift; return $source->delete(); } sub bounce_action { my $source = shift; return $source->bounce(); } $action = \&move_action; if (defined $opts{d}) { $action = \&delete_action; } elsif (defined $opts{b}) { $action = \&bounce_action; } if (defined $opts{s}) { $new_condition = new OlderThan($opts{s}); $conditions->add($new_condition); } if (defined $opts{e}) { $new_condition = new Eval($opts{e}); $conditions->add($new_condition); } if ($action == \&move_action) { $dst_name = shift(@ARGV); if (!-d $dst_name) { print("The destination '$dst_name' must be an existing " . "directory.\n"); usage(); exit; } $destination = new Queue($dst_name); } while (@ARGV) { $source_name = shift(@ARGV); $result = add_source(\%sources, $source_name); if ($result) { print("$result.\n"); + exit; } } if (keys(%sources) == 0) { - print("You must at least specify at least one source.\n"); - usage(); exit; } while (($source_name, $source) = each(%sources)) { $result = $conditions->check_move($source, $destination); if ($result) { $result = &{$action}($source, $destination); if ($result) { print("$result\n"); } } } sub usage { print("Usage: $0 [options] directory source ...\n"); print(" $0 [-d|-b] source ...\n"); print("options:\n"); print(" -b Bounce the messages specified by source.\n"); print(" -d Delete the messages specified by source.\n"); print(" -e [perl expression] Move only messages for which perl expression returns true.\n"); - print(" -s [seconds] Move only messages older than seconds.\n"); + print(" -s [seconds] Move only messages whose qf file is older than seconds.\n"); } ## ## ADD_SOURCE -- Adds a source to the source hash. ## ## Determines whether source is a file, directory, or id. Then it ## creates a QueuedMessage or Queue for that source and adds it to the ## list. ## ## Parameters: ## sources -- A hash that contains all of the sources. ## source_name -- The name of the source to add ## ## Returns: ## error_string -- Undef if ok. Error string otherwise. ## ## Notes: ## If a new source comes in with the same ID as a previous ## source, the previous source gets overwritten in the sources ## hash. This lets the user specify things like * and it still ## works nicely. ## sub add_source { my $sources = shift; my $source_name = shift; my $source_base_name; my $source_dir_name; my $data_dir_name; my $source_id; my $source_prefix; my $queued_message; my $queue; my $result; ($source_base_name, $source_dir_name) = File::Basename::fileparse($source_name); $data_dir_name = $source_dir_name; $source_prefix = substr($source_base_name, 0, 2); if (!-d $source_name && $source_prefix ne 'qf' && $source_prefix ne 'df') { $source_base_name = "qf$source_base_name"; $source_name = File::Spec->catfile("$source_dir_name", "$source_base_name"); } $source_id = substr($source_base_name, 2); if (!-e $source_name) { $source_name = File::Spec->catfile("$source_dir_name", "qf", "qf$source_id"); if (!-e $source_name) { return "'$source_name' does not exist"; } $data_dir_name = File::Spec->catfile("$source_dir_name", "df"); $source_dir_name = File::Spec->catfile("$source_dir_name", "qf"); } if (-f $source_name) { $queued_message = new QueuedMessage($source_dir_name, $source_id, $data_dir_name); $sources->{$source_id} = $queued_message; return undef; } if (!-d $source_name) { return "'$source_name' is not a plain file or a directory"; } $queue = new Queue($source_name); $result = $queue->read(); if ($result) { return $result; } while (($source_id, $queued_message) = each(%{$queue->{files}})) { $sources->{$source_id} = $queued_message; } return undef; } ## ## LOCK_FILE -- Opens and then locks a file. ## ## Opens a file for read/write and uses flock to obtain a lock on the ## file. The flock is Perl's flock which defaults to flock on systems ## that support it. On systems without flock it falls back to fcntl ## locking. ## ## Parameters: ## file_name -- The name of the file to open and lock. ## ## Returns: ## (file_handle, error_string) -- If everything works then ## file_handle is a reference to a file handle and ## error_string is undef. If there is a problem then ## file_handle is undef and error_string is a string ## explaining the problem. ## sub lock_file { my $file_name = shift; my $result; $result = sysopen(FILE_TO_LOCK, $file_name, Fcntl::O_RDWR); if (!$result) { return (undef, "Unable to open '$file_name': $!"); } $result = flock(FILE_TO_LOCK, Fcntl::LOCK_EX | Fcntl::LOCK_NB); if (!$result) { return (undef, "Could not obtain lock on '$file_name': $!"); } return (\*FILE_TO_LOCK, undef); } ## ## UNLOCK_FILE -- Unlocks a file. ## ## Unlocks a file using Perl's flock. ## ## Parameters: ## file -- A file handle. ## ## Returns: ## error_string -- If undef then no problem. Otherwise it is a ## string that explains problem. ## sub unlock_file { my $file = shift; my $result; $result = flock($file, Fcntl::LOCK_UN); if (!$result) { return "Unlock failed on '$result': $!"; } return undef; } ## ## MOVE_FILE -- Moves a file. ## ## Moves a file. ## ## Parameters: ## src_name -- The name of the file to be move. ## dst_nome -- The name of the place to move it to. ## ## Returns: ## error_string -- If undef then no problem. Otherwise it is a ## string that explains problem. ## sub move_file { my $src_name = shift; my $dst_name = shift; my $result; $result = File::Copy::move($src_name, $dst_name); if (!$result) { return "File move from '$src_name' to '$dst_name' failed: $!"; } return undef; } ## ## CONTROL_FILE - Represents a sendmail queue control file. ## ## This object represents represents a sendmail queue control file. ## It can parse and lock its file. ## package ControlFile; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; my $queue_dir = shift; $self->{id} = shift; $self->{file_name} = $queue_dir . '/qf' . $self->{id}; $self->{headers} = {}; } ## ## PARSE - Parses the control file. ## ## Parses the control file. It just sticks each entry into a hash. ## If a key has more than one entry, then it points to a list of ## entries. ## sub parse { my $self = shift; if ($self->{parsed}) { return; } my %parse_table = ( 'A' => 'auth', 'B' => 'body_type', 'C' => 'controlling_user', 'D' => 'data_file_name', 'E' => 'error_recipient', 'F' => 'flags', 'H' => 'parse_header', 'I' => 'inode_number', 'K' => 'next_delivery_time', 'L' => 'content-length', 'M' => 'message', 'N' => 'num_delivery_attempts', 'P' => 'priority', 'Q' => 'original_recipient', 'R' => 'recipient', 'S' => 'sender', 'T' => 'creation_time', 'V' => 'version', 'X' => 'charset', 'Z' => 'envid', '$' => 'macro' ); my $line; my $line_type; my $line_value; my $member_name; my $member; my $last_type; open(CONTROL_FILE, "$self->{file_name}"); while ($line = ) { $line_type = substr($line, 0, 1); if ($line_type eq "\t" && $last_type eq 'H') { $line_type = 'H'; $line_value = $line; } else { $line_value = substr($line, 1); } $member_name = $parse_table{$line_type}; $last_type = $line_type; if (!$member_name) { $member_name = 'unknown'; } if ($self->can($member_name)) { $self->$member_name($line_value); } $member = $self->{$member_name}; if (!$member) { $self->{$member_name} = $line_value; next; } if (ref($member) eq 'ARRAY') { push(@{$member}, $line_value); next; } $self->{$member_name} = [$member, $line_value]; } close(CONTROL_FILE); $self->{parsed} = 1; } sub parse_header { my $self = shift; my $line = shift; my $headers = $self->{headers}; my $last_header = $self->{last_header}; my $header_name; my $header_value; my $first_char; $first_char = substr($line, 0, 1); if ($first_char eq "?") { $line = substr($line, 3); } elsif ($first_char eq "\t") { if (ref($headers->{$last_header}) eq 'ARRAY') { $headers->{$last_header}[-1] = $headers->{$last_header}[-1] . $line; } else { $headers->{$last_header} = $headers->{$last_header} . $line; } return; } ($header_name, $header_value) = split(/:/, $line, 2); $self->{last_header} = $header_name; if (exists $headers->{$header_name}) { $headers->{$header_name} = [$headers->{$header_name}, $header_value]; } else { $headers->{$header_name} = $header_value; } } sub is_locked { my $self = shift; return (defined $self->{lock_handle}); } sub lock { my $self = shift; my $lock_handle; my $result; if ($self->is_locked()) { # Already locked return undef; } ($lock_handle, $result) = ::lock_file($self->{file_name}); if (!$lock_handle) { return $result; } $self->{lock_handle} = $lock_handle; return undef; } sub unlock { my $self = shift; my $result; if (!$self->is_locked()) { # Not locked return undef; } $result = ::unlock_file($self->{lock_handle}); $self->{lock_handle} = undef; return $result; } sub do_stat { my $self = shift; my $result; my @result; $result = open(QUEUE_FILE, $self->{file_name}); if (!$result) { return "Unable to open '$self->{file_name}': $!"; } @result = stat(QUEUE_FILE); if (!@result) { return "Unable to stat '$self->{file_name}': $!"; } $self->{control_size} = $result[7]; $self->{control_last_mod_time} = $result[9]; } sub DESTROY { my $self = shift; $self->unlock(); } sub delete { my $self = shift; my $result; $result = unlink($self->{file_name}); if (!$result) { return "Unable to delete $self->{file_name}: $!"; } return undef; } ## ## DATA_FILE - Represents a sendmail queue data file. ## ## This object represents represents a sendmail queue data file. ## It is really just a place-holder. ## package DataFile; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; my $queue_dir = shift; $self->{id} = shift; $self->{file_name} = $queue_dir . '/df' . $self->{id}; } sub do_stat { my $self = shift; my $result; my @result; $result = open(QUEUE_FILE, $self->{file_name}); if (!$result) { return "Unable to open '$self->{file_name}': $!"; } @result = stat(QUEUE_FILE); if (!@result) { return "Unable to stat '$self->{file_name}': $!"; } $self->{body_size} = $result[7]; $self->{body_last_mod_time} = $result[9]; } sub delete { my $self = shift; my $result; $result = unlink($self->{file_name}); if (!$result) { return "Unable to delete $self->{file_name}: $!"; } return undef; } ## ## QUEUED_MESSAGE - Represents a queued sendmail message. ## ## This keeps track of the files that make up a queued sendmail ## message. ## Currently it has 'control_file' and 'data_file' as members. ## ## You can tie it to a fetch only hash using tie. You need to ## pass a reference to a QueuedMessage as the third argument ## to tie. ## package QueuedMessage; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; my $queue_dir = shift; my $id = shift; my $data_dir = shift; $self->{id} = $id; $self->{control_file} = new ControlFile($queue_dir, $id); if ($data_dir) { $self->{data_file} = new DataFile($data_dir, $id); } else { $self->{data_file} = new DataFile($queue_dir, $id); } } sub last_modified_time { my $self = shift; my @result; @result = stat($self->{data_file}->{file_name}); return $result[9]; } sub TIEHASH { my $this = shift; my $class = ref($this) || $this; my $self = shift; return $self; } sub FETCH { my $self = shift; my $key = shift; if (exists $self->{control_file}->{$key}) { return $self->{control_file}->{$key}; } if (exists $self->{data_file}->{$key}) { return $self->{data_file}->{$key}; } return undef; } sub lock { my $self = shift; return $self->{control_file}->lock(); } sub unlock { my $self = shift; return $self->{control_file}->unlock(); } sub move { my $self = shift; my $destination = shift; my $df_dest; my $qf_dest; my $result; $result = $self->lock(); if ($result) { return $result; } $qf_dest = File::Spec->catfile($destination, "qf"); if (-d $qf_dest) { $df_dest = File::Spec->catfile($destination, "df"); if (!-d $df_dest) { $df_dest = $destination; } } else { $qf_dest = $destination; $df_dest = $destination; } if (-e File::Spec->catfile($qf_dest, "qf$self->{id}")) { $result = "There is already a queued message with id '$self->{id}' in '$destination'"; } if (!$result) { $result = ::move_file($self->{data_file}->{file_name}, $df_dest); } if (!$result) { $result = ::move_file($self->{control_file}->{file_name}, $qf_dest); } $self->unlock(); return $result; } sub parse { my $self = shift; return $self->{control_file}->parse(); } sub do_stat { my $self = shift; $self->{control_file}->do_stat(); $self->{data_file}->do_stat(); } sub setup_vars { my $self = shift; $self->parse(); $self->do_stat(); } sub delete { my $self = shift; my $result; $result = $self->{control_file}->delete(); if ($result) { return $result; } $result = $self->{data_file}->delete(); if ($result) { return $result; } return undef; } sub bounce { my $self = shift; my $command; $command = "sendmail -qI$self->{id} -O Timeout.queuereturn=now"; # print("$command\n"); system($command); } ## ## QUEUE - Represents a queued sendmail queue. ## ## This manages all of the messages in a queue. ## package Queue; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; $self->{queue_dir} = shift; $self->{files} = {}; } ## ## READ - Loads the queue with all of the objects that reside in it. ## ## This reads the queue's directory and creates QueuedMessage objects ## for every file in the queue that starts with 'qf'. ## sub read { my $self = shift; my @control_files; my $queued_message; my $file_name; my $id; my $result; my $control_dir; my $data_dir; $control_dir = File::Spec->catfile($self->{queue_dir}, 'qf'); if (-e $control_dir) { $data_dir = File::Spec->catfile($self->{queue_dir}, 'df'); if (!-e $data_dir) { $data_dir = $self->{queue_dir}; } } else { $data_dir = $self->{queue_dir}; $control_dir = $self->{queue_dir}; } $result = opendir(QUEUE_DIR, $control_dir); if (!$result) { return "Unable to open directory '$control_dir'"; } @control_files = grep { /^qf.*/ && -f "$control_dir/$_" } readdir(QUEUE_DIR); closedir(QUEUE_DIR); foreach $file_name (@control_files) { $id = substr($file_name, 2); $queued_message = new QueuedMessage($control_dir, $id, $data_dir); $self->{files}->{$id} = $queued_message; } return undef; } ## ## ADD_QUEUED_MESSAGE - Adds a QueuedMessage to this Queue. ## ## Adds the QueuedMessage object to the hash and moves the files ## associated with the QueuedMessage to this Queue's directory. ## sub add_queued_message { my $self = shift; my $queued_message = shift; my $result; $result = $queued_message->move($self->{queue_dir}); if ($result) { return $result; } $self->{files}->{$queued_message->{id}} = $queued_message; return $result; } ## ## ADD_QUEUE - Adds another Queue's QueuedMessages to this Queue. ## ## Adds all of the QueuedMessage objects in the passed in queue ## to this queue. ## sub add_queue { my $self = shift; my $queue = shift; my $id; my $queued_message; my $result; while (($id, $queued_message) = each %{$queue->{files}}) { $result = $self->add_queued_message($queued_message); if ($result) { print("$result.\n"); } } } ## ## ADD - Adds an item to this queue. ## ## Adds either a Queue or a QueuedMessage to this Queue. ## sub add { my $self = shift; my $source = shift; my $type_name; my $result; $type_name = ref($source); if ($type_name eq "QueuedMessage") { return $self->add_queued_message($source); } if ($type_name eq "Queue") { return $self->add_queue($source); } return "Queue does not know how to add a '$type_name'" } sub delete { my $self = shift; my $id; my $queued_message; while (($id, $queued_message) = each %{$self->{files}}) { $result = $queued_message->delete(); if ($result) { print("$result.\n"); } } } sub bounce { my $self = shift; my $id; my $queued_message; while (($id, $queued_message) = each %{$self->{files}}) { $result = $queued_message->bounce(); if ($result) { print("$result.\n"); } } } ## ## Condition Class ## ## This next section is for any class that has an interface called ## check_move(source, dest). Each class represents some condition to ## check for to determine whether we should move the file from ## source to dest. ## ## ## OlderThan ## ## This Condition Class checks the modification time of the ## source file and returns true if the file's modification time is ## older than the number of seconds the class was initialzed with. ## package OlderThan; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; $self->{age_in_seconds} = shift; } sub check_move { my $self = shift; my $source = shift; if ((time() - $source->last_modified_time()) > $self->{age_in_seconds}) { return 1; } return 0; } ## ## Compound ## ## Takes a list of Move Condition Classes. Check_move returns true ## if every Condition Class in the list's check_move function returns ## true. ## package Compound; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; $self->{condition_list} = []; } sub add { my $self = shift; my $new_condition = shift; push(@{$self->{condition_list}}, $new_condition); } sub check_move { my $self = shift; my $source = shift; my $dest = shift; my $condition; my $result; foreach $condition (@{$self->{condition_list}}) { if (!$condition->check_move($source, $dest)) { return 0; } } return 1; } ## ## Eval ## ## Takes a perl expression and evaluates it. The ControlFile object ## for the source QueuedMessage is avaliable through the name '$msg'. ## package Eval; sub new { my $this = shift; my $class = ref($this) || $this; my $self = {}; bless $self, $class; $self->initialize(@_); return $self; } sub initialize { my $self = shift; $self->{expression} = shift; } sub check_move { my $self = shift; my $source = shift; my $dest = shift; my $result; my %msg; $source->setup_vars(); tie(%msg, 'QueuedMessage', $source); $result = eval($self->{expression}); return $result; } Index: stable/4/contrib/sendmail/doc/op/op.me =================================================================== --- stable/4/contrib/sendmail/doc/op/op.me (revision 71887) +++ stable/4/contrib/sendmail/doc/op/op.me (revision 71888) @@ -1,9414 +1,9423 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. .\" Copyright (c) 1983, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: op.me,v 8.317.4.39 2000/09/22 15:01:37 ca Exp $ +.\" $Id: op.me,v 8.317.4.47 2000/12/17 00:54:56 gshapiro Exp $ .\" .\" eqn op.me | pic | troff -me .eh 'SMM:08-%''Sendmail Installation and Operation Guide' .oh 'Sendmail Installation and Operation Guide''SMM:08-%' .\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin .ds SD sbin .\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb .ds SB bin .nr si 3n .de $0 .(x .in \\$3u*3n .ti -3n \\$2. \\$1 .)x .. .de $C .(x .in 0 \\$1 \\$2. \\$3 .)x .. -.sc .+c .(l C .sz 16 .b SENDMAIL\u\s-6TM\s0\d .sz 12 .sp .b "INSTALLATION AND OPERATION GUIDE" .(f .b DISCLAIMER: This documentation is under modification. .)f .sz 10 .sp .r Eric Allman Sendmail, Inc. eric@Sendmail.COM .sp .de Ve Version \\$2 .. -.Ve $Revision: 8.317.4.39 $ +.Ve $Revision: 8.317.4.47 $ .rm Ve .sp For Sendmail Version 8.11 .)l .(f Sendmail is a trademark of Sendmail, Inc. .)f .sp 2 .pp .i Sendmail \u\s-2TM\s0\d implements a general purpose internetwork mail routing facility under the UNIX\(rg operating system. It is not tied to any one transport protocol \*- its function may be likened to a crossbar switch, relaying messages from one domain into another. In the process, it can do a limited amount of message header editing to put the message into a format that is appropriate for the receiving domain. All of this is done under the control of a configuration file. .pp Due to the requirements of flexibility for .i sendmail , the configuration file can seem somewhat unapproachable. However, there are only a few basic configurations for most sites, for which standard configuration files have been supplied. Most other configurations can be built by adjusting an existing configuration file incrementally. .pp .i Sendmail is based on RFC821 (Simple Mail Transport Protocol), RFC822 (Internet Mail Headers Format), RFC974 (MX routing), RFC1123 (Internet Host Requirements), RFC2045 (MIME), RFC1869 (SMTP Service Extensions), RFC1652 (SMTP 8BITMIME Extension), RFC1870 (SMTP SIZE Extension), RFC1891 (SMTP Delivery Status Notifications), RFC1892 (Multipart/Report), RFC1893 (Mail System Status Codes), RFC1894 (Delivery Status Notifications), RFC1985 (SMTP Service Extension for Remote Message Queue Starting), RFC2033 (Local Message Transmission Protocol), RFC2034 (SMTP Service Extension for Returning Enhanced Error Codes), RFC2476 (Message Submission), RFC2487 (SMTP Service Extension for Secure SMTP over TLS), and RFC2554 (SMTP Service Extension for Authentication). However, since .i sendmail is designed to work in a wider world, in many cases it can be configured to exceed these protocols. These cases are described herein. .pp Although .i sendmail is intended to run without the need for monitoring, it has a number of features that may be used to monitor or adjust the operation under unusual circumstances. These features are described. .pp Section one describes how to do a basic .i sendmail installation. Section two explains the day-to-day information you should know to maintain your mail system. If you have a relatively normal site, these two sections should contain sufficient information for you to install .i sendmail and keep it happy. Section three describes some parameters that may be safely tweaked. Section four has information regarding the command line arguments. Section five contains the nitty-gritty information about the configuration file. This section is for masochists and people who must write their own configuration file. Section six describes configuration that can be done at compile time. The appendixes give a brief but detailed explanation of a number of features not described in the rest of the paper. .bp 7 .sh 1 "BASIC INSTALLATION" .pp There are two basic steps to installing .i sendmail . First, you have to compile and install the binary. If .i sendmail has already been ported to your operating system that should be simple. Second, you must build a run-time configuration file. This is a file that .i sendmail reads when it starts up that describes the mailers it knows about, how to parse addresses, how to rewrite the message header, and the settings of various options. Although the configuration file can be quite complex, a configuration can usually be built using an M4-based configuration language. .pp The remainder of this section will describe the installation of .i sendmail assuming you can use one of the existing configurations and that the standard installation parameters are acceptable. All pathnames and examples are given from the root of the .i sendmail subtree, normally .i /usr/src/usr.\*(SD/sendmail on 4.4BSD. .pp If you are loading this off the tape, continue with the next section. If you have a running binary already on your system, you should probably skip to section 1.2. .sh 2 "Compiling Sendmail" .pp All .i sendmail source is in the .i sendmail subdirectory. To compile sendmail, .q cd into the .i sendmail directory and type .(b \&./Build .)b This will leave the binary in an appropriately named subdirectory, e.g., obj.BSD-OS.2.1.i386. It works for multiple object versions compiled out of the same directory. .sh 3 "Tweaking the Build Invocation" .pp You can give parameters on the .i Build command. In most cases these are only used when the .i obj.* directory is first created. These commands include: .nr ii 0.5i .ip "\-L \fIlibdirs\fP" A list of directories to search for libraries. .ip "\-I \fIincdirs\fP" A list of directories to search for include files. .ip "\-E \fIenvar\fP=\fIvalue\fP" Set an environment variable to an indicated .i value before compiling. .ip "\-c" Create a new .i obj.* tree before running. .ip "\-f \fIsiteconfig\fP" Read the indicated site configuration file. If this parameter is not specified, .i Build includes .i all of the files .i $BUILDTOOLS/Site/site.$oscf.m4 and .i $BUILDTOOLS/Site/site.config.m4 , where $BUILDTOOLS is normally .i \&../devtools and $oscf is the same name as used on the .i obj.* directory. See below for a description of the site configuration file. .ip "\-S" Skip auto-configuration. .i Build will avoid auto-detecting libraries if this is set. All libraries and map definitions must be specified in the site configuration file. .lp Any other parameters are passed to the .i make program. .sh 3 "Creating a Site Configuration File" .\"XXX .pp (This section is not yet complete. For now, see the file devtools/README for details.) See sendmail/README for various compilation flags that can be set. .sh 3 "Tweaking the Makefile" .pp .\" .b "XXX This should all be in the Site Configuration File section." .i Sendmail supports two different formats for the local (on disk) version of databases, notably the .i aliases database. At least one of these should be defined if at all possible. .nr ii 1i .ip NDBM The ``new DBM'' format, available on nearly all systems around today. This was the preferred format prior to 4.4BSD. It allows such complex things as multiple databases and closing a currently open database. .ip NEWDB The Berkeley DB package. If you have this, use it. It allows long records, multiple open databases, real in-memory caching, and so forth. You can define this in conjunction with .sm NDBM ; if you do, old alias databases are read, but when a new database is created it will be in NEWDB format. As a nasty hack, if you have NEWDB, NDBM, and NIS defined, and if the alias file name includes the substring .q /yp/ , .i sendmail will create both new and old versions of the alias file during a .i newalias command. This is required because the Sun NIS/YP system reads the DBM version of the alias file. It's ugly as sin, but it works. .lp If neither of these are defined, .i sendmail reads the alias file into memory on every invocation. This can be slow and should be avoided. There are also several methods for remote database access: .ip NIS Sun's Network Information Services (formerly YP). .ip NISPLUS Sun's NIS+ services. .ip NETINFO NeXT's NetInfo service. .ip HESIOD Hesiod service (from Athena). .lp Other compilation flags are set in conf.h and should be predefined for you unless you are porting to a new environment. .sh 3 "Compilation and installation" .pp After making the local system configuration described above, You should be able to compile and install the system. The script .q Build is the best approach on most systems: .(b \&./Build .)b This will use .i uname (1) to create a custom Makefile for your environment. .pp If you are installing in the standard places, you should be able to install using .(b \&./Build install .)b This should install the binary in /usr/\*(SD and create links from /usr/\*(SB/newaliases and /usr/\*(SB/mailq to /usr/\*(SD/sendmail. On 4.4BSD systems it will also format and install man pages. .sh 2 "Configuration Files" .pp .i Sendmail cannot operate without a configuration file. The configuration defines the mail delivery mechanisms understood at this site, how to access them, how to forward email to remote mail systems, and a number of tuning parameters. This configuration file is detailed in the later portion of this document. .pp The .i sendmail configuration can be daunting at first. The world is complex, and the mail configuration reflects that. The distribution includes an m4-based configuration package that hides a lot of the complexity. .pp These configuration files are simpler than old versions largely because the world has become simpler; in particular, text-based host files are officially eliminated, obviating the need to .q hide hosts behind a registered internet gateway. .pp These files also assume that most of your neighbors use domain-based UUCP addressing; that is, instead of naming hosts as .q host!user they will use .q host.domain!user . The configuration files can be customized to work around this, but it is more complex. .pp Our configuration files are processed by .i m4 to facilitate local customization; the directory .i cf of the .i sendmail distribution directory contains the source files. This directory contains several subdirectories: .nr ii 1i .ip cf Both site-dependent and site-independent descriptions of hosts. These can be literal host names (e.g., .q ucbvax.mc ) when the hosts are gateways or more general descriptions (such as .q "generic-solaris2.mc" as a general description of an SMTP-connected host running Solaris 2.x. Files ending .b \&.mc (``Master Configuration'') are the input descriptions; the output is in the corresponding .b \&.cf file. The general structure of these files is described below. .ip domain Site-dependent subdomain descriptions. These are tied to the way your organization wants to do addressing. For example, .b domain/CS.Berkeley.EDU.m4 is our description for hosts in the CS.Berkeley.EDU subdomain. These are referenced using the .sm DOMAIN .b m4 macro in the .b \&.mc file. .ip feature Definitions of specific features that some particular host in your site might want. These are referenced using the .sm FEATURE .b m4 macro. An example feature is use_cw_file (which tells .i sendmail to read an /etc/mail/local-host-names file on startup to find the set of local names). .ip hack Local hacks, referenced using the .sm HACK .b m4 macro. Try to avoid these. The point of having them here is to make it clear that they smell. .ip m4 Site-independent .i m4 (1) include files that have information common to all configuration files. This can be thought of as a .q #include directory. .ip mailer Definitions of mailers, referenced using the .sm MAILER .b m4 macro. The mailer types that are known in this distribution are fax, local, smtp, uucp, and usenet. For example, to include support for the UUCP-based mailers, use .q MAILER(uucp) . .ip ostype Definitions describing various operating system environments (such as the location of support files). These are referenced using the .sm OSTYPE .b m4 macro. .ip sh Shell files used by the .b m4 build process. You shouldn't have to mess with these. .ip siteconfig Local UUCP connectivity information. This directory has been supplanted by the mailertable feature; any new configurations should use that feature to do UUCP (and other) routing. .pp If you are in a new domain (e.g., a company), you will probably want to create a cf/domain file for your domain. This consists primarily of relay definitions and features you want enabled site-wide: for example, Berkeley's domain definition defines relays for BitNET and UUCP. These are specific to Berkeley, and should be fully-qualified internet-style domain names. Please check to make certain they are reasonable for your domain. .pp Subdomains at Berkeley are also represented in the cf/domain directory. For example, the domain CS.Berkeley.EDU is the Computer Science subdomain, EECS.Berkeley.EDU is the Electrical Engineering and Computer Sciences subdomain, and S2K.Berkeley.EDU is the Sequoia 2000 subdomain. You will probably have to add an entry to this directory to be appropriate for your domain. .pp You will have to use or create .b \&.mc files in the .i cf/cf subdirectory for your hosts. This is detailed in the cf/README file. .sh 2 "Details of Installation Files" .pp This subsection describes the files that comprise the .i sendmail installation. .sh 3 "/usr/\*(SD/sendmail" .pp The binary for .i sendmail is located in /usr/\*(SD\**. .(f \**This is usually /usr/sbin on 4.4BSD and newer systems; many systems install it in /usr/lib. I understand it is in /usr/ucblib on System V Release 4. .)f It should be setuid root. For security reasons, /, /usr, and /usr/\*(SD should be owned by root, mode 755\**. .(f \**Some vendors ship them owned by bin; this creates a security hole that is not actually related to .i sendmail . Other important directories that should have restrictive ownerships and permissions are /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib. .)f .sh 3 "/etc/mail/sendmail.cf" .pp This is the configuration file for .i sendmail \**. .(f \**Actually, the pathname varies depending on the operating system; /etc/mail is the preferred directory. Some older systems install it in .b /usr/lib/sendmail.cf , and I've also seen it in .b /usr/ucblib . If you want to move this file, add -D_PATH_SENDMAILCF=\e"/file/name\e" to the flags passed to the C compiler. Moving this file is not recommended: other programs and scripts know of this location. .)f This is the only non-library file name compiled into .i sendmail \**. .(f \**The system libraries can reference other files; in particular, system library subroutines that .i sendmail calls probably reference .i /etc/passwd and .i /etc/resolv.conf . .)f .pp The configuration file is normally created using the distribution files described above. If you have a particularly unusual system configuration you may need to create a special version. The format of this file is detailed in later sections of this document. .sh 3 "/usr/\*(SB/newaliases" .pp The .i newaliases command should just be a link to .i sendmail : .(b rm \-f /usr/\*(SB/newaliases ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases .)b This can be installed in whatever search path you prefer for your system. .sh 3 "/usr/\*(SB/hoststat" .pp The .i hoststat command should just be a link to .i sendmail , in a fashion similar to .i newaliases . This command lists the status of the last mail transaction with all remote hosts. The .b \-v flag will prevent the status display from being truncated. It functions only when the .b HostStatusDirectory option is set. .sh 3 "/usr/\*(SB/purgestat" .pp This command is also a link to .i sendmail . It flushes all information that is stored in the .b HostStatusDirectory tree. .sh 3 "/var/spool/mqueue" .pp The directory .i /var/spool/mqueue should be created to hold the mail queue. This directory should be mode 700 and owned by root. .pp The actual path of this directory is defined in the .b Q option of the .i sendmail.cf file. To use multiple queues, supply a value ending with an asterisk. For example, .i /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with `q' in .i /var/spool/mqueue as queue directories. Do not change the queue directory structure while sendmail is running. .pp If these directories have subdirectories or symbolic links to directories named `qf', `df', and `xf', then these will be used for the different queue file types. That is, the data files are stored in the `df' subdirectory, the transcript files are stored in the `xf' subdirectory, and all others are stored in the `qf' subdirectory. .sh 3 "/var/spool/mqueue/.hoststat" .pp This is a typical value for the .b HostStatusDirectory option, containing one file per host that this sendmail has chatted with recently. It is normally a subdirectory of .i mqueue . .sh 3 "/etc/mail/aliases*" .pp The system aliases are held in .q /etc/mail/aliases . A sample is given in .q sendmail/aliases which includes some aliases which .i must be defined: .(b cp lib/aliases /etc/mail/aliases .i "edit /etc/mail/aliases" .)b You should extend this file with any aliases that are apropos to your system. .pp Normally .i sendmail looks at a database version of the files, stored either in .q /etc/mail/aliases.dir and .q /etc/mail/aliases.pag or .q /etc/mail/aliases.db depending on which database package you are using. The actual path of this file is defined in the .b AliasFile option of the .i sendmail.cf file. .sh 3 "/etc/rc or /etc/init.d/sendmail" .pp It will be necessary to start up the .i sendmail daemon when your system reboots. This daemon performs two functions: it listens on the SMTP socket for connections (to receive mail from a remote system) and it processes the queue periodically to insure that mail gets delivered when hosts come up. .pp Add the following lines to .q /etc/rc (or .q /etc/rc.local as appropriate) in the area where it is starting up the daemons on a BSD-base system, or on a System-V-based system in one of the startup files, typically .q /etc/init.d/sendmail : .(b if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then (cd /var/spool/mqueue; rm \-f [lnx]f*) /usr/\*(SD/sendmail \-bd \-q30m & echo \-n ' sendmail' >/dev/console fi .)b The .q cd and .q rm commands insure that all lock files have been removed; extraneous lock files may be left around if the system goes down in the middle of processing a message. The line that actually invokes .i sendmail has two flags: .q \-bd causes it to listen on the SMTP port, and .q \-q30m causes it to run the queue every half hour. .pp Some people use a more complex startup script, removing zero length qf files and df files for which there is no qf file. For example, see Figure 1 for an example of a complex script which does this clean up. .(z .hl #!/bin/sh # remove zero length qf files for qffile in qf* do if [ \-r $qffile ] then if [ ! \-s $qffile ] then echo \-n " " > /dev/console rm \-f $qffile fi fi done # rename tf files to be qf if the qf does not exist for tffile in tf* do qffile=`echo $tffile | sed 's/t/q/'` if [ \-r $tffile \-a ! \-f $qffile ] then echo \-n " " > /dev/console mv $tffile $qffile else if [ \-f $tffile ] then echo \-n " " > /dev/console rm \-f $tffile fi fi done # remove df files with no corresponding qf files for dffile in df* do qffile=`echo $dffile | sed 's/d/q/'` if [ \-r $dffile \-a ! \-f $qffile ] then echo \-n " " > /dev/console mv $dffile `echo $dffile | sed 's/d/D/'` fi done # announce files that have been saved during disaster recovery for xffile in [A-Z]f* do if [ \-f $xffile ] then echo \-n " " > /dev/console fi done .sp .ce Figure 1 \(em A complex startup script .hl .)z .pp If you are not running a version of UNIX that supports Berkeley TCP/IP, do not include the .b \-bd flag. .sh 3 "/etc/mail/helpfile" .pp This is the help file used by the SMTP .b HELP command. It should be copied from .q sendmail/helpfile : .(b cp sendmail/helpfile /etc/mail/helpfile .)b The actual path of this file is defined in the .b HelpFile option of the .i sendmail.cf file. .sh 3 "/etc/mail/statistics" .pp If you wish to collect statistics about your mail traffic, you should create the file .q /etc/mail/statistics : .(b cp /dev/null /etc/mail/statistics chmod 644 /etc/mail/statistics .)b This file does not grow. It is printed with the program .q mailstats/mailstats.c. The actual path of this file is defined in the .b S option of the .i sendmail.cf file. .sh 3 "/usr/\*(SB/mailq" .pp If .i sendmail is invoked as .q mailq, it will simulate the .b \-bp flag (i.e., .i sendmail will print the contents of the mail queue; see below). This should be a link to /usr/\*(SD/sendmail. .sh 1 "NORMAL OPERATIONS" .sh 2 "The System Log" .pp The system log is supported by the .i syslogd \|(8) program. All messages from .i sendmail are logged under the .sm LOG_MAIL facility\**. .(f \**Except on Ultrix, which does not support facilities in the syslog. .)f .sh 3 "Format" .pp Each line in the system log consists of a timestamp, the name of the machine that generated it (for logging from several machines over the local area network), the word .q sendmail: , and a message\**. .(f \**This format may vary slightly if your vendor has changed the syntax. .)f Most messages are a sequence of .i name \c =\c .i value pairs. .pp The two most common lines are logged when a message is processed. The first logs the receipt of a message; there will be exactly one of these per message. Some fields may be omitted if they do not contain interesting information. Fields are: .ip from The envelope sender address. .ip size The size of the message in bytes. .ip class The class (i.e., numeric precedence) of the message. .ip pri The initial message priority (used for queue sorting). .ip nrcpts The number of envelope recipients for this message (after aliasing and forwarding). .ip msgid The message id of the message (from the header). .ip proto The protocol used to receive this message (e.g., ESMTP or UUCP) .ip daemon The daemon name from the .b DaemonPortOptions setting. .ip relay The machine from which it was received. .lp There is also one line logged per delivery attempt (so there can be several per message if delivery is deferred or there are multiple recipients). Fields are: .ip to A comma-separated list of the recipients to this mailer. .ip ctladdr The ``controlling user'', that is, the name of the user whose credentials we use for delivery. .ip delay The total delay between the time this message was received -and the time it was delivered. +and the current delivery attempt. .ip xdelay The amount of time needed in this delivery attempt (normally indicative of the speed of the connection). .ip mailer The name of the mailer used to deliver to this recipient. .ip relay The name of the host that actually accepted (or rejected) this recipient. .ip dsn The enhanced error code (RFC2034) if available. .ip stat The delivery status. .lp Not all fields are present in all messages; for example, the relay is not listed for local deliveries. .sh 3 "Levels" .pp If you have .i syslogd \|(8) or an equivalent installed, you will be able to do logging. There is a large amount of information that can be logged. The log is arranged as a succession of levels. At the lowest level only extremely strange situations are logged. At the highest level, even the most mundane and uninteresting events are recorded for posterity. As a convention, log levels under ten are considered generally .q useful; log levels above 64 are reserved for debugging purposes. Levels from 11\-64 are reserved for verbose information that some sites might want. .pp A complete description of the log levels is given in section .\" XREF 4.6. .sh 2 "Dumping State" .pp You can ask .i sendmail to log a dump of the open files and the connection cache by sending it a .sm SIGUSR1 signal. The results are logged at .sm LOG_DEBUG priority. .sh 2 "The Mail Queue" .pp Sometimes a host cannot handle a message immediately. For example, it may be down or overloaded, causing it to refuse connections. The sending host is then expected to save this message in its mail queue and attempt to deliver it later. .pp Under normal conditions the mail queue will be processed transparently. However, you may find that manual intervention is sometimes necessary. For example, if a major host is down for a period of time the queue may become clogged. Although .i sendmail ought to recover gracefully when the host comes up, you may find performance unacceptably bad in the meantime. .sh 3 "Printing the queue" .pp The contents of the queue can be printed using the .i mailq command (or by specifying the .b \-bp flag to .i sendmail ): .(b mailq .)b This will produce a listing of the queue id's, the size of the message, the date the message entered the queue, and the sender and recipients. .sh 3 "Forcing the queue" .pp .i Sendmail should run the queue automatically at intervals. When using multiple queues, a separate process will be created to run each of the queues unless the queue run is initiated by a user with the verbose flag. The algorithm is to read and sort the queue, and then to attempt to process all jobs in order. When it attempts to run the job, .i sendmail first checks to see if the job is locked. If so, it ignores the job. .pp There is no attempt to insure that only one queue processor exists at any time, since there is no guarantee that a job cannot take forever to process (however, .i sendmail does include heuristics to try to abort jobs that are taking absurd amounts of time; technically, this violates RFC 821, but is blessed by RFC 1123). Due to the locking algorithm, it is impossible for one job to freeze the entire queue. However, an uncooperative recipient host or a program recipient that never returns can accumulate many processes in your system. Unfortunately, there is no completely general way to solve this. .pp In some cases, you may find that a major host going down for a couple of days may create a prohibitively large queue. This will result in .i sendmail spending an inordinate amount of time sorting the queue. This situation can be fixed by moving the queue to a temporary place and creating a new queue. The old queue can be run later when the offending host returns to service. .pp To do this, it is acceptable to move the entire queue directory: .(b cd /var/spool mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue .)b You should then kill the existing daemon (since it will still be processing in the old queue directory) and create a new daemon. .pp To run the old mail queue, run the following command: .(b /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q .)b The .b \-oQ flag specifies an alternate queue directory and the .b \-q flag says to just run every job in the queue. If you have a tendency toward voyeurism, you can use the .b \-v flag to watch what is going on. .pp When the queue is finally emptied, you can remove the directory: .(b rmdir /var/spool/omqueue .)b .sh 2 "Disk Based Connection Information" .pp .i Sendmail stores a large amount of information about each remote system it has connected to in memory. It is now possible to preserve some of this information on disk as well, by using the .b HostStatusDirectory option, so that it may be shared between several invocations of .i sendmail . This allows mail to be queued immediately or skipped during a queue run if there has been a recent failure in connecting to a remote machine. .pp Additionally enabling .b SingleThreadDelivery has the added effect of single-threading mail delivery to a destination. This can be quite helpful if the remote machine is running an SMTP server that is easily overloaded or cannot accept more than a single connection at a time, but can cause some messages to be punted to a future queue run. It also applies to .i all hosts, so setting this because you have one machine on site that runs some software that is easily overrun can cause mail to other hosts to be slowed down. If this option is set, you probably want to set the .b MinQueueAge option as well and run the queue fairly frequently; this way jobs that are skipped because another .i sendmail is talking to the same host will be tried again quickly rather than being delayed for a long time. .pp The disk based host information is stored in a subdirectory of the .b mqueue directory called .b \&.hoststat \**. .(f \**This is the usual value of the .b HostStatusDirectory option; it can, of course, go anywhere you like in your filesystem. .)f Removing this directory and its subdirectories has an effect similar to the .i purgestat command and is completely safe. The information in these directories can be perused with the .i hoststat command, which will indicate the host name, the last access, and the status of that access. An asterisk in the left most column indicates that a .i sendmail process currently has the host locked for mail delivery. .pp The disk based connection information is treated the same way as memory based connection information for the purpose of timeouts. By default, information about host failures is valid for 30 minutes. This can be adjusted with the .b Timeout.hoststatus option. .pp The connection information stored on disk may be purged at any time with the .i purgestat command or by invoking sendmail with the .b \-bH switch. The connection information may be viewed with the .i hoststat command or by invoking sendmail with the .b \-bh switch. .sh 2 "The Service Switch" .pp The implementation of certain system services such as host and user name lookup is controlled by the service switch. If the host operating system supports such a switch .i sendmail will use the native version. Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**. .(f \**HP-UX 10 has service switch support, but since the APIs are apparently not available in the libraries .i sendmail does not use the native service switch in this release. .)f .pp If the underlying operating system does not support a service switch (e.g., SunOS 4.X, HP-UX, BSD) then .i sendmail will provide a stub implementation. The .b ServiceSwitchFile option points to the name of a file that has the service definitions. Each line has the name of a service and the possible implementations of that service. For example, the file: .(b hosts dns files nis aliases files nis .)b will ask .i sendmail to look for hosts in the Domain Name System first. If the requested host name is not found, it tries local files, and if that fails it tries NIS. Similarly, when looking for aliases it will try the local files first followed by NIS. .pp Service switches are not completely integrated. For example, despite the fact that the host entry listed in the above example specifies to look in NIS, on SunOS this won't happen because the system implementation of .i gethostbyname \|(3) doesn't understand this. If there is enough demand .i sendmail may reimplement .i gethostbyname \|(3), .i gethostbyaddr \|(3), .i getpwent \|(3), and the other system routines that would be necessary to make this work seamlessly. .sh 2 "The Alias Database" .pp After recipient addresses are read from the SMTP connection or command line they are parsed by ruleset 0, which must resolve to a {\c .i mailer , .i host , .i address } triple. If the flags selected by the .i mailer include the .b A (aliasable) flag, the .i address part of the triple is looked up as the key (i.e., the left hand side) into the alias database. If there is a match, the address is deleted from the send queue and all addresses on the right hand side of the alias are added in place of the alias that was found. This is a recursive operation, so aliases found in the right hand side of the alias are similarly expanded. .pp The alias database exists in two forms. One is a text form, maintained in the file .i /etc/mail/aliases. The aliases are of the form .(b name: name1, name2, ... .)b Only local names may be aliased; e.g., .(b eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU .)b will not have the desired effect (except on prep.ai.MIT.EDU, and they probably don't want me)\**. .(f \**Actually, any mailer that has the `A' mailer flag set will permit aliasing; this is normally limited to the local mailer. .)f Aliases may be continued by starting any continuation lines with a space or a tab or by putting a backslash directly before the newline. Blank lines and lines beginning with a sharp sign (\c .q # ) are comments. .pp The second form is processed by the .i ndbm \|(3)\** .(f \**The .i gdbm package does not work. .)f or the Berkeley DB library. This form is in the file .i /etc/mail/aliases.db (if using NEWDB) or .i /etc/mail/aliases.dir and .i /etc/mail/aliases.pag (if using NDBM). This is the form that .i sendmail actually uses to resolve aliases. This technique is used to improve performance. .pp The control of search order is actually set by the service switch. Essentially, the entry .(b O AliasFile=switch:aliases .)b is always added as the first alias entry; also, the first alias file name without a class (e.g., without .q nis: on the front) will be used as the name of the file for a ``files'' entry in the aliases switch. For example, if the configuration file contains .(b O AliasFile=/etc/mail/aliases .)b and the service switch contains .(b aliases nis files nisplus .)b then aliases will first be searched in the NIS database, then in /etc/mail/aliases, then in the NIS+ database. .pp You can also use .sm NIS -based alias files. For example, the specification: .(b O AliasFile=/etc/mail/aliases O AliasFile=nis:mail.aliases@my.nis.domain .)b will first search the /etc/mail/aliases file and then the map named .q mail.aliases in .q my.nis.domain . Warning: if you build your own .sm NIS -based alias files, be sure to provide the .b \-l flag to .i makedbm (8) to map upper case letters in the keys to lower case; otherwise, aliases with upper case letters in their names won't match incoming addresses. .pp Additional flags can be added after the colon exactly like a .b K line \(em for example: .(b O AliasFile=nis:\-N mail.aliases@my.nis.domain .)b will search the appropriate NIS map and always include null bytes in the key. Also: .(b O AliasFile=nis:\-f mail.aliases@my.nis.domain .)b will prevent sendmail from downcasing the key before the alias lookup. .sh 3 "Rebuilding the alias database" .pp The .i hash or .i dbm version of the database may be rebuilt explicitly by executing the command .(b newaliases .)b This is equivalent to giving .i sendmail the .b \-bi flag: .(b /usr/\*(SD/sendmail \-bi .)b .pp If the .b RebuildAliases (old .b D ) option is specified in the configuration, .i sendmail will rebuild the alias database automatically if possible when it is out of date. Auto-rebuild can be dangerous on heavily loaded machines with large alias files; if it might take more than the rebuild timeout (option .b AliasWait , old .b a , which is normally five minutes) to rebuild the database, there is a chance that several processes will start the rebuild process simultaneously. .pp If you have multiple aliases databases specified, the .b \-bi flag rebuilds all the database types it understands (for example, it can rebuild NDBM databases but not NIS databases). .sh 3 "Potential problems" .pp There are a number of problems that can occur with the alias database. They all result from a .i sendmail process accessing the DBM version while it is only partially built. This can happen under two circumstances: One process accesses the database while another process is rebuilding it, or the process rebuilding the database dies (due to being killed or a system crash) before completing the rebuild. .pp Sendmail has three techniques to try to relieve these problems. First, it ignores interrupts while rebuilding the database; this avoids the problem of someone aborting the process leaving a partially rebuilt database. Second, it locks the database source file during the rebuild \(em but that may not work over NFS or if the file is unwritable. Third, at the end of the rebuild it adds an alias of the form .(b @: @ .)b (which is not normally legal). Before .i sendmail will access the database, it checks to insure that this entry exists\**. .(f \**The .b AliasWait option is required in the configuration for this action to occur. This should normally be specified. .)f .sh 3 "List owners" .pp If an error occurs on sending to a certain address, say .q \fIx\fP , .i sendmail will look for an alias of the form .q owner-\fIx\fP to receive the errors. This is typically useful for a mailing list where the submitter of the list has no control over the maintenance of the list itself; in this case the list maintainer would be the owner of the list. For example: .(b unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, sam@matisse owner-unix-wizards: unix-wizards-request unix-wizards-request: eric@ucbarpa .)b would cause .q eric@ucbarpa to get the error that will occur when someone sends to unix-wizards due to the inclusion of .q nosuchuser on the list. .pp List owners also cause the envelope sender address to be modified. The contents of the owner alias are used if they point to a single user, otherwise the name of the alias itself is used. For this reason, and to obey Internet conventions, the .q owner- address normally points at the .q -request address; this causes messages to go out with the typical Internet convention of using ``\c .i list -request'' as the return address. .sh 2 "User Information Database" .pp If you have a version of .i sendmail with the user information database compiled in, and you have specified one or more databases using the .b U option, the databases will be searched for a .i user :maildrop entry. If found, the mail will be sent to the specified address. .sh 2 "Per-User Forwarding (.forward Files)" .pp As an alternative to the alias database, any user may put a file with the name .q .forward in his or her home directory. If this file exists, .i sendmail redirects mail for that user to the list of addresses listed in the .forward file. Note that aliases are fully expanded before forward files are referenced. For example, if the home directory for user .q mckusick has a .forward file with contents: .(b mckusick@ernie kirk@calder .)b then any mail arriving for .q mckusick will be redirected to the specified accounts. .pp Actually, the configuration file defines a sequence of filenames to check. By default, this is the user's .forward file, but can be defined to be more generally using the .b ForwardPath option. If you change this, you will have to inform your user base of the change; \&.forward is pretty well incorporated into the collective subconscious. .sh 2 "Special Header Lines" .pp Several header lines have special interpretations defined by the configuration file. Others have interpretations built into .i sendmail that cannot be changed without changing the code. These builtins are described here. .sh 3 "Errors-To:" .pp If errors occur anywhere during processing, this header will cause error messages to go to the listed addresses. This is intended for mailing lists. .pp The Errors-To: header was created in the bad old days when UUCP didn't understand the distinction between an envelope and a header; this was a hack to provide what should now be passed as the envelope sender address. It should go away. It is only used if the .b UseErrorsTo option is set. .pp The Errors-To: header is officially deprecated and will go away in a future release. .sh 3 "Apparently-To:" .pp RFC 822 requires at least one recipient field (To:, Cc:, or Bcc: line) in every message. If a message comes in with no recipients listed in the message then .i sendmail will adjust the header based on the .q NoRecipientAction option. One of the possible actions is to add an .q "Apparently-To:" header line for any recipients it is aware of. .pp The Apparently-To: header is non-standard and is deprecated. .sh 3 "Precedence" .pp The Precedence: header can be used as a crude control of message priority. It tweaks the sort order in the queue and can be configured to change the message timeout values. The precedence of a message also controls how delivery status notifications (DSNs) are processed for that message. .sh 2 "IDENT Protocol Support" .pp .i Sendmail supports the IDENT protocol as defined in RFC 1413. Note that the RFC states a client should wait at least 30 seconds for a response. The default Timeout.ident is 5 seconds as many sites have adopted the practice of dropping IDENT queries. This has lead to delays processing mail. Although this enhances identification of the author of an email message by doing a ``call back'' to the originating system to include the owner of a particular TCP connection in the audit trail it is in no sense perfect; a determined forger can easily spoof the IDENT protocol. The following description is excerpted from RFC 1413: .ba +5 .lp 6. Security Considerations .lp The information returned by this protocol is at most as trustworthy as the host providing it OR the organization operating the host. For example, a PC in an open lab has few if any controls on it to prevent a user from having this protocol return any identifier the user wants. Likewise, if the host has been compromised the information returned may be completely erroneous and misleading. .lp The Identification Protocol is not intended as an authorization or access control protocol. At best, it provides some additional auditing information with respect to TCP connections. At worst, it can provide misleading, incorrect, or maliciously incorrect information. .lp The use of the information returned by this protocol for other than auditing is strongly discouraged. Specifically, using Identification Protocol information to make access control decisions - either as the primary method (i.e., no other checks) or as an adjunct to other methods may result in a weakening of normal host security. .lp An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply to the CallerID service apply to Identification. If you wouldn't run a "finger" server due to privacy considerations you may not want to run this protocol. .ba .lp In some cases your system may not work properly with IDENT support due to a bug in the TCP/IP implementation. The symptoms will be that for some hosts the SMTP connection will be closed almost immediately. If this is true or if you do not want to use IDENT, you should set the IDENT timeout to zero; this will disable the IDENT protocol. .sh 1 "ARGUMENTS" .pp The complete list of arguments to .i sendmail is described in detail in Appendix A. Some important arguments are described here. .sh 2 "Queue Interval" .pp The amount of time between forking a process to run through the queue is defined by the .b \-q flag. If you run with delivery mode set to .b i or .b b this can be relatively large, since it will only be relevant when a host that was down comes back up. If you run in .b q mode it should be relatively short, since it defines the maximum amount of time that a message may sit in the queue. (See also the MinQueueAge option.) .pp RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes (although that probably doesn't make sense if you use ``queue-only'' mode). .sh 2 "Daemon Mode" .pp If you allow incoming mail over an IPC connection, you should have a daemon running. This should be set by your .i /etc/rc file using the .b \-bd flag. The .b \-bd flag and the .b \-q flag may be combined in one call: .(b /usr/\*(SD/sendmail \-bd \-q30m .)b .pp An alternative approach is to invoke sendmail from .i inetd (8) (use the .b \-bs flag to ask sendmail to speak SMTP on its standard input and output). This works and allows you to wrap .i sendmail in a TCP wrapper program, but may be a bit slower since the configuration file has to be re-read on every message that comes in. If you do this, you still need to have a .i sendmail running to flush the queue: .(b /usr/\*(SD/sendmail \-q30m .)b .sh 2 "Forcing the Queue" .pp In some cases you may find that the queue has gotten clogged for some reason. You can force a queue run using the .b \-q flag (with no value). It is entertaining to use the .b \-v flag (verbose) when this is done to watch what happens: .(b /usr/\*(SD/sendmail \-q \-v .)b .pp You can also limit the jobs to those with a particular queue identifier, sender, or recipient using one of the queue modifiers. For example, .q \-qRberkeley restricts the queue run to jobs that have the string .q berkeley somewhere in one of the recipient addresses. Similarly, .q \-qSstring limits the run to particular senders and .q \-qIstring limits it to particular queue identifiers. .sh 2 "Debugging" .pp There are a fairly large number of debug flags built into .i sendmail . Each debug flag has a number and a level, where higher levels means to print out more information. The convention is that levels greater than nine are .q absurd, i.e., they print out so much information that you wouldn't normally want to see them except for debugging that particular piece of code. Debug flags are set using the .b \-d option; the syntax is: .(b .ta \w'debug-option 'u debug-flag: \fB\-d\fP debug-list debug-list: debug-option [ , debug-option ]* debug-option: debug-range [ . debug-level ] debug-range: integer | integer \- integer debug-level: integer .)b where spaces are for reading ease only. For example, .(b \-d12 Set flag 12 to level 1 \-d12.3 Set flag 12 to level 3 \-d3\-17 Set flags 3 through 17 to level 1 \-d3\-17.4 Set flags 3 through 17 to level 4 .)b For a complete list of the available debug flags you will have to look at the code and the .i TRACEFLAGS file in the sendmail distribution (they are too dynamic to keep this document up to date). .sh 2 "Changing the Values of Options" .pp Options can be overridden using the .b \-o or .b \-O command line flags. For example, .(b /usr/\*(SD/sendmail \-oT2m .)b sets the .b T (timeout) option to two minutes for this run only; the equivalent line using the long option name is .(b /usr/\*(SD/sendmail -OTimeout.queuereturn=2m .)b .pp Some options have security implications. Sendmail allows you to set these, but relinquishes its setuid root permissions thereafter\**. .(f \**That is, it sets its effective uid to the real uid; thus, if you are executing as root, as from root's crontab file or during system startup the root permissions will still be honored. .)f .sh 2 "Trying a Different Configuration File" .pp An alternative configuration file can be specified using the .b \-C flag; for example, .(b /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue .)b uses the configuration file .i test.cf instead of the default .i /etc/mail/sendmail.cf. If the .b \-C flag has no value it defaults to .i sendmail.cf in the current directory. .pp .i Sendmail gives up its setuid root permissions when you use this flag, so it is common to use a publicly writable directory (such as /tmp) as the queue directory (QueueDirectory or Q option) while testing. .sh 2 "Logging Traffic" .pp Many SMTP implementations do not fully implement the protocol. For example, some personal computer based SMTPs do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging using the .b \-X flag. For example, .(b /usr/\*(SD/sendmail \-X /tmp/traffic \-bd .)b will log all traffic in the file .i /tmp/traffic . .pp This logs a lot of data very quickly and should .b NEVER be used during normal operations. After starting up such a daemon, force the errant implementation to send a message to your host. All message traffic in and out of .i sendmail , including the incoming SMTP traffic, will be logged in this file. .sh 2 "Testing Configuration Files" .pp When you build a configuration table, you can do a certain amount of testing using the .q "test mode" of .i sendmail . For example, you could invoke .i sendmail as: .(b sendmail \-bt \-Ctest.cf .)b which would read the configuration file .q test.cf and enter test mode. In this mode, you enter lines of the form: .(b rwset address .)b where .i rwset is the rewriting set you want to use and .i address is an address to apply the set to. Test mode shows you the steps it takes as it proceeds, finally showing you the address it ends up with. You may use a comma separated list of rwsets for sequential application of rules to an input. For example: .(b 3,1,21,4 monet:bollard .)b first applies ruleset three to the input .q monet:bollard. Ruleset one is then applied to the output of ruleset three, followed similarly by rulesets twenty-one and four. .pp If you need more detail, you can also use the .q \-d21 flag to turn on more debugging. For example, .(b sendmail \-bt \-d21.99 .)b turns on an incredible amount of information; a single word address is probably going to print out several pages worth of information. .pp You should be warned that internally, .i sendmail applies ruleset 3 to all addresses. In test mode you will have to do that manually. For example, older versions allowed you to use .(b 0 bruce@broadcast.sony.com .)b This version requires that you use: .(b 3,0 bruce@broadcast.sony.com .)b .pp As of version 8.7, some other syntaxes are available in test mode: .bu \&.D\|x\|value defines macro .i x to have the indicated .i value . This is useful when debugging rules that use the .b $& \c .i x syntax. .bu \&.C\|c\|value adds the indicated .i value to class .i c . .bu \&.S\|ruleset dumps the contents of the indicated ruleset. .bu \-d\|debug-spec is equivalent to the command-line flag. .sh 2 "Persistent Host Status Information" .pp When .b HostStatusDirectory is enabled, information about the status of hosts is maintained on disk and can thus be shared between different instantiations of .i sendmail . The status of the last connection with each remote host may be viewed with the command: .(b sendmail \-bh .)b This information may be flushed with the command: .(b sendmail \-bH .)b Flushing the information prevents new .i sendmail processes from loading it, but does not prevent existing processes from using the status information that they already have. .sh 1 "TUNING" .pp There are a number of configuration parameters you may want to change, depending on the requirements of your site. Most of these are set using an option in the configuration file. For example, the line .q "O Timeout.queuereturn=5d" sets option .q Timeout.queuereturn to the value .q 5d (five days). .pp Most of these options have appropriate defaults for most sites. However, sites having very high mail loads may find they need to tune them as appropriate for their mail load. In particular, sites experiencing a large number of small messages, many of which are delivered to many recipients, may find that they need to adjust the parameters dealing with queue priorities. .pp All versions of .i sendmail prior to 8.7 had single character option names. As of 8.7, options have long (multi-character names). Although old short names are still accepted, most new options do not have short equivalents. .pp This section only describes the options you are most likely to want to tweak; read section .\"XREF 5 for more details. .sh 2 "Timeouts" .pp All time intervals are set using a scaled syntax. For example, .q 10m represents ten minutes, whereas .q 2h30m represents two and a half hours. The full set of scales is: .(b .ta 4n s seconds m minutes h hours d days w weeks .)b .sh 3 "Queue interval" .pp The argument to the .b \-q flag specifies how often a sub-daemon will run the queue. This is typically set to between fifteen minutes and one hour. If not set, or set to zero, the queue will not be run automatically. RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes. .sh 3 "Read timeouts" .pp Timeouts all have option names .q Timeout.\fIsuboption\fP . The recognized .i suboption s, their default values, and the minimum values allowed by RFC 1123 section 5.3.2 are: .nr ii 1i .ip connect The time to wait for an SMTP connection to open (the .i connect (2) system call) [0, unspecified]. If zero, uses the kernel default. In no case can this option extend the timeout longer than the kernel provides, but it can shorten it. This is to get around kernels that provide an absurdly long connection timeout (90 minutes in one case). .ip iconnect The same as .i connect, except it applies only to the initial attempt to connect to a host for a given message [0, unspecified]. The concept is that this should be very short (a few seconds); hosts that are well connected and responsive will thus be serviced immediately. Hosts that are slow will not hold up other deliveries in the initial delivery attempt. .ip initial The wait for the initial 220 greeting message [5m, 5m]. .ip helo The wait for a reply from a HELO or EHLO command [5m, unspecified]. This may require a host name lookup, so five minutes is probably a reasonable minimum. .ip mail\(dg The wait for a reply from a MAIL command [10m, 5m]. .ip rcpt\(dg The wait for a reply from a RCPT command [1h, 5m]. This should be long because it could be pointing at a list that takes a long time to expand (see below). .ip datainit\(dg The wait for a reply from a DATA command [5m, 2m]. .ip datablock\(dg\(dd The wait for reading a data block (that is, the body of the message). [1h, 3m]. This should be long because it also applies to programs piping input to .i sendmail which have no guarantee of promptness. .ip datafinal\(dg The wait for a reply from the dot terminating a message. [1h, 10m]. If this is shorter than the time actually needed for the receiver to deliver the message, duplicates will be generated. This is discussed in RFC 1047. .ip rset The wait for a reply from a RSET command [5m, unspecified]. .ip quit The wait for a reply from a QUIT command [2m, unspecified]. .ip misc The wait for a reply from miscellaneous (but short) commands such as NOOP (no-operation) and VERB (go into verbose mode). [2m, unspecified]. .ip command\(dg\(dd In server SMTP, the time to wait for another command. [1h, 5m]. .ip ident\(dd The timeout waiting for a reply to an IDENT query [30s\**, unspecified]. .(f \**On some systems the default is zero to turn the protocol off entirely. .)f .ip fileopen\(dd The timeout for opening .forward and :include: files [60s, none]. .ip control\(dd The timeout for a complete control socket transaction to complete [2m, none]. .ip hoststatus\(dd How long status information about a host (e.g., host down) will be cached before it is considered stale [30m, unspecified]. .ip resolver.retrans The resolver's retransmission time interval (in seconds) [varies]. Sets both .i Timeout.resolver.retrans.first and .i Timeout.resolver.retrans.normal . .ip resolver.retrans.first The resolver's retransmission time interval (in seconds) for the first attempt to deliver a message [varies]. .ip resolver.retrans.normal The resolver's retransmission time interval (in seconds) for all resolver lookups except the first delivery attempt [varies]. .ip resolver.retry The number of times to retransmit a resolver query. Sets both .i Timeout.resolver.retry.first and .i Timeout.resolver.retry.normal [varies]. .ip resolver.retry.first The number of times to retransmit a resolver query for the first attempt to deliver a message [varies]. .ip resolver.retry.normal The number of times to retransmit a resolver query for all resolver lookups except the first delivery attempt [varies]. .lp For compatibility with old configuration files, if no .i suboption is specified, all the timeouts marked with a dagger (\(dg) are set to the indicated value. All but those marked with a double dagger (\(dd) apply to client SMTP. .pp Many of the RFC 1123 minimum values may well be too short. .i Sendmail was designed to the RFC 822 protocols, which did not specify read timeouts; hence, versions of .i sendmail prior to version 8.1 did not guarantee to reply to messages promptly. In particular, a .q RCPT command specifying a mailing list will expand and verify the entire list; a large list on a slow system may easily take more than five minutes\**. .(f \**This verification includes looking up every address with the name server; this involves network delays, and can in some cases can be considerable. .)f I recommend a one hour timeout \*- since a communications failure during the RCPT phase is rare, a long timeout is not onerous and may ultimately help reduce network load and duplicated messages. .pp For example, the lines: .(b O Timeout.command=25m O Timeout.datablock=3h .)b sets the server SMTP command timeout to 25 minutes and the input data block timeout to three hours. .sh 3 "Message timeouts" .pp After sitting in the queue for a few days, a message will time out. This is to insure that at least the sender is aware of the inability to send a message. The timeout is typically set to five days. It is sometimes considered convenient to also send a warning message if the message is in the queue longer than a few hours (assuming you normally have good connectivity; if your messages normally took several hours to send you wouldn't want to do this because it wouldn't be an unusual event). These timeouts are set using the .b Timeout.queuereturn and .b Timeout.queuewarn options in the configuration file (previously both were set using the .b T option). .pp If the message is submitted using the .sm NOTIFY .sm SMTP extension, warning messages will only be sent if .sm NOTIFY=DELAY is specified. The queuereturn and queuewarn timeouts can be further qualified with a tag based on the Precedence: field in the message; they must be one of .q urgent (indicating a positive non-zero precedence) .q normal (indicating a zero precedence), or .q non-urgent (indicating negative precedences). For example, setting .q Timeout.queuewarn.urgent=1h sets the warning timeout for urgent messages only to one hour. The default if no precedence is indicated is to set the timeout for all precedences. The value "now" can be used for -O Timeout.queuereturn to return entries immediately during a queue run, e.g., to bounce messages independent of their time in the queue. .pp Since these options are global, and since you can not know .i "a priori" how long another host outside your domain will be down, a five day timeout is recommended. This allows a recipient to fix the problem even if it occurs at the beginning of a long weekend. RFC 1123 section 5.3.1.1 says that this parameter should be ``at least 4\-5 days''. .pp The .b Timeout.queuewarn value can be piggybacked on the .b T option by indicating a time after which a warning message should be sent; the two timeouts are separated by a slash. For example, the line .(b OT5d/4h .)b causes email to fail after five days, but a warning message will be sent after four hours. This should be large enough that the message will have been tried several times. .sh 2 "Forking During Queue Runs" .pp By setting the .b ForkEachJob (\c .b Y ) option, .i sendmail will fork before each individual message while running the queue. This will prevent .i sendmail from consuming large amounts of memory, so it may be useful in memory-poor environments. However, if the .b ForkEachJob option is not set, .i sendmail will keep track of hosts that are down during a queue run, which can improve performance dramatically. .pp If the .b ForkEachJob option is set, .i sendmail can not use connection caching. .sh 2 "Queue Priorities" .pp Every message is assigned a priority when it is first instantiated, consisting of the message size (in bytes) offset by the message class (which is determined from the Precedence: header) times the .q "work class factor" and the number of recipients times the .q "work recipient factor." The priority is used to order the queue. Higher numbers for the priority mean that the message will be processed later when running the queue. .pp The message size is included so that large messages are penalized relative to small messages. The message class allows users to send .q "high priority" messages by including a .q Precedence: field in their message; the value of this field is looked up in the .b P lines of the configuration file. Since the number of recipients affects the amount of load a message presents to the system, this is also included into the priority. .pp The recipient and class factors can be set in the configuration file using the .b RecipientFactor (\c .b y ) and .b ClassFactor (\c .b z ) options respectively. They default to 30000 (for the recipient factor) and 1800 (for the class factor). The initial priority is: .EQ pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor) .EN (Remember, higher values for this parameter actually mean that the job will be treated with lower priority.) .pp The priority of a job can also be adjusted each time it is processed (that is, each time an attempt is made to deliver it) using the .q "work time factor," set by the .b RetryFactor (\c .b Z ) option. This is added to the priority, so it normally decreases the precedence of the job, on the grounds that jobs that have failed many times will tend to fail again in the future. The .b RetryFactor option defaults to 90000. .sh 2 "Load Limiting" .pp .i Sendmail can be asked to queue (but not deliver) mail if the system load average gets too high using the .b QueueLA (\c .b x ) option. When the load average exceeds the value of the .b QueueLA option, the delivery mode is set to .b q (queue only) if the .b QueueFactor (\c .b q ) option divided by the difference in the current load average and the .b QueueLA option plus one exceeds the priority of the message \(em that is, the message is queued iff: .EQ pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 } .EN The .b QueueFactor option defaults to 600000, so each point of load average is worth 600000 priority points (as described above). .pp For drastic cases, the .b RefuseLA (\c .b X ) option defines a load average at which .i sendmail will refuse to accept network connections. Locally generated mail (including incoming UUCP mail) is still accepted. .sh 2 "Delivery Mode" .pp There are a number of delivery modes that .i sendmail can operate in, set by the .b DeliveryMode (\c .b d ) configuration option. These modes specify how quickly mail will be delivered. Legal modes are: .(b .ta 4n i deliver interactively (synchronously) b deliver in background (asynchronously) q queue only (don't deliver) d defer delvery attempts (don't deliver) .)b There are tradeoffs. Mode .q i gives the sender the quickest feedback, but may slow down some mailers and is hardly ever necessary. Mode .q b delivers promptly but can cause large numbers of processes if you have a mailer that takes a long time to deliver a message. Mode .q q minimizes the load on your machine, but means that delivery may be delayed for up to the queue interval. Mode .q d is identical to mode .q q except that it also prevents all the early map lookups from working; it is intended for ``dial on demand'' sites where DNS lookups might cost real money. Some simple error messages (e.g., host unknown during the SMTP protocol) will be delayed using this mode. Mode .q b is the usual default. .pp If you run in mode .q q (queue only), .q d (defer), or .q b (deliver in background) .i sendmail will not expand aliases and follow .forward files upon initial receipt of the mail. This speeds up the response to RCPT commands. Mode .q i cannot be used by the SMTP server. .sh 2 "Log Level" .pp The level of logging can be set for .i sendmail . The default using a standard configuration table is level 9. The levels are as follows: .nr ii 0.5i .ip 0 Minimal logging. .ip 1 Serious system failures and potential security problems. .ip 2 Lost communications (network problems) and protocol failures. .ip 3 Other serious failures, malformed addresses, transient forward/include errors, connection timeouts. .ip 4 Minor failures, out of date alias databases, connection rejections via check_ rulesets. .ip 5 Message collection statistics. .ip 6 Creation of error messages, VRFY and EXPN commands. .ip 7 Delivery failures (host or user unknown, etc.). .ip 8 Successful deliveries and alias database rebuilds. .ip 9 Messages being deferred (due to a host being down, etc.). .ip 10 Database expansion (alias, forward, and userdb lookups) and authentication information. .ip 11 NIS errors and end of job processing. .ip 12 Logs all SMTP connections. .ip 13 Log bad user shells, files with improper permissions, and other questionable situations. .ip 14 Logs refused connections. .ip 15 Log all incoming and outgoing SMTP commands. .ip 20 Logs attempts to run locked queue files. These are not errors, but can be useful to note if your queue appears to be clogged. .ip 30 Lost locks (only if using lockf instead of flock). .lp Additionally, values above 64 are reserved for extremely verbose debugging output. No normal site would ever set these. .sh 2 "File Modes" .pp The modes used for files depend on what functionality you want and the level of security you require. In many cases .i sendmail does careful checking of the modes of files and directories to avoid accidental compromise; if you want to make it possible to have group-writable support files you may need to use the .b DontBlameSendmail option to turn off some of these checks. .sh 3 "To suid or not to suid?" .pp .i Sendmail is normally installed setuid to root. At the point where it is about to .i exec \|(2) a mailer, it checks to see if the userid is zero (root); if so, it resets the userid and groupid to a default (set by the .b U= equate in the mailer line; if that is not set, the .b DefaultUser option is used). This can be overridden by setting the .b S flag to the mailer for mailers that are trusted and must be called as root. However, this will cause mail processing to be accounted (using .i sa \|(8)) to root rather than to the user sending the mail. .pp If you don't make .i sendmail setuid to root, it will still run but you lose a lot of functionality and a lot of privacy, since you'll have to make the queue directory world readable. You could also make .i sendmail setuid to some pseudo-user (e.g., create a user called .q sendmail and make .i sendmail setuid to that) which will fix the privacy problems but not the functionality issues. It also introduces problems on some operating systems if sendmail needs to give up the setuid special privileges. Also, this isn't a guarantee of security: for example, root occasionally sends mail, and the daemon often runs as root. Note however that .i sendmail must run as root or the trusted user in order to create the SMTP listener socket. .pp A middle ground is to make .i sendmail setuid to root, but set the .b RunAsUser option. This causes .i sendmail to become the indicated user as soon as it has done the startup that requires root privileges (primarily, opening the .sm SMTP socket). If you use .b RunAsUser , the queue directory (normally .i /var/spool/mqueue ) should be owned by that user, and all files and databases (including user .i \&.forward files, alias files, :include: files, and external databases) must be readable by that user. Also, since sendmail will not be able to change it's uid, delivery to programs or files will be marked as unsafe, e.g., undeliverable, in .i \&.forward , aliases, and :include: files. Administrators can override this by setting the .b DontBlameSendmail option to the setting .b NonRootSafeAddr . .b RunAsUser is probably best suited for firewall configurations that don't have regular user logins. .sh 3 "Turning off security checks" .pp .i Sendmail is very particular about the modes of files that it reads or writes. For example, by default it will refuse to read most files that are group writable on the grounds that they might have been tampered with by someone other than the owner; it will even refuse to read files in group writable directories. .pp If you are .i quite sure that your configuration is safe and you want .i sendmail to avoid these security checks, you can turn off certain checks using the .b DontBlameSendmail option. This option takes one or more names that disable checks. In the descriptions that follow, .q "unsafe directory" means a directory that is writable by anyone other than the owner. The values are: .nr ii 0.5i .ip Safe No special handling. .ip AssumeSafeChown Assume that the .i chown system call is restricted to root. Since some versions of UNIX permit regular users to give away their files to other users on some filesystems, .i sendmail often cannot assume that a given file was created by the owner, particularly when it is in a writable directory. You can set this flag if you know that file giveaway is restricted on your system. .ip ClassFileInUnsafeDirPath When reading class files (using the .b F line in the configuration file), allow files that are in unsafe directories. .ip DontWarnForwardFileInUnsafeDirPath Prevent logging of unsafe directory path warnings for non-existent forward files. .ip ErrorHeaderInUnsafeDirPath Allow the file named in the .b ErrorHeader option to be in an unsafe directory. .ip FileDeliveryToHardLink Allow delivery to files that are hard links. .ip FileDeliveryToSymLink Allow delivery to files that are symbolic links. .ip ForwardFileInGroupWritableDirPath Allow .i \&.forward files in group writable directories. .ip ForwardFileInUnsafeDirPath Allow .i \&.forward files in unsafe directories. .ip ForwardFileInUnsafeDirPathSafe Allow a .i \&.forward file that is in an unsafe directory to include references to program and files. .ip GroupWritableAliasFile Allow group-writable alias files. .ip GroupWritableDirPathSafe Change the definition of .q "unsafe directory" to consider group-writable directories to be safe. World-writable directories are always unsafe. .ip GroupWritableForwardFileSafe Accept group-writable .i \&.forward files as safe for program and file delivery. .ip GroupWritableIncludeFileSafe Accept group-writable .i :include: files as safe for program and file delivery. .ip HelpFileInUnsafeDirPath Allow the file named in the .b HelpFile option to be in an unsafe directory. .ip IncludeFileInGroupWritableDirPath Allow .i :include: files in group writable directories. .ip IncludeFileInUnsafeDirPath Allow .i :include: files in unsafe directories. .ip IncludeFileInUnsafeDirPathSafe Allow a .i :include: file that is in an unsafe directory to include references to program and files. .ip InsufficientEntropy Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded despite the security problems. .ip LinkedAliasFileInWritableDir Allow an alias file that is a link in a writable directory. .ip LinkedClassFileInWritableDir Allow class files that are links in writable directories. .ip LinkedForwardFileInWritableDir Allow .i \&.forward files that are links in writable directories. .ip LinkedIncludeFileInWritableDir Allow .i :include: files that are links in writable directories. .ip LinkedMapInWritableDir Allow map files that are links in writable directories. .ip LinkedServiceSwitchFileInWritableDir Allow the service switch file to be a link even if the directory is writable. .ip MapInUnsafeDirPath Allow maps (e.g., .i hash , .i btree , and .i dbm files) in unsafe directories. .ip NonRootSafeAddr Do not mark file and program deliveries as unsafe if sendmail is not running with root privileges. .ip RunProgramInUnsafeDirPath Go ahead and run programs that are in writable directories. .ip RunWritableProgram Go ahead and run programs that are group- or world-writable. .ip TrustStickyBit Allow group or world writable directories if the sticky bit is set on the directory. Do not set this on systems which do not honor the sticky bit on directories. .ip WorldWritableAliasFile Accept world-writable alias files. .ip WriteMapToHardLink Allow writes to maps that are hard links. .ip WriteMapToSymLink Allow writes to maps that are symbolic links. .ip WriteStatsToHardLink Allow the status file to be a hard link. .ip WriteStatsToSymLink Allow the status file to be a symbolic link. .sh 2 "Connection Caching" .pp When processing the queue, .i sendmail will try to keep the last few open connections open to avoid startup and shutdown costs. This only applies to IPC connections. .pp When trying to open a connection the cache is first searched. If an open connection is found, it is probed to see if it is still active by sending a .sm RSET command. It is not an error if this fails; instead, the connection is closed and reopened. .pp Two parameters control the connection cache. The .b ConnectionCacheSize (\c .b k ) option defines the number of simultaneous open connections that will be permitted. If it is set to zero, connections will be closed as quickly as possible. The default is one. This should be set as appropriate for your system size; it will limit the amount of system resources that .i sendmail will use during queue runs. Never set this higher than 4. .pp The .b ConnectionCacheTimeout (\c .b K ) option specifies the maximum time that any cached connection will be permitted to idle. When the idle time exceeds this value the connection is closed. This number should be small (under ten minutes) to prevent you from grabbing too many resources from other hosts. The default is five minutes. .sh 2 "Name Server Access" .pp Control of host address lookups is set by the .b hosts service entry in your service switch file. If you are on a system that has built-in service switch support (e.g., Ultrix, Solaris, or DEC OSF/1) then your system is probably configured properly already. Otherwise, .i sendmail will consult the file .b /etc/mail/service.switch , which should be created. .i Sendmail only uses two entries: .b hosts and .b aliases , although system routines may use other services (notably the .b passwd service for user name lookups by .i getpwname ). .pp However, some systems (such as SunOS 4.X) will do DNS lookups regardless of the setting of the service switch entry. In particular, the system routine .i gethostbyname (3) is used to look up host names, and many vendor versions try some combination of DNS, NIS, and file lookup in /etc/hosts without consulting a service switch. .i Sendmail makes no attempt to work around this problem, and the DNS lookup will be done anyway. If you do not have a nameserver configured at all, such as at a UUCP-only site, .i sendmail will get a .q "connection refused" message when it tries to connect to the name server. If the .b hosts switch entry has the service .q dns listed somewhere in the list, .i sendmail will interpret this to mean a temporary failure and will queue the mail for later processing; otherwise, it ignores the name server data. .pp The same technique is used to decide whether to do MX lookups. If you want MX support, you .i must have .q dns listed as a service in the .b hosts switch entry. .pp The .b ResolverOptions (\c .b I ) option allows you to tweak name server options. The command line takes a series of flags as documented in .i resolver (3) (with the leading .q RES_ deleted). Each can be preceded by an optional `+' or `\(mi'. For example, the line .(b O ResolverOptions=+AAONLY \(miDNSRCH .)b turns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the domain path) options. Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. You can also include .q HasWildcardMX to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonifying names, which can lead to inappropriate canonifications. .pp Version level 1 configurations turn DNSRCH and DEFNAMES off when doing delivery lookups, but leave them on everywhere else. Version 8 of .i sendmail ignores them when doing canonification lookups (that is, when using $[ ... $]), and always does the search. If you don't want to do automatic name extension, don't call $[ ... $]. .pp The search rules for $[ ... $] are somewhat different than usual. If the name being looked up has at least one dot, it always tries the unmodified name first. If that fails, it tries the reduced search path, and lastly tries the unmodified name (but only for names without a dot, since names with a dot have already been tried). This allows names such as ``utc.CS'' to match the site in Czechoslovakia rather than the site in your local Computer Science department. It also prefers A and CNAME records over MX records \*- that is, if it finds an MX record it makes note of it, but keeps looking. This way, if you have a wildcard MX record matching your domain, it will not assume that all names match. .pp To completely turn off all name server access on systems without service switch support (such as SunOS 4.X) you will have to recompile with \-DNAMED_BIND=0 and remove \-lresolv from the list of libraries to be searched when linking. .sh 2 "Moving the Per-User Forward Files" .pp Some sites mount each user's home directory from a local disk on their workstation, so that local access is fast. However, the result is that .forward file lookups are slow. In some cases, mail can even be delivered on machines inappropriately because of a file server being down. The performance can be especially bad if you run the automounter. .pp The .b ForwardPath (\c .b J ) option allows you to set a path of forward files. For example, the config file line .(b O ForwardPath=/var/forward/$u:$z/.forward.$w .)b would first look for a file with the same name as the user's login in /var/forward; if that is not found (or is inaccessible) the file ``.forward.\c .i machinename '' in the user's home directory is searched. A truly perverse site could also search by sender by using $r, $s, or $f. .pp If you create a directory such as /var/forward, it should be mode 1777 (that is, the sticky bit should be set). Users should create the files mode 644. Note that you must use the forwardfileinunsafedirpath and forwardfileinunsafedirpathsafe flags with the DontBlameSendmail option to allow forward files in a world writable directory. This might also be used as a denial of service attack (users could create forward files for other users); a better approach might be to create /var/forward mode 755 and create empty files for each user, owned by that user, mode 644. If you do this, you don't have to set the DontBlameSendmail options indicated above. .sh 2 "Free Space" .pp On systems that have one of the system calls in the .i statfs (2) family (including .i statvfs and .i ustat ), you can specify a minimum number of free blocks on the queue filesystem using the .b MinFreeBlocks (\c .b b ) option. If there are fewer than the indicated number of blocks free on the filesystem on which the queue is mounted the SMTP server will reject mail with the 452 error code. This invites the SMTP client to try again later. .pp Beware of setting this option too high; it can cause rejection of email when that mail would be processed without difficulty. .sh 2 "Maximum Message Size" .pp To avoid overflowing your system with a large message, the .b MaxMessageSize option can be set to set an absolute limit on the size of any one message. This will be advertised in the ESMTP dialogue and checked during message collection. .sh 2 "Privacy Flags" .pp The .b PrivacyOptions (\c .b p ) option allows you to set certain ``privacy'' flags. Actually, many of them don't give you any extra privacy, rather just insisting that client SMTP servers use the HELO command before using certain commands or adding extra headers to indicate possible spoof attempts. .pp The option takes a series of flag names; the final privacy is the inclusive or of those flags. For example: .(b O PrivacyOptions=needmailhelo, noexpn .)b insists that the HELO or EHLO command be used before a MAIL command is accepted and disables the EXPN command. .pp The flags are detailed in section .\"XREF 5.6. .sh 2 "Send to Me Too" .pp Beginning with version 8.10, .i sendmail includes by default the (envelope) sender in any list expansions. For example, if .q matt sends to a list that contains .q matt as one of the members he will get a copy of the message. If the .b MeToo option is set to .sm FALSE (in the configuration file or via the command line), this behavior is changed, i.e., the (envelope) sender is excluded in list expansions. .sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE" .pp This section describes the configuration file in detail. .pp There is one point that should be made clear immediately: the syntax of the configuration file is designed to be reasonably easy to parse, since this is done every time .i sendmail starts up, rather than easy for a human to read or write. On the .q "future project" list is a configuration-file compiler. .pp The configuration file is organized as a series of lines, each of which begins with a single character defining the semantics for the rest of the line. Lines beginning with a space or a tab are continuation lines (although the semantics are not well defined in many places). Blank lines and lines beginning with a sharp symbol (`#') are comments. .sh 2 "R and S \*- Rewriting Rules" .pp The core of address parsing are the rewriting rules. These are an ordered production system. .i Sendmail scans through the set of rewriting rules looking for a match on the left hand side (LHS) of the rule. When a rule matches, the address is replaced by the right hand side (RHS) of the rule. .pp There are several sets of rewriting rules. Some of the rewriting sets are used internally and must have specific semantics. Other rewriting sets do not have specifically assigned semantics, and may be referenced by the mailer definitions or by other rewriting sets. .pp The syntax of these two commands are: .(b F .b S \c .i n .)b Sets the current ruleset being collected to .i n . If you begin a ruleset more than once it appends to the old definition. .(b F .b R \c .i lhs .i rhs .i comments .)b The fields must be separated by at least one tab character; there may be embedded spaces in the fields. The .i lhs is a pattern that is applied to the input. If it matches, the input is rewritten to the .i rhs . The .i comments are ignored. .pp Macro expansions of the form .b $ \c .i x are performed when the configuration file is read. A literal .b $ can be included using .b $$ . Expansions of the form .b $& \c .i x are performed at run time using a somewhat less general algorithm. This is intended only for referencing internally defined macros such as .b $h that are changed at runtime. .sh 3 "The left hand side" .pp The left hand side of rewriting rules contains a pattern. Normal words are simply matched directly. Metasyntax is introduced using a dollar sign. The metasymbols are: .(b .ta \w'\fB$=\fP\fIx\fP 'u \fB$*\fP Match zero or more tokens \fB$+\fP Match one or more tokens \fB$\-\fP Match exactly one token \fB$=\fP\fIx\fP Match any phrase in class \fIx\fP \fB$~\fP\fIx\fP Match any word not in class \fIx\fP .)b If any of these match, they are assigned to the symbol .b $ \c .i n for replacement on the right hand side, where .i n is the index in the LHS. For example, if the LHS: .(b $\-:$+ .)b is applied to the input: .(b UCBARPA:eric .)b the rule will match, and the values passed to the RHS will be: .(b .ta 4n $1 UCBARPA $2 eric .)b .pp Additionally, the LHS can include .b $@ to match zero tokens. This is .i not bound to a .b $ \c .i n on the RHS, and is normally only used when it stands alone in order to match the null input. .sh 3 "The right hand side" .pp When the left hand side of a rewriting rule matches, the input is deleted and replaced by the right hand side. Tokens are copied directly from the RHS unless they begin with a dollar sign. Metasymbols are: .(b .ta \w'$#mailer\0\0\0'u \fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS \fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP \fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP Generalized keyed mapping function \fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP \fB$#\fP\fImailer\fP Resolve to \fImailer\fP \fB$@\fP\fIhost\fP Specify \fIhost\fP \fB$:\fP\fIuser\fP Specify \fIuser\fP .)b .pp The .b $ \c .i n syntax substitutes the corresponding value from a .b $+ , .b $\- , .b $* , .b $= , or .b $~ match on the LHS. It may be used anywhere. .pp A host name enclosed between .b $[ and .b $] is looked up in the host database(s) and replaced by the canonical name\**. .(f \**This is actually completely equivalent to $(host \fIhostname\fP$). In particular, a .b $: default can be used. .)f For example, .q $[ftp$] might become .q ftp.CS.Berkeley.EDU and .q $[[128.32.130.2]$] would become .q vangogh.CS.Berkeley.EDU. .i Sendmail recognizes its numeric IP address without calling the name server and replaces it with its canonical name. .pp The .b $( \&... .b $) syntax is a more general form of lookup; it uses a named map instead of an implicit map. If no lookup is found, the indicated .i default is inserted; if no default is specified and no lookup matches, the value is left unchanged. The .i arguments are passed to the map for possible use. .pp The .b $> \c .i n syntax causes the remainder of the line to be substituted as usual and then passed as the argument to ruleset .i n . The final value of ruleset .i n then becomes the substitution for this rule. The .b $> syntax expands everything after the ruleset name to the end of the replacement string and then passes that as the initial input to the ruleset. Recursive calls are allowed. For example, .(b $>0 $>3 $1 .)b expands $1, passes that to ruleset 3, and then passes the result of ruleset 3 to ruleset 0. .pp The .b $# syntax should .i only be used in ruleset zero or a subroutine of ruleset zero. It causes evaluation of the ruleset to terminate immediately, and signals to .i sendmail that the address has completely resolved. The complete syntax is: .(b \fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP .)b This specifies the {mailer, host, user} 3-tuple necessary to direct the mailer. If the mailer is local the host part may be omitted\**. .(f \**You may want to use it for special .q "per user" extensions. For example, in the address .q jgm+foo@CMU.EDU ; the .q +foo part is not part of the user name, and is passed to the local mailer for local use. .)f The .i mailer must be a single word, but the .i host and .i user may be multi-part. If the .i mailer is the builtin IPC mailer, the .i host may be a colon-separated list of hosts that are searched in order for the first working address (exactly like MX records). The .i user is later rewritten by the mailer-specific envelope rewriting set and assigned to the .b $u macro. As a special case, if the mailer specified has the .b F=@ flag specified and the first character of the .b $: value is .q @ , the .q @ is stripped off, and a flag is set in the address descriptor that causes sendmail to not do ruleset 5 processing. .pp Normally, a rule that matches is retried, that is, the rule loops until it fails. A RHS may also be preceded by a .b $@ or a .b $: to change this behavior. A .b $@ prefix causes the ruleset to return with the remainder of the RHS as the value. A .b $: prefix causes the rule to terminate immediately, but the ruleset to continue; this can be used to avoid continued application of a rule. The prefix is stripped before continuing. .pp The .b $@ and .b $: prefixes may precede a .b $> spec; for example: .(b .ta 8n R$+ $: $>7 $1 .)b matches anything, passes that to ruleset seven, and continues; the .b $: is necessary to avoid an infinite loop. .pp Substitution occurs in the order described, that is, parameters from the LHS are substituted, hostnames are canonicalized, .q subroutines are called, and finally .b $# , .b $@ , and .b $: are processed. .sh 3 "Semantics of rewriting rule sets" .pp There are six rewriting sets that have specific semantics. Five of these are related as depicted by figure 1. .(z .hl .ie n \{\ .(c +---+ -->| 0 |-->resolved address / +---+ / +---+ +---+ / ---->| 1 |-->| S |-- +---+ / +---+ / +---+ +---+ \e +---+ addr-->| 3 |-->| D |-- --->| 4 |-->msg +---+ +---+ \e +---+ +---+ / +---+ --->| 2 |-->| R |-- +---+ +---+ .)c .\} -.el .ie !"\*(.T"" \ -\{\ +.el \{\ +.ie !"\*(.T"" \{\ .PS boxwid = 0.3i boxht = 0.3i movewid = 0.3i moveht = 0.3i linewid = 0.3i lineht = 0.3i box invis "addr"; arrow Box3: box "3" A1: arrow BoxD: box "D"; line; L1: Here C: [ C1: arrow; box "1"; arrow; box "S"; line; E1: Here move to C1 down 0.5; right C2: arrow; box "2"; arrow; box "R"; line; E2: Here ] with .w at L1 + (0.5, 0) move to C.e right 0.5 L4: arrow; box "4"; arrow; box invis "msg" line from L1 to C.C1 line from L1 to C.C2 line from C.E1 to L4 line from C.E2 to L4 move to BoxD.n up 0.6; right Box0: arrow; box "0" arrow; box invis "resolved address" width 1.3 line from 1/3 of the way between A1 and BoxD.w to Box0 .PE .\} .el .sp 2i +.\} .ce Figure 1 \*- Rewriting set semantics .(c D \*- sender domain addition S \*- mailer-specific sender rewriting R \*- mailer-specific recipient rewriting .)c .hl .)z .pp Ruleset three should turn the address into .q "canonical form." This form should have the basic syntax: .(b local-part@host-domain-spec .)b Ruleset three is applied by .i sendmail before doing anything with any address. .pp If no .q @ sign is specified, then the host-domain-spec .i may be appended (box .q D in Figure 1) from the sender address (if the .b C flag is set in the mailer definition corresponding to the .i sending mailer). .pp Ruleset zero is applied after ruleset three to addresses that are going to actually specify recipients. It must resolve to a .i "{mailer, host, address}" triple. The .i mailer must be defined in the mailer definitions from the configuration file. The .i host is defined into the .b $h macro for use in the argv expansion of the specified mailer. .pp Rulesets one and two are applied to all sender and recipient addresses respectively. They are applied before any specification in the mailer definition. They must never resolve. .pp Ruleset four is applied to all addresses in the message. It is typically used to translate internal to external form. .pp In addition, ruleset 5 is applied to all local addresses (specifically, those that resolve to a mailer with the `F=5' flag set) that do not have aliases. This allows a last minute hook for local names. .sh 3 "Ruleset hooks" .pp A few extra rulesets are defined as .q hooks that can be defined to get special features. They are all named rulesets. The .q check_* forms all give accept/reject status; falling off the end or returning normally is an accept, and resolving to .b $#error is a reject. Many of these can also resolve to the special mailer name .b $#discard ; this accepts the message as though it were successful but then discards it without delivery. Note, this mailer can not be chosen as a mailer in ruleset 0. .sh 4 "check_relay" .pp The .i check_relay ruleset is called after a connection is accepted by the daemon. It is not called when sendmail is started using the .b \-bs option. It is passed .(b client.host.name $| client.host.address .)b where .b $| is a metacharacter separating the two parts. This ruleset can reject connections from various locations. .sh 4 "check_mail" .pp The .i check_mail ruleset is passed the user name parameter of the .sm "SMTP MAIL" command. It can accept or reject the address. .sh 4 "check_rcpt" .pp The .i check_rcpt ruleset is passed the user name parameter of the .sm "SMTP RCPT" command. It can accept or reject the address. .sh 4 "check_compat" .pp The .i check_compat ruleset is passed .(b sender-address $| recipient-address .)b where .b $| is a metacharacter separating the addresses. It can accept or reject mail transfer between these two addresses much like the .i checkcompat() function. .sh 4 "check_eoh" .pp The .i check_eoh ruleset is passed .(b number-of-headers $| size-of-headers .)b where .b $| is a metacharacter separating the numbers. These numbers can be used for size comparisons with the .b arith map. The ruleset is triggered after all of the headers have been read. It can be used to correlate information gathered from those headers using the .b macro storage map. One possible use is to check for a missing header. For example: .(b .ta 1.5i Kstorage macro HMessage-Id: $>CheckMessageId SCheckMessageId # Record the presence of the header R$* $: $(storage {MessageIdCheck} $@ OK $) $1 R< $+ @ $+ > $@ OK R$* $#error $: 553 Header Error Scheck_eoh # Check the macro R$* $: < $&{MessageIdCheck} > # Clear the macro for the next message R$* $: $(storage {MessageIdCheck} $) $1 # Has a Message-Id: header R< $+ > $@ OK # Allow missing Message-Id: from local mail R$* $: < $&{client_name} > R< > $@ OK R< $=w > $@ OK # Otherwise, reject the mail R$* $#error $: 553 Header Error .)b Keep in mind the Message-Id: header is not a required header and is not a guaranteed spam indicator. This ruleset is an example and should probably not be used in production. .sh 4 "check_etrn" .pp The .i check_etrn ruleset is passed the parameter of the .sm "SMTP ETRN" command. It can accept or reject the command. .sh 4 "check_expn" .pp The .i check_expn ruleset is passed the user name parameter of the .sm "SMTP EXPN" command. It can accept or reject the address. .sh 4 "check_vrfy" .pp The .i check_vrfy ruleset is passed the user name parameter of the .sm "SMTP VRFY" command. It can accept or reject the command. .sh 4 "trust_auth" .pp The .i trust_auth ruleset is passed the AUTH= parameter of the .sm "SMTP MAIL" command. It is used to determine whether this value should be trusted. In order to make this decision, the ruleset may make use of the various .b ${auth_*} macros. If the ruleset does resolve to the .q error mailer the AUTH= parameter is not trusted and hence not passed on to the next relay. .sh 4 "tls_client" .pp The .i tls_client ruleset is called when sendmail acts as server, after a STARTTLS command has been issued, and from .i check_mail. The parameter is the value of .b ${verify} and STARTTLS or MAIL, respectively. If the ruleset does resolve to the .q error mailer, the appropriate error code is returned to the client. .sh 4 "tls_server" .pp The .i tls_server ruleset is called when sendmail acts as client after a STARTTLS command (should) have been issued. The parameter is the value of .b ${verify} . If the ruleset does resolve to the .q error mailer, the connection is aborted (treated as non-deliverable with a permanent or temporary error). .sh 3 "IPC mailers" .pp Some special processing occurs if the ruleset zero resolves to an IPC mailer (that is, a mailer that has .q [IPC] listed as the Path in the .b M configuration line. The host name passed after .q $@ has MX expansion performed if not delivering via a named socket; this looks the name up in DNS to find alternate delivery sites. .pp The host name can also be provided as a dotted quad in square brackets; for example: .(b [128.32.149.78] .)b This causes direct conversion of the numeric value to an IP host address. .pp The host name passed in after the .q $@ may also be a colon-separated list of hosts. Each is separately MX expanded and the results are concatenated to make (essentially) one long MX list. The intent here is to create .q fake MX records that are not published in DNS for private internal networks. .pp As a final special case, the host name can be passed in as a text string in square brackets: .(b [ucbvax.berkeley.edu] .)b This form avoids the MX mapping. .b N.B.: .i This is intended only for situations where you have a network firewall or other host that will do special processing for all your mail, so that your MX record points to a gateway machine; this machine could then do direct delivery to machines within your local domain. Use of this feature directly violates RFC 1123 section 5.3.5: it should not be used lightly. .r .sh 2 "D \*- Define Macro" .pp Macros are named with a single character or with a word in {braces}. The names ``x'' and ``{x}'' denote the same macro for every single character ``x''. Single character names may be selected from the entire ASCII set, but user-defined macros should be selected from the set of upper case letters only. Lower case letters and special symbols are used internally. Long names beginning with a lower case letter or a punctuation character are reserved for use by sendmail, so user-defined long macro names should begin with an upper case letter. .pp The syntax for macro definitions is: .(b F .b D \c .i x\|val .)b where .i x is the name of the macro (which may be a single character or a word in braces) and .i val is the value it should have. There should be no spaces given that do not actually belong in the macro value. .pp Macros are interpolated using the construct .b $ \c .i x , where .i x is the name of the macro to be interpolated. This interpolation is done when the configuration file is read, except in .b M lines. The special construct .b $& \c .i x can be used in .b R lines to get deferred interpolation. .pp Conditionals can be specified using the syntax: .(b $?x text1 $| text2 $. .)b This interpolates .i text1 if the macro .b $x is set and non-null, and .i text2 otherwise. The .q else (\c .b $| ) clause may be omitted. .pp Lower case macro names are reserved to have special semantics, used to pass information in or out of .i sendmail , and special characters are reserved to provide conditionals, etc. Upper case names (that is, .b $A through .b $Z ) are specifically reserved for configuration file authors. .pp The following macros are defined and/or used internally by .i sendmail for interpolation into argv's for mailers or for other contexts. The ones marked \(dg are information passed into sendmail\**, .(f \**As of version 8.6, all of these macros have reasonable defaults. Previous versions required that they be defined. .)f the ones marked \(dd are information passed both in and out of sendmail, and the unmarked macros are passed out of sendmail but are not otherwise used internally. These macros are: .nr ii 5n .ip $a The origination date in RFC 822 format. This is extracted from the Date: line. .ip $b The current date in RFC 822 format. .ip $c The hop count. This is a count of the number of Received: lines plus the value of the .b \-h command line flag. .ip $d The current date in UNIX (ctime) format. .ip $e\(dg (Obsolete; use SmtpGreetingMessage option instead.) The SMTP entry message. This is printed out when SMTP starts up. The first word must be the .b $j macro as specified by RFC821. Defaults to .q "$j Sendmail $v ready at $b" . Commonly redefined to include the configuration version number, e.g., .q "$j Sendmail $v/$Z ready at $b" .ip $f The envelope sender (from) address. .ip $g The sender address relative to the recipient. For example, if .b $f is .q foo , .b $g will be .q host!foo , .q foo@host.domain , or whatever is appropriate for the receiving mailer. .ip $h The recipient host. This is set in ruleset 0 from the $@ field of a parsed address. .ip $i The queue id, e.g., .q HAA12345 . .ip $j\(dd The \*(lqofficial\*(rq domain name for this site. This is fully qualified if the full qualification can be found. It .i must be redefined to be the fully qualified domain name if your system is not configured so that information can find it automatically. .ip $k The UUCP node name (from the uname system call). .ip $l\(dg (Obsolete; use UnixFromLine option instead.) The format of the UNIX from line. Unless you have changed the UNIX mailbox format, you should not change the default, which is .q "From $g $d" . .ip $m The domain part of the \fIgethostname\fP return value. Under normal circumstances, .b $j is equivalent to .b $w.$m . .ip $n\(dg The name of the daemon (for error messages). Defaults to .q MAILER-DAEMON . .ip $o\(dg (Obsolete: use OperatorChars option instead.) The set of \*(lqoperators\*(rq in addresses. A list of characters which will be considered tokens and which will separate tokens when doing parsing. For example, if .q @ were in the .b $o macro, then the input .q a@b would be scanned as three tokens: .q a, .q @, and .q b. Defaults to .q ".:@[]" , which is the minimum set necessary to do RFC 822 parsing; a richer set of operators is .q ".:%@!/[]" , which adds support for UUCP, the %-hack, and X.400 addresses. .ip $p Sendmail's process id. .ip $q\(dg Default format of sender address. The .b $q macro specifies how an address should appear in a message when it is defaulted. Defaults to .q "<$g>" . It is commonly redefined to be .q "$?x$x <$g>$|$g$." or .q "$g$?x ($x)$." , corresponding to the following two formats: .(b Eric Allman eric@CS.Berkeley.EDU (Eric Allman) .)b .i Sendmail properly quotes names that have special characters if the first form is used. .ip $r Protocol used to receive the message. Set from the .b \-p command line flag or by the SMTP server code. .ip $s Sender's host name. Set from the .b \-p command line flag or by the SMTP server code. .ip $t A numeric representation of the current time. .ip $u The recipient user. .ip $v The version number of the .i sendmail binary. .ip $w\(dd The hostname of this site. This is the root name of this host (but see below for caveats). .ip $x The full name of the sender. .ip $z The home directory of the recipient. .ip $_ The validated sender address. .ip ${auth_authen} The client's authentication credentials as determined by authentication (only set if successful). .ip ${auth_author} The authorization identity, i.e. the AUTH= parameter of the .sm "SMTP MAIL" command if supplied. .ip ${auth_type} The mechanism used for authentication (only set if successful). .ip ${auth_ssf} The keylength (in bits) of the symmetric encryption algorithm used for the security layer of a SASL mechanism. .ip ${bodytype} The message body type (7BIT or 8BITMIME), as determined from the envelope. .ip ${cert_issuer} The DN (distinguished name) of the CA (certificate authority) that signed the presented certificate (the cert issuer). .ip ${cert_subject} The DN of the presented certificate (called the cert subject). .ip ${cipher} The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA. .ip ${cipher_bits} The keylength (in bits) of the symmetric encryption algorithm used for a TLS connection. .ip ${client_addr} The IP address of the SMTP client. Defined in the SMTP server only. .ip ${client_name} The host name of the SMTP client. This may be the client's bracketed IP address in the form [ nnn.nnn.nnn.nnn ] if the client's -IP address is not resolvable, or if the resolved -name doesn't match ${client_name}. +IP address is not resolvable, or if it is resolvable +but the IP address of the resolved hostname +doesn't match the original IP address. Defined in the SMTP server only. .ip ${client_port} The port number of the SMTP client. Defined in the SMTP server only. .ip ${client_resolve} Holds the result of the resolve call for .b ${client_name} : OK, FAIL, FORGED, TEMP. Defined in the SMTP server only. .ip ${currHeader} Header value as quoted string (possibly truncated to .b MAXNAME ). .ip ${daemon_addr} The IP address the daemon is listening on for connections. Unless .b DaemonPortOptions is set, this will be .q 0.0.0.0 . .ip ${daemon_family} The network family if the daemon is accepting network connections. Possible values include .q inet , .q inet6 , .q iso , .q ns , .q x.25 .ip ${daemon_flags} The flags for the daemon as specified by the Modifier= part of .b DaemonPortOptions whereby the flags are separated from each other by spaces, and upper case flags are doubled. That is, Modifier=Ea will be represented as "EE a" in .b ${daemon_flags} , which is required for testing the flags in rulesets. .ip ${daemon_info} Some information about a daemon as a text string. For example, .q SMTP+queueing@00:30:00 . .ip ${daemon_name} The name of the daemon from .b DaemonPortOptions Name= suboption. If this suboption is not set, "Daemon#", where # is the daemon number, is used. .ip ${daemon_port} The port the daemon is accepting connection on. Unless .b DaemonPortOptions is set, this will most likely be .q 25 . .ip ${deliveryMode} The current delivery mode sendmail is using. It is initially set to the value of the .b DeliveryMode option. .ip ${envid} The envelope id passed to sendmail as part of the envelope. .ip ${hdrlen} The length of the header value which is stored in ${currHeader} (before possible truncation). If this value is greater than or equal .b MAXNAME the header has been truncated. .ip ${hdr_name} The name of the header field for which the current header check ruleset has been called. This is useful for a default header check ruleset to get the name of the header. .ip ${if_addr} The IP address of the interface of an incoming connection unless it is in the loopback net. .ip ${if_family} The IP family of the interface of an incoming connection unless it is in the loopback net. .ip ${if_name} The name of the interface of an incoming connection. This macro can be used for SmtpGreetingMessage and HReceived for virtual hosting. For example: .(b O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA .)b .ip ${mail_addr} The address part of the resolved triple of the address given for the .sm "SMTP MAIL" command. Defined in the SMTP server only. .ip ${mail_host} The host from the resolved triple of the address given for the .sm "SMTP MAIL" command. Defined in the SMTP server only. .ip ${mail_mailer} The mailer from the resolved triple of the address given for the .sm "SMTP MAIL" command. Defined in the SMTP server only. .ip ${msg_size} The value of the SIZE= parameter, i.e., usually the size of the message (in an ESMTP dialogue), before the message has been collected, thereafter the message size as computed by .i sendmail (and can be used in check_compat). .ip ${ntries} The number of delivery attempts. .ip ${opMode} The current operation mode (from the .b \-b flag). .ip ${queue_interval} The queue run interval given by the .b \-q flag. For example, .b \-q30m would set .b ${queue_interval} to .q 00:30:00 . .ip ${rcpt_addr} The address part of the resolved triple of the address given for the .sm "SMTP RCPT" command. Defined in the SMTP server only. .ip ${rcpt_host} The host from the resolved triple of the address given for the .sm "SMTP RCPT" command. Defined in the SMTP server only. .ip ${rcpt_mailer} The mailer from the resolved triple of the address given for the .sm "SMTP RCPT" command. Defined in the SMTP server only. .ip ${server_addr} The address of the server of the current outgoing SMTP connection. .ip ${server_name} The name of the server of the current outgoing SMTP connection. .ip ${tls_version} The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2. .ip ${verify} The result of the verification of the presented cert. Possible values are: .(b .ta 9n OK verification succeeded. NO no cert presented. FAIL cert presented but could not be verified, e.g., the signing CA is missing. NONE STARTTLS has not been performed. TEMP temporary error occurred. PROTOCOL some protocol error occurred. SOFTWARE STARTTLS handshake failed. .)b .pp There are three types of dates that can be used. The .b $a and .b $b macros are in RFC 822 format; .b $a is the time as extracted from the .q Date: line of the message (if there was one), and .b $b is the current date and time (used for postmarks). If no .q Date: line is found in the incoming message, .b $a is set to the current time also. The .b $d macro is equivalent to the .b $b macro in UNIX (ctime) format. .pp The macros .b $w , .b $j , and .b $m are set to the identity of this host. .i Sendmail tries to find the fully qualified name of the host if at all possible; it does this by calling .i gethostname (2) to get the current hostname and then passing that to .i gethostbyname (3) which is supposed to return the canonical version of that host name.\** .(f \**For example, on some systems .i gethostname might return .q foo which would be mapped to .q foo.bar.com by .i gethostbyname . .)f Assuming this is successful, .b $j is set to the fully qualified name and .b $m is set to the domain part of the name (everything after the first dot). The .b $w macro is set to the first word (everything before the first dot) if you have a level 5 or higher configuration file; otherwise, it is set to the same value as .b $j . If the canonification is not successful, it is imperative that the config file set .b $j to the fully qualified domain name\**. .(f \**Older versions of sendmail didn't pre-define .b $j at all, so up until 8.6, config files .i always had to define .b $j . .)f .pp The .b $f macro is the id of the sender as originally determined; when mailing to a specific host the .b $g macro is set to the address of the sender .ul relative to the recipient. For example, if I send to .q bollard@matisse.CS.Berkeley.EDU from the machine .q vangogh.CS.Berkeley.EDU the .b $f macro will be .q eric and the .b $g macro will be .q eric@vangogh.CS.Berkeley.EDU. .pp The .b $x macro is set to the full name of the sender. This can be determined in several ways. It can be passed as flag to .i sendmail . It can be defined in the .sm NAME environment variable. The third choice is the value of the .q Full-Name: line in the header if it exists, and the fourth choice is the comment field of a .q From: line. If all of these fail, and if the message is being originated locally, the full name is looked up in the .i /etc/passwd file. .pp When sending, the .b $h , .b $u , and .b $z macros get set to the host, user, and home directory (if local) of the recipient. The first two are set from the .b $@ and .b $: part of the rewriting rules, respectively. .pp The .b $p and .b $t macros are used to create unique strings (e.g., for the .q Message-Id: field). The .b $i macro is set to the queue id on this host; if put into the timestamp line it can be extremely useful for tracking messages. The .b $v macro is set to be the version number of .i sendmail ; this is normally put in timestamps and has been proven extremely useful for debugging. .pp The .b $c field is set to the .q "hop count," i.e., the number of times this message has been processed. This can be determined by the .b \-h flag on the command line or by counting the timestamps in the message. .pp The .b $r and .b $s fields are set to the protocol used to communicate with .i sendmail and the sending hostname. They can be set together using the .b \-p command line flag or separately using the .b \-M or .b \-oM flags. .pp The .b $_ is set to a validated sender host name. If the sender is running an RFC 1413 compliant IDENT server and the receiver has the IDENT protocol turned on, it will include the user name on that host. .pp The .b ${client_name} , .b ${client_addr} , and .b ${client_port} macros are set to the name, address, and port number of the SMTP client who is invoking .i sendmail as a server. These can be used in the .i check_* rulesets (using the .b $& deferred evaluation form, of course!). .sh 2 "C and F \*- Define Classes" .pp Classes of phrases may be defined to match on the left hand side of rewriting rules, where a .q phrase is a sequence of characters that does not contain space characters. For example a class of all local names for this site might be created so that attempts to send to oneself can be eliminated. These can either be defined directly in the configuration file or read in from another file. Classes are named as a single letter or a word in {braces}. Class names beginning with lower case letters and special characters are reserved for system use. Classes defined in config files may be given names from the set of upper case letters for short names or beginning with an upper case letter for long names. .pp The syntax is: .(b F .b C \c .i c\|phrase1 .i phrase2... .br .b F \c .i c\|file .)b The first form defines the class .i c to match any of the named words. If .i phrase1 or .i phrase2 is another class, e.g., .i $=S , the contents of class .i S are added to class .i c . It is permissible to split them among multiple lines; for example, the two forms: .(b CHmonet ucbmonet .)b and .(b CHmonet CHucbmonet .)b are equivalent. The ``F'' form reads the elements of the class .i c from the named .i file . Each element should be listed on a separate line. To specify an optional file, use ``-o'' between the class name and the file name, e.g., .(b Fc -o /path/to/file .)b If the file can't be used, .i sendmail will not complain but silently ignore it. .pp Elements of classes can be accessed in rules using .b $= or .b $~ . The .b $~ (match entries not in class) only matches a single word; multi-word entries in the class are ignored in this context. .pp Some classes have internal meaning to .i sendmail : .nr ii 0.5i .\".ip $=b .\"A set of Content-Types that will not have the newline character .\"translated to CR-LF before encoding into base64 MIME. .\"The class can have major times .\"(e.g., .\".q image ) .\"or full types .\"(such as .\".q application/octet-stream ). .\"The class is initialized with .\".q application/octet-stream , .\".q image , .\".q audio , .\"and .\".q video . .ip $=e contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded. It is predefined to contain .q 7bit , .q 8bit , and .q binary . .ip $=k set to be the same as .b $k , that is, the UUCP node name. .ip $=m set to the set of domains by which this host is known, initially just .b $m . .ip $=n can be set to the set of MIME body types that can never be eight to seven bit encoded. It defaults to .q multipart/signed . Message types .q message/* and .q multipart/* are never encoded directly. Multipart messages are always handled recursively. The handling of message/* messages are controlled by class .b $=s . .ip $=q A set of Content-Types that will never be encoded as base64 (if they have to be encoded, they will be encoded as quoted-printable). It can have primary types (e.g., .q text ) or full types (such as .q text/plain ). The class is initialized to have .q text/plain only. .ip $=s contains the set of subtypes of message that can be treated recursively. By default it contains only .q rfc822 . Other .q message/* types cannot be 8\(->7 bit encoded. If a message containing eight bit data is sent to a seven bit host, and that message cannot be encoded into seven bits, it will be stripped to 7 bits. .ip $=t set to the set of trusted users by the .b T configuration line. If you want to read trusted users from a file, use .b Ft \c .i /file/name . .ip $=w set to be the set of all names this host is known by. This can be used to match local hostnames. .ip $={persistentMacros} set to the macros would should be saved across queue runs. Care should be taken when adding macro names to this class. .pp .i Sendmail can be compiled to allow a .i scanf (3) string on the .b F line. This lets you do simplistic parsing of text files. For example, to read all the user names in your system .i /etc/passwd file into a class, use .(b FL/etc/passwd %[^:] .)b which reads every line up to the first colon. .sh 2 "M \*- Define Mailer" .pp Programs and interfaces to mailers are defined in this line. The format is: .(b F .b M \c .i name , {\c .i field =\c .i value \|}* .)b where .i name is the name of the mailer (used internally only) and the .q field=name pairs define attributes of the mailer. Fields are: .(b .ta 1i Path The pathname of the mailer Flags Special flags for this mailer Sender Rewriting set(s) for sender addresses Recipient Rewriting set(s) for recipient addresses Argv An argument vector to pass to this mailer Eol The end-of-line string for this mailer Maxsize The maximum message length to this mailer maxmessages The maximum message deliveries per connection Linelimit The maximum line length in the message body Directory The working directory for the mailer Userid The default user and group id to run as Nice The nice(2) increment for the mailer Charset The default character set for 8-bit characters Type Type information for DSN diagnostics Wait The maximum time to wait for the mailer / The root directory for the mailer .)b Only the first character of the field name is checked. .pp The following flags may be set in the mailer description. Any other flags may be used freely to conditionally assign headers to messages destined for particular mailers. Flags marked with \(dg are not interpreted by the .i sendmail binary; these are the conventionally used to correlate to the flags portion of the .b H line. Flags marked with \(dd apply to the mailers for the sender address rather than the usual recipient mailers. .nr ii 4n .ip a Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870). This flag defaults on if the SMTP greeting message includes the word .q ESMTP . .ip A Look up the user part of the address in the alias database. Normally this is only set for local mailers. .ip b Force a blank line on the end of a message. This is intended to work around some stupid versions of /bin/mail that require a blank line, but do not provide it themselves. It would not normally be used on network mail. .ip c Do not include comments in addresses. This should only be used if you have to work around a remote mailer that gets confused by comments. This strips addresses of the form .q "Phrase
" or .q "address (Comment)" down to just .q address . .ip C\(dd If mail is .i received from a mailer with this flag set, any addresses in the header that do not have an at sign (\c .q @ ) after being rewritten by ruleset three will have the .q @domain clause from the sender envelope address tacked on. This allows mail with headers of the form: .(b From: usera@hosta To: userb@hostb, userc .)b to be rewritten as: .(b From: usera@hosta To: userb@hostb, userc@hosta .)b automatically. However, it doesn't really work reliably. .ip d Do not include angle brackets around route-address syntax addresses. This is useful on mailers that are going to pass addresses to a shell that might interpret angle brackets as I/O redirection. However, it does not protect against other shell metacharacters. Therefore, passing addresses to a shell should not be considered secure. .ip D\(dg This mailer wants a .q Date: header line. .ip e This mailer is expensive to connect to, so try to avoid connecting normally; any necessary connection will occur during a queue run. See also option .b HoldExpensive . .ip E Escape lines beginning with .q From\0 in the message with a `>' sign. .ip f The mailer wants a .b \-f .i from flag, but only if this is a network forward operation (i.e., the mailer will give an error if the executing user does not have special permissions). .ip F\(dg This mailer wants a .q From: header line. .ip g Normally, .i sendmail sends internally generated email (e.g., error messages) using the null return address as required by RFC 1123. However, some mailers don't accept a null return address. If necessary, you can set the .b g flag to prevent .i sendmail from obeying the standards; error messages will be sent as from the MAILER-DAEMON (actually, the value of the .b $n macro). .ip h Upper case should be preserved in host names (the $@ portion of the mailer triplet resolved from ruleset 0) for this mailer. .ip i Do User Database rewriting on envelope sender address. .ip I This mailer will be speaking SMTP to another .i sendmail \*- as such it can use special protocol features. This option is not required (i.e., if this option is omitted the transmission will still operate successfully, although perhaps not as efficiently as possible). .ip j Do User Database rewriting on recipients as well as senders. .ip k Normally when .i sendmail connects to a host via SMTP, it checks to make sure that this isn't accidently the same host name as might happen if .i sendmail is misconfigured or if a long-haul network interface is set in loopback mode. This flag disables the loopback check. It should only be used under very unusual circumstances. .ip K Currently unimplemented. Reserved for chunking. .ip l This mailer is local (i.e., final delivery will be performed). .ip L Limit the line lengths as specified in RFC821. This deprecated option should be replaced by the .b L= mail declaration. For historic reasons, the .b L flag also sets the .b 7 flag. .ip m This mailer can send to multiple users on the same host in one transaction. When a .b $u macro occurs in the .i argv part of the mailer definition, that field will be repeated as necessary for all qualifying users. Removing this flag can defeat duplicate supression on a remote site as each recipient is sent in a separate transaction. .ip M\(dg This mailer wants a .q Message-Id: header line. .ip n Do not insert a UNIX-style .q From line on the front of the message. .ip o Always run as the owner of the recipient mailbox. Normally .i sendmail runs as the sender for locally generated mail or as .q daemon (actually, the user specified in the .b u option) when delivering network mail. The normal behavior is required by most local mailers, which will not allow the envelope sender address to be set unless the mailer is running as daemon. This flag is ignored if the .b S flag is set. .ip p Use the route-addr style reverse-path in the SMTP .q "MAIL FROM:" command rather than just the return address; although this is required in RFC821 section 3.1, many hosts do not process reverse-paths properly. Reverse-paths are officially discouraged by RFC 1123. .ip P\(dg This mailer wants a .q Return-Path: line. .ip q When an address that resolves to this mailer is verified (SMTP VRFY command), generate 250 responses instead of 252 responses. This will imply that the address is local. .ip r Same as .b f , but sends a .b \-r flag. .ip R Open SMTP connections from a .q secure port. Secure ports aren't (secure, that is) except on UNIX machines, so it is unclear that this adds anything. .ip s Strip quote characters (" and \e) off of the address before calling the mailer. .ip S Don't reset the userid before calling the mailer. This would be used in a secure environment where .i sendmail ran as root. This could be used to avoid forged addresses. If the .b U= field is also specified, this flag causes the effective user id to be set to that user. .ip u Upper case should be preserved in user names for this mailer. Standards require preservation of case in the local part of addresses, except for those address for which your system accepts responsibility. .ip U This mailer wants UUCP-style .q From lines with the ugly .q "remote from " on the end. .ip w The user must have a valid account on this machine, i.e., getpwnam must succeed. If not, the mail is bounced. This is required to get .q \&.forward capability. .ip x\(dg This mailer wants a .q Full-Name: header line. .ip X This mailer want to use the hidden dot algorithm as specified in RFC821; basically, any line beginning with a dot will have an extra dot prepended (to be stripped at the other end). This insures that lines in the message containing a dot will not terminate the message prematurely. .ip z Run Local Mail Transfer Protocol (LMTP) between .i sendmail and the local mailer. This is a variant on SMTP defined in RFC 2033 that is specifically designed for delivery to a local mailbox. .ip 0 Don't look up MX records for hosts sent via SMTP. .ip 3 Extend the list of characters converted to =XX notation when converting to Quoted-Printable to include those that don't map cleanly between ASCII and EBCDIC. Useful if you have IBM mainframes on site. .ip 5 If no aliases are found for this address, pass the address through ruleset 5 for possible alternate resolution. This is intended to forward the mail to an alternate delivery spot. .ip 6 Strip headers to seven bits. .ip 7 Strip all output to seven bits. This is the default if the .b L flag is set. Note that clearing this option is not sufficient to get full eight bit data passed through .i sendmail . If the .b 7 option is set, this is essentially always set, since the eighth bit was stripped on input. Note that this option will only impact messages that didn't have 8\(->7 bit MIME conversions performed. .ip 8 If set, it is acceptable to send eight bit data to this mailer; the usual attempt to do 8\(->7 bit MIME conversions will be bypassed. .ip 9 If set, do .i limited 7\(->8 bit MIME conversions. These conversions are limited to text/plain data. .ip : Check addresses to see if they begin .q :include: ; if they do, convert them to the .q *include* mailer. .ip | Check addresses to see if they begin with a `|'; if they do, convert them to the .q prog mailer. .ip / Check addresses to see if they begin with a `/'; if they do, convert them to the .q *file* mailer. .ip @ Look up addresses in the user database. .ip % Do not attempt delivery on initial recipient of a message or on queue runs unless the queued message is selected using one of the -qI/-qR/-qS queue run modifiers or an ETRN request. .pp Configuration files prior to level 6 assume the `A', `w', `5', `:', `|', `/', and `@' options on the mailer named .q local . .pp The mailer with the special name .q error can be used to generate a user error. The (optional) host field is an exit status to be returned, and the user field is a message to be printed. The exit status may be numeric or one of the values USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG to return the corresponding EX_ exit code, or an enhanced error code as described in RFC 1893, .ul Enhanced Mail System Status Codes. For example, the entry: .(b $#error $@ NOHOST $: Host unknown in this domain .)b on the RHS of a rule will cause the specified error to be generated and the .q "Host unknown" exit status to be returned if the LHS matches. This mailer is only functional in rulesets 0, 5, or one of the check_* rulesets. .pp The mailer with the special name .q discard causes any mail sent to it to be discarded but otherwise treated as though it were successfully delivered. This mailer can not be used in ruleset 0, only in the various address checking rulesets. .pp The mailer named .q local .i must be defined in every configuration file. This is used to deliver local mail, and is treated specially in several ways. Additionally, three other mailers named .q prog , .q *file* , and .q *include* may be defined to tune the delivery of messages to programs, files, and :include: lists respectively. They default to: .(b Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u M*include*, P=/dev/null, F=su, A=INCLUDE $u .)b .pp The Sender and Recipient rewriting sets may either be a simple ruleset id or may be two ids separated by a slash; if so, the first rewriting set is applied to envelope addresses and the second is applied to headers. Setting any value zero disables corresponding mailer-specific rewriting. .pp The Directory is actually a colon-separated path of directories to try. For example, the definition .q D=$z:/ first tries to execute in the recipient's home directory; if that is not available, it tries to execute in the root of the filesystem. This is intended to be used only on the .q prog mailer, since some shells (such as .i csh ) refuse to execute if they cannot read the home directory. Since the queue directory is not normally readable by unprivileged users .i csh scripts as recipients can fail. .pp The Userid specifies the default user and group id to run as, overriding the .b DefaultUser option (q.v.). If the .b S mailer flag is also specified, this user and group will be set as the effective uid and gid for the process. This may be given as .i user:group to set both the user and group id; either may be an integer or a symbolic name to be looked up in the .i passwd and .i group files respectively. If only a symbolic user name is specified, the group id in the .i passwd file for that user is used as the group id. .pp The Charset field is used when converting a message to MIME; this is the character set used in the Content-Type: header. If this is not set, the .b DefaultCharset option is used, and if that is not set, the value .q unknown-8bit is used. .b WARNING: this field applies to the sender's mailer, not the recipient's mailer. For example, if the envelope sender address lists an address on the local network and the recipient is on an external network, the character set will be set from the Charset= field for the local network mailer, not that of the external network mailer. .pp The Type= field sets the type information used in MIME error messages as defined by RFC 1894. It is actually three values separated by slashes: the MTA-type (that is, the description of how hosts are named), the address type (the description of e-mail addresses), and the diagnostic type (the description of error diagnostic codes). Each of these must be a registered value or begin with .q X\- . The default is .q dns/rfc822/smtp . .pp The m= field specifies the maximum number of messages to attempt to deliver on a single SMTP or LMTP connection. .pp The /= field specifies a new root directory for the mailer. The path is macro expanded and then passed to the .q chroot system call. The root directory is changed before the Directory field is consulted or the uid is changed. .pp The Wait= field specifies the maximum time to wait for the mailer to return after sending all data to it. This applies to mailers that have been forked by .i sendmail . .sh 2 "H \*- Define Header" .pp The format of the header lines that .i sendmail inserts into the message are defined by the .b H line. The syntax of this line is one of the following: .(b F .b H \c .i hname \c .b : .i htemplate .)b .(b F .b H [\c .b ? \c .i mflags \c .b ? \c .b ]\c .i hname \c .b : .i htemplate .)b .(b F .b H [\c .b ? \c .i ${macro} \c .b ? \c .b ]\c .i hname \c .b : .i htemplate .)b Continuation lines in this spec are reflected directly into the outgoing message. The .i htemplate is macro-expanded before insertion into the message. If the .i mflags (surrounded by question marks) are specified, at least one of the specified flags must be stated in the mailer definition for this header to be automatically output. If a .i ${macro} (surrounded by question marks) is specified, the header will be automatically output if the macro is set. The macro may be set using any of the normal methods, including using the .b macro storage map in a ruleset. If one of these headers is in the input it is reflected to the output regardless of these flags or macros. .pp Some headers have special semantics that will be described later. .pp A secondary syntax allows validation of headers as they are being read. To enable validation, use: .(b .b H \c .i Header \c .b ": $>" \c .i Ruleset .b H \c .i Header \c .b ": $>+" \c .i Ruleset .)b The indicated .i Ruleset is called for the specified .i Header , and can return .b $#error to reject the message or .b $#discard to discard the message (as with the other .b check_ * rulesets). The ruleset receives the header field-body as argument, i.e., not the header field-name; see also ${hdr_name} and ${currHeader}. The header is treated as a structured field, that is, comments (in parentheses) are deleted before processing, unless the second form .b $>+ is used. +Note: only one ruleset can be associated with a header; +.i sendmail +will silently ignore multiple entries. .pp For example, the configuration lines: .(b HMessage-Id: $>CheckMessageId SCheckMessageId R< $+ @ $+ > $@ OK R$* $#error $: Illegal Message-Id header .)b would refuse any message that had a Message-Id: header of any of the following forms: .(b Message-Id: <> Message-Id: some text Message-Id: extra crud .)b A default ruleset that is called for headers which don't have a specific ruleset defined for them can be specified by: .(b .b H \c .i * \c .b ": $>" \c .i Ruleset .)b or .(b .b H \c .i * \c .b ": $>+" \c .i Ruleset .)b .sh 2 "O \*- Set Option" .pp There are a number of global options that can be set from a configuration file. Options are represented by full words; some are also representable as single characters for back compatibility. The syntax of this line is: .(b F .b O \0 .i option \c .b = \c .i value .)b This sets option .i option to be .i value . Note that there .i must be a space between the letter `O' and the name of the option. An older version is: .(b F .b O \c .i o\|value .)b where the option .i o is a single character. Depending on the option, .i value may be a string, an integer, a boolean (with legal values .q t , .q T , .q f , or .q F ; the default is TRUE), or a time interval. .pp The options supported (with the old, one character names in brackets) are: .nr ii 1i .ip "AliasFile=\fIspec, spec, ...\fP" [A] Specify possible alias file(s). Each .i spec should be in the format ``\c .i class \c .b : .i file '' where .i class \c .b : is optional and defaults to ``implicit''. Depending on how .i sendmail is compiled, valid classes are .q implicit (search through a compiled-in list of alias file types, for back compatibility), .q hash (if .sm NEWDB is specified), .q dbm (if .sm NDBM is specified), .q stab (internal symbol table \*- not normally used unless you have no other database lookup), or .q nis (if .sm NIS is specified). If a list of .i spec s are provided, .i sendmail searches them in order. .ip AliasWait=\fItimeout\fP [a] If set, wait up to .i timeout (units default to minutes) for an .q @:@ entry to exist in the alias database before starting up. If it does not appear in the .i timeout interval rebuild the database (if the .b AutoRebuildAliases option is also set) or issue a warning. .ip AllowBogusHELO [no short name] If set, allow HELO SMTP commands that don't include a host name. Setting this violates RFC 1123 section 5.2.5, but is necessary to interoperate with several SMTP clients. If there is a value, it is still checked for legitimacy. .ip AuthMechanisms [no short name] List of authentication mechanisms for AUTH (separated by spaces). The advertised list of authentication mechanisms will be the intersection of this list and the list of available mechanisms as determined by the Cyrus SASL library. .ip AuthOptions [no short name] When to use the AUTH= parameter for the MAIL FROM command; .(b .ta 1i A Only when authentication succeeded. .)b The default is to try whenever SMTP AUTH is available. .ip AutoRebuildAliases [D] If set, rebuild the alias database if necessary and possible. The rebuild will happen the next time an alias is looked up. If this option is not set, .i sendmail will never rebuild the alias database unless explicitly requested using .b \-bi . .b NOTE : There is a potential for a denial of service attack if this is set. This option is deprecated and will be removed from a future version. .ip BlankSub=\fIc\fP [B] Set the blank substitution character to .i c . Unquoted spaces in addresses are replaced by this character. Defaults to space (i.e., no change is made). .ip CACERTPath [no short name] Path to directory with certificates of CAs. .ip CACERTFile [no short name] File containing one CA certificate. .ip CheckAliases [n] Validate the RHS of aliases when rebuilding the alias database. .ip CheckpointInterval=\fIN\fP [C] Checkpoints the queue every .i N (default 10) addresses sent. If your system crashes during delivery to a large list, this prevents retransmission to any but the last -.I N +.i N recipients. .ip ClassFactor=\fIfact\fP [z] The indicated .i fact or is multiplied by the message class (determined by the Precedence: field in the user header and the .b P lines in the configuration file) and subtracted from the priority. Thus, messages with a higher Priority: will be favored. Defaults to 1800. .ip ClientCertFile [no short name] File containing the certificate of the client, i.e., this certificate is used when sendmail acts as client. .ip ClientPortOptions=\fIoptions\fP [O] Set client SMTP options. The options are .i key=value pairs separated by commas. Known keys are: .(b .ta 1i Port Name/number of source port for connection (defaults to any free port) Addr Address mask (defaults INADDR_ANY) Family Address family (defaults to INET) SndBufSize Size of TCP send buffer RcvBufSize Size of TCP receive buffer Modifier Options (flags) for the daemon .)b The .i Addr ess mask may be a numeric address in dot notation or a network name. .i Modifier can be the following character: .(b .ta 1i h use name of interface for HELO command .)b If ``h'' is set, the name corresponding to the outgoing interface address (whether chosen via the Connection parameter or the default) is used for the HELO/EHLO command. .ip ClientKeyFile [no short name] File containing the private key belonging to the client certificate. .ip ColonOkInAddr [no short name] If set, colons are acceptable in e-mail addresses (e.g., .q host:user ). If not set, colons indicate the beginning of a RFC 822 group construct (\c .q "groupname: member1, member2, ... memberN;" ). Doubled colons are always acceptable (\c .q nodename::user ) and proper route-addr nesting is understood (\c .q <@relay:user@host> ). Furthermore, this option defaults on if the configuration version level is less than 6 (for back compatibility). However, it must be off for full compatibility with RFC 822. .ip ConnectionCacheSize=\fIN\fP [k] The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of .i sendmail needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a practical maximum. .ip ConnectionCacheTimeout=\fItimeout\fP [K] The maximum amount of time a cached connection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed. This value should be small (on the order of ten minutes). Before .i sendmail uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up excessive resources on the other end. The default is five minutes. .ip ConnectOnlyTo=\fIaddress\fP [no short name] This can be used to override the connection address (for testing purposes). .ip ConnectionRateThrottle=\fIN\fP [no short name] If set to a positive value, allow no more than .i N incoming daemon connections in a one second period. This is intended to flatten out peaks and allow the load average checking to cut in. Defaults to zero (no limits). .ip ControlSocketName=\fIname\fP [no short name] Name of the control socket for daemon management. A running .i sendmail daemon can be controlled through this named socket. Available commands are: .i help, .i restart, .i shutdown, and .i status. The .i status command returns the current number of daemon children, the maximum number of daemon children, the free disk space (in blocks) of the queue directory, and the load average of the machine expressed as an integer. If not set, no control socket will be available. Solaris and pre-4.4BSD kernel users should see the note in sendmail/README . .ip DHParameters File with DH parameters for STARTTLS. This is only required if DSA/DH is used. .ip DaemonPortOptions=\fIoptions\fP [O] Set server SMTP options. Each instance of DaemonPortOptions leads to an additional incoming socket. The options are .i key=value pairs. Known keys are: .(b .ta 1i Name User-definable name for the daemon (defaults to "Daemon#") Port Name/number of listening port (defaults to "smtp") Addr Address mask (defaults INADDR_ANY) Family Address family (defaults to INET) Listen Size of listen queue (defaults to 10) Modifier Options (flags) for the daemon SndBufSize Size of TCP send buffer RcvBufSize Size of TCP receive buffer .)b The .i Name field is used for error messages and logging. The .i Addr ess mask may be a numeric address in dot notation or a network name. The .i Family key defaults to INET (IPv4). IPv6 users who wish to also accept IPv6 connections should add additional Family=inet6 DaemonPortOptions lines. .i Modifier can be a sequence (without any delimiters) of the following characters: .(b .ta 1i a always require authentication b bind to interface through which mail has been received c perform hostname canonification (.cf) f require fully qualified hostname (.cf) u allow unqualified addresses (.cf) C don't perform hostname canonification E disallow ETRN (see RFC 2476) .)b That is, one way to specify a message submission agent (MSA) that always requires authentication is: .(b O DaemonPortOptions=Name=MSA, Port=587, M=Ea .)b The modifiers that are marked with "(.cf)" have only effect in the standard configuration file, in which they are available via .b ${daemon_flags} . The flags ``c'' and ``C'' can change the default for hostname canonification in the .i sendmail.cf file. See the relevant documentation for .sm FEATURE(nocanonify) . The modifier ``f'' disallows addresses of the form .b user@host unless they are submitted directly. The flag ``u'' allows unqualified sender addresses. ``b'' forces sendmail to bind to the interface through which the e-mail has been received for the outgoing connection. .b WARNING: Use ``b'' only if outgoing mail can be routed through the incoming connection's interface to its destination. No attempt is made to catch problems due to a misconfiguration of this parameter, use it only for virtual hosting where each virtual interface can connect to every possible location. This will also override possible settings via .b ClientPortOptions. Note, .i sendmail will listen on a new socket for each occurence of the DaemonPortOptions option in a configuration file. .ip DefaultAuthInfo [no short name] Filename that contains default authentication information for outgoing connections. This file must contain the user id, the authorization id, the password (plain text), and the realm to use on separate lines and must be readable by root (or the trusted user) only. If no realm is specified, .b $j is used. .ip DefaultCharSet=\fIcharset\fP [no short name] When a message that has 8-bit characters but is not in MIME format is converted to MIME (see the EightBitMode option) a character set must be included in the Content-Type: header. This character set is normally set from the Charset= field of the mailer descriptor. If that is not set, the value of this option is used. If this option is not set, the value .q unknown-8bit is used. .ip DataFileBufferSize=\fIthreshold\fP [no short name] Set the .i threshold , in bytes, before a memory-based queue data file becomes disk-based. The default is 4096 bytes. .ip DeadLetterDrop=\fIfile\fP [no short name] Defines the location of the system-wide dead.letter file, formerly hardcoded to /usr/tmp/dead.letter. If this option is not set (the default), sendmail will not attempt to save to a system-wide dead.letter file in the event it can not bounce the mail to the user or postmaster. Instead, it will rename the qf file as it has in the past when the dead.letter file could not be opened. .ip DefaultUser=\fIuser:group\fP [u] Set the default userid for mailers to .i user:group . If .i group is omitted and .i user is a user name (as opposed to a numeric user id) the default group listed in the /etc/passwd file for that user is used as the default group. Both .i user and .i group may be numeric. Mailers without the .i S flag in the mailer definition will run as this user. Defaults to 1:1. The value can also be given as a symbolic user name.\** .(f \**The old .b g option has been combined into the .b DefaultUser option. .)f .ip DeliveryMode=\fIx\fP [d] Deliver in mode .i x . Legal modes are: .(b .ta 4n i Deliver interactively (synchronously) b Deliver in background (asynchronously) q Just queue the message (deliver during queue run) d Defer delivery and all map lookups (deliver during queue run) .)b Defaults to ``b'' if no option is specified, ``i'' if it is specified but given no argument (i.e., ``Od'' is equivalent to ``Odi''). The .b \-v command line flag sets this to .b i . .ip DialDelay=\fIsleeptime\fP [no short name] Dial-on-demand network connections can see timeouts if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted .i sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so .q DialDelay=5 uses a five second delay. Defaults to zero (no retry). .ip DontBlameSendmail=\fIoption,option,...\fP [no short name] In order to avoid possible cracking attempts caused by world- and group-writable files and directories, .i sendmail does paranoid checking when opening most of its support files. If for some reason you absolutely must run with, for example, a group-writable .i /etc directory, then you will have to turn off this checking (at the cost of making your system more vulnerable to attack). The arguments are individual options that turn off checking: .(b Safe AssumeSafeChown ClassFileInUnsafeDirPath DontWarnForwardFileInUnsafeDirPath ErrorHeaderInUnsafeDirPath FileDeliveryToHardLink FileDeliveryToSymLink ForwardFileInUnsafeDirPath ForwardFileInUnsafeDirPathSafe ForwardFileIngroupWritableDirPath GroupWritableAliasFile GroupWritableDirPathSafe GroupWritableForwardFileSafe GroupWritableIncludeFileSafe HelpFileinUnsafeDirPath IncludeFileInUnsafeDirPath IncludeFileInUnsafeDirPathSafe IncludeFileIngroupWritableDirPath InsufficientEntropy LinkedAliasFileInWritableDir LinkedClassFileInWritableDir LinkedForwardFileInWritableDir LinkedIncludeFileInWritableDir LinkedMapInWritableDir LinkedServiceSwitchFileInWritableDir MapInUnsafeDirPath NonRootSafeAddr RunProgramInUnsafeDirPath RunWritableProgram TrustStickyBit WorldWritableAliasFile WriteMapToHardLink WriteMapToSymLink WriteStatsToHardLink WriteStatsToSymLink .)b .b Safe is the default. The details of these flags are described above. .\"XXX should have more here!!! XXX .b "Use of this option is not recommended." .ip DontExpandCnames [no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named .q Cruft.Foo.ORG and also has an alias of .q FTP.Foo.ORG , the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups). If this option is set, the protocols are ignored and the .q wrong thing is done. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however. .ip DontInitGroups [no short name] If set, .i sendmail will avoid using the initgroups(3) call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. Has no effect on systems that don't have group lists. .ip DontProbeInterfaces [no short name] .i Sendmail normally finds the names of all interfaces active on your machine when it starts up and adds their name to the .b $=w class of known host aliases. If you have a large number of virtual interfaces or if your DNS inverse lookups are slow this can be time consuming. This option turns off that probing. However, you will need to be certain to include all variant names in the .b $=w class by some other mechanism. .ip DontPruneRoutes [R] Normally, .i sendmail tries to eliminate any unnecessary explicit routes when sending an error message (as discussed in RFC 1123 \(sc 5.2.6). For example, when sending an error message to .(b <@known1,@known2,@known3:user@unknown> .)b .i sendmail will strip off the .q @known1,@known2 in order to make the route as direct as possible. However, if the .b R option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall. .ip DoubleBounceAddress=\fIerror-address\fP [no short name] If an error occurs when sending an error message, send the error report (termed a .q "double bounce" because it is an error .q bounce that occurs when trying to send another error .q bounce ) to the indicated address. The address is macro expanded at the time of delivery. If not set, defaults to .q postmaster . .ip EightBitMode=\fIaction\fP [8] Set handling of eight-bit data. There are two kinds of eight-bit data: that declared as such using the .b BODY=8BITMIME ESMTP declaration or the .b \-B8BITMIME command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three basic operations that can happen: undeclared 8-bit data can be automatically converted to 8BITMIME, undeclared 8-bit data can be passed as-is without conversion to MIME (``just send 8''), and declared 8-bit data can be converted to 7-bits for transmission to a non-8BITMIME mailer. The possible .i action s are: .(b .\" r Reject undeclared 8-bit data; .\" don't convert 8BITMIME\(->7BIT (``reject'') s Reject undeclared 8-bit data (``strict'') .\" do convert 8BITMIME\(->7BIT (``strict'') .\" c Convert undeclared 8-bit data to MIME; .\" don't convert 8BITMIME\(->7BIT (``convert'') m Convert undeclared 8-bit data to MIME (``mime'') .\" do convert 8BITMIME\(->7BIT (``mime'') .\" j Pass undeclared 8-bit data; .\" don't convert 8BITMIME\(->7BIT (``just send 8'') p Pass undeclared 8-bit data (``pass'') .\" do convert 8BITMIME\(->7BIT (``pass'') .\" a Adaptive algorithm: see below .)b .\"The adaptive algorithm is to accept 8-bit data, .\"converting it to 8BITMIME only if the receiver understands that, .\"otherwise just passing it as undeclared 8-bit data; .\"8BITMIME\(->7BIT conversions are done. In all cases properly declared 8BITMIME data will be converted to 7BIT as needed. .ip ErrorHeader=\fIfile-or-message\fP [E] Prepend error messages with the indicated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recommended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assistance to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed. .ip ErrorMode=\fIx\fP [e] Dispose of errors using mode .i x . The values for .i x are: .(b p Print error messages (default) q No messages, just give exit status m Mail back errors w Write back errors (mail if user not logged in) e Mail back errors and give zero exit stat always .)b .ip FallbackMXhost=\fIfallbackhost\fP [V] If specified, the .i fallbackhost acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity. Messages which are undeliverable due to temporary address failures (e.g., DNS failure) also go to the FallBackMX host. .ip ForkEachJob [Y] If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume considerable amounts of memory while the queue is being processed. .ip ForwardPath=\fIpath\fP [J] Set the path for searching for users' .forward files. The default is .q $z/.forward . Some sites that use the automounter may prefer to change this to .q /var/forward/$u to search a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; .i sendmail stops at the first file it can successfully and safely open. For example, .q /var/forward/$u:$z/.forward will search first in /var/forward/\c .i username and then in .i ~username /.forward (but only if the first file does not exist). .ip HelpFile=\fIfile\fP [H] Specify the help file for SMTP. If no file name is specified, "helpfile" is used. .ip HoldExpensive [c] If an outgoing mailer is marked as being expensive, don't connect immediately. This requires that queueing be compiled in, since it will depend on a queue run process to actually send the mail. .ip HostsFile=\fIpath\fP [no short name] The path to the hosts database, normally .q /etc/hosts . This option is only consulted when sendmail is canonifying addresses, and then only when .q files is in the .q hosts service switch entry. In particular, this file is .i never used when looking up host addresses; that is under the control of the system .i gethostbyname (3) routine. .ip HostStatusDirectory=\fIpath\fP [no short name] The location of the long term host status information. When set, information about the status of hosts (e.g., host down or not accepting connections) will be shared between all .i sendmail processes; normally, this information is only held within a single queue run. This option requires a connection cache of at least 1 to function. If the option begins with a leading `/', it is an absolute pathname; otherwise, it is relative to the mail queue directory. A suggested value for sites desiring persistent host status is .q \&.hoststat (i.e., a subdirectory of the queue directory). .ip IgnoreDots [i] Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail. .ip LDAPDefaultSpec=\fIspec\fP [no short name] Sets a default map specification for LDAP maps. The value should only contain LDAP specific settings such as .q "-h host -p port -d bindDN" . The settings will be used for all LDAP maps unless the individual map specification overrides a setting. This option should be set before any LDAP maps are defined. .ip LogLevel=\fIn\fP [L] Set the log level to .i n . Defaults to 9. .ip M\fIx\|value\fP [no long version] Set the macro .i x to .i value . This is intended only for use from the command line. The .b \-M flag is preferred. .ip MatchGECOS [G] Allow fuzzy matching on the GECOS field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a .i getpwnam fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended. .ip MaxAliasRecursion=\fIN\fP [no short name] The maximum depth of alias recursion (default: 10). .ip MaxDaemonChildren=\fIN\fP [no short name] If set, .i sendmail will refuse connections when it has more than .i N children processing incoming mail or automatic queue runs. This does not limit the number of outgoing connections. If not set, there is no limit to the number of children -- that is, the system load averaging controls this. .ip MaxHeadersLength=\fIN\fP [no short name] The maximum length of the sum of all headers. This can be used to prevent a denial of service attack. The default is no limit. .ip MaxHopCount=\fIN\fP [h] The maximum hop count. Messages that have been processed more than .i N times are assumed to be in a loop and are rejected. Defaults to 25. .ip MaxMessageSize=\fIN\fP [no short name] Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected. .ip MaxMimeHeaderLength=\fIN[/M]\fP [no short name] Sets the maximum length of certain MIME header field values to .i N characters. For some of these headers which take parameters, the maximum length of each parameter is set to .i M if specified. If .i /M is not specified, one half of .i N will be used. By default, these values are 0, meaning no checks are done. .ip MaxQueueRunSize=\fIN\fP [no short name] The maximum number of jobs that will be processed in a single queue run. If not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first .i N jobs in queue directory order are run (rather than the .i N highest priority jobs) this should be set as high as possible to avoid .q losing jobs that happen to fall late in the queue directory. .ip MaxRecipientsPerMessage=\fIN\fP [no short name] The maximum number of recipients that will be accepted per message in an SMTP transaction. Note: setting this too low can interfere with sending mail from MUAs that use SMTP for initial submission. If not set, there is no limit on the number of recipients per envelope. .ip MeToo [m] Send to me too, even if I am in an alias expansion. This option is deprecated and will be removed from a future version. .ip MinFreeBlocks=\fIN\fP [b] Insist on at least .i N blocks free on the filesystem that holds the queue files before accepting email via SMTP. If there is insufficient space .i sendmail gives a 452 response to the MAIL command. This invites the sender to try again later. -.ip MinQueueAge=\fPage\fP +.ip MinQueueAge=\fIage\fP [no short name] Don't process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes. .ip MustQuoteChars=\fIs\fP [no short name] Sets the list of characters that must be quoted if used in a full name that is in the phrase part of a ``phrase
'' syntax. The default is ``\'.''. The characters ``@,;:\e()[]'' are always added to this list. .ip NoRecipientAction [no short name] The action to take when you receive a message that has no valid recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em the last included for back compatibility with old .i sendmail s). It can be .b None to pass the message on unmodified, which violates the protocol, .b Add-To to add a To: header with any recipients it can find in the envelope (which might expose Bcc: recipients), .b Add-Apparently-To to add an Apparently-To: header (this is only for back-compatibility and is officially deprecated), .b Add-To-Undisclosed to add a header .q "To: undisclosed-recipients:;" to make the header legal without disclosing anything, or .b Add-Bcc to add an empty Bcc: header. .ip OldStyleHeaders [o] Assume that the headers may be in old format, i.e., spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off. .ip OperatorChars=\fIcharlist\fP [$o macro] The list of characters that are considered to be .q operators , that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves \(em for example, .q AAA.BBB has three tokens, but .q "AAA BBB" has two. If not set, OperatorChars defaults to .q \&.\|:\|@\|[\|] ; additionally, the characters .q (\|)\|<\|>\|,\|; are always operators. Note that OperatorChars must be set in the configuration file before any rulesets. .ip PidFile=\fIfilename\fP [no short name] Filename of the pid file. (default is _PATH_SENDMAILPID). The .i filename is macro-expanded before it is opened. .ip PostmasterCopy=\fIpostmaster\fP [P] If set, copies of error messages will be sent to the named .i postmaster . Only the header of the failed message is sent. Errors resulting from messages with a negative precedence will not be sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. The address is macro expanded at the time of delivery. Defaults to no postmaster copies. .ip PrivacyOptions=\fI\|opt,opt,...\fP [p] Set the privacy .i opt ions. ``Privacy'' is really a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The .i opt ions can be selected from: .(b .ta \w'needvrfyhelo'u+3n public Allow open access needmailhelo Insist on HELO or EHLO command before MAIL needexpnhelo Insist on HELO or EHLO command before EXPN noexpn Disallow EXPN entirely, implies noverb. needvrfyhelo Insist on HELO or EHLO command before VRFY novrfy Disallow VRFY entirely noetrn Disallow ETRN entirely noverb Disallow VERB entirely restrictmailq Restrict mailq command restrictqrun Restrict \-q command line flag noreceipts Don't return success DSNs\** nobodyreturn Don't return the body of a message with DSNs goaway Disallow essentially all SMTP status queries authwarnings Put X-Authentication-Warning: headers in messages + and log warnings .)b .(f \**N.B.: the .b noreceipts flag turns off support for RFC 1891 (Delivery Status Notification). .)f The .q goaway pseudo-flag sets all flags except .q noreceipts , .q restrictmailq , .q restrictqrun , .q noetrn , and .q nobodyreturn . If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using an non-standard queue directory. .ip ProcessTitlePrefix=\fIstring\fP [no short name] Prefix the process title shown on 'ps' listings with .i string . The .i string will be macro processed. .ip QueueDirectory=\fIdir\fP [Q] Use the named .i dir as the queue directory. To use multiple queues, supply a value ending with an asterisk. For example, .i /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with .i q in .i /var/spool/mqueue as queue directories. Do not change the queue directory structure while sendmail is running. .ip QueueFactor=\fIfactor\fP [q] Use .i factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (\c .b QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000. .ip QueueLA=\fILA\fP [x] When the system load average exceeds .i LA , just queue messages (i.e., don't try to send them). Defaults to 8 multiplied by the number of processors online on the system (if that can be determined). .ip QueueSortOrder=\fIalgorithm\fP [no short name] Sets the .i algorithm used for sorting the queue. Only the first character of the value is used. Legal values are .q host (to order by the name of the first host name of the first recipient), .q filename (to order by the name of the queue file name), .q time (to order by the submission time), and .q priority (to order by message priority). Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single host over high priority messages that go to several hosts; it probably shouldn't be used on slow network links. Filename ordering saves the overhead of reading all of the queued items before starting the queue run. Time ordering is almost always a bad idea, since it allows large, bulk mail to go out before smaller, personal mail, but may have applicability on some hosts with very fast connections. Priority ordering is the default. .ip QueueTimeout=\fItimeout\fP [T] A synonym for .q Timeout.queuereturn . Use that form instead of the .q QueueTimeout form. .ip RandFile [no short name] Name of file containing random data or the name of the UNIX socket if EGD is used. A (required) prefix "egd:" or "file:" specifies the type. STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set (see sendmail/README). .ip ResolverOptions=\fIoptions\fP [I] Set resolver options. Values can be set using .b + \c .i flag and cleared using .b \- \c .i flag ; the .i flag s can be .q debug , .q aaonly , .q usevc , .q primary , .q igntc , .q recurse , .q defnames , .q stayopen , or .q dnsrch . The string .q HasWildcardMX (without a .b + or .b \- ) can be specified to turn off matching against MX records when doing name canonifications. .b N.B. Prior to 8.7, this option indicated that the name server be responding in order to accept addresses. This has been replaced by checking to see if the .q dns method is listed in the service switch entry for the .q hosts service. .ip RrtImpliesDsn [R] If this option is set, a .q Return-Receipt-To: header causes the request of a DSN, which is sent to the envelope sender as required by RFC1891, not to the address given in the header. .ip RunAsUser=\fIuser\fP [no short name] The .i user parameter may be a user name (looked up in .i /etc/passwd ) or a numeric user id; either form can have .q ":group" attached (where group can be numeric or symbolic). If set to a non-zero (non-root) value, .i sendmail will change to this user id shortly after startup\**. .(f \**When running as a daemon, it changes to this user after accepting a connection but before reading any .sm SMTP commands. .)f This avoids a certain class of security problems. However, this means that all .q \&.forward and .q :include: files must be readable by the indicated .i user and all files to be written must be writable by .i user Also, all file and program deliveries will be marked unsafe unless the option -.b DontBlameSendmail=NonRootAddrSafe +.b DontBlameSendmail=NonRootSafeAddr is set, in which case the delivery will be done as .i user . It is also incompatible with the .b SafeFileEnvironment option. In other words, it may not actually add much to security on an average system, and may in fact detract from security (because other file permissions must be loosened). However, it should be useful on firewalls and other places where users don't have accounts and the aliases file is well constrained. .ip RecipientFactor=\fIfact\fP [y] The indicated .i fact or is added to the priority (thus .i lowering the priority of the job) for each recipient, i.e., this value penalizes jobs with large numbers of recipients. Defaults to 30000. .ip RefuseLA=\fILA\fP [X] When the system load average exceeds .i LA , refuse incoming SMTP connections. Defaults to 12 multiplied by the number of processors online on the system (if that can be determined). .ip RetryFactor=\fIfact\fP [Z] The .i fact or is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000. .ip SafeFileEnvironment=\fIdir\fP [no short name] If this option is set, .i sendmail will do a .i chroot (2) call into the indicated .i dir ectory before doing any file writes. If the file name specified by the user begins with .i dir , that partial path name will be stripped off before writing, so (for example) if the SafeFileEnvironment variable is set to .q /safe then aliases of .q /safe/logs/file and .q /logs/file actually indicate the same file. Additionally, if this option is set, .i sendmail refuses to deliver to symbolic links. .ip SaveFromLine [f] Save UNIX-style .q From lines at the front of headers. Normally they are assumed redundant and discarded. .ip SendMimeErrors [j] If set, send error messages in MIME format (see RFC2045 and RFC1344 for details). If disabled, .i sendmail will not return the DSN keyword in response to an EHLO and will not do Delivery Status Notification processing as described in RFC1891. .ip ServerCertFile [no short name] File containing the certificate of the server, i.e., this certificate is used when sendmail acts as server. .ip ServerKeyFile [no short name] File containing the private key belonging to the server certificate. .ip ServiceSwitchFile=\fIfilename\fP [no short name] If your host operating system has a service switch abstraction (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1) that service will be consulted and this option is ignored. Otherwise, this is the name of a file that provides the list of methods used to implement particular services. The syntax is a series of lines, each of which is a sequence of words. The first word is the service name, and following words are service types. The services that .i sendmail consults directly are .q aliases and .q hosts. Service types can be .q dns , .q nis , .q nisplus , or .q files (with the caveat that the appropriate support must be compiled in before the service can be referenced). If ServiceSwitchFile is not specified, it defaults to /etc/mail/service.switch. If that file does not exist, the default switch is: .(b aliases files hosts dns nis files .)b The default file is .q /etc/mail/service.switch . .ip SevenBitInput [7] Strip input to seven bits for compatibility with old systems. This shouldn't be necessary. .ip SingleLineFromHeader [no short name] If set, From: lines that have embedded newlines are unwrapped onto one line. This is to get around a botch in Lotus Notes that apparently cannot understand legally wrapped RFC822 headers. .ip SingleThreadDelivery [no short name] If set, a client machine will never try to open two SMTP connections to a single server machine at the same time, even in different processes. That is, if another .i sendmail is already talking to some host a new .i sendmail will not open another connection. This property is of mixed value; although this reduces the load on the other machine, it can cause mail to be delayed (for example, if one .i sendmail is delivering a huge message, other .i sendmail s won't be able to send even small messages). Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce the .b ConnectionCacheSize option to avoid running out of per-process file descriptors. Requires the .b HostStatusDirectory option. .ip SmtpGreetingMessage=\fImessage\fP [$e macro] The message printed when the SMTP server starts up. Defaults to .q "$j Sendmail $v ready at $b". .ip StatusFile=\fIfile\fP [S] Log summary statistics in the named .i file . If no file name is specified, "statistics" is used. If not set, no summary statistics are saved. This file does not grow in size. It can be printed using the .i mailstats (8) program. .ip SuperSafe [s] Be super-safe when running things, i.e., always instantiate the queue file, even if you are going to attempt immediate delivery. .i Sendmail always instantiates the queue file before returning control to the client under any circumstances. This should really .i always be set. .ip TempFileMode=\fImode\fP [F] The file mode for queue files. It is interpreted in octal by default. Defaults to 0600. .ip Timeout.\fItype\fP=\|\fItimeout\fP [r; subsumes old T option as well] Set timeout values. For more information, see section .\" XREF 4.1. .ip TimeZoneSpec=\fItzinfo\fP [t] Set the local time zone info to .i tzinfo \*- for example, .q PST8PDT . Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if set but null, the user's TZ variable is used, and if set and non-null the TZ variable is set to this value. .ip TrustedUser=\fIuser\fP [no short name] The .i user parameter may be a user name (looked up in .i /etc/passwd ) or a numeric user id. Trusted user for file ownership and starting the daemon. If set, generated alias databases and the control socket (if configured) will automatically be owned by this user. .ip TryNullMXList [w] If this system is the .q best (that is, lowest preference) MX for a given host, its configuration rules should normally detect this situation and treat that condition specially by forwarding the mail to a UUCP feed, treating it as local, or whatever. However, in some cases (such as Internet firewalls) you may want to try to connect directly to that host as though it had no MX records at all. Setting this option causes .i sendmail to try this. The downside is that errors in your configuration are likely to be diagnosed as .q "host unknown" or .q "message timed out" instead of something more meaningful. This option is disrecommended. .ip UnixFromLine=\fIfromline\fP [$l macro] Defines the format used when .i sendmail must add a UNIX-style From_ line (that is, a line beginning .q Fromuser ). Defaults to .q "From $g $d" . Don't change this unless your system uses a different UNIX mailbox format (very unlikely). .ip UnsafeGroupWrites [no short name] If set, :include: and .forward files that are group writable are considered .q unsafe , that is, they cannot reference programs or write directly to files. World writable :include: and .forward files are always unsafe.. .ip UseErrorsTo [l] If there is an .q Errors-To: header, send error messages to the addresses listed there. They normally go to the envelope sender. Use of this option causes .i sendmail to violate RFC 1123. This option is disrecommended and deprecated. .ip UserDatabaseSpec=\fIudbspec\fP [U] The user database specification. .ip Verbose [v] Run in verbose mode. If this is set, .i sendmail adjusts options .b HoldExpensive (old .b c ) and .b DeliveryMode (old .b d ) so that all mail is delivered completely in a single job so that you can see the entire delivery process. Option .b Verbose should .i never be set in the configuration file; it is intended for command line use only. .ip XscriptFileBufferSize=\fIthreshold\fP [no short name] Set the .i threshold , in bytes, before a memory-based queue transcript file becomes disk-based. The default is 4096 bytes. .lp All options can be specified on the command line using the \-O or \-o flag, but most will cause .i sendmail to relinquish its setuid permissions. The options that will not cause this are SevenBitInput [7], EightBitMode [8], MinFreeBlocks [b], CheckpointInterval [C], DeliveryMode [d], ErrorMode [e], IgnoreDots [i], SendMimeErrors [j], LogLevel [L], MeToo [m], OldStyleHeaders [o], PrivacyOptions [p], SuperSafe [s], Verbose [v], QueueSortOrder, MinQueueAge, DefaultCharSet, Dial Delay, NoRecipientAction, ColonOkInAddr, MaxQueueRunSize, SingleLineFromHeader, and AllowBogusHELO. Actually, PrivacyOptions [p] given on the command line are added to those already specified in the .i sendmail.cf file, i.e., they can't be reset. Also, M (define macro) when defining the r or s macros is also considered .q safe . .sh 2 "P \*- Precedence Definitions" .pp Values for the .q "Precedence:" field may be defined using the .b P control line. The syntax of this field is: .(b \fBP\fP\fIname\fP\fB=\fP\fInum\fP .)b When the .i name is found in a .q Precedence: field, the message class is set to .i num . Higher numbers mean higher precedence. Numbers less than zero have the special property that if an error occurs during processing the body of the message will not be returned; this is expected to be used for .q "bulk" mail such as through mailing lists. The default precedence is zero. For example, our list of precedences is: .(b Pfirst-class=0 Pspecial-delivery=100 Plist=\-30 Pbulk=\-60 Pjunk=\-100 .)b People writing mailing list exploders are encouraged to use .q "Precedence: list" . Older versions of .i sendmail (which discarded all error returns for negative precedences) didn't recognize this name, giving it a default precedence of zero. This allows list maintainers to see error returns on both old and new versions of .i sendmail . .sh 2 "V \*- Configuration Version Level" .pp To provide compatibility with old configuration files, the .b V line has been added to define some very basic semantics of the configuration file. These are not intended to be long term supports; rather, they describe compatibility features which will probably be removed in future releases. .pp .b N.B.: these version .i levels have nothing to do with the version .i number on the files. For example, as of this writing version 8 config files (specifically, 8.10) used version level 9 configurations. .pp .q Old configuration files are defined as version level one. Version level two files make the following changes: .np Host name canonification ($[ ... $]) appends a dot if the name is recognized; this gives the config file a way of finding out if anything matched. (Actually, this just initializes the .q host map with the .q \-a. flag \*- you can reset it to anything you prefer by declaring the map explicitly.) .np Default host name extension is consistent throughout processing; version level one configurations turned off domain extension (that is, adding the local domain name) during certain points in processing. Version level two configurations are expected to include a trailing dot to indicate that the name is already canonical. .np Local names that are not aliases are passed through a new distinguished ruleset five; this can be used to append a local relay. This behavior can be prevented by resolving the local name with an initial `@'. That is, something that resolves to a local mailer and a user name of .q vikki will be passed through ruleset five, but a user name of .q @vikki will have the `@' stripped, will not be passed through ruleset five, but will otherwise be treated the same as the prior example. The expectation is that this might be used to implement a policy where mail sent to .q vikki was handled by a central hub, but mail sent to .q vikki@localhost was delivered directly. .pp Version level three files allow # initiated comments on all lines. Exceptions are backslash escaped # marks and the $# syntax. .pp Version level four configurations are completely equivalent to level three for historical reasons. .pp Version level five configuration files change the default definition of .b $w to be just the first component of the hostname. .pp Version level six configuration files change many of the local processing options (such as aliasing and matching the beginning of the address for `|' characters) to be mailer flags; this allows fine-grained control over the special local processing. Level six configuration files may also use long option names. The .b ColonOkInAddr option (to allow colons in the local-part of addresses) defaults .b on for lower numbered configuration files; the configuration file requires some additional intelligence to properly handle the RFC 822 group construct. .pp Version level seven configuration files used new option names to replace old macros (\c .b $e became .b SmtpGreetingMessage , .b $l became .b UnixFromLine , and .b $o became .b OperatorChars . Also, prior to version seven, the .b F=q flag (use 250 instead of 252 return value for .sm "SMTP VRFY" commands) was assumed. .pp Version level eight configuration files allow .b $# on the left hand side of ruleset lines. .pp Version level nine configuration files allow parentheses in rulesets, i.e. they are not treated as comments and hence removed. .pp The .b V line may have an optional .b / \c .i vendor to indicate that this configuration file uses modifications specific to a particular vendor\**. .(f \**And of course, vendors are encouraged to add themselves to the list of recognized vendors by editing the routine .i setvendor in .i conf.c . Please send e-mail to sendmail@Sendmail.ORG to register your vendor dialect. .)f You may use .q /Berkeley to emphasize that this configuration file uses the Berkeley dialect of .i sendmail . .sh 2 "K \*- Key File Declaration" .pp Special maps can be defined using the line: .(b Kmapname mapclass arguments .)b The .i mapname is the handle by which this map is referenced in the rewriting rules. The .i mapclass is the name of a type of map; these are compiled in to .i sendmail . The .i arguments are interpreted depending on the class; typically, there would be a single argument naming the file containing the map. .pp Maps are referenced using the syntax: .(b $( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $) .)b where either or both of the .i arguments or .i default portion may be omitted. The .i "$@ arguments" may appear more than once. The indicated .i key and .i arguments are passed to the appropriate mapping function. If it returns a value, it replaces the input. If it does not return a value and the .i default is specified, the .i default replaces the input. Otherwise, the input is unchanged. .pp The .i arguments are passed to the map for arbitrary use. Most map classes can interpolate these arguments into their values using the syntax .q %\fIn\fP (where .i n is a digit) to indicate the corresponding .i argument . Argument .q %0 indicates the database key. For example, the rule .(b .ta 1.5i R$\- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $) .)b Looks up the UUCP name in a (user defined) UUCP map; if not found it turns it into .q \&.UUCP form. The database might contain records like: .(b decvax %1@%0.DEC.COM research %1@%0.ATT.COM .)b Note that .i default clauses never do this mapping. .pp The built in map with both name and class .q host is the host name canonicalization lookup. Thus, the syntax: .(b $(host \fIhostname\fP$) .)b is equivalent to: .(b $[\fIhostname\fP$] .)b .pp There are many defined classes. .ip dbm Database lookups using the ndbm(3) library. .i Sendmail must be compiled with .b NDBM defined. .ip btree Database lookups using the btree interface to the Berkeley DB library. .i Sendmail must be compiled with .b NEWDB defined. .ip hash Database lookups using the hash interface to the Berkeley DB library. .i Sendmail must be compiled with .b NEWDB defined. .ip nis NIS lookups. .i Sendmail must be compiled with .b NIS defined. .ip nisplus NIS+ lookups. .i Sendmail must be compiled with .b NISPLUS defined. The argument is the name of the table to use for lookups, and the .b \-k and .b \-v flags may be used to set the key and value columns respectively. .ip hesiod Hesiod lookups. .i Sendmail must be compiled with .b HESIOD defined. .ip ldap LDAP X500 directory lookups. .i Sendmail must be compiled with .b LDAPMAP defined. The map supports most of the standard arguments and most of the command line arguments of the .i ldapsearch program. Note that, by default, if a single query matches multiple values, only the first value will be returned unless the .b \-z (value separator) map flag is set. Also, the .b \-1 map flag will treat a multiple value return as if there were no matches. .ip netinfo NeXT NetInfo lookups. .i Sendmail must be compiled with .b NETINFO defined. .ip text Text file lookups. The format of the text file is defined by the .b \-k (key field number), .b \-v (value field number), and .b \-z (field delimiter) flags. .ip ph PH query map. Contributed and supported by Mark Roth, roth@uiuc.edu. For more information, consult the web site -.q http://www-wsg.cso.uiuc.edu/sendmail/sendmail-phmap/ . +.q http://www-dev.cso.uiuc.edu/sendmail/ . .ip nsd nsd map for IRIX 6.5 and later. Contributed and supported by Bob Mende of SGI, mende@sgi.com. .ip stab Internal symbol table lookups. Used internally for aliasing. .ip implicit Really should be called .q alias \(em this is used to get the default lookups for alias files, and is the default if no class is specified for alias files. .ip user Looks up users using .i getpwnam (3). The .b \-v flag can be used to specify the name of the field to return (although this is normally used only to check the existence of a user). .ip host Canonifies host domain names. Given a host name it calls the name server to find the canonical name for that host. .ip bestmx Returns the best MX record for a host name given as the key. The current machine is always preferred \*- that is, if the current machine is one of the hosts listed as a lowest-preference MX record, then it will be guaranteed to be returned. This can be used to find out if this machine is the target for an MX record, and mail can be accepted on that basis. If the .b \-z flag is given, then all MX names are returned, separated by the given delimiter. .ip sequence The arguments on the `K' line are a list of maps; the resulting map searches the argument maps in order until it finds a match for the indicated key. For example, if the key definition is: .(b Kmap1 ... Kmap2 ... Kseqmap sequence map1 map2 .)b then a lookup against .q seqmap first does a lookup in map1. If that is found, it returns immediately. Otherwise, the same key is used for map2. .ip syslog the key is logged via .i syslogd \|(8). The lookup returns the empty string. .ip switch Much like the .q sequence map except that the order of maps is determined by the service switch. The argument is the name of the service to be looked up; the values from the service switch are appended to the map name to create new map names. For example, consider the key definition: .(b Kali switch aliases .)b together with the service switch entry: .(b aliases nis files .)b This causes a query against the map .q ali to search maps named .q ali.nis and .q ali.files in that order. .ip dequote Strip double quotes (") from a name. It does not strip backslashes, and will not strip quotes if the resulting string would contain unscannable syntax (that is, basic errors like unbalanced angle brackets; more sophisticated errors such as unknown hosts are not checked). The intent is for use when trying to accept mail from systems such as DECnet that routinely quote odd syntax such as .(b "49ers::ubell" .)b A typical usage is probably something like: .(b Kdequote dequote \&... R$\- $: $(dequote $1 $) R$\- $+ $: $>3 $1 $2 .)b Care must be taken to prevent unexpected results; for example, .(b "|someprogram < input > output" .)b will have quotes stripped, but the result is probably not what you had in mind. Fortunately these cases are rare. .ip regex The map definition on the .b K line contains a regular expression. Any key input is compared to that expression using the POSIX regular expressions routines regcomp(), regerr(), and regexec(). Refer to the documentation for those routines for more information about the regular expression matching. No rewriting of the key is done if the .b \-m flag is used. Without it, the key is discarded or if .b \-s if used, it is substituted by the substring matches, delimited by .b $| or the string specified with the the .b \-d flag. The flags available for the map are .(b -n not -f case sensitive -b basic regular expressions (default is extended) -s substring match -d set the delimiter used for -s -a append string to key -m match only, do not replace/discard value -D perform no lookup in deferred delivery mode. .)b The .b \-s flag can include an optional parameter which can be used to select the substrings in the result of the lookup. For example, .(b -s1,3,4 .)b Notes: to match a .b $ in a string, \\$$ must be used. If the pattern contains spaces, they must be replaced with the blank substitution character, unless it is space itself. .ip program The arguments on the .b K line are the pathname to a program and any initial parameters to be passed. When the map is called, the key is added to the initial parameters and the program is invoked as the default user/group id. The first line of standard output is returned as the value of the lookup. This has many potential security problems, and has terrible performance; it should be used only when absolutely necessary. .ip macro Set or clear a macro value. To set a macro, pass the value as the first argument in the map lookup. To clear a macro, do not pass an argument in the map lookup. The map always returns the empty string. Example of typical usage include: .(b Kstorage macro \&... # set macro ${MyMacro} to the ruleset match R$+ $: $(storage {MyMacro} $@ $1 $) $1 # set macro ${MyMacro} to an empty string R$* $: $(storage {MyMacro} $@ $) $1 # clear macro ${MyMacro} R$\- $: $(storage {MyMacro} $) $1 .)b .ip arith Perform simple arithmetic operations. The operation is given as key, currently +, -, *, /, l (for less than), and = are supported. The two operands are given as arguments. The lookup returns the result of the computation, i.e. .sm TRUE or .sm FALSE for comparisons, integer values otherwise. All options which are possible for maps are ignored. A simple example is: .(b Kcomp arith \&... Scheck_etrn R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1 RFALSE $# error \&... .)b .pp Most of these accept as arguments the same optional flags and a filename (or a mapname for NIS; the filename is the root of the database path, so that .q .db or some other extension appropriate for the database type will be added to get the actual database name). Known flags are: .ip "\-o" Indicates that this map is optional \*- that is, if it cannot be opened, no error is produced, and .i sendmail will behave as if the map existed but was empty. .ip "\-N, \-O" If neither .b \-N or .b \-O are specified, .i sendmail uses an adaptive algorithm to decide whether or not to look for null bytes on the end of keys. It starts by trying both; if it finds any key with a null byte it never tries again without a null byte and vice versa. If .b \-N is specified it never tries without a null byte and if .b \-O is specified it never tries with a null byte. Setting one of these can speed matches but are never necessary. If both .b \-N and .b \-O are specified, .i sendmail will never try any matches at all \(em that is, everything will appear to fail. .ip "\-a\fIx\fP" Append the string .i x on successful matches. For example, the default .i host map appends a dot on successful matches. .ip "\-T\fIx\fP" Append the string .i x on temporary failures. For example, .i x would be appended if a DNS lookup returned .q "server failed" or an NIS lookup could not locate a server. See also the .b \-t flag. .ip "\-f" Do not fold upper to lower case before looking up the key. .ip "\-m" Match only (without replacing the value). If you only care about the existence of a key and not the value (as you might when searching the NIS map .q hosts.byname for example), this flag prevents the map from substituting the value. However, The \-a argument is still appended on a match, and the default is still taken if the match fails. .ip "\-k\fIkeycol\fP" The key column name (for NIS+) or number (for text lookups). For LDAP maps this is an LDAP filter string in which %s is replaced with the literal contents of the lookup key and %0 is replaced with the LDAP escaped contents of the lookup key according to RFC2254. .ip "\-v\fIvalcol\fP" The value column name (for NIS+) or number (for text lookups). For LDAP maps this is the name of one or more attributes to be returned; multiple attributes can be separated by commas. If not specified, all attributes found in the match will be returned. .ip "\-z\fIdelim\fP" The column delimiter (for text lookups). It can be a single character or one of the special strings .q \|\en or .q \|\et to indicate newline or tab respectively. If omitted entirely, the column separator is any sequence of white space. For LDAP maps this is the separator character to combine multiple values into a single return string. If not set, the LDAP lookup will only return the first match found. .ip "\-t" Normally, when a map attempts to do a lookup and the server fails (e.g., .i sendmail couldn't contact any name server; this is .i not the same as an entry not being found in the map), the message being processed is queued for future processing. The .b \-t flag turns off this behavior, letting the temporary failure (server down) act as though it were a permanent failure (entry not found). It is particularly useful for DNS lookups, where someone else's misconfigured name server can cause problems on your machine. However, care must be taken to ensure that you don't bounce mail that would be resolved correctly if you tried again. A common strategy is to forward such mail to another, possibly better connected, mail server. .ip "\-D" Perform no lookup in deferred delivery mode. This flag is set by default for the .i host map. .ip "\-S\fIspacesub\fP The character to use to replace space characters after a successful map lookup (esp. useful for regex and syslog maps). .ip "\-s\fIspacesub\fP For the dequote map only, the character to use to replace space characters after a successful dequote. .ip "\-q" Don't dequote the key before lookup. .ip "\-L\fIlevel\fP For the syslog map only, it specifies the level to use for the syslog call. .ip "\-A" When rebuilding an alias file, the .b \-A flag causes duplicate entries in the text version to be merged. For example, two entries: .(b list: user1, user2 list: user3 .)b would be treated as though it were the single entry .(b list: user1, user2, user3 .)b in the presence of the .b \-A flag. .pp The following additional flags are present in the ldap map only: .ip "\-R" Do not auto chase referrals. sendmail must be compiled with .b \-DLDAP_REFERRALS to use this flag. .ip "\-n" Retrieve attribute names only. .ip "\-r\fIderef\fP" Set the alias dereference option to one of never, always, search, or find. .ip "\-s\fIscope\fP" Set search scope to one of base, one (one level), or sub (subtree). .ip "\-h\fIhost\fP" LDAP server hostname. +Some LDAP libraries allow you to specify multiple, space-separated hosts for +redundancy. +In addition, each of the hosts listed can be followed by a colon and a port +number to override the default LDAP port. .ip "\-b\fIbase\fP" LDAP search base. .ip "\-p\fIport\fP" LDAP service port. .ip "\-l\fItimelimit\fP" Time limit for LDAP queries. .ip "\-Z\fIsizelimit\fP" Size (number of matches) limit for LDAP queries. .ip "\-d\fIdistinguished_name\fP" The distinguished name to use to login to the LDAP server. .ip "\-M\fImethod\fP" The method to authenticate to the LDAP server. Should be one of .b LDAP_AUTH_NONE , .b LDAP_AUTH_SIMPLE , or .b LDAP_AUTH_KRBV4 . .ip "\-P\fIpasswordfile\fP" The file containing the secret key for the .b LDAP_AUTH_SIMPLE authentication method or the name of the Kerberos ticket file for .b LDAP_AUTH_KRBV4 . .ip "\-1" Force LDAP searches to only succeed if a single match is found. If multiple values are found, the search is treated as if no match was found. .pp The .i dbm map appends the strings .q \&.pag and .q \&.dir to the given filename; the .i hash and .i btree maps append .q \&.db . For example, the map specification .(b Kuucp dbm \-o \-N /etc/mail/uucpmap .)b specifies an optional map named .q uucp of class .q dbm ; it always has null bytes at the end of every string, and the data is located in /etc/mail/uucpmap.{dir,pag}. .pp The program .i makemap (8) can be used to build any of the three database-oriented maps. It takes the following flags: .ip \-f Do not fold upper to lower case in the map. .ip \-N Include null bytes in keys. .ip \-o Append to an existing (old) file. .ip \-r Allow replacement of existing keys; normally, re-inserting an existing key is an error. .ip \-v Print what is happening. .lp The .i sendmail daemon does not have to be restarted to read the new maps as long as you change them in place; file locking is used so that the maps won't be read while they are being updated. .pp New classes can be added in the routine .b setupmaps in file .b conf.c . .sh 2 "The User Database" .pp If you have a version of .i sendmail with the user database package compiled in, the handling of sender and recipient addresses is modified. .pp The location of this database is controlled with the .b UserDatabaseSpec option. .sh 3 "Structure of the user database" .pp The database is a sorted (BTree-based) structure. User records are stored with the key: .(b \fIuser-name\fP\fB:\fP\fIfield-name\fP .)b The sorted database format ensures that user records are clustered together. Meta-information is always stored with a leading colon. .pp Field names define both the syntax and semantics of the value. Defined fields include: .nr ii 1i .ip maildrop The delivery address for this user. There may be multiple values of this record. In particular, mailing lists will have one .i maildrop record for each user on the list. .ip "mailname" The outgoing mailname for this user. For each outgoing name, there should be an appropriate .i maildrop record for that name to allow return mail. See also .i :default:mailname . .ip mailsender Changes any mail sent to this address to have the indicated envelope sender. This is intended for mailing lists, and will normally be the name of an appropriate -request address. It is very similar to the owner-\c .i list syntax in the alias file. .ip fullname The full name of the user. .ip office-address The office address for this user. .ip office-phone The office phone number for this user. .ip office-fax The office FAX number for this user. .ip home-address The home address for this user. .ip home-phone The home phone number for this user. .ip home-fax The home FAX number for this user. .ip project A (short) description of the project this person is affiliated with. In the University this is often just the name of their graduate advisor. .ip plan A pointer to a file from which plan information can be gathered. .pp As of this writing, only a few of these fields are actually being used by .i sendmail : .i maildrop and .i mailname . A .i finger program that uses the other fields is planned. .sh 3 "User database semantics" .pp When the rewriting rules submit an address to the local mailer, the user name is passed through the alias file. If no alias is found (or if the alias points back to the same address), the name (with .q :maildrop appended) is then used as a key in the user database. If no match occurs (or if the maildrop points at the same address), forwarding is tried. .pp If the first token of the user name returned by ruleset 0 is an .q @ sign, the user database lookup is skipped. The intent is that the user database will act as a set of defaults for a cluster (in our case, the Computer Science Division); mail sent to a specific machine should ignore these defaults. .pp When mail is sent, the name of the sending user is looked up in the database. If that user has a .q mailname record, the value of that record is used as their outgoing name. For example, I might have a record: .(b eric:mailname Eric.Allman@CS.Berkeley.EDU .)b This would cause my outgoing mail to be sent as Eric.Allman. .pp If a .q maildrop is found for the user, but no corresponding .q mailname record exists, the record .q :default:mailname is consulted. If present, this is the name of a host to override the local host. For example, in our case we would set it to .q CS.Berkeley.EDU . The effect is that anyone known in the database gets their outgoing mail stamped as .q user@CS.Berkeley.EDU , but people not listed in the database use the local hostname. .sh 3 "Creating the database\**" .(f \**These instructions are known to be incomplete. Other features are available which provide similar functionality, e.g., virtual hosting and mapping local addresses into a generic form as explained in cf/README. .)f .pp The user database is built from a text file using the .i makemap utility (in the distribution in the makemap subdirectory). The text file is a series of lines corresponding to userdb records; each line has a key and a value separated by white space. The key is always in the format described above \*- for example: .(b eric:maildrop .)b This file is normally installed in a system directory; for example, it might be called .i /etc/mail/userdb . To make the database version of the map, run the program: .(b makemap btree /etc/mail/userdb < /etc/mail/userdb .)b Then create a config file that uses this. For example, using the V8 M4 configuration, include the following line in your .mc file: .(b define(\`confUSERDB_SPEC\', /etc/mail/userdb.db) .)b .sh 1 "OTHER CONFIGURATION" .pp There are some configuration changes that can be made by recompiling .i sendmail . This section describes what changes can be made and what has to be modified to make them. In most cases this should be unnecessary unless you are porting .i sendmail to a new environment. .sh 2 "Parameters in devtools/OS/$oscf" .pp These parameters are intended to describe the compilation environment, not site policy, and should normally be defined in the operating system configuration file. .b "This section needs a complete rewrite." .ip NDBM If set, the new version of the DBM library that allows multiple databases will be used. If neither NDBM nor NEWDB are set, a much less efficient method of alias lookup is used. .ip NEWDB If set, use the new database package from Berkeley (from 4.4BSD). This package is substantially faster than DBM or NDBM. If NEWDB and NDBM are both set, .i sendmail will read DBM files, but will create and use NEWDB files. .ip NIS Include support for NIS. If set together with .i both NEWDB and NDBM, .i sendmail will create both DBM and NEWDB files if and only if an alias file includes the substring .q /yp/ in the name. This is intended for compatibility with Sun Microsystems' .i mkalias program used on YP masters. .ip NISPLUS Compile in support for NIS+. .ip NETINFO Compile in support for NetInfo (NeXT stations). .ip LDAPMAP Compile in support for LDAP X500 queries. Requires libldap and liblber from the Umich LDAP 3.2 or 3.3 release or equivalent libraries for other LDAP libraries such as OpenLDAP. .ip HESIOD Compile in support for Hesiod. .ip MAP_NSD Compile in support for IRIX NSD lookups. .ip MAP_REGEX Compile in support for regular expression matching. .ip PH_MAP Compile in support for ph lookups. .ip SASL Compile in support for SASL, a required component for SMTP Authentication support. .ip STARTTLS Compile in support for STARTTLS. .ip EGD Compile in support for the "Entropy Gathering Daemon" to provide better random data for TLS. .ip SFIO Compile in support for sfio, which is required to enable encryption, e.g., STARTTLS. .ip TCPWRAPPERS Compile in support for TCP Wrappers. .ip _PATH_SENDMAILCF The pathname of the sendmail.cf file. .ip _PATH_SENDMAILPID The pathname of the sendmail.pid file. .pp There are also several compilation flags to indicate the environment such as .q _AIX3 and .q _SCO_unix_ . See the sendmail/README file for the latest scoop on these flags. .sh 2 "Parameters in sendmail/conf.h" .pp Parameters and compilation options are defined in conf.h. Most of these need not normally be tweaked; common parameters are all in sendmail.cf. However, the sizes of certain primitive vectors, etc., are included in this file. The numbers following the parameters are their default value. .pp This document is not the best source of information for compilation flags in conf.h \(em see sendmail/README or sendmail/conf.h itself. .nr ii 1.2i .ip "MAXLINE [2048]" The maximum line length of any input line. If message lines exceed this length they will still be processed correctly; however, header lines, configuration file lines, alias lines, etc., must fit within this limit. .ip "MAXNAME [256]" The maximum length of any name, such as a host or a user name. .ip "MAXPV [256]" The maximum number of parameters to any mailer. This limits the number of recipients that may be passed in one transaction. It can be set to any arbitrary number above about 10, since .i sendmail will break up a delivery into smaller batches as needed. A higher number may reduce load on your system, however. .ip "MAXATOM [1000]" The maximum number of atoms (tokens) in a single address. For example, the address .q "eric@CS.Berkeley.EDU" is seven atoms. .ip "MAXMAILERS [25]" The maximum number of mailers that may be defined in the configuration file. This value is defined in include/sendmail/sendmail.h. .ip "MAXRWSETS [200]" The maximum number of rewriting sets that may be defined. The first half of these are reserved for numeric specification (e.g., ``S92''), while the upper half are reserved for auto-numbering (e.g., ``Sfoo''). Thus, with a value of 200 an attempt to use ``S99'' will succeed, but ``S100'' will fail. .ip "MAXPRIORITIES [25]" The maximum number of values for the .q Precedence: field that may be defined (using the .b P line in sendmail.cf). .ip "MAXUSERENVIRON [100]" The maximum number of items in the user environment that will be passed to subordinate mailers. .ip "MAXMXHOSTS [100]" The maximum number of MX records we will accept for any single host. .ip "MAXALIASDB [12]" The maximum number of alias databases that can be open at any time. Note that there may also be an open file limit. .ip "MAXMAPSTACK [12]" The maximum number of maps that may be "stacked" in a .b sequence class map. .ip "MAXMIMEARGS [20]" The maximum number of arguments in a MIME Content-Type: header; additional arguments will be ignored. .ip "MAXMIMENESTING [20]" The maximum depth to which MIME messages may be nested (that is, nested Message or Multipart documents; this does not limit the number of components in a single Multipart document). .ip "MAXDAEMONS [10]" The maximum number of sockets sendmail will open for accepting connections on different ports. .ip "MAXMACNAMELEN [25]" The maximum length of a macro name. .lp A number of other compilation options exist. These specify whether or not specific code should be compiled in. Ones marked with \(dg are 0/1 valued. .nr ii 1.2i .ip NETINET\(dg If set, support for Internet protocol networking is compiled in. Previous versions of .i sendmail referred to this as .sm DAEMON ; this old usage is now incorrect. Defaults on; turn it off in the Makefile if your system doesn't support the Internet protocols. .ip NETINET6\(dg If set, support for IPv6 networking is compiled in. It must be separately enabled by adding DaemonPortOptions settings. .ip NETISO\(dg If set, support for ISO protocol networking is compiled in (it may be appropriate to #define this in the Makefile instead of conf.h). .ip NETUNIX\(dg If set, support for UNIX domain sockets is compiled in. This is used for control socket support. .ip LOG If set, the .i syslog routine in use at some sites is used. This makes an informational log record for each message processed, and makes a higher priority log record for internal system errors. .b "STRONGLY RECOMMENDED" \(em if you want no logging, turn it off in the configuration file. .ip MATCHGECOS\(dg Compile in the code to do ``fuzzy matching'' on the GECOS field in /etc/passwd. This also requires that the .b MatchGECOS option be turned on. .ip NAMED_BIND\(dg Compile in code to use the Berkeley Internet Name Domain (BIND) server to resolve TCP/IP host names. .ip NOTUNIX If you are using a non-UNIX mail format, you can set this flag to turn off special processing of UNIX-style .q "From " lines. .ip QUEUE\(dg This flag should be set to compile in the queueing code. If this is not set, mailers must accept the mail immediately or it will be returned to the sender. .ip SMTP\(dg If set, the code to handle user and server SMTP will be compiled in. This is only necessary if your machine has some mailer that speaks SMTP (this means most machines everywhere). .ip USERDB\(dg Include the .b experimental Berkeley user information database package. This adds a new level of local name expansion between aliasing and forwarding. It also uses the NEWDB package. This may change in future releases. .lp The following options are normally turned on in per-operating-system clauses in conf.h. .ip IDENTPROTO\(dg Compile in the IDENT protocol as defined in RFC 1413. This defaults on for all systems except Ultrix, which apparently has the interesting .q feature that when it receives a .q "host unreachable" message it closes all open connections to that host. Since some firewall gateways send this error code when you access an unauthorized port (such as 113, used by IDENT), Ultrix cannot receive email from such hosts. .ip SYSTEM5 Set all of the compilation parameters appropriate for System V. .ip HASFLOCK\(dg Use Berkeley-style .b flock instead of System V .b lockf to do file locking. Due to the highly unusual semantics of locks across forks in .b lockf , this should always be used if at all possible. .ip HASINITGROUPS Set this if your system has the .i initgroups() call (if you have multiple group support). This is the default if SYSTEM5 is .i not defined or if you are on HPUX. .ip HASUNAME Set this if you have the .i uname (2) system call (or corresponding library routine). Set by default if SYSTEM5 is set. .ip HASGETDTABLESIZE Set this if you have the .i getdtablesize (2) system call. .ip HASWAITPID Set this if you have the .i haswaitpid (2) system call. .ip FAST_PID_RECYCLE Set this if your system can possibly reuse the same pid in the same second of time. .ip SFS_TYPE The mechanism that can be used to get file system capacity information. The values can be one of SFS_USTAT (use the ustat(2) syscall), SFS_4ARGS (use the four argument statfs(2) syscall), SFS_VFS (use the two argument statfs(2) syscall including ), SFS_MOUNT (use the two argument statfs(2) syscall including ), SFS_STATFS (use the two argument statfs(2) syscall including ), SFS_STATVFS (use the two argument statfs(2) syscall including ), or SFS_NONE (no way to get this information). .ip LA_TYPE The load average type. Details are described below. .lp The are several built-in ways of computing the load average. .i Sendmail tries to auto-configure them based on imperfect guesses; you can select one using the .i cc option .b \-DLA_TYPE= \c .i type , where .i type is: .ip LA_INT The kernel stores the load average in the kernel as an array of long integers. The actual values are scaled by a factor FSCALE (default 256). .ip LA_SHORT The kernel stores the load average in the kernel as an array of short integers. The actual values are scaled by a factor FSCALE (default 256). .ip LA_FLOAT The kernel stores the load average in the kernel as an array of double precision floats. .ip LA_MACH Use MACH-style load averages. .ip LA_SUBR Call the .i getloadavg routine to get the load average as an array of doubles. .ip LA_ZERO Always return zero as the load average. This is the fallback case. .lp If type .sm LA_INT , .sm LA_SHORT , or .sm LA_FLOAT is specified, you may also need to specify .sm _PATH_UNIX (the path to your system binary) and .sm LA_AVENRUN (the name of the variable containing the load average in the kernel; usually .q _avenrun or .q avenrun ). .sh 2 "Configuration in sendmail/conf.c" .pp The following changes can be made in conf.c. .sh 3 "Built-in Header Semantics" .pp Not all header semantics are defined in the configuration file. Header lines that should only be included by certain mailers (as well as other more obscure semantics) must be specified in the .i HdrInfo table in .i conf.c . This table contains the header name (which should be in all lower case) and a set of header control flags (described below), The flags are: .ip H_ACHECK Normally when the check is made to see if a header line is compatible with a mailer, .i sendmail will not delete an existing line. If this flag is set, .i sendmail will delete even existing header lines. That is, if this bit is set and the mailer does not have flag bits set that intersect with the required mailer flags in the header definition in sendmail.cf, the header line is .i always deleted. .ip H_EOH If this header field is set, treat it like a blank line, i.e., it will signal the end of the header and the beginning of the message text. .ip H_FORCE Add this header entry even if one existed in the message before. If a header entry does not have this bit set, .i sendmail will not add another header line if a header line of this name already existed. This would normally be used to stamp the message by everyone who handled it. .ip H_TRACE If set, this is a timestamp (trace) field. If the number of trace fields in a message exceeds a preset amount the message is returned on the assumption that it has an aliasing loop. .ip H_RCPT If set, this field contains recipient addresses. This is used by the .b \-t flag to determine who to send to when it is collecting recipients from the message. .ip H_FROM This flag indicates that this field specifies a sender. The order of these fields in the .i HdrInfo table specifies .i sendmail 's preference for which field to return error messages to. .ip H_ERRORSTO Addresses in this header should receive error messages. .ip H_CTE This header is a Content-Transfer-Encoding header. .ip H_CTYPE This header is a Content-Type header. .ip H_STRIPVAL Strip the value from the header (for Bcc:). .nr ii 5n .lp Let's look at a sample .i HdrInfo specification: .(b .ta 4n +\w'"content-transfer-encoding", 'u struct hdrinfo HdrInfo[] = \&{ /* originator fields, most to least significant */ "resent-sender", H_FROM, "resent-from", H_FROM, "sender", H_FROM, "from", H_FROM, "full-name", H_ACHECK, "errors-to", H_FROM\^|\^H_ERRORSTO, /* destination fields */ "to", H_RCPT, "resent-to", H_RCPT, "cc", H_RCPT, "bcc", H_RCPT\^|\^H_STRIPVAL, /* message identification and control */ "message", H_EOH, "text", H_EOH, /* trace fields */ "received", H_TRACE\^|\^H_FORCE, /* miscellaneous fields */ "content-transfer-encoding", H_CTE, "content-type", H_CTYPE, NULL, 0, }; .)b This structure indicates that the .q To: , .q Resent-To: , and .q Cc: fields all specify recipient addresses. Any .q Full-Name: field will be deleted unless the required mailer flag (indicated in the configuration file) is specified. The .q Message: and .q Text: fields will terminate the header; these are used by random dissenters around the network world. The .q Received: field will always be added, and can be used to trace messages. .pp There are a number of important points here. First, header fields are not added automatically just because they are in the .i HdrInfo structure; they must be specified in the configuration file in order to be added to the message. Any header fields mentioned in the configuration file but not mentioned in the .i HdrInfo structure have default processing performed; that is, they are added unless they were in the message already. Second, the .i HdrInfo structure only specifies cliched processing; certain headers are processed specially by ad hoc code regardless of the status specified in .i HdrInfo . For example, the .q Sender: and .q From: fields are always scanned on ARPANET mail to determine the sender\**; .(f \**Actually, this is no longer true in SMTP; this information is contained in the envelope. The older ARPANET protocols did not completely distinguish envelope from header. .)f this is used to perform the .q "return to sender" function. The .q "From:" and .q "Full-Name:" fields are used to determine the full name of the sender if possible; this is stored in the macro .b $x and used in a number of ways. .sh 3 "Restricting Use of Email" .pp If it is necessary to restrict mail through a relay, the .i checkcompat routine can be modified. This routine is called for every recipient address. It returns an exit status indicating the status of the message. The status .sm EX_OK accepts the address, .sm EX_TEMPFAIL queues the message for a later try, and other values (commonly .sm EX_UNAVAILABLE ) reject the message. It is up to .i checkcompat to print an error message (using .i usrerr ) if the message is rejected. For example, .i checkcompat could read: .(b .re .sz -1 .ta 4n +4n +4n +4n +4n +4n +4n int checkcompat(to, e) register ADDRESS *to; register ENVELOPE *e; \&{ register STAB *s; s = stab("private", ST_MAILER, ST_FIND); if (s != NULL && e\->e_from.q_mailer != LocalMailer && to->q_mailer == s->s_mailer) { usrerr("No private net mail allowed through this machine"); return (EX_UNAVAILABLE); } if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer)) { usrerr("Message too large for non-local delivery"); e\->e_flags |= EF_NORETURN; return (EX_UNAVAILABLE); } return (EX_OK); } .sz .)b This would reject messages greater than 50000 bytes unless they were local. The .i EF_NORETURN flag can be set in .i e\(->e_flags to suppress the return of the actual body of the message in the error return. The actual use of this routine is highly dependent on the implementation, and use should be limited. .sh 3 "New Database Map Classes" .pp New key maps can be added by creating a class initialization function and a lookup function. These are then added to the routine .i setupmaps. .pp The initialization function is called as .(b \fIxxx\fP_map_init(MAP *map, char *args) .)b The .i map is an internal data structure. The .i args is a pointer to the portion of the configuration file line following the map class name; flags and filenames can be extracted from this line. The initialization function must return .sm TRUE if it successfully opened the map, .sm FALSE otherwise. .pp The lookup function is called as .(b \fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp) .)b The .i map defines the map internally. The .i buf has the input key. This may be (and often is) used destructively. The .i av is a list of arguments passed in from the rewrite line. The lookup function should return a pointer to the new value. If the map lookup fails, .i *statp should be set to an exit status code; in particular, it should be set to .sm EX_TEMPFAIL if recovery is to be attempted by the higher level code. .sh 3 "Queueing Function" .pp The routine .i shouldqueue is called to decide if a message should be queued or processed immediately. Typically this compares the message priority to the current load average. The default definition is: .(b bool shouldqueue(pri, ctime) long pri; time_t ctime; { if (CurrentLA < QueueLA) return (FALSE); return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1))); } .)b If the current load average (global variable .i CurrentLA , which is set before this function is called) is less than the low threshold load average (option .b x , variable .i QueueLA ), .i shouldqueue returns .sm FALSE immediately (that is, it should .i not queue). If the current load average exceeds the high threshold load average (option .b X , variable .i RefuseLA ), .i shouldqueue returns .sm TRUE immediately. Otherwise, it computes the function based on the message priority, the queue factor (option .b q , global variable .i QueueFactor ), and the current and threshold load averages. .pp An implementation wishing to take the actual age of the message into account can also use the .i ctime parameter, which is the time that the message was first submitted to .i sendmail . Note that the .i pri parameter is already weighted by the number of times the message has been tried (although this tends to lower the priority of the message with time); the expectation is that the .i ctime would be used as an .q "escape clause" to ensure that messages are eventually processed. .sh 3 "Refusing Incoming SMTP Connections" .pp The function .i refuseconnections returns .sm TRUE if incoming SMTP connections should be refused. The current implementation is based exclusively on the current load average and the refuse load average option (option .b X , global variable .i RefuseLA ): .(b bool refuseconnections() { return (RefuseLA > 0 && CurrentLA >= RefuseLA); } .)b A more clever implementation could look at more system resources. .sh 3 "Load Average Computation" .pp The routine .i getla returns the current load average (as a rounded integer). The distribution includes several possible implementations. If you are porting to a new environment you may need to add some new tweaks.\** .(f \**If you do, please send updates to sendmail@Sendmail.ORG. .)f .sh 2 "Configuration in sendmail/daemon.c" .pp The file .i sendmail/daemon.c contains a number of routines that are dependent on the local networking environment. The version supplied assumes you have BSD style sockets. .pp In previous releases, we recommended that you modify the routine .i maphostname if you wanted to generalize .b $[ \&...\& .b $] lookups. We now recommend that you create a new keyed map instead. .sh 2 "Certificates for STARTTLS" .pp In this section we assume that .i sendmail has been compiled with support for STARTTLS. When acting as a server, .i sendmail requires X.509 certificates to support STARTTLS: one as certificate for the server (ServerCertFile) at least one root CA (CACERTFile), i.e., a certificate that is used to sign other certificates, and a path to a directory which contains other CAs (CACERTPath). The file specified via CACERTFile can contain several certificates of CAs. The DNs of these certificates are sent to the client during the TLS handshake (as part of the CertificateRequest) as the list of acceptable CAs. An X.509 certificate is also required for authentication in client mode (ClientCertFile), however, .i sendmail will always use STARTTLS when offered by a server. The client and server certificates can be identical. Certificates can be obtained from a certificate authority or created with the help of OpenSSL. The required format for certificates and private keys is PEM. To allow for automatic startup of sendmail, private keys (ServerKeyFile, ClientKeyFile) must be stored unencrypted. The keys are only protected by the permissions of the file system. Never make a private key available to a third party. .sh 2 "PRNG for STARTTLS" .pp STARTTLS requires a strong pseudo random number generator (PRNG) to operate properly. Depending on the TLS library you use, it may be required to explicitly initialize the PRNG with random data. OpenSSL makes use of .b /dev/urandom(4) if available (this corresponds to the compile flag HASURANDOMDEV). On systems which lack this support, a random file must be specified in the .i sendmail.cf file using the option RandFile. It is .b strongly advised to use the "Entropy Gathering Daemon" EGD from Brian Warner on those systems to provide useful random data. In this case, .i sendmail must be compiled with the flag EGD, and the RandFile option must point to the EGD socket. If neither .b /dev/urandom(4) nor EGD are available, you have to make sure that useful random data is available all the time in RandFile. If the file hasn't been modified in the last 10 minutes before it is supposed to be used by .i sendmail the content is considered obsolete. One method for generating this file is: .(b openssl rand -out /etc/mail/randfile -rand \c .i /path/to/file:... \c 256 .)b See the OpenSSL documentation for more information. In this case, the PRNG for TLS is only seeded with other random data if the .b DontBlameSendmail option .b InsufficientEntropy is set. This is most likely not sufficient for certain actions, e.g., generation of (temporary) keys. .pp Please see the OpenSSL documentation or other sources for further information about certificates, their creation and their usage, the importance of a good PRNG, and other aspects of TLS. .sh 1 "ACKNOWLEDGEMENTS" .pp I've worked on .i sendmail for many years, and many employers have been remarkably patient about letting me work on a large project that was not part of my official job. This includes time on the INGRES Project at the University of California at Berkeley, at Britton Lee, and again on the Mammoth and Titan Projects at Berkeley. .pp Much of the second wave of improvements resulting in version 8.1 should be credited to Bryan Costales of the International Computer Science Institute. As he passed me drafts of his book on .i sendmail I was inspired to start working on things again. Bryan was also available to bounce ideas off of. .pp Gregory Neil Shapiro of Worcester Polytechnic Institute has become instrumental in all phases of .i sendmail support and development, and was largely responsible for getting versions 8.8 and 8.9 out the door. .pp Many, many people contributed chunks of code and ideas to .i sendmail . It has proven to be a group network effort. Version 8 in particular was a group project. The following people and organizations made notable contributions: .(l Claus Assmann John Beck, Hewlett-Packard & Sun Microsystems Keith Bostic, CSRG, University of California, Berkeley Andrew Cheng, Sun Microsystems Michael J. Corrigan, University of California, San Diego Bryan Costales, International Computer Science Institute & InfoBeat Pa\*:r (Pell) Emanuelsson Craig Everhart, Transarc Corporation Per Hedeland, Ericsson Tom Ivar Helbekkmo, Norwegian School of Economics Kari Hurtta, Finnish Meteorological Institute Allan E. Johannesen, WPI Jonathan Kamens, OpenVision Technologies, Inc. Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd. Brian Kantor, University of California, San Diego John Kennedy, Cal State University, Chico Murray S. Kucherawy, HookUp Communication Corp. Bruce Lilly, Sony U.S. Karl London Motonori Nakamura, Ritsumeikan University & Kyoto University John Gardiner Myers, Carnegie Mellon University Neil Rickert, Northern Illinois University Gregory Neil Shapiro, WPI Eric Schnoebelen, Convex Computer Corp. Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam Randall Winchester, University of Maryland Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris) Exactis.com, Inc. .)l I apologize for anyone I have omitted, misspelled, misattributed, or otherwise missed. At this point, I suspect that at least a hundred people have contributed code, and many more have contributed ideas, comments, and encouragement. I've tried to list them in the RELEASE_NOTES in the distribution directory. I appreciate their contribution as well. .pp Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, who besides being wonderful guinea pigs and contributors have also consented to be added to the ``sendmail@Sendmail.ORG'' list and, by answering the bulk of the questions sent to that list, have freed me up to do other work. .++ A .+c "COMMAND LINE FLAGS" .ba 0 .nr ii 1i .pp Arguments must be presented with flags before addresses. The flags are: .ip \-b\fIx\fP Set operation mode to .i x . Operation modes are: .(b .ta 4n m Deliver mail (default) s Speak SMTP on input side a\(dg ``Arpanet'' mode (get envelope sender information from header) d Run as a daemon in background D Run as a daemon in foreground t Run in test mode v Just verify addresses, don't collect or deliver i Initialize the alias database p Print the mail queue h Print the persistent host status database H Purge expired entries from the persistent host status database .)b .(f \(dgDeprecated. .)f .ip \-B\fItype\fP Indicate body type. .ip \-C\fIfile\fP Use a different configuration file. .i Sendmail runs as the invoking user (rather than root) when this flag is specified. .ip \-d\fIlevel\fP Set debugging level. .ip "\-f\ \fIaddr\fP" The envelope sender address is set to .i addr . This address may also be used in the From: header if that header is missing during initial submission. The envelope sender address is used as the recipient for delivery status notifications and may also appear in a Return-Path: header. .ip \-F\ \fIname\fP Sets the full name of this user to .i name . .ip \-G When accepting messages via the command line, indicate that they are for relay (gateway) submission. sendmail may complain about syntactically invalid messages, e.g., unqualified host names, rather than fixing them when this flag is set. sendmail will not do any canonicalization in this mode. .ip "\-h\ \fIcnt\fP" Sets the .q "hop count" to .i cnt . This represents the number of times this message has been processed by .i sendmail (to the extent that it is supported by the underlying networks). .i Cnt is incremented during processing, and if it reaches MAXHOP (currently 30) .i sendmail throws away the message with an error. .ip "\-L \fItag\fP" Sets the identifier used for syslog. Note that this identifier is set as early as possible. However, .i sendmail may be used if problems arise before the command line arguments are processed. .ip \-n Don't do aliasing or forwarding. .ip "\-N \fInotifications\fP" Tag all addresses being sent as wanting the indicated .i notifications , which consists of the word .q NEVER or a comma-separated list of .q SUCCESS , .q FAILURE , and .q DELAY for successful delivery, failure, and a message that is stuck in a queue somewhere. The default is .q FAILURE,DELAY . .ip "\-r\ \fIaddr\fP" An obsolete form of .b \-f . .ip \-o\fIx\|value\fP Set option .i x to the specified .i value . These options are described in Section 5.6. .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP Set .i option to the specified .i value (for long form option names). These options are described in Section 5.6. -.ip \-M\fIx\|value +.ip \-M\fIx\|value\fP Set macro .i x to the specified .i value . .ip \-p\fIprotocol\fP Set the sending protocol. Programs are encouraged to set this. The protocol field can be in the form .i protocol \c .b : \c .i host to set both the sending protocol and sending host. For example, .q \-pUUCP:uunet sets the sending protocol to UUCP and the sending host to uunet. (Some existing programs use \-oM to set the r and s macros; this is equivalent to using \-p.) .ip \-q\fItime\fP Try to process the queued up mail. If the time is given, a .i sendmail will run through the queue at the specified interval to deliver queued mail; otherwise, it only runs once. .ip \-q\fIXstring\fP Run the queue once, limiting the jobs to those matching .i Xstring . The key letter .i X can be .b I to limit based on queue identifier, .b R to limit based on recipient, or .b S to limit based on sender. A particular queued job is accepted if one of the corresponding addresses contains the indicated .i string . Multiple .i \-q\fIX\fP flags are permitted, with items with the same key letter .q or'ed together, and items with different key letters .q and'ed together. .ip "\-R ret" What information you want returned if the message bounces; .i ret can be .q HDRS for headers only or .q FULL for headers plus body. This is a request only; the other end is not required to honor the parameter. If .q HDRS is specified local bounces also return only the headers. .ip \-t Read the header for .q To: , .q Cc: , and .q Bcc: lines, and send to everyone listed in those lists. The .q Bcc: line will be deleted before sending. Any addresses in the argument vector will be deleted from the send list. .ip "\-U" Indicate that this is an initial User Agent submission. This flag is deprecated. Future releases will ignore this flag and assume all submissions from the command line are initial submissions. .ip "\-V envid" The indicated .i envid is passed with the envelope of the message and returned if the message bounces. .ip "\-X \fIlogfile\fP" Log all traffic in and out of .i sendmail in the indicated .i logfile for debugging mailer problems. This produces a lot of data very quickly and should be used sparingly. .pp There are a number of options that may be specified as primitive flags. These are the e, i, m, and v options. Also, the f option may be specified as the .b \-s flag. The DSN related options .q "\-N" , .q "\-R" , and .q "\-V" have no effects on .i sendmail running as daemon. .+c "QUEUE FILE FORMATS" .pp This appendix describes the format of the queue files. These files live in the directory defined by the .b Q option in the .i sendmail.cf file, usually .i /var/spool/mqueue or .i /usr/spool/mqueue . The individual qf, df, and xf files may be stored in separate .i qf/ , .i df/ , and .i xf/ subdirectories if they are present in the queue directory. .pp To use multiple queues, supply a value ending with an asterisk. For example, .i /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with `q' in .i /var/spool/mqueue as queue directories. New messages will be randomly placed into one of the queues. Do not change the queue directory structure while sendmail is running. .pp All queue files have the name \fIx\fP\|\fBf\fP\fIYMDhmsNPPPPP\fP where .i YMDhmsNPPPPP is the .i id for this message and the .i x is a type. The individual letters in the .i id are: .nr ii 0.5i .ip Y Encoded year .ip M Encoded month .ip D Encoded day .ip h Encoded hour .ip m Encoded minute .ip s Encoded second .ip N Envelope number .ip PPPPP At least five digits of the process ID .pp All files with the same id collectively define one message. If memory-buffered files are available, some of these files may never appear on disk. .pp The types are: .nr ii 0.5i .ip d The data file. The message body (excluding the header) is kept in this file. .ip q The queue control file. This file contains the information necessary to process the job. .ip t A temporary file. These are an image of the .b qf file when it is being rebuilt. It should be renamed to a .b qf file very quickly. .ip x A transcript file, existing during the life of a session showing everything that happens during that session. .pp The .b qf file is structured as a series of lines each beginning with a code letter. The lines are as follows: .ip V The version number of the queue file format, used to allow new .i sendmail binaries to read queue files created by older versions. Defaults to version zero. Must be the first line of the file if present. For 8.10 the version number is 4. .ip A The information given by the AUTH= parameter of the .q "MAIL FROM:" command or $f@$j if sendmail has been called directly. .ip H A header definition. There may be any number of these lines. The order is important: they represent the order in the final message. These use the same syntax as header definitions in the configuration file. .ip C The controlling address. The syntax is .q localuser:aliasname . Recipient addresses following this line will be flagged so that deliveries will be run as the .i localuser (a user name from the /etc/passwd file); .i aliasname is the name of the alias that expanded to this address (used for printing messages). .ip Q The ``original recipient'', specified by the ORCPT= field in an ESMTP transaction. Used exclusively for Delivery Status Notifications. It applies only to the immediately following `R' line. .ip R A recipient address. This will normally be completely aliased, but is actually realiased when the job is processed. There will be one line for each recipient. Version 1 qf files also include a leading colon-terminated list of flags, which can be `S' to return a message on successful final delivery, `F' to return a message on failure, `D' to return a message if the message is delayed, `B' to indicate that the body should be returned, `N' to suppress returning the body, and `P' to declare this as a ``primary'' (command line or SMTP-session) address. .ip S The sender address. There may only be one of these lines. .ip T The job creation time. This is used to compute when to time out the job. .ip P The current message priority. This is used to order the queue. Higher numbers mean lower priorities. The priority changes as the message sits in the queue. The initial priority depends on the message class and the size of the message. .ip M A message. This line is printed by the .i mailq command, and is generally used to store status information. It can contain any text. .ip F Flag bits, represented as one letter per flag. Defined flag bits are .b r indicating that this is a response message and .b w indicating that a warning message has been sent announcing that the mail has been delayed. .ip N The total number of delivery attempts. .ip K The time (as seconds since January 1, 1970) of the last delivery attempt. .ip I The i-number of the data file; this can be used to recover your mail queue after a disastrous disk crash. .ip $ A macro definition. The values of certain macros (as of this writing, only .b $r and .b $s ) are passed through to the queue run phase. .ip B The body type. The remainder of the line is a text string defining the body type. If this field is missing, the body type is assumed to be .q "undefined" and no special processing is attempted. Legal values are .q 7BIT and .q 8BITMIME . .ip Z The original envelope id (from the ESMTP transaction). For Deliver Status Notifications only. .pp As an example, the following is a queue file sent to .q eric@mammoth.Berkeley.EDU and .q bostic@okeeffe.CS.Berkeley.EDU \**: .(f \**This example is contrived and probably inaccurate for your environment. Glance over it to get an idea; nothing can replace looking at what your own system generates. .)f .(b V4 T711358135 K904446490 N0 P2100941 $_eric@localhost ${daemon_flags} Seric Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU RPFD:eric@mammoth.Berkeley.EDU RPFD:bostic@okeeffe.CS.Berkeley.EDU H?P?Return-path: <^g> H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703; Fri, 17 Jul 1992 00:28:55 -0700 H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700 H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5) id AA22777; Fri, 17 Jul 1992 03:29:14 -0400 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C) id AA22757; Fri, 17 Jul 1992 09:31:25 GMT H?F?From: eric@foo.bar.baz.de (Eric Allman) H?x?Full-name: Eric Allman H??Message-id: <9207170931.AA22757@foo.bar.baz.de> H??To: sendmail@vangogh.CS.Berkeley.EDU H??Subject: this is an example message .)b This shows the person who sent the message, the submission time (in seconds since January 1, 1970), the message priority, the message class, the recipients, and the headers for the message. .+c "SUMMARY OF SUPPORT FILES" .pp This is a summary of the support files that .i sendmail creates or generates. Many of these can be changed by editing the sendmail.cf file; check there to find the actual pathnames. .nr ii 1i .ip "/usr/\*(SD/sendmail" The binary of .i sendmail . .ip /usr/\*(SB/newaliases A link to /usr/\*(SD/sendmail; causes the alias database to be rebuilt. Running this program is completely equivalent to giving .i sendmail the .b \-bi flag. .ip /usr/\*(SB/mailq Prints a listing of the mail queue. This program is equivalent to using the .b \-bp flag to .i sendmail . .ip /etc/mail/sendmail.cf The configuration file, in textual form. .ip /etc/mail/helpfile The SMTP help file. .ip /etc/mail/statistics A statistics file; need not be present. .ip /etc/mail/sendmail.pid Created in daemon mode; it contains the process id of the current SMTP daemon. If you use this in scripts; use ``head \-1'' to get just the first line; the second line contains the command line used to invoke the daemon, and later versions of .i sendmail may add more information to subsequent lines. .ip /etc/mail/aliases The textual version of the alias file. .ip /etc/mail/aliases.db The alias file in .i hash \|(3) format. .ip /etc/mail/aliases.{pag,dir} The alias file in .i ndbm \|(3) format. .ip /var/spool/mqueue The directory in which the mail queue(s) and temporary files reside. .ip /var/spool/mqueue/qf* Control (queue) files for messages. .ip /var/spool/mqueue/df* Data files. .ip /var/spool/mqueue/tf* Temporary versions of the qf files, used during queue file rebuild. .ip /var/spool/mqueue/xf* A transcript of the current session. .if o \ \{\ . bp . rs . sp |4i . ce 2 This page intentionally left blank; replace it with a blank sheet for double-sided output. .\} .\".ro .\".ls 1 .\".tp .\".sp 2i .\".in 0 .\".ce 100 .\".sz 24 .\".b SENDMAIL .\".sz 14 .\".sp .\"INSTALLATION AND OPERATION GUIDE .\".sp .\".sz 10 .\"Eric Allman .\".sp -.\"Version $Revision: 8.317.4.39 $ +.\"Version $Revision: 8.317.4.47 $ .\".ce 0 .bp 3 .ce .sz 12 TABLE OF CONTENTS .sz 10 .sp .\" remove some things to avoid "out of temp file space" problem .rm sh .rm (x .rm )x .rm ip .rm pp .rm lp .rm he .rm fo .rm eh .rm oh .rm ef .rm of .xp .if o \ \{\ . bp . rs . sp |4i . ce 2 This page intentionally left blank; replace it with a blank sheet for double-sided output. .\} Index: stable/4/contrib/sendmail/include/libsmdb/smdb.h =================================================================== --- stable/4/contrib/sendmail/include/libsmdb/smdb.h (revision 71887) +++ stable/4/contrib/sendmail/include/libsmdb/smdb.h (revision 71888) @@ -1,383 +1,373 @@ /* ** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set ** forth in the LICENSE file which can be found at the top level of ** the sendmail distribution. ** -** $Id: smdb.h,v 8.29.2.1.2.1 2000/08/24 17:08:00 gshapiro Exp $ +** $Id: smdb.h,v 8.29.2.1.2.2 2000/10/05 22:23:55 gshapiro Exp $ */ #ifndef _SMDB_H_ # define _SMDB_H_ # include # include # ifndef __P # include "sendmail/cdefs.h" # endif /* __P */ # ifndef NDBM # ifndef NEWDB ERROR NDBM or NEWDB must be defined. # endif /* ! NEWDB */ # endif /* ! NDBM */ # ifdef NDBM # include # endif /* NDBM */ # ifdef NEWDB # include # ifndef DB_VERSION_MAJOR # define DB_VERSION_MAJOR 1 # endif /* ! DB_VERSION_MAJOR */ # endif /* NEWDB */ /* ** Some size constants */ #define SMDB_MAX_USER_NAME_LEN 1024 #define SMDB_MAX_NAME_LEN 1024 /* ** This file defines the abstraction for database lookups. It is pretty ** much a copy of the db2 interface with the exception that every function ** returns 0 on success and non-zero on failure. The non-zero return code ** is meaningful. ** ** I'm going to put the function comments in this file since the interface ** MUST be the same for all inheritors of this interface. */ typedef struct database_struct SMDB_DATABASE; typedef struct cursor_struct SMDB_CURSOR; -typedef union database_entity_union SMDB_DBENT; +typedef struct entry_struct SMDB_DBENT; /* ** DB_CLOSE_FUNC -- close the database ** ** Parameters: ** db -- The database to close. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_close_func) __P((SMDB_DATABASE *db)); /* ** DB_DEL_FUNC -- removes a key and data pair from the database ** ** Parameters: ** db -- The database to close. ** key -- The key to remove. ** flags -- delete options. There are currently no defined ** flags for delete. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_del_func) __P((SMDB_DATABASE *db, SMDB_DBENT *key, u_int flags)); /* ** DB_FD_FUNC -- Returns a pointer to a file used for the database. ** ** Parameters: ** db -- The database to close. ** fd -- A pointer to store the returned fd in. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_fd_func) __P((SMDB_DATABASE *db, int* fd)); /* ** DB_GET_FUNC -- Gets the data associated with a key. ** ** Parameters: ** db -- The database to close. ** key -- The key to access. ** data -- A place to store the returned data. ** flags -- get options. There are currently no defined ** flags for get. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_get_func) __P((SMDB_DATABASE *db, SMDB_DBENT *key, SMDB_DBENT *data, u_int flags)); /* ** DB_PUT_FUNC -- Sets some data according to the key. ** ** Parameters: ** db -- The database to close. ** key -- The key to use. ** data -- The data to store. ** flags -- put options: ** SMDBF_NO_OVERWRITE - Return an error if key alread ** exists. ** SMDBF_ALLOW_DUP - Allow duplicates in btree maps. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_put_func) __P((SMDB_DATABASE *db, SMDB_DBENT *key, SMDB_DBENT *data, u_int flags)); /* ** DB_SYNC_FUNC -- Flush any cached information to disk. ** ** Parameters: ** db -- The database to sync. ** flags -- sync options: ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_sync_func) __P((SMDB_DATABASE *db, u_int flags)); /* ** DB_SET_OWNER_FUNC -- Set the owner and group of the database files. ** ** Parameters: ** db -- The database to set. ** uid -- The UID for the new owner (-1 for no change) ** gid -- The GID for the new owner (-1 for no change) ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_set_owner_func) __P((SMDB_DATABASE *db, uid_t uid, gid_t gid)); /* ** DB_CURSOR -- Obtain a cursor for sequential access ** ** Parameters: ** db -- The database to use. ** cursor -- The address of a cursor pointer. ** flags -- sync options: ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_cursor_func) __P((SMDB_DATABASE *db, SMDB_CURSOR **cursor, u_int flags)); typedef int (*db_lockfd_func) __P((SMDB_DATABASE *db)); struct database_struct { db_close_func smdb_close; db_del_func smdb_del; db_fd_func smdb_fd; db_get_func smdb_get; db_put_func smdb_put; db_sync_func smdb_sync; db_set_owner_func smdb_set_owner; db_cursor_func smdb_cursor; db_lockfd_func smdb_lockfd; void *smdb_impl; }; /* ** DB_CURSOR_CLOSE -- Close a cursor ** ** Parameters: ** cursor -- The cursor to close. ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_cursor_close_func) __P((SMDB_CURSOR *cursor)); /* ** DB_CURSOR_DEL -- Delete the key/value pair of this cursor ** ** Parameters: ** cursor -- The cursor. ** flags -- flags ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_cursor_del_func) __P((SMDB_CURSOR *cursor, u_int flags)); /* ** DB_CURSOR_GET -- Get the key/value of this cursor. ** ** Parameters: ** cursor -- The cursor. ** key -- The current key. ** value -- The current value ** flags -- flags ** ** Returns: ** 0 - Success, otherwise errno. ** SMDBE_LAST_ENTRY - This is a success condition that ** gets returned when the end of the ** database is hit. ** */ typedef int (*db_cursor_get_func) __P((SMDB_CURSOR *cursor, SMDB_DBENT *key, SMDB_DBENT *data, u_int flags)); /* ** Flags for DB_CURSOR_GET */ #define SMDB_CURSOR_GET_FIRST 0 #define SMDB_CURSOR_GET_LAST 1 #define SMDB_CURSOR_GET_NEXT 2 #define SMDB_CURSOR_GET_RANGE 3 /* ** DB_CURSOR_PUT -- Put the key/value at this cursor. ** ** Parameters: ** cursor -- The cursor. ** key -- The current key. ** value -- The current value ** flags -- flags ** ** Returns: ** 0 - Success, otherwise errno. ** */ typedef int (*db_cursor_put_func) __P((SMDB_CURSOR *cursor, SMDB_DBENT *key, SMDB_DBENT *data, u_int flags)); struct cursor_struct { db_cursor_close_func smdbc_close; db_cursor_del_func smdbc_del; db_cursor_get_func smdbc_get; db_cursor_put_func smdbc_put; void *smdbc_impl; }; struct database_params_struct { u_int smdbp_num_elements; u_int smdbp_cache_size; bool smdbp_allow_dup; }; typedef struct database_params_struct SMDB_DBPARAMS; struct database_user_struct { uid_t smdbu_id; gid_t smdbu_group_id; char smdbu_name[SMDB_MAX_USER_NAME_LEN]; }; typedef struct database_user_struct SMDB_USER_INFO; -union database_entity_union +struct entry_struct { -# ifdef NDBM - datum dbm; -# endif /* NDBM */ -# ifdef NEWDB - DBT db; -# endif /* NEWDB */ - struct - { - char *data; - size_t size; - } data; + void *data; + size_t size; }; - typedef char *SMDB_DBTYPE; typedef u_int SMDB_FLAG; /* ** These are types of databases. */ # define SMDB_TYPE_DEFAULT NULL # define SMDB_TYPE_DEFAULT_LEN 0 # define SMDB_TYPE_HASH "hash" # define SMDB_TYPE_HASH_LEN 5 # define SMDB_TYPE_BTREE "btree" # define SMDB_TYPE_BTREE_LEN 6 # define SMDB_TYPE_NDBM "dbm" # define SMDB_TYPE_NDBM_LEN 4 /* ** These are flags */ /* Flags for put */ # define SMDBF_NO_OVERWRITE 0x00000001 # define SMDBF_ALLOW_DUP 0x00000002 extern SMDB_DATABASE *smdb_malloc_database __P((void)); extern void smdb_free_database __P((SMDB_DATABASE *)); extern int smdb_open_database __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *)); # ifdef NEWDB extern int smdb_db_open __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *)); # endif /* NEWDB */ # ifdef NDBM extern int smdb_ndbm_open __P((SMDB_DATABASE **, char *, int, int, long, SMDB_DBTYPE, SMDB_USER_INFO *, SMDB_DBPARAMS *)); # endif /* NDBM */ extern int smdb_add_extension __P((char *, int, char *, char *)); extern int smdb_setup_file __P((char *, char *, int, long, SMDB_USER_INFO *, struct stat *)); extern int smdb_lock_file __P((int *, char *, int, long, char *)); extern int smdb_unlock_file __P((int)); extern int smdb_filechanged __P((char *, char *, int, struct stat *)); extern void smdb_print_available_types __P((void)); extern char *smdb_db_definition __P((SMDB_DBTYPE)); extern int smdb_lock_map __P((SMDB_DATABASE *, int)); extern int smdb_unlock_map __P((SMDB_DATABASE *)); #endif /* ! _SMDB_H_ */ Index: stable/4/contrib/sendmail/include/sendmail/pathnames.h =================================================================== --- stable/4/contrib/sendmail/include/sendmail/pathnames.h (revision 71887) +++ stable/4/contrib/sendmail/include/sendmail/pathnames.h (revision 71888) @@ -1,36 +1,36 @@ /*- * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * * - * $Id: pathnames.h,v 8.16.8.7 2000/08/25 18:36:57 geir Exp $ + * $Id: pathnames.h,v 8.16.8.8 2000/09/28 21:26:39 gshapiro Exp $ */ # ifndef _PATH_SENDMAILCF # if defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) # define _PATH_SENDMAILCF _PATH_VENDOR_CF # else /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */ # define _PATH_SENDMAILCF "/etc/mail/sendmail.cf" # endif /* defined(USE_VENDOR_CF_PATH) && defined(_PATH_VENDOR_CF) */ # endif /* ! _PATH_SENDMAILCF */ # ifndef _PATH_SENDMAILPID # ifdef BSD4_4 # define _PATH_SENDMAILPID "/var/run/sendmail.pid" # else /* BSD4_4 */ # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # endif /* BSD4_4 */ # endif /* ! _PATH_SENDMAILPID */ # ifndef _PATH_HOSTS # define _PATH_HOSTS "/etc/hosts" # endif /* ! _PATH_HOSTS */ Index: stable/4/contrib/sendmail/include/sendmail/sendmail.h =================================================================== --- stable/4/contrib/sendmail/include/sendmail/sendmail.h (revision 71887) +++ stable/4/contrib/sendmail/include/sendmail/sendmail.h (revision 71888) @@ -1,183 +1,186 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * * - * $Id: sendmail.h,v 8.34.4.5 2000/09/14 23:32:26 gshapiro Exp $ + * $Id: sendmail.h,v 8.34.4.7 2000/10/09 16:15:26 gshapiro Exp $ */ /* ** SENDMAIL.H -- Global definitions for sendmail. */ #if SFIO # include #else /* SFIO */ # include #endif /* SFIO */ #include #include "conf.h" #include "sendmail/errstring.h" #include "sendmail/useful.h" /********************************************************************** ** Table sizes, etc.... ** There shouldn't be much need to change these.... **********************************************************************/ #ifndef MAXMAILERS # define MAXMAILERS 25 /* maximum mailers known to system */ #endif /* ! MAXMAILERS */ /* ** Data structure for bit maps. ** ** Each bit in this map can be referenced by an ascii character. ** This is 256 possible bits, or 32 8-bit bytes. */ #define BITMAPBITS 256 /* number of bits in a bit map */ #define BYTEBITS 8 /* number of bits in a byte */ #define BITMAPBYTES (BITMAPBITS / BYTEBITS) /* number of bytes in bit map */ /* internal macros */ #define _BITWORD(bit) ((bit) / (BYTEBITS * sizeof (int))) #define _BITBIT(bit) ((unsigned int)1 << ((bit) % (BYTEBITS * sizeof (int)))) typedef unsigned int BITMAP256[BITMAPBYTES / sizeof (int)]; + +/* properly case and truncate bit */ +#define bitidx(bit) ((unsigned int) (bit) & 0xff) /* test bit number N */ #define bitnset(bit, map) ((map)[_BITWORD(bit)] & _BITBIT(bit)) /* set bit number N */ #define setbitn(bit, map) (map)[_BITWORD(bit)] |= _BITBIT(bit) /* clear bit number N */ #define clrbitn(bit, map) (map)[_BITWORD(bit)] &= ~_BITBIT(bit) /* clear an entire bit map */ #define clrbitmap(map) memset((char *) map, '\0', BITMAPBYTES) /* ** Utility macros */ /* return number of bytes left in a buffer */ #define SPACELEFT(buf, ptr) (sizeof buf - ((ptr) - buf)) /* ** Flags passed to safefile/safedirpath. */ #define SFF_ANYFILE 0L /* no special restrictions */ #define SFF_MUSTOWN 0x00000001L /* user must own this file */ #define SFF_NOSLINK 0x00000002L /* file cannot be a symbolic link */ #define SFF_ROOTOK 0x00000004L /* ok for root to own this file */ #define SFF_RUNASREALUID 0x00000008L /* if no ctladdr, run as real uid */ #define SFF_NOPATHCHECK 0x00000010L /* don't bother checking dir path */ #define SFF_SETUIDOK 0x00000020L /* setuid files are ok */ #define SFF_CREAT 0x00000040L /* ok to create file if necessary */ #define SFF_REGONLY 0x00000080L /* regular files only */ #define SFF_SAFEDIRPATH 0x00000100L /* no writable directories allowed */ #define SFF_NOHLINK 0x00000200L /* file cannot have hard links */ #define SFF_NOWLINK 0x00000400L /* links only in non-writable dirs */ #define SFF_NOGWFILES 0x00000800L /* disallow world writable files */ #define SFF_NOWWFILES 0x00001000L /* disallow group writable files */ #define SFF_OPENASROOT 0x00002000L /* open as root instead of real user */ #define SFF_NOLOCK 0x00004000L /* don't lock the file */ #define SFF_NOGRFILES 0x00008000L /* disallow g readable files */ #define SFF_NOWRFILES 0x00010000L /* disallow o readable files */ #define SFF_NOTEXCL 0x00020000L /* creates don't need to be exclusive */ #define SFF_EXECOK 0x00040000L /* executable files are ok (E_SM_ISEXEC) */ #define SFF_NORFILES (SFF_NOGRFILES|SFF_NOWRFILES) /* pseudo-flags */ #define SFF_NOLINK (SFF_NOHLINK|SFF_NOSLINK) /* functions */ extern int safefile __P((char *, UID_T, GID_T, char *, long, int, struct stat *)); extern int safedirpath __P((char *, UID_T, GID_T, char *, long, int, int)); extern int safeopen __P((char *, int, int, long)); extern FILE *safefopen __P((char *, int, int, long)); extern int dfopen __P((char *, int, int, long)); extern bool filechanged __P((char *, int, struct stat *)); /* ** DontBlameSendmail options ** ** Hopefully nobody uses these. */ #define DBS_SAFE 0 #define DBS_ASSUMESAFECHOWN 1 #define DBS_GROUPWRITABLEDIRPATHSAFE 2 #define DBS_GROUPWRITABLEFORWARDFILESAFE 3 #define DBS_GROUPWRITABLEINCLUDEFILESAFE 4 #define DBS_GROUPWRITABLEALIASFILE 5 #define DBS_WORLDWRITABLEALIASFILE 6 #define DBS_FORWARDFILEINUNSAFEDIRPATH 7 #define DBS_MAPINUNSAFEDIRPATH 8 #define DBS_LINKEDALIASFILEINWRITABLEDIR 9 #define DBS_LINKEDCLASSFILEINWRITABLEDIR 10 #define DBS_LINKEDFORWARDFILEINWRITABLEDIR 11 #define DBS_LINKEDINCLUDEFILEINWRITABLEDIR 12 #define DBS_LINKEDMAPINWRITABLEDIR 13 #define DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR 14 #define DBS_FILEDELIVERYTOHARDLINK 15 #define DBS_FILEDELIVERYTOSYMLINK 16 #define DBS_WRITEMAPTOHARDLINK 17 #define DBS_WRITEMAPTOSYMLINK 18 #define DBS_WRITESTATSTOHARDLINK 19 #define DBS_WRITESTATSTOSYMLINK 20 #define DBS_FORWARDFILEINGROUPWRITABLEDIRPATH 21 #define DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH 22 #define DBS_CLASSFILEINUNSAFEDIRPATH 23 #define DBS_ERRORHEADERINUNSAFEDIRPATH 24 #define DBS_HELPFILEINUNSAFEDIRPATH 25 #define DBS_FORWARDFILEINUNSAFEDIRPATHSAFE 26 #define DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE 27 #define DBS_RUNPROGRAMINUNSAFEDIRPATH 28 /* Not used yet */ #define DBS_RUNWRITABLEPROGRAM 29 #define DBS_INCLUDEFILEINUNSAFEDIRPATH 30 #define DBS_NONROOTSAFEADDR 31 #define DBS_TRUSTSTICKYBIT 32 #define DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH 33 #define DBS_INSUFFICIENTENTROPY 34 #if _FFR_UNSAFE_SASL # define DBS_GROUPREADABLESASLFILE 35 #endif /* _FFR_UNSAFE_SASL */ #if _FFR_UNSAFE_WRITABLE_INCLUDE # define DBS_GROUPWRITABLEFORWARDFILE 36 # define DBS_GROUPWRITABLEINCLUDEFILE 37 # define DBS_WORLDWRITABLEFORWARDFILE 38 # define DBS_WORLDWRITABLEINCLUDEFILE 39 #endif /* _FFR_UNSAFE_WRITABLE_INCLUDE */ /* struct defining such things */ struct dbsval { char *dbs_name; /* name of DontBlameSendmail flag */ u_char dbs_flag; /* numeric level */ }; #if _FFR_DPRINTF extern void dprintf __P((const char *, ...)); extern int dflush __P((void)); #else /* _FFR_DPRINTF */ #define dprintf printf #define dflush() fflush(stdout) #endif /* _FFR_DPRINTF */ extern int sm_snprintf __P((char *, size_t, const char *, ...)); extern int sm_vsnprintf __P((char *, size_t, const char *, va_list)); extern char *quad_to_string __P((QUAD_T)); extern size_t strlcpy __P((char *, const char *, size_t)); extern size_t strlcat __P((char *, const char *, size_t)); Index: stable/4/contrib/sendmail/libmilter/Makefile.m4 =================================================================== --- stable/4/contrib/sendmail/libmilter/Makefile.m4 (revision 71887) +++ stable/4/contrib/sendmail/libmilter/Makefile.m4 (revision 71888) @@ -1,15 +1,24 @@ include(confBUILDTOOLSDIR`/M4/switch.m4') define(`confMT', `true') # sendmail dir SMSRCDIR= ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail') PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ') bldPRODUCT_START(`library', `libmilter') +define(`bldINSTALLABLE', `true') define(`bldSOURCES', `main.c engine.c listener.c handler.c comm.c smfi.c signal.c sm_gethost.c ') bldPUSH_SMLIB(`smutil') +bldPUSH_INSTALL_TARGET(`install-mfapi') bldPRODUCT_END APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL') + +divert(bldTARGETS_SECTION) +# Install the API header file +MFAPI= ${SRCDIR}/include/libmilter/mfapi.h +install-mfapi: ${MFAPI} + ${INSTALL} ${MFAPI} ${DESTDIR}${INCLUDEDIR} +divert(0) bldFINISH Index: stable/4/contrib/sendmail/libmilter/README =================================================================== --- stable/4/contrib/sendmail/libmilter/README (revision 71887) +++ stable/4/contrib/sendmail/libmilter/README (revision 71888) @@ -1,415 +1,419 @@ This directory contains the source files for libmilter. The sendmail Mail Filter API (Milter) is designed to allow third-party programs access to mail messages as they are being processed in order to filter meta-information and content. This README file describes the steps needed to compile and run a filter, through reference to a sample filter which is attached at the end of this file. It is necessary to first build libmilter.a, which can be done by issuing the './Build' command in SRCDIR/libmilter . NOTE: Both libmilter and the callouts in sendmail are marked as an FFR (For Future Release). If you intend to use them in 8.10.X, you must compiled both libmilter and sendmail with -D_FFR_MILTER defined. You can do this by adding the following to your devtools/Site/site.config.m4 file: dnl Milter APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1') APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1') You will also need to define _FFR_MILTER when building your .cf file using m4. +-------------------+ | BUILDING A FILTER | +-------------------+ The following command presumes that the sample code from the end of this README is saved to a file named 'sample.c' and built in the local platform- specific build subdirectory (SRCDIR/obj.*/libmilter). cc -I../../sendmail -I../../include -o sample sample.c libmilter.a ../libsmutil/libsmutil.a -pthread It is recommended that you build your filters in a location outside of the sendmail source tree. Modify the compiler include references (-I) and the library locations accordingly. Also, some operating systems may require additional libraries. For example, SunOS 5.X requires '-lresolv -lsocket -lnsl'. Depending on your OS you may need a library instead of the option -pthread, e.g., -lpthread. Filters must be thread-safe! Many operating systems now provide support for POSIX threads in the standard C libraries. The compiler flag to link with threading support differs according to the compiler and linker used. Check the Makefile in your appropriate obj.*/libmilter build subdirectory if you are unsure of the local flag used. +----------------------------------------+ | SPECIFYING FILTERS IN SENDMAIL CONFIGS | +----------------------------------------+ Filters are specified with a key letter ``X'' (for ``eXternal''). For example: Xfilter1, S=local:/var/run/f1.sock, F=R Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m Xfilter3, S=inet:3333@localhost specifies three filters. Filters can be specified in your .mc file using the following: INPUT_MAIL_FILTER(`filter1', `S=local:/var/run/f1.sock, F=R') INPUT_MAIL_FILTER(`filter2', `S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m') INPUT_MAIL_FILTER(`filter3', `S=inet:3333@localhost') The first attaches to a Unix-domain socket in the /var/run directory; the second uses an IPv6 socket on port 999 of localhost, and the third uses an IPv4 socket on port 3333 of localhost. The current flags (F=) are: R Reject connection if filter unavailable T Temporary fail connection if filter unavailable If neither F=R nor F=T is specified, the message is passed through sendmail as if the filter were not present. Finally, you can override the default timeouts used by sendmail when talking to the filters using the T= equate. There are three fields inside of the T= equate: Letter Meaning S Timeout for sending information from the MTA to a filter R Timeout for reading reply from the filter E Overall timeout between sending end-of-message to filter and waiting for the final acknowledgment Note the separator between each is a ';' as a ',' already separates equates and therefore can't separate timeouts. The default values (if not set in the config) are: T=S:10s;R:10s;E:5m where 's' is seconds and 'm' is minutes. Which filters are invoked and their sequencing is handled by the InputMailFilters option. O InputMailFilters=filter1, filter2, filter3 This is is set automatically according to the order of the INPUT_MAIL_FILTER commands in your .mc file. Alternatively, you can reset its value by setting confINPUT_MAIL_FILTERS in your .mc file. This options causes the three filters to be called in the same order they were specified. It allows for possible future filtering on output (although this is not intended for this release). Also note that a filter can be defined without adding it to the input filter list by using MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. To test sendmail with the sample filter, the following might be added (in the appropriate locations) to your .mc file: INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') +------------------+ | TESTING A FILTER | +------------------+ Once you have compiled a filter, modified your .mc file and restarted the sendmail process, you will want to test that the filter performs as intended. The sample filter takes one argument -p, which indicates the local port on which to create a listening socket for the filter. Maintaining consistency with the suggested options for sendmail.cf, this would be the UNIX domain socket located in /var/run/f1.sock. % ./sample -p local:/var/run/f1.sock If the sample filter returns immediately to a command line, there was either an error with your command or a problem creating the specified socket. Further logging can be captured through the syslogd daemon. Using the 'netstat -a' command can ensure that your filter process is listening on the appropriate local socket. Email messages must be injected via SMTP to be filtered. There are two simple means of doing this; either using the 'sendmail -bs' command, or by telnetting to port 25 of the machine configured for milter. Once connected via one of these options, the session can be continued through the use of standard SMTP commands. % sendmail -bs 220 test.sendmail.com ESMTP Sendmail 8.11.0/8.11.0; Tue, 10 Nov 1970 13:05:23 -0500 (EST) HELO localhost 250 test.sendmail.com Hello testy@localhost, pleased to meet you MAIL From: 250 2.1.0 ... Sender ok RCPT To: 250 2.1.5 ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself From: testy@test.sendmail.com To: root@test.sendmail.com Subject: testing sample filter Sample body . 250 2.0.0 dB73Zxi25236 Message accepted for delivery QUIT 221 2.0.0 test.sendmail.com closing connection In the above example, the lines beginning with numbers are output by the mail server, and those without are your input. If everything is working properly, you will find a file in /tmp by the name of msg.XXXXXXXX (where the Xs represent any combination of letters and numbers). This file should contain the message body and headers from the test email entered above. If the sample filter did not log your test email, there are a number of methods to narrow down the source of the problem. Check your system logs written by syslogd and see if there are any pertinent lines. You may need to reconfigure syslogd to capture all relevant data. Additionally, the logging level of sendmail can be raised with the LogLevel option. See the sendmail(8) manual page for more information. +--------------------------+ | SOURCE FOR SAMPLE FILTER | +--------------------------+ +Note that the filter below may not be thread safe on some operating +systems. You should check your system man pages for the functions used +below to verify the functions are thread safe. + /* A trivial filter that logs all email to a file. */ #include #include #include #include #include #include #include "libmilter/mfapi.h" typedef int bool; #ifndef FALSE # define FALSE 0 #endif /* ! FALSE*/ #ifndef TRUE # define TRUE 1 #endif /* ! TRUE*/ struct mlfiPriv { char *mlfi_fname; FILE *mlfi_fp; }; #define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx)) extern sfsistat mlfi_cleanup(SMFICTX *, bool); sfsistat mlfi_envfrom(ctx, envfrom) SMFICTX *ctx; char **envfrom; { struct mlfiPriv *priv; int fd; /* allocate some private memory */ priv = malloc(sizeof *priv); if (priv == NULL) { /* can't accept this message right now */ return SMFIS_TEMPFAIL; } memset(priv, '\0', sizeof *priv); /* open a file to store this message */ priv->mlfi_fname = strdup("/tmp/msg.XXXXXXXX"); if (priv->mlfi_fname == NULL) { free(priv); return SMFIS_TEMPFAIL; } if ((fd = mkstemp(priv->mlfi_fname)) < 0 || (priv->mlfi_fp = fdopen(fd, "w+")) == NULL) { free(priv->mlfi_fname); free(priv); return SMFIS_TEMPFAIL; } /* save the private data */ smfi_setpriv(ctx, priv); /* continue processing */ return SMFIS_CONTINUE; } sfsistat mlfi_header(ctx, headerf, headerv) SMFICTX *ctx; char *headerf; char *headerv; { /* write the header to the log file */ fprintf(MLFIPRIV->mlfi_fp, "%s: %s\r\n", headerf, headerv); /* continue processing */ return SMFIS_CONTINUE; } sfsistat mlfi_eoh(ctx) SMFICTX *ctx; { /* output the blank line between the header and the body */ fprintf(MLFIPRIV->mlfi_fp, "\r\n"); /* continue processing */ return SMFIS_CONTINUE; } sfsistat mlfi_body(ctx, bodyp, bodylen) SMFICTX *ctx; u_char *bodyp; size_t bodylen; { /* output body block to log file */ if (fwrite(bodyp, bodylen, 1, MLFIPRIV->mlfi_fp) <= 0) { /* write failed */ (void) mlfi_cleanup(ctx, FALSE); return SMFIS_TEMPFAIL; } /* continue processing */ return SMFIS_CONTINUE; } sfsistat mlfi_eom(ctx) SMFICTX *ctx; { return mlfi_cleanup(ctx, TRUE); } sfsistat mlfi_close(ctx) SMFICTX *ctx; { return SMFIS_ACCEPT; } sfsistat mlfi_abort(ctx) SMFICTX *ctx; { return mlfi_cleanup(ctx, FALSE); } sfsistat mlfi_cleanup(ctx, ok) SMFICTX *ctx; bool ok; { sfsistat rstat = SMFIS_CONTINUE; struct mlfiPriv *priv = MLFIPRIV; char *p; char host[512]; char hbuf[1024]; if (priv == NULL) return rstat; /* close the archive file */ if (priv->mlfi_fp != NULL && fclose(priv->mlfi_fp) == EOF) { /* failed; we have to wait until later */ rstat = SMFIS_TEMPFAIL; (void) unlink(priv->mlfi_fname); } else if (ok) { /* add a header to the message announcing our presence */ if (gethostname(host, sizeof host) < 0) strlcpy(host, "localhost", sizeof host); p = strrchr(priv->mlfi_fname, '/'); if (p == NULL) p = priv->mlfi_fname; else p++; snprintf(hbuf, sizeof hbuf, "%s@%s", p, host); smfi_addheader(ctx, "X-Archived", hbuf); } else { /* message was aborted -- delete the archive file */ (void) unlink(priv->mlfi_fname); } /* release private memory */ free(priv->mlfi_fname); free(priv); smfi_setpriv(ctx, NULL); /* return status */ return rstat; } struct smfiDesc smfilter = { "SampleFilter", /* filter name */ SMFI_VERSION, /* version code -- do not change */ SMFIF_ADDHDRS, /* flags */ NULL, /* connection info filter */ NULL, /* SMTP HELO command filter */ mlfi_envfrom, /* envelope sender filter */ NULL, /* envelope recipient filter */ mlfi_header, /* header filter */ mlfi_eoh, /* end of header */ mlfi_body, /* body block filter */ mlfi_eom, /* end of message */ mlfi_abort, /* message aborted */ mlfi_close /* connection cleanup */ }; int main(argc, argv) int argc; char *argv[]; { int c; const char *args = "p:"; /* Process command line options */ while ((c = getopt(argc, argv, args)) != -1) { switch (c) { case 'p': if (optarg == NULL || *optarg == '\0') { (void) fprintf(stderr, "Illegal conn: %s\n", optarg); exit(EX_USAGE); } (void) smfi_setconn(optarg); break; } } if (smfi_register(smfilter) == MI_FAILURE) { fprintf(stderr, "smfi_register failed\n"); exit(EX_UNAVAILABLE); } return smfi_main(); } /* eof */ -$Revision: 8.9.2.1.2.12 $, Last updated $Date: 2000/09/19 19:40:13 $ +$Revision: 8.9.2.1.2.13 $, Last updated $Date: 2000/12/29 18:55:23 $ Index: stable/4/contrib/sendmail/libmilter/comm.c =================================================================== --- stable/4/contrib/sendmail/libmilter/comm.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/comm.c (revision 71888) @@ -1,265 +1,267 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: comm.c,v 8.30.4.5 2000/08/14 09:04:47 gshapiro Exp $"; +static char id[] = "@(#)$Id: comm.c,v 8.30.4.6 2000/10/05 22:44:01 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER #include "libmilter.h" #define FD_Z FD_ZERO(&readset); \ FD_SET((u_int) sd, &readset); \ FD_ZERO(&excset); \ FD_SET((u_int) sd, &excset) /* ** MI_RD_CMD -- read a command ** ** Parameters: ** sd -- socket descriptor ** timeout -- maximum time to wait ** cmd -- single character command read from sd ** rlen -- pointer to length of result ** name -- name of milter ** ** Returns: ** buffer with rest of command ** (malloc()ed here, should be free()d) ** hack: encode error in cmd */ char * mi_rd_cmd(sd, timeout, cmd, rlen, name) socket_t sd; struct timeval *timeout; char *cmd; size_t *rlen; char *name; { ssize_t len; mi_int32 expl; ssize_t i; fd_set readset, excset; int ret; int save_errno; char *buf; char data[MILTER_LEN_BYTES + 1]; *cmd = '\0'; *rlen = 0; + if (sd >= FD_SETSIZE) { smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d", name, sd, FD_SETSIZE); *cmd = SMFIC_SELECT; return NULL; } + FD_Z; i = 0; while ((ret = select(sd + 1, &readset, NULL, &excset, timeout)) >= 1) { if (FD_ISSET(sd, &excset)) { *cmd = SMFIC_SELECT; return NULL; } if ((len = MI_SOCK_READ(sd, data + i, sizeof data - i)) < 0) { smi_log(SMI_LOG_ERR, "%s, mi_rd_cmd: read returned %d: %s", name, len, strerror(errno)); *cmd = SMFIC_RECVERR; return NULL; } if (len == 0) { *cmd = SMFIC_EOF; return NULL; } if (len >= (ssize_t) sizeof data - i) break; i += len; FD_Z; } if (ret == 0) { *cmd = SMFIC_TIMEOUT; return NULL; } else if (ret < 0) { smi_log(SMI_LOG_ERR, "%s: mi_rd_cmd: select returned %d: %s", name, ret, strerror(errno)); *cmd = SMFIC_RECVERR; return NULL; } *cmd = data[MILTER_LEN_BYTES]; data[MILTER_LEN_BYTES] = '\0'; (void) memcpy((void *) &expl, (void *) &(data[0]), MILTER_LEN_BYTES); expl = ntohl(expl) - 1; if (expl <= 0) return NULL; if (expl > MILTER_CHUNK_SIZE) { *cmd = SMFIC_TOOBIG; return NULL; } buf = malloc(expl); if (buf == NULL) { *cmd = SMFIC_MALLOC; return NULL; } i = 0; FD_Z; while ((ret = select(sd + 1, &readset, NULL, &excset, timeout)) == 1) { if (FD_ISSET(sd, &excset)) { *cmd = SMFIC_SELECT; free(buf); return NULL; } if ((len = MI_SOCK_READ(sd, buf + i, expl - i)) < 0) { smi_log(SMI_LOG_ERR, "%s: mi_rd_cmd: read returned %d: %s", name, len, strerror(errno)); ret = -1; break; } if (len == 0) { *cmd = SMFIC_EOF; free(buf); return NULL; } if (len > expl - i) { *cmd = SMFIC_RECVERR; free(buf); return NULL; } if (len >= expl - i) { *rlen = expl; return buf; } i += len; FD_Z; } save_errno = errno; free(buf); /* select returned 0 (timeout) or < 0 (error) */ if (ret == 0) { *cmd = SMFIC_TIMEOUT; return NULL; } if (ret < 0) { smi_log(SMI_LOG_ERR, "%s: mi_rd_cmd: select returned %d: %s", name, ret, strerror(save_errno)); *cmd = SMFIC_RECVERR; return NULL; } *cmd = SMFIC_UNKNERR; return NULL; } /* ** MI_WR_CMD -- write a cmd to sd ** ** Parameters: ** sd -- socket descriptor ** timeout -- maximum time to wait (currently unused) ** cmd -- single character command to write ** buf -- buffer with further data ** len -- length of buffer (without cmd!) ** ** Returns: ** MI_SUCCESS/MI_FAILURE */ int mi_wr_cmd(sd, timeout, cmd, buf, len) socket_t sd; struct timeval *timeout; int cmd; char *buf; size_t len; { size_t sl, i; ssize_t l; mi_int32 nl; int ret; fd_set wrtset; char data[MILTER_LEN_BYTES + 1]; if (len > MILTER_CHUNK_SIZE) return MI_FAILURE; nl = htonl(len + 1); /* add 1 for the cmd char */ (void) memcpy(data, (void *) &nl, MILTER_LEN_BYTES); data[MILTER_LEN_BYTES] = (char) cmd; i = 0; sl = MILTER_LEN_BYTES + 1; do { FD_ZERO(&wrtset); FD_SET((u_int) sd, &wrtset); if ((ret = select(sd + 1, NULL, &wrtset, NULL, timeout)) == 0) return MI_FAILURE; } while (ret < 0 && errno == EINTR); if (ret < 0) return MI_FAILURE; /* use writev() instead to send the whole stuff at once? */ while ((l = MI_SOCK_WRITE(sd, (void *) (data + i), sl - i)) < (ssize_t) sl) { if (l < 0) return MI_FAILURE; i += l; sl -= l; } if (len > 0 && buf == NULL) return MI_FAILURE; if (len == 0 || buf == NULL) return MI_SUCCESS; i = 0; sl = len; do { FD_ZERO(&wrtset); FD_SET((u_int) sd, &wrtset); if ((ret = select(sd + 1, NULL, &wrtset, NULL, timeout)) == 0) return MI_FAILURE; } while (ret < 0 && errno == EINTR); if (ret < 0) return MI_FAILURE; while ((l = MI_SOCK_WRITE(sd, (void *) (buf + i), sl - i)) < (ssize_t) sl) { if (l < 0) return MI_FAILURE; i += l; sl -= l; } return MI_SUCCESS; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libmilter/engine.c =================================================================== --- stable/4/contrib/sendmail/libmilter/engine.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/engine.c (revision 71888) @@ -1,1119 +1,1119 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: engine.c,v 8.67.4.14 2000/08/14 08:27:30 gshapiro Exp $"; +static char id[] = "@(#)$Id: engine.c,v 8.67.4.15 2000/12/29 19:43:10 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER #include "libmilter.h" #include "sendmail/useful.h" #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ /* generic argument for functions in the command table */ struct arg_struct { size_t a_len; /* length of buffer */ char *a_buf; /* argument string */ int a_idx; /* index for macro array */ SMFICTX_PTR a_ctx; /* context */ }; typedef struct arg_struct genarg; /* structure for commands received from MTA */ struct cmdfct_t { char cm_cmd; /* command */ int cm_argt; /* type of arguments expected */ int cm_next; /* next state */ int cm_todo; /* what to do next */ int cm_macros; /* index for macros */ int (*cm_fct) __P((genarg *)); /* function to execute */ }; typedef struct cmdfct_t cmdfct; /* possible values for cm_argt */ #define CM_ARG0 0 /* no args */ #define CM_ARG1 1 /* one arg (string) */ #define CM_ARG2 2 /* two args (strings) */ #define CM_ARGA 4 /* one string and _SOCK_ADDR */ #define CM_ARGO 5 /* two integers */ #define CM_ARGV 8 /* \0 separated list of args, NULL-terminated */ #define CM_ARGN 9 /* \0 separated list of args (strings) */ /* possible values for cm_todo */ #define CT_CONT 0x0000 /* continue reading commands */ #define CT_IGNO 0x0001 /* continue even when error */ /* not needed right now, done via return code instead */ #define CT_KEEP 0x0004 /* keep buffer (contains symbols) */ #define CT_END 0x0008 /* start replying */ /* index in macro array: macros only for these commands */ #define CI_NONE (-1) #define CI_CONN 0 #define CI_HELO 1 #define CI_MAIL 2 #define CI_RCPT 3 #if CI_RCPT >= MAX_MACROS_ENTRIES ERROR: do not compile with CI_RCPT >= MAX_MACROS_ENTRIES #endif /* function prototypes */ static int st_abortfct __P((genarg *)); static int st_macros __P((genarg *)); static int st_optionneg __P((genarg *)); static int st_bodychunk __P((genarg *)); static int st_connectinfo __P((genarg *)); static int st_bodyend __P((genarg *)); static int st_helo __P((genarg *)); static int st_header __P((genarg *)); static int st_sender __P((genarg *)); static int st_rcpt __P((genarg *)); static int st_eoh __P((genarg *)); static int st_quit __P((genarg *)); static int sendreply __P((sfsistat, socket_t, struct timeval *, SMFICTX_PTR)); static void fix_stm __P((SMFICTX_PTR)); static bool trans_ok __P((int, int)); static char **dec_argv __P((char *, size_t)); static int dec_arg2 __P((char *, size_t, char **, char **)); /* states */ #define ST_NONE (-1) #define ST_INIT 0 /* initial state */ #define ST_OPTS 1 /* option negotiation */ #define ST_CONN 2 /* connection info */ #define ST_HELO 3 /* helo */ #define ST_MAIL 4 /* mail from */ #define ST_RCPT 5 /* rcpt to */ #define ST_HDRS 6 /* headers */ #define ST_EOHS 7 /* end of headers */ #define ST_BODY 8 /* body */ #define ST_ENDM 9 /* end of message */ #define ST_QUIT 10 /* quit */ #define ST_ABRT 11 /* abort */ #define ST_LAST ST_ABRT #define ST_SKIP 15 /* not a state but required for the state table */ /* in a mail transaction? must be before eom according to spec. */ #define ST_IN_MAIL(st) ((st) >= ST_MAIL && (st) < ST_ENDM) /* ** set of next states ** each state (ST_*) corresponds to bit in an int value (1 << state) ** each state has a set of allowed transitions ('or' of bits of states) ** so a state transition is valid if the mask of the next state ** is set in the NX_* value ** this function is coded in trans_ok(), see below. */ #define MASK(x) (0x0001 << (x)) /* generate a bit "mask" for a state */ #define NX_INIT (MASK(ST_OPTS)) #define NX_OPTS (MASK(ST_CONN)) #define NX_CONN (MASK(ST_HELO) | MASK(ST_MAIL)) #define NX_HELO (MASK(ST_MAIL)) #define NX_MAIL (MASK(ST_RCPT) | MASK(ST_ABRT)) #define NX_RCPT (MASK(ST_HDRS) | MASK(ST_EOHS) | MASK(ST_RCPT) | MASK(ST_ABRT)) #define NX_HDRS (MASK(ST_EOHS) | MASK(ST_HDRS) | MASK(ST_ABRT)) #define NX_EOHS (MASK(ST_BODY) | MASK(ST_ENDM) | MASK(ST_ABRT)) #define NX_BODY (MASK(ST_ENDM) | MASK(ST_BODY) | MASK(ST_ABRT)) #define NX_ENDM (MASK(ST_QUIT) | MASK(ST_MAIL)) #define NX_QUIT 0 #define NX_ABRT 0 #define NX_SKIP MASK(ST_SKIP) static int next_states[] = { NX_INIT, NX_OPTS, NX_CONN, NX_HELO, NX_MAIL, NX_RCPT, NX_HDRS, NX_EOHS, NX_BODY, NX_ENDM, NX_QUIT, NX_ABRT }; /* commands received by milter */ static cmdfct cmds[] = { {SMFIC_ABORT, CM_ARG0, ST_ABRT, CT_CONT, CI_NONE, st_abortfct }, {SMFIC_MACRO, CM_ARGV, ST_NONE, CT_KEEP, CI_NONE, st_macros }, {SMFIC_BODY, CM_ARG1, ST_BODY, CT_CONT, CI_NONE, st_bodychunk }, {SMFIC_CONNECT, CM_ARG2, ST_CONN, CT_CONT, CI_CONN, st_connectinfo }, {SMFIC_BODYEOB, CM_ARG1, ST_ENDM, CT_CONT, CI_NONE, st_bodyend }, {SMFIC_HELO, CM_ARG1, ST_HELO, CT_CONT, CI_HELO, st_helo }, {SMFIC_HEADER, CM_ARG2, ST_HDRS, CT_CONT, CI_NONE, st_header }, {SMFIC_MAIL, CM_ARGV, ST_MAIL, CT_CONT, CI_MAIL, st_sender }, {SMFIC_OPTNEG, CM_ARGO, ST_OPTS, CT_CONT, CI_NONE, st_optionneg }, {SMFIC_EOH, CM_ARG0, ST_EOHS, CT_CONT, CI_NONE, st_eoh }, {SMFIC_QUIT, CM_ARG0, ST_QUIT, CT_END, CI_NONE, st_quit }, {SMFIC_RCPT, CM_ARGV, ST_RCPT, CT_IGNO, CI_RCPT, st_rcpt } }; /* additional (internal) reply codes */ #define _SMFIS_KEEP 20 #define _SMFIS_ABORT 21 #define _SMFIS_OPTIONS 22 #define _SMFIS_NOREPLY 23 #define _SMFIS_FAIL (-1) /* ** MI_ENGINE -- receive commands and process them ** ** Parameters: ** ctx -- context structure ** ** Returns: ** MI_FAILURE/MI_SUCCESS */ int mi_engine(ctx) SMFICTX_PTR ctx; { size_t len; int i; socket_t sd; int ret = MI_SUCCESS; int ncmds = sizeof(cmds) / sizeof(cmdfct); int curstate = ST_INIT; int newstate; bool call_abort; sfsistat r; char cmd; char *buf = NULL; genarg arg; struct timeval timeout; int (*f) __P((genarg *)); sfsistat (*fi_abort) __P((SMFICTX *)); sfsistat (*fi_close) __P((SMFICTX *)); arg.a_ctx = ctx; sd = ctx->ctx_sd; fi_abort = ctx->ctx_smfi->xxfi_abort; mi_clr_macros(ctx, 0); fix_stm(ctx); do { /* call abort only if in a mail transaction */ call_abort = ST_IN_MAIL(curstate); timeout.tv_sec = ctx->ctx_timeout; timeout.tv_usec = 0; if (mi_stop() == MILTER_ABRT) { if (ctx->ctx_dbg > 3) dprintf("[%d] milter_abort\n", (int) ctx->ctx_id); ret = MI_FAILURE; break; } if ((buf = mi_rd_cmd(sd, &timeout, &cmd, &len, ctx->ctx_smfi->xxfi_name)) == NULL && cmd < SMFIC_VALIDCMD) { if (ctx->ctx_dbg > 5) dprintf("[%d] mi_engine: mi_rd_cmd error (%x)\n", (int) ctx->ctx_id, (int) cmd); /* ** eof is currently treated as failure -> ** abort() instead of close(), otherwise use: ** if (cmd != SMFIC_EOF) */ ret = MI_FAILURE; break; } if (ctx->ctx_dbg > 4) dprintf("[%d] got cmd '%c' len %d\n", (int) ctx->ctx_id, cmd, len); for (i = 0; i < ncmds; i++) { if (cmd == cmds[i].cm_cmd) break; } if (i >= ncmds) { /* unknown command */ if (ctx->ctx_dbg > 1) dprintf("[%d] cmd '%c' unknown\n", (int) ctx->ctx_id, cmd); ret = MI_FAILURE; break; } if ((f = cmds[i].cm_fct) == NULL) { /* stop for now */ if (ctx->ctx_dbg > 1) dprintf("[%d] cmd '%c' not impl\n", (int) ctx->ctx_id, cmd); ret = MI_FAILURE; break; } /* is new state ok? */ newstate = cmds[i].cm_next; if (ctx->ctx_dbg > 5) dprintf("[%d] cur %x new %x nextmask %x\n", (int) ctx->ctx_id, curstate, newstate, next_states[curstate]); if (newstate != ST_NONE && !trans_ok(curstate, newstate)) { if (ctx->ctx_dbg > 1) dprintf("[%d] abort: cur %d (%x) new %d (%x) next %x\n", (int) ctx->ctx_id, curstate, MASK(curstate), newstate, MASK(newstate), next_states[curstate]); /* call abort only if in a mail transaction */ if (fi_abort != NULL && call_abort) (void) (*fi_abort)(ctx); /* ** try to reach the new state from HELO ** if it can't be reached, ignore the command. */ curstate = ST_HELO; if (!trans_ok(curstate, newstate)) continue; } arg.a_len = len; arg.a_buf = buf; if (newstate != ST_NONE) { curstate = newstate; ctx->ctx_state = curstate; } arg.a_idx = cmds[i].cm_macros; /* call function to deal with command */ r = (*f)(&arg); if (r != _SMFIS_KEEP && buf != NULL) { free(buf); buf = NULL; } if (sendreply(r, sd, &timeout, ctx) != MI_SUCCESS) { ret = MI_FAILURE; break; } call_abort = ST_IN_MAIL(curstate); if (r == SMFIS_ACCEPT) { /* accept mail, no further actions taken */ curstate = ST_HELO; } else if (r == SMFIS_REJECT || r == SMFIS_DISCARD || r == SMFIS_TEMPFAIL) { /* ** further actions depend on current state ** if the IGNO bit is set: "ignore" the error, ** i.e., stay in the current state */ if (!bitset(CT_IGNO, cmds[i].cm_todo)) curstate = ST_HELO; } else if (r == _SMFIS_ABORT) { if (ctx->ctx_dbg > 5) dprintf("[%d] function returned abort\n", (int) ctx->ctx_id); ret = MI_FAILURE; break; } } while (!bitset(CT_END, cmds[i].cm_todo)); if (ret != MI_SUCCESS) { /* call abort only if in a mail transaction */ if (fi_abort != NULL && call_abort) (void) (*fi_abort)(ctx); } /* close must always be called */ if ((fi_close = ctx->ctx_smfi->xxfi_close) != NULL) (void) (*fi_close)(ctx); if (buf != NULL) free(buf); mi_clr_macros(ctx, 0); return ret; } /* ** SENDREPLY -- send a reply to the MTA ** ** Parameters: ** r -- reply code ** sd -- socket descriptor ** timeout_ptr -- (ptr to) timeout to use for sending ** ctx -- context structure ** ** Returns: ** MI_SUCCESS/MI_FAILURE */ static int sendreply(r, sd, timeout_ptr, ctx) sfsistat r; socket_t sd; struct timeval *timeout_ptr; SMFICTX_PTR ctx; { int ret = MI_SUCCESS; - switch(r) + switch (r) { case SMFIS_CONTINUE: ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_CONTINUE, NULL, 0); break; case SMFIS_TEMPFAIL: case SMFIS_REJECT: if (ctx->ctx_reply != NULL) { ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_REPLYCODE, ctx->ctx_reply, strlen(ctx->ctx_reply) + 1); free(ctx->ctx_reply); ctx->ctx_reply = NULL; } else { ret = mi_wr_cmd(sd, timeout_ptr, r == SMFIS_REJECT ? SMFIR_REJECT : SMFIR_TEMPFAIL, NULL, 0); } break; case SMFIS_DISCARD: ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_DISCARD, NULL, 0); break; case SMFIS_ACCEPT: ret = mi_wr_cmd(sd, timeout_ptr, SMFIR_ACCEPT, NULL, 0); break; case _SMFIS_OPTIONS: { char buf[MILTER_OPTLEN]; mi_int32 v; v = htonl(ctx->ctx_smfi->xxfi_version); (void) memcpy(&(buf[0]), (void *) &v, MILTER_LEN_BYTES); v = htonl(ctx->ctx_smfi->xxfi_flags); (void) memcpy(&(buf[MILTER_LEN_BYTES]), (void *) &v, MILTER_LEN_BYTES); v = htonl(ctx->ctx_pflags); (void) memcpy(&(buf[MILTER_LEN_BYTES * 2]), (void *) &v, MILTER_LEN_BYTES); ret = mi_wr_cmd(sd, timeout_ptr, SMFIC_OPTNEG, buf, MILTER_OPTLEN); } break; default: /* don't send a reply */ break; } return ret; } /* ** CLR_MACROS -- clear set of macros starting from a given index ** ** Parameters: ** ctx -- context structure ** m -- index from which to clear all macros ** ** Returns: ** None. */ void mi_clr_macros(ctx, m) SMFICTX_PTR ctx; int m; { int i; for (i = m; i < MAX_MACROS_ENTRIES; i++) { if (ctx->ctx_mac_ptr[i] != NULL) { free(ctx->ctx_mac_ptr[i]); ctx->ctx_mac_ptr[i] = NULL; } if (ctx->ctx_mac_buf[i] != NULL) { free(ctx->ctx_mac_buf[i]); ctx->ctx_mac_buf[i] = NULL; } } } /* ** ST_OPTIONNEG -- negotiate options ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** abort/send options/continue */ static int st_optionneg(g) genarg *g; { mi_int32 i, v; if (g == NULL || g->a_ctx->ctx_smfi == NULL) return SMFIS_CONTINUE; mi_clr_macros(g->a_ctx, g->a_idx + 1); /* check for minimum length */ if (g->a_len < MILTER_OPTLEN) { smi_log(SMI_LOG_ERR, "%s: st_optionneg[%d]: len too short %d < %d", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, g->a_len, MILTER_OPTLEN); return _SMFIS_ABORT; } (void) memcpy((void *) &i, (void *) &(g->a_buf[0]), MILTER_LEN_BYTES); v = ntohl(i); if (v < g->a_ctx->ctx_smfi->xxfi_version) { /* hard failure for now! */ smi_log(SMI_LOG_ERR, "%s: st_optionneg[%d]: version mismatch MTA: %d < milter: %d", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, (int) v, g->a_ctx->ctx_smfi->xxfi_version); return _SMFIS_ABORT; } (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES]), MILTER_LEN_BYTES); v = ntohl(i); /* no flags? set to default value for V1 actions */ if (v == 0) v = SMFI_V1_ACTS; i = g->a_ctx->ctx_smfi->xxfi_flags; if ((v & i) != i) { smi_log(SMI_LOG_ERR, "%s: st_optionneg[%d]: 0x%x does not fulfill action requirements 0x%x", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, v, i); return _SMFIS_ABORT; } (void) memcpy((void *) &i, (void *) &(g->a_buf[MILTER_LEN_BYTES * 2]), MILTER_LEN_BYTES); v = ntohl(i); /* no flags? set to default value for V1 protocol */ if (v == 0) v = SMFI_V1_PROT; i = g->a_ctx->ctx_pflags; if ((v & i) != i) { smi_log(SMI_LOG_ERR, "%s: st_optionneg[%d]: 0x%x does not fulfill protocol requirements 0x%x", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, v, i); return _SMFIS_ABORT; } return _SMFIS_OPTIONS; } /* ** ST_CONNECTINFO -- receive connection information ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_connectinfo(g) genarg *g; { size_t l; size_t i; char *s, family; u_short port = 0; _SOCK_ADDR sockaddr; sfsistat (*fi_connect) __P((SMFICTX *, char *, _SOCK_ADDR *)); if (g == NULL) return _SMFIS_ABORT; mi_clr_macros(g->a_ctx, g->a_idx + 1); if (g->a_ctx->ctx_smfi == NULL || (fi_connect = g->a_ctx->ctx_smfi->xxfi_connect) == NULL) return SMFIS_CONTINUE; s = g->a_buf; i = 0; l = g->a_len; while (s[i] != '\0' && i <= l) ++i; if (i >= l) return _SMFIS_ABORT; /* Move past trailing \0 in host string */ i++; family = s[i++]; memset(&sockaddr, '\0', sizeof sockaddr); if (family != SMFIA_UNKNOWN) { (void) memcpy((void *) &port, (void *) (s + i), sizeof port); port = ntohs(port); if ((i += sizeof port) >= l) { smi_log(SMI_LOG_ERR, "%s: connect[%d]: wrong len %d >= %d", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, i, l); return _SMFIS_ABORT; } # if NETINET if (family == SMFIA_INET) { if (inet_aton(s + i, (struct in_addr *) &sockaddr.sin.sin_addr) == INADDR_NONE) { smi_log(SMI_LOG_ERR, "%s: connect[%d]: inet_aton failed", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id); return _SMFIS_ABORT; } sockaddr.sa.sa_family = AF_INET; if (port > 0) sockaddr.sin.sin_port = port; } else # endif /* NETINET */ # if NETINET6 if (family == SMFIA_INET6) { if (inet_pton(AF_INET6, s + i, &sockaddr.sin6.sin6_addr) != 1) { smi_log(SMI_LOG_ERR, "%s: connect[%d]: inet_pton failed", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id); return _SMFIS_ABORT; } sockaddr.sa.sa_family = AF_INET6; if (port > 0) sockaddr.sin6.sin6_port = port; } else # endif /* NETINET6 */ # if NETUNIX if (family == SMFIA_UNIX) { if (strlcpy(sockaddr.sunix.sun_path, s + i, sizeof sockaddr.sunix.sun_path) >= sizeof sockaddr.sunix.sun_path) { smi_log(SMI_LOG_ERR, "%s: connect[%d]: path too long", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id); return _SMFIS_ABORT; } sockaddr.sunix.sun_family = AF_UNIX; } else # endif /* NETUNIX */ { smi_log(SMI_LOG_ERR, "%s: connect[%d]: unknown family %d", g->a_ctx->ctx_smfi->xxfi_name, (int) g->a_ctx->ctx_id, family); return _SMFIS_ABORT; } } return (*fi_connect)(g->a_ctx, g->a_buf, family != SMFIA_UNKNOWN ? &sockaddr : NULL); } /* ** ST_EOH -- end of headers ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_eoh(g) genarg *g; { sfsistat (*fi_eoh) __P((SMFICTX *)); if (g == NULL) return _SMFIS_ABORT; if (g->a_ctx->ctx_smfi != NULL && (fi_eoh = g->a_ctx->ctx_smfi->xxfi_eoh) != NULL) return (*fi_eoh)(g->a_ctx); return SMFIS_CONTINUE; } /* ** ST_HELO -- helo/ehlo command ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_helo(g) genarg *g; { sfsistat (*fi_helo) __P((SMFICTX *, char *)); if (g == NULL) return _SMFIS_ABORT; mi_clr_macros(g->a_ctx, g->a_idx + 1); if (g->a_ctx->ctx_smfi != NULL && (fi_helo = g->a_ctx->ctx_smfi->xxfi_helo) != NULL) return (*fi_helo)(g->a_ctx, g->a_buf); return SMFIS_CONTINUE; } /* ** ST_HEADER -- header line ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_header(g) genarg *g; { char *hf, *hv; sfsistat (*fi_header) __P((SMFICTX *, char *, char *)); if (g == NULL) return _SMFIS_ABORT; if (g->a_ctx->ctx_smfi == NULL || (fi_header = g->a_ctx->ctx_smfi->xxfi_header) == NULL) return SMFIS_CONTINUE; if (dec_arg2(g->a_buf, g->a_len, &hf, &hv) == MI_SUCCESS) return (*fi_header)(g->a_ctx, hf, hv); else return _SMFIS_ABORT; } #define ARGV_FCT(lf, rf, idx) \ char **argv; \ sfsistat (*lf) __P((SMFICTX *, char **)); \ int r; \ \ if (g == NULL) \ return _SMFIS_ABORT; \ mi_clr_macros(g->a_ctx, g->a_idx + 1); \ if (g->a_ctx->ctx_smfi == NULL || \ (lf = g->a_ctx->ctx_smfi->rf) == NULL) \ return SMFIS_CONTINUE; \ if ((argv = dec_argv(g->a_buf, g->a_len)) == NULL) \ return _SMFIS_ABORT; \ r = (*lf)(g->a_ctx, argv); \ free(argv); \ return r; /* ** ST_SENDER -- MAIL FROM command ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_sender(g) genarg *g; { ARGV_FCT(fi_envfrom, xxfi_envfrom, CI_MAIL) } /* ** ST_RCPT -- RCPT TO command ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_rcpt(g) genarg *g; { ARGV_FCT(fi_envrcpt, xxfi_envrcpt, CI_RCPT) } /* ** ST_MACROS -- deal with macros received from the MTA ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue/keep ** ** Side effects: ** set pointer in macro array to current values. */ static int st_macros(g) genarg *g; { int i; char **argv; if (g == NULL || g->a_len < 1) return _SMFIS_FAIL; if ((argv = dec_argv(g->a_buf + 1, g->a_len - 1)) == NULL) return _SMFIS_FAIL; - switch(g->a_buf[0]) + switch (g->a_buf[0]) { case SMFIC_CONNECT: i = CI_CONN; break; case SMFIC_HELO: i = CI_HELO; break; case SMFIC_MAIL: i = CI_MAIL; break; case SMFIC_RCPT: i = CI_RCPT; break; default: free(argv); return _SMFIS_FAIL; } if (g->a_ctx->ctx_mac_ptr[i] != NULL) free(g->a_ctx->ctx_mac_ptr[i]); if (g->a_ctx->ctx_mac_buf[i] != NULL) free(g->a_ctx->ctx_mac_buf[i]); g->a_ctx->ctx_mac_ptr[i] = argv; g->a_ctx->ctx_mac_buf[i] = g->a_buf; return _SMFIS_KEEP; } /* ** ST_QUIT -- quit command ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** noreply */ static int st_quit(g) genarg *g; { return _SMFIS_NOREPLY; } /* ** ST_BODYCHUNK -- deal with a piece of the mail body ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value */ static int st_bodychunk(g) genarg *g; { sfsistat (*fi_body) __P((SMFICTX *, u_char *, size_t)); if (g == NULL) return _SMFIS_ABORT; if (g->a_ctx->ctx_smfi != NULL && (fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL) return (*fi_body)(g->a_ctx, (u_char *)g->a_buf, g->a_len); return SMFIS_CONTINUE; } /* ** ST_BODYEND -- deal with the last piece of the mail body ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** continue or filter-specified value ** ** Side effects: ** sends a reply for the body part (if non-empty). */ static int st_bodyend(g) genarg *g; { sfsistat r; sfsistat (*fi_body) __P((SMFICTX *, u_char *, size_t)); sfsistat (*fi_eom) __P((SMFICTX *)); if (g == NULL) return _SMFIS_ABORT; r = SMFIS_CONTINUE; if (g->a_ctx->ctx_smfi != NULL) { if ((fi_body = g->a_ctx->ctx_smfi->xxfi_body) != NULL && g->a_len > 0) { socket_t sd; struct timeval timeout; timeout.tv_sec = g->a_ctx->ctx_timeout; timeout.tv_usec = 0; sd = g->a_ctx->ctx_sd; r = (*fi_body)(g->a_ctx, (u_char *)g->a_buf, g->a_len); if (r != SMFIS_CONTINUE && sendreply(r, sd, &timeout, g->a_ctx) != MI_SUCCESS) return _SMFIS_ABORT; } } if (r == SMFIS_CONTINUE && (fi_eom = g->a_ctx->ctx_smfi->xxfi_eom) != NULL) return (*fi_eom)(g->a_ctx); return r; } /* ** ST_ABORTFCT -- deal with aborts ** ** Parameters: ** g -- generic argument structure ** ** Returns: ** abort or filter-specified value */ static int st_abortfct(g) genarg *g; { sfsistat (*fi_abort) __P((SMFICTX *)); if (g == NULL) return _SMFIS_ABORT; if (g != NULL && g->a_ctx->ctx_smfi != NULL && (fi_abort = g->a_ctx->ctx_smfi->xxfi_abort) != NULL) (void) (*fi_abort)(g->a_ctx); return _SMFIS_NOREPLY; } /* ** TRANS_OK -- is the state transition ok? ** ** Parameters: ** old -- old state ** new -- new state ** ** Returns: ** state transition ok */ static bool trans_ok(old, new) int old, new; { int s, n; s = old; do { /* is this state transition allowed? */ if ((MASK(new) & next_states[s]) != 0) return TRUE; /* ** no: try next state; ** this works since the relevant states are ordered ** strict sequentially */ n = s + 1; /* ** can we actually "skip" this state? ** see fix_stm() which sets this bit for those ** states which the filter program is not interested in */ if (bitset(NX_SKIP, next_states[n])) s = n; else return FALSE; } while (s <= ST_LAST); return FALSE; } /* ** FIX_STM -- add "skip" bits to the state transition table ** ** Parameters: ** ctx -- context structure ** ** Returns: ** None. ** ** Side effects: ** may change state transition table. */ static void fix_stm(ctx) SMFICTX_PTR ctx; { u_long fl; if (ctx == NULL || ctx->ctx_smfi == NULL) return; fl = ctx->ctx_pflags; if (bitset(SMFIP_NOCONNECT, fl)) next_states[ST_CONN] |= NX_SKIP; if (bitset(SMFIP_NOHELO, fl)) next_states[ST_HELO] |= NX_SKIP; if (bitset(SMFIP_NOMAIL, fl)) next_states[ST_MAIL] |= NX_SKIP; if (bitset(SMFIP_NORCPT, fl)) next_states[ST_RCPT] |= NX_SKIP; if (bitset(SMFIP_NOHDRS, fl)) next_states[ST_HDRS] |= NX_SKIP; if (bitset(SMFIP_NOEOH, fl)) next_states[ST_EOHS] |= NX_SKIP; if (bitset(SMFIP_NOBODY, fl)) next_states[ST_BODY] |= NX_SKIP; } /* ** DEC_ARGV -- split a buffer into a list of strings, NULL terminated ** ** Parameters: ** buf -- buffer with several strings ** len -- length of buffer ** ** Returns: ** array of pointers to the individual strings */ static char ** dec_argv(buf, len) char *buf; size_t len; { char **s; size_t i; int elem, nelem; nelem = 0; for (i = 0; i < len; i++) { if (buf[i] == '\0') ++nelem; } if (nelem == 0) return NULL; /* last entry is only for the name */ s = (char **)malloc((nelem + 1) * (sizeof *s)); if (s == NULL) return NULL; s[0] = buf; for (i = 0, elem = 0; i < len && elem < nelem; i++) { if (buf[i] == '\0') s[++elem] = &(buf[i + 1]); } /* overwrite last entry */ s[elem] = NULL; return s; } /* ** DEC_ARG2 -- split a buffer into two strings ** ** Parameters: ** buf -- buffer with two strings ** len -- length of buffer ** s1,s2 -- pointer to result strings ** ** Returns: ** MI_FAILURE/MI_SUCCESS */ static int dec_arg2(buf, len, s1, s2) char *buf; size_t len; char **s1; char **s2; { size_t i; *s1 = buf; for (i = 1; i < len && buf[i] != '\0'; i++) continue; if (i >= len - 1) return MI_FAILURE; *s2 = buf + i + 1; return MI_SUCCESS; } /* ** SENDOK -- is it ok for the filter to send stuff to the MTA? ** ** Parameters: ** ctx -- context structure ** flag -- flag to check ** ** Returns: ** sending allowed (in current state) */ bool mi_sendok(ctx, flag) SMFICTX_PTR ctx; int flag; { if (ctx == NULL || ctx->ctx_smfi == NULL) return FALSE; if (flag != 0 && !bitset(flag, ctx->ctx_smfi->xxfi_flags)) return FALSE; return ctx->ctx_state == ST_ENDM; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libmilter/handler.c =================================================================== --- stable/4/contrib/sendmail/libmilter/handler.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/handler.c (revision 71888) @@ -1,61 +1,67 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: handler.c,v 8.19.4.2 2000/07/14 06:16:57 msk Exp $"; +static char id[] = "@(#)$Id: handler.c,v 8.19.4.3 2000/12/29 19:45:39 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER #include "libmilter.h" /* ** HANDLE_SESSION -- Handle a connected session in its own context ** ** Parameters: ** ctx -- context structure ** ** Returns: ** MI_SUCCESS/MI_FAILURE */ int mi_handle_session(ctx) SMFICTX_PTR ctx; { int ret; if (ctx == NULL) return MI_FAILURE; ctx->ctx_id = (sthread_t) sthread_get_id(); /* ** detach so resources are free when the thread returns ** if we ever "wait" for threads, this call must be removed */ if (pthread_detach(ctx->ctx_id) != 0) return MI_FAILURE; ret = mi_engine(ctx); if (ValidSocket(ctx->ctx_sd)) + { (void) close(ctx->ctx_sd); + ctx->ctx_sd = INVALID_SOCKET; + } if (ctx->ctx_reply != NULL) + { free(ctx->ctx_reply); + ctx->ctx_reply = NULL; + } if (ctx->ctx_privdata != NULL) { smi_log(SMI_LOG_WARN, "%s: private data not NULL", ctx->ctx_smfi->xxfi_name); } mi_clr_macros(ctx, 0); free(ctx); ctx = NULL; return ret; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libmilter/libmilter.h =================================================================== --- stable/4/contrib/sendmail/libmilter/libmilter.h (revision 71887) +++ stable/4/contrib/sendmail/libmilter/libmilter.h (revision 71888) @@ -1,108 +1,115 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. */ /* ** LIBMILTER.H -- include file for mail filter library functions */ #ifndef _LIBMILTER_H # define _LIBMILTER_H 1 #ifdef _DEFINE # define EXTERN # define INIT(x) = x # ifndef lint -static char MilterlId[] = "@(#)$Id: libmilter.h,v 8.3.6.9 2000/09/01 00:49:04 ca Exp $"; +static char MilterlId[] = "@(#)$Id: libmilter.h,v 8.3.6.10 2000/11/20 21:15:36 ca Exp $"; # endif /* ! lint */ #else /* _DEFINE */ # define EXTERN extern # define INIT(x) #endif /* _DEFINE */ #define NOT_SENDMAIL 1 #define _SOCK_ADDR union bigsockaddr #include "sendmail.h" #include "libmilter/milter.h" #ifndef __P # include "sendmail/cdefs.h" #endif /* ! __P */ #include "sendmail/useful.h" # define ValidSocket(sd) ((sd) >= 0) # define INVALID_SOCKET -1 # define MI_SOCK_READ(s, b, l) (read(s, b, l)) # define MI_SOCK_WRITE(s, b, l) (write(s, b, l)) # define thread_create(ptid,wr,arg) pthread_create(ptid, NULL, wr, arg) # define sthread_get_id() pthread_self() + +typedef pthread_mutex_t smutex_t; +# define smutex_init(mp) (pthread_mutex_init(mp, NULL) == 0) +# define smutex_destroy(mp) (pthread_mutex_destroy(mp) == 0) +# define smutex_lock(mp) (pthread_mutex_lock(mp) == 0) +# define smutex_unlock(mp) (pthread_mutex_unlock(mp) == 0) +# define smutex_trylock(mp) (pthread_mutex_trylock(mp) == 0) #include /* version info */ #define MILTER_PRODUCT_NAME "libmilter" #define MILTER_VERSION 100 /* some defaults */ #define MI_TIMEOUT 1800 /* default timeout for read/write */ #define MI_CHK_TIME 5 /* checking whether to terminate */ #if SOMAXCONN > 20 # define MI_SOMAXCONN SOMAXCONN #else /* SOMAXCONN */ # define MI_SOMAXCONN 20 #endif /* SOMAXCONN */ /* maximum number of repeated failures in mi_listener() */ #define MAX_FAILS_M 16 /* malloc() */ #define MAX_FAILS_T 16 /* thread creation */ /* internal "commands", i.e., error codes */ #define SMFIC_TIMEOUT ((char) 1) /* timeout */ #define SMFIC_SELECT ((char) 2) /* select error */ #define SMFIC_MALLOC ((char) 3) /* malloc error */ #define SMFIC_RECVERR ((char) 4) /* recv() error */ #define SMFIC_EOF ((char) 5) /* eof */ #define SMFIC_UNKNERR ((char) 6) /* unknown error */ #define SMFIC_TOOBIG ((char) 7) /* body chunk too big */ #define SMFIC_VALIDCMD ' ' /* first valid command */ /* hack */ #define smi_log syslog #define milter_ret int #define SMI_LOG_ERR LOG_ERR #define SMI_LOG_FATAL LOG_ERR #define SMI_LOG_WARN LOG_WARNING #define SMI_LOG_INFO LOG_INFO #define SMI_LOG_DEBUG LOG_DEBUG /* stop? */ #define MILTER_CONT 0 #define MILTER_STOP 1 #define MILTER_ABRT 2 /* functions */ extern int mi_handle_session __P((SMFICTX_PTR)); extern int mi_engine __P((SMFICTX_PTR)); extern int mi_listener __P((char *, int, smfiDesc_ptr, time_t, int)); extern void mi_clr_macros __P((SMFICTX_PTR, int)); extern int mi_stop __P((void)); extern int mi_control_startup __P((char *)); extern void mi_stop_milters __P((int)); extern void mi_clean_signals __P((void)); extern struct hostent *mi_gethostbyname __P((char *, int)); extern void mi_closener __P((void)); /* communication functions */ extern char *mi_rd_cmd __P((socket_t, struct timeval *, char *, size_t *, char *)); extern int mi_wr_cmd __P((socket_t, struct timeval *, int, char *, size_t)); extern bool mi_sendok __P((SMFICTX_PTR, int)); #endif /* !_LIBMILTER_H */ Index: stable/4/contrib/sendmail/libmilter/listener.c =================================================================== --- stable/4/contrib/sendmail/libmilter/listener.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/listener.c (revision 71888) @@ -1,603 +1,633 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: listener.c,v 8.38.2.1.2.11 2000/09/01 00:49:04 ca Exp $"; +static char id[] = "@(#)$Id: listener.c,v 8.38.2.1.2.18 2000/12/29 19:44:28 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER /* ** listener.c -- threaded network listener */ #include "libmilter.h" # if NETINET || NETINET6 # include # endif /* NETINET || NETINET6 */ /* ** MI_MILTEROPEN -- setup socket to listen on ** ** Parameters: ** conn -- connection description ** backlog -- listen backlog ** socksize -- socksize of created socket ** ** Returns: ** socket upon success, error code otherwise. */ static socket_t mi_milteropen(conn, backlog, socksize, name) char *conn; int backlog; SOCKADDR_LEN_T *socksize; char *name; { socket_t sock; int sockopt = 1; char *p; char *colon; char *at; - struct hostent *hp = NULL; SOCKADDR addr; if (conn == NULL || conn[0] == '\0') { smi_log(SMI_LOG_ERR, "%s: empty or missing socket information", name); return INVALID_SOCKET; } (void) memset(&addr, '\0', sizeof addr); /* protocol:filename or protocol:port@host */ p = conn; colon = strchr(p, ':'); if (colon != NULL) { *colon = '\0'; if (*p == '\0') { #if NETUNIX /* default to AF_UNIX */ addr.sa.sa_family = AF_UNIX; *socksize = sizeof (struct sockaddr_un); #else /* NETUNIX */ # if NETINET /* default to AF_INET */ addr.sa.sa_family = AF_INET; *socksize = sizeof addr.sin; # else /* NETINET */ # if NETINET6 /* default to AF_INET6 */ addr.sa.sa_family = AF_INET6; *socksize = sizeof addr.sin6; # else /* NETINET6 */ /* no protocols available */ smi_log(SMI_LOG_ERR, "%s: no valid socket protocols available", name); return INVALID_SOCKET; # endif /* NETINET6 */ # endif /* NETINET */ #endif /* NETUNIX */ } #if NETUNIX else if (strcasecmp(p, "unix") == 0 || strcasecmp(p, "local") == 0) { addr.sa.sa_family = AF_UNIX; *socksize = sizeof (struct sockaddr_un); } #endif /* NETUNIX */ #if NETINET else if (strcasecmp(p, "inet") == 0) { addr.sa.sa_family = AF_INET; *socksize = sizeof addr.sin; } #endif /* NETINET */ #if NETINET6 else if (strcasecmp(p, "inet6") == 0) { addr.sa.sa_family = AF_INET6; *socksize = sizeof addr.sin6; } #endif /* NETINET6 */ else { smi_log(SMI_LOG_ERR, "%s: unknown socket type %s", name, p); return INVALID_SOCKET; } *colon++ = ':'; } else { colon = p; #if NETUNIX /* default to AF_UNIX */ addr.sa.sa_family = AF_UNIX; *socksize = sizeof (struct sockaddr_un); #else /* NETUNIX */ # if NETINET /* default to AF_INET */ addr.sa.sa_family = AF_INET; *socksize = sizeof addr.sin; # else /* NETINET */ # if NETINET6 /* default to AF_INET6 */ addr.sa.sa_family = AF_INET6; *socksize = sizeof addr.sin6; # else /* NETINET6 */ smi_log(SMI_LOG_ERR, "%s: unknown socket type %s", name, p); return INVALID_SOCKET; # endif /* NETINET6 */ # endif /* NETINET */ #endif /* NETUNIX */ } #if NETUNIX if (addr.sa.sa_family == AF_UNIX) { # if 0 long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN; # endif /* 0 */ at = colon; if (strlcpy(addr.sunix.sun_path, colon, sizeof addr.sunix.sun_path) >= sizeof addr.sunix.sun_path) { errno = EINVAL; smi_log(SMI_LOG_ERR, "%s: UNIX socket name %s too long", name, colon); return INVALID_SOCKET; } # if 0 errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL); /* if not safe, don't create */ if (errno != 0) { smi_log(SMI_LOG_ERR, "%s: UNIX socket name %s unsafe", name, colon); return INVALID_SOCKET; } # endif /* 0 */ } #endif /* NETUNIX */ #if NETINET || NETINET6 if ( # if NETINET addr.sa.sa_family == AF_INET # endif /* NETINET */ # if NETINET && NETINET6 || # endif /* NETINET && NETINET6 */ # if NETINET6 addr.sa.sa_family == AF_INET6 # endif /* NETINET6 */ ) { u_short port; /* Parse port@host */ at = strchr(colon, '@'); if (at == NULL) { switch (addr.sa.sa_family) { # if NETINET case AF_INET: addr.sin.sin_addr.s_addr = INADDR_ANY; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: addr.sin6.sin6_addr = in6addr_any; break; # endif /* NETINET6 */ } } else *at = '\0'; if (isascii(*colon) && isdigit(*colon)) port = htons((u_short) atoi(colon)); else { # ifdef NO_GETSERVBYNAME smi_log(SMI_LOG_ERR, "%s: invalid port number %s", name, colon); return INVALID_SOCKET; # else /* NO_GETSERVBYNAME */ register struct servent *sp; sp = getservbyname(colon, "tcp"); if (sp == NULL) { smi_log(SMI_LOG_ERR, "%s: unknown port name %s", name, colon); return INVALID_SOCKET; } port = sp->s_port; # endif /* NO_GETSERVBYNAME */ } if (at != NULL) { *at++ = '@'; if (*at == '[') { char *end; end = strchr(at, ']'); if (end != NULL) { bool found = FALSE; # if NETINET unsigned long hid = INADDR_NONE; # endif /* NETINET */ # if NETINET6 struct sockaddr_in6 hid6; # endif /* NETINET6 */ *end = '\0'; # if NETINET if (addr.sa.sa_family == AF_INET && (hid = inet_addr(&at[1])) != INADDR_NONE) { addr.sin.sin_addr.s_addr = hid; addr.sin.sin_port = port; found = TRUE; } # endif /* NETINET */ # if NETINET6 (void) memset(&hid6, '\0', sizeof hid6); if (addr.sa.sa_family == AF_INET6 && inet_pton(AF_INET6, &at[1], &hid6.sin6_addr) == 1) { addr.sin6.sin6_addr = hid6.sin6_addr; addr.sin6.sin6_port = port; found = TRUE; } # endif /* NETINET6 */ *end = ']'; if (!found) { smi_log(SMI_LOG_ERR, "%s: Invalid numeric domain spec \"%s\"", name, at); return INVALID_SOCKET; } } else { smi_log(SMI_LOG_ERR, "%s: Invalid numeric domain spec \"%s\"", name, at); return INVALID_SOCKET; } } else { + struct hostent *hp = NULL; + hp = mi_gethostbyname(at, addr.sa.sa_family); if (hp == NULL) { smi_log(SMI_LOG_ERR, "%s: Unknown host name %s", name, at); return INVALID_SOCKET; } addr.sa.sa_family = hp->h_addrtype; switch (hp->h_addrtype) { # if NETINET case AF_INET: memmove(&addr.sin.sin_addr, hp->h_addr, INADDRSZ); addr.sin.sin_port = port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, hp->h_addr, IN6ADDRSZ); addr.sin6.sin6_port = port; break; # endif /* NETINET6 */ default: smi_log(SMI_LOG_ERR, "%s: Unknown protocol for %s (%d)", name, at, hp->h_addrtype); return INVALID_SOCKET; } +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ } } else { switch (addr.sa.sa_family) { # if NETINET case AF_INET: addr.sin.sin_port = port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: addr.sin6.sin6_port = port; break; # endif /* NETINET6 */ } } } #endif /* NETINET || NETINET6 */ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); if (!ValidSocket(sock)) { smi_log(SMI_LOG_ERR, "%s: Unable to create new socket: %s", name, strerror(errno)); return INVALID_SOCKET; } if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) == -1) { smi_log(SMI_LOG_ERR, "%s: Unable to setsockopt: %s", name, strerror(errno)); (void) close(sock); return INVALID_SOCKET; } if (bind(sock, &addr.sa, *socksize) < 0) { smi_log(SMI_LOG_ERR, "%s: Unable to bind to port %s: %s", name, conn, strerror(errno)); (void) close(sock); return INVALID_SOCKET; } if (listen(sock, backlog) < 0) { smi_log(SMI_LOG_ERR, "%s: listen call failed: %s", name, strerror(errno)); (void) close(sock); return INVALID_SOCKET; } return sock; } /* ** MI_THREAD_HANDLE_WRAPPER -- small wrapper to handle session ** ** Parameters: ** arg -- argument to pass to mi_handle_session() ** ** Returns: ** results from mi_handle_session() */ void * mi_thread_handle_wrapper(arg) void *arg; { return (void *) mi_handle_session(arg); } static socket_t listenfd = INVALID_SOCKET; +static smutex_t L_Mutex; + /* ** MI_CLOSENER -- close listen socket ** ** Parameters: ** none. ** ** Returns: ** none. */ void mi_closener() { + (void) smutex_lock(&L_Mutex); if (ValidSocket(listenfd)) { (void) close(listenfd); listenfd = INVALID_SOCKET; } + (void) smutex_unlock(&L_Mutex); } /* ** MI_LISTENER -- Generic listener harness ** ** Open up listen port ** Wait for connections ** ** Parameters: ** conn -- connection description ** dbg -- debug level ** smfi -- filter structure to use ** timeout -- timeout for reads/writes ** ** Returns: ** MI_SUCCESS -- Exited normally ** (session finished or we were told to exit) ** MI_FAILURE -- Network initialization failed. */ int mi_listener(conn, dbg, smfi, timeout, backlog) char *conn; int dbg; smfiDesc_ptr smfi; time_t timeout; int backlog; { socket_t connfd = INVALID_SOCKET; int sockopt = 1; int r; int ret = MI_SUCCESS; int cnt_m = 0; int cnt_t = 0; sthread_t thread_id; _SOCK_ADDR cliaddr; SOCKADDR_LEN_T socksize; SOCKADDR_LEN_T clilen; SMFICTX_PTR ctx; fd_set readset, excset; struct timeval chktime; if (dbg > 0) smi_log(SMI_LOG_DEBUG, "%s: Opening listen socket on conn %s", smfi->xxfi_name, conn); + (void) smutex_init(&L_Mutex); + (void) smutex_lock(&L_Mutex); listenfd = mi_milteropen(conn, backlog, &socksize, smfi->xxfi_name); if (!ValidSocket(listenfd)) { smi_log(SMI_LOG_FATAL, "%s: Unable to create listening socket on conn %s", smfi->xxfi_name, conn); + (void) smutex_unlock(&L_Mutex); return MI_FAILURE; } clilen = socksize; + if (listenfd >= FD_SETSIZE) { smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d", smfi->xxfi_name, listenfd, FD_SETSIZE); + (void) smutex_unlock(&L_Mutex); return MI_FAILURE; } + (void) smutex_unlock(&L_Mutex); while (mi_stop() == MILTER_CONT) { + (void) smutex_lock(&L_Mutex); + if (!ValidSocket(listenfd)) + { + (void) smutex_unlock(&L_Mutex); + break; + } + /* select on interface ports */ FD_ZERO(&readset); - FD_SET((u_int) listenfd, &readset); FD_ZERO(&excset); + FD_SET((u_int) listenfd, &readset); FD_SET((u_int) listenfd, &excset); chktime.tv_sec = MI_CHK_TIME; chktime.tv_usec = 0; r = select(listenfd + 1, &readset, NULL, &excset, &chktime); if (r == 0) /* timeout */ + { + (void) smutex_unlock(&L_Mutex); continue; /* just check mi_stop() */ + } if (r < 0) { - if (errno == EINTR) + int err = errno; + + (void) smutex_unlock(&L_Mutex); + if (err == EINTR) continue; ret = MI_FAILURE; break; } if (!FD_ISSET(listenfd, &readset)) { /* some error: just stop for now... */ ret = MI_FAILURE; + (void) smutex_unlock(&L_Mutex); break; } connfd = accept(listenfd, (struct sockaddr *) &cliaddr, &clilen); + (void) smutex_unlock(&L_Mutex); if (!ValidSocket(connfd)) { smi_log(SMI_LOG_ERR, "%s: accept() returned invalid socket", smfi->xxfi_name); continue; } if (setsockopt(connfd, SOL_SOCKET, SO_KEEPALIVE, (void *) &sockopt, sizeof sockopt) < 0) { smi_log(SMI_LOG_WARN, "%s: setsockopt() failed", smfi->xxfi_name); /* XXX: continue? */ } if ((ctx = (SMFICTX_PTR) malloc(sizeof *ctx)) == NULL) { (void) close(connfd); smi_log(SMI_LOG_ERR, "%s: malloc(ctx) failed", smfi->xxfi_name); sleep(++cnt_m); if (cnt_m >= MAX_FAILS_M) { ret = MI_FAILURE; break; } continue; } cnt_m = 0; memset(ctx, '\0', sizeof *ctx); ctx->ctx_sd = connfd; ctx->ctx_dbg = dbg; ctx->ctx_timeout = timeout; ctx->ctx_smfi = smfi; #if 0 if (smfi->xxfi_eoh == NULL) if (smfi->xxfi_eom == NULL) if (smfi->xxfi_abort == NULL) if (smfi->xxfi_close == NULL) #endif /* 0 */ if (smfi->xxfi_connect == NULL) ctx->ctx_pflags |= SMFIP_NOCONNECT; if (smfi->xxfi_helo == NULL) ctx->ctx_pflags |= SMFIP_NOHELO; if (smfi->xxfi_envfrom == NULL) ctx->ctx_pflags |= SMFIP_NOMAIL; if (smfi->xxfi_envrcpt == NULL) ctx->ctx_pflags |= SMFIP_NORCPT; if (smfi->xxfi_header == NULL) ctx->ctx_pflags |= SMFIP_NOHDRS; if (smfi->xxfi_eoh == NULL) ctx->ctx_pflags |= SMFIP_NOEOH; if (smfi->xxfi_body == NULL) ctx->ctx_pflags |= SMFIP_NOBODY; if ((r = thread_create(&thread_id, mi_thread_handle_wrapper, - (void *) ctx)) != MI_SUCCESS) + (void *) ctx)) != 0) { smi_log(SMI_LOG_ERR, "%s: thread_create() failed: %d", smfi->xxfi_name, r); sleep(++cnt_t); (void) close(connfd); free(ctx); if (cnt_t >= MAX_FAILS_T) { ret = MI_FAILURE; break; } continue; } cnt_t = 0; } if (ret != MI_SUCCESS) mi_stop_milters(MILTER_ABRT); - if (listenfd >= 0) - (void) close(listenfd); + else + mi_closener(); + (void) smutex_destroy(&L_Mutex); return ret; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libmilter/signal.c =================================================================== --- stable/4/contrib/sendmail/libmilter/signal.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/signal.c (revision 71888) @@ -1,222 +1,215 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: signal.c,v 8.10.4.7 2000/09/01 00:49:04 ca Exp $"; +static char id[] = "@(#)$Id: signal.c,v 8.10.4.8 2000/11/20 21:15:37 ca Exp $"; #endif /* ! lint */ #if _FFR_MILTER #include "libmilter.h" - -typedef pthread_mutex_t smutex_t; -# define smutex_init(mp) (pthread_mutex_init(mp, NULL) == 0) -# define smutex_destroy(mp) (pthread_mutex_destroy(mp) == 0) -# define smutex_lock(mp) (pthread_mutex_lock(mp) == 0) -# define smutex_unlock(mp) (pthread_mutex_unlock(mp) == 0) -# define smutex_trylock(mp) (pthread_mutex_trylock(mp) == 0) /* ** thread to handle signals */ static smutex_t M_Mutex; static int MilterStop = MILTER_CONT; /* ** MI_STOP -- return value of MilterStop ** ** Parameters: ** none. ** ** Returns: ** value of MilterStop */ int mi_stop() { return MilterStop; } /* ** MI_STOP_MILTERS -- set value of MilterStop ** ** Parameters: ** v -- new value for MilterStop. ** ** Returns: ** none. */ void mi_stop_milters(v) int v; { (void) smutex_lock(&M_Mutex); if (MilterStop < v) MilterStop = v; /* close listen socket */ mi_closener(); (void) smutex_unlock(&M_Mutex); } /* ** MI_CLEAN_SIGNALS -- clean up signal handler thread ** ** Parameters: ** none. ** ** Returns: ** none. */ void mi_clean_signals() { (void) smutex_destroy(&M_Mutex); } /* ** MI_SIGNAL_THREAD -- thread to deal with signals ** ** Parameters: ** name -- name of milter ** ** Returns: ** NULL */ static void * mi_signal_thread(name) void *name; { int sig, errs; sigset_t set; sigemptyset(&set); sigaddset(&set, SIGHUP); sigaddset(&set, SIGTERM); /* Handle Ctrl-C gracefully for debugging */ sigaddset(&set, SIGINT); errs = 0; while (TRUE) { sig = 0; #ifdef SOLARIS if ((sig = sigwait(&set)) < 0) #else /* SOLARIS */ if (sigwait(&set, &sig) != 0) #endif /* SOLARIS */ { smi_log(SMI_LOG_ERR, "%s: sigwait returned error: %s", (char *)name, strerror(errno)); if (++errs > MAX_FAILS_T) { mi_stop_milters(MILTER_ABRT); return NULL; } continue; } errs = 0; switch (sig) { case SIGHUP: case SIGTERM: mi_stop_milters(MILTER_STOP); return NULL; case SIGINT: mi_stop_milters(MILTER_ABRT); return NULL; default: smi_log(SMI_LOG_ERR, "%s: sigwait returned unmasked signal: %d", (char *)name, sig); break; } } } /* ** MI_SPAWN_SIGNAL_THREAD -- spawn thread to handle signals ** ** Parameters: ** name -- name of milter ** ** Returns: ** MI_SUCCESS/MI_FAILURE */ static int mi_spawn_signal_thread(name) char *name; { sthread_t tid; sigset_t set; /* Mask HUP and KILL signals */ sigemptyset(&set); sigaddset(&set, SIGHUP); sigaddset(&set, SIGTERM); sigaddset(&set, SIGINT); if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0) { smi_log(SMI_LOG_ERR, "%s: Couldn't mask HUP and KILL signals", name); return MI_FAILURE; } if (thread_create(&tid, mi_signal_thread, (void *)name) != MI_SUCCESS) { smi_log(SMI_LOG_ERR, "%s: Couldn't start signal thread", name); return MI_FAILURE; } return MI_SUCCESS; } /* ** MI_CONTROL_STARTUP -- startup for thread to handle signals ** ** Parameters: ** name -- name of milter ** ** Returns: ** MI_SUCCESS/MI_FAILURE */ int mi_control_startup(name) char *name; { if (!smutex_init(&M_Mutex)) { smi_log(SMI_LOG_ERR, "%s: Couldn't initialize control pipe mutex", name); return MI_FAILURE; } /* ** spawn_signal_thread must happen before other threads are spawned ** off so that it can mask the right signals and other threads ** will inherit that mask. */ if (mi_spawn_signal_thread(name) == MI_FAILURE) { smi_log(SMI_LOG_ERR, "%s: Couldn't spawn signal thread", name); (void) smutex_destroy(&M_Mutex); return MI_FAILURE; } return MI_SUCCESS; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libmilter/sm_gethost.c =================================================================== --- stable/4/contrib/sendmail/libmilter/sm_gethost.c (revision 71887) +++ stable/4/contrib/sendmail/libmilter/sm_gethost.c (revision 71888) @@ -1,99 +1,113 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: sm_gethost.c,v 8.7.8.2 2000/09/17 17:04:24 gshapiro Exp $"; +static char id[] = "@(#)$Id: sm_gethost.c,v 8.7.8.4 2000/12/19 04:26:33 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER #include #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ /* ** MI_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX ** ** Some operating systems have wierd problems with the gethostbyXXX ** routines. For example, Solaris versions at least through 2.3 ** don't properly deliver a canonical h_name field. This tries to ** work around these problems. ** ** Support IPv6 as well as IPv4. */ #if NETINET6 && NEEDSGETIPNODE && __RES < 19990909 # ifndef AI_V4MAPPED # define AI_V4MAPPED 0 /* dummy */ # endif /* ! AI_V4MAPPED */ # ifndef AI_ALL # define AI_ALL 0 /* dummy */ # endif /* ! AI_ALL */ static struct hostent * getipnodebyname(name, family, flags, err) char *name; int family; int flags; int *err; { bool resv6 = TRUE; struct hostent *h; if (family == AF_INET6) { /* From RFC2133, section 6.1 */ resv6 = bitset(RES_USE_INET6, _res.options); _res.options |= RES_USE_INET6; } h_errno = 0; h = gethostbyname(name); *err = h_errno; if (family == AF_INET6 && !resv6) _res.options &= ~RES_USE_INET6; return h; } + +# if _FFR_FREEHOSTENT +void +freehostent(h) + struct hostent *h; +{ + /* + ** Stub routine -- if they don't have getipnodeby*(), + ** they probably don't have the free routine either. + */ + + return; +} +# endif /* _FFR_FREEHOSTENT */ #endif /* NEEDSGETIPNODE && NETINET6 && __RES < 19990909 */ struct hostent * mi_gethostbyname(name, family) char *name; int family; { struct hostent *h = NULL; #if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) # if SOLARIS == 20300 || SOLARIS == 203 static struct hostent hp; static char buf[1000]; extern struct hostent *_switch_gethostbyname_r(); h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno); # else /* SOLARIS == 20300 || SOLARIS == 203 */ extern struct hostent *__switch_gethostbyname(); h = __switch_gethostbyname(name); # endif /* SOLARIS == 20300 || SOLARIS == 203 */ #else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ # if NETINET6 int err; # endif /* NETINET6 */ # if NETINET6 h = getipnodebyname(name, family, AI_V4MAPPED|AI_ALL, &err); h_errno = err; # else /* NETINET6 */ h = gethostbyname(name); # endif /* NETINET6 */ #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ return h; } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/libsmdb/smdb1.c =================================================================== --- stable/4/contrib/sendmail/libsmdb/smdb1.c (revision 71887) +++ stable/4/contrib/sendmail/libsmdb/smdb1.c (revision 71888) @@ -1,518 +1,554 @@ /* ** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set ** forth in the LICENSE file which can be found at the top level of ** the sendmail distribution. */ #ifndef lint -static char id[] = "@(#)$Id: smdb1.c,v 8.43.4.1 2000/08/24 17:08:00 gshapiro Exp $"; +static char id[] = "@(#)$Id: smdb1.c,v 8.43.4.3 2000/10/05 23:06:30 gshapiro Exp $"; #endif /* ! lint */ #include #include #include #include #include #if (DB_VERSION_MAJOR == 1) # define SMDB1_FILE_EXTENSION "db" struct smdb_db1_struct { DB *smdb1_db; int smdb1_lock_fd; bool smdb1_cursor_in_use; }; typedef struct smdb_db1_struct SMDB_DB1_DATABASE; struct smdb_db1_cursor { SMDB_DB1_DATABASE *db; }; typedef struct smdb_db1_cursor SMDB_DB1_CURSOR; /* ** SMDB_TYPE_TO_DB1_TYPE -- Translates smdb database type to db1 type. ** ** Parameters: ** type -- The type to translate. ** ** Returns: ** The DB1 type that corresponsds to the passed in SMDB type. ** Returns -1 if there is no equivalent type. ** */ DBTYPE smdb_type_to_db1_type(type) SMDB_DBTYPE type; { if (type == SMDB_TYPE_DEFAULT) return DB_HASH; if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0) return DB_HASH; if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0) return DB_BTREE; /* Should never get here thanks to test in smdb_db_open() */ return DB_HASH; } /* ** SMDB_PUT_FLAGS_TO_DB1_FLAGS -- Translates smdb put flags to db1 put flags. ** ** Parameters: ** flags -- The flags to translate. ** ** Returns: ** The db1 flags that are equivalent to the smdb flags. ** ** Notes: ** Any invalid flags are ignored. ** */ u_int smdb_put_flags_to_db1_flags(flags) SMDB_FLAG flags; { int return_flags; return_flags = 0; if (bitset(SMDBF_NO_OVERWRITE, flags)) return_flags |= R_NOOVERWRITE; return return_flags; } /* ** SMDB_CURSOR_GET_FLAGS_TO_SMDB1 ** ** Parameters: ** flags -- The flags to translate. ** ** Returns: ** The db1 flags that are equivalent to the smdb flags. ** ** Notes: ** Returns -1 if we don't support the flag. ** */ int smdb_cursor_get_flags_to_smdb1(flags) SMDB_FLAG flags; { switch(flags) { case SMDB_CURSOR_GET_FIRST: return R_FIRST; case SMDB_CURSOR_GET_LAST: return R_LAST; case SMDB_CURSOR_GET_NEXT: return R_NEXT; case SMDB_CURSOR_GET_RANGE: return R_CURSOR; default: return -1; } } SMDB_DB1_DATABASE * smdb1_malloc_database() { SMDB_DB1_DATABASE *db1; db1 = (SMDB_DB1_DATABASE *) malloc(sizeof(SMDB_DB1_DATABASE)); if (db1 != NULL) { db1->smdb1_lock_fd = -1; db1->smdb1_cursor_in_use = FALSE; } return db1; } /* ** The rest of these function correspond to the interface laid out ** in smdb.h. */ int smdb1_close(database) SMDB_DATABASE *database; { SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl; DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; if (db1->smdb1_lock_fd != -1) (void) close(db1->smdb1_lock_fd); free(db1); database->smdb_impl = NULL; return db->close(db); } int smdb1_del(database, key, flags) SMDB_DATABASE *database; SMDB_DBENT *key; u_int flags; { DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; + DBT dbkey; - return db->del(db, &key->db, flags); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + return db->del(db, &dbkey, flags); } int smdb1_fd(database, fd) SMDB_DATABASE *database; int *fd; { DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; *fd = db->fd(db); if (*fd == -1) return errno; return SMDBE_OK; } int smdb1_lockfd(database) SMDB_DATABASE *database; { SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl; return db1->smdb1_lock_fd; } int smdb1_get(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { int result; DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; + DBT dbkey, dbdata; - result = db->get(db, &key->db, &data->db, flags); + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + + result = db->get(db, &dbkey, &dbdata, flags); if (result != 0) { if (result == 1) return SMDBE_NOT_FOUND; return errno; } + data->data = dbdata.data; + data->size = dbdata.size; return SMDBE_OK; } int smdb1_put(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; + DBT dbkey, dbdata; - return db->put(db, &key->db, &data->db, - smdb_put_flags_to_db1_flags(flags)); + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + dbdata.data = data->data; + dbdata.size = data->size; + + return db->put(db, &dbkey, &dbdata, + smdb_put_flags_to_db1_flags(flags)); } int smdb1_set_owner(database, uid, gid) SMDB_DATABASE *database; uid_t uid; gid_t gid; { # if HASFCHOWN int fd; int result; DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; fd = db->fd(db); if (fd == -1) return errno; result = fchown(fd, uid, gid); if (result < 0) return errno; # endif /* HASFCHOWN */ return SMDBE_OK; } int smdb1_sync(database, flags) SMDB_DATABASE *database; u_int flags; { DB *db = ((SMDB_DB1_DATABASE *) database->smdb_impl)->smdb1_db; return db->sync(db, flags); } int smdb1_cursor_close(cursor) SMDB_CURSOR *cursor; { SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl; SMDB_DB1_DATABASE *db1 = db1_cursor->db; if (!db1->smdb1_cursor_in_use) return SMDBE_NOT_A_VALID_CURSOR; db1->smdb1_cursor_in_use = FALSE; free(cursor); return SMDBE_OK; } int smdb1_cursor_del(cursor, flags) SMDB_CURSOR *cursor; u_int flags; { SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl; SMDB_DB1_DATABASE *db1 = db1_cursor->db; DB *db = db1->smdb1_db; return db->del(db, NULL, R_CURSOR); } int smdb1_cursor_get(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { int db1_flags; int result; SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl; SMDB_DB1_DATABASE *db1 = db1_cursor->db; DB *db = db1->smdb1_db; + DBT dbkey, dbdata; + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + db1_flags = smdb_cursor_get_flags_to_smdb1(flags); - result = db->seq(db, &key->db, &value->db, db1_flags); + result = db->seq(db, &dbkey, &dbdata, db1_flags); if (result == -1) return errno; if (result == 1) return SMDBE_LAST_ENTRY; + value->data = dbdata.data; + value->size = dbdata.size; + key->data = dbkey.data; + key->size = dbkey.size; return SMDBE_OK; } int smdb1_cursor_put(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { SMDB_DB1_CURSOR *db1_cursor = (SMDB_DB1_CURSOR *) cursor->smdbc_impl; SMDB_DB1_DATABASE *db1 = db1_cursor->db; DB *db = db1->smdb1_db; + DBT dbkey, dbdata; - return db->put(db, &key->db, &value->db, R_CURSOR); + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + dbdata.data = value->data; + dbdata.size = value->size; + + return db->put(db, &dbkey, &dbdata, R_CURSOR); } int smdb1_cursor(database, cursor, flags) SMDB_DATABASE *database; SMDB_CURSOR **cursor; u_int flags; { SMDB_DB1_DATABASE *db1 = (SMDB_DB1_DATABASE *) database->smdb_impl; SMDB_CURSOR *cur; SMDB_DB1_CURSOR *db1_cursor; if (db1->smdb1_cursor_in_use) return SMDBE_ONLY_SUPPORTS_ONE_CURSOR; db1->smdb1_cursor_in_use = TRUE; db1_cursor = (SMDB_DB1_CURSOR *) malloc(sizeof(SMDB_DB1_CURSOR)); db1_cursor->db = db1; cur = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR)); if (cur == NULL) return SMDBE_MALLOC; cur->smdbc_impl = db1_cursor; cur->smdbc_close = smdb1_cursor_close; cur->smdbc_del = smdb1_cursor_del; cur->smdbc_get = smdb1_cursor_get; cur->smdbc_put = smdb1_cursor_put; *cursor = cur; return SMDBE_OK; } /* ** SMDB_DB_OPEN -- Opens a db1 database. ** ** Parameters: ** database -- An unallocated database pointer to a pointer. ** db_name -- The name of the database without extension. ** mode -- File permisions on the database if created. ** mode_mask -- Mode bits that must match on an existing database. ** sff -- Flags for safefile. ** type -- The type of database to open ** See smdb_type_to_db1_type for valid types. ** user_info -- Information on the user to use for file ** permissions. ** db_params -- ** An SMDB_DBPARAMS struct including params. These ** are processed according to the type of the ** database. Currently supported params (only for ** HASH type) are: ** num_elements ** cache_size ** ** Returns: ** SMDBE_OK -- Success, otherwise errno. */ int smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params) SMDB_DATABASE **database; char *db_name; int mode; int mode_mask; long sff; SMDB_DBTYPE type; SMDB_USER_INFO *user_info; SMDB_DBPARAMS *db_params; { int db_fd; int lock_fd; int result; void *params; SMDB_DATABASE *smdb_db; SMDB_DB1_DATABASE *db1; DB *db; HASHINFO hash_info; BTREEINFO btree_info; DBTYPE db_type; struct stat stat_info; char db_file_name[SMDB_MAX_NAME_LEN]; if (type == NULL || (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) != 0 && strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) != 0)) return SMDBE_UNKNOWN_DB_TYPE; result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN, db_name, SMDB1_FILE_EXTENSION); if (result != SMDBE_OK) return result; result = smdb_setup_file(db_name, SMDB1_FILE_EXTENSION, mode_mask, sff, user_info, &stat_info); if (result != SMDBE_OK) return result; lock_fd = -1; # if O_EXLOCK mode |= O_EXLOCK; # else /* O_EXLOCK */ result = smdb_lock_file(&lock_fd, db_name, mode, sff, SMDB1_FILE_EXTENSION); if (result != SMDBE_OK) return result; # endif /* O_EXLOCK */ *database = NULL; smdb_db = smdb_malloc_database(); db1 = smdb1_malloc_database(); if (smdb_db == NULL || db1 == NULL) return SMDBE_MALLOC; db1->smdb1_lock_fd = lock_fd; params = NULL; if (db_params != NULL && (strncmp(SMDB_TYPE_HASH, type, SMDB_TYPE_HASH_LEN) == 0)) { memset(&hash_info, '\0', sizeof hash_info); hash_info.nelem = db_params->smdbp_num_elements; hash_info.cachesize = db_params->smdbp_cache_size; params = &hash_info; } if (db_params != NULL && (strncmp(SMDB_TYPE_BTREE, type, SMDB_TYPE_BTREE_LEN) == 0)) { memset(&btree_info, '\0', sizeof btree_info); btree_info.cachesize = db_params->smdbp_cache_size; if (db_params->smdbp_allow_dup) btree_info.flags |= R_DUP; params = &btree_info; } db_type = smdb_type_to_db1_type(type); db = dbopen(db_file_name, mode, 0644, db_type, params); if (db != NULL) { db_fd = db->fd(db); result = smdb_filechanged(db_name, SMDB1_FILE_EXTENSION, db_fd, &stat_info); } else { if (errno == 0) result = SMDBE_BAD_OPEN; else result = errno; } if (result == SMDBE_OK) { /* Everything is ok. Setup driver */ db1->smdb1_db = db; smdb_db->smdb_close = smdb1_close; smdb_db->smdb_del = smdb1_del; smdb_db->smdb_fd = smdb1_fd; smdb_db->smdb_lockfd = smdb1_lockfd; smdb_db->smdb_get = smdb1_get; smdb_db->smdb_put = smdb1_put; smdb_db->smdb_set_owner = smdb1_set_owner; smdb_db->smdb_sync = smdb1_sync; smdb_db->smdb_cursor = smdb1_cursor; smdb_db->smdb_impl = db1; *database = smdb_db; return SMDBE_OK; } if (db != NULL) (void) db->close(db); /* Error opening database */ (void) smdb_unlock_file(db1->smdb1_lock_fd); free(db1); smdb_free_database(smdb_db); return result; } #endif /* (DB_VERSION_MAJOR == 1) */ Index: stable/4/contrib/sendmail/libsmdb/smdb2.c =================================================================== --- stable/4/contrib/sendmail/libsmdb/smdb2.c (revision 71887) +++ stable/4/contrib/sendmail/libsmdb/smdb2.c (revision 71888) @@ -1,657 +1,695 @@ /* ** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set ** forth in the LICENSE file which can be found at the top level of ** the sendmail distribution. */ #ifndef lint -static char id[] = "@(#)$Id: smdb2.c,v 8.53.2.1.2.2 2000/08/24 17:08:00 gshapiro Exp $"; +static char id[] = "@(#)$Id: smdb2.c,v 8.53.2.1.2.5 2000/10/26 00:39:56 geir Exp $"; #endif /* ! lint */ #include #include #include #include #include #if (DB_VERSION_MAJOR >= 2) # define SMDB2_FILE_EXTENSION "db" struct smdb_db2_database { DB *smdb2_db; int smdb2_lock_fd; }; typedef struct smdb_db2_database SMDB_DB2_DATABASE; /* ** SMDB_TYPE_TO_DB2_TYPE -- Translates smdb database type to db2 type. ** ** Parameters: ** type -- The type to translate. ** ** Returns: ** The DB2 type that corresponsds to the passed in SMDB type. ** Returns -1 if there is no equivalent type. ** */ DBTYPE smdb_type_to_db2_type(type) SMDB_DBTYPE type; { if (type == SMDB_TYPE_DEFAULT) return DB_HASH; if (strncmp(type, SMDB_TYPE_HASH, SMDB_TYPE_HASH_LEN) == 0) return DB_HASH; if (strncmp(type, SMDB_TYPE_BTREE, SMDB_TYPE_BTREE_LEN) == 0) return DB_BTREE; return DB_UNKNOWN; } /* ** DB2_ERROR_TO_SMDB -- Translates db2 errors to smdbe errors ** ** Parameters: ** error -- The error to translate. ** ** Returns: ** The SMDBE error corresponding to the db2 error. ** If we don't have a corresponding error, it returs errno. ** */ int db2_error_to_smdb(error) int error; { int result; switch (error) { # ifdef DB_INCOMPLETE case DB_INCOMPLETE: result = SMDBE_INCOMPLETE; break; # endif /* DB_INCOMPLETE */ # ifdef DB_NOTFOUND case DB_NOTFOUND: result = SMDBE_NOT_FOUND; break; # endif /* DB_NOTFOUND */ # ifdef DB_KEYEMPTY case DB_KEYEMPTY: result = SMDBE_KEY_EMPTY; break; # endif /* DB_KEYEMPTY */ # ifdef DB_KEYEXIST case DB_KEYEXIST: result = SMDBE_KEY_EXIST; break; # endif /* DB_KEYEXIST */ # ifdef DB_LOCK_DEADLOCK case DB_LOCK_DEADLOCK: result = SMDBE_LOCK_DEADLOCK; break; # endif /* DB_LOCK_DEADLOCK */ # ifdef DB_LOCK_NOTGRANTED case DB_LOCK_NOTGRANTED: result = SMDBE_LOCK_NOT_GRANTED; break; # endif /* DB_LOCK_NOTGRANTED */ # ifdef DB_LOCK_NOTHELD case DB_LOCK_NOTHELD: result = SMDBE_LOCK_NOT_HELD; break; # endif /* DB_LOCK_NOTHELD */ # ifdef DB_RUNRECOVERY case DB_RUNRECOVERY: result = SMDBE_RUN_RECOVERY; break; # endif /* DB_RUNRECOVERY */ # ifdef DB_OLD_VERSION case DB_OLD_VERSION: result = SMDBE_OLD_VERSION; break; # endif /* DB_OLD_VERSION */ case 0: result = SMDBE_OK; break; default: result = error; } return result; } /* ** SMDB_PUT_FLAGS_TO_DB2_FLAGS -- Translates smdb put flags to db2 put flags. ** ** Parameters: ** flags -- The flags to translate. ** ** Returns: ** The db2 flags that are equivalent to the smdb flags. ** ** Notes: ** Any invalid flags are ignored. ** */ u_int smdb_put_flags_to_db2_flags(flags) SMDB_FLAG flags; { int return_flags; return_flags = 0; if (bitset(SMDBF_NO_OVERWRITE, flags)) return_flags |= DB_NOOVERWRITE; return return_flags; } /* ** SMDB_CURSOR_GET_FLAGS_TO_DB2 -- Translates smdb cursor get flags to db2 ** getflags. ** ** Parameters: ** flags -- The flags to translate. ** ** Returns: ** The db2 flags that are equivalent to the smdb flags. ** ** Notes: ** -1 is returned if flag is unknown. ** */ int smdb_cursor_get_flags_to_db2(flags) SMDB_FLAG flags; { switch (flags) { case SMDB_CURSOR_GET_FIRST: return DB_FIRST; case SMDB_CURSOR_GET_LAST: return DB_LAST; case SMDB_CURSOR_GET_NEXT: return DB_NEXT; case SMDB_CURSOR_GET_RANGE: return DB_SET_RANGE; default: return -1; } } SMDB_DB2_DATABASE * smdb2_malloc_database() { SMDB_DB2_DATABASE *db2; db2 = (SMDB_DB2_DATABASE *) malloc(sizeof(SMDB_DB2_DATABASE)); if (db2 != NULL) db2->smdb2_lock_fd = -1; return db2; } /* ** Except for smdb_db_open, the rest of these function correspond to the ** interface laid out in smdb.h. */ int smdb2_close(database) SMDB_DATABASE *database; { SMDB_DB2_DATABASE *db2 = (SMDB_DB2_DATABASE *) database->smdb_impl; DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; if (db2->smdb2_lock_fd != -1) close(db2->smdb2_lock_fd); free(db2); database->smdb_impl = NULL; return db2_error_to_smdb(db->close(db, 0)); } int smdb2_del(database, key, flags) SMDB_DATABASE *database; SMDB_DBENT *key; u_int flags; { DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; + DBT dbkey; - return db2_error_to_smdb(db->del(db, NULL, &key->db, flags)); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + return db2_error_to_smdb(db->del(db, NULL, &dbkey, flags)); } int smdb2_fd(database, fd) SMDB_DATABASE *database; int *fd; { DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; return db2_error_to_smdb(db->fd(db, fd)); } int smdb2_lockfd(database) SMDB_DATABASE *database; { SMDB_DB2_DATABASE *db2 = (SMDB_DB2_DATABASE *) database->smdb_impl; return db2->smdb2_lock_fd; } int smdb2_get(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { + int result; DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; + DBT dbkey, dbdata; - return db2_error_to_smdb(db->get(db, NULL, &key->db, &data->db, flags)); + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + + result = db->get(db, NULL, &dbkey, &dbdata, flags); + data->data = dbdata.data; + data->size = dbdata.size; + return db2_error_to_smdb(result); } int smdb2_put(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; + DBT dbkey, dbdata; - return db2_error_to_smdb(db->put(db, NULL, &key->db, &data->db, + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + dbdata.data = data->data; + dbdata.size = data->size; + + return db2_error_to_smdb(db->put(db, NULL, &dbkey, &dbdata, smdb_put_flags_to_db2_flags(flags))); } int smdb2_set_owner(database, uid, gid) SMDB_DATABASE *database; uid_t uid; gid_t gid; { # if HASFCHOWN int fd; int result; DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; result = db->fd(db, &fd); if (result != 0) return result; result = fchown(fd, uid, gid); if (result < 0) return errno; # endif /* HASFCHOWN */ return SMDBE_OK; } int smdb2_sync(database, flags) SMDB_DATABASE *database; u_int flags; { DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; return db2_error_to_smdb(db->sync(db, flags)); } int smdb2_cursor_close(cursor) SMDB_CURSOR *cursor; { DBC *dbc = (DBC *) cursor->smdbc_impl; return db2_error_to_smdb(dbc->c_close(dbc)); } int smdb2_cursor_del(cursor, flags) SMDB_CURSOR *cursor; SMDB_FLAG flags; { DBC *dbc = (DBC *) cursor->smdbc_impl; return db2_error_to_smdb(dbc->c_del(dbc, 0)); } int smdb2_cursor_get(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { int db2_flags; int result; DBC *dbc = (DBC *) cursor->smdbc_impl; + DBT dbkey, dbdata; + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + db2_flags = smdb_cursor_get_flags_to_db2(flags); - result = dbc->c_get(dbc, &key->db, &value->db, db2_flags); + result = dbc->c_get(dbc, &dbkey, &dbdata, db2_flags); if (result == DB_NOTFOUND) return SMDBE_LAST_ENTRY; + key->data = dbkey.data; + key->size = dbkey.size; + value->data = dbdata.data; + value->size = dbdata.size; return db2_error_to_smdb(result); } int smdb2_cursor_put(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { DBC *dbc = (DBC *) cursor->smdbc_impl; + DBT dbkey, dbdata; - return db2_error_to_smdb(dbc->c_put(dbc, &key->db, &value->db, 0)); + memset(&dbdata, '\0', sizeof dbdata); + memset(&dbkey, '\0', sizeof dbkey); + dbkey.data = key->data; + dbkey.size = key->size; + dbdata.data = value->data; + dbdata.size = value->size; + + return db2_error_to_smdb(dbc->c_put(dbc, &dbkey, &dbdata, 0)); } int smdb2_cursor(database, cursor, flags) SMDB_DATABASE *database; SMDB_CURSOR **cursor; SMDB_FLAG flags; { int result; DB *db = ((SMDB_DB2_DATABASE *) database->smdb_impl)->smdb2_db; DBC *db2_cursor; # if DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 result = db->cursor(db, NULL, &db2_cursor, 0); # else /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */ result = db->cursor(db, NULL, &db2_cursor); # endif /* DB_VERSION_MAJOR > 2 || DB_VERSION_MINOR >= 6 */ if (result != 0) return db2_error_to_smdb(result); *cursor = (SMDB_CURSOR *) malloc(sizeof(SMDB_CURSOR)); if (*cursor == NULL) return SMDBE_MALLOC; (*cursor)->smdbc_close = smdb2_cursor_close; (*cursor)->smdbc_del = smdb2_cursor_del; (*cursor)->smdbc_get = smdb2_cursor_get; (*cursor)->smdbc_put = smdb2_cursor_put; (*cursor)->smdbc_impl = db2_cursor; return SMDBE_OK; } # if DB_VERSION_MAJOR == 2 static int smdb_db_open_internal(db_name, db_type, db_flags, db_params, db) char *db_name; DBTYPE db_type; int db_flags; SMDB_DBPARAMS *db_params; DB **db; { void *params; DB_INFO db_info; params = NULL; memset(&db_info, '\0', sizeof db_info); if (db_params != NULL) { db_info.db_cachesize = db_params->smdbp_cache_size; if (db_type == DB_HASH) db_info.h_nelem = db_params->smdbp_num_elements; if (db_params->smdbp_allow_dup) db_info.flags |= DB_DUP; params = &db_info; } return db_open(db_name, db_type, db_flags, 0644, NULL, params, db); } # endif /* DB_VERSION_MAJOR == 2 */ # if DB_VERSION_MAJOR > 2 static int smdb_db_open_internal(db_name, db_type, db_flags, db_params, db) char *db_name; DBTYPE db_type; int db_flags; SMDB_DBPARAMS *db_params; DB **db; { int result; result = db_create(db, NULL, 0); if (result != 0 || *db == NULL) return result; if (db_params != NULL) { result = (*db)->set_cachesize(*db, 0, db_params->smdbp_cache_size, 0); if (result != 0) { (void) (*db)->close((*db), 0); *db = NULL; return db2_error_to_smdb(result); } if (db_type == DB_HASH) { result = (*db)->set_h_nelem(*db, db_params->smdbp_num_elements); if (result != 0) { (void) (*db)->close(*db, 0); *db = NULL; return db2_error_to_smdb(result); } } if (db_params->smdbp_allow_dup) { result = (*db)->set_flags(*db, DB_DUP); if (result != 0) { (void) (*db)->close(*db, 0); *db = NULL; return db2_error_to_smdb(result); } } } result = (*db)->open(*db, db_name, NULL, db_type, db_flags, 0644); if (result != 0) { (void) (*db)->close(*db, 0); *db = NULL; } return db2_error_to_smdb(result); } # endif /* DB_VERSION_MAJOR > 2 */ /* ** SMDB_DB_OPEN -- Opens a db database. ** ** Parameters: ** database -- An unallocated database pointer to a pointer. ** db_name -- The name of the database without extension. ** mode -- File permisions for a created database. ** mode_mask -- Mode bits that must match on an opened database. ** sff -- Flags for safefile. ** type -- The type of database to open ** See smdb_type_to_db2_type for valid types. ** user_info -- User information for file permissions. ** db_params -- ** An SMDB_DBPARAMS struct including params. These ** are processed according to the type of the ** database. Currently supported params (only for ** HASH type) are: ** num_elements ** cache_size ** ** Returns: ** SMDBE_OK -- Success, other errno: ** SMDBE_MALLOC -- Cannot allocate memory. ** SMDBE_BAD_OPEN -- db_open didn't return an error, but ** somehow the DB pointer is NULL. ** Anything else: translated error from db2 */ int smdb_db_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params) SMDB_DATABASE **database; char *db_name; int mode; int mode_mask; long sff; SMDB_DBTYPE type; SMDB_USER_INFO *user_info; SMDB_DBPARAMS *db_params; { bool lockcreated = FALSE; int result; int db_flags; int lock_fd; int db_fd; SMDB_DATABASE *smdb_db; SMDB_DB2_DATABASE *db2; DB *db; DBTYPE db_type; struct stat stat_info; char db_file_name[SMDB_MAX_NAME_LEN]; *database = NULL; result = smdb_add_extension(db_file_name, SMDB_MAX_NAME_LEN, db_name, SMDB2_FILE_EXTENSION); if (result != SMDBE_OK) return result; result = smdb_setup_file(db_name, SMDB2_FILE_EXTENSION, mode_mask, sff, user_info, &stat_info); if (result != SMDBE_OK) return result; lock_fd = -1; if (stat_info.st_mode == ST_MODE_NOFILE && bitset(mode, O_CREAT)) lockcreated = TRUE; result = smdb_lock_file(&lock_fd, db_name, mode, sff, SMDB2_FILE_EXTENSION); if (result != SMDBE_OK) return result; if (lockcreated) { mode |= O_TRUNC; mode &= ~(O_CREAT|O_EXCL); } smdb_db = smdb_malloc_database(); if (smdb_db == NULL) return SMDBE_MALLOC; db2 = smdb2_malloc_database(); if (db2 == NULL) return SMDBE_MALLOC; db2->smdb2_lock_fd = lock_fd; db_type = smdb_type_to_db2_type(type); db = NULL; db_flags = 0; if (bitset(O_CREAT, mode)) db_flags |= DB_CREATE; if (bitset(O_TRUNC, mode)) db_flags |= DB_TRUNCATE; if (mode == O_RDONLY) db_flags |= DB_RDONLY; # if !HASFLOCK && defined(DB_FCNTL_LOCKING) db_flags |= DB_FCNTL_LOCKING; # endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */ result = smdb_db_open_internal(db_file_name, db_type, db_flags, db_params, &db); if (result == 0 && db != NULL) { result = db->fd(db, &db_fd); if (result == 0) result = SMDBE_OK; } else { /* Try and narrow down on the problem */ if (result != 0) result = db2_error_to_smdb(result); else result = SMDBE_BAD_OPEN; } if (result == SMDBE_OK) result = smdb_filechanged(db_name, SMDB2_FILE_EXTENSION, db_fd, &stat_info); if (result == SMDBE_OK) { /* Everything is ok. Setup driver */ db2->smdb2_db = db; smdb_db->smdb_close = smdb2_close; smdb_db->smdb_del = smdb2_del; smdb_db->smdb_fd = smdb2_fd; smdb_db->smdb_lockfd = smdb2_lockfd; smdb_db->smdb_get = smdb2_get; smdb_db->smdb_put = smdb2_put; smdb_db->smdb_set_owner = smdb2_set_owner; smdb_db->smdb_sync = smdb2_sync; smdb_db->smdb_cursor = smdb2_cursor; smdb_db->smdb_impl = db2; *database = smdb_db; return SMDBE_OK; } if (db != NULL) db->close(db, 0); smdb_unlock_file(db2->smdb2_lock_fd); free(db2); smdb_free_database(smdb_db); return result; } #endif /* (DB_VERSION_MAJOR >= 2) */ Index: stable/4/contrib/sendmail/libsmdb/smndbm.c =================================================================== --- stable/4/contrib/sendmail/libsmdb/smndbm.c (revision 71887) +++ stable/4/contrib/sendmail/libsmdb/smndbm.c (revision 71888) @@ -1,589 +1,621 @@ /* ** Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. ** All rights reserved. ** ** By using this file, you agree to the terms and conditions set ** forth in the LICENSE file which can be found at the top level of ** the sendmail distribution. */ #ifndef lint -static char id[] = "@(#)$Id: smndbm.c,v 8.40.4.1 2000/08/24 17:08:00 gshapiro Exp $"; +static char id[] = "@(#)$Id: smndbm.c,v 8.40.4.3 2000/10/05 22:27:50 gshapiro Exp $"; #endif /* ! lint */ #include #include #include #include #include #ifdef NDBM # define SMNDB_DIR_FILE_EXTENSION "dir" # define SMNDB_PAG_FILE_EXTENSION "pag" struct smdb_dbm_database_struct { DBM *smndbm_dbm; int smndbm_lock_fd; bool smndbm_cursor_in_use; }; typedef struct smdb_dbm_database_struct SMDB_DBM_DATABASE; struct smdb_dbm_cursor_struct { SMDB_DBM_DATABASE *smndbmc_db; datum smndbmc_current_key; }; typedef struct smdb_dbm_cursor_struct SMDB_DBM_CURSOR; /* ** SMDB_PUT_FLAGS_TO_NDBM_FLAGS -- Translates smdb put flags to ndbm put flags. ** ** Parameters: ** flags -- The flags to translate. ** ** Returns: ** The ndbm flags that are equivalent to the smdb flags. ** ** Notes: ** Any invalid flags are ignored. ** */ int smdb_put_flags_to_ndbm_flags(flags) SMDB_FLAG flags; { int return_flags; return_flags = 0; if (bitset(SMDBF_NO_OVERWRITE, flags)) return_flags = DBM_INSERT; else return_flags = DBM_REPLACE; return return_flags; } /* ** smdbm_malloc_database -- Create and initialize SMDB_DBM_DATABASE ** ** Parameters: ** None ** ** Returns: ** A pointer to an allocated SMDB_DBM_DATABASE or NULL ** */ SMDB_DBM_DATABASE * smdbm_malloc_database() { SMDB_DBM_DATABASE *db; db = (SMDB_DBM_DATABASE *) malloc(sizeof(SMDB_DBM_DATABASE)); if (db != NULL) { db->smndbm_dbm = NULL; db->smndbm_lock_fd = -1; db->smndbm_cursor_in_use = FALSE; } return db; } /* ** Except for smdb_ndbm_open, the rest of these function correspond to the ** interface laid out in smdb.h. */ int smdbm_close(database) SMDB_DATABASE *database; { SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl; DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; dbm_close(dbm); if (db->smndbm_lock_fd != -1) close(db->smndbm_lock_fd); free(db); database->smdb_impl = NULL; return SMDBE_OK; } int smdbm_del(database, key, flags) SMDB_DATABASE *database; SMDB_DBENT *key; u_int flags; { int result; DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; + datum dbkey; + memset(&dbkey, '\0', sizeof dbkey); + dbkey.dptr = key->data; + dbkey.dsize = key->size; + errno = 0; - result = dbm_delete(dbm, key->dbm); + result = dbm_delete(dbm, dbkey); if (result != 0) { int save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_NOT_FOUND; } return SMDBE_OK; } int smdbm_fd(database, fd) SMDB_DATABASE *database; int *fd; { DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; *fd = dbm_dirfno(dbm); if (*fd <= 0) return EINVAL; return SMDBE_OK; } int smdbm_lockfd(database) SMDB_DATABASE *database; { SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl; return db->smndbm_lock_fd; } int smdbm_get(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; + datum dbkey, dbdata; + memset(&dbkey, '\0', sizeof dbkey); + memset(&dbdata, '\0', sizeof dbdata); + dbkey.dptr = key->data; + dbkey.dsize = key->size; + errno = 0; - data->dbm = dbm_fetch(dbm, key->dbm); - if (data->dbm.dptr == NULL) + dbdata = dbm_fetch(dbm, dbkey); + if (dbdata.dptr == NULL) { int save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_NOT_FOUND; } - + data->data = dbdata.dptr; + data->size = dbdata.dsize; return SMDBE_OK; } int smdbm_put(database, key, data, flags) SMDB_DATABASE *database; SMDB_DBENT *key; SMDB_DBENT *data; u_int flags; { int result; int save_errno; DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; + datum dbkey, dbdata; + memset(&dbkey, '\0', sizeof dbkey); + memset(&dbdata, '\0', sizeof dbdata); + dbkey.dptr = key->data; + dbkey.dsize = key->size; + dbdata.dptr = data->data; + dbdata.dsize = data->size; + errno = 0; - result = dbm_store(dbm, key->dbm, data->dbm, + result = dbm_store(dbm, dbkey, dbdata, smdb_put_flags_to_ndbm_flags(flags)); switch (result) { case 1: return SMDBE_DUPLICATE; case 0: return SMDBE_OK; default: save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_IO_ERROR; } /* NOTREACHED */ } int smndbm_set_owner(database, uid, gid) SMDB_DATABASE *database; uid_t uid; gid_t gid; { # if HASFCHOWN int fd; int result; DBM *dbm = ((SMDB_DBM_DATABASE *) database->smdb_impl)->smndbm_dbm; fd = dbm_dirfno(dbm); if (fd <= 0) return EINVAL; result = fchown(fd, uid, gid); if (result < 0) return errno; fd = dbm_pagfno(dbm); if (fd <= 0) return EINVAL; result = fchown(fd, uid, gid); if (result < 0) return errno; # endif /* HASFCHOWN */ return SMDBE_OK; } int smdbm_sync(database, flags) SMDB_DATABASE *database; u_int flags; { return SMDBE_UNSUPPORTED; } int smdbm_cursor_close(cursor) SMDB_CURSOR *cursor; { SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl; SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db; if (!db->smndbm_cursor_in_use) return SMDBE_NOT_A_VALID_CURSOR; db->smndbm_cursor_in_use = FALSE; free(dbm_cursor); free(cursor); return SMDBE_OK; } int smdbm_cursor_del(cursor, flags) SMDB_CURSOR *cursor; u_int flags; { int result; SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl; SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db; DBM *dbm = db->smndbm_dbm; errno = 0; result = dbm_delete(dbm, dbm_cursor->smndbmc_current_key); if (result != 0) { int save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_NOT_FOUND; } return SMDBE_OK; } int smdbm_cursor_get(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl; SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db; DBM *dbm = db->smndbm_dbm; + datum dbkey, dbdata; + memset(&dbkey, '\0', sizeof dbkey); + memset(&dbdata, '\0', sizeof dbdata); + if (flags == SMDB_CURSOR_GET_RANGE) return SMDBE_UNSUPPORTED; if (dbm_cursor->smndbmc_current_key.dptr == NULL) { dbm_cursor->smndbmc_current_key = dbm_firstkey(dbm); if (dbm_cursor->smndbmc_current_key.dptr == NULL) { if (dbm_error(dbm)) return SMDBE_IO_ERROR; return SMDBE_LAST_ENTRY; } } else { dbm_cursor->smndbmc_current_key = dbm_nextkey(dbm); if (dbm_cursor->smndbmc_current_key.dptr == NULL) { if (dbm_error(dbm)) return SMDBE_IO_ERROR; return SMDBE_LAST_ENTRY; } } errno = 0; - value->dbm = dbm_fetch(dbm, dbm_cursor->smndbmc_current_key); - if (value->dbm.dptr == NULL) + dbdata = dbm_fetch(dbm, dbm_cursor->smndbmc_current_key); + if (dbdata.dptr == NULL) { int save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_NOT_FOUND; } - key->dbm = dbm_cursor->smndbmc_current_key; + value->data = dbdata.dptr; + value->size = dbdata.dsize; + key->data = dbm_cursor->smndbmc_current_key.dptr; + key->size = dbm_cursor->smndbmc_current_key.dsize; return SMDBE_OK; } int smdbm_cursor_put(cursor, key, value, flags) SMDB_CURSOR *cursor; SMDB_DBENT *key; SMDB_DBENT *value; SMDB_FLAG flags; { int result; int save_errno; SMDB_DBM_CURSOR *dbm_cursor = (SMDB_DBM_CURSOR *) cursor->smdbc_impl; SMDB_DBM_DATABASE *db = dbm_cursor->smndbmc_db; DBM *dbm = db->smndbm_dbm; + datum dbdata; + memset(&dbdata, '\0', sizeof dbdata); + dbdata.dptr = value->data; + dbdata.dsize = value->size; + errno = 0; - result = dbm_store(dbm, dbm_cursor->smndbmc_current_key, value->dbm, + result = dbm_store(dbm, dbm_cursor->smndbmc_current_key, dbdata, smdb_put_flags_to_ndbm_flags(flags)); switch (result) { case 1: return SMDBE_DUPLICATE; case 0: return SMDBE_OK; default: save_errno = errno; if (dbm_error(dbm)) return SMDBE_IO_ERROR; if (save_errno != 0) return save_errno; return SMDBE_IO_ERROR; } /* NOTREACHED */ } int smdbm_cursor(database, cursor, flags) SMDB_DATABASE *database; SMDB_CURSOR **cursor; SMDB_FLAG flags; { SMDB_DBM_DATABASE *db = (SMDB_DBM_DATABASE *) database->smdb_impl; SMDB_CURSOR *cur; SMDB_DBM_CURSOR *dbm_cursor; if (db->smndbm_cursor_in_use) return SMDBE_ONLY_SUPPORTS_ONE_CURSOR; db->smndbm_cursor_in_use = TRUE; dbm_cursor = (SMDB_DBM_CURSOR *) malloc(sizeof(SMDB_DBM_CURSOR)); dbm_cursor->smndbmc_db = db; dbm_cursor->smndbmc_current_key.dptr = NULL; dbm_cursor->smndbmc_current_key.dsize = 0; cur = (SMDB_CURSOR*) malloc(sizeof(SMDB_CURSOR)); if (cur == NULL) return SMDBE_MALLOC; cur->smdbc_impl = dbm_cursor; cur->smdbc_close = smdbm_cursor_close; cur->smdbc_del = smdbm_cursor_del; cur->smdbc_get = smdbm_cursor_get; cur->smdbc_put = smdbm_cursor_put; *cursor = cur; return SMDBE_OK; } /* ** SMDB_NDBM_OPEN -- Opens a ndbm database. ** ** Parameters: ** database -- An unallocated database pointer to a pointer. ** db_name -- The name of the database without extension. ** mode -- File permisions on a created database. ** mode_mask -- Mode bits that much match on an opened database. ** sff -- Flags to safefile. ** type -- The type of database to open. ** Only SMDB_NDBM is supported. ** user_info -- Information on the user to use for file ** permissions. ** db_params -- ** No params are supported. ** ** Returns: ** SMDBE_OK -- Success, otherwise errno: ** SMDBE_MALLOC -- Cannot allocate memory. ** SMDBE_UNSUPPORTED -- The type is not supported. ** SMDBE_GDBM_IS_BAD -- We have detected GDBM and we don't ** like it. ** SMDBE_BAD_OPEN -- dbm_open failed and errno was not set. ** Anything else: errno */ int smdb_ndbm_open(database, db_name, mode, mode_mask, sff, type, user_info, db_params) SMDB_DATABASE **database; char *db_name; int mode; int mode_mask; long sff; SMDB_DBTYPE type; SMDB_USER_INFO *user_info; SMDB_DBPARAMS *db_params; { int result; int lock_fd; SMDB_DATABASE *smdb_db; SMDB_DBM_DATABASE *db; DBM *dbm = NULL; struct stat dir_stat_info; struct stat pag_stat_info; result = SMDBE_OK; *database = NULL; if (type == NULL) return SMDBE_UNKNOWN_DB_TYPE; result = smdb_setup_file(db_name, SMNDB_DIR_FILE_EXTENSION, mode_mask, sff, user_info, &dir_stat_info); if (result != SMDBE_OK) return result; result = smdb_setup_file(db_name, SMNDB_PAG_FILE_EXTENSION, mode_mask, sff, user_info, &pag_stat_info); if (result != SMDBE_OK) return result; lock_fd = -1; # if O_EXLOCK mode |= O_EXLOCK; # else /* O_EXLOCK */ result = smdb_lock_file(&lock_fd, db_name, mode, sff, SMNDB_DIR_FILE_EXTENSION); if (result != SMDBE_OK) return result; # endif /* O_EXLOCK */ smdb_db = smdb_malloc_database(); if (smdb_db == NULL) result = SMDBE_MALLOC; db = smdbm_malloc_database(); if (db == NULL) result = SMDBE_MALLOC; /* Try to open database */ if (result == SMDBE_OK) { db->smndbm_lock_fd = lock_fd; errno = 0; dbm = dbm_open(db_name, mode, 0644); if (dbm == NULL) { if (errno == 0) result = SMDBE_BAD_OPEN; else result = errno; } db->smndbm_dbm = dbm; } /* Check for GDBM */ if (result == SMDBE_OK) { if (dbm_dirfno(dbm) == dbm_pagfno(dbm)) result = SMDBE_GDBM_IS_BAD; } /* Check for filechanged */ if (result == SMDBE_OK) { result = smdb_filechanged(db_name, SMNDB_DIR_FILE_EXTENSION, dbm_dirfno(dbm), &dir_stat_info); if (result == SMDBE_OK) { result = smdb_filechanged(db_name, SMNDB_PAG_FILE_EXTENSION, dbm_pagfno(dbm), &pag_stat_info); } } /* XXX Got to get fchown stuff in here */ /* Setup driver if everything is ok */ if (result == SMDBE_OK) { *database = smdb_db; smdb_db->smdb_close = smdbm_close; smdb_db->smdb_del = smdbm_del; smdb_db->smdb_fd = smdbm_fd; smdb_db->smdb_lockfd = smdbm_lockfd; smdb_db->smdb_get = smdbm_get; smdb_db->smdb_put = smdbm_put; smdb_db->smdb_set_owner = smndbm_set_owner; smdb_db->smdb_sync = smdbm_sync; smdb_db->smdb_cursor = smdbm_cursor; smdb_db->smdb_impl = db; return SMDBE_OK; } /* If we're here, something bad happened, clean up */ if (dbm != NULL) dbm_close(dbm); smdb_unlock_file(db->smndbm_lock_fd); free(db); smdb_free_database(smdb_db); return result; } #endif /* NDBM */ Index: stable/4/contrib/sendmail/libsmutil/lockfile.c =================================================================== --- stable/4/contrib/sendmail/libsmutil/lockfile.c (revision 71887) +++ stable/4/contrib/sendmail/libsmutil/lockfile.c (revision 71888) @@ -1,83 +1,84 @@ /* - * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: lockfile.c,v 8.3 1999/08/31 15:38:27 ca Exp $"; +static char id[] = "@(#)$Id: lockfile.c,v 8.3.16.11 2000/11/16 02:54:28 geir Exp $"; #endif /* ! lint */ #include /* ** LOCKFILE -- lock a file using flock or (shudder) fcntl locking ** ** Parameters: ** fd -- the file descriptor of the file. ** filename -- the file name (for error messages). [unused] ** ext -- the filename extension. [unused] ** type -- type of the lock. Bits can be: ** LOCK_EX -- exclusive lock. ** LOCK_NB -- non-blocking. +** LOCK_UN -- unlock. ** ** Returns: ** TRUE if the lock was acquired. ** FALSE otherwise. */ bool lockfile(fd, filename, ext, type) int fd; char *filename; char *ext; int type; { #if !HASFLOCK int action; struct flock lfd; extern int errno; memset(&lfd, '\0', sizeof lfd); if (bitset(LOCK_UN, type)) lfd.l_type = F_UNLCK; else if (bitset(LOCK_EX, type)) lfd.l_type = F_WRLCK; else lfd.l_type = F_RDLCK; if (bitset(LOCK_NB, type)) action = F_SETLK; else action = F_SETLKW; if (fcntl(fd, action, &lfd) >= 0) return TRUE; /* ** On SunOS, if you are testing using -oQ/tmp/mqueue or ** -oA/tmp/aliases or anything like that, and /tmp is mounted ** as type "tmp" (that is, served from swap space), the ** previous fcntl will fail with "Invalid argument" errors. ** Since this is fairly common during testing, we will assume ** that this indicates that the lock is successfully grabbed. */ if (errno == EINVAL) return TRUE; #else /* !HASFLOCK */ if (flock(fd, type) >= 0) return TRUE; #endif /* !HASFLOCK */ return FALSE; } Index: stable/4/contrib/sendmail/mail.local/mail.local.8 =================================================================== --- stable/4/contrib/sendmail/mail.local/mail.local.8 (revision 71887) +++ stable/4/contrib/sendmail/mail.local/mail.local.8 (revision 71888) @@ -1,125 +1,127 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: mail.local.8,v 8.14.14.3 2000/09/17 17:04:25 gshapiro Exp $ +.\" $Id: mail.local.8,v 8.14.14.5 2000/12/29 18:12:16 gshapiro Exp $ .\" .\" $FreeBSD$ .\" -.TH MAIL.LOCAL 8 "$Date: 2000/09/17 17:04:25 $" +.TH MAIL.LOCAL 8 "$Date: 2000/12/29 18:12:16 $" .SH NAME -.B mail.local +mail.local \- store mail in a mailbox .SH SYNOPSIS .B mail.local .RB [ \-7 "] [" \-B "] [" \-b "] [" \-d "] [" \-l "] [" \-s "] [" \-f +.IR from "] " +.RB [ \-r .IR from "] " "user ..." .SH DESCRIPTION .B Mail.local reads the standard input up to an end-of-file and appends it to each .I user's .B mail file. The .I user must be a valid user name. .PP The options are as follows: .TP 1i .B \-7 Do not advertise 8BITMIME support in LMTP mode. .TP .B \-B Turn off the attempts to notify the .Dq biff service. .TP .B \-b Return a permanent error instead of a temporary error if a mailbox exceeds quota. .TP .B \-d Specify this is a delivery (for backward compatibility). .TP .BI \-f " from" Specify the sender's name. .TP .B \-l Turn on LMTP mode. .TP .B \-s Turn off the .Xr fsync 2 call that forces the mailbox to be committed to disk before returning a .Dq success status. .TP .BI \-r " from" Specify the sender's name (for backward compatibility). .PP Individual mail messages in the mailbox are delimited by an empty line followed by a line beginning with the string ``From ''. A line containing the string ``From '', the sender's name and a time stamp is prepended to each delivered mail message. A blank line is appended to each message. A greater-than character (``>'') is prepended to any line in the message which could be mistaken for a ``From '' delimiter line (that is, a line beginning with the five characters ``From '' following a blank line). .PP The mail files are exclusively locked with flock(2) while mail is appended, and a .B user.lock file also is created while the mailbox is locked for compatibility with older MUAs. .PP If the ``biff'' service is returned by getservbyname(3), the biff server is notified of delivered mail. .PP The .B mail.local utility exits 0 on success, and >0 if an error occurs. .SH ENVIRONMENT .IP TZ Used to set the appropriate time zone on the timestamp. .SH FILES .PD 0.2v .TP 2.2i /tmp/local.XXXXXX temporary files .TP /var/mail/user user's mailbox directory .TP /var/mail/user.lock lock file for a user's mailbox .PD .SH SEE ALSO mail(1), flock(2), getservbyname(3), comsat(8), sendmail(8) .SH WARNING .B mail.local escapes only "^From " lines that follow an empty line. If all lines starting with "From " should be escaped, use the 'E' flag for the local mailer in the sendmail.cf file. .SH HISTORY A superset of .B mail.local (handling mailbox reading as well as mail delivery) appeared in Version 7 AT&T UNIX as the program .BR mail . Index: stable/4/contrib/sendmail/mail.local/mail.local.c =================================================================== --- stable/4/contrib/sendmail/mail.local/mail.local.c (revision 71887) +++ stable/4/contrib/sendmail/mail.local/mail.local.c (revision 71888) @@ -1,1732 +1,1732 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1990, 1993, 1994\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: mail.local.c,v 8.143.4.37 2000/09/22 00:49:10 doug Exp $"; +static char id[] = "@(#)$Id: mail.local.c,v 8.143.4.39 2000/11/14 20:02:47 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ /* ** This is not intended to work on System V derived systems ** such as Solaris or HP-UX, since they use a totally different ** approach to mailboxes (essentially, they have a setgid program ** rather than setuid, and they rely on the ability to "give away" ** files to do their work). IT IS NOT A BUG that this doesn't ** work on such architectures. */ /* additional mode for open() */ # define EXTRA_MODE 0 # include # include # include # include # include # include # include # include # include # include # include # include # include # include # include # include # ifdef EX_OK # undef EX_OK /* unistd.h may have another use for this */ # endif /* EX_OK */ # include # include # ifndef __P # include "sendmail/cdefs.h" # endif /* ! __P */ # include "sendmail/useful.h" extern size_t strlcpy __P((char *, const char *, size_t)); extern size_t strlcat __P((char *, const char *, size_t)); # if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6) # ifndef HASSTRERROR # define HASSTRERROR 1 # endif /* ! HASSTRERROR */ # endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ # include "sendmail/errstring.h" # ifndef LOCKTO_RM # define LOCKTO_RM 300 /* timeout for stale lockfile removal */ # endif /* ! LOCKTO_RM */ # ifndef LOCKTO_GLOB # define LOCKTO_GLOB 400 /* global timeout for lockfile creation */ # endif /* ! LOCKTO_GLOB */ # ifdef __STDC__ # include # define REALLOC(ptr, size) realloc(ptr, size) # else /* __STDC__ */ # include /* define a realloc() which works for NULL pointers */ # define REALLOC(ptr, size) (((ptr) == NULL) ? malloc(size) : realloc(ptr, size)) # endif /* __STDC__ */ # if (defined(sun) && defined(__svr4__)) || defined(__SVR4) # define USE_LOCKF 1 # define USE_SETEUID 1 # define _PATH_MAILDIR "/var/mail" # endif /* (defined(sun) && defined(__svr4__)) || defined(__SVR4) */ # ifdef NCR_MP_RAS3 # define USE_LOCKF 1 # define HASSNPRINTF 1 # define _PATH_MAILDIR "/var/mail" # endif /* NCR_MP_RAS3 */ # if defined(_AIX) # define USE_LOCKF 1 # define USE_SETEUID 1 # define USE_VSYSLOG 0 # endif /* defined(_AIX) */ # if defined(__hpux) # define USE_LOCKF 1 # define USE_SETRESUID 1 # define USE_VSYSLOG 0 # endif /* defined(__hpux) */ # ifdef DGUX # define HASSNPRINTF 1 # define USE_LOCKF 1 # define USE_VSYSLOG 0 # endif /* DGUX */ # if defined(_CRAY) # if !defined(MAXPATHLEN) # define MAXPATHLEN PATHSIZE # endif /* !defined(MAXPATHLEN) */ # define USE_VSYSLOG 0 # define _PATH_MAILDIR "/usr/spool/mail" # endif /* defined(_CRAY) */ # if defined(ultrix) # define USE_VSYSLOG 0 # endif /* defined(ultrix) */ # if defined(__osf__) # define USE_VSYSLOG 0 # endif /* defined(__osf__) */ # if defined(NeXT) && !defined(__APPLE__) # include # define _PATH_MAILDIR "/usr/spool/mail" # define S_IRUSR S_IREAD # define S_IWUSR S_IWRITE # endif /* defined(NeXT) && !defined(__APPLE__) */ # if defined(IRIX64) || defined(IRIX5) || defined(IRIX6) # include # endif /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ /* * If you don't have flock, you could try using lockf instead. */ # ifdef USE_LOCKF # define flock(a, b) lockf(a, b, 0) # ifdef LOCK_EX # undef LOCK_EX # endif /* LOCK_EX */ # define LOCK_EX F_LOCK # endif /* USE_LOCKF */ # ifndef USE_VSYSLOG # define USE_VSYSLOG 1 # endif /* ! USE_VSYSLOG */ # ifndef LOCK_EX # include # endif /* ! LOCK_EX */ # if defined(BSD4_4) || defined(__GLIBC__) # include # define _PATH_LOCTMP "/var/tmp/local.XXXXXX" # endif /* defined(BSD4_4) || defined(__GLIBC__) */ # ifdef BSD4_4 # define HAS_ST_GEN 1 # else /* BSD4_4 */ # ifndef _BSD_VA_LIST_ # define _BSD_VA_LIST_ va_list # endif /* ! _BSD_VA_LIST_ */ # endif /* BSD4_4 */ # if defined(BSD4_4) || defined(linux) # define HASSNPRINTF 1 # else /* defined(BSD4_4) || defined(linux) */ # ifndef ultrix extern FILE *fdopen __P((int, const char *)); # endif /* ! ultrix */ # endif /* defined(BSD4_4) || defined(linux) */ # if SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) # define CONTENTLENGTH 1 /* Needs the Content-Length header */ # endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */ # if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) # define HASSNPRINTF 1 /* has snprintf starting in 2.6 */ # endif /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */ # ifdef HPUX11 # define HASSNPRINTF 1 /* has snprintf starting in 11.X */ # endif /* HPUX11 */ # if _AIX4 >= 40300 # define HASSNPRINTF 1 /* has snprintf starting in 4.3 */ # endif /* _AIX4 >= 40300 */ # if !HASSNPRINTF extern int snprintf __P((char *, size_t, const char *, ...)); # ifndef _CRAY extern int vsnprintf __P((char *, size_t, const char *, ...)); # endif /* ! _CRAY */ # endif /* !HASSNPRINTF */ /* ** If you don't have setreuid, and you have saved uids, and you have ** a seteuid() call that doesn't try to emulate using setuid(), then ** you can try defining USE_SETEUID. */ # ifdef USE_SETEUID # define setreuid(r, e) seteuid(e) # endif /* USE_SETEUID */ /* ** And of course on hpux you have setresuid() */ # ifdef USE_SETRESUID # define setreuid(r, e) setresuid(-1, e, -1) # endif /* USE_SETRESUID */ # ifndef _PATH_LOCTMP # define _PATH_LOCTMP "/var/tmp/local.XXXXXX" # endif /* ! _PATH_LOCTMP */ # ifndef _PATH_MAILDIR # define _PATH_MAILDIR "/var/spool/mail" # endif /* ! _PATH_MAILDIR */ # ifndef S_ISREG # define S_ISREG(mode) (((mode) & _S_IFMT) == S_IFREG) # endif /* ! S_ISREG */ # ifdef MAILLOCK # include # endif /* MAILLOCK */ # define U_UID pw->pw_uid # define U_GID pw->pw_gid #ifndef INADDRSZ # define INADDRSZ 4 /* size of an IPv4 address in bytes */ #endif /* ! INADDRSZ */ #ifndef MAILER_DAEMON # define MAILER_DAEMON "MAILER-DAEMON" #endif /* ! MAILER_DAEMON */ #ifdef CONTENTLENGTH char ContentHdr[40] = "Content-Length: "; off_t HeaderLength; off_t BodyLength; #endif /* CONTENTLENGTH */ bool EightBitMime = TRUE; /* advertise 8BITMIME in LMTP */ int ExitVal = EX_OK; /* sysexits.h error value. */ bool LMTPMode = FALSE; bool bouncequota = FALSE; /* permanent error when over quota */ bool nobiff = FALSE; bool nofsync = FALSE; void deliver __P((int, char *, bool)); int e_to_sys __P((int)); void notifybiff __P((char *)); int store __P((char *, int)); void usage __P((void)); void vwarn __P((const char *, _BSD_VA_LIST_)); int lockmbox __P((char *)); void unlockmbox __P((void)); void mailerr __P((const char *, const char *, ...)); int main(argc, argv) int argc; char *argv[]; { struct passwd *pw; int ch, fd; uid_t uid; char *from; extern char *optarg; extern int optind; extern void dolmtp __P((bool)); /* make sure we have some open file descriptors */ for (fd = 10; fd < 30; fd++) (void) close(fd); /* use a reasonable umask */ (void) umask(0077); # ifdef LOG_MAIL openlog("mail.local", 0, LOG_MAIL); # else /* LOG_MAIL */ openlog("mail.local", 0); # endif /* LOG_MAIL */ from = NULL; while ((ch = getopt(argc, argv, "7Bbdf:r:ls")) != -1) { switch(ch) { case '7': /* Do not advertise 8BITMIME */ EightBitMime = FALSE; break; case 'B': nobiff = TRUE; break; case 'b': /* bounce mail when over quota. */ bouncequota = TRUE; break; case 'd': /* Backward compatible. */ break; case 'f': case 'r': /* Backward compatible. */ if (from != NULL) { mailerr(NULL, "multiple -f options"); usage(); } from = optarg; break; case 'l': LMTPMode = TRUE; break; case 's': nofsync++; break; case '?': default: usage(); } } argc -= optind; argv += optind; /* initialize biff structures */ if (!nobiff) notifybiff(NULL); if (LMTPMode) dolmtp(bouncequota); if (*argv == '\0') usage(); /* ** If from not specified, use the name from getlogin() if the ** uid matches, otherwise, use the name from the password file ** corresponding to the uid. */ uid = getuid(); if (from == NULL && ((from = getlogin()) == NULL || (pw = getpwnam(from)) == NULL || pw->pw_uid != uid)) from = (pw = getpwuid(uid)) != NULL ? pw->pw_name : "???"; /* ** There is no way to distinguish the error status of one delivery ** from the rest of the deliveries. So, if we failed hard on one ** or more deliveries, but had no failures on any of the others, we ** return a hard failure. If we failed temporarily on one or more ** deliveries, we return a temporary failure regardless of the other ** failures. This results in the delivery being reattempted later ** at the expense of repeated failures and multiple deliveries. */ for (fd = store(from, 0); *argv; ++argv) deliver(fd, *argv, bouncequota); exit(ExitVal); /* NOTREACHED */ return ExitVal; } char * parseaddr(s, rcpt) char *s; bool rcpt; { char *p; int l; if (*s++ != '<') return NULL; p = s; /* at-domain-list */ while (*p == '@') { p++; while (*p != ',' && *p != ':' && *p != '\0') p++; if (*p == '\0') return NULL; /* Skip over , or : */ p++; } s = p; /* local-part */ while (*p != '\0' && *p != '@' && *p != '>') { if (*p == '\\') { if (*++p == '\0') return NULL; } else if (*p == '\"') { p++; while (*p != '\0' && *p != '\"') { if (*p == '\\') { if (*++p == '\0') return NULL; } p++; } if (*p == '\0' || *(p + 1) == '\0') return NULL; } /* +detail ? */ if (*p == '+' && rcpt) *p = '\0'; p++; } /* @domain */ if (*p == '@') { if (rcpt) *p++ = '\0'; while (*p != '\0' && *p != '>') p++; } if (*p != '>') return NULL; else *p = '\0'; p++; if (*p != '\0' && *p != ' ') return NULL; if (*s == '\0') s = MAILER_DAEMON; l = strlen(s) + 1; p = malloc(l); if (p == NULL) { printf("421 4.3.0 memory exhausted\r\n"); exit(EX_TEMPFAIL); } (void) strlcpy(p, s, l); return p; } char * process_recipient(addr) char *addr; { if (getpwnam(addr) == NULL) return "550 5.1.1 user unknown"; return NULL; } #define RCPT_GROW 30 void dolmtp(bouncequota) bool bouncequota; { char *return_path = NULL; char **rcpt_addr = NULL; int rcpt_num = 0; int rcpt_alloc = 0; bool gotlhlo = FALSE; char *err; int msgfd; char *p; int i; char myhostname[1024]; char buf[4096]; (void) gethostname(myhostname, sizeof myhostname - 1); printf("220 %s LMTP ready\r\n", myhostname); for (;;) { (void) fflush(stdout); if (fgets(buf, sizeof(buf) - 1, stdin) == NULL) exit(EX_OK); p = buf + strlen(buf) - 1; if (p >= buf && *p == '\n') *p-- = '\0'; if (p >= buf && *p == '\r') *p-- = '\0'; switch (buf[0]) { case 'd': case 'D': if (strcasecmp(buf, "data") == 0) { if (rcpt_num == 0) { printf("503 5.5.1 No recipients\r\n"); continue; } msgfd = store(return_path, rcpt_num); if (msgfd == -1) continue; for (i = 0; i < rcpt_num; i++) { p = strchr(rcpt_addr[i], '+'); if (p != NULL) *p++ = '\0'; deliver(msgfd, rcpt_addr[i], bouncequota); } (void) close(msgfd); goto rset; } goto syntaxerr; /* NOTREACHED */ break; case 'l': case 'L': if (strncasecmp(buf, "lhlo ", 5) == 0) { /* check for duplicate per RFC 1651 4.2 */ if (gotlhlo) { printf("503 %s Duplicate LHLO\r\n", myhostname); continue; } gotlhlo = TRUE; printf("250-%s\r\n", myhostname); if (EightBitMime) printf("250-8BITMIME\r\n"); printf("250-ENHANCEDSTATUSCODES\r\n"); printf("250 PIPELINING\r\n"); continue; } goto syntaxerr; /* NOTREACHED */ break; case 'm': case 'M': if (strncasecmp(buf, "mail ", 5) == 0) { if (return_path != NULL) { printf("503 5.5.1 Nested MAIL command\r\n"); continue; } if (strncasecmp(buf+5, "from:", 5) != 0 || ((return_path = parseaddr(buf + 10, FALSE)) == NULL)) { printf("501 5.5.4 Syntax error in parameters\r\n"); continue; } printf("250 2.5.0 ok\r\n"); continue; } goto syntaxerr; /* NOTREACHED */ break; case 'n': case 'N': if (strcasecmp(buf, "noop") == 0) { printf("250 2.0.0 ok\r\n"); continue; } goto syntaxerr; /* NOTREACHED */ break; case 'q': case 'Q': if (strcasecmp(buf, "quit") == 0) { printf("221 2.0.0 bye\r\n"); exit(EX_OK); } goto syntaxerr; /* NOTREACHED */ break; case 'r': case 'R': if (strncasecmp(buf, "rcpt ", 5) == 0) { if (return_path == NULL) { printf("503 5.5.1 Need MAIL command\r\n"); continue; } if (rcpt_num >= rcpt_alloc) { rcpt_alloc += RCPT_GROW; rcpt_addr = (char **) REALLOC((char *) rcpt_addr, rcpt_alloc * sizeof(char **)); if (rcpt_addr == NULL) { printf("421 4.3.0 memory exhausted\r\n"); exit(EX_TEMPFAIL); } } if (strncasecmp(buf + 5, "to:", 3) != 0 || ((rcpt_addr[rcpt_num] = parseaddr(buf + 8, TRUE)) == NULL)) { printf("501 5.5.4 Syntax error in parameters\r\n"); continue; } if ((err = process_recipient(rcpt_addr[rcpt_num])) != NULL) { printf("%s\r\n", err); continue; } rcpt_num++; printf("250 2.1.5 ok\r\n"); continue; } else if (strcasecmp(buf, "rset") == 0) { printf("250 2.0.0 ok\r\n"); rset: - while (rcpt_num) + while (rcpt_num > 0) free(rcpt_addr[--rcpt_num]); if (return_path != NULL) free(return_path); return_path = NULL; continue; } goto syntaxerr; /* NOTREACHED */ break; case 'v': case 'V': if (strncasecmp(buf, "vrfy ", 5) == 0) { printf("252 2.3.3 try RCPT to attempt delivery\r\n"); continue; } goto syntaxerr; /* NOTREACHED */ break; default: syntaxerr: printf("500 5.5.2 Syntax error\r\n"); continue; /* NOTREACHED */ break; } } } int store(from, lmtprcpts) char *from; int lmtprcpts; { FILE *fp = NULL; time_t tval; bool eline; bool fullline = TRUE; /* current line is terminated */ bool prevfl; /* previous line was terminated */ char line[2048]; int fd; char tmpbuf[sizeof _PATH_LOCTMP + 1]; (void) umask(0077); (void) strlcpy(tmpbuf, _PATH_LOCTMP, sizeof tmpbuf); if ((fd = mkstemp(tmpbuf)) == -1 || (fp = fdopen(fd, "w+")) == NULL) { if (lmtprcpts) { printf("451 4.3.0 unable to open temporary file\r\n"); return -1; } else { mailerr("451 4.3.0", "unable to open temporary file"); exit(ExitVal); } } (void) unlink(tmpbuf); if (LMTPMode) { printf("354 go ahead\r\n"); (void) fflush(stdout); } (void) time(&tval); (void) fprintf(fp, "From %s %s", from, ctime(&tval)); #ifdef CONTENTLENGTH HeaderLength = 0; BodyLength = -1; #endif /* CONTENTLENGTH */ line[0] = '\0'; eline = TRUE; while (fgets(line, sizeof(line), stdin) != (char *)NULL) { size_t line_len = 0; int peek; prevfl = fullline; /* preserve state of previous line */ while (line[line_len] != '\n' && line_len < sizeof(line) - 2) line_len++; line_len++; /* Check for dot-stuffing */ if (prevfl && lmtprcpts && line[0] == '.') { if (line[1] == '\n' || (line[1] == '\r' && line[2] == '\n')) goto lmtpdot; memcpy(line, line + 1, line_len); line_len--; } /* Check to see if we have the full line from fgets() */ fullline = FALSE; if (line_len > 0) { if (line[line_len - 1] == '\n') { if (line_len >= 2 && line[line_len - 2] == '\r') { line[line_len - 2] = '\n'; line[line_len - 1] = '\0'; line_len--; } fullline = TRUE; } else if (line[line_len - 1] == '\r') { /* Did we just miss the CRLF? */ peek = fgetc(stdin); if (peek == '\n') { line[line_len - 1] = '\n'; fullline = TRUE; } else (void) ungetc(peek, stdin); } } else fullline = TRUE; #ifdef CONTENTLENGTH if (prevfl && line[0] == '\n' && HeaderLength == 0) { eline = FALSE; HeaderLength = ftell(fp); if (HeaderLength <= 0) { /* ** shouldn't happen, unless ftell() is ** badly broken */ HeaderLength = -1; } } #else /* CONTENTLENGTH */ if (prevfl && line[0] == '\n') eline = TRUE; #endif /* CONTENTLENGTH */ else { if (eline && line[0] == 'F' && !memcmp(line, "From ", 5)) (void) putc('>', fp); eline = FALSE; #ifdef CONTENTLENGTH /* discard existing "Content-Length:" headers */ if (prevfl && HeaderLength == 0 && (line[0] == 'C' || line[0] == 'c') && strncasecmp(line, ContentHdr, 15) == 0) { /* ** be paranoid: clear the line ** so no "wrong matches" may occur later */ line[0] = '\0'; continue; } #endif /* CONTENTLENGTH */ } (void) fwrite(line, sizeof(char), line_len, fp); if (ferror(fp)) { if (lmtprcpts) { while (lmtprcpts--) printf("451 4.3.0 temporary file write error\r\n"); (void) fclose(fp); return -1; } else { mailerr("451 4.3.0", "temporary file write error"); (void) fclose(fp); exit(ExitVal); } } } if (lmtprcpts) { /* Got a premature EOF -- toss message and exit */ exit(EX_OK); } /* If message not newline terminated, need an extra. */ if (strchr(line, '\n') == NULL) (void) putc('\n', fp); lmtpdot: #ifdef CONTENTLENGTH BodyLength = ftell(fp); if (HeaderLength == 0 && BodyLength > 0) /* empty body */ { HeaderLength = BodyLength; BodyLength = 0; } else BodyLength = BodyLength - HeaderLength - 1 ; if (HeaderLength > 0 && BodyLength >= 0) { extern char *quad_to_string(); if (sizeof BodyLength > sizeof(long)) snprintf(line, sizeof line, "%s\n", quad_to_string(BodyLength)); else snprintf(line, sizeof line, "%ld\n", (long) BodyLength); strlcpy(&ContentHdr[16], line, sizeof(ContentHdr) - 16); } else BodyLength = -1; /* Something is wrong here */ #endif /* CONTENTLENGTH */ /* Output a newline; note, empty messages are allowed. */ (void) putc('\n', fp); if (fflush(fp) == EOF || ferror(fp) != 0) { if (lmtprcpts) { while (lmtprcpts--) printf("451 4.3.0 temporary file write error\r\n"); (void) fclose(fp); return -1; } else { mailerr("451 4.3.0", "temporary file write error"); (void) fclose(fp); exit(ExitVal); } } return fd; } void deliver(fd, name, bouncequota) int fd; char *name; bool bouncequota; { struct stat fsb; struct stat sb; struct passwd *pw; char path[MAXPATHLEN]; - int mbfd, nr = 0, nw, off; + int mbfd = -1, nr = 0, nw, off; char *p; off_t curoff; #ifdef CONTENTLENGTH off_t headerbytes; int readamount; #endif /* CONTENTLENGTH */ char biffmsg[100], buf[8*1024]; extern char *quad_to_string(); /* ** Disallow delivery to unknown names -- special mailboxes can be ** handled in the sendmail aliases file. */ if ((pw = getpwnam(name)) == NULL) { if (ExitVal != EX_TEMPFAIL) ExitVal = EX_UNAVAILABLE; if (LMTPMode) { if (ExitVal == EX_TEMPFAIL) printf("451 4.3.0 cannot lookup name: %s\r\n", name); else printf("550 5.1.1 unknown name: %s\r\n", name); } else { char *errcode = NULL; if (ExitVal == EX_TEMPFAIL) errcode = "451 4.3.0"; else errcode = "550 5.1.1"; mailerr(errcode, "unknown name: %s", name); } return; } endpwent(); /* ** Keep name reasonably short to avoid buffer overruns. ** This isn't necessary on BSD because of the proper ** definition of snprintf(), but it can cause problems ** on other systems. ** Also, clear out any bogus characters. */ if (strlen(name) > 40) name[40] = '\0'; for (p = name; *p != '\0'; p++) { if (!isascii(*p)) *p &= 0x7f; else if (!isprint(*p)) *p = '.'; } (void) snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, name); /* ** If the mailbox is linked or a symlink, fail. There's an obvious ** race here, that the file was replaced with a symbolic link after ** the lstat returned, but before the open. We attempt to detect ** this by comparing the original stat information and information ** returned by an fstat of the file descriptor returned by the open. ** ** NB: this is a symptom of a larger problem, that the mail spooling ** directory is writeable by the wrong users. If that directory is ** writeable, system security is compromised for other reasons, and ** it cannot be fixed here. ** ** If we created the mailbox, set the owner/group. If that fails, ** just return. Another process may have already opened it, so we ** can't unlink it. Historically, binmail set the owner/group at ** each mail delivery. We no longer do this, assuming that if the ** ownership or permissions were changed there was a reason. ** ** XXX ** open(2) should support flock'ing the file. */ tryagain: #ifdef MAILLOCK p = name; #else /* MAILLOCK */ p = path; #endif /* MAILLOCK */ if ((off = lockmbox(p)) != 0) { if (off == EX_TEMPFAIL || e_to_sys(off) == EX_TEMPFAIL) { ExitVal = EX_TEMPFAIL; mailerr("451 4.3.0", "lockmailbox %s failed; error code %d %s", p, off, errno > 0 ? errstring(errno) : ""); } else { mailerr("551 5.3.0", "lockmailbox %s failed; error code %d %s", p, off, errno > 0 ? errstring(errno) : ""); } return; } if (lstat(path, &sb) < 0) { int save_errno; int mode = S_IRUSR|S_IWUSR; gid_t gid = U_GID; #ifdef MAILGID (void) umask(0007); gid = MAILGID; mode |= S_IRGRP|S_IWGRP; #endif /* MAILGID */ mbfd = open(path, O_APPEND|O_CREAT|O_EXCL|O_WRONLY|EXTRA_MODE, mode); save_errno = errno; if (lstat(path, &sb) < 0) { ExitVal = EX_CANTCREAT; mailerr("550 5.2.0", "%s: lstat: file changed after open", path); goto err1; } if (mbfd == -1) { if (save_errno == EEXIST) goto tryagain; /* open failed, don't try again */ mailerr("450 4.2.0", "%s: %s", path, errstring(save_errno)); goto err0; } else if (fchown(mbfd, U_UID, gid) < 0) { mailerr("451 4.3.0", "chown %u.%u: %s", U_UID, gid, name); goto err1; } else { /* ** open() was successful, now close it so can ** be opened as the right owner again. ** Paranoia: reset mbdf since the file descriptor ** is no longer valid; better safe than sorry. */ sb.st_uid = U_UID; (void) close(mbfd); mbfd = -1; } } else if (sb.st_nlink != 1 || !S_ISREG(sb.st_mode)) { mailerr("550 5.2.0", "%s: irregular file", path); goto err0; } else if (sb.st_uid != U_UID) { ExitVal = EX_CANTCREAT; mailerr("550 5.2.0", "%s: wrong ownership (%d)", path, sb.st_uid); goto err0; } /* change UID for quota checks */ if (setreuid(0, U_UID) < 0) { mailerr("450 4.2.0", "setreuid(0, %d): %s (r=%d, e=%d)", U_UID, errstring(errno), getuid(), geteuid()); goto err1; } #ifdef DEBUG fprintf(stderr, "new euid = %d\n", geteuid()); #endif /* DEBUG */ mbfd = open(path, O_APPEND|O_WRONLY|EXTRA_MODE, 0); if (mbfd < 0) { mailerr("450 4.2.0", "%s: %s", path, errstring(errno)); goto err0; } else if (fstat(mbfd, &fsb) < 0 || fsb.st_nlink != 1 || sb.st_nlink != 1 || !S_ISREG(fsb.st_mode) || sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino || # if HAS_ST_GEN && 0 /* AFS returns random values for st_gen */ sb.st_gen != fsb.st_gen || # endif /* HAS_ST_GEN && 0 */ sb.st_uid != fsb.st_uid) { ExitVal = EX_TEMPFAIL; mailerr("550 5.2.0", "%s: fstat: file changed after open", path); goto err1; } /* Wait until we can get a lock on the file. */ if (flock(mbfd, LOCK_EX) < 0) { mailerr("450 4.2.0", "%s: %s", path, errstring(errno)); goto err1; } if (!nobiff) { /* Get the starting offset of the new message for biff. */ curoff = lseek(mbfd, (off_t)0, SEEK_END); if (sizeof curoff > sizeof(long)) (void) snprintf(biffmsg, sizeof(biffmsg), "%s@%s\n", name, quad_to_string(curoff)); else (void) snprintf(biffmsg, sizeof(biffmsg), "%s@%ld\n", name, (long) curoff); } /* Copy the message into the file. */ if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) { mailerr("450 4.2.0", "temporary file: %s", errstring(errno)); goto err1; } #ifdef DEBUG fprintf(stderr, "before writing: euid = %d\n", geteuid()); #endif /* DEBUG */ #ifdef CONTENTLENGTH headerbytes = (BodyLength >= 0) ? HeaderLength : -1 ; for (;;) { if (headerbytes == 0) { snprintf(buf, sizeof buf, "%s", ContentHdr); nr = strlen(buf); headerbytes = -1; readamount = 0; } else if (headerbytes > sizeof(buf) || headerbytes < 0) readamount = sizeof(buf); else readamount = headerbytes; if (readamount != 0) nr = read(fd, buf, readamount); if (nr <= 0) break; if (headerbytes > 0) headerbytes -= nr ; #else /* CONTENTLENGTH */ while ((nr = read(fd, buf, sizeof(buf))) > 0) { #endif /* CONTENTLENGTH */ for (off = 0; off < nr; off += nw) { if ((nw = write(mbfd, buf + off, nr - off)) < 0) { #ifdef EDQUOT if (errno == EDQUOT && bouncequota) mailerr("552 5.2.2", "%s: %s", path, errstring(errno)); else #endif /* EDQUOT */ mailerr("450 4.2.0", "%s: %s", path, errstring(errno)); goto err3; } } } if (nr < 0) { mailerr("450 4.2.0", "temporary file: %s", errstring(errno)); goto err3; } /* Flush to disk, don't wait for update. */ if (!nofsync && fsync(mbfd) < 0) { mailerr("450 4.2.0", "%s: %s", path, errstring(errno)); err3: if (setreuid(0, 0) < 0) { #if 0 /* already printed an error above for this recipient */ (void) e_to_sys(errno); mailerr("450 4.2.0", "setreuid(0, 0): %s", errstring(errno)); #endif /* 0 */ } #ifdef DEBUG fprintf(stderr, "reset euid = %d\n", geteuid()); #endif /* DEBUG */ (void) ftruncate(mbfd, curoff); err1: if (mbfd >= 0) (void) close(mbfd); err0: unlockmbox(); return; } /* Close and check -- NFS doesn't write until the close. */ if (close(mbfd)) { #ifdef EDQUOT if (errno == EDQUOT && bouncequota) mailerr("552 5.2.2", "%s: %s", path, errstring(errno)); else #endif /* EDQUOT */ mailerr("450 4.2.0", "%s: %s", path, errstring(errno)); (void) truncate(path, curoff); } else if (!nobiff) notifybiff(biffmsg); if (setreuid(0, 0) < 0) { mailerr("450 4.2.0", "setreuid(0, 0): %s", errstring(errno)); goto err0; } #ifdef DEBUG fprintf(stderr, "reset euid = %d\n", geteuid()); #endif /* DEBUG */ unlockmbox(); if (LMTPMode) printf("250 2.1.5 %s OK\r\n", name); } /* ** user.lock files are necessary for compatibility with other ** systems, e.g., when the mail spool file is NFS exported. ** Alas, mailbox locking is more than just a local matter. ** EPA 11/94. */ bool Locked = FALSE; #ifdef MAILLOCK int lockmbox(name) char *name; { int r = 0; if (Locked) return 0; if ((r = maillock(name, 15)) == L_SUCCESS) { Locked = TRUE; return 0; } switch (r) { case L_TMPLOCK: /* Can't create tmp file */ case L_TMPWRITE: /* Can't write pid into lockfile */ case L_MAXTRYS: /* Failed after retrycnt attempts */ errno = 0; r = EX_TEMPFAIL; break; case L_ERROR: /* Check errno for reason */ r = errno; break; default: /* other permanent errors */ errno = 0; r = EX_UNAVAILABLE; break; } return r; } void unlockmbox() { if (Locked) mailunlock(); Locked = FALSE; } #else /* MAILLOCK */ char LockName[MAXPATHLEN]; int lockmbox(path) char *path; { int statfailed = 0; time_t start; if (Locked) return 0; if (strlen(path) + 6 > sizeof LockName) return EX_SOFTWARE; (void) snprintf(LockName, sizeof LockName, "%s.lock", path); (void) time(&start); for (; ; sleep(5)) { int fd; struct stat st; time_t now; /* global timeout */ (void) time(&now); if (now > start + LOCKTO_GLOB) { errno = 0; return EX_TEMPFAIL; } fd = open(LockName, O_WRONLY|O_EXCL|O_CREAT, 0); if (fd >= 0) { /* defeat lock checking programs which test pid */ (void) write(fd, "0", 2); Locked = TRUE; (void) close(fd); return 0; } if (stat(LockName, &st) < 0) { if (statfailed++ > 5) { errno = 0; return EX_TEMPFAIL; } continue; } statfailed = 0; (void) time(&now); if (now < st.st_ctime + LOCKTO_RM) continue; /* try to remove stale lockfile */ if (unlink(LockName) < 0) return errno; } } void unlockmbox() { if (!Locked) return; (void) unlink(LockName); Locked = FALSE; } #endif /* MAILLOCK */ void notifybiff(msg) char *msg; { static bool initialized = FALSE; static int f = -1; struct hostent *hp; struct servent *sp; int len; static struct sockaddr_in addr; if (!initialized) { initialized = TRUE; /* Be silent if biff service not available. */ if ((sp = getservbyname("biff", "udp")) == NULL || (hp = gethostbyname("localhost")) == NULL || hp->h_length != INADDRSZ) return; addr.sin_family = hp->h_addrtype; memcpy(&addr.sin_addr, hp->h_addr, INADDRSZ); addr.sin_port = sp->s_port; } /* No message, just return */ if (msg == NULL) return; /* Couldn't initialize addr struct */ if (addr.sin_family == AF_UNSPEC) return; if (f < 0 && (f = socket(AF_INET, SOCK_DGRAM, 0)) == -1) return; len = strlen(msg) + 1; (void) sendto(f, msg, len, 0, (struct sockaddr *) &addr, sizeof(addr)); } void usage() { ExitVal = EX_USAGE; mailerr(NULL, "usage: mail.local [-7] [-B] [-b] [-l] [-f from] [-s] user ..."); exit(ExitVal); } void #ifdef __STDC__ mailerr(const char *hdr, const char *fmt, ...) #else /* __STDC__ */ mailerr(hdr, fmt, va_alist) const char *hdr; const char *fmt; va_dcl #endif /* __STDC__ */ { va_list ap; #ifdef __STDC__ va_start(ap, fmt); #else /* __STDC__ */ va_start(ap); #endif /* __STDC__ */ if (LMTPMode) { if (hdr != NULL) printf("%s ", hdr); (void) vprintf(fmt, ap); (void) printf("\r\n"); } else { (void) e_to_sys(errno); vwarn(fmt, ap); } } void vwarn(fmt, ap) const char *fmt; _BSD_VA_LIST_ ap; { /* ** Log the message to stderr. ** ** Don't use LOG_PERROR as an openlog() flag to do this, ** it's not portable enough. */ if (ExitVal != EX_USAGE) (void) fprintf(stderr, "mail.local: "); (void) vfprintf(stderr, fmt, ap); (void) fprintf(stderr, "\n"); #if USE_VSYSLOG /* Log the message to syslog. */ vsyslog(LOG_ERR, fmt, ap); #else /* USE_VSYSLOG */ { char fmtbuf[10240]; (void) vsnprintf(fmtbuf, sizeof fmtbuf, fmt, ap); syslog(LOG_ERR, "%s", fmtbuf); } #endif /* USE_VSYSLOG */ } /* * e_to_sys -- * Guess which errno's are temporary. Gag me. */ int e_to_sys(num) int num; { /* Temporary failures override hard errors. */ if (ExitVal == EX_TEMPFAIL) return ExitVal; switch (num) /* Hopefully temporary errors. */ { #ifdef EDQUOT case EDQUOT: /* Disc quota exceeded */ if (bouncequota) { ExitVal = EX_UNAVAILABLE; break; } /* FALLTHROUGH */ #endif /* EDQUOT */ #ifdef EAGAIN case EAGAIN: /* Resource temporarily unavailable */ #endif /* EAGAIN */ #ifdef EBUSY case EBUSY: /* Device busy */ #endif /* EBUSY */ #ifdef EPROCLIM case EPROCLIM: /* Too many processes */ #endif /* EPROCLIM */ #ifdef EUSERS case EUSERS: /* Too many users */ #endif /* EUSERS */ #ifdef ECONNABORTED case ECONNABORTED: /* Software caused connection abort */ #endif /* ECONNABORTED */ #ifdef ECONNREFUSED case ECONNREFUSED: /* Connection refused */ #endif /* ECONNREFUSED */ #ifdef ECONNRESET case ECONNRESET: /* Connection reset by peer */ #endif /* ECONNRESET */ #ifdef EDEADLK case EDEADLK: /* Resource deadlock avoided */ #endif /* EDEADLK */ #ifdef EFBIG case EFBIG: /* File too large */ #endif /* EFBIG */ #ifdef EHOSTDOWN case EHOSTDOWN: /* Host is down */ #endif /* EHOSTDOWN */ #ifdef EHOSTUNREACH case EHOSTUNREACH: /* No route to host */ #endif /* EHOSTUNREACH */ #ifdef EMFILE case EMFILE: /* Too many open files */ #endif /* EMFILE */ #ifdef ENETDOWN case ENETDOWN: /* Network is down */ #endif /* ENETDOWN */ #ifdef ENETRESET case ENETRESET: /* Network dropped connection on reset */ #endif /* ENETRESET */ #ifdef ENETUNREACH case ENETUNREACH: /* Network is unreachable */ #endif /* ENETUNREACH */ #ifdef ENFILE case ENFILE: /* Too many open files in system */ #endif /* ENFILE */ #ifdef ENOBUFS case ENOBUFS: /* No buffer space available */ #endif /* ENOBUFS */ #ifdef ENOMEM case ENOMEM: /* Cannot allocate memory */ #endif /* ENOMEM */ #ifdef ENOSPC case ENOSPC: /* No space left on device */ #endif /* ENOSPC */ #ifdef EROFS case EROFS: /* Read-only file system */ #endif /* EROFS */ #ifdef ESTALE case ESTALE: /* Stale NFS file handle */ #endif /* ESTALE */ #ifdef ETIMEDOUT case ETIMEDOUT: /* Connection timed out */ #endif /* ETIMEDOUT */ #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK case EWOULDBLOCK: /* Operation would block. */ #endif /* defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN && EWOULDBLOCK != EDEADLK */ ExitVal = EX_TEMPFAIL; break; default: ExitVal = EX_UNAVAILABLE; break; } return ExitVal; } #if defined(ultrix) || defined(_CRAY) /* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ # if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; # endif /* defined(LIBC_SCCS) && !defined(lint) */ # include # include # include # include # include # include static int _gettemp(); mkstemp(path) char *path; { int fd; return (_gettemp(path, &fd) ? fd : -1); } # if 0 char * mktemp(path) char *path; { return(_gettemp(path, (int *)NULL) ? path : (char *)NULL); } # endif /* 0 */ static _gettemp(path, doopen) char *path; register int *doopen; { extern int errno; register char *start, *trv; struct stat sbuf; u_int pid; pid = getpid(); for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ while (*--trv == 'X') { *trv = (pid % 10) + '0'; pid /= 10; } /* * check the target directory; if you have six X's and it * doesn't exist this runs for a *very* long time. */ for (start = trv + 1;; --trv) { if (trv <= path) break; if (*trv == '/') { *trv = '\0'; if (stat(path, &sbuf) < 0) return(0); if (!S_ISDIR(sbuf.st_mode)) { errno = ENOTDIR; return(0); } *trv = '/'; break; } } for (;;) { if (doopen) { if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) return(1); if (errno != EEXIST) return(0); } else if (stat(path, &sbuf) < 0) return(errno == ENOENT ? 1 : 0); /* tricky little algorithm for backward compatibility */ for (trv = start;;) { if (!*trv) return(0); if (*trv == 'z') *trv++ = 'a'; else { if (isascii(*trv) && isdigit(*trv)) *trv = 'a'; else ++*trv; break; } } } /* NOTREACHED */ } #endif /* defined(ultrix) || defined(_CRAY) */ Index: stable/4/contrib/sendmail/mailstats/mailstats.8 =================================================================== --- stable/4/contrib/sendmail/mailstats/mailstats.8 (revision 71887) +++ stable/4/contrib/sendmail/mailstats/mailstats.8 (revision 71888) @@ -1,107 +1,107 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: mailstats.8,v 8.17 2000/03/11 20:18:21 gshapiro Exp $ +.\" $Id: mailstats.8,v 8.17.4.3 2000/12/29 18:12:20 gshapiro Exp $ .\" -.TH MAILSTATS 1 "April 25, 1996" +.TH MAILSTATS 1 "$Date: 2000/12/29 18:12:20 $" .SH NAME -.B mailstats +mailstats \- display mail statistics .SH SYNOPSIS .B mailstats .RB [ \-o "] [" \-p ] .RB [ \-C .IR cffile ] .RB [ \-f .IR stfile ] .SH DESCRIPTION The .B mailstats utility displays the current mail statistics. .PP First, the time at which statistics started being kept is displayed, in the format specified by ctime(3). Then, the statistics for each mailer are displayed on a single line, each with the following white space separated fields: .sp .RS .PD 0.2v .TP 1.2i .B M The mailer number. .TP .B msgsfr Number of messages from the mailer. .TP .B bytes_from Kbytes from the mailer. .TP .B msgsto Number of messages to the mailer. .TP .B bytes_to Kbytes to the mailer. .TP .B msgsrej Number of messages rejected. .TP .B msgsdis Number of messages discarded. .TP .B Mailer The name of the mailer. .PD .RE .PP After this display, a line totaling the values for all of the mailers is displayed (preceeded with a ``T''), separated from the previous information by a line containing only equals (``='') characters. Another line preceeded with a ``C'' lists the number of connections. .PP The options are as follows: .TP .B \-C Read the specified file instead of the default .B sendmail -``cf'' file. +configuration file. .TP .B \-f Read the specified statistics file instead of the statistics file specified in the .B sendmail -``cf'' file. +configuration file. .TP .B \-p Output information in program-readable mode and clear statistics. .TP .B \-o Don't display the name of the mailer in the output. .PP The .B mailstats utility exits 0 on success, and >0 if an error occurs. .SH FILES .PD 0.2v .TP 2.5i /etc/mail/sendmail.cf The default .B sendmail -``cf'' file. +configuration file. .TP /etc/mail/statistics The default .B sendmail statistics file. .PD .SH SEE ALSO mailq(1), sendmail(8) Index: stable/4/contrib/sendmail/makemap/makemap.8 =================================================================== --- stable/4/contrib/sendmail/makemap/makemap.8 (revision 71887) +++ stable/4/contrib/sendmail/makemap/makemap.8 (revision 71888) @@ -1,151 +1,152 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1988, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: makemap.8,v 8.21.16.2 2000/09/17 17:04:26 gshapiro Exp $ +.\" $Id: makemap.8,v 8.21.16.5 2000/12/29 18:12:20 gshapiro Exp $ .\" -.TH MAKEMAP 8 "November 16, 1992" +.TH MAKEMAP 8 "$Date: 2000/12/29 18:12:20 $" .SH NAME -.B makemap +makemap \- create database maps for sendmail .SH SYNOPSIS .B makemap .RB [ \-C .IR file ] .RB [ \-N ] .RB [ \-c .IR cachesize ] .RB [ \-d ] .RB [ \-e ] .RB [ \-f ] .RB [ \-l ] .RB [ \-o ] .RB [ \-r ] .RB [ \-s ] .RB [ \-u ] .RB [ \-v ] .I maptype mapnam .SH DESCRIPTION .B Makemap creates the database maps used by the keyed map lookups in sendmail(8). It reads input from the standard input and outputs them to the indicated .I mapname. .PP Depending on how it is compiled, .B makemap handles up to three different database formats, selected using the .I maptype parameter. They may be .TP dbm DBM format maps. This requires the ndbm(3) library. .TP btree B-Tree format maps. This requires the new Berkeley DB library. .TP hash Hash format maps. This also requires the Berkeley DB library. .PP In all cases, .B makemap reads lines from the standard input consisting of two words separated by white space. The first is the database key, the second is the value. The value may contain ``%\fIn\fP'' strings to indicate parameter substitution. Literal percents should be doubled (``%%''). Blank lines and lines beginning with ``#'' are ignored. .PP If the .I TrustedUser option is set in the sendmail configuration file and .B makemap is invoked as root, the generated files will be owned by the specified .IR TrustedUser. .SS Flags .TP .B \-C -Use the specified sendmail configuration file for -looking up the TrustedUser option. +Use the specified +.B sendmail +configuration file for looking up the TrustedUser option. .TP .B \-N Include the null byte that terminates strings in the map. This must match the \-N flag in the sendmail.cf ``K'' line. .TP .B \-c Use the specified hash and B-Tree cache size. .TP .B \-d Allow duplicate keys in the map. This is only allowed on B-Tree format maps. If two identical keys are read, they will both be inserted into the map. .TP .B \-e Allow empty value (right hand side). .TP .B \-f Normally all upper case letters in the key are folded to lower case. This flag disables that behaviour. This is intended to mesh with the \-f flag in the .B K line in sendmail.cf. The value is never case folded. .TP .B \-l List supported map types. .TP .B \-o Append to an old file. This allows you to augment an existing file. .TP .B \-r Allow replacement of existing keys. Normally .B makemap complains if you repeat a key, and does not do the insert. .TP .B \-s Ignore safety checks on maps being created. This includes checking for hard or symbolic links in world writable directories. .TP .B \-u dump (unmap) the content of the database to standard output. .TP .B \-v Verbosely print what it is doing. .SH SEE ALSO sendmail(8) .SH HISTORY The .B makemap command appeared in 4.4BSD. Index: stable/4/contrib/sendmail/makemap/makemap.c =================================================================== --- stable/4/contrib/sendmail/makemap/makemap.c (revision 71887) +++ stable/4/contrib/sendmail/makemap/makemap.c (revision 71888) @@ -1,576 +1,573 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1992 Eric P. Allman. All rights reserved. * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1992 Eric P. Allman. All rights reserved.\n\ Copyright (c) 1992, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: makemap.c,v 8.135.4.11 2000/09/13 01:11:10 gshapiro Exp $"; +static char id[] = "@(#)$Id: makemap.c,v 8.135.4.13 2000/10/05 23:00:50 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include #ifndef ISC_UNIX # include #endif /* ! ISC_UNIX */ #include #include #include #ifdef EX_OK # undef EX_OK /* unistd.h may have another use for this */ #endif /* EX_OK */ #include #include #include #include uid_t RealUid; gid_t RealGid; char *RealUserName; uid_t RunAsUid; uid_t RunAsGid; char *RunAsUserName; int Verbose = 2; bool DontInitGroups = FALSE; uid_t TrustedUid = 0; BITMAP256 DontBlameSendmail; #define BUFSIZE 1024 #if _FFR_DELIM # define ISSEP(c) ((sep == '\0' && isascii(c) && isspace(c)) || (c) == sep) #else /* _FFR_DELIM */ # define ISSEP(c) (isascii(c) && isspace(c)) #endif /* _FFR_DELIM */ static void usage(progname) char *progname; { fprintf(stderr, "Usage: %s [-C cffile] [-N] [-c cachesize] [-d] [-e] [-f] [-l] [-o] [-r] [-s] %s[-u] [-v] type mapname\n", progname, #if _FFR_DELIM "[-t delimiter] " #else /* _FFR_DELIM */ "" #endif /* _FFR_DELIM */ ); exit(EX_USAGE); } int main(argc, argv) int argc; char **argv; { char *progname; char *cfile; bool inclnull = FALSE; bool notrunc = FALSE; bool allowreplace = FALSE; bool allowempty = FALSE; bool verbose = FALSE; bool foldcase = TRUE; bool unmake = FALSE; #if _FFR_DELIM char sep = '\0'; #endif /* _FFR_DELIM */ int exitstat; int opt; char *typename = NULL; char *mapname = NULL; int lineno; int st; int mode; int smode; int putflags = 0; long sff = SFF_ROOTOK|SFF_REGONLY; struct passwd *pw; SMDB_DATABASE *database; SMDB_CURSOR *cursor; SMDB_DBENT db_key, db_val; SMDB_DBPARAMS params; SMDB_USER_INFO user_info; char ibuf[BUFSIZE]; #if HASFCHOWN FILE *cfp; char buf[MAXLINE]; #endif /* HASFCHOWN */ static char rnamebuf[MAXNAME]; /* holds RealUserName */ extern char *optarg; extern int optind; memset(¶ms, '\0', sizeof params); params.smdbp_cache_size = 1024 * 1024; progname = strrchr(argv[0], '/'); if (progname != NULL) progname++; else progname = argv[0]; cfile = _PATH_SENDMAILCF; clrbitmap(DontBlameSendmail); RunAsUid = RealUid = getuid(); RunAsGid = RealGid = getgid(); pw = getpwuid(RealUid); if (pw != NULL) (void) strlcpy(rnamebuf, pw->pw_name, sizeof rnamebuf); else (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", (int) RealUid); RunAsUserName = RealUserName = rnamebuf; user_info.smdbu_id = RunAsUid; user_info.smdbu_group_id = RunAsGid; (void) strlcpy(user_info.smdbu_name, RunAsUserName, SMDB_MAX_USER_NAME_LEN); #define OPTIONS "C:Nc:t:deflorsuv" while ((opt = getopt(argc, argv, OPTIONS)) != -1) { switch (opt) { case 'C': cfile = optarg; break; case 'N': inclnull = TRUE; break; case 'c': params.smdbp_cache_size = atol(optarg); break; case 'd': params.smdbp_allow_dup = TRUE; break; case 'e': allowempty = TRUE; break; case 'f': foldcase = FALSE; break; case 'l': smdb_print_available_types(); exit(EX_OK); break; case 'o': notrunc = TRUE; break; case 'r': allowreplace = TRUE; break; case 's': setbitn(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail); setbitn(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail); setbitn(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail); setbitn(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail); break; #if _FFR_DELIM case 't': if (optarg == NULL || *optarg == '\0') { fprintf(stderr, "Invalid separator\n"); break; } sep = *optarg; break; #endif /* _FFR_DELIM */ case 'u': unmake = TRUE; break; case 'v': verbose = TRUE; break; default: usage(progname); /* NOTREACHED */ } } if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail)) sff |= SFF_NOSLINK; if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail)) sff |= SFF_NOHLINK; if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; argc -= optind; argv += optind; if (argc != 2) { usage(progname); /* NOTREACHED */ } else { typename = argv[0]; mapname = argv[1]; } #if HASFCHOWN /* Find TrustedUser value in sendmail.cf */ if ((cfp = fopen(cfile, "r")) == NULL) { fprintf(stderr, "makemap: %s: %s", cfile, errstring(errno)); exit(EX_NOINPUT); } while (fgets(buf, sizeof(buf), cfp) != NULL) { register char *b; if ((b = strchr(buf, '\n')) != NULL) *b = '\0'; b = buf; switch (*b++) { case 'O': /* option */ if (strncasecmp(b, " TrustedUser", 12) == 0 && !(isascii(b[12]) && isalnum(b[12]))) { b = strchr(b, '='); if (b == NULL) continue; while (isascii(*++b) && isspace(*b)) continue; if (isascii(*b) && isdigit(*b)) TrustedUid = atoi(b); else { TrustedUid = 0; pw = getpwnam(b); if (pw == NULL) fprintf(stderr, "TrustedUser: unknown user %s\n", b); else TrustedUid = pw->pw_uid; } # ifdef UID_MAX if (TrustedUid > UID_MAX) { fprintf(stderr, "TrustedUser: uid value (%ld) > UID_MAX (%ld)", (long) TrustedUid, (long) UID_MAX); TrustedUid = 0; } # endif /* UID_MAX */ break; } default: continue; } } (void) fclose(cfp); #endif /* HASFCHOWN */ if (!params.smdbp_allow_dup && !allowreplace) putflags = SMDBF_NO_OVERWRITE; if (unmake) { mode = O_RDONLY; smode = S_IRUSR; } else { mode = O_RDWR; if (!notrunc) { mode |= O_CREAT|O_TRUNC; sff |= SFF_CREAT; } smode = S_IWUSR; } params.smdbp_num_elements = 4096; errno = smdb_open_database(&database, mapname, mode, smode, sff, typename, &user_info, ¶ms); if (errno != SMDBE_OK) { char *hint; if (errno == SMDBE_UNSUPPORTED_DB_TYPE && (hint = smdb_db_definition(typename)) != NULL) fprintf(stderr, "%s: Need to recompile with -D%s for %s support\n", progname, hint, typename); else fprintf(stderr, "%s: error opening type %s map %s: %s\n", progname, typename, mapname, errstring(errno)); exit(EX_CANTCREAT); } (void) database->smdb_sync(database, 0); if (!unmake && geteuid() == 0 && TrustedUid != 0) { errno = database->smdb_set_owner(database, TrustedUid, -1); if (errno != SMDBE_OK) { fprintf(stderr, "WARNING: ownership change on %s failed %s", mapname, errstring(errno)); } } /* ** Copy the data */ exitstat = EX_OK; if (unmake) { - bool stop; errno = database->smdb_cursor(database, &cursor, 0); if (errno != SMDBE_OK) { fprintf(stderr, "%s: cannot make cursor for type %s map %s\n", progname, typename, mapname); exit(EX_SOFTWARE); } memset(&db_key, '\0', sizeof db_key); memset(&db_val, '\0', sizeof db_val); - for (stop = FALSE, lineno = 0; !stop; lineno++) + for (lineno = 0; ; lineno++) { errno = cursor->smdbc_get(cursor, &db_key, &db_val, SMDB_CURSOR_GET_NEXT); if (errno != SMDBE_OK) - { - stop = TRUE; - } - if (!stop) - printf("%.*s\t%.*s\n", - (int) db_key.data.size, - (char *) db_key.data.data, - (int) db_val.data.size, - (char *)db_val.data.data); + break; + printf("%.*s\t%.*s\n", + (int) db_key.size, + (char *) db_key.data, + (int) db_val.size, + (char *)db_val.data); + } (void) cursor->smdbc_close(cursor); } else { lineno = 0; while (fgets(ibuf, sizeof ibuf, stdin) != NULL) { register char *p; lineno++; /* ** Parse the line. */ p = strchr(ibuf, '\n'); if (p != NULL) *p = '\0'; else if (!feof(stdin)) { fprintf(stderr, "%s: %s: line %d: line too long (%ld bytes max)\n", progname, mapname, lineno, (long) sizeof ibuf); exitstat = EX_DATAERR; continue; } if (ibuf[0] == '\0' || ibuf[0] == '#') continue; if ( #if _FFR_DELIM sep == '\0' && #endif /* _FFR_DELIM */ isascii(ibuf[0]) && isspace(ibuf[0])) { fprintf(stderr, "%s: %s: line %d: syntax error (leading space)\n", progname, mapname, lineno); exitstat = EX_DATAERR; continue; } memset(&db_key, '\0', sizeof db_key); memset(&db_val, '\0', sizeof db_val); - db_key.data.data = ibuf; + db_key.data = ibuf; for (p = ibuf; *p != '\0' && !(ISSEP(*p)); p++) { if (foldcase && isascii(*p) && isupper(*p)) *p = tolower(*p); } - db_key.data.size = p - ibuf; + db_key.size = p - ibuf; if (inclnull) - db_key.data.size++; + db_key.size++; if (*p != '\0') *p++ = '\0'; while (ISSEP(*p)) p++; if (!allowempty && *p == '\0') { fprintf(stderr, "%s: %s: line %d: no RHS for LHS %s\n", progname, mapname, lineno, - (char *) db_key.data.data); + (char *) db_key.data); exitstat = EX_DATAERR; continue; } - db_val.data.data = p; - db_val.data.size = strlen(p); + db_val.data = p; + db_val.size = strlen(p); if (inclnull) - db_val.data.size++; + db_val.size++; /* ** Do the database insert. */ if (verbose) { printf("key=`%s', val=`%s'\n", - (char *) db_key.data.data, - (char *) db_val.data.data); + (char *) db_key.data, + (char *) db_val.data); } errno = database->smdb_put(database, &db_key, &db_val, putflags); switch (errno) { case SMDBE_KEY_EXIST: st = 1; break; case 0: st = 0; break; default: st = -1; break; } if (st < 0) { fprintf(stderr, "%s: %s: line %d: key %s: put error: %s\n", progname, mapname, lineno, - (char *) db_key.data.data, + (char *) db_key.data, errstring(errno)); exitstat = EX_IOERR; } else if (st > 0) { fprintf(stderr, "%s: %s: line %d: key %s: duplicate key\n", progname, mapname, - lineno, (char *) db_key.data.data); + lineno, (char *) db_key.data); exitstat = EX_DATAERR; } } } /* ** Now close the database. */ errno = database->smdb_close(database); if (errno != SMDBE_OK) { fprintf(stderr, "%s: close(%s): %s\n", progname, mapname, errstring(errno)); exitstat = EX_IOERR; } smdb_free_database(database); exit(exitstat); /* NOTREACHED */ return exitstat; } /*VARARGS1*/ void #ifdef __STDC__ message(const char *msg, ...) #else /* __STDC__ */ message(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } /*VARARGS1*/ void #ifdef __STDC__ syserr(const char *msg, ...) #else /* __STDC__ */ syserr(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } Index: stable/4/contrib/sendmail/praliases/praliases.8 =================================================================== --- stable/4/contrib/sendmail/praliases/praliases.8 (revision 71887) +++ stable/4/contrib/sendmail/praliases/praliases.8 (revision 71888) @@ -1,57 +1,57 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: praliases.8,v 8.15 2000/04/06 16:47:24 ca Exp $ +.\" $Id: praliases.8,v 8.15.4.2 2000/12/15 19:50:45 gshapiro Exp $ .\" -.TH PRALIASES 8 "April 25, 1996" +.TH PRALIASES 8 "$Date: 2000/12/15 19:50:45 $" .SH NAME -.B praliases +praliases \- display system mail aliases .SH SYNOPSIS .B praliases .RB [ \-C .IR file ] .RB [ \-f .IR file ] .RB [\c .IR key .IR ... ] .SH DESCRIPTION The .B praliases utility displays the current system aliases, one per line, in no particular order. The special internal @:@ alias will be displayed if present. .PP The options are as follows: .TP .B \-C Read the specified sendmail configuration file instead of the default .B sendmail configuration file. .TP .B \-f Read the specified file instead of the configured .B sendmail system aliases file(s). .PP If one or more keys are specified on the command line, only entries which match those keys are displayed. .PP The .B praliases utility exits 0 on success, and >0 if an error occurs. .SH FILES .TP 2.5i /etc/mail/sendmail.cf The default .B sendmail configuration file. .SH SEE ALSO mailq(1), sendmail(8) Index: stable/4/contrib/sendmail/praliases/praliases.c =================================================================== --- stable/4/contrib/sendmail/praliases/praliases.c (revision 71887) +++ stable/4/contrib/sendmail/praliases/praliases.c (revision 71888) @@ -1,417 +1,420 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1983 Eric P. Allman. All rights reserved.\n\ Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: praliases.c,v 8.59.4.10 2000/07/18 05:41:39 gshapiro Exp $"; +static char id[] = "@(#)$Id: praliases.c,v 8.59.4.15 2000/10/24 00:42:59 geir Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include #include #include #include #ifdef EX_OK # undef EX_OK /* unistd.h may have another use for this */ #endif /* EX_OK */ #include #ifndef NOT_SENDMAIL # define NOT_SENDMAIL #endif /* ! NOT_SENDMAIL */ #include #include #include static void praliases __P((char *, int, char **)); uid_t RealUid; gid_t RealGid; char *RealUserName; uid_t RunAsUid; uid_t RunAsGid; char *RunAsUserName; int Verbose = 2; bool DontInitGroups = FALSE; uid_t TrustedUid = 0; BITMAP256 DontBlameSendmail; extern void syserr __P((const char *, ...)); +# define DELIMITERS " ,/" +# define PATH_SEPARATOR ':' int main(argc, argv) int argc; char **argv; { char *cfile; char *filename = NULL; FILE *cfp; int ch; char afilebuf[MAXLINE]; char buf[MAXLINE]; struct passwd *pw; static char rnamebuf[MAXNAME]; extern char *optarg; extern int optind; clrbitmap(DontBlameSendmail); RunAsUid = RealUid = getuid(); RunAsGid = RealGid = getgid(); pw = getpwuid(RealUid); if (pw != NULL) { if (strlen(pw->pw_name) > MAXNAME - 1) pw->pw_name[MAXNAME] = 0; snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name); } else (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", (int) RealUid); RunAsUserName = RealUserName = rnamebuf; cfile = _PATH_SENDMAILCF; while ((ch = getopt(argc, argv, "C:f:")) != -1) { switch ((char)ch) { case 'C': cfile = optarg; break; case 'f': filename = optarg; break; case '?': default: (void)fprintf(stderr, "usage: praliases [-C cffile] [-f aliasfile]\n"); exit(EX_USAGE); } } argc -= optind; argv += optind; if (filename != NULL) { praliases(filename, argc, argv); exit(EX_OK); } if ((cfp = fopen(cfile, "r")) == NULL) { fprintf(stderr, "praliases: %s: %s\n", cfile, errstring(errno)); exit(EX_NOINPUT); } while (fgets(buf, sizeof(buf), cfp) != NULL) { register char *b, *p; b = strchr(buf, '\n'); if (b != NULL) *b = '\0'; b = buf; switch (*b++) { case 'O': /* option -- see if alias file */ if (strncasecmp(b, " AliasFile", 10) == 0 && !(isascii(b[10]) && isalnum(b[10]))) { /* new form -- find value */ b = strchr(b, '='); if (b == NULL) continue; while (isascii(*++b) && isspace(*b)) continue; } else if (*b++ != 'A') { /* something else boring */ continue; } /* this is the A or AliasFile option -- save it */ if (strlcpy(afilebuf, b, sizeof afilebuf) >= sizeof afilebuf) { fprintf(stderr, "praliases: AliasFile filename too long: %.30s\n", b); (void) fclose(cfp); exit(EX_CONFIG); } b = afilebuf; for (p = b; p != NULL; ) { while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; b = p; - p = strpbrk(p, " ,/"); + p = strpbrk(p, DELIMITERS); /* find end of spec */ if (p != NULL) { bool quoted = FALSE; for (; *p != '\0'; p++) { /* ** Don't break into a quoted ** string. */ if (*p == '"') quoted = !quoted; else if (*p == ',' && !quoted) break; } /* No more alias specs follow */ if (*p == '\0') { /* chop trailing whitespace */ while (isascii(*p) && isspace(*p) && p > b) p--; *p = '\0'; p = NULL; } } if (p != NULL) { char *e = p - 1; /* chop trailing whitespace */ while (isascii(*e) && isspace(*e) && e > b) e--; *++e = '\0'; *p++ = '\0'; } praliases(b, argc, argv); } default: continue; } } (void) fclose(cfp); exit(EX_OK); /* NOTREACHED */ return EX_OK; } static void praliases(filename, argc, argv) char *filename; int argc; char **argv; { int result; char *colon; char *db_name; char *db_type; SMDB_DATABASE *database = NULL; SMDB_CURSOR *cursor = NULL; SMDB_DBENT db_key, db_value; SMDB_DBPARAMS params; SMDB_USER_INFO user_info; - colon = strchr(filename, ':'); + colon = strchr(filename, PATH_SEPARATOR); if (colon == NULL) { db_name = filename; db_type = SMDB_TYPE_DEFAULT; } else { *colon = '\0'; db_name = colon + 1; db_type = filename; } /* clean off arguments */ for (;;) { while (isascii(*db_name) && isspace(*db_name)) db_name++; + if (*db_name != '-') break; while (*db_name != '\0' && !(isascii(*db_name) && isspace(*db_name))) db_name++; } if (*db_name == '\0' || (db_type != NULL && *db_type == '\0')) { if (colon != NULL) *colon = ':'; fprintf(stderr, "praliases: illegal alias specification: %s\n", filename); goto fatal; } memset(¶ms, '\0', sizeof params); params.smdbp_cache_size = 1024 * 1024; user_info.smdbu_id = RunAsUid; user_info.smdbu_group_id = RunAsGid; strlcpy(user_info.smdbu_name, RunAsUserName, SMDB_MAX_USER_NAME_LEN); result = smdb_open_database(&database, db_name, O_RDONLY, 0, SFF_ROOTOK, db_type, &user_info, ¶ms); if (result != SMDBE_OK) { fprintf(stderr, "praliases: %s: open: %s\n", db_name, errstring(result)); goto fatal; } if (argc == 0) { memset(&db_key, '\0', sizeof db_key); memset(&db_value, '\0', sizeof db_value); result = database->smdb_cursor(database, &cursor, 0); if (result != SMDBE_OK) { fprintf(stderr, "praliases: %s: set cursor: %s\n", db_name, errstring(result)); goto fatal; } while ((result = cursor->smdbc_get(cursor, &db_key, &db_value, SMDB_CURSOR_GET_NEXT)) == SMDBE_OK) { #if 0 /* skip magic @:@ entry */ - if (db_key.data.size == 2 && - db_key.data.data[0] == '@' && - db_key.data.data[1] == '\0' && - db_value.data.size == 2 && - db_value.data.data[0] == '@' && - db_value.data.data[1] == '\0') + if (db_key.size == 2 && + db_key.data[0] == '@' && + db_key.data[1] == '\0' && + db_value.size == 2 && + db_value.data[0] == '@' && + db_value.data[1] == '\0') continue; #endif /* 0 */ printf("%.*s:%.*s\n", - (int) db_key.data.size, - (char *) db_key.data.data, - (int) db_value.data.size, - (char *) db_value.data.data); + (int) db_key.size, + (char *) db_key.data, + (int) db_value.size, + (char *) db_value.data); } if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY) { fprintf(stderr, "praliases: %s: get value at cursor: %s\n", db_name, errstring(result)); goto fatal; } } else for (; *argv != NULL; ++argv) { memset(&db_key, '\0', sizeof db_key); memset(&db_value, '\0', sizeof db_value); - db_key.data.data = *argv; - db_key.data.size = strlen(*argv) + 1; + db_key.data = *argv; + db_key.size = strlen(*argv) + 1; if (database->smdb_get(database, &db_key, &db_value, 0) == SMDBE_OK) { printf("%.*s:%.*s\n", - (int) db_key.data.size, - (char *) db_key.data.data, - (int) db_value.data.size, - (char *) db_value.data.data); + (int) db_key.size, + (char *) db_key.data, + (int) db_value.size, + (char *) db_value.data); } else - printf("%s: No such key\n", (char *) db_key.data.data); + printf("%s: No such key\n", (char *) db_key.data); } fatal: if (cursor != NULL) (void) cursor->smdbc_close(cursor); if (database != NULL) (void) database->smdb_close(database); if (colon != NULL) *colon = ':'; return; } /*VARARGS1*/ void #ifdef __STDC__ message(const char *msg, ...) #else /* __STDC__ */ message(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } /*VARARGS1*/ void #ifdef __STDC__ syserr(const char *msg, ...) #else /* __STDC__ */ syserr(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } Index: stable/4/contrib/sendmail/rmail/rmail.8 =================================================================== --- stable/4/contrib/sendmail/rmail/rmail.8 (revision 71887) +++ stable/4/contrib/sendmail/rmail/rmail.8 (revision 71888) @@ -1,49 +1,61 @@ .\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1990 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: rmail.8,v 8.1 1999/06/22 20:41:33 tony Exp $ +.\" $Id: rmail.8,v 8.1.16.2 2000/12/29 18:12:22 gshapiro Exp $ .\" -.TH RMAIL 8 "$Date: 1999/06/22 20:41:33 $" +.TH RMAIL 8 "$Date: 2000/12/29 18:12:22 $" .SH NAME -.B rmail +rmail \- handle remote mail received via uucp .SH SYNOPSIS .B rmail +.RB [ \-D +.IR domain ] +.RB [ \-T ] .I user ... .SH DESCRIPTION .B Rmail interprets incoming mail received via uucp(1), collapsing ``From'' lines in the form generated by mail.local(8) into a single line of the form ``return-path!sender'', and passing the processed mail on to sendmail(8). .PP .B Rmail is explicitly designed for use with uucp and sendmail. +.SS Flags +.TP +.B \-D +Use the specified +.I domain +instead of the default domain of ``UUCP''. +.TP +.B \-T +Turn on debugging. .SH SEE ALSO uucp(1), mail.local(8), sendmail(8) .SH HISTORY The .B rmail program appeared in 4.2BSD. .SH BUGS .B Rmail should not reside in /bin. Index: stable/4/contrib/sendmail/rmail/rmail.c =================================================================== --- stable/4/contrib/sendmail/rmail/rmail.c (revision 71887) +++ stable/4/contrib/sendmail/rmail/rmail.c (revision 71888) @@ -1,482 +1,481 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: rmail.c,v 8.39.4.8 2000/09/16 22:20:25 gshapiro Exp $"; +static char id[] = "@(#)$Id: rmail.c,v 8.39.4.9 2000/11/17 08:42:56 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ /* * RMAIL -- UUCP mail server. * * This program reads the >From ... remote from ... lines that UUCP is so * fond of and turns them into something reasonable. It then execs sendmail * with various options built from these lines. * * The expected syntax is: * * := [-a-z0-9]+ * := ctime format * := [-a-z0-9!]+ * := "^\n$" * := "From" * [ "remote from" ] * := ">" * msg := * * * The output of rmail(8) compresses the lines into a single * from path. * * The err(3) routine is included here deliberately to make this code * a bit more portable. */ #include #include #include #include #include #include #ifdef BSD4_4 # define FORK vfork # include #else /* BSD4_4 */ # define FORK fork # ifndef _PATH_SENDMAIL # define _PATH_SENDMAIL "/usr/lib/sendmail" # endif /* ! _PATH_SENDMAIL */ #endif /* BSD4_4 */ #include #include #include #include #ifdef EX_OK # undef EX_OK /* unistd.h may have another use for this */ #endif /* EX_OK */ #include #ifndef MAX # define MAX(a, b) ((a) < (b) ? (b) : (a)) #endif /* ! MAX */ #ifndef __P # ifdef __STDC__ # define __P(protos) protos # else /* __STDC__ */ # define __P(protos) () # define const # endif /* __STDC__ */ #endif /* ! __P */ #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif /* ! STDIN_FILENO */ #if defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11) # define HASSNPRINTF 1 #endif /* defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11) */ #if defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) # define memmove(d, s, l) (bcopy((s), (d), (l))) #endif /* defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) */ #if !HASSNPRINTF extern int snprintf __P((char *, size_t, const char *, ...)); #endif /* !HASSNPRINTF */ #if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6) # ifndef HASSTRERROR # define HASSTRERROR 1 # endif /* ! HASSTRERROR */ #endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ #if defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) # undef WIFEXITED # undef WEXITSTATUS # define WIFEXITED(st) (((st) & 0377) == 0) # define WEXITSTATUS(st) (((st) >> 8) & 0377) #endif /* defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) */ #include "sendmail/errstring.h" static void err __P((int, const char *, ...)); static void usage __P((void)); static char *xalloc __P((int)); #define newstr(s) strcpy(xalloc(strlen(s) + 1), s) static char * xalloc(sz) register int sz; { register char *p; /* some systems can't handle size zero mallocs */ if (sz <= 0) sz = 1; p = malloc((unsigned) sz); if (p == NULL) err(EX_TEMPFAIL, "out of memory"); return (p); } int main(argc, argv) int argc; char *argv[]; { int ch, debug, i, pdes[2], pid, status; size_t fplen = 0, fptlen = 0, len; off_t offset; FILE *fp; char *addrp = NULL, *domain, *p, *t; char *from_path, *from_sys, *from_user; char **args, buf[2048], lbuf[2048]; struct stat sb; extern char *optarg; extern int optind; debug = 0; domain = "UUCP"; /* Default "domain". */ while ((ch = getopt(argc, argv, "D:T")) != -1) { switch (ch) { case 'T': debug = 1; break; case 'D': domain = optarg; break; case '?': default: usage(); } } argc -= optind; argv += optind; if (argc < 1) usage(); from_path = from_sys = from_user = NULL; for (offset = 0; ; ) { /* Get and nul-terminate the line. */ if (fgets(lbuf, sizeof(lbuf), stdin) == NULL) exit(EX_DATAERR); if ((p = strchr(lbuf, '\n')) == NULL) err(EX_DATAERR, "line too long"); *p = '\0'; /* Parse lines until reach a non-"From" line. */ if (!strncmp(lbuf, "From ", 5)) addrp = lbuf + 5; else if (!strncmp(lbuf, ">From ", 6)) addrp = lbuf + 6; else if (offset == 0) err(EX_DATAERR, "missing or empty From line: %s", lbuf); else { *p = '\n'; break; } if (addrp == NULL || *addrp == '\0') err(EX_DATAERR, "corrupted From line: %s", lbuf); /* Use the "remote from" if it exists. */ for (p = addrp; (p = strchr(p + 1, 'r')) != NULL; ) { if (!strncmp(p, "remote from ", 12)) { for (t = p += 12; *t != '\0'; ++t) { if (isascii(*t) && isspace(*t)) break; } *t = '\0'; if (debug) fprintf(stderr, "remote from: %s\n", p); break; } } /* Else use the string up to the last bang. */ if (p == NULL) { if (*addrp == '!') err(EX_DATAERR, "bang starts address: %s", addrp); else if ((t = strrchr(addrp, '!')) != NULL) { *t = '\0'; p = addrp; addrp = t + 1; if (*addrp == '\0') err(EX_DATAERR, "corrupted From line: %s", lbuf); if (debug) fprintf(stderr, "bang: %s\n", p); } } /* 'p' now points to any system string from this line. */ if (p != NULL) { /* Nul terminate it as necessary. */ for (t = p; *t != '\0'; ++t) { if (isascii(*t) && isspace(*t)) break; } *t = '\0'; /* If the first system, copy to the from_sys string. */ if (from_sys == NULL) { from_sys = newstr(p); if (debug) fprintf(stderr, "from_sys: %s\n", from_sys); } /* Concatenate to the path string. */ len = t - p; if (from_path == NULL) { fplen = 0; if ((from_path = malloc(fptlen = 256)) == NULL) err(EX_TEMPFAIL, NULL); } if (fplen + len + 2 > fptlen) { fptlen += MAX(fplen + len + 2, 256); if ((from_path = realloc(from_path, fptlen)) == NULL) err(EX_TEMPFAIL, NULL); } memmove(from_path + fplen, p, len); fplen += len; from_path[fplen++] = '!'; from_path[fplen] = '\0'; } /* Save off from user's address; the last one wins. */ for (p = addrp; *p != '\0'; ++p) { if (isascii(*p) && isspace(*p)) break; } *p = '\0'; if (*addrp == '\0') addrp = "<>"; if (from_user != NULL) free(from_user); from_user = newstr(addrp); if (debug) { if (from_path != NULL) fprintf(stderr, "from_path: %s\n", from_path); fprintf(stderr, "from_user: %s\n", from_user); } if (offset != -1) offset = (off_t)ftell(stdin); } - /* Allocate args (with room for sendmail args as well as recipients */ + /* Allocate args (with room for sendmail args as well as recipients) */ args = (char **)xalloc(sizeof(*args) * (10 + argc)); i = 0; args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ - args[i++] = "-G"; /* relay submission */ args[i++] = "-oee"; /* No errors, just status. */ #ifdef QUEUE_ONLY args[i++] = "-odq"; /* Queue it, don't try to deliver. */ #else args[i++] = "-odi"; /* Deliver in foreground. */ #endif args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ /* set from system and protocol used */ if (from_sys == NULL) snprintf(buf, sizeof(buf), "-p%s", domain); else if (strchr(from_sys, '.') == NULL) snprintf(buf, sizeof(buf), "-p%s:%s.%s", domain, from_sys, domain); else snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys); args[i++] = newstr(buf); /* Set name of ``from'' person. */ snprintf(buf, sizeof(buf), "-f%s%s", from_path ? from_path : "", from_user); args[i++] = newstr(buf); /* ** Don't copy arguments beginning with - as they will be ** passed to sendmail and could be interpreted as flags. ** To prevent confusion of sendmail wrap < and > around ** the address (helps to pass addrs like @gw1,@gw2:aa@bb) */ while (*argv != NULL) { if (**argv == '-') err(EX_USAGE, "dash precedes argument: %s", *argv); if (strchr(*argv, ',') == NULL || strchr(*argv, '<') != NULL) args[i++] = *argv; else { len = strlen(*argv) + 3; if ((args[i] = malloc(len)) == NULL) err(EX_TEMPFAIL, "Cannot malloc"); snprintf(args[i++], len, "<%s>", *argv); } argv++; argc--; /* Paranoia check, argc used for args[] bound */ if (argc < 0) err(EX_SOFTWARE, "Argument count mismatch"); } args[i] = NULL; if (debug) { fprintf(stderr, "Sendmail arguments:\n"); for (i = 0; args[i] != NULL; i++) fprintf(stderr, "\t%s\n", args[i]); } /* ** If called with a regular file as standard input, seek to the right ** position in the file and just exec sendmail. Could probably skip ** skip the stat, but it's not unreasonable to believe that a failed ** seek will cause future reads to fail. */ if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode)) { if (lseek(STDIN_FILENO, offset, SEEK_SET) != offset) err(EX_TEMPFAIL, "stdin seek"); (void) execv(_PATH_SENDMAIL, args); err(EX_OSERR, "%s", _PATH_SENDMAIL); } if (pipe(pdes) < 0) err(EX_OSERR, NULL); switch (pid = FORK()) { case -1: /* Err. */ err(EX_OSERR, NULL); /* NOTREACHED */ case 0: /* Child. */ if (pdes[0] != STDIN_FILENO) { (void) dup2(pdes[0], STDIN_FILENO); (void) close(pdes[0]); } (void) close(pdes[1]); (void) execv(_PATH_SENDMAIL, args); _exit(127); /* NOTREACHED */ } if ((fp = fdopen(pdes[1], "w")) == NULL) err(EX_OSERR, NULL); (void) close(pdes[0]); /* Copy the file down the pipe. */ do { (void) fprintf(fp, "%s", lbuf); } while (fgets(lbuf, sizeof(lbuf), stdin) != NULL); if (ferror(stdin)) err(EX_TEMPFAIL, "stdin: %s", errstring(errno)); if (fclose(fp)) err(EX_OSERR, NULL); if ((waitpid(pid, &status, 0)) == -1) err(EX_OSERR, "%s", _PATH_SENDMAIL); if (!WIFEXITED(status)) err(EX_OSERR, "%s: did not terminate normally", _PATH_SENDMAIL); if (WEXITSTATUS(status)) err(status, "%s: terminated with %d (non-zero) status", _PATH_SENDMAIL, WEXITSTATUS(status)); exit(EX_OK); /* NOTREACHED */ return EX_OK; } static void usage() { (void) fprintf(stderr, "usage: rmail [-T] [-D domain] user ...\n"); exit(EX_USAGE); } #ifdef __STDC__ # include #else /* __STDC__ */ # include #endif /* __STDC__ */ static void #ifdef __STDC__ err(int eval, const char *fmt, ...) #else /* __STDC__ */ err(eval, fmt, va_alist) int eval; const char *fmt; va_dcl #endif /* __STDC__ */ { va_list ap; #ifdef __STDC__ va_start(ap, fmt); #else /* __STDC__ */ va_start(ap); #endif /* __STDC__ */ (void) fprintf(stderr, "rmail: "); (void) vfprintf(stderr, fmt, ap); va_end(ap); (void) fprintf(stderr, "\n"); exit(eval); } Index: stable/4/contrib/sendmail/smrsh/README =================================================================== --- stable/4/contrib/sendmail/smrsh/README (revision 71887) +++ stable/4/contrib/sendmail/smrsh/README (revision 71888) @@ -1,156 +1,156 @@ README smrsh - sendmail restricted shell. This README file is provided as a courtesy of the CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University. This file is intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, and to the software, smrsh.c, written by Eric Allman. The smrsh(8) program is intended as a replacement for /bin/sh in the program mailer definition of sendmail(8). This README file describes the steps needed to compile and install smrsh. smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. smrsh has been written with portability in mind, and uses traditional Unix library utilities. As such, smrsh should compile on most Unix C compilers. smrsh should build on most systems with the enclosed Build script: host.domain% sh Build To compile smrsh.c by hand, use the following command: host.domain% cc -o smrsh smrsh.c For machines that provide dynamic linking, it is advisable to compile smrsh without dynamic linking. As an example with the Sun Microsystems compiler, you should compile with the -Bstatic option. host.domain% cc -Bstatic -o smrsh smrsh.c or host.domain% sh Build LDOPTS=-Bstatic With gcc, the GNU C compiler, use the -static option. host.domain% cc -static -o smrsh smrsh.c or host.domain% sh Build LDOPTS=-static As root, install smrsh in /usr/libexec. Using the Build script: host.domain# sh Build install For manual installation: install smrsh in the /usr/libexec directory, with mode 511. host.domain# mv smrsh /usr/libexec host.domain# chmod 511 /usr/libexec/smrsh Next, determine the list of commands that smrsh should allow sendmail to run. This list of allowable commands can be determined by: 1. examining your /etc/mail/aliases file, to indicate what commands are being used by the system. 2. surveying your host's .forward files, to determine what commands users have specified. See the man page for aliases(5) if you are unfamiliar with the format of these specifications. Additionally, you should include in the list, popular commands such as /usr/ucb/vacation. You should NOT include interpreter programs such as sh(1), csh(1), perl(1), uudecode(1) or the stream editor sed(1) in your list of acceptable commands. - -You will next need to create the directory /usr/adm/sm.bin and populate +If your platform doesn't have a default CMDDIR setting, you will +next need to create the directory /usr/adm/sm.bin and populate it with the programs that your site feels are allowable for sendmail to execute. This directory is explicitly specified in the source code for smrsh, so changing this directory must be accompanied with a change in smrsh.c. You will have to be root to make these modifications. After creating the /usr/adm/sm.bin directory, either copy the programs to the directory, or establish links to the allowable programs from /usr/adm/sm.bin. Change the file permissions, so that these programs can not be modified by non-root users. If you use links, you should ensure that the target programs are not modifiable. To allow the popular vacation(1) program by creating a link in the /usr/adm/sm.bin directory, you should: host.domain# cd /usr/adm/sm.bin host.domain# ln -s /usr/ucb/vacation vacation After populating the /usr/adm/sm.bin directory, you can now configure sendmail to use the restricted shell. Save the current sendmail.cf file prior to modifying it, as a prudent precaution. Typically, the program mailer is defined by a single line in the sendmail configuration file, sendmail.cf. This file is traditionally found in the /etc, /usr/lib or /etc/mail directories, depending on the UNIX vendor. If you are unsure of the location of the actual sendmail configuration file, a search of the strings(1) output of the sendmail binary, will help to locate it. In order to configure sendmail to use smrsh, you must modify the Mprog definition in the sendmail.cf file, by replacing the /bin/sh specification with /usr/libexec/smrsh. As an example: In most Sun Microsystems' sendmail.cf files, the line is: Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u which should be changed to: Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u ^^^^^^^^^^^^^^^^^^ A more generic line may be: Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u and should be changed to; Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u After modifying the Mprog definition in the sendmail.cf file, if a frozen configuration file is being used, it is essential to create a new one. You can determine if you need a frozen configuration by discovering if a sendmail.fc file currently exists in either the /etc/, /usr/lib, or /etc/mail directories. The specific location can be determined using a search of the strings(1) output of the sendmail binary. In order to create a new frozen configuration, if it is required: host.domain# /usr/lib/sendmail -bz Now re-start the sendmail process. An example of how to do this on a typical system follows: host.domain# cat /var/run/sendmail.pid 130 /usr/sbin/sendmail -bd -q30m host.domain# /bin/kill -15 130 host.domain# /usr/sbin/sendmail -bd -q30m -$Revision: 8.6 $, Last updated $Date: 1999/04/28 01:09:51 $ +$Revision: 8.6.16.1 $, Last updated $Date: 2000/10/09 20:39:55 $ Index: stable/4/contrib/sendmail/smrsh/smrsh.8 =================================================================== --- stable/4/contrib/sendmail/smrsh/smrsh.8 (revision 71887) +++ stable/4/contrib/sendmail/smrsh/smrsh.8 (revision 71888) @@ -1,88 +1,89 @@ -.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. +.\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1993 Eric P. Allman. All rights reserved. .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: smrsh.8,v 8.11 1999/06/09 16:51:07 ca Exp $ +.\" $Id: smrsh.8,v 8.11.16.2 2000/12/15 19:50:46 gshapiro Exp $ .\" .\" $FreeBSD$ .\" -.TH SMRSH 8 11/02/93 +.TH SMRSH 8 "$Date: 2000/12/15 19:50:46 $" .SH NAME smrsh \- restricted shell for sendmail .SH SYNOPSIS .B smrsh .B \-c command .SH DESCRIPTION The .I smrsh program is intended as a replacement for .I sh for use in the ``prog'' mailer in .IR sendmail (8) configuration files. It sharply limits the commands that can be run using the ``|program'' syntax of .I sendmail in order to improve the over all security of your system. Briefly, even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, .I smrsh limits the set of programs that he or she can execute. .PP Briefly, .I smrsh -limits programs to be in the directory +limits programs to be in a single directory, +by default /usr/libexec/sm.bin, allowing the system administrator to choose the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the characters `\`', `<', `>', `;', `$', `(', `)', `\er' (carriage return), or `\en' (newline) on the command line to prevent ``end run'' attacks. It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"'' .PP Initial pathnames on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually forward to ``/usr/libexec/sm.bin/vacation''. .PP System administrators should be conservative about populating -/usr/libexec/sm.bin. +the sm.bin directory. Reasonable additions are .IR vacation (1), .IR procmail (1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as .IR perl (1)) in the sm.bin directory. Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); it simply disallows execution of arbitrary programs. .SH COMPILATION Compilation should be trivial on most systems. You may need to use \-DPATH=\e"\fIpath\fP\e" to adjust the default search path (defaults to ``/bin:/usr/bin'') and/or \-DCMDBIN=\e"\fIdir\fP\e" to change the default program directory (defaults to ``/usr/libexec/sm.bin''). .SH FILES /usr/libexec/sm.bin \- directory for restricted programs .SH SEE ALSO sendmail(8) Index: stable/4/contrib/sendmail/smrsh/smrsh.c =================================================================== --- stable/4/contrib/sendmail/smrsh/smrsh.c (revision 71887) +++ stable/4/contrib/sendmail/smrsh/smrsh.c (revision 71888) @@ -1,381 +1,385 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1993 Eric P. Allman. All rights reserved. * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1993 Eric P. Allman. All rights reserved.\n\ Copyright (c) 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: smrsh.c,v 8.31.4.5 2000/09/17 17:04:27 gshapiro Exp $"; +static char id[] = "@(#)$Id: smrsh.c,v 8.31.4.6 2000/10/09 20:37:16 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ /* ** SMRSH -- sendmail restricted shell ** ** This is a patch to get around the prog mailer bugs in most ** versions of sendmail. ** ** Use this in place of /bin/sh in the "prog" mailer definition ** in your sendmail.cf file. You then create CMDDIR (owned by ** root, mode 755) and put links to any programs you want ** available to prog mailers in that directory. This should ** include things like "vacation" and "procmail", but not "sed" ** or "sh". ** ** Leading pathnames are stripped from program names so that ** existing .forward files that reference things like ** "/usr/bin/vacation" will continue to work. ** ** The following characters are completely illegal: ** < > ^ & ` ( ) \n \r ** The following characters are sometimes illegal: ** | & ** This is more restrictive than strictly necessary. ** ** To use this, add FEATURE(`smrsh') to your .mc file. ** ** This can be used on any version of sendmail. ** ** In loving memory of RTM. 11/02/93. */ #include #include #include #include #include #include #ifdef EX_OK # undef EX_OK #endif /* EX_OK */ #include #include #include #ifndef TRUE # define TRUE 1 # define FALSE 0 #endif /* ! TRUE */ /* directory in which all commands must reside */ #ifndef CMDDIR -# define CMDDIR "/usr/libexec/sm.bin" +# if defined(HPUX10) || defined(HPUX11) || SOLARIS >= 20800 +# define CMDDIR "/var/adm/sm.bin" +# else /* HPUX10 || HPUX11 || SOLARIS > 20800 */ +# define CMDDIR "/usr/libexec/sm.bin" +# endif /* HPUX10 || HPUX11 || SOLARIS > 20800 */ #endif /* ! CMDDIR */ /* characters disallowed in the shell "-c" argument */ #define SPECIALS "<|>^();&`$\r\n" /* default search path */ #ifndef PATH # define PATH "/bin:/usr/bin" #endif /* ! PATH */ #ifndef __P # include "sendmail/cdefs.h" #endif /* ! __P */ extern size_t strlcpy __P((char *, const char *, size_t)); extern size_t strlcat __P((char *, const char *, size_t)); char newcmdbuf[1000]; char *prg, *par; /* ** ADDCMD -- add a string to newcmdbuf, check for overflow ** ** Parameters: ** s -- string to add ** cmd -- it's a command: prepend CMDDIR/ ** len -- length of string to add ** ** Side Effects: ** changes newcmdbuf or exits with a failure. ** */ void addcmd(s, cmd, len) char *s; int cmd; int len; { if (s == NULL || *s == '\0') return; if (sizeof newcmdbuf - strlen(newcmdbuf) <= len + (cmd ? (strlen(CMDDIR) + 1) : 0)) { fprintf(stderr, "%s: command too long: %s\n", prg, par); #ifndef DEBUG syslog(LOG_WARNING, "command too long: %.40s", par); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } if (cmd) { (void) strlcat(newcmdbuf, CMDDIR, sizeof newcmdbuf); (void) strlcat(newcmdbuf, "/", sizeof newcmdbuf); } (void) strlcat(newcmdbuf, s, sizeof newcmdbuf); } int main(argc, argv) int argc; char **argv; { register char *p; register char *q; register char *r; register char *cmd; int i; int isexec; int save_errno; char *newenv[2]; char cmdbuf[1000]; char pathbuf[1000]; char specialbuf[32]; #ifndef DEBUG # ifndef LOG_MAIL openlog("smrsh", 0); # else /* ! LOG_MAIL */ openlog("smrsh", LOG_ODELAY|LOG_CONS, LOG_MAIL); # endif /* ! LOG_MAIL */ #endif /* ! DEBUG */ (void) strlcpy(pathbuf, "PATH=", sizeof pathbuf); (void) strlcat(pathbuf, PATH, sizeof pathbuf); newenv[0] = pathbuf; newenv[1] = NULL; /* ** Do basic argv usage checking */ prg = argv[0]; par = argv[2]; if (argc != 3 || strcmp(argv[1], "-c") != 0) { fprintf(stderr, "Usage: %s -c command\n", prg); #ifndef DEBUG syslog(LOG_ERR, "usage"); #endif /* ! DEBUG */ exit(EX_USAGE); } /* ** Disallow special shell syntax. This is overly restrictive, ** but it should shut down all attacks. ** Be sure to include 8-bit versions, since many shells strip ** the address to 7 bits before checking. */ if (strlen(SPECIALS) * 2 >= sizeof specialbuf) { #ifndef DEBUG syslog(LOG_ERR, "too many specials: %.40s", SPECIALS); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } (void) strlcpy(specialbuf, SPECIALS, sizeof specialbuf); for (p = specialbuf; *p != '\0'; p++) *p |= '\200'; (void) strlcat(specialbuf, SPECIALS, sizeof specialbuf); /* ** Do a quick sanity check on command line length. */ i = strlen(par); if (i > (sizeof newcmdbuf - sizeof CMDDIR - 2)) { fprintf(stderr, "%s: command too long: %s\n", prg, par); #ifndef DEBUG syslog(LOG_WARNING, "command too long: %.40s", par); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } q = par; newcmdbuf[0] = '\0'; isexec = FALSE; while (*q) { /* ** Strip off a leading pathname on the command name. For ** example, change /usr/ucb/vacation to vacation. */ /* strip leading spaces */ while (*q != '\0' && isascii(*q) && isspace(*q)) q++; if (*q == '\0') { if (isexec) { fprintf(stderr, "%s: missing command to exec\n", prg); #ifndef DEBUG syslog(LOG_CRIT, "uid %d: missing command to exec", getuid()); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } break; } /* find the end of the command name */ p = strpbrk(q, " \t"); if (p == NULL) cmd = &q[strlen(q)]; else { *p = '\0'; cmd = p; } /* search backwards for last / (allow for 0200 bit) */ while (cmd > q) { if ((*--cmd & 0177) == '/') { cmd++; break; } } /* cmd now points at final component of path name */ /* allow a few shell builtins */ if (strcmp(q, "exec") == 0 && p != NULL) { addcmd("exec ", FALSE, strlen("exec ")); /* test _next_ arg */ q = ++p; isexec = TRUE; continue; } else if (strcmp(q, "exit") == 0 || strcmp(q, "echo") == 0) { addcmd(cmd, FALSE, strlen(cmd)); /* test following chars */ } else { /* ** Check to see if the command name is legal. */ (void) strlcpy(cmdbuf, CMDDIR, sizeof cmdbuf); (void) strlcat(cmdbuf, "/", sizeof cmdbuf); (void) strlcat(cmdbuf, cmd, sizeof cmdbuf); #ifdef DEBUG printf("Trying %s\n", cmdbuf); #endif /* DEBUG */ if (access(cmdbuf, X_OK) < 0) { /* oops.... crack attack possiblity */ fprintf(stderr, "%s: %s not available for sendmail programs\n", prg, cmd); if (p != NULL) *p = ' '; #ifndef DEBUG syslog(LOG_CRIT, "uid %d: attempt to use %s", getuid(), cmd); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } /* ** Create the actual shell input. */ addcmd(cmd, TRUE, strlen(cmd)); } isexec = FALSE; if (p != NULL) *p = ' '; else break; r = strpbrk(p, specialbuf); if (r == NULL) { addcmd(p, FALSE, strlen(p)); break; } #if ALLOWSEMI if (*r == ';') { addcmd(p, FALSE, r - p + 1); q = r + 1; continue; } #endif /* ALLOWSEMI */ if ((*r == '&' && *(r + 1) == '&') || (*r == '|' && *(r + 1) == '|')) { addcmd(p, FALSE, r - p + 2); q = r + 2; continue; } fprintf(stderr, "%s: cannot use %c in command\n", prg, *r); #ifndef DEBUG syslog(LOG_CRIT, "uid %d: attempt to use %c in command: %s", getuid(), *r, par); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } /* end of while *q */ if (isexec) { fprintf(stderr, "%s: missing command to exec\n", prg); #ifndef DEBUG syslog(LOG_CRIT, "uid %d: missing command to exec", getuid()); #endif /* ! DEBUG */ exit(EX_UNAVAILABLE); } /* make sure we created something */ if (newcmdbuf[0] == '\0') { fprintf(stderr, "Usage: %s -c command\n", prg); #ifndef DEBUG syslog(LOG_ERR, "usage"); #endif /* ! DEBUG */ exit(EX_USAGE); } /* ** Now invoke the shell */ #ifdef DEBUG printf("%s\n", newcmdbuf); #endif /* DEBUG */ (void) execle("/bin/sh", "/bin/sh", "-c", newcmdbuf, NULL, newenv); save_errno = errno; #ifndef DEBUG syslog(LOG_CRIT, "Cannot exec /bin/sh: %m"); #endif /* ! DEBUG */ errno = save_errno; perror("/bin/sh"); exit(EX_OSFILE); /* NOTREACHED */ return EX_OSFILE; } Index: stable/4/contrib/sendmail/src/README =================================================================== --- stable/4/contrib/sendmail/src/README (revision 71887) +++ stable/4/contrib/sendmail/src/README (revision 71888) @@ -1,1626 +1,1671 @@ # Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. # Copyright (c) 1988 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # -# $Id: README,v 8.263.2.1.2.21 2000/09/27 16:36:26 ca Exp $ +# $Id: README,v 8.263.2.1.2.27 2000/12/16 16:46:02 gshapiro Exp $ # This directory contains the source files for sendmail(TM). ********************* !! DO NOT USE MAKE !! in this directory to compile sendmail -- ********************* instead, use the "Build" script located in the sendmail directory. It will build an appropriate Makefile, and create an appropriate obj.* subdirectory so that multiplatform support works easily. ********************************************************** ** Read below for more details on building sendmail. ** ********************************************************** ************************************************************************** ** IMPORTANT: Read the appropriate paragraphs in the section on ** ** ``Operating System and Compile Quirks''. ** ************************************************************************** For detailed instructions, please read the document ../doc/op/op.me: eqn ../doc/op/op.me | pic | ditroff -me Sendmail is a trademark of Sendmail, Inc. +-------------------+ | BUILDING SENDMAIL | +-------------------+ By far, the easiest way to compile sendmail is to use the "Build" script: sh Build This uses the "uname" command to figure out what architecture you are on and creates a proper Makefile accordingly. It also creates a subdirectory per object format, so that multiarchitecture support is easy. In general this should be all you need. IRIX 6.x users should read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section. If you need to look at other include or library directories, use the -I or -L flags on the command line, e.g., sh Build -I/usr/sww/include -L/usr/sww/lib It's also possible to create local site configuration in the file site.config.m4 (or another file settable with the -f flag). This file contains M4 definitions for various compilation values; the most useful are: confMAPDEF -D flags to specify database types to be included (see below) confENVDEF -D flags to specify other environment information confINCDIRS -I flags for finding include files during compilation confLIBDIRS -L flags for finding libraries during linking confLIBS -l flags for selecting libraries during linking confLDOPTS other ld(1) linker options Others can be found by examining Makefile.m4. Please read ../devtools/README for more information about the site.config.m4 file. You can recompile from scratch using the -c flag with the Build command. This removes the existing compilation directory for the current platform and builds a new one. Porting to a new Unix-based system should be a matter of creating an appropriate configuration file in the devtools/OS/ directory. +----------------------+ | DATABASE DEFINITIONS | +----------------------+ There are several database formats that can be used for the alias files and for general maps. When used for alias files they interact in an attempt to be backward compatible. The options are: NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and Digital UNIX 4.0) have some version of this package pre-installed. If your system does not have Berkeley DB pre-installed, or the version installed is not version 2.0 or greater (e.g., is Berkeley DB 1.85 or 1.86), get the current version from http://www.sleepycat.com/. DO NOT use a version from any of the University of California, Berkeley "Net" or other distributions. If you are still running BSD/386 1.x, you will need to upgrade the included Berkeley DB library to a current version. NEWDB is included automatically if the Build script can find a library named libdb.a or libdb.so. NDBM The older NDBM implementation -- the very old V7 DBM implementation is no longer supported. NIS Network Information Services. To use this you must have NIS support on your system. NISPLUS NIS+ (the revised NIS released with Solaris 2). You must have NIS+ support on your system to use this flag. HESIOD Support for Hesiod (from the DEC/Athena distribution). You must already have Hesiod support on your system for this to work. You may be able to get this to work with the MIT/Athena version of Hesiod, but that's likely to be a lot of work. LDAPMAP Lightweight Directory Access Protocol support. You will have to install the UMich or OpenLDAP (http://www.openldap.org/) ldap and lber libraries to use this flag. MAP_REGEX Regular Expression support. You will need to use an operating system which comes with the POSIX regex() routines or install a regexp library such as libregex from the Free Software Foundation. PH_MAP PH map support. You will need the qi PH package. MAP_NSD nsd map support (IRIX 6.5 and later). >>> NOTE WELL for NEWDB support: If you want to get ndbm support, for >>> Berkeley DB versions under 2.0, it is CRITICAL that you remove >>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h; >>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a >>> before you install it. If you don't delete these, there is absolutely >>> no point to including -DNDBM, since it will just get you another >>> (inferior) API to the same format database. These files OVERRIDE >>> calls to ndbm routines -- in particular, if you leave ndbm.h in, >>> you can find yourself using the new db package even if you don't >>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need >>> to be modified. Please also consult the README in the top level >>> directory of the sendmail distribution for other important information. >>> >>> Further note: DO NOT remove your existing /usr/include/ndbm.h -- >>> you need that one. But do not install an updated ndbm.h in >>> /usr/include, /usr/local/include, or anywhere else. If NEWDB and NDBM are defined (but not NIS), then sendmail will read NDBM format alias files, but the next time a newaliases is run the format will be converted to NEWDB; that format will be used forever more. This is intended as a transition feature. If NEWDB, NDBM, and NIS are all defined and the name of the file includes the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format alias files. However, it will only read the NEWDB file; the NDBM format file is used only by the NIS subsystem. This is needed because the NIS maps on an NIS server are built directly from the NDBM files. If NDBM and NIS are defined (regardless of the definition of NEWDB), and the filename includes the string "/yp/", sendmail adds the special tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are required if the NDBM file is to be used as an NIS map. All of these flags are normally defined in the DBMDEF line in the Makefile. If you define NEWDB or HESIOD you get the User Database (USERDB) automatically. Generally you do want to have NEWDB for it to do anything interesting. See above for getting the Berkeley DB package (i.e., NEWDB). There is no separate "user database" package -- don't bother searching for it on the net. Hesiod and LDAP require libraries that may not be installed with your system. These are outside of my ability to provide support. See the "Quirks" section for more information. The regex map can be used to see if an address matches a certain regular expression. For example, all-numerics local parts are common spam addresses, so "^[0-9]+$" would match this. By using such a map in a check_* rule-set, you can block a certain range of addresses that would otherwise be considered valid. +---------------+ | COMPILE FLAGS | +---------------+ Wherever possible, I try to make sendmail pull in the correct compilation options needed to compile on various environments based on automatically defined symbols. Some machines don't seem to have useful symbols available, requiring that a compilation flag be defined in the Makefile; see the devtools/OS subdirectory for the supported architectures. If you are a system to which sendmail has already been ported you should not have to touch the following symbols. But if you are porting, you may have to tweak the following compilation flags in conf.h in order to get it to compile and link properly: SYSTEM5 Adjust for System V (not necessarily Release 4). SYS5SIGNALS Use System V signal semantics -- the signal handler is automatically dropped when the signal is caught. If this is not set, use POSIX/BSD semantics, where the signal handler stays in force until an exec or an explicit delete. Implied by SYSTEM5. SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5. HASFCHMOD Define this to one if you have the fchmod(2) system call. This improves security. HASFCHOWN Define this to one if you have the fchown(2) system call. This is required for the TrustedUser option. HASFLOCK Set this if you prefer to use the flock(2) system call rather than using fcntl-based locking. Fcntl locking has some semantic gotchas, but many vendor systems also interface it to lockd(8) to do NFS-style locking. Unfortunately, may vendors implementations of fcntl locking is just plain broken (e.g., locks are never released, causing your sendmail to deadlock; when the kernel runs out of locks your system crashes). For this reason, I recommend always defining this unless you are absolutely certain that your fcntl locking implementation really works. HASUNAME Set if you have the "uname" system call. Implied by SYSTEM5. HASUNSETENV Define this if your system library has the "unsetenv" subroutine. HASSETSID Define this if you have the setsid(2) system call. This is implied if your system appears to be POSIX compliant. HASINITGROUPS Define this if you have the initgroups(3) routine. HASSETVBUF Define this if you have the setvbuf(3) library call. If you don't, setlinebuf will be used instead. This defaults on if your compiler defines __STDC__. HASSETREUID Define this if you have setreuid(2) ***AND*** root can use setreuid to change to an arbitrary user. This second condition is not satisfied on AIX 3.x. You may find that your system has setresuid(2), (for example, on HP-UX) in which case you will also have to #define setreuid(r, e) to be the appropriate call. Some systems (such as Solaris) have a compatibility routine that doesn't work properly, but may have "saved user ids" properly implemented so you can ``#define setreuid(r, e) seteuid(e)'' and have it work. The important thing is that you have a call that will set the effective uid independently of the real or saved uid and be able to set the effective uid back again when done. There's a test program in ../test/t_setreuid.c that will try things on your system. Setting this improves the security, since sendmail doesn't have to read .forward and :include: files as root. There are certain attacks that may be unpreventable without this call. USESETEUID Define this to 1 if you have a seteuid(2) system call that will allow root to set only the effective user id to an arbitrary value ***AND*** you have saved user ids. This is preferable to HASSETREUID if these conditions are fulfilled. These are the semantics of the to-be-released revision of Posix.1. The test program ../test/t_seteuid.c will try this out on your system. If you define both HASSETREUID and USESETEUID, the former is ignored. HASLSTAT Define this if you have symbolic links (and thus the lstat(2) system call). This improves security. Unlike most other options, this one is on by default, so you need to #undef it in conf.h if you don't have symbolic links (these days everyone does). HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall. You can define it to 0 to force it off. It is assumed if you are running a BSD-like system. HASULIMIT Define this if you have the ulimit(2) syscall (System V style systems). HASSETRLIMIT overrides, as it is more general. HASWAITPID Define this if you have the waitpid(2) syscall. HASGETDTABLESIZE Define this if you have the getdtablesize(2) syscall. HAS_ST_GEN Define this to 1 if your system has the st_gen field in the stat structure (see stat(2)). HASSRANDOMDEV Define this if your system has the srandomdev(3) function call. HASURANDOMDEV Define this if your system has /dev/urandom(4). HASSTRERROR Define this if you have the libc strerror(3) function (which should be declared in ), and it should be used instead of sys_errlist. NEEDGETOPT Define this if you need a reimplementation of getopt(3). On some systems, getopt does very odd things if called to scan the arguments twice. This flag will ask sendmail to compile in a local version of getopt that works properly. NEEDSTRTOL Define this if your standard C library does not define strtol(3). This will compile in a local version. NEEDVPRINTF Define this if your standard C library does not define vprintf(3). Note that the resulting fake implementation is not very elegant and may not even work on some architectures. NEEDFSYNC Define this if your standard C library does not define fsync(2). This will try to simulate the operation using fcntl(2); if that is not available it does nothing, which isn't great, but at least it compiles and runs. HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your standard C library. If this is not defined, or is defined to be 0, sendmail will scan the /etc/shells file (no NIS-style support, defaults to /bin/sh and /bin/csh if that file does not exist) to get a list of unrestricted user shells. This is used to determine whether users are allowed to forward their mail to a program or a file. NEEDPUTENV Define this if your system needs am emulation of the putenv(3) call. Define to 1 to implement it in terms of setenv(3) or to 2 to do it in terms of primitives. NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall. If you don't have this system call, there is an unavoidable race condition that occurs when creating alias databases. GIDSET_T The type of entries in a gidset passed as the second argument to getgroups(2). Historically this has been an int, so this is the default, but some systems (such as IRIX) pass it as a gid_t, which is an unsigned short. This will make a difference, so it is important to get this right! However, it is only an issue if you have group sets. SLEEP_T The type returned by the system sleep() function. Defaults to "unsigned int". Don't worry about this if you don't have compilation problems. ARBPTR_T The type of an arbitrary pointer -- defaults to "void *". If you are an very old compiler you may need to define this to be "char *". SOCKADDR_LEN_T The type used for the third parameter to accept(2), getsockname(2), and getpeername(2), representing the length of a struct sockaddr. Defaults to int. SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2) and setsockopt(2), representing the length of the option buffer. Defaults to int. LA_TYPE The type of load average your kernel supports. These can be one of: LA_ZERO (1) -- it always returns the load average as "zero" (and does so on all architectures). LA_INT (2) to read /dev/kmem for the symbol avenrun and interpret as a long integer. LA_FLOAT (3) same, but interpret the result as a floating point number. LA_SHORT (6) to interpret as a short integer. LA_SUBR (4) if you have the getloadavg(3) routine in your system library. LA_MACH (5) to use MACH-style load averages (calls processor_set_info()), LA_PROCSTR (7) to read /proc/loadavg and interpret it as a string representing a floating-point number (Linux-style). LA_READKSYM (8) is an implementation suitable for some versions of SVr4 that uses the MIOC_READKSYM ioctl call to read /dev/kmem. LA_DGUX (9) is a special implementation for DG/UX that uses the dg_sys_info system call. LA_HPUX (10) is an HP-UX specific version that uses the pstat_getdynamic system call. LA_IRIX6 (11) is an IRIX 6.x specific version that adapts to 32 or 64 bit kernels; it is otherwise very similar to LA_INT. LA_KSTAT (12) uses the (Solaris-specific) kstat(3k) implementation. LA_DEVSHORT (13) reads a short from a system file (default: /dev/table/avenrun) and scales it in the same manner as LA_SHORT. LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several other parameters that they try to divine: the name of your kernel, the name of the variable in the kernel to examine, the number of bits of precision in a fixed point load average, and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the device to be read to find the load average. In desperation, use LA_ZERO. The actual code is in conf.c -- it can be tweaked if you are brave. FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number of bits of load average after the binary point -- i.e., the number of bits to shift right in order to scale the integer to get the true integer load average. Defaults to 8. _PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT, and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix" everywhere else. LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel variable that holds the load average. Defaults to "avenrun" on System V, "_avenrun" everywhere else. SFS_TYPE Encodes how your kernel can locate the amount of free space on a disk partition. This can be set to SFS_NONE (0) if you have no way of getting this information, SFS_USTAT (1) if you have the ustat(2) system call, SFS_4ARGS (2) if you have a four-argument statfs(2) system call (and the include file is ), SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have the two-argument statfs(2) system call with includes in , , or respectively, or SFS_STATVFS (6) if you have the two-argument statvfs(2) call. The default if nothing is defined is SFS_NONE. SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name in the statfs structure that holds the useful information; this defaults to f_bavail. SPT_TYPE Encodes how your system can display what a process is doing on a ps(1) command (SPT stands for Set Process Title). Can be set to: SPT_NONE (0) -- Don't try to set the process title at all. SPT_REUSEARGV (1) -- Pad out your argv with the information; this is the default if none specified. SPT_BUILTIN (2) -- The system library has setproctitle. SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2) to set the process title; this is used by HP-UX. SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD). SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6. SPT_SCO (6) -- Write kernel u. area. SPT_CHANGEARGV (7) -- Write pointers to our own strings into the existing argv vector. SPT_PADCHAR Character used to pad the process title; if undefined, the space character (0x20) is used. This is ignored if SPT_TYPE != SPT_REUSEARGV ERRLIST_PREDEFINED If set, assumes that some header file defines sys_errlist. This may be needed if you get type conflicts on this variable -- otherwise don't worry about it. WAITUNION The wait(2) routine takes a "union wait" argument instead of an integer argument. This is for compatibility with old versions of BSD. SCANF You can set this to extend the F command to accept a scanf string -- this gives you a primitive parser for class definitions -- BUT it can make you vulnerable to core dumps if the target file is poorly formed. SYSLOG_BUFSIZE You can define this to be the size of the buffer that syslog accepts. If it is not defined, it assumes a 1024-byte buffer. If the buffer is very small (under 256 bytes) the log message format changes -- each e-mail message will log many more messages, since it will log each piece of information as a separate line in syslog. BROKEN_RES_SEARCH On Ultrix (and maybe other systems?) if you use the res_search routine with an unknown host name, it returns -1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If you set this, sendmail considers 0 to be the same as HOST_NOT_FOUND. NAMELISTMASK If defined, values returned by nlist(3) are masked against this value before use -- a common value is 0x7fffffff to strip off the top bit. BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that defines the length of this address. SAFENFSPATHCONF Set this to 1 if and only if you have verified that a pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an NFS filesystem where the underlying system allows users to give away files to other users returns <= 0. Be sure you try both on NFS V2 and V3. Some systems assume that their local policy apply to NFS servers -- this is a bad assumption! The test/t_pathconf.c program will try this for you -- you have to run it in a directory that is mounted from a server that allows file giveaway. SIOCGIFCONF_IS_BROKEN Set this if your system has an SIOCGIFCONF ioctl defined, but it doesn't behave the same way as "most" systems (BSD, Solaris, SunOS, HP-UX, etc.) SIOCGIFNUM_IS_BROKEN Set this if your system has an SIOCGIFNUM ioctl defined, but it doesn't behave the same way as "most" systems (Solaris, HP-UX). NEED_PERCENTQ Set this if your system doesn't support the printf format strings %lld or %llu. If this is set, %qd and %qu are used instead. FAST_PID_RECYCLE Set this if your system can reuse the same PID in the same second. SO_REUSEADDR_IS_BROKEN Set this if your system has a setsockopt() SO_REUSEADDR flag but doesn't pay attention to it when trying to bind a socket to a recently closed port. SNPRINTF_IS_BROKEN Set this if your system has an snprintf() implementation which does not NUL terminate the string being filled in. Use test/t_snprintf.c to test your system. +-----------------------+ | COMPILE-TIME FEATURES | +-----------------------+ There are a bunch of features that you can decide to compile in, such as selecting various database packages and special protocol support. Several are assumed based on other compilation flags -- if you want to "un-assume" something, you probably need to edit conf.h. Compilation flags that add support for special features include: NDBM Include support for "new" DBM library for aliases and maps. Normally defined in the Makefile. NEWDB Include support for Berkeley DB package (hash & btree) for aliases and maps. Normally defined in the Makefile. If the version of NEWDB you have is the old one that does not include the "fd" call (this call was added in version 1.5 of the Berkeley DB code), you must upgrade to the current version of Berkeley DB. NIS Define this to get NIS (YP) support for aliases and maps. Normally defined in the Makefile. NISPLUS Define this to get NIS+ support for aliases and maps. Normally defined in the Makefile. HESIOD Define this to get Hesiod support for aliases and maps. Normally defined in the Makefile. NETINFO Define this to get NeXT NetInfo support for aliases and maps. Normally defined in the Makefile. LDAPMAP Define this to get LDAP support for maps. PH_MAP Define this to get PH support for maps. MAP_NSD Define this to get nsd support for maps. USERDB Define this to 1 to include support for the User Information Database. Implied by NEWDB or HESIOD. You can use -DUSERDB=0 to explicitly turn it off. IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support. This is assumed unless you are running on Ultrix or HP-UX, both of which have a problem in the UDP implementation. You can define it to be 0 to explicitly turn off IDENT protocol support. If defined off, the code is actually still compiled in, but it defaults off; you can turn it on by setting the IDENT timeout in the configuration file. IP_SRCROUTE Define this to 1 to get IP source routing information displayed in the Received: header. This is assumed on most systems, but some (e.g., Ultrix) apparently have a broken version of getsockopt that doesn't properly support the IP_OPTIONS call. You probably want this if your OS can cope with it. Symptoms of failure will be that it won't compile properly (that is, no support for fetching IP_OPTIONs), or it compiles but source-routed TCP connections either refuse to open or open and hang for no apparent reason. Ultrix and AIX3 are known to fail this way. LOG Set this to get syslog(3) support. Defined by default in conf.h. You want this if at all possible. NETINET Set this to get TCP/IP support. Defined by default in conf.h. You probably want this. NETINET6 Set this to get IPv6 support. Other configuration may be needed in conf.h for your particular operating system. Also, DaemonPortOptions must be set appropriately for sendmail to accept IPv6 connections. NETISO Define this to get ISO networking support. NETUNIX Define this to get Unix domain networking support. Defined by default. A few bizarre systems (SCO, ISC, Altos) don't support this networking domain. NETNS Define this to get NS networking support. NETX25 Define this to get X.25 networking support. SMTP Define this to get the SMTP code. Implied by NETINET or NETISO. NAMED_BIND If non-zero, include DNS (name daemon) support, including MX support. The specs say you must use this if you run SMTP. You don't have to be running a name server daemon on your machine to need this -- any use of the DNS resolver, including remote access to another machine, requires this option. Defined by default in conf.h. Define it to zero ONLY on machines that do not use DNS in any way. QUEUE Define this to get queueing code. Implied by NETINET or NETISO; required by SMTP. This gives you other good stuff -- it should be on. DAEMON Define this to get general network support. Implied by NETINET or NETISO. Defined by default in conf.h. You almost certainly want it on. MATCHGECOS Permit fuzzy matching of user names against the full name (GECOS) field in the /etc/passwd file. This should probably be on, since you can disable it from the config file if you want to. Defined by default in conf.h. MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This also controls advertisement of 8BITMIME in the ESMTP startup dialogue. MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. HES_GETMAILHOST Define this to 1 if you are using Hesiod with the hes_getmailhost() routine. This is included with the MIT Hesiod distribution, but not with the DEC Hesiod distribution. XDEBUG Do additional internal checking. These don't cost too much; you might as well leave this on. TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap). See below for further information. SECUREWARE Enable calls to the SecureWare luid enabling/changing routines. SecureWare is a C2 security package added to several UNIX's (notably ConvexOS) to get a C2 Secure system. This option causes mail delivery to be done with the luid of the recipient. SHARE_V1 Support for the fair share scheduler, version 1. Setting to 1 causes final delivery to be done using the recipients resource limitations. So far as I know, this is only supported on ConvexOS. SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/). Please install at least version 1.5.13. See below for further information: SASL COMPILATION AND CONFIGURATION. If your SASL library is older than 1.5.10, you have to set this to its version number using a simple conversion: a.b.c -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509. Note: Using an older version than 1.5.5 of Cyrus SASL is not supported. Starting with version 1.5.10, setting SASL=1 is sufficient. Any value other than 1 (or 0) will be compared with the actual version found and if there is a mismatch, compilation will fail. EGD Define this if your system has EGD installed, see http://www.lothar.com/tech/crypto/ . It should be used to seed the PRNG for STARTTLS if HASURANDOMDEV is not defined. STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL (http://www.OpenSSL.org/) and sfio (see below). Use OpenSSL 0.9.5a or later (if compatible with this version), do not use 0.9.3. See STARTTLS COMPILATION AND CONFIGURATION for further information. TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS. SFIO Uses sfio instead of stdio. sfio is available from AT&T (http://www.research.att.com/sw/tools/sfio/). If this compile flag is set, confSTDIO_TYPE must be set to portable. This compile flag is necessary for STARTTLS; it also enables the security layer of SASL. The sfio include file stdio.h must be installed in a subdirectory called sfio, i.e., if you install sfio in /usr/local, stdio.h should be in /usr/local/include/sfio, and libsfio.a should be in - /usr/local/lib. Notice: you may run into problems if - you use sfio2000 (the body of a message is lost). Use - sfio1999 instead. + /usr/local/lib. Notice: read the sfio section in + OPERATING SYSTEM AND COMPILE QUIRKS. +---------------------+ | DNS/RESOLVER ISSUES | +---------------------+ Many systems have old versions of the resolver library. At a minimum, you should be running BIND 4.8.3; older versions may compile, but they have known bugs that should give you pause. Common problems in old versions include "undefined" errors for dn_skipname. Some people have had a problem with BIND 4.9; it uses some routines that it expects to be externally defined such as strerror(). It may help to link with "-l44bsd" to solve this problem. This has apparently been fixed in later versions of BIND, starting around 4.9.3. In other words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or later versions, you do not. !PLEASE! be sure to link with the same version of the resolver as the header files you used -- some people have used the 4.9 headers and linked with BIND 4.8 or vice versa, and it doesn't work. Unfortunately, it doesn't fail in an obvious way -- things just subtly don't work. WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they work reliably is if you have two versions of DNS, one in the real world which has a wildcard pointing to your firewall, and a completely different version of the database internally that does not include wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE YOU HEADACHES! +When attempting to canonify a hostname, some broken name servers will +return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you +want to excuse this behavior, compile sendmail with +-D_FFR_WORKAROUND_BROKEN_NAMESERVERS. However, instead, we recommend catching +the problem and reporting it to the name server administrator so we can rid +the world of broken name servers. +----------------------------------------+ | STARTTLS COMPILATION AND CONFIGURATION | +----------------------------------------+ Please read the docs accompanying the OpenSSL library and sfio. You have to compile and install both libraries before you can compile sendmail. See devtools/README how to set the correct compile time parameters; you should at least set the following variables: define(`confSTDIO_TYPE', `portable') APPENDDEF(`confENVDEF', `-DSFIO') APPENDDEF(`confLIBS', `-lsfio') APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') Configuration information can be found in doc/op/op.me (required certificates) and cf/README (how to tell sendmail about certificates). To perform an initial test, connect to your sendmail daemon (telnet localhost 25) and issue a EHLO localhost and see whether 250-STARTTLS is in the response. If it isn't, run the daemon with -O LogLevel=14 and try again. Then take a look at the logfile and see whether there are any problems listed about permissions (unsafe files) or the validity of X.509 certificates. Note: sfio must be used in all libraries with which sendmail exchanges file pointers. That is, libsmutil must be compiled with sfio, which is accomplished by the above config parameters. Another example is PH map support. This does not apply to the usual libraries, e.g., OpenSSL, Berkeley DB, Cyrus SASL. Further information can be found via: http://www.sendmail.org/tips/ +------------------------------------+ | SASL COMPILATION AND CONFIGURATION | +------------------------------------+ Please read the docs accompanying the library (INSTALL and README). If you use Berkeley DB for Cyrus SASL then you must compile sendmail with the same version of Berkeley DB. You have to select and install authentication mechanisms and tell sendmail where to find the sasl library and the include files (see devtools/README for the parameters to set). Setup the required users and passwords as explained in the SASL documentation. See also cf/README for authentication related options (esp. DefaultAuthInfo if you want authentication between MTAs). To perform an initial test, connect to your sendmail daemon (telnet localhost 25) and issue a EHLO localhost and see whether 250-AUTH .... is in the response. If it isn't, run the daemon with -O LogLevel=14 and try again. Then take a look at the logfile and see whether there are any security related problems listed (unsafe files). Further information can be found via: http://www.sendmail.org/tips/ +-------------------------------------+ | OPERATING SYSTEM AND COMPILE QUIRKS | +-------------------------------------+ GCC problems ***************************************************************** ** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE ** ** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC ** ** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. ** ***************************************************************** Jim Wilson of Cygnus believes he has found the problem -- it will probably be fixed in GCC 2.5.6 -- but until this is verified, be very suspicious of gcc -O. This problem is reported to have been fixed in gcc 2.6. A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with optimization on a Sparc. If you are using gcc 2.5.5, youi should upgrade to the latest version of gcc. Apparently GCC 2.7.0 on the Pentium processor has optimization problems. I recommend against using -O on that architecture. This has been seen on FreeBSD 2.0.5 RELEASE. Solaris 2.X users should use version 2.7.2.3 over 2.7.2. We have been told there are problems with gcc 2.8.0. If you are using this version, you should upgrade to 2.8.1 or later. GDBM GDBM does not work with sendmail 8.8 because the additional security checks and file locking cause problems. Unfortunately, gdbm does not provide a compile flag in its version of ndbm.h so the code can adapt. Until the GDBM authors can fix these problems, GDBM will not be supported. Please use Berkeley DB instead. Configuration file location Up to 8.6, sendmail tried to find the sendmail.cf file in the same place as the vendors had put it, even when this was obviously stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf. Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf. You can get sendmail to use the stupid vendor .cf location by adding -DUSE_VENDOR_CF_PATH during compilation, but this may break support programs and scripts that need to find sendmail.cf. You are STRONGLY urged to use symbolic links if you want to use the vendor location rather than changing the location in the sendmail binary. NETINFO systems use NETINFO to determine the location of sendmail.cf. The full path to sendmail.cf is stored as the value of the "sendmail.cf" property in the "/locations/sendmail" subdirectory of NETINFO. Set the value of this property to "/etc/mail/sendmail.cf" (without the quotes) to use this new default location for Sendmail 8.10.0 and higher. ControlSocket permissions Paraphrased from BIND 8.2.1's README: Solaris and other pre-4.4BSD kernels do not respect ownership or protections on UNIX-domain sockets. The short term fix for this is to override the default path and put such control sockets into root- owned directories which do not permit non-root to r/w/x through them. The long term fix is for all kernels to upgrade to 4.4BSD semantics. SunOS 4.x (Solaris 1.x) You may have to use -lresolv on SunOS. However, beware that this links in a new version of gethostbyname that does not understand NIS, so you must have all of your hosts in DNS. Some people have reported problems with the SunOS version of -lresolv and/or in.named, and suggest that you get a newer version. The symptoms are delays when you connect to the SMTP server on a SunOS machine or having your domain added to addresses inappropriately. There is a version of BIND version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9. There is substantial disagreement about whether you can make this work with resolv+, which allows you to specify a search-path of services. Some people report that it works fine, others claim it doesn't work at all (including causing sendmail to drop core when it tries to do multiple resolv+ lookups for a single job). I haven't tried resolv+, as we use DNS exclusively. Should you want to try resolv+, it is on ftp.uu.net in /networking/ip/dns. Apparently getservbyname() can fail under moderate to high load under some circumstances. This will exhibit itself as the message ``554 makeconnection: service "smtp" unknown''. The problem has been traced to one or more blank lines in /etc/services on the NIS server machine. Delete these and it should work. This info is thanks to Brian Bartholomew of I-Kinetics, Inc. NOTE: The SunOS 4.X linker uses library paths specified during compilation using -L for run-time shared library searches. Therefore, it is vital that relative and unsafe directory paths not be used when compiling sendmail. SunOS 4.0.2 (Sun 386i) Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST) From: teus@oce.nl Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the following changes: * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname available as "uname" command. * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in devtools/OS/SunOS.4.0, which is selected via the "uname" command. I recommend to make available the db-library on the system first (and change the Makefile to use this library). Note that the sendmail.cf and aliases files are found in /etc. SunOS 4.1.3, 4.1.3_U1 Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According to Sun bug number 1077939: If an application does a getsockopt() on a SOCK_STREAM (TCP) socket after the other side of the connection has sent a TCP RESET for the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or ip_ctloutput() routine. For 4.1.3, this is fixed in patch 100584-08, available on the Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch 101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later obsoleted by patch 102010-05. Sun patch 100584-08 is not currently publicly available on their ftp site but a user has reported it can be found at other sites using a web search engine. Solaris 2.x (SunOS 5.x) To compile for Solaris, the Makefile built by Build must include a SOLARIS definition which reflects the Solaris version (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1). If you are using gcc, make sure -I/usr/include is not used (or it might complain about TopFrame). If you are using Sun's cc, make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc (or it might complain about tm_zone). The Solaris "syslog" function is apparently limited to something about 90 characters because of a kernel limitation. If you have source code, you can probably up this number. You can get patches that fix this problem: the patch ids are: Solaris 2.1 100834 Solaris 2.2 100999 Solaris 2.3 101318 Be sure you have the appropriate patch installed or you won't see system logging. Solaris 2.4 (SunOS 5.4) If you include /usr/lib at the end of your LD_LIBRARY_PATH you run the risk of getting the wrong libraries under some circumstances. This is because of a new feature in Solaris 2.4, described by Rod.Evans@Eng.Sun.COM: >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the >> runtime linker if the application was setxid (secure), thus your >> applications search path would be: >> >> /usr/local/lib LD_LIBRARY_PATH component - IGNORED >> /usr/lib LD_LIBRARY_PATH component - IGNORED >> /usr/local/lib RPATH - honored >> /usr/lib RPATH - honored >> >> the effect is that path 3 would be the first used, and this would >> satisfy your resolv.so lookup. >> >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible. >> People who developed setxid applications wanted to be able to alter >> the library search path to some degree to allow for their own >> testing and debugging mechanisms. It was decided that the only >> secure way to do this was to allow a `trusted' path to be used in >> LD_LIBRARY_PATH. The only trusted directory we presently define >> is /usr/lib. Thus a setuid root developer could play with some >> alternative shared object implementations and place them in >> /usr/lib (being root we assume they'ed have access to write in this >> directory). This change was made as part of 1155380 - after a >> *huge* amount of discussion regarding the security aspect of things. >> >> So, in SunOS 5.4 your applications search path would be: >> >> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy) >> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy) >> /usr/local/lib from RPATH - honored >> /usr/lib from RPATH - honored >> >> here, path 2 would be the first used. Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6) Apparently Solaris 2.5.1 patch 103663-01 installs a new /usr/include/resolv.h file that defines the __P macro without checking to see if it is already defined. This new resolv.h is also included in the Solaris 2.6 distribution. This causes compile warnings such as: In file included from daemon.c:51: /usr/include/resolv.h:208: warning: `__P' redefined cdefs.h:58: warning: this is the location of the previous definition These warnings can be safely ignored or you can create a resolv.h file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads: #undef __P #include "/usr/include/resolv.h" Sun is aware of the problem (Sun bug ID 4081053) and it will be fixed in Solaris 2.7. Solaris 7 (SunOS 5.7) Solaris 7 includes LDAP libraries but the implementation was lacking a few things. The following settings can be placed in devtools/Site/site.SunOS.5.7.m4 if you plan on using those libraries. APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3') APPENDDEF(`confLIBS', `-lldap') Also, Sun's patch 107555 is needed to prevent a crash in the call to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if LDAP support is compiled in sendmail. +Solaris + If you are using dns for hostname resolution on Solaris, make sure + that the 'dns' entry is last on the hosts line in + '/etc/nsswitch.conf'. For example, use: + + hosts: nisplus files dns + + Do not use: + + host: nisplus dns [NOTFOUND=return] files + + Note that 'nisplus' above is an illustration. The same comment + applies no matter what naming services you are using. If you have + anything other than dns last, even after "[NOTFOUND=return]", + sendmail may not be able to determine whether an error was + temporary or permanent. The error returned by the solaris + gethostbyname() is the error for the last lookup used, and other + naming services do not have the same concept of temporary failure. + Ultrix By default, the IDENT protocol is turned off on Ultrix. If you are running Ultrix 4.4 or later, or if you have included patch CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn IDENT on in the configuration file by setting the "ident" timeout. The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver included in libc.a. Unfortunately, the __RES symbol hasn't changed and therefore, sendmail can no longer automatically detect the newer version. If you get a compiler error: /lib/libc.a(gethostent.o): local_hostname_length: multiply defined Then rebuild with this in devtools/Site/site.ULTRIX.m4: APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0') Digital UNIX (formerly DEC OSF/1) If you are compiling on OSF/1 (DEC Alpha), you must use -L/usr/shlib (otherwise it core dumps on startup). You may also need -mld to get the nlist() function, although some versions apparently don't need this. Also, the enclosed makefile removed /usr/sbin/smtpd; if you need it, just create the link to the sendmail binary. On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work properly due to a bug in the getpw* routines. If you want to use this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C. Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will only preserve the envelope sender in the "From " header if DefaultUserID is set to daemon. Setting this to mailnull will cause all mail to have the header "From mailnull ...". To use a different DefaultUserID, you will need to use a different mail delivery agent (such as mail.local found in the sendmail distribution). On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the operating system and already has the ndbm.o module removed. However, Digital has modified the original Berkeley DB db.h include file. This results in the following warning while compiling map.c and udb.c: cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro "__signed" conflicts with a current definition because the replacement lists differ. The redefinition is now in effect. #define __signed signed ------------------------^ This warning can be ignored. Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/. If you have installed a new version of BIND in /usr/include and /usr/lib, you will experience difficulties as Digital ships libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both copies of libresolv.a. IRIX The header files on SGI IRIX are completely prototyped, and as a result you can sometimes get some warning messages during compilation. These can be ignored. There are two errors in deliver only if you are using gcc, both of the form ``warning: passing arg N of `execve' from incompatible pointer type''. Also, if you compile with -DNIS, you will get a complaint about a declaration of struct dom_binding in a prototype when compiling map.c; this is not important because the function being prototyped is not used in that file. In order to compile sendmail you will have had to install the developers' option in order to get the necessary include files. If you compile with -lmalloc (the fast memory allocator), you may get warning messages such as the following: ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so preempts that definition in /usr/lib32/mips3/libc.so. ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so preempts that definition in /usr/lib32/mips3/libc.so. ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so preempts that definition in /usr/lib32/mips3/libc.so. ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so preempts that definition in /usr/lib32/mips3/libc.so. ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so preempts that definition in /usr/lib32/mips3/libc.so. These are unavoidable and innocuous -- just ignore them. According to Dave Sill , there is a version of the Berkeley DB library patched to run on Irix 6.2 available from http://reality.sgi.com/ariel/freeware/#db . IRIX 6.x If you are using XFS filesystem, avoid using the -32 ABI switch to the cc compiler if possible. IRIX 6.4 The IRIX 6.5.4 version of /bin/m4 does not work properly with sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and use /usr/freeware/bin/m4 or install and use GNU m4. NeXT or NEXTSTEP NEXTSTEP 3.3 and earlier ship with the old DBM library. Also, Berkeley DB does not currently run on NEXTSTEP. If you are compiling on NEXTSTEP, you will have to create an empty file "unistd.h" and create a file "dirent.h" containing: #include #define dirent direct (devtools/OS/NeXT should try to do both of these for you.) Apparently, there is a bug in getservbyname on Nextstep 3.0 that causes it to fail under some circumstances with the message "SYSERR: service "smtp" unknown" logged. You should be able to work around this by including the line: OOPort=25 in your .cf file. BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0 The "m4" from BSDI won't handle the config files properly. I haven't had a chance to test this myself. The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config files properly. One must use either GNU m4 1.1 or the PD-M4 recently posted in comp.os.386bsd.bugs (and maybe others). NetBSD-current includes the PD-M4 (as stated in the NetBSD file CHANGES). FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to use it (look into devtools/OS/FreeBSD). NetBSD-current may have it too but it has not been verified. The latest version of Berkeley DB uses a different naming scheme than the version that is supplied with your release. This means you will be able to use the current version of Berkeley DB with sendmail as long you use the new db.h when compiling sendmail and link it against the new libdb.a or libdb.so. You should probably keep the original db.h in /usr/include and the new db.h in /usr/local/include. 4.3BSD If you are running a "virgin" version of 4.3BSD, you'll have a very old resolver and be missing some header files. The header files are simple -- create empty versions and everything will work fine. For the resolver you should really port a new version (4.8.3 or later) of the resolver; 4.9 is available on gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really determined to continue to use your old, buggy version (or as a shortcut to get sendmail working -- I'm sure you have the best intentions to port a modern version of BIND), you can copy ../contrib/oldbind.compat.c into sendmail and add oldbind.compat.o to OBJADD in the Makefile. A/UX Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT) From: "Eric C. Hagberg" Subject: Fix for A/UX ndbm I guess this isn't really a sendmail bug, however, it is something that A/UX users should be aware of when compiling sendmail 8.6. Apparently, the calls that sendmail is using to the ndbm routines in A/UX 3.0.x contain calls to "broken" routines, in that the aliases database will break when it gets "just a little big" (sorry I don't have exact numbers here, but it broke somewhere around 20-25 aliases for me.), making all aliases non-functional after exceeding this point. What I did was to get the gnu-dbm-1.6 package, compile it, and then re-compile sendmail with "-lgdbm", "-DNDBM", and using the ndbm.h header file that comes with the gnu-package. This makes things behave properly. [NOTE: see comment above about GDBM] I suppose porting the New Berkeley DB package is another route, however, I made a quick attempt at it, and found it difficult (not easy at least); the gnu-dbm package "configured" and compiled easily. [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for database maps.] SCO Unix From: Thomas Essebier Organisation: Stallion Technologies Pty Ltd. It will probably help those who are trying to configure sendmail 8.6.9 to know that if they are on SCO, they had better set OI-dnsrch or they will core dump as soon as they try to use the resolver. ie. although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3, it does not inititialise it, nor does it understand 'search' in /etc/named.boot. - sigh - According to SCO, the m4 which ships with UnixWare 2.1.2 is broken. We recommend installing GNU m4 before attempting to build sendmail. DG/UX Doug Anderson has successfully run V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage. Originally, the DG /bin/mail program wasn't compatible with the V8 sendmail, since the DG /bin/mail requires the environment variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes this in the environment before invoking the local mailer. Some have used procmail to avoid this problem in the past. It works but some have experienced file locking problems with their DG/UX ports of procmail. Apollo DomainOS If you are compiling on Apollo, you will have to create an empty file "unistd.h" (for DomainOS 10.3 and earlier) and create a file "dirent.h" containing: #include #define dirent direct (devtools/OS/DomainOS will attempt to do both of these for you.) HP-UX 8.00 Date: Mon, 24 Jan 1994 13:25:45 +0200 From: Kimmo Suominen Subject: 8.6.5 w/ HP-UX 8.00 on s300 Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (ie. a series 300 machine) running HP-UX 8.00. I was getting segmentation fault when delivering to a local user. With debugging I saw it was faulting when doing _free@libc... *sigh* It seems the new implementation of malloc on s300 is buggy as of 8.0, so I tried out the one in -lmalloc (malloc(3X)). With that it seems to work just dandy. When linking, you will get the following error: ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a but you can just ignore it. You might want to add this info to the README file for the future... Linux Something broke between versions 0.99.13 and 0.99.14 of Linux: the flock() system call gives errors. If you are running .14, you must not use flock. You can do this with -DHASFLOCK=0. Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the initialization of the _res structure changed. If /etc/hosts.conf was configured as "hosts, bind" the resolver code could return "Name server failure" errors. This is supposedly fixed in later versions of libc (>= 4.6.29?), and later versions of sendmail (> 8.6.10) try to work around the problem. Some older versions (< 4.6.20?) of the libc/include files conflict with sendmail's version of cdefs.h. Deleting sendmail's version on those systems should be non-harmful, and new versions don't care. Sendmail assumes that libc has snprintf, which has been true since libc 4.7.0. If you are running an older version, you will need to use -DHASSNPRINTF=0 in the Makefile. If may be able to use -lbsd (which includes snprintf) instead of turning this off on versions of libc between 4.4.4 and 4.7.0 (snprintf improves security, so you want to use this if at all possible). NOTE ON LINUX & BIND: By default, the Makefile generated for Linux includes header files in /usr/local/include and libraries in /usr/local/lib. If you've installed BIND on your system, the header files typically end up in the search path and you need to add "-lresolv" to the LIBS line in your Makefile. Really old versions may need to include "-l44bsd" as well (particularly if the link phase complains about missing strcasecmp, strncasecmp or strpbrk). Complaints about an undefined reference to `__dn_skipname' in domain.o are a sure sign that you need to add -lresolv to LIBS. Newer versions of Linux are basically threaded BIND, so you may or may not see complaints if you accidentally mix BIND headers/libraries with virginal libc. If you have BIND headers in /usr/local/include (resolv.h, etc) you *should* be adding -lresolv to LIBS. Data structures may change and you'd be asking for a core dump. A number of problems have been reported regarding the Linux 2.2.0 kernel. So far, these problems have been tracked down to syslog() and DNS resolution. We believe the problem is with the poll() implementation in the Linux 2.2.0 kernel and poll()-aware versions of glib (at least up to 2.0.111). Some pre-glibc distributions of Linux include a syslog.h that does not work properly with SFIO. You can fix this by adding "#include " to the SFIO version of stdio.h as the very first line. AIX 4.X The AIX 4.X linker uses library paths specified during compilation using -L for run-time shared library searches. Therefore, it is vital that relative and unsafe directory paths not be using when compiling sendmail. Because of this danger, by default, compiles on AIX use the -blibpath option to limit shared libraries to /usr/lib and /lib. If you need to allow more directories, such as /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4, site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS approriately. For example: define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib') Be sure to only add (safe) system directories. The AIX version of GNU ld also exhibits this problem. If you are using that version, instead of -blibpath, use its -rpath option. For example: gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib AIX 4.3.3 From: Valdis.Kletnieks@vt.edu Date: Sun, 02 Jul 2000 03:58:02 -0400 Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the BIND 8.2.2 security holes, you can no longer build with -DNETINET6 because they changed the value of __RES in resolv.h but failed to actually provide the API changes that the change implied. Workarounds: 1) Compile without -DNETINET6 2) Build against a real Bind 8.2.2 include/lib tree 3) Wait for IBM to fix it -AIX 4.2 +AIX 4.X The AIX m4 implements a different mechanism for ifdef which is inconsistent with other versions of m4. Therefore, it will not work properly with the sendmail Build architecture or m4 configuration method. To work around this problem, please use GNU m4 from ftp://ftp.gnu.org/pub/gnu/. AIX 3.x This version of sendmail does not support MB, MG, and MR resource records, which are supported by AIX sendmail. Several people have reported that the IBM-supplied named returns fairly random results -- the named should be replaced. It is not necessary to replace the resolver, which will simplify installation. A new BIND resolver can be found at http://www.isc.org/isc/. AIX 3.1.x The supplied load average code only works correctly for AIX 3.2.x. For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor'' package by Jussi Maki from ftp.funet.fi in the directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd daemon, and the getloadavg subroutine supplied with that package. If you don't care about load average throttling, just turn off load average checking using -DLA_TYPE=LA_ZERO. AIX 2.2.1 Date: Mon Dec 4 14:14:56 CST 1995 From: Mark Whetzel Subject: Porting sendmail 8.7.2 to AIX V2 on the RT. This version of sendmail does not support MB, MG, and MR resource records, which are supported by AIX sendmail. AIX V2 on the RT does not have 'paths.h'. Create a null file in the 'obj' directory to remove this compile error. A patch file is needed to get the BSD 'db' library to compile for AIX/RT. I have sent the necessary updates to the author, but they may not be immediately available. [NOTE: Berkeley DB version 2.X runs on AIX/RT.] The original AIX/RT resolver libraries are very old, and you should get the latest BIND to replace it. The 4.8.3 version has been tested, but 4.9.x is out and should work. To make the load average code work correctly requires an external routine, as the kernel does not maintain system load averages, similar to AIX V3.1.x. A reverse port of the older 1.05 'monitor' load average daemon code written by Jussi Maki that will work on AIX V2 for the RT is available by E-mail to Mark Whetzel . That code depends on an external daemon to collect system load information, and the external routine 'getloadavg', that will return that information. The 'LA_SUBR' define will handle this for AIX V2 on the RT. Note: You will have to change devtools/OS/AIX.2 to correctly point to the locatons of the updated BIND source tree and the location of the 'newdb' tree and library location. You will also have to change devtools/OS/AIX.2 to know about the location of the 'getloadavg' routine if you use the LA_SUBR define. RISC/os RISC/os from MIPS is a merged AT&T/Berkeley system. When you compile on that platform you will get duplicate definitions on many files. You can ignore these. System V Release 4 Based Systems There is a single devtools OS that is intended for all SVR4-based systems (built from devtools/OS/SVR4). It defines __svr4__, which is predefined by some compilers. If your compiler already defines this compile variable, you can delete the definition from the generated Makefile or create a devtools/Site/site.config.m4 file. It's been tested on Dell Issue 2.2. DELL SVR4 Date: Mon, 06 Dec 1993 10:42:29 EST From: "Kimmo Suominen" Message-ID: <2d0352f9.lento29@lento29.UUCP> To: eric@cs.berkeley.edu Cc: sendmail@cs.berkeley.edu Subject: Notes for DELL SVR4 Eric, Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran across these things when helping out some people who contacted me by e-mail. 1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their Issue 2.2 Unix. It is too old, and gives you problems with clock.c, because sigset_t won't get defined in . This is due to a problematic protection rule in there, and is fixed with gcc 2.4.5. 2) If you don't use the new Berkeley DB (-DNEWDB), then you need to add "-lc -lucb" to the libraries to link with. This is because the -ldbm distributed by Dell needs the bcopy, bcmp and bzero functions. It is important that you specify both libraries in the given order to be sure you only get the BSTRING functions from the UCB library (and not the signal routines etc.). 3) Don't leave out "-lelf" even if compiling with "-lc -lucb". The UCB library also has another copy of the nlist routines, but we do want the ones from "-lelf". If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they can use anonymous ftp to fetch them from lut.fi in the /kim directory. They are copies of what I use on grendel.lut.fi, and offering them does not imply that I would also support them. I have sent the DB port for SVR4 back to Keith Bostic for inclusion in the official distribution, but I haven't heard anything from him as of today. - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++) - db-1.72.tar.gz (with source, objects and a installed copy) Cheers + Kim -- * Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI * * KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI * * + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI * ConvexOS 10.1 and below In order to use the name server, you must create the file /etc/use_nameserver. If this file does not exist, the call to res_init() will fail and you will have absolutely no access to DNS, including MX records. Amdahl UTS 2.1.5 In order to get UTS to work, you will have to port BIND 4.9. The vendor's BIND is reported to be ``totally inadequate.'' See sendmail/contrib/AmdahlUTS.patch for the patches necessary to get BIND 4.9 compiled for UTS. UnixWare According to Alexander Kolbasov , the m4 on UnixWare 2.0 (still in Beta) will core dump on the config files. GNU m4 and the m4 from UnixWare 1.x both work. According to Larry Rosenman : UnixWare 2.1.[23]'s m4 chokes (not obviously) when processing the 8.9.0 cf files. I had a LOCAL_RULE_0 that wound up AFTER the SBasic_check_rcpt rules using the SCO supplied M4. GNU M4 works fine. UNICOS 8.0.3.4 Some people have reported that the -O flag on UNICOS can cause problems. You may want to turn this off if you have problems running sendmail. Reported by Jerry G. DeLapp . GNU getopt I'm told that GNU getopt has a problem in that it gets confused by the double call. Use the version in conf.c instead. BIND 4.9.2 and Ultrix If you are running on Ultrix, be sure you read conf/Info.Ultrix in the BIND distribution very carefully -- there is information in there that you need to know in order to avoid errors of the form: /lib/libc.a(gethostent.o): sethostent: multiply defined /lib/libc.a(gethostent.o): endhostent: multiply defined /lib/libc.a(gethostent.o): gethostbyname: multiply defined /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined during the link stage. BIND 8.X BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary DNS failures when trying to find the hostname associated with an IP address (gethostbyaddr()). This can cause problems as $&{client_name} based lookups in class R ($=R) and the access database won't succeed. This will be fixed in BIND 8.2.1. For earlier versions, this can be fixed by making "dns" the last name service queried for host resolution in /etc/irs.conf: hosts local continue hosts dns strtoul Some compilers (notably gcc) claim to be ANSI C but do not include the ANSI-required routine "strtoul". If your compiler has this problem, you will get an error in srvrsmtp.c on the code: # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY) e->e_msgsize = strtoul(vp, (char **) NULL, 10); # else e->e_msgsize = strtol(vp, (char **) NULL, 10); # endif You can use -DBROKEN_ANSI_LIBRARY to get around this problem. Listproc 6.0c Date: 23 Sep 1995 23:56:07 GMT Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk> From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz) Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint] Just upgraded to sendmail 8.7, and discovered that listproc 6.0c breaks, because it, by default, sends a blank "HELO" rather than a "HELO hostname" when using the 'system' or 'telnet' mailmethod. The fix is to include -DZMAILER in the compilation, which will cause it to use "HELO hostname" (which Z-mail apparently requires as well. :) OpenSSL OpenSSL versions prior to 0.9.6 use a macro named Free which conflicts with existing macro names on some platforms, such as AIX. Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with 0.9.5a. +sfio + You may run into problems if you use sfio2000 (the body of a + message is lost). Use sfio1999 instead; however, it also has + a bug that can cause sendmail to fail. A patch has been provided + by Petr Lampa of Brno University of Technology, which is given here: + +diff -rc ../../../../sfio/src/lib/sfio/sfputr.c ./sfputr.c +*** ../../../../sfio/src/lib/sfio/sfputr.c Tue May 16 18:25:49 2000 +--- ./sfputr.c Wed Sep 20 09:06:01 2000 +*************** +*** 24,29 **** +--- 24,30 ---- + for(w = 0; (*s || rc >= 0); ) + { SFWPEEK(f,ps,p); + ++ if(p == -1) return -1; /* PL */ + if(p == 0 || (f->flags&SF_WHOLE) ) + { n = strlen(s); + if(p >= (n + (rc < 0 ? 0 : 1)) ) + + PH PH support is provided by Mark Roth . The map is - described at http://www-wsg.cso.uiuc.edu/sendmail/patches/ . + described at http://www-dev.cso.uiuc.edu/sendmail/ . Please contact Mark Roth for support and questions regarding the map. TCP Wrappers If you are using -DTCPWRAPPERS to get TCP Wrappers support you will also need to install libwrap.a and modify your site.config.m4 file or the generated Makefile to include -lwrap in the LIBS line (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and libwrap.a can be found). TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/. If you have alternate MX sites for your site, be sure that all of your MX sites reject the same set of hosts. If not, a bad guy whom you reject will connect to your site, fail, and move on to the next MX site, which will accept the mail for you and forward it on to you. Regular Expressions (MAP_REGEX) If sendmail linking fails with: undefined reference to 'regcomp' or sendmail gives an error about a regular expression with: pattern-compile-error: : Operation not applicable Your libc does not include a running version of POSIX-regex. Use librx or regex.o from the GNU Free Software Foundation, ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz. You can also use the regex-lib by Henry Spencer, ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz Make sure, your compiler reads regex.h from the distribution, not from /usr/include, otherwise sendmail will dump a core. +--------------+ | MANUAL PAGES | +--------------+ The manual pages have been written against the -man macros, and should format correctly with any reasonable *roff. +-----------------+ | DEBUGGING HOOKS | +-----------------+ As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log some debugging output (logged at LOG_DEBUG severity). The information dumped is: * The value of the $j macro. * A warning if $j is not in the set $=w. * A list of the open file descriptors. * The contents of the connection cache. * If ruleset 89 is defined, it is evaluated and the results printed. This allows you to get information regarding the runtime state of the daemon on the fly. This should not be done too frequently, since the process of rewriting may lose memory which will not be recovered. Also, ruleset 89 may call non-reentrant routines, so there is a small non-zero probability that this will cause other problems. It is really only for debugging serious problems. A typical formulation of ruleset 89 would be: R$* $@ $>0 some test address +-----------------------------+ | DESCRIPTION OF SOURCE FILES | +-----------------------------+ The following list describes the files in this directory: Build Shell script for building sendmail. Makefile A convenience for calling ./Build. Makefile.m4 A template for constructing a makefile based on the information in the devtools directory. README This file. TRACEFLAGS My own personal list of the trace flags -- not guaranteed to be particularly up to date. alias.c Does name aliasing in all forms. aliases.5 Man page describing the format of the aliases file. arpadate.c A subroutine which creates ARPANET standard dates. bf.h Buffered file I/O function declarations. bf_portable.c Stub routines for systems lacking the Torek stdio library. bf_portable.h Data structure and function declarations for bf_portable.c. bf_torek.c Routines to implement memory-buffered file system using hooks provided by Torek stdio library. bf_torek.h Data structure and function declarations for bf_torek.c. clock.c Routines to implement real-time oriented functions in sendmail -- e.g., timeouts. collect.c The routine that actually reads the mail into a temp file. It also does a certain amount of parsing of the header, etc. conf.c The configuration file. This contains information that is presumed to be quite static and non- controversial, or code compiled in for efficiency reasons. Most of the configuration is in sendmail.cf. conf.h Configuration that must be known everywhere. convtime.c A routine to sanely process times. daemon.c Routines to implement daemon mode. This version is specifically for Berkeley 4.1 IPC. deliver.c Routines to deliver mail. domain.c Routines that interface with DNS (the Domain Name System). envelope.c Routines to manipulate the envelope structure. err.c Routines to print error messages. headers.c Routines to process message headers. helpfile An example helpfile for the SMTP HELP command and -bt mode. macro.c The macro expander. This is used internally to insert information from the configuration file. mailq.1 Man page for the mailq command. main.c The main routine to sendmail. This file also contains some miscellaneous routines. makesendmail A convenience for calling ./Build. map.c Support for database maps. mci.c Routines that handle mail connection information caching. milter.c MTA portions of the mail filter API. mime.c MIME conversion routines. newaliases.1 Man page for the newaliases command. parseaddr.c The routines which do address parsing. queue.c Routines to implement message queueing. readcf.c The routine that reads the configuration file and translates it to internal form. recipient.c Routines that manipulate the recipient list. savemail.c Routines which save the letter on processing errors. sendmail.8 Man page for the sendmail command. sendmail.h Main header file for sendmail. sfsasl.c I/O interface between SASL/TLS and the MTA using SFIO. sfsasl.h Header file for sfsasl.c. shmticklib.c Routines for shared memory counters. srvrsmtp.c Routines to implement server SMTP. stab.c Routines to manage the symbol table. stats.c Routines to collect and post the statistics. statusd_shm.h Data structure and function declarations for shmticklib.c. sysexits.c List of error messages associated with error codes in sysexits.h. sysexits.h List of error codes for systems that lack their own. timers.c Routines to provide microtimers. timers.h Data structure and function declarations for timers.h. trace.c The trace package. These routines allow setting and testing of trace flags with a high granularity. udb.c The user database interface module. usersmtp.c Routines to implement user SMTP. util.c Some general purpose routines used by sendmail. version.c The version number and information about this version of sendmail. -(Version $Revision: 8.263.2.1.2.21 $, last update $Date: 2000/09/27 16:36:26 $ ) +(Version $Revision: 8.263.2.1.2.27 $, last update $Date: 2000/12/16 16:46:02 $ ) Index: stable/4/contrib/sendmail/src/alias.c =================================================================== --- stable/4/contrib/sendmail/src/alias.c (revision 71887) +++ stable/4/contrib/sendmail/src/alias.c (revision 71888) @@ -1,993 +1,993 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. */ #include #ifndef lint -static char id[] = "@(#)$Id: alias.c,v 8.142.4.3 2000/09/21 21:52:16 ca Exp $"; +static char id[] = "@(#)$Id: alias.c,v 8.142.4.9 2000/11/08 20:58:42 geir Exp $"; #endif /* ! lint */ # define SEPARATOR ':' # define ALIAS_SPEC_SEPARATORS " ,/:" static MAP *AliasFileMap = NULL; /* the actual aliases.files map */ static int NAliasFileMaps; /* the number of entries in AliasFileMap */ static char *aliaslookup __P((char *, int *)); /* ** ALIAS -- Compute aliases. ** ** Scans the alias file for an alias for the given address. ** If found, it arranges to deliver to the alias list instead. ** Uses libdbm database if -DDBM. ** ** Parameters: ** a -- address to alias. ** sendq -- a pointer to the head of the send queue ** to put the aliases in. ** aliaslevel -- the current alias nesting depth. ** e -- the current envelope. ** ** Returns: ** none ** ** Side Effects: ** Aliases found are expanded. ** ** Deficiencies: ** It should complain about names that are aliased to ** nothing. */ void alias(a, sendq, aliaslevel, e) register ADDRESS *a; ADDRESS **sendq; int aliaslevel; register ENVELOPE *e; { register char *p; char *owner; auto int status = EX_OK; char obuf[MAXNAME + 7]; if (tTd(27, 1)) dprintf("alias(%s)\n", a->q_user); /* don't realias already aliased names */ if (!QS_IS_OK(a->q_state)) return; if (NoAlias) return; e->e_to = a->q_paddr; /* ** Look up this name. ** ** If the map was unavailable, we will queue this message ** until the map becomes available; otherwise, we could ** bounce messages inappropriately. */ #if _FFR_REDIRECTEMPTY /* ** envelope <> can't be sent to mailing lists, only owner- ** send spam of this type to owner- of the list ** ---- to stop spam from going to mailing lists! */ if (e->e_sender != NULL && *e->e_sender == '\0') { /* Look for owner of alias */ (void) strlcpy(obuf, "owner-", sizeof obuf); (void) strlcat(obuf, a->q_user, sizeof obuf); if (aliaslookup(obuf, &status) != NULL) { if (LogLevel > 8) syslog(LOG_WARNING, "possible spam from <> to list: %s, redirected to %s\n", a->q_user, obuf); a->q_user = newstr(obuf); } } #endif /* _FFR_REDIRECTEMPTY */ p = aliaslookup(a->q_user, &status); if (status == EX_TEMPFAIL || status == EX_UNAVAILABLE) { a->q_state = QS_QUEUEUP; if (e->e_message == NULL) e->e_message = newstr("alias database unavailable"); return; } if (p == NULL) return; /* ** Match on Alias. ** Deliver to the target list. */ if (tTd(27, 1)) dprintf("%s (%s, %s) aliased to %s\n", a->q_paddr, a->q_host, a->q_user, p); if (bitset(EF_VRFYONLY, e->e_flags)) { a->q_state = QS_VERIFIED; return; } message("aliased to %s", shortenstring(p, MAXSHORTSTR)); if (LogLevel > 10) sm_syslog(LOG_INFO, e->e_id, "alias %.100s => %s", a->q_paddr, shortenstring(p, MAXSHORTSTR)); a->q_flags &= ~QSELFREF; if (tTd(27, 5)) { dprintf("alias: QS_EXPANDED "); printaddr(a, FALSE); } a->q_state = QS_EXPANDED; /* ** Always deliver aliased items as the default user. ** Setting q_gid to 0 forces deliver() to use DefUser ** instead of the alias name for the call to initgroups(). */ a->q_uid = DefUid; a->q_gid = 0; a->q_fullname = NULL; a->q_flags |= QGOODUID|QALIAS; (void) sendtolist(p, a, sendq, aliaslevel + 1, e); if (bitset(QSELFREF, a->q_flags) && QS_IS_EXPANDED(a->q_state)) a->q_state = QS_OK; /* ** Look for owner of alias */ (void) strlcpy(obuf, "owner-", sizeof obuf); if (strncmp(a->q_user, "owner-", 6) == 0 || strlen(a->q_user) > (SIZE_T) sizeof obuf - 7) (void) strlcat(obuf, "owner", sizeof obuf); else (void) strlcat(obuf, a->q_user, sizeof obuf); owner = aliaslookup(obuf, &status); if (owner == NULL) return; /* reflect owner into envelope sender */ if (strpbrk(owner, ",:/|\"") != NULL) owner = obuf; a->q_owner = newstr(owner); /* announce delivery to this alias; NORECEIPT bit set later */ if (e->e_xfp != NULL) fprintf(e->e_xfp, "Message delivered to mailing list %s\n", a->q_paddr); e->e_flags |= EF_SENDRECEIPT; a->q_flags |= QDELIVERED|QEXPANDED; } /* ** ALIASLOOKUP -- look up a name in the alias file. ** ** Parameters: ** name -- the name to look up. ** pstat -- a pointer to a place to put the status. ** ** Returns: ** the value of name. ** NULL if unknown. ** ** Side Effects: ** none. ** ** Warnings: ** The return value will be trashed across calls. */ static char * aliaslookup(name, pstat) char *name; int *pstat; { static MAP *map = NULL; if (map == NULL) { STAB *s = stab("aliases", ST_MAP, ST_FIND); if (s == NULL) return NULL; map = &s->s_map; } DYNOPENMAP(map); /* special case POstMastER -- always use lower case */ if (strcasecmp(name, "postmaster") == 0) name = "postmaster"; return (*map->map_class->map_lookup)(map, name, NULL, pstat); } /* ** SETALIAS -- set up an alias map ** ** Called when reading configuration file. ** ** Parameters: ** spec -- the alias specification ** ** Returns: ** none. */ void setalias(spec) char *spec; { register char *p; register MAP *map; char *class; STAB *s; if (tTd(27, 8)) dprintf("setalias(%s)\n", spec); for (p = spec; p != NULL; ) { char buf[50]; while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; spec = p; if (NAliasFileMaps >= MAXMAPSTACK) { syserr("Too many alias databases defined, %d max", MAXMAPSTACK); return; } if (AliasFileMap == NULL) { (void) strlcpy(buf, "aliases.files sequence", sizeof buf); AliasFileMap = makemapentry(buf); if (AliasFileMap == NULL) { syserr("setalias: cannot create aliases.files map"); return; } } (void) snprintf(buf, sizeof buf, "Alias%d", NAliasFileMaps); s = stab(buf, ST_MAP, ST_ENTER); map = &s->s_map; memset(map, '\0', sizeof *map); map->map_mname = s->s_name; - p = strpbrk(p,ALIAS_SPEC_SEPARATORS); + p = strpbrk(p, ALIAS_SPEC_SEPARATORS); if (p != NULL && *p == SEPARATOR) { /* map name */ *p++ = '\0'; class = spec; spec = p; } else { class = "implicit"; map->map_mflags = MF_INCLNULL; } /* find end of spec */ if (p != NULL) { bool quoted = FALSE; for (; *p != '\0'; p++) { /* ** Don't break into a quoted string. ** Needed for ldap maps which use ** commas in their specifications. */ if (*p == '"') quoted = !quoted; else if (*p == ',' && !quoted) break; } /* No more alias specifications follow */ if (*p == '\0') p = NULL; } if (p != NULL) *p++ = '\0'; if (tTd(27, 20)) dprintf(" map %s:%s %s\n", class, s->s_name, spec); /* look up class */ s = stab(class, ST_MAPCLASS, ST_FIND); if (s == NULL) { syserr("setalias: unknown alias class %s", class); } else if (!bitset(MCF_ALIASOK, s->s_mapclass.map_cflags)) { syserr("setalias: map class %s can't handle aliases", class); } else { map->map_class = &s->s_mapclass; if (map->map_class->map_parse(map, spec)) { map->map_mflags |= MF_VALID|MF_ALIAS; AliasFileMap->map_stack[NAliasFileMaps++] = map; } } } } /* ** ALIASWAIT -- wait for distinguished @:@ token to appear. ** ** This can decide to reopen or rebuild the alias file ** ** Parameters: ** map -- a pointer to the map descriptor for this alias file. ** ext -- the filename extension (e.g., ".db") for the ** database file. ** isopen -- if set, the database is already open, and we ** should check for validity; otherwise, we are ** just checking to see if it should be created. ** ** Returns: ** TRUE -- if the database is open when we return. ** FALSE -- if the database is closed when we return. */ bool aliaswait(map, ext, isopen) MAP *map; char *ext; bool isopen; { bool attimeout = FALSE; time_t mtime; struct stat stb; char buf[MAXNAME + 1]; if (tTd(27, 3)) dprintf("aliaswait(%s:%s)\n", map->map_class->map_cname, map->map_file); if (bitset(MF_ALIASWAIT, map->map_mflags)) return isopen; map->map_mflags |= MF_ALIASWAIT; if (SafeAlias > 0) { auto int st; time_t toolong = curtime() + SafeAlias; unsigned int sleeptime = 2; while (isopen && map->map_class->map_lookup(map, "@", NULL, &st) == NULL) { if (curtime() > toolong) { /* we timed out */ attimeout = TRUE; break; } /* ** Close and re-open the alias database in case ** the one is mv'ed instead of cp'ed in. */ if (tTd(27, 2)) dprintf("aliaswait: sleeping for %u seconds\n", sleeptime); map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); (void) sleep(sleeptime); sleeptime *= 2; if (sleeptime > 60) sleeptime = 60; isopen = map->map_class->map_open(map, O_RDONLY); } } /* see if we need to go into auto-rebuild mode */ if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags)) { if (tTd(27, 3)) dprintf("aliaswait: not rebuildable\n"); map->map_mflags &= ~MF_ALIASWAIT; return isopen; } if (stat(map->map_file, &stb) < 0) { if (tTd(27, 3)) dprintf("aliaswait: no source file\n"); map->map_mflags &= ~MF_ALIASWAIT; return isopen; } mtime = stb.st_mtime; snprintf(buf, sizeof buf, "%s%s", map->map_file, ext == NULL ? "" : ext); if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout) { #if !_FFR_REMOVE_AUTOREBUILD /* database is out of date */ if (AutoRebuild && stb.st_ino != 0 && (stb.st_uid == geteuid() || (geteuid() == 0 && stb.st_uid == TrustedUid))) { bool oldSuprErrs; message("auto-rebuilding alias database %s", buf); oldSuprErrs = SuprErrs; SuprErrs = TRUE; if (isopen) { map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); } (void) rebuildaliases(map, TRUE); isopen = map->map_class->map_open(map, O_RDONLY); SuprErrs = oldSuprErrs; } else { if (LogLevel > 3) sm_syslog(LOG_INFO, NOQID, "alias database %s out of date", buf); message("Warning: alias database %s out of date", buf); } #else /* !_FFR_REMOVE_AUTOREBUILD */ if (LogLevel > 3) sm_syslog(LOG_INFO, NOQID, "alias database %s out of date", buf); message("Warning: alias database %s out of date", buf); #endif /* !_FFR_REMOVE_AUTOREBUILD */ } map->map_mflags &= ~MF_ALIASWAIT; return isopen; } /* ** REBUILDALIASES -- rebuild the alias database. ** ** Parameters: ** map -- the database to rebuild. ** automatic -- set if this was automatically generated. ** ** Returns: ** TRUE if successful; FALSE otherwise. ** ** Side Effects: ** Reads the text version of the database, builds the ** DBM or DB version. */ bool rebuildaliases(map, automatic) register MAP *map; bool automatic; { FILE *af; bool nolock = FALSE; bool success = FALSE; long sff = SFF_OPENASROOT|SFF_REGONLY|SFF_NOLOCK; sigfunc_t oldsigint, oldsigquit; #ifdef SIGTSTP sigfunc_t oldsigtstp; #endif /* SIGTSTP */ if (!bitset(MCF_REBUILDABLE, map->map_class->map_cflags)) return FALSE; if (!bitnset(DBS_LINKEDALIASFILEINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; if (!bitnset(DBS_GROUPWRITABLEALIASFILE, DontBlameSendmail)) sff |= SFF_NOGWFILES; if (!bitnset(DBS_WORLDWRITABLEALIASFILE, DontBlameSendmail)) sff |= SFF_NOWWFILES; /* try to lock the source file */ if ((af = safefopen(map->map_file, O_RDWR, 0, sff)) == NULL) { struct stat stb; if ((errno != EACCES && errno != EROFS) || automatic || (af = safefopen(map->map_file, O_RDONLY, 0, sff)) == NULL) { int saveerr = errno; if (tTd(27, 1)) dprintf("Can't open %s: %s\n", map->map_file, errstring(saveerr)); if (!automatic && !bitset(MF_OPTIONAL, map->map_mflags)) message("newaliases: cannot open %s: %s", map->map_file, errstring(saveerr)); errno = 0; return FALSE; } nolock = TRUE; if (tTd(27, 1) || fstat(fileno(af), &stb) < 0 || bitset(S_IWUSR|S_IWGRP|S_IWOTH, stb.st_mode)) message("warning: cannot lock %s: %s", map->map_file, errstring(errno)); } /* see if someone else is rebuilding the alias file */ if (!nolock && !lockfile(fileno(af), map->map_file, NULL, LOCK_EX|LOCK_NB)) { /* yes, they are -- wait until done */ message("Alias file %s is locked (maybe being rebuilt)", map->map_file); if (OpMode != MD_INITALIAS) { /* wait for other rebuild to complete */ (void) lockfile(fileno(af), map->map_file, NULL, LOCK_EX); } (void) fclose(af); errno = 0; return FALSE; } oldsigint = setsignal(SIGINT, SIG_IGN); oldsigquit = setsignal(SIGQUIT, SIG_IGN); #ifdef SIGTSTP oldsigtstp = setsignal(SIGTSTP, SIG_IGN); #endif /* SIGTSTP */ if (map->map_class->map_open(map, O_RDWR)) { if (LogLevel > 7) { sm_syslog(LOG_NOTICE, NOQID, "alias database %s %srebuilt by %s", map->map_file, automatic ? "auto" : "", username()); } map->map_mflags |= MF_OPEN|MF_WRITABLE; map->map_pid = getpid(); readaliases(map, af, !automatic, TRUE); success = TRUE; } else { if (tTd(27, 1)) dprintf("Can't create database for %s: %s\n", map->map_file, errstring(errno)); if (!automatic) syserr("Cannot create database for alias file %s", map->map_file); } /* close the file, thus releasing locks */ (void) fclose(af); /* add distinguished entries and close the database */ if (bitset(MF_OPEN, map->map_mflags)) { map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); } /* restore the old signals */ (void) setsignal(SIGINT, oldsigint); (void) setsignal(SIGQUIT, oldsigquit); # ifdef SIGTSTP (void) setsignal(SIGTSTP, oldsigtstp); # endif /* SIGTSTP */ return success; } /* ** READALIASES -- read and process the alias file. ** ** This routine implements the part of initaliases that occurs ** when we are not going to use the DBM stuff. ** ** Parameters: ** map -- the alias database descriptor. ** af -- file to read the aliases from. ** announcestats -- announce statistics regarding number of ** aliases, longest alias, etc. ** logstats -- lot the same info. ** ** Returns: ** none. ** ** Side Effects: ** Reads aliasfile into the symbol table. ** Optionally, builds the .dir & .pag files. */ void readaliases(map, af, announcestats, logstats) register MAP *map; FILE *af; bool announcestats; bool logstats; { register char *p; char *rhs; bool skipping; long naliases, bytes, longest; ADDRESS al, bl; char line[BUFSIZ]; /* ** Read and interpret lines */ FileName = map->map_file; LineNumber = 0; naliases = bytes = longest = 0; skipping = FALSE; while (fgets(line, sizeof line, af) != NULL) { int lhssize, rhssize; int c; LineNumber++; p = strchr(line, '\n'); while (p != NULL && p > line && p[-1] == '\\') { p--; if (fgets(p, SPACELEFT(line, p), af) == NULL) break; LineNumber++; p = strchr(p, '\n'); } if (p != NULL) *p = '\0'; else if (!feof(af)) { errno = 0; syserr("554 5.3.0 alias line too long"); /* flush to end of line */ while ((c = getc(af)) != EOF && c != '\n') continue; /* skip any continuation lines */ skipping = TRUE; continue; } switch (line[0]) { case '#': case '\0': skipping = FALSE; continue; case ' ': case '\t': if (!skipping) syserr("554 5.3.5 Non-continuation line starts with space"); skipping = TRUE; continue; } skipping = FALSE; /* ** Process the LHS ** Find the colon separator, and parse the address. ** It should resolve to a local name -- this will ** be checked later (we want to optionally do ** parsing of the RHS first to maximize error ** detection). */ for (p = line; *p != '\0' && *p != ':' && *p != '\n'; p++) continue; if (*p++ != ':') { syserr("554 5.3.5 missing colon"); continue; } if (parseaddr(line, &al, RF_COPYALL, ':', NULL, CurEnv) == NULL) { syserr("554 5.3.5 %.40s... illegal alias name", line); continue; } /* ** Process the RHS. ** 'al' is the internal form of the LHS address. ** 'p' points to the text of the RHS. */ while (isascii(*p) && isspace(*p)) p++; rhs = p; for (;;) { register char *nlp; nlp = &p[strlen(p)]; - if (nlp[-1] == '\n') + if (nlp > p && nlp[-1] == '\n') *--nlp = '\0'; if (CheckAliases) { /* do parsing & compression of addresses */ while (*p != '\0') { auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; if (*p == '\0') break; if (parseaddr(p, &bl, RF_COPYNONE, ',', &delimptr, CurEnv) == NULL) usrerr("553 5.3.5 %s... bad address", p); p = delimptr; } } else { p = nlp; } /* see if there should be a continuation line */ c = getc(af); if (!feof(af)) (void) ungetc(c, af); if (c != ' ' && c != '\t') break; /* read continuation line */ if (fgets(p, sizeof line - (p - line), af) == NULL) break; LineNumber++; /* check for line overflow */ if (strchr(p, '\n') == NULL && !feof(af)) { usrerr("554 5.3.5 alias too long"); while ((c = fgetc(af)) != EOF && c != '\n') continue; skipping = TRUE; break; } } if (skipping) continue; if (!bitnset(M_ALIASABLE, al.q_mailer->m_flags)) { syserr("554 5.3.5 %s... cannot alias non-local names", al.q_paddr); continue; } /* ** Insert alias into symbol table or database file. ** ** Special case pOStmaStER -- always make it lower case. */ if (strcasecmp(al.q_user, "postmaster") == 0) makelower(al.q_user); lhssize = strlen(al.q_user); rhssize = strlen(rhs); if (rhssize > 0) { /* is RHS empty (just spaces)? */ p = rhs; while (isascii(*p) && isspace(*p)) p++; } if (rhssize == 0 || *p == '\0') { syserr("554 5.3.5 %.40s... missing value for alias", line); } else { map->map_class->map_store(map, al.q_user, rhs); /* statistics */ naliases++; bytes += lhssize + rhssize; if (rhssize > longest) longest = rhssize; } if (al.q_paddr != NULL) free(al.q_paddr); if (al.q_host != NULL) free(al.q_host); if (al.q_user != NULL) free(al.q_user); } CurEnv->e_to = NULL; FileName = NULL; if (Verbose || announcestats) message("%s: %ld aliases, longest %ld bytes, %ld bytes total", map->map_file, naliases, longest, bytes); if (LogLevel > 7 && logstats) sm_syslog(LOG_INFO, NOQID, "%s: %ld aliases, longest %ld bytes, %ld bytes total", map->map_file, naliases, longest, bytes); } /* ** FORWARD -- Try to forward mail ** ** This is similar but not identical to aliasing. ** ** Parameters: ** user -- the name of the user who's mail we would like ** to forward to. It must have been verified -- ** i.e., the q_home field must have been filled ** in. ** sendq -- a pointer to the head of the send queue to ** put this user's aliases in. ** aliaslevel -- the current alias nesting depth. ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** New names are added to send queues. */ void forward(user, sendq, aliaslevel, e) ADDRESS *user; ADDRESS **sendq; int aliaslevel; register ENVELOPE *e; { char *pp; char *ep; bool got_transient; if (tTd(27, 1)) dprintf("forward(%s)\n", user->q_paddr); if (!bitnset(M_HASPWENT, user->q_mailer->m_flags) || !QS_IS_OK(user->q_state)) return; if (user->q_home == NULL) { syserr("554 5.3.0 forward: no home"); user->q_home = "/no/such/directory"; } /* good address -- look for .forward file in home */ define('z', user->q_home, e); define('u', user->q_user, e); define('h', user->q_host, e); if (ForwardPath == NULL) ForwardPath = newstr("\201z/.forward"); got_transient = FALSE; for (pp = ForwardPath; pp != NULL; pp = ep) { int err; char buf[MAXPATHLEN + 1]; struct stat st; ep = strchr(pp, SEPARATOR); if (ep != NULL) *ep = '\0'; expand(pp, buf, sizeof buf, e); if (ep != NULL) *ep++ = SEPARATOR; if (buf[0] == '\0') continue; if (tTd(27, 3)) dprintf("forward: trying %s\n", buf); err = include(buf, TRUE, user, sendq, aliaslevel, e); if (err == 0) break; else if (transienterror(err)) { /* we may have to suspend this message */ got_transient = TRUE; if (tTd(27, 2)) dprintf("forward: transient error on %s\n", buf); if (LogLevel > 2) { char *curhost = CurHostName; CurHostName = NULL; sm_syslog(LOG_ERR, e->e_id, "forward %s: transient error: %s", buf, errstring(err)); CurHostName = curhost; } } else { switch (err) { case ENOENT: break; case E_SM_WWDIR: case E_SM_GWDIR: /* check if it even exists */ if (stat(buf, &st) < 0 && errno == ENOENT) { if (bitnset(DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH, DontBlameSendmail)) break; } /* FALLTHROUGH */ #if _FFR_FORWARD_SYSERR case E_SM_NOSLINK: case E_SM_NOHLINK: case E_SM_REGONLY: case E_SM_ISEXEC: case E_SM_WWFILE: case E_SM_GWFILE: syserr("forward: %s: %s", buf, errstring(err)); break; #endif /* _FFR_FORWARD_SYSERR */ default: if (LogLevel > (RunAsUid == 0 ? 2 : 10)) sm_syslog(LOG_WARNING, e->e_id, "forward %s: %s", buf, errstring(err)); if (Verbose) message("forward: %s: %s", buf, errstring(err)); break; } } } if (pp == NULL && got_transient) { /* ** There was no successful .forward open and at least one ** transient open. We have to defer this address for ** further delivery. */ message("transient .forward open error: message queued"); user->q_state = QS_QUEUEUP; return; } } Index: stable/4/contrib/sendmail/src/aliases =================================================================== --- stable/4/contrib/sendmail/src/aliases (revision 71887) +++ stable/4/contrib/sendmail/src/aliases (revision 71888) @@ -1,54 +1,33 @@ # -# $Id: aliases,v 8.1 1999/02/06 18:44:07 gshapiro Exp $ +# $Id: aliases,v 8.1.36.1 2000/10/16 20:18:39 gshapiro Exp $ # @(#)aliases 8.2 (Berkeley) 3/5/94 # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. MAILER-DAEMON: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root games: root ingres: root nobody: root system: root toor: root uucp: root # Well-known aliases. manager: root dumper: root operator: root # trap decode to catch security attacks decode: root - -# OFFICIAL CSRG/BUG ADDRESSES - -# Ftp maintainer. -ftp: ftp-bugs -ftp-bugs: bigbug@cs.berkeley.edu - -# Distribution office. -bsd-dist: bsd-dist@cs.berkeley.edu - -# Fortune maintainer. -fortune: fortune@cs.berkeley.edu - -# Termcap maintainer. -termcap: termcap@cs.berkeley.edu - -# General bug address. -ucb-fixes: bigbug@cs.berkeley.edu -ucb-fixes-request: bigbug@cs.berkeley.edu -bugs: bugs@cs.berkeley.edu -# END OFFICIAL BUG ADDRESSES Index: stable/4/contrib/sendmail/src/aliases.5 =================================================================== --- stable/4/contrib/sendmail/src/aliases.5 (revision 71887) +++ stable/4/contrib/sendmail/src/aliases.5 (revision 71888) @@ -1,122 +1,122 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1997 Eric P. Allman. All rights reserved. .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: aliases.5,v 8.15.4.1 2000/07/18 07:23:02 gshapiro Exp $ +.\" $Id: aliases.5,v 8.15.4.2 2000/12/14 23:08:15 gshapiro Exp $ .\" .\" $FreeBSD$ .\" -.TH ALIASES 5 "$Date: 2000/07/18 07:23:02 $" +.TH ALIASES 5 "$Date: 2000/12/14 23:08:15 $" .SH NAME -.B aliases +aliases \- aliases file for sendmail .SH SYNOPSIS .B aliases .SH DESCRIPTION This file describes user ID aliases used by sendmail. The file resides in /etc/mail and is formatted as a series of lines of the form .IP name: addr_1, addr_2, addr_3, . . . .PP The .I name is the name to alias, and the .I addr_n are the aliases for that name. .I addr_n can be another alias, a local username, a local filename, a command, an include file, or an external address. .TP .B Local Username username .IP The username must be available via getpwnam(3). .TP .B Local Filename /path/name .IP Messages are appended to the file specified by the full pathname (starting with a slash (/)) .TP .B Command |command .IP A command starts with a pipe symbol (|), it receives messages via standard input. .TP .B Include File :include: /path/name .IP The aliases in pathname are added to the aliases for .I name. .TP .B E-Mail Address user@domain .IP An e-mail address in RFC 822 format. .PP Lines beginning with white space are continuation lines. Another way to continue lines is by placing a backslash directly before a newline. Lines beginning with # are comments. .PP Aliasing occurs only on local names. Loops can not occur, since no message will be sent to any person more than once. .PP After aliasing has been done, local and valid recipients who have a ``.forward'' file in their home directory have messages forwarded to the list of users defined in that file. .PP This is only the raw data file; the actual aliasing information is placed into a binary format in the file /etc/mail/aliases.db using the program newaliases(1). A newaliases command should be executed each time the aliases file is changed for the change to take effect. .SH SEE ALSO newaliases(1), dbm(3), dbopen(3), db_open(3), sendmail(8) .PP .I SENDMAIL Installation and Operation Guide. .PP .I SENDMAIL An Internetwork Mail Router. .SH BUGS If you have compiled sendmail with DBM support instead of NEWDB, you may have encountered problems in dbm(3) restricting a single alias to about 1000 bytes of information. You can get longer aliases by ``chaining''; that is, make the last name in the alias be a dummy name which is a continuation alias. .SH HISTORY The .B aliases file format appeared in 4.0BSD. Index: stable/4/contrib/sendmail/src/collect.c =================================================================== --- stable/4/contrib/sendmail/src/collect.c (revision 71887) +++ stable/4/contrib/sendmail/src/collect.c (revision 71888) @@ -1,886 +1,893 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: collect.c,v 8.136.4.6 2000/09/21 21:52:16 ca Exp $"; +static char id[] = "@(#)$Id: collect.c,v 8.136.4.8 2000/10/09 00:50:04 gshapiro Exp $"; #endif /* ! lint */ #include static void collecttimeout __P((time_t)); static void dferror __P((FILE *volatile, char *, ENVELOPE *)); static void eatfrom __P((char *volatile, ENVELOPE *)); /* ** COLLECT -- read & parse message header & make temp file. ** ** Creates a temporary file name and copies the standard ** input to that file. Leading UNIX-style "From" lines are ** stripped off (after important information is extracted). ** ** Parameters: ** fp -- file to read. ** smtpmode -- if set, we are running SMTP: give an RFC821 ** style message to say we are ready to collect ** input, and never ignore a single dot to mean ** end of message. ** hdrp -- the location to stash the header. ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** Temp file is created and filled. ** The from person may be set. */ static jmp_buf CtxCollectTimeout; static bool CollectProgress; static EVENT *CollectTimeout; /* values for input state machine */ #define IS_NORM 0 /* middle of line */ #define IS_BOL 1 /* beginning of line */ #define IS_DOT 2 /* read a dot at beginning of line */ #define IS_DOTCR 3 /* read ".\r" at beginning of line */ #define IS_CR 4 /* read a carriage return */ /* values for message state machine */ #define MS_UFROM 0 /* reading Unix from line */ #define MS_HEADER 1 /* reading message header */ #define MS_BODY 2 /* reading message body */ #define MS_DISCARD 3 /* discarding rest of message */ void collect(fp, smtpmode, hdrp, e) FILE *fp; bool smtpmode; HDR **hdrp; register ENVELOPE *e; { register FILE *volatile df; volatile bool ignrdot = smtpmode ? FALSE : IgnrDot; volatile time_t dbto = smtpmode ? TimeOuts.to_datablock : 0; register char *volatile bp; volatile int c = EOF; volatile bool inputerr = FALSE; bool headeronly; char *volatile buf; volatile int buflen; volatile int istate; volatile int mstate; volatile int hdrslen = 0; volatile int numhdrs = 0; volatile int dfd; volatile int afd; volatile int rstat = EX_OK; u_char *volatile pbp; u_char peekbuf[8]; char hsize[16]; char hnum[16]; char dfname[MAXPATHLEN]; char bufbuf[MAXLINE]; headeronly = hdrp != NULL; /* ** Create the temp file name and create the file. */ if (!headeronly) { struct stat stbuf; (void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname); #if _FFR_QUEUE_FILE_MODE { MODE_T oldumask; if (bitset(S_IWGRP, QueueFileMode)) oldumask = umask(002); df = bfopen(dfname, QueueFileMode, DataFileBufferSize, SFF_OPENASROOT); if (bitset(S_IWGRP, QueueFileMode)) (void) umask(oldumask); } #else /* _FFR_QUEUE_FILE_MODE */ df = bfopen(dfname, FileMode, DataFileBufferSize, SFF_OPENASROOT); #endif /* _FFR_QUEUE_FILE_MODE */ if (df == NULL) { syserr("Cannot create %s", dfname); e->e_flags |= EF_NO_BODY_RETN; finis(TRUE, ExitStat); /* NOTREACHED */ } dfd = fileno(df); if (dfd < 0 || fstat(dfd, &stbuf) < 0) e->e_dfino = -1; else { e->e_dfdev = stbuf.st_dev; e->e_dfino = stbuf.st_ino; } HasEightBits = FALSE; e->e_msgsize = 0; e->e_flags |= EF_HAS_DF; } /* ** Tell ARPANET to go ahead. */ if (smtpmode) message("354 Enter mail, end with \".\" on a line by itself"); if (tTd(30, 2)) dprintf("collect\n"); /* ** Read the message. ** ** This is done using two interleaved state machines. ** The input state machine is looking for things like ** hidden dots; the message state machine is handling ** the larger picture (e.g., header versus body). */ buf = bp = bufbuf; buflen = sizeof bufbuf; pbp = peekbuf; istate = IS_BOL; mstate = SaveFrom ? MS_HEADER : MS_UFROM; CollectProgress = FALSE; if (dbto != 0) { /* handle possible input timeout */ if (setjmp(CtxCollectTimeout) != 0) { if (LogLevel > 2) sm_syslog(LOG_NOTICE, e->e_id, "timeout waiting for input from %s during message collect", CurHostName ? CurHostName : ""); errno = 0; usrerr("451 4.4.1 timeout waiting for input during message collect"); goto readerr; } CollectTimeout = setevent(dbto, collecttimeout, dbto); } for (;;) { if (tTd(30, 35)) dprintf("top, istate=%d, mstate=%d\n", istate, mstate); for (;;) { if (pbp > peekbuf) c = *--pbp; else { while (!feof(fp) && !ferror(fp)) { errno = 0; c = getc(fp); if (c == EOF && errno == EINTR) { /* Interrupted, retry */ clearerr(fp); continue; } break; } CollectProgress = TRUE; if (TrafficLogFile != NULL && !headeronly) { if (istate == IS_BOL) (void) fprintf(TrafficLogFile, "%05d <<< ", (int) getpid()); if (c == EOF) (void) fprintf(TrafficLogFile, "[EOF]\n"); else (void) putc(c, TrafficLogFile); } if (c == EOF) goto readerr; if (SevenBitInput) c &= 0x7f; else HasEightBits |= bitset(0x80, c); } if (tTd(30, 94)) dprintf("istate=%d, c=%c (0x%x)\n", istate, (char) c, c); switch (istate) { case IS_BOL: if (c == '.') { istate = IS_DOT; continue; } break; case IS_DOT: if (c == '\n' && !ignrdot && !bitset(EF_NL_NOT_EOL, e->e_flags)) goto readerr; else if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags)) { istate = IS_DOTCR; continue; } else if (c != '.' || (OpMode != MD_SMTP && OpMode != MD_DAEMON && OpMode != MD_ARPAFTP)) { *pbp++ = c; c = '.'; } break; case IS_DOTCR: if (c == '\n' && !ignrdot) goto readerr; else { /* push back the ".\rx" */ *pbp++ = c; *pbp++ = '\r'; c = '.'; } break; case IS_CR: if (c == '\n') istate = IS_BOL; else { (void) ungetc(c, fp); c = '\r'; istate = IS_NORM; } goto bufferchar; } if (c == '\r' && !bitset(EF_CRLF_NOT_EOL, e->e_flags)) { istate = IS_CR; continue; } else if (c == '\n' && !bitset(EF_NL_NOT_EOL, e->e_flags)) istate = IS_BOL; else istate = IS_NORM; bufferchar: if (!headeronly) { /* no overflow? */ if (e->e_msgsize >= 0) { e->e_msgsize++; if (MaxMessageSize > 0 && !bitset(EF_TOOBIG, e->e_flags) && e->e_msgsize > MaxMessageSize) e->e_flags |= EF_TOOBIG; } } switch (mstate) { case MS_BODY: /* just put the character out */ if (!bitset(EF_TOOBIG, e->e_flags)) (void) putc(c, df); /* FALLTHROUGH */ case MS_DISCARD: continue; } /* header -- buffer up */ if (bp >= &buf[buflen - 2]) { char *obuf; if (mstate != MS_HEADER) break; /* out of space for header */ obuf = buf; if (buflen < MEMCHUNKSIZE) buflen *= 2; else buflen += MEMCHUNKSIZE; buf = xalloc(buflen); memmove(buf, obuf, bp - obuf); bp = &buf[bp - obuf]; if (obuf != bufbuf) free(obuf); } if (c >= 0200 && c <= 0237) { #if 0 /* causes complaints -- figure out something for 8.11 */ usrerr("Illegal character 0x%x in header", c); #else /* 0 */ /* EMPTY */ #endif /* 0 */ } else if (c != '\0') { *bp++ = c; if (MaxHeadersLength > 0 && ++hdrslen > MaxHeadersLength) { sm_syslog(LOG_NOTICE, e->e_id, "headers too large (%d max) from %s during message collect", MaxHeadersLength, CurHostName != NULL ? CurHostName : "localhost"); errno = 0; e->e_flags |= EF_CLRQUEUE; e->e_status = "5.6.0"; usrerrenh(e->e_status, "552 Headers too large (%d max)", MaxHeadersLength); mstate = MS_DISCARD; } } if (istate == IS_BOL) break; } *bp = '\0'; nextstate: if (tTd(30, 35)) dprintf("nextstate, istate=%d, mstate=%d, line = \"%s\"\n", istate, mstate, buf); switch (mstate) { case MS_UFROM: mstate = MS_HEADER; #ifndef NOTUNIX if (strncmp(buf, "From ", 5) == 0) { bp = buf; eatfrom(buf, e); continue; } #endif /* ! NOTUNIX */ /* FALLTHROUGH */ case MS_HEADER: if (!isheader(buf)) { mstate = MS_BODY; goto nextstate; } /* check for possible continuation line */ do { clearerr(fp); errno = 0; c = getc(fp); } while (c == EOF && errno == EINTR); if (c != EOF) (void) ungetc(c, fp); if (c == ' ' || c == '\t') { /* yep -- defer this */ continue; } /* trim off trailing CRLF or NL */ if (*--bp != '\n' || *--bp != '\r') bp++; *bp = '\0'; if (bitset(H_EOH, chompheader(buf, CHHDR_CHECK | CHHDR_USER, hdrp, e))) { mstate = MS_BODY; goto nextstate; } numhdrs++; break; case MS_BODY: if (tTd(30, 1)) dprintf("EOH\n"); if (headeronly) goto readerr; /* call the end-of-header check ruleset */ snprintf(hnum, sizeof hnum, "%d", numhdrs); snprintf(hsize, sizeof hsize, "%d", hdrslen); if (tTd(30, 10)) dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n", hnum, hsize); rstat = rscheck("check_eoh", hnum, hsize, e, FALSE, - TRUE, 4); + TRUE, 4, NULL); bp = buf; /* toss blank line */ if ((!bitset(EF_CRLF_NOT_EOL, e->e_flags) && bp[0] == '\r' && bp[1] == '\n') || (!bitset(EF_NL_NOT_EOL, e->e_flags) && bp[0] == '\n')) { break; } /* if not a blank separator, write it out */ if (!bitset(EF_TOOBIG, e->e_flags)) { while (*bp != '\0') (void) putc(*bp++, df); } break; } bp = buf; } readerr: if ((feof(fp) && smtpmode) || ferror(fp)) { const char *errmsg = errstring(errno); if (tTd(30, 1)) dprintf("collect: premature EOM: %s\n", errmsg); if (LogLevel >= 2) sm_syslog(LOG_WARNING, e->e_id, "collect: premature EOM: %s", errmsg); inputerr = TRUE; } /* reset global timer */ clrevent(CollectTimeout); if (headeronly) return; if (df == NULL) { /* skip next few clauses */ /* EMPTY */ } else if (fflush(df) != 0 || ferror(df)) { dferror(df, "fflush||ferror", e); flush_errors(TRUE); finis(TRUE, ExitStat); /* NOTREACHED */ } else if (!SuperSafe) { /* skip next few clauses */ /* EMPTY */ } else if ((afd = fileno(df)) >= 0 && fsync(afd) < 0) { dferror(df, "fsync", e); flush_errors(TRUE); finis(TRUE, ExitStat); /* NOTREACHED */ } else if (bfcommit(df) < 0) { int save_errno = errno; if (save_errno == EEXIST) { char *dfile; struct stat st; dfile = queuename(e, 'd'); if (stat(dfile, &st) < 0) st.st_size = -1; errno = EEXIST; syserr("collect: bfcommit(%s): already on disk, size = %ld", dfile, (long) st.st_size); dfd = fileno(df); if (dfd >= 0) dumpfd(dfd, TRUE, TRUE); } errno = save_errno; dferror(df, "bfcommit", e); flush_errors(TRUE); finis(save_errno != EEXIST, ExitStat); } else if (bfclose(df) < 0) { dferror(df, "bfclose", e); flush_errors(TRUE); finis(TRUE, ExitStat); /* NOTREACHED */ } else { /* everything is happily flushed to disk */ df = NULL; } /* An EOF when running SMTP is an error */ if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON)) { char *host; char *problem; host = RealHostName; if (host == NULL) host = "localhost"; if (feof(fp)) problem = "unexpected close"; else if (ferror(fp)) problem = "I/O error"; else problem = "read timeout"; if (LogLevel > 0 && feof(fp)) sm_syslog(LOG_NOTICE, e->e_id, "collect: %s on connection from %.100s, sender=%s: %s", problem, host, shortenstring(e->e_from.q_paddr, MAXSHORTSTR), errstring(errno)); if (feof(fp)) usrerr("451 4.4.1 collect: %s on connection from %s, from=%s", problem, host, shortenstring(e->e_from.q_paddr, MAXSHORTSTR)); else syserr("451 4.4.1 collect: %s on connection from %s, from=%s", problem, host, shortenstring(e->e_from.q_paddr, MAXSHORTSTR)); /* don't return an error indication */ e->e_to = NULL; e->e_flags &= ~EF_FATALERRS; e->e_flags |= EF_CLRQUEUE; /* and don't try to deliver the partial message either */ if (InChild) ExitStat = EX_QUIT; finis(TRUE, ExitStat); /* NOTREACHED */ } /* ** Find out some information from the headers. ** Examples are who is the from person & the date. */ eatheader(e, TRUE); if (GrabTo && e->e_sendqueue == NULL) usrerr("No recipient addresses found in header"); /* collect statistics */ if (OpMode != MD_VERIFY) markstats(e, (ADDRESS *) NULL, FALSE); /* ** If we have a Return-Receipt-To:, turn it into a DSN. */ if (RrtImpliesDsn && hvalue("return-receipt-to", e->e_header) != NULL) { ADDRESS *q; for (q = e->e_sendqueue; q != NULL; q = q->q_next) if (!bitset(QHASNOTIFY, q->q_flags)) q->q_flags |= QHASNOTIFY|QPINGONSUCCESS; } /* ** Add an Apparently-To: line if we have no recipient lines. */ if (hvalue("to", e->e_header) != NULL || hvalue("cc", e->e_header) != NULL || hvalue("apparently-to", e->e_header) != NULL) { /* have a valid recipient header -- delete Bcc: headers */ e->e_flags |= EF_DELETE_BCC; } else if (hvalue("bcc", e->e_header) == NULL) { /* no valid recipient headers */ register ADDRESS *q; char *hdr = NULL; /* create an Apparently-To: field */ /* that or reject the message.... */ switch (NoRecipientAction) { case NRA_ADD_APPARENTLY_TO: hdr = "Apparently-To"; break; case NRA_ADD_TO: hdr = "To"; break; case NRA_ADD_BCC: addheader("Bcc", " ", 0, &e->e_header); break; case NRA_ADD_TO_UNDISCLOSED: addheader("To", "undisclosed-recipients:;", 0, &e->e_header); break; } if (hdr != NULL) { for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (q->q_alias != NULL) continue; if (tTd(30, 3)) dprintf("Adding %s: %s\n", hdr, q->q_paddr); addheader(hdr, q->q_paddr, 0, &e->e_header); } } } /* check for message too large */ if (bitset(EF_TOOBIG, e->e_flags)) { e->e_flags |= EF_NO_BODY_RETN|EF_CLRQUEUE; e->e_status = "5.2.3"; usrerrenh(e->e_status, "552 Message exceeds maximum fixed size (%ld)", MaxMessageSize); if (LogLevel > 6) sm_syslog(LOG_NOTICE, e->e_id, "message size (%ld) exceeds maximum (%ld)", e->e_msgsize, MaxMessageSize); } /* check for illegal 8-bit data */ if (HasEightBits) { e->e_flags |= EF_HAS8BIT; if (!bitset(MM_PASS8BIT|MM_MIME8BIT, MimeMode) && !bitset(EF_IS_MIME, e->e_flags)) { e->e_status = "5.6.1"; usrerrenh(e->e_status, "554 Eight bit data not allowed"); } } else { /* if it claimed to be 8 bits, well, it lied.... */ if (e->e_bodytype != NULL && strcasecmp(e->e_bodytype, "8BITMIME") == 0) e->e_bodytype = "7BIT"; } if (SuperSafe) { if ((e->e_dfp = fopen(dfname, "r")) == NULL) { /* we haven't acked receipt yet, so just chuck this */ syserr("Cannot reopen %s", dfname); finis(TRUE, ExitStat); /* NOTREACHED */ } } else e->e_dfp = df; if (e->e_dfp == NULL) syserr("!collect: no e_dfp"); } static void collecttimeout(timeout) time_t timeout; { /* if no progress was made, die now */ if (!CollectProgress) longjmp(CtxCollectTimeout, 1); /* otherwise reset the timeout */ CollectTimeout = setevent(timeout, collecttimeout, timeout); CollectProgress = FALSE; } /* ** DFERROR -- signal error on writing the data file. ** ** Parameters: ** df -- the file pointer for the data file. ** msg -- detailed message. ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** Gives an error message. ** Arranges for following output to go elsewhere. */ static void dferror(df, msg, e) FILE *volatile df; char *msg; register ENVELOPE *e; { char *dfname; dfname = queuename(e, 'd'); setstat(EX_IOERR); if (errno == ENOSPC) { #if STAT64 > 0 struct stat64 st; #else /* STAT64 > 0 */ struct stat st; #endif /* STAT64 > 0 */ long avail; long bsize; e->e_flags |= EF_NO_BODY_RETN; if ( #if STAT64 > 0 fstat64(fileno(df), &st) #else /* STAT64 > 0 */ fstat(fileno(df), &st) #endif /* STAT64 > 0 */ < 0) st.st_size = 0; (void) freopen(dfname, "w", df); if (st.st_size <= 0) fprintf(df, "\n*** Mail could not be accepted"); /*CONSTCOND*/ else if (sizeof st.st_size > sizeof (long)) fprintf(df, "\n*** Mail of at least %s bytes could not be accepted\n", quad_to_string(st.st_size)); else fprintf(df, "\n*** Mail of at least %lu bytes could not be accepted\n", (unsigned long) st.st_size); fprintf(df, "*** at %s due to lack of disk space for temp file.\n", MyHostName); avail = freediskspace(qid_printqueue(e->e_queuedir), &bsize); if (avail > 0) { if (bsize > 1024) avail *= bsize / 1024; else if (bsize < 1024) avail /= 1024 / bsize; fprintf(df, "*** Currently, %ld kilobytes are available for mail temp files.\n", avail); } e->e_status = "4.3.1"; usrerrenh(e->e_status, "452 Out of disk space for temp file"); } else syserr("collect: Cannot write %s (%s, uid=%d)", dfname, msg, geteuid()); if (freopen("/dev/null", "w", df) == NULL) sm_syslog(LOG_ERR, e->e_id, "dferror: freopen(\"/dev/null\") failed: %s", errstring(errno)); } /* ** EATFROM -- chew up a UNIX style from line and process ** ** This does indeed make some assumptions about the format ** of UNIX messages. ** ** Parameters: ** fm -- the from line. ** ** Returns: ** none. ** ** Side Effects: ** extracts what information it can from the header, ** such as the date. */ #ifndef NOTUNIX static char *DowList[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL }; static char *MonthList[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL }; static void eatfrom(fm, e) char *volatile fm; register ENVELOPE *e; { register char *p; register char **dt; if (tTd(30, 2)) dprintf("eatfrom(%s)\n", fm); /* find the date part */ p = fm; while (*p != '\0') { /* skip a word */ while (*p != '\0' && *p != ' ') p++; while (*p == ' ') p++; + if (strlen(p) < 17) + { + /* no room for the date */ + return; + } if (!(isascii(*p) && isupper(*p)) || p[3] != ' ' || p[13] != ':' || p[16] != ':') continue; /* we have a possible date */ for (dt = DowList; *dt != NULL; dt++) if (strncmp(*dt, p, 3) == 0) break; if (*dt == NULL) continue; for (dt = MonthList; *dt != NULL; dt++) + { if (strncmp(*dt, &p[4], 3) == 0) break; + } if (*dt != NULL) break; } if (*p != '\0') { char *q; /* we have found a date */ q = xalloc(25); (void) strlcpy(q, p, 25); q = arpadate(q); define('a', newstr(q), e); } } #endif /* ! NOTUNIX */ Index: stable/4/contrib/sendmail/src/conf.c =================================================================== --- stable/4/contrib/sendmail/src/conf.c (revision 71887) +++ stable/4/contrib/sendmail/src/conf.c (revision 71888) @@ -1,5707 +1,5745 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: conf.c,v 8.646.2.2.2.32 2000/09/23 00:31:33 ca Exp $"; +static char id[] = "@(#)$Id: conf.c,v 8.646.2.2.2.61 2000/12/28 23:46:41 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include #include # include # include #include #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ #if HASULIMIT && defined(HPUX11) # include #endif /* HASULIMIT && defined(HPUX11) */ static void setupmaps __P((void)); static void setupmailers __P((void)); static int get_num_procs_online __P((void)); /* ** CONF.C -- Sendmail Configuration Tables. ** ** Defines the configuration of this installation. ** ** Configuration Variables: ** HdrInfo -- a table describing well-known header fields. ** Each entry has the field name and some flags, ** which are described in sendmail.h. ** ** Notes: ** I have tried to put almost all the reasonable ** configuration information into the configuration ** file read at runtime. My intent is that anything ** here is a function of the version of UNIX you ** are running, or is really static -- for example ** the headers are a superset of widely used ** protocols. If you find yourself playing with ** this file too much, you may be making a mistake! */ /* ** Header info table ** Final (null) entry contains the flags used for any other field. ** ** Not all of these are actually handled specially by sendmail ** at this time. They are included as placeholders, to let ** you know that "someday" I intend to have sendmail do ** something with them. */ struct hdrinfo HdrInfo[] = { /* originator fields, most to least significant */ { "resent-sender", H_FROM|H_RESENT, NULL }, { "resent-from", H_FROM|H_RESENT, NULL }, { "resent-reply-to", H_FROM|H_RESENT, NULL }, { "sender", H_FROM, NULL }, { "from", H_FROM, NULL }, { "reply-to", H_FROM, NULL }, { "errors-to", H_FROM|H_ERRORSTO, NULL }, { "full-name", H_ACHECK, NULL }, { "return-receipt-to", H_RECEIPTTO, NULL }, /* destination fields */ { "to", H_RCPT, NULL }, { "resent-to", H_RCPT|H_RESENT, NULL }, { "cc", H_RCPT, NULL }, { "resent-cc", H_RCPT|H_RESENT, NULL }, { "bcc", H_RCPT|H_BCC, NULL }, { "resent-bcc", H_RCPT|H_BCC|H_RESENT, NULL }, { "apparently-to", H_RCPT, NULL }, /* message identification and control */ { "message-id", 0, NULL }, { "resent-message-id", H_RESENT, NULL }, { "message", H_EOH, NULL }, { "text", H_EOH, NULL }, /* date fields */ { "date", 0, NULL }, { "resent-date", H_RESENT, NULL }, /* trace fields */ { "received", H_TRACE|H_FORCE, NULL }, { "x400-received", H_TRACE|H_FORCE, NULL }, { "via", H_TRACE|H_FORCE, NULL }, { "mail-from", H_TRACE|H_FORCE, NULL }, /* miscellaneous fields */ { "comments", H_FORCE|H_ENCODABLE, NULL }, { "return-path", H_FORCE|H_ACHECK|H_BINDLATE, NULL }, { "content-transfer-encoding", H_CTE, NULL }, { "content-type", H_CTYPE, NULL }, { "content-length", H_ACHECK, NULL }, { "subject", H_ENCODABLE, NULL }, { "x-authentication-warning", H_FORCE, NULL }, { NULL, 0, NULL } }; /* ** Privacy values */ struct prival PrivacyValues[] = { { "public", PRIV_PUBLIC }, { "needmailhelo", PRIV_NEEDMAILHELO }, { "needexpnhelo", PRIV_NEEDEXPNHELO }, { "needvrfyhelo", PRIV_NEEDVRFYHELO }, { "noexpn", PRIV_NOEXPN }, { "novrfy", PRIV_NOVRFY }, { "restrictmailq", PRIV_RESTRICTMAILQ }, { "restrictqrun", PRIV_RESTRICTQRUN }, { "noetrn", PRIV_NOETRN }, { "noverb", PRIV_NOVERB }, { "authwarnings", PRIV_AUTHWARNINGS }, { "noreceipts", PRIV_NORECEIPTS }, { "nobodyreturn", PRIV_NOBODYRETN }, { "goaway", PRIV_GOAWAY }, { NULL, 0 } }; /* ** DontBlameSendmail values */ struct dbsval DontBlameSendmailValues[] = { { "safe", DBS_SAFE }, { "assumesafechown", DBS_ASSUMESAFECHOWN }, { "groupwritabledirpathsafe", DBS_GROUPWRITABLEDIRPATHSAFE }, { "groupwritableforwardfilesafe", DBS_GROUPWRITABLEFORWARDFILESAFE }, { "groupwritableincludefilesafe", DBS_GROUPWRITABLEINCLUDEFILESAFE }, { "groupwritablealiasfile", DBS_GROUPWRITABLEALIASFILE }, { "worldwritablealiasfile", DBS_WORLDWRITABLEALIASFILE }, { "forwardfileinunsafedirpath", DBS_FORWARDFILEINUNSAFEDIRPATH }, { "includefileinunsafedirpath", DBS_INCLUDEFILEINUNSAFEDIRPATH }, { "mapinunsafedirpath", DBS_MAPINUNSAFEDIRPATH }, { "linkedaliasfileinwritabledir", DBS_LINKEDALIASFILEINWRITABLEDIR }, { "linkedclassfileinwritabledir", DBS_LINKEDCLASSFILEINWRITABLEDIR }, { "linkedforwardfileinwritabledir", DBS_LINKEDFORWARDFILEINWRITABLEDIR }, { "linkedincludefileinwritabledir", DBS_LINKEDINCLUDEFILEINWRITABLEDIR }, { "linkedmapinwritabledir", DBS_LINKEDMAPINWRITABLEDIR }, { "linkedserviceswitchfileinwritabledir", DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR }, { "filedeliverytohardlink", DBS_FILEDELIVERYTOHARDLINK }, { "filedeliverytosymlink", DBS_FILEDELIVERYTOSYMLINK }, { "writemaptohardlink", DBS_WRITEMAPTOHARDLINK }, { "writemaptosymlink", DBS_WRITEMAPTOSYMLINK }, { "writestatstohardlink", DBS_WRITESTATSTOHARDLINK }, { "writestatstosymlink", DBS_WRITESTATSTOSYMLINK }, { "forwardfileingroupwritabledirpath", DBS_FORWARDFILEINGROUPWRITABLEDIRPATH }, { "includefileingroupwritabledirpath", DBS_INCLUDEFILEINGROUPWRITABLEDIRPATH }, { "classfileinunsafedirpath", DBS_CLASSFILEINUNSAFEDIRPATH }, { "errorheaderinunsafedirpath", DBS_ERRORHEADERINUNSAFEDIRPATH }, { "helpfileinunsafedirpath", DBS_HELPFILEINUNSAFEDIRPATH }, { "forwardfileinunsafedirpathsafe", DBS_FORWARDFILEINUNSAFEDIRPATHSAFE }, { "includefileinunsafedirpathsafe", DBS_INCLUDEFILEINUNSAFEDIRPATHSAFE }, { "runprograminunsafedirpath", DBS_RUNPROGRAMINUNSAFEDIRPATH }, { "runwritableprogram", DBS_RUNWRITABLEPROGRAM }, { "nonrootsafeaddr", DBS_NONROOTSAFEADDR }, { "truststickybit", DBS_TRUSTSTICKYBIT }, { "dontwarnforwardfileinunsafedirpath", DBS_DONTWARNFORWARDFILEINUNSAFEDIRPATH }, { "insufficiententropy", DBS_INSUFFICIENTENTROPY }, #if _FFR_UNSAFE_SASL { "groupreadablesaslfile", DBS_GROUPREADABLESASLFILE }, #endif /* _FFR_UNSAFE_SASL */ #if _FFR_UNSAFE_WRITABLE_INCLUDE { "groupwritableforwardfile", DBS_GROUPWRITABLEFORWARDFILE }, { "groupwritableincludefile", DBS_GROUPWRITABLEINCLUDEFILE }, { "worldwritableforwardfile", DBS_WORLDWRITABLEFORWARDFILE }, { "worldwritableincludefile", DBS_WORLDWRITABLEINCLUDEFILE }, #endif /* _FFR_UNSAFE_WRITABLE_INCLUDE */ { NULL, 0 } }; /* ** Miscellaneous stuff. */ int DtableSize = 50; /* max open files; reset in 4.2bsd */ /* ** SETDEFAULTS -- set default values ** ** Because of the way freezing is done, these must be initialized ** using direct code. ** ** Parameters: ** e -- the default envelope. ** ** Returns: ** none. ** ** Side Effects: ** Initializes a bunch of global variables to their ** default values. */ #define MINUTES * 60 #define HOURS * 60 MINUTES #define DAYS * 24 HOURS #ifndef MAXRULERECURSION # define MAXRULERECURSION 50 /* max ruleset recursion depth */ #endif /* ! MAXRULERECURSION */ void setdefaults(e) register ENVELOPE *e; { int i; int numprocs; struct passwd *pw; numprocs = get_num_procs_online(); SpaceSub = ' '; /* option B */ QueueLA = 8 * numprocs; /* option x */ RefuseLA = 12 * numprocs; /* option X */ WkRecipFact = 30000L; /* option y */ WkClassFact = 1800L; /* option z */ WkTimeFact = 90000L; /* option Z */ QueueFactor = WkRecipFact * 20; /* option q */ FileMode = (RealUid != geteuid()) ? 0644 : 0600; /* option F */ #if _FFR_QUEUE_FILE_MODE QueueFileMode = (RealUid != geteuid()) ? 0644 : 0600; /* option QueueFileMode */ #endif /* _FFR_QUEUE_FILE_MODE */ if (((pw = sm_getpwnam("mailnull")) != NULL && pw->pw_uid != 0) || ((pw = sm_getpwnam("sendmail")) != NULL && pw->pw_uid != 0) || ((pw = sm_getpwnam("daemon")) != NULL && pw->pw_uid != 0)) { DefUid = pw->pw_uid; /* option u */ DefGid = pw->pw_gid; /* option g */ DefUser = newstr(pw->pw_name); } else { DefUid = 1; /* option u */ DefGid = 1; /* option g */ setdefuser(); } TrustedUid = 0; if (tTd(37, 4)) dprintf("setdefaults: DefUser=%s, DefUid=%d, DefGid=%d\n", DefUser != NULL ? DefUser : "<1:1>", (int) DefUid, (int) DefGid); CheckpointInterval = 10; /* option C */ MaxHopCount = 25; /* option h */ set_delivery_mode(SM_FORK, e); /* option d */ e->e_errormode = EM_PRINT; /* option e */ e->e_queuedir = NOQDIR; e->e_ctime = curtime(); SevenBitInput = FALSE; /* option 7 */ MaxMciCache = 1; /* option k */ MciCacheTimeout = 5 MINUTES; /* option K */ LogLevel = 9; /* option L */ inittimeouts(NULL, FALSE); /* option r */ PrivacyFlags = PRIV_PUBLIC; /* option p */ MeToo = TRUE; /* option m */ SendMIMEErrors = TRUE; /* option f */ SuperSafe = TRUE; /* option s */ clrbitmap(DontBlameSendmail); /* DontBlameSendmail option */ #if MIME8TO7 MimeMode = MM_CVTMIME|MM_PASS8BIT; /* option 8 */ #else /* MIME8TO7 */ MimeMode = MM_PASS8BIT; #endif /* MIME8TO7 */ for (i = 0; i < MAXTOCLASS; i++) { TimeOuts.to_q_return[i] = 5 DAYS; /* option T */ TimeOuts.to_q_warning[i] = 0; /* option T */ } ServiceSwitchFile = "/etc/mail/service.switch"; ServiceCacheMaxAge = (time_t) 10; HostsFile = _PATH_HOSTS; PidFile = newstr(_PATH_SENDMAILPID); MustQuoteChars = "@,;:\\()[].'"; MciInfoTimeout = 30 MINUTES; MaxRuleRecursion = MAXRULERECURSION; MaxAliasRecursion = 10; MaxMacroRecursion = 10; ColonOkInAddr = TRUE; DontLockReadFiles = TRUE; DoubleBounceAddr = "postmaster"; MaxHeadersLength = MAXHDRSLEN; MaxForwardEntries = 0; #if SASL AuthMechanisms = newstr(AUTH_MECHANISMS); #endif /* SASL */ #ifdef HESIOD_INIT HesiodContext = NULL; #endif /* HESIOD_INIT */ #if NETINET6 /* Detect if IPv6 is available at run time */ i = socket(AF_INET6, SOCK_STREAM, 0); if (i >= 0) { InetMode = AF_INET6; (void) close(i); } else InetMode = AF_INET; #else /* NETINET6 */ InetMode = AF_INET; #endif /* NETINET6 */ ControlSocketName = NULL; memset(&ConnectOnlyTo, '\0', sizeof ConnectOnlyTo); DataFileBufferSize = 4096; XscriptFileBufferSize = 4096; for (i = 0; i < MAXRWSETS; i++) RuleSetNames[i] = NULL; #if _FFR_MILTER InputFilters[0] = NULL; #endif /* _FFR_MILTER */ setupmaps(); setupmailers(); setupheaders(); } /* ** SETDEFUSER -- set/reset DefUser using DefUid (for initgroups()) */ void setdefuser() { struct passwd *defpwent; static char defuserbuf[40]; DefUser = defuserbuf; defpwent = sm_getpwuid(DefUid); snprintf(defuserbuf, sizeof defuserbuf, "%s", defpwent == NULL ? "nobody" : defpwent->pw_name); if (tTd(37, 4)) dprintf("setdefuser: DefUid=%d, DefUser=%s\n", (int) DefUid, DefUser); } /* ** SETUPMAILERS -- initialize default mailers */ static void setupmailers() { char buf[100]; - (void) strlcpy(buf, "prog, P=/bin/sh, F=lsoDq9, T=X-Unix/X-Unix/X-Unix, A=sh -c \201u", + (void) strlcpy(buf, "prog, P=/bin/sh, F=lsouDq9, T=X-Unix/X-Unix/X-Unix, A=sh -c \201u", sizeof buf); makemailer(buf); (void) strlcpy(buf, "*file*, P=[FILE], F=lsDFMPEouq9, T=X-Unix/X-Unix/X-Unix, A=FILE \201u", sizeof buf); makemailer(buf); (void) strlcpy(buf, "*include*, P=/dev/null, F=su, A=INCLUDE \201u", sizeof buf); makemailer(buf); initerrmailers(); } /* ** SETUPMAPS -- set up map classes */ #define MAPDEF(name, ext, flags, parse, open, close, lookup, store) \ { \ extern bool parse __P((MAP *, char *)); \ extern bool open __P((MAP *, int)); \ extern void close __P((MAP *)); \ extern char *lookup __P((MAP *, char *, char **, int *)); \ extern void store __P((MAP *, char *, char *)); \ s = stab(name, ST_MAPCLASS, ST_ENTER); \ s->s_mapclass.map_cname = name; \ s->s_mapclass.map_ext = ext; \ s->s_mapclass.map_cflags = flags; \ s->s_mapclass.map_parse = parse; \ s->s_mapclass.map_open = open; \ s->s_mapclass.map_close = close; \ s->s_mapclass.map_lookup = lookup; \ s->s_mapclass.map_store = store; \ } static void setupmaps() { register STAB *s; #ifdef NEWDB MAPDEF("hash", ".db", MCF_ALIASOK|MCF_REBUILDABLE, map_parseargs, hash_map_open, db_map_close, db_map_lookup, db_map_store); MAPDEF("btree", ".db", MCF_ALIASOK|MCF_REBUILDABLE, map_parseargs, bt_map_open, db_map_close, db_map_lookup, db_map_store); #endif /* NEWDB */ #ifdef NDBM MAPDEF("dbm", ".dir", MCF_ALIASOK|MCF_REBUILDABLE, map_parseargs, ndbm_map_open, ndbm_map_close, ndbm_map_lookup, ndbm_map_store); #endif /* NDBM */ #ifdef NIS MAPDEF("nis", NULL, MCF_ALIASOK, map_parseargs, nis_map_open, null_map_close, nis_map_lookup, null_map_store); #endif /* NIS */ #ifdef NISPLUS MAPDEF("nisplus", NULL, MCF_ALIASOK, map_parseargs, nisplus_map_open, null_map_close, nisplus_map_lookup, null_map_store); #endif /* NISPLUS */ #ifdef LDAPMAP MAPDEF("ldap", NULL, MCF_ALIASOK, ldapmap_parseargs, ldapmap_open, ldapmap_close, ldapmap_lookup, null_map_store); /* Deprecated */ MAPDEF("ldapx", NULL, MCF_ALIASOK, ldapx_map_parseargs, ldapmap_open, ldapmap_close, ldapmap_lookup, null_map_store); #endif /* LDAPMAP */ #ifdef PH_MAP MAPDEF("ph", NULL, 0, ph_map_parseargs, ph_map_open, ph_map_close, ph_map_lookup, null_map_store); #endif /* PH_MAP */ #if MAP_NSD /* IRIX 6.5 nsd support */ MAPDEF("nsd", NULL, MCF_ALIASOK, map_parseargs, null_map_open, null_map_close, nsd_map_lookup, null_map_store); #endif /* MAP_NSD */ #ifdef HESIOD MAPDEF("hesiod", NULL, MCF_ALIASOK|MCF_ALIASONLY, map_parseargs, hes_map_open, null_map_close, hes_map_lookup, null_map_store); #endif /* HESIOD */ #if NETINFO MAPDEF("netinfo", NULL, MCF_ALIASOK, map_parseargs, ni_map_open, null_map_close, ni_map_lookup, null_map_store); #endif /* NETINFO */ #if 0 MAPDEF("dns", NULL, 0, dns_map_init, null_map_open, null_map_close, dns_map_lookup, null_map_store); #endif /* 0 */ #if NAMED_BIND /* best MX DNS lookup */ MAPDEF("bestmx", NULL, MCF_OPTFILE, map_parseargs, null_map_open, null_map_close, bestmx_map_lookup, null_map_store); #endif /* NAMED_BIND */ MAPDEF("host", NULL, 0, host_map_init, null_map_open, null_map_close, host_map_lookup, null_map_store); MAPDEF("text", NULL, MCF_ALIASOK, map_parseargs, text_map_open, null_map_close, text_map_lookup, null_map_store); MAPDEF("stab", NULL, MCF_ALIASOK|MCF_ALIASONLY, map_parseargs, stab_map_open, null_map_close, stab_map_lookup, stab_map_store); MAPDEF("implicit", NULL, MCF_ALIASOK|MCF_ALIASONLY|MCF_REBUILDABLE, map_parseargs, impl_map_open, impl_map_close, impl_map_lookup, impl_map_store); /* access to system passwd file */ MAPDEF("user", NULL, MCF_OPTFILE, map_parseargs, user_map_open, null_map_close, user_map_lookup, null_map_store); /* dequote map */ MAPDEF("dequote", NULL, 0, dequote_init, null_map_open, null_map_close, dequote_map, null_map_store); #ifdef MAP_REGEX MAPDEF("regex", NULL, 0, regex_map_init, null_map_open, null_map_close, regex_map_lookup, null_map_store); #endif /* MAP_REGEX */ #if USERDB /* user database */ MAPDEF("userdb", ".db", 0, map_parseargs, null_map_open, null_map_close, udb_map_lookup, null_map_store); #endif /* USERDB */ /* arbitrary programs */ MAPDEF("program", NULL, MCF_ALIASOK, map_parseargs, null_map_open, null_map_close, prog_map_lookup, null_map_store); /* sequenced maps */ MAPDEF("sequence", NULL, MCF_ALIASOK, seq_map_parse, null_map_open, null_map_close, seq_map_lookup, seq_map_store); /* switched interface to sequenced maps */ MAPDEF("switch", NULL, MCF_ALIASOK, map_parseargs, switch_map_open, null_map_close, seq_map_lookup, seq_map_store); /* null map lookup -- really for internal use only */ MAPDEF("null", NULL, MCF_ALIASOK|MCF_OPTFILE, map_parseargs, null_map_open, null_map_close, null_map_lookup, null_map_store); /* syslog map -- logs information to syslog */ MAPDEF("syslog", NULL, 0, syslog_map_parseargs, null_map_open, null_map_close, syslog_map_lookup, null_map_store); /* macro storage map -- rulesets can set macros */ MAPDEF("macro", NULL, 0, dequote_init, null_map_open, null_map_close, macro_map_lookup, null_map_store); /* arithmetic map -- add/subtract/compare */ MAPDEF("arith", NULL, 0, dequote_init, null_map_open, null_map_close, arith_map_lookup, null_map_store); if (tTd(38, 2)) { /* bogus map -- always return tempfail */ MAPDEF("bogus", NULL, MCF_ALIASOK|MCF_OPTFILE, map_parseargs, null_map_open, null_map_close, bogus_map_lookup, null_map_store); } } #undef MAPDEF /* ** INITHOSTMAPS -- initial host-dependent maps ** ** This should act as an interface to any local service switch ** provided by the host operating system. ** ** Parameters: ** none ** ** Returns: ** none ** ** Side Effects: ** Should define maps "host" and "users" as necessary ** for this OS. If they are not defined, they will get ** a default value later. It should check to make sure ** they are not defined first, since it's possible that ** the config file has provided an override. */ void inithostmaps() { register int i; int nmaps; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; char buf[MAXLINE]; /* ** Set up default hosts maps. */ #if 0 nmaps = switch_map_find("hosts", maptype, mapreturn); for (i = 0; i < nmaps; i++) { if (strcmp(maptype[i], "files") == 0 && stab("hosts.files", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "hosts.files text -k 0 -v 1 /etc/hosts", sizeof buf); (void) makemapentry(buf); } # if NAMED_BIND else if (strcmp(maptype[i], "dns") == 0 && stab("hosts.dns", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "hosts.dns dns A", sizeof buf); (void) makemapentry(buf); } # endif /* NAMED_BIND */ # ifdef NISPLUS else if (strcmp(maptype[i], "nisplus") == 0 && stab("hosts.nisplus", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "hosts.nisplus nisplus -k name -v address hosts.org_dir", sizeof buf); (void) makemapentry(buf); } # endif /* NISPLUS */ # ifdef NIS else if (strcmp(maptype[i], "nis") == 0 && stab("hosts.nis", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "hosts.nis nis -k 0 -v 1 hosts.byname", sizeof buf); (void) makemapentry(buf); } # endif /* NIS */ # if NETINFO else if (strcmp(maptype[i], "netinfo") == 0) && stab("hosts.netinfo", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "hosts.netinfo netinfo -v name /machines", sizeof buf); (void) makemapentry(buf); } # endif /* NETINFO */ } #endif /* 0 */ /* ** Make sure we have a host map. */ if (stab("host", ST_MAP, ST_FIND) == NULL) { /* user didn't initialize: set up host map */ (void) strlcpy(buf, "host host", sizeof buf); #if NAMED_BIND if (ConfigLevel >= 2) (void) strlcat(buf, " -a. -D", sizeof buf); #endif /* NAMED_BIND */ (void) makemapentry(buf); } /* ** Set up default aliases maps */ nmaps = switch_map_find("aliases", maptype, mapreturn); for (i = 0; i < nmaps; i++) { if (strcmp(maptype[i], "files") == 0 && stab("aliases.files", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases.files null", sizeof buf); (void) makemapentry(buf); } #ifdef NISPLUS else if (strcmp(maptype[i], "nisplus") == 0 && stab("aliases.nisplus", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases.nisplus nisplus -kalias -vexpansion mail_aliases.org_dir", sizeof buf); (void) makemapentry(buf); } #endif /* NISPLUS */ #ifdef NIS else if (strcmp(maptype[i], "nis") == 0 && stab("aliases.nis", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases.nis nis mail.aliases", sizeof buf); (void) makemapentry(buf); } #endif /* NIS */ #if NETINFO else if (strcmp(maptype[i], "netinfo") == 0 && stab("aliases.netinfo", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases.netinfo netinfo -z, /aliases", sizeof buf); (void) makemapentry(buf); } #endif /* NETINFO */ #ifdef HESIOD else if (strcmp(maptype[i], "hesiod") == 0 && stab("aliases.hesiod", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases.hesiod hesiod aliases", sizeof buf); (void) makemapentry(buf); } #endif /* HESIOD */ } if (stab("aliases", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "aliases switch aliases", sizeof buf); (void) makemapentry(buf); } #if 0 /* "user" map class is a better choice */ /* ** Set up default users maps. */ nmaps = switch_map_find("passwd", maptype, mapreturn); for (i = 0; i < nmaps; i++) { if (strcmp(maptype[i], "files") == 0 && stab("users.files", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "users.files text -m -z: -k0 -v6 /etc/passwd", sizeof buf); (void) makemapentry(buf); } # ifdef NISPLUS else if (strcmp(maptype[i], "nisplus") == 0 && stab("users.nisplus", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "users.nisplus nisplus -m -kname -vhome passwd.org_dir", sizeof buf); (void) makemapentry(buf); } # endif /* NISPLUS */ # ifdef NIS else if (strcmp(maptype[i], "nis") == 0 && stab("users.nis", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "users.nis nis -m passwd.byname", sizeof buf); (void) makemapentry(buf); } # endif /* NIS */ # ifdef HESIOD else if (strcmp(maptype[i], "hesiod") == 0) && stab("users.hesiod", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "users.hesiod hesiod", sizeof buf); (void) makemapentry(buf); } # endif /* HESIOD */ } if (stab("users", ST_MAP, ST_FIND) == NULL) { (void) strlcpy(buf, "users switch -m passwd", sizeof buf); (void) makemapentry(buf); } #endif /* 0 */ } /* ** SWITCH_MAP_FIND -- find the list of types associated with a map ** ** This is the system-dependent interface to the service switch. ** ** Parameters: ** service -- the name of the service of interest. ** maptype -- an out-array of strings containing the types ** of access to use for this service. There can ** be at most MAXMAPSTACK types for a single service. ** mapreturn -- an out-array of return information bitmaps ** for the map. ** ** Returns: ** The number of map types filled in, or -1 for failure. ** ** Side effects: ** Preserves errno so nothing in the routine clobbers it. */ #if defined(SOLARIS) || (defined(sony_news) && defined(__svr4)) # define _USE_SUN_NSSWITCH_ #endif /* defined(SOLARIS) || (defined(sony_news) && defined(__svr4)) */ #ifdef _USE_SUN_NSSWITCH_ # include #endif /* _USE_SUN_NSSWITCH_ */ #if defined(ultrix) || (defined(__osf__) && defined(__alpha)) # define _USE_DEC_SVC_CONF_ #endif /* defined(ultrix) || (defined(__osf__) && defined(__alpha)) */ #ifdef _USE_DEC_SVC_CONF_ # include #endif /* _USE_DEC_SVC_CONF_ */ int switch_map_find(service, maptype, mapreturn) char *service; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; { - int svcno; + int svcno = 0; int save_errno = errno; #ifdef _USE_SUN_NSSWITCH_ struct __nsw_switchconfig *nsw_conf; enum __nsw_parse_err pserr; struct __nsw_lookup *lk; static struct __nsw_lookup lkp0 = { "files", {1, 0, 0, 0}, NULL, NULL }; static struct __nsw_switchconfig lkp_default = { 0, "sendmail", 3, &lkp0 }; for (svcno = 0; svcno < MAXMAPACTIONS; svcno++) mapreturn[svcno] = 0; if ((nsw_conf = __nsw_getconfig(service, &pserr)) == NULL) lk = lkp_default.lookups; else lk = nsw_conf->lookups; svcno = 0; - while (lk != NULL) + while (lk != NULL && svcno < MAXMAPSTACK) { maptype[svcno] = lk->service_name; if (lk->actions[__NSW_NOTFOUND] == __NSW_RETURN) mapreturn[MA_NOTFOUND] |= 1 << svcno; if (lk->actions[__NSW_TRYAGAIN] == __NSW_RETURN) mapreturn[MA_TRYAGAIN] |= 1 << svcno; if (lk->actions[__NSW_UNAVAIL] == __NSW_RETURN) mapreturn[MA_TRYAGAIN] |= 1 << svcno; svcno++; lk = lk->next; } errno = save_errno; return svcno; #endif /* _USE_SUN_NSSWITCH_ */ #ifdef _USE_DEC_SVC_CONF_ struct svcinfo *svcinfo; int svc; for (svcno = 0; svcno < MAXMAPACTIONS; svcno++) mapreturn[svcno] = 0; svcinfo = getsvc(); if (svcinfo == NULL) goto punt; if (strcmp(service, "hosts") == 0) svc = SVC_HOSTS; else if (strcmp(service, "aliases") == 0) svc = SVC_ALIASES; else if (strcmp(service, "passwd") == 0) svc = SVC_PASSWD; else { errno = save_errno; return -1; } - for (svcno = 0; svcno < SVC_PATHSIZE; svcno++) + for (svcno = 0; svcno < SVC_PATHSIZE && svcno < MAXMAPSTACK; svcno++) { switch (svcinfo->svcpath[svc][svcno]) { case SVC_LOCAL: maptype[svcno] = "files"; break; case SVC_YP: maptype[svcno] = "nis"; break; case SVC_BIND: maptype[svcno] = "dns"; break; # ifdef SVC_HESIOD case SVC_HESIOD: maptype[svcno] = "hesiod"; break; # endif /* SVC_HESIOD */ case SVC_LAST: errno = save_errno; return svcno; } } errno = save_errno; return svcno; #endif /* _USE_DEC_SVC_CONF_ */ #if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) /* ** Fall-back mechanism. */ STAB *st; time_t now = curtime(); for (svcno = 0; svcno < MAXMAPACTIONS; svcno++) mapreturn[svcno] = 0; if ((now - ServiceCacheTime) > (time_t) ServiceCacheMaxAge) { /* (re)read service switch */ register FILE *fp; long sff = SFF_REGONLY|SFF_OPENASROOT|SFF_NOLOCK; if (!bitnset(DBS_LINKEDSERVICESWITCHFILEINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; if (ConfigFileRead) ServiceCacheTime = now; fp = safefopen(ServiceSwitchFile, O_RDONLY, 0, sff); if (fp != NULL) { char buf[MAXLINE]; while (fgets(buf, sizeof buf, fp) != NULL) { register char *p; p = strpbrk(buf, "#\n"); if (p != NULL) *p = '\0'; p = strpbrk(buf, " \t"); if (p != NULL) *p++ = '\0'; if (buf[0] == '\0') continue; if (p == NULL) { sm_syslog(LOG_ERR, NOQID, "Bad line on %.100s: %.100s", ServiceSwitchFile, buf); continue; } while (isspace(*p)) p++; if (*p == '\0') continue; /* ** Find/allocate space for this service entry. ** Space for all of the service strings ** are allocated at once. This means ** that we only have to free the first ** one to free all of them. */ st = stab(buf, ST_SERVICE, ST_ENTER); if (st->s_service[0] != NULL) free((void *) st->s_service[0]); p = newstr(p); for (svcno = 0; svcno < MAXMAPSTACK; ) { if (*p == '\0') break; st->s_service[svcno++] = p; p = strpbrk(p, " \t"); if (p == NULL) break; *p++ = '\0'; while (isspace(*p)) p++; } if (svcno < MAXMAPSTACK) st->s_service[svcno] = NULL; } (void) fclose(fp); } } /* look up entry in cache */ st = stab(service, ST_SERVICE, ST_FIND); if (st != NULL && st->s_service[0] != NULL) { /* extract data */ svcno = 0; while (svcno < MAXMAPSTACK) { maptype[svcno] = st->s_service[svcno]; if (maptype[svcno++] == NULL) break; } errno = save_errno; return --svcno; } #endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */ #if !defined(_USE_SUN_NSSWITCH_) /* if the service file doesn't work, use an absolute fallback */ # ifdef _USE_DEC_SVC_CONF_ punt: # endif /* _USE_DEC_SVC_CONF_ */ for (svcno = 0; svcno < MAXMAPACTIONS; svcno++) mapreturn[svcno] = 0; svcno = 0; if (strcmp(service, "aliases") == 0) { maptype[svcno++] = "files"; # if defined(AUTO_NETINFO_ALIASES) && defined (NETINFO) maptype[svcno++] = "netinfo"; # endif /* defined(AUTO_NETINFO_ALIASES) && defined (NETINFO) */ # ifdef AUTO_NIS_ALIASES # ifdef NISPLUS maptype[svcno++] = "nisplus"; # endif /* NISPLUS */ # ifdef NIS maptype[svcno++] = "nis"; # endif /* NIS */ # endif /* AUTO_NIS_ALIASES */ errno = save_errno; return svcno; } if (strcmp(service, "hosts") == 0) { # if NAMED_BIND maptype[svcno++] = "dns"; # else /* NAMED_BIND */ # if defined(sun) && !defined(BSD) /* SunOS */ maptype[svcno++] = "nis"; # endif /* defined(sun) && !defined(BSD) */ # endif /* NAMED_BIND */ # if defined(AUTO_NETINFO_HOSTS) && defined (NETINFO) maptype[svcno++] = "netinfo"; # endif /* defined(AUTO_NETINFO_HOSTS) && defined (NETINFO) */ maptype[svcno++] = "files"; errno = save_errno; return svcno; } errno = save_errno; return -1; #endif /* !defined(_USE_SUN_NSSWITCH_) */ } /* ** USERNAME -- return the user id of the logged in user. ** ** Parameters: ** none. ** ** Returns: ** The login name of the logged in user. ** ** Side Effects: ** none. ** ** Notes: ** The return value is statically allocated. */ char * username() { static char *myname = NULL; extern char *getlogin(); register struct passwd *pw; /* cache the result */ if (myname == NULL) { myname = getlogin(); if (myname == NULL || myname[0] == '\0') { pw = sm_getpwuid(RealUid); if (pw != NULL) myname = newstr(pw->pw_name); } else { uid_t uid = RealUid; myname = newstr(myname); if ((pw = sm_getpwnam(myname)) == NULL || (uid != 0 && uid != pw->pw_uid)) { pw = sm_getpwuid(uid); if (pw != NULL) myname = newstr(pw->pw_name); } } if (myname == NULL || myname[0] == '\0') { syserr("554 5.3.0 Who are you?"); myname = "postmaster"; } } return myname; } /* ** TTYPATH -- Get the path of the user's tty ** ** Returns the pathname of the user's tty. Returns NULL if ** the user is not logged in or if s/he has write permission ** denied. ** ** Parameters: ** none ** ** Returns: ** pathname of the user's tty. ** NULL if not logged in or write permission denied. ** ** Side Effects: ** none. ** ** WARNING: ** Return value is in a local buffer. ** ** Called By: ** savemail */ char * ttypath() { struct stat stbuf; register char *pathn; extern char *ttyname(); extern char *getlogin(); /* compute the pathname of the controlling tty */ if ((pathn = ttyname(2)) == NULL && (pathn = ttyname(1)) == NULL && (pathn = ttyname(0)) == NULL) { errno = 0; return NULL; } /* see if we have write permission */ if (stat(pathn, &stbuf) < 0 || !bitset(S_IWOTH, stbuf.st_mode)) { errno = 0; return NULL; } /* see if the user is logged in */ if (getlogin() == NULL) return NULL; /* looks good */ return pathn; } /* ** CHECKCOMPAT -- check for From and To person compatible. ** ** This routine can be supplied on a per-installation basis ** to determine whether a person is allowed to send a message. ** This allows restriction of certain types of internet ** forwarding or registration of users. ** ** If the hosts are found to be incompatible, an error ** message should be given using "usrerr" and an EX_ code ** should be returned. You can also set to->q_status to ** a DSN-style status code. ** ** EF_NO_BODY_RETN can be set in e->e_flags to suppress the ** body during the return-to-sender function; this should be done ** on huge messages. This bit may already be set by the ESMTP ** protocol. ** ** Parameters: ** to -- the person being sent to. ** ** Returns: ** an exit status ** ** Side Effects: ** none (unless you include the usrerr stuff) */ int checkcompat(to, e) register ADDRESS *to; register ENVELOPE *e; { if (tTd(49, 1)) dprintf("checkcompat(to=%s, from=%s)\n", to->q_paddr, e->e_from.q_paddr); #ifdef EXAMPLE_CODE /* this code is intended as an example only */ register STAB *s; s = stab("arpa", ST_MAILER, ST_FIND); if (s != NULL && strcmp(e->e_from.q_mailer->m_name, "local") != 0 && to->q_mailer == s->s_mailer) { usrerr("553 No ARPA mail through this machine: see your system administration"); /* e->e_flags |= EF_NO_BODY_RETN; to suppress body on return */ to->q_status = "5.7.1"; return EX_UNAVAILABLE; } #endif /* EXAMPLE_CODE */ return EX_OK; } /* ** SETSIGNAL -- set a signal handler ** ** This is essentially old BSD "signal(3)". */ sigfunc_t setsignal(sig, handler) int sig; sigfunc_t handler; { /* ** First, try for modern signal calls ** and restartable syscalls */ # ifdef SA_RESTART struct sigaction n, o; memset(&n, '\0', sizeof n); # if USE_SA_SIGACTION n.sa_sigaction = (void(*)(int, siginfo_t *, void *)) handler; n.sa_flags = SA_RESTART|SA_SIGINFO; # else /* USE_SA_SIGACTION */ n.sa_handler = handler; n.sa_flags = SA_RESTART; # endif /* USE_SA_SIGACTION */ if (sigaction(sig, &n, &o) < 0) return SIG_ERR; return o.sa_handler; # else /* SA_RESTART */ /* ** Else check for SYS5SIGNALS or ** BSD4_3 signals */ # if defined(SYS5SIGNALS) || defined(BSD4_3) # ifdef BSD4_3 return signal(sig, handler); # else /* BSD4_3 */ return sigset(sig, handler); # endif /* BSD4_3 */ # else /* defined(SYS5SIGNALS) || defined(BSD4_3) */ /* ** Finally, if nothing else is available, ** go for a default */ struct sigaction n, o; memset(&n, '\0', sizeof n); n.sa_handler = handler; if (sigaction(sig, &n, &o) < 0) return SIG_ERR; return o.sa_handler; # endif /* defined(SYS5SIGNALS) || defined(BSD4_3) */ # endif /* SA_RESTART */ } /* ** BLOCKSIGNAL -- hold a signal to prevent delivery ** ** Parameters: ** sig -- the signal to block. ** ** Returns: ** 1 signal was previously blocked ** 0 signal was not previously blocked ** -1 on failure. */ int blocksignal(sig) int sig; { # ifdef BSD4_3 # ifndef sigmask # define sigmask(s) (1 << ((s) - 1)) # endif /* ! sigmask */ return (sigblock(sigmask(sig)) & sigmask(sig)) != 0; # else /* BSD4_3 */ # ifdef ALTOS_SYSTEM_V sigfunc_t handler; handler = sigset(sig, SIG_HOLD); if (handler == SIG_ERR) return -1; else return handler == SIG_HOLD; # else /* ALTOS_SYSTEM_V */ sigset_t sset, oset; (void) sigemptyset(&sset); (void) sigaddset(&sset, sig); if (sigprocmask(SIG_BLOCK, &sset, &oset) < 0) return -1; else return sigismember(&oset, sig); # endif /* ALTOS_SYSTEM_V */ # endif /* BSD4_3 */ } /* ** RELEASESIGNAL -- release a held signal ** ** Parameters: ** sig -- the signal to release. ** ** Returns: ** 1 signal was previously blocked ** 0 signal was not previously blocked ** -1 on failure. */ int releasesignal(sig) int sig; { # ifdef BSD4_3 return (sigsetmask(sigblock(0) & ~sigmask(sig)) & sigmask(sig)) != 0; # else /* BSD4_3 */ # ifdef ALTOS_SYSTEM_V sigfunc_t handler; handler = sigset(sig, SIG_HOLD); if (sigrelse(sig) < 0) return -1; else return handler == SIG_HOLD; # else /* ALTOS_SYSTEM_V */ sigset_t sset, oset; (void) sigemptyset(&sset); (void) sigaddset(&sset, sig); if (sigprocmask(SIG_UNBLOCK, &sset, &oset) < 0) return -1; else return sigismember(&oset, sig); # endif /* ALTOS_SYSTEM_V */ # endif /* BSD4_3 */ } /* ** HOLDSIGS -- arrange to hold all signals ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** Arranges that signals are held. */ void holdsigs() { } /* ** RLSESIGS -- arrange to release all signals ** ** This undoes the effect of holdsigs. ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** Arranges that signals are released. */ void rlsesigs() { } /* ** INIT_MD -- do machine dependent initializations ** ** Systems that have global modes that should be set should do ** them here rather than in main. */ #ifdef _AUX_SOURCE # include #endif /* _AUX_SOURCE */ #if SHARE_V1 # include #endif /* SHARE_V1 */ void init_md(argc, argv) int argc; char **argv; { #ifdef _AUX_SOURCE setcompat(getcompat() | COMPAT_BSDPROT); #endif /* _AUX_SOURCE */ #ifdef SUN_EXTENSIONS init_md_sun(); #endif /* SUN_EXTENSIONS */ #if _CONVEX_SOURCE /* keep gethostby*() from stripping the local domain name */ set_domain_trim_off(); #endif /* _CONVEX_SOURCE */ #ifdef __QNX__ /* ** Due to QNX's network distributed nature, you can target a tcpip ** stack on a different node in the qnx network; this patch lets ** this feature work. The __sock_locate() must be done before the ** environment is clear. */ __sock_locate(); #endif /* __QNX__ */ #if SECUREWARE || defined(_SCO_unix_) set_auth_parameters(argc, argv); # ifdef _SCO_unix_ /* ** This is required for highest security levels (the kernel ** won't let it call set*uid() or run setuid binaries without ** it). It may be necessary on other SECUREWARE systems. */ if (getluid() == -1) setluid(0); # endif /* _SCO_unix_ */ #endif /* SECUREWARE || defined(_SCO_unix_) */ #ifdef VENDOR_DEFAULT VendorCode = VENDOR_DEFAULT; #else /* VENDOR_DEFAULT */ VendorCode = VENDOR_BERKELEY; #endif /* VENDOR_DEFAULT */ } /* ** INIT_VENDOR_MACROS -- vendor-dependent macro initializations ** ** Called once, on startup. ** ** Parameters: ** e -- the global envelope. ** ** Returns: ** none. ** ** Side Effects: ** vendor-dependent. */ void init_vendor_macros(e) register ENVELOPE *e; { } /* ** GETLA -- get the current load average ** ** This code stolen from la.c. ** ** Parameters: ** none. ** ** Returns: ** The current load average as an integer. ** ** Side Effects: ** none. */ /* try to guess what style of load average we have */ #define LA_ZERO 1 /* always return load average as zero */ #define LA_INT 2 /* read kmem for avenrun; interpret as long */ #define LA_FLOAT 3 /* read kmem for avenrun; interpret as float */ #define LA_SUBR 4 /* call getloadavg */ #define LA_MACH 5 /* MACH load averages (as on NeXT boxes) */ #define LA_SHORT 6 /* read kmem for avenrun; interpret as short */ #define LA_PROCSTR 7 /* read string ("1.17") from /proc/loadavg */ #define LA_READKSYM 8 /* SVR4: use MIOC_READKSYM ioctl call */ #define LA_DGUX 9 /* special DGUX implementation */ #define LA_HPUX 10 /* special HPUX implementation */ #define LA_IRIX6 11 /* special IRIX 6.2 implementation */ #define LA_KSTAT 12 /* special Solaris kstat(3k) implementation */ #define LA_DEVSHORT 13 /* read short from a device */ #define LA_ALPHAOSF 14 /* Digital UNIX (OSF/1 on Alpha) table() call */ +#define LA_PSET 15 /* Solaris per-processor-set load average */ /* do guesses based on general OS type */ #ifndef LA_TYPE # define LA_TYPE LA_ZERO #endif /* ! LA_TYPE */ #ifndef FSHIFT # if defined(unixpc) # define FSHIFT 5 # endif /* defined(unixpc) */ # if defined(__alpha) || defined(IRIX) # define FSHIFT 10 # endif /* defined(__alpha) || defined(IRIX) */ #endif /* ! FSHIFT */ #ifndef FSHIFT # define FSHIFT 8 #endif /* ! FSHIFT */ #ifndef FSCALE # define FSCALE (1 << FSHIFT) #endif /* ! FSCALE */ #ifndef LA_AVENRUN # ifdef SYSTEM5 # define LA_AVENRUN "avenrun" # else /* SYSTEM5 */ # define LA_AVENRUN "_avenrun" # endif /* SYSTEM5 */ #endif /* ! LA_AVENRUN */ /* _PATH_KMEM should be defined in */ #ifndef _PATH_KMEM # define _PATH_KMEM "/dev/kmem" #endif /* ! _PATH_KMEM */ #if (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT) # include /* _PATH_UNIX should be defined in */ # ifndef _PATH_UNIX # if defined(SYSTEM5) # define _PATH_UNIX "/unix" # else /* defined(SYSTEM5) */ # define _PATH_UNIX "/vmunix" # endif /* defined(SYSTEM5) */ # endif /* ! _PATH_UNIX */ # ifdef _AUX_SOURCE struct nlist Nl[2]; # else /* _AUX_SOURCE */ struct nlist Nl[] = { { LA_AVENRUN }, { 0 }, }; # endif /* _AUX_SOURCE */ # define X_AVENRUN 0 static int getla() { static int kmem = -1; # if LA_TYPE == LA_INT long avenrun[3]; # else /* LA_TYPE == LA_INT */ # if LA_TYPE == LA_SHORT short avenrun[3]; # else /* LA_TYPE == LA_SHORT */ double avenrun[3]; # endif /* LA_TYPE == LA_SHORT */ # endif /* LA_TYPE == LA_INT */ extern int errno; extern off_t lseek(); if (kmem < 0) { # ifdef _AUX_SOURCE (void) strlcpy(Nl[X_AVENRUN].n_name, LA_AVENRUN, sizeof Nl[X_AVENRUN].n_name); Nl[1].n_name[0] = '\0'; # endif /* _AUX_SOURCE */ # if defined(_AIX3) || defined(_AIX4) if (knlist(Nl, 1, sizeof Nl[0]) < 0) # else /* defined(_AIX3) || defined(_AIX4) */ if (nlist(_PATH_UNIX, Nl) < 0) # endif /* defined(_AIX3) || defined(_AIX4) */ { if (tTd(3, 1)) dprintf("getla: nlist(%s): %s\n", _PATH_UNIX, errstring(errno)); return -1; } if (Nl[X_AVENRUN].n_value == 0) { if (tTd(3, 1)) dprintf("getla: nlist(%s, %s) ==> 0\n", _PATH_UNIX, LA_AVENRUN); return -1; } # ifdef NAMELISTMASK Nl[X_AVENRUN].n_value &= NAMELISTMASK; # endif /* NAMELISTMASK */ kmem = open(_PATH_KMEM, 0, 0); if (kmem < 0) { if (tTd(3, 1)) dprintf("getla: open(/dev/kmem): %s\n", errstring(errno)); return -1; } (void) fcntl(kmem, F_SETFD, FD_CLOEXEC); } if (tTd(3, 20)) dprintf("getla: symbol address = %#lx\n", (u_long) Nl[X_AVENRUN].n_value); if (lseek(kmem, (off_t) Nl[X_AVENRUN].n_value, SEEK_SET) == -1 || read(kmem, (char *) avenrun, sizeof(avenrun)) < sizeof(avenrun)) { /* thank you Ian */ if (tTd(3, 1)) dprintf("getla: lseek or read: %s\n", errstring(errno)); return -1; } # if (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) if (tTd(3, 5)) { # if LA_TYPE == LA_SHORT dprintf("getla: avenrun = %d", avenrun[0]); if (tTd(3, 15)) dprintf(", %d, %d", avenrun[1], avenrun[2]); # else /* LA_TYPE == LA_SHORT */ dprintf("getla: avenrun = %ld", avenrun[0]); if (tTd(3, 15)) dprintf(", %ld, %ld", avenrun[1], avenrun[2]); # endif /* LA_TYPE == LA_SHORT */ dprintf("\n"); } if (tTd(3, 1)) dprintf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT); return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT); # else /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) */ if (tTd(3, 5)) { dprintf("getla: avenrun = %g", avenrun[0]); if (tTd(3, 15)) dprintf(", %g, %g", avenrun[1], avenrun[2]); dprintf("\n"); } if (tTd(3, 1)) dprintf("getla: %d\n", (int) (avenrun[0] +0.5)); return ((int) (avenrun[0] + 0.5)); # endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_SHORT) */ } #endif /* (LA_TYPE == LA_INT) || (LA_TYPE == LA_FLOAT) || (LA_TYPE == LA_SHORT) */ #if LA_TYPE == LA_READKSYM # include static int getla() { static int kmem = -1; long avenrun[3]; extern int errno; struct mioc_rksym mirk; if (kmem < 0) { kmem = open("/dev/kmem", 0, 0); if (kmem < 0) { if (tTd(3, 1)) dprintf("getla: open(/dev/kmem): %s\n", errstring(errno)); return -1; } (void) fcntl(kmem, F_SETFD, FD_CLOEXEC); } mirk.mirk_symname = LA_AVENRUN; mirk.mirk_buf = avenrun; mirk.mirk_buflen = sizeof(avenrun); if (ioctl(kmem, MIOC_READKSYM, &mirk) < 0) { if (tTd(3, 1)) dprintf("getla: ioctl(MIOC_READKSYM) failed: %s\n", errstring(errno)); return -1; } if (tTd(3, 5)) { dprintf("getla: avenrun = %d", avenrun[0]); if (tTd(3, 15)) dprintf(", %d, %d", avenrun[1], avenrun[2]); dprintf("\n"); } if (tTd(3, 1)) dprintf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT); return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT); } #endif /* LA_TYPE == LA_READKSYM */ #if LA_TYPE == LA_DGUX # include static int getla() { struct dg_sys_info_load_info load_info; dg_sys_info((long *)&load_info, DG_SYS_INFO_LOAD_INFO_TYPE, DG_SYS_INFO_LOAD_VERSION_0); if (tTd(3, 1)) dprintf("getla: %d\n", (int) (load_info.one_minute + 0.5)); return ((int) (load_info.one_minute + 0.5)); } #endif /* LA_TYPE == LA_DGUX */ #if LA_TYPE == LA_HPUX /* forward declarations to keep gcc from complaining */ struct pst_dynamic; struct pst_status; struct pst_static; struct pst_vminfo; struct pst_diskinfo; struct pst_processor; struct pst_lv; struct pst_swapinfo; # include # include static int getla() { struct pst_dynamic pstd; if (pstat_getdynamic(&pstd, sizeof(struct pst_dynamic), (size_t) 1, 0) == -1) return 0; if (tTd(3, 1)) dprintf("getla: %d\n", (int) (pstd.psd_avg_1_min + 0.5)); return (int) (pstd.psd_avg_1_min + 0.5); } #endif /* LA_TYPE == LA_HPUX */ #if LA_TYPE == LA_SUBR static int getla() { double avenrun[3]; if (getloadavg(avenrun, sizeof(avenrun) / sizeof(avenrun[0])) < 0) { if (tTd(3, 1)) dprintf("getla: getloadavg failed: %s", errstring(errno)); return -1; } if (tTd(3, 1)) dprintf("getla: %d\n", (int) (avenrun[0] +0.5)); return ((int) (avenrun[0] + 0.5)); } #endif /* LA_TYPE == LA_SUBR */ #if LA_TYPE == LA_MACH /* ** This has been tested on NEXTSTEP release 2.1/3.X. */ # if defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 # include # else /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */ # include # endif /* defined(NX_CURRENT_COMPILER_RELEASE) && NX_CURRENT_COMPILER_RELEASE > NX_COMPILER_RELEASE_3_0 */ static int getla() { processor_set_t default_set; kern_return_t error; unsigned int info_count; struct processor_set_basic_info info; host_t host; error = processor_set_default(host_self(), &default_set); if (error != KERN_SUCCESS) { if (tTd(3, 1)) dprintf("getla: processor_set_default failed: %s", errstring(errno)); return -1; } info_count = PROCESSOR_SET_BASIC_INFO_COUNT; if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO, &host, (processor_set_info_t)&info, &info_count) != KERN_SUCCESS) { if (tTd(3, 1)) dprintf("getla: processor_set_info failed: %s", errstring(errno)); return -1; } if (tTd(3, 1)) dprintf("getla: %d\n", (int) ((info.load_average + (LOAD_SCALE / 2)) / LOAD_SCALE)); return (int) (info.load_average + (LOAD_SCALE / 2)) / LOAD_SCALE; } #endif /* LA_TYPE == LA_MACH */ #if LA_TYPE == LA_PROCSTR /* ** Read /proc/loadavg for the load average. This is assumed to be ** in a format like "0.15 0.12 0.06". ** ** Initially intended for Linux. This has been in the kernel ** since at least 0.99.15. */ # ifndef _PATH_LOADAVG # define _PATH_LOADAVG "/proc/loadavg" # endif /* ! _PATH_LOADAVG */ static int getla() { double avenrun; register int result; FILE *fp; fp = fopen(_PATH_LOADAVG, "r"); if (fp == NULL) { if (tTd(3, 1)) dprintf("getla: fopen(%s): %s\n", _PATH_LOADAVG, errstring(errno)); return -1; } result = fscanf(fp, "%lf", &avenrun); (void) fclose(fp); if (result != 1) { if (tTd(3, 1)) dprintf("getla: fscanf() = %d: %s\n", result, errstring(errno)); return -1; } if (tTd(3, 1)) dprintf("getla(): %.2f\n", avenrun); return ((int) (avenrun + 0.5)); } #endif /* LA_TYPE == LA_PROCSTR */ #if LA_TYPE == LA_IRIX6 # include int getla(void) { static int kmem = -1; int avenrun[3]; if (kmem < 0) { kmem = open(_PATH_KMEM, 0, 0); if (kmem < 0) { if (tTd(3, 1)) dprintf("getla: open(%s): %s\n", _PATH_KMEM, errstring(errno)); return -1; } (void) fcntl(kmem, F_SETFD, FD_CLOEXEC); } if (lseek(kmem, (sysmp(MP_KERNADDR, MPKA_AVENRUN) & 0x7fffffff), SEEK_SET) == -1 || read(kmem, (char *)avenrun, sizeof(avenrun)) < sizeof(avenrun)) { if (tTd(3, 1)) dprintf("getla: lseek or read: %s\n", errstring(errno)); return -1; } if (tTd(3, 5)) { dprintf("getla: avenrun = %ld", (long int) avenrun[0]); if (tTd(3, 15)) dprintf(", %ld, %ld", (long int) avenrun[1], (long int) avenrun[2]); dprintf("\n"); } if (tTd(3, 1)) dprintf("getla: %d\n", (int) (avenrun[0] + FSCALE/2) >> FSHIFT); return ((int) (avenrun[0] + FSCALE/2) >> FSHIFT); } #endif /* LA_TYPE == LA_IRIX6 */ #if LA_TYPE == LA_KSTAT # include static int getla() { static kstat_ctl_t *kc = NULL; static kstat_t *ksp = NULL; kstat_named_t *ksn; int la; if (kc == NULL) /* if not initialized before */ kc = kstat_open(); if (kc == NULL) { if (tTd(3, 1)) dprintf("getla: kstat_open(): %s\n", errstring(errno)); return -1; } if (ksp == NULL) ksp = kstat_lookup(kc, "unix", 0, "system_misc"); if (ksp == NULL) { if (tTd(3, 1)) dprintf("getla: kstat_lookup(): %s\n", errstring(errno)); return -1; } if (kstat_read(kc, ksp, NULL) < 0) { if (tTd(3, 1)) dprintf("getla: kstat_read(): %s\n", errstring(errno)); return -1; } ksn = (kstat_named_t *) kstat_data_lookup(ksp, "avenrun_1min"); la = ((double)ksn->value.ul + FSCALE/2) / FSCALE; /* kstat_close(kc); /o do not close for fast access */ return la; } #endif /* LA_TYPE == LA_KSTAT */ #if LA_TYPE == LA_DEVSHORT /* ** Read /dev/table/avenrun for the load average. This should contain ** three shorts for the 1, 5, and 15 minute loads. We only read the ** first, since that's all we care about. ** ** Intended for SCO OpenServer 5. */ # ifndef _PATH_AVENRUN # define _PATH_AVENRUN "/dev/table/avenrun" # endif /* ! _PATH_AVENRUN */ static int getla() { static int afd = -1; short avenrun; int loadav; int r; errno = EBADF; if (afd == -1 || lseek(afd, 0L, SEEK_SET) == -1) { if (errno != EBADF) return -1; afd = open(_PATH_AVENRUN, O_RDONLY|O_SYNC); if (afd < 0) { sm_syslog(LOG_ERR, NOQID, "can't open %s: %m", _PATH_AVENRUN); return -1; } } r = read(afd, &avenrun, sizeof avenrun); if (tTd(3, 5)) dprintf("getla: avenrun = %d\n", avenrun); loadav = (int) (avenrun + FSCALE/2) >> FSHIFT; if (tTd(3, 1)) dprintf("getla: %d\n", loadav); return loadav; } #endif /* LA_TYPE == LA_DEVSHORT */ #if LA_TYPE == LA_ALPHAOSF struct rtentry; struct mbuf; # include int getla() { int ave = 0; struct tbl_loadavg tab; if (table(TBL_LOADAVG, 0, &tab, 1, sizeof(tab)) == -1) { if (tTd(3, 1)) dprintf("getla: table %s\n", errstring(errno)); return -1; } if (tTd(3, 1)) dprintf("getla: scale = %d\n", tab.tl_lscale); if (tab.tl_lscale) ave = ((tab.tl_avenrun.l[2] + (tab.tl_lscale/2)) / tab.tl_lscale); else ave = (int) (tab.tl_avenrun.d[2] + 0.5); if (tTd(3, 1)) dprintf("getla: %d\n", ave); return ave; } #endif /* LA_TYPE == LA_ALPHAOSF */ +#if LA_TYPE == LA_PSET + +static int +getla() +{ + double avenrun[3]; + + if (pset_getloadavg(PS_MYID, avenrun, + sizeof(avenrun) / sizeof(avenrun[0])) < 0) + { + if (tTd(3, 1)) + dprintf("getla: pset_getloadavg failed: %s", + errstring(errno)); + return -1; + } + if (tTd(3, 1)) + dprintf("getla: %d\n", (int) (avenrun[0] +0.5)); + return ((int) (avenrun[0] + 0.5)); +} + +#endif /* LA_TYPE == LA_PSET */ + #if LA_TYPE == LA_ZERO static int getla() { if (tTd(3, 1)) dprintf("getla: ZERO\n"); return 0; } #endif /* LA_TYPE == LA_ZERO */ /* * Copyright 1989 Massachusetts Institute of Technology * * Permission to use, copy, modify, distribute, and sell this software and its * documentation for any purpose is hereby granted without fee, provided that * the above copyright notice appear in all copies and that both that * copyright notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in advertising or * publicity pertaining to distribution of the software without specific, * written prior permission. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL M.I.T. * BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Authors: Many and varied... */ /* Non Apollo stuff removed by Don Lewis 11/15/93 */ #ifndef lint static char rcsid[] = "@(#)$OrigId: getloadavg.c,v 1.16 1991/06/21 12:51:15 paul Exp $"; #endif /* ! lint */ #ifdef apollo # undef volatile # include /* ARGSUSED */ int getloadavg( call_data ) caddr_t call_data; /* pointer to (double) return value */ { double *avenrun = (double *) call_data; int i; status_$t st; long loadav[3]; proc1_$get_loadav(loadav, &st); *avenrun = loadav[0] / (double) (1 << 16); return 0; } #endif /* apollo */ /* ** SM_GETLA -- get the current load average and set macro ** ** Parameters: ** e -- the envelope for the load average macro. ** ** Returns: ** The current load average as an integer. ** ** Side Effects: ** Sets the load average macro ({load_avg}) if ** envelope e is not NULL. */ int sm_getla(e) ENVELOPE *e; { register int la; la = getla(); if (e != NULL) { char labuf[8]; snprintf(labuf, sizeof labuf, "%d", la); define(macid("{load_avg}", NULL), newstr(labuf), e); } return la; } /* ** SHOULDQUEUE -- should this message be queued or sent? ** ** Compares the message cost to the load average to decide. ** ** Parameters: ** pri -- the priority of the message in question. ** ct -- the message creation time. ** ** Returns: ** TRUE -- if this message should be queued up for the ** time being. ** FALSE -- if the load is low enough to send this message. ** ** Side Effects: ** none. */ /* ARGSUSED1 */ bool shouldqueue(pri, ct) long pri; time_t ct; { bool rval; if (tTd(3, 30)) dprintf("shouldqueue: CurrentLA=%d, pri=%ld: ", CurrentLA, pri); if (CurrentLA < QueueLA) { if (tTd(3, 30)) dprintf("FALSE (CurrentLA < QueueLA)\n"); return FALSE; } #if 0 /* this code is reported to cause oscillation around RefuseLA */ if (CurrentLA >= RefuseLA && QueueLA < RefuseLA) { if (tTd(3, 30)) dprintf("TRUE (CurrentLA >= RefuseLA)\n"); return TRUE; } #endif /* 0 */ rval = pri > (QueueFactor / (CurrentLA - QueueLA + 1)); if (tTd(3, 30)) dprintf("%s (by calculation)\n", rval ? "TRUE" : "FALSE"); return rval; } /* ** REFUSECONNECTIONS -- decide if connections should be refused ** ** Parameters: ** name -- daemon name (for error messages only) ** e -- the current envelope. ** d -- number of daemon ** ** Returns: ** TRUE if incoming SMTP connections should be refused ** (for now). ** FALSE if we should accept new work. ** ** Side Effects: ** Sets process title when it is rejecting connections. */ bool refuseconnections(name, e, d) char *name; ENVELOPE *e; int d; { - time_t now; - static time_t lastconn[MAXDAEMONS]; - static int conncnt[MAXDAEMONS]; - - #ifdef XLA if (!xla_smtp_ok()) return TRUE; #endif /* XLA */ - now = curtime(); - if (now != lastconn[d]) - { - lastconn[d] = now; - conncnt[d] = 0; - } - else if (conncnt[d]++ > ConnRateThrottle && ConnRateThrottle > 0) - { - /* sleep to flatten out connection load */ - sm_setproctitle(TRUE, e, "deferring connections on daemon %s: %d per second", - name, ConnRateThrottle); - if (LogLevel >= 9) - sm_syslog(LOG_INFO, NOQID, - "deferring connections on daemon %s: %d per second", - name, ConnRateThrottle); - (void) sleep(1); - } - - CurrentLA = getla(); + CurrentLA = sm_getla(NULL); if (RefuseLA > 0 && CurrentLA >= RefuseLA) { sm_setproctitle(TRUE, e, "rejecting connections on daemon %s: load average: %d", name, CurrentLA); if (LogLevel >= 9) sm_syslog(LOG_INFO, NOQID, "rejecting connections on daemon %s: load average: %d", name, CurrentLA); return TRUE; } if (MaxChildren > 0 && CurChildren >= MaxChildren) { proc_list_probe(); if (CurChildren >= MaxChildren) { sm_setproctitle(TRUE, e, "rejecting connections on daemon %s: %d children, max %d", name, CurChildren, MaxChildren); if (LogLevel >= 9) sm_syslog(LOG_INFO, NOQID, "rejecting connections on daemon %s: %d children, max %d", name, CurChildren, MaxChildren); return TRUE; } } return FALSE; } /* ** SETPROCTITLE -- set process title for ps ** ** Parameters: ** fmt -- a printf style format string. ** a, b, c -- possible parameters to fmt. ** ** Returns: ** none. ** ** Side Effects: ** Clobbers argv of our main procedure so ps(1) will ** display the title. */ #define SPT_NONE 0 /* don't use it at all */ #define SPT_REUSEARGV 1 /* cover argv with title information */ #define SPT_BUILTIN 2 /* use libc builtin */ #define SPT_PSTAT 3 /* use pstat(PSTAT_SETCMD, ...) */ #define SPT_PSSTRINGS 4 /* use PS_STRINGS->... */ #define SPT_SYSMIPS 5 /* use sysmips() supported by NEWS-OS 6 */ #define SPT_SCO 6 /* write kernel u. area */ #define SPT_CHANGEARGV 7 /* write our own strings into argv[] */ #ifndef SPT_TYPE # define SPT_TYPE SPT_REUSEARGV #endif /* ! SPT_TYPE */ #if SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN # if SPT_TYPE == SPT_PSTAT # include # endif /* SPT_TYPE == SPT_PSTAT */ # if SPT_TYPE == SPT_PSSTRINGS # include # include # ifndef PS_STRINGS /* hmmmm.... apparently not available after all */ # undef SPT_TYPE # define SPT_TYPE SPT_REUSEARGV # else /* ! PS_STRINGS */ # ifndef NKPDE /* FreeBSD 2.0 */ # define NKPDE 63 typedef unsigned int *pt_entry_t; # endif /* ! NKPDE */ # endif /* ! PS_STRINGS */ # endif /* SPT_TYPE == SPT_PSSTRINGS */ # if SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV # define SETPROC_STATIC static # else /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */ # define SETPROC_STATIC # endif /* SPT_TYPE == SPT_PSSTRINGS || SPT_TYPE == SPT_CHANGEARGV */ # if SPT_TYPE == SPT_SYSMIPS # include # include # endif /* SPT_TYPE == SPT_SYSMIPS */ # if SPT_TYPE == SPT_SCO # include # include # include # include # if PSARGSZ > MAXLINE # define SPT_BUFSIZE PSARGSZ # endif /* PSARGSZ > MAXLINE */ # endif /* SPT_TYPE == SPT_SCO */ # ifndef SPT_PADCHAR # define SPT_PADCHAR ' ' # endif /* ! SPT_PADCHAR */ #endif /* SPT_TYPE != SPT_NONE && SPT_TYPE != SPT_BUILTIN */ #ifndef SPT_BUFSIZE # define SPT_BUFSIZE MAXLINE #endif /* ! SPT_BUFSIZE */ /* ** Pointers for setproctitle. ** This allows "ps" listings to give more useful information. */ static char **Argv = NULL; /* pointer to argument vector */ static char *LastArgv = NULL; /* end of argv */ #if SPT_TYPE != SPT_BUILTIN static void setproctitle __P((const char *, ...)); #endif /* SPT_TYPE != SPT_BUILTIN */ void initsetproctitle(argc, argv, envp) int argc; char **argv; char **envp; { register int i, envpsize = 0; extern char **environ; /* ** Move the environment so setproctitle can use the space at ** the top of memory. */ for (i = 0; envp[i] != NULL; i++) envpsize += strlen(envp[i]) + 1; environ = (char **) xalloc(sizeof (char *) * (i + 1)); for (i = 0; envp[i] != NULL; i++) environ[i] = newstr(envp[i]); environ[i] = NULL; /* ** Save start and extent of argv for setproctitle. */ Argv = argv; /* ** Determine how much space we can use for setproctitle. ** Use all contiguous argv and envp pointers starting at argv[0] */ for (i = 0; i < argc; i++) { if (i == 0 || LastArgv + 1 == argv[i]) LastArgv = argv[i] + strlen(argv[i]); } for (i = 0; LastArgv != NULL && envp[i] != NULL; i++) { if (LastArgv + 1 == envp[i]) LastArgv = envp[i] + strlen(envp[i]); } } #if SPT_TYPE != SPT_BUILTIN /*VARARGS1*/ static void # ifdef __STDC__ setproctitle(const char *fmt, ...) # else /* __STDC__ */ setproctitle(fmt, va_alist) const char *fmt; va_dcl # endif /* __STDC__ */ { # if SPT_TYPE != SPT_NONE register int i; register char *p; SETPROC_STATIC char buf[SPT_BUFSIZE]; VA_LOCAL_DECL # if SPT_TYPE == SPT_PSTAT union pstun pst; # endif /* SPT_TYPE == SPT_PSTAT */ # if SPT_TYPE == SPT_SCO off_t seek_off; static int kmem = -1; static int kmempid = -1; struct user u; # endif /* SPT_TYPE == SPT_SCO */ p = buf; /* print sendmail: heading for grep */ (void) strlcpy(p, "sendmail: ", SPACELEFT(buf, p)); p += strlen(p); /* print the argument string */ VA_START(fmt); (void) vsnprintf(p, SPACELEFT(buf, p), fmt, ap); VA_END; i = strlen(buf); # if SPT_TYPE == SPT_PSTAT pst.pst_command = buf; pstat(PSTAT_SETCMD, pst, i, 0, 0); # endif /* SPT_TYPE == SPT_PSTAT */ # if SPT_TYPE == SPT_PSSTRINGS PS_STRINGS->ps_nargvstr = 1; PS_STRINGS->ps_argvstr = buf; # endif /* SPT_TYPE == SPT_PSSTRINGS */ # if SPT_TYPE == SPT_SYSMIPS sysmips(SONY_SYSNEWS, NEWS_SETPSARGS, buf); # endif /* SPT_TYPE == SPT_SYSMIPS */ # if SPT_TYPE == SPT_SCO if (kmem < 0 || kmempid != getpid()) { if (kmem >= 0) - close(kmem); + (void) close(kmem); kmem = open(_PATH_KMEM, O_RDWR, 0); if (kmem < 0) return; (void) fcntl(kmem, F_SETFD, FD_CLOEXEC); kmempid = getpid(); } buf[PSARGSZ - 1] = '\0'; seek_off = UVUBLK + (off_t) u.u_psargs - (off_t) &u; if (lseek(kmem, (off_t) seek_off, SEEK_SET) == seek_off) (void) write(kmem, buf, PSARGSZ); # endif /* SPT_TYPE == SPT_SCO */ # if SPT_TYPE == SPT_REUSEARGV if (LastArgv == NULL) return; if (i > LastArgv - Argv[0] - 2) { i = LastArgv - Argv[0] - 2; buf[i] = '\0'; } (void) strlcpy(Argv[0], buf, i + 1); p = &Argv[0][i]; while (p < LastArgv) *p++ = SPT_PADCHAR; Argv[1] = NULL; # endif /* SPT_TYPE == SPT_REUSEARGV */ # if SPT_TYPE == SPT_CHANGEARGV Argv[0] = buf; Argv[1] = 0; # endif /* SPT_TYPE == SPT_CHANGEARGV */ # endif /* SPT_TYPE != SPT_NONE */ } #endif /* SPT_TYPE != SPT_BUILTIN */ /* ** SM_SETPROCTITLE -- set process task and set process title for ps ** ** Possibly set process status and call setproctitle() to ** change the ps display. ** ** Parameters: ** status -- whether or not to store as process status ** e -- the current envelope. ** fmt -- a printf style format string. ** a, b, c -- possible parameters to fmt. ** ** Returns: ** none. */ /*VARARGS2*/ void #ifdef __STDC__ sm_setproctitle(bool status, ENVELOPE *e, const char *fmt, ...) #else /* __STDC__ */ sm_setproctitle(status, e, fmt, va_alist) bool status; ENVELOPE *e; const char *fmt; va_dcl #endif /* __STDC__ */ { char buf[SPT_BUFSIZE]; VA_LOCAL_DECL /* print the argument string */ VA_START(fmt); (void) vsnprintf(buf, sizeof buf, fmt, ap); VA_END; if (status) proc_list_set(getpid(), buf); if (ProcTitlePrefix != NULL) { char prefix[SPT_BUFSIZE]; expand(ProcTitlePrefix, prefix, sizeof prefix, e); setproctitle("%s: %s", prefix, buf); } else setproctitle("%s", buf); } /* ** WAITFOR -- wait for a particular process id. ** ** Parameters: ** pid -- process id to wait for. ** ** Returns: ** status of pid. ** -1 if pid never shows up. ** ** Side Effects: ** none. */ int waitfor(pid) pid_t pid; { # ifdef WAITUNION union wait st; # else /* WAITUNION */ auto int st; # endif /* WAITUNION */ pid_t i; # if defined(ISC_UNIX) || defined(_SCO_unix_) int savesig; # endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */ do { errno = 0; # if defined(ISC_UNIX) || defined(_SCO_unix_) savesig = releasesignal(SIGCHLD); # endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */ i = wait(&st); # if defined(ISC_UNIX) || defined(_SCO_unix_) if (savesig > 0) blocksignal(SIGCHLD); # endif /* defined(ISC_UNIX) || defined(_SCO_unix_) */ if (i > 0) (void) proc_list_drop(i); } while ((i >= 0 || errno == EINTR) && i != pid); if (i < 0) return -1; # ifdef WAITUNION return st.w_status; # else /* WAITUNION */ return st; # endif /* WAITUNION */ } /* ** REAPCHILD -- pick up the body of my child, lest it become a zombie ** ** Parameters: ** sig -- the signal that got us here (unused). ** ** Returns: ** none. ** ** Side Effects: ** Picks up extant zombies. ** Control socket exits may restart/shutdown daemon. */ /* ARGSUSED0 */ SIGFUNC_DECL reapchild(sig) int sig; { int save_errno = errno; int st; pid_t pid; #if HASWAITPID auto int status; int count; count = 0; while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { st = status; if (count++ > 1000) { if (LogLevel > 0) sm_syslog(LOG_ALERT, NOQID, "reapchild: waitpid loop: pid=%d, status=%x", pid, status); break; } #else /* HASWAITPID */ # ifdef WNOHANG union wait status; while ((pid = wait3(&status, WNOHANG, (struct rusage *) NULL)) > 0) { st = status.w_status; # else /* WNOHANG */ auto int status; /* ** Catch one zombie -- we will be re-invoked (we hope) if there ** are more. Unreliable signals probably break this, but this ** is the "old system" situation -- waitpid or wait3 are to be ** strongly preferred. */ if ((pid = wait(&status)) > 0) { st = status; # endif /* WNOHANG */ #endif /* HASWAITPID */ /* Drop PID and check if it was a control socket child */ if (proc_list_drop(pid) == PROC_CONTROL && WIFEXITED(st)) { /* if so, see if we need to restart or shutdown */ if (WEXITSTATUS(st) == EX_RESTART) { /* emulate a SIGHUP restart */ sighup(0); /* NOTREACHED */ } else if (WEXITSTATUS(st) == EX_SHUTDOWN) { /* emulate a SIGTERM shutdown */ intsig(0); /* NOTREACHED */ } } } #ifdef SYS5SIGNALS (void) setsignal(SIGCHLD, reapchild); #endif /* SYS5SIGNALS */ errno = save_errno; return SIGFUNC_RETURN; } /* ** PUTENV -- emulation of putenv() in terms of setenv() ** ** Not needed on Posix-compliant systems. ** This doesn't have full Posix semantics, but it's good enough ** for sendmail. ** ** Parameter: ** env -- the environment to put. ** ** Returns: ** none. */ #if NEEDPUTENV # if NEEDPUTENV == 2 /* no setenv(3) call available */ int putenv(str) char *str; { char **current; int matchlen, envlen = 0; char *tmp; char **newenv; static bool first = TRUE; extern char **environ; /* * find out how much of str to match when searching * for a string to replace. */ if ((tmp = strchr(str, '=')) == NULL || tmp == str) matchlen = strlen(str); else matchlen = (int) (tmp - str); ++matchlen; /* * Search for an existing string in the environment and find the * length of environ. If found, replace and exit. */ for (current = environ; *current; current++) { ++envlen; if (strncmp(str, *current, matchlen) == 0) { /* found it, now insert the new version */ *current = (char *)str; return 0; } } /* * There wasn't already a slot so add space for a new slot. * If this is our first time through, use malloc(), else realloc(). */ if (first) { newenv = (char **) malloc(sizeof(char *) * (envlen + 2)); if (newenv == NULL) return -1; first = FALSE; (void) memcpy(newenv, environ, sizeof(char *) * envlen); } else { newenv = (char **) realloc((char *)environ, sizeof(char *) * (envlen + 2)); if (newenv == NULL) return -1; } /* actually add in the new entry */ environ = newenv; environ[envlen] = (char *)str; environ[envlen + 1] = NULL; return 0; } # else /* NEEDPUTENV == 2 */ int putenv(env) char *env; { char *p; int l; char nbuf[100]; p = strchr(env, '='); if (p == NULL) return 0; l = p - env; if (l > sizeof nbuf - 1) l = sizeof nbuf - 1; memmove(nbuf, env, l); nbuf[l] = '\0'; return setenv(nbuf, ++p, 1); } # endif /* NEEDPUTENV == 2 */ #endif /* NEEDPUTENV */ /* ** UNSETENV -- remove a variable from the environment ** ** Not needed on newer systems. ** ** Parameters: ** name -- the string name of the environment variable to be ** deleted from the current environment. ** ** Returns: ** none. ** ** Globals: ** environ -- a pointer to the current environment. ** ** Side Effects: ** Modifies environ. */ #if !HASUNSETENV void unsetenv(name) char *name; { extern char **environ; register char **pp; int len = strlen(name); for (pp = environ; *pp != NULL; pp++) { if (strncmp(name, *pp, len) == 0 && ((*pp)[len] == '=' || (*pp)[len] == '\0')) break; } for (; *pp != NULL; pp++) *pp = pp[1]; } #endif /* !HASUNSETENV */ /* ** GETDTABLESIZE -- return number of file descriptors ** ** Only on non-BSD systems ** ** Parameters: ** none ** ** Returns: ** size of file descriptor table ** ** Side Effects: ** none */ #ifdef SOLARIS # include #endif /* SOLARIS */ int getdtsize() { # ifdef RLIMIT_NOFILE struct rlimit rl; if (getrlimit(RLIMIT_NOFILE, &rl) >= 0) return rl.rlim_cur; # endif /* RLIMIT_NOFILE */ # if HASGETDTABLESIZE return getdtablesize(); # else /* HASGETDTABLESIZE */ # ifdef _SC_OPEN_MAX return sysconf(_SC_OPEN_MAX); # else /* _SC_OPEN_MAX */ return NOFILE; # endif /* _SC_OPEN_MAX */ # endif /* HASGETDTABLESIZE */ } /* ** UNAME -- get the UUCP name of this system. */ #if !HASUNAME int uname(name) struct utsname *name; { FILE *file; char *n; name->nodename[0] = '\0'; /* try /etc/whoami -- one line with the node name */ if ((file = fopen("/etc/whoami", "r")) != NULL) { (void) fgets(name->nodename, NODE_LENGTH + 1, file); (void) fclose(file); n = strchr(name->nodename, '\n'); if (n != NULL) *n = '\0'; if (name->nodename[0] != '\0') return 0; } /* try /usr/include/whoami.h -- has a #define somewhere */ if ((file = fopen("/usr/include/whoami.h", "r")) != NULL) { char buf[MAXLINE]; while (fgets(buf, MAXLINE, file) != NULL) { if (sscanf(buf, "#define sysname \"%*[^\"]\"", NODE_LENGTH, name->nodename) > 0) break; } (void) fclose(file); if (name->nodename[0] != '\0') return 0; } # if 0 /* ** Popen is known to have security holes. */ /* try uuname -l to return local name */ if ((file = popen("uuname -l", "r")) != NULL) { (void) fgets(name, NODE_LENGTH + 1, file); (void) pclose(file); n = strchr(name, '\n'); if (n != NULL) *n = '\0'; if (name->nodename[0] != '\0') return 0; } # endif /* 0 */ return -1; } #endif /* !HASUNAME */ /* ** INITGROUPS -- initialize groups ** ** Stub implementation for System V style systems */ #if !HASINITGROUPS initgroups(name, basegid) char *name; int basegid; { return 0; } #endif /* !HASINITGROUPS */ /* ** SETGROUPS -- set group list ** ** Stub implementation for systems that don't have group lists */ #ifndef NGROUPS_MAX int setgroups(ngroups, grouplist) int ngroups; GIDSET_T grouplist[]; { return 0; } #endif /* ! NGROUPS_MAX */ /* ** SETSID -- set session id (for non-POSIX systems) */ #if !HASSETSID pid_t setsid __P ((void)) { # ifdef TIOCNOTTY int fd; fd = open("/dev/tty", O_RDWR, 0); if (fd >= 0) { (void) ioctl(fd, TIOCNOTTY, (char *) 0); (void) close(fd); } # endif /* TIOCNOTTY */ # ifdef SYS5SETPGRP return setpgrp(); # else /* SYS5SETPGRP */ return setpgid(0, getpid()); # endif /* SYS5SETPGRP */ } #endif /* !HASSETSID */ /* ** FSYNC -- dummy fsync */ #if NEEDFSYNC fsync(fd) int fd; { # ifdef O_SYNC return fcntl(fd, F_SETFL, O_SYNC); # else /* O_SYNC */ /* nothing we can do */ return 0; # endif /* O_SYNC */ } #endif /* NEEDFSYNC */ /* ** DGUX_INET_ADDR -- inet_addr for DG/UX ** ** Data General DG/UX version of inet_addr returns a struct in_addr ** instead of a long. This patches things. Only needed on versions ** prior to 5.4.3. */ #ifdef DGUX_5_4_2 # undef inet_addr long dgux_inet_addr(host) char *host; { struct in_addr haddr; haddr = inet_addr(host); return haddr.s_addr; } #endif /* DGUX_5_4_2 */ /* ** GETOPT -- for old systems or systems with bogus implementations */ #if NEEDGETOPT /* * Copyright (c) 1985 Regents of the University of California. * All rights reserved. The Berkeley software License Agreement * specifies the terms and conditions for redistribution. */ /* ** this version hacked to add `atend' flag to allow state machine ** to reset if invoked by the program to scan args for a 2nd time */ # if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)getopt.c 4.3 (Berkeley) 3/9/86"; # endif /* defined(LIBC_SCCS) && !defined(lint) */ /* * get option letter from argument vector */ # ifdef _CONVEX_SOURCE extern int optind, opterr, optopt; extern char *optarg; # else /* _CONVEX_SOURCE */ int opterr = 1; /* if error message should be printed */ int optind = 1; /* index into parent argv vector */ int optopt = 0; /* character checked for validity */ char *optarg = NULL; /* argument associated with option */ # endif /* _CONVEX_SOURCE */ # define BADCH (int)'?' # define EMSG "" # define tell(s) if (opterr) {fputs(*nargv,stderr);fputs(s,stderr); \ fputc(optopt,stderr);fputc('\n',stderr);return(BADCH);} int getopt(nargc,nargv,ostr) int nargc; char *const *nargv; const char *ostr; { static char *place = EMSG; /* option letter processing */ static char atend = 0; register char *oli = NULL; /* option letter list index */ if (atend) { atend = 0; place = EMSG; } if(!*place) { /* update scanning pointer */ if (optind >= nargc || *(place = nargv[optind]) != '-' || !*++place) { atend++; return -1; } if (*place == '-') { /* found "--" */ ++optind; atend++; return -1; } } /* option letter okay? */ if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr,optopt))) { if (!*place) ++optind; tell(": illegal option -- "); } if (oli && *++oli != ':') { /* don't need argument */ optarg = NULL; if (!*place) ++optind; } else { /* need an argument */ if (*place) optarg = place; /* no white space */ else if (nargc <= ++optind) { /* no arg */ place = EMSG; tell(": option requires an argument -- "); } else optarg = nargv[optind]; /* white space */ place = EMSG; ++optind; } return(optopt); /* dump back option letter */ } #endif /* NEEDGETOPT */ /* ** VFPRINTF, VSPRINTF -- for old 4.3 BSD systems missing a real version */ #if NEEDVPRINTF # define MAXARG 16 vfprintf(fp, fmt, ap) FILE *fp; char *fmt; char **ap; { char *bp[MAXARG]; int i = 0; while (*ap && i < MAXARG) bp[i++] = *ap++; fprintf(fp, fmt, bp[0], bp[1], bp[2], bp[3], bp[4], bp[5], bp[6], bp[7], bp[8], bp[9], bp[10], bp[11], bp[12], bp[13], bp[14], bp[15]); } vsprintf(s, fmt, ap) char *s; char *fmt; char **ap; { char *bp[MAXARG]; int i = 0; while (*ap && i < MAXARG) bp[i++] = *ap++; sprintf(s, fmt, bp[0], bp[1], bp[2], bp[3], bp[4], bp[5], bp[6], bp[7], bp[8], bp[9], bp[10], bp[11], bp[12], bp[13], bp[14], bp[15]); } #endif /* NEEDVPRINTF */ /* ** USERSHELLOK -- tell if a user's shell is ok for unrestricted use ** ** Parameters: ** user -- the name of the user we are checking. ** shell -- the user's shell from /etc/passwd ** ** Returns: ** TRUE -- if it is ok to use this for unrestricted access. ** FALSE -- if the shell is restricted. */ #if !HASGETUSERSHELL # ifndef _PATH_SHELLS # define _PATH_SHELLS "/etc/shells" # endif /* ! _PATH_SHELLS */ # if defined(_AIX3) || defined(_AIX4) # include # if _AIX4 >= 40200 # include # endif /* _AIX4 >= 40200 */ # include # endif /* defined(_AIX3) || defined(_AIX4) */ static char *DefaultUserShells[] = { "/bin/sh", /* standard shell */ "/usr/bin/sh", "/bin/csh", /* C shell */ "/usr/bin/csh", # ifdef __hpux # ifdef V4FS "/usr/bin/rsh", /* restricted Bourne shell */ "/usr/bin/ksh", /* Korn shell */ "/usr/bin/rksh", /* restricted Korn shell */ "/usr/bin/pam", "/usr/bin/keysh", /* key shell (extended Korn shell) */ "/usr/bin/posix/sh", # else /* V4FS */ "/bin/rsh", /* restricted Bourne shell */ "/bin/ksh", /* Korn shell */ "/bin/rksh", /* restricted Korn shell */ "/bin/pam", "/usr/bin/keysh", /* key shell (extended Korn shell) */ "/bin/posix/sh", # endif /* V4FS */ # endif /* __hpux */ # if defined(_AIX3) || defined(_AIX4) "/bin/ksh", /* Korn shell */ "/usr/bin/ksh", "/bin/tsh", /* trusted shell */ "/usr/bin/tsh", "/bin/bsh", /* Bourne shell */ "/usr/bin/bsh", # endif /* defined(_AIX3) || defined(_AIX4) */ # if defined(__svr4__) || defined(__svr5__) "/bin/ksh", /* Korn shell */ "/usr/bin/ksh", # endif /* defined(__svr4__) || defined(__svr5__) */ # ifdef sgi "/sbin/sh", /* SGI's shells really live in /sbin */ "/sbin/csh", "/bin/ksh", /* Korn shell */ "/sbin/ksh", "/usr/bin/ksh", "/bin/tcsh", /* Extended csh */ "/usr/bin/tcsh", # endif /* sgi */ NULL }; #endif /* !HASGETUSERSHELL */ #define WILDCARD_SHELL "/SENDMAIL/ANY/SHELL/" bool usershellok(user, shell) char *user; char *shell; { # if HASGETUSERSHELL register char *p; extern char *getusershell(); if (shell == NULL || shell[0] == '\0' || wordinclass(user, 't') || ConfigLevel <= 1) return TRUE; setusershell(); while ((p = getusershell()) != NULL) if (strcmp(p, shell) == 0 || strcmp(p, WILDCARD_SHELL) == 0) break; endusershell(); return p != NULL; # else /* HASGETUSERSHELL */ # if USEGETCONFATTR auto char *v; # endif /* USEGETCONFATTR */ register FILE *shellf; char buf[MAXLINE]; if (shell == NULL || shell[0] == '\0' || wordinclass(user, 't') || ConfigLevel <= 1) return TRUE; # if USEGETCONFATTR /* ** Naturally IBM has a "better" idea..... ** ** What a crock. This interface isn't documented, it is ** considered part of the security library (-ls), and it ** only works if you are running as root (since the list ** of valid shells is obviously a source of great concern). ** I recommend that you do NOT define USEGETCONFATTR, ** especially since you are going to have to set up an ** /etc/shells anyhow to handle the cases where getconfattr ** fails. */ if (getconfattr(SC_SYS_LOGIN, SC_SHELLS, &v, SEC_LIST) == 0 && v != NULL) { while (*v != '\0') { if (strcmp(v, shell) == 0 || strcmp(v, WILDCARD_SHELL) == 0) return TRUE; v += strlen(v) + 1; } return FALSE; } # endif /* USEGETCONFATTR */ shellf = fopen(_PATH_SHELLS, "r"); if (shellf == NULL) { /* no /etc/shells; see if it is one of the std shells */ char **d; if (errno != ENOENT && LogLevel > 3) sm_syslog(LOG_ERR, NOQID, "usershellok: cannot open %s: %s", _PATH_SHELLS, errstring(errno)); for (d = DefaultUserShells; *d != NULL; d++) { if (strcmp(shell, *d) == 0) return TRUE; } return FALSE; } while (fgets(buf, sizeof buf, shellf) != NULL) { register char *p, *q; p = buf; while (*p != '\0' && *p != '#' && *p != '/') p++; if (*p == '#' || *p == '\0') continue; q = p; while (*p != '\0' && *p != '#' && !(isascii(*p) && isspace(*p))) p++; *p = '\0'; if (strcmp(shell, q) == 0 || strcmp(WILDCARD_SHELL, q) == 0) { (void) fclose(shellf); return TRUE; } } (void) fclose(shellf); return FALSE; # endif /* HASGETUSERSHELL */ } /* ** FREEDISKSPACE -- see how much free space is on the queue filesystem ** ** Only implemented if you have statfs. ** ** Parameters: ** dir -- the directory in question. ** bsize -- a variable into which the filesystem ** block size is stored. ** ** Returns: ** The number of blocks free on the queue filesystem. ** -1 if the statfs call fails. ** ** Side effects: ** Puts the filesystem block size into bsize. */ /* statfs types */ #define SFS_NONE 0 /* no statfs implementation */ #define SFS_USTAT 1 /* use ustat */ #define SFS_4ARGS 2 /* use four-argument statfs call */ #define SFS_VFS 3 /* use implementation */ #define SFS_MOUNT 4 /* use implementation */ #define SFS_STATFS 5 /* use implementation */ #define SFS_STATVFS 6 /* use implementation */ #ifndef SFS_TYPE # define SFS_TYPE SFS_NONE #endif /* ! SFS_TYPE */ #if SFS_TYPE == SFS_USTAT # include #endif /* SFS_TYPE == SFS_USTAT */ #if SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS # include #endif /* SFS_TYPE == SFS_4ARGS || SFS_TYPE == SFS_STATFS */ #if SFS_TYPE == SFS_VFS # include #endif /* SFS_TYPE == SFS_VFS */ #if SFS_TYPE == SFS_MOUNT # include #endif /* SFS_TYPE == SFS_MOUNT */ #if SFS_TYPE == SFS_STATVFS # include #endif /* SFS_TYPE == SFS_STATVFS */ long freediskspace(dir, bsize) char *dir; long *bsize; { # if SFS_TYPE != SFS_NONE # if SFS_TYPE == SFS_USTAT struct ustat fs; struct stat statbuf; # define FSBLOCKSIZE DEV_BSIZE # define SFS_BAVAIL f_tfree # else /* SFS_TYPE == SFS_USTAT */ # if defined(ultrix) struct fs_data fs; # define SFS_BAVAIL fd_bfreen # define FSBLOCKSIZE 1024L # else /* defined(ultrix) */ # if SFS_TYPE == SFS_STATVFS struct statvfs fs; # define FSBLOCKSIZE fs.f_frsize # else /* SFS_TYPE == SFS_STATVFS */ struct statfs fs; # define FSBLOCKSIZE fs.f_bsize # endif /* SFS_TYPE == SFS_STATVFS */ # endif /* defined(ultrix) */ # endif /* SFS_TYPE == SFS_USTAT */ # ifndef SFS_BAVAIL # define SFS_BAVAIL f_bavail # endif /* ! SFS_BAVAIL */ # if SFS_TYPE == SFS_USTAT if (stat(dir, &statbuf) == 0 && ustat(statbuf.st_dev, &fs) == 0) # else /* SFS_TYPE == SFS_USTAT */ # if SFS_TYPE == SFS_4ARGS if (statfs(dir, &fs, sizeof fs, 0) == 0) # else /* SFS_TYPE == SFS_4ARGS */ # if SFS_TYPE == SFS_STATVFS if (statvfs(dir, &fs) == 0) # else /* SFS_TYPE == SFS_STATVFS */ # if defined(ultrix) if (statfs(dir, &fs) > 0) # else /* defined(ultrix) */ if (statfs(dir, &fs) == 0) # endif /* defined(ultrix) */ # endif /* SFS_TYPE == SFS_STATVFS */ # endif /* SFS_TYPE == SFS_4ARGS */ # endif /* SFS_TYPE == SFS_USTAT */ { if (bsize != NULL) *bsize = FSBLOCKSIZE; if (fs.SFS_BAVAIL <= 0) return 0; else if (fs.SFS_BAVAIL > LONG_MAX) return (long) LONG_MAX; else return (long) fs.SFS_BAVAIL; } # endif /* SFS_TYPE != SFS_NONE */ return -1; } /* ** ENOUGHDISKSPACE -- is there enough free space on the queue fs? ** ** Only implemented if you have statfs. ** ** Parameters: ** msize -- the size to check against. If zero, we don't yet ** know how big the message will be, so just check for ** a "reasonable" amount. ** log -- log message? ** ** Returns: ** TRUE if there is enough space. ** FALSE otherwise. */ bool enoughdiskspace(msize, log) long msize; bool log; { long bfree; long bsize; if (MinBlocksFree <= 0 && msize <= 0) { if (tTd(4, 80)) dprintf("enoughdiskspace: no threshold\n"); return TRUE; } bfree = freediskspace(QueueDir, &bsize); if (bfree >= 0) { if (tTd(4, 80)) dprintf("enoughdiskspace: bavail=%ld, need=%ld\n", bfree, msize); /* convert msize to block count */ msize = msize / bsize + 1; if (MinBlocksFree >= 0) msize += MinBlocksFree; if (bfree < msize) { if (log && LogLevel > 0) sm_syslog(LOG_ALERT, CurEnv->e_id, "low on space (have %ld, %s needs %ld in %s)", bfree, CurHostName == NULL ? "SMTP-DAEMON" : CurHostName, msize, QueueDir); return FALSE; } } else if (tTd(4, 80)) dprintf("enoughdiskspace failure: min=%ld, need=%ld: %s\n", MinBlocksFree, msize, errstring(errno)); return TRUE; } /* ** TRANSIENTERROR -- tell if an error code indicates a transient failure ** ** This looks at an errno value and tells if this is likely to ** go away if retried later. ** ** Parameters: ** err -- the errno code to classify. ** ** Returns: ** TRUE if this is probably transient. ** FALSE otherwise. */ bool transienterror(err) int err; { switch (err) { case EIO: /* I/O error */ case ENXIO: /* Device not configured */ case EAGAIN: /* Resource temporarily unavailable */ case ENOMEM: /* Cannot allocate memory */ case ENODEV: /* Operation not supported by device */ case ENFILE: /* Too many open files in system */ case EMFILE: /* Too many open files */ case ENOSPC: /* No space left on device */ #ifdef ETIMEDOUT case ETIMEDOUT: /* Connection timed out */ #endif /* ETIMEDOUT */ #ifdef ESTALE case ESTALE: /* Stale NFS file handle */ #endif /* ESTALE */ #ifdef ENETDOWN case ENETDOWN: /* Network is down */ #endif /* ENETDOWN */ #ifdef ENETUNREACH case ENETUNREACH: /* Network is unreachable */ #endif /* ENETUNREACH */ #ifdef ENETRESET case ENETRESET: /* Network dropped connection on reset */ #endif /* ENETRESET */ #ifdef ECONNABORTED case ECONNABORTED: /* Software caused connection abort */ #endif /* ECONNABORTED */ #ifdef ECONNRESET case ECONNRESET: /* Connection reset by peer */ #endif /* ECONNRESET */ #ifdef ENOBUFS case ENOBUFS: /* No buffer space available */ #endif /* ENOBUFS */ #ifdef ESHUTDOWN case ESHUTDOWN: /* Can't send after socket shutdown */ #endif /* ESHUTDOWN */ #ifdef ECONNREFUSED case ECONNREFUSED: /* Connection refused */ #endif /* ECONNREFUSED */ #ifdef EHOSTDOWN case EHOSTDOWN: /* Host is down */ #endif /* EHOSTDOWN */ #ifdef EHOSTUNREACH case EHOSTUNREACH: /* No route to host */ #endif /* EHOSTUNREACH */ #ifdef EDQUOT case EDQUOT: /* Disc quota exceeded */ #endif /* EDQUOT */ #ifdef EPROCLIM case EPROCLIM: /* Too many processes */ #endif /* EPROCLIM */ #ifdef EUSERS case EUSERS: /* Too many users */ #endif /* EUSERS */ #ifdef EDEADLK case EDEADLK: /* Resource deadlock avoided */ #endif /* EDEADLK */ #ifdef EISCONN case EISCONN: /* Socket already connected */ #endif /* EISCONN */ #ifdef EINPROGRESS case EINPROGRESS: /* Operation now in progress */ #endif /* EINPROGRESS */ #ifdef EALREADY case EALREADY: /* Operation already in progress */ #endif /* EALREADY */ #ifdef EADDRINUSE case EADDRINUSE: /* Address already in use */ #endif /* EADDRINUSE */ #ifdef EADDRNOTAVAIL case EADDRNOTAVAIL: /* Can't assign requested address */ #endif /* EADDRNOTAVAIL */ #ifdef ETXTBSY case ETXTBSY: /* (Apollo) file locked */ #endif /* ETXTBSY */ #if defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR)) case ENOSR: /* Out of streams resources */ #endif /* defined(ENOSR) && (!defined(ENOBUFS) || (ENOBUFS != ENOSR)) */ #ifdef ENOLCK case ENOLCK: /* No locks available */ #endif /* ENOLCK */ case E_SM_OPENTIMEOUT: /* PSEUDO: open timed out */ return TRUE; } /* nope, must be permanent */ return FALSE; } /* ** LOCKFILE -- lock a file using flock or (shudder) fcntl locking ** ** Parameters: ** fd -- the file descriptor of the file. ** filename -- the file name (for error messages). ** ext -- the filename extension. ** type -- type of the lock. Bits can be: ** LOCK_EX -- exclusive lock. ** LOCK_NB -- non-blocking. +** LOCK_UN -- unlock. ** ** Returns: ** TRUE if the lock was acquired. ** FALSE otherwise. */ bool lockfile(fd, filename, ext, type) int fd; char *filename; char *ext; int type; { int i; int save_errno; # if !HASFLOCK int action; struct flock lfd; if (ext == NULL) ext = ""; memset(&lfd, '\0', sizeof lfd); if (bitset(LOCK_UN, type)) lfd.l_type = F_UNLCK; else if (bitset(LOCK_EX, type)) lfd.l_type = F_WRLCK; else lfd.l_type = F_RDLCK; if (bitset(LOCK_NB, type)) action = F_SETLK; else action = F_SETLKW; if (tTd(55, 60)) dprintf("lockfile(%s%s, action=%d, type=%d): ", filename, ext, action, lfd.l_type); while ((i = fcntl(fd, action, &lfd)) < 0 && errno == EINTR) continue; if (i >= 0) { if (tTd(55, 60)) dprintf("SUCCESS\n"); return TRUE; } save_errno = errno; if (tTd(55, 60)) dprintf("(%s) ", errstring(save_errno)); /* ** On SunOS, if you are testing using -oQ/tmp/mqueue or ** -oA/tmp/aliases or anything like that, and /tmp is mounted ** as type "tmp" (that is, served from swap space), the ** previous fcntl will fail with "Invalid argument" errors. ** Since this is fairly common during testing, we will assume ** that this indicates that the lock is successfully grabbed. */ if (save_errno == EINVAL) { if (tTd(55, 60)) dprintf("SUCCESS\n"); return TRUE; } if (!bitset(LOCK_NB, type) || (save_errno != EACCES && save_errno != EAGAIN)) { int omode = -1; # ifdef F_GETFL (void) fcntl(fd, F_GETFL, &omode); errno = save_errno; # endif /* F_GETFL */ syserr("cannot lockf(%s%s, fd=%d, type=%o, omode=%o, euid=%d)", filename, ext, fd, type, omode, geteuid()); dumpfd(fd, TRUE, TRUE); } # else /* !HASFLOCK */ if (ext == NULL) ext = ""; if (tTd(55, 60)) dprintf("lockfile(%s%s, type=%o): ", filename, ext, type); while ((i = flock(fd, type)) < 0 && errno == EINTR) continue; if (i >= 0) { if (tTd(55, 60)) dprintf("SUCCESS\n"); return TRUE; } save_errno = errno; if (tTd(55, 60)) dprintf("(%s) ", errstring(save_errno)); if (!bitset(LOCK_NB, type) || save_errno != EWOULDBLOCK) { int omode = -1; # ifdef F_GETFL (void) fcntl(fd, F_GETFL, &omode); errno = save_errno; # endif /* F_GETFL */ syserr("cannot flock(%s%s, fd=%d, type=%o, omode=%o, euid=%d)", filename, ext, fd, type, omode, geteuid()); dumpfd(fd, TRUE, TRUE); } # endif /* !HASFLOCK */ if (tTd(55, 60)) dprintf("FAIL\n"); errno = save_errno; return FALSE; } /* ** CHOWNSAFE -- tell if chown is "safe" (executable only by root) ** ** Unfortunately, given that we can't predict other systems on which ** a remote mounted (NFS) filesystem will be mounted, the answer is ** almost always that this is unsafe. ** ** Note also that many operating systems have non-compliant ** implementations of the _POSIX_CHOWN_RESTRICTED variable and the ** fpathconf() routine. According to IEEE 1003.1-1990, if ** _POSIX_CHOWN_RESTRICTED is defined and not equal to -1, then ** no non-root process can give away the file. However, vendors ** don't take NFS into account, so a comfortable value of ** _POSIX_CHOWN_RESTRICTED tells us nothing. ** ** Also, some systems (e.g., IRIX 6.2) return 1 from fpathconf() ** even on files where chown is not restricted. Many systems get ** this wrong on NFS-based filesystems (that is, they say that chown ** is restricted [safe] on NFS filesystems where it may not be, since ** other systems can access the same filesystem and do file giveaway; ** only the NFS server knows for sure!) Hence, it is important to ** get the value of SAFENFSPATHCONF correct -- it should be defined ** _only_ after testing (see test/t_pathconf.c) a system on an unsafe ** NFS-based filesystem to ensure that you can get meaningful results. ** If in doubt, assume unsafe! ** ** You may also need to tweak IS_SAFE_CHOWN -- it should be a ** condition indicating whether the return from pathconf indicates ** that chown is safe (typically either > 0 or >= 0 -- there isn't ** even any agreement about whether a zero return means that a file ** is or is not safe). It defaults to "> 0". ** ** If the parent directory is safe (writable only by owner back ** to the root) then we can relax slightly and trust fpathconf ** in more circumstances. This is really a crock -- if this is an ** NFS mounted filesystem then we really know nothing about the ** underlying implementation. However, most systems pessimize and ** return an error (EINVAL or EOPNOTSUPP) on NFS filesystems, which ** we interpret as unsafe, as we should. Thus, this heuristic gets ** us into a possible problem only on systems that have a broken ** pathconf implementation and which are also poorly configured ** (have :include: files in group- or world-writable directories). ** ** Parameters: ** fd -- the file descriptor to check. ** safedir -- set if the parent directory is safe. ** ** Returns: ** TRUE -- if the chown(2) operation is "safe" -- that is, ** only root can chown the file to an arbitrary user. ** FALSE -- if an arbitrary user can give away a file. */ #ifndef IS_SAFE_CHOWN # define IS_SAFE_CHOWN > 0 #endif /* ! IS_SAFE_CHOWN */ bool chownsafe(fd, safedir) int fd; bool safedir; { # if (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \ (defined(_PC_CHOWN_RESTRICTED) || defined(_GNU_TYPES_H)) int rval; /* give the system administrator a chance to override */ if (bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail)) return TRUE; /* ** Some systems (e.g., SunOS) seem to have the call and the ** #define _PC_CHOWN_RESTRICTED, but don't actually implement ** the call. This heuristic checks for that. */ errno = 0; rval = fpathconf(fd, _PC_CHOWN_RESTRICTED); # if SAFENFSPATHCONF return errno == 0 && rval IS_SAFE_CHOWN; # else /* SAFENFSPATHCONF */ return safedir && errno == 0 && rval IS_SAFE_CHOWN; # endif /* SAFENFSPATHCONF */ # else /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \ */ return bitnset(DBS_ASSUMESAFECHOWN, DontBlameSendmail); # endif /* (!defined(_POSIX_CHOWN_RESTRICTED) || _POSIX_CHOWN_RESTRICTED != -1) && \ */ } /* ** RESETLIMITS -- reset system controlled resource limits ** ** This is to avoid denial-of-service attacks ** ** Parameters: ** none ** ** Returns: ** none */ #if HASSETRLIMIT # ifdef RLIMIT_NEEDS_SYS_TIME_H # include # endif /* RLIMIT_NEEDS_SYS_TIME_H */ # include #endif /* HASSETRLIMIT */ #ifndef FD_SETSIZE # define FD_SETSIZE 256 #endif /* ! FD_SETSIZE */ void resetlimits() { #if HASSETRLIMIT struct rlimit lim; lim.rlim_cur = lim.rlim_max = RLIM_INFINITY; (void) setrlimit(RLIMIT_CPU, &lim); (void) setrlimit(RLIMIT_FSIZE, &lim); # ifdef RLIMIT_NOFILE lim.rlim_cur = lim.rlim_max = FD_SETSIZE; (void) setrlimit(RLIMIT_NOFILE, &lim); # endif /* RLIMIT_NOFILE */ #else /* HASSETRLIMIT */ # if HASULIMIT (void) ulimit(2, 0x3fffff); (void) ulimit(4, FD_SETSIZE); # endif /* HASULIMIT */ #endif /* HASSETRLIMIT */ errno = 0; } /* ** GETCFNAME -- return the name of the .cf file. ** ** Some systems (e.g., NeXT) determine this dynamically. */ char * getcfname() { if (ConfFile != NULL) return ConfFile; #if NETINFO { char *cflocation; cflocation = ni_propval("/locations", NULL, "sendmail", "sendmail.cf", '\0'); if (cflocation != NULL) return cflocation; } #endif /* NETINFO */ return _PATH_SENDMAILCF; } /* ** SETVENDOR -- process vendor code from V configuration line ** ** Parameters: ** vendor -- string representation of vendor. ** ** Returns: ** TRUE -- if ok. ** FALSE -- if vendor code could not be processed. ** ** Side Effects: ** It is reasonable to set mode flags here to tweak ** processing in other parts of the code if necessary. ** For example, if you are a vendor that uses $%y to ** indicate YP lookups, you could enable that here. */ bool setvendor(vendor) char *vendor; { if (strcasecmp(vendor, "Berkeley") == 0) { VendorCode = VENDOR_BERKELEY; return TRUE; } /* add vendor extensions here */ #ifdef SUN_EXTENSIONS if (strcasecmp(vendor, "Sun") == 0) { VendorCode = VENDOR_SUN; return TRUE; } #endif /* SUN_EXTENSIONS */ #if defined(VENDOR_NAME) && defined(VENDOR_CODE) if (strcasecmp(vendor, VENDOR_NAME) == 0) { VendorCode = VENDOR_CODE; return TRUE; } #endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */ return FALSE; } /* ** GETVENDOR -- return vendor name based on vendor code ** ** Parameters: ** vendorcode -- numeric representation of vendor. ** ** Returns: ** string containing vendor name. */ char * getvendor(vendorcode) int vendorcode; { #if defined(VENDOR_NAME) && defined(VENDOR_CODE) /* ** Can't have the same switch case twice so need to ** handle VENDOR_CODE outside of switch. It might ** match one of the existing VENDOR_* codes. */ if (vendorcode == VENDOR_CODE) return VENDOR_NAME; #endif /* defined(VENDOR_NAME) && defined(VENDOR_CODE) */ switch (vendorcode) { case VENDOR_BERKELEY: return "Berkeley"; case VENDOR_SUN: return "Sun"; case VENDOR_HP: return "HP"; case VENDOR_IBM: return "IBM"; case VENDOR_SENDMAIL: return "Sendmail"; default: return "Unknown"; } } /* ** VENDOR_PRE_DEFAULTS, VENDOR_POST_DEFAULTS -- set vendor-specific defaults ** ** Vendor_pre_defaults is called before reading the configuration ** file; vendor_post_defaults is called immediately after. ** ** Parameters: ** e -- the global environment to initialize. ** ** Returns: ** none. */ #if SHARE_V1 int DefShareUid; /* default share uid to run as -- unused??? */ #endif /* SHARE_V1 */ void vendor_pre_defaults(e) ENVELOPE *e; { #if SHARE_V1 /* OTHERUID is defined in shares.h, do not be alarmed */ DefShareUid = OTHERUID; #endif /* SHARE_V1 */ #if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) sun_pre_defaults(e); #endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */ #ifdef apollo /* ** stupid domain/os can't even open ** /etc/mail/sendmail.cf without this */ setuserenv("ISP", NULL); setuserenv("SYSTYPE", NULL); #endif /* apollo */ } void vendor_post_defaults(e) ENVELOPE *e; { #ifdef __QNX__ char *p; /* Makes sure the SOCK environment variable remains */ if (p = getextenv("SOCK")) setuserenv("SOCK", p); #endif /* __QNX__ */ #if defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) sun_post_defaults(e); #endif /* defined(SUN_EXTENSIONS) && defined(SUN_DEFAULT_VALUES) */ } /* ** VENDOR_DAEMON_SETUP -- special vendor setup needed for daemon mode */ void vendor_daemon_setup(e) ENVELOPE *e; { #if HASSETLOGIN (void) setlogin(RunAsUserName); #endif /* HASSETLOGIN */ #if SECUREWARE if (getluid() != -1) { usrerr("Daemon cannot have LUID"); finis(FALSE, EX_USAGE); } #endif /* SECUREWARE */ } /* ** VENDOR_SET_UID -- do setup for setting a user id ** ** This is called when we are still root. ** ** Parameters: ** uid -- the uid we are about to become. ** ** Returns: ** none. */ void vendor_set_uid(uid) UID_T uid; { /* ** We need to setup the share groups (lnodes) ** and add auditing information (luid's) ** before we loose our ``root''ness. */ #if SHARE_V1 if (setupshares(uid, syserr) != 0) syserr("Unable to set up shares"); #endif /* SHARE_V1 */ #if SECUREWARE (void) setup_secure(uid); #endif /* SECUREWARE */ } /* ** VALIDATE_CONNECTION -- check connection for rationality ** ** If the connection is rejected, this routine should log an ** appropriate message -- but should never issue any SMTP protocol. ** ** Parameters: ** sap -- a pointer to a SOCKADDR naming the peer. ** hostname -- the name corresponding to sap. ** e -- the current envelope. ** ** Returns: ** error message from rejection. ** NULL if not rejected. */ #if TCPWRAPPERS # include /* tcpwrappers does no logging, but you still have to declare these -- ugh */ int allow_severity = LOG_INFO; int deny_severity = LOG_NOTICE; #endif /* TCPWRAPPERS */ #if DAEMON char * validate_connection(sap, hostname, e) SOCKADDR *sap; char *hostname; ENVELOPE *e; { # if TCPWRAPPERS char *host; # endif /* TCPWRAPPERS */ if (tTd(48, 3)) dprintf("validate_connection(%s, %s)\n", hostname, anynet_ntoa(sap)); if (rscheck("check_relay", hostname, anynet_ntoa(sap), - e, TRUE, TRUE, 4) != EX_OK) + e, TRUE, TRUE, 4, NULL) != EX_OK) { static char reject[BUFSIZ*2]; extern char MsgBuf[]; if (tTd(48, 4)) dprintf(" ... validate_connection: BAD (rscheck)\n"); if (strlen(MsgBuf) >= 3) (void) strlcpy(reject, MsgBuf, sizeof reject); else (void) strlcpy(reject, "Access denied", sizeof reject); return reject; } # if TCPWRAPPERS if (hostname[0] == '[' && hostname[strlen(hostname) - 1] == ']') host = "unknown"; else host = hostname; if (!hosts_ctl("sendmail", host, anynet_ntoa(sap), STRING_UNKNOWN)) { if (tTd(48, 4)) dprintf(" ... validate_connection: BAD (tcpwrappers)\n"); if (LogLevel >= 4) sm_syslog(LOG_NOTICE, e->e_id, "tcpwrappers (%s, %s) rejection", host, anynet_ntoa(sap)); return "Access denied"; } # endif /* TCPWRAPPERS */ if (tTd(48, 4)) dprintf(" ... validate_connection: OK\n"); return NULL; } #endif /* DAEMON */ /* ** STRTOL -- convert string to long integer ** ** For systems that don't have it in the C library. ** ** This is taken verbatim from the 4.4-Lite C library. */ #if NEEDSTRTOL # if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)strtol.c 8.1 (Berkeley) 6/4/93"; # endif /* defined(LIBC_SCCS) && !defined(lint) */ /* * Convert a string to a long integer. * * Ignores `locale' stuff. Assumes that the upper and lower case * alphabets and digits are each contiguous. */ long strtol(nptr, endptr, base) const char *nptr; char **endptr; register int base; { register const char *s = nptr; register unsigned long acc; register int c; register unsigned long cutoff; register int neg = 0, any, cutlim; /* * Skip white space and pick up leading +/- sign if any. * If base is 0, allow 0x for hex and 0 for octal, else * assume decimal; if base is already 16, allow 0x. */ do { c = *s++; } while (isspace(c)); if (c == '-') { neg = 1; c = *s++; } else if (c == '+') c = *s++; if ((base == 0 || base == 16) && c == '0' && (*s == 'x' || *s == 'X')) { c = s[1]; s += 2; base = 16; } if (base == 0) base = c == '0' ? 8 : 10; /* * Compute the cutoff value between legal numbers and illegal * numbers. That is the largest legal value, divided by the * base. An input number that is greater than this value, if * followed by a legal input character, is too big. One that * is equal to this value may be valid or not; the limit * between valid and invalid numbers is then based on the last * digit. For instance, if the range for longs is * [-2147483648..2147483647] and the input base is 10, * cutoff will be set to 214748364 and cutlim to either * 7 (neg==0) or 8 (neg==1), meaning that if we have accumulated * a value > 214748364, or equal but the next digit is > 7 (or 8), * the number is too big, and we will return a range error. * * Set any if any `digits' consumed; make it negative to indicate * overflow. */ cutoff = neg ? -(unsigned long)LONG_MIN : LONG_MAX; cutlim = cutoff % (unsigned long)base; cutoff /= (unsigned long)base; for (acc = 0, any = 0;; c = *s++) { if (isdigit(c)) c -= '0'; else if (isalpha(c)) c -= isupper(c) ? 'A' - 10 : 'a' - 10; else break; if (c >= base) break; if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim) any = -1; else { any = 1; acc *= base; acc += c; } } if (any < 0) { acc = neg ? LONG_MIN : LONG_MAX; errno = ERANGE; } else if (neg) acc = -acc; if (endptr != 0) *endptr = (char *)(any ? s - 1 : nptr); return acc; } #endif /* NEEDSTRTOL */ /* ** STRSTR -- find first substring in string ** ** Parameters: ** big -- the big (full) string. ** little -- the little (sub) string. ** ** Returns: ** A pointer to the first instance of little in big. ** big if little is the null string. ** NULL if little is not contained in big. */ #if NEEDSTRSTR char * strstr(big, little) char *big; char *little; { register char *p = big; int l; if (*little == '\0') return big; l = strlen(little); while ((p = strchr(p, *little)) != NULL) { if (strncmp(p, little, l) == 0) return p; p++; } return NULL; } #endif /* NEEDSTRSTR */ /* ** SM_GETHOSTBY{NAME,ADDR} -- compatibility routines for gethostbyXXX ** ** Some operating systems have wierd problems with the gethostbyXXX ** routines. For example, Solaris versions at least through 2.3 ** don't properly deliver a canonical h_name field. This tries to ** work around these problems. ** ** Support IPv6 as well as IPv4. */ #if NETINET6 && NEEDSGETIPNODE && __RES < 19990909 # ifndef AI_DEFAULT # define AI_DEFAULT 0 /* dummy */ # endif /* ! AI_DEFAULT */ # ifndef AI_ADDRCONFIG # define AI_ADDRCONFIG 0 /* dummy */ # endif /* ! AI_ADDRCONFIG */ # ifndef AI_V4MAPPED # define AI_V4MAPPED 0 /* dummy */ # endif /* ! AI_V4MAPPED */ # ifndef AI_ALL # define AI_ALL 0 /* dummy */ # endif /* ! AI_ALL */ static struct hostent * getipnodebyname(name, family, flags, err) char *name; int family; int flags; int *err; { bool resv6 = TRUE; struct hostent *h; if (family == AF_INET6) { /* From RFC2133, section 6.1 */ resv6 = bitset(RES_USE_INET6, _res.options); _res.options |= RES_USE_INET6; } h_errno = 0; h = gethostbyname(name); *err = h_errno; if (family == AF_INET6 && !resv6) _res.options &= ~RES_USE_INET6; return h; } static struct hostent * getipnodebyaddr(addr, len, family, err) char *addr; int len; int family; int *err; { struct hostent *h; h_errno = 0; h = gethostbyaddr(addr, len, family); *err = h_errno; return h; } + +# if _FFR_FREEHOSTENT +void +freehostent(h) + struct hostent *h; +{ + /* + ** Stub routine -- if they don't have getipnodeby*(), + ** they probably don't have the free routine either. + */ + + return; +} +# endif /* _FFR_FREEHOSTENT */ #endif /* NEEDSGETIPNODE && NETINET6 && __RES < 19990909 */ struct hostent * sm_gethostbyname(name, family) char *name; int family; { struct hostent *h = NULL; #if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) # if SOLARIS == 20300 || SOLARIS == 203 static struct hostent hp; static char buf[1000]; extern struct hostent *_switch_gethostbyname_r(); if (tTd(61, 10)) dprintf("_switch_gethostbyname_r(%s)... ", name); h = _switch_gethostbyname_r(name, &hp, buf, sizeof(buf), &h_errno); # else /* SOLARIS == 20300 || SOLARIS == 203 */ extern struct hostent *__switch_gethostbyname(); if (tTd(61, 10)) dprintf("__switch_gethostbyname(%s)... ", name); h = __switch_gethostbyname(name); # endif /* SOLARIS == 20300 || SOLARIS == 203 */ #else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ int nmaps; # if NETINET6 int flags = AI_DEFAULT|AI_ALL; int err; # endif /* NETINET6 */ int save_errno; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; char hbuf[MAXNAME]; if (tTd(61, 10)) dprintf("sm_gethostbyname(%s, %d)... ", name, family); # if NETINET6 # if ADDRCONFIG_IS_BROKEN flags &= ~AI_ADDRCONFIG; # endif /* ADDRCONFIG_IS_BROKEN */ h = getipnodebyname(name, family, flags, &err); h_errno = err; # else /* NETINET6 */ h = gethostbyname(name); # endif /* NETINET6 */ save_errno = errno; if (h == NULL) { if (tTd(61, 10)) dprintf("failure\n"); nmaps = switch_map_find("hosts", maptype, mapreturn); while (--nmaps >= 0) + { if (strcmp(maptype[nmaps], "nis") == 0 || strcmp(maptype[nmaps], "files") == 0) break; + } + if (nmaps >= 0) { /* try short name */ if (strlen(name) > (SIZE_T) sizeof hbuf - 1) { errno = save_errno; return NULL; } (void) strlcpy(hbuf, name, sizeof hbuf); shorten_hostname(hbuf); /* if it hasn't been shortened, there's no point */ if (strcmp(hbuf, name) != 0) { if (tTd(61, 10)) dprintf("sm_gethostbyname(%s, %d)... ", hbuf, family); # if NETINET6 h = getipnodebyname(hbuf, family, AI_V4MAPPED|AI_ALL, &err); h_errno = err; save_errno = errno; # else /* NETINET6 */ h = gethostbyname(hbuf); save_errno = errno; # endif /* NETINET6 */ } } } #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */ if (tTd(61, 10)) { if (h == NULL) dprintf("failure\n"); else { dprintf("%s\n", h->h_name); if (tTd(61, 11)) { #if NETINET6 struct in6_addr ia6; char buf6[INET6_ADDRSTRLEN]; #else /* NETINET6 */ struct in_addr ia; #endif /* NETINET6 */ int i; if (h->h_aliases != NULL) for (i = 0; h->h_aliases[i] != NULL; i++) dprintf("\talias: %s\n", h->h_aliases[i]); for (i = 0; h->h_addr_list[i] != NULL; i++) { char *addr; #if NETINET6 memmove(&ia6, h->h_addr_list[i], IN6ADDRSZ); addr = anynet_ntop(&ia6, buf6, sizeof buf6); #else /* NETINET6 */ memmove(&ia, h->h_addr_list[i], INADDRSZ); addr = (char *) inet_ntoa(ia); #endif /* NETINET6 */ if (addr != NULL) dprintf("\taddr: %s\n", addr); } } } } errno = save_errno; return h; } struct hostent * sm_gethostbyaddr(addr, len, type) char *addr; int len; int type; { struct hostent *hp; #if (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) # if SOLARIS == 20300 || SOLARIS == 203 static struct hostent he; static char buf[1000]; extern struct hostent *_switch_gethostbyaddr_r(); hp = _switch_gethostbyaddr_r(addr, len, type, &he, buf, sizeof(buf), &h_errno); # else /* SOLARIS == 20300 || SOLARIS == 203 */ extern struct hostent *__switch_gethostbyaddr(); hp = __switch_gethostbyaddr(addr, len, type); # endif /* SOLARIS == 20300 || SOLARIS == 203 */ #else /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */ # if NETINET6 int err; # endif /* NETINET6 */ # if NETINET6 hp = getipnodebyaddr(addr, len, type, &err); h_errno = err; # else /* NETINET6 */ hp = gethostbyaddr(addr, len, type); # endif /* NETINET6 */ return hp; #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) */ } /* ** SM_GETPW{NAM,UID} -- wrapper for getpwnam and getpwuid */ struct passwd * sm_getpwnam(user) char *user; { # ifdef _AIX4 extern struct passwd *_getpwnam_shadow(const char *, const int); return _getpwnam_shadow(user, 0); # else /* _AIX4 */ return getpwnam(user); # endif /* _AIX4 */ } struct passwd * sm_getpwuid(uid) UID_T uid; { # if defined(_AIX4) && 0 extern struct passwd *_getpwuid_shadow(const int, const int); return _getpwuid_shadow(uid,0); # else /* defined(_AIX4) && 0 */ return getpwuid(uid); # endif /* defined(_AIX4) && 0 */ } /* ** SECUREWARE_SETUP_SECURE -- Convex SecureWare setup ** ** Set up the trusted computing environment for C2 level security ** under SecureWare. ** ** Parameters: ** uid -- uid of the user to initialize in the TCB ** ** Returns: ** none ** ** Side Effects: ** Initialized the user in the trusted computing base */ #if SECUREWARE # include # include void secureware_setup_secure(uid) UID_T uid; { int rc; if (getluid() != -1) return; if ((rc = set_secure_info(uid)) != SSI_GOOD_RETURN) { switch (rc) { case SSI_NO_PRPW_ENTRY: syserr("No protected passwd entry, uid = %d", uid); break; case SSI_LOCKED: syserr("Account has been disabled, uid = %d", uid); break; case SSI_RETIRED: syserr("Account has been retired, uid = %d", uid); break; case SSI_BAD_SET_LUID: syserr("Could not set LUID, uid = %d", uid); break; case SSI_BAD_SET_PRIVS: syserr("Could not set kernel privs, uid = %d", uid); default: syserr("Unknown return code (%d) from set_secure_info(%d)", rc, uid); break; } finis(FALSE, EX_NOPERM); } } #endif /* SECUREWARE */ /* ** ADD_HOSTNAMES -- Add a hostname to class 'w' based on IP address ** ** Add hostnames to class 'w' based on the IP address read from ** the network interface. ** ** Parameters: ** sa -- a pointer to a SOCKADDR containing the address ** ** Returns: ** 0 if successful, -1 if host lookup fails. */ static int add_hostnames(sa) SOCKADDR *sa; { struct hostent *hp; char **ha; char hnb[MAXHOSTNAMELEN]; /* lookup name with IP address */ switch (sa->sa.sa_family) { #if NETINET case AF_INET: hp = sm_gethostbyaddr((char *) &sa->sin.sin_addr, - sizeof(sa->sin.sin_addr), sa->sa.sa_family); + sizeof(sa->sin.sin_addr), + sa->sa.sa_family); break; #endif /* NETINET */ #if NETINET6 case AF_INET6: hp = sm_gethostbyaddr((char *) &sa->sin6.sin6_addr, - sizeof(sa->sin6.sin6_addr), sa->sa.sa_family); + sizeof(sa->sin6.sin6_addr), + sa->sa.sa_family); break; #endif /* NETINET6 */ default: /* Give warning about unsupported family */ if (LogLevel > 3) sm_syslog(LOG_WARNING, NOQID, "Unsupported address family %d: %.100s", sa->sa.sa_family, anynet_ntoa(sa)); return -1; } if (hp == NULL) { int save_errno = errno; if (LogLevel > 3 && #if NETINET6 !(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&sa->sin6.sin6_addr)) && #endif /* NETINET6 */ TRUE) sm_syslog(LOG_WARNING, NOQID, "gethostbyaddr(%.100s) failed: %d\n", anynet_ntoa(sa), #if NAMED_BIND h_errno #else /* NAMED_BIND */ -1 #endif /* NAMED_BIND */ ); errno = save_errno; return -1; } /* save its cname */ if (!wordinclass((char *) hp->h_name, 'w')) { setclass('w', (char *) hp->h_name); if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", hp->h_name); if (snprintf(hnb, sizeof hnb, "[%s]", hp->h_name) < sizeof hnb && !wordinclass((char *) hnb, 'w')) setclass('w', hnb); } else { if (tTd(0, 43)) dprintf("\ta.k.a.: %s (already in $=w)\n", hp->h_name); } /* save all it aliases name */ for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++) { if (!wordinclass(*ha, 'w')) { setclass('w', *ha); if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", *ha); if (snprintf(hnb, sizeof hnb, "[%s]", *ha) < sizeof hnb && !wordinclass((char *) hnb, 'w')) setclass('w', hnb); } else { if (tTd(0, 43)) dprintf("\ta.k.a.: %s (already in $=w)\n", *ha); } } +#if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); +#endif /* _FFR_FREEHOSTENT && NETINET6 */ return 0; } /* ** LOAD_IF_NAMES -- load interface-specific names into $=w ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** Loads $=w with the names of all the interfaces. */ #if !NETINET # define SIOCGIFCONF_IS_BROKEN 1 /* XXX */ #endif /* !NETINET */ #if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN struct rtentry; struct mbuf; # ifndef SUNOS403 # include # endif /* ! SUNOS403 */ # if (_AIX4 >= 40300) && !defined(_NET_IF_H) # undef __P # endif /* (_AIX4 >= 40300) && !defined(_NET_IF_H) */ # include #endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */ void load_if_names() { #if NETINET6 && defined(SIOCGLIFCONF) int s; int i; struct lifconf lifc; struct lifnum lifn; int numifs; s = socket(InetMode, SOCK_DGRAM, 0); if (s == -1) return; /* get the list of known IP address from the kernel */ # ifdef SIOCGLIFNUM lifn.lifn_family = AF_UNSPEC; lifn.lifn_flags = 0; if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { /* can't get number of interfaces -- fall back */ if (tTd(0, 4)) dprintf("SIOCGLIFNUM failed: %s\n", errstring(errno)); numifs = -1; } else { numifs = lifn.lifn_count; if (tTd(0, 42)) dprintf("system has %d interfaces\n", numifs); } if (numifs < 0) # endif /* SIOCGLIFNUM */ numifs = MAXINTERFACES; if (numifs <= 0) { - close(s); + (void) close(s); return; } lifc.lifc_len = numifs * sizeof (struct lifreq); lifc.lifc_buf = xalloc(lifc.lifc_len); lifc.lifc_family = AF_UNSPEC; lifc.lifc_flags = 0; if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { if (tTd(0, 4)) dprintf("SIOCGLIFCONF failed: %s\n", errstring(errno)); - close(s); + (void) close(s); + free(lifc.lifc_buf); return; } /* scan the list of IP address */ if (tTd(0, 40)) dprintf("scanning for interface specific names, lifc_len=%d\n", lifc.lifc_len); for (i = 0; i < lifc.lifc_len; ) { struct lifreq *ifr = (struct lifreq *)&lifc.lifc_buf[i]; SOCKADDR *sa = (SOCKADDR *) &ifr->lifr_addr; char *addr; struct in6_addr ia6; struct in_addr ia; # ifdef SIOCGLIFFLAGS struct lifreq ifrf; # endif /* SIOCGLIFFLAGS */ char ip_addr[256]; char buf6[INET6_ADDRSTRLEN]; int af = ifr->lifr_addr.ss_family; /* ** We must close and recreate the socket each time ** since we don't know what type of socket it is now ** (each status function may change it). */ (void) close(s); s = socket(af, SOCK_DGRAM, 0); if (s == -1) + { + free(lifc.lifc_buf); return; + } /* ** If we don't have a complete ifr structure, ** don't try to use it. */ if ((lifc.lifc_len - i) < sizeof *ifr) break; # ifdef BSD4_4_SOCKADDR if (sa->sa.sa_len > sizeof ifr->lifr_addr) i += sizeof ifr->lifr_name + sa->sa.sa_len; else # endif /* BSD4_4_SOCKADDR */ i += sizeof *ifr; if (tTd(0, 20)) dprintf("%s\n", anynet_ntoa(sa)); if (af != AF_INET && af != AF_INET6) continue; # ifdef SIOCGLIFFLAGS memset(&ifrf, '\0', sizeof(struct lifreq)); (void) strlcpy(ifrf.lifr_name, ifr->lifr_name, sizeof(ifrf.lifr_name)); if (ioctl(s, SIOCGLIFFLAGS, (char *) &ifrf) < 0) { if (tTd(0, 4)) dprintf("SIOCGLIFFLAGS failed: %s\n", errstring(errno)); continue; } else if (tTd(0, 41)) dprintf("\tflags: %lx\n", (unsigned long)ifrf.lifr_flags); if (!bitset(IFF_UP, ifrf.lifr_flags)) continue; # endif /* SIOCGLIFFLAGS */ ip_addr[0] = '\0'; /* extract IP address from the list*/ switch (af) { case AF_INET6: ia6 = sa->sin6.sin6_addr; - if (ia6.s6_addr == in6addr_any.s6_addr) +# ifdef __KAME__ + /* convert into proper scoped address - */ + if ((IN6_IS_ADDR_LINKLOCAL(&ia6) || + IN6_IS_ADDR_SITELOCAL(&ia6)) && + sa->sin6.sin6_scope_id == 0) { + sa->sin6.sin6_scope_id = ntohs(ia6.s6_addr[3] | + ((unsigned int) ia6.s6_addr[2] << 8)); + ia6.s6_addr[2] = ia6.s6_addr[3] = 0; + } +# endif /* __KAME__ */ + if (IN6_IS_ADDR_UNSPECIFIED(&ia6)) + { addr = anynet_ntop(&ia6, buf6, sizeof buf6); message("WARNING: interface %s is UP with %s address", ifr->lifr_name, addr == NULL ? "(NULL)" : addr); continue; } /* save IP address in text from */ addr = anynet_ntop(&ia6, buf6, sizeof buf6); if (addr != NULL) (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", (int) sizeof ip_addr - 3, addr); break; case AF_INET: ia = sa->sin.sin_addr; if (ia.s_addr == INADDR_ANY || ia.s_addr == INADDR_NONE) { message("WARNING: interface %s is UP with %s address", ifr->lifr_name, inet_ntoa(ia)); continue; } /* save IP address in text from */ (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", (int) sizeof ip_addr - 3, inet_ntoa(ia)); break; } if (*ip_addr == '\0') continue; if (!wordinclass(ip_addr, 'w')) { setclass('w', ip_addr); if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", ip_addr); } # ifdef SIOCGLIFFLAGS /* skip "loopback" interface "lo" */ if (bitset(IFF_LOOPBACK, ifrf.lifr_flags)) continue; # endif /* SIOCGLIFFLAGS */ (void) add_hostnames(sa); } free(lifc.lifc_buf); - close(s); + (void) close(s); #else /* NETINET6 && defined(SIOCGLIFCONF) */ # if defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN int s; int i; struct ifconf ifc; int numifs; s = socket(AF_INET, SOCK_DGRAM, 0); if (s == -1) return; /* get the list of known IP address from the kernel */ # if defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN if (ioctl(s, SIOCGIFNUM, (char *) &numifs) < 0) { /* can't get number of interfaces -- fall back */ if (tTd(0, 4)) dprintf("SIOCGIFNUM failed: %s\n", errstring(errno)); numifs = -1; } else if (tTd(0, 42)) dprintf("system has %d interfaces\n", numifs); if (numifs < 0) # endif /* defined(SIOCGIFNUM) && !SIOCGIFNUM_IS_BROKEN */ numifs = MAXINTERFACES; if (numifs <= 0) { (void) close(s); return; } ifc.ifc_len = numifs * sizeof (struct ifreq); ifc.ifc_buf = xalloc(ifc.ifc_len); if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0) { if (tTd(0, 4)) dprintf("SIOCGIFCONF failed: %s\n", errstring(errno)); (void) close(s); free(ifc.ifc_buf); return; } /* scan the list of IP address */ if (tTd(0, 40)) dprintf("scanning for interface specific names, ifc_len=%d\n", ifc.ifc_len); for (i = 0; i < ifc.ifc_len; ) { int af; struct ifreq *ifr = (struct ifreq *) &ifc.ifc_buf[i]; SOCKADDR *sa = (SOCKADDR *) &ifr->ifr_addr; # if NETINET6 char *addr; struct in6_addr ia6; # endif /* NETINET6 */ struct in_addr ia; # ifdef SIOCGIFFLAGS struct ifreq ifrf; # endif /* SIOCGIFFLAGS */ char ip_addr[256]; # if NETINET6 char buf6[INET6_ADDRSTRLEN]; # endif /* NETINET6 */ /* ** If we don't have a complete ifr structure, ** don't try to use it. */ if ((ifc.ifc_len - i) < sizeof *ifr) break; # ifdef BSD4_4_SOCKADDR if (sa->sa.sa_len > sizeof ifr->ifr_addr) i += sizeof ifr->ifr_name + sa->sa.sa_len; else # endif /* BSD4_4_SOCKADDR */ i += sizeof *ifr; if (tTd(0, 20)) dprintf("%s\n", anynet_ntoa(sa)); af = ifr->ifr_addr.sa_family; if (af != AF_INET # if NETINET6 && af != AF_INET6 # endif /* NETINET6 */ ) continue; # ifdef SIOCGIFFLAGS memset(&ifrf, '\0', sizeof(struct ifreq)); (void) strlcpy(ifrf.ifr_name, ifr->ifr_name, sizeof(ifrf.ifr_name)); (void) ioctl(s, SIOCGIFFLAGS, (char *) &ifrf); if (tTd(0, 41)) dprintf("\tflags: %lx\n", (unsigned long) ifrf.ifr_flags); # define IFRFREF ifrf # else /* SIOCGIFFLAGS */ # define IFRFREF (*ifr) # endif /* SIOCGIFFLAGS */ if (!bitset(IFF_UP, IFRFREF.ifr_flags)) continue; ip_addr[0] = '\0'; /* extract IP address from the list*/ switch (af) { case AF_INET: ia = sa->sin.sin_addr; if (ia.s_addr == INADDR_ANY || ia.s_addr == INADDR_NONE) { message("WARNING: interface %s is UP with %s address", ifr->ifr_name, inet_ntoa(ia)); continue; } /* save IP address in text from */ (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", (int) sizeof ip_addr - 3, inet_ntoa(ia)); break; # if NETINET6 case AF_INET6: ia6 = sa->sin6.sin6_addr; - if (ia6.s6_addr == in6addr_any.s6_addr) + if (IN6_IS_ADDR_UNSPECIFIED(&ia6)) { addr = anynet_ntop(&ia6, buf6, sizeof buf6); message("WARNING: interface %s is UP with %s address", ifr->ifr_name, addr == NULL ? "(NULL)" : addr); continue; } /* save IP address in text from */ addr = anynet_ntop(&ia6, buf6, sizeof buf6); if (addr != NULL) (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", (int) sizeof ip_addr - 3, addr); break; # endif /* NETINET6 */ } if (ip_addr[0] == '\0') continue; if (!wordinclass(ip_addr, 'w')) { setclass('w', ip_addr); if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", ip_addr); } /* skip "loopback" interface "lo" */ if (bitset(IFF_LOOPBACK, IFRFREF.ifr_flags)) continue; (void) add_hostnames(sa); } free(ifc.ifc_buf); (void) close(s); # undef IFRFREF # endif /* defined(SIOCGIFCONF) && !SIOCGIFCONF_IS_BROKEN */ #endif /* NETINET6 && defined(SIOCGLIFCONF) */ } /* ** ISLOOPBACK -- is socket address in the loopback net? ** ** Parameters: ** sa -- socket address. ** ** Returns: ** TRUE -- is socket address in the loopback net? ** FALSE -- otherwise ** */ bool isloopback(sa) SOCKADDR sa; { #if NETINET6 if (IN6_IS_ADDR_LOOPBACK(&sa.sin6.sin6_addr)) return TRUE; #else /* NETINET6 */ /* XXX how to correctly extract IN_LOOPBACKNET part? */ if (((ntohl(sa.sin.sin_addr.s_addr) & IN_CLASSA_NET) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) return TRUE; #endif /* NETINET6 */ return FALSE; } /* ** GET_NUM_PROCS_ONLINE -- return the number of processors currently online ** ** Parameters: ** none. ** ** Returns: ** The number of processors online. */ static int get_num_procs_online() { int nproc = 0; #ifdef USESYSCTL # if defined(CTL_HW) && defined(HW_NCPU) size_t sz; int mib[2]; mib[0] = CTL_HW; mib[1] = HW_NCPU; sz = (size_t) sizeof nproc; (void) sysctl(mib, 2, &nproc, &sz, NULL, 0); # endif /* defined(CTL_HW) && defined(HW_NCPUS) */ #else /* USESYSCTL */ # ifdef _SC_NPROCESSORS_ONLN nproc = (int) sysconf(_SC_NPROCESSORS_ONLN); # else /* _SC_NPROCESSORS_ONLN */ # ifdef __hpux # include struct pst_dynamic psd; if (pstat_getdynamic(&psd, sizeof(psd), (size_t)1, 0) != -1) nproc = psd.psd_proc_cnt; # endif /* __hpux */ # endif /* _SC_NPROCESSORS_ONLN */ #endif /* USESYSCTL */ if (nproc <= 0) nproc = 1; return nproc; } /* ** SEED_RANDOM -- seed the random number generator ** ** Parameters: ** none ** ** Returns: ** none */ void seed_random() { #if HASSRANDOMDEV srandomdev(); #else /* HASSRANDOMDEV */ long seed; struct timeval t; seed = (long) getpid(); if (gettimeofday(&t, NULL) >= 0) seed += t.tv_sec + t.tv_usec; # if HASRANDOM (void) srandom(seed); # else /* HASRANDOM */ (void) srand((unsigned int) seed); # endif /* HASRANDOM */ #endif /* HASSRANDOMDEV */ } /* ** SM_SYSLOG -- syslog wrapper to keep messages under SYSLOG_BUFSIZE ** ** Parameters: ** level -- syslog level ** id -- envelope ID or NULL (NOQUEUE) ** fmt -- format string ** arg... -- arguments as implied by fmt. ** ** Returns: ** none */ /* VARARGS3 */ void #ifdef __STDC__ sm_syslog(int level, const char *id, const char *fmt, ...) #else /* __STDC__ */ sm_syslog(level, id, fmt, va_alist) int level; const char *id; const char *fmt; va_dcl #endif /* __STDC__ */ { static char *buf = NULL; static size_t bufsize; char *begin, *end; int save_errno; int seq = 1; int idlen; char buf0[MAXLINE]; extern int SnprfOverflow; extern int SyslogErrno; extern char *DoprEnd; VA_LOCAL_DECL save_errno = SyslogErrno = errno; if (id == NULL) id = "NOQUEUE"; else if (strcmp(id, NOQID) == 0) id = ""; idlen = strlen(id); if (buf == NULL) { buf = buf0; bufsize = sizeof buf0; } for (;;) { /* do a virtual vsnprintf into buf */ VA_START(fmt); buf[0] = 0; DoprEnd = buf + bufsize - 1; SnprfOverflow = 0; sm_dopr(buf, fmt, ap); *DoprEnd = '\0'; VA_END; /* end of virtual vsnprintf */ if (SnprfOverflow == 0) break; /* String too small, redo with correct size */ bufsize += SnprfOverflow + 1; if (buf != buf0) free(buf); buf = xalloc(bufsize * sizeof (char)); } if ((strlen(buf) + idlen + 1) < SYSLOG_BUFSIZE) { #if LOG if (*id == '\0') syslog(level, "%s", buf); else syslog(level, "%s: %s", id, buf); #else /* LOG */ /*XXX should do something more sensible */ if (*id == '\0') fprintf(stderr, "%s\n", buf); else fprintf(stderr, "%s: %s\n", id, buf); #endif /* LOG */ if (buf == buf0) buf = NULL; errno = save_errno; return; } begin = buf; while (*begin != '\0' && (strlen(begin) + idlen + 5) > SYSLOG_BUFSIZE) { char save; if (seq == 999) { /* Too many messages */ break; } end = begin + SYSLOG_BUFSIZE - idlen - 12; while (end > begin) { /* Break on comma or space */ if (*end == ',' || *end == ' ') { end++; /* Include separator */ break; } end--; } /* No separator, break midstring... */ if (end == begin) end = begin + SYSLOG_BUFSIZE - idlen - 12; save = *end; *end = 0; #if LOG syslog(level, "%s[%d]: %s ...", id, seq++, begin); #else /* LOG */ fprintf(stderr, "%s[%d]: %s ...\n", id, seq++, begin); #endif /* LOG */ *end = save; begin = end; } if (seq == 999) #if LOG syslog(level, "%s[%d]: log terminated, too many parts", id, seq); #else /* LOG */ fprintf(stderr, "%s[%d]: log terminated, too many parts\n", id, seq); #endif /* LOG */ else if (*begin != '\0') #if LOG syslog(level, "%s[%d]: %s", id, seq, begin); #else /* LOG */ fprintf(stderr, "%s[%d]: %s\n", id, seq, begin); #endif /* LOG */ if (buf == buf0) buf = NULL; errno = save_errno; } /* ** HARD_SYSLOG -- call syslog repeatedly until it works ** ** Needed on HP-UX, which apparently doesn't guarantee that ** syslog succeeds during interrupt handlers. */ #if defined(__hpux) && !defined(HPUX11) # define MAXSYSLOGTRIES 100 # undef syslog # ifdef V4FS # define XCNST const # define CAST (const char *) # else /* V4FS */ # define XCNST # define CAST # endif /* V4FS */ void # ifdef __STDC__ hard_syslog(int pri, XCNST char *msg, ...) # else /* __STDC__ */ hard_syslog(pri, msg, va_alist) int pri; XCNST char *msg; va_dcl # endif /* __STDC__ */ { int i; char buf[SYSLOG_BUFSIZE]; VA_LOCAL_DECL; VA_START(msg); vsnprintf(buf, sizeof buf, msg, ap); VA_END; for (i = MAXSYSLOGTRIES; --i >= 0 && syslog(pri, CAST "%s", buf) < 0; ) continue; } # undef CAST #endif /* defined(__hpux) && !defined(HPUX11) */ #if NEEDLOCAL_HOSTNAME_LENGTH /* ** LOCAL_HOSTNAME_LENGTH ** ** This is required to get sendmail to compile against BIND 4.9.x ** on Ultrix. ** ** Unfortunately, a Compaq Y2K patch kit provides it without ** bumping __RES in /usr/include/resolv.h so we can't automatically ** figure out whether it is needed. */ int local_hostname_length(hostname) char *hostname; { int len_host, len_domain; if (!*_res.defdname) res_init(); len_host = strlen(hostname); len_domain = strlen(_res.defdname); if (len_host > len_domain && (strcasecmp(hostname + len_host - len_domain, _res.defdname) == 0) && hostname[len_host - len_domain - 1] == '.') return len_host - len_domain - 1; else return 0; } #endif /* NEEDLOCAL_HOSTNAME_LENGTH */ /* ** Compile-Time options */ char *CompileOptions[] = { #ifdef HESIOD "HESIOD", #endif /* HESIOD */ #if HES_GETMAILHOST "HES_GETMAILHOST", #endif /* HES_GETMAILHOST */ #ifdef LDAPMAP "LDAPMAP", #endif /* LDAPMAP */ #ifdef MAP_NSD "MAP_NSD", #endif /* MAP_NSD */ #ifdef MAP_REGEX "MAP_REGEX", #endif /* MAP_REGEX */ #if LOG "LOG", #endif /* LOG */ #if MATCHGECOS "MATCHGECOS", #endif /* MATCHGECOS */ #if MIME7TO8 "MIME7TO8", #endif /* MIME7TO8 */ #if MIME8TO7 "MIME8TO7", #endif /* MIME8TO7 */ #if NAMED_BIND "NAMED_BIND", #endif /* NAMED_BIND */ #ifdef NDBM "NDBM", #endif /* NDBM */ #if NETINET "NETINET", #endif /* NETINET */ #if NETINET6 "NETINET6", #endif /* NETINET6 */ #if NETINFO "NETINFO", #endif /* NETINFO */ #if NETISO "NETISO", #endif /* NETISO */ #if NETNS "NETNS", #endif /* NETNS */ #if NETUNIX "NETUNIX", #endif /* NETUNIX */ #if NETX25 "NETX25", #endif /* NETX25 */ #ifdef NEWDB "NEWDB", #endif /* NEWDB */ #ifdef NIS "NIS", #endif /* NIS */ #ifdef NISPLUS "NISPLUS", #endif /* NISPLUS */ #ifdef PH_MAP "PH_MAP", #endif /* PH_MAP */ #if QUEUE "QUEUE", #endif /* QUEUE */ #if SASL "SASL", #endif /* SASL */ #if SCANF "SCANF", #endif /* SCANF */ #if SFIO "SFIO", #endif /* SFIO */ #if SMTP "SMTP", #endif /* SMTP */ #if SMTPDEBUG "SMTPDEBUG", #endif /* SMTPDEBUG */ #if STARTTLS "STARTTLS", #endif /* STARTTLS */ #ifdef SUID_ROOT_FILES_OK "SUID_ROOT_FILES_OK", #endif /* SUID_ROOT_FILES_OK */ #if TCPWRAPPERS "TCPWRAPPERS", #endif /* TCPWRAPPERS */ #if USERDB "USERDB", #endif /* USERDB */ #if XDEBUG "XDEBUG", #endif /* XDEBUG */ #ifdef XLA "XLA", #endif /* XLA */ NULL }; /* ** OS compile options. */ char *OsCompileOptions[] = { #if BOGUS_O_EXCL "BOGUS_O_EXCL", #endif /* BOGUS_O_EXCL */ #if FAST_PID_RECYCLE "FAST_PID_RECYCLE", #endif /* FAST_PID_RECYCLE */ #if HASFCHOWN "HASFCHOWN", #endif /* HASFCHOWN */ #if HASFCHMOD "HASFCHMOD", #endif /* HASFCHMOD */ #if HASFLOCK "HASFLOCK", #endif /* HASFLOCK */ #if HASGETDTABLESIZE "HASGETDTABLESIZE", #endif /* HASGETDTABLESIZE */ #if HASGETUSERSHELL "HASGETUSERSHELL", #endif /* HASGETUSERSHELL */ #if HASINITGROUPS "HASINITGROUPS", #endif /* HASINITGROUPS */ #if HASLSTAT "HASLSTAT", #endif /* HASLSTAT */ #if HASRANDOM "HASRANDOM", #endif /* HASRANDOM */ #if HASSETLOGIN "HASSETLOGIN", #endif /* HASSETLOGIN */ #if HASSETREUID "HASSETREUID", #endif /* HASSETREUID */ #if HASSETRLIMIT "HASSETRLIMIT", #endif /* HASSETRLIMIT */ #if HASSETSID "HASSETSID", #endif /* HASSETSID */ #if HASSETUSERCONTEXT "HASSETUSERCONTEXT", #endif /* HASSETUSERCONTEXT */ #if HASSETVBUF "HASSETVBUF", #endif /* HASSETVBUF */ #if HASSNPRINTF "HASSNPRINTF", #endif /* HASSNPRINTF */ #if HAS_ST_GEN "HAS_ST_GEN", #endif /* HAS_ST_GEN */ #if HASSRANDOMDEV "HASSRANDOMDEV", #endif /* HASSRANDOMDEV */ #if HASURANDOMDEV "HASURANDOMDEV", #endif /* HASURANDOMDEV */ #if HASSTRERROR "HASSTRERROR", #endif /* HASSTRERROR */ #if HASULIMIT "HASULIMIT", #endif /* HASULIMIT */ #if HASUNAME "HASUNAME", #endif /* HASUNAME */ #if HASUNSETENV "HASUNSETENV", #endif /* HASUNSETENV */ #if HASWAITPID "HASWAITPID", #endif /* HASWAITPID */ #if IDENTPROTO "IDENTPROTO", #endif /* IDENTPROTO */ #if IP_SRCROUTE "IP_SRCROUTE", #endif /* IP_SRCROUTE */ #if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL "LOCK_ON_OPEN", #endif /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */ #if NEEDFSYNC "NEEDFSYNC", #endif /* NEEDFSYNC */ #if NOFTRUNCATE "NOFTRUNCATE", #endif /* NOFTRUNCATE */ #if RLIMIT_NEEDS_SYS_TIME_H "RLIMIT_NEEDS_SYS_TIME_H", #endif /* RLIMIT_NEEDS_SYS_TIME_H */ #if SAFENFSPATHCONF "SAFENFSPATHCONF", #endif /* SAFENFSPATHCONF */ #if SECUREWARE "SECUREWARE", #endif /* SECUREWARE */ #if SHARE_V1 "SHARE_V1", #endif /* SHARE_V1 */ #if SIOCGIFCONF_IS_BROKEN "SIOCGIFCONF_IS_BROKEN", #endif /* SIOCGIFCONF_IS_BROKEN */ #if SIOCGIFNUM_IS_BROKEN "SIOCGIFNUM_IS_BROKEN", #endif /* SIOCGIFNUM_IS_BROKEN */ #if SNPRINTF_IS_BROKEN "SNPRINTF_IS_BROKEN", #endif /* SNPRINTF_IS_BROKEN */ #if SO_REUSEADDR_IS_BROKEN "SO_REUSEADDR_IS_BROKEN", #endif /* SO_REUSEADDR_IS_BROKEN */ #if SYS5SETPGRP "SYS5SETPGRP", #endif /* SYS5SETPGRP */ #if SYSTEM5 "SYSTEM5", #endif /* SYSTEM5 */ #if USE_SA_SIGACTION "USE_SA_SIGACTION", #endif /* USE_SA_SIGACTION */ #if USE_SIGLONGJMP "USE_SIGLONGJMP", #endif /* USE_SIGLONGJMP */ #if USESETEUID "USESETEUID", #endif /* USESETEUID */ NULL }; Index: stable/4/contrib/sendmail/src/conf.h =================================================================== --- stable/4/contrib/sendmail/src/conf.h (revision 71887) +++ stable/4/contrib/sendmail/src/conf.h (revision 71888) @@ -1,2809 +1,2819 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * * - * $Id: conf.h,v 8.496.4.25 2000/08/08 23:50:40 ca Exp $ + * $Id: conf.h,v 8.496.4.32 2000/12/15 19:20:53 gshapiro Exp $ */ /* $FreeBSD$ */ /* ** CONF.H -- All user-configurable parameters for sendmail ** ** Send updates to sendmail@Sendmail.ORG so they will be ** included in the next release. */ #ifndef CONF_H #define CONF_H 1 #ifdef __GNUC__ struct rusage; /* forward declaration to get gcc to shut up in wait.h */ #endif /* __GNUC__ */ # include # include # if SFIO && defined(SF_APPEND) # undef SF_APPEND /* Both sfio/stdio.h and sys/stat.h define it */ # endif /* SFIO && defined(SF_APPEND) */ # include # ifndef __QNX__ /* in QNX this grabs bogus LOCK_* manifests */ # include # endif /* ! __QNX__ */ # include # include # include # include # include # include # include /* make sure TOBUFSIZ isn't larger than system limit for size of exec() args */ #ifdef ARG_MAX # if ARG_MAX > 4096 # define SM_ARG_MAX 4096 # else /* ARG_MAX > 4096 */ # define SM_ARG_MAX ARG_MAX # endif /* ARG_MAX > 4096 */ #else /* ARG_MAX */ # define SM_ARG_MAX 4096 #endif /* ARG_MAX */ /********************************************************************** ** Table sizes, etc.... ** There shouldn't be much need to change these.... **********************************************************************/ #define MAXLINE 2048 /* max line length */ #define MAXNAME 256 /* max length of a name */ #define MAXPV 256 /* max # of parms to mailers */ #define MAXATOM 1000 /* max atoms per address */ #define MAXRWSETS 200 /* max # of sets of rewriting rules */ #define MAXPRIORITIES 25 /* max values for Precedence: field */ #define MAXMXHOSTS 100 /* max # of MX records for one host */ #define SMTPLINELIM 990 /* maximum SMTP line length */ #define MAXKEY 128 /* maximum size of a database key */ #define MEMCHUNKSIZE 1024 /* chunk size for memory allocation */ #define MAXUSERENVIRON 100 /* max envars saved, must be >= 3 */ #define MAXALIASDB 12 /* max # of alias databases */ #define MAXMAPSTACK 12 /* max # of stacked or sequenced maps */ #if _FFR_MILTER # define MAXFILTERS 25 /* max # of milter filters */ # define MAXFILTERMACROS 50 /* max # of macros per milter cmd */ #endif /* _FFR_MILTER */ #define MAXSMTPARGS 20 /* max # of ESMTP args for MAIL/RCPT */ #define MAXTOCLASS 8 /* max # of message timeout classes */ #define MAXRESTOTYPES 3 /* max # of resolver timeout types */ #define MAXMIMEARGS 20 /* max args in Content-Type: */ #define MAXMIMENESTING 20 /* max MIME multipart nesting */ #define QUEUESEGSIZE 1000 /* increment for queue size */ #define MAXQFNAME 20 /* max qf file name length */ #define MACBUFSIZE 4096 /* max expanded macro buffer size */ #define TOBUFSIZE SM_ARG_MAX /* max buffer to hold address list */ #define MAXSHORTSTR 203 /* max short string length */ #define MAXMACNAMELEN 25 /* max macro name length */ #define MAXMACROID 0377 /* max macro id number */ + /* Must match (BITMAPBITS - 1) */ #ifndef MAXHDRSLEN # define MAXHDRSLEN (32 * 1024) /* max size of message headers */ #endif /* ! MAXHDRSLEN */ #define MAXDAEMONS 10 /* max number of ports to listen to */ #ifndef MAXINTERFACES # define MAXINTERFACES 512 /* number of interfaces to probe */ #endif /* MAXINTERFACES */ #ifndef MAXSYMLINKS # define MAXSYMLINKS 32 /* max number of symlinks in a path */ #endif /* ! MAXSYMLINKS */ #define MAXLINKPATHLEN (MAXPATHLEN * MAXSYMLINKS) /* max link-expanded file */ #define DATA_PROGRESS_TIMEOUT 300 /* how ofter to check DATA progress */ #define ENHSCLEN 10 /* max len of enhanced status code */ #if _FFR_DYNAMIC_TOBUF # define DEFAULT_MAX_RCPT 100 /* max number of RCPTs per envelope */ #endif /* _FFR_DYNAMIC_TOBUF */ #if SASL # ifndef AUTH_MECHANISMS # if STARTTLS && _FFR_EXT_MECH # define AUTH_MECHANISMS "EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5" # else /* STARTTLS && _FFR_EXT_MECH */ # define AUTH_MECHANISMS "GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5" # endif /* STARTTLS && _FFR_EXT_MECH */ # endif /* ! AUTH_MECHANISMS */ #endif /* SASL */ #ifdef LDAPMAP # define LDAPMAP_MAX_ATTR 64 # define LDAPMAP_MAX_FILTER 1024 # define LDAPMAP_MAX_PASSWD 256 #endif /* LDAPMAP */ /********************************************************************** ** Compilation options. ** #define these to 1 if they are available; ** #define them to 0 otherwise. ** All can be overridden from Makefile. **********************************************************************/ #ifndef NETINET # define NETINET 1 /* include internet support */ #endif /* ! NETINET */ #ifndef NETINET6 # define NETINET6 0 /* do not include IPv6 support */ #endif /* ! NETINET6 */ #ifndef NETISO # define NETISO 0 /* do not include ISO socket support */ #endif /* ! NETISO */ #ifndef NAMED_BIND # define NAMED_BIND 1 /* use Berkeley Internet Domain Server */ #endif /* ! NAMED_BIND */ #ifndef XDEBUG # define XDEBUG 1 /* enable extended debugging */ #endif /* ! XDEBUG */ #ifndef MATCHGECOS # define MATCHGECOS 1 /* match user names from gecos field */ #endif /* ! MATCHGECOS */ #ifndef DSN # define DSN 1 /* include delivery status notification code */ #endif /* ! DSN */ #if !defined(USERDB) && (defined(NEWDB) || defined(HESIOD)) # define USERDB 1 /* look in user database */ #endif /* !defined(USERDB) && (defined(NEWDB) || defined(HESIOD)) */ #ifndef MIME8TO7 # define MIME8TO7 1 /* 8->7 bit MIME conversions */ #endif /* ! MIME8TO7 */ #ifndef MIME7TO8 # define MIME7TO8 1 /* 7->8 bit MIME conversions */ #endif /* ! MIME7TO8 */ /********************************************************************** ** "Hard" compilation options. ** #define these if they are available; comment them out otherwise. ** These cannot be overridden from the Makefile, and should really not ** be turned off unless absolutely necessary. **********************************************************************/ #define LOG 1 /* enable logging -- don't turn off */ /********************************************************************** ** End of site-specific configuration. **********************************************************************/ /* ** General "standard C" defines. ** ** These may be undone later, to cope with systems that claim to ** be Standard C but aren't. Gcc is the biggest offender -- it ** doesn't realize that the library is part of the language. ** ** Life would be much easier if we could get rid of this sort ** of bozo problems. */ #ifdef __STDC__ # define HASSETVBUF 1 /* we have setvbuf(3) in libc */ #endif /* __STDC__ */ /* ** Assume you have standard calls; can be #undefed below if necessary. */ #ifndef HASLSTAT # define HASLSTAT 1 /* has lstat(2) call */ #endif /* ! HASLSTAT */ /********************************************************************** ** Operating system configuration. ** ** Unless you are porting to a new OS, you shouldn't have to ** change these. **********************************************************************/ /* ** HP-UX -- tested for 8.07, 9.00, and 9.01. ** ** If V4FS is defined, compile for HP-UX 10.0. ** 11.x support from Richard Allen . */ #ifdef __hpux /* common definitions for HP-UX 9.x and 10.x */ # undef m_flags /* conflict between Berkeley DB 1.85 db.h & sys/sysmacros.h on HP 300 */ # define SYSTEM5 1 /* include all the System V defines */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define BOGUS_O_EXCL 1 /* exclusive open follows symlinks */ # define seteuid(e) setresuid(-1, e, -1) # define IP_SRCROUTE 1 /* can check IP source routing */ # define LA_TYPE LA_HPUX # define SPT_TYPE SPT_PSTAT # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # define GIDSET_T gid_t # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps */ # endif /* ! HASGETUSERSHELL */ # ifdef HPUX11 # define HASFCHOWN 1 /* has fchown(2) */ # define HASSNPRINTF 1 /* has snprintf(3) */ # ifndef BROKEN_RES_SEARCH # define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */ # endif /* ! BROKEN_RES_SEARCH */ # else /* HPUX11 */ # ifndef NOT_SENDMAIL # define syslog hard_syslog # endif /* ! NOT_SENDMAIL */ # endif /* HPUX11 */ # define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */ # ifdef V4FS /* HP-UX 10.x */ # define _PATH_UNIX "/stand/vmunix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/mail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # ifndef IDENTPROTO # define IDENTPROTO 1 /* TCP/IP implementation fixed in 10.0 */ # endif /* ! IDENTPROTO */ # include /* for mpctl() in get_num_procs_online() */ # else /* V4FS */ /* HP-UX 9.x */ # define _PATH_UNIX "/hp-ux" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # ifdef __STDC__ extern void hard_syslog(int, char *, ...); # else /* __STDC__ */ extern void hard_syslog(); # endif /* __STDC__ */ # define FDSET_CAST (int *) /* cast for fd_set parameters to select */ # endif /* V4FS */ #endif /* __hpux */ /* ** IBM AIX 4.x */ #ifdef _AIX4 # define _AIX3 1 /* pull in AIX3 stuff */ # define BSD4_4_SOCKADDR /* has sa_len */ # define USESETEUID 1 /* seteuid(2) works */ # define TZ_TYPE TZ_NAME /* use tzname[] vector */ # define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */ # if _AIX4 >= 40200 # define HASSETREUID 1 /* setreuid(2) works as of AIX 4.2 */ # define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */ # endif /* _AIX4 >= 40200 */ # if _AIX4 >= 40300 # define HASSNPRINTF 1 /* has snprintf starting in 4.3 */ # endif /* _AIX4 >= 40300 */ # if defined(_ILS_MACROS) /* IBM versions aren't side-effect clean */ # undef isascii # define isascii(c) !(c & ~0177) # undef isdigit # define isdigit(__a) (_IS(__a,_ISDIGIT)) # undef isspace # define isspace(__a) (_IS(__a,_ISSPACE)) # endif /* defined(_ILS_MACROS) */ #endif /* _AIX4 */ /* ** IBM AIX 3.x -- actually tested for 3.2.3 */ #ifdef _AIX3 # include # include /* to get byte order */ # include # define HASFCHOWN 1 /* has fchown(2) */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define IP_SRCROUTE 0 /* Something is broken with getsockopt() */ # define GIDSET_T gid_t # define SFS_TYPE SFS_STATFS /* use statfs() impl */ # define SPT_PADCHAR '\0' /* pad process title with nulls */ # define LA_TYPE LA_INT # define FSHIFT 16 # define LA_AVENRUN "avenrun" #endif /* _AIX3 */ /* ** IBM AIX 2.2.1 -- actually tested for osupdate level 2706+1773 ** ** From Mark Whetzel . */ #ifdef AIX /* AIX/RT compiler pre-defines this */ # include # include /* AIX/RT resource.h does NOT include this */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define HASFCHMOD 0 /* does not have fchmod(2) syscall */ # define HASSETREUID 1 /* use setreuid(2) -lbsd system call */ # define HASSETVBUF 1 /* use setvbuf(2) system call */ # define HASSETRLIMIT 0 /* does not have setrlimit call */ # define HASFLOCK 0 /* does not have flock call - use fcntl */ # define HASULIMIT 1 /* use ulimit instead of setrlimit call */ # define NEEDGETOPT 1 /* Do we need theirs or ours */ # define SYS5SETPGRP 1 /* don't have setpgid on AIX/RT */ # define IP_SRCROUTE 0 /* Something is broken with getsockopt() */ # define BSD4_3 1 /* NOT bsd 4.4 or posix signals */ # define GIDSET_T int # define SFS_TYPE SFS_STATFS /* use statfs() impl */ # define SPT_PADCHAR '\0' /* pad process title with nulls */ # define LA_TYPE LA_SUBR /* use our ported loadavgd daemon */ # define TZ_TYPE TZ_TZNAME /* use tzname[] vector */ # define ARBPTR_T int * # define void int typedef int pid_t; /* RTisms for BSD compatibility, specified in the Makefile define BSD 1 define BSD_INCLUDES 1 define BSD_REMAP_SIGNAL_TO_SIGVEC RTisms needed above */ /* make this sendmail in a completely different place */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/local/newmail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/usr/local/newmail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* AIX */ /* ** Silicon Graphics IRIX ** ** Compiles on 4.0.1. ** ** Use IRIX64 instead of IRIX for 64-bit IRIX (6.0). ** Use IRIX5 instead of IRIX for IRIX 5.x. ** ** This version tries to be adaptive using _MIPS_SIM: ** _MIPS_SIM == _ABIO32 (= 1) Abi: -32 on IRIX 6.2 ** _MIPS_SIM == _ABIN32 (= 2) Abi: -n32 on IRIX 6.2 ** _MIPS_SIM == _ABI64 (= 3) Abi: -64 on IRIX 6.2 ** ** _MIPS_SIM is 1 also on IRIX 5.3 ** ** IRIX64 changes from Mark R. Levinson . ** IRIX5 changes from Kari E. Hurtta . ** Adaptive changes from Kari E. Hurtta . */ #if defined(__sgi) # ifndef IRIX # define IRIX # endif /* ! IRIX */ # if _MIPS_SIM > 0 && !defined(IRIX5) # define IRIX5 /* IRIX5 or IRIX6 */ # endif /* _MIPS_SIM > 0 && !defined(IRIX5) */ # if _MIPS_SIM > 1 && !defined(IRIX6) && !defined(IRIX64) # define IRIX6 /* IRIX6 */ # endif /* _MIPS_SIM > 1 && !defined(IRIX6) && !defined(IRIX64) */ #endif /* defined(__sgi) */ #ifdef IRIX # define SYSTEM5 1 /* this is a System-V derived system */ # define HASSETREUID 1 /* has setreuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define IP_SRCROUTE 1 /* can check IP source routing */ # define setpgid BSDsetpgrp # define GIDSET_T gid_t # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define SYSLOG_BUFSIZE 512 # ifdef IRIX6 # define STAT64 1 # define QUAD_T unsigned long long # define LA_TYPE LA_IRIX6 /* figure out at run time */ # define SAFENFSPATHCONF 0 /* pathconf(2) lies on NFS filesystems */ # else /* IRIX6 */ # define LA_TYPE LA_INT # ifdef IRIX64 # define STAT64 1 # define QUAD_T unsigned long long # define NAMELISTMASK 0x7fffffffffffffff /* mask for nlist() values */ # else /* IRIX64 */ # define STAT64 0 # define NAMELISTMASK 0x7fffffff /* mask for nlist() values */ # endif /* IRIX64 */ # endif /* IRIX6 */ # if defined(IRIX64) || defined(IRIX5) || defined(IRIX6) # include # include # define ARGV_T char *const * # define HASFCHOWN 1 /* has fchown(2) */ # define HASSETRLIMIT 1 /* has setrlimit(2) syscall */ # define HASGETDTABLESIZE 1 /* has getdtablesize(2) syscall */ # define HASSTRERROR 1 /* has strerror(3) */ # else /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ # define ARGV_T const char ** # define WAITUNION 1 /* use "union wait" as wait argument type */ # endif /* defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ #endif /* IRIX */ /* ** SunOS and Solaris ** ** Tested on SunOS 4.1.x (a.k.a. Solaris 1.1.x) and ** Solaris 2.4 (a.k.a. SunOS 5.4). */ #if defined(sun) && !defined(BSD) # include # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define IP_SRCROUTE 1 /* can check IP source routing */ # define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */ # ifndef HASFCHOWN # define HASFCHOWN 1 /* fchown(2) */ # endif /* ! HASFCHOWN */ # ifdef SOLARIS_2_3 # define SOLARIS 20300 /* for back compat only -- use -DSOLARIS=20300 */ # endif /* SOLARIS_2_3 */ # if defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4)) # define SOLARIS 1 /* unknown Solaris version */ # endif /* defined(NOT_SENDMAIL) && !defined(SOLARIS) && defined(sun) && (defined(__svr4__) || defined(__SVR4)) */ # ifdef SOLARIS /* Solaris 2.x (a.k.a. SunOS 5.x) */ # ifndef __svr4__ # define __svr4__ /* use all System V Release 4 defines below */ # endif /* ! __svr4__ */ # define GIDSET_T gid_t # define USE_SA_SIGACTION 1 /* use sa_sigaction field */ # ifndef _PATH_UNIX # define _PATH_UNIX "/dev/ksyms" # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/mail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # ifndef _PATH_HOSTS # define _PATH_HOSTS "/etc/inet/hosts" # endif /* ! _PATH_HOSTS */ # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 1024 /* allow full size syslog buffer */ # endif /* ! SYSLOG_BUFSIZE */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TZNAME # endif /* ! TZ_TYPE */ # if SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) # define USESETEUID 1 /* seteuid works as of 2.3 */ # endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */ # if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) # define HASSETREUID 1 /* setreuid works as of 2.5 */ # if SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700) # ifndef LA_TYPE # define LA_TYPE LA_KSTAT /* use kstat(3k) -- may work in < 2.5 */ # endif /* ! LA_TYPE */ # ifndef RANDOMSHIFT /* random() doesn't work well (sometimes) */ # define RANDOMSHIFT 8 # endif /* RANDOMSHIFT */ # endif /* SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700) */ # else /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */ # ifndef HASRANDOM # define HASRANDOM 0 /* doesn't have random(3) */ # endif /* ! HASRANDOM */ # endif /* SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205) */ # if SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) # define HASSNPRINTF 1 /* has snprintf starting in 2.6 */ # else /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */ - typedef int int32_t; +# if _FFR_MILTER +# define SM_INT32 int /* 32bit integer */ +# endif /* _FFR_MILTER */ # endif /* SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) */ # if SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207) # ifndef LA_TYPE # include -# define LA_TYPE LA_SUBR /* getloadavg(3c) appears in 2.7 */ +# if SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209) +# include +# define LA_TYPE LA_PSET /* pset_getloadavg(3c) appears in 2.9 */ +# else +# define LA_TYPE LA_SUBR /* getloadavg(3c) appears in 2.7 */ +# endif /* SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209) */ # endif /* ! LA_TYPE */ # define HASGETUSERSHELL 1 /* getusershell(3c) bug fixed in 2.7 */ # endif /* SOLARIS >= 20700 || (SOLARIS < 10000 && SOLARIS >= 207) */ # if SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208) # define HASSTRL 1 /* str*(3) added in 2.8 */ # undef _PATH_SENDMAILPID /* tmpfs /var/run added in 2.8 */ # define _PATH_SENDMAILPID "/var/run/sendmail.pid" # endif /* SOLARIS >= 20800 || (SOLARIS < 10000 && SOLARIS >= 208) */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */ # endif /* ! HASGETUSERSHELL */ # else /* SOLARIS */ /* SunOS 4.0.3 or 4.1.x */ # define HASGETUSERSHELL 1 /* DOES have getusershell(3) call in libc */ # define HASSETREUID 1 /* has setreuid(2) call */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */ # include # include # ifdef __GNUC__ # define strtoul strtol /* gcc library bogosity */ # endif /* __GNUC__ */ # define memmove(d, s, l) (bcopy((s), (d), (l))) # ifdef SUNOS403 /* special tweaking for SunOS 4.0.3 */ # include # define BSD4_3 1 /* 4.3 BSD-based */ # define NEEDSTRSTR 1 /* need emulation of strstr(3) routine */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # undef WIFEXITED # undef WEXITSTATUS # undef HASUNAME # define setpgid setpgrp # define MODE_T int typedef int pid_t; extern char *getenv(); # else /* SUNOS403 */ /* 4.1.x specifics */ # define HASSETSID 1 /* has Posix setsid(2) call */ # define HASSETVBUF 1 /* we have setvbuf(3) in libc */ # endif /* SUNOS403 */ # endif /* SOLARIS */ # ifndef LA_TYPE # define LA_TYPE LA_INT # endif /* ! LA_TYPE */ #endif /* defined(sun) && !defined(BSD) */ /* ** DG/UX ** ** Tested on 5.4.2 and 5.4.3. Use DGUX_5_4_2 to get the ** older support. ** 5.4.3 changes from Mark T. Robinson . */ #ifdef DGUX_5_4_2 # define DGUX 1 #endif /* DGUX_5_4_2 */ #ifdef DGUX # define SYSTEM5 1 # define LA_TYPE LA_DGUX # define HASSETREUID 1 /* has setreuid(2) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASSETSID 1 /* has Posix setsid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define IP_SRCROUTE 0 /* does not have */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) */ # define HASSNPRINTF 1 /* has snprintf(3) */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # define SPT_TYPE SPT_NONE /* don't use setproctitle */ # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ /* these include files must be included early on DG/UX */ # include # include /* compiler doesn't understand const? */ # define const # ifdef DGUX_5_4_2 # define inet_addr dgux_inet_addr extern long dgux_inet_addr(); # endif /* DGUX_5_4_2 */ #endif /* DGUX */ /* ** Digital Ultrix 4.2A or 4.3 ** ** Apparently, fcntl locking is broken on 4.2A, in that locks are ** not dropped when the process exits. This causes major problems, ** so flock is the only alternative. */ #ifdef ultrix # define HASSETREUID 1 /* has setreuid(2) call */ # define HASUNSETENV 1 /* has unsetenv(3) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASFCHOWN 1 /* has fchown(2) syscall */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # ifndef BROKEN_RES_SEARCH # define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */ # endif /* ! BROKEN_RES_SEARCH */ # if !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621 # define NEEDLOCAL_HOSTNAME_LENGTH 1 /* see sendmail/README */ # endif /* !defined(NEEDLOCAL_HOSTNAME_LENGTH) && NAMED_BIND && __RES >= 19931104 && __RES < 19950621 */ # ifdef vax # define LA_TYPE LA_FLOAT # else /* vax */ # define LA_TYPE LA_INT # define LA_AVENRUN "avenrun" # endif /* vax */ # define SFS_TYPE SFS_MOUNT /* use statfs() impl */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* pre-4.4 TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # define SYSLOG_BUFSIZE 256 #endif /* ultrix */ /* ** OSF/1 for KSR. ** ** Contributed by Todd C. Miller */ #ifdef __ksr__ # define __osf__ 1 /* get OSF/1 defines below */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TZNAME /* use tzname[] vector */ # endif /* ! TZ_TYPE */ #endif /* __ksr__ */ /* ** OSF/1 for Intel Paragon. ** ** Contributed by Jeff A. Earickson ** of Intel Scalable Systems Divison. */ #ifdef __PARAGON__ # define __osf__ 1 /* get OSF/1 defines below */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TZNAME /* use tzname[] vector */ # endif /* ! TZ_TYPE */ # define GIDSET_T gid_t # define MAXNAMLEN NAME_MAX #endif /* __PARAGON__ */ /* ** Tru64 UNIX, formerly known as Digital UNIX, formerly known as DEC OSF/1 ** ** Tested for 3.2 and 4.0. */ #ifdef __osf__ # define HASUNAME 1 /* has uname(2) call */ # define HASUNSETENV 1 /* has unsetenv(3) call */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASFCHOWN 1 /* has fchown(2) syscall */ # define HASSETLOGIN 1 /* has setlogin(2) */ # define IP_SRCROUTE 1 /* can check IP source routing */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # define GIDSET_T gid_t # if _FFR_MILTER # define SM_INT32 int /* 32bit integer */ # endif /* _FFR_MILTER */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define LA_TYPE LA_ALPHAOSF # define SFS_TYPE SFS_STATVFS /* use statfs() impl */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/var/adm/sendmail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/var/run/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* __osf__ */ /* ** NeXTstep */ #ifdef NeXT # define HASINITGROUPS 1 /* has initgroups(3) call */ # define NEEDPUTENV 2 /* need putenv(3) call; no setenv(3) call */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # define UID_T int /* compiler gripes on uid_t */ # define GID_T int /* ditto for gid_t */ # define MODE_T int /* and mode_t */ # define setpgid setpgrp # ifndef NOT_SENDMAIL # define sleep sleepX # endif /* ! NOT_SENDMAIL */ # ifndef LA_TYPE # define LA_TYPE LA_MACH # endif /* ! LA_TYPE */ # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # ifndef _POSIX_SOURCE typedef int pid_t; # undef WEXITSTATUS # undef WIFEXITED # undef WIFSTOPPED # undef WTERMSIG # endif /* ! _POSIX_SOURCE */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/sendmail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # ifdef TCPWRAPPERS # ifndef HASUNSETENV # define HASUNSETENV 1 # endif /* ! HASUNSETENV */ # undef NEEDPUTENV # endif /* TCPWRAPPERS */ #endif /* NeXT */ /* ** Apple Rhapsody ** Contributed by Wilfredo Sanchez ** ** Also used for Apple Darwin support. */ #if defined(DARWIN) # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASFLOCK 1 /* has flock(2) syscall */ # define HASUNAME 1 /* has uname(2) syscall */ # define HASUNSETENV 1 # define HASSETSID 1 /* has the setsid(2) POSIX syscall */ # define HASINITGROUPS 1 # define HASSETVBUF 1 # define HASSETREUID 1 # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASLSTAT 1 # define HASSETRLIMIT 1 # define HASWAITPID 1 # define HASSTRERROR 1 /* has strerror(3) */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define HASSTRERROR 1 /* has strerror(3) */ # define HASGETDTABLESIZE 1 # define HASGETUSERSHELL 1 # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define BSD4_4_SOCKADDR /* has sa_len */ # define NETLINK 1 /* supports AF_LINK */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # define GIDSET_T gid_t # define LA_TYPE LA_SUBR /* use getloadavg(3) */ # define SFS_TYPE SFS_MOUNT /* use statfs() impl */ # define SPT_TYPE SPT_PSSTRINGS # define SPT_PADCHAR '\0' /* pad process title with nulls */ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ #endif /* DARWIN */ /* ** 4.4 BSD ** ** See also BSD defines. */ #if defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) # include # define HASUNSETENV 1 /* has unsetenv(3) call */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define HASSTRERROR 1 /* has strerror(3) */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # include # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ # define BSD4_4_SOCKADDR /* has sa_len */ # define NEED_PRINTF_PERCENTQ 1 /* doesn't have %lld */ # define NETLINK 1 /* supports AF_LINK */ # ifndef LA_TYPE # define LA_TYPE LA_SUBR # endif /* ! LA_TYPE */ # define SFS_TYPE SFS_MOUNT /* use statfs() impl */ # define SPT_TYPE SPT_PSSTRINGS /* use PS_STRINGS pointer */ #endif /* defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) */ /* ** BSD/OS (was BSD/386) (all versions) ** From Tony Sanders, BSDI */ #ifdef __bsdi__ # include # define HASUNSETENV 1 /* has the unsetenv(3) call */ # define HASSETSID 1 /* has the setsid(2) POSIX syscall */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASSETLOGIN 1 /* has setlogin(2) */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define HASUNAME 1 /* has uname(2) syscall */ # define HASSTRERROR 1 /* has strerror(3) */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # include # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ # define BSD4_4_SOCKADDR /* has sa_len */ # define NETLINK 1 /* supports AF_LINK */ # define SFS_TYPE SFS_MOUNT /* use statfs() impl */ # ifndef LA_TYPE # define LA_TYPE LA_SUBR # endif /* ! LA_TYPE */ # define GIDSET_T gid_t # define QUAD_T quad_t # if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 /* version 1.1 or later */ # undef SPT_TYPE # define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */ # else /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */ /* version 1.0 or earlier */ # define SPT_PADCHAR '\0' /* pad process title with nulls */ # endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199312 */ # if defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701 /* on 3.x */ # define HASSETUSERCONTEXT 1 /* has setusercontext */ # endif /* defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701 */ #endif /* __bsdi__ */ /* ** QNX 4.2x ** Contributed by Glen McCready . ** ** Should work with all versions of QNX. */ #if defined(__QNX__) # include # include # undef NGROUPS_MAX # define HASSETSID 1 /* has the setsid(2) POSIX syscall */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */ # define HASSETREUID 1 /* has setreuid(2) call */ # define HASSTRERROR 1 /* has strerror(3) */ # define HASFLOCK 0 # undef HASINITGROUPS /* has initgroups(3) call */ # define NEEDGETOPT 1 /* use sendmail's getopt */ # define IP_SRCROUTE 1 /* can check IP source routing */ # define TZ_TYPE TZ_TMNAME /* use tmname variable */ # define GIDSET_T gid_t # define LA_TYPE LA_ZERO # define SFS_TYPE SFS_NONE # define SPT_TYPE SPT_REUSEARGV # define SPT_PADCHAR '\0' /* pad process title with nulls */ # define HASGETUSERSHELL 0 # define E_PSEUDOBASE 512 # define _FILE_H_INCLUDED #endif /* defined(__QNX__) */ /* ** FreeBSD / NetBSD / OpenBSD (all architectures, all versions) ** ** 4.3BSD clone, closer to 4.4BSD for FreeBSD 1.x and NetBSD 0.9x ** 4.4BSD-Lite based for FreeBSD 2.x and NetBSD 1.x ** ** See also BSD defines. */ #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) # include # define HASUNSETENV 1 /* has unsetenv(3) call */ # define HASSETSID 1 /* has the setsid(2) POSIX syscall */ # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASFCHOWN 1 /* fchown(2) */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define HASUNAME 1 /* has uname(2) syscall */ # define HASSTRERROR 1 /* has strerror(3) */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # define NEED_PRINTF_PERCENTQ 1 /* doesn't have %lld */ # include # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ # define BSD4_4_SOCKADDR /* has sa_len */ # define NETLINK 1 /* supports AF_LINK */ # define SAFENFSPATHCONF 1 /* pathconf(2) pessimizes on NFS filesystems */ # define GIDSET_T gid_t # define QUAD_T unsigned long long # define SFIO_STDIO_COMPAT 1 /* can use RES_DEBUG */ # ifndef LA_TYPE # define LA_TYPE LA_SUBR # endif /* ! LA_TYPE */ # define SFS_TYPE SFS_MOUNT /* use statfs() impl */ # if defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1) # undef SPT_TYPE # define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */ # endif /* defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1) */ # if defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3)) # define HASURANDOMDEV 1 /* has /dev/urandom(4) */ # endif /* defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3)) */ # if defined(__FreeBSD__) # define HASSETLOGIN 1 /* has setlogin(2) */ # if __FreeBSD_version >= 227001 # define HASSRANDOMDEV 1 /* has srandomdev(3) */ # define HASURANDOMDEV 1 /* has /dev/urandom(4) */ # endif /* __FreeBSD_version >= 227001 */ # undef SPT_TYPE # if __FreeBSD__ >= 2 # include # if __FreeBSD_version >= 199512 /* 2.2-current when it appeared */ # include # define SPT_TYPE SPT_BUILTIN # endif /* __FreeBSD_version >= 199512 */ # if __FreeBSD_version >= 222000 /* 2.2.2-release and later */ # define HASSETUSERCONTEXT 1 /* BSDI-style login classes */ # endif /* __FreeBSD_version >= 222000 */ # if __FreeBSD_version >= 330000 /* 3.3.0-release and later */ # ifndef HASSTRL # define HASSTRL 1 /* has strlc{py,at}(3) functions */ # endif /* HASSTRL */ # endif /* __FreeBSD_version >= 330000 */ # define USESYSCTL 1 /* use sysctl(3) for getting ncpus */ # include # endif /* __FreeBSD__ >= 2 */ # ifndef SPT_TYPE # define SPT_TYPE SPT_REUSEARGV # define SPT_PADCHAR '\0' /* pad process title with nulls */ # endif /* ! SPT_TYPE */ # endif /* defined(__FreeBSD__) */ # if defined(__OpenBSD__) # undef SPT_TYPE # define SPT_TYPE SPT_BUILTIN /* setproctitle is in libc */ # define HASSETLOGIN 1 /* has setlogin(2) */ # define HASURANDOMDEV 1 /* has /dev/urandom(4) */ # if OpenBSD < 199912 # define HASSTRL 0 /* strlcat(3) is broken in 2.5 and earlier */ # else /* OpenBSD < 199912 */ # define HASSTRL 1 /* has strlc{py,at}(3) functions */ # endif /* OpenBSD < 199912 */ # endif /* defined(__OpenBSD__) */ #endif /* defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) */ /* ** Mach386 ** ** For mt Xinu's Mach386 system. */ #if defined(MACH) && defined(i386) && !defined(__GNU__) # define MACH386 1 # define HASUNSETENV 1 /* has unsetenv(3) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define NEEDSTRTOL 1 /* need the strtol() function */ # define setpgid setpgrp # ifndef LA_TYPE # define LA_TYPE LA_FLOAT # endif /* ! LA_TYPE */ # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # undef HASSETVBUF /* don't actually have setvbuf(3) */ # undef WEXITSTATUS # undef WIFEXITED # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* defined(MACH) && defined(i386) && !defined(__GNU__) */ /* ** GNU OS (hurd) ** Largely BSD & posix compatible. ** Port contributed by Miles Bader . ** Updated by Mark Kettenis . */ #if defined(__GNU__) && !defined(NeXT) # include # define HASFCHMOD 1 /* has fchmod(2) call */ # define HASFCHOWN 1 /* has fchown(2) call */ # define HASUNAME 1 /* has uname(2) call */ # define HASUNSETENV 1 /* has unsetenv(3) call */ # define HAS_ST_GEN 1 /* has st_gen field in stat struct */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define HASSTRERROR 1 /* has strerror(3) */ # define GIDSET_T gid_t # define SOCKADDR_LEN_T socklen_t # define SOCKOPT_LEN_T socklen_t # if (__GLIBC__ == 2 && __GLIBC_MINOR__ > 1) || __GLIBC__ > 2 # define LA_TYPE LA_SUBR # else # define LA_TYPE LA_MACH /* GNU uses mach[34], which renames some rpcs from mach2.x. */ # define host_self mach_host_self # endif # define SFS_TYPE SFS_STATFS # define SPT_TYPE SPT_CHANGEARGV # define ERRLIST_PREDEFINED 1 /* don't declare sys_errlist */ # define BSD4_4_SOCKADDR 1 /* has sa_len */ # define SIOCGIFCONF_IS_BROKEN 1 /* SIOCGFCONF doesn't work */ # define HAS_IN_H 1 /* GNU has netinet/in.h. */ /* GNU has no MAXPATHLEN; ideally the code should be changed to not use it. */ # define MAXPATHLEN 2048 #endif /* defined(__GNU__) && !defined(NeXT) */ /* ** 4.3 BSD -- this is for very old systems ** ** Should work for mt Xinu MORE/BSD and Mips UMIPS-BSD 2.1. ** ** You'll also have to install a new resolver library. ** I don't guarantee that support for this environment is complete. */ #if defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) # define NEEDVPRINTF 1 /* need a replacement for vprintf(3) */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define ARBPTR_T char * # define setpgid setpgrp # ifndef LA_TYPE # define LA_TYPE LA_FLOAT # endif /* ! LA_TYPE */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # undef WEXITSTATUS # undef WIFEXITED typedef short pid_t; #endif /* defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) */ /* ** SCO Unix ** ** This includes three parts: ** ** The first is for SCO OpenServer 5. ** (Contributed by Keith Reynolds ). ** ** SCO OpenServer 5 has a compiler version number macro, ** which we can use to figure out what version we're on. ** This may have to change in future releases. ** ** The second is for SCO UNIX 3.2v4.2/Open Desktop 3.0. ** (Contributed by Philippe Brand ). ** ** The third is for SCO UNIX 3.2v4.0/Open Desktop 2.0 and earlier. */ /* SCO OpenServer 5 */ #if _SCO_DS >= 1 # include # define SIOCGIFNUM_IS_BROKEN 1 /* SIOCGIFNUM returns bogus value */ # define HASSNPRINTF 1 /* has snprintf(3) call */ # define HASFCHMOD 1 /* has fchmod(2) call */ # define HASFCHOWN 1 /* has fchown(2) call */ # define HASSETRLIMIT 1 /* has setrlimit(2) call */ # define USESETEUID 1 /* has seteuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */ # define RLIMIT_NEEDS_SYS_TIME_H 1 # ifndef LA_TYPE # define LA_TYPE LA_DEVSHORT # endif /* ! LA_TYPE */ # define _PATH_AVENRUN "/dev/table/avenrun" # ifndef _SCO_unix_4_2 # define _SCO_unix_4_2 # else /* ! _SCO_unix_4_2 */ # define SOCKADDR_LEN_T size_t /* e.g., arg#3 to accept, getsockname */ # define SOCKOPT_LEN_T size_t /* arg#5 to getsockopt */ # endif /* ! _SCO_unix_4_2 */ #endif /* _SCO_DS >= 1 */ /* SCO UNIX 3.2v4.2/Open Desktop 3.0 */ #ifdef _SCO_unix_4_2 # define _SCO_unix_ # define HASSETREUID 1 /* has setreuid(2) call */ #endif /* _SCO_unix_4_2 */ /* SCO UNIX 3.2v4.0 Open Desktop 2.0 and earlier */ #ifdef _SCO_unix_ # include /* needed for IP_SRCROUTE */ # define SYSTEM5 1 /* include all the System V defines */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define NOFTRUNCATE 0 /* has (simulated) ftruncate call */ # define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */ # define MAXPATHLEN PATHSIZE # define SFS_TYPE SFS_4ARGS /* use 4-arg impl */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define SPT_TYPE SPT_SCO /* write kernel u. area */ # define TZ_TYPE TZ_TM_NAME /* use tm->tm_name */ # define UID_T uid_t # define GID_T gid_t # define GIDSET_T gid_t # define _PATH_UNIX "/unix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ /* stuff fixed in later releases */ # ifndef _SCO_unix_4_2 # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # endif /* ! _SCO_unix_4_2 */ # ifndef _SCO_DS # define ftruncate chsize /* use chsize(2) to emulate ftruncate */ # define NEEDFSYNC 1 /* needs the fsync(2) call stub */ # define NETUNIX 0 /* no unix domain socket support */ # define LA_TYPE LA_SHORT # endif /* ! _SCO_DS */ #endif /* _SCO_unix_ */ /* ** ISC (SunSoft) Unix. ** ** Contributed by J.J. Bailey */ #ifdef ISC_UNIX # include # include /* needed for IP_SRCROUTE */ # include # define SYSTEM5 1 /* include all the System V defines */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define HASSETREUID 1 /* has setreuid(2) call */ # define NEEDFSYNC 1 /* needs the fsync(2) call stub */ # define NETUNIX 0 /* no unix domain socket support */ # define MAXPATHLEN 1024 # define LA_TYPE LA_SHORT # define SFS_TYPE SFS_STATFS /* use statfs() impl */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define _PATH_UNIX "/unix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* ISC_UNIX */ /* ** Altos System V (5.3.1) ** Contributed by Tim Rice . */ #ifdef ALTOS_SYSTEM_V # include # include # define SYSTEM5 1 /* include all the System V defines */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # define NEEDFSYNC 1 /* no fsync(2) in system library */ # define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */ # define NOFTRUNCATE 1 /* do not have ftruncate(2) */ # define MAXPATHLEN PATH_MAX # define LA_TYPE LA_SHORT # define SFS_TYPE SFS_STATFS /* use statfs() impl */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define TZ_TYPE TZ_TZNAME /* use tzname[] vector */ # define NETUNIX 0 /* no unix domain socket support */ # undef WIFEXITED # undef WEXITSTATUS # define strtoul strtol /* gcc library bogosity */ typedef unsigned short uid_t; typedef unsigned short gid_t; typedef short pid_t; typedef unsigned long mode_t; /* some stuff that should have been in the include files */ extern char *malloc(); extern struct passwd *getpwent(); extern struct passwd *getpwnam(); extern struct passwd *getpwuid(); extern char *getenv(); extern struct group *getgrgid(); extern struct group *getgrnam(); #endif /* ALTOS_SYSTEM_V */ /* ** ConvexOS 11.0 and later ** ** "Todd C. Miller" claims this ** works on 9.1 as well. ** ** ConvexOS 11.5 and later, should work on 11.0 as defined. ** For pre-ConvexOOS 11.0, define NEEDGETOPT, undef IDENTPROTO ** ** Eric Schnoebelen (eric@cirr.com) For CONVEX Computer Corp. ** (now the CONVEX Technologies Center of Hewlett Packard) */ #ifdef _CONVEX_SOURCE # define HASGETDTABLESIZE 1 /* has getdtablesize(2) */ # define HASINITGROUPS 1 /* has initgroups(3) */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASSETSID 1 /* has POSIX setsid(2) call */ # define HASUNSETENV 1 /* has unsetenv(3) */ # define HASFLOCK 1 /* has flock(2) */ # define HASSETRLIMIT 1 /* has setrlimit(2) */ # define HASSETREUID 1 /* has setreuid(2) */ # define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_error=0 */ # define NEEDPUTENV 1 /* needs putenv (written in terms of setenv) */ # define NEEDGETOPT 0 /* need replacement for getopt(3) */ # define IP_SRCROUTE 0 /* Something is broken with getsockopt() */ # define LA_TYPE LA_FLOAT # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef S_IREAD # define S_IREAD _S_IREAD # define S_IWRITE _S_IWRITE # define S_IEXEC _S_IEXEC # define S_IFMT _S_IFMT # define S_IFCHR _S_IFCHR # define S_IFBLK _S_IFBLK # endif /* ! S_IREAD */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TIMEZONE # endif /* ! TZ_TYPE */ # ifndef IDENTPROTO # define IDENTPROTO 1 # endif /* ! IDENTPROTO */ # ifndef SHARE_V1 # define SHARE_V1 1 /* version 1 of the fair share scheduler */ # endif /* ! SHARE_V1 */ # if !defined(__GNUC__ ) # define UID_T int /* GNUC gets it right, ConvexC botches */ # define GID_T int /* GNUC gets it right, ConvexC botches */ # endif /* !defined(__GNUC__ ) */ # if SECUREWARE # define FORK fork /* SecureWare wants the real fork! */ # else /* SECUREWARE */ # define FORK vfork /* the rest of the OS versions don't care */ # endif /* SECUREWARE */ #endif /* _CONVEX_SOURCE */ /* ** RISC/os 4.52 ** ** Gives a ton of warning messages, but otherwise compiles. */ #ifdef RISCOS # define HASUNSETENV 1 /* has unsetenv(3) call */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define NEEDPUTENV 1 /* need putenv(3) call */ # define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */ # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # define LA_TYPE LA_INT # define LA_AVENRUN "avenrun" # define _PATH_UNIX "/unix" # undef WIFEXITED # define setpgid setpgrp typedef int pid_t; # define SIGFUNC_DEFINED # define SIGFUNC_RETURN (0) # define SIGFUNC_DECL int typedef int (*sigfunc_t)(); extern char *getenv(); extern void *malloc(); /* added for RISC/os 4.01...which is dumber than 4.50 */ # ifdef RISCOS_4_0 # ifndef ARBPTR_T # define ARBPTR_T char * # endif /* ! ARBPTR_T */ # undef HASFLOCK # define HASFLOCK 0 # endif /* RISCOS_4_0 */ # include #endif /* RISCOS */ /* ** Linux 0.99pl10 and above... ** ** Thanks to, in reverse order of contact: ** ** John Kennedy ** Andrew Pam ** Florian La Roche ** Karl London ** ** Last compiled against: [07/21/98 @ 11:47:34 AM (Tuesday)] ** sendmail 8.9.1 bind-8.1.2 db-2.4.14 ** gcc-2.8.1 glibc-2.0.94 linux-2.1.109 ** ** NOTE: Override HASFLOCK as you will but, as of 1.99.6, mixed-style ** file locking is no longer allowed. In particular, make sure ** your DBM library and sendmail are both using either flock(2) ** *or* fcntl(2) file locking, but not both. */ #ifdef __linux__ # include # if !defined(KERNEL_VERSION) /* not defined in 2.0.x kernel series */ # define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) # endif /* KERNEL_VERSION */ # define BSD 1 /* include BSD defines */ # define USESETEUID 0 /* Have it due to POSIX, but doesn't work */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASUNSETENV 1 /* has unsetenv(3) call */ # ifndef HASSNPRINTF # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # endif /* ! HASSNPRINTF */ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */ # define GIDSET_T gid_t /* from */ # define HASGETUSERSHELL 0 /* getusershell(3) broken in Slackware 2.0 */ # ifndef IP_SRCROUTE # define IP_SRCROUTE 0 /* linux <= 1.2.8 doesn't support IP_OPTIONS */ # endif /* ! IP_SRCROUTE */ # ifndef HAS_IN_H # define HAS_IN_H 1 /* use netinet/in.h */ # endif /* ! HAS_IN_H */ # define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */ # ifndef HASFLOCK # if LINUX_VERSION_CODE < 66399 # define HASFLOCK 0 /* flock(2) is broken after 0.99.13 */ # else /* LINUX_VERSION_CODE < 66399 */ # define HASFLOCK 1 /* flock(2) fixed after 1.3.95 */ # endif /* LINUX_VERSION_CODE < 66399 */ # endif /* ! HASFLOCK */ # ifndef LA_TYPE # define LA_TYPE LA_PROCSTR # endif /* ! LA_TYPE */ # define SFS_TYPE SFS_VFS /* use statfs() impl */ # define SPT_PADCHAR '\0' /* pad process title with nulls */ # if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,0)) # ifndef HASURANDOMDEV # define HASURANDOMDEV 1 /* 2.0 (at least) has linux/drivers/char/random.c */ # endif /* ! HASURANDOMDEV */ # endif /* LINUX_VERSION_CODE */ # ifndef TZ_TYPE # define TZ_TYPE TZ_NONE /* no standard for Linux */ # endif /* ! TZ_TYPE */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/var/run/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # include # undef atol /* wounded in */ # if NETINET6 /* ** Linux doesn't have a good way to tell userland what interfaces are ** IPv6-capable. Therefore, the BIND resolver can not determine if there ** are IPv6 interfaces to honor AI_ADDRCONFIG. Unfortunately, it assumes ** that none are present. (Excuse the macro name ADDRCONFIG_IS_BROKEN.) */ # define ADDRCONFIG_IS_BROKEN 1 /* ** Indirectly included from glibc's . IPv6 support is native ** in 2.1 and later, but the APIs appear before the functions. */ # if defined(__GLIBC__) && defined(__GLIBC_MINOR__) # define GLIBC_VERSION ((__GLIBC__ << 8) + __GLIBC_MINOR__) # if (GLIBC_VERSION >= 0x201) # undef IPPROTO_ICMPV6 /* linux #defines, glibc enums */ # else /* (GLIBC_VERSION >= 0x201) */ # include /* IPv6 support */ # endif /* (GLIBC_VERSION >= 0x201) */ # if (GLIBC_VERSION == 0x201 && !defined(NEEDSGETIPNODE)) /* Have APIs in , but no support in glibc */ # define NEEDSGETIPNODE 1 # endif /* (GLIBC_VERSION == 0x201 && ! NEEDSGETIPNODE) */ # undef GLIBC_VERSION # endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */ # endif /* NETINET6 */ # ifndef HASFCHOWN # define HASFCHOWN 1 /* fchown(2) */ # endif /* ! HASFCHOWN */ #endif /* __linux__ */ /* ** DELL SVR4 Issue 2.2, and others ** From Kimmo Suominen ** ** It's on #ifdef DELL_SVR4 because Solaris also gets __svr4__ ** defined, and the definitions conflict. ** ** Peter Wemm claims that the setreuid ** trick works on DELL 2.2 (SVR4.0/386 version 4.0) and ESIX 4.0.3A ** (SVR4.0/386 version 3.0). */ #ifdef DELL_SVR4 /* no changes necessary */ /* see general __svr4__ defines below */ #endif /* DELL_SVR4 */ /* ** Apple A/UX 3.0 */ #ifdef _AUX_SOURCE # include # define BSD /* has BSD routines */ # define HASSETRLIMIT 0 /* ... but not setrlimit(2) */ # define BROKEN_RES_SEARCH 1 /* res_search(unknown) returns h_errno=0 */ # define BOGUS_O_EXCL 1 /* exclusive open follows symlinks */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASSETVBUF 1 /* has setvbuf(3) in libc */ # define HASSTRERROR 1 /* has strerror(3) */ # define SIGFUNC_DEFINED /* sigfunc_t already defined */ # define SIGFUNC_RETURN /* POSIX-mode */ # define SIGFUNC_DECL void /* POSIX-mode */ # define ERRLIST_PREDEFINED 1 # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # ifndef LA_TYPE # define LA_TYPE LA_INT # define FSHIFT 16 # endif /* ! LA_TYPE */ # define LA_AVENRUN "avenrun" # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # define TZ_TYPE TZ_TZNAME # ifndef _PATH_UNIX # define _PATH_UNIX "/unix" /* should be in */ # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # undef WIFEXITED # undef WEXITSTATUS #endif /* _AUX_SOURCE */ /* ** Encore UMAX V ** ** Not extensively tested. */ #ifdef UMAXV # define HASUNAME 1 /* use System V uname(2) system call */ # define HASSETVBUF 1 /* we have setvbuf(3) in libc */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */ # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define MAXPATHLEN PATH_MAX extern struct passwd *getpwent(), *getpwnam(), *getpwuid(); extern struct group *getgrent(), *getgrnam(), *getgrgid(); # undef WIFEXITED # undef WEXITSTATUS #endif /* UMAXV */ /* ** Stardent Titan 3000 running TitanOS 4.2. ** ** Must be compiled in "cc -43" mode. ** ** From Kate Hedstrom . ** ** Note the tweaking below after the BSD defines are set. */ #ifdef titan # define setpgid setpgrp typedef int pid_t; # undef WIFEXITED # undef WEXITSTATUS #endif /* titan */ /* ** Sequent DYNIX 3.2.0 ** ** From Jim Davis . */ #ifdef sequent # define BSD 1 # define HASUNSETENV 1 # define BSD4_3 1 /* to get signal() in conf.c */ # define WAITUNION 1 # define LA_TYPE LA_FLOAT # ifdef _POSIX_VERSION # undef _POSIX_VERSION /* set in */ # endif /* _POSIX_VERSION */ # undef HASSETVBUF /* don't actually have setvbuf(3) */ # define setpgid setpgrp /* Have to redefine WIFEXITED to take an int, to work with waitfor() */ # undef WIFEXITED # define WIFEXITED(s) (((union wait*)&(s))->w_stopval != WSTOPPED && \ ((union wait*)&(s))->w_termsig == 0) # define WEXITSTATUS(s) (((union wait*)&(s))->w_retcode) typedef int pid_t; # define isgraph(c) (isprint(c) && (c != ' ')) # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # ifndef _PATH_UNIX # define _PATH_UNIX "/dynix" # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ #endif /* sequent */ /* ** Sequent DYNIX/ptx v2.0 (and higher) ** ** For DYNIX/ptx v1.x, undefine HASSETREUID. ** ** From Tim Wright . ** Update from Jack Woolley , 26 Dec 1995, ** for DYNIX/ptx 4.0.2. */ #ifdef _SEQUENT_ # include # define SYSTEM5 1 /* include all the System V defines */ # define HASSETSID 1 /* has POSIX setsid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASSETREUID 1 /* has setreuid(2) call */ # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define GIDSET_T gid_t # define LA_TYPE LA_INT # define SFS_TYPE SFS_STATFS /* use statfs() impl */ # define SPT_TYPE SPT_NONE /* don't use setproctitle */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* _SEQUENT_ */ /* ** Cray Unicos ** ** Ported by David L. Kensiski, Sterling Sofware */ #ifdef UNICOS # define SYSTEM5 1 /* include all the System V defines */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define MAXPATHLEN PATHSIZE # define LA_TYPE LA_ZERO # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define SFS_BAVAIL f_bfree /* alternate field name */ #endif /* UNICOS */ /* ** Apollo DomainOS ** ** From Todd Martin & Don Lewis ** ** 15 Jan 1994; updated 2 Aug 1995 ** */ #ifdef apollo # define HASSETREUID 1 /* has setreuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(2) call */ # define IP_SRCROUTE 0 /* does not have */ # define SPT_TYPE SPT_NONE /* don't use setproctitle */ # define LA_TYPE LA_SUBR /* use getloadavg.c */ # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define TZ_TYPE TZ_TZNAME # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # undef S_IFSOCK /* S_IFSOCK and S_IFIFO are the same */ # undef S_IFIFO # define S_IFIFO 0010000 # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # define RLIMIT_NEEDS_SYS_TIME_H 1 # if defined(NGROUPS_MAX) && !NGROUPS_MAX # undef NGROUPS_MAX # endif /* defined(NGROUPS_MAX) && !NGROUPS_MAX */ #endif /* apollo */ /* ** System V Rel 5.x (a.k.a Unixware7 w/o BSD-Compatibility Libs ie. native) ** ** Contributed by Paul Gampe */ #ifdef __svr5__ # include # define __svr4__ # define SYS5SIGNALS 1 # define HASSETSID 1 +# define HASSNPRINTF 1 # define HASSETREUID 1 # define HASWAITPID 1 # define HASGETDTABLESIZE 1 # define GIDSET_T gid_t # define SOCKADDR_LEN_T size_t # define SOCKOPT_LEN_T size_t # ifndef _PATH_UNIX # define _PATH_UNIX "/stand/unix" # endif /* ! _PATH_UNIX */ # define SPT_PADCHAR '\0' /* pad process title with nulls */ # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 1024 /* unsure */ # endif /* SYSLOG_BUFSIZE */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ +# undef offsetof /* avoid stddefs.h, sys/sysmacros.h conflict */ #endif /* __svr5__ */ /* ###################################################################### */ /* ** UnixWare 2.x */ #ifdef UNIXWARE2 # define UNIXWARE 1 # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # undef offsetof /* avoid stddefs.h, sys/sysmacros.h conflict */ #endif /* UNIXWARE2 */ /* ** UnixWare 1.1.2. ** ** Updated by Petr Lampa . ** From Evan Champion . */ #ifdef UNIXWARE # include # define SYSTEM5 1 # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # define HASSETREUID 1 # define HASSETSID 1 # define HASINITGROUPS 1 # define GIDSET_T gid_t # define SLEEP_T unsigned # define SFS_TYPE SFS_STATVFS # define LA_TYPE LA_ZERO # undef WIFEXITED # undef WEXITSTATUS # ifndef _PATH_UNIX # define _PATH_UNIX "/unix" # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # define SYSLOG_BUFSIZE 128 #endif /* UNIXWARE */ /* ** Intergraph CLIX 3.1 ** ** From Paul Southworth */ #ifdef CLIX # define SYSTEM5 1 /* looks like System V */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # endif /* ! HASGETUSERSHELL */ # define DEV_BSIZE 512 /* device block size not defined */ # define GIDSET_T gid_t # undef LOG /* syslog not available */ # define NEEDFSYNC 1 /* no fsync in system library */ # define GETSHORT _getshort #endif /* CLIX */ /* ** NCR MP-RAS 2.x (SysVr4) with Wollongong TCP/IP ** ** From Kevin Darcy . */ #ifdef NCR_MP_RAS2 # include # define __svr4__ # define IP_SRCROUTE 0 /* Something is broken with getsockopt() */ # define SYSLOG_BUFSIZE 1024 # define SPT_TYPE SPT_NONE #endif /* NCR_MP_RAS2 */ /* ** NCR MP-RAS 3.x (SysVr4) with STREAMware TCP/IP ** ** From Tom Moore */ #ifdef NCR_MP_RAS3 # define __svr4__ # define HASFCHOWN 1 /* has fchown(2) call */ # define SIOCGIFNUM_IS_BROKEN 1 /* SIOCGIFNUM has non-std interface */ # define SO_REUSEADDR_IS_BROKEN 1 /* doesn't work if accept() fails */ # define SYSLOG_BUFSIZE 1024 # define SPT_TYPE SPT_NONE # ifndef _XOPEN_SOURCE # define _XOPEN_SOURCE # define _XOPEN_SOURCE_EXTENDED 1 # include # undef _XOPEN_SOURCE # undef _XOPEN_SOURCE_EXTENDED # endif /* ! _XOPEN_SOURCE */ #endif /* NCR_MP_RAS3 */ /* ** Tandem NonStop-UX SVR4 ** ** From Rick McCarty . */ #ifdef NonStop_UX_BXX # define __svr4__ #endif /* NonStop_UX_BXX */ /* ** Hitachi 3050R/3050RX and 3500 Workstations running HI-UX/WE2. ** ** Tested for 1.04, 1.03 ** From Akihiro Hashimoto ("Hash") . ** ** Tested for 4.02, 6.10 and 7.10 ** From Motonori NAKAMURA . */ #if !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE)) # define SYSTEM5 1 /* include all the System V defines */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define HASFCHMOD 1 /* has fchmod(2) syscall */ # define setreuid(r, e) setresuid(r, e, -1) # define LA_TYPE LA_FLOAT # define SPT_TYPE SPT_PSTAT # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # ifndef HASSETVBUF # define HASSETVBUF /* HI-UX has no setlinebuf */ # endif /* ! HASSETVBUF */ # ifndef GIDSET_T # define GIDSET_T gid_t # endif /* ! GIDSET_T */ # ifndef _PATH_UNIX # define _PATH_UNIX "/HI-UX" # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps */ # endif /* ! HASGETUSERSHELL */ # define FDSET_CAST (int *) /* cast for fd_set parameters to select */ /* ** avoid m_flags conflict between Berkeley DB 1.85 db.h & sys/sysmacros.h ** on HIUX 3050 */ # undef m_flags # ifdef __STDC__ extern int syslog(int, char *, ...); # else /* __STDC__ */ extern int syslog(); # endif /* __STDC__ */ #endif /* !defined(__hpux) && (defined(_H3050R) || defined(_HIUX_SOURCE)) */ /* ** Amdahl UTS System V 2.1.5 (SVr3-based) ** ** From: Janet Jackson . */ #ifdef _UTS # include # undef HASLSTAT /* has symlinks, but they cause problems */ # define NEEDFSYNC 1 /* system fsync(2) fails on non-EFS filesys */ # define SYS5SIGNALS 1 /* System V signal semantics */ # define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */ # define HASUNAME 1 /* use System V uname(2) system call */ # define HASINITGROUPS 1 /* has initgroups(3) function */ # define HASSETVBUF 1 /* has setvbuf(3) function */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* does not have getusershell(3) function */ # endif /* ! HASGETUSERSHELL */ # define GIDSET_T gid_t /* type of 2nd arg to getgroups(2) isn't int */ # define LA_TYPE LA_ZERO /* doesn't have load average */ # define SFS_TYPE SFS_4ARGS /* use 4-arg statfs() */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define _PATH_UNIX "/unix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ #endif /* _UTS */ /* ** Cray Computer Corporation's CSOS ** ** From Scott Bolte . */ #ifdef _CRAYCOM # define SYSTEM5 1 /* include all the System V defines */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define NEEDFSYNC 1 /* no fsync in system library */ # define MAXPATHLEN PATHSIZE # define LA_TYPE LA_ZERO # define SFS_TYPE SFS_4ARGS /* four argument statfs() call */ # define SFS_BAVAIL f_bfree /* alternate field name */ # define _POSIX_CHOWN_RESTRICTED -1 extern struct group *getgrent(), *getgrnam(), *getgrgid(); #endif /* _CRAYCOM */ /* ** Sony NEWS-OS 4.2.1R and 6.0.3 ** ** From Motonori NAKAMURA . */ #ifdef sony_news # ifndef __svr4 /* NEWS-OS 4.2.1R */ # ifndef BSD # define BSD /* has BSD routines */ # endif /* ! BSD */ # define HASUNSETENV 1 /* has unsetenv(2) call */ # undef HASSETVBUF /* don't actually have setvbuf(3) */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # define LA_TYPE LA_INT # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # define setpgid setpgrp # undef WIFEXITED # undef WEXITSTATUS # define MODE_T int /* system include files have no mode_t */ typedef int pid_t; typedef int (*sigfunc_t)(); # define SIGFUNC_DEFINED # define SIGFUNC_RETURN (0) # define SIGFUNC_DECL int # else /* ! __svr4 */ /* NEWS-OS 6.0.3 with /bin/cc */ # ifndef __svr4__ # define __svr4__ /* use all System V Release 4 defines below */ # endif /* ! __svr4__ */ # define HASSETSID 1 /* has Posix setsid(2) call */ # define HASGETUSERSHELL 1 /* DOES have getusershell(3) call in libc */ # define LA_TYPE LA_READKSYM /* use MIOC_READKSYM ioctl */ # ifndef SPT_TYPE # define SPT_TYPE SPT_SYSMIPS /* use sysmips() (OS 6.0.2 or later) */ # endif /* ! SPT_TYPE */ # define GIDSET_T gid_t # undef WIFEXITED # undef WEXITSTATUS # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 256 # endif /* ! SYSLOG_BUFSIZE */ # define _PATH_UNIX "/stand/unix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/mail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # endif /* ! __svr4 */ #endif /* sony_news */ /* ** Omron LUNA/UNIOS-B 3.0, LUNA2/Mach and LUNA88K Mach ** ** From Motonori NAKAMURA . */ #ifdef luna # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ # define HASUNSETENV 1 /* has unsetenv(2) call */ # define NEEDPUTENV 1 /* need putenv(3) call */ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */ # define NEEDSTRSTR 1 /* need emulation of the strstr(3) call */ # define WAITUNION 1 /* use "union wait" as wait argument type */ # ifdef uniosb # include # define NEEDVPRINTF 1 /* need a replacement for vprintf(3) */ # define LA_TYPE LA_INT # define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */ # endif /* uniosb */ # ifdef luna2 # define LA_TYPE LA_SUBR # define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone */ # endif /* luna2 */ # ifdef luna88k # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define LA_TYPE LA_INT # endif /* luna88k */ # define SFS_TYPE SFS_VFS /* use statfs() implementation */ # define setpgid setpgrp # undef WIFEXITED # undef WEXITSTATUS typedef int pid_t; typedef int (*sigfunc_t)(); # define SIGFUNC_DEFINED # define SIGFUNC_RETURN (0) # define SIGFUNC_DECL int extern char *getenv(); # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/lib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ #endif /* luna */ /* ** NEC EWS-UX/V 4.2 (with /usr/ucb/cc) ** ** From Motonori NAKAMURA . */ #if defined(nec_ews_svr4) || defined(_nec_ews_svr4) # ifndef __svr4__ # define __svr4__ /* use all System V Release 4 defines below */ # endif /* ! __svr4__ */ # define SYS5SIGNALS 1 /* SysV signal semantics -- reset on each sig */ # define HASSETSID 1 /* has Posix setsid(2) call */ # define LA_TYPE LA_READKSYM /* use MIOC_READSYM ioctl */ # define SFS_TYPE SFS_USTAT /* use System V ustat(2) syscall */ # define GIDSET_T gid_t # undef WIFEXITED # undef WEXITSTATUS # define NAMELISTMASK 0x7fffffff /* mask for nlist() values */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 1024 /* allow full size syslog buffer */ # endif /* ! SYSLOG_BUFSIZE */ #endif /* defined(nec_ews_svr4) || defined(_nec_ews_svr4) */ /* ** Fujitsu/ICL UXP/DS (For the DS/90 Series) ** ** From Diego R. Lopez . ** Additional changes from Fumio Moriya and Toshiaki Nomura of the ** Fujitsu Fresoftware group . */ #ifdef __uxp__ # include # include # include # define __svr4__ # define HASGETUSERSHELL 0 # define HASFLOCK 0 # if UXPDS == 10 # define HASSNPRINTF 0 /* no snprintf(3) or vsnprintf(3) */ # else /* UXPDS == 10 */ # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # endif /* UXPDS == 10 */ # define _PATH_UNIX "/stand/unix" # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ #endif /* __uxp__ */ /* ** Pyramid DC/OSx ** ** From Earle Ake . */ #ifdef DCOSx # define GIDSET_T gid_t # ifndef IDENTPROTO # define IDENTPROTO 0 /* TCP/IP implementation is broken */ # endif /* ! IDENTPROTO */ #endif /* DCOSx */ /* ** Concurrent Computer Corporation Maxion ** ** From Donald R. Laster Jr. . */ #ifdef __MAXION__ # include # define __svr4__ 1 /* SVR4.2MP */ # define HASSETREUID 1 /* have setreuid(2) */ # define HASLSTAT 1 /* have lstat(2) */ # define HASSETRLIMIT 1 /* have setrlimit(2) */ # define HASGETDTABLESIZE 1 /* have getdtablesize(2) */ # define HASSNPRINTF 1 /* have snprintf(3) */ # define HASGETUSERSHELL 1 /* have getusershell(3) */ # define NOFTRUNCATE 1 /* do not have ftruncate(2) */ # define SLEEP_T unsigned # define SFS_TYPE SFS_STATVFS # define SFS_BAVAIL f_bavail # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 256 /* Use 256 bytes */ # endif /* ! SYSLOG_BUFSIZE */ # undef WUNTRACED # undef WIFEXITED # undef WIFSIGNALED # undef WIFSTOPPED # undef WEXITSTATUS # undef WTERMSIG # undef WSTOPSIG #endif /* __MAXION__ */ /* ** Harris Nighthawk PowerUX (nh6000 box) ** ** Contributed by Bob Miorelli, Pratt & Whitney */ #ifdef _PowerUX # ifndef __svr4__ # define __svr4__ # endif /* ! __svr4__ */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/etc/mail/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/etc/mail/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # define SYSLOG_BUFSIZE 1024 # define HASSNPRINTF 1 /* has snprintf(3) and vsnprintf(3) */ # define LA_TYPE LA_ZERO typedef struct msgb mblk_t; # undef offsetof /* avoid stddefs.h and sys/sysmacros.h conflict */ #endif /* _PowerUX */ /* ** Siemens Nixdorf Informationssysteme AG SINIX ** ** Contributed by Gerald Rinske ** of Siemens Business Services VAS. */ #ifdef sinix # define HASRANDOM 0 /* has random(3) */ # define SYSLOG_BUFSIZE 1024 #endif /* sinix */ /* ** CRAY T3E ** ** Contributed by Manu Mahonen ** of Center for Scientific Computing. */ #ifdef _CRAY # define GET_IPOPT_DST(dst) *(struct in_addr *)&(dst) #endif /* _CRAY */ /* ** Motorola 922, MC88110, UNIX SYSTEM V/88 Release 4.0 Version 4.3 ** ** Contributed by Sergey Rusanov */ #ifdef MOTO # define HASFCHMOD 1 # define HASSETRLIMIT 0 # define HASSETSID 1 # define HASSETREUID 1 # define HASULIMIT 1 # define HASWAITPID 1 # define HASGETDTABLESIZE 1 # define HASGETUSERSHELL 1 # define IP_SRCROUTE 0 # define IDENTPROTO 0 # define RES_DNSRCH_VARIABLE _res_dnsrch # define _PATH_UNIX "/unix" # define _PATH_VENDOR_CF "/etc/sendmail.cf" # define _PATH_SENDMAILPID "/var/run/sendmail.pid" #endif /* MOTO */ /********************************************************************** ** End of Per-Operating System defines **********************************************************************/ /********************************************************************** ** More general defines **********************************************************************/ /* general BSD defines */ #ifdef BSD # define HASGETDTABLESIZE 1 /* has getdtablesize(2) call */ # define HASSETREUID 1 /* has setreuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # ifndef IP_SRCROUTE # define IP_SRCROUTE 1 /* can check IP source routing */ # endif /* ! IP_SRCROUTE */ # ifndef HASSETRLIMIT # define HASSETRLIMIT 1 /* has setrlimit(2) call */ # endif /* ! HASSETRLIMIT */ # ifndef HASFLOCK # define HASFLOCK 1 /* has flock(2) call */ # endif /* ! HASFLOCK */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TM_ZONE /* use tm->tm_zone variable */ # endif /* ! TZ_TYPE */ #endif /* BSD */ /* general System V Release 4 defines */ #ifdef __svr4__ # define SYSTEM5 1 # define USESETEUID 1 /* has usable seteuid(2) call */ # define HASINITGROUPS 1 /* has initgroups(3) call */ # define BSD_COMP 1 /* get BSD ioctl calls */ # ifndef HASSETRLIMIT # define HASSETRLIMIT 1 /* has setrlimit(2) call */ # endif /* ! HASSETRLIMIT */ # ifndef HASGETUSERSHELL # define HASGETUSERSHELL 0 /* does not have getusershell(3) call */ # endif /* ! HASGETUSERSHELL */ # ifndef HASFCHMOD # define HASFCHMOD 1 /* most (all?) SVr4s seem to have fchmod(2) */ # endif /* ! HASFCHMOD */ # ifndef _PATH_UNIX # define _PATH_UNIX "/unix" # endif /* ! _PATH_UNIX */ # ifndef _PATH_VENDOR_CF # define _PATH_VENDOR_CF "/usr/ucblib/sendmail.cf" # endif /* ! _PATH_VENDOR_CF */ # ifndef _PATH_SENDMAILPID # define _PATH_SENDMAILPID "/usr/ucblib/sendmail.pid" # endif /* ! _PATH_SENDMAILPID */ # ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 128 # endif /* ! SYSLOG_BUFSIZE */ # ifndef SFS_TYPE # define SFS_TYPE SFS_STATVFS # endif /* ! SFS_TYPE */ # define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */ #endif /* __svr4__ */ /* general System V defines */ #ifdef SYSTEM5 # include # define HASUNAME 1 /* use System V uname(2) system call */ # define SYS5SETPGRP 1 /* use System V setpgrp(2) syscall */ # define HASSETVBUF 1 /* we have setvbuf(3) in libc */ # ifndef HASULIMIT # define HASULIMIT 1 /* has the ulimit(2) syscall */ # endif /* ! HASULIMIT */ # ifndef LA_TYPE # ifdef MIOC_READKSYM # define LA_TYPE LA_READKSYM /* use MIOC_READKSYM ioctl */ # else /* MIOC_READKSYM */ # define LA_TYPE LA_INT /* assume integer load average */ # endif /* MIOC_READKSYM */ # endif /* ! LA_TYPE */ # ifndef SFS_TYPE # define SFS_TYPE SFS_USTAT /* use System V ustat(2) syscall */ # endif /* ! SFS_TYPE */ # ifndef TZ_TYPE # define TZ_TYPE TZ_TZNAME /* use tzname[] vector */ # endif /* ! TZ_TYPE */ #endif /* SYSTEM5 */ /* general POSIX defines */ #ifdef _POSIX_VERSION # define HASSETSID 1 /* has Posix setsid(2) call */ # define HASWAITPID 1 /* has Posix waitpid(2) call */ # if _POSIX_VERSION >= 199500 && !defined(USESETEUID) # define USESETEUID 1 /* has usable seteuid(2) call */ # endif /* _POSIX_VERSION >= 199500 && !defined(USESETEUID) */ #endif /* _POSIX_VERSION */ /* ** Tweaking for systems that (for example) claim to be BSD or POSIX ** but don't have all the standard BSD or POSIX routines (boo hiss). */ #ifdef titan # undef HASINITGROUPS /* doesn't have initgroups(3) call */ #endif /* titan */ #ifdef _CRAYCOM # undef HASSETSID /* despite POSIX claim, doesn't have setsid */ #endif /* _CRAYCOM */ #ifdef MOTO # undef USESETEUID #endif /* MOTO */ /* ** Due to a "feature" in some operating systems such as Ultrix 4.3 and ** HPUX 8.0, if you receive a "No route to host" message (ICMP message ** ICMP_UNREACH_HOST) on _any_ connection, all connections to that host ** are closed. Some firewalls return this error if you try to connect ** to the IDENT port (113), so you can't receive email from these hosts ** on these systems. The firewall really should use a more specific ** message such as ICMP_UNREACH_PROTOCOL or _PORT or _FILTER_PROHIB. If ** not explicitly set to zero above, default it on. */ #ifndef IDENTPROTO # define IDENTPROTO 1 /* use IDENT proto (RFC 1413) */ #endif /* ! IDENTPROTO */ #ifndef IP_SRCROUTE # define IP_SRCROUTE 1 /* Detect IP source routing */ #endif /* ! IP_SRCROUTE */ #ifndef HASGETUSERSHELL # define HASGETUSERSHELL 1 /* libc has getusershell(3) call */ #endif /* ! HASGETUSERSHELL */ #ifndef NETUNIX # define NETUNIX 1 /* include unix domain support */ #endif /* ! NETUNIX */ #ifndef HASRANDOM # define HASRANDOM 1 /* has random(3) support */ #endif /* ! HASRANDOM */ #ifndef HASFLOCK # define HASFLOCK 0 /* assume no flock(2) support */ #endif /* ! HASFLOCK */ #ifndef HASSETREUID # define HASSETREUID 0 /* assume no setreuid(2) call */ #endif /* ! HASSETREUID */ #ifndef HASFCHMOD # define HASFCHMOD 0 /* assume no fchmod(2) syscall */ #endif /* ! HASFCHMOD */ #ifndef USESETEUID # define USESETEUID 0 /* assume no seteuid(2) call or no saved ids */ #endif /* ! USESETEUID */ #ifndef HASSETRLIMIT # define HASSETRLIMIT 0 /* assume no setrlimit(2) support */ #endif /* ! HASSETRLIMIT */ #ifndef HASULIMIT # define HASULIMIT 0 /* assume no ulimit(2) support */ #endif /* ! HASULIMIT */ #ifndef SECUREWARE # define SECUREWARE 0 /* assume no SecureWare C2 auditing hooks */ #endif /* ! SECUREWARE */ #ifndef USE_SIGLONGJMP # define USE_SIGLONGJMP 0 /* assume setjmp handles signals properly */ #endif /* ! USE_SIGLONGJMP */ #ifndef FDSET_CAST # define FDSET_CAST /* (empty) cast for fd_set arg to select */ #endif /* ! FDSET_CAST */ /* ** Pick a mailer setuid method for changing the current uid */ #define USE_SETEUID 0 #define USE_SETREUID 1 #define USE_SETUID 2 #if USESETEUID # define MAILER_SETUID_METHOD USE_SETEUID #else /* USESETEUID */ # if HASSETREUID # define MAILER_SETUID_METHOD USE_SETREUID # else /* HASSETREUID */ # define MAILER_SETUID_METHOD USE_SETUID # endif /* HASSETREUID */ #endif /* USESETEUID */ /* ** If no type for argument two of getgroups call is defined, assume ** it's an integer -- unfortunately, there seem to be several choices ** here. */ #ifndef GIDSET_T # define GIDSET_T int #endif /* ! GIDSET_T */ #ifndef UID_T # define UID_T uid_t #endif /* ! UID_T */ #ifndef GID_T # define GID_T gid_t #endif /* ! GID_T */ #ifndef SIZE_T # define SIZE_T size_t #endif /* ! SIZE_T */ #ifndef MODE_T # define MODE_T mode_t #endif /* ! MODE_T */ #ifndef ARGV_T # define ARGV_T char ** #endif /* ! ARGV_T */ #ifndef SOCKADDR_LEN_T # define SOCKADDR_LEN_T int #endif /* ! SOCKADDR_LEN_T */ #ifndef SOCKOPT_LEN_T # define SOCKOPT_LEN_T int #endif /* ! SOCKOPT_LEN_T */ #ifndef QUAD_T # define QUAD_T unsigned long #endif /* ! QUAD_T */ /********************************************************************** ** Remaining definitions should never have to be changed. They are ** primarily to provide back compatibility for older systems -- for ** example, it includes some POSIX compatibility definitions **********************************************************************/ /* System 5 compatibility */ #ifndef S_ISREG # define S_ISREG(foo) ((foo & S_IFMT) == S_IFREG) #endif /* ! S_ISREG */ #ifndef S_ISDIR # define S_ISDIR(foo) ((foo & S_IFMT) == S_IFDIR) #endif /* ! S_ISDIR */ #if !defined(S_ISLNK) && defined(S_IFLNK) # define S_ISLNK(foo) ((foo & S_IFMT) == S_IFLNK) #endif /* !defined(S_ISLNK) && defined(S_IFLNK) */ #if !defined(S_ISFIFO) # if defined(S_IFIFO) # define S_ISFIFO(foo) ((foo & S_IFMT) == S_IFIFO) # else /* defined(S_IFIFO) */ # define S_ISFIFO(foo) FALSE # endif /* defined(S_IFIFO) */ #endif /* !defined(S_ISFIFO) */ #ifndef S_IRUSR # define S_IRUSR 0400 #endif /* ! S_IRUSR */ #ifndef S_IWUSR # define S_IWUSR 0200 #endif /* ! S_IWUSR */ #ifndef S_IRGRP # define S_IRGRP 0040 #endif /* ! S_IRGRP */ #ifndef S_IWGRP # define S_IWGRP 0020 #endif /* ! S_IWGRP */ #ifndef S_IROTH # define S_IROTH 0004 #endif /* ! S_IROTH */ #ifndef S_IWOTH # define S_IWOTH 0002 #endif /* ! S_IWOTH */ /* close-on-exec flag */ #ifndef FD_CLOEXEC # define FD_CLOEXEC 1 #endif /* ! FD_CLOEXEC */ /* ** Older systems don't have this error code -- it should be in ** /usr/include/sysexits.h. */ #ifndef EX_CONFIG # define EX_CONFIG 78 /* configuration error */ #endif /* ! EX_CONFIG */ /* pseudo-codes */ #define EX_QUIT 22 /* drop out of server immediately */ #define EX_RESTART 23 /* restart sendmail daemon */ #define EX_SHUTDOWN 24 /* shutdown sendmail daemon */ /* pseudo-code used for mci_setstat */ #define EX_NOTSTICKY -5 /* don't save persistent status */ /* ** An "impossible" file mode to indicate that the file does not exist. */ #define ST_MODE_NOFILE 0171147 /* unlikely to occur */ /* type of arbitrary pointer */ #ifndef ARBPTR_T # define ARBPTR_T void * #endif /* ! ARBPTR_T */ #ifndef __P # include "sendmail/cdefs.h" #endif /* ! __P */ #if HESIOD && !defined(NAMED_BIND) # define NAMED_BIND 1 /* not one without the other */ #endif /* HESIOD && !defined(NAMED_BIND) */ # if NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno ) extern int h_errno; # endif /* NAMED_BIND && !defined( __ksr__ ) && !defined( h_errno ) */ #ifdef LDAPMAP # include # include # include /* Some LDAP constants */ # define LDAPMAP_FALSE 0 # define LDAPMAP_TRUE 1 /* ** ldap_init(3) is broken in Umich 3.x and OpenLDAP 1.0/1.1. ** Use the lack of LDAP_OPT_SIZELIMIT to detect old API implementations ** and assume (falsely) that all old API implementations are broken. ** (OpenLDAP 1.2 and later have a working ldap_init(), add -DUSE_LDAP_INIT) */ # if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT) # define USE_LDAP_INIT 1 # endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_INIT) */ /* ** LDAP_OPT_SIZELIMIT is not defined under Umich 3.x nor OpenLDAP 1.x, ** hence ldap_set_option() must not exist. */ # if defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION) # define USE_LDAP_SET_OPTION 1 # endif /* defined(LDAP_OPT_SIZELIMIT) && !defined(USE_LDAP_SET_OPTION) */ #endif /* LDAPMAP */ /* ** Do some required dependencies */ #if NETINET || NETINET6 || NETISO # ifndef SMTP # define SMTP 1 /* enable user and server SMTP */ # endif /* ! SMTP */ # ifndef QUEUE # define QUEUE 1 /* enable queueing */ # endif /* ! QUEUE */ # ifndef DAEMON # define DAEMON 1 /* include the daemon (requires IPC & SMTP) */ # endif /* ! DAEMON */ #endif /* NETINET || NETINET6 || NETISO */ /* ** Arrange to use either varargs or stdargs */ #ifdef __STDC__ # include # define VA_LOCAL_DECL va_list ap; # define VA_START(f) va_start(ap, f) # define VA_END va_end(ap) #else /* __STDC__ */ # include # define VA_LOCAL_DECL va_list ap; # define VA_START(f) va_start(ap) # define VA_END va_end(ap) #endif /* __STDC__ */ #if HASUNAME # include # ifdef newstr # undef newstr # endif /* newstr */ #else /* HASUNAME */ # define NODE_LENGTH 32 struct utsname { char nodename[NODE_LENGTH + 1]; }; #endif /* HASUNAME */ #if !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) # define MAXHOSTNAMELEN 256 #endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */ #if !defined(SIGCHLD) && defined(SIGCLD) # define SIGCHLD SIGCLD #endif /* !defined(SIGCHLD) && defined(SIGCLD) */ #ifndef STDIN_FILENO # define STDIN_FILENO 0 #endif /* ! STDIN_FILENO */ #ifndef STDOUT_FILENO # define STDOUT_FILENO 1 #endif /* ! STDOUT_FILENO */ #ifndef STDERR_FILENO # define STDERR_FILENO 2 #endif /* ! STDERR_FILENO */ #ifndef LOCK_SH # define LOCK_SH 0x01 /* shared lock */ # define LOCK_EX 0x02 /* exclusive lock */ # define LOCK_NB 0x04 /* non-blocking lock */ # define LOCK_UN 0x08 /* unlock */ #endif /* ! LOCK_SH */ #ifndef S_IXOTH # define S_IXOTH (S_IEXEC >> 6) #endif /* ! S_IXOTH */ #ifndef S_IXGRP # define S_IXGRP (S_IEXEC >> 3) #endif /* ! S_IXGRP */ #ifndef S_IXUSR # define S_IXUSR (S_IEXEC) #endif /* ! S_IXUSR */ #ifndef SEEK_SET # define SEEK_SET 0 # define SEEK_CUR 1 # define SEEK_END 2 #endif /* ! SEEK_SET */ #ifndef SIG_ERR # define SIG_ERR ((void (*)()) -1) #endif /* ! SIG_ERR */ #ifndef WEXITSTATUS # define WEXITSTATUS(st) (((st) >> 8) & 0377) #endif /* ! WEXITSTATUS */ #ifndef WIFEXITED # define WIFEXITED(st) (((st) & 0377) == 0) #endif /* ! WIFEXITED */ #ifndef WIFSTOPPED # define WIFSTOPPED(st) (((st) & 0100) == 0) #endif /* ! WIFSTOPPED */ #ifndef WCOREDUMP # define WCOREDUMP(st) (((st) & 0200) != 0) #endif /* ! WCOREDUMP */ #ifndef WTERMSIG # define WTERMSIG(st) (((st) & 0177)) #endif /* ! WTERMSIG */ #ifndef SIGFUNC_DEFINED typedef void (*sigfunc_t) __P((int)); #endif /* ! SIGFUNC_DEFINED */ #ifndef SIGFUNC_RETURN # define SIGFUNC_RETURN #endif /* ! SIGFUNC_RETURN */ #ifndef SIGFUNC_DECL # define SIGFUNC_DECL void #endif /* ! SIGFUNC_DECL */ /* size of syslog buffer */ #ifndef SYSLOG_BUFSIZE # define SYSLOG_BUFSIZE 1024 #endif /* ! SYSLOG_BUFSIZE */ /* ** Size of prescan buffer. ** Despite comments in the _sendmail_ book, this probably should ** not be changed; there are some hard-to-define dependencies. */ #define PSBUFSIZE (MAXNAME + MAXATOM) /* size of prescan buffer */ /* fork routine -- set above using #ifdef _osname_ or in Makefile */ #ifndef FORK # define FORK fork /* function to call to fork mailer */ #endif /* ! FORK */ /* random routine -- set above using #ifdef _osname_ or in Makefile */ #if HASRANDOM # define get_random() random() #else /* HASRANDOM */ # define get_random() ((long) rand()) # ifndef RANDOMSHIFT # define RANDOMSHIFT 8 # endif /* RANDOMSHIFT */ #endif /* HASRANDOM */ /* ** Default to using scanf in readcf. */ #ifndef SCANF # define SCANF 1 #endif /* ! SCANF */ #if _FFR_MILTER /* 32 bit type */ # ifndef SM_INT32 # define SM_INT32 int32_t # endif /* SM_INT32 */ #endif /* _FFR_MILTER */ /* ** SVr4 and similar systems use different routines for setjmp/longjmp ** with signal support */ #if USE_SIGLONGJMP # ifdef jmp_buf # undef jmp_buf # endif /* jmp_buf */ # define jmp_buf sigjmp_buf # ifdef setjmp # undef setjmp # endif /* setjmp */ # define setjmp(env) sigsetjmp(env, 1) # ifdef longjmp # undef longjmp # endif /* longjmp */ # define longjmp(env, val) siglongjmp(env, val) #endif /* USE_SIGLONGJMP */ #if !defined(NGROUPS_MAX) && defined(NGROUPS) # define NGROUPS_MAX NGROUPS /* POSIX naming convention */ #endif /* !defined(NGROUPS_MAX) && defined(NGROUPS) */ /* ** Some snprintf() implementations are rumored not to NUL terminate. */ #if SNPRINTF_IS_BROKEN # ifdef snprintf # undef snprintf # endif /* snprintf */ # define snprintf sm_snprintf # ifdef vsnprintf # undef vsnprintf # endif /* vsnprintf */ # define vsnprintf sm_vsnprintf #endif /* SNPRINTF_IS_BROKEN */ /* ** If we don't have a system syslog, simulate it. */ #if !LOG # define LOG_EMERG 0 /* system is unusable */ # define LOG_ALERT 1 /* action must be taken immediately */ # define LOG_CRIT 2 /* critical conditions */ # define LOG_ERR 3 /* error conditions */ # define LOG_WARNING 4 /* warning conditions */ # define LOG_NOTICE 5 /* normal but significant condition */ # define LOG_INFO 6 /* informational */ # define LOG_DEBUG 7 /* debug-level messages */ #endif /* !LOG */ #if SFIO # ifdef ERRLIST_PREDEFINED # undef ERRLIST_PREDEFINED # endif /* ERRLIST_PREDEFINED */ # if !HASSNPRINTF # define HASSNPRINTF 1 /* sfio includes snprintf() */ # endif /* !HASSNPRINTF */ #endif /* SFIO */ #ifndef SFIO_STDIO_COMPAT # define SFIO_STDIO_COMPAT 0 #endif /* ! SFIO_STDIO_COMPAT */ #endif /* CONF_H */ Index: stable/4/contrib/sendmail/src/control.c =================================================================== --- stable/4/contrib/sendmail/src/control.c (revision 71887) +++ stable/4/contrib/sendmail/src/control.c (revision 71888) @@ -1,362 +1,372 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: control.c,v 8.44.14.8 2000/09/17 17:04:26 gshapiro Exp $"; +static char id[] = "@(#)$Id: control.c,v 8.44.14.13 2000/12/28 21:25:52 gshapiro Exp $"; #endif /* ! lint */ #include int ControlSocket = -1; /* ** OPENCONTROLSOCKET -- create/open the daemon control named socket ** ** Creates and opens a named socket for external control over ** the sendmail daemon. ** ** Parameters: ** none. ** ** Returns: ** 0 if successful, -1 otherwise */ int opencontrolsocket() { #if NETUNIX int save_errno; int rval; long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN; struct sockaddr_un controladdr; if (ControlSocketName == NULL) return 0; if (strlen(ControlSocketName) >= sizeof controladdr.sun_path) { errno = ENAMETOOLONG; return -1; } rval = safefile(ControlSocketName, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL); /* if not safe, don't create */ if (rval != 0) { errno = rval; return -1; } ControlSocket = socket(AF_UNIX, SOCK_STREAM, 0); if (ControlSocket < 0) return -1; (void) unlink(ControlSocketName); memset(&controladdr, '\0', sizeof controladdr); controladdr.sun_family = AF_UNIX; (void) strlcpy(controladdr.sun_path, ControlSocketName, sizeof controladdr.sun_path); if (bind(ControlSocket, (struct sockaddr *) &controladdr, sizeof controladdr) < 0) { save_errno = errno; clrcontrol(); errno = save_errno; return -1; } - if (geteuid() == 0 && TrustedUid != 0) + if (geteuid() == 0) { - if (chown(ControlSocketName, TrustedUid, -1) < 0) + uid_t u = 0; + + if (RunAsUid != 0) + u = RunAsUid; + else if (TrustedUid != 0) + u = TrustedUid; + + if (u != 0 && + chown(ControlSocketName, u, -1) < 0) { save_errno = errno; sm_syslog(LOG_ALERT, NOQID, - "ownership change on %s failed: %s", - ControlSocketName, errstring(save_errno)); - message("050 ownership change on %s failed: %s", - ControlSocketName, errstring(save_errno)); + "ownership change on %s to uid %d failed: %s", + ControlSocketName, (int) u, + errstring(save_errno)); + message("050 ownership change on %s to uid %d failed: %s", + ControlSocketName, (int) u, + errstring(save_errno)); closecontrolsocket(TRUE); errno = save_errno; return -1; } } if (chmod(ControlSocketName, S_IRUSR|S_IWUSR) < 0) { save_errno = errno; closecontrolsocket(TRUE); errno = save_errno; return -1; } if (listen(ControlSocket, 8) < 0) { save_errno = errno; closecontrolsocket(TRUE); errno = save_errno; return -1; } #endif /* NETUNIX */ return 0; } /* ** CLOSECONTROLSOCKET -- close the daemon control named socket ** ** Close a named socket. ** ** Parameters: ** fullclose -- if set, close the socket and remove it; ** otherwise, just remove it ** ** Returns: ** none. */ void closecontrolsocket(fullclose) bool fullclose; { #if NETUNIX long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN; if (ControlSocket >= 0) { int rval; if (fullclose) { (void) close(ControlSocket); ControlSocket = -1; } - rval = safefile(ControlSocketName, RunAsUid, RunAsGid, RunAsUserName, - sff, S_IRUSR|S_IWUSR, NULL); + rval = safefile(ControlSocketName, RunAsUid, RunAsGid, + RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL); /* if not safe, don't unlink */ if (rval != 0) return; if (unlink(ControlSocketName) < 0) { sm_syslog(LOG_WARNING, NOQID, "Could not remove control socket: %s", errstring(errno)); return; } } #endif /* NETUNIX */ return; } /* ** CLRCONTROL -- reset the control connection ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** releases any resources used by the control interface. */ void clrcontrol() { #if NETUNIX if (ControlSocket >= 0) (void) close(ControlSocket); ControlSocket = -1; #endif /* NETUNIX */ } #ifndef NOT_SENDMAIL /* ** CONTROL_COMMAND -- read and process command from named socket ** ** Read and process the command from the opened socket. ** Exits when done since it is running in a forked child. ** ** Parameters: ** sock -- the opened socket from getrequests() ** e -- the current envelope ** ** Returns: ** none. */ struct cmd { char *cmd_name; /* command name */ int cmd_code; /* internal code, see below */ }; /* values for cmd_code */ # define CMDERROR 0 /* bad command */ # define CMDRESTART 1 /* restart daemon */ # define CMDSHUTDOWN 2 /* end daemon */ # define CMDHELP 3 /* help */ # define CMDSTATUS 4 /* daemon status */ static struct cmd CmdTab[] = { { "help", CMDHELP }, { "restart", CMDRESTART }, { "shutdown", CMDSHUTDOWN }, { "status", CMDSTATUS }, { NULL, CMDERROR } }; static jmp_buf CtxControlTimeout; static void controltimeout(timeout) time_t timeout; { longjmp(CtxControlTimeout, 1); } void control_command(sock, e) int sock; ENVELOPE *e; { volatile int exitstat = EX_OK; FILE *s = NULL; EVENT *ev = NULL; FILE *traffic; FILE *oldout; char *cmd; char *p; struct cmd *c; char cmdbuf[MAXLINE]; char inp[MAXLINE]; sm_setproctitle(FALSE, e, "control cmd read"); if (TimeOuts.to_control > 0) { /* handle possible input timeout */ if (setjmp(CtxControlTimeout) != 0) { if (LogLevel > 2) sm_syslog(LOG_NOTICE, e->e_id, "timeout waiting for input during control command"); exit(EX_IOERR); } ev = setevent(TimeOuts.to_control, controltimeout, TimeOuts.to_control); } s = fdopen(sock, "r+"); if (s == NULL) { int save_errno = errno; (void) close(sock); errno = save_errno; exit(EX_IOERR); } setbuf(s, NULL); if (fgets(inp, sizeof inp, s) == NULL) { (void) fclose(s); exit(EX_IOERR); } (void) fflush(s); /* clean up end of line */ fixcrlf(inp, TRUE); sm_setproctitle(FALSE, e, "control: %s", inp); /* break off command */ for (p = inp; isascii(*p) && isspace(*p); p++) continue; cmd = cmdbuf; while (*p != '\0' && !(isascii(*p) && isspace(*p)) && cmd < &cmdbuf[sizeof cmdbuf - 2]) *cmd++ = *p++; *cmd = '\0'; /* throw away leading whitespace */ while (isascii(*p) && isspace(*p)) p++; /* decode command */ for (c = CmdTab; c->cmd_name != NULL; c++) { if (strcasecmp(c->cmd_name, cmdbuf) == 0) break; } switch (c->cmd_code) { case CMDHELP: /* get help */ traffic = TrafficLogFile; TrafficLogFile = NULL; oldout = OutChannel; OutChannel = s; help("control", e); TrafficLogFile = traffic; OutChannel = oldout; break; case CMDRESTART: /* restart the daemon */ fprintf(s, "OK\r\n"); exitstat = EX_RESTART; break; case CMDSHUTDOWN: /* kill the daemon */ fprintf(s, "OK\r\n"); exitstat = EX_SHUTDOWN; break; case CMDSTATUS: /* daemon status */ proc_list_probe(); { long bsize; long free; free = freediskspace(QueueDir, &bsize); /* ** Prevent overflow and don't lose ** precision (if bsize == 512) */ free = (long)((double)free * ((double)bsize / 1024)); fprintf(s, "%d/%d/%ld/%d\r\n", CurChildren, MaxChildren, free, sm_getla(NULL)); } proc_list_display(s); break; case CMDERROR: /* unknown command */ fprintf(s, "Bad command (%s)\r\n", cmdbuf); break; } (void) fclose(s); if (ev != NULL) clrevent(ev); exit(exitstat); } #endif /* ! NOT_SENDMAIL */ Index: stable/4/contrib/sendmail/src/daemon.c =================================================================== --- stable/4/contrib/sendmail/src/daemon.c (revision 71887) +++ stable/4/contrib/sendmail/src/daemon.c (revision 71888) @@ -1,3444 +1,3620 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #ifndef lint # ifdef DAEMON -static char id[] = "@(#)$Id: daemon.c,v 8.401.4.18 2000/09/21 21:52:16 ca Exp $ (with daemon mode)"; +static char id[] = "@(#)$Id: daemon.c,v 8.401.4.41 2000/12/28 23:46:43 gshapiro Exp $ (with daemon mode)"; # else /* DAEMON */ -static char id[] = "@(#)$Id: daemon.c,v 8.401.4.18 2000/09/21 21:52:16 ca Exp $ (without daemon mode)"; +static char id[] = "@(#)$Id: daemon.c,v 8.401.4.41 2000/12/28 23:46:43 gshapiro Exp $ (without daemon mode)"; # endif /* DAEMON */ #endif /* ! lint */ #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) # define USE_SOCK_STREAM 1 #endif /* defined(SOCK_STREAM) || defined(__GNU_LIBRARY__) */ #if DAEMON || defined(USE_SOCK_STREAM) # if NETINET || NETINET6 # include # endif /* NETINET || NETINET6 */ # if NAMED_BIND # ifndef NO_DATA # define NO_DATA NO_ADDRESS # endif /* ! NO_DATA */ # endif /* NAMED_BIND */ #endif /* DAEMON || defined(USE_SOCK_STREAM) */ #if DAEMON # if STARTTLS # include # endif /* STARTTLS */ # include # if IP_SRCROUTE && NETINET # include # include # if HAS_IN_H # include # ifndef IPOPTION # define IPOPTION ip_opts # define IP_LIST ip_opts # define IP_DST ip_dst # endif /* ! IPOPTION */ # else /* HAS_IN_H */ # include # ifndef IPOPTION # define IPOPTION ipoption # define IP_LIST ipopt_list # define IP_DST ipopt_dst # endif /* ! IPOPTION */ # endif /* HAS_IN_H */ # endif /* IP_SRCROUTE && NETINET */ /* structure to describe a daemon */ struct daemon { int d_socket; /* fd for socket */ SOCKADDR d_addr; /* socket for incoming */ u_short d_port; /* port number */ int d_listenqueue; /* size of listen queue */ int d_tcprcvbufsize; /* size of TCP receive buffer */ int d_tcpsndbufsize; /* size of TCP send buffer */ time_t d_refuse_connections_until; bool d_firsttime; int d_socksize; BITMAP256 d_flags; /* flags; see sendmail.h */ char *d_mflags; /* flags for use in macro */ char *d_name; /* user-supplied name */ }; typedef struct daemon DAEMON_T; static void connecttimeout __P((void)); static int opendaemonsocket __P((struct daemon *, bool)); static u_short setupdaemon __P((SOCKADDR *)); /* ** DAEMON.C -- routines to use when running as a daemon. ** ** This entire file is highly dependent on the 4.2 BSD ** interprocess communication primitives. No attempt has ** been made to make this file portable to Version 7, ** Version 6, MPX files, etc. If you should try such a ** thing yourself, I recommend chucking the entire file ** and starting from scratch. Basic semantics are: ** ** getrequests(e) ** Opens a port and initiates a connection. ** Returns in a child. Must set InChannel and ** OutChannel appropriately. ** clrdaemon() ** Close any open files associated with getting ** the connection; this is used when running the queue, ** etc., to avoid having extra file descriptors during ** the queue run and to avoid confusing the network ** code (if it cares). ** makeconnection(host, port, outfile, infile, e) ** Make a connection to the named host on the given ** port. Set *outfile and *infile to the files ** appropriate for communication. Returns zero on ** success, else an exit status describing the ** error. ** host_map_lookup(map, hbuf, avp, pstat) ** Convert the entry in hbuf into a canonical form. */ static DAEMON_T Daemons[MAXDAEMONS]; static int ndaemons = 0; /* actual number of daemons */ /* options for client */ static int TcpRcvBufferSize = 0; /* size of TCP receive buffer */ static int TcpSndBufferSize = 0; /* size of TCP send buffer */ /* ** GETREQUESTS -- open mail IPC port and get requests. ** ** Parameters: ** e -- the current envelope. ** ** Returns: ** pointer to flags. ** ** Side Effects: ** Waits until some interesting activity occurs. When ** it does, a child is created to process it, and the ** parent waits for completion. Return from this ** routine is always in the child. The file pointers ** "InChannel" and "OutChannel" should be set to point ** to the communication channel. */ BITMAP256 * getrequests(e) ENVELOPE *e; { int t; time_t last_disk_space_check = 0; int idx, curdaemon = -1; int i, olddaemon = 0; # if XDEBUG bool j_has_dot; # endif /* XDEBUG */ char status[MAXLINE]; SOCKADDR sa; SOCKADDR_LEN_T len = sizeof sa; # if NETUNIX extern int ControlSocket; # endif /* NETUNIX */ extern ENVELOPE BlankEnvelope; -#define D(x,idx) x[idx] - for (idx = 0; idx < ndaemons; idx++) { Daemons[idx].d_port = setupdaemon(&(Daemons[idx].d_addr)); Daemons[idx].d_firsttime = TRUE; Daemons[idx].d_refuse_connections_until = (time_t) 0; } + /* ** Try to actually open the connection. */ if (tTd(15, 1)) { for (idx = 0; idx < ndaemons; idx++) + { dprintf("getrequests: daemon %s: port %d\n", Daemons[idx].d_name, ntohs(Daemons[idx].d_port)); + } } /* get a socket for the SMTP connection */ for (idx = 0; idx < ndaemons; idx++) Daemons[idx].d_socksize = opendaemonsocket(&Daemons[idx], TRUE); if (opencontrolsocket() < 0) sm_syslog(LOG_WARNING, NOQID, "daemon could not open control socket %s: %s", ControlSocketName, errstring(errno)); (void) setsignal(SIGCHLD, reapchild); /* write the pid to file */ log_sendmail_pid(e); # if XDEBUG { char jbuf[MAXHOSTNAMELEN]; expand("\201j", jbuf, sizeof jbuf, e); j_has_dot = strchr(jbuf, '.') != NULL; } # endif /* XDEBUG */ /* Add parent process as first item */ proc_list_add(getpid(), "Sendmail daemon", PROC_DAEMON); if (tTd(15, 1)) { for (idx = 0; idx < ndaemons; idx++) dprintf("getrequests: daemon %s: %d\n", Daemons[idx].d_name, Daemons[idx].d_socket); } for (;;) { register pid_t pid; auto SOCKADDR_LEN_T lotherend; bool timedout = FALSE; bool control = FALSE; int save_errno; int pipefd[2]; + time_t timenow; # if STARTTLS long seed; - time_t timenow; # endif /* STARTTLS */ + extern bool refuseconnections __P((char *, ENVELOPE *, int)); /* see if we are rejecting connections */ (void) blocksignal(SIGALRM); + timenow = curtime(); + + /* + ** Use ConnRateThrottle only if the + ** last pass was for a connection + */ + + if (ConnRateThrottle > 0 && curdaemon >= 0) + { + static int conncnt = 0; + static time_t lastconn = 0; + + if (timenow != lastconn) + { + lastconn = timenow; + conncnt = 1; + } + else if (++conncnt > ConnRateThrottle) + { + /* sleep to flatten out connection load */ + sm_setproctitle(TRUE, e, + "deferring connections: %d per second", + ConnRateThrottle); + if (LogLevel >= 9) + sm_syslog(LOG_INFO, NOQID, + "deferring connections: %d per second", + ConnRateThrottle); + (void) sleep(1); + } + } + for (idx = 0; idx < ndaemons; idx++) { - if (curtime() < Daemons[idx].d_refuse_connections_until) + if (timenow < Daemons[idx].d_refuse_connections_until) continue; if (refuseconnections(Daemons[idx].d_name, e, idx)) { if (Daemons[idx].d_socket >= 0) { - /* close socket so peer fails quickly */ - (void) close(Daemons[idx].d_socket); - Daemons[idx].d_socket = -1; + /* close socket so peer fails quickly */ + (void) close(Daemons[idx].d_socket); + Daemons[idx].d_socket = -1; } /* refuse connections for next 15 seconds */ - Daemons[idx].d_refuse_connections_until = curtime() + 15; + Daemons[idx].d_refuse_connections_until = timenow + 15; } else if (Daemons[idx].d_socket < 0 || Daemons[idx].d_firsttime) { - if (!Daemons[idx].d_firsttime && LogLevel >= 9) - sm_syslog(LOG_INFO, NOQID, - "accepting connections again for daemon %s", - Daemons[idx].d_name); + if (!Daemons[idx].d_firsttime && LogLevel >= 9) + sm_syslog(LOG_INFO, NOQID, + "accepting connections again for daemon %s", + Daemons[idx].d_name); - /* arrange to (re)open the socket if needed */ - (void) opendaemonsocket(&Daemons[idx], FALSE); - Daemons[idx].d_firsttime = FALSE; + /* arrange to (re)open the socket if needed */ + (void) opendaemonsocket(&Daemons[idx], FALSE); + Daemons[idx].d_firsttime = FALSE; } } - if (curtime() >= last_disk_space_check) + if (timenow >= last_disk_space_check) { + bool logged = FALSE; + if (!enoughdiskspace(MinBlocksFree + 1, FALSE)) { - if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags)) + for (idx = 0; idx < ndaemons; idx++) { - /* log only if not logged before */ - if (LogLevel >= 9) - sm_syslog(LOG_INFO, NOQID, - "rejecting new messages: min free: %ld", - MinBlocksFree); - sm_setproctitle(TRUE, e, - "rejecting new messages: min free: %ld", - MinBlocksFree); - setbitn(D_ETRNONLY, Daemons[idx].d_flags); + if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags)) + { + /* log only if not logged before */ + if (!logged) + { + if (LogLevel >= 9) + sm_syslog(LOG_INFO, NOQID, + "rejecting new messages: min free: %ld", + MinBlocksFree); + logged = TRUE; + sm_setproctitle(TRUE, e, + "rejecting new messages: min free: %ld", + MinBlocksFree); + } + setbitn(D_ETRNONLY, Daemons[idx].d_flags); + } } } - else if (bitnset(D_ETRNONLY, Daemons[idx].d_flags)) + else { - /* log only if not logged before */ - if (LogLevel >= 9) - sm_syslog(LOG_INFO, NOQID, - "accepting new messages (again)"); - /* title will be set below */ - clrbitn(D_ETRNONLY, Daemons[idx].d_flags); + for (idx = 0; idx < ndaemons; idx++) + { + if (bitnset(D_ETRNONLY, Daemons[idx].d_flags)) + { + /* log only if not logged before */ + if (!logged) + { + if (LogLevel >= 9) + sm_syslog(LOG_INFO, NOQID, + "accepting new messages (again)"); + logged = TRUE; + } + + /* title will be set below */ + clrbitn(D_ETRNONLY, Daemons[idx].d_flags); + } + } } /* only check disk space once a minute */ - last_disk_space_check = curtime() + 60; + last_disk_space_check = timenow + 60; } # if XDEBUG /* check for disaster */ { char jbuf[MAXHOSTNAMELEN]; expand("\201j", jbuf, sizeof jbuf, e); if (!wordinclass(jbuf, 'w')) { dumpstate("daemon lost $j"); sm_syslog(LOG_ALERT, NOQID, "daemon process doesn't have $j in $=w; see syslog"); abort(); } else if (j_has_dot && strchr(jbuf, '.') == NULL) { dumpstate("daemon $j lost dot"); sm_syslog(LOG_ALERT, NOQID, "daemon process $j lost dot; see syslog"); abort(); } } # endif /* XDEBUG */ # if 0 /* ** Andrew Sun claims that this will ** fix the SVr4 problem. But it seems to have gone away, ** so is it worth doing this? */ if (DaemonSocket >= 0 && SetNonBlocking(DaemonSocket, FALSE) < 0) log an error here; # endif /* 0 */ (void) releasesignal(SIGALRM); for (;;) { + bool setproc = FALSE; int highest = -1; fd_set readfds; struct timeval timeout; FD_ZERO(&readfds); for (idx = 0; idx < ndaemons; idx++) { /* wait for a connection */ if (Daemons[idx].d_socket >= 0) { - if (!bitnset(D_ETRNONLY, Daemons[idx].d_flags)) + if (!setproc && + !bitnset(D_ETRNONLY, + Daemons[idx].d_flags)) { sm_setproctitle(TRUE, e, "accepting connections"); + setproc = TRUE; } if (Daemons[idx].d_socket > highest) highest = Daemons[idx].d_socket; FD_SET((u_int)Daemons[idx].d_socket, &readfds); } } # if NETUNIX if (ControlSocket >= 0) { if (ControlSocket > highest) highest = ControlSocket; FD_SET(ControlSocket, &readfds); } # endif /* NETUNIX */ /* ** if one socket is closed, set the timeout ** to 5 seconds (so it might get reopened soon), ** otherwise (all sockets open) 60. */ + idx = 0; while (idx < ndaemons && Daemons[idx].d_socket >= 0) idx++; if (idx < ndaemons) timeout.tv_sec = 5; else timeout.tv_sec = 60; timeout.tv_usec = 0; t = select(highest + 1, FDSET_CAST &readfds, NULL, NULL, &timeout); + + if (DoQueueRun) (void) runqueue(TRUE, FALSE); + + curdaemon = -1; if (t <= 0) { timedout = TRUE; break; } control = FALSE; errno = 0; - curdaemon = -1; /* look "round-robin" for an active socket */ if ((idx = olddaemon + 1) >= ndaemons) idx = 0; for (i = 0; i < ndaemons; i++) { if (Daemons[idx].d_socket >= 0 && FD_ISSET(Daemons[idx].d_socket, &readfds)) { lotherend = Daemons[idx].d_socksize; t = accept(Daemons[idx].d_socket, (struct sockaddr *)&RealHostAddr, &lotherend); olddaemon = curdaemon = idx; break; } if (++idx >= ndaemons) idx = 0; } # if NETUNIX if (curdaemon == -1 && ControlSocket >= 0 && - FD_ISSET(ControlSocket, &readfds)) + FD_ISSET(ControlSocket, &readfds)) { struct sockaddr_un sa_un; lotherend = sizeof sa_un; t = accept(ControlSocket, (struct sockaddr *)&sa_un, &lotherend); control = TRUE; } +# else /* NETUNIX */ + if (curdaemon == -1) + { + /* No daemon to service */ + continue; + } # endif /* NETUNIX */ if (t >= 0 || errno != EINTR) break; } if (timedout) { timedout = FALSE; continue; } save_errno = errno; + timenow = curtime(); (void) blocksignal(SIGALRM); if (t < 0) { errno = save_errno; syserr("getrequests: accept"); /* arrange to re-open the socket next time around */ (void) close(Daemons[curdaemon].d_socket); Daemons[curdaemon].d_socket = -1; # if SO_REUSEADDR_IS_BROKEN /* ** Give time for bound socket to be released. ** This creates a denial-of-service if you can ** force accept() to fail on affected systems. */ - Daemons[curdaemon].d_refuse_connections_until = curtime() + 15; + Daemons[curdaemon].d_refuse_connections_until = timenow + 15; # endif /* SO_REUSEADDR_IS_BROKEN */ continue; } if (!control) { /* set some daemon related macros */ switch (Daemons[curdaemon].d_addr.sa.sa_family) { case AF_UNSPEC: define(macid("{daemon_family}", NULL), "unspec", &BlankEnvelope); break; # if NETINET case AF_INET: define(macid("{daemon_family}", NULL), "inet", &BlankEnvelope); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: define(macid("{daemon_family}", NULL), "inet6", &BlankEnvelope); break; # endif /* NETINET6 */ # if NETISO case AF_ISO: define(macid("{daemon_family}", NULL), "iso", &BlankEnvelope); break; # endif /* NETISO */ # if NETNS case AF_NS: define(macid("{daemon_family}", NULL), "ns", &BlankEnvelope); break; # endif /* NETNS */ # if NETX25 case AF_CCITT: define(macid("{daemon_family}", NULL), "x.25", &BlankEnvelope); break; # endif /* NETX25 */ } define(macid("{daemon_name}", NULL), Daemons[curdaemon].d_name, &BlankEnvelope); if (Daemons[curdaemon].d_mflags != NULL) define(macid("{daemon_flags}", NULL), Daemons[curdaemon].d_mflags, &BlankEnvelope); else define(macid("{daemon_flags}", NULL), "", &BlankEnvelope); } /* ** Create a subprocess to process the mail. */ if (tTd(15, 2)) dprintf("getrequests: forking (fd = %d)\n", t); /* ** advance state of PRNG ** this is necessary because otherwise all child processes ** will produce the same PRN sequence and hence the selection ** of a queue directory (and other things, e.g., MX selection) ** are not "really" random. */ # if STARTTLS seed = get_random(); RAND_seed((void *) &last_disk_space_check, sizeof last_disk_space_check); - timenow = curtime(); RAND_seed((void *) &timenow, sizeof timenow); RAND_seed((void *) &seed, sizeof seed); # else /* STARTTLS */ (void) get_random(); # endif /* STARTTLS */ +#ifndef DEBUG_NO_FORK /* ** Create a pipe to keep the child from writing to the ** socket until after the parent has closed it. Otherwise ** the parent may hang if the child has closed it first. */ if (pipe(pipefd) < 0) pipefd[0] = pipefd[1] = -1; (void) blocksignal(SIGCHLD); pid = fork(); if (pid < 0) { syserr("daemon: cannot fork"); if (pipefd[0] != -1) { (void) close(pipefd[0]); (void) close(pipefd[1]); } (void) releasesignal(SIGCHLD); (void) sleep(10); (void) close(t); continue; } +#else /* ! DEBUG_NO_FORK */ + pid = 0; +#endif /* ! DEBUG_NO_FORK */ if (pid == 0) { char *p; FILE *inchannel, *outchannel = NULL; /* ** CHILD -- return to caller. ** Collect verified idea of sending host. ** Verify calling user id if possible here. */ if (!control) { define(macid("{daemon_addr}", NULL), newstr(anynet_ntoa(&Daemons[curdaemon].d_addr)), &BlankEnvelope); (void) snprintf(status, sizeof status, "%d", ntohs(Daemons[curdaemon].d_port)); define(macid("{daemon_port}", NULL), newstr(status), &BlankEnvelope); } (void) releasesignal(SIGALRM); (void) releasesignal(SIGCHLD); (void) setsignal(SIGCHLD, SIG_DFL); (void) setsignal(SIGHUP, intsig); for (idx = 0; idx < ndaemons; idx++) { if (Daemons[idx].d_socket >= 0) (void) close(Daemons[idx].d_socket); } clrcontrol(); /* Avoid SMTP daemon actions if control command */ if (control) { /* Add control socket process */ proc_list_add(getpid(), "console socket child", PROC_CONTROL_CHILD); } else { proc_list_clear(); /* Add parent process as first child item */ proc_list_add(getpid(), "daemon child", PROC_DAEMON_CHILD); /* don't schedule queue runs if ETRN */ QueueIntvl = 0; sm_setproctitle(TRUE, e, "startup with %s", anynet_ntoa(&RealHostAddr)); } +#ifndef DEBUG_NO_FORK if (pipefd[0] != -1) { auto char c; /* ** Wait for the parent to close the write end ** of the pipe, which we will see as an EOF. ** This guarantees that we won't write to the ** socket until after the parent has closed ** the pipe. */ /* close the write end of the pipe */ (void) close(pipefd[1]); /* we shouldn't be interrupted, but ... */ while (read(pipefd[0], &c, 1) < 0 && errno == EINTR) continue; (void) close(pipefd[0]); } +#endif /* ! DEBUG_NO_FORK */ /* control socket processing */ if (control) { control_command(t, e); /* NOTREACHED */ exit(EX_SOFTWARE); } /* determine host name */ p = hostnamebyanyaddr(&RealHostAddr); if (strlen(p) > (SIZE_T) MAXNAME) p[MAXNAME] = '\0'; RealHostName = newstr(p); if (RealHostName[0] == '[') { /* TEMP, FAIL: which one? */ define(macid("{client_resolve}", NULL), (h_errno == TRY_AGAIN) ? "TEMP" : "FAIL", &BlankEnvelope); } else define(macid("{client_resolve}", NULL), "OK", &BlankEnvelope); sm_setproctitle(TRUE, e, "startup with %s", p); if ((inchannel = fdopen(t, "r")) == NULL || (t = dup(t)) < 0 || (outchannel = fdopen(t, "w")) == NULL) { syserr("cannot open SMTP server channel, fd=%d", t); finis(FALSE, EX_OK); } InChannel = inchannel; OutChannel = outchannel; DisConnected = FALSE; # ifdef XLA if (!xla_host_ok(RealHostName)) { message("421 4.4.5 Too many SMTP sessions for this host"); finis(FALSE, EX_OK); } # endif /* XLA */ /* find out name for interface of connection */ if (getsockname(fileno(InChannel), &sa.sa, &len) == 0) { p = hostnamebyanyaddr(&sa); if (tTd(15, 9)) dprintf("getreq: got name %s\n", p); define(macid("{if_name}", NULL), newstr(p), &BlankEnvelope); /* do this only if it is not the loopback */ /* interface: how to figure out? XXX */ if (!isloopback(sa)) { define(macid("{if_addr}", NULL), newstr(anynet_ntoa(&sa)), &BlankEnvelope); p = xalloc(5); snprintf(p, 4, "%d", sa.sa.sa_family); define(macid("{if_family}", NULL), p, &BlankEnvelope); if (tTd(15, 7)) dprintf("getreq: got addr %s and family %s\n", macvalue(macid("{if_addr}", NULL), &BlankEnvelope), macvalue(macid("{if_addr}", NULL), &BlankEnvelope)); } else { define(macid("{if_addr}", NULL), NULL, &BlankEnvelope); define(macid("{if_family}", NULL), NULL, &BlankEnvelope); } } else { if (tTd(15, 7)) dprintf("getreq: getsockname failed\n"); define(macid("{if_name}", NULL), NULL, &BlankEnvelope); define(macid("{if_addr}", NULL), NULL, &BlankEnvelope); define(macid("{if_family}", NULL), NULL, &BlankEnvelope); } break; } /* parent -- keep track of children */ if (control) { snprintf(status, sizeof status, "control socket server child"); proc_list_add(pid, status, PROC_CONTROL); } else { snprintf(status, sizeof status, "SMTP server child for %s", anynet_ntoa(&RealHostAddr)); proc_list_add(pid, status, PROC_DAEMON); } (void) releasesignal(SIGCHLD); /* close the read end of the synchronization pipe */ if (pipefd[0] != -1) { (void) close(pipefd[0]); pipefd[0] = -1; } /* close the port so that others will hang (for a while) */ (void) close(t); /* release the child by closing the read end of the sync pipe */ if (pipefd[1] != -1) { (void) close(pipefd[1]); pipefd[1] = -1; } } if (tTd(15, 2)) dprintf("getreq: returning\n"); return &Daemons[curdaemon].d_flags; } /* ** OPENDAEMONSOCKET -- open SMTP socket ** ** Deals with setting all appropriate options. ** ** Parameters: ** d -- the structure for the daemon to open. ** firsttime -- set if this is the initial open. ** ** Returns: ** Size in bytes of the daemon socket addr. ** ** Side Effects: ** Leaves DaemonSocket set to the open socket. ** Exits if the socket cannot be created. */ # define MAXOPENTRIES 10 /* maximum number of tries to open connection */ static int opendaemonsocket(d, firsttime) struct daemon *d; bool firsttime; { int on = 1; int fdflags; SOCKADDR_LEN_T socksize = 0; int ntries = 0; int save_errno; if (tTd(15, 2)) dprintf("opendaemonsocket(%s)\n", d->d_name); do { if (ntries > 0) (void) sleep(5); if (firsttime || d->d_socket < 0) { d->d_socket = socket(d->d_addr.sa.sa_family, SOCK_STREAM, 0); if (d->d_socket < 0) { save_errno = errno; syserr("opendaemonsocket: daemon %s: can't create server SMTP socket", d->d_name); severe: if (LogLevel > 0) sm_syslog(LOG_ALERT, NOQID, "daemon %s: problem creating SMTP socket", d->d_name); d->d_socket = -1; continue; } /* turn on network debugging? */ if (tTd(15, 101)) (void) setsockopt(d->d_socket, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof on); (void) setsockopt(d->d_socket, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof on); (void) setsockopt(d->d_socket, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, sizeof on); # ifdef SO_RCVBUF if (d->d_tcprcvbufsize > 0) { if (setsockopt(d->d_socket, SOL_SOCKET, SO_RCVBUF, (char *) &d->d_tcprcvbufsize, sizeof(d->d_tcprcvbufsize)) < 0) syserr("opendaemonsocket: daemon %s: setsockopt(SO_RCVBUF)", d->d_name); } # endif /* SO_RCVBUF */ # ifdef SO_SNDBUF if (d->d_tcpsndbufsize > 0) { if (setsockopt(d->d_socket, SOL_SOCKET, SO_SNDBUF, (char *) &d->d_tcpsndbufsize, sizeof(d->d_tcpsndbufsize)) < 0) syserr("opendaemonsocket: daemon %s: setsockopt(SO_SNDBUF)", d->d_name); } # endif /* SO_SNDBUF */ if ((fdflags = fcntl(d->d_socket, F_GETFD, 0)) == -1 || fcntl(d->d_socket, F_SETFD, fdflags | FD_CLOEXEC) == -1) { save_errno = errno; syserr("opendaemonsocket: daemon %s: failed to %s close-on-exec flag: %s", d->d_name, fdflags == -1 ? "get" : "set", errstring(save_errno)); (void) close(d->d_socket); goto severe; } switch (d->d_addr.sa.sa_family) { # if NETINET case AF_INET: socksize = sizeof d->d_addr.sin; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: socksize = sizeof d->d_addr.sin6; break; # endif /* NETINET6 */ # if NETISO case AF_ISO: socksize = sizeof d->d_addr.siso; break; # endif /* NETISO */ default: socksize = sizeof d->d_addr; break; } if (bind(d->d_socket, &d->d_addr.sa, socksize) < 0) { /* probably another daemon already */ save_errno = errno; syserr("opendaemonsocket: daemon %s: cannot bind", d->d_name); (void) close(d->d_socket); goto severe; } } if (!firsttime && listen(d->d_socket, d->d_listenqueue) < 0) { save_errno = errno; syserr("opendaemonsocket: daemon %s: cannot listen", d->d_name); (void) close(d->d_socket); goto severe; } return socksize; } while (ntries++ < MAXOPENTRIES && transienterror(save_errno)); syserr("!opendaemonsocket: daemon %s: server SMTP socket wedged: exiting", d->d_name); /* NOTREACHED */ return -1; /* avoid compiler warning on IRIX */ } /* ** SETUPDAEMON -- setup socket for daemon ** ** Parameters: ** daemonaddr -- socket for daemon ** daemon -- number of daemon ** ** Returns: ** port number on which daemon should run ** */ static u_short setupdaemon(daemonaddr) SOCKADDR *daemonaddr; { u_short port; /* ** Set up the address for the mailer. */ if (daemonaddr->sa.sa_family == AF_UNSPEC) { memset(daemonaddr, '\0', sizeof *daemonaddr); # if NETINET daemonaddr->sa.sa_family = AF_INET; # endif /* NETINET */ } switch (daemonaddr->sa.sa_family) { # if NETINET case AF_INET: if (daemonaddr->sin.sin_addr.s_addr == 0) daemonaddr->sin.sin_addr.s_addr = INADDR_ANY; port = daemonaddr->sin.sin_port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (IN6_IS_ADDR_UNSPECIFIED(&daemonaddr->sin6.sin6_addr)) daemonaddr->sin6.sin6_addr = in6addr_any; port = daemonaddr->sin6.sin6_port; break; # endif /* NETINET6 */ default: /* unknown protocol */ port = 0; break; } if (port == 0) { # ifdef NO_GETSERVBYNAME port = htons(25); # else /* NO_GETSERVBYNAME */ { register struct servent *sp; sp = getservbyname("smtp", "tcp"); if (sp == NULL) { syserr("554 5.3.5 service \"smtp\" unknown"); port = htons(25); } else port = sp->s_port; } # endif /* NO_GETSERVBYNAME */ } switch (daemonaddr->sa.sa_family) { # if NETINET case AF_INET: daemonaddr->sin.sin_port = port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: daemonaddr->sin6.sin6_port = port; break; # endif /* NETINET6 */ default: /* unknown protocol */ break; } return(port); } /* ** CLRDAEMON -- reset the daemon connection ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** releases any resources used by the passive daemon. */ void clrdaemon() { int i; for (i = 0; i < ndaemons; i++) { if (Daemons[i].d_socket >= 0) (void) close(Daemons[i].d_socket); Daemons[i].d_socket = -1; } } /* ** SETSOCKADDROPTIONS -- set options for SOCKADDR (daemon or client) ** ** Parameters: ** p -- the options line. ** d -- the daemon structure to fill in. ** ** Returns: ** none. */ static void setsockaddroptions(p, d) register char *p; struct daemon *d; { # if NETISO - short port; + short portno; # endif /* NETISO */ int l; char *h, *flags; + char *port = NULL; + char *addr = NULL; # if NETINET if (d->d_addr.sa.sa_family == AF_UNSPEC) d->d_addr.sa.sa_family = AF_INET; # endif /* NETINET */ while (p != NULL) { register char *f; register char *v; while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; f = p; p = strchr(p, ','); if (p != NULL) *p++ = '\0'; v = strchr(f, '='); if (v == NULL) continue; while (isascii(*++v) && isspace(*v)) continue; if (isascii(*f) && islower(*f)) *f = toupper(*f); switch (*f) { case 'F': /* address family */ if (isascii(*v) && isdigit(*v)) d->d_addr.sa.sa_family = atoi(v); # if NETINET else if (strcasecmp(v, "inet") == 0) d->d_addr.sa.sa_family = AF_INET; # endif /* NETINET */ # if NETINET6 else if (strcasecmp(v, "inet6") == 0) d->d_addr.sa.sa_family = AF_INET6; # endif /* NETINET6 */ # if NETISO else if (strcasecmp(v, "iso") == 0) d->d_addr.sa.sa_family = AF_ISO; # endif /* NETISO */ # if NETNS else if (strcasecmp(v, "ns") == 0) d->d_addr.sa.sa_family = AF_NS; # endif /* NETNS */ # if NETX25 else if (strcasecmp(v, "x.25") == 0) d->d_addr.sa.sa_family = AF_CCITT; # endif /* NETX25 */ else syserr("554 5.3.5 Unknown address family %s in Family=option", v); break; case 'A': /* address */ - switch (d->d_addr.sa.sa_family) - { -# if NETINET - case AF_INET: - if (!isascii(*v) || !isdigit(*v) || - ((d->d_addr.sin.sin_addr.s_addr = inet_addr(v)) == INADDR_NONE)) - { - register struct hostent *hp; - - hp = sm_gethostbyname(v, AF_INET); - if (hp == NULL) - syserr("554 5.3.0 host \"%s\" unknown", - v); - else - { - while (*(hp->h_addr_list) && - hp->h_addrtype != AF_INET) - hp->h_addr_list++; - if (*(hp->h_addr_list) == NULL) - syserr("554 5.3.0 host \"%s\" unknown", - v); - else - memmove(&d->d_addr.sin.sin_addr, - *(hp->h_addr_list), - INADDRSZ); - } - } - break; -# endif /* NETINET */ - -# if NETINET6 - case AF_INET6: - if (!isascii(*v) || !isxdigit(*v) || - inet_pton(AF_INET6, v, - &d->d_addr.sin6.sin6_addr) != 1) - { - register struct hostent *hp; - - hp = sm_gethostbyname(v, AF_INET6); - if (hp == NULL) - syserr("554 5.3.0 host \"%s\" unknown", - v); - else - { - while (*(hp->h_addr_list) && - hp->h_addrtype != AF_INET6) - hp->h_addr_list++; - if (*(hp->h_addr_list) == NULL) - syserr("554 5.3.0 host \"%s\" unknown", - v); - else - memmove(&d->d_addr.sin6.sin6_addr, - *(hp->h_addr_list), - IN6ADDRSZ); - } - } - break; -# endif /* NETINET6 */ - - default: - syserr("554 5.3.5 address= option unsupported for family %d", - d->d_addr.sa.sa_family); - break; - } + addr = v; break; case 'P': /* port */ - switch (d->d_addr.sa.sa_family) - { -# if NETINET - case AF_INET: - if (isascii(*v) && isdigit(*v)) - d->d_addr.sin.sin_port = htons((u_short)atoi((const char *)v)); - else - { -# ifdef NO_GETSERVBYNAME - syserr("554 5.3.5 invalid port number: %s", - v); -# else /* NO_GETSERVBYNAME */ - register struct servent *sp; - - sp = getservbyname(v, "tcp"); - if (sp == NULL) - syserr("554 5.3.5 service \"%s\" unknown", - v); - else - d->d_addr.sin.sin_port = sp->s_port; -# endif /* NO_GETSERVBYNAME */ - } - break; -# endif /* NETINET */ - -# if NETINET6 - case AF_INET6: - if (isascii(*v) && isdigit(*v)) - d->d_addr.sin6.sin6_port = htons((u_short)atoi(v)); - else - { -# ifdef NO_GETSERVBYNAME - syserr("554 5.3.5 invalid port number: %s", - v); -# else /* NO_GETSERVBYNAME */ - register struct servent *sp; - - sp = getservbyname(v, "tcp"); - if (sp == NULL) - syserr("554 5.3.5 service \"%s\" unknown", - v); - else - d->d_addr.sin6.sin6_port = sp->s_port; -# endif /* NO_GETSERVBYNAME */ - } - break; -# endif /* NETINET6 */ - -# if NETISO - case AF_ISO: - /* assume two byte transport selector */ - if (isascii(*v) && isdigit(*v)) - port = htons((u_short)atoi(v)); - else - { -# ifdef NO_GETSERVBYNAME - syserr("554 5.3.5 invalid port number: %s", - v); -# else /* NO_GETSERVBYNAME */ - register struct servent *sp; - - sp = getservbyname(v, "tcp"); - if (sp == NULL) - syserr("554 5.3.5 service \"%s\" unknown", - v); - else - port = sp->s_port; -# endif /* NO_GETSERVBYNAME */ - } - memmove(TSEL(&d->d_addr.siso), - (char *) &port, 2); - break; -# endif /* NETISO */ - - default: - syserr("554 5.3.5 Port= option unsupported for family %d", - d->d_addr.sa.sa_family); - break; - } + port = v; break; case 'L': /* listen queue size */ d->d_listenqueue = atoi(v); break; case 'M': /* modifiers (flags) */ l = 3 * strlen(v) + 3; h = v; flags = xalloc(l); d->d_mflags = flags; for (; *h != '\0'; h++) { if (!(isascii(*h) && isspace(*h))) { if (flags != d->d_mflags) *flags++ = ' '; *flags++ = *h; if (isupper(*h)) *flags++ = *h; } } *flags++ = '\0'; for (; *v != '\0'; v++) if (!(isascii(*v) && isspace(*v))) - setbitn(*v, d->d_flags); + setbitn(bitidx(*v), d->d_flags); break; case 'S': /* send buffer size */ d->d_tcpsndbufsize = atoi(v); break; case 'R': /* receive buffer size */ d->d_tcprcvbufsize = atoi(v); break; case 'N': /* name */ d->d_name = v; break; default: syserr("554 5.3.5 PortOptions parameter \"%s\" unknown", f); } } + + /* Check addr and port after finding family */ + if (addr != NULL) + { + switch (d->d_addr.sa.sa_family) + { +# if NETINET + case AF_INET: + if (!isascii(*addr) || !isdigit(*addr) || + ((d->d_addr.sin.sin_addr.s_addr = inet_addr(addr)) == INADDR_NONE)) + { + register struct hostent *hp; + + hp = sm_gethostbyname(addr, AF_INET); + if (hp == NULL) + syserr("554 5.3.0 host \"%s\" unknown", + addr); + else + { + while (*(hp->h_addr_list) != NULL && + hp->h_addrtype != AF_INET) + hp->h_addr_list++; + if (*(hp->h_addr_list) == NULL) + syserr("554 5.3.0 host \"%s\" unknown", + addr); + else + memmove(&d->d_addr.sin.sin_addr, + *(hp->h_addr_list), + INADDRSZ); +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); + hp = NULL; +# endif /* _FFR_FREEHOSTENT && NETINET6 */ + } + } + break; +# endif /* NETINET */ + +# if NETINET6 + case AF_INET6: + if (!isascii(*addr) || + (!isxdigit(*addr) && *addr != ':') || + inet_pton(AF_INET6, addr, + &d->d_addr.sin6.sin6_addr) != 1) + { + register struct hostent *hp; + + hp = sm_gethostbyname(addr, AF_INET6); + if (hp == NULL) + syserr("554 5.3.0 host \"%s\" unknown", + addr); + else + { + while (*(hp->h_addr_list) != NULL && + hp->h_addrtype != AF_INET6) + hp->h_addr_list++; + if (*(hp->h_addr_list) == NULL) + syserr("554 5.3.0 host \"%s\" unknown", + addr); + else + memmove(&d->d_addr.sin6.sin6_addr, + *(hp->h_addr_list), + IN6ADDRSZ); +# if _FFR_FREEHOSTENT + freehostent(hp); + hp = NULL; +# endif /* _FFR_FREEHOSTENT */ + } + } + break; +# endif /* NETINET6 */ + + default: + syserr("554 5.3.5 address= option unsupported for family %d", + d->d_addr.sa.sa_family); + break; + } + } + + if (port != NULL) + { + switch (d->d_addr.sa.sa_family) + { +# if NETINET + case AF_INET: + if (isascii(*port) && isdigit(*port)) + d->d_addr.sin.sin_port = htons((u_short)atoi((const char *)port)); + else + { +# ifdef NO_GETSERVBYNAME + syserr("554 5.3.5 invalid port number: %s", + port); +# else /* NO_GETSERVBYNAME */ + register struct servent *sp; + + sp = getservbyname(port, "tcp"); + if (sp == NULL) + syserr("554 5.3.5 service \"%s\" unknown", + port); + else + d->d_addr.sin.sin_port = sp->s_port; +# endif /* NO_GETSERVBYNAME */ + } + break; +# endif /* NETINET */ + +# if NETINET6 + case AF_INET6: + if (isascii(*port) && isdigit(*port)) + d->d_addr.sin6.sin6_port = htons((u_short)atoi(port)); + else + { +# ifdef NO_GETSERVBYNAME + syserr("554 5.3.5 invalid port number: %s", + port); +# else /* NO_GETSERVBYNAME */ + register struct servent *sp; + + sp = getservbyname(port, "tcp"); + if (sp == NULL) + syserr("554 5.3.5 service \"%s\" unknown", + port); + else + d->d_addr.sin6.sin6_port = sp->s_port; +# endif /* NO_GETSERVBYNAME */ + } + break; +# endif /* NETINET6 */ + +# if NETISO + case AF_ISO: + /* assume two byte transport selector */ + if (isascii(*port) && isdigit(*port)) + portno = htons((u_short)atoi(port)); + else + { +# ifdef NO_GETSERVBYNAME + syserr("554 5.3.5 invalid port number: %s", + port); +# else /* NO_GETSERVBYNAME */ + register struct servent *sp; + + sp = getservbyname(port, "tcp"); + if (sp == NULL) + syserr("554 5.3.5 service \"%s\" unknown", + port); + else + portno = sp->s_port; +# endif /* NO_GETSERVBYNAME */ + } + memmove(TSEL(&d->d_addr.siso), + (char *) &portno, 2); + break; +# endif /* NETISO */ + + default: + syserr("554 5.3.5 Port= option unsupported for family %d", + d->d_addr.sa.sa_family); + break; + } + } } /* ** SETDAEMONOPTIONS -- set options for running the MTA daemon ** ** Parameters: ** p -- the options line. ** ** Returns: ** TRUE if successful, FALSE otherwise. */ bool setdaemonoptions(p) register char *p; { if (ndaemons >= MAXDAEMONS) return FALSE; Daemons[ndaemons].d_socket = -1; Daemons[ndaemons].d_listenqueue = 10; clrbitmap(Daemons[ndaemons].d_flags); setsockaddroptions(p, &Daemons[ndaemons]); if (Daemons[ndaemons].d_name != NULL) Daemons[ndaemons].d_name = newstr(Daemons[ndaemons].d_name); else { char num[30]; snprintf(num, sizeof num, "Daemon%d", ndaemons); Daemons[ndaemons].d_name = newstr(num); } if (tTd(37, 1)) { dprintf("Daemon %s flags: ", Daemons[ndaemons].d_name); if (bitnset(D_ETRNONLY, Daemons[ndaemons].d_flags)) dprintf("ETRNONLY "); if (bitnset(D_NOETRN, Daemons[ndaemons].d_flags)) dprintf("NOETRN "); dprintf("\n"); } ++ndaemons; return TRUE; } /* ** INITDAEMON -- initialize daemon if not yet done. ** ** Parameters: ** none ** ** Returns: ** none ** ** Side Effects: ** initializes structure for one daemon. */ void initdaemon() { if (ndaemons == 0) { Daemons[ndaemons].d_socket = -1; Daemons[ndaemons].d_listenqueue = 10; Daemons[ndaemons].d_name = "Daemon0"; ndaemons = 1; } } /* ** SETCLIENTOPTIONS -- set options for running the client ** ** Parameters: ** p -- the options line. ** ** Returns: ** none. */ static SOCKADDR ClientAddr; /* address for client */ void setclientoptions(p) register char *p; { struct daemon d; extern ENVELOPE BlankEnvelope; memset(&d, '\0', sizeof d); setsockaddroptions(p, &d); /* grab what we need */ memcpy(&ClientAddr, &d.d_addr, sizeof ClientAddr); TcpSndBufferSize = d.d_tcpsndbufsize; TcpRcvBufferSize = d.d_tcprcvbufsize; if (d.d_mflags != NULL) define(macid("{client_flags}", NULL), d.d_mflags, &BlankEnvelope); else define(macid("{client_flags}", NULL), "", &BlankEnvelope); } /* ** ADDR_FAMILY -- determine address family from address ** ** Parameters: ** addr -- the string representation of the address ** ** Returns: ** AF_INET, AF_INET6 or AF_UNSPEC ** ** Side Effects: ** none. */ static int addr_family(addr) char *addr; { # if NETINET6 SOCKADDR clt_addr; # endif /* NETINET6 */ # if NETINET if (inet_addr(addr) != INADDR_NONE) { if (tTd(16, 9)) printf("addr_family(%s): INET\n", addr); return AF_INET; } # endif /* NETINET */ # if NETINET6 if (inet_pton(AF_INET6, addr, &clt_addr.sin6.sin6_addr) == 1) { if (tTd(16, 9)) printf("addr_family(%s): INET6\n", addr); return AF_INET6; } # endif /* NETINET6 */ if (tTd(16, 9)) printf("addr_family(%s): UNSPEC\n", addr); return AF_UNSPEC; } /* ** MAKECONNECTION -- make a connection to an SMTP socket on a machine. ** ** Parameters: ** host -- the name of the host. ** port -- the port number to connect to. ** mci -- a pointer to the mail connection information ** structure to be filled in. ** e -- the current envelope. ** ** Returns: ** An exit code telling whether the connection could be ** made and if not why not. ** ** Side Effects: ** none. */ static jmp_buf CtxConnectTimeout; SOCKADDR CurHostAddr; /* address of current host */ int makeconnection(host, port, mci, e) char *host; volatile u_int port; register MCI *mci; ENVELOPE *e; { register volatile int addrno = 0; register volatile int s; register struct hostent *volatile hp = (struct hostent *)NULL; SOCKADDR addr; SOCKADDR clt_addr; int save_errno = 0; volatile SOCKADDR_LEN_T addrlen; volatile bool firstconnect; EVENT *volatile ev = NULL; # if NETINET6 volatile bool v6found = FALSE; # endif /* NETINET6 */ volatile int family = InetMode; SOCKADDR_LEN_T len; volatile SOCKADDR_LEN_T socksize = 0; volatile bool clt_bind; BITMAP256 d_flags; char *p; extern ENVELOPE BlankEnvelope; /* retranslate ${daemon_flags} into bitmap */ clrbitmap(d_flags); if ((p = macvalue(macid("{daemon_flags}", NULL), e)) != NULL) { for (; *p != '\0'; p++) { if (!(isascii(*p) && isspace(*p))) - setbitn(*p, d_flags); + setbitn(bitidx(*p), d_flags); } } /* "add" ${client_flags} to bitmap */ if ((p = macvalue(macid("{client_flags}", NULL), e)) != NULL) { for (; *p != '\0'; p++) { /* look for just this one flag */ if (*p == D_IFNHELO) { - setbitn(*p, d_flags); + setbitn(bitidx(*p), d_flags); break; } } } # if NETINET6 v4retry: # endif /* NETINET6 */ clt_bind = FALSE; /* Set up the address for outgoing connection. */ if (bitnset(D_BINDIF, d_flags) && (p = macvalue(macid("{if_addr}", NULL), e)) != NULL) { # if NETINET6 char p6[INET6_ADDRSTRLEN]; # endif /* NETINET6 */ memset(&clt_addr, '\0', sizeof clt_addr); /* infer the address family from the address itself */ clt_addr.sa.sa_family = addr_family(p); switch (clt_addr.sa.sa_family) { # if NETINET case AF_INET: if ((clt_addr.sin.sin_addr.s_addr = inet_addr(p)) != INADDR_NONE) { clt_bind = TRUE; socksize = sizeof (struct sockaddr_in); } else if (clt_addr.sin.sin_port != 0) { clt_addr.sin.sin_addr.s_addr = INADDR_ANY; clt_bind = TRUE; socksize = sizeof (struct sockaddr_in); } break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (inet_addr(p) != INADDR_NONE) snprintf(p6, sizeof p6, "::ffff:%s", p); else strlcpy(p6, p, sizeof p6); if (inet_pton(AF_INET6, p6, &clt_addr.sin6.sin6_addr) == 1) { clt_bind = TRUE; socksize = sizeof (struct sockaddr_in6); } else if (clt_addr.sin6.sin6_port != 0) { if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr)) clt_addr.sin6.sin6_addr = in6addr_any; clt_bind = TRUE; socksize = sizeof (struct sockaddr_in6); } break; # endif /* NETINET6 */ # if 0 default: syserr("554 5.3.5 Address= option unsupported for family %d", clt_addr.sa.sa_family); break; # endif /* 0 */ } if (clt_bind) family = clt_addr.sa.sa_family; } else { STRUCTCOPY(ClientAddr, clt_addr); if (clt_addr.sa.sa_family == AF_UNSPEC) clt_addr.sa.sa_family = InetMode; switch (clt_addr.sa.sa_family) { # if NETINET case AF_INET: if (clt_addr.sin.sin_addr.s_addr == 0) clt_addr.sin.sin_addr.s_addr = INADDR_ANY; else clt_bind = TRUE; if (clt_addr.sin.sin_port != 0) clt_bind = TRUE; socksize = sizeof (struct sockaddr_in); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (IN6_IS_ADDR_UNSPECIFIED(&clt_addr.sin6.sin6_addr)) clt_addr.sin6.sin6_addr = in6addr_any; else clt_bind = TRUE; socksize = sizeof (struct sockaddr_in6); if (clt_addr.sin6.sin6_port != 0) clt_bind = TRUE; break; # endif /* NETINET6 */ # if NETISO case AF_ISO: socksize = sizeof clt_addr.siso; clt_bind = TRUE; break; # endif /* NETISO */ default: break; } } /* ** Set up the address for the mailer. ** Accept "[a.b.c.d]" syntax for host name. */ # if NAMED_BIND h_errno = 0; # endif /* NAMED_BIND */ errno = 0; memset(&CurHostAddr, '\0', sizeof CurHostAddr); memset(&addr, '\0', sizeof addr); SmtpPhase = mci->mci_phase = "initial connection"; CurHostName = host; if (host[0] == '[') { p = strchr(host, ']'); if (p != NULL) { # if NETINET unsigned long hid = INADDR_NONE; # endif /* NETINET */ # if NETINET6 struct sockaddr_in6 hid6; # endif /* NETINET6 */ *p = '\0'; # if NETINET6 memset(&hid6, '\0', sizeof hid6); # endif /* NETINET6 */ # if NETINET if (family == AF_INET && (hid = inet_addr(&host[1])) != INADDR_NONE) { addr.sin.sin_family = AF_INET; addr.sin.sin_addr.s_addr = hid; } else # endif /* NETINET */ # if NETINET6 if (family == AF_INET6 && inet_pton(AF_INET6, &host[1], &hid6.sin6_addr) == 1) { addr.sin6.sin6_family = AF_INET6; addr.sin6.sin6_addr = hid6.sin6_addr; } else # endif /* NETINET6 */ { /* try it as a host name (avoid MX lookup) */ hp = sm_gethostbyname(&host[1], family); if (hp == NULL && p[-1] == '.') { # if NAMED_BIND int oldopts = _res.options; _res.options &= ~(RES_DEFNAMES|RES_DNSRCH); # endif /* NAMED_BIND */ p[-1] = '\0'; hp = sm_gethostbyname(&host[1], family); p[-1] = '.'; # if NAMED_BIND _res.options = oldopts; # endif /* NAMED_BIND */ } *p = ']'; goto gothostent; } *p = ']'; } if (p == NULL) { extern char MsgBuf[]; usrerrenh("5.1.2", "553 Invalid numeric domain spec \"%s\"", host); mci_setstat(mci, EX_NOHOST, "5.1.2", MsgBuf); errno = EINVAL; return EX_NOHOST; } } else { /* contortion to get around SGI cc complaints */ { p = &host[strlen(host) - 1]; hp = sm_gethostbyname(host, family); if (hp == NULL && *p == '.') { # if NAMED_BIND int oldopts = _res.options; _res.options &= ~(RES_DEFNAMES|RES_DNSRCH); # endif /* NAMED_BIND */ *p = '\0'; hp = sm_gethostbyname(host, family); *p = '.'; # if NAMED_BIND _res.options = oldopts; # endif /* NAMED_BIND */ } } gothostent: if (hp == NULL) { # if NAMED_BIND /* check for name server timeouts */ if (errno == ETIMEDOUT || h_errno == TRY_AGAIN || (errno == ECONNREFUSED && UseNameServer)) { save_errno = errno; mci_setstat(mci, EX_TEMPFAIL, "4.4.3", NULL); errno = save_errno; return EX_TEMPFAIL; } # endif /* NAMED_BIND */ # if NETINET6 /* ** Try v6 first, then fall back to v4. ** If we found a v6 address, but no v4 ** addresses, then TEMPFAIL. */ if (family == AF_INET6) { family = AF_INET; goto v4retry; } if (v6found) goto v6tempfail; # endif /* NETINET6 */ save_errno = errno; mci_setstat(mci, EX_NOHOST, "5.1.2", NULL); errno = save_errno; return EX_NOHOST; } addr.sa.sa_family = hp->h_addrtype; switch (hp->h_addrtype) { # if NETINET case AF_INET: memmove(&addr.sin.sin_addr, hp->h_addr, INADDRSZ); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, hp->h_addr, IN6ADDRSZ); break; # endif /* NETINET6 */ default: if (hp->h_length > sizeof addr.sa.sa_data) { syserr("makeconnection: long sa_data: family %d len %d", hp->h_addrtype, hp->h_length); mci_setstat(mci, EX_NOHOST, "5.1.2", NULL); errno = EINVAL; return EX_NOHOST; } memmove(addr.sa.sa_data, hp->h_addr, hp->h_length); break; } addrno = 1; } /* ** Determine the port number. */ if (port == 0) { # ifdef NO_GETSERVBYNAME port = htons(25); # else /* NO_GETSERVBYNAME */ register struct servent *sp = getservbyname("smtp", "tcp"); if (sp == NULL) { if (LogLevel > 2) sm_syslog(LOG_ERR, NOQID, "makeconnection: service \"smtp\" unknown"); port = htons(25); } else port = sp->s_port; # endif /* NO_GETSERVBYNAME */ } switch (addr.sa.sa_family) { # if NETINET case AF_INET: addr.sin.sin_port = port; addrlen = sizeof (struct sockaddr_in); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: addr.sin6.sin6_port = port; addrlen = sizeof (struct sockaddr_in6); break; # endif /* NETINET6 */ # if NETISO case AF_ISO: /* assume two byte transport selector */ memmove(TSEL((struct sockaddr_iso *) &addr), (char *) &port, 2); addrlen = sizeof (struct sockaddr_iso); break; # endif /* NETISO */ default: syserr("Can't connect to address family %d", addr.sa.sa_family); mci_setstat(mci, EX_NOHOST, "5.1.2", NULL); errno = EINVAL; +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return EX_NOHOST; } /* ** Try to actually open the connection. */ # ifdef XLA /* if too many connections, don't bother trying */ if (!xla_noqueue_ok(host)) + { +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return EX_TEMPFAIL; + } # endif /* XLA */ firstconnect = TRUE; for (;;) { if (tTd(16, 1)) dprintf("makeconnection (%s [%s])\n", host, anynet_ntoa(&addr)); /* save for logging */ CurHostAddr = addr; if (bitnset(M_SECURE_PORT, mci->mci_mailer->m_flags)) { int rport = IPPORT_RESERVED - 1; s = rresvport(&rport); } else { s = socket(addr.sa.sa_family, SOCK_STREAM, 0); } if (s < 0) { save_errno = errno; syserr("makeconnection: cannot create socket"); # ifdef XLA xla_host_end(host); # endif /* XLA */ mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ errno = save_errno; return EX_TEMPFAIL; } # ifdef SO_SNDBUF if (TcpSndBufferSize > 0) { if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, (char *) &TcpSndBufferSize, sizeof(TcpSndBufferSize)) < 0) syserr("makeconnection: setsockopt(SO_SNDBUF)"); } # endif /* SO_SNDBUF */ # ifdef SO_RCVBUF if (TcpRcvBufferSize > 0) { if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, (char *) &TcpRcvBufferSize, sizeof(TcpRcvBufferSize)) < 0) syserr("makeconnection: setsockopt(SO_RCVBUF)"); } # endif /* SO_RCVBUF */ if (tTd(16, 1)) dprintf("makeconnection: fd=%d\n", s); /* turn on network debugging? */ if (tTd(16, 101)) { int on = 1; (void) setsockopt(s, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof on); } if (e->e_xfp != NULL) (void) fflush(e->e_xfp); /* for debugging */ errno = 0; /* for debugging */ if (clt_bind) { int on = 1; switch (clt_addr.sa.sa_family) { # if NETINET case AF_INET: if (clt_addr.sin.sin_port != 0) (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof on); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (clt_addr.sin6.sin6_port != 0) (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof on); break; # endif /* NETINET6 */ } if (bind(s, &clt_addr.sa, socksize) < 0) { save_errno = errno; (void) close(s); errno = save_errno; syserr("makeconnection: cannot bind socket [%s]", anynet_ntoa(&clt_addr)); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ errno = save_errno; return EX_TEMPFAIL; } } /* ** Linux seems to hang in connect for 90 minutes (!!!). ** Time out the connect to avoid this problem. */ if (setjmp(CtxConnectTimeout) == 0) { int i; if (e->e_ntries <= 0 && TimeOuts.to_iconnect != 0) ev = setevent(TimeOuts.to_iconnect, connecttimeout, 0); else if (TimeOuts.to_connect != 0) ev = setevent(TimeOuts.to_connect, connecttimeout, 0); else ev = NULL; switch (ConnectOnlyTo.sa.sa_family) { # if NETINET case AF_INET: addr.sin.sin_addr.s_addr = ConnectOnlyTo.sin.sin_addr.s_addr; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, &ConnectOnlyTo.sin6.sin6_addr, IN6ADDRSZ); break; # endif /* NETINET6 */ } i = connect(s, (struct sockaddr *) &addr, addrlen); save_errno = errno; if (ev != NULL) clrevent(ev); if (i >= 0) break; } else save_errno = errno; /* if running demand-dialed connection, try again */ if (DialDelay > 0 && firstconnect) { if (tTd(16, 1)) dprintf("Connect failed (%s); trying again...\n", errstring(save_errno)); firstconnect = FALSE; (void) sleep(DialDelay); continue; } /* couldn't connect.... figure out why */ (void) close(s); if (LogLevel >= 14) sm_syslog(LOG_INFO, e->e_id, "makeconnection (%s [%s]) failed: %s", host, anynet_ntoa(&addr), errstring(save_errno)); if (hp != NULL && hp->h_addr_list[addrno] != NULL) { if (tTd(16, 1)) dprintf("Connect failed (%s); trying new address....\n", errstring(save_errno)); switch (addr.sa.sa_family) { # if NETINET case AF_INET: memmove(&addr.sin.sin_addr, hp->h_addr_list[addrno++], INADDRSZ); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, hp->h_addr_list[addrno++], IN6ADDRSZ); break; # endif /* NETINET6 */ default: memmove(addr.sa.sa_data, hp->h_addr_list[addrno++], hp->h_length); break; } continue; } errno = save_errno; # if NETINET6 if (family == AF_INET6) { if (tTd(16, 1)) dprintf("Connect failed (%s); retrying with AF_INET....\n", errstring(save_errno)); v6found = TRUE; family = AF_INET; +# if _FFR_FREEHOSTENT + if (hp != NULL) + { + freehostent(hp); + hp = NULL; + } +# endif /* _FFR_FREEHOSTENT */ goto v4retry; } v6tempfail: # endif /* NETINET6 */ /* couldn't open connection */ # if NETINET6 /* Don't clobber an already saved errno from v4retry */ if (errno > 0) # endif /* NETINET6 */ save_errno = errno; if (tTd(16, 1)) dprintf("Connect failed (%s)\n", errstring(save_errno)); # ifdef XLA xla_host_end(host); # endif /* XLA */ mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ errno = save_errno; return EX_TEMPFAIL; } +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + { + freehostent(hp); + hp = NULL; + } +# endif /* _FFR_FREEHOSTENT && NETINET6 */ + /* connection ok, put it into canonical form */ mci->mci_out = NULL; if ((mci->mci_out = fdopen(s, "w")) == NULL || (s = dup(s)) < 0 || (mci->mci_in = fdopen(s, "r")) == NULL) { save_errno = errno; syserr("cannot open SMTP client channel, fd=%d", s); mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); if (mci->mci_out != NULL) (void) fclose(mci->mci_out); (void) close(s); errno = save_errno; return EX_TEMPFAIL; } /* find out name for Interface through which we connect */ len = sizeof addr; if (getsockname(s, &addr.sa, &len) == 0) { char *name; char *p; define(macid("{if_addr}", NULL), newstr(anynet_ntoa(&addr)), &BlankEnvelope); p = xalloc(5); snprintf(p, 4, "%d", addr.sa.sa_family); define(macid("{if_family}", NULL), p, &BlankEnvelope); name = hostnamebyanyaddr(&addr); define(macid("{if_name}", NULL), newstr(name), &BlankEnvelope); if (LogLevel > 11) { /* log connection information */ sm_syslog(LOG_INFO, e->e_id, "SMTP outgoing connect on %.40s", name); } if (bitnset(D_IFNHELO, d_flags)) { if (name[0] != '[' && strchr(name, '.') != NULL) mci->mci_heloname = newstr(name); } } else { define(macid("{if_name}", NULL), NULL, &BlankEnvelope); define(macid("{if_addr}", NULL), NULL, &BlankEnvelope); define(macid("{if_family}", NULL), NULL, &BlankEnvelope); } mci_setstat(mci, EX_OK, NULL, NULL); return EX_OK; } static void connecttimeout() { errno = ETIMEDOUT; longjmp(CtxConnectTimeout, 1); } /* ** MAKECONNECTION_DS -- make a connection to a domain socket. ** ** Parameters: ** mux_path -- the path of the socket to connect to. ** mci -- a pointer to the mail connection information ** structure to be filled in. ** ** Returns: ** An exit code telling whether the connection could be ** made and if not why not. ** ** Side Effects: ** none. */ # if NETUNIX int makeconnection_ds(mux_path, mci) char *mux_path; register MCI *mci; { int sock; int rval, save_errno; long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_ROOTOK|SFF_EXECOK; struct sockaddr_un unix_addr; /* if not safe, don't connect */ rval = safefile(mux_path, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL); if (rval != 0) { syserr("makeconnection_ds: unsafe domain socket"); mci_setstat(mci, EX_TEMPFAIL, "4.3.5", NULL); errno = rval; return EX_TEMPFAIL; } /* prepare address structure */ memset(&unix_addr, '\0', sizeof unix_addr); unix_addr.sun_family = AF_UNIX; if (strlen(mux_path) >= sizeof unix_addr.sun_path) { syserr("makeconnection_ds: domain socket name too long"); /* XXX why TEMPFAIL ? */ mci_setstat(mci, EX_TEMPFAIL, "5.3.5", NULL); errno = ENAMETOOLONG; return EX_UNAVAILABLE; } (void) strlcpy(unix_addr.sun_path, mux_path, sizeof unix_addr.sun_path); /* initialize domain socket */ sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock == -1) { save_errno = errno; syserr("makeconnection_ds: could not create domain socket"); mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); errno = save_errno; return EX_TEMPFAIL; } /* connect to server */ if (connect(sock, (struct sockaddr *) &unix_addr, sizeof(unix_addr)) == -1) { save_errno = errno; syserr("Could not connect to socket %s", mux_path); mci_setstat(mci, EX_TEMPFAIL, "4.4.1", NULL); (void) close(sock); errno = save_errno; return EX_TEMPFAIL; } /* connection ok, put it into canonical form */ mci->mci_out = NULL; if ((mci->mci_out = fdopen(sock, "w")) == NULL || (sock = dup(sock)) < 0 || (mci->mci_in = fdopen(sock, "r")) == NULL) { save_errno = errno; syserr("cannot open SMTP client channel, fd=%d", sock); mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); if (mci->mci_out != NULL) (void) fclose(mci->mci_out); (void) close(sock); errno = save_errno; return EX_TEMPFAIL; } mci_setstat(mci, EX_OK, NULL, NULL); errno = 0; return EX_OK; } # endif /* NETUNIX */ /* ** MYHOSTNAME -- return the name of this host. ** ** Parameters: ** hostbuf -- a place to return the name of this host. ** size -- the size of hostbuf. ** ** Returns: ** A list of aliases for this host. ** ** Side Effects: ** Adds numeric codes to $=w. */ struct hostent * myhostname(hostbuf, size) char hostbuf[]; int size; { register struct hostent *hp; if (gethostname(hostbuf, size) < 0) { (void) strlcpy(hostbuf, "localhost", size); } hp = sm_gethostbyname(hostbuf, InetMode); if (hp == NULL) return NULL; if (strchr(hp->h_name, '.') != NULL || strchr(hostbuf, '.') == NULL) (void) cleanstrcpy(hostbuf, hp->h_name, size); # if NETINFO if (strchr(hostbuf, '.') == NULL) { char *domainname; domainname = ni_propval("/locations", NULL, "resolver", "domain", '\0'); if (domainname != NULL && strlen(domainname) + strlen(hostbuf) + 1 < size) { (void) strlcat(hostbuf, ".", size); (void) strlcat(hostbuf, domainname, size); } } # endif /* NETINFO */ /* ** If there is still no dot in the name, try looking for a ** dotted alias. */ if (strchr(hostbuf, '.') == NULL) { char **ha; for (ha = hp->h_aliases; ha != NULL && *ha != NULL; ha++) { if (strchr(*ha, '.') != NULL) { (void) cleanstrcpy(hostbuf, *ha, size - 1); hostbuf[size - 1] = '\0'; break; } } } /* ** If _still_ no dot, wait for a while and try again -- it is ** possible that some service is starting up. This can result ** in excessive delays if the system is badly configured, but ** there really isn't a way around that, particularly given that ** the config file hasn't been read at this point. ** All in all, a bit of a mess. */ if (strchr(hostbuf, '.') == NULL && !getcanonname(hostbuf, size, TRUE)) { sm_syslog(LOG_CRIT, NOQID, "My unqualified host name (%s) unknown; sleeping for retry", hostbuf); message("My unqualified host name (%s) unknown; sleeping for retry", hostbuf); (void) sleep(60); if (!getcanonname(hostbuf, size, TRUE)) { sm_syslog(LOG_ALERT, NOQID, "unable to qualify my own domain name (%s) -- using short name", hostbuf); message("WARNING: unable to qualify my own domain name (%s) -- using short name", hostbuf); } } return hp; } /* ** ADDRCMP -- compare two host addresses ** ** Parameters: ** hp -- hostent structure for the first address ** ha -- actual first address ** sa -- second address ** ** Returns: ** 0 -- if ha and sa match ** else -- they don't match */ static int addrcmp(hp, ha, sa) struct hostent *hp; char *ha; SOCKADDR *sa; { # if NETINET6 u_char *a; # endif /* NETINET6 */ switch (sa->sa.sa_family) { # if NETINET case AF_INET: if (hp->h_addrtype == AF_INET) return memcmp(ha, (char *) &sa->sin.sin_addr, INADDRSZ); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: a = (u_char *) &sa->sin6.sin6_addr; /* Straight binary comparison */ if (hp->h_addrtype == AF_INET6) return memcmp(ha, a, IN6ADDRSZ); /* If IPv4-mapped IPv6 address, compare the IPv4 section */ if (hp->h_addrtype == AF_INET && IN6_IS_ADDR_V4MAPPED(&sa->sin6.sin6_addr)) return memcmp(a + IN6ADDRSZ - INADDRSZ, ha, INADDRSZ); break; # endif /* NETINET6 */ } return -1; } /* ** GETAUTHINFO -- get the real host name associated with a file descriptor ** ** Uses RFC1413 protocol to try to get info from the other end. ** ** Parameters: ** fd -- the descriptor ** may_be_forged -- an outage that is set to TRUE if the ** forward lookup of RealHostName does not match ** RealHostAddr; set to FALSE if they do match. ** ** Returns: ** The user@host information associated with this descriptor. */ static jmp_buf CtxAuthTimeout; static void authtimeout() { longjmp(CtxAuthTimeout, 1); } char * getauthinfo(fd, may_be_forged) int fd; bool *may_be_forged; { volatile u_short port = 0; SOCKADDR_LEN_T falen; register char *volatile p = NULL; SOCKADDR la; SOCKADDR_LEN_T lalen; register struct servent *sp; volatile int s; int i = 0; EVENT *ev; int nleft; struct hostent *hp; char *ostype = NULL; char **ha; char ibuf[MAXNAME + 1]; static char hbuf[MAXNAME * 2 + 11]; *may_be_forged = FALSE; falen = sizeof RealHostAddr; if (isatty(fd) || (i = getpeername(fd, &RealHostAddr.sa, &falen)) < 0 || falen <= 0 || RealHostAddr.sa.sa_family == 0) { if (i < 0) { /* ** ENOTSOCK is OK: bail on anything else, but reset ** errno in this case, so a mis-report doesn't ** happen later. */ if (errno != ENOTSOCK) return NULL; errno = 0; } (void) snprintf(hbuf, sizeof hbuf, "%s@localhost", - RealUserName); + RealUserName); if (tTd(9, 1)) dprintf("getauthinfo: %s\n", hbuf); return hbuf; } if (RealHostName == NULL) { /* translate that to a host name */ RealHostName = newstr(hostnamebyanyaddr(&RealHostAddr)); if (strlen(RealHostName) > MAXNAME) RealHostName[MAXNAME] = '\0'; } /* cross check RealHostName with forward DNS lookup */ if (anynet_ntoa(&RealHostAddr)[0] == '[' || RealHostName[0] == '[') { /* ** address is not a socket or have an ** IP address with no forward lookup */ *may_be_forged = FALSE; } else { /* try to match the reverse against the forward lookup */ hp = sm_gethostbyname(RealHostName, RealHostAddr.sa.sa_family); if (hp == NULL) *may_be_forged = TRUE; else { for (ha = hp->h_addr_list; *ha != NULL; ha++) if (addrcmp(hp, *ha, &RealHostAddr) == 0) break; *may_be_forged = *ha == NULL; +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); + hp = NULL; +# endif /* _FFR_FREEHOSTENT && NETINET6 */ } } if (TimeOuts.to_ident == 0) goto noident; lalen = sizeof la; switch (RealHostAddr.sa.sa_family) { # if NETINET case AF_INET: if (getsockname(fd, &la.sa, &lalen) < 0 || lalen <= 0 || la.sa.sa_family != AF_INET) { /* no ident info */ goto noident; } port = RealHostAddr.sin.sin_port; /* create ident query */ (void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n", ntohs(RealHostAddr.sin.sin_port), ntohs(la.sin.sin_port)); /* create local address */ la.sin.sin_port = 0; /* create foreign address */ # ifdef NO_GETSERVBYNAME RealHostAddr.sin.sin_port = htons(113); # else /* NO_GETSERVBYNAME */ sp = getservbyname("auth", "tcp"); if (sp != NULL) RealHostAddr.sin.sin_port = sp->s_port; else RealHostAddr.sin.sin_port = htons(113); break; # endif /* NO_GETSERVBYNAME */ # endif /* NETINET */ # if NETINET6 case AF_INET6: if (getsockname(fd, &la.sa, &lalen) < 0 || lalen <= 0 || la.sa.sa_family != AF_INET6) { /* no ident info */ goto noident; } port = RealHostAddr.sin6.sin6_port; /* create ident query */ (void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n", ntohs(RealHostAddr.sin6.sin6_port), ntohs(la.sin6.sin6_port)); /* create local address */ la.sin6.sin6_port = 0; /* create foreign address */ # ifdef NO_GETSERVBYNAME RealHostAddr.sin6.sin6_port = htons(113); # else /* NO_GETSERVBYNAME */ sp = getservbyname("auth", "tcp"); if (sp != NULL) RealHostAddr.sin6.sin6_port = sp->s_port; else RealHostAddr.sin6.sin6_port = htons(113); break; # endif /* NO_GETSERVBYNAME */ # endif /* NETINET6 */ default: /* no ident info */ goto noident; } s = -1; if (setjmp(CtxAuthTimeout) != 0) { if (s >= 0) (void) close(s); goto noident; } /* put a timeout around the whole thing */ ev = setevent(TimeOuts.to_ident, authtimeout, 0); /* connect to foreign IDENT server using same address as SMTP socket */ s = socket(la.sa.sa_family, SOCK_STREAM, 0); if (s < 0) { clrevent(ev); goto noident; } if (bind(s, &la.sa, lalen) < 0 || connect(s, &RealHostAddr.sa, lalen) < 0) { goto closeident; } if (tTd(9, 10)) dprintf("getauthinfo: sent %s", ibuf); /* send query */ if (write(s, ibuf, strlen(ibuf)) < 0) goto closeident; /* get result */ p = &ibuf[0]; nleft = sizeof ibuf - 1; while ((i = read(s, p, nleft)) > 0) { p += i; nleft -= i; *p = '\0'; if (strchr(ibuf, '\n') != NULL) break; } (void) close(s); clrevent(ev); if (i < 0 || p == &ibuf[0]) goto noident; if (*--p == '\n' && *--p == '\r') p--; *++p = '\0'; if (tTd(9, 3)) dprintf("getauthinfo: got %s\n", ibuf); /* parse result */ p = strchr(ibuf, ':'); if (p == NULL) { /* malformed response */ goto noident; } while (isascii(*++p) && isspace(*p)) continue; if (strncasecmp(p, "userid", 6) != 0) { /* presumably an error string */ goto noident; } p += 6; while (isascii(*p) && isspace(*p)) p++; if (*p++ != ':') { /* either useridxx or malformed response */ goto noident; } /* p now points to the OSTYPE field */ while (isascii(*p) && isspace(*p)) p++; ostype = p; p = strchr(p, ':'); if (p == NULL) { /* malformed response */ goto noident; } else { char *charset; *p = '\0'; charset = strchr(ostype, ','); if (charset != NULL) *charset = '\0'; } /* 1413 says don't do this -- but it's broken otherwise */ while (isascii(*++p) && isspace(*p)) continue; /* p now points to the authenticated name -- copy carefully */ if (strncasecmp(ostype, "other", 5) == 0 && (ostype[5] == ' ' || ostype[5] == '\0')) { snprintf(hbuf, sizeof hbuf, "IDENT:"); cleanstrcpy(&hbuf[6], p, MAXNAME); } else cleanstrcpy(hbuf, p, MAXNAME); i = strlen(hbuf); snprintf(&hbuf[i], sizeof hbuf - i, "@%s", RealHostName == NULL ? "localhost" : RealHostName); goto postident; closeident: (void) close(s); clrevent(ev); noident: /* put back the original incoming port */ switch (RealHostAddr.sa.sa_family) { # if NETINET case AF_INET: if (port > 0) RealHostAddr.sin.sin_port = port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (port > 0) RealHostAddr.sin6.sin6_port = port; break; # endif /* NETINET6 */ } if (RealHostName == NULL) { if (tTd(9, 1)) dprintf("getauthinfo: NULL\n"); return NULL; } snprintf(hbuf, sizeof hbuf, "%s", RealHostName); postident: # if IP_SRCROUTE # ifndef GET_IPOPT_DST # define GET_IPOPT_DST(dst) (dst) # endif /* ! GET_IPOPT_DST */ /* ** Extract IP source routing information. ** ** Format of output for a connection from site a through b ** through c to d: ** loose: @site-c@site-b:site-a ** strict: !@site-c@site-b:site-a ** ** o - pointer within ipopt_list structure. ** q - pointer within ls/ss rr route data ** p - pointer to hbuf */ if (RealHostAddr.sa.sa_family == AF_INET) { SOCKOPT_LEN_T ipoptlen; int j; u_char *q; u_char *o; int l; struct IPOPTION ipopt; ipoptlen = sizeof ipopt; if (getsockopt(fd, IPPROTO_IP, IP_OPTIONS, (char *) &ipopt, &ipoptlen) < 0) goto noipsr; if (ipoptlen == 0) goto noipsr; o = (u_char *) ipopt.IP_LIST; while (o != NULL && o < (u_char *) &ipopt + ipoptlen) { switch (*o) { case IPOPT_EOL: o = NULL; break; case IPOPT_NOP: o++; break; case IPOPT_SSRR: case IPOPT_LSRR: /* ** Source routing. ** o[0] is the option type (loose/strict). ** o[1] is the length of this option, ** including option type and ** length. ** o[2] is the pointer into the route ** data. ** o[3] begins the route data. */ p = &hbuf[strlen(hbuf)]; l = sizeof hbuf - (hbuf - p) - 6; snprintf(p, SPACELEFT(hbuf, p), " [%s@%.*s", *o == IPOPT_SSRR ? "!" : "", l > 240 ? 120 : l / 2, inet_ntoa(GET_IPOPT_DST(ipopt.IP_DST))); i = strlen(p); p += i; l -= strlen(p); j = o[1] / sizeof(struct in_addr) - 1; /* q skips length and router pointer to data */ q = &o[3]; for ( ; j >= 0; j--) { struct in_addr addr; memcpy(&addr, q, sizeof(addr)); snprintf(p, SPACELEFT(hbuf, p), "%c%.*s", j != 0 ? '@' : ':', l > 240 ? 120 : j == 0 ? l : l / 2, inet_ntoa(addr)); i = strlen(p); p += i; l -= i + 1; q += sizeof(struct in_addr); } o += o[1]; break; default: /* Skip over option */ o += o[1]; break; } } snprintf(p, SPACELEFT(hbuf, p), "]"); goto postipsr; } noipsr: # endif /* IP_SRCROUTE */ if (RealHostName != NULL && RealHostName[0] != '[') { p = &hbuf[strlen(hbuf)]; (void) snprintf(p, SPACELEFT(hbuf, p), " [%.100s]", anynet_ntoa(&RealHostAddr)); } if (*may_be_forged) { p = &hbuf[strlen(hbuf)]; (void) snprintf(p, SPACELEFT(hbuf, p), " (may be forged)"); } # if IP_SRCROUTE postipsr: # endif /* IP_SRCROUTE */ if (tTd(9, 1)) dprintf("getauthinfo: %s\n", hbuf); /* put back the original incoming port */ switch (RealHostAddr.sa.sa_family) { # if NETINET case AF_INET: if (port > 0) RealHostAddr.sin.sin_port = port; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (port > 0) RealHostAddr.sin6.sin6_port = port; break; # endif /* NETINET6 */ } return hbuf; } /* ** HOST_MAP_LOOKUP -- turn a hostname into canonical form ** ** Parameters: ** map -- a pointer to this map. ** name -- the (presumably unqualified) hostname. ** av -- unused -- for compatibility with other mapping ** functions. ** statp -- an exit status (out parameter) -- set to ** EX_TEMPFAIL if the name server is unavailable. ** ** Returns: ** The mapping, if found. ** NULL if no mapping found. ** ** Side Effects: ** Looks up the host specified in hbuf. If it is not ** the canonical name for that host, return the canonical ** name (unless MF_MATCHONLY is set, which will cause the ** status only to be returned). */ char * host_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { register struct hostent *hp; # if NETINET struct in_addr in_addr; # endif /* NETINET */ # if NETINET6 struct in6_addr in6_addr; # endif /* NETINET6 */ char *cp, *ans = NULL; register STAB *s; char hbuf[MAXNAME + 1]; /* ** See if we have already looked up this name. If so, just ** return it. */ s = stab(name, ST_NAMECANON, ST_ENTER); if (bitset(NCF_VALID, s->s_namecanon.nc_flags)) { if (tTd(9, 1)) dprintf("host_map_lookup(%s) => CACHE %s\n", name, s->s_namecanon.nc_cname == NULL ? "NULL" : s->s_namecanon.nc_cname); errno = s->s_namecanon.nc_errno; # if NAMED_BIND h_errno = s->s_namecanon.nc_herrno; # endif /* NAMED_BIND */ *statp = s->s_namecanon.nc_stat; if (*statp == EX_TEMPFAIL) { CurEnv->e_status = "4.4.3"; message("851 %s: Name server timeout", shortenstring(name, 33)); } if (*statp != EX_OK) return NULL; if (s->s_namecanon.nc_cname == NULL) { syserr("host_map_lookup(%s): bogus NULL cache entry, errno = %d, h_errno = %d", name, s->s_namecanon.nc_errno, s->s_namecanon.nc_herrno); return NULL; } if (bitset(MF_MATCHONLY, map->map_mflags)) cp = map_rewrite(map, name, strlen(name), NULL); else cp = map_rewrite(map, s->s_namecanon.nc_cname, strlen(s->s_namecanon.nc_cname), av); return cp; } /* ** If we are running without a regular network connection (usually ** dial-on-demand) and we are just queueing, we want to avoid DNS ** lookups because those could try to connect to a server. */ if (CurEnv->e_sendmode == SM_DEFER && bitset(MF_DEFER, map->map_mflags)) { if (tTd(9, 1)) dprintf("host_map_lookup(%s) => DEFERRED\n", name); *statp = EX_TEMPFAIL; return NULL; } /* ** If first character is a bracket, then it is an address ** lookup. Address is copied into a temporary buffer to ** strip the brackets and to preserve name if address is ** unknown. */ if (tTd(9, 1)) dprintf("host_map_lookup(%s) => ", name); if (*name != '[') { snprintf(hbuf, sizeof hbuf, "%s", name); if (getcanonname(hbuf, sizeof hbuf - 1, !HasWildcardMX)) ans = hbuf; } else { if ((cp = strchr(name, ']')) == NULL) + { + if (tTd(9, 1)) + dprintf("FAILED\n"); return NULL; + } *cp = '\0'; hp = NULL; # if NETINET if ((in_addr.s_addr = inet_addr(&name[1])) != INADDR_NONE) hp = sm_gethostbyaddr((char *)&in_addr, INADDRSZ, AF_INET); # endif /* NETINET */ # if NETINET6 if (hp == NULL && inet_pton(AF_INET6, &name[1], &in6_addr) == 1) hp = sm_gethostbyaddr((char *)&in6_addr, IN6ADDRSZ, AF_INET6); # endif /* NETINET6 */ *cp = ']'; if (hp != NULL) { /* found a match -- copy out */ ans = denlstring((char *) hp->h_name, TRUE, TRUE); +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); + hp = NULL; +# endif /* _FFR_FREEHOSTENT && NETINET6 */ } } s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */ /* Found an answer */ if (ans != NULL) { s->s_namecanon.nc_stat = *statp = EX_OK; s->s_namecanon.nc_cname = newstr(ans); if (bitset(MF_MATCHONLY, map->map_mflags)) cp = map_rewrite(map, name, strlen(name), NULL); else cp = map_rewrite(map, ans, strlen(ans), av); + if (tTd(9, 1)) + dprintf("FOUND %s\n", ans); return cp; } /* No match found */ s->s_namecanon.nc_errno = errno; # if NAMED_BIND s->s_namecanon.nc_herrno = h_errno; if (tTd(9, 1)) dprintf("FAIL (%d)\n", h_errno); switch (h_errno) { case TRY_AGAIN: if (UseNameServer) { CurEnv->e_status = "4.4.3"; message("851 %s: Name server timeout", shortenstring(name, 33)); } *statp = EX_TEMPFAIL; break; case HOST_NOT_FOUND: case NO_DATA: *statp = EX_NOHOST; break; case NO_RECOVERY: *statp = EX_SOFTWARE; break; default: *statp = EX_UNAVAILABLE; break; } # else /* NAMED_BIND */ if (tTd(9, 1)) dprintf("FAIL\n"); *statp = EX_NOHOST; # endif /* NAMED_BIND */ s->s_namecanon.nc_stat = *statp; return NULL; } #else /* DAEMON */ /* code for systems without sophisticated networking */ /* ** MYHOSTNAME -- stub version for case of no daemon code. ** ** Can't convert to upper case here because might be a UUCP name. ** ** Mark, you can change this to be anything you want...... */ char ** myhostname(hostbuf, size) char hostbuf[]; int size; { register FILE *f; hostbuf[0] = '\0'; f = fopen("/usr/include/whoami", "r"); if (f != NULL) { (void) fgets(hostbuf, size, f); fixcrlf(hostbuf, TRUE); (void) fclose(f); } return NULL; } /* ** GETAUTHINFO -- get the real host name associated with a file descriptor ** ** Parameters: ** fd -- the descriptor ** may_be_forged -- an outage that is set to TRUE if the ** forward lookup of RealHostName does not match ** RealHostAddr; set to FALSE if they do match. ** ** Returns: ** The host name associated with this descriptor, if it can ** be determined. ** NULL otherwise. ** ** Side Effects: ** none */ char * getauthinfo(fd, may_be_forged) int fd; bool *may_be_forged; { *may_be_forged = FALSE; return NULL; } /* ** HOST_MAP_LOOKUP -- turn a hostname into canonical form ** ** Parameters: ** map -- a pointer to the database map. ** name -- a buffer containing a hostname. ** avp -- a pointer to a (cf file defined) argument vector. ** statp -- an exit status (out parameter). ** ** Returns: ** mapped host name ** FALSE otherwise. ** ** Side Effects: ** Looks up the host specified in name. If it is not ** the canonical name for that host, replace it with ** the canonical name. If the name is unknown, or it ** is already the canonical name, leave it unchanged. */ /*ARGSUSED*/ char * host_map_lookup(map, name, avp, statp) MAP *map; char *name; char **avp; char *statp; { register struct hostent *hp = NULL; char *cp; hp = sm_gethostbyname(name, InetMode); if (hp == NULL && InetMode != AF_INET) hp = sm_gethostbyname(name, AF_INET); if (hp == NULL) { # if NAMED_BIND if (tTd(9, 1)) dprintf("FAIL (%d)\n", h_errno); switch (h_errno) { case TRY_AGAIN: if (UseNameServer) { CurEnv->e_status = "4.4.3"; message("851 %s: Name server timeout", shortenstring(name, 33)); } *statp = EX_TEMPFAIL; break; case HOST_NOT_FOUND: case NO_DATA: *statp = EX_NOHOST; break; case NO_RECOVERY: *statp = EX_SOFTWARE; break; default: *statp = EX_UNAVAILABLE; break; } #else /* NAMED_BIND */ *statp = EX_NOHOST; #endif /* NAMED_BIND */ return NULL; } if (bitset(MF_MATCHONLY, map->map_mflags)) cp = map_rewrite(map, name, strlen(name), NULL); else cp = map_rewrite(map, hp->h_name, strlen(hp->h_name), avp); +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return cp; } #endif /* DAEMON */ /* ** HOST_MAP_INIT -- initialize host class structures */ bool host_map_init(map, args) MAP *map; char *args; { register char *p = args; for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'a': map->map_app = ++p; break; case 'T': map->map_tapp = ++p; break; case 'm': map->map_mflags |= MF_MATCHONLY; break; case 't': map->map_mflags |= MF_NODEFER; break; case 'S': /* only for consistency */ map->map_spacesub = *++p; break; case 'D': map->map_mflags |= MF_DEFER; break; } while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; } if (map->map_app != NULL) map->map_app = newstr(map->map_app); if (map->map_tapp != NULL) map->map_tapp = newstr(map->map_tapp); return TRUE; } #if NETINET6 /* ** ANYNET_NTOP -- convert an IPv6 network address to printable form. ** ** Parameters: ** s6a -- a pointer to an in6_addr structure. ** dst -- buffer to store result in ** dst_len -- size of dst buffer ** ** Returns: ** A printable version of that structure. */ char * anynet_ntop(s6a, dst, dst_len) struct in6_addr *s6a; char *dst; size_t dst_len; { register char *ap; if (IN6_IS_ADDR_V4MAPPED(s6a)) ap = (char *) inet_ntop(AF_INET, &s6a->s6_addr[IN6ADDRSZ - INADDRSZ], dst, dst_len); else ap = (char *) inet_ntop(AF_INET6, s6a, dst, dst_len); return ap; } #endif /* NETINET6 */ /* ** ANYNET_NTOA -- convert a network address to printable form. ** ** Parameters: ** sap -- a pointer to a sockaddr structure. ** ** Returns: ** A printable version of that sockaddr. */ #ifdef USE_SOCK_STREAM # if NETLINK # include # endif /* NETLINK */ char * anynet_ntoa(sap) register SOCKADDR *sap; { register char *bp; register char *ap; int l; static char buf[100]; /* check for null/zero family */ if (sap == NULL) return "NULLADDR"; if (sap->sa.sa_family == 0) return "0"; switch (sap->sa.sa_family) { # if NETUNIX case AF_UNIX: if (sap->sunix.sun_path[0] != '\0') snprintf(buf, sizeof buf, "[UNIX: %.64s]", sap->sunix.sun_path); else snprintf(buf, sizeof buf, "[UNIX: localhost]"); return buf; # endif /* NETUNIX */ # if NETINET case AF_INET: return (char *) inet_ntoa(sap->sin.sin_addr); # endif /* NETINET */ # if NETINET6 case AF_INET6: ap = anynet_ntop(&sap->sin6.sin6_addr, buf, sizeof buf); if (ap != NULL) return ap; break; # endif /* NETINET6 */ # if NETLINK case AF_LINK: snprintf(buf, sizeof buf, "[LINK: %s]", link_ntoa((struct sockaddr_dl *) &sap->sa)); return buf; # endif /* NETLINK */ default: /* this case is needed when nothing is #defined */ /* in order to keep the switch syntactically correct */ break; } /* unknown family -- just dump bytes */ (void) snprintf(buf, sizeof buf, "Family %d: ", sap->sa.sa_family); bp = &buf[strlen(buf)]; ap = sap->sa.sa_data; for (l = sizeof sap->sa.sa_data; --l >= 0; ) { (void) snprintf(bp, SPACELEFT(buf, bp), "%02x:", *ap++ & 0377); bp += 3; } *--bp = '\0'; return buf; } /* ** HOSTNAMEBYANYADDR -- return name of host based on address ** ** Parameters: ** sap -- SOCKADDR pointer ** ** Returns: ** text representation of host name. ** ** Side Effects: ** none. */ char * hostnamebyanyaddr(sap) register SOCKADDR *sap; { register struct hostent *hp; # if NAMED_BIND int saveretry; # endif /* NAMED_BIND */ # if NETINET6 struct in6_addr in6_addr; # endif /* NETINET6 */ # if NAMED_BIND /* shorten name server timeout to avoid higher level timeouts */ saveretry = _res.retry; if (_res.retry * _res.retrans > 20) _res.retry = 20 / _res.retrans; # endif /* NAMED_BIND */ switch (sap->sa.sa_family) { # if NETINET case AF_INET: hp = sm_gethostbyaddr((char *) &sap->sin.sin_addr, INADDRSZ, AF_INET); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: hp = sm_gethostbyaddr((char *) &sap->sin6.sin6_addr, IN6ADDRSZ, AF_INET6); break; # endif /* NETINET6 */ # if NETISO case AF_ISO: hp = sm_gethostbyaddr((char *) &sap->siso.siso_addr, sizeof sap->siso.siso_addr, AF_ISO); break; # endif /* NETISO */ # if NETUNIX case AF_UNIX: hp = NULL; break; # endif /* NETUNIX */ default: hp = sm_gethostbyaddr(sap->sa.sa_data, sizeof sap->sa.sa_data, sap->sa.sa_family); break; } # if NAMED_BIND _res.retry = saveretry; # endif /* NAMED_BIND */ # if NETINET || NETINET6 if (hp != NULL && hp->h_name[0] != '[' # if NETINET6 && inet_pton(AF_INET6, hp->h_name, &in6_addr) != 1 # endif /* NETINET6 */ # if NETINET && inet_addr(hp->h_name) == INADDR_NONE # endif /* NETINET */ ) - return denlstring((char *) hp->h_name, TRUE, TRUE); + { + char *name; + + name = denlstring((char *) hp->h_name, TRUE, TRUE); + +# if _FFR_FREEHOSTENT && NETINET6 + if (name == hp->h_name) + { + static char n[MAXNAME + 1]; + + /* Copy the string, hp->h_name is about to disappear */ + strlcpy(n, name, sizeof n); + name = n; + } + + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ + return name; + } # endif /* NETINET || NETINET6 */ + +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + { + freehostent(hp); + hp = NULL; + } +# endif /* _FFR_FREEHOSTENT && NETINET6 */ + # if NETUNIX if (sap->sa.sa_family == AF_UNIX && sap->sunix.sun_path[0] == '\0') return "localhost"; # endif /* NETUNIX */ { static char buf[203]; (void) snprintf(buf, sizeof buf, "[%.200s]", anynet_ntoa(sap)); return buf; } } #endif /* USE_SOCK_STREAM */ Index: stable/4/contrib/sendmail/src/deliver.c =================================================================== --- stable/4/contrib/sendmail/src/deliver.c (revision 71887) +++ stable/4/contrib/sendmail/src/deliver.c (revision 71888) @@ -1,5198 +1,5257 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: deliver.c,v 8.600.2.1.2.44 2000/09/21 21:52:17 ca Exp $"; +static char id[] = "@(#)$Id: deliver.c,v 8.600.2.1.2.56 2000/12/19 01:16:12 gshapiro Exp $"; #endif /* ! lint */ #include #if HASSETUSERCONTEXT # include #endif /* HASSETUSERCONTEXT */ #if STARTTLS || (SASL && SFIO) # include "sfsasl.h" #endif /* STARTTLS || (SASL && SFIO) */ static int deliver __P((ENVELOPE *, ADDRESS *)); static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int)); static void mailfiletimeout __P((void)); static void markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool)); static int parse_hostsignature __P((char *, char **, MAILER *)); static void sendenvelope __P((ENVELOPE *, int)); static char *hostsignature __P((MAILER *, char *)); #if SMTP # if STARTTLS static int starttls __P((MAILER *, MCI *, ENVELOPE *)); # endif /* STARTTLS */ #endif /* SMTP */ /* ** SENDALL -- actually send all the messages. ** ** Parameters: ** e -- the envelope to send. ** mode -- the delivery mode to use. If SM_DEFAULT, use ** the current e->e_sendmode. ** ** Returns: ** none. ** ** Side Effects: ** Scans the send lists and sends everything it finds. ** Delivers any appropriate error messages. ** If we are running in a non-interactive mode, takes the ** appropriate action. */ void sendall(e, mode) ENVELOPE *e; int mode; { register ADDRESS *q; char *owner; int otherowners; int save_errno; register ENVELOPE *ee; ENVELOPE *splitenv = NULL; int oldverbose = Verbose; bool somedeliveries = FALSE, expensive = FALSE; pid_t pid; /* ** If this message is to be discarded, don't bother sending ** the message at all. */ if (bitset(EF_DISCARD, e->e_flags)) { if (tTd(13, 1)) dprintf("sendall: discarding id %s\n", e->e_id); e->e_flags |= EF_CLRQUEUE; if (LogLevel > 4) sm_syslog(LOG_INFO, e->e_id, "discarded"); markstats(e, NULL, TRUE); return; } /* ** If we have had global, fatal errors, don't bother sending ** the message at all if we are in SMTP mode. Local errors ** (e.g., a single address failing) will still cause the other ** addresses to be sent. */ if (bitset(EF_FATALERRS, e->e_flags) && (OpMode == MD_SMTP || OpMode == MD_DAEMON)) { e->e_flags |= EF_CLRQUEUE; return; } /* determine actual delivery mode */ if (mode == SM_DEFAULT) { mode = e->e_sendmode; if (mode != SM_VERIFY && mode != SM_DEFER && shouldqueue(e->e_msgpriority, e->e_ctime)) mode = SM_QUEUE; } if (tTd(13, 1)) { dprintf("\n===== SENDALL: mode %c, id %s, e_from ", mode, e->e_id); printaddr(&e->e_from, FALSE); dprintf("\te_flags = "); printenvflags(e); dprintf("sendqueue:\n"); printaddr(e->e_sendqueue, TRUE); } /* ** Do any preprocessing necessary for the mode we are running. ** Check to make sure the hop count is reasonable. ** Delete sends to the sender in mailing lists. */ CurEnv = e; if (tTd(62, 1)) checkfds(NULL); if (e->e_hopcount > MaxHopCount) { errno = 0; #if QUEUE queueup(e, mode == SM_QUEUE || mode == SM_DEFER); #endif /* QUEUE */ e->e_flags |= EF_FATALERRS|EF_PM_NOTIFY|EF_CLRQUEUE; ExitStat = EX_UNAVAILABLE; syserr("554 5.0.0 Too many hops %d (%d max): from %s via %s, to %s", e->e_hopcount, MaxHopCount, e->e_from.q_paddr, RealHostName == NULL ? "localhost" : RealHostName, e->e_sendqueue->q_paddr); for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_DEAD(q->q_state)) continue; q->q_state = QS_BADADDR; q->q_status = "5.4.6"; } return; } /* ** Do sender deletion. ** ** If the sender should be queued up, skip this. ** This can happen if the name server is hosed when you ** are trying to send mail. The result is that the sender ** is instantiated in the queue as a recipient. */ if (!bitset(EF_METOO, e->e_flags) && !QS_IS_QUEUEUP(e->e_from.q_state)) { if (tTd(13, 5)) { dprintf("sendall: QS_SENDER "); printaddr(&e->e_from, FALSE); } e->e_from.q_state = QS_SENDER; (void) recipient(&e->e_from, &e->e_sendqueue, 0, e); } /* ** Handle alias owners. ** ** We scan up the q_alias chain looking for owners. ** We discard owners that are the same as the return path. */ for (q = e->e_sendqueue; q != NULL; q = q->q_next) { register struct address *a; for (a = q; a != NULL && a->q_owner == NULL; a = a->q_alias) continue; if (a != NULL) q->q_owner = a->q_owner; if (q->q_owner != NULL && !QS_IS_DEAD(q->q_state) && strcmp(q->q_owner, e->e_from.q_paddr) == 0) q->q_owner = NULL; } if (tTd(13, 25)) { dprintf("\nAfter first owner pass, sendq =\n"); printaddr(e->e_sendqueue, TRUE); } owner = ""; otherowners = 1; while (owner != NULL && otherowners > 0) { if (tTd(13, 28)) dprintf("owner = \"%s\", otherowners = %d\n", owner, otherowners); owner = NULL; otherowners = bitset(EF_SENDRECEIPT, e->e_flags) ? 1 : 0; for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (tTd(13, 30)) { dprintf("Checking "); printaddr(q, FALSE); } if (QS_IS_DEAD(q->q_state)) { if (tTd(13, 30)) dprintf(" ... QS_IS_DEAD\n"); continue; } if (tTd(13, 29) && !tTd(13, 30)) { dprintf("Checking "); printaddr(q, FALSE); } if (q->q_owner != NULL) { if (owner == NULL) { if (tTd(13, 40)) dprintf(" ... First owner = \"%s\"\n", q->q_owner); owner = q->q_owner; } else if (owner != q->q_owner) { if (strcmp(owner, q->q_owner) == 0) { if (tTd(13, 40)) dprintf(" ... Same owner = \"%s\"\n", owner); /* make future comparisons cheap */ q->q_owner = owner; } else { if (tTd(13, 40)) dprintf(" ... Another owner \"%s\"\n", q->q_owner); otherowners++; } owner = q->q_owner; } else if (tTd(13, 40)) dprintf(" ... Same owner = \"%s\"\n", owner); } else { if (tTd(13, 40)) dprintf(" ... Null owner\n"); otherowners++; } if (QS_IS_BADADDR(q->q_state)) { if (tTd(13, 30)) dprintf(" ... QS_IS_BADADDR\n"); continue; } if (QS_IS_QUEUEUP(q->q_state)) { MAILER *m = q->q_mailer; /* ** If we have temporary address failures ** (e.g., dns failure) and a fallback MX is ** set, send directly to the fallback MX host. */ if (FallBackMX != NULL && !wordinclass(FallBackMX, 'w') && mode != SM_VERIFY && (strcmp(m->m_mailer, "[IPC]") == 0 || strcmp(m->m_mailer, "[TCP]") == 0) && m->m_argv[0] != NULL && (strcmp(m->m_argv[0], "TCP") == 0 || strcmp(m->m_argv[0], "IPC") == 0)) { int len; char *p; if (tTd(13, 30)) dprintf(" ... FallBackMX\n"); len = strlen(FallBackMX) + 3; p = xalloc(len); snprintf(p, len, "[%s]", FallBackMX); q->q_state = QS_OK; q->q_host = p; } else { if (tTd(13, 30)) dprintf(" ... QS_IS_QUEUEUP\n"); continue; } } /* ** If this mailer is expensive, and if we don't ** want to make connections now, just mark these ** addresses and return. This is useful if we ** want to batch connections to reduce load. This ** will cause the messages to be queued up, and a ** daemon will come along to send the messages later. */ if (NoConnect && !Verbose && bitnset(M_EXPENSIVE, q->q_mailer->m_flags)) { if (tTd(13, 30)) dprintf(" ... expensive\n"); q->q_state = QS_QUEUEUP; expensive = TRUE; } else if (bitnset(M_HOLD, q->q_mailer->m_flags) && QueueLimitId == NULL && QueueLimitSender == NULL && QueueLimitRecipient == NULL) { if (tTd(13, 30)) dprintf(" ... hold\n"); q->q_state = QS_QUEUEUP; expensive = TRUE; } else { if (tTd(13, 30)) dprintf(" ... deliverable\n"); somedeliveries = TRUE; } } if (owner != NULL && otherowners > 0) { /* ** Split this envelope into two. */ ee = (ENVELOPE *) xalloc(sizeof *ee); *ee = *e; ee->e_message = NULL; ee->e_id = NULL; assign_queueid(ee); if (tTd(13, 1)) dprintf("sendall: split %s into %s, owner = \"%s\", otherowners = %d\n", e->e_id, ee->e_id, owner, otherowners); ee->e_header = copyheader(e->e_header); ee->e_sendqueue = copyqueue(e->e_sendqueue); ee->e_errorqueue = copyqueue(e->e_errorqueue); ee->e_flags = e->e_flags & ~(EF_INQUEUE|EF_CLRQUEUE|EF_FATALERRS|EF_SENDRECEIPT|EF_RET_PARAM); ee->e_flags |= EF_NORECEIPT; setsender(owner, ee, NULL, '\0', TRUE); if (tTd(13, 5)) { dprintf("sendall(split): QS_SENDER "); printaddr(&ee->e_from, FALSE); } ee->e_from.q_state = QS_SENDER; ee->e_dfp = NULL; ee->e_lockfp = NULL; ee->e_xfp = NULL; ee->e_queuedir = e->e_queuedir; ee->e_errormode = EM_MAIL; ee->e_sibling = splitenv; ee->e_statmsg = NULL; splitenv = ee; for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (q->q_owner == owner) { q->q_state = QS_CLONED; if (tTd(13, 6)) dprintf("\t... stripping %s from original envelope\n", q->q_paddr); } } for (q = ee->e_sendqueue; q != NULL; q = q->q_next) { if (q->q_owner != owner) { q->q_state = QS_CLONED; if (tTd(13, 6)) dprintf("\t... dropping %s from cloned envelope\n", q->q_paddr); } else { /* clear DSN parameters */ q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); q->q_flags |= DefaultNotify & ~QPINGONSUCCESS; if (tTd(13, 6)) dprintf("\t... moving %s to cloned envelope\n", q->q_paddr); } } if (mode != SM_VERIFY && bitset(EF_HAS_DF, e->e_flags)) dup_queue_file(e, ee, 'd'); /* ** Give the split envelope access to the parent ** transcript file for errors obtained while ** processing the recipients (done before the ** envelope splitting). */ if (e->e_xfp != NULL) ee->e_xfp = bfdup(e->e_xfp); /* failed to dup e->e_xfp, start a new transcript */ if (ee->e_xfp == NULL) openxscript(ee); if (mode != SM_VERIFY && LogLevel > 4) sm_syslog(LOG_INFO, ee->e_id, "clone %s, owner=%s", e->e_id, owner); } } if (owner != NULL) { setsender(owner, e, NULL, '\0', TRUE); if (tTd(13, 5)) { dprintf("sendall(owner): QS_SENDER "); printaddr(&e->e_from, FALSE); } e->e_from.q_state = QS_SENDER; e->e_errormode = EM_MAIL; e->e_flags |= EF_NORECEIPT; e->e_flags &= ~EF_FATALERRS; } /* if nothing to be delivered, just queue up everything */ if (!somedeliveries && mode != SM_QUEUE && mode != SM_DEFER && mode != SM_VERIFY) { + time_t now = curtime(); + if (tTd(13, 29)) dprintf("No deliveries: auto-queuing\n"); mode = SM_QUEUE; /* treat this as a delivery in terms of counting tries */ - e->e_dtime = curtime(); + e->e_dtime = now; if (!expensive) e->e_ntries++; for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { - ee->e_dtime = curtime(); + ee->e_dtime = now; if (!expensive) ee->e_ntries++; } } #if QUEUE if ((mode == SM_QUEUE || mode == SM_DEFER || mode == SM_FORK || (mode != SM_VERIFY && SuperSafe)) && (!bitset(EF_INQUEUE, e->e_flags) || splitenv != NULL)) { /* ** Be sure everything is instantiated in the queue. ** Split envelopes first in case the machine crashes. ** If the original were done first, we may lose ** recipients. */ for (ee = splitenv; ee != NULL; ee = ee->e_sibling) queueup(ee, mode == SM_QUEUE || mode == SM_DEFER); queueup(e, mode == SM_QUEUE || mode == SM_DEFER); } #endif /* QUEUE */ if (tTd(62, 10)) checkfds("after envelope splitting"); /* ** If we belong in background, fork now. */ if (tTd(13, 20)) { dprintf("sendall: final mode = %c\n", mode); if (tTd(13, 21)) { dprintf("\n================ Final Send Queue(s) =====================\n"); dprintf("\n *** Envelope %s, e_from=%s ***\n", e->e_id, e->e_from.q_paddr); printaddr(e->e_sendqueue, TRUE); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { dprintf("\n *** Envelope %s, e_from=%s ***\n", ee->e_id, ee->e_from.q_paddr); printaddr(ee->e_sendqueue, TRUE); } dprintf("==========================================================\n\n"); } } switch (mode) { case SM_VERIFY: Verbose = 2; break; case SM_QUEUE: case SM_DEFER: #if HASFLOCK queueonly: #endif /* HASFLOCK */ if (e->e_nrcpts > 0) e->e_flags |= EF_INQUEUE; dropenvelope(e, splitenv != NULL); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { if (ee->e_nrcpts > 0) ee->e_flags |= EF_INQUEUE; dropenvelope(ee, FALSE); } return; case SM_FORK: if (e->e_xfp != NULL) (void) fflush(e->e_xfp); #if !HASFLOCK /* ** Since fcntl locking has the interesting semantic that ** the lock is owned by a process, not by an open file ** descriptor, we have to flush this to the queue, and ** then restart from scratch in the child. */ { /* save id for future use */ char *qid = e->e_id; /* now drop the envelope in the parent */ e->e_flags |= EF_INQUEUE; dropenvelope(e, splitenv != NULL); /* arrange to reacquire lock after fork */ e->e_id = qid; } for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { /* save id for future use */ char *qid = ee->e_id; /* drop envelope in parent */ ee->e_flags |= EF_INQUEUE; dropenvelope(ee, FALSE); /* and save qid for reacquisition */ ee->e_id = qid; } #endif /* !HASFLOCK */ /* ** Since the delivery may happen in a child and the parent ** does not wait, the parent may close the maps thereby ** removing any shared memory used by the map. Therefore, ** close the maps now so the child will dynamically open ** them if necessary. */ closemaps(); pid = fork(); if (pid < 0) { syserr("deliver: fork 1"); #if HASFLOCK goto queueonly; #else /* HASFLOCK */ e->e_id = NULL; for (ee = splitenv; ee != NULL; ee = ee->e_sibling) ee->e_id = NULL; return; #endif /* HASFLOCK */ } else if (pid > 0) { #if HASFLOCK /* be sure we leave the temp files to our child */ /* close any random open files in the envelope */ closexscript(e); if (e->e_dfp != NULL) (void) bfclose(e->e_dfp); e->e_dfp = NULL; e->e_flags &= ~EF_HAS_DF; /* can't call unlockqueue to avoid unlink of xfp */ if (e->e_lockfp != NULL) (void) fclose(e->e_lockfp); else syserr("%s: sendall: null lockfp", e->e_id); e->e_lockfp = NULL; #endif /* HASFLOCK */ /* make sure the parent doesn't own the envelope */ e->e_id = NULL; /* catch intermediate zombie */ (void) waitfor(pid); return; } /* ** Since we have accepted responsbility for the message, ** change the SIGTERM handler. intsig() (the old handler) ** would remove the envelope if this was a command line ** message submission. */ (void) setsignal(SIGTERM, SIG_DFL); /* double fork to avoid zombies */ pid = fork(); if (pid > 0) exit(EX_OK); save_errno = errno; /* be sure we are immune from the terminal */ disconnect(2, e); clearstats(); /* prevent parent from waiting if there was an error */ if (pid < 0) { errno = save_errno; syserr("deliver: fork 2"); #if HASFLOCK e->e_flags |= EF_INQUEUE; #else /* HASFLOCK */ e->e_id = NULL; #endif /* HASFLOCK */ finis(TRUE, ExitStat); } /* be sure to give error messages in child */ QuickAbort = FALSE; /* ** Close any cached connections. ** ** We don't send the QUIT protocol because the parent ** still knows about the connection. ** ** This should only happen when delivering an error ** message. */ mci_flush(FALSE, NULL); #if HASFLOCK break; #else /* HASFLOCK */ /* ** Now reacquire and run the various queue files. */ for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { ENVELOPE *sibling = ee->e_sibling; (void) dowork(ee->e_queuedir, ee->e_id, FALSE, FALSE, ee); ee->e_sibling = sibling; } (void) dowork(e->e_queuedir, e->e_id, FALSE, FALSE, e); finis(TRUE, ExitStat); #endif /* HASFLOCK */ } sendenvelope(e, mode); dropenvelope(e, TRUE); for (ee = splitenv; ee != NULL; ee = ee->e_sibling) { CurEnv = ee; if (mode != SM_VERIFY) openxscript(ee); sendenvelope(ee, mode); dropenvelope(ee, TRUE); } CurEnv = e; Verbose = oldverbose; if (mode == SM_FORK) finis(TRUE, ExitStat); } static void sendenvelope(e, mode) register ENVELOPE *e; int mode; { register ADDRESS *q; bool didany; if (tTd(13, 10)) dprintf("sendenvelope(%s) e_flags=0x%lx\n", e->e_id == NULL ? "[NOQUEUE]" : e->e_id, e->e_flags); if (LogLevel > 80) sm_syslog(LOG_DEBUG, e->e_id, "sendenvelope, flags=0x%lx", e->e_flags); /* ** If we have had global, fatal errors, don't bother sending ** the message at all if we are in SMTP mode. Local errors ** (e.g., a single address failing) will still cause the other ** addresses to be sent. */ if (bitset(EF_FATALERRS, e->e_flags) && (OpMode == MD_SMTP || OpMode == MD_DAEMON)) { e->e_flags |= EF_CLRQUEUE; return; } /* Don't attempt deliveries if we want to bounce now */ if (!bitset(EF_RESPONSE, e->e_flags) && TimeOuts.to_q_return[e->e_timeoutclass] == NOW) return; /* ** Run through the list and send everything. ** ** Set EF_GLOBALERRS so that error messages during delivery ** result in returned mail. */ e->e_nsent = 0; e->e_flags |= EF_GLOBALERRS; define(macid("{envid}", NULL), e->e_envid, e); define(macid("{bodytype}", NULL), e->e_bodytype, e); didany = FALSE; /* now run through the queue */ for (q = e->e_sendqueue; q != NULL; q = q->q_next) { #if XDEBUG char wbuf[MAXNAME + 20]; (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)", MAXNAME, q->q_paddr); checkfd012(wbuf); #endif /* XDEBUG */ if (mode == SM_VERIFY) { e->e_to = q->q_paddr; if (QS_IS_SENDABLE(q->q_state)) { if (q->q_host != NULL && q->q_host[0] != '\0') message("deliverable: mailer %s, host %s, user %s", q->q_mailer->m_name, q->q_host, q->q_user); else message("deliverable: mailer %s, user %s", q->q_mailer->m_name, q->q_user); } } else if (QS_IS_OK(q->q_state)) { #if QUEUE /* ** Checkpoint the send list every few addresses */ if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval) { queueup(e, FALSE); e->e_nsent = 0; } #endif /* QUEUE */ (void) deliver(e, q); didany = TRUE; } } if (didany) { e->e_dtime = curtime(); e->e_ntries++; } #if XDEBUG checkfd012("end of sendenvelope"); #endif /* XDEBUG */ } /* ** DUP_QUEUE_FILE -- duplicate a queue file into a split queue ** ** Parameters: ** e -- the existing envelope ** ee -- the new envelope ** type -- the queue file type (e.g., 'd') ** ** Returns: ** none */ static void dup_queue_file(e, ee, type) struct envelope *e, *ee; int type; { char f1buf[MAXPATHLEN], f2buf[MAXPATHLEN]; ee->e_dfp = NULL; ee->e_xfp = NULL; /* ** Make sure both are in the same directory. */ snprintf(f1buf, sizeof f1buf, "%s", queuename(e, type)); snprintf(f2buf, sizeof f2buf, "%s", queuename(ee, type)); if (link(f1buf, f2buf) < 0) { int save_errno = errno; syserr("sendall: link(%s, %s)", f1buf, f2buf); if (save_errno == EEXIST) { if (unlink(f2buf) < 0) { syserr("!sendall: unlink(%s): permanent", f2buf); /* NOTREACHED */ } if (link(f1buf, f2buf) < 0) { syserr("!sendall: link(%s, %s): permanent", f1buf, f2buf); /* NOTREACHED */ } } } } /* ** DOFORK -- do a fork, retrying a couple of times on failure. ** ** This MUST be a macro, since after a vfork we are running ** two processes on the same stack!!! ** ** Parameters: ** none. ** ** Returns: ** From a macro??? You've got to be kidding! ** ** Side Effects: ** Modifies the ==> LOCAL <== variable 'pid', leaving: ** pid of child in parent, zero in child. ** -1 on unrecoverable error. ** ** Notes: ** I'm awfully sorry this looks so awful. That's ** vfork for you..... */ #define NFORKTRIES 5 #ifndef FORK # define FORK fork #endif /* ! FORK */ #define DOFORK(fORKfN) \ {\ register int i;\ \ for (i = NFORKTRIES; --i >= 0; )\ {\ pid = fORKfN();\ if (pid >= 0)\ break;\ if (i > 0)\ (void) sleep((unsigned) NFORKTRIES - i);\ }\ } /* ** DOFORK -- simple fork interface to DOFORK. ** ** Parameters: ** none. ** ** Returns: ** pid of child in parent. ** zero in child. ** -1 on error. ** ** Side Effects: ** returns twice, once in parent and once in child. */ int dofork() { register pid_t pid = -1; DOFORK(fork); return pid; } /* ** DELIVER -- Deliver a message to a list of addresses. ** ** This routine delivers to everyone on the same host as the ** user on the head of the list. It is clever about mailers ** that don't handle multiple users. It is NOT guaranteed ** that it will deliver to all these addresses however -- so ** deliver should be called once for each address on the ** list. ** ** Parameters: ** e -- the envelope to deliver. ** firstto -- head of the address list to deliver to. ** ** Returns: ** zero -- successfully delivered. ** else -- some failure, see ExitStat for more info. ** ** Side Effects: ** The standard input is passed off to someone. */ #ifndef NO_UID # define NO_UID -1 #endif /* ! NO_UID */ #ifndef NO_GID # define NO_GID -1 #endif /* ! NO_GID */ static int deliver(e, firstto) register ENVELOPE *e; ADDRESS *firstto; { char *host; /* host being sent to */ char *user; /* user being sent to */ char **pvp; register char **mvp; register char *p; register MAILER *m; /* mailer for this recipient */ ADDRESS *volatile ctladdr; ADDRESS *volatile contextaddr = NULL; register MCI *volatile mci; register ADDRESS *to = firstto; volatile bool clever = FALSE; /* running user smtp to this mailer */ ADDRESS *volatile tochain = NULL; /* users chain in this mailer call */ int rcode; /* response code */ int lmtp_rcode = EX_OK; int nummxhosts = 0; /* number of MX hosts available */ int hostnum = 0; /* current MX host index */ char *firstsig; /* signature of firstto */ pid_t pid = -1; char *volatile curhost; register u_short port = 0; #if NETUNIX char *mux_path = NULL; /* path to UNIX domain socket */ #endif /* NETUNIX */ time_t xstart; bool suidwarn; bool anyok; /* at least one address was OK */ bool goodmxfound = FALSE; /* at least one MX was OK */ bool ovr; #if _FFR_DYNAMIC_TOBUF int strsize; int rcptcount; static int tobufsize = 0; static char *tobuf = NULL; #else /* _FFR_DYNAMIC_TOBUF */ char tobuf[TOBUFSIZE]; /* text line of to people */ #endif /* _FFR_DYNAMIC_TOBUF */ int mpvect[2]; int rpvect[2]; char *mxhosts[MAXMXHOSTS + 1]; char *pv[MAXPV + 1]; char buf[MAXNAME + 1]; char rpathbuf[MAXNAME + 1]; /* translated return path */ errno = 0; if (!QS_IS_OK(to->q_state)) return 0; suidwarn = geteuid() == 0; m = to->q_mailer; host = to->q_host; CurEnv = e; /* just in case */ e->e_statmsg = NULL; #if SMTP SmtpError[0] = '\0'; #endif /* SMTP */ xstart = curtime(); if (tTd(10, 1)) dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n", e->e_id, m->m_name, host, to->q_user); if (tTd(10, 100)) printopenfds(FALSE); /* ** Clear $&{client_*} macros if this is a bounce message to ** prevent rejection by check_compat ruleset. */ if (bitset(EF_RESPONSE, e->e_flags)) { define(macid("{client_name}", NULL), "", e); define(macid("{client_addr}", NULL), "", e); define(macid("{client_port}", NULL), "", e); } /* ** Do initial argv setup. ** Insert the mailer name. Notice that $x expansion is ** NOT done on the mailer name. Then, if the mailer has ** a picky -f flag, we insert it as appropriate. This ** code does not check for 'pv' overflow; this places a ** manifest lower limit of 4 for MAXPV. ** The from address rewrite is expected to make ** the address relative to the other end. */ /* rewrite from address, using rewriting rules */ rcode = EX_OK; if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) p = e->e_sender; else p = e->e_from.q_paddr; p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); if (strlen(p) >= (SIZE_T) sizeof rpathbuf) { p = shortenstring(p, MAXSHORTSTR); syserr("remotename: huge return %s", p); } snprintf(rpathbuf, sizeof rpathbuf, "%s", p); define('g', rpathbuf, e); /* translated return path */ define('h', host, e); /* to host */ Errors = 0; pvp = pv; *pvp++ = m->m_argv[0]; /* insert -f or -r flag as appropriate */ if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags))) { if (bitnset(M_FOPT, m->m_flags)) *pvp++ = "-f"; else *pvp++ = "-r"; *pvp++ = newstr(rpathbuf); } /* ** Append the other fixed parts of the argv. These run ** up to the first entry containing "$u". There can only ** be one of these, and there are only a few more slots ** in the pv after it. */ for (mvp = m->m_argv; (p = *++mvp) != NULL; ) { /* can't use strchr here because of sign extension problems */ while (*p != '\0') { if ((*p++ & 0377) == MACROEXPAND) { if (*p == 'u') break; } } if (*p != '\0') break; /* this entry is safe -- go ahead and process it */ expand(*mvp, buf, sizeof buf, e); *pvp++ = newstr(buf); if (pvp >= &pv[MAXPV - 3]) { syserr("554 5.3.5 Too many parameters to %s before $u", pv[0]); return -1; } } /* ** If we have no substitution for the user name in the argument ** list, we know that we must supply the names otherwise -- and ** SMTP is the answer!! */ if (*mvp == NULL) { /* running SMTP */ #if SMTP clever = TRUE; *pvp = NULL; #else /* SMTP */ /* oops! we don't implement SMTP */ syserr("554 5.3.5 SMTP style mailer not implemented"); return EX_SOFTWARE; #endif /* SMTP */ } /* ** At this point *mvp points to the argument with $u. We ** run through our address list and append all the addresses ** we can. If we run out of space, do not fret! We can ** always send another copy later. */ #if _FFR_DYNAMIC_TOBUF e->e_to = NULL; strsize = 2; rcptcount = 0; #else /* _FFR_DYNAMIC_TOBUF */ tobuf[0] = '\0'; e->e_to = tobuf; #endif /* _FFR_DYNAMIC_TOBUF */ ctladdr = NULL; firstsig = hostsignature(firstto->q_mailer, firstto->q_host); for (; to != NULL; to = to->q_next) { /* avoid sending multiple recipients to dumb mailers */ #if _FFR_DYNAMIC_TOBUF if (tochain != NULL && !bitnset(M_MUSER, m->m_flags)) break; #else /* _FFR_DYNAMIC_TOBUF */ if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) break; #endif /* _FFR_DYNAMIC_TOBUF */ /* if already sent or not for this host, don't send */ if (!QS_IS_OK(to->q_state) || to->q_mailer != firstto->q_mailer || strcmp(hostsignature(to->q_mailer, to->q_host), firstsig) != 0) continue; /* avoid overflowing tobuf */ #if _FFR_DYNAMIC_TOBUF strsize += strlen(to->q_paddr) + 1; if (!clever && strsize > TOBUFSIZE) break; if (++rcptcount > to->q_mailer->m_maxrcpt) break; #else /* _FFR_DYNAMIC_TOBUF */ if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2)) break; #endif /* _FFR_DYNAMIC_TOBUF */ if (tTd(10, 1)) { dprintf("\nsend to "); printaddr(to, FALSE); } /* compute effective uid/gid when sending */ if (bitnset(M_RUNASRCPT, to->q_mailer->m_flags)) contextaddr = ctladdr = getctladdr(to); if (tTd(10, 2)) { dprintf("ctladdr="); printaddr(ctladdr, FALSE); } user = to->q_user; e->e_to = to->q_paddr; /* ** Check to see that these people are allowed to ** talk to each other. ** Check also for overflow of e_msgsize. */ if (m->m_maxsize != 0 && (e->e_msgsize > m->m_maxsize || e->e_msgsize < 0)) { e->e_flags |= EF_NO_BODY_RETN; if (bitnset(M_LOCALMAILER, to->q_mailer->m_flags)) to->q_status = "5.2.3"; else to->q_status = "5.3.4"; /* set to->q_rstatus = NULL; or to the following? */ usrerrenh(to->q_status, "552 Message is too large; %ld bytes max", m->m_maxsize); markfailure(e, to, NULL, EX_UNAVAILABLE, FALSE); giveresponse(EX_UNAVAILABLE, to->q_status, m, NULL, ctladdr, xstart, e); continue; } #if NAMED_BIND h_errno = 0; #endif /* NAMED_BIND */ ovr = TRUE; /* do config file checking of compatibility */ rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr, - e, TRUE, TRUE, 4); + e, TRUE, TRUE, 4, NULL); if (rcode == EX_OK) { /* do in-code checking if not discarding */ if (!bitset(EF_DISCARD, e->e_flags)) { rcode = checkcompat(to, e); ovr = FALSE; } } if (rcode != EX_OK) { markfailure(e, to, NULL, rcode, ovr); giveresponse(rcode, to->q_status, m, NULL, ctladdr, xstart, e); continue; } if (bitset(EF_DISCARD, e->e_flags)) { if (tTd(10, 5)) { dprintf("deliver: discarding recipient "); printaddr(to, FALSE); } /* pretend the message was sent */ /* XXX should we log something here? */ to->q_state = QS_DISCARDED; /* ** Remove discard bit to prevent discard of ** future recipients. This is safe because the ** true "global discard" has been handled before ** we get here. */ e->e_flags &= ~EF_DISCARD; continue; } /* ** Strip quote bits from names if the mailer is dumb ** about them. */ if (bitnset(M_STRIPQ, m->m_flags)) { stripquotes(user); stripquotes(host); } /* hack attack -- delivermail compatibility */ if (m == ProgMailer && *user == '|') user++; /* ** If an error message has already been given, don't ** bother to send to this address. ** ** >>>>>>>>>> This clause assumes that the local mailer ** >> NOTE >> cannot do any further aliasing; that ** >>>>>>>>>> function is subsumed by sendmail. */ if (!QS_IS_OK(to->q_state)) continue; /* ** See if this user name is "special". ** If the user name has a slash in it, assume that this ** is a file -- send it off without further ado. Note ** that this type of addresses is not processed along ** with the others, so we fudge on the To person. */ if (strcmp(m->m_mailer, "[FILE]") == 0) { define('u', user, e); /* to user */ p = to->q_home; if (p == NULL && ctladdr != NULL) p = ctladdr->q_home; define('z', p, e); /* user's home */ expand(m->m_argv[1], buf, sizeof buf, e); if (strlen(buf) > 0) rcode = mailfile(buf, m, ctladdr, SFF_CREAT, e); else { syserr("empty filename specification for mailer %s", m->m_name); rcode = EX_CONFIG; } giveresponse(rcode, to->q_status, m, NULL, ctladdr, xstart, e); markfailure(e, to, NULL, rcode, TRUE); e->e_nsent++; if (rcode == EX_OK) { to->q_state = QS_SENT; if (bitnset(M_LOCALMAILER, m->m_flags) && bitset(QPINGONSUCCESS, to->q_flags)) { to->q_flags |= QDELIVERED; to->q_status = "2.1.5"; fprintf(e->e_xfp, "%s... Successfully delivered\n", to->q_paddr); } } to->q_statdate = curtime(); markstats(e, to, FALSE); continue; } /* ** Address is verified -- add this user to mailer ** argv, and add it to the print list of recipients. */ /* link together the chain of recipients */ to->q_tchain = tochain; tochain = to; #if _FFR_DYNAMIC_TOBUF e->e_to = "[CHAIN]"; #else /* _FFR_DYNAMIC_TOBUF */ /* create list of users for error messages */ (void) strlcat(tobuf, ",", sizeof tobuf); (void) strlcat(tobuf, to->q_paddr, sizeof tobuf); #endif /* _FFR_DYNAMIC_TOBUF */ define('u', user, e); /* to user */ p = to->q_home; if (p == NULL && ctladdr != NULL) p = ctladdr->q_home; define('z', p, e); /* user's home */ /* set the ${dsn_notify} macro if applicable */ if (bitset(QHASNOTIFY, to->q_flags)) { char notify[MAXLINE]; notify[0] = '\0'; if (bitset(QPINGONSUCCESS, to->q_flags)) (void) strlcat(notify, "SUCCESS,", sizeof notify); if (bitset(QPINGONFAILURE, to->q_flags)) (void) strlcat(notify, "FAILURE,", sizeof notify); if (bitset(QPINGONDELAY, to->q_flags)) (void) strlcat(notify, "DELAY,", sizeof notify); /* Set to NEVER or drop trailing comma */ if (notify[0] == '\0') (void) strlcat(notify, "NEVER", sizeof notify); else notify[strlen(notify) - 1] = '\0'; define(macid("{dsn_notify}", NULL), newstr(notify), e); } else define(macid("{dsn_notify}", NULL), NULL, e); /* ** Expand out this user into argument list. */ if (!clever) { expand(*mvp, buf, sizeof buf, e); *pvp++ = newstr(buf); if (pvp >= &pv[MAXPV - 2]) { /* allow some space for trailing parms */ break; } } } /* see if any addresses still exist */ #if _FFR_DYNAMIC_TOBUF if (tochain == NULL) #else /* _FFR_DYNAMIC_TOBUF */ if (tobuf[0] == '\0') #endif /* _FFR_DYNAMIC_TOBUF */ { define('g', (char *) NULL, e); e->e_to = NULL; return 0; } /* print out messages as full list */ #if _FFR_DYNAMIC_TOBUF { int l = 1; char *tobufptr; for (to = tochain; to != NULL; to = to->q_tchain) l += strlen(to->q_paddr) + 1; if (l < TOBUFSIZE) l = TOBUFSIZE; if (l > tobufsize) { if (tobuf != NULL) free(tobuf); tobufsize = l; tobuf = xalloc(tobufsize); } tobufptr = tobuf; *tobufptr = '\0'; for (to = tochain; to != NULL; to = to->q_tchain) { snprintf(tobufptr, tobufsize - (tobufptr - tobuf), ",%s", to->q_paddr); tobufptr += strlen(tobufptr); } } #endif /* _FFR_DYNAMIC_TOBUF */ e->e_to = tobuf + 1; /* ** Fill out any parameters after the $u parameter. */ while (!clever && *++mvp != NULL) { expand(*mvp, buf, sizeof buf, e); *pvp++ = newstr(buf); if (pvp >= &pv[MAXPV]) syserr("554 5.3.0 deliver: pv overflow after $u for %s", pv[0]); } *pvp++ = NULL; /* ** Call the mailer. ** The argument vector gets built, pipes ** are created as necessary, and we fork & exec as ** appropriate. ** If we are running SMTP, we just need to clean up. */ /* XXX this seems a bit wierd */ if (ctladdr == NULL && m != ProgMailer && m != FileMailer && bitset(QGOODUID, e->e_from.q_flags)) ctladdr = &e->e_from; #if NAMED_BIND if (ConfigLevel < 2) _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ #endif /* NAMED_BIND */ if (tTd(11, 1)) { dprintf("openmailer:"); printav(pv); } errno = 0; #if NAMED_BIND h_errno = 0; #endif /* NAMED_BIND */ CurHostName = NULL; /* ** Deal with the special case of mail handled through an IPC ** connection. ** In this case we don't actually fork. We must be ** running SMTP for this to work. We will return a ** zero pid to indicate that we are running IPC. ** We also handle a debug version that just talks to stdin/out. */ curhost = NULL; SmtpPhase = NULL; mci = NULL; #if XDEBUG { char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)", shortenstring(e->e_to, MAXSHORTSTR), m->m_name); checkfd012(wbuf); } #endif /* XDEBUG */ /* check for 8-bit available */ if (bitset(EF_HAS8BIT, e->e_flags) && bitnset(M_7BITS, m->m_flags) && (bitset(EF_DONT_MIME, e->e_flags) || !(bitset(MM_MIME8BIT, MimeMode) || (bitset(EF_IS_MIME, e->e_flags) && bitset(MM_CVTMIME, MimeMode))))) { e->e_status = "5.6.3"; usrerrenh(e->e_status, "554 Cannot send 8-bit data to 7-bit destination"); rcode = EX_DATAERR; goto give_up; } if (tTd(62, 8)) checkfds("before delivery"); /* check for Local Person Communication -- not for mortals!!! */ if (strcmp(m->m_mailer, "[LPC]") == 0) { mci = (MCI *) xalloc(sizeof *mci); memset((char *) mci, '\0', sizeof *mci); mci->mci_in = stdin; mci->mci_out = stdout; mci->mci_state = clever ? MCIS_OPENING : MCIS_OPEN; mci->mci_mailer = m; } else if (strcmp(m->m_mailer, "[IPC]") == 0 || strcmp(m->m_mailer, "[TCP]") == 0) { #if DAEMON register int i; if (pv[0] == NULL || pv[1] == NULL || pv[1][0] == '\0') { syserr("null destination for %s mailer", m->m_mailer); rcode = EX_CONFIG; goto give_up; } # if NETUNIX if (strcmp(pv[0], "FILE") == 0) { curhost = CurHostName = "localhost"; mux_path = pv[1]; } else # endif /* NETUNIX */ { CurHostName = pv[1]; curhost = hostsignature(m, pv[1]); } if (curhost == NULL || curhost[0] == '\0') { syserr("null host signature for %s", pv[1]); rcode = EX_CONFIG; goto give_up; } if (!clever) { syserr("554 5.3.5 non-clever IPC"); rcode = EX_CONFIG; goto give_up; } if (pv[2] != NULL # if NETUNIX && mux_path == NULL # endif /* NETUNIX */ ) { port = htons((u_short)atoi(pv[2])); if (port == 0) { # ifdef NO_GETSERVBYNAME syserr("Invalid port number: %s", pv[2]); # else /* NO_GETSERVBYNAME */ struct servent *sp = getservbyname(pv[2], "tcp"); if (sp == NULL) syserr("Service %s unknown", pv[2]); else port = sp->s_port; # endif /* NO_GETSERVBYNAME */ } } nummxhosts = parse_hostsignature(curhost, mxhosts, m); tryhost: while (hostnum < nummxhosts) { char sep = ':'; char *endp; static char hostbuf[MAXNAME + 1]; # if NETINET6 if (*mxhosts[hostnum] == '[') { endp = strchr(mxhosts[hostnum] + 1, ']'); if (endp != NULL) endp = strpbrk(endp + 1, ":,"); } else endp = strpbrk(mxhosts[hostnum], ":,"); # else /* NETINET6 */ endp = strpbrk(mxhosts[hostnum], ":,"); # endif /* NETINET6 */ if (endp != NULL) { sep = *endp; *endp = '\0'; } if (*mxhosts[hostnum] == '\0') { syserr("deliver: null host name in signature"); hostnum++; if (endp != NULL) *endp = sep; continue; } (void) strlcpy(hostbuf, mxhosts[hostnum], sizeof hostbuf); hostnum++; if (endp != NULL) *endp = sep; /* see if we already know that this host is fried */ CurHostName = hostbuf; mci = mci_get(hostbuf, m); if (mci->mci_state != MCIS_CLOSED) { if (tTd(11, 1)) { dprintf("openmailer: "); mci_dump(mci, FALSE); } CurHostName = mci->mci_host; message("Using cached %sSMTP connection to %s via %s...", bitset(MCIF_ESMTP, mci->mci_flags) ? "E" : "", hostbuf, m->m_name); mci->mci_deliveries++; break; } mci->mci_mailer = m; if (mci->mci_exitstat != EX_OK) { if (mci->mci_exitstat == EX_TEMPFAIL) goodmxfound = TRUE; continue; } if (mci_lock_host(mci) != EX_OK) { mci_setstat(mci, EX_TEMPFAIL, "4.4.5", NULL); goodmxfound = TRUE; continue; } /* try the connection */ sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), hostbuf, "user open"); # if NETUNIX if (mux_path != NULL) { message("Connecting to %s via %s...", mux_path, m->m_name); i = makeconnection_ds(mux_path, mci); } else # endif /* NETUNIX */ { if (port == 0) message("Connecting to %s via %s...", hostbuf, m->m_name); else message("Connecting to %s port %d via %s...", hostbuf, ntohs(port), m->m_name); i = makeconnection(hostbuf, port, mci, e); } mci->mci_lastuse = curtime(); mci->mci_deliveries = 0; mci->mci_exitstat = i; mci->mci_errno = errno; # if NAMED_BIND mci->mci_herrno = h_errno; # endif /* NAMED_BIND */ if (i == EX_OK) { goodmxfound = TRUE; mci->mci_state = MCIS_OPENING; mci_cache(mci); if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d === CONNECT %s\n", (int) getpid(), hostbuf); break; } else { if (tTd(11, 1)) dprintf("openmailer: makeconnection => stat=%d, errno=%d\n", i, errno); if (i == EX_TEMPFAIL) goodmxfound = TRUE; mci_unlock_host(mci); } /* enter status of this host */ setstat(i); /* should print some message here for -v mode */ } if (mci == NULL) { syserr("deliver: no host name"); rcode = EX_SOFTWARE; goto give_up; } mci->mci_pid = 0; #else /* DAEMON */ syserr("554 5.3.5 openmailer: no IPC"); if (tTd(11, 1)) dprintf("openmailer: NULL\n"); rcode = EX_UNAVAILABLE; goto give_up; #endif /* DAEMON */ } else { /* flush any expired connections */ (void) mci_scan(NULL); mci = NULL; #if SMTP if (bitnset(M_LMTP, m->m_flags)) { /* try to get a cached connection */ mci = mci_get(m->m_name, m); if (mci->mci_host == NULL) mci->mci_host = m->m_name; CurHostName = mci->mci_host; if (mci->mci_state != MCIS_CLOSED) { message("Using cached LMTP connection for %s...", m->m_name); mci->mci_deliveries++; goto do_transfer; } } #endif /* SMTP */ /* announce the connection to verbose listeners */ if (host == NULL || host[0] == '\0') message("Connecting to %s...", m->m_name); else message("Connecting to %s via %s...", host, m->m_name); if (TrafficLogFile != NULL) { char **av; fprintf(TrafficLogFile, "%05d === EXEC", (int) getpid()); for (av = pv; *av != NULL; av++) fprintf(TrafficLogFile, " %s", *av); fprintf(TrafficLogFile, "\n"); } #if XDEBUG checkfd012("before creating mail pipe"); #endif /* XDEBUG */ /* create a pipe to shove the mail through */ if (pipe(mpvect) < 0) { syserr("%s... openmailer(%s): pipe (to mailer)", shortenstring(e->e_to, MAXSHORTSTR), m->m_name); if (tTd(11, 1)) dprintf("openmailer: NULL\n"); rcode = EX_OSERR; goto give_up; } #if XDEBUG /* make sure we didn't get one of the standard I/O files */ if (mpvect[0] < 3 || mpvect[1] < 3) { syserr("%s... openmailer(%s): bogus mpvect %d %d", shortenstring(e->e_to, MAXSHORTSTR), m->m_name, mpvect[0], mpvect[1]); printopenfds(TRUE); if (tTd(11, 1)) dprintf("openmailer: NULL\n"); rcode = EX_OSERR; goto give_up; } /* make sure system call isn't dead meat */ checkfdopen(mpvect[0], "mpvect[0]"); checkfdopen(mpvect[1], "mpvect[1]"); if (mpvect[0] == mpvect[1] || (e->e_lockfp != NULL && (mpvect[0] == fileno(e->e_lockfp) || mpvect[1] == fileno(e->e_lockfp)))) { if (e->e_lockfp == NULL) syserr("%s... openmailer(%s): overlapping mpvect %d %d", shortenstring(e->e_to, MAXSHORTSTR), m->m_name, mpvect[0], mpvect[1]); else syserr("%s... openmailer(%s): overlapping mpvect %d %d, lockfp = %d", shortenstring(e->e_to, MAXSHORTSTR), m->m_name, mpvect[0], mpvect[1], fileno(e->e_lockfp)); } #endif /* XDEBUG */ /* create a return pipe */ if (pipe(rpvect) < 0) { syserr("%s... openmailer(%s): pipe (from mailer)", shortenstring(e->e_to, MAXSHORTSTR), m->m_name); (void) close(mpvect[0]); (void) close(mpvect[1]); if (tTd(11, 1)) dprintf("openmailer: NULL\n"); rcode = EX_OSERR; goto give_up; } #if XDEBUG checkfdopen(rpvect[0], "rpvect[0]"); checkfdopen(rpvect[1], "rpvect[1]"); #endif /* XDEBUG */ /* ** Actually fork the mailer process. ** DOFORK is clever about retrying. ** ** Dispose of SIGCHLD signal catchers that may be laying ** around so that endmailer will get it. */ if (e->e_xfp != NULL) (void) fflush(e->e_xfp); /* for debugging */ (void) fflush(stdout); (void) setsignal(SIGCHLD, SIG_DFL); DOFORK(FORK); /* pid is set by DOFORK */ if (pid < 0) { /* failure */ syserr("%s... openmailer(%s): cannot fork", shortenstring(e->e_to, MAXSHORTSTR), m->m_name); (void) close(mpvect[0]); (void) close(mpvect[1]); (void) close(rpvect[0]); (void) close(rpvect[1]); if (tTd(11, 1)) dprintf("openmailer: NULL\n"); rcode = EX_OSERR; goto give_up; } else if (pid == 0) { int i; int save_errno; int new_euid = NO_UID; int new_ruid = NO_UID; int new_gid = NO_GID; struct stat stb; extern int DtableSize; if (e->e_lockfp != NULL) (void) close(fileno(e->e_lockfp)); /* child -- set up input & exec mailer */ (void) setsignal(SIGINT, SIG_IGN); (void) setsignal(SIGHUP, SIG_IGN); (void) setsignal(SIGTERM, SIG_DFL); if (m != FileMailer || stat(tochain->q_user, &stb) < 0) stb.st_mode = 0; # if HASSETUSERCONTEXT /* ** Set user resources. */ if (contextaddr != NULL) { struct passwd *pwd; if (contextaddr->q_ruser != NULL) pwd = sm_getpwnam(contextaddr->q_ruser); else pwd = sm_getpwnam(contextaddr->q_user); if (pwd != NULL) (void) setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETRESOURCES|LOGIN_SETPRIORITY); } # endif /* HASSETUSERCONTEXT */ /* tweak niceness */ if (m->m_nice != 0) (void) nice(m->m_nice); /* reset group id */ if (bitnset(M_SPECIFIC_UID, m->m_flags)) new_gid = m->m_gid; else if (bitset(S_ISGID, stb.st_mode)) new_gid = stb.st_gid; else if (ctladdr != NULL && ctladdr->q_gid != 0) { if (!DontInitGroups) { char *u = ctladdr->q_ruser; if (u == NULL) u = ctladdr->q_user; if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn) { syserr("openmailer: initgroups(%s, %d) failed", u, ctladdr->q_gid); exit(EX_TEMPFAIL); } } else { GIDSET_T gidset[1]; gidset[0] = ctladdr->q_gid; if (setgroups(1, gidset) == -1 && suidwarn) { syserr("openmailer: setgroups() failed"); exit(EX_TEMPFAIL); } } new_gid = ctladdr->q_gid; } else { if (!DontInitGroups) { if (initgroups(DefUser, DefGid) == -1 && suidwarn) { syserr("openmailer: initgroups(%s, %d) failed", DefUser, DefGid); exit(EX_TEMPFAIL); } } else { GIDSET_T gidset[1]; gidset[0] = DefGid; if (setgroups(1, gidset) == -1 && suidwarn) { syserr("openmailer: setgroups() failed"); exit(EX_TEMPFAIL); } } if (m->m_gid == 0) new_gid = DefGid; else new_gid = m->m_gid; } if (new_gid != NO_GID) { if (RunAsUid != 0 && bitnset(M_SPECIFIC_UID, m->m_flags) && new_gid != getgid() && new_gid != getegid()) { /* Only root can change the gid */ syserr("openmailer: insufficient privileges to change gid"); exit(EX_TEMPFAIL); } if (setgid(new_gid) < 0 && suidwarn) { syserr("openmailer: setgid(%ld) failed", (long) new_gid); exit(EX_TEMPFAIL); } } /* change root to some "safe" directory */ if (m->m_rootdir != NULL) { expand(m->m_rootdir, buf, sizeof buf, e); if (tTd(11, 20)) dprintf("openmailer: chroot %s\n", buf); if (chroot(buf) < 0) { syserr("openmailer: Cannot chroot(%s)", buf); exit(EX_TEMPFAIL); } if (chdir("/") < 0) { syserr("openmailer: cannot chdir(/)"); exit(EX_TEMPFAIL); } } /* reset user id */ endpwent(); if (bitnset(M_SPECIFIC_UID, m->m_flags)) new_euid = m->m_uid; else if (bitset(S_ISUID, stb.st_mode)) new_ruid = stb.st_uid; else if (ctladdr != NULL && ctladdr->q_uid != 0) new_ruid = ctladdr->q_uid; else if (m->m_uid != 0) new_ruid = m->m_uid; else new_ruid = DefUid; if (new_euid != NO_UID) { if (RunAsUid != 0 && new_euid != RunAsUid) { /* Only root can change the uid */ syserr("openmailer: insufficient privileges to change uid"); exit(EX_TEMPFAIL); } vendor_set_uid(new_euid); # if MAILER_SETUID_METHOD == USE_SETEUID if (seteuid(new_euid) < 0 && suidwarn) { syserr("openmailer: seteuid(%ld) failed", (long) new_euid); exit(EX_TEMPFAIL); } # endif /* MAILER_SETUID_METHOD == USE_SETEUID */ # if MAILER_SETUID_METHOD == USE_SETREUID if (setreuid(new_ruid, new_euid) < 0 && suidwarn) { syserr("openmailer: setreuid(%ld, %ld) failed", (long) new_ruid, (long) new_euid); exit(EX_TEMPFAIL); } # endif /* MAILER_SETUID_METHOD == USE_SETREUID */ # if MAILER_SETUID_METHOD == USE_SETUID if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn) { syserr("openmailer: setuid(%ld) failed", (long) new_euid); exit(EX_TEMPFAIL); } # endif /* MAILER_SETUID_METHOD == USE_SETUID */ } else if (new_ruid != NO_UID) { vendor_set_uid(new_ruid); if (setuid(new_ruid) < 0 && suidwarn) { syserr("openmailer: setuid(%ld) failed", (long) new_ruid); exit(EX_TEMPFAIL); } } if (tTd(11, 2)) dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n", (int) getuid(), (int) geteuid(), (int) getgid(), (int) getegid()); /* move into some "safe" directory */ if (m->m_execdir != NULL) { char *q; for (p = m->m_execdir; p != NULL; p = q) { q = strchr(p, ':'); if (q != NULL) *q = '\0'; expand(p, buf, sizeof buf, e); if (q != NULL) *q++ = ':'; if (tTd(11, 20)) dprintf("openmailer: trydir %s\n", buf); if (buf[0] != '\0' && chdir(buf) >= 0) break; } } /* arrange to filter std & diag output of command */ (void) close(rpvect[0]); if (dup2(rpvect[1], STDOUT_FILENO) < 0) { syserr("%s... openmailer(%s): cannot dup pipe %d for stdout", shortenstring(e->e_to, MAXSHORTSTR), m->m_name, rpvect[1]); _exit(EX_OSERR); } (void) close(rpvect[1]); if (dup2(STDOUT_FILENO, STDERR_FILENO) < 0) { syserr("%s... openmailer(%s): cannot dup stdout for stderr", shortenstring(e->e_to, MAXSHORTSTR), m->m_name); _exit(EX_OSERR); } /* arrange to get standard input */ (void) close(mpvect[1]); if (dup2(mpvect[0], STDIN_FILENO) < 0) { syserr("%s... openmailer(%s): cannot dup pipe %d for stdin", shortenstring(e->e_to, MAXSHORTSTR), m->m_name, mpvect[0]); _exit(EX_OSERR); } (void) close(mpvect[0]); /* arrange for all the files to be closed */ for (i = 3; i < DtableSize; i++) { register int j; if ((j = fcntl(i, F_GETFD, 0)) != -1) (void) fcntl(i, F_SETFD, j | FD_CLOEXEC); } /* run disconnected from terminal */ (void) setsid(); /* try to execute the mailer */ (void) execve(m->m_mailer, (ARGV_T) pv, (ARGV_T) UserEnviron); save_errno = errno; syserr("Cannot exec %s", m->m_mailer); if (bitnset(M_LOCALMAILER, m->m_flags) || transienterror(save_errno)) _exit(EX_OSERR); _exit(EX_UNAVAILABLE); } /* ** Set up return value. */ if (mci == NULL) { mci = (MCI *) xalloc(sizeof *mci); memset((char *) mci, '\0', sizeof *mci); } mci->mci_mailer = m; if (clever) { mci->mci_state = MCIS_OPENING; mci_cache(mci); } else { mci->mci_state = MCIS_OPEN; } mci->mci_pid = pid; (void) close(mpvect[0]); mci->mci_out = fdopen(mpvect[1], "w"); if (mci->mci_out == NULL) { syserr("deliver: cannot create mailer output channel, fd=%d", mpvect[1]); (void) close(mpvect[1]); (void) close(rpvect[0]); (void) close(rpvect[1]); rcode = EX_OSERR; goto give_up; } (void) close(rpvect[1]); mci->mci_in = fdopen(rpvect[0], "r"); if (mci->mci_in == NULL) { syserr("deliver: cannot create mailer input channel, fd=%d", mpvect[1]); (void) close(rpvect[0]); (void) fclose(mci->mci_out); mci->mci_out = NULL; rcode = EX_OSERR; goto give_up; } /* Don't cache non-clever connections */ if (!clever) mci->mci_flags |= MCIF_TEMP; } /* ** If we are in SMTP opening state, send initial protocol. */ if (bitnset(M_7BITS, m->m_flags) && (!clever || mci->mci_state == MCIS_OPENING)) mci->mci_flags |= MCIF_7BIT; #if SMTP if (clever && mci->mci_state != MCIS_CLOSED) { - static u_short again; # if SASL && SFIO -# define DONE_TLS_B 0x01 -# define DONE_TLS bitset(DONE_TLS_B, again) +# define DONE_AUTH(f) bitset(MCIF_AUTHACT, f) # endif /* SASL && SFIO */ # if STARTTLS -# define DONE_STARTTLS_B 0x02 -# define DONE_STARTTLS bitset(DONE_STARTTLS_B, again) +# define DONE_STARTTLS(f) bitset(MCIF_TLSACT, f) # endif /* STARTTLS */ -# define ONLY_HELO_B 0x04 -# define ONLY_HELO bitset(ONLY_HELO_B, again) -# define SET_HELO again |= ONLY_HELO_B -# define CLR_HELO again &= ~ONLY_HELO_B +# define ONLY_HELO(f) bitset(MCIF_ONLY_EHLO, f) +# define SET_HELO(f) f |= MCIF_ONLY_EHLO +# define CLR_HELO(f) f &= ~MCIF_ONLY_EHLO - again = 0; + # if STARTTLS || (SASL && SFIO) reconnect: /* after switching to an authenticated connection */ # endif /* STARTTLS || (SASL && SFIO) */ # if SASL mci->mci_saslcap = NULL; # endif /* SASL */ - smtpinit(m, mci, e, ONLY_HELO); - CLR_HELO; + smtpinit(m, mci, e, ONLY_HELO(mci->mci_flags)); + CLR_HELO(mci->mci_flags); # if STARTTLS /* first TLS then AUTH to provide a security layer */ - if (mci->mci_state != MCIS_CLOSED && !DONE_STARTTLS) + if (mci->mci_state != MCIS_CLOSED && + !DONE_STARTTLS(mci->mci_flags)) { int olderrors; bool hasdot; bool usetls; bool saveQuickAbort = QuickAbort; bool saveSuprErrs = SuprErrs; + char *host = NULL; # if _FFR_TLS_CLT1 char *p; # endif /* _FFR_TLS_CLT1 */ extern SOCKADDR CurHostAddr; rcode = EX_OK; usetls = bitset(MCIF_TLS, mci->mci_flags); # if _FFR_TLS_CLT1 if (usetls && (p = macvalue(macid("{client_flags}", NULL), e)) != NULL) { for (; *p != '\0'; p++) { /* look for just this one flag */ if (*p == D_CLTNOTLS) { usetls = FALSE; break; } } } # endif /* _FFR_TLS_CLT1 */ hasdot = CurHostName[strlen(CurHostName) - 1] == '.'; if (hasdot) CurHostName[strlen(CurHostName) - 1] = '\0'; define(macid("{server_name}", NULL), newstr(CurHostName), e); if (CurHostAddr.sa.sa_family != 0) define(macid("{server_addr}", NULL), newstr(anynet_ntoa(&CurHostAddr)), e); else define(macid("{server_addr}", NULL), NULL, e); -# if _FFR_TLS_O_T if (usetls) { + host = macvalue(macid("{server_name}", NULL), + e); +# if _FFR_TLS_O_T olderrors = Errors; QuickAbort = FALSE; SuprErrs = TRUE; if (rscheck("try_tls", CurHostName, NULL, - e, TRUE, FALSE, 8) != EX_OK + e, TRUE, FALSE, 8, host) != EX_OK || Errors > olderrors) usetls = FALSE; SuprErrs = saveSuprErrs; QuickAbort = saveQuickAbort; - } # endif /* _FFR_TLS_O_T */ + } /* undo change of CurHostName */ if (hasdot) CurHostName[strlen(CurHostName)] = '.'; if (usetls) { if ((rcode = starttls(m, mci, e)) == EX_OK) { /* start again without STARTTLS */ - again |= DONE_STARTTLS_B; mci->mci_flags |= MCIF_TLSACT; } else { char *s; /* ** TLS negotation failed, what to do? ** fall back to unencrypted connection ** or abort? How to decide? ** set a macro and call a ruleset. */ mci->mci_flags &= ~MCIF_TLS; switch (rcode) { case EX_TEMPFAIL: s = "TEMP"; break; case EX_USAGE: s = "USAGE"; break; case EX_PROTOCOL: s = "PROTOCOL"; break; case EX_SOFTWARE: s = "SOFTWARE"; break; /* everything else is a failure */ default: s = "FAILURE"; rcode = EX_TEMPFAIL; } define(macid("{verify}", NULL), newstr(s), e); } } + else if (mci->mci_ssl != NULL) + { + /* active TLS connection, use that data */ + (void) tls_get_info(mci->mci_ssl, e, FALSE, + mci->mci_host, FALSE); + } else define(macid("{verify}", NULL), "NONE", e); olderrors = Errors; QuickAbort = FALSE; SuprErrs = TRUE; /* ** rcode == EX_SOFTWARE is special: ** the TLS negotation failed ** we have to drop the connection no matter what ** However, we call tls_server to give it the chance ** to log the problem and return an appropriate ** error code. */ if (rscheck("tls_server", macvalue(macid("{verify}", NULL), e), - NULL, e, TRUE, TRUE, 6) != EX_OK || + NULL, e, TRUE, TRUE, 6, host) != EX_OK || Errors > olderrors || rcode == EX_SOFTWARE) { char enhsc[ENHSCLEN]; extern char MsgBuf[]; if (ISSMTPCODE(MsgBuf) && extenhsc(MsgBuf + 4, ' ', enhsc) > 0) { p = newstr(MsgBuf); } else { p = "403 4.7.0 server not authenticated."; (void) strlcpy(enhsc, "4.7.0", sizeof enhsc); } SuprErrs = saveSuprErrs; QuickAbort = saveQuickAbort; if (rcode == EX_SOFTWARE) { /* drop the connection */ mci->mci_state = MCIS_QUITING; if (mci->mci_in != NULL) { (void) fclose(mci->mci_in); mci->mci_in = NULL; } mci->mci_flags &= ~MCIF_TLSACT; (void) endmailer(mci, e, pv); } else { /* abort transfer */ smtpquit(m, mci, e); } + /* avoid bogus error msg */ + mci->mci_errno = 0; + /* temp or permanent failure? */ rcode = (*p == '4') ? EX_TEMPFAIL : EX_UNAVAILABLE; mci_setstat(mci, rcode, newstr(enhsc), p); /* ** hack to get the error message into ** the envelope (done in giveresponse()) */ (void) strlcpy(SmtpError, p, sizeof SmtpError); } QuickAbort = saveQuickAbort; SuprErrs = saveSuprErrs; - if (DONE_STARTTLS && mci->mci_state != MCIS_CLOSED) + if (DONE_STARTTLS(mci->mci_flags) && + mci->mci_state != MCIS_CLOSED) { - SET_HELO; + SET_HELO(mci->mci_flags); mci->mci_flags &= ~MCIF_EXTENS; goto reconnect; } } + else if (mci->mci_ssl != NULL) + { + /* active TLS connection, use that data */ + (void) tls_get_info(mci->mci_ssl, e, FALSE, + mci->mci_host, FALSE); + } # endif /* STARTTLS */ # if SASL /* if other server supports authentication let's authenticate */ if (mci->mci_state != MCIS_CLOSED && mci->mci_saslcap != NULL && # if SFIO - !DONE_TLS && + !DONE_AUTH(mci->mci_flags) && # endif /* SFIO */ SASLInfo != NULL) { /* ** should we require some minimum authentication? ** XXX ignore result? */ if (smtpauth(m, mci, e) == EX_OK) { # if SFIO int result; sasl_ssf_t *ssf; /* get security strength (features) */ result = sasl_getprop(mci->mci_conn, SASL_SSF, (void **) &ssf); if (LogLevel > 9) sm_syslog(LOG_INFO, NOQID, "SASL: outgoing connection to %.64s: mech=%.16s, bits=%d", mci->mci_host, macvalue(macid("{auth_type}", NULL), e), *ssf); /* ** only switch to encrypted connection ** if a security layer has been negotiated */ if (result == SASL_OK && *ssf > 0) { /* ** convert sfio stuff to use SASL ** check return values ** if the call fails, ** fall back to unencrypted version ** unless some cf option requires ** encryption then the connection must ** be aborted */ if (sfdcsasl(mci->mci_in, mci->mci_out, mci->mci_conn) == 0) { - again |= DONE_TLS_B; - SET_HELO; + SET_HELO(mci->mci_flags); mci->mci_flags &= ~MCIF_EXTENS; mci->mci_flags |= MCIF_AUTHACT; goto reconnect; } syserr("SASL TLS switch failed in client"); } /* else? XXX */ # endif /* SFIO */ mci->mci_flags |= MCIF_AUTHACT; } } # endif /* SASL */ } #endif /* SMTP */ do_transfer: /* clear out per-message flags from connection structure */ mci->mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); if (bitset(EF_HAS8BIT, e->e_flags) && !bitset(EF_DONT_MIME, e->e_flags) && bitnset(M_7BITS, m->m_flags)) mci->mci_flags |= MCIF_CVT8TO7; #if MIME7TO8 if (bitnset(M_MAKE8BIT, m->m_flags) && !bitset(MCIF_7BIT, mci->mci_flags) && (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && (strcasecmp(p, "quoted-printable") == 0 || strcasecmp(p, "base64") == 0) && (p = hvalue("Content-Type", e->e_header)) != NULL) { /* may want to convert 7 -> 8 */ /* XXX should really parse it here -- and use a class XXX */ if (strncasecmp(p, "text/plain", 10) == 0 && (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) mci->mci_flags |= MCIF_CVT7TO8; } #endif /* MIME7TO8 */ if (tTd(11, 1)) { dprintf("openmailer: "); mci_dump(mci, FALSE); } if (mci->mci_state != MCIS_OPEN) { /* couldn't open the mailer */ rcode = mci->mci_exitstat; errno = mci->mci_errno; #if NAMED_BIND h_errno = mci->mci_herrno; #endif /* NAMED_BIND */ if (rcode == EX_OK) { /* shouldn't happen */ syserr("554 5.3.5 deliver: mci=%lx rcode=%d errno=%d state=%d sig=%s", (u_long) mci, rcode, errno, mci->mci_state, firstsig); mci_dump_all(TRUE); rcode = EX_SOFTWARE; } #if DAEMON else if (nummxhosts > hostnum) { /* try next MX site */ goto tryhost; } #endif /* DAEMON */ } else if (!clever) { /* ** Format and send message. */ putfromline(mci, e); (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER); (*e->e_putbody)(mci, e, NULL); /* get the exit status */ rcode = endmailer(mci, e, pv); } else #if SMTP { /* ** Send the MAIL FROM: protocol */ rcode = smtpmailfrom(m, mci, e); if (rcode == EX_OK) { register char *t = tobuf; register int i; /* send the recipient list */ tobuf[0] = '\0'; for (to = tochain; to != NULL; to = to->q_tchain) { e->e_to = to->q_paddr; #if !_FFR_DYNAMIC_TOBUF if (strlen(to->q_paddr) + (t - tobuf) + 2 > sizeof tobuf) { /* not enough room */ continue; } #endif /* !_FFR_DYNAMIC_TOBUF */ # if STARTTLS # if _FFR_TLS_RCPT i = rscheck("tls_rcpt", to->q_user, NULL, e, - TRUE, TRUE, 4); + TRUE, TRUE, 4, mci->mci_host); if (i != EX_OK) { + /* avoid bogus error msg */ + errno = 0; markfailure(e, to, mci, i, FALSE); giveresponse(i, to->q_status, m, mci, ctladdr, xstart, e); continue; } # endif /* _FFR_TLS_RCPT */ # endif /* STARTTLS */ if ((i = smtprcpt(to, m, mci, e)) != EX_OK) { markfailure(e, to, mci, i, FALSE); giveresponse(i, to->q_status, m, mci, ctladdr, xstart, e); } else { *t++ = ','; for (p = to->q_paddr; *p; *t++ = *p++) continue; *t = '\0'; } } /* now send the data */ if (tobuf[0] == '\0') { rcode = EX_OK; e->e_to = NULL; if (bitset(MCIF_CACHED, mci->mci_flags)) smtprset(m, mci, e); } else { e->e_to = tobuf + 1; rcode = smtpdata(m, mci, e); } } # if DAEMON if (rcode == EX_TEMPFAIL && nummxhosts > hostnum) { /* try next MX site */ goto tryhost; } # endif /* DAEMON */ } #else /* SMTP */ { syserr("554 5.3.5 deliver: need SMTP compiled to use clever mailer"); rcode = EX_CONFIG; goto give_up; } #endif /* SMTP */ #if NAMED_BIND if (ConfigLevel < 2) _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ #endif /* NAMED_BIND */ if (tTd(62, 1)) checkfds("after delivery"); /* ** Do final status disposal. ** We check for something in tobuf for the SMTP case. ** If we got a temporary failure, arrange to queue the ** addressees. */ give_up: #if SMTP if (bitnset(M_LMTP, m->m_flags)) { lmtp_rcode = rcode; tobuf[0] = '\0'; anyok = FALSE; } else #endif /* SMTP */ anyok = rcode == EX_OK; for (to = tochain; to != NULL; to = to->q_tchain) { /* see if address already marked */ if (!QS_IS_OK(to->q_state)) continue; #if SMTP /* if running LMTP, get the status for each address */ if (bitnset(M_LMTP, m->m_flags)) { if (lmtp_rcode == EX_OK) rcode = smtpgetstat(m, mci, e); if (rcode == EX_OK) { #if _FFR_DYNAMIC_TOBUF (void) strlcat(tobuf, ",", tobufsize); (void) strlcat(tobuf, to->q_paddr, tobufsize); #else /* _FFR_DYNAMIC_TOBUF */ if (strlen(to->q_paddr) + strlen(tobuf) + 2 > sizeof tobuf) { syserr("LMTP tobuf overflow"); } else { (void) strlcat(tobuf, ",", sizeof tobuf); (void) strlcat(tobuf, to->q_paddr, sizeof tobuf); } #endif /* _FFR_DYNAMIC_TOBUF */ anyok = TRUE; } else { e->e_to = to->q_paddr; markfailure(e, to, mci, rcode, TRUE); giveresponse(rcode, to->q_status, m, mci, ctladdr, xstart, e); e->e_to = tobuf + 1; continue; } } else #endif /* SMTP */ { /* mark bad addresses */ if (rcode != EX_OK) { if (goodmxfound && rcode == EX_NOHOST) rcode = EX_TEMPFAIL; markfailure(e, to, mci, rcode, TRUE); continue; } } /* successful delivery */ to->q_state = QS_SENT; to->q_statdate = curtime(); e->e_nsent++; #if QUEUE /* ** Checkpoint the send list every few addresses */ if (CheckpointInterval > 0 && e->e_nsent >= CheckpointInterval) { queueup(e, FALSE); e->e_nsent = 0; } #endif /* QUEUE */ if (bitnset(M_LOCALMAILER, m->m_flags) && bitset(QPINGONSUCCESS, to->q_flags)) { to->q_flags |= QDELIVERED; to->q_status = "2.1.5"; fprintf(e->e_xfp, "%s... Successfully delivered\n", to->q_paddr); } else if (bitset(QPINGONSUCCESS, to->q_flags) && bitset(QPRIMARY, to->q_flags) && !bitset(MCIF_DSN, mci->mci_flags)) { to->q_flags |= QRELAYED; fprintf(e->e_xfp, "%s... relayed; expect no further notifications\n", to->q_paddr); } } #if SMTP if (bitnset(M_LMTP, m->m_flags)) { /* ** Global information applies to the last recipient only; ** clear it out to avoid bogus errors. */ rcode = EX_OK; e->e_statmsg = NULL; /* reset the mci state for the next transaction */ if (mci != NULL && mci->mci_state == MCIS_ACTIVE) mci->mci_state = MCIS_OPEN; } #endif /* SMTP */ if (tobuf[0] != '\0') giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e); if (anyok) markstats(e, tochain, FALSE); mci_store_persistent(mci); #if SMTP /* now close the connection */ if (clever && mci != NULL && mci->mci_state != MCIS_CLOSED && !bitset(MCIF_CACHED, mci->mci_flags)) smtpquit(m, mci, e); #endif /* SMTP */ /* ** Restore state and return. */ #if XDEBUG { char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)", e->e_to == NULL ? "NO-TO-LIST" : shortenstring(e->e_to, MAXSHORTSTR), m->m_name); checkfd012(wbuf); } #endif /* XDEBUG */ errno = 0; define('g', (char *) NULL, e); e->e_to = NULL; return rcode; } /* ** MARKFAILURE -- mark a failure on a specific address. ** ** Parameters: ** e -- the envelope we are sending. ** q -- the address to mark. ** mci -- mailer connection information. ** rcode -- the code signifying the particular failure. ** ovr -- override an existing code? ** ** Returns: ** none. ** ** Side Effects: ** marks the address (and possibly the envelope) with the ** failure so that an error will be returned or ** the message will be queued, as appropriate. */ static void markfailure(e, q, mci, rcode, ovr) register ENVELOPE *e; register ADDRESS *q; register MCI *mci; int rcode; bool ovr; { char *status = NULL; char *rstatus = NULL; switch (rcode) { case EX_OK: break; case EX_TEMPFAIL: case EX_IOERR: case EX_OSERR: q->q_state = QS_QUEUEUP; break; default: q->q_state = QS_BADADDR; break; } /* find most specific error code possible */ if (mci != NULL && mci->mci_status != NULL) { status = mci->mci_status; if (mci->mci_rstatus != NULL) rstatus = newstr(mci->mci_rstatus); else rstatus = NULL; } else if (e->e_status != NULL) { status = e->e_status; rstatus = NULL; } else { switch (rcode) { case EX_USAGE: status = "5.5.4"; break; case EX_DATAERR: status = "5.5.2"; break; case EX_NOUSER: status = "5.1.1"; break; case EX_NOHOST: status = "5.1.2"; break; case EX_NOINPUT: case EX_CANTCREAT: case EX_NOPERM: status = "5.3.0"; break; case EX_UNAVAILABLE: case EX_SOFTWARE: case EX_OSFILE: case EX_PROTOCOL: case EX_CONFIG: status = "5.5.0"; break; case EX_OSERR: case EX_IOERR: status = "4.5.0"; break; case EX_TEMPFAIL: status = "4.2.0"; break; } } /* new status? */ if (status != NULL && *status != '\0' && (ovr || q->q_status == NULL || *q->q_status == '\0' || *q->q_status < *status)) { q->q_status = status; q->q_rstatus = rstatus; } if (rcode != EX_OK && q->q_rstatus == NULL && q->q_mailer != NULL && q->q_mailer->m_diagtype != NULL && strcasecmp(q->q_mailer->m_diagtype, "X-UNIX") == 0) { char buf[16]; (void) snprintf(buf, sizeof buf, "%d", rcode); q->q_rstatus = newstr(buf); } q->q_statdate = curtime(); if (CurHostName != NULL && CurHostName[0] != '\0' && mci != NULL && !bitset(M_LOCALMAILER, mci->mci_flags)) q->q_statmta = newstr(CurHostName); } /* ** ENDMAILER -- Wait for mailer to terminate. ** ** We should never get fatal errors (e.g., segmentation ** violation), so we report those specially. For other ** errors, we choose a status message (into statmsg), ** and if it represents an error, we print it. ** ** Parameters: ** pid -- pid of mailer. ** e -- the current envelope. ** pv -- the parameter vector that invoked the mailer ** (for error messages). ** ** Returns: ** exit code of mailer. ** ** Side Effects: ** none. */ static jmp_buf EndWaitTimeout; static void endwaittimeout() { errno = ETIMEDOUT; longjmp(EndWaitTimeout, 1); } int endmailer(mci, e, pv) register MCI *mci; register ENVELOPE *e; char **pv; { int st; int save_errno = errno; char buf[MAXLINE]; EVENT *ev = NULL; mci_unlock_host(mci); #if SASL /* shutdown SASL */ if (bitset(MCIF_AUTHACT, mci->mci_flags)) { sasl_dispose(&mci->mci_conn); mci->mci_flags &= ~MCIF_AUTHACT; } #endif /* SASL */ #if STARTTLS /* shutdown TLS */ (void) endtlsclt(mci); #endif /* STARTTLS */ /* close output to mailer */ if (mci->mci_out != NULL) (void) fclose(mci->mci_out); /* copy any remaining input to transcript */ if (mci->mci_in != NULL && mci->mci_state != MCIS_ERROR && e->e_xfp != NULL) { while (sfgets(buf, sizeof buf, mci->mci_in, TimeOuts.to_quit, "Draining Input") != NULL) (void) fputs(buf, e->e_xfp); } /* now close the input */ if (mci->mci_in != NULL) (void) fclose(mci->mci_in); mci->mci_in = mci->mci_out = NULL; mci->mci_state = MCIS_CLOSED; errno = save_errno; /* in the IPC case there is nothing to wait for */ if (mci->mci_pid == 0) return EX_OK; /* put a timeout around the wait */ if (mci->mci_mailer->m_wait > 0) { if (setjmp(EndWaitTimeout) == 0) ev = setevent(mci->mci_mailer->m_wait, endwaittimeout, 0); else { syserr("endmailer %s: wait timeout (%ld)", mci->mci_mailer->m_name, (long) mci->mci_mailer->m_wait); return EX_TEMPFAIL; } } /* wait for the mailer process, collect status */ st = waitfor(mci->mci_pid); save_errno = errno; if (ev != NULL) clrevent(ev); errno = save_errno; if (st == -1) { syserr("endmailer %s: wait", mci->mci_mailer->m_name); return EX_SOFTWARE; } if (WIFEXITED(st)) { /* normal death -- return status */ return (WEXITSTATUS(st)); } /* it died a horrid death */ syserr("451 4.3.0 mailer %s died with signal %d%s", mci->mci_mailer->m_name, WTERMSIG(st), WCOREDUMP(st) ? " (core dumped)" : (WIFSTOPPED(st) ? " (stopped)" : "")); /* log the arguments */ if (pv != NULL && e->e_xfp != NULL) { register char **av; fprintf(e->e_xfp, "Arguments:"); for (av = pv; *av != NULL; av++) fprintf(e->e_xfp, " %s", *av); fprintf(e->e_xfp, "\n"); } ExitStat = EX_TEMPFAIL; return EX_TEMPFAIL; } /* ** GIVERESPONSE -- Interpret an error response from a mailer ** ** Parameters: ** status -- the status code from the mailer (high byte ** only; core dumps must have been taken care of ** already). ** dsn -- the DSN associated with the address, if any. ** m -- the mailer info for this mailer. ** mci -- the mailer connection info -- can be NULL if the ** response is given before the connection is made. ** ctladdr -- the controlling address for the recipient ** address(es). ** xstart -- the transaction start time, for computing ** transaction delays. ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** Errors may be incremented. ** ExitStat may be set. */ void giveresponse(status, dsn, m, mci, ctladdr, xstart, e) int status; char *dsn; register MAILER *m; register MCI *mci; ADDRESS *ctladdr; time_t xstart; ENVELOPE *e; { register const char *statmsg; extern char *SysExMsg[]; register int i; int errnum = errno; int off = 4; extern int N_SysEx; char dsnbuf[ENHSCLEN]; char buf[MAXLINE]; if (e == NULL) syserr("giveresponse: null envelope"); /* ** Compute status message from code. */ i = status - EX__BASE; if (status == 0) { statmsg = "250 2.0.0 Sent"; if (e->e_statmsg != NULL) { (void) snprintf(buf, sizeof buf, "%s (%s)", statmsg, shortenstring(e->e_statmsg, 403)); statmsg = buf; } } else if (i < 0 || i >= N_SysEx) { (void) snprintf(buf, sizeof buf, "554 5.3.0 unknown mailer error %d", status); status = EX_UNAVAILABLE; statmsg = buf; } else if (status == EX_TEMPFAIL) { char *bp = buf; snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1); bp += strlen(bp); #if NAMED_BIND if (h_errno == TRY_AGAIN) statmsg = errstring(h_errno+E_DNSBASE); else #endif /* NAMED_BIND */ { if (errnum != 0) statmsg = errstring(errnum); else { #if SMTP statmsg = SmtpError; #else /* SMTP */ statmsg = NULL; #endif /* SMTP */ } } if (statmsg != NULL && statmsg[0] != '\0') { switch (errnum) { #ifdef ENETDOWN case ENETDOWN: /* Network is down */ #endif /* ENETDOWN */ #ifdef ENETUNREACH case ENETUNREACH: /* Network is unreachable */ #endif /* ENETUNREACH */ #ifdef ENETRESET case ENETRESET: /* Network dropped connection on reset */ #endif /* ENETRESET */ #ifdef ECONNABORTED case ECONNABORTED: /* Software caused connection abort */ #endif /* ECONNABORTED */ #ifdef EHOSTDOWN case EHOSTDOWN: /* Host is down */ #endif /* EHOSTDOWN */ #ifdef EHOSTUNREACH case EHOSTUNREACH: /* No route to host */ #endif /* EHOSTUNREACH */ if (mci->mci_host != NULL) { snprintf(bp, SPACELEFT(buf, bp), ": %s", mci->mci_host); bp += strlen(bp); } break; } snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg); } statmsg = buf; } #if NAMED_BIND else if (status == EX_NOHOST && h_errno != 0) { statmsg = errstring(h_errno + E_DNSBASE); (void) snprintf(buf, sizeof buf, "%s (%s)", SysExMsg[i] + 1, statmsg); statmsg = buf; } #endif /* NAMED_BIND */ else { statmsg = SysExMsg[i]; if (*statmsg++ == ':' && errnum != 0) { (void) snprintf(buf, sizeof buf, "%s: %s", statmsg, errstring(errnum)); statmsg = buf; } } /* ** Print the message as appropriate */ if (status == EX_OK || status == EX_TEMPFAIL) { extern char MsgBuf[]; if ((off = isenhsc(statmsg + 4, ' ')) > 0) { if (dsn == NULL) { snprintf(dsnbuf, sizeof dsnbuf, "%.*s", off, statmsg + 4); dsn = dsnbuf; } off += 5; } else { off = 4; } message("%s", statmsg + off); if (status == EX_TEMPFAIL && e->e_xfp != NULL) fprintf(e->e_xfp, "%s\n", &MsgBuf[4]); } else { char mbuf[ENHSCLEN + 4]; Errors++; if ((off = isenhsc(statmsg + 4, ' ')) > 0 && off < sizeof mbuf - 4) { if (dsn == NULL) { snprintf(dsnbuf, sizeof dsnbuf, "%.*s", off, statmsg + 4); dsn = dsnbuf; } off += 5; (void) strlcpy(mbuf, statmsg, off); (void) strlcat(mbuf, " %s", sizeof mbuf); } else { dsnbuf[0] = '\0'; (void) snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg); off = 4; } usrerr(mbuf, &statmsg[off]); } /* ** Final cleanup. ** Log a record of the transaction. Compute the new ** ExitStat -- if we already had an error, stick with ** that. */ if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) && LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6)) logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e); if (tTd(11, 2)) dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s\n", status, dsn == NULL ? "" : dsn, e->e_message == NULL ? "" : e->e_message); if (status != EX_TEMPFAIL) setstat(status); if (status != EX_OK && (status != EX_TEMPFAIL || e->e_message == NULL)) { if (e->e_message != NULL) free(e->e_message); e->e_message = newstr(statmsg + off); } errno = 0; #if NAMED_BIND h_errno = 0; #endif /* NAMED_BIND */ } /* ** LOGDELIVERY -- log the delivery in the system log ** ** Care is taken to avoid logging lines that are too long, because ** some versions of syslog have an unfortunate proclivity for core ** dumping. This is a hack, to be sure, that is at best empirical. ** ** Parameters: ** m -- the mailer info. Can be NULL for initial queue. ** mci -- the mailer connection info -- can be NULL if the ** log is occurring when no connection is active. ** dsn -- the DSN attached to the status. ** status -- the message to print for the status. ** ctladdr -- the controlling address for the to list. ** xstart -- the transaction start time, used for ** computing transaction delay. ** e -- the current envelope. ** ** Returns: ** none ** ** Side Effects: ** none */ void logdelivery(m, mci, dsn, status, ctladdr, xstart, e) MAILER *m; register MCI *mci; char *dsn; const char *status; ADDRESS *ctladdr; time_t xstart; register ENVELOPE *e; { register char *bp; register char *p; int l; + time_t now; char buf[1024]; #if (SYSLOG_BUFSIZE) >= 256 /* ctladdr: max 106 bytes */ bp = buf; if (ctladdr != NULL) { snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s", shortenstring(ctladdr->q_paddr, 83)); bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", (int) ctladdr->q_uid, (int) ctladdr->q_gid); bp += strlen(bp); } } /* delay & xdelay: max 41 bytes */ + now = curtime(); snprintf(bp, SPACELEFT(buf, bp), ", delay=%s", - pintvl(curtime() - e->e_ctime, TRUE)); + pintvl(now - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", - pintvl(curtime() - xstart, TRUE)); + pintvl(now - xstart, TRUE)); bp += strlen(bp); } /* mailer: assume about 19 bytes (max 10 byte mailer name) */ if (m != NULL) { snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } /* pri: changes with each delivery attempt */ snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld", e->e_msgpriority); bp += strlen(bp); /* relay: max 66 bytes for IPv4 addresses */ if (mci != NULL && mci->mci_host != NULL) { # if DAEMON extern SOCKADDR CurHostAddr; # endif /* DAEMON */ snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(mci->mci_host, 40)); bp += strlen(bp); # if DAEMON if (CurHostAddr.sa.sa_family != 0) { snprintf(bp, SPACELEFT(buf, bp), " [%s]", anynet_ntoa(&CurHostAddr)); } # endif /* DAEMON */ } else if (strcmp(status, "queued") != 0) { p = macvalue('h', e); if (p != NULL && p[0] != '\0') { snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(p, 40)); } } bp += strlen(bp); /* dsn */ if (dsn != NULL && *dsn != '\0') { snprintf(bp, SPACELEFT(buf, bp), ", dsn=%s", shortenstring(dsn, ENHSCLEN)); bp += strlen(bp); } # define STATLEN (((SYSLOG_BUFSIZE) - 100) / 4) # if (STATLEN) < 63 # undef STATLEN # define STATLEN 63 # endif /* (STATLEN) < 63 */ # if (STATLEN) > 203 # undef STATLEN # define STATLEN 203 # endif /* (STATLEN) > 203 */ /* stat: max 210 bytes */ if ((bp - buf) > (sizeof buf - ((STATLEN) + 20))) { /* desperation move -- truncate data */ bp = buf + sizeof buf - ((STATLEN) + 17); (void) strlcpy(bp, "...", SPACELEFT(buf, bp)); bp += 3; } (void) strlcpy(bp, ", stat=", SPACELEFT(buf, bp)); bp += strlen(bp); (void) strlcpy(bp, shortenstring(status, STATLEN), SPACELEFT(buf, bp)); /* id, to: max 13 + TOBUFSIZE bytes */ l = SYSLOG_BUFSIZE - 100 - strlen(buf); p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; while (strlen(p) >= (SIZE_T) l) { register char *q; #if _FFR_DYNAMIC_TOBUF for (q = p + l; q > p; q--) { if (*q == ',') break; } if (p == q) break; #else /* _FFR_DYNAMIC_TOBUF */ q = strchr(p + l, ','); if (q == NULL) break; #endif /* _FFR_DYNAMIC_TOBUF */ sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]%s", (int) (++q - p), p, buf); p = q; } #if _FFR_DYNAMIC_TOBUF sm_syslog(LOG_INFO, e->e_id, "to=%.*s%s", l, p, buf); #else /* _FFR_DYNAMIC_TOBUF */ sm_syslog(LOG_INFO, e->e_id, "to=%s%s", p, buf); #endif /* _FFR_DYNAMIC_TOBUF */ #else /* (SYSLOG_BUFSIZE) >= 256 */ l = SYSLOG_BUFSIZE - 85; p = e->e_to == NULL ? "NO-TO-LIST" : e->e_to; while (strlen(p) >= (SIZE_T) l) { register char *q; #if _FFR_DYNAMIC_TOBUF for (q = p + l; q > p; q--) { if (*q == ',') break; } if (p == q) break; #else /* _FFR_DYNAMIC_TOBUF */ q = strchr(p + l, ','); if (q == NULL) break; #endif /* _FFR_DYNAMIC_TOBUF */ sm_syslog(LOG_INFO, e->e_id, "to=%.*s [more]", (int) (++q - p), p); p = q; } #if _FFR_DYNAMIC_TOBUF sm_syslog(LOG_INFO, e->e_id, "to=%.*s", l, p); #else /* _FFR_DYNAMIC_TOBUF */ sm_syslog(LOG_INFO, e->e_id, "to=%s", p); #endif /* _FFR_DYNAMIC_TOBUF */ if (ctladdr != NULL) { bp = buf; snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s", shortenstring(ctladdr->q_paddr, 83)); bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", ctladdr->q_uid, ctladdr->q_gid); bp += strlen(bp); } sm_syslog(LOG_INFO, e->e_id, "%s", buf); } bp = buf; snprintf(bp, SPACELEFT(buf, bp), "delay=%s", - pintvl(curtime() - e->e_ctime, TRUE)); + pintvl(now - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", - pintvl(curtime() - xstart, TRUE)); + pintvl(now - xstart, TRUE)); bp += strlen(bp); } if (m != NULL) { snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); buf[0] = '\0'; bp = buf; if (mci != NULL && mci->mci_host != NULL) { # if DAEMON extern SOCKADDR CurHostAddr; # endif /* DAEMON */ snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host); bp += strlen(bp); # if DAEMON if (CurHostAddr.sa.sa_family != 0) snprintf(bp, SPACELEFT(buf, bp), " [%.100s]", anynet_ntoa(&CurHostAddr)); # endif /* DAEMON */ } else if (strcmp(status, "queued") != 0) { p = macvalue('h', e); if (p != NULL && p[0] != '\0') snprintf(buf, sizeof buf, "relay=%.100s", p); } if (buf[0] != '\0') sm_syslog(LOG_INFO, e->e_id, "%.1000s", buf); sm_syslog(LOG_INFO, e->e_id, "stat=%s", shortenstring(status, 63)); #endif /* (SYSLOG_BUFSIZE) >= 256 */ } /* ** PUTFROMLINE -- output a UNIX-style from line (or whatever) ** ** This can be made an arbitrary message separator by changing $l ** ** One of the ugliest hacks seen by human eyes is contained herein: ** UUCP wants those stupid "remote from " lines. Why oh why ** does a well-meaning programmer such as myself have to deal with ** this kind of antique garbage???? ** ** Parameters: ** mci -- the connection information. ** e -- the envelope. ** ** Returns: ** none ** ** Side Effects: ** outputs some text to fp. */ void putfromline(mci, e) register MCI *mci; ENVELOPE *e; { char *template = UnixFromLine; char buf[MAXLINE]; char xbuf[MAXLINE]; if (bitnset(M_NHDR, mci->mci_mailer->m_flags)) return; mci->mci_flags |= MCIF_INHEADER; if (bitnset(M_UGLYUUCP, mci->mci_mailer->m_flags)) { char *bang; expand("\201g", buf, sizeof buf, e); bang = strchr(buf, '!'); if (bang == NULL) { char *at; char hname[MAXNAME]; /* ** If we can construct a UUCP path, do so */ at = strrchr(buf, '@'); if (at == NULL) { expand("\201k", hname, sizeof hname, e); at = hname; } else *at++ = '\0'; (void) snprintf(xbuf, sizeof xbuf, "From %.800s \201d remote from %.100s\n", buf, at); } else { *bang++ = '\0'; (void) snprintf(xbuf, sizeof xbuf, "From %.800s \201d remote from %.100s\n", bang, buf); template = xbuf; } } expand(template, buf, sizeof buf, e); putxline(buf, strlen(buf), mci, PXLF_HEADER); } /* ** PUTBODY -- put the body of a message. ** ** Parameters: ** mci -- the connection information. ** e -- the envelope to put out. ** separator -- if non-NULL, a message separator that must ** not be permitted in the resulting message. ** ** Returns: ** none. ** ** Side Effects: ** The message is written onto fp. */ /* values for output state variable */ #define OS_HEAD 0 /* at beginning of line */ #define OS_CR 1 /* read a carriage return */ #define OS_INLINE 2 /* putting rest of line */ void putbody(mci, e, separator) register MCI *mci; register ENVELOPE *e; char *separator; { bool dead = FALSE; char buf[MAXLINE]; char *boundaries[MAXMIMENESTING + 1]; /* ** Output the body of the message */ if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) { char *df = queuename(e, 'd'); e->e_dfp = fopen(df, "r"); if (e->e_dfp == NULL) { char *msg = "!putbody: Cannot open %s for %s from %s"; if (errno == ENOENT) msg++; syserr(msg, df, e->e_to, e->e_from.q_paddr); } } if (e->e_dfp == NULL) { if (bitset(MCIF_INHEADER, mci->mci_flags)) { putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; } putline("<<< No Message Collected >>>", mci); goto endofmessage; } if (e->e_dfino == (ino_t) 0) { struct stat stbuf; if (fstat(fileno(e->e_dfp), &stbuf) < 0) e->e_dfino = -1; else { e->e_dfdev = stbuf.st_dev; e->e_dfino = stbuf.st_ino; } } /* paranoia: the df file should always be in a rewound state */ (void) bfrewind(e->e_dfp); #if MIME8TO7 if (bitset(MCIF_CVT8TO7, mci->mci_flags)) { /* ** Do 8 to 7 bit MIME conversion. */ /* make sure it looks like a MIME message */ if (hvalue("MIME-Version", e->e_header) == NULL) putline("MIME-Version: 1.0", mci); if (hvalue("Content-Type", e->e_header) == NULL) { snprintf(buf, sizeof buf, "Content-Type: text/plain; charset=%s", defcharset(e)); putline(buf, mci); } /* now do the hard work */ boundaries[0] = NULL; mci->mci_flags |= MCIF_INHEADER; (void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER); } # if MIME7TO8 else if (bitset(MCIF_CVT7TO8, mci->mci_flags)) { (void) mime7to8(mci, e->e_header, e); } # endif /* MIME7TO8 */ else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0) { bool oldsuprerrs = SuprErrs; /* Use mime8to7 to check multipart for MIME header overflows */ boundaries[0] = NULL; mci->mci_flags |= MCIF_INHEADER; /* ** If EF_DONT_MIME is set, we have a broken MIME message ** and don't want to generate a new bounce message whose ** body propagates the broken MIME. We can't just not call ** mime8to7() as is done above since we need the security ** checks. The best we can do is suppress the errors. */ if (bitset(EF_DONT_MIME, e->e_flags)) SuprErrs = TRUE; (void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER|M87F_NO8TO7); /* restore SuprErrs */ SuprErrs = oldsuprerrs; } else #endif /* MIME8TO7 */ { int ostate; register char *bp; register char *pbp; register int c; register char *xp; int padc; char *buflim; int pos = 0; char peekbuf[12]; if (bitset(MCIF_INHEADER, mci->mci_flags)) { putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; } /* determine end of buffer; allow for short mailer lines */ buflim = &buf[sizeof buf - 1]; if (mci->mci_mailer->m_linelimit > 0 && mci->mci_mailer->m_linelimit < sizeof buf - 1) buflim = &buf[mci->mci_mailer->m_linelimit - 1]; /* copy temp file to output with mapping */ ostate = OS_HEAD; bp = buf; pbp = peekbuf; while (!ferror(mci->mci_out) && !dead) { if (pbp > peekbuf) c = *--pbp; else if ((c = getc(e->e_dfp)) == EOF) break; if (bitset(MCIF_7BIT, mci->mci_flags)) c &= 0x7f; switch (ostate) { case OS_HEAD: #if _FFR_NONULLS if (c == '\0' && bitnset(M_NONULLS, mci->mci_mailer->m_flags)) break; #endif /* _FFR_NONULLS */ if (c != '\r' && c != '\n' && bp < buflim) { *bp++ = c; break; } /* check beginning of line for special cases */ *bp = '\0'; pos = 0; padc = EOF; if (buf[0] == 'F' && bitnset(M_ESCFROM, mci->mci_mailer->m_flags) && strncmp(buf, "From ", 5) == 0) { padc = '>'; } if (buf[0] == '-' && buf[1] == '-' && separator != NULL) { /* possible separator */ int sl = strlen(separator); if (strncmp(&buf[2], separator, sl) == 0) padc = ' '; } if (buf[0] == '.' && bitnset(M_XDOT, mci->mci_mailer->m_flags)) { padc = '.'; } /* now copy out saved line */ if (TrafficLogFile != NULL) { fprintf(TrafficLogFile, "%05d >>> ", (int) getpid()); if (padc != EOF) (void) putc(padc, TrafficLogFile); for (xp = buf; xp < bp; xp++) (void) putc((unsigned char) *xp, TrafficLogFile); if (c == '\n') (void) fputs(mci->mci_mailer->m_eol, TrafficLogFile); } if (padc != EOF) { if (putc(padc, mci->mci_out) == EOF) { dead = TRUE; continue; } + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } pos++; } for (xp = buf; xp < bp; xp++) { if (putc((unsigned char) *xp, mci->mci_out) == EOF) { dead = TRUE; break; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } } if (dead) continue; if (c == '\n') { if (fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF) break; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } pos = 0; } else { pos += bp - buf; if (c != '\r') *pbp++ = c; } - /* record progress for DATA timeout */ - DataProgress = TRUE; bp = buf; /* determine next state */ if (c == '\n') ostate = OS_HEAD; else if (c == '\r') ostate = OS_CR; else ostate = OS_INLINE; continue; case OS_CR: if (c == '\n') { /* got CRLF */ if (fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF) continue; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } - /* record progress for DATA timeout */ - DataProgress = TRUE; - if (TrafficLogFile != NULL) { (void) fputs(mci->mci_mailer->m_eol, TrafficLogFile); } ostate = OS_HEAD; continue; } /* had a naked carriage return */ *pbp++ = c; c = '\r'; ostate = OS_INLINE; goto putch; case OS_INLINE: if (c == '\r') { ostate = OS_CR; continue; } #if _FFR_NONULLS if (c == '\0' && bitnset(M_NONULLS, mci->mci_mailer->m_flags)) break; #endif /* _FFR_NONULLS */ putch: if (mci->mci_mailer->m_linelimit > 0 && pos >= mci->mci_mailer->m_linelimit - 1 && c != '\n') { int d; /* check next character for EOL */ if (pbp > peekbuf) d = *(pbp - 1); else if ((d = getc(e->e_dfp)) != EOF) *pbp++ = d; if (d == '\n' || d == EOF) { if (TrafficLogFile != NULL) (void) putc((unsigned char) c, TrafficLogFile); if (putc((unsigned char) c, mci->mci_out) == EOF) { dead = TRUE; continue; } + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } pos++; continue; } if (putc('!', mci->mci_out) == EOF || fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF) { dead = TRUE; continue; } + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } - /* record progress for DATA timeout */ - DataProgress = TRUE; - if (TrafficLogFile != NULL) { fprintf(TrafficLogFile, "!%s", mci->mci_mailer->m_eol); } ostate = OS_HEAD; *pbp++ = c; continue; } if (c == '\n') { if (TrafficLogFile != NULL) (void) fputs(mci->mci_mailer->m_eol, TrafficLogFile); if (fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF) continue; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } pos = 0; ostate = OS_HEAD; } else { if (TrafficLogFile != NULL) (void) putc((unsigned char) c, TrafficLogFile); if (putc((unsigned char) c, mci->mci_out) == EOF) { dead = TRUE; continue; } + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } pos++; ostate = OS_INLINE; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; break; } } /* make sure we are at the beginning of a line */ if (bp > buf) { if (TrafficLogFile != NULL) { for (xp = buf; xp < bp; xp++) (void) putc((unsigned char) *xp, TrafficLogFile); } for (xp = buf; xp < bp; xp++) { if (putc((unsigned char) *xp, mci->mci_out) == EOF) { dead = TRUE; break; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } } pos += bp - buf; } if (!dead && pos > 0) { if (TrafficLogFile != NULL) (void) fputs(mci->mci_mailer->m_eol, TrafficLogFile); (void) fputs(mci->mci_mailer->m_eol, mci->mci_out); /* record progress for DATA timeout */ DataProgress = TRUE; } } if (ferror(e->e_dfp)) { syserr("putbody: %s/df%s: read error", qid_printqueue(e->e_queuedir), e->e_id); ExitStat = EX_IOERR; } endofmessage: /* ** Since mailfile() uses e_dfp in a child process, ** the file offset in the stdio library for the ** parent process will not agree with the in-kernel ** file offset since the file descriptor is shared ** between the processes. Therefore, it is vital ** that the file always be rewound. This forces the ** kernel offset (lseek) and stdio library (ftell) ** offset to match. */ if (e->e_dfp != NULL) (void) bfrewind(e->e_dfp); /* some mailers want extra blank line at end of message */ if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) && buf[0] != '\0' && buf[0] != '\n') putline("", mci); (void) fflush(mci->mci_out); if (ferror(mci->mci_out) && errno != EPIPE) { syserr("putbody: write error"); ExitStat = EX_IOERR; } errno = 0; } /* ** MAILFILE -- Send a message to a file. ** ** If the file has the setuid/setgid bits set, but NO execute ** bits, sendmail will try to become the owner of that file ** rather than the real user. Obviously, this only works if ** sendmail runs as root. ** ** This could be done as a subordinate mailer, except that it ** is used implicitly to save messages in ~/dead.letter. We ** view this as being sufficiently important as to include it ** here. For example, if the system is dying, we shouldn't have ** to create another process plus some pipes to save the message. ** ** Parameters: ** filename -- the name of the file to send to. ** mailer -- mailer definition for recipient -- if NULL, ** use FileMailer. ** ctladdr -- the controlling address header -- includes ** the userid/groupid to be when sending. ** sfflags -- flags for opening. ** e -- the current envelope. ** ** Returns: ** The exit code associated with the operation. ** ** Side Effects: ** none. */ static jmp_buf CtxMailfileTimeout; int mailfile(filename, mailer, ctladdr, sfflags, e) char *volatile filename; MAILER *volatile mailer; ADDRESS *ctladdr; volatile long sfflags; register ENVELOPE *e; { register FILE *f; register pid_t pid = -1; volatile int mode; int len; off_t curoff; bool suidwarn = geteuid() == 0; char *p; char *volatile realfile; EVENT *ev; char buf[MAXLINE + 1]; char targetfile[MAXPATHLEN + 1]; if (tTd(11, 1)) { dprintf("mailfile %s\n ctladdr=", filename); printaddr(ctladdr, FALSE); } if (mailer == NULL) mailer = FileMailer; if (e->e_xfp != NULL) (void) fflush(e->e_xfp); /* ** Special case /dev/null. This allows us to restrict file ** delivery to regular files only. */ if (strcmp(filename, "/dev/null") == 0) return EX_OK; /* check for 8-bit available */ if (bitset(EF_HAS8BIT, e->e_flags) && bitnset(M_7BITS, mailer->m_flags) && (bitset(EF_DONT_MIME, e->e_flags) || !(bitset(MM_MIME8BIT, MimeMode) || (bitset(EF_IS_MIME, e->e_flags) && bitset(MM_CVTMIME, MimeMode))))) { e->e_status = "5.6.3"; usrerrenh(e->e_status, "554 Cannot send 8-bit data to 7-bit destination"); return EX_DATAERR; } /* Find the actual file */ if (SafeFileEnv != NULL && SafeFileEnv[0] != '\0') { len = strlen(SafeFileEnv); if (strncmp(SafeFileEnv, filename, len) == 0) filename += len; if (len + strlen(filename) + 1 > MAXPATHLEN) { syserr("mailfile: filename too long (%s/%s)", SafeFileEnv, filename); return EX_CANTCREAT; } (void) strlcpy(targetfile, SafeFileEnv, sizeof targetfile); realfile = targetfile + len; if (targetfile[len - 1] != '/') (void) strlcat(targetfile, "/", sizeof targetfile); if (*filename == '/') filename++; (void) strlcat(targetfile, filename, sizeof targetfile); } else if (mailer->m_rootdir != NULL) { expand(mailer->m_rootdir, targetfile, sizeof targetfile, e); len = strlen(targetfile); if (strncmp(targetfile, filename, len) == 0) filename += len; if (len + strlen(filename) + 1 > MAXPATHLEN) { syserr("mailfile: filename too long (%s/%s)", targetfile, filename); return EX_CANTCREAT; } realfile = targetfile + len; if (targetfile[len - 1] != '/') (void) strlcat(targetfile, "/", sizeof targetfile); if (*filename == '/') (void) strlcat(targetfile, filename + 1, sizeof targetfile); else (void) strlcat(targetfile, filename, sizeof targetfile); } else { if (strlen(filename) > MAXPATHLEN) { syserr("mailfile: filename too long (%s)", filename); return EX_CANTCREAT; } (void) strlcpy(targetfile, filename, sizeof targetfile); realfile = targetfile; } /* ** Fork so we can change permissions here. ** Note that we MUST use fork, not vfork, because of ** the complications of calling subroutines, etc. */ DOFORK(fork); if (pid < 0) return EX_OSERR; else if (pid == 0) { /* child -- actually write to file */ struct stat stb; MCI mcibuf; int err; volatile int oflags = O_WRONLY|O_APPEND; if (e->e_lockfp != NULL) (void) close(fileno(e->e_lockfp)); (void) setsignal(SIGINT, SIG_DFL); (void) setsignal(SIGHUP, SIG_DFL); (void) setsignal(SIGTERM, SIG_DFL); (void) umask(OldUmask); e->e_to = filename; ExitStat = EX_OK; if (setjmp(CtxMailfileTimeout) != 0) { exit(EX_TEMPFAIL); } if (TimeOuts.to_fileopen > 0) ev = setevent(TimeOuts.to_fileopen, mailfiletimeout, 0); else ev = NULL; /* check file mode to see if setuid */ if (stat(targetfile, &stb) < 0) mode = FileMode; else mode = stb.st_mode; /* limit the errors to those actually caused in the child */ errno = 0; ExitStat = EX_OK; /* Allow alias expansions to use the S_IS{U,G}ID bits */ if ((ctladdr != NULL && !bitset(QALIAS, ctladdr->q_flags)) || bitset(SFF_RUNASREALUID, sfflags)) { /* ignore setuid and setgid bits */ mode &= ~(S_ISGID|S_ISUID); if (tTd(11, 20)) dprintf("mailfile: ignoring setuid/setgid bits\n"); } /* we have to open the dfile BEFORE setuid */ if (e->e_dfp == NULL && bitset(EF_HAS_DF, e->e_flags)) { char *df = queuename(e, 'd'); e->e_dfp = fopen(df, "r"); if (e->e_dfp == NULL) { syserr("mailfile: Cannot open %s for %s from %s", df, e->e_to, e->e_from.q_paddr); } } /* select a new user to run as */ if (!bitset(SFF_RUNASREALUID, sfflags)) { if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) { RealUserName = NULL; RealUid = mailer->m_uid; if (RunAsUid != 0 && RealUid != RunAsUid) { /* Only root can change the uid */ syserr("mailfile: insufficient privileges to change uid"); exit(EX_TEMPFAIL); } } else if (bitset(S_ISUID, mode)) { RealUserName = NULL; RealUid = stb.st_uid; } else if (ctladdr != NULL && ctladdr->q_uid != 0) { if (ctladdr->q_ruser != NULL) RealUserName = ctladdr->q_ruser; else RealUserName = ctladdr->q_user; RealUid = ctladdr->q_uid; } else if (mailer != NULL && mailer->m_uid != 0) { RealUserName = DefUser; RealUid = mailer->m_uid; } else { RealUserName = DefUser; RealUid = DefUid; } /* select a new group to run as */ if (bitnset(M_SPECIFIC_UID, mailer->m_flags)) { RealGid = mailer->m_gid; if (RunAsUid != 0 && (RealGid != getgid() || RealGid != getegid())) { /* Only root can change the gid */ syserr("mailfile: insufficient privileges to change gid"); exit(EX_TEMPFAIL); } } else if (bitset(S_ISGID, mode)) RealGid = stb.st_gid; - else if (ctladdr != NULL && ctladdr->q_uid != 0) - RealGid = ctladdr->q_gid; else if (ctladdr != NULL && ctladdr->q_uid == DefUid && ctladdr->q_gid == 0) + { + /* + ** Special case: This means it is an + ** alias and we should act as DefaultUser. + ** See alias()'s comments. + */ + RealGid = DefGid; + RealUserName = DefUser; + } + else if (ctladdr != NULL && ctladdr->q_uid != 0) + RealGid = ctladdr->q_gid; else if (mailer != NULL && mailer->m_gid != 0) RealGid = mailer->m_gid; else RealGid = DefGid; } /* last ditch */ if (!bitset(SFF_ROOTOK, sfflags)) { if (RealUid == 0) RealUid = DefUid; if (RealGid == 0) RealGid = DefGid; } /* set group id list (needs /etc/group access) */ if (RealUserName != NULL && !DontInitGroups) { if (initgroups(RealUserName, RealGid) == -1 && suidwarn) { syserr("mailfile: initgroups(%s, %d) failed", RealUserName, RealGid); exit(EX_TEMPFAIL); } } else { GIDSET_T gidset[1]; gidset[0] = RealGid; if (setgroups(1, gidset) == -1 && suidwarn) { syserr("mailfile: setgroups() failed"); exit(EX_TEMPFAIL); } } /* ** If you have a safe environment, go into it. */ if (realfile != targetfile) { *realfile = '\0'; if (tTd(11, 20)) dprintf("mailfile: chroot %s\n", targetfile); if (chroot(targetfile) < 0) { syserr("mailfile: Cannot chroot(%s)", targetfile); exit(EX_CANTCREAT); } *realfile = '/'; } if (tTd(11, 40)) dprintf("mailfile: deliver to %s\n", realfile); if (chdir("/") < 0) { syserr("mailfile: cannot chdir(/)"); exit(EX_CANTCREAT); } /* now reset the group and user ids */ endpwent(); if (setgid(RealGid) < 0 && suidwarn) { syserr("mailfile: setgid(%ld) failed", (long) RealGid); exit(EX_TEMPFAIL); } vendor_set_uid(RealUid); if (setuid(RealUid) < 0 && suidwarn) { syserr("mailfile: setuid(%ld) failed", (long) RealUid); exit(EX_TEMPFAIL); } if (tTd(11, 2)) dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n", (int) getuid(), (int) geteuid(), (int) getgid(), (int) getegid()); /* move into some "safe" directory */ if (mailer->m_execdir != NULL) { char *q; for (p = mailer->m_execdir; p != NULL; p = q) { q = strchr(p, ':'); if (q != NULL) *q = '\0'; expand(p, buf, sizeof buf, e); if (q != NULL) *q++ = ':'; if (tTd(11, 20)) dprintf("mailfile: trydir %s\n", buf); if (buf[0] != '\0' && chdir(buf) >= 0) break; } } /* ** Recheck the file after we have assumed the ID of the ** delivery user to make sure we can deliver to it as ** that user. This is necessary if sendmail is running ** as root and the file is on an NFS mount which treats ** root as nobody. */ #if HASLSTAT if (bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) err = stat(realfile, &stb); else err = lstat(realfile, &stb); #else /* HASLSTAT */ err = stat(realfile, &stb); #endif /* HASLSTAT */ if (err < 0) { stb.st_mode = ST_MODE_NOFILE; mode = FileMode; oflags |= O_CREAT|O_EXCL; } else if (bitset(S_IXUSR|S_IXGRP|S_IXOTH, mode) || (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail) && stb.st_nlink != 1) || (realfile != targetfile && !S_ISREG(mode))) exit(EX_CANTCREAT); else mode = stb.st_mode; if (!bitnset(DBS_FILEDELIVERYTOSYMLINK, DontBlameSendmail)) sfflags |= SFF_NOSLINK; if (!bitnset(DBS_FILEDELIVERYTOHARDLINK, DontBlameSendmail)) sfflags |= SFF_NOHLINK; sfflags &= ~SFF_OPENASROOT; f = safefopen(realfile, oflags, mode, sfflags); if (f == NULL) { if (transienterror(errno)) { usrerr("454 4.3.0 cannot open %s: %s", shortenstring(realfile, MAXSHORTSTR), errstring(errno)); exit(EX_TEMPFAIL); } else { usrerr("554 5.3.0 cannot open %s: %s", shortenstring(realfile, MAXSHORTSTR), errstring(errno)); exit(EX_CANTCREAT); } } if (filechanged(realfile, fileno(f), &stb)) { syserr("554 5.3.0 file changed after open"); exit(EX_CANTCREAT); } if (fstat(fileno(f), &stb) < 0) { syserr("554 5.3.0 cannot fstat %s", errstring(errno)); exit(EX_CANTCREAT); } curoff = stb.st_size; if (ev != NULL) clrevent(ev); memset(&mcibuf, '\0', sizeof mcibuf); mcibuf.mci_mailer = mailer; mcibuf.mci_out = f; if (bitnset(M_7BITS, mailer->m_flags)) mcibuf.mci_flags |= MCIF_7BIT; /* clear out per-message flags from connection structure */ mcibuf.mci_flags &= ~(MCIF_CVT7TO8|MCIF_CVT8TO7); if (bitset(EF_HAS8BIT, e->e_flags) && !bitset(EF_DONT_MIME, e->e_flags) && bitnset(M_7BITS, mailer->m_flags)) mcibuf.mci_flags |= MCIF_CVT8TO7; #if MIME7TO8 if (bitnset(M_MAKE8BIT, mailer->m_flags) && !bitset(MCIF_7BIT, mcibuf.mci_flags) && (p = hvalue("Content-Transfer-Encoding", e->e_header)) != NULL && (strcasecmp(p, "quoted-printable") == 0 || strcasecmp(p, "base64") == 0) && (p = hvalue("Content-Type", e->e_header)) != NULL) { /* may want to convert 7 -> 8 */ /* XXX should really parse it here -- and use a class XXX */ if (strncasecmp(p, "text/plain", 10) == 0 && (p[10] == '\0' || p[10] == ' ' || p[10] == ';')) mcibuf.mci_flags |= MCIF_CVT7TO8; } #endif /* MIME7TO8 */ putfromline(&mcibuf, e); (*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER); (*e->e_putbody)(&mcibuf, e, NULL); putline("\n", &mcibuf); if (fflush(f) < 0 || (SuperSafe && fsync(fileno(f)) < 0) || ferror(f)) { setstat(EX_IOERR); #if !NOFTRUNCATE (void) ftruncate(fileno(f), curoff); #endif /* !NOFTRUNCATE */ } /* reset ISUID & ISGID bits for paranoid systems */ #if HASFCHMOD (void) fchmod(fileno(f), (MODE_T) mode); #else /* HASFCHMOD */ (void) chmod(filename, (MODE_T) mode); #endif /* HASFCHMOD */ if (fclose(f) < 0) setstat(EX_IOERR); (void) fflush(stdout); (void) setuid(RealUid); exit(ExitStat); /* NOTREACHED */ } else { /* parent -- wait for exit status */ int st; st = waitfor(pid); if (st == -1) { syserr("mailfile: %s: wait", mailer->m_name); return EX_SOFTWARE; } if (WIFEXITED(st)) return (WEXITSTATUS(st)); else { syserr("mailfile: %s: child died on signal %d", mailer->m_name, st); return EX_UNAVAILABLE; } /* NOTREACHED */ } return EX_UNAVAILABLE; /* avoid compiler warning on IRIX */ } static void mailfiletimeout() { longjmp(CtxMailfileTimeout, 1); } /* ** HOSTSIGNATURE -- return the "signature" for a host. ** ** The signature describes how we are going to send this -- it ** can be just the hostname (for non-Internet hosts) or can be ** an ordered list of MX hosts. ** ** Parameters: ** m -- the mailer describing this host. ** host -- the host name. ** ** Returns: ** The signature for this host. ** ** Side Effects: ** Can tweak the symbol table. */ #define MAXHOSTSIGNATURE 8192 /* max len of hostsignature */ static char * hostsignature(m, host) register MAILER *m; char *host; { register char *p; register STAB *s; #if NAMED_BIND char sep = ':'; char prevsep = ':'; int i; int len; int nmx; int hl; + time_t now; char *hp; char *endp; int oldoptions = _res.options; char *mxhosts[MAXMXHOSTS + 1]; u_short mxprefs[MAXMXHOSTS + 1]; #endif /* NAMED_BIND */ if (tTd(17, 3)) dprintf("hostsignature(%s)\n", host); /* ** If local delivery, just return a constant. */ if (bitnset(M_LOCALMAILER, m->m_flags)) return "localhost"; /* ** Check to see if this uses IPC -- if not, it can't have MX records. */ p = m->m_mailer; if (strcmp(p, "[IPC]") != 0 && strcmp(p, "[TCP]") != 0) { /* just an ordinary mailer */ return host; } #if NETUNIX else if (m->m_argv[0] != NULL && strcmp(m->m_argv[0], "FILE") == 0) { /* rendezvous in the file system, no MX records */ return host; } #endif /* NETUNIX */ /* ** Look it up in the symbol table. */ s = stab(host, ST_HOSTSIG, ST_ENTER); if (s->s_hostsig != NULL) { if (tTd(17, 3)) dprintf("hostsignature(): stab(%s) found %s\n", host, s->s_hostsig); return s->s_hostsig; } /* ** Not already there -- create a signature. */ #if NAMED_BIND if (ConfigLevel < 2) _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ + now = curtime(); for (hp = host; hp != NULL; hp = endp) { #if NETINET6 if (*hp == '[') { endp = strchr(hp + 1, ']'); if (endp != NULL) endp = strpbrk(endp + 1, ":,"); } else endp = strpbrk(hp, ":,"); #else /* NETINET6 */ endp = strpbrk(hp, ":,"); #endif /* NETINET6 */ if (endp != NULL) { sep = *endp; *endp = '\0'; } if (bitnset(M_NOMX, m->m_flags)) { /* skip MX lookups */ nmx = 1; mxhosts[0] = hp; } else { auto int rcode; nmx = getmxrr(hp, mxhosts, mxprefs, TRUE, &rcode); if (nmx <= 0) { register MCI *mci; /* update the connection info for this host */ mci = mci_get(hp, m); mci->mci_errno = errno; mci->mci_herrno = h_errno; - mci->mci_lastuse = curtime(); + mci->mci_lastuse = now; if (rcode == EX_NOHOST) mci_setstat(mci, rcode, "5.1.2", "550 Host unknown"); else mci_setstat(mci, rcode, NULL, NULL); /* use the original host name as signature */ nmx = 1; mxhosts[0] = hp; } if (tTd(17, 3)) dprintf("hostsignature(): getmxrr() returned %d, mxhosts[0]=%s\n", nmx, mxhosts[0]); } len = 0; for (i = 0; i < nmx; i++) len += strlen(mxhosts[i]) + 1; if (s->s_hostsig != NULL) len += strlen(s->s_hostsig) + 1; if (len >= MAXHOSTSIGNATURE) { sm_syslog(LOG_WARNING, NOQID, "hostsignature for host '%s' exceeds maxlen (%d): %d", host, MAXHOSTSIGNATURE, len); len = MAXHOSTSIGNATURE; } p = xalloc(len); if (s->s_hostsig != NULL) { (void) strlcpy(p, s->s_hostsig, len); free(s->s_hostsig); s->s_hostsig = p; hl = strlen(p); p += hl; *p++ = prevsep; len -= hl + 1; } else s->s_hostsig = p; for (i = 0; i < nmx; i++) { hl = strlen(mxhosts[i]); if (len - 1 < hl || len <= 1) { /* force to drop out of outer loop */ len = -1; break; } if (i != 0) { if (mxprefs[i] == mxprefs[i - 1]) *p++ = ','; else *p++ = ':'; len--; } (void) strlcpy(p, mxhosts[i], len); p += hl; len -= hl; } /* ** break out of loop if len exceeded MAXHOSTSIGNATURE ** because we won't have more space for further hosts ** anyway (separated by : in the .cf file). */ if (len < 0) break; if (endp != NULL) *endp++ = sep; prevsep = sep; } makelower(s->s_hostsig); if (ConfigLevel < 2) _res.options = oldoptions; #else /* NAMED_BIND */ /* not using BIND -- the signature is just the host name */ s->s_hostsig = host; #endif /* NAMED_BIND */ if (tTd(17, 1)) dprintf("hostsignature(%s) = %s\n", host, s->s_hostsig); return s->s_hostsig; } /* ** PARSE_HOSTSIGNATURE -- parse the "signature" and return MX host array. ** ** The signature describes how we are going to send this -- it ** can be just the hostname (for non-Internet hosts) or can be ** an ordered list of MX hosts which must be randomized for equal ** MX preference values. ** ** Parameters: ** sig -- the host signature. ** mxhosts -- array to populate. ** ** Returns: ** The number of hosts inserted into mxhosts array. ** ** Side Effects: ** Randomizes equal MX preference hosts in mxhosts. */ static int parse_hostsignature(sig, mxhosts, mailer) char *sig; char **mxhosts; MAILER *mailer; { int nmx = 0; int curpref = 0; int i, j; char *hp, *endp; u_short prefer[MAXMXHOSTS]; long rndm[MAXMXHOSTS]; for (hp = sig; hp != NULL; hp = endp) { char sep = ':'; #if NETINET6 if (*hp == '[') { endp = strchr(hp + 1, ']'); if (endp != NULL) endp = strpbrk(endp + 1, ":,"); } else endp = strpbrk(hp, ":,"); #else /* NETINET6 */ endp = strpbrk(hp, ":,"); #endif /* NETINET6 */ if (endp != NULL) { sep = *endp; *endp = '\0'; } mxhosts[nmx] = hp; prefer[nmx] = curpref; if (mci_match(hp, mailer)) rndm[nmx] = 0; else rndm[nmx] = get_random(); if (endp != NULL) { /* ** Since we don't have the original MX prefs, ** make our own. If the separator is a ':', that ** means the preference for the next host will be ** higher than this one, so simply increment curpref. */ if (sep == ':') curpref++; *endp++ = sep; } if (++nmx >= MAXMXHOSTS) break; } /* sort the records using the random factor for equal preferences */ for (i = 0; i < nmx; i++) { for (j = i + 1; j < nmx; j++) { /* ** List is already sorted by MX preference, only ** need to look for equal preference MX records */ if (prefer[i] < prefer[j]) break; if (prefer[i] > prefer[j] || (prefer[i] == prefer[j] && rndm[i] > rndm[j])) { register u_short tempp; register long tempr; register char *temp1; tempp = prefer[i]; prefer[i] = prefer[j]; prefer[j] = tempp; temp1 = mxhosts[i]; mxhosts[i] = mxhosts[j]; mxhosts[j] = temp1; tempr = rndm[i]; rndm[i] = rndm[j]; rndm[j] = tempr; } } } return nmx; } #if SMTP # if STARTTLS static SSL_CTX *clt_ctx = NULL; /* ** INITCLTTLS -- initialize client side TLS ** ** Parameters: ** none. ** ** Returns: ** succeeded? */ bool initclttls() { if (clt_ctx != NULL) return TRUE; /* already done */ return inittls(&clt_ctx, TLS_I_CLT, FALSE, CltCERTfile, Cltkeyfile, CACERTpath, CACERTfile, DHParams); } /* ** STARTTLS -- try to start secure connection (client side) ** ** Parameters: ** m -- the mailer. ** mci -- the mailer connection info. ** e -- the envelope. ** ** Returns: ** success? ** (maybe this should be some other code than EX_ ** that denotes which stage failed.) */ static int starttls(m, mci, e) MAILER *m; MCI *mci; ENVELOPE *e; { int smtpresult; int result = 0; int rfd, wfd; SSL *clt_ssl = NULL; if (clt_ctx == NULL && !initclttls()) return EX_TEMPFAIL; smtpmessage("STARTTLS", m, mci); /* get the reply */ smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, NULL, NULL); /* which timeout? XXX */ /* check return code from server */ if (smtpresult == 454) return EX_TEMPFAIL; if (smtpresult == 501) return EX_USAGE; if (smtpresult == -1) return smtpresult; if (smtpresult != 220) return EX_PROTOCOL; if (LogLevel > 13) sm_syslog(LOG_INFO, e->e_id, "TLS: start client"); /* start connection */ if ((clt_ssl = SSL_new(clt_ctx)) == NULL) { if (LogLevel > 5) { sm_syslog(LOG_ERR, e->e_id, "TLS: error: client: SSL_new failed"); if (LogLevel > 9) tlslogerr(); } return EX_SOFTWARE; } rfd = fileno(mci->mci_in); wfd = fileno(mci->mci_out); /* SSL_clear(clt_ssl); ? */ if (rfd < 0 || wfd < 0 || (result = SSL_set_rfd(clt_ssl, rfd)) <= 0 || (result = SSL_set_wfd(clt_ssl, wfd)) <= 0) { if (LogLevel > 5) { sm_syslog(LOG_ERR, e->e_id, "TLS: error: SSL_set_xfd failed=%d", result); if (LogLevel > 9) tlslogerr(); } return EX_SOFTWARE; } SSL_set_connect_state(clt_ssl); if ((result = SSL_connect(clt_ssl)) <= 0) { int i; /* what to do in this case? */ i = SSL_get_error(clt_ssl, result); if (LogLevel > 5) { sm_syslog(LOG_ERR, e->e_id, "TLS: error: SSL_connect failed=%d (%d)", result, i); if (LogLevel > 9) tlslogerr(); } SSL_free(clt_ssl); clt_ssl = NULL; return EX_SOFTWARE; } mci->mci_ssl = clt_ssl; - result = tls_get_info(clt_ssl, e, FALSE, mci->mci_host); + result = tls_get_info(clt_ssl, e, FALSE, mci->mci_host, TRUE); /* switch to use SSL... */ #if SFIO if (sfdctls(mci->mci_in, mci->mci_out, mci->mci_ssl) == 0) return EX_OK; #else /* SFIO */ # if _FFR_TLS_TOREK if (sfdctls(&mci->mci_in, &mci->mci_out, mci->mci_ssl) == 0) return EX_OK; # endif /* _FFR_TLS_TOREK */ #endif /* SFIO */ /* failure */ SSL_free(clt_ssl); clt_ssl = NULL; return EX_SOFTWARE; } /* ** ENDTLSCLT -- shutdown secure connection (client side) ** ** Parameters: ** mci -- the mailer connection info. ** ** Returns: ** success? */ int endtlsclt(mci) MCI *mci; { int r; if (!bitset(MCIF_TLSACT, mci->mci_flags)) return EX_OK; r = endtls(mci->mci_ssl, "client"); mci->mci_flags &= ~MCIF_TLSACT; return r; } /* ** ENDTLS -- shutdown secure connection ** ** Parameters: ** ssl -- SSL connection information. ** side -- srv/clt (for logging). ** ** Returns: ** success? */ int endtls(ssl, side) SSL *ssl; char *side; { if (ssl != NULL) { int r; if ((r = SSL_shutdown(ssl)) < 0) { if (LogLevel > 11) sm_syslog(LOG_WARNING, NOQID, "SSL_shutdown %s failed: %d", side, r); return EX_SOFTWARE; } else if (r == 0) { if (LogLevel > 13) sm_syslog(LOG_WARNING, NOQID, "SSL_shutdown %s not done", side); return EX_SOFTWARE; } SSL_free(ssl); ssl = NULL; } return EX_OK; } # endif /* STARTTLS */ #endif /* SMTP */ Index: stable/4/contrib/sendmail/src/domain.c =================================================================== --- stable/4/contrib/sendmail/src/domain.c (revision 71887) +++ stable/4/contrib/sendmail/src/domain.c (revision 71888) @@ -1,1048 +1,1075 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1986, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #ifndef lint # if NAMED_BIND -static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.3 2000/06/13 18:00:08 gshapiro Exp $ (with name server)"; +static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.6 2000/12/19 02:50:33 gshapiro Exp $ (with name server)"; # else /* NAMED_BIND */ -static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.3 2000/06/13 18:00:08 gshapiro Exp $ (without name server)"; +static char id[] = "@(#)$Id: domain.c,v 8.114.6.1.2.6 2000/12/19 02:50:33 gshapiro Exp $ (without name server)"; # endif /* NAMED_BIND */ #endif /* ! lint */ #if NAMED_BIND # include /* ** The standard udp packet size PACKETSZ (512) is not sufficient for some ** nameserver answers containing very many resource records. The resolver ** may switch to tcp and retry if it detects udp packet overflow. ** Also note that the resolver routines res_query and res_search return ** the size of the *un*truncated answer in case the supplied answer buffer ** it not big enough to accommodate the entire answer. */ # ifndef MAXPACKET # define MAXPACKET 8192 /* max packet size used internally by BIND */ # endif /* ! MAXPACKET */ typedef union { HEADER qb1; u_char qb2[MAXPACKET]; } querybuf; # ifndef MXHOSTBUFSIZE # define MXHOSTBUFSIZE (128 * MAXMXHOSTS) # endif /* ! MXHOSTBUFSIZE */ static char MXHostBuf[MXHOSTBUFSIZE]; # ifndef MAXDNSRCH # define MAXDNSRCH 6 /* number of possible domains to search */ # endif /* ! MAXDNSRCH */ # ifndef RES_DNSRCH_VARIABLE # define RES_DNSRCH_VARIABLE _res.dnsrch # endif /* ! RES_DNSRCH_VARIABLE */ # ifndef MAX # define MAX(a, b) ((a) > (b) ? (a) : (b)) # endif /* ! MAX */ # ifndef NO_DATA # define NO_DATA NO_ADDRESS # endif /* ! NO_DATA */ # ifndef HFIXEDSZ # define HFIXEDSZ 12 /* sizeof(HEADER) */ # endif /* ! HFIXEDSZ */ # define MAXCNAMEDEPTH 10 /* maximum depth of CNAME recursion */ # if defined(__RES) && (__RES >= 19940415) # define RES_UNC_T char * # else /* defined(__RES) && (__RES >= 19940415) */ # define RES_UNC_T u_char * # endif /* defined(__RES) && (__RES >= 19940415) */ static char *gethostalias __P((char *)); static int mxrand __P((char *)); /* ** GETMXRR -- get MX resource records for a domain ** ** Parameters: ** host -- the name of the host to MX. ** mxhosts -- a pointer to a return buffer of MX records. ** mxprefs -- a pointer to a return buffer of MX preferences. ** If NULL, don't try to populate. ** droplocalhost -- If TRUE, all MX records less preferred ** than the local host (as determined by $=w) will ** be discarded. ** rcode -- a pointer to an EX_ status code. ** ** Returns: ** The number of MX records found. ** -1 if there is an internal failure. ** If no MX records are found, mxhosts[0] is set to host ** and 1 is returned. */ int getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode) char *host; char **mxhosts; u_short *mxprefs; bool droplocalhost; int *rcode; { register u_char *eom, *cp; register int i, j, n; int nmx = 0; register char *bp; HEADER *hp; querybuf answer; int ancount, qdcount, buflen; bool seenlocal = FALSE; u_short pref, type; u_short localpref = 256; char *fallbackMX = FallBackMX; bool trycanon = FALSE; u_short *prefs; int (*resfunc)(); u_short prefer[MAXMXHOSTS]; int weight[MAXMXHOSTS]; extern int res_query(), res_search(); if (tTd(8, 2)) dprintf("getmxrr(%s, droplocalhost=%d)\n", host, droplocalhost); if (fallbackMX != NULL && droplocalhost && wordinclass(fallbackMX, 'w')) { /* don't use fallback for this pass */ fallbackMX = NULL; } *rcode = EX_OK; if (mxprefs != NULL) prefs = mxprefs; else prefs = prefer; /* efficiency hack -- numeric or non-MX lookups */ if (host[0] == '[') goto punt; /* ** If we don't have MX records in our host switch, don't ** try for MX records. Note that this really isn't "right", ** since we might be set up to try NIS first and then DNS; ** if the host is found in NIS we really shouldn't be doing ** MX lookups. However, that should be a degenerate case. */ if (!UseNameServer) goto punt; if (HasWildcardMX && ConfigLevel >= 6) resfunc = res_query; else resfunc = res_search; errno = 0; n = (*resfunc)(host, C_IN, T_MX, (u_char *) &answer, sizeof(answer)); if (n < 0) { if (tTd(8, 1)) dprintf("getmxrr: res_search(%s) failed (errno=%d, h_errno=%d)\n", (host == NULL) ? "" : host, errno, h_errno); switch (h_errno) { case NO_DATA: trycanon = TRUE; /* FALLTHROUGH */ case NO_RECOVERY: /* no MX data on this host */ goto punt; case HOST_NOT_FOUND: # if BROKEN_RES_SEARCH case 0: /* Ultrix resolver retns failure w/ h_errno=0 */ # endif /* BROKEN_RES_SEARCH */ /* host doesn't exist in DNS; might be in /etc/hosts */ trycanon = TRUE; *rcode = EX_NOHOST; goto punt; case TRY_AGAIN: case -1: /* couldn't connect to the name server */ if (fallbackMX != NULL) { /* name server is hosed -- push to fallback */ if (nmx > 0) prefs[nmx] = prefs[nmx - 1] + 1; else prefs[nmx] = 0; mxhosts[nmx++] = fallbackMX; return nmx; } /* it might come up later; better queue it up */ *rcode = EX_TEMPFAIL; break; default: syserr("getmxrr: res_search (%s) failed with impossible h_errno (%d)\n", host, h_errno); *rcode = EX_OSERR; break; } /* irreconcilable differences */ return -1; } /* avoid problems after truncation in tcp packets */ if (n > sizeof(answer)) n = sizeof(answer); /* find first satisfactory answer */ hp = (HEADER *)&answer; cp = (u_char *)&answer + HFIXEDSZ; eom = (u_char *)&answer + n; for (qdcount = ntohs((u_short)hp->qdcount); qdcount--; cp += n + QFIXEDSZ) { if ((n = dn_skipname(cp, eom)) < 0) goto punt; } buflen = sizeof(MXHostBuf) - 1; bp = MXHostBuf; ancount = ntohs((u_short)hp->ancount); while (--ancount >= 0 && cp < eom && nmx < MAXMXHOSTS - 1) { if ((n = dn_expand((u_char *)&answer, eom, cp, (RES_UNC_T) bp, buflen)) < 0) break; cp += n; GETSHORT(type, cp); cp += INT16SZ + INT32SZ; GETSHORT(n, cp); if (type != T_MX) { if (tTd(8, 8) || _res.options & RES_DEBUG) dprintf("unexpected answer type %d, size %d\n", type, n); cp += n; continue; } GETSHORT(pref, cp); if ((n = dn_expand((u_char *)&answer, eom, cp, (RES_UNC_T) bp, buflen)) < 0) break; cp += n; if (wordinclass(bp, 'w')) { if (tTd(8, 3)) dprintf("found localhost (%s) in MX list, pref=%d\n", bp, pref); if (droplocalhost) { if (!seenlocal || pref < localpref) localpref = pref; seenlocal = TRUE; continue; } weight[nmx] = 0; } else weight[nmx] = mxrand(bp); prefs[nmx] = pref; mxhosts[nmx++] = bp; n = strlen(bp); bp += n; if (bp[-1] != '.') { *bp++ = '.'; n++; } *bp++ = '\0'; buflen -= n + 1; } /* sort the records */ for (i = 0; i < nmx; i++) { for (j = i + 1; j < nmx; j++) { if (prefs[i] > prefs[j] || (prefs[i] == prefs[j] && weight[i] > weight[j])) { register int temp; register char *temp1; temp = prefs[i]; prefs[i] = prefs[j]; prefs[j] = temp; temp1 = mxhosts[i]; mxhosts[i] = mxhosts[j]; mxhosts[j] = temp1; temp = weight[i]; weight[i] = weight[j]; weight[j] = temp; } } if (seenlocal && prefs[i] >= localpref) { /* truncate higher preference part of list */ nmx = i; } } /* delete duplicates from list (yes, some bozos have duplicates) */ for (i = 0; i < nmx - 1; ) { if (strcasecmp(mxhosts[i], mxhosts[i + 1]) != 0) i++; else { /* compress out duplicate */ for (j = i + 1; j < nmx; j++) { mxhosts[j] = mxhosts[j + 1]; prefs[j] = prefs[j + 1]; } nmx--; } } if (nmx == 0) { punt: if (seenlocal) { struct hostent *h = NULL; /* ** If we have deleted all MX entries, this is ** an error -- we should NEVER send to a host that ** has an MX, and this should have been caught ** earlier in the config file. ** ** Some sites prefer to go ahead and try the ** A record anyway; that case is handled by ** setting TryNullMXList. I believe this is a ** bad idea, but it's up to you.... */ if (TryNullMXList) { h_errno = 0; errno = 0; h = sm_gethostbyname(host, AF_INET); if (h == NULL) { if (errno == ETIMEDOUT || h_errno == TRY_AGAIN || (errno == ECONNREFUSED && UseNameServer)) { *rcode = EX_TEMPFAIL; return -1; } # if NETINET6 h_errno = 0; errno = 0; h = sm_gethostbyname(host, AF_INET6); if (h == NULL && (errno == ETIMEDOUT || h_errno == TRY_AGAIN || (errno == ECONNREFUSED && UseNameServer))) { *rcode = EX_TEMPFAIL; return -1; } # endif /* NETINET6 */ } } if (h == NULL) { *rcode = EX_CONFIG; syserr("MX list for %s points back to %s", host, MyHostName); return -1; } +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(h); + hp = NULL; +# endif /* _FFR_FREEHOSTENT && NETINET6 */ } if (strlen(host) >= (SIZE_T) sizeof MXHostBuf) { *rcode = EX_CONFIG; syserr("Host name %s too long", shortenstring(host, MAXSHORTSTR)); return -1; } snprintf(MXHostBuf, sizeof MXHostBuf, "%s", host); mxhosts[0] = MXHostBuf; prefs[0] = 0; if (host[0] == '[') { register char *p; # if NETINET6 struct sockaddr_in6 tmp6; # endif /* NETINET6 */ /* this may be an MX suppression-style address */ p = strchr(MXHostBuf, ']'); if (p != NULL) { *p = '\0'; if (inet_addr(&MXHostBuf[1]) != INADDR_NONE) { nmx++; *p = ']'; } # if NETINET6 else if (inet_pton(AF_INET6, &MXHostBuf[1], &tmp6.sin6_addr) == 1) { nmx++; *p = ']'; } # endif /* NETINET6 */ else { trycanon = TRUE; mxhosts[0]++; } } } if (trycanon && getcanonname(mxhosts[0], sizeof MXHostBuf - 2, FALSE)) { bp = &MXHostBuf[strlen(MXHostBuf)]; if (bp[-1] != '.') { *bp++ = '.'; *bp = '\0'; } nmx = 1; } } /* if we have a default lowest preference, include that */ if (fallbackMX != NULL && !seenlocal) { if (nmx > 0) prefs[nmx] = prefs[nmx - 1] + 1; else prefs[nmx] = 0; mxhosts[nmx++] = fallbackMX; } return nmx; } /* ** MXRAND -- create a randomizer for equal MX preferences ** ** If two MX hosts have equal preferences we want to randomize ** the selection. But in order for signatures to be the same, ** we need to randomize the same way each time. This function ** computes a pseudo-random hash function from the host name. ** ** Parameters: ** host -- the name of the host. ** ** Returns: ** A random but repeatable value based on the host name. ** ** Side Effects: ** none. */ static int mxrand(host) register char *host; { int hfunc; static unsigned int seed; if (seed == 0) { seed = (int) curtime() & 0xffff; if (seed == 0) seed++; } if (tTd(17, 9)) dprintf("mxrand(%s)", host); hfunc = seed; while (*host != '\0') { int c = *host++; if (isascii(c) && isupper(c)) c = tolower(c); hfunc = ((hfunc << 1) ^ c) % 2003; } hfunc &= 0xff; hfunc++; if (tTd(17, 9)) dprintf(" = %d\n", hfunc); return hfunc; } /* ** BESTMX -- find the best MX for a name ** ** This is really a hack, but I don't see any obvious way ** to generalize it at the moment. */ /* ARGSUSED3 */ char * bestmx_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { int nmx; int saveopts = _res.options; int i, len = 0; char *p; char *mxhosts[MAXMXHOSTS + 1]; char buf[PSBUFSIZE / 2]; _res.options &= ~(RES_DNSRCH|RES_DEFNAMES); nmx = getmxrr(name, mxhosts, NULL, FALSE, statp); _res.options = saveopts; if (nmx <= 0) return NULL; if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); if ((map->map_coldelim == '\0') || (nmx == 1)) return map_rewrite(map, mxhosts[0], strlen(mxhosts[0]), av); /* ** We were given a -z flag (return all MXs) and there are multiple ** ones. We need to build them all into a list. */ p = buf; for (i = 0; i < nmx; i++) { int slen; if (strchr(mxhosts[i], map->map_coldelim) != NULL) { syserr("bestmx_map_lookup: MX host %.64s includes map delimiter character 0x%02X", mxhosts[i], map->map_coldelim); return NULL; } slen = strlen(mxhosts[i]); if (len + slen + 2 > sizeof buf) break; if (i > 0) { *p++ = map->map_coldelim; len++; } (void) strlcpy(p, mxhosts[i], sizeof buf - len); p += slen; len += slen; } return map_rewrite(map, buf, len, av); } /* ** DNS_GETCANONNAME -- get the canonical name for named host using DNS ** ** This algorithm tries to be smart about wildcard MX records. ** This is hard to do because DNS doesn't tell is if we matched ** against a wildcard or a specific MX. ** ** We always prefer A & CNAME records, since these are presumed ** to be specific. ** ** If we match an MX in one pass and lose it in the next, we use ** the old one. For example, consider an MX matching *.FOO.BAR.COM. ** A hostname bletch.foo.bar.com will match against this MX, but ** will stop matching when we try bletch.bar.com -- so we know ** that bletch.foo.bar.com must have been right. This fails if ** there was also an MX record matching *.BAR.COM, but there are ** some things that just can't be fixed. ** ** Parameters: ** host -- a buffer containing the name of the host. ** This is a value-result parameter. ** hbsize -- the size of the host buffer. ** trymx -- if set, try MX records as well as A and CNAME. ** statp -- pointer to place to store status. ** ** Returns: ** TRUE -- if the host matched. ** FALSE -- otherwise. */ bool dns_getcanonname(host, hbsize, trymx, statp) char *host; int hbsize; bool trymx; int *statp; { register u_char *eom, *ap; register char *cp; register int n; HEADER *hp; querybuf answer; int ancount, qdcount; int ret; char **domain; int type; char **dp; char *mxmatch; bool amatch; bool gotmx = FALSE; int qtype; int loopcnt; char *xp; char nbuf[MAX(MAXPACKET, MAXDNAME*2+2)]; char *searchlist[MAXDNSRCH+2]; if (tTd(8, 2)) dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx); if ((_res.options & RES_INIT) == 0 && res_init() == -1) { *statp = EX_UNAVAILABLE; return FALSE; } + *statp = EX_OK; + /* ** Initialize domain search list. If there is at least one ** dot in the name, search the unmodified name first so we ** find "vse.CS" in Czechoslovakia instead of in the local ** domain (e.g., vse.CS.Berkeley.EDU). Note that there is no ** longer a country named Czechoslovakia but this type of problem ** is still present. ** ** Older versions of the resolver could create this ** list by tearing apart the host name. */ loopcnt = 0; cnameloop: /* Check for dots in the name */ for (cp = host, n = 0; *cp != '\0'; cp++) if (*cp == '.') n++; /* ** If this is a simple name, determine whether it matches an ** alias in the file defined by the environment variable HOSTALIASES. */ if (n == 0 && (xp = gethostalias(host)) != NULL) { if (loopcnt++ > MAXCNAMEDEPTH) { syserr("loop in ${HOSTALIASES} file"); } else { (void) strlcpy(host, xp, hbsize); goto cnameloop; } } /* ** Build the search list. ** If there is at least one dot in name, start with a null ** domain to search the unmodified name first. ** If name does not end with a dot and search up local domain ** tree desired, append each local domain component to the ** search list; if name contains no dots and default domain ** name is desired, append default domain name to search list; ** else if name ends in a dot, remove that dot. */ dp = searchlist; if (n > 0) *dp++ = ""; if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options)) { /* make sure there are less than MAXDNSRCH domains */ for (domain = RES_DNSRCH_VARIABLE, ret = 0; *domain != NULL && ret < MAXDNSRCH; ret++) *dp++ = *domain++; } else if (n == 0 && bitset(RES_DEFNAMES, _res.options)) { *dp++ = _res.defdname; } else if (*cp == '.') { *cp = '\0'; } *dp = NULL; /* ** Now loop through the search list, appending each domain in turn ** name and searching for a match. */ mxmatch = NULL; qtype = T_ANY; for (dp = searchlist; *dp != NULL; ) { if (qtype == T_ANY) gotmx = FALSE; if (tTd(8, 5)) dprintf("dns_getcanonname: trying %s.%s (%s)\n", host, *dp, qtype == T_ANY ? "ANY" : # if NETINET6 qtype == T_AAAA ? "AAAA" : # endif /* NETINET6 */ qtype == T_A ? "A" : qtype == T_MX ? "MX" : "???"); + errno = 0; ret = res_querydomain(host, *dp, C_IN, qtype, answer.qb2, sizeof(answer.qb2)); if (ret <= 0) { if (tTd(8, 7)) dprintf("\tNO: errno=%d, h_errno=%d\n", errno, h_errno); if (errno == ECONNREFUSED || h_errno == TRY_AGAIN) { - /* the name server seems to be down */ + /* + ** the name server seems to be down or + ** broken. + */ + h_errno = TRY_AGAIN; *statp = EX_TEMPFAIL; /* ** If the ANY query is larger than the ** UDP packet size, the resolver will ** fall back to TCP. However, some ** misconfigured firewalls block 53/TCP ** so the ANY lookup fails whereas an MX ** or A record might work. Therefore, ** don't fail on ANY queries. ** ** The ANY query is really meant to prime ** the cache so this isn't dangerous. */ +#if _FFR_WORKAROUND_BROKEN_NAMESERVERS + /* + ** Only return if not TRY_AGAIN as an + ** attempt with a different qtype may + ** succeed (res_querydomain() calls + ** res_query() calls res_send() which + ** sets errno to ETIMEDOUT if the + ** nameservers could be contacted but + ** didn't give an answer). + */ + + if (qtype != T_ANY && errno != ETIMEDOUT) + return FALSE; +#else /* _FFR_WORKAROUND_BROKEN_NAMESERVERS */ if (qtype != T_ANY) return FALSE; +#endif /* _FFR_WORKAROUND_BROKEN_NAMESERVERS */ } if (h_errno != HOST_NOT_FOUND) { /* might have another type of interest */ if (qtype == T_ANY) { # if NETINET6 qtype = T_AAAA; # else /* NETINET6 */ qtype = T_A; # endif /* NETINET6 */ continue; } # if NETINET6 else if (qtype == T_AAAA) { qtype = T_A; continue; } # endif /* NETINET6 */ else if (qtype == T_A && !gotmx && (trymx || **dp == '\0')) { qtype = T_MX; continue; } } /* definite no -- try the next domain */ dp++; qtype = T_ANY; continue; } else if (tTd(8, 7)) dprintf("\tYES\n"); /* avoid problems after truncation in tcp packets */ if (ret > sizeof(answer)) ret = sizeof(answer); /* ** Appear to have a match. Confirm it by searching for A or ** CNAME records. If we don't have a local domain ** wild card MX record, we will accept MX as well. */ hp = (HEADER *) &answer; ap = (u_char *) &answer + HFIXEDSZ; eom = (u_char *) &answer + ret; /* skip question part of response -- we know what we asked */ for (qdcount = ntohs((u_short)hp->qdcount); qdcount--; ap += ret + QFIXEDSZ) { if ((ret = dn_skipname(ap, eom)) < 0) { if (tTd(8, 20)) dprintf("qdcount failure (%d)\n", ntohs((u_short)hp->qdcount)); *statp = EX_SOFTWARE; return FALSE; /* ???XXX??? */ } } amatch = FALSE; for (ancount = ntohs((u_short)hp->ancount); --ancount >= 0 && ap < eom; ap += n) { n = dn_expand((u_char *) &answer, eom, ap, (RES_UNC_T) nbuf, sizeof nbuf); if (n < 0) break; ap += n; GETSHORT(type, ap); ap += INT16SZ + INT32SZ; GETSHORT(n, ap); switch (type) { case T_MX: gotmx = TRUE; if (**dp != '\0' && HasWildcardMX) { /* ** If we are using MX matches and have ** not yet gotten one, save this one ** but keep searching for an A or ** CNAME match. */ if (trymx && mxmatch == NULL) mxmatch = *dp; continue; } /* ** If we did not append a domain name, this ** must have been a canonical name to start ** with. Even if we did append a domain name, ** in the absence of a wildcard MX this must ** still be a real MX match. ** Such MX matches are as good as an A match, ** fall through. */ /* FALLTHROUGH */ # if NETINET6 case T_AAAA: /* Flag that a good match was found */ amatch = TRUE; /* continue in case a CNAME also exists */ continue; # endif /* NETINET6 */ case T_A: /* Flag that a good match was found */ amatch = TRUE; /* continue in case a CNAME also exists */ continue; case T_CNAME: if (DontExpandCnames) { /* got CNAME -- guaranteed canonical */ amatch = TRUE; break; } if (loopcnt++ > MAXCNAMEDEPTH) { /*XXX should notify postmaster XXX*/ message("DNS failure: CNAME loop for %s", host); if (CurEnv->e_message == NULL) { char ebuf[MAXLINE]; snprintf(ebuf, sizeof ebuf, "Deferred: DNS failure: CNAME loop for %.100s", host); CurEnv->e_message = newstr(ebuf); } h_errno = NO_RECOVERY; *statp = EX_CONFIG; return FALSE; } /* value points at name */ if ((ret = dn_expand((u_char *)&answer, eom, ap, (RES_UNC_T) nbuf, sizeof(nbuf))) < 0) break; (void)strlcpy(host, nbuf, hbsize); /* ** RFC 1034 section 3.6 specifies that CNAME ** should point at the canonical name -- but ** urges software to try again anyway. */ goto cnameloop; default: /* not a record of interest */ continue; } } if (amatch) { /* ** Got a good match -- either an A, CNAME, or an ** exact MX record. Save it and get out of here. */ mxmatch = *dp; break; } /* ** Nothing definitive yet. ** If this was a T_ANY query, we don't really know what ** was returned -- it might have been a T_NS, ** for example. Try T_A to be more specific ** during the next pass. ** If this was a T_A query and we haven't yet found a MX ** match, try T_MX if allowed to do so. ** Otherwise, try the next domain. */ if (qtype == T_ANY) { # if NETINET6 qtype = T_AAAA; # else /* NETINET6 */ qtype = T_A; # endif /* NETINET6 */ } # if NETINET6 else if (qtype == T_AAAA) qtype = T_A; # endif /* NETINET6 */ else if (qtype == T_A && !gotmx && (trymx || **dp == '\0')) qtype = T_MX; else { qtype = T_ANY; dp++; } } /* if nothing was found, we are done */ if (mxmatch == NULL) { - *statp = EX_NOHOST; + if (*statp == EX_OK) + *statp = EX_NOHOST; return FALSE; } /* ** Create canonical name and return. ** If saved domain name is null, name was already canonical. ** Otherwise append the saved domain name. */ (void) snprintf(nbuf, sizeof nbuf, "%.*s%s%.*s", MAXDNAME, host, *mxmatch == '\0' ? "" : ".", MAXDNAME, mxmatch); (void) strlcpy(host, nbuf, hbsize); if (tTd(8, 5)) dprintf("dns_getcanonname: %s\n", host); *statp = EX_OK; return TRUE; } static char * gethostalias(host) char *host; { char *fname; FILE *fp; register char *p = NULL; long sff = SFF_REGONLY; char buf[MAXLINE]; static char hbuf[MAXDNAME]; if (DontLockReadFiles) sff |= SFF_NOLOCK; fname = getenv("HOSTALIASES"); if (fname == NULL || (fp = safefopen(fname, O_RDONLY, 0, sff)) == NULL) return NULL; while (fgets(buf, sizeof buf, fp) != NULL) { for (p = buf; p != '\0' && !(isascii(*p) && isspace(*p)); p++) continue; if (*p == 0) { /* syntax error */ continue; } *p++ = '\0'; if (strcasecmp(buf, host) == 0) break; } if (feof(fp)) { /* no match */ (void) fclose(fp); return NULL; } (void) fclose(fp); /* got a match; extract the equivalent name */ while (*p != '\0' && isascii(*p) && isspace(*p)) p++; host = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; *p = '\0'; (void) strlcpy(hbuf, host, sizeof hbuf); return hbuf; } #endif /* NAMED_BIND */ Index: stable/4/contrib/sendmail/src/envelope.c =================================================================== --- stable/4/contrib/sendmail/src/envelope.c (revision 71887) +++ stable/4/contrib/sendmail/src/envelope.c (revision 71888) @@ -1,991 +1,993 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: envelope.c,v 8.180.14.4 2000/08/22 18:22:39 gshapiro Exp $"; +static char id[] = "@(#)$Id: envelope.c,v 8.180.14.6 2000/11/30 00:39:46 gshapiro Exp $"; #endif /* ! lint */ #include /* ** NEWENVELOPE -- allocate a new envelope ** ** Supports inheritance. ** ** Parameters: ** e -- the new envelope to fill in. ** parent -- the envelope to be the parent of e. ** ** Returns: ** e. ** ** Side Effects: ** none. */ ENVELOPE * newenvelope(e, parent) register ENVELOPE *e; register ENVELOPE *parent; { if (e == parent && e->e_parent != NULL) parent = e->e_parent; clearenvelope(e, TRUE); if (e == CurEnv) memmove((char *) &e->e_from, (char *) &NullAddress, sizeof e->e_from); else memmove((char *) &e->e_from, (char *) &CurEnv->e_from, sizeof e->e_from); e->e_parent = parent; assign_queueid(e); e->e_ctime = curtime(); if (parent != NULL) e->e_msgpriority = parent->e_msgsize; e->e_puthdr = putheader; e->e_putbody = putbody; if (CurEnv->e_xfp != NULL) (void) fflush(CurEnv->e_xfp); return e; } /* ** DROPENVELOPE -- deallocate an envelope. ** ** Parameters: ** e -- the envelope to deallocate. ** fulldrop -- if set, do return receipts. ** ** Returns: ** none. ** ** Side Effects: ** housekeeping necessary to dispose of an envelope. ** Unlocks this queue file. */ void dropenvelope(e, fulldrop) register ENVELOPE *e; bool fulldrop; { bool queueit = FALSE; bool message_timeout = FALSE; bool failure_return = FALSE; bool delay_return = FALSE; bool success_return = FALSE; bool pmnotify = bitset(EF_PM_NOTIFY, e->e_flags); bool done = FALSE; register ADDRESS *q; char *id = e->e_id; + time_t now; char buf[MAXLINE]; if (tTd(50, 1)) { dprintf("dropenvelope %lx: id=", (u_long) e); xputs(e->e_id); dprintf(", flags="); printenvflags(e); if (tTd(50, 10)) { dprintf("sendq="); printaddr(e->e_sendqueue, TRUE); } } if (LogLevel > 84) sm_syslog(LOG_DEBUG, id, "dropenvelope, e_flags=0x%lx, OpMode=%c, pid=%d", e->e_flags, OpMode, getpid()); /* we must have an id to remove disk files */ if (id == NULL) return; /* if verify-only mode, we can skip most of this */ if (OpMode == MD_VERIFY) goto simpledrop; if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; /* post statistics */ poststats(StatFile); /* ** Extract state information from dregs of send list. */ - if (curtime() > e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass]) + now = curtime(); + if (now > e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass]) message_timeout = TRUE; if (TimeOuts.to_q_return[e->e_timeoutclass] == NOW && !bitset(EF_RESPONSE, e->e_flags)) { message_timeout = TRUE; e->e_flags |= EF_FATALERRS|EF_CLRQUEUE; } e->e_flags &= ~EF_QUEUERUN; for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_UNDELIVERED(q->q_state)) queueit = TRUE; /* see if a notification is needed */ if (bitset(QPINGONFAILURE, q->q_flags) && ((message_timeout && QS_IS_QUEUEUP(q->q_state)) || QS_IS_BADADDR(q->q_state) || (TimeOuts.to_q_return[e->e_timeoutclass] == NOW && !bitset(EF_RESPONSE, e->e_flags)))) { failure_return = TRUE; if (!done && q->q_owner == NULL && !emptyaddr(&e->e_from)) { (void) sendtolist(e->e_from.q_paddr, NULLADDR, &e->e_errorqueue, 0, e); done = TRUE; } } else if (bitset(QPINGONSUCCESS, q->q_flags) && ((QS_IS_SENT(q->q_state) && bitnset(M_LOCALMAILER, q->q_mailer->m_flags)) || bitset(QRELAYED|QEXPANDED|QDELIVERED, q->q_flags))) { success_return = TRUE; } } if (e->e_class < 0) e->e_flags |= EF_NO_BODY_RETN; /* ** See if the message timed out. */ if (!queueit) /* EMPTY */ /* nothing to do */ ; else if (message_timeout) { if (failure_return) { (void) snprintf(buf, sizeof buf, "Cannot send message for %s", pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE)); if (e->e_message != NULL) free(e->e_message); e->e_message = newstr(buf); message(buf); e->e_flags |= EF_CLRQUEUE; } fprintf(e->e_xfp, "Message could not be delivered for %s\n", pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE)); fprintf(e->e_xfp, "Message will be deleted from queue\n"); for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_UNDELIVERED(q->q_state)) { q->q_state = QS_BADADDR; q->q_status = "4.4.7"; } } } else if (TimeOuts.to_q_warning[e->e_timeoutclass] > 0 && - curtime() > e->e_ctime + TimeOuts.to_q_warning[e->e_timeoutclass]) + now > e->e_ctime + TimeOuts.to_q_warning[e->e_timeoutclass]) { if (!bitset(EF_WARNING|EF_RESPONSE, e->e_flags) && e->e_class >= 0 && e->e_from.q_paddr != NULL && strcmp(e->e_from.q_paddr, "<>") != 0 && strncasecmp(e->e_from.q_paddr, "owner-", 6) != 0 && (strlen(e->e_from.q_paddr) <= (SIZE_T) 8 || strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8], "-request") != 0)) { for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_QUEUEUP(q->q_state) && #if _FFR_NODELAYDSN_ON_HOLD !bitnset(M_HOLD, q->q_mailer->m_flags) && #endif /* _FFR_NODELAYDSN_ON_HOLD */ bitset(QPINGONDELAY, q->q_flags)) { q->q_flags |= QDELAYED; delay_return = TRUE; } } } if (delay_return) { (void) snprintf(buf, sizeof buf, "Warning: could not send message for past %s", pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], FALSE)); if (e->e_message != NULL) free(e->e_message); e->e_message = newstr(buf); message(buf); e->e_flags |= EF_WARNING; } fprintf(e->e_xfp, "Warning: message still undelivered after %s\n", pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], FALSE)); fprintf(e->e_xfp, "Will keep trying until message is %s old\n", pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE)); } if (tTd(50, 2)) dprintf("failure_return=%d delay_return=%d success_return=%d queueit=%d\n", failure_return, delay_return, success_return, queueit); /* ** If we had some fatal error, but no addresses are marked as ** bad, mark them _all_ as bad. */ if (bitset(EF_FATALERRS, e->e_flags) && !failure_return) { for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if ((QS_IS_OK(q->q_state) || QS_IS_VERIFIED(q->q_state)) && bitset(QPINGONFAILURE, q->q_flags)) { failure_return = TRUE; q->q_state = QS_BADADDR; } } } /* ** Send back return receipts as requested. */ if (success_return && !failure_return && !delay_return && fulldrop && !bitset(PRIV_NORECEIPTS, PrivacyFlags) && strcmp(e->e_from.q_paddr, "<>") != 0) { auto ADDRESS *rlist = NULL; if (tTd(50, 8)) dprintf("dropenvelope(%s): sending return receipt\n", id); e->e_flags |= EF_SENDRECEIPT; (void) sendtolist(e->e_from.q_paddr, NULLADDR, &rlist, 0, e); (void) returntosender("Return receipt", rlist, RTSF_NO_BODY, e); } e->e_flags &= ~EF_SENDRECEIPT; /* ** Arrange to send error messages if there are fatal errors. */ if ((failure_return || delay_return) && e->e_errormode != EM_QUIET) { if (tTd(50, 8)) dprintf("dropenvelope(%s): saving mail\n", id); savemail(e, !bitset(EF_NO_BODY_RETN, e->e_flags)); } /* ** Arrange to send warning messages to postmaster as requested. */ if ((failure_return || pmnotify) && PostMasterCopy != NULL && !bitset(EF_RESPONSE, e->e_flags) && e->e_class >= 0) { auto ADDRESS *rlist = NULL; char pcopy[MAXNAME]; if (failure_return) { expand(PostMasterCopy, pcopy, sizeof pcopy, e); if (tTd(50, 8)) dprintf("dropenvelope(%s): sending postmaster copy to %s\n", id, pcopy); (void) sendtolist(pcopy, NULLADDR, &rlist, 0, e); } if (pmnotify) (void) sendtolist("postmaster", NULLADDR, &rlist, 0, e); (void) returntosender(e->e_message, rlist, RTSF_PM_BOUNCE|RTSF_NO_BODY, e); } /* ** Instantiate or deinstantiate the queue. */ simpledrop: if (tTd(50, 8)) dprintf("dropenvelope(%s): at simpledrop, queueit=%d\n", id, queueit); if (!queueit || bitset(EF_CLRQUEUE, e->e_flags)) { if (tTd(50, 1)) { dprintf("\n===== Dropping [dq]f%s... queueit=%d, e_flags=", e->e_id, queueit); printenvflags(e); } xunlink(queuename(e, 'd')); xunlink(queuename(e, 'q')); if (e->e_ntries > 0 && LogLevel > 9) sm_syslog(LOG_INFO, id, "done; delay=%s, ntries=%d", pintvl(curtime() - e->e_ctime, TRUE), e->e_ntries); } else if (queueit || !bitset(EF_INQUEUE, e->e_flags)) { #if QUEUE queueup(e, FALSE); #else /* QUEUE */ syserr("554 5.3.0 dropenvelope: queueup"); #endif /* QUEUE */ } /* now unlock the job */ if (tTd(50, 8)) dprintf("dropenvelope(%s): unlocking job\n", id); closexscript(e); unlockqueue(e); /* make sure that this envelope is marked unused */ if (e->e_dfp != NULL) (void) bfclose(e->e_dfp); e->e_dfp = NULL; e->e_id = NULL; e->e_flags &= ~EF_HAS_DF; } /* ** CLEARENVELOPE -- clear an envelope without unlocking ** ** This is normally used by a child process to get a clean ** envelope without disturbing the parent. ** ** Parameters: ** e -- the envelope to clear. ** fullclear - if set, the current envelope is total ** garbage and should be ignored; otherwise, ** release any resources it may indicate. ** ** Returns: ** none. ** ** Side Effects: ** Closes files associated with the envelope. ** Marks the envelope as unallocated. */ void clearenvelope(e, fullclear) register ENVELOPE *e; bool fullclear; { register HDR *bh; register HDR **nhp; extern ENVELOPE BlankEnvelope; if (!fullclear) { /* clear out any file information */ if (e->e_xfp != NULL) (void) bfclose(e->e_xfp); if (e->e_dfp != NULL) (void) bfclose(e->e_dfp); e->e_xfp = e->e_dfp = NULL; } /* now clear out the data */ STRUCTCOPY(BlankEnvelope, *e); e->e_message = NULL; if (Verbose) set_delivery_mode(SM_DELIVER, e); bh = BlankEnvelope.e_header; nhp = &e->e_header; while (bh != NULL) { *nhp = (HDR *) xalloc(sizeof *bh); memmove((char *) *nhp, (char *) bh, sizeof *bh); bh = bh->h_link; nhp = &(*nhp)->h_link; } } /* ** INITSYS -- initialize instantiation of system ** ** In Daemon mode, this is done in the child. ** ** Parameters: ** e -- the envelope to use. ** ** Returns: ** none. ** ** Side Effects: ** Initializes the system macros, some global variables, ** etc. In particular, the current time in various ** forms is set. */ void initsys(e) register ENVELOPE *e; { char cbuf[5]; /* holds hop count */ char pbuf[10]; /* holds pid */ #ifdef TTYNAME static char ybuf[60]; /* holds tty id */ register char *p; extern char *ttyname(); #endif /* TTYNAME */ /* ** Give this envelope a reality. ** I.e., an id, a transcript, and a creation time. */ setnewqueue(e); openxscript(e); e->e_ctime = curtime(); #if _FFR_QUEUEDELAY e->e_queuealg = QueueAlg; e->e_queuedelay = QueueInitDelay; #endif /* _FFR_QUEUEDELAY */ /* ** Set OutChannel to something useful if stdout isn't it. ** This arranges that any extra stuff the mailer produces ** gets sent back to the user on error (because it is ** tucked away in the transcript). */ if (OpMode == MD_DAEMON && bitset(EF_QUEUERUN, e->e_flags) && e->e_xfp != NULL) OutChannel = e->e_xfp; /* ** Set up some basic system macros. */ /* process id */ (void) snprintf(pbuf, sizeof pbuf, "%d", (int) getpid()); define('p', newstr(pbuf), e); /* hop count */ (void) snprintf(cbuf, sizeof cbuf, "%d", e->e_hopcount); define('c', newstr(cbuf), e); /* time as integer, unix time, arpa time */ settime(e); /* Load average */ (void)sm_getla(e); #ifdef TTYNAME /* tty name */ if (macvalue('y', e) == NULL) { p = ttyname(2); if (p != NULL) { if (strrchr(p, '/') != NULL) p = strrchr(p, '/') + 1; snprintf(ybuf, sizeof ybuf, "%s", p); define('y', ybuf, e); } } #endif /* TTYNAME */ } /* ** SETTIME -- set the current time. ** ** Parameters: ** e -- the envelope in which the macros should be set. ** ** Returns: ** none. ** ** Side Effects: ** Sets the various time macros -- $a, $b, $d, $t. */ void settime(e) register ENVELOPE *e; { register char *p; auto time_t now; char tbuf[20]; /* holds "current" time */ char dbuf[30]; /* holds ctime(tbuf) */ register struct tm *tm; now = curtime(); tm = gmtime(&now); (void) snprintf(tbuf, sizeof tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min); define('t', newstr(tbuf), e); (void) strlcpy(dbuf, ctime(&now), sizeof dbuf); p = strchr(dbuf, '\n'); if (p != NULL) *p = '\0'; define('d', newstr(dbuf), e); p = arpadate(dbuf); p = newstr(p); if (macvalue('a', e) == NULL) define('a', p, e); define('b', p, e); } /* ** OPENXSCRIPT -- Open transcript file ** ** Creates a transcript file for possible eventual mailing or ** sending back. ** ** Parameters: ** e -- the envelope to create the transcript in/for. ** ** Returns: ** none ** ** Side Effects: ** Creates the transcript file. */ #ifndef O_APPEND # define O_APPEND 0 #endif /* ! O_APPEND */ void openxscript(e) register ENVELOPE *e; { register char *p; if (e->e_xfp != NULL) return; #if 0 if (e->e_lockfp == NULL && bitset(EF_INQUEUE, e->e_flags)) syserr("openxscript: job not locked"); #endif /* 0 */ p = queuename(e, 'x'); e->e_xfp = bfopen(p, FileMode, XscriptFileBufferSize, SFF_NOTEXCL|SFF_OPENASROOT); if (e->e_xfp == NULL) { syserr("Can't create transcript file %s", p); e->e_xfp = fopen("/dev/null", "r+"); if (e->e_xfp == NULL) syserr("!Can't open /dev/null"); } #if HASSETVBUF (void) setvbuf(e->e_xfp, NULL, _IOLBF, 0); #else /* HASSETVBUF */ (void) setlinebuf(e->e_xfp); #endif /* HASSETVBUF */ if (tTd(46, 9)) { dprintf("openxscript(%s):\n ", p); dumpfd(fileno(e->e_xfp), TRUE, FALSE); } } /* ** CLOSEXSCRIPT -- close the transcript file. ** ** Parameters: ** e -- the envelope containing the transcript to close. ** ** Returns: ** none. ** ** Side Effects: ** none. */ void closexscript(e) register ENVELOPE *e; { if (e->e_xfp == NULL) return; #if 0 if (e->e_lockfp == NULL) syserr("closexscript: job not locked"); #endif /* 0 */ (void) bfclose(e->e_xfp); e->e_xfp = NULL; } /* ** SETSENDER -- set the person who this message is from ** ** Under certain circumstances allow the user to say who ** s/he is (using -f or -r). These are: ** 1. The user's uid is zero (root). ** 2. The user's login name is in an approved list (typically ** from a network server). ** 3. The address the user is trying to claim has a ** "!" character in it (since #2 doesn't do it for ** us if we are dialing out for UUCP). ** A better check to replace #3 would be if the ** effective uid is "UUCP" -- this would require me ** to rewrite getpwent to "grab" uucp as it went by, ** make getname more nasty, do another passwd file ** scan, or compile the UID of "UUCP" into the code, ** all of which are reprehensible. ** ** Assuming all of these fail, we figure out something ** ourselves. ** ** Parameters: ** from -- the person we would like to believe this message ** is from, as specified on the command line. ** e -- the envelope in which we would like the sender set. ** delimptr -- if non-NULL, set to the location of the ** trailing delimiter. ** delimchar -- the character that will delimit the sender ** address. ** internal -- set if this address is coming from an internal ** source such as an owner alias. ** ** Returns: ** none. ** ** Side Effects: ** sets sendmail's notion of who the from person is. */ void setsender(from, e, delimptr, delimchar, internal) char *from; register ENVELOPE *e; char **delimptr; int delimchar; bool internal; { register char **pvp; char *realname = NULL; register struct passwd *pw; char *bp; char buf[MAXNAME + 2]; char pvpbuf[PSBUFSIZE]; extern char *FullName; if (tTd(45, 1)) dprintf("setsender(%s)\n", from == NULL ? "" : from); /* ** Figure out the real user executing us. ** Username can return errno != 0 on non-errors. */ if (bitset(EF_QUEUERUN, e->e_flags) || OpMode == MD_SMTP || OpMode == MD_ARPAFTP || OpMode == MD_DAEMON) realname = from; if (realname == NULL || realname[0] == '\0') realname = username(); if (ConfigLevel < 2) SuprErrs = TRUE; #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), "e s", e); #endif /* _FFR_ADDR_TYPE */ /* preset state for then clause in case from == NULL */ e->e_from.q_state = QS_BADADDR; e->e_from.q_flags = 0; if (from == NULL || parseaddr(from, &e->e_from, RF_COPYALL|RF_SENDERADDR, delimchar, delimptr, e) == NULL || QS_IS_BADADDR(e->e_from.q_state) || e->e_from.q_mailer == ProgMailer || e->e_from.q_mailer == FileMailer || e->e_from.q_mailer == InclMailer) { /* log garbage addresses for traceback */ if (from != NULL && LogLevel > 2) { char *p; char ebuf[MAXNAME * 2 + 2]; p = macvalue('_', e); if (p == NULL) { char *host = RealHostName; if (host == NULL) host = MyHostName; (void) snprintf(ebuf, sizeof ebuf, "%.*s@%.*s", MAXNAME, realname, MAXNAME, host); p = ebuf; } sm_syslog(LOG_NOTICE, e->e_id, "setsender: %s: invalid or unparsable, received from %s", shortenstring(from, 83), p); } if (from != NULL) { if (!QS_IS_BADADDR(e->e_from.q_state)) { /* it was a bogus mailer in the from addr */ e->e_status = "5.1.7"; usrerrenh(e->e_status, "553 Invalid sender address"); } SuprErrs = TRUE; } if (from == realname || parseaddr(from = newstr(realname), &e->e_from, RF_COPYALL|RF_SENDERADDR, ' ', NULL, e) == NULL) { char nbuf[100]; SuprErrs = TRUE; expand("\201n", nbuf, sizeof nbuf, e); if (parseaddr(from = newstr(nbuf), &e->e_from, RF_COPYALL, ' ', NULL, e) == NULL && parseaddr(from = "postmaster", &e->e_from, RF_COPYALL, ' ', NULL, e) == NULL) syserr("553 5.3.0 setsender: can't even parse postmaster!"); } } else FromFlag = TRUE; e->e_from.q_state = QS_SENDER; if (tTd(45, 5)) { dprintf("setsender: QS_SENDER "); printaddr(&e->e_from, FALSE); } SuprErrs = FALSE; #if USERDB if (bitnset(M_CHECKUDB, e->e_from.q_mailer->m_flags)) { register char *p; p = udbsender(e->e_from.q_user); if (p != NULL) from = p; } #endif /* USERDB */ if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags)) { if (!internal) { /* if the user already given fullname don't redefine */ if (FullName == NULL) FullName = macvalue('x', e); if (FullName != NULL && FullName[0] == '\0') FullName = NULL; } if (e->e_from.q_user[0] != '\0' && (pw = sm_getpwnam(e->e_from.q_user)) != NULL) { /* ** Process passwd file entry. */ /* extract home directory */ if (*pw->pw_dir == '\0') e->e_from.q_home = NULL; else if (strcmp(pw->pw_dir, "/") == 0) e->e_from.q_home = newstr(""); else e->e_from.q_home = newstr(pw->pw_dir); define('z', e->e_from.q_home, e); /* extract user and group id */ e->e_from.q_uid = pw->pw_uid; e->e_from.q_gid = pw->pw_gid; e->e_from.q_flags |= QGOODUID; /* extract full name from passwd file */ if (FullName == NULL && pw->pw_gecos != NULL && strcmp(pw->pw_name, e->e_from.q_user) == 0 && !internal) { buildfname(pw->pw_gecos, e->e_from.q_user, buf, sizeof buf); if (buf[0] != '\0') FullName = newstr(buf); } } else { e->e_from.q_home = NULL; } if (FullName != NULL && !internal) define('x', FullName, e); } else if (!internal && OpMode != MD_DAEMON && OpMode != MD_SMTP) { if (e->e_from.q_home == NULL) { e->e_from.q_home = getenv("HOME"); if (e->e_from.q_home != NULL) { if (*e->e_from.q_home == '\0') e->e_from.q_home = NULL; else if (strcmp(e->e_from.q_home, "/") == 0) e->e_from.q_home++; } } e->e_from.q_uid = RealUid; e->e_from.q_gid = RealGid; e->e_from.q_flags |= QGOODUID; } /* ** Rewrite the from person to dispose of possible implicit ** links in the net. */ pvp = prescan(from, delimchar, pvpbuf, sizeof pvpbuf, NULL, NULL); if (pvp == NULL) { /* don't need to give error -- prescan did that already */ if (LogLevel > 2) sm_syslog(LOG_NOTICE, e->e_id, "cannot prescan from (%s)", shortenstring(from, MAXSHORTSTR)); finis(TRUE, ExitStat); } (void) rewrite(pvp, 3, 0, e); (void) rewrite(pvp, 1, 0, e); (void) rewrite(pvp, 4, 0, e); #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), NULL, e); #endif /* _FFR_ADDR_TYPE */ bp = buf + 1; cataddr(pvp, NULL, bp, sizeof buf - 2, '\0'); if (*bp == '@' && !bitnset(M_NOBRACKET, e->e_from.q_mailer->m_flags)) { /* heuristic: route-addr: add angle brackets */ (void) strlcat(bp, ">", sizeof buf - 1); *--bp = '<'; } e->e_sender = newstr(bp); define('f', e->e_sender, e); /* save the domain spec if this mailer wants it */ if (e->e_from.q_mailer != NULL && bitnset(M_CANONICAL, e->e_from.q_mailer->m_flags)) { char **lastat; /* get rid of any pesky angle brackets */ #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), "e s", e); #endif /* _FFR_ADDR_TYPE */ (void) rewrite(pvp, 3, 0, e); (void) rewrite(pvp, 1, 0, e); (void) rewrite(pvp, 4, 0, e); #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), NULL, e); #endif /* _FFR_ADDR_TYPE */ /* strip off to the last "@" sign */ for (lastat = NULL; *pvp != NULL; pvp++) if (strcmp(*pvp, "@") == 0) lastat = pvp; if (lastat != NULL) { e->e_fromdomain = copyplist(lastat, TRUE); if (tTd(45, 3)) { dprintf("Saving from domain: "); printav(e->e_fromdomain); } } } } /* ** PRINTENVFLAGS -- print envelope flags for debugging ** ** Parameters: ** e -- the envelope with the flags to be printed. ** ** Returns: ** none. */ struct eflags { char *ef_name; u_long ef_bit; }; static struct eflags EnvelopeFlags[] = { { "OLDSTYLE", EF_OLDSTYLE }, { "INQUEUE", EF_INQUEUE }, { "NO_BODY_RETN", EF_NO_BODY_RETN }, { "CLRQUEUE", EF_CLRQUEUE }, { "SENDRECEIPT", EF_SENDRECEIPT }, { "FATALERRS", EF_FATALERRS }, { "DELETE_BCC", EF_DELETE_BCC }, { "RESPONSE", EF_RESPONSE }, { "RESENT", EF_RESENT }, { "VRFYONLY", EF_VRFYONLY }, { "WARNING", EF_WARNING }, { "QUEUERUN", EF_QUEUERUN }, { "GLOBALERRS", EF_GLOBALERRS }, { "PM_NOTIFY", EF_PM_NOTIFY }, { "METOO", EF_METOO }, { "LOGSENDER", EF_LOGSENDER }, { "NORECEIPT", EF_NORECEIPT }, { "HAS8BIT", EF_HAS8BIT }, { "NL_NOT_EOL", EF_NL_NOT_EOL }, { "CRLF_NOT_EOL", EF_CRLF_NOT_EOL }, { "RET_PARAM", EF_RET_PARAM }, { "HAS_DF", EF_HAS_DF }, { "IS_MIME", EF_IS_MIME }, { "DONT_MIME", EF_DONT_MIME }, - { NULL } + { NULL, 0 } }; void printenvflags(e) register ENVELOPE *e; { register struct eflags *ef; bool first = TRUE; printf("%lx", e->e_flags); for (ef = EnvelopeFlags; ef->ef_name != NULL; ef++) { if (!bitset(ef->ef_bit, e->e_flags)) continue; if (first) printf("<%s", ef->ef_name); else printf(",%s", ef->ef_name); first = FALSE; } if (!first) printf(">\n"); } Index: stable/4/contrib/sendmail/src/headers.c =================================================================== --- stable/4/contrib/sendmail/src/headers.c (revision 71887) +++ stable/4/contrib/sendmail/src/headers.c (revision 71888) @@ -1,1876 +1,1893 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: headers.c,v 8.203.4.7 2000/08/22 21:50:36 gshapiro Exp $"; +static char id[] = "@(#)$Id: headers.c,v 8.203.4.10 2000/10/13 17:54:30 gshapiro Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include -static bool fix_mime_header __P((char *)); +static size_t fix_mime_header __P((char *)); static int priencode __P((char *)); static void put_vanilla_header __P((HDR *, char *, MCI *)); /* ** SETUPHEADERS -- initialize headers in symbol table ** ** Parameters: ** none ** ** Returns: ** none */ void setupheaders() { struct hdrinfo *hi; STAB *s; for (hi = HdrInfo; hi->hi_field != NULL; hi++) { s = stab(hi->hi_field, ST_HEADER, ST_ENTER); s->s_header.hi_flags = hi->hi_flags; s->s_header.hi_ruleset = NULL; } } /* ** CHOMPHEADER -- process and save a header line. ** ** Called by collect, readcf, and readqf to deal with header lines. ** ** Parameters: ** line -- header as a text line. ** pflag -- flags for chompheader() (from sendmail.h) ** hdrp -- a pointer to the place to save the header. ** e -- the envelope including this header. ** ** Returns: ** flags for this header. ** ** Side Effects: ** The header is saved on the header list. ** Contents of 'line' are destroyed. */ static struct hdrinfo NormalHeader = { NULL, 0, NULL }; u_long chompheader(line, pflag, hdrp, e) char *line; int pflag; HDR **hdrp; register ENVELOPE *e; { u_char mid = '\0'; register char *p; register HDR *h; HDR **hp; char *fname; char *fvalue; bool cond = FALSE; bool dropfrom; bool headeronly; STAB *s; struct hdrinfo *hi; bool nullheader = FALSE; BITMAP256 mopts; if (tTd(31, 6)) { dprintf("chompheader: "); xputs(line); dprintf("\n"); } headeronly = hdrp != NULL; if (!headeronly) hdrp = &e->e_header; /* strip off options */ clrbitmap(mopts); p = line; if (!bitset(pflag, CHHDR_USER) && *p == '?') { int c; register char *q; q = strchr(++p, '?'); if (q == NULL) goto hse; *q = '\0'; c = *p & 0377; /* possibly macro conditional */ if (c == MACROEXPAND) { /* catch ?$? */ if (*++p == '\0') { *q = '?'; goto hse; } mid = (u_char) *p++; /* catch ?$abc? */ if (*p != '\0') { *q = '?'; goto hse; } } else if (*p == '$') { /* catch ?$? */ if (*++p == '\0') { *q = '?'; goto hse; } mid = (u_char)macid(p, NULL); if (bitset(0200, mid)) p += strlen(macname(mid)) + 2; else p++; /* catch ?$abc? */ if (*p != '\0') { *q = '?'; goto hse; } } else { while (*p != '\0') { if (!isascii(*p)) { *q = '?'; goto hse; } - setbitn(*p, mopts); + setbitn(bitidx(*p), mopts); cond = TRUE; p++; } } p = q + 1; } /* find canonical name */ fname = p; while (isascii(*p) && isgraph(*p) && *p != ':') p++; fvalue = p; while (isascii(*p) && isspace(*p)) p++; if (*p++ != ':' || fname == fvalue) { hse: syserr("553 5.3.0 header syntax error, line \"%s\"", line); return 0; } *fvalue = '\0'; /* strip field value on front */ if (*p == ' ') p++; fvalue = p; /* if the field is null, go ahead and use the default */ while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') nullheader = TRUE; /* security scan: long field names are end-of-header */ if (strlen(fname) > 100) return H_EOH; /* check to see if it represents a ruleset call */ if (bitset(pflag, CHHDR_DEF)) { char hbuf[50]; (void) expand(fvalue, hbuf, sizeof hbuf, e); for (p = hbuf; isascii(*p) && isspace(*p); ) p++; if ((*p++ & 0377) == CALLSUBR) { auto char *endp; bool strc; strc = *p == '+'; /* strip comments? */ if (strc) ++p; if (strtorwset(p, &endp, ST_ENTER) > 0) { *endp = '\0'; s = stab(fname, ST_HEADER, ST_ENTER); s->s_header.hi_ruleset = newstr(p); if (!strc) s->s_header.hi_flags |= H_STRIPCOMM; } return 0; } } /* see if it is a known type */ s = stab(fname, ST_HEADER, ST_FIND); if (s != NULL) hi = &s->s_header; else hi = &NormalHeader; if (tTd(31, 9)) { if (s == NULL) dprintf("no header flags match\n"); else dprintf("header match, flags=%lx, ruleset=%s\n", hi->hi_flags, hi->hi_ruleset == NULL ? "" : hi->hi_ruleset); } /* see if this is a resent message */ if (!bitset(pflag, CHHDR_DEF) && !headeronly && bitset(H_RESENT, hi->hi_flags)) e->e_flags |= EF_RESENT; /* if this is an Errors-To: header keep track of it now */ if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly && bitset(H_ERRORSTO, hi->hi_flags)) (void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e); /* if this means "end of header" quit now */ if (!headeronly && bitset(H_EOH, hi->hi_flags)) return hi->hi_flags; /* ** Horrible hack to work around problem with Lotus Notes SMTP ** mail gateway, which generates From: headers with newlines in ** them and the
on the second line. Although this is ** legal RFC 822, many MUAs don't handle this properly and thus ** never find the actual address. */ if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader) { while ((p = strchr(fvalue, '\n')) != NULL) *p = ' '; } /* ** If there is a check ruleset, verify it against the header. */ if (bitset(pflag, CHHDR_CHECK)) { bool stripcom = FALSE; char *rs; /* no ruleset? look for default */ rs = hi->hi_ruleset; if (rs == NULL) { s = stab("*", ST_HEADER, ST_FIND); if (s != NULL) { rs = (&s->s_header)->hi_ruleset; stripcom = bitset((&s->s_header)->hi_flags, H_STRIPCOMM); } } else stripcom = bitset(hi->hi_flags, H_STRIPCOMM); if (rs != NULL) { int l; char qval[MAXNAME]; char hlen[16]; char *sp, *dp; dp = qval; l = 0; dp[l++] = '"'; for (sp = fvalue; *sp != '\0' && l < MAXNAME - 2; sp++) { switch(*sp) { case '\011': /* ht */ case '\012': /* nl */ case '\013': /* vt */ case '\014': /* np */ case '\015': /* cr */ dp[l++] = ' '; break; case '"': dp[l++] = '\\'; /* FALLTHROUGH */ default: dp[l++] = *sp; break; } } dp[l++] = '"'; dp[l++] = '\0'; l = strlen(fvalue); snprintf(hlen, sizeof hlen, "%d", l); define(macid("{hdrlen}", NULL), newstr(hlen), e); if (l >= MAXNAME) { if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "Warning: truncated header '%s' before check with '%s' len=%d max=%d", fname, rs, l, MAXNAME); } if ((sp = macvalue(macid("{currHeader}", NULL), e)) != NULL) free(sp); define(macid("{currHeader}", NULL), newstr(qval), e); define(macid("{hdr_name}", NULL), newstr(fname), e); - (void) rscheck(rs, fvalue, NULL, e, stripcom, TRUE, 4); + (void) rscheck(rs, fvalue, NULL, e, stripcom, TRUE, 4, + NULL); } } /* ** Drop explicit From: if same as what we would generate. ** This is to make MH (which doesn't always give a full name) ** insert the full name information in all circumstances. */ dropfrom = FALSE; p = "resent-from"; if (!bitset(EF_RESENT, e->e_flags)) p += 7; if (!bitset(pflag, CHHDR_DEF) && !headeronly && !bitset(EF_QUEUERUN, e->e_flags) && strcasecmp(fname, p) == 0) { if (tTd(31, 2)) { dprintf("comparing header from (%s) against default (%s or %s)\n", fvalue, e->e_from.q_paddr, e->e_from.q_user); } if (e->e_from.q_paddr != NULL && e->e_from.q_mailer != NULL && bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) && (strcmp(fvalue, e->e_from.q_paddr) == 0 || strcmp(fvalue, e->e_from.q_user) == 0)) dropfrom = TRUE; } /* delete default value for this header */ for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link) { if (strcasecmp(fname, h->h_field) == 0 && !bitset(H_USER, h->h_flags) && !bitset(H_FORCE, h->h_flags)) { if (nullheader) { /* user-supplied value was null */ return 0; } if (dropfrom) { /* make this look like the user entered it */ h->h_flags |= H_USER; return hi->hi_flags; } h->h_value = NULL; if (!cond) { /* copy conditions from default case */ memmove((char *)mopts, (char *)h->h_mflags, sizeof mopts); } h->h_macro = mid; } } /* create a new node */ h = (HDR *) xalloc(sizeof *h); h->h_field = newstr(fname); h->h_value = newstr(fvalue); h->h_link = NULL; memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts); h->h_macro = mid; *hp = h; h->h_flags = hi->hi_flags; if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE)) h->h_flags |= H_USER; /* strip EOH flag if parsing MIME headers */ if (headeronly) h->h_flags &= ~H_EOH; if (bitset(pflag, CHHDR_DEF)) h->h_flags |= H_DEFAULT; if (cond || mid != '\0') h->h_flags |= H_CHECK; /* hack to see if this is a new format message */ if (!bitset(pflag, CHHDR_DEF) && !headeronly && bitset(H_RCPT|H_FROM, h->h_flags) && (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL || strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL)) { e->e_flags &= ~EF_OLDSTYLE; } return h->h_flags; } /* ** ADDHEADER -- add a header entry to the end of the queue. ** ** This bypasses the special checking of chompheader. ** ** Parameters: ** field -- the name of the header field. ** value -- the value of the field. ** flags -- flags to add to h_flags. ** hdrlist -- an indirect pointer to the header structure list. ** ** Returns: ** none. ** ** Side Effects: ** adds the field on the list of headers for this envelope. */ void addheader(field, value, flags, hdrlist) char *field; char *value; int flags; HDR **hdrlist; { register HDR *h; STAB *s; HDR **hp; /* find info struct */ s = stab(field, ST_HEADER, ST_FIND); /* find current place in list -- keep back pointer? */ for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link) { if (strcasecmp(field, h->h_field) == 0) break; } /* allocate space for new header */ h = (HDR *) xalloc(sizeof *h); h->h_field = field; h->h_value = newstr(value); h->h_link = *hp; h->h_flags = flags; if (s != NULL) h->h_flags |= s->s_header.hi_flags; clrbitmap(h->h_mflags); h->h_macro = '\0'; *hp = h; } /* ** HVALUE -- return value of a header. ** ** Only "real" fields (i.e., ones that have not been supplied ** as a default) are used. ** ** Parameters: ** field -- the field name. ** header -- the header list. ** ** Returns: ** pointer to the value part. ** NULL if not found. ** ** Side Effects: ** none. */ char * hvalue(field, header) char *field; HDR *header; { register HDR *h; for (h = header; h != NULL; h = h->h_link) { if (!bitset(H_DEFAULT, h->h_flags) && strcasecmp(h->h_field, field) == 0) return h->h_value; } return NULL; } /* ** ISHEADER -- predicate telling if argument is a header. ** ** A line is a header if it has a single word followed by ** optional white space followed by a colon. ** ** Header fields beginning with two dashes, although technically ** permitted by RFC822, are automatically rejected in order ** to make MIME work out. Without this we could have a technically ** legal header such as ``--"foo:bar"'' that would also be a legal ** MIME separator. ** ** Parameters: ** h -- string to check for possible headerness. ** ** Returns: ** TRUE if h is a header. ** FALSE otherwise. ** ** Side Effects: ** none. */ bool isheader(h) char *h; { register char *s = h; if (s[0] == '-' && s[1] == '-') return FALSE; while (*s > ' ' && *s != ':' && *s != '\0') s++; if (h == s) return FALSE; /* following technically violates RFC822 */ while (isascii(*s) && isspace(*s)) s++; return (*s == ':'); } /* ** EATHEADER -- run through the stored header and extract info. ** ** Parameters: ** e -- the envelope to process. ** full -- if set, do full processing (e.g., compute ** message priority). This should not be set ** when reading a queue file because some info ** needed to compute the priority is wrong. ** ** Returns: ** none. ** ** Side Effects: ** Sets a bunch of global variables from information ** in the collected header. ** Aborts the message if the hop count is exceeded. */ void eatheader(e, full) register ENVELOPE *e; bool full; { register HDR *h; register char *p; int hopcnt = 0; char *msgid; char buf[MAXLINE]; /* ** Set up macros for possible expansion in headers. */ define('f', e->e_sender, e); define('g', e->e_sender, e); if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0') define('u', e->e_origrcpt, e); else define('u', NULL, e); /* full name of from person */ p = hvalue("full-name", e->e_header); if (p != NULL) { if (!rfc822_string(p)) { /* ** Quote a full name with special characters ** as a comment so crackaddr() doesn't destroy ** the name portion of the address. */ p = addquotes(p); } define('x', p, e); } if (tTd(32, 1)) dprintf("----- collected header -----\n"); msgid = NULL; for (h = e->e_header; h != NULL; h = h->h_link) { if (tTd(32, 1)) dprintf("%s: ", h->h_field); if (h->h_value == NULL) { if (tTd(32, 1)) dprintf("\n"); continue; } /* do early binding */ if (bitset(H_DEFAULT, h->h_flags) && !bitset(H_BINDLATE, h->h_flags)) { if (tTd(32, 1)) { dprintf("("); xputs(h->h_value); dprintf(") "); } expand(h->h_value, buf, sizeof buf, e); if (buf[0] != '\0') { if (bitset(H_FROM, h->h_flags)) expand(crackaddr(buf), buf, sizeof buf, e); h->h_value = newstr(buf); h->h_flags &= ~H_DEFAULT; } } if (tTd(32, 1)) { xputs(h->h_value); dprintf("\n"); } /* count the number of times it has been processed */ if (bitset(H_TRACE, h->h_flags)) hopcnt++; /* send to this person if we so desire */ if (GrabTo && bitset(H_RCPT, h->h_flags) && !bitset(H_DEFAULT, h->h_flags) && (!bitset(EF_RESENT, e->e_flags) || bitset(H_RESENT, h->h_flags))) { #if 0 int saveflags = e->e_flags; #endif /* 0 */ (void) sendtolist(h->h_value, NULLADDR, &e->e_sendqueue, 0, e); #if 0 /* ** Change functionality so a fatal error on an ** address doesn't affect the entire envelope. */ /* delete fatal errors generated by this address */ if (!bitset(EF_FATALERRS, saveflags)) e->e_flags &= ~EF_FATALERRS; #endif /* 0 */ } /* save the message-id for logging */ p = "resent-message-id"; if (!bitset(EF_RESENT, e->e_flags)) p += 7; if (strcasecmp(h->h_field, p) == 0) { msgid = h->h_value; while (isascii(*msgid) && isspace(*msgid)) msgid++; } } if (tTd(32, 1)) dprintf("----------------------------\n"); /* if we are just verifying (that is, sendmail -t -bv), drop out now */ if (OpMode == MD_VERIFY) return; /* store hop count */ if (hopcnt > e->e_hopcount) e->e_hopcount = hopcnt; /* message priority */ p = hvalue("precedence", e->e_header); if (p != NULL) e->e_class = priencode(p); if (e->e_class < 0) e->e_timeoutclass = TOC_NONURGENT; else if (e->e_class > 0) e->e_timeoutclass = TOC_URGENT; if (full) { e->e_msgpriority = e->e_msgsize - e->e_class * WkClassFact + e->e_nrcpts * WkRecipFact; } /* message timeout priority */ p = hvalue("priority", e->e_header); if (p != NULL) { /* (this should be in the configuration file) */ if (strcasecmp(p, "urgent") == 0) e->e_timeoutclass = TOC_URGENT; else if (strcasecmp(p, "normal") == 0) e->e_timeoutclass = TOC_NORMAL; else if (strcasecmp(p, "non-urgent") == 0) e->e_timeoutclass = TOC_NONURGENT; } /* date message originated */ p = hvalue("posted-date", e->e_header); if (p == NULL) p = hvalue("date", e->e_header); if (p != NULL) define('a', p, e); /* check to see if this is a MIME message */ if ((e->e_bodytype != NULL && strcasecmp(e->e_bodytype, "8BITMIME") == 0) || hvalue("MIME-Version", e->e_header) != NULL) { e->e_flags |= EF_IS_MIME; if (HasEightBits) e->e_bodytype = "8BITMIME"; } else if ((p = hvalue("Content-Type", e->e_header)) != NULL) { /* this may be an RFC 1049 message */ p = strpbrk(p, ";/"); if (p == NULL || *p == ';') { /* yep, it is */ e->e_flags |= EF_DONT_MIME; } } /* ** From person in antiquated ARPANET mode ** required by UK Grey Book e-mail gateways (sigh) */ if (OpMode == MD_ARPAFTP) { register struct hdrinfo *hi; for (hi = HdrInfo; hi->hi_field != NULL; hi++) { if (bitset(H_FROM, hi->hi_flags) && (!bitset(H_RESENT, hi->hi_flags) || bitset(EF_RESENT, e->e_flags)) && (p = hvalue(hi->hi_field, e->e_header)) != NULL) break; } if (hi->hi_field != NULL) { if (tTd(32, 2)) dprintf("eatheader: setsender(*%s == %s)\n", hi->hi_field, p); setsender(p, e, NULL, '\0', TRUE); } } /* ** Log collection information. */ if (bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4) logsender(e, msgid); e->e_flags &= ~EF_LOGSENDER; } /* ** LOGSENDER -- log sender information ** ** Parameters: ** e -- the envelope to log ** msgid -- the message id ** ** Returns: ** none */ void logsender(e, msgid) register ENVELOPE *e; char *msgid; { char *name; register char *sbp; register char *p; int l; char hbuf[MAXNAME + 1]; char sbuf[MAXLINE + 1]; char mbuf[MAXNAME + 1]; /* don't allow newlines in the message-id */ if (msgid != NULL) { l = strlen(msgid); if (l > sizeof mbuf - 1) l = sizeof mbuf - 1; memmove(mbuf, msgid, l); mbuf[l] = '\0'; p = mbuf; while ((p = strchr(p, '\n')) != NULL) *p++ = ' '; } if (bitset(EF_RESPONSE, e->e_flags)) name = "[RESPONSE]"; else if ((name = macvalue('_', e)) != NULL) /* EMPTY */ ; else if (RealHostName == NULL) name = "localhost"; else if (RealHostName[0] == '[') name = RealHostName; else { name = hbuf; (void) snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName); if (RealHostAddr.sa.sa_family != 0) { p = &hbuf[strlen(hbuf)]; (void) snprintf(p, SPACELEFT(hbuf, p), " (%.100s)", anynet_ntoa(&RealHostAddr)); } } /* some versions of syslog only take 5 printf args */ #if (SYSLOG_BUFSIZE) >= 256 sbp = sbuf; snprintf(sbp, SPACELEFT(sbuf, sbp), "from=%.200s, size=%ld, class=%d, nrcpts=%d", e->e_from.q_paddr == NULL ? "" : e->e_from.q_paddr, e->e_msgsize, e->e_class, e->e_nrcpts); sbp += strlen(sbp); if (msgid != NULL) { snprintf(sbp, SPACELEFT(sbuf, sbp), ", msgid=%.100s", mbuf); sbp += strlen(sbp); } if (e->e_bodytype != NULL) { (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", bodytype=%.20s", e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) { (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", proto=%.20s", p); sbp += strlen(sbp); } p = macvalue(macid("{daemon_name}", NULL), e); if (p != NULL) { (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", daemon=%.20s", p); sbp += strlen(sbp); } # if SASL p = macvalue(macid("{auth_type}", NULL), e); if (p != NULL) { (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", mech=%.12s", p); sbp += strlen(sbp); } p = macvalue(macid("{auth_author}", NULL), e); if (p != NULL) { (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", auth=%.30s", p); sbp += strlen(sbp); } # endif /* SASL */ sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%.100s", sbuf, name); #else /* (SYSLOG_BUFSIZE) >= 256 */ sm_syslog(LOG_INFO, e->e_id, "from=%s", e->e_from.q_paddr == NULL ? "" : shortenstring(e->e_from.q_paddr, 83)); sm_syslog(LOG_INFO, e->e_id, "size=%ld, class=%ld, nrcpts=%d", e->e_msgsize, e->e_class, e->e_nrcpts); if (msgid != NULL) sm_syslog(LOG_INFO, e->e_id, "msgid=%s", shortenstring(mbuf, 83)); sbp = sbuf; *sbp = '\0'; if (e->e_bodytype != NULL) { snprintf(sbp, SPACELEFT(sbuf, sbp), "bodytype=%.20s, ", e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) { snprintf(sbp, SPACELEFT(sbuf, sbp), "proto=%.20s, ", p); sbp += strlen(sbp); } sm_syslog(LOG_INFO, e->e_id, "%.400srelay=%.100s", sbuf, name); #endif /* (SYSLOG_BUFSIZE) >= 256 */ } /* ** PRIENCODE -- encode external priority names into internal values. ** ** Parameters: ** p -- priority in ascii. ** ** Returns: ** priority as a numeric level. ** ** Side Effects: ** none. */ static int priencode(p) char *p; { register int i; for (i = 0; i < NumPriorities; i++) { if (strcasecmp(p, Priorities[i].pri_name) == 0) return Priorities[i].pri_val; } /* unknown priority */ return 0; } /* ** CRACKADDR -- parse an address and turn it into a macro ** ** This doesn't actually parse the address -- it just extracts ** it and replaces it with "$g". The parse is totally ad hoc ** and isn't even guaranteed to leave something syntactically ** identical to what it started with. However, it does leave ** something semantically identical. ** ** This algorithm has been cleaned up to handle a wider range ** of cases -- notably quoted and backslash escaped strings. ** This modification makes it substantially better at preserving ** the original syntax. ** ** Parameters: ** addr -- the address to be cracked. ** ** Returns: ** a pointer to the new version. ** ** Side Effects: ** none. ** ** Warning: ** The return value is saved in local storage and should ** be copied if it is to be reused. */ char * crackaddr(addr) register char *addr; { register char *p; register char c; int cmtlev; int realcmtlev; int anglelev, realanglelev; int copylev; int bracklev; bool qmode; bool realqmode; bool skipping; bool putgmac = FALSE; bool quoteit = FALSE; bool gotangle = FALSE; bool gotcolon = FALSE; register char *bp; char *buflim; char *bufhead; char *addrhead; static char buf[MAXNAME + 1]; if (tTd(33, 1)) dprintf("crackaddr(%s)\n", addr); /* strip leading spaces */ while (*addr != '\0' && isascii(*addr) && isspace(*addr)) addr++; /* ** Start by assuming we have no angle brackets. This will be ** adjusted later if we find them. */ bp = bufhead = buf; buflim = &buf[sizeof buf - 7]; p = addrhead = addr; copylev = anglelev = realanglelev = cmtlev = realcmtlev = 0; bracklev = 0; qmode = realqmode = FALSE; while ((c = *p++) != '\0') { /* ** If the buffer is overful, go into a special "skipping" ** mode that tries to keep legal syntax but doesn't actually ** output things. */ skipping = bp >= buflim; if (copylev > 0 && !skipping) *bp++ = c; /* check for backslash escapes */ if (c == '\\') { /* arrange to quote the address */ if (cmtlev <= 0 && !qmode) quoteit = TRUE; if ((c = *p++) == '\0') { /* too far */ p--; goto putg; } if (copylev > 0 && !skipping) *bp++ = c; goto putg; } /* check for quoted strings */ if (c == '"' && cmtlev <= 0) { qmode = !qmode; if (copylev > 0 && !skipping) realqmode = !realqmode; continue; } if (qmode) goto putg; /* check for comments */ if (c == '(') { cmtlev++; /* allow space for closing paren */ if (!skipping) { buflim--; realcmtlev++; if (copylev++ <= 0) { if (bp != bufhead) *bp++ = ' '; *bp++ = c; } } } if (cmtlev > 0) { if (c == ')') { cmtlev--; copylev--; if (!skipping) { realcmtlev--; buflim++; } } continue; } else if (c == ')') { /* syntax error: unmatched ) */ if (copylev > 0 && !skipping) bp--; } /* count nesting on [ ... ] (for IPv6 domain literals) */ if (c == '[') bracklev++; else if (c == ']') bracklev--; /* check for group: list; syntax */ if (c == ':' && anglelev <= 0 && bracklev <= 0 && !gotcolon && !ColonOkInAddr) { register char *q; /* ** Check for DECnet phase IV ``::'' (host::user) ** or ** DECnet phase V ``:.'' syntaxes. The latter ** covers ``user@DEC:.tay.myhost'' and ** ``DEC:.tay.myhost::user'' syntaxes (bletch). */ if (*p == ':' || *p == '.') { if (cmtlev <= 0 && !qmode) quoteit = TRUE; if (copylev > 0 && !skipping) { *bp++ = c; *bp++ = *p; } p++; goto putg; } gotcolon = TRUE; bp = bufhead; if (quoteit) { *bp++ = '"'; /* back up over the ':' and any spaces */ --p; while (isascii(*--p) && isspace(*p)) continue; p++; } for (q = addrhead; q < p; ) { c = *q++; if (bp < buflim) { if (quoteit && c == '"') *bp++ = '\\'; *bp++ = c; } } if (quoteit) { if (bp == &bufhead[1]) bp--; else *bp++ = '"'; while ((c = *p++) != ':') { if (bp < buflim) *bp++ = c; } *bp++ = c; } /* any trailing white space is part of group: */ while (isascii(*p) && isspace(*p) && bp < buflim) *bp++ = *p++; copylev = 0; putgmac = quoteit = FALSE; bufhead = bp; addrhead = p; continue; } if (c == ';' && copylev <= 0 && !ColonOkInAddr) { if (bp < buflim) *bp++ = c; } /* check for characters that may have to be quoted */ if (strchr(MustQuoteChars, c) != NULL) { /* ** If these occur as the phrase part of a <> ** construct, but are not inside of () or already ** quoted, they will have to be quoted. Note that ** now (but don't actually do the quoting). */ if (cmtlev <= 0 && !qmode) quoteit = TRUE; } /* check for angle brackets */ if (c == '<') { register char *q; /* assume first of two angles is bogus */ if (gotangle) quoteit = TRUE; gotangle = TRUE; /* oops -- have to change our mind */ anglelev = 1; if (!skipping) realanglelev = 1; bp = bufhead; if (quoteit) { *bp++ = '"'; /* back up over the '<' and any spaces */ --p; while (isascii(*--p) && isspace(*p)) continue; p++; } for (q = addrhead; q < p; ) { c = *q++; if (bp < buflim) { if (quoteit && c == '"') *bp++ = '\\'; *bp++ = c; } } if (quoteit) { if (bp == &buf[1]) bp--; else *bp++ = '"'; while ((c = *p++) != '<') { if (bp < buflim) *bp++ = c; } *bp++ = c; } copylev = 0; putgmac = quoteit = FALSE; continue; } if (c == '>') { if (anglelev > 0) { anglelev--; if (!skipping) { realanglelev--; buflim++; } } else if (!skipping) { /* syntax error: unmatched > */ if (copylev > 0) bp--; quoteit = TRUE; continue; } if (copylev++ <= 0) *bp++ = c; continue; } /* must be a real address character */ putg: if (copylev <= 0 && !putgmac) { if (bp > bufhead && bp[-1] == ')') *bp++ = ' '; *bp++ = MACROEXPAND; *bp++ = 'g'; putgmac = TRUE; } } /* repair any syntactic damage */ if (realqmode) *bp++ = '"'; while (realcmtlev-- > 0) *bp++ = ')'; while (realanglelev-- > 0) *bp++ = '>'; *bp++ = '\0'; if (tTd(33, 1)) { dprintf("crackaddr=>`"); xputs(buf); dprintf("'\n"); } return buf; } /* ** PUTHEADER -- put the header part of a message from the in-core copy ** ** Parameters: ** mci -- the connection information. ** hdr -- the header to put. ** e -- envelope to use. ** flags -- MIME conversion flags. ** ** Returns: ** none. ** ** Side Effects: ** none. */ /* * Macro for fast max (not available in e.g. DG/UX, 386/ix). */ #ifndef MAX # define MAX(a,b) (((a)>(b))?(a):(b)) #endif /* ! MAX */ void putheader(mci, hdr, e, flags) register MCI *mci; HDR *hdr; register ENVELOPE *e; int flags; { register HDR *h; char buf[MAX(MAXLINE,BUFSIZ)]; char obuf[MAXLINE]; if (tTd(34, 1)) dprintf("--- putheader, mailer = %s ---\n", mci->mci_mailer->m_name); /* ** If we're in MIME mode, we're not really in the header of the ** message, just the header of one of the parts of the body of ** the message. Therefore MCIF_INHEADER should not be turned on. */ if (!bitset(MCIF_INMIME, mci->mci_flags)) mci->mci_flags |= MCIF_INHEADER; for (h = hdr; h != NULL; h = h->h_link) { register char *p = h->h_value; if (tTd(34, 11)) { dprintf(" %s: ", h->h_field); xputs(p); } /* Skip empty headers */ if (h->h_value == NULL) continue; /* heuristic shortening of MIME fields to avoid MUA overflows */ if (MaxMimeFieldLength > 0 && wordinclass(h->h_field, macid("{checkMIMEFieldHeaders}", NULL))) { - if (fix_mime_header(h->h_value)) + size_t len; + + len = fix_mime_header(h->h_value); + if (len > 0) { sm_syslog(LOG_ALERT, e->e_id, - "Truncated MIME %s header due to field size (possible attack)", - h->h_field); + "Truncated MIME %s header due to field size (length = %ld) (possible attack)", + h->h_field, (unsigned long) len); if (tTd(34, 11)) - dprintf(" truncated MIME %s header due to field size (possible attack)\n", - h->h_field); + dprintf(" truncated MIME %s header due to field size (length = %ld) (possible attack)\n", + h->h_field, + (unsigned long) len); } } if (MaxMimeHeaderLength > 0 && wordinclass(h->h_field, macid("{checkMIMETextHeaders}", NULL))) { - if (strlen(h->h_value) > (size_t)MaxMimeHeaderLength) + size_t len; + + len = strlen(h->h_value); + if (len > (size_t) MaxMimeHeaderLength) { h->h_value[MaxMimeHeaderLength - 1] = '\0'; sm_syslog(LOG_ALERT, e->e_id, - "Truncated long MIME %s header (possible attack)", - h->h_field); + "Truncated long MIME %s header (length = %ld) (possible attack)", + h->h_field, (unsigned long) len); if (tTd(34, 11)) - dprintf(" truncated long MIME %s header (possible attack)\n", - h->h_field); + dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", + h->h_field, + (unsigned long) len); } } if (MaxMimeHeaderLength > 0 && wordinclass(h->h_field, macid("{checkMIMEHeaders}", NULL))) { - if (shorten_rfc822_string(h->h_value, MaxMimeHeaderLength)) + size_t len; + + len = strlen(h->h_value); + if (shorten_rfc822_string(h->h_value, + MaxMimeHeaderLength)) { sm_syslog(LOG_ALERT, e->e_id, - "Truncated long MIME %s header (possible attack)", - h->h_field); + "Truncated long MIME %s header (length = %ld) (possible attack)", + h->h_field, (unsigned long) len); if (tTd(34, 11)) - dprintf(" truncated long MIME %s header (possible attack)\n", - h->h_field); + dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n", + h->h_field, + (unsigned long) len); } } /* ** Suppress Content-Transfer-Encoding: if we are MIMEing ** and we are potentially converting from 8 bit to 7 bit ** MIME. If converting, add a new CTE header in ** mime8to7(). */ if (bitset(H_CTE, h->h_flags) && bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) && !bitset(M87F_NO8TO7, flags)) { if (tTd(34, 11)) dprintf(" (skipped (content-transfer-encoding))\n"); continue; } if (bitset(MCIF_INMIME, mci->mci_flags)) { if (tTd(34, 11)) dprintf("\n"); put_vanilla_header(h, p, mci); continue; } if (bitset(H_CHECK|H_ACHECK, h->h_flags) && !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) && (h->h_macro == '\0' || - macvalue(h->h_macro & 0377, e) == NULL)) + macvalue(bitidx(h->h_macro), e) == NULL)) { if (tTd(34, 11)) dprintf(" (skipped)\n"); continue; } /* handle Resent-... headers specially */ if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags)) { if (tTd(34, 11)) dprintf(" (skipped (resent))\n"); continue; } /* suppress return receipts if requested */ if (bitset(H_RECEIPTTO, h->h_flags) && (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags))) { if (tTd(34, 11)) dprintf(" (skipped (receipt))\n"); continue; } /* macro expand value if generated internally */ if (bitset(H_DEFAULT, h->h_flags) || bitset(H_BINDLATE, h->h_flags)) { expand(p, buf, sizeof buf, e); p = buf; if (*p == '\0') { if (tTd(34, 11)) dprintf(" (skipped -- null value)\n"); continue; } } if (bitset(H_BCC, h->h_flags)) { /* Bcc: field -- either truncate or delete */ if (bitset(EF_DELETE_BCC, e->e_flags)) { if (tTd(34, 11)) dprintf(" (skipped -- bcc)\n"); } else { /* no other recipient headers: truncate value */ (void) snprintf(obuf, sizeof obuf, "%s:", h->h_field); putline(obuf, mci); } continue; } if (tTd(34, 11)) dprintf("\n"); if (bitset(H_FROM|H_RCPT, h->h_flags)) { /* address field */ bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags); if (bitset(H_FROM, h->h_flags)) oldstyle = FALSE; commaize(h, p, oldstyle, mci, e); } else { put_vanilla_header(h, p, mci); } } /* ** If we are converting this to a MIME message, add the ** MIME headers (but not in MIME mode!). */ #if MIME8TO7 if (bitset(MM_MIME8BIT, MimeMode) && bitset(EF_HAS8BIT, e->e_flags) && !bitset(EF_DONT_MIME, e->e_flags) && !bitnset(M_8BITS, mci->mci_mailer->m_flags) && !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) && hvalue("MIME-Version", e->e_header) == NULL) { putline("MIME-Version: 1.0", mci); if (hvalue("Content-Type", e->e_header) == NULL) { snprintf(obuf, sizeof obuf, "Content-Type: text/plain; charset=%s", defcharset(e)); putline(obuf, mci); } if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL) putline("Content-Transfer-Encoding: 8bit", mci); } #endif /* MIME8TO7 */ } /* ** PUT_VANILLA_HEADER -- output a fairly ordinary header ** ** Parameters: ** h -- the structure describing this header ** v -- the value of this header ** mci -- the connection info for output ** ** Returns: ** none. */ static void put_vanilla_header(h, v, mci) HDR *h; char *v; MCI *mci; { register char *nlp; register char *obp; int putflags; char obuf[MAXLINE]; putflags = PXLF_HEADER; if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags)) putflags |= PXLF_STRIP8BIT; (void) snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field); obp = obuf + strlen(obuf); while ((nlp = strchr(v, '\n')) != NULL) { int l; l = nlp - v; if (SPACELEFT(obuf, obp) - 1 < (size_t)l) l = SPACELEFT(obuf, obp) - 1; snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v); putxline(obuf, strlen(obuf), mci, putflags); v += l + 1; obp = obuf; if (*v != ' ' && *v != '\t') *obp++ = ' '; } snprintf(obp, SPACELEFT(obuf, obp), "%.*s", (int) sizeof obuf - (obp - obuf) - 1, v); putxline(obuf, strlen(obuf), mci, putflags); } /* ** COMMAIZE -- output a header field, making a comma-translated list. ** ** Parameters: ** h -- the header field to output. ** p -- the value to put in it. ** oldstyle -- TRUE if this is an old style header. ** mci -- the connection information. ** e -- the envelope containing the message. ** ** Returns: ** none. ** ** Side Effects: ** outputs "p" to file "fp". */ void commaize(h, p, oldstyle, mci, e) register HDR *h; register char *p; bool oldstyle; register MCI *mci; register ENVELOPE *e; { register char *obp; int opos; int omax; bool firstone = TRUE; int putflags = PXLF_HEADER; char obuf[MAXLINE + 3]; /* ** Output the address list translated by the ** mailer and with commas. */ if (tTd(14, 2)) dprintf("commaize(%s: %s)\n", h->h_field, p); if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags)) putflags |= PXLF_STRIP8BIT; obp = obuf; (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", h->h_field); opos = strlen(h->h_field) + 2; if (opos > 202) opos = 202; obp += opos; omax = mci->mci_mailer->m_linelimit - 2; if (omax < 0 || omax > 78) omax = 78; /* ** Run through the list of values. */ while (*p != '\0') { register char *name; register int c; char savechar; int flags; auto int status; /* ** Find the end of the name. New style names ** end with a comma, old style names end with ** a space character. However, spaces do not ** necessarily delimit an old-style name -- at ** signs mean keep going. */ /* find end of name */ while ((isascii(*p) && isspace(*p)) || *p == ',') p++; name = p; for (;;) { auto char *oldp; char pvpbuf[PSBUFSIZE]; (void) prescan(p, oldstyle ? ' ' : ',', pvpbuf, sizeof pvpbuf, &oldp, NULL); p = oldp; /* look to see if we have an at sign */ while (*p != '\0' && isascii(*p) && isspace(*p)) p++; if (*p != '@') { p = oldp; break; } p += *p == '@' ? 1 : 2; while (*p != '\0' && isascii(*p) && isspace(*p)) p++; } /* at the end of one complete name */ /* strip off trailing white space */ while (p >= name && ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0')) p--; if (++p == name) continue; savechar = *p; *p = '\0'; /* translate the name to be relative */ flags = RF_HEADERADDR|RF_ADDDOMAIN; if (bitset(H_FROM, h->h_flags)) flags |= RF_SENDERADDR; #if USERDB else if (e->e_from.q_mailer != NULL && bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags)) { char *q; q = udbsender(name); if (q != NULL) name = q; } #endif /* USERDB */ status = EX_OK; name = remotename(name, mci->mci_mailer, flags, &status, e); if (*name == '\0') { *p = savechar; continue; } name = denlstring(name, FALSE, TRUE); /* ** record data progress so DNS timeouts ** don't cause DATA timeouts */ DataProgress = TRUE; /* output the name with nice formatting */ opos += strlen(name); if (!firstone) opos += 2; if (opos > omax && !firstone) { snprintf(obp, SPACELEFT(obuf, obp), ",\n"); putxline(obuf, strlen(obuf), mci, putflags); obp = obuf; (void) strlcpy(obp, " ", sizeof obp); opos = strlen(obp); obp += opos; opos += strlen(name); } else if (!firstone) { snprintf(obp, SPACELEFT(obuf, obp), ", "); obp += 2; } while ((c = *name++) != '\0' && obp < &obuf[MAXLINE]) *obp++ = c; firstone = FALSE; *p = savechar; } *obp = '\0'; putxline(obuf, strlen(obuf), mci, putflags); } /* ** COPYHEADER -- copy header list ** ** This routine is the equivalent of newstr for header lists ** ** Parameters: ** header -- list of header structures to copy. ** ** Returns: ** a copy of 'header'. ** ** Side Effects: ** none. */ HDR * copyheader(header) register HDR *header; { register HDR *newhdr; HDR *ret; register HDR **tail = &ret; while (header != NULL) { newhdr = (HDR *) xalloc(sizeof *newhdr); STRUCTCOPY(*header, *newhdr); *tail = newhdr; tail = &newhdr->h_link; header = header->h_link; } *tail = NULL; return ret; } /* ** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header ** ** Run through all of the parameters of a MIME header and ** possibly truncate and rebalance the parameter according ** to MaxMimeFieldLength. ** ** Parameters: ** string -- the full header ** ** Returns: -** TRUE if the header was modified, FALSE otherwise +** length of last offending field, 0 if all ok. ** ** Side Effects: ** string modified in place */ -static bool +static size_t fix_mime_header(string) char *string; { - bool modified = FALSE; char *begin = string; char *end; + size_t len = 0; + size_t retlen = 0; if (string == NULL || *string == '\0') - return FALSE; + return 0; /* Split on each ';' */ while ((end = find_character(begin, ';')) != NULL) { char save = *end; char *bp; *end = '\0'; + len = strlen(begin); + /* Shorten individual parameter */ if (shorten_rfc822_string(begin, MaxMimeFieldLength)) - modified = TRUE; + retlen = len; /* Collapse the possibly shortened string with rest */ bp = begin + strlen(begin); if (bp != end) { char *ep = end; *end = save; end = bp; /* copy character by character due to overlap */ while (*ep != '\0') *bp++ = *ep++; *bp = '\0'; } else *end = save; if (*end == '\0') break; /* Move past ';' */ begin = end + 1; } - return modified; + return retlen; } Index: stable/4/contrib/sendmail/src/macro.c =================================================================== --- stable/4/contrib/sendmail/src/macro.c (revision 71887) +++ stable/4/contrib/sendmail/src/macro.c (revision 71888) @@ -1,456 +1,466 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: macro.c,v 8.40.16.2 2000/09/17 17:04:26 gshapiro Exp $"; +static char id[] = "@(#)$Id: macro.c,v 8.40.16.7 2000/10/09 15:49:06 gshapiro Exp $"; #endif /* ! lint */ #include -char *MacroName[256]; /* macro id to name table */ -int NextMacroId = 0240; /* codes for long named macros */ +#if MAXMACROID != (BITMAPBITS - 1) + ERROR Read the comment in conf.h +#endif /* MAXMACROID != (BITMAPBITS - 1) */ +char *MacroName[MAXMACROID + 1]; /* macro id to name table */ +int NextMacroId = 0240; /* codes for long named macros */ /* ** EXPAND -- macro expand a string using $x escapes. ** ** Parameters: ** s -- the string to expand. ** buf -- the place to put the expansion. ** bufsize -- the size of the buffer. ** e -- envelope in which to work. ** ** Returns: ** none. ** ** Side Effects: ** none. */ void expand(s, buf, bufsize, e) register char *s; register char *buf; size_t bufsize; register ENVELOPE *e; { register char *xp; register char *q; bool skipping; /* set if conditionally skipping output */ bool recurse = FALSE; /* set if recursion required */ int i; int skiplev; /* skipping nesting level */ int iflev; /* if nesting level */ char xbuf[MACBUFSIZE]; static int explevel = 0; if (tTd(35, 24)) { dprintf("expand("); xputs(s); dprintf(")\n"); } skipping = FALSE; skiplev = 0; iflev = 0; if (s == NULL) s = ""; for (xp = xbuf; *s != '\0'; s++) { int c; /* ** Check for non-ordinary (special?) character. ** 'q' will be the interpolated quantity. */ q = NULL; c = *s; switch (c & 0377) { case CONDIF: /* see if var set */ iflev++; c = *++s; if (skipping) skiplev++; else { char *mv; mv = macvalue(c, e); skipping = (mv == NULL || *mv == '\0'); } continue; case CONDELSE: /* change state of skipping */ if (iflev == 0) break; if (skiplev == 0) skipping = !skipping; continue; case CONDFI: /* stop skipping */ if (iflev == 0) break; iflev--; if (skiplev == 0) skipping = FALSE; if (skipping) skiplev--; continue; case MACROEXPAND: /* macro interpolation */ - c = *++s & 0377; + c = bitidx(*++s); if (c != '\0') q = macvalue(c, e); else { s--; q = NULL; } if (q == NULL) continue; break; } /* ** Interpolate q or output one character */ if (skipping || xp >= &xbuf[sizeof xbuf - 1]) continue; if (q == NULL) *xp++ = c; else { /* copy to end of q or max space remaining in buf */ while ((c = *q++) != '\0' && xp < &xbuf[sizeof xbuf - 1]) { /* check for any sendmail metacharacters */ if ((c & 0340) == 0200) recurse = TRUE; *xp++ = c; } } } *xp = '\0'; if (tTd(35, 24)) { dprintf("expand ==> "); xputs(xbuf); dprintf("\n"); } /* recurse as appropriate */ if (recurse) { if (explevel < MaxMacroRecursion) { explevel++; expand(xbuf, buf, bufsize, e); explevel--; return; } syserr("expand: recursion too deep (%d max)", MaxMacroRecursion); } /* copy results out */ i = xp - xbuf; if ((size_t)i >= bufsize) i = bufsize - 1; memmove(buf, xbuf, i); buf[i] = '\0'; } /* ** DEFINE -- define a macro. ** ** this would be better done using a #define macro. ** ** Parameters: ** n -- the macro name. ** v -- the macro value. ** e -- the envelope to store the definition in. ** ** Returns: ** none. ** ** Side Effects: ** e->e_macro[n] is defined. ** ** Notes: ** There is one macro for each ASCII character, ** although they are not all used. The currently ** defined macros are: ** ** $a date in ARPANET format (preferring the Date: line ** of the message) ** $b the current date (as opposed to the date as found ** the message) in ARPANET format ** $c hop count ** $d (current) date in UNIX (ctime) format ** $e the SMTP entry message+ ** $f raw from address ** $g translated from address ** $h to host ** $i queue id ** $j official SMTP hostname, used in messages+ ** $k UUCP node name ** $l UNIX-style from line+ ** $m The domain part of our full name. ** $n name of sendmail ("MAILER-DAEMON" on local ** net typically)+ ** $o delimiters ("operators") for address tokens+ ** (set via OperatorChars option in V6 or later ** sendmail.cf files) ** $p my process id in decimal ** $q the string that becomes an address -- this is ** normally used to combine $g & $x. ** $r protocol used to talk to sender ** $s sender's host name ** $t the current time in seconds since 1/1/1970 ** $u to user ** $v version number of sendmail ** $w our host name (if it can be determined) ** $x signature (full name) of from person ** $y the tty id of our terminal ** $z home directory of to person ** $_ RFC1413 authenticated sender address ** ** Macros marked with + must be defined in the ** configuration file and are used internally, but ** are not set. ** ** There are also some macros that can be used ** arbitrarily to make the configuration file ** cleaner. In general all upper-case letters ** are available. */ void define(n, v, e) int n; char *v; register ENVELOPE *e; { int m; - m = n & 0377; + m = bitidx(n); if (tTd(35, 9)) { dprintf("%sdefine(%s as ", (e->e_macro[m] == NULL) ? "" : "re", macname(n)); xputs(v); dprintf(")\n"); } e->e_macro[m] = v; #if _FFR_RESET_MACRO_GLOBALS switch (m) { case 'j': MyHostName = v; break; } #endif /* _FFR_RESET_MACRO_GLOBALS */ } /* ** MACVALUE -- return uninterpreted value of a macro. ** ** Parameters: ** n -- the name of the macro. ** ** Returns: ** The value of n. ** ** Side Effects: ** none. */ char * macvalue(n, e) int n; register ENVELOPE *e; { - n &= 0377; + n = bitidx(n); while (e != NULL) { register char *p = e->e_macro[n]; if (p != NULL) return p; e = e->e_parent; } return NULL; } /* ** MACNAME -- return the name of a macro given its internal id ** ** Parameter: ** n -- the id of the macro ** ** Returns: ** The name of n. ** ** Side Effects: ** none. */ char * macname(n) int n; { static char mbuf[2]; - n &= 0377; + n = bitidx(n); if (bitset(0200, n)) { char *p = MacroName[n]; if (p != NULL) return p; return "***UNDEFINED MACRO***"; } mbuf[0] = n; mbuf[1] = '\0'; return mbuf; } /* ** MACID -- return id of macro identified by its name ** ** Parameters: ** p -- pointer to name string -- either a single ** character or {name}. ** ep -- filled in with the pointer to the byte ** after the name. ** ** Returns: ** The internal id code for this macro. This will ** fit into a single byte. ** ** Side Effects: ** If this is a new macro name, a new id is allocated. */ int macid(p, ep) register char *p; char **ep; { int mid; register char *bp; char mbuf[MAXMACNAMELEN + 1]; if (tTd(35, 14)) { dprintf("macid("); xputs(p); dprintf(") => "); } if (*p == '\0' || (p[0] == '{' && p[1] == '}')) { syserr("Name required for macro/class"); if (ep != NULL) *ep = p; if (tTd(35, 14)) dprintf("NULL\n"); - return '\0'; + return 0; } if (*p != '{') { /* the macro is its own code */ if (ep != NULL) *ep = p + 1; if (tTd(35, 14)) - dprintf("%c\n", *p); - return *p; + dprintf("%c\n", bitidx(*p)); + return bitidx(*p); } bp = mbuf; while (*++p != '\0' && *p != '}' && bp < &mbuf[sizeof mbuf - 1]) { if (isascii(*p) && (isalnum(*p) || *p == '_')) *bp++ = *p; else syserr("Invalid macro/class character %c", *p); } *bp = '\0'; mid = -1; if (*p == '\0') { syserr("Unbalanced { on %s", mbuf); /* missing } */ } else if (*p != '}') { syserr("Macro/class name ({%s}) too long (%d chars max)", mbuf, sizeof mbuf - 1); } else if (mbuf[1] == '\0') { /* ${x} == $x */ - mid = mbuf[0]; + mid = bitidx(mbuf[0]); p++; } else { register STAB *s; s = stab(mbuf, ST_MACRO, ST_ENTER); if (s->s_macro != 0) mid = s->s_macro; else { if (NextMacroId > MAXMACROID) { syserr("Macro/class {%s}: too many long names", mbuf); s->s_macro = -1; } else { MacroName[NextMacroId] = s->s_name; s->s_macro = mid = NextMacroId++; } } p++; } if (ep != NULL) *ep = p; + if (mid < 0 || mid > MAXMACROID) + { + syserr("Unable to assign macro/class ID (mid = 0x%x)", mid); + if (tTd(35, 14)) + dprintf("NULL\n"); + return 0; + } if (tTd(35, 14)) dprintf("0x%x\n", mid); return mid; } /* ** WORDINCLASS -- tell if a word is in a specific class ** ** Parameters: ** str -- the name of the word to look up. ** cl -- the class name. ** ** Returns: ** TRUE if str can be found in cl. ** FALSE otherwise. */ bool wordinclass(str, cl) char *str; int cl; { register STAB *s; s = stab(str, ST_CLASS, ST_FIND); - return s != NULL && bitnset(cl & 0xff, s->s_class); + return s != NULL && bitnset(bitidx(cl), s->s_class); } Index: stable/4/contrib/sendmail/src/mailq.1 =================================================================== --- stable/4/contrib/sendmail/src/mailq.1 (revision 71887) +++ stable/4/contrib/sendmail/src/mailq.1 (revision 71888) @@ -1,73 +1,73 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1997 Eric P. Allman. All rights reserved. .\" Copyright (c) 1985, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: mailq.1,v 8.14.28.2 2000/09/17 17:04:27 gshapiro Exp $ +.\" $Id: mailq.1,v 8.14.28.3 2000/12/14 23:08:15 gshapiro Exp $ .\" .\" $FreeBSD$ .\" -.TH MAILQ 1 "$Date: 2000/09/17 17:04:27 $" +.TH MAILQ 1 "$Date: 2000/12/14 23:08:15 $" .SH NAME -.B mailq +mailq \- print the mail queue .SH SYNOPSIS .B mailq .RB [ \-v ] .SH DESCRIPTION .B Mailq prints a summary of the mail messages queued for future delivery. .PP The first line printed for each message shows the internal identifier used on this host for the message with a possible status character, the size of the message in bytes, the date and time the message was accepted into the queue, and the envelope sender of the message. The second line shows the error message that caused this message to be retained in the queue; it will not be present if the message is being processed for the first time. The status characters are either .B * to indicate the job is being processed; .B X to indicate that the load is too high to process the job; and .B - to indicate that the job is too young to process. The following lines show message recipients, one per line. .PP .B Mailq is identical to ``sendmail -bp''. .PP The options are as follows: .TP .B \-v Print verbose information. This adds the priority of the message and a single character indicator (``+'' or blank) indicating whether a warning message has been sent on the first line of the message. Additionally, extra lines may be intermixed with the recipients indicating the ``controlling user'' information; this shows who will own any programs that are executed on behalf of this message and the name of the alias this command expanded from, if any. .PP The .B mailq utility exits 0 on success, and >0 if an error occurs. .SH SEE ALSO sendmail(8) .SH HISTORY The .B mailq command appeared in 4.0BSD. Index: stable/4/contrib/sendmail/src/main.c =================================================================== --- stable/4/contrib/sendmail/src/main.c (revision 71887) +++ stable/4/contrib/sendmail/src/main.c (revision 71888) @@ -1,3174 +1,3203 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.\n\ Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: main.c,v 8.485.4.27 2000/09/26 01:30:38 gshapiro Exp $"; +static char id[] = "@(#)$Id: main.c,v 8.485.4.38 2000/12/19 02:50:33 gshapiro Exp $"; #endif /* ! lint */ #define _DEFINE #include #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ static void dump_class __P((STAB *, int)); static void obsolete __P((char **)); static void testmodeline __P((char *, ENVELOPE *)); /* ** SENDMAIL -- Post mail to a set of destinations. ** ** This is the basic mail router. All user mail programs should ** call this routine to actually deliver mail. Sendmail in ** turn calls a bunch of mail servers that do the real work of ** delivering the mail. ** ** Sendmail is driven by settings read in from /etc/mail/sendmail.cf ** (read by readcf.c). ** ** Usage: ** /usr/lib/sendmail [flags] addr ... ** ** See the associated documentation for details. ** ** Author: ** Eric Allman, UCB/INGRES (until 10/81). ** Britton-Lee, Inc., purveyors of fine ** database computers (11/81 - 10/88). ** International Computer Science Institute ** (11/88 - 9/89). ** UCB/Mammoth Project (10/89 - 7/95). ** InReference, Inc. (8/95 - 1/97). ** Sendmail, Inc. (1/98 - present). ** The support of the my employers is gratefully acknowledged. ** Few of them (Britton-Lee in particular) have had ** anything to gain from my involvement in this project. */ int NextMailer; /* "free" index into Mailer struct */ char *FullName; /* sender's full name */ ENVELOPE BlankEnvelope; /* a "blank" envelope */ static ENVELOPE MainEnvelope; /* the envelope around the basic letter */ ADDRESS NullAddress = /* a null address */ { "", "", NULL, "" }; char *CommandLineArgs; /* command line args for pid file */ bool Warn_Q_option = FALSE; /* warn about Q option use */ char **SaveArgv; /* argument vector for re-execing */ static int MissingFds = 0; /* bit map of fds missing on startup */ #ifdef NGROUPS_MAX GIDSET_T InitialGidSet[NGROUPS_MAX]; #endif /* NGROUPS_MAX */ #if DAEMON && !SMTP ERROR %%%% Cannot have DAEMON mode without SMTP %%%% ERROR #endif /* DAEMON && !SMTP */ #if SMTP && !QUEUE ERROR %%%% Cannot have SMTP mode without QUEUE %%%% ERROR #endif /* SMTP && !QUEUE */ #define MAXCONFIGLEVEL 9 /* highest config version level known */ #if SASL static sasl_callback_t srvcallbacks[] = { { SASL_CB_VERIFYFILE, &safesaslfile, NULL }, { SASL_CB_PROXY_POLICY, &proxy_policy, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; #endif /* SASL */ int SubmitMode; int main(argc, argv, envp) int argc; char **argv; char **envp; { register char *p; char **av; extern char Version[]; char *ep, *from; STAB *st; register int i; int j; int dp; bool safecf = TRUE; BITMAP256 *p_flags = NULL; /* daemon flags */ bool warn_C_flag = FALSE; bool auth = TRUE; /* whether to set e_auth_param */ char warn_f_flag = '\0'; bool run_in_foreground = FALSE; /* -bD mode */ static bool reenter = FALSE; struct passwd *pw; struct hostent *hp; char *nullserver = NULL; char *authinfo = NULL; char *sysloglabel = NULL; /* label for syslog */ bool forged; struct stat traf_st; /* for TrafficLog FIFO check */ char jbuf[MAXHOSTNAMELEN]; /* holds MyHostName */ static char rnamebuf[MAXNAME]; /* holds RealUserName */ char *emptyenviron[1]; # if STARTTLS bool tls_ok; # endif /* STARTTLS */ QUEUE_CHAR *new; extern int DtableSize; extern int optind; extern int opterr; extern char *optarg; extern char **environ; /* ** Check to see if we reentered. ** This would normally happen if e_putheader or e_putbody ** were NULL when invoked. */ if (reenter) { syserr("main: reentered!"); abort(); } reenter = TRUE; /* avoid null pointer dereferences */ TermEscape.te_rv_on = TermEscape.te_rv_off = ""; /* do machine-dependent initializations */ init_md(argc, argv); /* in 4.4BSD, the table can be huge; impose a reasonable limit */ DtableSize = getdtsize(); if (DtableSize > 256) DtableSize = 256; /* ** Be sure we have enough file descriptors. ** But also be sure that 0, 1, & 2 are open. */ fill_fd(STDIN_FILENO, NULL); fill_fd(STDOUT_FILENO, NULL); fill_fd(STDERR_FILENO, NULL); i = DtableSize; while (--i > 0) { if (i != STDIN_FILENO && i != STDOUT_FILENO && i != STDERR_FILENO) (void) close(i); } errno = 0; #if LOG # ifdef LOG_MAIL openlog("sendmail", LOG_PID, LOG_MAIL); # else /* LOG_MAIL */ openlog("sendmail", LOG_PID); # endif /* LOG_MAIL */ #endif /* LOG */ if (MissingFds != 0) { char mbuf[MAXLINE]; mbuf[0] = '\0'; if (bitset(1 << STDIN_FILENO, MissingFds)) (void) strlcat(mbuf, ", stdin", sizeof mbuf); if (bitset(1 << STDOUT_FILENO, MissingFds)) (void) strlcat(mbuf, ", stdout", sizeof mbuf); if (bitset(1 << STDERR_FILENO, MissingFds)) (void) strlcat(mbuf, ", stderr", sizeof mbuf); syserr("File descriptors missing on startup: %s", &mbuf[2]); } /* reset status from syserr() calls for missing file descriptors */ Errors = 0; ExitStat = EX_OK; SubmitMode = SUBMIT_UNKNOWN; #if XDEBUG checkfd012("after openlog"); #endif /* XDEBUG */ /* ** Seed the random number generator. ** Used for queue file names, picking a queue directory, and ** MX randomization. */ seed_random(); tTsetup(tTdvect, sizeof tTdvect, "0-99.1"); #ifdef NGROUPS_MAX /* save initial group set for future checks */ i = getgroups(NGROUPS_MAX, InitialGidSet); if (i == 0) InitialGidSet[0] = (GID_T) -1; while (i < NGROUPS_MAX) InitialGidSet[i++] = InitialGidSet[0]; #endif /* NGROUPS_MAX */ /* drop group id privileges (RunAsUser not yet set) */ dp = drop_privileges(FALSE); setstat(dp); # ifdef SIGUSR1 /* arrange to dump state on user-1 signal */ (void) setsignal(SIGUSR1, sigusr1); # endif /* SIGUSR1 */ /* initialize for setproctitle */ initsetproctitle(argc, argv, envp); /* Handle any non-getoptable constructions. */ obsolete(argv); /* ** Do a quick prescan of the argument list. */ #if defined(__osf__) || defined(_AIX3) # define OPTIONS "B:b:C:cd:e:F:f:Gh:IiL:M:mN:nO:o:p:q:R:r:sTtUV:vX:x" #endif /* defined(__osf__) || defined(_AIX3) */ #if defined(sony_news) # define OPTIONS "B:b:C:cd:E:e:F:f:Gh:IiJ:L:M:mN:nO:o:p:q:R:r:sTtUV:vX:" #endif /* defined(sony_news) */ #ifndef OPTIONS # define OPTIONS "B:b:C:cd:e:F:f:Gh:IiL:M:mN:nO:o:p:q:R:r:sTtUV:vX:" #endif /* ! OPTIONS */ opterr = 0; while ((j = getopt(argc, argv, OPTIONS)) != -1) { switch (j) { case 'd': /* hack attack -- see if should use ANSI mode */ if (strcmp(optarg, "ANSI") == 0) { TermEscape.te_rv_on = "\033[7m"; TermEscape.te_rv_off = "\033[0m"; break; } tTflag(optarg); setbuf(stdout, (char *) NULL); break; case 'G': /* relay (gateway) submission */ SubmitMode |= SUBMIT_MTA; break; case 'L': j = min(strlen(optarg), 24) + 1; sysloglabel = xalloc(j); (void) strlcpy(sysloglabel, optarg, j); break; case 'U': /* initial (user) submission */ SubmitMode |= SUBMIT_MSA; break; } } opterr = 1; if (sysloglabel != NULL) { #if LOG closelog(); # ifdef LOG_MAIL openlog(sysloglabel, LOG_PID, LOG_MAIL); # else /* LOG_MAIL */ openlog(sysloglabel, LOG_PID); # endif /* LOG_MAIL */ #endif /* LOG */ } /* set up the blank envelope */ BlankEnvelope.e_puthdr = putheader; BlankEnvelope.e_putbody = putbody; BlankEnvelope.e_xfp = NULL; STRUCTCOPY(NullAddress, BlankEnvelope.e_from); CurEnv = &BlankEnvelope; STRUCTCOPY(NullAddress, MainEnvelope.e_from); /* ** Set default values for variables. ** These cannot be in initialized data space. */ setdefaults(&BlankEnvelope); RealUid = getuid(); RealGid = getgid(); pw = sm_getpwuid(RealUid); if (pw != NULL) (void) snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name); else (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", (int) RealUid); RealUserName = rnamebuf; if (tTd(0, 101)) { dprintf("Version %s\n", Version); finis(FALSE, EX_OK); } /* ** if running non-setuid binary as non-root, pretend ** we are the RunAsUid */ if (RealUid != 0 && geteuid() == RealUid) { if (tTd(47, 1)) dprintf("Non-setuid binary: RunAsUid = RealUid = %d\n", (int)RealUid); RunAsUid = RealUid; } else if (geteuid() != 0) RunAsUid = geteuid(); if (RealUid != 0 && getegid() == RealGid) RunAsGid = RealGid; if (tTd(47, 5)) { dprintf("main: e/ruid = %d/%d e/rgid = %d/%d\n", (int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid()); dprintf("main: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid); } /* save command line arguments */ j = 0; for (av = argv; *av != NULL; ) j += strlen(*av++) + 1; SaveArgv = (char **) xalloc(sizeof (char *) * (argc + 1)); CommandLineArgs = xalloc(j); p = CommandLineArgs; for (av = argv, i = 0; *av != NULL; ) { int h; SaveArgv[i++] = newstr(*av); if (av != argv) *p++ = ' '; (void) strlcpy(p, *av++, j); h = strlen(p); p += h; j -= h + 1; } SaveArgv[i] = NULL; if (tTd(0, 1)) { int ll; extern char *CompileOptions[]; dprintf("Version %s\n Compiled with:", Version); av = CompileOptions; ll = 7; while (*av != NULL) { if (ll + strlen(*av) > 63) { dprintf("\n"); ll = 0; } if (ll == 0) dprintf("\t\t"); else dprintf(" "); dprintf("%s", *av); ll += strlen(*av++) + 1; } dprintf("\n"); } if (tTd(0, 10)) { int ll; extern char *OsCompileOptions[]; dprintf(" OS Defines:"); av = OsCompileOptions; ll = 7; while (*av != NULL) { if (ll + strlen(*av) > 63) { dprintf("\n"); ll = 0; } if (ll == 0) dprintf("\t\t"); else dprintf(" "); dprintf("%s", *av); ll += strlen(*av++) + 1; } dprintf("\n"); #ifdef _PATH_UNIX dprintf("Kernel symbols:\t%s\n", _PATH_UNIX); #endif /* _PATH_UNIX */ dprintf(" Def Conf file:\t%s\n", getcfname()); dprintf(" Def Pid file:\t%s\n", PidFile); } InChannel = stdin; OutChannel = stdout; /* clear sendmail's environment */ ExternalEnviron = environ; emptyenviron[0] = NULL; environ = emptyenviron; /* ** restore any original TZ setting until TimeZoneSpec has been ** determined - or early log messages may get bogus time stamps */ if ((p = getextenv("TZ")) != NULL) { char *tz; int tzlen; tzlen = strlen(p) + 4; tz = xalloc(tzlen); (void) snprintf(tz, tzlen, "TZ=%s", p); (void) putenv(tz); } /* prime the child environment */ setuserenv("AGENT", "sendmail"); if (setsignal(SIGINT, SIG_IGN) != SIG_IGN) (void) setsignal(SIGINT, intsig); (void) setsignal(SIGTERM, intsig); (void) setsignal(SIGPIPE, SIG_IGN); OldUmask = umask(022); OpMode = MD_DELIVER; FullName = getextenv("NAME"); /* ** Initialize name server if it is going to be used. */ #if NAMED_BIND if (!bitset(RES_INIT, _res.options)) (void) res_init(); /* ** hack to avoid crashes when debugging for the resolver is ** turned on and sfio is used */ if (tTd(8, 8)) # if !SFIO || SFIO_STDIO_COMPAT _res.options |= RES_DEBUG; # else /* !SFIO || SFIO_STDIO_COMPAT */ dprintf("RES_DEBUG not available due to SFIO\n"); # endif /* !SFIO || SFIO_STDIO_COMPAT */ else _res.options &= ~RES_DEBUG; # ifdef RES_NOALIASES _res.options |= RES_NOALIASES; # endif /* RES_NOALIASES */ TimeOuts.res_retry[RES_TO_DEFAULT] = _res.retry; TimeOuts.res_retry[RES_TO_FIRST] = _res.retry; TimeOuts.res_retry[RES_TO_NORMAL] = _res.retry; TimeOuts.res_retrans[RES_TO_DEFAULT] = _res.retrans; TimeOuts.res_retrans[RES_TO_FIRST] = _res.retrans; TimeOuts.res_retrans[RES_TO_NORMAL] = _res.retrans; #endif /* NAMED_BIND */ errno = 0; from = NULL; /* initialize some macros, etc. */ initmacros(CurEnv); init_vendor_macros(CurEnv); /* version */ define('v', Version, CurEnv); /* hostname */ hp = myhostname(jbuf, sizeof jbuf); if (jbuf[0] != '\0') { struct utsname utsname; if (tTd(0, 4)) dprintf("canonical name: %s\n", jbuf); define('w', newstr(jbuf), CurEnv); /* must be new string */ define('j', newstr(jbuf), CurEnv); setclass('w', jbuf); p = strchr(jbuf, '.'); if (p != NULL) { if (p[1] != '\0') { define('m', newstr(&p[1]), CurEnv); } while (p != NULL && strchr(&p[1], '.') != NULL) { *p = '\0'; if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", jbuf); setclass('w', jbuf); *p++ = '.'; p = strchr(p, '.'); } } if (uname(&utsname) >= 0) p = utsname.nodename; else { if (tTd(0, 22)) dprintf("uname failed (%s)\n", errstring(errno)); makelower(jbuf); p = jbuf; } if (tTd(0, 4)) dprintf(" UUCP nodename: %s\n", p); p = newstr(p); define('k', p, CurEnv); setclass('k', p); setclass('w', p); } if (hp != NULL) { for (av = hp->h_aliases; av != NULL && *av != NULL; av++) { if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", *av); setclass('w', *av); } #if NETINET || NETINET6 for (i = 0; hp->h_addr_list[i] != NULL; i++) { # if NETINET6 char *addr; char buf6[INET6_ADDRSTRLEN]; struct in6_addr ia6; # endif /* NETINET6 */ # if NETINET struct in_addr ia; # endif /* NETINET */ char ipbuf[103]; ipbuf[0] = '\0'; switch (hp->h_addrtype) { # if NETINET case AF_INET: if (hp->h_length != INADDRSZ) break; memmove(&ia, hp->h_addr_list[i], INADDRSZ); (void) snprintf(ipbuf, sizeof ipbuf, "[%.100s]", inet_ntoa(ia)); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: if (hp->h_length != IN6ADDRSZ) break; memmove(&ia6, hp->h_addr_list[i], IN6ADDRSZ); addr = anynet_ntop(&ia6, buf6, sizeof buf6); if (addr != NULL) (void) snprintf(ipbuf, sizeof ipbuf, "[%.100s]", addr); break; # endif /* NETINET6 */ } if (ipbuf[0] == '\0') break; if (tTd(0, 4)) dprintf("\ta.k.a.: %s\n", ipbuf); setclass('w', ipbuf); } #endif /* NETINET || NETINET6 */ +#if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); + hp = NULL; +#endif /* _FFR_FREEHOSTENT && NETINET6 */ } /* current time */ define('b', arpadate((char *) NULL), CurEnv); /* current load average */ CurrentLA = sm_getla(CurEnv); QueueLimitRecipient = (QUEUE_CHAR *) NULL; QueueLimitSender = (QUEUE_CHAR *) NULL; QueueLimitId = (QUEUE_CHAR *) NULL; /* ** Crack argv. */ av = argv; p = strrchr(*av, '/'); if (p++ == NULL) p = *av; if (strcmp(p, "newaliases") == 0) OpMode = MD_INITALIAS; else if (strcmp(p, "mailq") == 0) OpMode = MD_PRINT; else if (strcmp(p, "smtpd") == 0) OpMode = MD_DAEMON; else if (strcmp(p, "hoststat") == 0) OpMode = MD_HOSTSTAT; else if (strcmp(p, "purgestat") == 0) OpMode = MD_PURGESTAT; optind = 1; while ((j = getopt(argc, argv, OPTIONS)) != -1) { switch (j) { case 'b': /* operations mode */ switch (j = *optarg) { case MD_DAEMON: case MD_FGDAEMON: #if !DAEMON usrerr("Daemon mode not implemented"); ExitStat = EX_USAGE; break; #endif /* !DAEMON */ case MD_SMTP: #if !SMTP usrerr("I don't speak SMTP"); ExitStat = EX_USAGE; break; #endif /* !SMTP */ case MD_INITALIAS: case MD_DELIVER: case MD_VERIFY: case MD_TEST: case MD_PRINT: case MD_HOSTSTAT: case MD_PURGESTAT: case MD_ARPAFTP: OpMode = j; break; case MD_FREEZE: usrerr("Frozen configurations unsupported"); ExitStat = EX_USAGE; break; default: usrerr("Invalid operation mode %c", j); ExitStat = EX_USAGE; break; } break; case 'B': /* body type */ CurEnv->e_bodytype = newstr(optarg); break; case 'C': /* select configuration file (already done) */ if (RealUid != 0) warn_C_flag = TRUE; ConfFile = newstr(optarg); dp = drop_privileges(TRUE); setstat(dp); safecf = FALSE; break; case 'd': /* debugging -- already done */ break; case 'f': /* from address */ case 'r': /* obsolete -f flag */ if (from != NULL) { usrerr("More than one \"from\" person"); ExitStat = EX_USAGE; break; } from = newstr(denlstring(optarg, TRUE, TRUE)); if (strcmp(RealUserName, from) != 0) warn_f_flag = j; break; case 'F': /* set full name */ FullName = newstr(optarg); break; case 'G': /* relay (gateway) submission */ /* already set */ break; case 'h': /* hop count */ CurEnv->e_hopcount = (short) strtol(optarg, &ep, 10); if (*ep) { usrerr("Bad hop count (%s)", optarg); ExitStat = EX_USAGE; } break; case 'L': /* program label */ /* already set */ break; case 'n': /* don't alias */ NoAlias = TRUE; break; case 'N': /* delivery status notifications */ DefaultNotify |= QHASNOTIFY; define(macid("{dsn_notify}", NULL), newstr(optarg), CurEnv); if (strcasecmp(optarg, "never") == 0) break; for (p = optarg; p != NULL; optarg = p) { p = strchr(p, ','); if (p != NULL) *p++ = '\0'; if (strcasecmp(optarg, "success") == 0) DefaultNotify |= QPINGONSUCCESS; else if (strcasecmp(optarg, "failure") == 0) DefaultNotify |= QPINGONFAILURE; else if (strcasecmp(optarg, "delay") == 0) DefaultNotify |= QPINGONDELAY; else { usrerr("Invalid -N argument"); ExitStat = EX_USAGE; } } break; case 'o': /* set option */ setoption(*optarg, optarg + 1, FALSE, TRUE, CurEnv); break; case 'O': /* set option (long form) */ setoption(' ', optarg, FALSE, TRUE, CurEnv); break; case 'p': /* set protocol */ p = strchr(optarg, ':'); if (p != NULL) { *p++ = '\0'; if (*p != '\0') { ep = xalloc(strlen(p) + 1); cleanstrcpy(ep, p, MAXNAME); define('s', ep, CurEnv); } } if (*optarg != '\0') { ep = xalloc(strlen(optarg) + 1); cleanstrcpy(ep, optarg, MAXNAME); define('r', ep, CurEnv); } break; case 'q': /* run queue files at intervals */ #if QUEUE /* sanity check */ if (OpMode != MD_DELIVER && OpMode != MD_DAEMON && OpMode != MD_FGDAEMON && OpMode != MD_PRINT && OpMode != MD_QUEUERUN) { usrerr("Can not use -q with -b%c", OpMode); ExitStat = EX_USAGE; break; } /* don't override -bd, -bD or -bp */ if (OpMode == MD_DELIVER) OpMode = MD_QUEUERUN; FullName = NULL; switch (optarg[0]) { case 'I': new = (QUEUE_CHAR *) xalloc(sizeof *new); new->queue_match = newstr(&optarg[1]); new->queue_next = QueueLimitId; QueueLimitId = new; break; case 'R': new = (QUEUE_CHAR *) xalloc(sizeof *new); new->queue_match = newstr(&optarg[1]); new->queue_next = QueueLimitRecipient; QueueLimitRecipient = new; break; case 'S': new = (QUEUE_CHAR *) xalloc(sizeof *new); new->queue_match = newstr(&optarg[1]); new->queue_next = QueueLimitSender; QueueLimitSender = new; break; default: i = Errors; QueueIntvl = convtime(optarg, 'm'); /* check for bad conversion */ if (i < Errors) ExitStat = EX_USAGE; break; } #else /* QUEUE */ usrerr("I don't know about queues"); ExitStat = EX_USAGE; #endif /* QUEUE */ break; case 'R': /* DSN RET: what to return */ if (bitset(EF_RET_PARAM, CurEnv->e_flags)) { usrerr("Duplicate -R flag"); ExitStat = EX_USAGE; break; } CurEnv->e_flags |= EF_RET_PARAM; if (strcasecmp(optarg, "hdrs") == 0) CurEnv->e_flags |= EF_NO_BODY_RETN; else if (strcasecmp(optarg, "full") != 0) { usrerr("Invalid -R value"); ExitStat = EX_USAGE; } define(macid("{dsn_ret}", NULL), newstr(optarg), CurEnv); break; case 't': /* read recipients from message */ GrabTo = TRUE; break; case 'U': /* initial (user) submission */ /* already set */ break; case 'V': /* DSN ENVID: set "original" envelope id */ if (!xtextok(optarg)) { usrerr("Invalid syntax in -V flag"); ExitStat = EX_USAGE; } else { CurEnv->e_envid = newstr(optarg); define(macid("{dsn_envid}", NULL), newstr(optarg), CurEnv); } break; case 'X': /* traffic log file */ dp = drop_privileges(TRUE); setstat(dp); if (stat(optarg, &traf_st) == 0 && S_ISFIFO(traf_st.st_mode)) TrafficLogFile = fopen(optarg, "w"); else TrafficLogFile = fopen(optarg, "a"); if (TrafficLogFile == NULL) { syserr("cannot open %s", optarg); ExitStat = EX_CANTCREAT; break; } #if HASSETVBUF (void) setvbuf(TrafficLogFile, NULL, _IOLBF, 0); #else /* HASSETVBUF */ (void) setlinebuf(TrafficLogFile); #endif /* HASSETVBUF */ break; /* compatibility flags */ case 'c': /* connect to non-local mailers */ case 'i': /* don't let dot stop me */ case 'm': /* send to me too */ case 'T': /* set timeout interval */ case 'v': /* give blow-by-blow description */ setoption(j, "T", FALSE, TRUE, CurEnv); break; case 'e': /* error message disposition */ case 'M': /* define macro */ setoption(j, optarg, FALSE, TRUE, CurEnv); break; case 's': /* save From lines in headers */ setoption('f', "T", FALSE, TRUE, CurEnv); break; #ifdef DBM case 'I': /* initialize alias DBM file */ OpMode = MD_INITALIAS; break; #endif /* DBM */ #if defined(__osf__) || defined(_AIX3) case 'x': /* random flag that OSF/1 & AIX mailx passes */ break; #endif /* defined(__osf__) || defined(_AIX3) */ #if defined(sony_news) case 'E': case 'J': /* ignore flags for Japanese code conversion implemented on Sony NEWS */ break; #endif /* defined(sony_news) */ default: finis(TRUE, EX_USAGE); break; } } av += optind; if (bitset(SUBMIT_MTA, SubmitMode) && bitset(SUBMIT_MSA, SubmitMode)) { /* sanity check */ errno = 0; /* reset to avoid bogus error messages */ syserr("Cannot use both -G and -U together"); } else if (bitset(SUBMIT_MTA, SubmitMode)) define(macid("{daemon_flags}", NULL), "CC f", CurEnv); else if (bitset(SUBMIT_MSA, SubmitMode)) { define(macid("{daemon_flags}", NULL), "c u", CurEnv); /* check for wrong OpMode */ if (OpMode != MD_DELIVER && OpMode != MD_SMTP) { errno = 0; /* reset to avoid bogus error msgs */ syserr("Cannot use -U and -b%c", OpMode); } } else { #if _FFR_DEFAULT_SUBMIT_TO_MSA define(macid("{daemon_flags}", NULL), "c u", CurEnv); #else /* _FFR_DEFAULT_SUBMIT_TO_MSA */ /* EMPTY */ #endif /* _FFR_DEFAULT_SUBMIT_TO_MSA */ } /* ** Do basic initialization. ** Read system control file. ** Extract special fields for local use. */ /* set up ${opMode} for use in config file */ { char mbuf[2]; mbuf[0] = OpMode; mbuf[1] = '\0'; define(MID_OPMODE, newstr(mbuf), CurEnv); } #if XDEBUG checkfd012("before readcf"); #endif /* XDEBUG */ vendor_pre_defaults(CurEnv); readcf(getcfname(), safecf, CurEnv); ConfigFileRead = TRUE; vendor_post_defaults(CurEnv); /* Enforce use of local time (null string overrides this) */ if (TimeZoneSpec == NULL) unsetenv("TZ"); else if (TimeZoneSpec[0] != '\0') setuserenv("TZ", TimeZoneSpec); else setuserenv("TZ", NULL); tzset(); /* avoid denial-of-service attacks */ resetlimits(); if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON) { /* drop privileges -- daemon mode done after socket/bind */ dp = drop_privileges(FALSE); setstat(dp); } #if NAMED_BIND _res.retry = TimeOuts.res_retry[RES_TO_DEFAULT]; _res.retrans = TimeOuts.res_retrans[RES_TO_DEFAULT]; #endif /* NAMED_BIND */ /* ** Find our real host name for future logging. */ authinfo = getauthinfo(STDIN_FILENO, &forged); define('_', authinfo, CurEnv); /* suppress error printing if errors mailed back or whatever */ if (CurEnv->e_errormode != EM_PRINT) HoldErrs = TRUE; /* set up the $=m class now, after .cf has a chance to redefine $m */ expand("\201m", jbuf, sizeof jbuf, CurEnv); setclass('m', jbuf); /* probe interfaces and locate any additional names */ if (!DontProbeInterfaces) load_if_names(); if (tTd(0, 1)) { dprintf("\n============ SYSTEM IDENTITY (after readcf) ============"); dprintf("\n (short domain name) $w = "); xputs(macvalue('w', CurEnv)); dprintf("\n (canonical domain name) $j = "); xputs(macvalue('j', CurEnv)); dprintf("\n (subdomain name) $m = "); xputs(macvalue('m', CurEnv)); dprintf("\n (node name) $k = "); xputs(macvalue('k', CurEnv)); dprintf("\n========================================================\n\n"); } /* ** Do more command line checking -- these are things that ** have to modify the results of reading the config file. */ /* process authorization warnings from command line */ if (warn_C_flag) auth_warning(CurEnv, "Processed by %s with -C %s", RealUserName, ConfFile); if (Warn_Q_option && !wordinclass(RealUserName, 't')) auth_warning(CurEnv, "Processed from queue %s", QueueDir); /* check body type for legality */ if (CurEnv->e_bodytype == NULL) /* EMPTY */ /* nothing */ ; else if (strcasecmp(CurEnv->e_bodytype, "7BIT") == 0) SevenBitInput = TRUE; else if (strcasecmp(CurEnv->e_bodytype, "8BITMIME") == 0) SevenBitInput = FALSE; else { usrerr("Illegal body type %s", CurEnv->e_bodytype); CurEnv->e_bodytype = NULL; } /* tweak default DSN notifications */ if (DefaultNotify == 0) DefaultNotify = QPINGONFAILURE|QPINGONDELAY; /* be sure we don't pick up bogus HOSTALIASES environment variable */ if (OpMode == MD_QUEUERUN && RealUid != 0) (void) unsetenv("HOSTALIASES"); /* check for sane configuration level */ if (ConfigLevel > MAXCONFIGLEVEL) { syserr("Warning: .cf version level (%d) exceeds sendmail version %s functionality (%d)", ConfigLevel, Version, MAXCONFIGLEVEL); } /* need MCI cache to have persistence */ if (HostStatDir != NULL && MaxMciCache == 0) { HostStatDir = NULL; printf("Warning: HostStatusDirectory disabled with ConnectionCacheSize = 0\n"); } /* need HostStatusDir in order to have SingleThreadDelivery */ if (SingleThreadDelivery && HostStatDir == NULL) { SingleThreadDelivery = FALSE; printf("Warning: HostStatusDirectory required for SingleThreadDelivery\n"); } /* check for permissions */ if ((OpMode == MD_DAEMON || OpMode == MD_FGDAEMON || OpMode == MD_PURGESTAT) && RealUid != 0 && RealUid != TrustedUid) { if (LogLevel > 1) sm_syslog(LOG_ALERT, NOQID, "user %d attempted to %s", RealUid, OpMode != MD_PURGESTAT ? "run daemon" : "purge host status"); usrerr("Permission denied"); finis(FALSE, EX_USAGE); } if (OpMode == MD_INITALIAS && RealUid != 0 && RealUid != TrustedUid && !wordinclass(RealUserName, 't')) { if (LogLevel > 1) sm_syslog(LOG_ALERT, NOQID, "user %d attempted to rebuild the alias map", RealUid); usrerr("Permission denied"); finis(FALSE, EX_USAGE); } if (MeToo) BlankEnvelope.e_flags |= EF_METOO; switch (OpMode) { case MD_TEST: /* don't have persistent host status in test mode */ HostStatDir = NULL; if (Verbose == 0) Verbose = 2; CurEnv->e_errormode = EM_PRINT; HoldErrs = FALSE; break; case MD_VERIFY: CurEnv->e_errormode = EM_PRINT; HoldErrs = FALSE; /* arrange to exit cleanly on hangup signal */ if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL) (void) setsignal(SIGHUP, intsig); break; case MD_FGDAEMON: run_in_foreground = TRUE; OpMode = MD_DAEMON; /* FALLTHROUGH */ case MD_DAEMON: vendor_daemon_setup(CurEnv); /* remove things that don't make sense in daemon mode */ FullName = NULL; GrabTo = FALSE; /* arrange to restart on hangup signal */ if (SaveArgv[0] == NULL || SaveArgv[0][0] != '/') sm_syslog(LOG_WARNING, NOQID, "daemon invoked without full pathname; kill -1 won't work"); (void) setsignal(SIGHUP, sighup); /* workaround: can't seem to release the signal in the parent */ (void) releasesignal(SIGHUP); break; case MD_INITALIAS: Verbose = 2; CurEnv->e_errormode = EM_PRINT; HoldErrs = FALSE; /* FALLTHROUGH */ default: /* arrange to exit cleanly on hangup signal */ if (setsignal(SIGHUP, SIG_IGN) == (sigfunc_t) SIG_DFL) (void) setsignal(SIGHUP, intsig); break; } /* special considerations for FullName */ if (FullName != NULL) { char *full = NULL; /* full names can't have newlines */ if (strchr(FullName, '\n') != NULL) { FullName = full = newstr(denlstring(FullName, TRUE, TRUE)); } /* check for characters that may have to be quoted */ if (!rfc822_string(FullName)) { /* ** Quote a full name with special characters ** as a comment so crackaddr() doesn't destroy ** the name portion of the address. */ FullName = addquotes(FullName); if (full != NULL) free(full); } } /* do heuristic mode adjustment */ if (Verbose) { /* turn off noconnect option */ setoption('c', "F", TRUE, FALSE, CurEnv); /* turn on interactive delivery */ setoption('d', "", TRUE, FALSE, CurEnv); } #ifdef VENDOR_CODE /* check for vendor mismatch */ if (VendorCode != VENDOR_CODE) { message("Warning: .cf file vendor code mismatch: sendmail expects vendor %s, .cf file vendor is %s", getvendor(VENDOR_CODE), getvendor(VendorCode)); } #endif /* VENDOR_CODE */ /* check for out of date configuration level */ if (ConfigLevel < MAXCONFIGLEVEL) { message("Warning: .cf file is out of date: sendmail %s supports version %d, .cf file is version %d", Version, MAXCONFIGLEVEL, ConfigLevel); } if (ConfigLevel < 3) UseErrorsTo = TRUE; /* set options that were previous macros */ if (SmtpGreeting == NULL) { if (ConfigLevel < 7 && (p = macvalue('e', CurEnv)) != NULL) SmtpGreeting = newstr(p); else SmtpGreeting = "\201j Sendmail \201v ready at \201b"; } if (UnixFromLine == NULL) { if (ConfigLevel < 7 && (p = macvalue('l', CurEnv)) != NULL) UnixFromLine = newstr(p); else UnixFromLine = "From \201g \201d"; } SmtpError[0] = '\0'; /* our name for SMTP codes */ expand("\201j", jbuf, sizeof jbuf, CurEnv); MyHostName = jbuf; if (strchr(jbuf, '.') == NULL) message("WARNING: local host name (%s) is not qualified; fix $j in config file", jbuf); /* make certain that this name is part of the $=w class */ setclass('w', MyHostName); /* the indices of built-in mailers */ st = stab("local", ST_MAILER, ST_FIND); if (st != NULL) LocalMailer = st->s_mailer; else if (OpMode != MD_TEST || !warn_C_flag) syserr("No local mailer defined"); st = stab("prog", ST_MAILER, ST_FIND); if (st == NULL) syserr("No prog mailer defined"); else { ProgMailer = st->s_mailer; clrbitn(M_MUSER, ProgMailer->m_flags); } st = stab("*file*", ST_MAILER, ST_FIND); if (st == NULL) syserr("No *file* mailer defined"); else { FileMailer = st->s_mailer; clrbitn(M_MUSER, FileMailer->m_flags); } st = stab("*include*", ST_MAILER, ST_FIND); if (st == NULL) syserr("No *include* mailer defined"); else InclMailer = st->s_mailer; if (ConfigLevel < 6) { /* heuristic tweaking of local mailer for back compat */ if (LocalMailer != NULL) { setbitn(M_ALIASABLE, LocalMailer->m_flags); setbitn(M_HASPWENT, LocalMailer->m_flags); setbitn(M_TRYRULESET5, LocalMailer->m_flags); setbitn(M_CHECKINCLUDE, LocalMailer->m_flags); setbitn(M_CHECKPROG, LocalMailer->m_flags); setbitn(M_CHECKFILE, LocalMailer->m_flags); setbitn(M_CHECKUDB, LocalMailer->m_flags); } if (ProgMailer != NULL) setbitn(M_RUNASRCPT, ProgMailer->m_flags); if (FileMailer != NULL) setbitn(M_RUNASRCPT, FileMailer->m_flags); } if (ConfigLevel < 7) { if (LocalMailer != NULL) setbitn(M_VRFY250, LocalMailer->m_flags); if (ProgMailer != NULL) setbitn(M_VRFY250, ProgMailer->m_flags); if (FileMailer != NULL) setbitn(M_VRFY250, FileMailer->m_flags); } /* MIME Content-Types that cannot be transfer encoded */ setclass('n', "multipart/signed"); /* MIME message/xxx subtypes that can be treated as messages */ setclass('s', "rfc822"); /* MIME Content-Transfer-Encodings that can be encoded */ setclass('e', "7bit"); setclass('e', "8bit"); setclass('e', "binary"); #ifdef USE_B_CLASS /* MIME Content-Types that should be treated as binary */ setclass('b', "image"); setclass('b', "audio"); setclass('b', "video"); setclass('b', "application/octet-stream"); #endif /* USE_B_CLASS */ /* MIME headers which have fields to check for overflow */ setclass(macid("{checkMIMEFieldHeaders}", NULL), "content-disposition"); setclass(macid("{checkMIMEFieldHeaders}", NULL), "content-type"); /* MIME headers to check for length overflow */ setclass(macid("{checkMIMETextHeaders}", NULL), "content-description"); /* MIME headers to check for overflow and rebalance */ setclass(macid("{checkMIMEHeaders}", NULL), "content-disposition"); setclass(macid("{checkMIMEHeaders}", NULL), "content-id"); setclass(macid("{checkMIMEHeaders}", NULL), "content-transfer-encoding"); setclass(macid("{checkMIMEHeaders}", NULL), "content-type"); setclass(macid("{checkMIMEHeaders}", NULL), "mime-version"); /* Macros to save in the qf file -- don't remove any */ setclass(macid("{persistentMacros}", NULL), "r"); setclass(macid("{persistentMacros}", NULL), "s"); setclass(macid("{persistentMacros}", NULL), "_"); setclass(macid("{persistentMacros}", NULL), "{if_addr}"); setclass(macid("{persistentMacros}", NULL), "{daemon_flags}"); setclass(macid("{persistentMacros}", NULL), "{client_flags}"); /* operate in queue directory */ if (QueueDir == NULL) { if (OpMode != MD_TEST) { syserr("QueueDirectory (Q) option must be set"); ExitStat = EX_CONFIG; } } else { /* ** If multiple queues wildcarded, use one for ** the daemon's home. Note that this preconditions ** a wildcarded QueueDir to a real pathname. */ if (OpMode != MD_TEST) multiqueue_cache(); } /* check host status directory for validity */ if (HostStatDir != NULL && !path_is_dir(HostStatDir, FALSE)) { /* cannot use this value */ if (tTd(0, 2)) dprintf("Cannot use HostStatusDirectory = %s: %s\n", HostStatDir, errstring(errno)); HostStatDir = NULL; } #if QUEUE if (OpMode == MD_QUEUERUN && RealUid != 0 && bitset(PRIV_RESTRICTQRUN, PrivacyFlags)) { struct stat stbuf; /* check to see if we own the queue directory */ if (stat(".", &stbuf) < 0) syserr("main: cannot stat %s", QueueDir); if (stbuf.st_uid != RealUid) { /* nope, really a botch */ usrerr("You do not have permission to process the queue"); finis(FALSE, EX_NOPERM); } } #endif /* QUEUE */ #if _FFR_MILTER /* sanity checks on milter filters */ if (OpMode == MD_DAEMON || OpMode == MD_SMTP) milter_parse_list(InputFilterList, InputFilters, MAXFILTERS); #endif /* _FFR_MILTER */ /* if we've had errors so far, exit now */ if (ExitStat != EX_OK && OpMode != MD_TEST) finis(FALSE, ExitStat); #if XDEBUG checkfd012("before main() initmaps"); #endif /* XDEBUG */ /* ** Do operation-mode-dependent initialization. */ switch (OpMode) { case MD_PRINT: /* print the queue */ #if QUEUE dropenvelope(CurEnv, TRUE); (void) setsignal(SIGPIPE, quiesce); printqueue(); finis(FALSE, EX_OK); #else /* QUEUE */ usrerr("No queue to print"); finis(FALSE, EX_UNAVAILABLE); #endif /* QUEUE */ break; case MD_HOSTSTAT: (void) setsignal(SIGPIPE, quiesce); (void) mci_traverse_persistent(mci_print_persistent, NULL); finis(FALSE, EX_OK); break; case MD_PURGESTAT: (void) mci_traverse_persistent(mci_purge_persistent, NULL); finis(FALSE, EX_OK); break; case MD_INITALIAS: /* initialize maps */ initmaps(); finis(FALSE, ExitStat); break; case MD_SMTP: case MD_DAEMON: /* reset DSN parameters */ DefaultNotify = QPINGONFAILURE|QPINGONDELAY; define(macid("{dsn_notify}", NULL), NULL, CurEnv); CurEnv->e_envid = NULL; define(macid("{dsn_envid}", NULL), NULL, CurEnv); CurEnv->e_flags &= ~(EF_RET_PARAM|EF_NO_BODY_RETN); define(macid("{dsn_ret}", NULL), NULL, CurEnv); /* don't open maps for daemon -- done below in child */ break; } if (tTd(0, 15)) { /* print configuration table (or at least part of it) */ if (tTd(0, 90)) printrules(); for (i = 0; i < MAXMAILERS; i++) { if (Mailer[i] != NULL) printmailer(Mailer[i]); } } /* ** Switch to the main envelope. */ CurEnv = newenvelope(&MainEnvelope, CurEnv); MainEnvelope.e_flags = BlankEnvelope.e_flags; /* ** If test mode, read addresses from stdin and process. */ if (OpMode == MD_TEST) { char buf[MAXLINE]; +#if _FFR_TESTMODE_DROP_PRIVS + dp = drop_privileges(TRUE); + if (dp != EX_OK) + { + CurEnv->e_id = NULL; + finis(TRUE, dp); + } +#endif /* _FFR_TESTMODE_DROP_PRIVS */ + if (isatty(fileno(stdin))) Verbose = 2; if (Verbose) { printf("ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)\n"); printf("Enter
\n"); } if (setjmp(TopFrame) > 0) printf("\n"); (void) setsignal(SIGINT, intindebug); for (;;) { if (Verbose == 2) printf("> "); (void) fflush(stdout); if (fgets(buf, sizeof buf, stdin) == NULL) testmodeline("/quit", CurEnv); p = strchr(buf, '\n'); if (p != NULL) *p = '\0'; if (Verbose < 2) printf("> %s\n", buf); testmodeline(buf, CurEnv); } } #if SMTP # if STARTTLS /* ** basic TLS initialization ** ignore result for now */ SSL_library_init(); SSL_load_error_strings(); # if 0 /* this is currently a macro for SSL_library_init */ SSLeay_add_ssl_algorithms(); # endif /* 0 */ /* initialize PRNG */ tls_ok = tls_rand_init(RandFile, 7); # endif /* STARTTLS */ #endif /* SMTP */ #if QUEUE /* ** If collecting stuff from the queue, go start doing that. */ if (OpMode == MD_QUEUERUN && QueueIntvl == 0) { # if SMTP # if STARTTLS if (tls_ok ) { /* init TLS for client, ignore result for now */ (void) initclttls(); } # endif /* STARTTLS */ # endif /* SMTP */ (void) runqueue(FALSE, Verbose); finis(TRUE, ExitStat); } #endif /* QUEUE */ +# if SASL + if (OpMode == MD_SMTP || OpMode == MD_DAEMON) + { + /* give a syserr or just disable AUTH ? */ + if ((i = sasl_server_init(srvcallbacks, "Sendmail")) != SASL_OK) + syserr("!sasl_server_init failed! [%s]", + sasl_errstring(i, NULL, NULL)); + } +# endif /* SASL */ + /* ** If a daemon, wait for a request. ** getrequests will always return in a child. ** If we should also be processing the queue, start ** doing it in background. ** We check for any errors that might have happened ** during startup. */ if (OpMode == MD_DAEMON || QueueIntvl != 0) { char dtype[200]; if (!run_in_foreground && !tTd(99, 100)) { /* put us in background */ i = fork(); if (i < 0) syserr("daemon: cannot fork"); if (i != 0) finis(FALSE, EX_OK); /* disconnect from our controlling tty */ disconnect(2, CurEnv); } dtype[0] = '\0'; if (OpMode == MD_DAEMON) (void) strlcat(dtype, "+SMTP", sizeof dtype); if (QueueIntvl != 0) { (void) strlcat(dtype, "+queueing@", sizeof dtype); (void) strlcat(dtype, pintvl(QueueIntvl, TRUE), sizeof dtype); } if (tTd(0, 1)) (void) strlcat(dtype, "+debugging", sizeof dtype); sm_syslog(LOG_INFO, NOQID, "starting daemon (%s): %s", Version, dtype + 1); #ifdef XLA xla_create_file(); #endif /* XLA */ /* save daemon type in a macro for possible PidFile use */ define(macid("{daemon_info}", NULL), newstr(dtype + 1), &BlankEnvelope); /* save queue interval in a macro for possible PidFile use */ define(macid("{queue_interval}", NULL), newstr(pintvl(QueueIntvl, TRUE)), CurEnv); #if QUEUE if (QueueIntvl != 0) { (void) runqueue(TRUE, FALSE); if (OpMode != MD_DAEMON) { /* write the pid to file */ log_sendmail_pid(CurEnv); for (;;) { (void) pause(); if (DoQueueRun) (void) runqueue(TRUE, FALSE); } } } #endif /* QUEUE */ dropenvelope(CurEnv, TRUE); #if DAEMON # if STARTTLS /* init TLS for server, ignore result for now */ (void) initsrvtls(); # endif /* STARTTLS */ p_flags = getrequests(CurEnv); /* drop privileges */ (void) drop_privileges(FALSE); /* at this point we are in a child: reset state */ (void) newenvelope(CurEnv, CurEnv); /* ** Get authentication data */ authinfo = getauthinfo(fileno(InChannel), &forged); define('_', authinfo, &BlankEnvelope); #endif /* DAEMON */ } if (LogLevel > 9) { /* log connection information */ sm_syslog(LOG_INFO, NULL, "connect from %.100s", authinfo); } #if SMTP /* ** If running SMTP protocol, start collecting and executing ** commands. This will never return. */ if (OpMode == MD_SMTP || OpMode == MD_DAEMON) { char pbuf[20]; /* ** Save some macros for check_* rulesets. */ if (forged) { char ipbuf[103]; (void) snprintf(ipbuf, sizeof ipbuf, "[%.100s]", anynet_ntoa(&RealHostAddr)); define(macid("{client_name}", NULL), newstr(ipbuf), &BlankEnvelope); define(macid("{client_resolve}", NULL), "FORGED", &BlankEnvelope); } else define(macid("{client_name}", NULL), RealHostName, &BlankEnvelope); define(macid("{client_addr}", NULL), newstr(anynet_ntoa(&RealHostAddr)), &BlankEnvelope); (void)sm_getla(&BlankEnvelope); switch(RealHostAddr.sa.sa_family) { # if NETINET case AF_INET: (void) snprintf(pbuf, sizeof pbuf, "%d", RealHostAddr.sin.sin_port); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: (void) snprintf(pbuf, sizeof pbuf, "%d", RealHostAddr.sin6.sin6_port); break; # endif /* NETINET6 */ default: (void) snprintf(pbuf, sizeof pbuf, "0"); break; } define(macid("{client_port}", NULL), newstr(pbuf), &BlankEnvelope); -#if SASL - /* give a syserr or just disable AUTH ? */ - if ((i = sasl_server_init(srvcallbacks, "Sendmail")) != SASL_OK) - syserr("!sasl_server_init failed! [%s]", - sasl_errstring(i, NULL, NULL)); -#endif /* SASL */ - if (OpMode == MD_DAEMON) { /* validate the connection */ HoldErrs = TRUE; nullserver = validate_connection(&RealHostAddr, RealHostName, CurEnv); HoldErrs = FALSE; } else if (p_flags == NULL) { p_flags = (BITMAP256 *) xalloc(sizeof *p_flags); clrbitmap(p_flags); } # if STARTTLS if (OpMode == MD_SMTP) (void) initsrvtls(); # endif /* STARTTLS */ + + smtp(nullserver, *p_flags, CurEnv); } #endif /* SMTP */ clearenvelope(CurEnv, FALSE); if (OpMode == MD_VERIFY) { set_delivery_mode(SM_VERIFY, CurEnv); PostMasterCopy = NULL; } else { /* interactive -- all errors are global */ CurEnv->e_flags |= EF_GLOBALERRS|EF_LOGSENDER; } /* ** Do basic system initialization and set the sender */ initsys(CurEnv); define(macid("{ntries}", NULL), "0", CurEnv); setsender(from, CurEnv, NULL, '\0', FALSE); if (warn_f_flag != '\0' && !wordinclass(RealUserName, 't') && (!bitnset(M_LOCALMAILER, CurEnv->e_from.q_mailer->m_flags) || strcmp(CurEnv->e_from.q_user, RealUserName) != 0)) { auth_warning(CurEnv, "%s set sender to %s using -%c", RealUserName, from, warn_f_flag); #if SASL auth = FALSE; #endif /* SASL */ } if (auth) { char *fv; /* set the initial sender for AUTH= to $f@$j */ fv = macvalue('f', CurEnv); if (fv == NULL || *fv == '\0') CurEnv->e_auth_param = NULL; else { if (strchr(fv, '@') == NULL) { i = strlen(fv) + strlen(macvalue('j', CurEnv)) + 2; p = xalloc(i); (void) snprintf(p, i, "%s@%s", fv, macvalue('j', CurEnv)); } else p = newstr(fv); CurEnv->e_auth_param = newstr(xtextify(p, NULL)); } } if (macvalue('s', CurEnv) == NULL) define('s', RealHostName, CurEnv); if (*av == NULL && !GrabTo) { CurEnv->e_to = NULL; CurEnv->e_flags |= EF_GLOBALERRS; HoldErrs = FALSE; usrerr("Recipient names must be specified"); /* collect body for UUCP return */ if (OpMode != MD_VERIFY) collect(InChannel, FALSE, NULL, CurEnv); finis(TRUE, EX_USAGE); } /* ** Scan argv and deliver the message to everyone. */ sendtoargv(av, CurEnv); /* if we have had errors sofar, arrange a meaningful exit stat */ if (Errors > 0 && ExitStat == EX_OK) ExitStat = EX_USAGE; #if _FFR_FIX_DASHT /* ** If using -t, force not sending to argv recipients, even ** if they are mentioned in the headers. */ if (GrabTo) { ADDRESS *q; for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next) q->q_state = QS_REMOVED; } #endif /* _FFR_FIX_DASHT */ /* ** Read the input mail. */ CurEnv->e_to = NULL; if (OpMode != MD_VERIFY || GrabTo) { int savederrors = Errors; long savedflags = CurEnv->e_flags & EF_FATALERRS; CurEnv->e_flags |= EF_GLOBALERRS; CurEnv->e_flags &= ~EF_FATALERRS; Errors = 0; buffer_errors(); collect(InChannel, FALSE, NULL, CurEnv); /* header checks failed */ if (Errors > 0) { /* Log who the mail would have gone to */ if (LogLevel > 8 && CurEnv->e_message != NULL && !GrabTo) { ADDRESS *a; for (a = CurEnv->e_sendqueue; a != NULL; a = a->q_next) { if (!QS_IS_UNDELIVERED(a->q_state)) continue; CurEnv->e_to = a->q_paddr; logdelivery(NULL, NULL, NULL, CurEnv->e_message, NULL, (time_t) 0, CurEnv); } CurEnv->e_to = NULL; } flush_errors(TRUE); finis(TRUE, ExitStat); /* NOTREACHED */ return -1; } /* bail out if message too large */ if (bitset(EF_CLRQUEUE, CurEnv->e_flags)) { finis(TRUE, ExitStat != EX_OK ? ExitStat : EX_DATAERR); /* NOTREACHED */ return -1; } Errors = savederrors; CurEnv->e_flags |= savedflags; } errno = 0; if (tTd(1, 1)) dprintf("From person = \"%s\"\n", CurEnv->e_from.q_paddr); /* ** Actually send everything. ** If verifying, just ack. */ CurEnv->e_from.q_state = QS_SENDER; if (tTd(1, 5)) { dprintf("main: QS_SENDER "); printaddr(&CurEnv->e_from, FALSE); } CurEnv->e_to = NULL; CurrentLA = sm_getla(CurEnv); GrabTo = FALSE; #if NAMED_BIND _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; #endif /* NAMED_BIND */ sendall(CurEnv, SM_DEFAULT); /* ** All done. ** Don't send return error message if in VERIFY mode. */ finis(TRUE, ExitStat); /* NOTREACHED */ return ExitStat; } /* ARGSUSED */ SIGFUNC_DECL quiesce(sig) int sig; { clear_events(); finis(FALSE, EX_OK); } /* ARGSUSED */ SIGFUNC_DECL intindebug(sig) int sig; { longjmp(TopFrame, 1); return SIGFUNC_RETURN; } /* ** FINIS -- Clean up and exit. ** ** Parameters: ** drop -- whether or not to drop CurEnv envelope ** exitstat -- exit status to use for exit() call ** ** Returns: ** never ** ** Side Effects: ** exits sendmail */ void finis(drop, exitstat) bool drop; volatile int exitstat; { if (tTd(2, 1)) { dprintf("\n====finis: stat %d e_id=%s e_flags=", exitstat, CurEnv->e_id == NULL ? "NOQUEUE" : CurEnv->e_id); printenvflags(CurEnv); } if (tTd(2, 9)) printopenfds(FALSE); /* if we fail in finis(), just exit */ if (setjmp(TopFrame) != 0) { /* failed -- just give it up */ goto forceexit; } /* clean up temp files */ CurEnv->e_to = NULL; if (drop) { if (CurEnv->e_id != NULL) dropenvelope(CurEnv, TRUE); else poststats(StatFile); } /* flush any cached connections */ mci_flush(TRUE, NULL); /* close maps belonging to this pid */ closemaps(); #if USERDB /* close UserDatabase */ _udbx_close(); #endif /* USERDB */ #ifdef XLA /* clean up extended load average stuff */ xla_all_end(); #endif /* XLA */ /* and exit */ forceexit: if (LogLevel > 78) sm_syslog(LOG_DEBUG, CurEnv->e_id, "finis, pid=%d", getpid()); if (exitstat == EX_TEMPFAIL || CurEnv->e_errormode == EM_BERKNET) exitstat = EX_OK; sync_queue_time(); /* reset uid for process accounting */ endpwent(); (void) setuid(RealUid); exit(exitstat); } /* ** INTSIG -- clean up on interrupt ** ** This just arranges to exit. It pessimizes in that it ** may resend a message. ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** Unlocks the current job. */ /* ARGSUSED */ SIGFUNC_DECL intsig(sig) int sig; { bool drop = FALSE; clear_events(); if (sig != 0 && LogLevel > 79) sm_syslog(LOG_DEBUG, CurEnv->e_id, "interrupt"); FileName = NULL; closecontrolsocket(TRUE); #ifdef XLA xla_all_end(); #endif /* XLA */ /* Clean-up on aborted stdin message submission */ if (CurEnv->e_id != NULL && (OpMode == MD_SMTP || OpMode == MD_DELIVER || OpMode == MD_ARPAFTP)) { register ADDRESS *q; /* don't return an error indication */ CurEnv->e_to = NULL; CurEnv->e_flags &= ~EF_FATALERRS; CurEnv->e_flags |= EF_CLRQUEUE; /* ** Spin through the addresses and ** mark them dead to prevent bounces */ for (q = CurEnv->e_sendqueue; q != NULL; q = q->q_next) q->q_state = QS_DONTSEND; /* and don't try to deliver the partial message either */ if (InChild) ExitStat = EX_QUIT; drop = TRUE; } else unlockqueue(CurEnv); finis(drop, EX_OK); } /* ** INITMACROS -- initialize the macro system ** ** This just involves defining some macros that are actually ** used internally as metasymbols to be themselves. ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** initializes several macros to be themselves. */ struct metamac MetaMacros[] = { /* LHS pattern matching characters */ { '*', MATCHZANY }, { '+', MATCHANY }, { '-', MATCHONE }, { '=', MATCHCLASS }, { '~', MATCHNCLASS }, /* these are RHS metasymbols */ { '#', CANONNET }, { '@', CANONHOST }, { ':', CANONUSER }, { '>', CALLSUBR }, /* the conditional operations */ { '?', CONDIF }, { '|', CONDELSE }, { '.', CONDFI }, /* the hostname lookup characters */ { '[', HOSTBEGIN }, { ']', HOSTEND }, { '(', LOOKUPBEGIN }, { ')', LOOKUPEND }, /* miscellaneous control characters */ { '&', MACRODEXPAND }, - { '\0' } + { '\0', '\0' } }; #define MACBINDING(name, mid) \ stab(name, ST_MACRO, ST_ENTER)->s_macro = mid; \ MacroName[mid] = name; void initmacros(e) register ENVELOPE *e; { register struct metamac *m; register int c; char buf[5]; - extern char *MacroName[256]; + extern char *MacroName[MAXMACROID + 1]; for (m = MetaMacros; m->metaname != '\0'; m++) { buf[0] = m->metaval; buf[1] = '\0'; define(m->metaname, newstr(buf), e); } buf[0] = MATCHREPL; buf[2] = '\0'; for (c = '0'; c <= '9'; c++) { buf[1] = c; define(c, newstr(buf), e); } /* set defaults for some macros sendmail will use later */ define('n', "MAILER-DAEMON", e); /* set up external names for some internal macros */ MACBINDING("opMode", MID_OPMODE); /*XXX should probably add equivalents for all short macros here XXX*/ } /* ** DISCONNECT -- remove our connection with any foreground process ** ** Parameters: ** droplev -- how "deeply" we should drop the line. ** 0 -- ignore signals, mail back errors, make sure ** output goes to stdout. ** 1 -- also, make stdout go to /dev/null. ** 2 -- also, disconnect from controlling terminal ** (only for daemon mode). ** e -- the current envelope. ** ** Returns: ** none ** ** Side Effects: ** Trys to insure that we are immune to vagaries of ** the controlling tty. */ void disconnect(droplev, e) int droplev; register ENVELOPE *e; { int fd; if (tTd(52, 1)) dprintf("disconnect: In %d Out %d, e=%lx\n", fileno(InChannel), fileno(OutChannel), (u_long) e); if (tTd(52, 100)) { dprintf("don't\n"); return; } if (LogLevel > 93) sm_syslog(LOG_DEBUG, e->e_id, "disconnect level %d", droplev); /* be sure we don't get nasty signals */ (void) setsignal(SIGINT, SIG_IGN); (void) setsignal(SIGQUIT, SIG_IGN); /* we can't communicate with our caller, so.... */ HoldErrs = TRUE; CurEnv->e_errormode = EM_MAIL; Verbose = 0; DisConnected = TRUE; /* all input from /dev/null */ if (InChannel != stdin) { (void) fclose(InChannel); InChannel = stdin; } if (freopen("/dev/null", "r", stdin) == NULL) sm_syslog(LOG_ERR, e->e_id, "disconnect: freopen(\"/dev/null\") failed: %s", errstring(errno)); /* output to the transcript */ if (OutChannel != stdout) { (void) fclose(OutChannel); OutChannel = stdout; } if (droplev > 0) { fd = open("/dev/null", O_WRONLY, 0666); if (fd == -1) sm_syslog(LOG_ERR, e->e_id, "disconnect: open(\"/dev/null\") failed: %s", errstring(errno)); (void) fflush(stdout); (void) dup2(fd, STDOUT_FILENO); (void) dup2(fd, STDERR_FILENO); (void) close(fd); } /* drop our controlling TTY completely if possible */ if (droplev > 1) { (void) setsid(); errno = 0; } #if XDEBUG checkfd012("disconnect"); #endif /* XDEBUG */ if (LogLevel > 71) sm_syslog(LOG_DEBUG, e->e_id, "in background, pid=%d", getpid()); errno = 0; } static void obsolete(argv) char *argv[]; { register char *ap; register char *op; while ((ap = *++argv) != NULL) { /* Return if "--" or not an option of any form. */ if (ap[0] != '-' || ap[1] == '-') return; /* skip over options that do have a value */ op = strchr(OPTIONS, ap[1]); if (op != NULL && *++op == ':' && ap[2] == '\0' && ap[1] != 'd' && #if defined(sony_news) ap[1] != 'E' && ap[1] != 'J' && #endif /* defined(sony_news) */ argv[1] != NULL && argv[1][0] != '-') { argv++; continue; } /* If -C doesn't have an argument, use sendmail.cf. */ #define __DEFPATH "sendmail.cf" if (ap[1] == 'C' && ap[2] == '\0') { *argv = xalloc(sizeof(__DEFPATH) + 2); (void) snprintf(argv[0], sizeof(__DEFPATH) + 2, "-C%s", __DEFPATH); } /* If -q doesn't have an argument, run it once. */ if (ap[1] == 'q' && ap[2] == '\0') *argv = "-q0"; /* if -d doesn't have an argument, use 0-99.1 */ if (ap[1] == 'd' && ap[2] == '\0') *argv = "-d0-99.1"; #if defined(sony_news) /* if -E doesn't have an argument, use -EC */ if (ap[1] == 'E' && ap[2] == '\0') *argv = "-EC"; /* if -J doesn't have an argument, use -JJ */ if (ap[1] == 'J' && ap[2] == '\0') *argv = "-JJ"; #endif /* defined(sony_news) */ } } /* ** AUTH_WARNING -- specify authorization warning ** ** Parameters: ** e -- the current envelope. ** msg -- the text of the message. ** args -- arguments to the message. ** ** Returns: ** none. */ void #ifdef __STDC__ auth_warning(register ENVELOPE *e, const char *msg, ...) #else /* __STDC__ */ auth_warning(e, msg, va_alist) register ENVELOPE *e; const char *msg; va_dcl #endif /* __STDC__ */ { char buf[MAXLINE]; VA_LOCAL_DECL if (bitset(PRIV_AUTHWARNINGS, PrivacyFlags)) { register char *p; static char hostbuf[48]; if (hostbuf[0] == '\0') - (void) myhostname(hostbuf, sizeof hostbuf); + { + struct hostent *hp; + hp = myhostname(hostbuf, sizeof hostbuf); +#if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + { + freehostent(hp); + hp = NULL; + } +#endif /* _FFR_FREEHOSTENT && NETINET6 */ + } + (void) snprintf(buf, sizeof buf, "%s: ", hostbuf); p = &buf[strlen(buf)]; VA_START(msg); vsnprintf(p, SPACELEFT(buf, p), msg, ap); VA_END; addheader("X-Authentication-Warning", buf, 0, &e->e_header); if (LogLevel > 3) sm_syslog(LOG_INFO, e->e_id, "Authentication-Warning: %.400s", buf); } } /* ** GETEXTENV -- get from external environment ** ** Parameters: ** envar -- the name of the variable to retrieve ** ** Returns: ** The value, if any. */ char * getextenv(envar) const char *envar; { char **envp; int l; l = strlen(envar); for (envp = ExternalEnviron; *envp != NULL; envp++) { if (strncmp(*envp, envar, l) == 0 && (*envp)[l] == '=') return &(*envp)[l + 1]; } return NULL; } /* ** SETUSERENV -- set an environment in the propogated environment ** ** Parameters: ** envar -- the name of the environment variable. ** value -- the value to which it should be set. If ** null, this is extracted from the incoming ** environment. If that is not set, the call ** to setuserenv is ignored. ** ** Returns: ** none. */ void setuserenv(envar, value) const char *envar; const char *value; { int i, l; char **evp = UserEnviron; char *p; if (value == NULL) { value = getextenv(envar); if (value == NULL) return; } i = strlen(envar) + 1; l = strlen(value) + i + 1; p = (char *) xalloc(l); (void) snprintf(p, l, "%s=%s", envar, value); while (*evp != NULL && strncmp(*evp, p, i) != 0) evp++; if (*evp != NULL) { *evp++ = p; } else if (evp < &UserEnviron[MAXUSERENVIRON]) { *evp++ = p; *evp = NULL; } /* make sure it is in our environment as well */ if (putenv(p) < 0) syserr("setuserenv: putenv(%s) failed", p); } /* ** DUMPSTATE -- dump state ** ** For debugging. */ void dumpstate(when) char *when; { register char *j = macvalue('j', CurEnv); int rs; extern int NextMacroId; sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- dumping state on %s: $j = %s ---", when, j == NULL ? "" : j); if (j != NULL) { if (!wordinclass(j, 'w')) sm_syslog(LOG_DEBUG, CurEnv->e_id, "*** $j not in $=w ***"); } sm_syslog(LOG_DEBUG, CurEnv->e_id, "CurChildren = %d", CurChildren); sm_syslog(LOG_DEBUG, CurEnv->e_id, "NextMacroId = %d (Max %d)\n", NextMacroId, MAXMACROID); sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- open file descriptors: ---"); printopenfds(TRUE); sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- connection cache: ---"); mci_dump_all(TRUE); rs = strtorwset("debug_dumpstate", NULL, ST_FIND); if (rs > 0) { int status; register char **pvp; char *pv[MAXATOM + 1]; pv[0] = NULL; status = rewrite(pv, rs, 0, CurEnv); sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- ruleset debug_dumpstate returns stat %d, pv: ---", status); for (pvp = pv; *pvp != NULL; pvp++) sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s", *pvp); } sm_syslog(LOG_DEBUG, CurEnv->e_id, "--- end of state dump ---"); } /* ARGSUSED */ SIGFUNC_DECL sigusr1(sig) int sig; { dumpstate("user signal"); return SIGFUNC_RETURN; } /* ARGSUSED */ SIGFUNC_DECL sighup(sig) int sig; { int i; extern int DtableSize; clear_events(); (void) alarm(0); if (SaveArgv[0][0] != '/') { if (LogLevel > 3) sm_syslog(LOG_INFO, NOQID, "could not restart: need full path"); finis(FALSE, EX_OSFILE); } if (LogLevel > 3) sm_syslog(LOG_INFO, NOQID, "restarting %s %s", sig == 0 ? "due to control command" : "on signal", SaveArgv[0]); /* Control socket restart? */ if (sig != 0) (void) releasesignal(SIGHUP); closecontrolsocket(TRUE); if (drop_privileges(TRUE) != EX_OK) { if (LogLevel > 0) sm_syslog(LOG_ALERT, NOQID, "could not set[ug]id(%d, %d): %m", RunAsUid, RunAsGid); finis(FALSE, EX_OSERR); } /* arrange for all the files to be closed */ for (i = 3; i < DtableSize; i++) { register int j; if ((j = fcntl(i, F_GETFD, 0)) != -1) (void) fcntl(i, F_SETFD, j | FD_CLOEXEC); } (void) execve(SaveArgv[0], (ARGV_T) SaveArgv, (ARGV_T) ExternalEnviron); if (LogLevel > 0) sm_syslog(LOG_ALERT, NOQID, "could not exec %s: %m", SaveArgv[0]); finis(FALSE, EX_OSFILE); } /* ** DROP_PRIVILEGES -- reduce privileges to those of the RunAsUser option ** ** Parameters: ** to_real_uid -- if set, drop to the real uid instead ** of the RunAsUser. ** ** Returns: ** EX_OSERR if the setuid failed. ** EX_OK otherwise. */ int drop_privileges(to_real_uid) bool to_real_uid; { int rval = EX_OK; GIDSET_T emptygidset[1]; if (tTd(47, 1)) dprintf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n", (int)to_real_uid, (int)RealUid, (int)RealGid, (int)RunAsUid, (int)RunAsGid); if (to_real_uid) { RunAsUserName = RealUserName; RunAsUid = RealUid; RunAsGid = RealGid; } /* make sure no one can grab open descriptors for secret files */ endpwent(); /* reset group permissions; these can be set later */ emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid(); if (setgroups(1, emptygidset) == -1 && geteuid() == 0) { syserr("drop_privileges: setgroups(1, %d) failed", (int)emptygidset[0]); rval = EX_OSERR; } /* reset primary group and user id */ if ((to_real_uid || RunAsGid != 0) && setgid(RunAsGid) < 0) { syserr("drop_privileges: setgid(%d) failed", (int)RunAsGid); rval = EX_OSERR; } if (to_real_uid || RunAsUid != 0) { uid_t euid = geteuid(); if (setuid(RunAsUid) < 0) { syserr("drop_privileges: setuid(%d) failed", (int)RunAsUid); rval = EX_OSERR; } else if (RunAsUid != 0 && setuid(0) == 0) { /* ** Believe it or not, the Linux capability model ** allows a non-root process to override setuid() ** on a process running as root and prevent that ** process from dropping privileges. */ syserr("drop_privileges: setuid(0) succeeded (when it should not)"); rval = EX_OSERR; } else if (RunAsUid != euid && setuid(euid) == 0) { /* ** Some operating systems will keep the saved-uid ** if a non-root effective-uid calls setuid(real-uid) ** making it possible to set it back again later. */ syserr("drop_privileges: Unable to drop non-root set-user-id privileges"); rval = EX_OSERR; } } if (tTd(47, 5)) { dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n", (int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid()); dprintf("drop_privileges: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid); if (tTd(47, 10)) dprintf("drop_privileges: rval = %d\n", rval); } return rval; } /* ** FILL_FD -- make sure a file descriptor has been properly allocated ** ** Used to make sure that stdin/out/err are allocated on startup ** ** Parameters: ** fd -- the file descriptor to be filled. ** where -- a string used for logging. If NULL, this is ** being called on startup, and logging should ** not be done. ** ** Returns: ** none */ void fill_fd(fd, where) int fd; char *where; { int i; struct stat stbuf; if (fstat(fd, &stbuf) >= 0 || errno != EBADF) return; if (where != NULL) syserr("fill_fd: %s: fd %d not open", where, fd); else MissingFds |= 1 << fd; i = open("/dev/null", fd == 0 ? O_RDONLY : O_WRONLY, 0666); if (i < 0) { syserr("!fill_fd: %s: cannot open /dev/null", where == NULL ? "startup" : where); } if (fd != i) { (void) dup2(i, fd); (void) close(i); } } /* ** TESTMODELINE -- process a test mode input line ** ** Parameters: ** line -- the input line. ** e -- the current environment. ** Syntax: ** # a comment ** .X process X as a configuration line ** =X dump a configuration item (such as mailers) ** $X dump a macro or class ** /X try an activity ** X normal process through rule set X */ static void testmodeline(line, e) char *line; ENVELOPE *e; { register char *p; char *q; auto char *delimptr; int mid; int i, rs; STAB *map; char **s; struct rewrite *rw; ADDRESS a; static int tryflags = RF_COPYNONE; char exbuf[MAXLINE]; extern u_char TokTypeNoC[]; #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), "e r", e); #endif /* _FFR_ADDR_TYPE */ /* skip leading spaces */ while (*line == ' ') line++; switch (line[0]) { case '#': case '\0': return; case '?': help("-bt", e); return; case '.': /* config-style settings */ switch (line[1]) { case 'D': mid = macid(&line[2], &delimptr); - if (mid == '\0') + if (mid == 0) return; translate_dollars(delimptr); define(mid, newstr(delimptr), e); break; case 'C': if (line[2] == '\0') /* not to call syserr() */ return; mid = macid(&line[2], &delimptr); - if (mid == '\0') + if (mid == 0) return; translate_dollars(delimptr); expand(delimptr, exbuf, sizeof exbuf, e); p = exbuf; while (*p != '\0') { register char *wd; char delim; while (*p != '\0' && isascii(*p) && isspace(*p)) p++; wd = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; delim = *p; *p = '\0'; if (wd[0] != '\0') setclass(mid, wd); *p = delim; } break; case '\0': printf("Usage: .[DC]macro value(s)\n"); break; default: printf("Unknown \".\" command %s\n", line); break; } return; case '=': /* config-style settings */ switch (line[1]) { case 'S': /* dump rule set */ rs = strtorwset(&line[2], NULL, ST_FIND); if (rs < 0) { printf("Undefined ruleset %s\n", &line[2]); return; } rw = RewriteRules[rs]; if (rw == NULL) return; do { (void) putchar('R'); s = rw->r_lhs; while (*s != NULL) { xputs(*s++); (void) putchar(' '); } (void) putchar('\t'); (void) putchar('\t'); s = rw->r_rhs; while (*s != NULL) { xputs(*s++); (void) putchar(' '); } (void) putchar('\n'); } while ((rw = rw->r_next) != NULL); break; case 'M': for (i = 0; i < MAXMAILERS; i++) { if (Mailer[i] != NULL) printmailer(Mailer[i]); } break; case '\0': printf("Usage: =Sruleset or =M\n"); break; default: printf("Unknown \"=\" command %s\n", line); break; } return; case '-': /* set command-line-like opts */ switch (line[1]) { case 'd': tTflag(&line[2]); break; case '\0': printf("Usage: -d{debug arguments}\n"); break; default: printf("Unknown \"-\" command %s\n", line); break; } return; case '$': if (line[1] == '=') { mid = macid(&line[2], NULL); - if (mid != '\0') + if (mid != 0) stabapply(dump_class, mid); return; } mid = macid(&line[1], NULL); - if (mid == '\0') + if (mid == 0) return; p = macvalue(mid, e); if (p == NULL) printf("Undefined\n"); else { xputs(p); printf("\n"); } return; case '/': /* miscellaneous commands */ p = &line[strlen(line)]; while (--p >= line && isascii(*p) && isspace(*p)) *p = '\0'; p = strpbrk(line, " \t"); if (p != NULL) { while (isascii(*p) && isspace(*p)) *p++ = '\0'; } else p = ""; if (line[1] == '\0') { printf("Usage: /[canon|map|mx|parse|try|tryflags]\n"); return; } if (strcasecmp(&line[1], "quit") == 0) { CurEnv->e_id = NULL; finis(TRUE, ExitStat); } if (strcasecmp(&line[1], "mx") == 0) { #if NAMED_BIND /* look up MX records */ int nmx; auto int rcode; char *mxhosts[MAXMXHOSTS + 1]; if (*p == '\0') { printf("Usage: /mx address\n"); return; } nmx = getmxrr(p, mxhosts, NULL, FALSE, &rcode); printf("getmxrr(%s) returns %d value(s):\n", p, nmx); for (i = 0; i < nmx; i++) printf("\t%s\n", mxhosts[i]); #else /* NAMED_BIND */ printf("No MX code compiled in\n"); #endif /* NAMED_BIND */ } else if (strcasecmp(&line[1], "canon") == 0) { char host[MAXHOSTNAMELEN]; if (*p == '\0') { printf("Usage: /canon address\n"); return; } else if (strlcpy(host, p, sizeof host) >= sizeof host) { printf("Name too long\n"); return; } (void) getcanonname(host, sizeof host, HasWildcardMX); printf("getcanonname(%s) returns %s\n", p, host); } else if (strcasecmp(&line[1], "map") == 0) { auto int rcode = EX_OK; char *av[2]; if (*p == '\0') { printf("Usage: /map mapname key\n"); return; } for (q = p; *q != '\0' && !(isascii(*q) && isspace(*q)); q++) continue; if (*q == '\0') { printf("No key specified\n"); return; } *q++ = '\0'; map = stab(p, ST_MAP, ST_FIND); if (map == NULL) { printf("Map named \"%s\" not found\n", p); return; } if (!bitset(MF_OPEN, map->s_map.map_mflags) && !openmap(&(map->s_map))) { printf("Map named \"%s\" not open\n", p); return; } printf("map_lookup: %s (%s) ", p, q); av[0] = q; av[1] = NULL; p = (*map->s_map.map_class->map_lookup) (&map->s_map, q, av, &rcode); if (p == NULL) printf("no match (%d)\n", rcode); else printf("returns %s (%d)\n", p, rcode); } else if (strcasecmp(&line[1], "try") == 0) { MAILER *m; STAB *st; auto int rcode = EX_OK; q = strpbrk(p, " \t"); if (q != NULL) { while (isascii(*q) && isspace(*q)) *q++ = '\0'; } if (q == NULL || *q == '\0') { printf("Usage: /try mailer address\n"); return; } st = stab(p, ST_MAILER, ST_FIND); if (st == NULL) { printf("Unknown mailer %s\n", p); return; } m = st->s_mailer; printf("Trying %s %s address %s for mailer %s\n", bitset(RF_HEADERADDR, tryflags) ? "header" : "envelope", bitset(RF_SENDERADDR, tryflags) ? "sender" : "recipient", q, p); p = remotename(q, m, tryflags, &rcode, CurEnv); printf("Rcode = %d, addr = %s\n", rcode, p == NULL ? "" : p); e->e_to = NULL; } else if (strcasecmp(&line[1], "tryflags") == 0) { if (*p == '\0') { printf("Usage: /tryflags [Hh|Ee][Ss|Rr]\n"); return; } for (; *p != '\0'; p++) { switch (*p) { case 'H': case 'h': tryflags |= RF_HEADERADDR; break; case 'E': case 'e': tryflags &= ~RF_HEADERADDR; break; case 'S': case 's': tryflags |= RF_SENDERADDR; break; case 'R': case 'r': tryflags &= ~RF_SENDERADDR; break; } } #if _FFR_ADDR_TYPE exbuf[0] = bitset(RF_HEADERADDR, tryflags) ? 'h' : 'e'; exbuf[1] = ' '; exbuf[2] = bitset(RF_SENDERADDR, tryflags) ? 's' : 'r'; exbuf[3] = '\0'; define(macid("{addr_type}", NULL), newstr(exbuf), e); #endif /* _FFR_ADDR_TYPE */ } else if (strcasecmp(&line[1], "parse") == 0) { if (*p == '\0') { printf("Usage: /parse address\n"); return; } q = crackaddr(p); printf("Cracked address = "); xputs(q); printf("\nParsing %s %s address\n", bitset(RF_HEADERADDR, tryflags) ? "header" : "envelope", bitset(RF_SENDERADDR, tryflags) ? "sender" : "recipient"); if (parseaddr(p, &a, tryflags, '\0', NULL, e) == NULL) printf("Cannot parse\n"); else if (a.q_host != NULL && a.q_host[0] != '\0') printf("mailer %s, host %s, user %s\n", a.q_mailer->m_name, a.q_host, a.q_user); else printf("mailer %s, user %s\n", a.q_mailer->m_name, a.q_user); e->e_to = NULL; } else { printf("Unknown \"/\" command %s\n", line); } return; } for (p = line; isascii(*p) && isspace(*p); p++) continue; q = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p == '\0') { printf("No address!\n"); return; } *p = '\0'; if (invalidaddr(p + 1, NULL)) return; do { register char **pvp; char pvpbuf[PSBUFSIZE]; pvp = prescan(++p, ',', pvpbuf, sizeof pvpbuf, &delimptr, ConfigLevel >= 9 ? TokTypeNoC : NULL); if (pvp == NULL) continue; p = q; while (*p != '\0') { int status; rs = strtorwset(p, NULL, ST_FIND); if (rs < 0) { printf("Undefined ruleset %s\n", p); break; } status = rewrite(pvp, rs, 0, e); if (status != EX_OK) printf("== Ruleset %s (%d) status %d\n", p, rs, status); while (*p != '\0' && *p++ != ',') continue; } } while (*(p = delimptr) != '\0'); } static void dump_class(s, id) register STAB *s; int id; { if (s->s_type != ST_CLASS) return; - if (bitnset(id & 0xff, s->s_class)) + if (bitnset(bitidx(id), s->s_class)) printf("%s\n", s->s_name); } Index: stable/4/contrib/sendmail/src/map.c =================================================================== --- stable/4/contrib/sendmail/src/map.c (revision 71887) +++ stable/4/contrib/sendmail/src/map.c (revision 71888) @@ -1,7267 +1,7291 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1992, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: map.c,v 8.414.4.24 2000/09/27 04:11:29 gshapiro Exp $"; +static char id[] = "@(#)$Id: map.c,v 8.414.4.34 2000/12/18 18:00:43 ca Exp $"; #endif /* ! lint */ #include #ifdef NDBM # include # ifdef R_FIRST ERROR README: You are running the Berkeley DB version of ndbm.h. See ERROR README: the README file about tweaking Berkeley DB so it can ERROR README: coexist with NDBM, or delete -DNDBM from the Makefile ERROR README: and use -DNEWDB instead. # endif /* R_FIRST */ #endif /* NDBM */ #ifdef NEWDB # include # ifndef DB_VERSION_MAJOR # define DB_VERSION_MAJOR 1 # endif /* ! DB_VERSION_MAJOR */ #endif /* NEWDB */ #ifdef NIS struct dom_binding; /* forward reference needed on IRIX */ # include # ifdef NDBM # define NDBM_YP_COMPAT /* create YP-compatible NDBM files */ # endif /* NDBM */ #endif /* NIS */ #ifdef NEWDB # if DB_VERSION_MAJOR < 2 static bool db_map_open __P((MAP *, int, char *, DBTYPE, const void *)); # endif /* DB_VERSION_MAJOR < 2 */ # if DB_VERSION_MAJOR == 2 static bool db_map_open __P((MAP *, int, char *, DBTYPE, DB_INFO *)); # endif /* DB_VERSION_MAJOR == 2 */ # if DB_VERSION_MAJOR > 2 static bool db_map_open __P((MAP *, int, char *, DBTYPE, void **)); # endif /* DB_VERSION_MAJOR > 2 */ #endif /* NEWDB */ static bool extract_canonname __P((char *, char *, char[], int)); #ifdef LDAPMAP static void ldapmap_clear __P((LDAPMAP_STRUCT *)); static STAB *ldapmap_findconn __P((LDAPMAP_STRUCT *)); static int ldapmap_geterrno __P((LDAP *)); static void ldapmap_setopts __P((LDAP *, LDAPMAP_STRUCT *)); static bool ldapmap_start __P((MAP *)); static void ldaptimeout __P((int)); #endif /* LDAPMAP */ static void map_close __P((STAB *, int)); static void map_init __P((STAB *, int)); #ifdef NISPLUS static bool nisplus_getcanonname __P((char *, int, int *)); #endif /* NISPLUS */ #ifdef NIS static bool nis_getcanonname __P((char *, int, int *)); #endif /* NIS */ #if NETINFO static bool ni_getcanonname __P((char *, int, int *)); #endif /* NETINFO */ static bool text_getcanonname __P((char *, int, int *)); /* ** MAP.C -- implementations for various map classes. ** ** Each map class implements a series of functions: ** ** bool map_parse(MAP *map, char *args) ** Parse the arguments from the config file. Return TRUE ** if they were ok, FALSE otherwise. Fill in map with the ** values. ** ** char *map_lookup(MAP *map, char *key, char **args, int *pstat) ** Look up the key in the given map. If found, do any ** rewriting the map wants (including "args" if desired) ** and return the value. Set *pstat to the appropriate status ** on error and return NULL. Args will be NULL if called ** from the alias routines, although this should probably ** not be relied upon. It is suggested you call map_rewrite ** to return the results -- it takes care of null termination ** and uses a dynamically expanded buffer as needed. ** ** void map_store(MAP *map, char *key, char *value) ** Store the key:value pair in the map. ** ** bool map_open(MAP *map, int mode) ** Open the map for the indicated mode. Mode should ** be either O_RDONLY or O_RDWR. Return TRUE if it ** was opened successfully, FALSE otherwise. If the open ** failed an the MF_OPTIONAL flag is not set, it should ** also print an error. If the MF_ALIAS bit is set ** and this map class understands the @:@ convention, it ** should call aliaswait() before returning. ** ** void map_close(MAP *map) ** Close the map. ** ** This file also includes the implementation for getcanonname. ** It is currently implemented in a pretty ad-hoc manner; it ought ** to be more properly integrated into the map structure. */ #define DBMMODE 0644 #ifndef EX_NOTFOUND # define EX_NOTFOUND EX_NOHOST #endif /* ! EX_NOTFOUND */ #if O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL # define LOCK_ON_OPEN 1 /* we can open/create a locked file */ #else /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */ # define LOCK_ON_OPEN 0 /* no such luck -- bend over backwards */ #endif /* O_EXLOCK && HASFLOCK && !BOGUS_O_EXCL */ #ifndef O_ACCMODE # define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR) #endif /* ! O_ACCMODE */ /* ** MAP_PARSEARGS -- parse config line arguments for database lookup ** ** This is a generic version of the map_parse method. ** ** Parameters: ** map -- the map being initialized. ** ap -- a pointer to the args on the config line. ** ** Returns: ** TRUE -- if everything parsed OK. ** FALSE -- otherwise. ** ** Side Effects: ** null terminates the filename; stores it in map */ bool map_parseargs(map, ap) MAP *map; char *ap; { register char *p = ap; /* ** there is no check whether there is really an argument, ** but that's not important enough to warrant extra code */ map->map_mflags |= MF_TRY0NULL | MF_TRY1NULL; map->map_spacesub = SpaceSub; /* default value */ for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'N': map->map_mflags |= MF_INCLNULL; map->map_mflags &= ~MF_TRY0NULL; break; case 'O': map->map_mflags &= ~MF_TRY1NULL; break; case 'o': map->map_mflags |= MF_OPTIONAL; break; case 'f': map->map_mflags |= MF_NOFOLDCASE; break; case 'm': map->map_mflags |= MF_MATCHONLY; break; case 'A': map->map_mflags |= MF_APPEND; break; case 'q': map->map_mflags |= MF_KEEPQUOTES; break; case 'a': map->map_app = ++p; break; case 'T': map->map_tapp = ++p; break; case 'k': while (isascii(*++p) && isspace(*p)) continue; map->map_keycolnm = p; break; case 'v': while (isascii(*++p) && isspace(*p)) continue; map->map_valcolnm = p; break; case 'z': if (*++p != '\\') map->map_coldelim = *p; else { switch (*++p) { case 'n': map->map_coldelim = '\n'; break; case 't': map->map_coldelim = '\t'; break; default: map->map_coldelim = '\\'; } } break; case 't': map->map_mflags |= MF_NODEFER; break; case 'S': map->map_spacesub = *++p; break; case 'D': map->map_mflags |= MF_DEFER; break; default: syserr("Illegal option %c map %s", *p, map->map_mname); break; } while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; } if (map->map_app != NULL) map->map_app = newstr(map->map_app); if (map->map_tapp != NULL) map->map_tapp = newstr(map->map_tapp); if (map->map_keycolnm != NULL) map->map_keycolnm = newstr(map->map_keycolnm); if (map->map_valcolnm != NULL) map->map_valcolnm = newstr(map->map_valcolnm); if (*p != '\0') { map->map_file = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; map->map_file = newstr(map->map_file); } while (*p != '\0' && isascii(*p) && isspace(*p)) p++; if (*p != '\0') map->map_rebuild = newstr(p); if (map->map_file == NULL && !bitset(MCF_OPTFILE, map->map_class->map_cflags)) { syserr("No file name for %s map %s", map->map_class->map_cname, map->map_mname); return FALSE; } return TRUE; } /* ** MAP_REWRITE -- rewrite a database key, interpolating %n indications. ** ** It also adds the map_app string. It can be used as a utility ** in the map_lookup method. ** ** Parameters: ** map -- the map that causes this. ** s -- the string to rewrite, NOT necessarily null terminated. ** slen -- the length of s. ** av -- arguments to interpolate into buf. ** ** Returns: ** Pointer to rewritten result. This is static data that ** should be copied if it is to be saved! ** ** Side Effects: ** none. */ char * map_rewrite(map, s, slen, av) register MAP *map; register const char *s; size_t slen; char **av; { register char *bp; register char c; char **avp; register char *ap; size_t l; size_t len; static size_t buflen = 0; static char *buf = NULL; if (tTd(39, 1)) { dprintf("map_rewrite(%.*s), av =", (int)slen, s); if (av == NULL) dprintf(" (nullv)"); else { for (avp = av; *avp != NULL; avp++) dprintf("\n\t%s", *avp); } dprintf("\n"); } /* count expected size of output (can safely overestimate) */ l = len = slen; if (av != NULL) { const char *sp = s; while (l-- > 0 && (c = *sp++) != '\0') { if (c != '%') continue; if (l-- <= 0) break; c = *sp++; if (!(isascii(c) && isdigit(c))) continue; for (avp = av; --c >= '0' && *avp != NULL; avp++) continue; if (*avp == NULL) continue; len += strlen(*avp); } } if (map->map_app != NULL) len += strlen(map->map_app); if (buflen < ++len) { /* need to malloc additional space */ buflen = len; if (buf != NULL) free(buf); buf = xalloc(buflen); } bp = buf; if (av == NULL) { memmove(bp, s, slen); bp += slen; /* assert(len > slen); */ len -= slen; } else { while (slen-- > 0 && (c = *s++) != '\0') { if (c != '%') { pushc: if (--len <= 0) break; *bp++ = c; continue; } if (slen-- <= 0 || (c = *s++) == '\0') c = '%'; if (c == '%') goto pushc; if (!(isascii(c) && isdigit(c))) { *bp++ = '%'; --len; goto pushc; } for (avp = av; --c >= '0' && *avp != NULL; avp++) continue; if (*avp == NULL) continue; /* transliterate argument into output string */ for (ap = *avp; (c = *ap++) != '\0' && len > 0; --len) *bp++ = c; } } if (map->map_app != NULL && len > 0) (void) strlcpy(bp, map->map_app, len); else *bp = '\0'; if (tTd(39, 1)) dprintf("map_rewrite => %s\n", buf); return buf; } /* ** INITMAPS -- rebuild alias maps ** ** Parameters: ** none. ** ** Returns: ** none. */ void initmaps() { #if XDEBUG checkfd012("entering initmaps"); #endif /* XDEBUG */ stabapply(map_init, 0); #if XDEBUG checkfd012("exiting initmaps"); #endif /* XDEBUG */ } /* ** MAP_INIT -- rebuild a map ** ** Parameters: ** s -- STAB entry: if map: try to rebuild ** unused -- unused variable ** ** Returns: ** none. ** ** Side Effects: ** will close already open rebuildable map. */ /* ARGSUSED1 */ static void map_init(s, unused) register STAB *s; int unused; { register MAP *map; /* has to be a map */ if (s->s_type != ST_MAP) return; map = &s->s_map; if (!bitset(MF_VALID, map->map_mflags)) return; if (tTd(38, 2)) dprintf("map_init(%s:%s, %s)\n", map->map_class->map_cname == NULL ? "NULL" : map->map_class->map_cname, map->map_mname == NULL ? "NULL" : map->map_mname, map->map_file == NULL ? "NULL" : map->map_file); if (!bitset(MF_ALIAS, map->map_mflags) || !bitset(MCF_REBUILDABLE, map->map_class->map_cflags)) { if (tTd(38, 3)) dprintf("\tnot rebuildable\n"); return; } /* if already open, close it (for nested open) */ if (bitset(MF_OPEN, map->map_mflags)) { map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); } (void) rebuildaliases(map, FALSE); return; } /* ** OPENMAP -- open a map ** ** Parameters: ** map -- map to open (it must not be open). ** ** Returns: ** whether open succeeded. ** */ bool openmap(map) MAP *map; { bool restore = FALSE; bool savehold = HoldErrs; bool savequick = QuickAbort; int saveerrors = Errors; if (!bitset(MF_VALID, map->map_mflags)) return FALSE; /* better safe than sorry... */ if (bitset(MF_OPEN, map->map_mflags)) return TRUE; /* Don't send a map open error out via SMTP */ if ((OnlyOneError || QuickAbort) && (OpMode == MD_SMTP || OpMode == MD_DAEMON)) { restore = TRUE; HoldErrs = TRUE; QuickAbort = FALSE; } errno = 0; if (map->map_class->map_open(map, O_RDONLY)) { if (tTd(38, 4)) dprintf("openmap()\t%s:%s %s: valid\n", map->map_class->map_cname == NULL ? "NULL" : map->map_class->map_cname, map->map_mname == NULL ? "NULL" : map->map_mname, map->map_file == NULL ? "NULL" : map->map_file); map->map_mflags |= MF_OPEN; map->map_pid = getpid(); } else { if (tTd(38, 4)) dprintf("openmap()\t%s:%s %s: invalid%s%s\n", map->map_class->map_cname == NULL ? "NULL" : map->map_class->map_cname, map->map_mname == NULL ? "NULL" : map->map_mname, map->map_file == NULL ? "NULL" : map->map_file, errno == 0 ? "" : ": ", errno == 0 ? "" : errstring(errno)); if (!bitset(MF_OPTIONAL, map->map_mflags)) { extern MAPCLASS BogusMapClass; map->map_class = &BogusMapClass; map->map_mflags |= MF_OPEN; map->map_pid = getpid(); MapOpenErr = TRUE; } else { /* don't try again */ map->map_mflags &= ~MF_VALID; } } if (restore) { Errors = saveerrors; HoldErrs = savehold; QuickAbort = savequick; } return bitset(MF_OPEN, map->map_mflags); } /* ** CLOSEMAPS -- close all open maps opened by the current pid. ** ** Parameters: ** none ** ** Returns: ** none. */ void closemaps() { stabapply(map_close, 0); } /* ** MAP_CLOSE -- close a map opened by the current pid. ** ** Parameters: ** s -- STAB entry: if map: try to open ** second parameter is unused (required by stabapply()) ** ** Returns: ** none. */ /* ARGSUSED1 */ static void map_close(s, unused) register STAB *s; int unused; { MAP *map; if (s->s_type != ST_MAP) return; map = &s->s_map; if (!bitset(MF_VALID, map->map_mflags) || !bitset(MF_OPEN, map->map_mflags) || map->map_pid != getpid()) return; if (tTd(38, 5)) dprintf("closemaps: closing %s (%s)\n", map->map_mname == NULL ? "NULL" : map->map_mname, map->map_file == NULL ? "NULL" : map->map_file); map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); } /* ** GETCANONNAME -- look up name using service switch ** ** Parameters: ** host -- the host name to look up. ** hbsize -- the size of the host buffer. ** trymx -- if set, try MX records. ** ** Returns: ** TRUE -- if the host was found. ** FALSE -- otherwise. */ bool getcanonname(host, hbsize, trymx) char *host; int hbsize; bool trymx; { int nmaps; int mapno; bool found = FALSE; bool got_tempfail = FALSE; auto int status; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; nmaps = switch_map_find("hosts", maptype, mapreturn); for (mapno = 0; mapno < nmaps; mapno++) { int i; if (tTd(38, 20)) dprintf("getcanonname(%s), trying %s\n", host, maptype[mapno]); if (strcmp("files", maptype[mapno]) == 0) { found = text_getcanonname(host, hbsize, &status); } #ifdef NIS else if (strcmp("nis", maptype[mapno]) == 0) { found = nis_getcanonname(host, hbsize, &status); } #endif /* NIS */ #ifdef NISPLUS else if (strcmp("nisplus", maptype[mapno]) == 0) { found = nisplus_getcanonname(host, hbsize, &status); } #endif /* NISPLUS */ #if NAMED_BIND else if (strcmp("dns", maptype[mapno]) == 0) { found = dns_getcanonname(host, hbsize, trymx, &status); } #endif /* NAMED_BIND */ #if NETINFO else if (strcmp("netinfo", maptype[mapno]) == 0) { found = ni_getcanonname(host, hbsize, &status); } #endif /* NETINFO */ else { found = FALSE; status = EX_UNAVAILABLE; } /* ** Heuristic: if $m is not set, we are running during system ** startup. In this case, when a name is apparently found ** but has no dot, treat is as not found. This avoids ** problems if /etc/hosts has no FQDN but is listed first ** in the service switch. */ if (found && (macvalue('m', CurEnv) != NULL || strchr(host, '.') != NULL)) break; /* see if we should continue */ if (status == EX_TEMPFAIL) { i = MA_TRYAGAIN; got_tempfail = TRUE; } else if (status == EX_NOTFOUND) i = MA_NOTFOUND; else i = MA_UNAVAIL; if (bitset(1 << mapno, mapreturn[i])) break; } if (found) { char *d; if (tTd(38, 20)) dprintf("getcanonname(%s), found\n", host); /* ** If returned name is still single token, compensate ** by tagging on $m. This is because some sites set ** up their DNS or NIS databases wrong. */ if ((d = strchr(host, '.')) == NULL || d[1] == '\0') { d = macvalue('m', CurEnv); if (d != NULL && hbsize > (int) (strlen(host) + strlen(d) + 1)) { if (host[strlen(host) - 1] != '.') (void) strlcat(host, ".", hbsize); (void) strlcat(host, d, hbsize); } else return FALSE; } return TRUE; } if (tTd(38, 20)) dprintf("getcanonname(%s), failed, status=%d\n", host, status); #if NAMED_BIND if (got_tempfail) h_errno = TRY_AGAIN; else h_errno = HOST_NOT_FOUND; #endif /* NAMED_BIND */ return FALSE; } /* ** EXTRACT_CANONNAME -- extract canonical name from /etc/hosts entry ** ** Parameters: ** name -- the name against which to match. ** line -- the /etc/hosts line. ** cbuf -- the location to store the result. ** cbuflen -- the size of cbuf. ** ** Returns: ** TRUE -- if the line matched the desired name. ** FALSE -- otherwise. */ static bool extract_canonname(name, line, cbuf, cbuflen) char *name; char *line; char cbuf[]; int cbuflen; { int i; char *p; bool found = FALSE; cbuf[0] = '\0'; if (line[0] == '#') return FALSE; for (i = 1; ; i++) { char nbuf[MAXNAME + 1]; p = get_column(line, i, '\0', nbuf, sizeof nbuf); if (p == NULL) break; if (*p == '\0') continue; if (cbuf[0] == '\0' || (strchr(cbuf, '.') == NULL && strchr(p, '.') != NULL)) { snprintf(cbuf, cbuflen, "%s", p); } if (strcasecmp(name, p) == 0) found = TRUE; } if (found && strchr(cbuf, '.') == NULL) { /* try to add a domain on the end of the name */ char *domain = macvalue('m', CurEnv); if (domain != NULL && strlen(domain) + (i = strlen(cbuf)) + 1 < (size_t) cbuflen) { p = &cbuf[i]; *p++ = '.'; (void) strlcpy(p, domain, cbuflen - i - 1); } } return found; } /* ** NDBM modules */ #ifdef NDBM /* ** NDBM_MAP_OPEN -- DBM-style map open */ bool ndbm_map_open(map, mode) MAP *map; int mode; { register DBM *dbm; int save_errno; int dfd; int pfd; long sff; int ret; int smode = S_IREAD; char dirfile[MAXNAME + 1]; char pagfile[MAXNAME + 1]; struct stat st; struct stat std, stp; if (tTd(38, 2)) dprintf("ndbm_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); map->map_lockfd = -1; mode &= O_ACCMODE; /* do initial file and directory checks */ snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file); snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file); sff = SFF_ROOTOK|SFF_REGONLY; if (mode == O_RDWR) { sff |= SFF_CREAT; if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail)) sff |= SFF_NOSLINK; if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail)) sff |= SFF_NOHLINK; smode = S_IWRITE; } else { if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; } if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; ret = safefile(dirfile, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &std); if (ret == 0) ret = safefile(pagfile, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &stp); # if !_FFR_REMOVE_AUTOREBUILD if (ret == ENOENT && AutoRebuild && bitset(MCF_REBUILDABLE, map->map_class->map_cflags) && (bitset(MF_IMPL_NDBM, map->map_mflags) || bitset(MF_ALIAS, map->map_mflags)) && mode == O_RDONLY) { bool impl = bitset(MF_IMPL_NDBM, map->map_mflags); /* may be able to rebuild */ map->map_mflags &= ~MF_IMPL_NDBM; if (!rebuildaliases(map, TRUE)) return FALSE; if (impl) return impl_map_open(map, O_RDONLY); else return ndbm_map_open(map, O_RDONLY); } # endif /* !_FFR_REMOVE_AUTOREBUILD */ if (ret != 0) { char *prob = "unsafe"; /* cannot open this map */ if (ret == ENOENT) prob = "missing"; if (tTd(38, 2)) dprintf("\t%s map file: %d\n", prob, ret); if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("dbm map \"%s\": %s map file %s", map->map_mname, prob, map->map_file); return FALSE; } if (std.st_mode == ST_MODE_NOFILE) mode |= O_CREAT|O_EXCL; # if LOCK_ON_OPEN if (mode == O_RDONLY) mode |= O_SHLOCK; else mode |= O_TRUNC|O_EXLOCK; # else /* LOCK_ON_OPEN */ if ((mode & O_ACCMODE) == O_RDWR) { # if NOFTRUNCATE /* ** Warning: race condition. Try to lock the file as ** quickly as possible after opening it. ** This may also have security problems on some systems, ** but there isn't anything we can do about it. */ mode |= O_TRUNC; # else /* NOFTRUNCATE */ /* ** This ugly code opens the map without truncating it, ** locks the file, then truncates it. Necessary to ** avoid race conditions. */ int dirfd; int pagfd; long sff = SFF_CREAT|SFF_OPENASROOT; if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail)) sff |= SFF_NOSLINK; if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail)) sff |= SFF_NOHLINK; dirfd = safeopen(dirfile, mode, DBMMODE, sff); pagfd = safeopen(pagfile, mode, DBMMODE, sff); if (dirfd < 0 || pagfd < 0) { save_errno = errno; if (dirfd >= 0) (void) close(dirfd); if (pagfd >= 0) (void) close(pagfd); errno = save_errno; syserr("ndbm_map_open: cannot create database %s", map->map_file); return FALSE; } if (ftruncate(dirfd, (off_t) 0) < 0 || ftruncate(pagfd, (off_t) 0) < 0) { save_errno = errno; (void) close(dirfd); (void) close(pagfd); errno = save_errno; syserr("ndbm_map_open: cannot truncate %s.{dir,pag}", map->map_file); return FALSE; } /* if new file, get "before" bits for later filechanged check */ if (std.st_mode == ST_MODE_NOFILE && (fstat(dirfd, &std) < 0 || fstat(pagfd, &stp) < 0)) { save_errno = errno; (void) close(dirfd); (void) close(pagfd); errno = save_errno; syserr("ndbm_map_open(%s.{dir,pag}): cannot fstat pre-opened file", map->map_file); return FALSE; } /* have to save the lock for the duration (bletch) */ map->map_lockfd = dirfd; (void) close(pagfd); /* twiddle bits for dbm_open */ mode &= ~(O_CREAT|O_EXCL); # endif /* NOFTRUNCATE */ } # endif /* LOCK_ON_OPEN */ /* open the database */ dbm = dbm_open(map->map_file, mode, DBMMODE); if (dbm == NULL) { save_errno = errno; if (bitset(MF_ALIAS, map->map_mflags) && aliaswait(map, ".pag", FALSE)) return TRUE; # if !LOCK_ON_OPEN && !NOFTRUNCATE if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */ errno = save_errno; if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("Cannot open DBM database %s", map->map_file); return FALSE; } dfd = dbm_dirfno(dbm); pfd = dbm_pagfno(dbm); if (dfd == pfd) { /* heuristic: if files are linked, this is actually gdbm */ dbm_close(dbm); # if !LOCK_ON_OPEN && !NOFTRUNCATE if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */ errno = 0; syserr("dbm map \"%s\": cannot support GDBM", map->map_mname); return FALSE; } if (filechanged(dirfile, dfd, &std) || filechanged(pagfile, pfd, &stp)) { save_errno = errno; dbm_close(dbm); # if !LOCK_ON_OPEN && !NOFTRUNCATE if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN && !NOFTRUNCATE */ errno = save_errno; syserr("ndbm_map_open(%s): file changed after open", map->map_file); return FALSE; } map->map_db1 = (ARBPTR_T) dbm; /* ** Need to set map_mtime before the call to aliaswait() ** as aliaswait() will call map_lookup() which requires ** map_mtime to be set */ if (fstat(dfd, &st) >= 0) map->map_mtime = st.st_mtime; if (mode == O_RDONLY) { # if LOCK_ON_OPEN if (dfd >= 0) (void) lockfile(dfd, map->map_file, ".dir", LOCK_UN); if (pfd >= 0) (void) lockfile(pfd, map->map_file, ".pag", LOCK_UN); # endif /* LOCK_ON_OPEN */ if (bitset(MF_ALIAS, map->map_mflags) && !aliaswait(map, ".pag", TRUE)) return FALSE; } else { map->map_mflags |= MF_LOCKED; if (geteuid() == 0 && TrustedUid != 0) { # if HASFCHOWN if (fchown(dfd, TrustedUid, -1) < 0 || fchown(pfd, TrustedUid, -1) < 0) { int err = errno; sm_syslog(LOG_ALERT, NOQID, "ownership change on %s failed: %s", map->map_file, errstring(err)); message("050 ownership change on %s failed: %s", map->map_file, errstring(err)); } # endif /* HASFCHOWN */ } } return TRUE; } /* ** NDBM_MAP_LOOKUP -- look up a datum in a DBM-type map */ char * ndbm_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { datum key, val; int fd; char keybuf[MAXNAME + 1]; struct stat stbuf; if (tTd(38, 20)) dprintf("ndbm_map_lookup(%s, %s)\n", map->map_mname, name); key.dptr = name; key.dsize = strlen(name); if (!bitset(MF_NOFOLDCASE, map->map_mflags)) { if (key.dsize > sizeof keybuf - 1) key.dsize = sizeof keybuf - 1; memmove(keybuf, key.dptr, key.dsize); keybuf[key.dsize] = '\0'; makelower(keybuf); key.dptr = keybuf; } lockdbm: fd = dbm_dirfno((DBM *) map->map_db1); if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, map->map_file, ".dir", LOCK_SH); if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime) { /* Reopen the database to sync the cache */ int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR : O_RDONLY; if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, map->map_file, ".dir", LOCK_UN); map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); if (map->map_class->map_open(map, omode)) { map->map_mflags |= MF_OPEN; map->map_pid = getpid(); if ((omode && O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; goto lockdbm; } else { if (!bitset(MF_OPTIONAL, map->map_mflags)) { extern MAPCLASS BogusMapClass; *statp = EX_TEMPFAIL; map->map_class = &BogusMapClass; map->map_mflags |= MF_OPEN; map->map_pid = getpid(); syserr("Cannot reopen NDBM database %s", map->map_file); } return NULL; } } val.dptr = NULL; if (bitset(MF_TRY0NULL, map->map_mflags)) { val = dbm_fetch((DBM *) map->map_db1, key); if (val.dptr != NULL) map->map_mflags &= ~MF_TRY1NULL; } if (val.dptr == NULL && bitset(MF_TRY1NULL, map->map_mflags)) { key.dsize++; val = dbm_fetch((DBM *) map->map_db1, key); if (val.dptr != NULL) map->map_mflags &= ~MF_TRY0NULL; } if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, map->map_file, ".dir", LOCK_UN); if (val.dptr == NULL) return NULL; if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); else return map_rewrite(map, val.dptr, val.dsize, av); } /* ** NDBM_MAP_STORE -- store a datum in the database */ void ndbm_map_store(map, lhs, rhs) register MAP *map; char *lhs; char *rhs; { datum key; datum data; int status; char keybuf[MAXNAME + 1]; if (tTd(38, 12)) dprintf("ndbm_map_store(%s, %s, %s)\n", map->map_mname, lhs, rhs); key.dsize = strlen(lhs); key.dptr = lhs; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) { if (key.dsize > sizeof keybuf - 1) key.dsize = sizeof keybuf - 1; memmove(keybuf, key.dptr, key.dsize); keybuf[key.dsize] = '\0'; makelower(keybuf); key.dptr = keybuf; } data.dsize = strlen(rhs); data.dptr = rhs; if (bitset(MF_INCLNULL, map->map_mflags)) { key.dsize++; data.dsize++; } status = dbm_store((DBM *) map->map_db1, key, data, DBM_INSERT); if (status > 0) { if (!bitset(MF_APPEND, map->map_mflags)) message("050 Warning: duplicate alias name %s", lhs); else { static char *buf = NULL; static int bufsiz = 0; auto int xstat; datum old; old.dptr = ndbm_map_lookup(map, key.dptr, (char **)NULL, &xstat); if (old.dptr != NULL && *(char *) old.dptr != '\0') { old.dsize = strlen(old.dptr); if (data.dsize + old.dsize + 2 > bufsiz) { if (buf != NULL) (void) free(buf); bufsiz = data.dsize + old.dsize + 2; buf = xalloc(bufsiz); } snprintf(buf, bufsiz, "%s,%s", data.dptr, old.dptr); data.dsize = data.dsize + old.dsize + 1; data.dptr = buf; if (tTd(38, 9)) dprintf("ndbm_map_store append=%s\n", data.dptr); } } status = dbm_store((DBM *) map->map_db1, key, data, DBM_REPLACE); } if (status != 0) syserr("readaliases: dbm put (%s): %d", lhs, status); } /* ** NDBM_MAP_CLOSE -- close the database */ void ndbm_map_close(map) register MAP *map; { if (tTd(38, 9)) dprintf("ndbm_map_close(%s, %s, %lx)\n", map->map_mname, map->map_file, map->map_mflags); if (bitset(MF_WRITABLE, map->map_mflags)) { # ifdef NDBM_YP_COMPAT bool inclnull; char buf[MAXHOSTNAMELEN]; inclnull = bitset(MF_INCLNULL, map->map_mflags); map->map_mflags &= ~MF_INCLNULL; if (strstr(map->map_file, "/yp/") != NULL) { long save_mflags = map->map_mflags; map->map_mflags |= MF_NOFOLDCASE; (void) snprintf(buf, sizeof buf, "%010ld", curtime()); ndbm_map_store(map, "YP_LAST_MODIFIED", buf); (void) gethostname(buf, sizeof buf); ndbm_map_store(map, "YP_MASTER_NAME", buf); map->map_mflags = save_mflags; } if (inclnull) map->map_mflags |= MF_INCLNULL; # endif /* NDBM_YP_COMPAT */ /* write out the distinguished alias */ ndbm_map_store(map, "@", "@"); } dbm_close((DBM *) map->map_db1); /* release lock (if needed) */ # if !LOCK_ON_OPEN if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN */ } #endif /* NDBM */ /* ** NEWDB (Hash and BTree) Modules */ #ifdef NEWDB /* ** BT_MAP_OPEN, HASH_MAP_OPEN -- database open primitives. ** ** These do rather bizarre locking. If you can lock on open, ** do that to avoid the condition of opening a database that ** is being rebuilt. If you don't, we'll try to fake it, but ** there will be a race condition. If opening for read-only, ** we immediately release the lock to avoid freezing things up. ** We really ought to hold the lock, but guarantee that we won't ** be pokey about it. That's hard to do. */ /* these should be K line arguments */ # if DB_VERSION_MAJOR < 2 # define db_cachesize cachesize # define h_nelem nelem # ifndef DB_CACHE_SIZE # define DB_CACHE_SIZE (1024 * 1024) /* database memory cache size */ # endif /* ! DB_CACHE_SIZE */ # ifndef DB_HASH_NELEM # define DB_HASH_NELEM 4096 /* (starting) size of hash table */ # endif /* ! DB_HASH_NELEM */ # endif /* DB_VERSION_MAJOR < 2 */ bool bt_map_open(map, mode) MAP *map; int mode; { # if DB_VERSION_MAJOR < 2 BTREEINFO btinfo; # endif /* DB_VERSION_MAJOR < 2 */ # if DB_VERSION_MAJOR == 2 DB_INFO btinfo; # endif /* DB_VERSION_MAJOR == 2 */ # if DB_VERSION_MAJOR > 2 void *btinfo = NULL; # endif /* DB_VERSION_MAJOR > 2 */ if (tTd(38, 2)) dprintf("bt_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); # if DB_VERSION_MAJOR < 3 memset(&btinfo, '\0', sizeof btinfo); # ifdef DB_CACHE_SIZE btinfo.db_cachesize = DB_CACHE_SIZE; # endif /* DB_CACHE_SIZE */ # endif /* DB_VERSION_MAJOR < 3 */ return db_map_open(map, mode, "btree", DB_BTREE, &btinfo); } bool hash_map_open(map, mode) MAP *map; int mode; { # if DB_VERSION_MAJOR < 2 HASHINFO hinfo; # endif /* DB_VERSION_MAJOR < 2 */ # if DB_VERSION_MAJOR == 2 DB_INFO hinfo; # endif /* DB_VERSION_MAJOR == 2 */ # if DB_VERSION_MAJOR > 2 void *hinfo = NULL; # endif /* DB_VERSION_MAJOR > 2 */ if (tTd(38, 2)) dprintf("hash_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); # if DB_VERSION_MAJOR < 3 memset(&hinfo, '\0', sizeof hinfo); # ifdef DB_HASH_NELEM hinfo.h_nelem = DB_HASH_NELEM; # endif /* DB_HASH_NELEM */ # ifdef DB_CACHE_SIZE hinfo.db_cachesize = DB_CACHE_SIZE; # endif /* DB_CACHE_SIZE */ # endif /* DB_VERSION_MAJOR < 3 */ return db_map_open(map, mode, "hash", DB_HASH, &hinfo); } static bool db_map_open(map, mode, mapclassname, dbtype, openinfo) MAP *map; int mode; char *mapclassname; DBTYPE dbtype; # if DB_VERSION_MAJOR < 2 const void *openinfo; # endif /* DB_VERSION_MAJOR < 2 */ # if DB_VERSION_MAJOR == 2 DB_INFO *openinfo; # endif /* DB_VERSION_MAJOR == 2 */ # if DB_VERSION_MAJOR > 2 void **openinfo; # endif /* DB_VERSION_MAJOR > 2 */ { DB *db = NULL; int i; int omode; int smode = S_IREAD; int fd; long sff; int save_errno; struct stat st; char buf[MAXNAME + 1]; /* do initial file and directory checks */ (void) strlcpy(buf, map->map_file, sizeof buf - 3); i = strlen(buf); if (i < 3 || strcmp(&buf[i - 3], ".db") != 0) (void) strlcat(buf, ".db", sizeof buf); mode &= O_ACCMODE; omode = mode; sff = SFF_ROOTOK|SFF_REGONLY; if (mode == O_RDWR) { sff |= SFF_CREAT; if (!bitnset(DBS_WRITEMAPTOSYMLINK, DontBlameSendmail)) sff |= SFF_NOSLINK; if (!bitnset(DBS_WRITEMAPTOHARDLINK, DontBlameSendmail)) sff |= SFF_NOHLINK; smode = S_IWRITE; } else { if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; } if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; i = safefile(buf, RunAsUid, RunAsGid, RunAsUserName, sff, smode, &st); # if !_FFR_REMOVE_AUTOREBUILD if (i == ENOENT && AutoRebuild && bitset(MCF_REBUILDABLE, map->map_class->map_cflags) && (bitset(MF_IMPL_HASH, map->map_mflags) || bitset(MF_ALIAS, map->map_mflags)) && mode == O_RDONLY) { bool impl = bitset(MF_IMPL_HASH, map->map_mflags); /* may be able to rebuild */ map->map_mflags &= ~MF_IMPL_HASH; if (!rebuildaliases(map, TRUE)) return FALSE; if (impl) return impl_map_open(map, O_RDONLY); else return db_map_open(map, O_RDONLY, mapclassname, dbtype, openinfo); } # endif /* !_FFR_REMOVE_AUTOREBUILD */ if (i != 0) { char *prob = "unsafe"; /* cannot open this map */ if (i == ENOENT) prob = "missing"; if (tTd(38, 2)) dprintf("\t%s map file: %s\n", prob, errstring(i)); errno = i; if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("%s map \"%s\": %s map file %s", mapclassname, map->map_mname, prob, buf); return FALSE; } if (st.st_mode == ST_MODE_NOFILE) omode |= O_CREAT|O_EXCL; map->map_lockfd = -1; # if LOCK_ON_OPEN if (mode == O_RDWR) omode |= O_TRUNC|O_EXLOCK; else omode |= O_SHLOCK; # else /* LOCK_ON_OPEN */ /* ** Pre-lock the file to avoid race conditions. In particular, ** since dbopen returns NULL if the file is zero length, we ** must have a locked instance around the dbopen. */ fd = open(buf, omode, DBMMODE); if (fd < 0) { if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("db_map_open: cannot pre-open database %s", buf); return FALSE; } /* make sure no baddies slipped in just before the open... */ if (filechanged(buf, fd, &st)) { save_errno = errno; (void) close(fd); errno = save_errno; syserr("db_map_open(%s): file changed after pre-open", buf); return FALSE; } /* if new file, get the "before" bits for later filechanged check */ if (st.st_mode == ST_MODE_NOFILE && fstat(fd, &st) < 0) { save_errno = errno; (void) close(fd); errno = save_errno; syserr("db_map_open(%s): cannot fstat pre-opened file", buf); return FALSE; } /* actually lock the pre-opened file */ if (!lockfile(fd, buf, NULL, mode == O_RDONLY ? LOCK_SH : LOCK_EX)) syserr("db_map_open: cannot lock %s", buf); /* set up mode bits for dbopen */ if (mode == O_RDWR) omode |= O_TRUNC; omode &= ~(O_EXCL|O_CREAT); # endif /* LOCK_ON_OPEN */ # if DB_VERSION_MAJOR < 2 db = dbopen(buf, omode, DBMMODE, dbtype, openinfo); # else /* DB_VERSION_MAJOR < 2 */ { int flags = 0; # if DB_VERSION_MAJOR > 2 int ret; # endif /* DB_VERSION_MAJOR > 2 */ if (mode == O_RDONLY) flags |= DB_RDONLY; if (bitset(O_CREAT, omode)) flags |= DB_CREATE; if (bitset(O_TRUNC, omode)) flags |= DB_TRUNCATE; # if !HASFLOCK && defined(DB_FCNTL_LOCKING) flags |= DB_FCNTL_LOCKING; # endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */ # if DB_VERSION_MAJOR > 2 ret = db_create(&db, NULL, 0); # ifdef DB_CACHE_SIZE if (ret == 0 && db != NULL) { ret = db->set_cachesize(db, 0, DB_CACHE_SIZE, 0); if (ret != 0) { (void) db->close(db, 0); db = NULL; } } # endif /* DB_CACHE_SIZE */ # ifdef DB_HASH_NELEM if (dbtype == DB_HASH && ret == 0 && db != NULL) { ret = db->set_h_nelem(db, DB_HASH_NELEM); if (ret != 0) { (void) db->close(db, 0); db = NULL; } } # endif /* DB_HASH_NELEM */ if (ret == 0 && db != NULL) { ret = db->open(db, buf, NULL, dbtype, flags, DBMMODE); if (ret != 0) { (void) db->close(db, 0); db = NULL; } } errno = ret; # else /* DB_VERSION_MAJOR > 2 */ errno = db_open(buf, dbtype, flags, DBMMODE, NULL, openinfo, &db); # endif /* DB_VERSION_MAJOR > 2 */ } # endif /* DB_VERSION_MAJOR < 2 */ save_errno = errno; # if !LOCK_ON_OPEN if (mode == O_RDWR) map->map_lockfd = fd; else (void) close(fd); # endif /* !LOCK_ON_OPEN */ if (db == NULL) { if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) && aliaswait(map, ".db", FALSE)) return TRUE; # if !LOCK_ON_OPEN if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN */ errno = save_errno; if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("Cannot open %s database %s", mapclassname, buf); return FALSE; } # if DB_VERSION_MAJOR < 2 fd = db->fd(db); # else /* DB_VERSION_MAJOR < 2 */ fd = -1; errno = db->fd(db, &fd); # endif /* DB_VERSION_MAJOR < 2 */ if (filechanged(buf, fd, &st)) { save_errno = errno; # if DB_VERSION_MAJOR < 2 (void) db->close(db); # else /* DB_VERSION_MAJOR < 2 */ errno = db->close(db, 0); # endif /* DB_VERSION_MAJOR < 2 */ # if !LOCK_ON_OPEN if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN */ errno = save_errno; syserr("db_map_open(%s): file changed after open", buf); return FALSE; } if (mode == O_RDWR) map->map_mflags |= MF_LOCKED; # if LOCK_ON_OPEN if (fd >= 0 && mode == O_RDONLY) { (void) lockfile(fd, buf, NULL, LOCK_UN); } # endif /* LOCK_ON_OPEN */ /* try to make sure that at least the database header is on disk */ if (mode == O_RDWR) { (void) db->sync(db, 0); if (geteuid() == 0 && TrustedUid != 0) { # if HASFCHOWN if (fchown(fd, TrustedUid, -1) < 0) { int err = errno; sm_syslog(LOG_ALERT, NOQID, "ownership change on %s failed: %s", buf, errstring(err)); message("050 ownership change on %s failed: %s", buf, errstring(err)); } # endif /* HASFCHOWN */ } } map->map_db2 = (ARBPTR_T) db; /* ** Need to set map_mtime before the call to aliaswait() ** as aliaswait() will call map_lookup() which requires ** map_mtime to be set */ if (fd >= 0 && fstat(fd, &st) >= 0) map->map_mtime = st.st_mtime; if (mode == O_RDONLY && bitset(MF_ALIAS, map->map_mflags) && !aliaswait(map, ".db", TRUE)) return FALSE; return TRUE; } /* ** DB_MAP_LOOKUP -- look up a datum in a BTREE- or HASH-type map */ char * db_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { DBT key, val; register DB *db = (DB *) map->map_db2; int i; int st; int save_errno; int fd; struct stat stbuf; char keybuf[MAXNAME + 1]; char buf[MAXNAME + 1]; memset(&key, '\0', sizeof key); memset(&val, '\0', sizeof val); if (tTd(38, 20)) dprintf("db_map_lookup(%s, %s)\n", map->map_mname, name); i = strlen(map->map_file); if (i > MAXNAME) i = MAXNAME; (void) strlcpy(buf, map->map_file, i + 1); if (i > 3 && strcmp(&buf[i - 3], ".db") == 0) buf[i - 3] = '\0'; key.size = strlen(name); if (key.size > sizeof keybuf - 1) key.size = sizeof keybuf - 1; key.data = keybuf; memmove(keybuf, name, key.size); keybuf[key.size] = '\0'; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) makelower(keybuf); lockdb: # if DB_VERSION_MAJOR < 2 fd = db->fd(db); # else /* DB_VERSION_MAJOR < 2 */ fd = -1; errno = db->fd(db, &fd); # endif /* DB_VERSION_MAJOR < 2 */ if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, buf, ".db", LOCK_SH); if (fd < 0 || fstat(fd, &stbuf) < 0 || stbuf.st_mtime > map->map_mtime) { /* Reopen the database to sync the cache */ int omode = bitset(map->map_mflags, MF_WRITABLE) ? O_RDWR : O_RDONLY; if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, buf, ".db", LOCK_UN); map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); if (map->map_class->map_open(map, omode)) { map->map_mflags |= MF_OPEN; map->map_pid = getpid(); if ((omode && O_ACCMODE) == O_RDWR) map->map_mflags |= MF_WRITABLE; db = (DB *) map->map_db2; goto lockdb; } else { if (!bitset(MF_OPTIONAL, map->map_mflags)) { extern MAPCLASS BogusMapClass; *statp = EX_TEMPFAIL; map->map_class = &BogusMapClass; map->map_mflags |= MF_OPEN; map->map_pid = getpid(); syserr("Cannot reopen DB database %s", map->map_file); } return NULL; } } st = 1; if (bitset(MF_TRY0NULL, map->map_mflags)) { # if DB_VERSION_MAJOR < 2 st = db->get(db, &key, &val, 0); # else /* DB_VERSION_MAJOR < 2 */ errno = db->get(db, NULL, &key, &val, 0); switch (errno) { case DB_NOTFOUND: case DB_KEYEMPTY: st = 1; break; case 0: st = 0; break; default: st = -1; break; } # endif /* DB_VERSION_MAJOR < 2 */ if (st == 0) map->map_mflags &= ~MF_TRY1NULL; } if (st != 0 && bitset(MF_TRY1NULL, map->map_mflags)) { key.size++; # if DB_VERSION_MAJOR < 2 st = db->get(db, &key, &val, 0); # else /* DB_VERSION_MAJOR < 2 */ errno = db->get(db, NULL, &key, &val, 0); switch (errno) { case DB_NOTFOUND: case DB_KEYEMPTY: st = 1; break; case 0: st = 0; break; default: st = -1; break; } # endif /* DB_VERSION_MAJOR < 2 */ if (st == 0) map->map_mflags &= ~MF_TRY0NULL; } save_errno = errno; if (fd >= 0 && !bitset(MF_LOCKED, map->map_mflags)) (void) lockfile(fd, buf, ".db", LOCK_UN); if (st != 0) { errno = save_errno; if (st < 0) syserr("db_map_lookup: get (%s)", name); return NULL; } if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); else return map_rewrite(map, val.data, val.size, av); } /* ** DB_MAP_STORE -- store a datum in the NEWDB database */ void db_map_store(map, lhs, rhs) register MAP *map; char *lhs; char *rhs; { int status; DBT key; DBT data; register DB *db = map->map_db2; char keybuf[MAXNAME + 1]; memset(&key, '\0', sizeof key); memset(&data, '\0', sizeof data); if (tTd(38, 12)) dprintf("db_map_store(%s, %s, %s)\n", map->map_mname, lhs, rhs); key.size = strlen(lhs); key.data = lhs; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) { if (key.size > sizeof keybuf - 1) key.size = sizeof keybuf - 1; memmove(keybuf, key.data, key.size); keybuf[key.size] = '\0'; makelower(keybuf); key.data = keybuf; } data.size = strlen(rhs); data.data = rhs; if (bitset(MF_INCLNULL, map->map_mflags)) { key.size++; data.size++; } # if DB_VERSION_MAJOR < 2 status = db->put(db, &key, &data, R_NOOVERWRITE); # else /* DB_VERSION_MAJOR < 2 */ errno = db->put(db, NULL, &key, &data, DB_NOOVERWRITE); switch (errno) { case DB_KEYEXIST: status = 1; break; case 0: status = 0; break; default: status = -1; break; } # endif /* DB_VERSION_MAJOR < 2 */ if (status > 0) { if (!bitset(MF_APPEND, map->map_mflags)) message("050 Warning: duplicate alias name %s", lhs); else { static char *buf = NULL; static int bufsiz = 0; DBT old; memset(&old, '\0', sizeof old); old.data = db_map_lookup(map, key.data, (char **)NULL, &status); if (old.data != NULL) { old.size = strlen(old.data); if (data.size + old.size + 2 > (size_t)bufsiz) { if (buf != NULL) (void) free(buf); bufsiz = data.size + old.size + 2; buf = xalloc(bufsiz); } snprintf(buf, bufsiz, "%s,%s", (char *) data.data, (char *) old.data); data.size = data.size + old.size + 1; data.data = buf; if (tTd(38, 9)) dprintf("db_map_store append=%s\n", (char *) data.data); } } # if DB_VERSION_MAJOR < 2 status = db->put(db, &key, &data, 0); # else /* DB_VERSION_MAJOR < 2 */ status = errno = db->put(db, NULL, &key, &data, 0); # endif /* DB_VERSION_MAJOR < 2 */ } if (status != 0) syserr("readaliases: db put (%s)", lhs); } /* ** DB_MAP_CLOSE -- add distinguished entries and close the database */ void db_map_close(map) MAP *map; { register DB *db = map->map_db2; if (tTd(38, 9)) dprintf("db_map_close(%s, %s, %lx)\n", map->map_mname, map->map_file, map->map_mflags); if (bitset(MF_WRITABLE, map->map_mflags)) { /* write out the distinguished alias */ db_map_store(map, "@", "@"); } (void) db->sync(db, 0); # if !LOCK_ON_OPEN if (map->map_lockfd >= 0) (void) close(map->map_lockfd); # endif /* !LOCK_ON_OPEN */ # if DB_VERSION_MAJOR < 2 if (db->close(db) != 0) # else /* DB_VERSION_MAJOR < 2 */ /* ** Berkeley DB can use internal shared memory ** locking for its memory pool. Closing a map ** opened by another process will interfere ** with the shared memory and locks of the parent ** process leaving things in a bad state. */ /* ** If this map was not opened by the current ** process, do not close the map but recover ** the file descriptor. */ if (map->map_pid != getpid()) { int fd = -1; errno = db->fd(db, &fd); if (fd >= 0) (void) close(fd); return; } if ((errno = db->close(db, 0)) != 0) # endif /* DB_VERSION_MAJOR < 2 */ syserr("db_map_close(%s, %s, %lx): db close failure", map->map_mname, map->map_file, map->map_mflags); } #endif /* NEWDB */ /* ** NIS Modules */ #ifdef NIS # ifndef YPERR_BUSY # define YPERR_BUSY 16 # endif /* ! YPERR_BUSY */ /* ** NIS_MAP_OPEN -- open DBM map */ bool nis_map_open(map, mode) MAP *map; int mode; { int yperr; register char *p; auto char *vp; auto int vsize; if (tTd(38, 2)) dprintf("nis_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; if (mode != O_RDONLY) { /* issue a pseudo-error message */ # ifdef ENOSYS errno = ENOSYS; # else /* ENOSYS */ # ifdef EFTYPE errno = EFTYPE; # else /* EFTYPE */ errno = ENXIO; # endif /* EFTYPE */ # endif /* ENOSYS */ return FALSE; } p = strchr(map->map_file, '@'); if (p != NULL) { *p++ = '\0'; if (*p != '\0') map->map_domain = p; } if (*map->map_file == '\0') map->map_file = "mail.aliases"; if (map->map_domain == NULL) { yperr = yp_get_default_domain(&map->map_domain); if (yperr != 0) { if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("421 4.3.5 NIS map %s specified, but NIS not running", map->map_file); return FALSE; } } /* check to see if this map actually exists */ vp = NULL; yperr = yp_match(map->map_domain, map->map_file, "@", 1, &vp, &vsize); if (tTd(38, 10)) dprintf("nis_map_open: yp_match(@, %s, %s) => %s\n", map->map_domain, map->map_file, yperr_string(yperr)); if (vp != NULL) free(vp); if (yperr == 0 || yperr == YPERR_KEY || yperr == YPERR_BUSY) { /* ** We ought to be calling aliaswait() here if this is an ** alias file, but powerful HP-UX NIS servers apparently ** don't insert the @:@ token into the alias map when it ** is rebuilt, so aliaswait() just hangs. I hate HP-UX. */ # if 0 if (!bitset(MF_ALIAS, map->map_mflags) || aliaswait(map, NULL, TRUE)) # endif /* 0 */ return TRUE; } if (!bitset(MF_OPTIONAL, map->map_mflags)) { syserr("421 4.0.0 Cannot bind to map %s in domain %s: %s", map->map_file, map->map_domain, yperr_string(yperr)); } return FALSE; } /* ** NIS_MAP_LOOKUP -- look up a datum in a NIS map */ /* ARGSUSED3 */ char * nis_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { char *vp; auto int vsize; int buflen; int yperr; char keybuf[MAXNAME + 1]; if (tTd(38, 20)) dprintf("nis_map_lookup(%s, %s)\n", map->map_mname, name); buflen = strlen(name); if (buflen > sizeof keybuf - 1) buflen = sizeof keybuf - 1; memmove(keybuf, name, buflen); keybuf[buflen] = '\0'; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) makelower(keybuf); yperr = YPERR_KEY; vp = NULL; if (bitset(MF_TRY0NULL, map->map_mflags)) { yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen, &vp, &vsize); if (yperr == 0) map->map_mflags &= ~MF_TRY1NULL; } if (yperr == YPERR_KEY && bitset(MF_TRY1NULL, map->map_mflags)) { if (vp != NULL) { free(vp); vp = NULL; } buflen++; yperr = yp_match(map->map_domain, map->map_file, keybuf, buflen, &vp, &vsize); if (yperr == 0) map->map_mflags &= ~MF_TRY0NULL; } if (yperr != 0) { if (yperr != YPERR_KEY && yperr != YPERR_BUSY) map->map_mflags &= ~(MF_VALID|MF_OPEN); if (vp != NULL) free(vp); return NULL; } if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); else { char *ret; ret = map_rewrite(map, vp, vsize, av); if (vp != NULL) free(vp); return ret; } } /* ** NIS_GETCANONNAME -- look up canonical name in NIS */ static bool nis_getcanonname(name, hbsize, statp) char *name; int hbsize; int *statp; { char *vp; auto int vsize; int keylen; int yperr; static bool try0null = TRUE; static bool try1null = TRUE; static char *yp_domain = NULL; char host_record[MAXLINE]; char cbuf[MAXNAME]; char nbuf[MAXNAME + 1]; if (tTd(38, 20)) dprintf("nis_getcanonname(%s)\n", name); if (strlcpy(nbuf, name, sizeof nbuf) >= sizeof nbuf) { *statp = EX_UNAVAILABLE; return FALSE; } shorten_hostname(nbuf); keylen = strlen(nbuf); if (yp_domain == NULL) (void) yp_get_default_domain(&yp_domain); makelower(nbuf); yperr = YPERR_KEY; vp = NULL; if (try0null) { yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen, &vp, &vsize); if (yperr == 0) try1null = FALSE; } if (yperr == YPERR_KEY && try1null) { if (vp != NULL) { free(vp); vp = NULL; } keylen++; yperr = yp_match(yp_domain, "hosts.byname", nbuf, keylen, &vp, &vsize); if (yperr == 0) try0null = FALSE; } if (yperr != 0) { if (yperr == YPERR_KEY) *statp = EX_NOHOST; else if (yperr == YPERR_BUSY) *statp = EX_TEMPFAIL; else *statp = EX_UNAVAILABLE; if (vp != NULL) free(vp); return FALSE; } (void) strlcpy(host_record, vp, sizeof host_record); free(vp); if (tTd(38, 44)) dprintf("got record `%s'\n", host_record); if (!extract_canonname(nbuf, host_record, cbuf, sizeof cbuf)) { /* this should not happen, but.... */ *statp = EX_NOHOST; return FALSE; } if (hbsize < strlen(cbuf)) { *statp = EX_UNAVAILABLE; return FALSE; } (void) strlcpy(name, cbuf, hbsize); *statp = EX_OK; return TRUE; } #endif /* NIS */ /* ** NISPLUS Modules ** ** This code donated by Sun Microsystems. */ #ifdef NISPLUS # undef NIS /* symbol conflict in nis.h */ # undef T_UNSPEC /* symbol conflict in nis.h -> ... -> sys/tiuser.h */ # include # include # define EN_col(col) zo_data.objdata_u.en_data.en_cols.en_cols_val[(col)].ec_value.ec_value_val # define COL_NAME(res,i) ((res->objects.objects_val)->TA_data.ta_cols.ta_cols_val)[i].tc_name # define COL_MAX(res) ((res->objects.objects_val)->TA_data.ta_cols.ta_cols_len) # define PARTIAL_NAME(x) ((x)[strlen(x) - 1] != '.') /* ** NISPLUS_MAP_OPEN -- open nisplus table */ bool nisplus_map_open(map, mode) MAP *map; int mode; { nis_result *res = NULL; int retry_cnt, max_col, i; char qbuf[MAXLINE + NIS_MAXNAMELEN]; if (tTd(38, 2)) dprintf("nisplus_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; if (mode != O_RDONLY) { errno = EPERM; return FALSE; } if (*map->map_file == '\0') map->map_file = "mail_aliases.org_dir"; if (PARTIAL_NAME(map->map_file) && map->map_domain == NULL) { /* set default NISPLUS Domain to $m */ map->map_domain = newstr(nisplus_default_domain()); if (tTd(38, 2)) dprintf("nisplus_map_open(%s): using domain %s\n", map->map_file, map->map_domain); } if (!PARTIAL_NAME(map->map_file)) { map->map_domain = newstr(""); snprintf(qbuf, sizeof qbuf, "%s", map->map_file); } else { /* check to see if this map actually exists */ snprintf(qbuf, sizeof qbuf, "%s.%s", map->map_file, map->map_domain); } retry_cnt = 0; while (res == NULL || res->status != NIS_SUCCESS) { res = nis_lookup(qbuf, FOLLOW_LINKS); switch (res->status) { case NIS_SUCCESS: break; case NIS_TRYAGAIN: case NIS_RPCERROR: case NIS_NAMEUNREACHABLE: if (retry_cnt++ > 4) { errno = EAGAIN; return FALSE; } /* try not to overwhelm hosed server */ sleep(2); break; default: /* all other nisplus errors */ # if 0 if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("421 4.0.0 Cannot find table %s.%s: %s", map->map_file, map->map_domain, nis_sperrno(res->status)); # endif /* 0 */ errno = EAGAIN; return FALSE; } } if (NIS_RES_NUMOBJ(res) != 1 || (NIS_RES_OBJECT(res)->zo_data.zo_type != TABLE_OBJ)) { if (tTd(38, 10)) dprintf("nisplus_map_open: %s is not a table\n", qbuf); # if 0 if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("421 4.0.0 %s.%s: %s is not a table", map->map_file, map->map_domain, nis_sperrno(res->status)); # endif /* 0 */ errno = EBADF; return FALSE; } /* default key column is column 0 */ if (map->map_keycolnm == NULL) map->map_keycolnm = newstr(COL_NAME(res,0)); max_col = COL_MAX(res); /* verify the key column exist */ for (i = 0; i< max_col; i++) { if (strcmp(map->map_keycolnm, COL_NAME(res,i)) == 0) break; } if (i == max_col) { if (tTd(38, 2)) dprintf("nisplus_map_open(%s): can not find key column %s\n", map->map_file, map->map_keycolnm); errno = ENOENT; return FALSE; } /* default value column is the last column */ if (map->map_valcolnm == NULL) { map->map_valcolno = max_col - 1; return TRUE; } for (i = 0; i< max_col; i++) { if (strcmp(map->map_valcolnm, COL_NAME(res,i)) == 0) { map->map_valcolno = i; return TRUE; } } if (tTd(38, 2)) dprintf("nisplus_map_open(%s): can not find column %s\n", map->map_file, map->map_keycolnm); errno = ENOENT; return FALSE; } /* ** NISPLUS_MAP_LOOKUP -- look up a datum in a NISPLUS table */ char * nisplus_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { char *p; auto int vsize; char *skp; int skleft; char search_key[MAXNAME + 4]; char qbuf[MAXLINE + NIS_MAXNAMELEN]; nis_result *result; if (tTd(38, 20)) dprintf("nisplus_map_lookup(%s, %s)\n", map->map_mname, name); if (!bitset(MF_OPEN, map->map_mflags)) { if (nisplus_map_open(map, O_RDONLY)) { map->map_mflags |= MF_OPEN; map->map_pid = getpid(); } else { *statp = EX_UNAVAILABLE; return NULL; } } /* ** Copy the name to the key buffer, escaping double quote characters ** by doubling them and quoting "]" and "," to avoid having the ** NIS+ parser choke on them. */ skleft = sizeof search_key - 4; skp = search_key; for (p = name; *p != '\0' && skleft > 0; p++) { switch (*p) { case ']': case ',': /* quote the character */ *skp++ = '"'; *skp++ = *p; *skp++ = '"'; skleft -= 3; break; case '"': /* double the quote */ *skp++ = '"'; skleft--; /* FALLTHROUGH */ default: *skp++ = *p; skleft--; break; } } *skp = '\0'; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) makelower(search_key); /* construct the query */ if (PARTIAL_NAME(map->map_file)) snprintf(qbuf, sizeof qbuf, "[%s=%s],%s.%s", map->map_keycolnm, search_key, map->map_file, map->map_domain); else snprintf(qbuf, sizeof qbuf, "[%s=%s],%s", map->map_keycolnm, search_key, map->map_file); if (tTd(38, 20)) dprintf("qbuf=%s\n", qbuf); result = nis_list(qbuf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL); if (result->status == NIS_SUCCESS) { int count; char *str; if ((count = NIS_RES_NUMOBJ(result)) != 1) { if (LogLevel > 10) sm_syslog(LOG_WARNING, CurEnv->e_id, "%s: lookup error, expected 1 entry, got %d", map->map_file, count); /* ignore second entry */ if (tTd(38, 20)) dprintf("nisplus_map_lookup(%s), got %d entries, additional entries ignored\n", name, count); } p = ((NIS_RES_OBJECT(result))->EN_col(map->map_valcolno)); /* set the length of the result */ if (p == NULL) p = ""; vsize = strlen(p); if (tTd(38, 20)) dprintf("nisplus_map_lookup(%s), found %s\n", name, p); if (bitset(MF_MATCHONLY, map->map_mflags)) str = map_rewrite(map, name, strlen(name), NULL); else str = map_rewrite(map, p, vsize, av); nis_freeresult(result); *statp = EX_OK; return str; } else { if (result->status == NIS_NOTFOUND) *statp = EX_NOTFOUND; else if (result->status == NIS_TRYAGAIN) *statp = EX_TEMPFAIL; else { *statp = EX_UNAVAILABLE; map->map_mflags &= ~(MF_VALID|MF_OPEN); } } if (tTd(38, 20)) dprintf("nisplus_map_lookup(%s), failed\n", name); nis_freeresult(result); return NULL; } /* ** NISPLUS_GETCANONNAME -- look up canonical name in NIS+ */ static bool nisplus_getcanonname(name, hbsize, statp) char *name; int hbsize; int *statp; { char *vp; auto int vsize; nis_result *result; char *p; char nbuf[MAXNAME + 1]; char qbuf[MAXLINE + NIS_MAXNAMELEN]; if (strlen(name) >= sizeof nbuf) { *statp = EX_UNAVAILABLE; return FALSE; } (void) strlcpy(nbuf, name, sizeof nbuf); shorten_hostname(nbuf); p = strchr(nbuf, '.'); if (p == NULL) { /* single token */ snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir", nbuf); } else if (p[1] != '\0') { /* multi token -- take only first token in nbuf */ *p = '\0'; snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir.%s", nbuf, &p[1]); } else { *statp = EX_NOHOST; return FALSE; } if (tTd(38, 20)) dprintf("\nnisplus_getcanoname(%s), qbuf=%s\n", name, qbuf); result = nis_list(qbuf, EXPAND_NAME|FOLLOW_LINKS|FOLLOW_PATH, NULL, NULL); if (result->status == NIS_SUCCESS) { int count; char *domain; if ((count = NIS_RES_NUMOBJ(result)) != 1) { if (LogLevel > 10) sm_syslog(LOG_WARNING, CurEnv->e_id, "nisplus_getcanonname: lookup error, expected 1 entry, got %d", count); /* ignore second entry */ if (tTd(38, 20)) dprintf("nisplus_getcanoname(%s), got %d entries, all but first ignored\n", name, count); } if (tTd(38, 20)) dprintf("nisplus_getcanoname(%s), found in directory \"%s\"\n", name, (NIS_RES_OBJECT(result))->zo_domain); vp = ((NIS_RES_OBJECT(result))->EN_col(0)); vsize = strlen(vp); if (tTd(38, 20)) dprintf("nisplus_getcanonname(%s), found %s\n", name, vp); if (strchr(vp, '.') != NULL) { domain = ""; } else { domain = macvalue('m', CurEnv); if (domain == NULL) domain = ""; } if (hbsize > vsize + (int) strlen(domain) + 1) { if (domain[0] == '\0') (void) strlcpy(name, vp, hbsize); else snprintf(name, hbsize, "%s.%s", vp, domain); *statp = EX_OK; } else *statp = EX_NOHOST; nis_freeresult(result); return TRUE; } else { if (result->status == NIS_NOTFOUND) *statp = EX_NOHOST; else if (result->status == NIS_TRYAGAIN) *statp = EX_TEMPFAIL; else *statp = EX_UNAVAILABLE; } if (tTd(38, 20)) dprintf("nisplus_getcanonname(%s), failed, status=%d, nsw_stat=%d\n", name, result->status, *statp); nis_freeresult(result); return FALSE; } char * nisplus_default_domain() { static char default_domain[MAXNAME + 1] = ""; char *p; if (default_domain[0] != '\0') return default_domain; p = nis_local_directory(); snprintf(default_domain, sizeof default_domain, "%s", p); return default_domain; } #endif /* NISPLUS */ /* ** LDAP Modules */ /* ** LDAPMAP_DEQUOTE - helper routine for ldapmap_parseargs */ #if defined(LDAPMAP) || defined(PH_MAP) # ifdef PH_MAP # define ph_map_dequote ldapmap_dequote # endif /* PH_MAP */ char * ldapmap_dequote(str) char *str; { char *p; char *start; if (str == NULL) return NULL; p = str; if (*p == '"') { /* Should probably swallow initial whitespace here */ start = ++p; } else return str; while (*p != '"' && *p != '\0') p++; if (*p != '\0') *p = '\0'; return start; } #endif /* defined(LDAPMAP) || defined(PH_MAP) */ #ifdef LDAPMAP LDAPMAP_STRUCT *LDAPDefaults = NULL; /* ** LDAPMAP_OPEN -- open LDAP map ** ** Connect to the LDAP server. Re-use existing connections since a ** single server connection to a host (with the same host, port, ** bind DN, and secret) can answer queries for multiple maps. */ bool ldapmap_open(map, mode) MAP *map; int mode; { LDAPMAP_STRUCT *lmap; STAB *s; if (tTd(38, 2)) dprintf("ldapmap_open(%s, %d): ", map->map_mname, mode); mode &= O_ACCMODE; /* sendmail doesn't have the ability to write to LDAP (yet) */ if (mode != O_RDONLY) { /* issue a pseudo-error message */ # ifdef ENOSYS errno = ENOSYS; # else /* ENOSYS */ # ifdef EFTYPE errno = EFTYPE; # else /* EFTYPE */ errno = ENXIO; # endif /* EFTYPE */ # endif /* ENOSYS */ return FALSE; } /* Comma separate if used as an alias file */ if (map->map_coldelim == '\0' && bitset(MF_ALIAS, map->map_mflags)) map->map_coldelim = ','; lmap = (LDAPMAP_STRUCT *) map->map_db1; s = ldapmap_findconn(lmap); if (s->s_ldap != NULL) { /* Already have a connection open to this LDAP server */ lmap->ldap_ld = s->s_ldap; if (tTd(38, 2)) dprintf("using cached connection\n"); return TRUE; } if (tTd(38, 2)) dprintf("opening new connection\n"); /* No connection yet, connect */ if (!ldapmap_start(map)) return FALSE; /* Save connection for reuse */ s->s_ldap = lmap->ldap_ld; return TRUE; } /* ** LDAPMAP_START -- actually connect to an LDAP server ** ** Parameters: ** map -- the map being opened. ** ** Returns: ** TRUE if connection is successful, FALSE otherwise. ** ** Side Effects: ** Populates lmap->ldap_ld. */ static jmp_buf LDAPTimeout; static bool ldapmap_start(map) MAP *map; { register int bind_result; int save_errno; register EVENT *ev = NULL; LDAPMAP_STRUCT *lmap; LDAP *ld; if (tTd(38, 2)) dprintf("ldapmap_start(%s)\n", map->map_mname); lmap = (LDAPMAP_STRUCT *) map->map_db1; if (tTd(38,9)) dprintf("ldapmap_start(%s, %d)\n", lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host, lmap->ldap_port); # if USE_LDAP_INIT ld = ldap_init(lmap->ldap_host, lmap->ldap_port); + save_errno = errno; # else /* USE_LDAP_INIT */ /* ** If using ldap_open(), the actual connection to the server ** happens now so we need the timeout here. For ldap_init(), ** the connection happens at bind time. */ /* set the timeout */ if (lmap->ldap_timeout.tv_sec != 0) { if (setjmp(LDAPTimeout) != 0) { if (LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "timeout conning to LDAP server %.100s", lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host); return FALSE; } ev = setevent(lmap->ldap_timeout.tv_sec, ldaptimeout, 0); } ld = ldap_open(lmap->ldap_host, lmap->ldap_port); save_errno = errno; /* clear the event if it has not sprung */ if (ev != NULL) clrevent(ev); # endif /* USE_LDAP_INIT */ errno = save_errno; if (ld == NULL) { if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("%s failed to %s in map %s", # if USE_LDAP_INIT "ldap_init", # else /* USE_LDAP_INIT */ "ldap_open", # endif /* USE_LDAP_INIT */ lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host, map->map_mname); else syserr("421 4.0.0 %s failed to %s in map %s", # if USE_LDAP_INIT "ldap_init", # else /* USE_LDAP_INIT */ "ldap_open", # endif /* USE_LDAP_INIT */ lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host, map->map_mname); } return FALSE; } ldapmap_setopts(ld, lmap); # if USE_LDAP_INIT /* ** If using ldap_init(), the actual connection to the server ** happens at ldap_bind_s() so we need the timeout here. */ /* set the timeout */ if (lmap->ldap_timeout.tv_sec != 0) { if (setjmp(LDAPTimeout) != 0) { if (LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "timeout conning to LDAP server %.100s", lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host); return FALSE; } ev = setevent(lmap->ldap_timeout.tv_sec, ldaptimeout, 0); } # endif /* USE_LDAP_INIT */ # ifdef LDAP_AUTH_KRBV4 if (lmap->ldap_method == LDAP_AUTH_KRBV4 && lmap->ldap_secret != NULL) { /* ** Need to put ticket in environment here instead of ** during parseargs as there may be different tickets ** for different LDAP connections. */ (void) putenv(lmap->ldap_secret); } # endif /* LDAP_AUTH_KRBV4 */ bind_result = ldap_bind_s(ld, lmap->ldap_binddn, lmap->ldap_secret, lmap->ldap_method); # if USE_LDAP_INIT /* clear the event if it has not sprung */ if (ev != NULL) clrevent(ev); # endif /* USE_LDAP_INIT */ if (bind_result != LDAP_SUCCESS) { errno = bind_result + E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { syserr("421 4.0.0 Cannot bind to map %s in ldap server %s", map->map_mname, lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host); } return FALSE; } /* We need to cast ld into the map structure */ lmap->ldap_ld = ld; return TRUE; } /* ARGSUSED */ static void ldaptimeout(sig_no) int sig_no; { longjmp(LDAPTimeout, 1); } /* ** LDAPMAP_CLOSE -- close ldap map */ void ldapmap_close(map) MAP *map; { LDAPMAP_STRUCT *lmap; STAB *s; if (tTd(38, 2)) dprintf("ldapmap_close(%s)\n", map->map_mname); lmap = (LDAPMAP_STRUCT *) map->map_db1; /* Check if already closed */ if (lmap->ldap_ld == NULL) return; s = ldapmap_findconn(lmap); /* Check if already closed */ if (s->s_ldap == NULL) return; /* If same as saved connection, stored connection is going away */ if (s->s_ldap == lmap->ldap_ld) s->s_ldap = NULL; if (lmap->ldap_ld != NULL) { ldap_unbind(lmap->ldap_ld); lmap->ldap_ld = NULL; } } # ifdef SUNET_ID /* ** SUNET_ID_HASH -- Convert a string to it's Sunet_id canonical form ** This only makes sense at Stanford University. */ char * sunet_id_hash(str) char *str; { char *p, *p_last; p = str; p_last = p; while (*p != '\0') { if (islower(*p) || isdigit(*p)) { *p_last = *p; p_last++; } else if (isupper(*p)) { *p_last = tolower(*p); p_last++; } ++p; } if (*p_last != '\0') *p_last = '\0'; return str; } # endif /* SUNET_ID */ /* ** LDAPMAP_LOOKUP -- look up a datum in a LDAP map */ char * ldapmap_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { int i; int entries = 0; int msgid; int ret; int vsize; char *fp, *vp; char *p, *q; char *result = NULL; LDAPMAP_STRUCT *lmap = NULL; char keybuf[MAXNAME + 1]; char filter[LDAPMAP_MAX_FILTER + 1]; if (tTd(38, 20)) dprintf("ldapmap_lookup(%s, %s)\n", map->map_mname, name); /* Get ldap struct pointer from map */ lmap = (LDAPMAP_STRUCT *) map->map_db1; ldapmap_setopts(lmap->ldap_ld, lmap); (void) strlcpy(keybuf, name, sizeof keybuf); if (!bitset(MF_NOFOLDCASE, map->map_mflags)) { # ifdef SUNET_ID sunet_id_hash(keybuf); # else /* SUNET_ID */ makelower(keybuf); # endif /* SUNET_ID */ } /* substitute keybuf into filter, perhaps multiple times */ memset(filter, '\0', sizeof filter); fp = filter; p = lmap->ldap_filter; while ((q = strchr(p, '%')) != NULL) { if (q[1] == 's') { snprintf(fp, SPACELEFT(filter, fp), "%.*s%s", (int) (q - p), p, keybuf); fp += strlen(fp); p = q + 2; } else if (q[1] == '0') { char *k = keybuf; snprintf(fp, SPACELEFT(filter, fp), "%.*s", (int) (q - p), p); fp += strlen(fp); p = q + 2; /* Properly escape LDAP special characters */ while (SPACELEFT(filter, fp) > 0 && *k != '\0') { if (*k == '*' || *k == '(' || *k == ')' || *k == '\\') { (void) strlcat(fp, (*k == '*' ? "\\2A" : (*k == '(' ? "\\28" : (*k == ')' ? "\\29" : (*k == '\\' ? "\\5C" : "\00")))), SPACELEFT(filter, fp)); fp += strlen(fp); k++; } else *fp++ = *k++; } } else { snprintf(fp, SPACELEFT(filter, fp), "%.*s", (int) (q - p + 1), p); p = q + (q[1] == '%' ? 2 : 1); fp += strlen(fp); } } snprintf(fp, SPACELEFT(filter, fp), "%s", p); if (tTd(38, 20)) dprintf("ldap search filter=%s\n", filter); lmap->ldap_res = NULL; msgid = ldap_search(lmap->ldap_ld, lmap->ldap_base, lmap->ldap_scope, filter, (lmap->ldap_attr[0] == NULL ? NULL : lmap->ldap_attr), lmap->ldap_attrsonly); if (msgid == -1) { errno = ldapmap_geterrno(lmap->ldap_ld) + E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("Error in ldap_search using %s in map %s", filter, map->map_mname); else syserr("421 4.0.0 Error in ldap_search using %s in map %s", filter, map->map_mname); } *statp = EX_TEMPFAIL; #ifdef LDAP_SERVER_DOWN if (errno == LDAP_SERVER_DOWN) { int save_errno = errno; /* server disappeared, try reopen on next search */ map->map_class->map_close(map); map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); errno = save_errno; } #endif /* LDAP_SERVER_DOWN */ return NULL; } *statp = EX_NOTFOUND; vp = NULL; /* Get results (all if MF_NOREWRITE, otherwise one by one) */ while ((ret = ldap_result(lmap->ldap_ld, msgid, bitset(MF_NOREWRITE, map->map_mflags), (lmap->ldap_timeout.tv_sec == 0 ? NULL : &(lmap->ldap_timeout)), &(lmap->ldap_res))) == LDAP_RES_SEARCH_ENTRY) { LDAPMessage *entry; if (bitset(MF_SINGLEMATCH, map->map_mflags)) { entries += ldap_count_entries(lmap->ldap_ld, lmap->ldap_res); if (entries > 1) { *statp = EX_NOTFOUND; if (lmap->ldap_res != NULL) { ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } (void) ldap_abandon(lmap->ldap_ld, msgid); if (vp != NULL) free(vp); if (tTd(38, 25)) dprintf("ldap search found multiple on a single match query\n"); return NULL; } } /* If we don't want multiple values and we have one, break */ if (map->map_coldelim == '\0' && vp != NULL) break; /* Cycle through all entries */ for (entry = ldap_first_entry(lmap->ldap_ld, lmap->ldap_res); entry != NULL; entry = ldap_next_entry(lmap->ldap_ld, lmap->ldap_res)) { BerElement *ber; char *attr; char **vals = NULL; /* ** If matching only and found an entry, ** no need to spin through attributes */ if (*statp == EX_OK && bitset(MF_MATCHONLY, map->map_mflags)) continue; # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT) /* ** Reset value to prevent lingering ** LDAP_DECODING_ERROR due to ** OpenLDAP 1.X's hack (see below) */ lmap->ldap_ld->ld_errno = LDAP_SUCCESS; # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */ for (attr = ldap_first_attribute(lmap->ldap_ld, entry, &ber); attr != NULL; attr = ldap_next_attribute(lmap->ldap_ld, entry, ber)) { char *tmp, *vp_tmp; if (lmap->ldap_attrsonly == LDAPMAP_FALSE) { vals = ldap_get_values(lmap->ldap_ld, entry, attr); if (vals == NULL) { errno = ldapmap_geterrno(lmap->ldap_ld); if (errno == LDAP_SUCCESS) continue; /* Must be an error */ errno += E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("Error getting LDAP values in map %s", map->map_mname); else syserr("421 4.0.0 Error getting LDAP values in map %s", map->map_mname); } *statp = EX_TEMPFAIL; # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ if (lmap->ldap_res != NULL) { ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } (void) ldap_abandon(lmap->ldap_ld, msgid); if (vp != NULL) free(vp); return NULL; } } *statp = EX_OK; # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT) /* ** Reset value to prevent lingering ** LDAP_DECODING_ERROR due to ** OpenLDAP 1.X's hack (see below) */ lmap->ldap_ld->ld_errno = LDAP_SUCCESS; # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */ /* ** If matching only, ** no need to spin through entries */ if (bitset(MF_MATCHONLY, map->map_mflags)) continue; /* ** If we don't want multiple values, ** return first found. */ if (map->map_coldelim == '\0') { if (lmap->ldap_attrsonly == LDAPMAP_TRUE) { vp = newstr(attr); # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ break; } if (vals[0] == NULL) { ldap_value_free(vals); # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ continue; } vp = newstr(vals[0]); ldap_value_free(vals); # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ break; } /* attributes only */ if (lmap->ldap_attrsonly == LDAPMAP_TRUE) { if (vp == NULL) vp = newstr(attr); else { vsize = strlen(vp) + strlen(attr) + 2; tmp = xalloc(vsize); snprintf(tmp, vsize, "%s%c%s", vp, map->map_coldelim, attr); free(vp); vp = tmp; } # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ continue; } /* ** If there is more than one, ** munge then into a map_coldelim ** separated string */ vsize = 0; for (i = 0; vals[i] != NULL; i++) vsize += strlen(vals[i]) + 1; vp_tmp = xalloc(vsize); *vp_tmp = '\0'; p = vp_tmp; for (i = 0; vals[i] != NULL; i++) { p += strlcpy(p, vals[i], vsize - (p - vp_tmp)); if (p >= vp_tmp + vsize) syserr("ldapmap_lookup: Internal error: buffer too small for LDAP values"); if (vals[i + 1] != NULL) *p++ = map->map_coldelim; } ldap_value_free(vals); # if USING_NETSCAPE_LDAP ldap_memfree(attr); # endif /* USING_NETSCAPE_LDAP */ if (vp == NULL) { vp = vp_tmp; continue; } vsize = strlen(vp) + strlen(vp_tmp) + 2; tmp = xalloc(vsize); snprintf(tmp, vsize, "%s%c%s", vp, map->map_coldelim, vp_tmp); free(vp); free(vp_tmp); vp = tmp; } errno = ldapmap_geterrno(lmap->ldap_ld); /* ** We check errno != LDAP_DECODING_ERROR since ** OpenLDAP 1.X has a very ugly *undocumented* ** hack of returning this error code from ** ldap_next_attribute() if the library freed the ** ber attribute. See: ** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html */ if (errno != LDAP_SUCCESS && errno != LDAP_DECODING_ERROR) { /* Must be an error */ errno += E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("Error getting LDAP attributes in map %s", map->map_mname); else syserr("421 4.0.0 Error getting LDAP attributes in map %s", map->map_mname); } *statp = EX_TEMPFAIL; if (lmap->ldap_res != NULL) { ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } (void) ldap_abandon(lmap->ldap_ld, msgid); if (vp != NULL) free(vp); return NULL; } /* We don't want multiple values and we have one */ if (map->map_coldelim == '\0' && vp != NULL) break; } errno = ldapmap_geterrno(lmap->ldap_ld); if (errno != LDAP_SUCCESS && errno != LDAP_DECODING_ERROR) { /* Must be an error */ errno += E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("Error getting LDAP entries in map %s", map->map_mname); else syserr("421 4.0.0 Error getting LDAP entries in map %s", map->map_mname); } *statp = EX_TEMPFAIL; if (lmap->ldap_res != NULL) { ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } (void) ldap_abandon(lmap->ldap_ld, msgid); if (vp != NULL) free(vp); return NULL; } ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } /* ** If grabbing all results at once for MF_NOREWRITE and ** only want a single match, make sure that's all we have */ if (ret == LDAP_RES_SEARCH_RESULT && bitset(MF_NOREWRITE|MF_SINGLEMATCH, map->map_mflags)) { entries += ldap_count_entries(lmap->ldap_ld, lmap->ldap_res); if (entries > 1) { *statp = EX_NOTFOUND; if (lmap->ldap_res != NULL) { ldap_msgfree(lmap->ldap_res); lmap->ldap_res = NULL; } if (vp != NULL) free(vp); return NULL; } *statp = EX_OK; } if (ret == 0) errno = ETIMEDOUT; else errno = ldapmap_geterrno(lmap->ldap_ld); if (errno != LDAP_SUCCESS) { /* Must be an error */ if (ret != 0) errno += E_LDAPBASE; if (!bitset(MF_OPTIONAL, map->map_mflags)) { if (bitset(MF_NODEFER, map->map_mflags)) syserr("Error getting LDAP results in map %s", map->map_mname); else syserr("421 4.0.0 Error getting LDAP results in map %s", map->map_mname); } *statp = EX_TEMPFAIL; if (vp != NULL) free(vp); return NULL; } /* Did we match anything? */ - if (vp == NULL) + if (vp == NULL && !bitset(MF_MATCHONLY, map->map_mflags)) return NULL; /* ** If MF_NOREWRITE, we are special map which doesn't ** actually return a map value. Instead, we don't free ** ldap_res and let the calling function process the LDAP ** results. The caller should ldap_msgfree(lmap->ldap_res). */ if (bitset(MF_NOREWRITE, map->map_mflags)) { - /* vp != NULL due to test above */ - free(vp); + if (vp != NULL) + free(vp); return ""; } if (*statp == EX_OK) { - /* vp != NULL due to test above */ if (LogLevel > 9) sm_syslog(LOG_INFO, CurEnv->e_id, - "ldap %.100s => %s", name, vp); + "ldap %.100s => %s", name, + vp == NULL ? "" : vp); if (bitset(MF_MATCHONLY, map->map_mflags)) result = map_rewrite(map, name, strlen(name), NULL); else + { + /* vp != NULL according to test above */ result = map_rewrite(map, vp, strlen(vp), av); - free(vp); + } + if (vp != NULL) + free(vp); } return result; } /* ** LDAPMAP_FINDCONN -- find an LDAP connection to the server ** ** Cache LDAP connections based on the host, port, bind DN, ** secret, and PID so we don't have multiple connections open to ** the same server for different maps. Need a separate connection ** per PID since a parent process may close the map before the ** child is done with it. ** ** Parameters: ** lmap -- LDAP map information ** ** Returns: ** Symbol table entry for the LDAP connection. ** */ static STAB * ldapmap_findconn(lmap) LDAPMAP_STRUCT *lmap; { int len; char *nbuf; STAB *s; len = (lmap->ldap_host == NULL ? strlen("localhost") : strlen(lmap->ldap_host)) + 1 + 8 + 1 + (lmap->ldap_binddn == NULL ? 0 : strlen(lmap->ldap_binddn)) + 1 + (lmap->ldap_secret == NULL ? 0 : strlen(lmap->ldap_secret)) + 8 + 1; nbuf = xalloc(len); snprintf(nbuf, len, "%s%c%d%c%s%c%s%d", (lmap->ldap_host == NULL ? "localhost" : lmap->ldap_host), CONDELSE, lmap->ldap_port, CONDELSE, (lmap->ldap_binddn == NULL ? "" : lmap->ldap_binddn), CONDELSE, (lmap->ldap_secret == NULL ? "" : lmap->ldap_secret), getpid()); s = stab(nbuf, ST_LDAP, ST_ENTER); free(nbuf); return s; } /* ** LDAPMAP_SETOPTS -- set LDAP options ** ** Parameters: ** ld -- LDAP session handle ** lmap -- LDAP map information ** ** Returns: ** None. ** */ static void ldapmap_setopts(ld, lmap) LDAP *ld; LDAPMAP_STRUCT *lmap; { # if USE_LDAP_SET_OPTION ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref); if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options)) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON); else ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit); ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit); # else /* USE_LDAP_SET_OPTION */ /* From here on in we can use ldap internal timelimits */ ld->ld_deref = lmap->ldap_deref; ld->ld_options = lmap->ldap_options; ld->ld_sizelimit = lmap->ldap_sizelimit; ld->ld_timelimit = lmap->ldap_timelimit; # endif /* USE_LDAP_SET_OPTION */ } /* ** LDAPMAP_GETERRNO -- get ldap errno value ** ** Parameters: ** ld -- LDAP session handle ** ** Returns: ** LDAP errno. ** */ static int ldapmap_geterrno(ld) LDAP *ld; { int err = LDAP_SUCCESS; # if defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 (void) ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err); # else /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */ # ifdef LDAP_OPT_SIZELIMIT err = ldap_get_lderrno(ld, NULL, NULL); # else /* LDAP_OPT_SIZELIMIT */ err = ld->ld_errno; /* ** Reset value to prevent lingering LDAP_DECODING_ERROR due to ** OpenLDAP 1.X's hack (see above) */ ld->ld_errno = LDAP_SUCCESS; # endif /* LDAP_OPT_SIZELIMIT */ # endif /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */ return err; } /* ** LDAPX_MAP_PARSEARGS -- print warning about use of ldapx map. */ bool ldapx_map_parseargs(map, args) MAP *map; char *args; { printf("Warning: The \"ldapx\" map class is deprecated and will be removed in a future\n"); printf(" version. Use the \"ldap\" map class instead for map \"%s\".\n", map->map_mname); return ldapmap_parseargs(map, args); } /* ** LDAPMAP_PARSEARGS -- parse ldap map definition args. */ struct lamvalues LDAPAuthMethods[] = { { "none", LDAP_AUTH_NONE }, { "simple", LDAP_AUTH_SIMPLE }, # ifdef LDAP_AUTH_KRBV4 { "krbv4", LDAP_AUTH_KRBV4 }, # endif /* LDAP_AUTH_KRBV4 */ { NULL, 0 } }; struct ladvalues LDAPAliasDereference[] = { { "never", LDAP_DEREF_NEVER }, { "always", LDAP_DEREF_ALWAYS }, { "search", LDAP_DEREF_SEARCHING }, { "find", LDAP_DEREF_FINDING }, { NULL, 0 } }; struct lssvalues LDAPSearchScope[] = { { "base", LDAP_SCOPE_BASE }, { "one", LDAP_SCOPE_ONELEVEL }, { "sub", LDAP_SCOPE_SUBTREE }, { NULL, 0 } }; bool ldapmap_parseargs(map, args) MAP *map; char *args; { bool secretread = TRUE; int i; register char *p = args; LDAPMAP_STRUCT *lmap; struct lamvalues *lam; struct ladvalues *lad; struct lssvalues *lss; char m_tmp[MAXPATHLEN + LDAPMAP_MAX_PASSWD]; /* Get ldap struct pointer from map */ lmap = (LDAPMAP_STRUCT *) map->map_db1; /* Check if setting the initial LDAP defaults */ if (lmap == NULL || lmap != LDAPDefaults) { /* We need to alloc an LDAPMAP_STRUCT struct */ lmap = (LDAPMAP_STRUCT *) xalloc(sizeof *lmap); if (LDAPDefaults == NULL) ldapmap_clear(lmap); else STRUCTCOPY(*LDAPDefaults, *lmap); } /* there is no check whether there is really an argument */ map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL; map->map_spacesub = SpaceSub; /* default value */ for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'N': map->map_mflags |= MF_INCLNULL; map->map_mflags &= ~MF_TRY0NULL; break; case 'O': map->map_mflags &= ~MF_TRY1NULL; break; case 'o': map->map_mflags |= MF_OPTIONAL; break; case 'f': map->map_mflags |= MF_NOFOLDCASE; break; case 'm': map->map_mflags |= MF_MATCHONLY; break; case 'A': map->map_mflags |= MF_APPEND; break; case 'q': map->map_mflags |= MF_KEEPQUOTES; break; case 'a': map->map_app = ++p; break; case 'T': map->map_tapp = ++p; break; case 't': map->map_mflags |= MF_NODEFER; break; case 'S': map->map_spacesub = *++p; break; case 'D': map->map_mflags |= MF_DEFER; break; case 'z': if (*++p != '\\') map->map_coldelim = *p; else { switch (*++p) { case 'n': map->map_coldelim = '\n'; break; case 't': map->map_coldelim = '\t'; break; default: map->map_coldelim = '\\'; } } break; /* Start of ldapmap specific args */ case 'k': /* search field */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_filter = p; break; case 'v': /* attr to return */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_attr[0] = p; lmap->ldap_attr[1] = NULL; break; case '1': map->map_mflags |= MF_SINGLEMATCH; break; /* args stolen from ldapsearch.c */ case 'R': /* don't auto chase referrals */ # ifdef LDAP_REFERRALS lmap->ldap_options &= ~LDAP_OPT_REFERRALS; # else /* LDAP_REFERRALS */ syserr("compile with -DLDAP_REFERRALS for referral support\n"); # endif /* LDAP_REFERRALS */ break; case 'n': /* retrieve attribute names only */ lmap->ldap_attrsonly = LDAPMAP_TRUE; break; case 'r': /* alias dereferencing */ while (isascii(*++p) && isspace(*p)) continue; if (strncasecmp(p, "LDAP_DEREF_", 11) == 0) p += 11; for (lad = LDAPAliasDereference; lad != NULL && lad->lad_name != NULL; lad++) { if (strncasecmp(p, lad->lad_name, strlen(lad->lad_name)) == 0) break; } if (lad->lad_name != NULL) lmap->ldap_deref = lad->lad_code; else { /* bad config line */ if (!bitset(MCF_OPTFILE, map->map_class->map_cflags)) { char *ptr; if ((ptr = strchr(p, ' ')) != NULL) *ptr = '\0'; syserr("Deref must be [never|always|search|find] not %s in map %s", p, map->map_mname); if (ptr != NULL) *ptr = ' '; return FALSE; } } break; case 's': /* search scope */ while (isascii(*++p) && isspace(*p)) continue; if (strncasecmp(p, "LDAP_SCOPE_", 11) == 0) p += 11; for (lss = LDAPSearchScope; lss != NULL && lss->lss_name != NULL; lss++) { if (strncasecmp(p, lss->lss_name, strlen(lss->lss_name)) == 0) break; } if (lss->lss_name != NULL) lmap->ldap_scope = lss->lss_code; else { /* bad config line */ if (!bitset(MCF_OPTFILE, map->map_class->map_cflags)) { char *ptr; if ((ptr = strchr(p, ' ')) != NULL) *ptr = '\0'; syserr("Scope must be [base|one|sub] not %s in map %s", p, map->map_mname); if (ptr != NULL) *ptr = ' '; return FALSE; } } break; case 'h': /* ldap host */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_host = p; break; case 'b': /* search base */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_base = p; break; case 'p': /* ldap port */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_port = atoi(p); break; case 'l': /* time limit */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_timelimit = atoi(p); lmap->ldap_timeout.tv_sec = lmap->ldap_timelimit; break; case 'Z': while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_sizelimit = atoi(p); break; case 'd': /* Dn to bind to server as */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_binddn = p; break; case 'M': /* Method for binding */ while (isascii(*++p) && isspace(*p)) continue; if (strncasecmp(p, "LDAP_AUTH_", 10) == 0) p += 10; for (lam = LDAPAuthMethods; lam != NULL && lam->lam_name != NULL; lam++) { if (strncasecmp(p, lam->lam_name, strlen(lam->lam_name)) == 0) break; } if (lam->lam_name != NULL) lmap->ldap_method = lam->lam_code; else { /* bad config line */ if (!bitset(MCF_OPTFILE, map->map_class->map_cflags)) { char *ptr; if ((ptr = strchr(p, ' ')) != NULL) *ptr = '\0'; syserr("Method for binding must be [none|simple|krbv4] not %s in map %s", p, map->map_mname); if (ptr != NULL) *ptr = ' '; return FALSE; } } break; /* ** This is a string that is dependent on the ** method used defined above. */ case 'P': /* Secret password for binding */ while (isascii(*++p) && isspace(*p)) continue; lmap->ldap_secret = p; secretread = FALSE; break; default: syserr("Illegal option %c map %s", *p, map->map_mname); break; } /* need to account for quoted strings here */ while (*p != '\0' && !(isascii(*p) && isspace(*p))) { if (*p == '"') { while (*++p != '"' && *p != '\0') continue; if (*p != '\0') p++; } else p++; } if (*p != '\0') *p++ = '\0'; } if (map->map_app != NULL) map->map_app = newstr(ldapmap_dequote(map->map_app)); if (map->map_tapp != NULL) map->map_tapp = newstr(ldapmap_dequote(map->map_tapp)); /* ** We need to swallow up all the stuff into a struct ** and dump it into map->map_dbptr1 */ if (lmap->ldap_host != NULL && (LDAPDefaults == NULL || LDAPDefaults == lmap || LDAPDefaults->ldap_host != lmap->ldap_host)) lmap->ldap_host = newstr(ldapmap_dequote(lmap->ldap_host)); map->map_domain = lmap->ldap_host; if (lmap->ldap_binddn != NULL && (LDAPDefaults == NULL || LDAPDefaults == lmap || LDAPDefaults->ldap_binddn != lmap->ldap_binddn)) lmap->ldap_binddn = newstr(ldapmap_dequote(lmap->ldap_binddn)); if (lmap->ldap_secret != NULL && (LDAPDefaults == NULL || LDAPDefaults == lmap || LDAPDefaults->ldap_secret != lmap->ldap_secret)) { FILE *sfd; long sff = SFF_OPENASROOT|SFF_ROOTOK|SFF_NOWLINK|SFF_NOWWFILES|SFF_NOGWFILES; if (DontLockReadFiles) sff |= SFF_NOLOCK; /* need to use method to map secret to passwd string */ switch (lmap->ldap_method) { case LDAP_AUTH_NONE: /* Do nothing */ break; case LDAP_AUTH_SIMPLE: /* ** Secret is the name of a file with ** the first line as the password. */ /* Already read in the secret? */ if (secretread) break; sfd = safefopen(ldapmap_dequote(lmap->ldap_secret), O_RDONLY, 0, sff); if (sfd == NULL) { syserr("LDAP map: cannot open secret %s", ldapmap_dequote(lmap->ldap_secret)); return FALSE; } lmap->ldap_secret = sfgets(m_tmp, LDAPMAP_MAX_PASSWD, sfd, TimeOuts.to_fileopen, "ldapmap_parseargs"); (void) fclose(sfd); if (lmap->ldap_secret != NULL && strlen(m_tmp) > 0) { /* chomp newline */ if (m_tmp[strlen(m_tmp) - 1] == '\n') m_tmp[strlen(m_tmp) - 1] = '\0'; lmap->ldap_secret = m_tmp; } break; # ifdef LDAP_AUTH_KRBV4 case LDAP_AUTH_KRBV4: /* ** Secret is where the ticket file is ** stashed */ snprintf(m_tmp, MAXPATHLEN + LDAPMAP_MAX_PASSWD, "KRBTKFILE=%s", ldapmap_dequote(lmap->ldap_secret)); lmap->ldap_secret = m_tmp; break; # endif /* LDAP_AUTH_KRBV4 */ default: /* Should NEVER get here */ syserr("LDAP map: Illegal value in lmap method"); return FALSE; break; } } if (lmap->ldap_secret != NULL && (LDAPDefaults == NULL || LDAPDefaults == lmap || LDAPDefaults->ldap_secret != lmap->ldap_secret)) lmap->ldap_secret = newstr(ldapmap_dequote(lmap->ldap_secret)); if (lmap->ldap_base != NULL && (LDAPDefaults == NULL || LDAPDefaults == lmap || LDAPDefaults->ldap_base != lmap->ldap_base)) lmap->ldap_base = newstr(ldapmap_dequote(lmap->ldap_base)); /* ** Save the server from extra work. If request is for a single ** match, tell the server to only return enough records to ** determine if there is a single match or not. This can not ** be one since the server would only return one and we wouldn't ** know if there were others available. */ if (bitset(MF_SINGLEMATCH, map->map_mflags)) lmap->ldap_sizelimit = 2; /* If setting defaults, don't process ldap_filter and ldap_attr */ if (lmap == LDAPDefaults) return TRUE; if (lmap->ldap_filter != NULL) lmap->ldap_filter = newstr(ldapmap_dequote(lmap->ldap_filter)); else { if (!bitset(MCF_OPTFILE, map->map_class->map_cflags)) { syserr("No filter given in map %s", map->map_mname); return FALSE; } } if (lmap->ldap_attr[0] != NULL) { i = 0; p = ldapmap_dequote(lmap->ldap_attr[0]); lmap->ldap_attr[0] = NULL; while (p != NULL) { char *v; while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; v = p; p = strchr(v, ','); if (p != NULL) *p++ = '\0'; - if (i == LDAPMAP_MAX_ATTR) + if (i >= LDAPMAP_MAX_ATTR) { syserr("Too many return attributes in %s (max %d)", map->map_mname, LDAPMAP_MAX_ATTR); return FALSE; } if (*v != '\0') lmap->ldap_attr[i++] = newstr(v); } lmap->ldap_attr[i] = NULL; } map->map_db1 = (ARBPTR_T) lmap; return TRUE; } /* ** LDAPMAP_CLEAR -- set default values for LDAPMAP_STRUCT ** ** Parameters: ** lmap -- pointer to LDAPMAP_STRUCT to clear ** ** Returns: ** None. ** */ static void ldapmap_clear(lmap) LDAPMAP_STRUCT *lmap; { lmap->ldap_host = NULL; lmap->ldap_port = LDAP_PORT; lmap->ldap_deref = LDAP_DEREF_NEVER; lmap->ldap_timelimit = LDAP_NO_LIMIT; lmap->ldap_sizelimit = LDAP_NO_LIMIT; # ifdef LDAP_REFERRALS lmap->ldap_options = LDAP_OPT_REFERRALS; # else /* LDAP_REFERRALS */ lmap->ldap_options = 0; # endif /* LDAP_REFERRALS */ lmap->ldap_binddn = NULL; lmap->ldap_secret = NULL; lmap->ldap_method = LDAP_AUTH_SIMPLE; lmap->ldap_base = NULL; lmap->ldap_scope = LDAP_SCOPE_SUBTREE; lmap->ldap_attrsonly = LDAPMAP_FALSE; lmap->ldap_timeout.tv_sec = 0; lmap->ldap_timeout.tv_usec = 0; lmap->ldap_ld = NULL; lmap->ldap_filter = NULL; lmap->ldap_attr[0] = NULL; lmap->ldap_res = NULL; } /* ** LDAPMAP_SET_DEFAULTS -- Read default map spec from LDAPDefaults in .cf ** ** Parameters: ** spec -- map argument string from LDAPDefaults option ** ** Returns: ** None. ** */ void ldapmap_set_defaults(spec) char *spec; { MAP map; /* Allocate and set the default values */ if (LDAPDefaults == NULL) LDAPDefaults = (LDAPMAP_STRUCT *) xalloc(sizeof *LDAPDefaults); ldapmap_clear(LDAPDefaults); memset(&map, '\0', sizeof map); map.map_db1 = (ARBPTR_T) LDAPDefaults; (void) ldapmap_parseargs(&map, spec); /* These should never be set in LDAPDefaults */ if (map.map_mflags != (MF_TRY0NULL|MF_TRY1NULL) || map.map_spacesub != SpaceSub || map.map_app != NULL || map.map_tapp != NULL) { syserr("readcf: option LDAPDefaultSpec: Do not set non-LDAP specific flags"); if (map.map_app != NULL) { free(map.map_app); map.map_app = NULL; } if (map.map_tapp != NULL) { free(map.map_tapp); map.map_tapp = NULL; } } if (LDAPDefaults->ldap_filter != NULL) { syserr("readcf: option LDAPDefaultSpec: Do not set the LDAP search filter"); /* don't free, it isn't malloc'ed in parseargs */ LDAPDefaults->ldap_filter = NULL; } if (LDAPDefaults->ldap_attr[0] != NULL) { syserr("readcf: option LDAPDefaultSpec: Do not set the requested LDAP attributes"); /* don't free, they aren't malloc'ed in parseargs */ LDAPDefaults->ldap_attr[0] = NULL; } } #endif /* LDAPMAP */ /* ** PH map */ #ifdef PH_MAP /* ** Support for the CCSO Nameserver (ph/qi). ** This code is intended to replace the so-called "ph mailer". ** Contributed by Mark D. Roth . Contact him for support. */ # include # include /* ** PH_MAP_PARSEARGS -- parse ph map definition args. */ bool ph_map_parseargs(map, args) MAP *map; char *args; { int i; register int done; PH_MAP_STRUCT *pmap = NULL; register char *p = args; pmap = (PH_MAP_STRUCT *) xalloc(sizeof *pmap); /* defaults */ pmap->ph_servers = NULL; pmap->ph_field_list = NULL; pmap->ph_to_server = NULL; pmap->ph_from_server = NULL; pmap->ph_sockfd = -1; pmap->ph_timeout = 0; map->map_mflags |= MF_TRY0NULL|MF_TRY1NULL; for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'N': map->map_mflags |= MF_INCLNULL; map->map_mflags &= ~MF_TRY0NULL; break; case 'O': map->map_mflags &= ~MF_TRY1NULL; break; case 'o': map->map_mflags |= MF_OPTIONAL; break; case 'f': map->map_mflags |= MF_NOFOLDCASE; break; case 'm': map->map_mflags |= MF_MATCHONLY; break; case 'A': map->map_mflags |= MF_APPEND; break; case 'q': map->map_mflags |= MF_KEEPQUOTES; break; case 't': map->map_mflags |= MF_NODEFER; break; case 'a': map->map_app = ++p; break; case 'T': map->map_tapp = ++p; break; #if _FFR_PHMAP_TIMEOUT case 'l': while (isascii(*++p) && isspace(*p)) continue; pmap->ph_timeout = atoi(p); break; #endif /* _FFR_PHMAP_TIMEOUT */ case 'S': map->map_spacesub = *++p; break; case 'D': map->map_mflags |= MF_DEFER; break; case 'h': /* PH server list */ while (isascii(*++p) && isspace(*p)) continue; pmap->ph_servers = p; break; case 'v': /* fields to search for */ while (isascii(*++p) && isspace(*p)) continue; pmap->ph_field_list = p; break; default: syserr("ph_map_parseargs: unknown option -%c\n", *p); } /* try to account for quoted strings */ done = isascii(*p) && isspace(*p); while (*p != '\0' && !done) { if (*p == '"') { while (*++p != '"' && *p != '\0') continue; if (*p != '\0') p++; } else p++; done = isascii(*p) && isspace(*p); } if (*p != '\0') *p++ = '\0'; } if (map->map_app != NULL) map->map_app = newstr(ph_map_dequote(map->map_app)); if (map->map_tapp != NULL) map->map_tapp = newstr(ph_map_dequote(map->map_tapp)); if (pmap->ph_field_list != NULL) pmap->ph_field_list = newstr(ph_map_dequote(pmap->ph_field_list)); else pmap->ph_field_list = DEFAULT_PH_MAP_FIELDS; if (pmap->ph_servers != NULL) pmap->ph_servers = newstr(ph_map_dequote(pmap->ph_servers)); else { syserr("ph_map_parseargs: -h flag is required"); return FALSE; } map->map_db1 = (ARBPTR_T) pmap; return TRUE; } #if _FFR_PHMAP_TIMEOUT /* ** PH_MAP_CLOSE -- close the connection to the ph server */ static void ph_map_safeclose(map) MAP *map; { int save_errno = errno; PH_MAP_STRUCT *pmap; pmap = (PH_MAP_STRUCT *)map->map_db1; if (pmap->ph_sockfd != -1) { (void) close(pmap->ph_sockfd); pmap->ph_sockfd = -1; } if (pmap->ph_from_server != NULL) { (void) fclose(pmap->ph_from_server); pmap->ph_from_server = NULL; } if (pmap->ph_to_server != NULL) { (void) fclose(pmap->ph_to_server); pmap->ph_to_server = NULL; } map->map_mflags &= ~(MF_OPEN|MF_WRITABLE); errno = save_errno; } void ph_map_close(map) MAP *map; { PH_MAP_STRUCT *pmap; pmap = (PH_MAP_STRUCT *)map->map_db1; (void) fprintf(pmap->ph_to_server, "quit\n"); (void) fflush(pmap->ph_to_server); ph_map_safeclose(map); } static jmp_buf PHTimeout; /* ARGSUSED */ static void ph_timeout_func(sig_no) int sig_no; { longjmp(PHTimeout, 1); } #else /* _FFR_PHMAP_TIMEOUT */ /* ** PH_MAP_CLOSE -- close the connection to the ph server */ void ph_map_close(map) MAP *map; { PH_MAP_STRUCT *pmap; pmap = (PH_MAP_STRUCT *)map->map_db1; CloseQi(pmap->ph_to_server, pmap->ph_from_server); pmap->ph_to_server = NULL; pmap->ph_from_server = NULL; } #endif /* _FFR_PHMAP_TIMEOUT */ /* ** PH_MAP_OPEN -- sub for opening PH map */ bool ph_map_open(map, mode) MAP *map; int mode; { #if !_FFR_PHMAP_TIMEOUT int save_errno = 0; #endif /* !_FFR_PHMAP_TIMEOUT */ int j; char *hostlist, *tmp; QIR *server_data = NULL; PH_MAP_STRUCT *pmap; #if _FFR_PHMAP_TIMEOUT register EVENT *ev = NULL; #endif /* _FFR_PHMAP_TIMEOUT */ if (tTd(38, 2)) dprintf("ph_map_open(%s)\n", map->map_mname); mode &= O_ACCMODE; if (mode != O_RDONLY) { /* issue a pseudo-error message */ # ifdef ENOSYS errno = ENOSYS; # else /* ENOSYS */ # ifdef EFTYPE errno = EFTYPE; # else /* EFTYPE */ errno = ENXIO; # endif /* EFTYPE */ # endif /* ENOSYS */ return FALSE; } if (CurEnv != NULL && CurEnv->e_sendmode == SM_DEFER && bitset(MF_DEFER, map->map_mflags)) { if (tTd(9, 1)) dprintf("ph_map_open(%s) => DEFERRED\n", - map->map_mname); + map->map_mname); /* ** Unset MF_DEFER here so that map_lookup() returns ** a temporary failure using the bogus map and ** map->map_tapp instead of the default permanent error. */ map->map_mflags &= ~MF_DEFER; return FALSE; } pmap = (PH_MAP_STRUCT *)map->map_db1; hostlist = newstr(pmap->ph_servers); tmp = strtok(hostlist, " "); do { #if _FFR_PHMAP_TIMEOUT if (pmap->ph_timeout != 0) { if (setjmp(PHTimeout) != 0) { ev = NULL; if (LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "timeout connecting to PH server %.100s", tmp); # ifdef ETIMEDOUT errno = ETIMEDOUT; # else /* ETIMEDOUT */ errno = EAGAIN; # endif /* ETIMEDOUT */ goto ph_map_open_abort; } ev = setevent(pmap->ph_timeout, ph_timeout_func, 0); } if (!OpenQiSock(tmp, &(pmap->ph_sockfd)) && !Sock2FILEs(pmap->ph_sockfd, &(pmap->ph_to_server), &(pmap->ph_from_server)) && fprintf(pmap->ph_to_server, "id sendmail+phmap\n") >= 0 && fflush(pmap->ph_to_server) == 0 && (server_data = ReadQi(pmap->ph_from_server, &j)) != NULL && server_data->code == 200) { if (ev != NULL) clrevent(ev); FreeQIR(server_data); #else /* _FFR_PHMAP_TIMEOUT */ if (OpenQi(tmp, &(pmap->ph_to_server), &(pmap->ph_from_server)) >= 0) { if (fprintf(pmap->ph_to_server, "id sendmail+phmap\n") < 0 || fflush(pmap->ph_to_server) < 0 || (server_data = ReadQi(pmap->ph_from_server, &j)) == NULL || server_data->code != 200) { save_errno = errno; CloseQi(pmap->ph_to_server, pmap->ph_from_server); continue; } if (server_data != NULL) FreeQIR(server_data); #endif /* _FFR_PHMAP_TIMEOUT */ free(hostlist); return TRUE; } #if _FFR_PHMAP_TIMEOUT ph_map_open_abort: if (ev != NULL) clrevent(ev); ph_map_safeclose(map); if (server_data != NULL) { FreeQIR(server_data); server_data = NULL; } #else /* _FFR_PHMAP_TIMEOUT */ save_errno = errno; #endif /* _FFR_PHMAP_TIMEOUT */ } while (tmp = strtok(NULL, " ")); #if !_FFR_PHMAP_TIMEOUT errno = save_errno; #endif /* !_FFR_PHMAP_TIMEOUT */ if (bitset(MF_NODEFER, map->map_mflags)) { if (errno == 0) errno = EAGAIN; syserr("ph_map_open: %s: cannot connect to PH server", map->map_mname); } else if (!bitset(MF_OPTIONAL, map->map_mflags) && LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "ph_map_open: %s: cannot connect to PH server", map->map_mname); free(hostlist); return FALSE; } /* ** PH_MAP_LOOKUP -- look up key from ph server */ #if _FFR_PHMAP_TIMEOUT # define MAX_PH_FIELDS 20 #endif /* _FFR_PHMAP_TIMEOUT */ char * ph_map_lookup(map, key, args, pstat) MAP *map; char *key; char **args; int *pstat; { int j; size_t sz; char *tmp, *tmp2; char *message = NULL, *field = NULL, *fmtkey; QIR *server_data = NULL; QIR *qirp; char keybuf[MAXKEY + 1], fieldbuf[101]; #if _FFR_PHMAP_TIMEOUT QIR *hold_data[MAX_PH_FIELDS]; int hold_data_idx = 0; register EVENT *ev = NULL; #endif /* _FFR_PHMAP_TIMEOUT */ PH_MAP_STRUCT *pmap; pmap = (PH_MAP_STRUCT *)map->map_db1; *pstat = EX_OK; #if _FFR_PHMAP_TIMEOUT if (pmap->ph_timeout != 0) { if (setjmp(PHTimeout) != 0) { ev = NULL; if (LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "timeout during PH lookup of %.100s", key); # ifdef ETIMEDOUT errno = ETIMEDOUT; # else /* ETIMEDOUT */ errno = 0; # endif /* ETIMEDOUT */ *pstat = EX_TEMPFAIL; goto ph_map_lookup_abort; } ev = setevent(pmap->ph_timeout, ph_timeout_func, 0); } #endif /* _FFR_PHMAP_TIMEOUT */ /* check all relevant fields */ tmp = pmap->ph_field_list; do { #if _FFR_PHMAP_TIMEOUT server_data = NULL; #endif /* _FFR_PHMAP_TIMEOUT */ while (isascii(*tmp) && isspace(*tmp)) tmp++; if (*tmp == '\0') break; sz = strcspn(tmp, " ") + 1; if (sz > sizeof fieldbuf) sz = sizeof fieldbuf; (void) strlcpy(fieldbuf, tmp, sz); field = fieldbuf; tmp += sz; (void) strlcpy(keybuf, key, sizeof keybuf); fmtkey = keybuf; if (strcmp(field, "alias") == 0) { /* ** for alias lookups, replace any punctuation ** characters with '-' */ for (tmp2 = fmtkey; *tmp2 != '\0'; tmp2++) { if (isascii(*tmp2) && ispunct(*tmp2)) *tmp2 = '-'; } tmp2 = field; } else if (strcmp(field,"spacedname") == 0) { /* ** for "spaced" name lookups, replace any ** punctuation characters with a space */ for (tmp2 = fmtkey; *tmp2 != '\0'; tmp2++) { if (isascii(*tmp2) && ispunct(*tmp2) && *tmp2 != '*') *tmp2 = ' '; } tmp2 = &(field[6]); } else tmp2 = field; if (LogLevel > 9) sm_syslog(LOG_NOTICE, CurEnv->e_id, "ph_map_lookup: query %s=\"%s\" return email", tmp2, fmtkey); if (tTd(38, 20)) dprintf("ph_map_lookup: query %s=\"%s\" return email\n", tmp2, fmtkey); j = 0; if (fprintf(pmap->ph_to_server, "query %s=%s return email\n", tmp2, fmtkey) < 0) message = "qi query command failed"; else if (fflush(pmap->ph_to_server) < 0) message = "qi fflush failed"; else if ((server_data = ReadQi(pmap->ph_from_server, &j)) == NULL) message = "ReadQi() returned NULL"; #if _FFR_PHMAP_TIMEOUT if ((hold_data[hold_data_idx] = server_data) != NULL) { /* save pointer for later free() */ hold_data_idx++; } #endif /* _FFR_PHMAP_TIMEOUT */ if (server_data == NULL || (server_data->code >= 400 && server_data->code < 500)) { /* temporary failure */ *pstat = EX_TEMPFAIL; #if _FFR_PHMAP_TIMEOUT break; #else /* _FFR_PHMAP_TIMEOUT */ if (server_data != NULL) { FreeQIR(server_data); server_data = NULL; } return NULL; #endif /* _FFR_PHMAP_TIMEOUT */ } /* ** if we found a single match, break out. ** otherwise, try the next field. */ if (j == 1) break; /* ** check for a single response which is an error: ** ReadQi() doesn't set j on error responses, ** but we should stop here instead of moving on if ** it happens (e.g., alias found but email field empty) */ for (qirp = server_data; qirp != NULL && qirp->code < 0; qirp++) { if (tTd(38, 20)) dprintf("ph_map_lookup: QIR: %d:%d:%d:%s\n", qirp->code, qirp->subcode, qirp->field, (qirp->message ? qirp->message : "[NULL]")); if (qirp->code <= -500) { j = 0; goto ph_map_lookup_abort; } } #if _FFR_PHMAP_TIMEOUT } while (*tmp != '\0' && hold_data_idx < MAX_PH_FIELDS); #else /* _FFR_PHMAP_TIMEOUT */ } while (*tmp != '\0'); #endif /* _FFR_PHMAP_TIMEOUT */ ph_map_lookup_abort: #if _FFR_PHMAP_TIMEOUT if (ev != NULL) clrevent(ev); /* ** Return EX_TEMPFAIL if the timer popped ** or we got a temporary PH error */ if (*pstat == EX_TEMPFAIL) ph_map_safeclose(map); /* if we didn't find a single match, bail out */ if (*pstat == EX_OK && j != 1) *pstat = EX_UNAVAILABLE; if (*pstat == EX_OK) { /* ** skip leading whitespace and chop at first address */ for (tmp = server_data->message; isascii(*tmp) && isspace(*tmp); tmp++) continue; for (tmp2 = tmp; *tmp2 != '\0'; tmp2++) { if (isascii(*tmp2) && isspace(*tmp2)) { *tmp2 = '\0'; break; } } if (tTd(38,20)) dprintf("ph_map_lookup: %s => %s\n", key, tmp); if (bitset(MF_MATCHONLY, map->map_mflags)) message = map_rewrite(map, key, strlen(key), NULL); else message = map_rewrite(map, tmp, strlen(tmp), args); } /* ** Deferred free() of returned server_data values ** the deferral is to avoid the risk of a free() being ** interrupted by the event timer. By now the timeout event ** has been cleared and none of the data is still in use. */ while (--hold_data_idx >= 0) { if (hold_data[hold_data_idx] != NULL) FreeQIR(hold_data[hold_data_idx]); } if (*pstat == EX_OK) return message; return NULL; #else /* _FFR_PHMAP_TIMEOUT */ /* if we didn't find a single match, bail out */ if (j != 1) { *pstat = EX_UNAVAILABLE; if (server_data != NULL) { FreeQIR(server_data); server_data = NULL; } return NULL; } /* ** skip leading whitespace and chop at first address */ for (tmp = server_data->message; isascii(*tmp) && isspace(*tmp); tmp++) continue; for (tmp2 = tmp; *tmp2 != '\0'; tmp2++) { if (isascii(*tmp2) && isspace(*tmp2)) { *tmp2 = '\0'; break; } } if (tTd(38,20)) dprintf("ph_map_lookup: %s => %s\n", key, tmp); if (bitset(MF_MATCHONLY, map->map_mflags)) message = map_rewrite(map, key, strlen(key), NULL); else message = map_rewrite(map, tmp, strlen(tmp), args); if (server_data != NULL) { FreeQIR(server_data); server_data = NULL; } return message; #endif /* _FFR_PHMAP_TIMEOUT */ } #endif /* PH_MAP */ /* ** syslog map */ #define map_prio map_lockfd /* overload field */ /* ** SYSLOG_MAP_PARSEARGS -- check for priority level to syslog messages. */ bool syslog_map_parseargs(map, args) MAP *map; char *args; { char *p = args; char *priority = NULL; /* there is no check whether there is really an argument */ while (*p != '\0') { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; ++p; if (*p == 'D') { map->map_mflags |= MF_DEFER; ++p; } else if (*p == 'S') { map->map_spacesub = *++p; if (*p != '\0') p++; } else if (*p == 'L') { while (*++p != '\0' && isascii(*p) && isspace(*p)) continue; if (*p == '\0') break; priority = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; } else { syserr("Illegal option %c map syslog", *p); ++p; } } if (priority == NULL) map->map_prio = LOG_INFO; else { if (strncasecmp("LOG_", priority, 4) == 0) priority += 4; #ifdef LOG_EMERG if (strcasecmp("EMERG", priority) == 0) map->map_prio = LOG_EMERG; else #endif /* LOG_EMERG */ #ifdef LOG_ALERT if (strcasecmp("ALERT", priority) == 0) map->map_prio = LOG_ALERT; else #endif /* LOG_ALERT */ #ifdef LOG_CRIT if (strcasecmp("CRIT", priority) == 0) map->map_prio = LOG_CRIT; else #endif /* LOG_CRIT */ #ifdef LOG_ERR if (strcasecmp("ERR", priority) == 0) map->map_prio = LOG_ERR; else #endif /* LOG_ERR */ #ifdef LOG_WARNING if (strcasecmp("WARNING", priority) == 0) map->map_prio = LOG_WARNING; else #endif /* LOG_WARNING */ #ifdef LOG_NOTICE if (strcasecmp("NOTICE", priority) == 0) map->map_prio = LOG_NOTICE; else #endif /* LOG_NOTICE */ #ifdef LOG_INFO if (strcasecmp("INFO", priority) == 0) map->map_prio = LOG_INFO; else #endif /* LOG_INFO */ #ifdef LOG_DEBUG if (strcasecmp("DEBUG", priority) == 0) map->map_prio = LOG_DEBUG; else #endif /* LOG_DEBUG */ { syserr("syslog_map_parseargs: Unknown priority %s\n", priority); return FALSE; } } return TRUE; } /* ** SYSLOG_MAP_LOOKUP -- rewrite and syslog message. Always return empty string */ char * syslog_map_lookup(map, string, args, statp) MAP *map; char *string; char **args; int *statp; { char *ptr = map_rewrite(map, string, strlen(string), args); if (ptr != NULL) { if (tTd(38, 20)) dprintf("syslog_map_lookup(%s (priority %d): %s\n", map->map_mname, map->map_prio, ptr); sm_syslog(map->map_prio, CurEnv->e_id, "%s", ptr); } *statp = EX_OK; return ""; } /* ** HESIOD Modules */ #ifdef HESIOD bool hes_map_open(map, mode) MAP *map; int mode; { if (tTd(38, 2)) dprintf("hes_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); if (mode != O_RDONLY) { /* issue a pseudo-error message */ # ifdef ENOSYS errno = ENOSYS; # else /* ENOSYS */ # ifdef EFTYPE errno = EFTYPE; # else /* EFTYPE */ errno = ENXIO; # endif /* EFTYPE */ # endif /* ENOSYS */ return FALSE; } # ifdef HESIOD_INIT if (HesiodContext != NULL || hesiod_init(&HesiodContext) == 0) return TRUE; if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("421 4.0.0 cannot initialize Hesiod map (%s)", errstring(errno)); return FALSE; # else /* HESIOD_INIT */ if (hes_error() == HES_ER_UNINIT) hes_init(); switch (hes_error()) { case HES_ER_OK: case HES_ER_NOTFOUND: return TRUE; } if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("421 4.0.0 cannot initialize Hesiod map (%d)", hes_error()); return FALSE; # endif /* HESIOD_INIT */ } char * hes_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { char **hp; if (tTd(38, 20)) dprintf("hes_map_lookup(%s, %s)\n", map->map_file, name); if (name[0] == '\\') { char *np; int nl; char nbuf[MAXNAME]; nl = strlen(name); if (nl < sizeof nbuf - 1) np = nbuf; else np = xalloc(strlen(name) + 2); np[0] = '\\'; (void) strlcpy(&np[1], name, (sizeof nbuf) - 1); # ifdef HESIOD_INIT hp = hesiod_resolve(HesiodContext, np, map->map_file); # else /* HESIOD_INIT */ hp = hes_resolve(np, map->map_file); # endif /* HESIOD_INIT */ if (np != nbuf) free(np); } else { # ifdef HESIOD_INIT hp = hesiod_resolve(HesiodContext, name, map->map_file); # else /* HESIOD_INIT */ hp = hes_resolve(name, map->map_file); # endif /* HESIOD_INIT */ } # ifdef HESIOD_INIT if (hp == NULL) return NULL; if (*hp == NULL) { hesiod_free_list(HesiodContext, hp); switch (errno) { case ENOENT: *statp = EX_NOTFOUND; break; case ECONNREFUSED: case EMSGSIZE: *statp = EX_TEMPFAIL; break; case ENOMEM: default: *statp = EX_UNAVAILABLE; break; } return NULL; } # else /* HESIOD_INIT */ if (hp == NULL || hp[0] == NULL) { switch (hes_error()) { case HES_ER_OK: *statp = EX_OK; break; case HES_ER_NOTFOUND: *statp = EX_NOTFOUND; break; case HES_ER_CONFIG: *statp = EX_UNAVAILABLE; break; case HES_ER_NET: *statp = EX_TEMPFAIL; break; } return NULL; } # endif /* HESIOD_INIT */ if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); else return map_rewrite(map, hp[0], strlen(hp[0]), av); } #endif /* HESIOD */ /* ** NeXT NETINFO Modules */ #if NETINFO # define NETINFO_DEFAULT_DIR "/aliases" # define NETINFO_DEFAULT_PROPERTY "members" /* ** NI_MAP_OPEN -- open NetInfo Aliases */ bool ni_map_open(map, mode) MAP *map; int mode; { if (tTd(38, 2)) dprintf("ni_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; if (*map->map_file == '\0') map->map_file = NETINFO_DEFAULT_DIR; if (map->map_valcolnm == NULL) map->map_valcolnm = NETINFO_DEFAULT_PROPERTY; if (map->map_coldelim == '\0' && bitset(MF_ALIAS, map->map_mflags)) map->map_coldelim = ','; return TRUE; } /* ** NI_MAP_LOOKUP -- look up a datum in NetInfo */ char * ni_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { char *res; char *propval; if (tTd(38, 20)) dprintf("ni_map_lookup(%s, %s)\n", map->map_mname, name); propval = ni_propval(map->map_file, map->map_keycolnm, name, map->map_valcolnm, map->map_coldelim); if (propval == NULL) return NULL; if (bitset(MF_MATCHONLY, map->map_mflags)) res = map_rewrite(map, name, strlen(name), NULL); else res = map_rewrite(map, propval, strlen(propval), av); free(propval); return res; } static bool ni_getcanonname(name, hbsize, statp) char *name; int hbsize; int *statp; { char *vptr; char *ptr; char nbuf[MAXNAME + 1]; if (tTd(38, 20)) dprintf("ni_getcanonname(%s)\n", name); if (strlcpy(nbuf, name, sizeof nbuf) >= sizeof nbuf) { *statp = EX_UNAVAILABLE; return FALSE; } shorten_hostname(nbuf); /* we only accept single token search key */ if (strchr(nbuf, '.')) { *statp = EX_NOHOST; return FALSE; } /* Do the search */ vptr = ni_propval("/machines", NULL, nbuf, "name", '\n'); if (vptr == NULL) { *statp = EX_NOHOST; return FALSE; } /* Only want the first machine name */ if ((ptr = strchr(vptr, '\n')) != NULL) *ptr = '\0'; if (hbsize >= strlen(vptr)) { (void) strlcpy(name, vptr, hbsize); free(vptr); *statp = EX_OK; return TRUE; } *statp = EX_UNAVAILABLE; free(vptr); return FALSE; } /* ** NI_PROPVAL -- NetInfo property value lookup routine ** ** Parameters: ** keydir -- the NetInfo directory name in which to search ** for the key. ** keyprop -- the name of the property in which to find the ** property we are interested. Defaults to "name". ** keyval -- the value for which we are really searching. ** valprop -- the property name for the value in which we ** are interested. ** sepchar -- if non-nil, this can be multiple-valued, and ** we should return a string separated by this ** character. ** ** Returns: ** NULL -- if: ** 1. the directory is not found ** 2. the property name is not found ** 3. the property contains multiple values ** 4. some error occurred ** else -- the value of the lookup. ** ** Example: ** To search for an alias value, use: ** ni_propval("/aliases", "name", aliasname, "members", ',') ** ** Notes: ** Caller should free the return value of ni_proval */ # include # define LOCAL_NETINFO_DOMAIN "." # define PARENT_NETINFO_DOMAIN ".." # define MAX_NI_LEVELS 256 char * ni_propval(keydir, keyprop, keyval, valprop, sepchar) char *keydir; char *keyprop; char *keyval; char *valprop; int sepchar; { char *propval = NULL; int i; int j, alen, l; void *ni = NULL; void *lastni = NULL; ni_status nis; ni_id nid; ni_namelist ninl; register char *p; char keybuf[1024]; /* ** Create the full key from the two parts. ** ** Note that directory can end with, e.g., "name=" to specify ** an alternate search property. */ i = strlen(keydir) + strlen(keyval) + 2; if (keyprop != NULL) i += strlen(keyprop) + 1; if (i >= sizeof keybuf) return NULL; (void) strlcpy(keybuf, keydir, sizeof keybuf); (void) strlcat(keybuf, "/", sizeof keybuf); if (keyprop != NULL) { (void) strlcat(keybuf, keyprop, sizeof keybuf); (void) strlcat(keybuf, "=", sizeof keybuf); } (void) strlcat(keybuf, keyval, sizeof keybuf); if (tTd(38, 21)) dprintf("ni_propval(%s, %s, %s, %s, %d) keybuf='%s'\n", keydir, keyprop, keyval, valprop, sepchar, keybuf); /* ** If the passed directory and property name are found ** in one of netinfo domains we need to search (starting ** from the local domain moving all the way back to the ** root domain) set propval to the property's value ** and return it. */ for (i = 0; i < MAX_NI_LEVELS && propval == NULL; i++) { if (i == 0) { nis = ni_open(NULL, LOCAL_NETINFO_DOMAIN, &ni); if (tTd(38, 20)) dprintf("ni_open(LOCAL) = %d\n", nis); } else { if (lastni != NULL) ni_free(lastni); lastni = ni; nis = ni_open(lastni, PARENT_NETINFO_DOMAIN, &ni); if (tTd(38, 20)) dprintf("ni_open(PARENT) = %d\n", nis); } /* ** Don't bother if we didn't get a handle on a ** proper domain. This is not necessarily an error. ** We would get a positive ni_status if, for instance ** we never found the directory or property and tried ** to open the parent of the root domain! */ if (nis != 0) break; /* ** Find the path to the server information. */ if (ni_pathsearch(ni, &nid, keybuf) != 0) continue; /* ** Find associated value information. */ if (ni_lookupprop(ni, &nid, valprop, &ninl) != 0) continue; if (tTd(38, 20)) dprintf("ni_lookupprop: len=%d\n", ninl.ni_namelist_len); /* ** See if we have an acceptable number of values. */ if (ninl.ni_namelist_len <= 0) continue; if (sepchar == '\0' && ninl.ni_namelist_len > 1) { ni_namelist_free(&ninl); continue; } /* ** Calculate number of bytes needed and build result */ alen = 1; for (j = 0; j < ninl.ni_namelist_len; j++) alen += strlen(ninl.ni_namelist_val[j]) + 1; propval = p = xalloc(alen); for (j = 0; j < ninl.ni_namelist_len; j++) { (void) strlcpy(p, ninl.ni_namelist_val[j], alen); l = strlen(p); p += l; *p++ = sepchar; alen -= l + 1; } *--p = '\0'; ni_namelist_free(&ninl); } /* ** Clean up. */ if (ni != NULL) ni_free(ni); if (lastni != NULL && ni != lastni) ni_free(lastni); if (tTd(38, 20)) dprintf("ni_propval returns: '%s'\n", propval); return propval; } #endif /* NETINFO */ /* ** TEXT (unindexed text file) Modules ** ** This code donated by Sun Microsystems. */ #define map_sff map_lockfd /* overload field */ /* ** TEXT_MAP_OPEN -- open text table */ bool text_map_open(map, mode) MAP *map; int mode; { long sff; int i; if (tTd(38, 2)) dprintf("text_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; if (mode != O_RDONLY) { errno = EPERM; return FALSE; } if (*map->map_file == '\0') { syserr("text map \"%s\": file name required", map->map_mname); return FALSE; } if (map->map_file[0] != '/') { syserr("text map \"%s\": file name must be fully qualified", map->map_mname); return FALSE; } sff = SFF_ROOTOK|SFF_REGONLY; if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; if ((i = safefile(map->map_file, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR, NULL)) != 0) { int save_errno = errno; /* cannot open this map */ if (tTd(38, 2)) dprintf("\tunsafe map file: %d\n", i); errno = save_errno; if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("text map \"%s\": unsafe map file %s", map->map_mname, map->map_file); return FALSE; } if (map->map_keycolnm == NULL) map->map_keycolno = 0; else { if (!(isascii(*map->map_keycolnm) && isdigit(*map->map_keycolnm))) { syserr("text map \"%s\", file %s: -k should specify a number, not %s", map->map_mname, map->map_file, map->map_keycolnm); return FALSE; } map->map_keycolno = atoi(map->map_keycolnm); } if (map->map_valcolnm == NULL) map->map_valcolno = 0; else { if (!(isascii(*map->map_valcolnm) && isdigit(*map->map_valcolnm))) { syserr("text map \"%s\", file %s: -v should specify a number, not %s", map->map_mname, map->map_file, map->map_valcolnm); return FALSE; } map->map_valcolno = atoi(map->map_valcolnm); } if (tTd(38, 2)) { dprintf("text_map_open(%s, %s): delimiter = ", map->map_mname, map->map_file); if (map->map_coldelim == '\0') dprintf("(white space)\n"); else dprintf("%c\n", map->map_coldelim); } map->map_sff = sff; return TRUE; } /* ** TEXT_MAP_LOOKUP -- look up a datum in a TEXT table */ char * text_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { char *vp; auto int vsize; int buflen; FILE *f; char delim; int key_idx; bool found_it; long sff = map->map_sff; char search_key[MAXNAME + 1]; char linebuf[MAXLINE]; char buf[MAXNAME + 1]; found_it = FALSE; if (tTd(38, 20)) dprintf("text_map_lookup(%s, %s)\n", map->map_mname, name); buflen = strlen(name); if (buflen > sizeof search_key - 1) buflen = sizeof search_key - 1; memmove(search_key, name, buflen); search_key[buflen] = '\0'; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) makelower(search_key); f = safefopen(map->map_file, O_RDONLY, FileMode, sff); if (f == NULL) { map->map_mflags &= ~(MF_VALID|MF_OPEN); *statp = EX_UNAVAILABLE; return NULL; } key_idx = map->map_keycolno; delim = map->map_coldelim; while (fgets(linebuf, MAXLINE, f) != NULL) { char *p; /* skip comment line */ if (linebuf[0] == '#') continue; p = strchr(linebuf, '\n'); if (p != NULL) *p = '\0'; p = get_column(linebuf, key_idx, delim, buf, sizeof buf); if (p != NULL && strcasecmp(search_key, p) == 0) { found_it = TRUE; break; } } (void) fclose(f); if (!found_it) { *statp = EX_NOTFOUND; return NULL; } vp = get_column(linebuf, map->map_valcolno, delim, buf, sizeof buf); if (vp == NULL) { *statp = EX_NOTFOUND; return NULL; } vsize = strlen(vp); *statp = EX_OK; if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, name, strlen(name), NULL); else return map_rewrite(map, vp, vsize, av); } /* ** TEXT_GETCANONNAME -- look up canonical name in hosts file */ static bool text_getcanonname(name, hbsize, statp) char *name; int hbsize; int *statp; { bool found; FILE *f; char linebuf[MAXLINE]; char cbuf[MAXNAME + 1]; char nbuf[MAXNAME + 1]; if (tTd(38, 20)) dprintf("text_getcanonname(%s)\n", name); if (strlen(name) >= (SIZE_T) sizeof nbuf) { *statp = EX_UNAVAILABLE; return FALSE; } (void) strlcpy(nbuf, name, sizeof nbuf); shorten_hostname(nbuf); f = fopen(HostsFile, "r"); if (f == NULL) { *statp = EX_UNAVAILABLE; return FALSE; } found = FALSE; while (!found && fgets(linebuf, MAXLINE, f) != NULL) { char *p = strpbrk(linebuf, "#\n"); if (p != NULL) *p = '\0'; if (linebuf[0] != '\0') found = extract_canonname(nbuf, linebuf, cbuf, sizeof cbuf); } (void) fclose(f); if (!found) { *statp = EX_NOHOST; return FALSE; } if ((SIZE_T) hbsize >= strlen(cbuf)) { (void) strlcpy(name, cbuf, hbsize); *statp = EX_OK; return TRUE; } *statp = EX_UNAVAILABLE; return FALSE; } /* ** STAB (Symbol Table) Modules */ /* ** STAB_MAP_LOOKUP -- look up alias in symbol table */ /* ARGSUSED2 */ char * stab_map_lookup(map, name, av, pstat) register MAP *map; char *name; char **av; int *pstat; { register STAB *s; if (tTd(38, 20)) dprintf("stab_lookup(%s, %s)\n", map->map_mname, name); s = stab(name, ST_ALIAS, ST_FIND); if (s != NULL) return s->s_alias; return NULL; } /* ** STAB_MAP_STORE -- store in symtab (actually using during init, not rebuild) */ void stab_map_store(map, lhs, rhs) register MAP *map; char *lhs; char *rhs; { register STAB *s; s = stab(lhs, ST_ALIAS, ST_ENTER); s->s_alias = newstr(rhs); } /* ** STAB_MAP_OPEN -- initialize (reads data file) ** ** This is a wierd case -- it is only intended as a fallback for ** aliases. For this reason, opens for write (only during a ** "newaliases") always fails, and opens for read open the ** actual underlying text file instead of the database. */ bool stab_map_open(map, mode) register MAP *map; int mode; { FILE *af; long sff; struct stat st; if (tTd(38, 2)) dprintf("stab_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; if (mode != O_RDONLY) { errno = EPERM; return FALSE; } sff = SFF_ROOTOK|SFF_REGONLY; if (!bitnset(DBS_LINKEDMAPINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; if (!bitnset(DBS_MAPINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; af = safefopen(map->map_file, O_RDONLY, 0444, sff); if (af == NULL) return FALSE; readaliases(map, af, FALSE, FALSE); if (fstat(fileno(af), &st) >= 0) map->map_mtime = st.st_mtime; (void) fclose(af); return TRUE; } /* ** Implicit Modules ** ** Tries several types. For back compatibility of aliases. */ /* ** IMPL_MAP_LOOKUP -- lookup in best open database */ char * impl_map_lookup(map, name, av, pstat) MAP *map; char *name; char **av; int *pstat; { if (tTd(38, 20)) dprintf("impl_map_lookup(%s, %s)\n", map->map_mname, name); #ifdef NEWDB if (bitset(MF_IMPL_HASH, map->map_mflags)) return db_map_lookup(map, name, av, pstat); #endif /* NEWDB */ #ifdef NDBM if (bitset(MF_IMPL_NDBM, map->map_mflags)) return ndbm_map_lookup(map, name, av, pstat); #endif /* NDBM */ return stab_map_lookup(map, name, av, pstat); } /* ** IMPL_MAP_STORE -- store in open databases */ void impl_map_store(map, lhs, rhs) MAP *map; char *lhs; char *rhs; { if (tTd(38, 12)) dprintf("impl_map_store(%s, %s, %s)\n", map->map_mname, lhs, rhs); #ifdef NEWDB if (bitset(MF_IMPL_HASH, map->map_mflags)) db_map_store(map, lhs, rhs); #endif /* NEWDB */ #ifdef NDBM if (bitset(MF_IMPL_NDBM, map->map_mflags)) ndbm_map_store(map, lhs, rhs); #endif /* NDBM */ stab_map_store(map, lhs, rhs); } /* ** IMPL_MAP_OPEN -- implicit database open */ bool impl_map_open(map, mode) MAP *map; int mode; { if (tTd(38, 2)) dprintf("impl_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; #ifdef NEWDB map->map_mflags |= MF_IMPL_HASH; if (hash_map_open(map, mode)) { # ifdef NDBM_YP_COMPAT if (mode == O_RDONLY || strstr(map->map_file, "/yp/") == NULL) # endif /* NDBM_YP_COMPAT */ return TRUE; } else map->map_mflags &= ~MF_IMPL_HASH; #endif /* NEWDB */ #ifdef NDBM map->map_mflags |= MF_IMPL_NDBM; if (ndbm_map_open(map, mode)) { return TRUE; } else map->map_mflags &= ~MF_IMPL_NDBM; #endif /* NDBM */ #if defined(NEWDB) || defined(NDBM) if (Verbose) message("WARNING: cannot open alias database %s%s", map->map_file, mode == O_RDONLY ? "; reading text version" : ""); #else /* defined(NEWDB) || defined(NDBM) */ if (mode != O_RDONLY) usrerr("Cannot rebuild aliases: no database format defined"); #endif /* defined(NEWDB) || defined(NDBM) */ if (mode == O_RDONLY) return stab_map_open(map, mode); else return FALSE; } /* ** IMPL_MAP_CLOSE -- close any open database(s) */ void impl_map_close(map) MAP *map; { if (tTd(38, 9)) dprintf("impl_map_close(%s, %s, %lx)\n", map->map_mname, map->map_file, map->map_mflags); #ifdef NEWDB if (bitset(MF_IMPL_HASH, map->map_mflags)) { db_map_close(map); map->map_mflags &= ~MF_IMPL_HASH; } #endif /* NEWDB */ #ifdef NDBM if (bitset(MF_IMPL_NDBM, map->map_mflags)) { ndbm_map_close(map); map->map_mflags &= ~MF_IMPL_NDBM; } #endif /* NDBM */ } /* ** User map class. ** ** Provides access to the system password file. */ /* ** USER_MAP_OPEN -- open user map ** ** Really just binds field names to field numbers. */ bool user_map_open(map, mode) MAP *map; int mode; { if (tTd(38, 2)) dprintf("user_map_open(%s, %d)\n", map->map_mname, mode); mode &= O_ACCMODE; if (mode != O_RDONLY) { /* issue a pseudo-error message */ #ifdef ENOSYS errno = ENOSYS; #else /* ENOSYS */ # ifdef EFTYPE errno = EFTYPE; # else /* EFTYPE */ errno = ENXIO; # endif /* EFTYPE */ #endif /* ENOSYS */ return FALSE; } if (map->map_valcolnm == NULL) /* EMPTY */ /* nothing */ ; else if (strcasecmp(map->map_valcolnm, "name") == 0) map->map_valcolno = 1; else if (strcasecmp(map->map_valcolnm, "passwd") == 0) map->map_valcolno = 2; else if (strcasecmp(map->map_valcolnm, "uid") == 0) map->map_valcolno = 3; else if (strcasecmp(map->map_valcolnm, "gid") == 0) map->map_valcolno = 4; else if (strcasecmp(map->map_valcolnm, "gecos") == 0) map->map_valcolno = 5; else if (strcasecmp(map->map_valcolnm, "dir") == 0) map->map_valcolno = 6; else if (strcasecmp(map->map_valcolnm, "shell") == 0) map->map_valcolno = 7; else { syserr("User map %s: unknown column name %s", map->map_mname, map->map_valcolnm); return FALSE; } return TRUE; } /* ** USER_MAP_LOOKUP -- look up a user in the passwd file. */ /* ARGSUSED3 */ char * user_map_lookup(map, key, av, statp) MAP *map; char *key; char **av; int *statp; { struct passwd *pw; auto bool fuzzy; if (tTd(38, 20)) dprintf("user_map_lookup(%s, %s)\n", map->map_mname, key); pw = finduser(key, &fuzzy); if (pw == NULL) return NULL; if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, key, strlen(key), NULL); else { char *rwval = NULL; char buf[30]; switch (map->map_valcolno) { case 0: case 1: rwval = pw->pw_name; break; case 2: rwval = pw->pw_passwd; break; case 3: snprintf(buf, sizeof buf, "%d", (int) pw->pw_uid); rwval = buf; break; case 4: snprintf(buf, sizeof buf, "%d", (int) pw->pw_gid); rwval = buf; break; case 5: rwval = pw->pw_gecos; break; case 6: rwval = pw->pw_dir; break; case 7: rwval = pw->pw_shell; break; } return map_rewrite(map, rwval, strlen(rwval), av); } } /* ** Program map type. ** ** This provides access to arbitrary programs. It should be used ** only very sparingly, since there is no way to bound the cost ** of invoking an arbitrary program. */ char * prog_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { int i; int save_errno; int fd; int status; auto pid_t pid; register char *p; char *rval; char *argv[MAXPV + 1]; char buf[MAXLINE]; if (tTd(38, 20)) dprintf("prog_map_lookup(%s, %s) %s\n", map->map_mname, name, map->map_file); i = 0; argv[i++] = map->map_file; if (map->map_rebuild != NULL) { snprintf(buf, sizeof buf, "%s", map->map_rebuild); for (p = strtok(buf, " \t"); p != NULL; p = strtok(NULL, " \t")) { if (i >= MAXPV - 1) break; argv[i++] = p; } } argv[i++] = name; argv[i] = NULL; if (tTd(38, 21)) { dprintf("prog_open:"); for (i = 0; argv[i] != NULL; i++) dprintf(" %s", argv[i]); dprintf("\n"); } (void) blocksignal(SIGCHLD); pid = prog_open(argv, &fd, CurEnv); if (pid < 0) { if (!bitset(MF_OPTIONAL, map->map_mflags)) syserr("prog_map_lookup(%s) failed (%s) -- closing", map->map_mname, errstring(errno)); else if (tTd(38, 9)) dprintf("prog_map_lookup(%s) failed (%s) -- closing", map->map_mname, errstring(errno)); map->map_mflags &= ~(MF_VALID|MF_OPEN); *statp = EX_OSFILE; return NULL; } i = read(fd, buf, sizeof buf - 1); if (i < 0) { syserr("prog_map_lookup(%s): read error %s\n", map->map_mname, errstring(errno)); rval = NULL; } else if (i == 0) { if (tTd(38, 20)) dprintf("prog_map_lookup(%s): empty answer\n", map->map_mname); rval = NULL; } else { buf[i] = '\0'; p = strchr(buf, '\n'); if (p != NULL) *p = '\0'; /* collect the return value */ if (bitset(MF_MATCHONLY, map->map_mflags)) rval = map_rewrite(map, name, strlen(name), NULL); else rval = map_rewrite(map, buf, strlen(buf), NULL); /* now flush any additional output */ while ((i = read(fd, buf, sizeof buf)) > 0) continue; } /* wait for the process to terminate */ (void) close(fd); status = waitfor(pid); save_errno = errno; (void) releasesignal(SIGCHLD); errno = save_errno; if (status == -1) { syserr("prog_map_lookup(%s): wait error %s\n", map->map_mname, errstring(errno)); *statp = EX_SOFTWARE; rval = NULL; } else if (WIFEXITED(status)) { if ((*statp = WEXITSTATUS(status)) != EX_OK) rval = NULL; } else { syserr("prog_map_lookup(%s): child died on signal %d", map->map_mname, status); *statp = EX_UNAVAILABLE; rval = NULL; } return rval; } /* ** Sequenced map type. ** ** Tries each map in order until something matches, much like ** implicit. Stores go to the first map in the list that can ** support storing. ** ** This is slightly unusual in that there are two interfaces. ** The "sequence" interface lets you stack maps arbitrarily. ** The "switch" interface builds a sequence map by looking ** at a system-dependent configuration file such as ** /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix. ** ** We don't need an explicit open, since all maps are ** opened during startup, including underlying maps. */ /* ** SEQ_MAP_PARSE -- Sequenced map parsing */ bool seq_map_parse(map, ap) MAP *map; char *ap; { int maxmap; if (tTd(38, 2)) dprintf("seq_map_parse(%s, %s)\n", map->map_mname, ap); maxmap = 0; while (*ap != '\0') { register char *p; STAB *s; /* find beginning of map name */ while (isascii(*ap) && isspace(*ap)) ap++; for (p = ap; (isascii(*p) && isalnum(*p)) || *p == '_' || *p == '.'; p++) continue; if (*p != '\0') *p++ = '\0'; while (*p != '\0' && (!isascii(*p) || !isalnum(*p))) p++; if (*ap == '\0') { ap = p; continue; } s = stab(ap, ST_MAP, ST_FIND); if (s == NULL) { syserr("Sequence map %s: unknown member map %s", map->map_mname, ap); } else if (maxmap == MAXMAPSTACK) { syserr("Sequence map %s: too many member maps (%d max)", map->map_mname, MAXMAPSTACK); maxmap++; } else if (maxmap < MAXMAPSTACK) { map->map_stack[maxmap++] = &s->s_map; } ap = p; } return TRUE; } /* ** SWITCH_MAP_OPEN -- open a switched map ** ** This looks at the system-dependent configuration and builds ** a sequence map that does the same thing. ** ** Every system must define a switch_map_find routine in conf.c ** that will return the list of service types associated with a ** given service class. */ bool switch_map_open(map, mode) MAP *map; int mode; { int mapno; int nmaps; char *maptype[MAXMAPSTACK]; if (tTd(38, 2)) dprintf("switch_map_open(%s, %s, %d)\n", map->map_mname, map->map_file, mode); mode &= O_ACCMODE; nmaps = switch_map_find(map->map_file, maptype, map->map_return); if (tTd(38, 19)) { dprintf("\tswitch_map_find => %d\n", nmaps); for (mapno = 0; mapno < nmaps; mapno++) dprintf("\t\t%s\n", maptype[mapno]); } if (nmaps <= 0 || nmaps > MAXMAPSTACK) return FALSE; for (mapno = 0; mapno < nmaps; mapno++) { register STAB *s; char nbuf[MAXNAME + 1]; if (maptype[mapno] == NULL) continue; (void) snprintf(nbuf, sizeof nbuf, "%s.%s", map->map_mname, maptype[mapno]); s = stab(nbuf, ST_MAP, ST_FIND); if (s == NULL) { syserr("Switch map %s: unknown member map %s", map->map_mname, nbuf); } else { map->map_stack[mapno] = &s->s_map; if (tTd(38, 4)) dprintf("\tmap_stack[%d] = %s:%s\n", mapno, s->s_map.map_class->map_cname, nbuf); } } return TRUE; } /* ** SEQ_MAP_CLOSE -- close all underlying maps */ void seq_map_close(map) MAP *map; { int mapno; if (tTd(38, 9)) dprintf("seq_map_close(%s)\n", map->map_mname); for (mapno = 0; mapno < MAXMAPSTACK; mapno++) { MAP *mm = map->map_stack[mapno]; if (mm == NULL || !bitset(MF_OPEN, mm->map_mflags)) continue; mm->map_class->map_close(mm); mm->map_mflags &= ~(MF_OPEN|MF_WRITABLE); } } /* ** SEQ_MAP_LOOKUP -- sequenced map lookup */ char * seq_map_lookup(map, key, args, pstat) MAP *map; char *key; char **args; int *pstat; { int mapno; int mapbit = 0x01; bool tempfail = FALSE; if (tTd(38, 20)) dprintf("seq_map_lookup(%s, %s)\n", map->map_mname, key); for (mapno = 0; mapno < MAXMAPSTACK; mapbit <<= 1, mapno++) { MAP *mm = map->map_stack[mapno]; char *rv; if (mm == NULL) continue; if (!bitset(MF_OPEN, mm->map_mflags) && !openmap(mm)) { if (bitset(mapbit, map->map_return[MA_UNAVAIL])) { *pstat = EX_UNAVAILABLE; return NULL; } continue; } *pstat = EX_OK; rv = mm->map_class->map_lookup(mm, key, args, pstat); if (rv != NULL) return rv; if (*pstat == EX_TEMPFAIL) { if (bitset(mapbit, map->map_return[MA_TRYAGAIN])) return NULL; tempfail = TRUE; } else if (bitset(mapbit, map->map_return[MA_NOTFOUND])) break; } if (tempfail) *pstat = EX_TEMPFAIL; else if (*pstat == EX_OK) *pstat = EX_NOTFOUND; return NULL; } /* ** SEQ_MAP_STORE -- sequenced map store */ void seq_map_store(map, key, val) MAP *map; char *key; char *val; { int mapno; if (tTd(38, 12)) dprintf("seq_map_store(%s, %s, %s)\n", map->map_mname, key, val); for (mapno = 0; mapno < MAXMAPSTACK; mapno++) { MAP *mm = map->map_stack[mapno]; if (mm == NULL || !bitset(MF_WRITABLE, mm->map_mflags)) continue; mm->map_class->map_store(mm, key, val); return; } syserr("seq_map_store(%s, %s, %s): no writable map", map->map_mname, key, val); } /* ** NULL stubs */ /* ARGSUSED */ bool null_map_open(map, mode) MAP *map; int mode; { return TRUE; } /* ARGSUSED */ void null_map_close(map) MAP *map; { return; } char * null_map_lookup(map, key, args, pstat) MAP *map; char *key; char **args; int *pstat; { *pstat = EX_NOTFOUND; return NULL; } /* ARGSUSED */ void null_map_store(map, key, val) MAP *map; char *key; char *val; { return; } /* ** BOGUS stubs */ char * bogus_map_lookup(map, key, args, pstat) MAP *map; char *key; char **args; int *pstat; { *pstat = EX_TEMPFAIL; return NULL; } MAPCLASS BogusMapClass = { "bogus-map", NULL, 0, NULL, bogus_map_lookup, null_map_store, null_map_open, null_map_close, }; /* ** MACRO modules */ char * macro_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { int mid; if (tTd(38, 20)) dprintf("macro_map_lookup(%s, %s)\n", map->map_mname, name == NULL ? "NULL" : name); if (name == NULL || *name == '\0' || (mid = macid(name, NULL)) == '\0') { *statp = EX_CONFIG; return NULL; } if (av[1] == NULL) define(mid, NULL, CurEnv); else define(mid, newstr(av[1]), CurEnv); *statp = EX_OK; return ""; } /* ** REGEX modules */ #ifdef MAP_REGEX # include # define DEFAULT_DELIM CONDELSE # define END_OF_FIELDS -1 # define ERRBUF_SIZE 80 # define MAX_MATCH 32 # define xnalloc(s) memset(xalloc(s), '\0', s); struct regex_map { - regex_t regex_pattern_buf; /* xalloc it */ + regex_t *regex_pattern_buf; /* xalloc it */ int *regex_subfields; /* move to type MAP */ char *regex_delim; /* move to type MAP */ }; static int parse_fields(s, ibuf, blen, nr_substrings) char *s; int *ibuf; /* array */ int blen; /* number of elements in ibuf */ int nr_substrings; /* number of substrings in the pattern */ { register char *cp; int i = 0; bool lastone = FALSE; blen--; /* for terminating END_OF_FIELDS */ cp = s; do { for (;; cp++) { if (*cp == ',') { *cp = '\0'; break; } if (*cp == '\0') { lastone = TRUE; break; } } if (i < blen) { int val = atoi(s); if (val < 0 || val >= nr_substrings) { syserr("field (%d) out of range, only %d substrings in pattern", val, nr_substrings); return -1; } ibuf[i++] = val; } else { syserr("too many fields, %d max\n", blen); return -1; } s = ++cp; } while (!lastone); ibuf[i] = END_OF_FIELDS; return i; } bool regex_map_init(map, ap) MAP *map; char *ap; { int regerr; struct regex_map *map_p; register char *p; char *sub_param = NULL; int pflags; static char defdstr[] = { (char)DEFAULT_DELIM, '\0' }; if (tTd(38, 2)) dprintf("regex_map_init: mapname '%s', args '%s'\n", map->map_mname, ap); pflags = REG_ICASE | REG_EXTENDED | REG_NOSUB; p = ap; map_p = (struct regex_map *) xnalloc(sizeof *map_p); + map_p->regex_pattern_buf = (regex_t *)xnalloc(sizeof(regex_t)); for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'n': /* not */ map->map_mflags |= MF_REGEX_NOT; break; case 'f': /* case sensitive */ map->map_mflags |= MF_NOFOLDCASE; pflags &= ~REG_ICASE; break; case 'b': /* basic regular expressions */ pflags &= ~REG_EXTENDED; break; case 's': /* substring match () syntax */ sub_param = ++p; pflags &= ~REG_NOSUB; break; case 'd': /* delimiter */ map_p->regex_delim = ++p; break; case 'a': /* map append */ map->map_app = ++p; break; case 'm': /* matchonly */ map->map_mflags |= MF_MATCHONLY; break; case 'S': map->map_spacesub = *++p; break; case 'D': map->map_mflags |= MF_DEFER; break; } while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; } if (tTd(38, 3)) dprintf("regex_map_init: compile '%s' 0x%x\n", p, pflags); - if ((regerr = regcomp(&(map_p->regex_pattern_buf), p, pflags)) != 0) + if ((regerr = regcomp(map_p->regex_pattern_buf, p, pflags)) != 0) { /* Errorhandling */ char errbuf[ERRBUF_SIZE]; - (void) regerror(regerr, &(map_p->regex_pattern_buf), + (void) regerror(regerr, map_p->regex_pattern_buf, errbuf, ERRBUF_SIZE); syserr("pattern-compile-error: %s\n", errbuf); + free(map_p->regex_pattern_buf); free(map_p); return FALSE; } if (map->map_app != NULL) map->map_app = newstr(map->map_app); if (map_p->regex_delim != NULL) map_p->regex_delim = newstr(map_p->regex_delim); else map_p->regex_delim = defdstr; if (!bitset(REG_NOSUB, pflags)) { /* substring matching */ int substrings; int *fields = (int *) xalloc(sizeof(int) * (MAX_MATCH + 1)); - substrings = map_p->regex_pattern_buf.re_nsub + 1; + substrings = map_p->regex_pattern_buf->re_nsub + 1; if (tTd(38, 3)) dprintf("regex_map_init: nr of substrings %d\n", substrings); if (substrings >= MAX_MATCH) { syserr("too many substrings, %d max\n", MAX_MATCH); + free(map_p->regex_pattern_buf); free(map_p); return FALSE; } if (sub_param != NULL && sub_param[0] != '\0') { /* optional parameter -sfields */ if (parse_fields(sub_param, fields, MAX_MATCH + 1, substrings) == -1) return FALSE; } else { /* set default fields */ int i; for (i = 0; i < substrings; i++) fields[i] = i; fields[i] = END_OF_FIELDS; } map_p->regex_subfields = fields; if (tTd(38, 3)) { int *ip; dprintf("regex_map_init: subfields"); for (ip = fields; *ip != END_OF_FIELDS; ip++) dprintf(" %d", *ip); dprintf("\n"); } } map->map_db1 = (ARBPTR_T)map_p; /* dirty hack */ return TRUE; } static char * regex_map_rewrite(map, s, slen, av) MAP *map; const char *s; size_t slen; char **av; { if (bitset(MF_MATCHONLY, map->map_mflags)) return map_rewrite(map, av[0], strlen(av[0]), NULL); else return map_rewrite(map, s, slen, NULL); } char * regex_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { int reg_res; struct regex_map *map_p; regmatch_t pmatch[MAX_MATCH]; if (tTd(38, 20)) { char **cpp; dprintf("regex_map_lookup: key '%s'\n", name); for (cpp = av; cpp != NULL && *cpp != NULL; cpp++) dprintf("regex_map_lookup: arg '%s'\n", *cpp); } map_p = (struct regex_map *)(map->map_db1); - reg_res = regexec(&(map_p->regex_pattern_buf), + reg_res = regexec(map_p->regex_pattern_buf, name, MAX_MATCH, pmatch, 0); if (bitset(MF_REGEX_NOT, map->map_mflags)) { /* option -n */ if (reg_res == REG_NOMATCH) return regex_map_rewrite(map, "", (size_t)0, av); else return NULL; } if (reg_res == REG_NOMATCH) return NULL; if (map_p->regex_subfields != NULL) { /* option -s */ static char retbuf[MAXNAME]; int fields[MAX_MATCH + 1]; bool first = TRUE; int anglecnt = 0, cmntcnt = 0, spacecnt = 0; bool quotemode = FALSE, bslashmode = FALSE; register char *dp, *sp; char *endp, *ldp; int *ip; dp = retbuf; ldp = retbuf + sizeof(retbuf) - 1; if (av[1] != NULL) { if (parse_fields(av[1], fields, MAX_MATCH + 1, - (int) map_p->regex_pattern_buf.re_nsub + 1) == -1) + (int) map_p->regex_pattern_buf->re_nsub + 1) == -1) { *statp = EX_CONFIG; return NULL; } ip = fields; } else ip = map_p->regex_subfields; for ( ; *ip != END_OF_FIELDS; ip++) { if (!first) { for (sp = map_p->regex_delim; *sp; sp++) { if (dp < ldp) *dp++ = *sp; } } else first = FALSE; - if (pmatch[*ip].rm_so < 0 || pmatch[*ip].rm_eo < 0) + if (*ip >= MAX_MATCH || + pmatch[*ip].rm_so < 0 || pmatch[*ip].rm_eo < 0) continue; sp = name + pmatch[*ip].rm_so; endp = name + pmatch[*ip].rm_eo; for (; endp > sp; sp++) { if (dp < ldp) { if (bslashmode) { *dp++ = *sp; bslashmode = FALSE; } else if (quotemode && *sp != '"' && *sp != '\\') { *dp++ = *sp; } else switch(*dp++ = *sp) { case '\\': bslashmode = TRUE; break; case '(': cmntcnt++; break; case ')': cmntcnt--; break; case '<': anglecnt++; break; case '>': anglecnt--; break; case ' ': spacecnt++; break; case '"': quotemode = !quotemode; break; } } } } if (anglecnt != 0 || cmntcnt != 0 || quotemode || bslashmode || spacecnt != 0) { sm_syslog(LOG_WARNING, NOQID, "Warning: regex may cause prescan() failure map=%s lookup=%s", map->map_mname, name); return NULL; } *dp = '\0'; return regex_map_rewrite(map, retbuf, strlen(retbuf), av); } return regex_map_rewrite(map, "", (size_t)0, av); } #endif /* MAP_REGEX */ /* ** NSD modules */ #ifdef MAP_NSD # include # define _DATUM_DEFINED # include typedef struct ns_map_list { ns_map_t *map; char *mapname; struct ns_map_list *next; } ns_map_list_t; static ns_map_t * ns_map_t_find(mapname) char *mapname; { static ns_map_list_t *ns_maps = NULL; ns_map_list_t *ns_map; /* walk the list of maps looking for the correctly named map */ for (ns_map = ns_maps; ns_map != NULL; ns_map = ns_map->next) { if (strcmp(ns_map->mapname, mapname) == 0) break; } /* if we are looking at a NULL ns_map_list_t, then create a new one */ if (ns_map == NULL) { ns_map = (ns_map_list_t *) xalloc(sizeof *ns_map); ns_map->mapname = newstr(mapname); ns_map->map = (ns_map_t *) xalloc(sizeof *ns_map->map); ns_map->next = ns_maps; ns_maps = ns_map; } return ns_map->map; } char * nsd_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { - int buflen; + int buflen, r; char *p; ns_map_t *ns_map; char keybuf[MAXNAME + 1]; char buf[MAXLINE]; if (tTd(38, 20)) dprintf("nsd_map_lookup(%s, %s)\n", map->map_mname, name); buflen = strlen(name); if (buflen > sizeof keybuf - 1) buflen = sizeof keybuf - 1; memmove(keybuf, name, buflen); keybuf[buflen] = '\0'; if (!bitset(MF_NOFOLDCASE, map->map_mflags)) makelower(keybuf); ns_map = ns_map_t_find(map->map_file); if (ns_map == NULL) { if (tTd(38, 20)) dprintf("nsd_map_t_find failed\n"); + *statp = EX_UNAVAILABLE; return NULL; } - - if (ns_lookup(ns_map, NULL, map->map_file, - keybuf, NULL, buf, MAXLINE) == NULL) + r = ns_lookup(ns_map, NULL, map->map_file, keybuf, NULL, buf, MAXLINE); + if (r == NS_UNAVAIL || r == NS_TRYAGAIN) + { + *statp = EX_TEMPFAIL; return NULL; + } + if (r == NS_BADREQ || r == NS_NOPERM) + { + *statp = EX_CONFIG; + return NULL; + } + if (r != NS_SUCCESS) + { + *statp = EX_NOTFOUND; + return NULL; + } + + *statp = EX_OK; /* Null out trailing \n */ if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; return map_rewrite(map, buf, strlen(buf), av); } #endif /* MAP_NSD */ char * arith_map_lookup(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { long r; long v[2]; bool res = FALSE; bool boolres; static char result[16]; char **cpp; if (tTd(38, 2)) { dprintf("arith_map_lookup: key '%s'\n", name); for (cpp = av; cpp != NULL && *cpp != NULL; cpp++) dprintf("arith_map_lookup: arg '%s'\n", *cpp); } r = 0; boolres = FALSE; cpp = av; *statp = EX_OK; /* ** read arguments for arith map ** - no check is made whether they are really numbers ** - just ignores args after the second */ for (++cpp; cpp != NULL && *cpp != NULL && r < 2; cpp++) v[r++] = strtol(*cpp, NULL, 0); /* operator and (at least) two operands given? */ if (name != NULL && r == 2) { switch(*name) { #if _FFR_ARITH case '|': r = v[0] | v[1]; break; case '&': r = v[0] & v[1]; break; case '%': if (v[1] == 0) return NULL; r = v[0] % v[1]; break; #endif /* _FFR_ARITH */ case '+': r = v[0] + v[1]; break; case '-': r = v[0] - v[1]; break; case '*': r = v[0] * v[1]; break; case '/': if (v[1] == 0) return NULL; r = v[0] / v[1]; break; case 'l': res = v[0] < v[1]; boolres = TRUE; break; case '=': res = v[0] == v[1]; boolres = TRUE; break; default: /* XXX */ *statp = EX_CONFIG; if (LogLevel > 10) sm_syslog(LOG_WARNING, NOQID, "arith_map: unknown operator %c", isprint(*name) ? *name : '?'); return NULL; } if (boolres) snprintf(result, sizeof result, res ? "TRUE" : "FALSE"); else snprintf(result, sizeof result, "%ld", r); return result; } *statp = EX_CONFIG; return NULL; } Index: stable/4/contrib/sendmail/src/mci.c =================================================================== --- stable/4/contrib/sendmail/src/mci.c (revision 71887) +++ stable/4/contrib/sendmail/src/mci.c (revision 71888) @@ -1,1395 +1,1397 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: mci.c,v 8.133.10.3 2000/06/23 16:17:06 ca Exp $"; +static char id[] = "@(#)$Id: mci.c,v 8.133.10.7 2000/12/12 00:39:34 ca Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ #include static int mci_generate_persistent_path __P((const char *, char *, int, bool)); static bool mci_load_persistent __P((MCI *)); static void mci_uncache __P((MCI **, bool)); static int mci_lock_host_statfile __P((MCI *)); static int mci_read_persistent __P((FILE *, MCI *)); /* ** Mail Connection Information (MCI) Caching Module. ** ** There are actually two separate things cached. The first is ** the set of all open connections -- these are stored in a ** (small) list. The second is stored in the symbol table; it ** has the overall status for all hosts, whether or not there ** is a connection open currently. ** ** There should never be too many connections open (since this ** could flood the socket table), nor should a connection be ** allowed to sit idly for too long. ** ** MaxMciCache is the maximum number of open connections that ** will be supported. ** ** MciCacheTimeout is the time (in seconds) that a connection ** is permitted to survive without activity. ** ** We actually try any cached connections by sending a NOOP ** before we use them; if the NOOP fails we close down the ** connection and reopen it. Note that this means that a ** server SMTP that doesn't support NOOP will hose the ** algorithm -- but that doesn't seem too likely. ** ** The persistent MCI code is donated by Mark Lovell and Paul ** Vixie. It is based on the long term host status code in KJS ** written by Paul but has been adapted by Mark to fit into the ** MCI structure. */ static MCI **MciCache; /* the open connection cache */ /* ** MCI_CACHE -- enter a connection structure into the open connection cache ** ** This may cause something else to be flushed. ** ** Parameters: ** mci -- the connection to cache. ** ** Returns: ** none. */ void mci_cache(mci) register MCI *mci; { register MCI **mcislot; /* ** Find the best slot. This may cause expired connections ** to be closed. */ mcislot = mci_scan(mci); if (mcislot == NULL) { /* we don't support caching */ return; } if (mci->mci_host == NULL) return; /* if this is already cached, we are done */ if (bitset(MCIF_CACHED, mci->mci_flags)) return; /* otherwise we may have to clear the slot */ if (*mcislot != NULL) mci_uncache(mcislot, TRUE); if (tTd(42, 5)) dprintf("mci_cache: caching %lx (%s) in slot %d\n", (u_long) mci, mci->mci_host, (int)(mcislot - MciCache)); if (tTd(91, 100)) sm_syslog(LOG_DEBUG, CurEnv->e_id, "mci_cache: caching %lx (%.100s) in slot %d", (u_long) mci, mci->mci_host, mcislot - MciCache); *mcislot = mci; mci->mci_flags |= MCIF_CACHED; } /* ** MCI_SCAN -- scan the cache, flush junk, and return best slot ** ** Parameters: ** savemci -- never flush this one. Can be null. ** ** Returns: ** The LRU (or empty) slot. */ MCI ** mci_scan(savemci) MCI *savemci; { time_t now; register MCI **bestmci; register MCI *mci; register int i; if (MaxMciCache <= 0) { /* we don't support caching */ return NULL; } if (MciCache == NULL) { /* first call */ MciCache = (MCI **) xalloc(MaxMciCache * sizeof *MciCache); memset((char *) MciCache, '\0', MaxMciCache * sizeof *MciCache); return &MciCache[0]; } now = curtime(); bestmci = &MciCache[0]; for (i = 0; i < MaxMciCache; i++) { mci = MciCache[i]; if (mci == NULL || mci->mci_state == MCIS_CLOSED) { bestmci = &MciCache[i]; continue; } if ((mci->mci_lastuse + MciCacheTimeout < now || (mci->mci_mailer != NULL && mci->mci_mailer->m_maxdeliveries > 0 && mci->mci_deliveries + 1 >= mci->mci_mailer->m_maxdeliveries))&& mci != savemci) { /* connection idle too long or too many deliveries */ bestmci = &MciCache[i]; /* close it */ mci_uncache(bestmci, TRUE); continue; } if (*bestmci == NULL) continue; if (mci->mci_lastuse < (*bestmci)->mci_lastuse) bestmci = &MciCache[i]; } return bestmci; } /* ** MCI_UNCACHE -- remove a connection from a slot. ** ** May close a connection. ** ** Parameters: ** mcislot -- the slot to empty. ** doquit -- if TRUE, send QUIT protocol on this connection. ** if FALSE, we are assumed to be in a forked child; ** all we want to do is close the file(s). ** ** Returns: ** none. */ static void mci_uncache(mcislot, doquit) register MCI **mcislot; bool doquit; { register MCI *mci; extern ENVELOPE BlankEnvelope; mci = *mcislot; if (mci == NULL) return; *mcislot = NULL; if (mci->mci_host == NULL) return; mci_unlock_host(mci); if (tTd(42, 5)) dprintf("mci_uncache: uncaching %lx (%s) from slot %d (%d)\n", (u_long) mci, mci->mci_host, (int)(mcislot - MciCache), doquit); if (tTd(91, 100)) sm_syslog(LOG_DEBUG, CurEnv->e_id, "mci_uncache: uncaching %lx (%.100s) from slot %d (%d)", (u_long) mci, mci->mci_host, mcislot - MciCache, doquit); mci->mci_deliveries = 0; #if SMTP if (doquit) { message("Closing connection to %s", mci->mci_host); mci->mci_flags &= ~MCIF_CACHED; /* only uses the envelope to flush the transcript file */ if (mci->mci_state != MCIS_CLOSED) smtpquit(mci->mci_mailer, mci, &BlankEnvelope); # ifdef XLA xla_host_end(mci->mci_host); # endif /* XLA */ } else #endif /* SMTP */ { if (mci->mci_in != NULL) (void) fclose(mci->mci_in); if (mci->mci_out != NULL) (void) fclose(mci->mci_out); mci->mci_in = mci->mci_out = NULL; mci->mci_state = MCIS_CLOSED; mci->mci_exitstat = EX_OK; mci->mci_errno = 0; mci->mci_flags = 0; } } /* ** MCI_FLUSH -- flush the entire cache ** ** Parameters: ** doquit -- if TRUE, send QUIT protocol. ** if FALSE, just close the connection. ** allbut -- but leave this one open. ** ** Returns: ** none. */ void mci_flush(doquit, allbut) bool doquit; MCI *allbut; { register int i; if (MciCache == NULL) return; for (i = 0; i < MaxMciCache; i++) + { if (allbut != MciCache[i]) mci_uncache(&MciCache[i], doquit); + } } /* ** MCI_GET -- get information about a particular host */ MCI * mci_get(host, m) char *host; MAILER *m; { register MCI *mci; register STAB *s; #if DAEMON extern SOCKADDR CurHostAddr; /* clear CurHostAddr so we don't get a bogus address with this name */ memset(&CurHostAddr, '\0', sizeof CurHostAddr); #endif /* DAEMON */ /* clear out any expired connections */ (void) mci_scan(NULL); if (m->m_mno < 0) - syserr("negative mno %d (%s)", m->m_mno, m->m_name); + syserr("!negative mno %d (%s)", m->m_mno, m->m_name); s = stab(host, ST_MCI + m->m_mno, ST_ENTER); mci = &s->s_mci; /* ** We don't need to load the peristent data if we have data ** already loaded in the cache. */ if (mci->mci_host == NULL && (mci->mci_host = s->s_name) != NULL && !mci_load_persistent(mci)) { if (tTd(42, 2)) dprintf("mci_get(%s %s): lock failed\n", host, m->m_name); mci->mci_exitstat = EX_TEMPFAIL; mci->mci_state = MCIS_CLOSED; mci->mci_statfile = NULL; return mci; } if (tTd(42, 2)) { dprintf("mci_get(%s %s): mci_state=%d, _flags=%lx, _exitstat=%d, _errno=%d\n", host, m->m_name, mci->mci_state, mci->mci_flags, mci->mci_exitstat, mci->mci_errno); } #if SMTP if (mci->mci_state == MCIS_OPEN) { /* poke the connection to see if it's still alive */ (void) smtpprobe(mci); /* reset the stored state in the event of a timeout */ if (mci->mci_state != MCIS_OPEN) { mci->mci_errno = 0; mci->mci_exitstat = EX_OK; mci->mci_state = MCIS_CLOSED; } # if DAEMON else { /* get peer host address for logging reasons only */ /* (this should really be in the mci struct) */ SOCKADDR_LEN_T socklen = sizeof CurHostAddr; (void) getpeername(fileno(mci->mci_in), (struct sockaddr *) &CurHostAddr, &socklen); } # endif /* DAEMON */ } #endif /* SMTP */ if (mci->mci_state == MCIS_CLOSED) { time_t now = curtime(); /* if this info is stale, ignore it */ if (now > mci->mci_lastuse + MciInfoTimeout) { mci->mci_lastuse = now; mci->mci_errno = 0; mci->mci_exitstat = EX_OK; } } return mci; } /* ** MCI_MATCH -- check connection cache for a particular host */ bool mci_match(host, m) char *host; MAILER *m; { register MCI *mci; register STAB *s; - if (m->m_mno < 0) + if (m->m_mno < 0 || m->m_mno > MAXMAILERS) return FALSE; s = stab(host, ST_MCI + m->m_mno, ST_FIND); if (s == NULL) return FALSE; mci = &s->s_mci; if (mci->mci_state == MCIS_OPEN) return TRUE; return FALSE; } /* ** MCI_SETSTAT -- set status codes in MCI structure. ** ** Parameters: ** mci -- the MCI structure to set. ** xstat -- the exit status code. ** dstat -- the DSN status code. ** rstat -- the SMTP status code. ** ** Returns: ** none. */ void mci_setstat(mci, xstat, dstat, rstat) MCI *mci; int xstat; char *dstat; char *rstat; { /* protocol errors should never be interpreted as sticky */ if (xstat != EX_NOTSTICKY && xstat != EX_PROTOCOL) mci->mci_exitstat = xstat; mci->mci_status = dstat; if (mci->mci_rstatus != NULL) free(mci->mci_rstatus); if (rstat != NULL) rstat = newstr(rstat); mci->mci_rstatus = rstat; } /* ** MCI_DUMP -- dump the contents of an MCI structure. ** ** Parameters: ** mci -- the MCI structure to dump. ** ** Returns: ** none. ** ** Side Effects: ** none. */ struct mcifbits { int mcif_bit; /* flag bit */ char *mcif_name; /* flag name */ }; static struct mcifbits MciFlags[] = { { MCIF_VALID, "VALID" }, { MCIF_TEMP, "TEMP" }, { MCIF_CACHED, "CACHED" }, { MCIF_ESMTP, "ESMTP" }, { MCIF_EXPN, "EXPN" }, { MCIF_SIZE, "SIZE" }, { MCIF_8BITMIME, "8BITMIME" }, { MCIF_7BIT, "7BIT" }, { MCIF_MULTSTAT, "MULTSTAT" }, { MCIF_INHEADER, "INHEADER" }, { MCIF_CVT8TO7, "CVT8TO7" }, { MCIF_DSN, "DSN" }, { MCIF_8BITOK, "8BITOK" }, { MCIF_CVT7TO8, "CVT7TO8" }, { MCIF_INMIME, "INMIME" }, - { 0, NULL } + { 0, NULL } }; void mci_dump(mci, logit) register MCI *mci; bool logit; { register char *p; char *sep; char buf[4000]; sep = logit ? " " : "\n\t"; p = buf; snprintf(p, SPACELEFT(buf, p), "MCI@%lx: ", sizeof(void *) == sizeof(u_long) ? (u_long)(void *)mci : (u_long)(u_int)(void *)mci); p += strlen(p); if (mci == NULL) { snprintf(p, SPACELEFT(buf, p), "NULL"); goto printit; } snprintf(p, SPACELEFT(buf, p), "flags=%lx", mci->mci_flags); p += strlen(p); if (mci->mci_flags != 0) { struct mcifbits *f; *p++ = '<'; for (f = MciFlags; f->mcif_bit != 0; f++) { if (!bitset(f->mcif_bit, mci->mci_flags)) continue; snprintf(p, SPACELEFT(buf, p), "%s,", f->mcif_name); p += strlen(p); } p[-1] = '>'; } snprintf(p, SPACELEFT(buf, p), ",%serrno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s", sep, mci->mci_errno, mci->mci_herrno, mci->mci_exitstat, mci->mci_state, (int) mci->mci_pid, sep); p += strlen(p); snprintf(p, SPACELEFT(buf, p), "maxsize=%ld, phase=%s, mailer=%s,%s", mci->mci_maxsize, mci->mci_phase == NULL ? "NULL" : mci->mci_phase, mci->mci_mailer == NULL ? "NULL" : mci->mci_mailer->m_name, sep); p += strlen(p); snprintf(p, SPACELEFT(buf, p), "status=%s, rstatus=%s,%s", mci->mci_status == NULL ? "NULL" : mci->mci_status, mci->mci_rstatus == NULL ? "NULL" : mci->mci_rstatus, sep); p += strlen(p); snprintf(p, SPACELEFT(buf, p), "host=%s, lastuse=%s", mci->mci_host == NULL ? "NULL" : mci->mci_host, ctime(&mci->mci_lastuse)); printit: if (logit) sm_syslog(LOG_DEBUG, CurEnv->e_id, "%.1000s", buf); else printf("%s\n", buf); } /* ** MCI_DUMP_ALL -- print the entire MCI cache ** ** Parameters: ** logit -- if set, log the result instead of printing ** to stdout. ** ** Returns: ** none. */ void mci_dump_all(logit) bool logit; { register int i; if (MciCache == NULL) return; for (i = 0; i < MaxMciCache; i++) mci_dump(MciCache[i], logit); } /* ** MCI_LOCK_HOST -- Lock host while sending. ** ** If we are contacting a host, we'll need to ** update the status information in the host status ** file, and if we want to do that, we ought to have ** locked it. This has the (according to some) ** desirable effect of serializing connectivity with ** remote hosts -- i.e.: one connection to a give ** host at a time. ** ** Parameters: ** mci -- containing the host we want to lock. ** ** Returns: ** EX_OK -- got the lock. ** EX_TEMPFAIL -- didn't get the lock. */ int mci_lock_host(mci) MCI *mci; { if (mci == NULL) { if (tTd(56, 1)) dprintf("mci_lock_host: NULL mci\n"); return EX_OK; } if (!SingleThreadDelivery) return EX_OK; return mci_lock_host_statfile(mci); } static int mci_lock_host_statfile(mci) MCI *mci; { int save_errno = errno; int retVal = EX_OK; char fname[MAXPATHLEN + 1]; if (HostStatDir == NULL || mci->mci_host == NULL) return EX_OK; if (tTd(56, 2)) dprintf("mci_lock_host: attempting to lock %s\n", mci->mci_host); if (mci_generate_persistent_path(mci->mci_host, fname, sizeof fname, TRUE) < 0) { /* of course this should never happen */ if (tTd(56, 2)) dprintf("mci_lock_host: Failed to generate host path for %s\n", mci->mci_host); retVal = EX_TEMPFAIL; goto cleanup; } mci->mci_statfile = safefopen(fname, O_RDWR, FileMode, SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH|SFF_CREAT); if (mci->mci_statfile == NULL) { syserr("mci_lock_host: cannot create host lock file %s", fname); goto cleanup; } if (!lockfile(fileno(mci->mci_statfile), fname, "", LOCK_EX|LOCK_NB)) { if (tTd(56, 2)) dprintf("mci_lock_host: couldn't get lock on %s\n", fname); (void) fclose(mci->mci_statfile); mci->mci_statfile = NULL; retVal = EX_TEMPFAIL; goto cleanup; } if (tTd(56, 12) && mci->mci_statfile != NULL) dprintf("mci_lock_host: Sanity check -- lock is good\n"); cleanup: errno = save_errno; return retVal; } /* ** MCI_UNLOCK_HOST -- unlock host ** ** Clean up the lock on a host, close the file, let ** someone else use it. ** ** Parameters: ** mci -- us. ** ** Returns: ** nothing. */ void mci_unlock_host(mci) MCI *mci; { int save_errno = errno; if (mci == NULL) { if (tTd(56, 1)) dprintf("mci_unlock_host: NULL mci\n"); return; } if (HostStatDir == NULL || mci->mci_host == NULL) return; if (!SingleThreadDelivery && mci_lock_host_statfile(mci) == EX_TEMPFAIL) { if (tTd(56, 1)) dprintf("mci_unlock_host: stat file already locked\n"); } else { if (tTd(56, 2)) dprintf("mci_unlock_host: store prior to unlock\n"); mci_store_persistent(mci); } if (mci->mci_statfile != NULL) { (void) fclose(mci->mci_statfile); mci->mci_statfile = NULL; } errno = save_errno; } /* ** MCI_LOAD_PERSISTENT -- load persistent host info ** ** Load information about host that is kept ** in common for all running sendmails. ** ** Parameters: ** mci -- the host/connection to load persistent info ** for. ** ** Returns: ** TRUE -- lock was successful ** FALSE -- lock failed */ static bool mci_load_persistent(mci) MCI *mci; { int save_errno = errno; bool locked = TRUE; FILE *fp; char fname[MAXPATHLEN + 1]; if (mci == NULL) { if (tTd(56, 1)) dprintf("mci_load_persistent: NULL mci\n"); return TRUE; } if (IgnoreHostStatus || HostStatDir == NULL || mci->mci_host == NULL) return TRUE; /* Already have the persistent information in memory */ if (SingleThreadDelivery && mci->mci_statfile != NULL) return TRUE; if (tTd(56, 1)) dprintf("mci_load_persistent: Attempting to load persistent information for %s\n", mci->mci_host); if (mci_generate_persistent_path(mci->mci_host, fname, sizeof fname, FALSE) < 0) { /* Not much we can do if the file isn't there... */ if (tTd(56, 1)) dprintf("mci_load_persistent: Couldn't generate host path\n"); goto cleanup; } fp = safefopen(fname, O_RDONLY, FileMode, SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH); if (fp == NULL) { /* I can't think of any reason this should ever happen */ if (tTd(56, 1)) dprintf("mci_load_persistent: open(%s): %s\n", fname, errstring(errno)); goto cleanup; } FileName = fname; locked = lockfile(fileno(fp), fname, "", LOCK_SH|LOCK_NB); if (locked) { (void) mci_read_persistent(fp, mci); (void) lockfile(fileno(fp), fname, "", LOCK_UN); } FileName = NULL; (void) fclose(fp); cleanup: errno = save_errno; return locked; } /* ** MCI_READ_PERSISTENT -- read persistent host status file ** ** Parameters: ** fp -- the file pointer to read. ** mci -- the pointer to fill in. ** ** Returns: ** -1 -- if the file was corrupt. ** 0 -- otherwise. ** ** Warning: ** This code makes the assumption that this data ** will be read in an atomic fashion, and that the data ** was written in an atomic fashion. Any other functioning ** may lead to some form of insanity. This should be ** perfectly safe due to underlying stdio buffering. */ static int mci_read_persistent(fp, mci) FILE *fp; register MCI *mci; { int ver; register char *p; int saveLineNumber = LineNumber; char buf[MAXLINE]; if (fp == NULL) syserr("mci_read_persistent: NULL fp"); if (mci == NULL) syserr("mci_read_persistent: NULL mci"); if (tTd(56, 93)) { dprintf("mci_read_persistent: fp=%lx, mci=", (u_long) fp); mci_dump(mci, FALSE); } mci->mci_status = NULL; if (mci->mci_rstatus != NULL) free(mci->mci_rstatus); mci->mci_rstatus = NULL; rewind(fp); ver = -1; LineNumber = 0; while (fgets(buf, sizeof buf, fp) != NULL) { LineNumber++; p = strchr(buf, '\n'); if (p != NULL) *p = '\0'; switch (buf[0]) { case 'V': /* version stamp */ ver = atoi(&buf[1]); if (ver < 0 || ver > 0) syserr("Unknown host status version %d: %d max", ver, 0); break; case 'E': /* UNIX error number */ mci->mci_errno = atoi(&buf[1]); break; case 'H': /* DNS error number */ mci->mci_herrno = atoi(&buf[1]); break; case 'S': /* UNIX exit status */ mci->mci_exitstat = atoi(&buf[1]); break; case 'D': /* DSN status */ mci->mci_status = newstr(&buf[1]); break; case 'R': /* SMTP status */ mci->mci_rstatus = newstr(&buf[1]); break; case 'U': /* last usage time */ mci->mci_lastuse = atol(&buf[1]); break; case '.': /* end of file */ return 0; default: sm_syslog(LOG_CRIT, NOQID, "%s: line %d: Unknown host status line \"%s\"", FileName == NULL ? mci->mci_host : FileName, LineNumber, buf); LineNumber = saveLineNumber; return -1; } } LineNumber = saveLineNumber; if (ver < 0) return -1; return 0; } /* ** MCI_STORE_PERSISTENT -- Store persistent MCI information ** ** Store information about host that is kept ** in common for all running sendmails. ** ** Parameters: ** mci -- the host/connection to store persistent info for. ** ** Returns: ** none. */ void mci_store_persistent(mci) MCI *mci; { int save_errno = errno; if (mci == NULL) { if (tTd(56, 1)) dprintf("mci_store_persistent: NULL mci\n"); return; } if (HostStatDir == NULL || mci->mci_host == NULL) return; if (tTd(56, 1)) dprintf("mci_store_persistent: Storing information for %s\n", mci->mci_host); if (mci->mci_statfile == NULL) { if (tTd(56, 1)) dprintf("mci_store_persistent: no statfile\n"); return; } rewind(mci->mci_statfile); #if !NOFTRUNCATE (void) ftruncate(fileno(mci->mci_statfile), (off_t) 0); #endif /* !NOFTRUNCATE */ fprintf(mci->mci_statfile, "V0\n"); fprintf(mci->mci_statfile, "E%d\n", mci->mci_errno); fprintf(mci->mci_statfile, "H%d\n", mci->mci_herrno); fprintf(mci->mci_statfile, "S%d\n", mci->mci_exitstat); if (mci->mci_status != NULL) fprintf(mci->mci_statfile, "D%.80s\n", denlstring(mci->mci_status, TRUE, FALSE)); if (mci->mci_rstatus != NULL) fprintf(mci->mci_statfile, "R%.80s\n", denlstring(mci->mci_rstatus, TRUE, FALSE)); fprintf(mci->mci_statfile, "U%ld\n", (long)(mci->mci_lastuse)); fprintf(mci->mci_statfile, ".\n"); (void) fflush(mci->mci_statfile); errno = save_errno; return; } /* ** MCI_TRAVERSE_PERSISTENT -- walk persistent status tree ** ** Recursively find all the mci host files in `pathname'. Default to ** main host status directory if no path is provided. ** Call (*action)(pathname, host) for each file found. ** ** Note: all information is collected in a list before it is processed. ** This may not be the best way to do it, but it seems safest, since ** the file system would be touched while we are attempting to traverse ** the directory tree otherwise (during purges). ** ** Parameters: ** action -- function to call on each node. If returns < 0, ** return immediately. ** pathname -- root of tree. If null, use main host status ** directory. ** ** Returns: ** < 0 -- if any action routine returns a negative value, that ** value is returned. ** 0 -- if we successfully went to completion. ** > 0 -- return status from action() */ int mci_traverse_persistent(action, pathname) int (*action)(); char *pathname; { struct stat statbuf; DIR *d; int ret; if (pathname == NULL) pathname = HostStatDir; if (pathname == NULL) return -1; if (tTd(56, 1)) dprintf("mci_traverse: pathname is %s\n", pathname); ret = stat(pathname, &statbuf); if (ret < 0) { if (tTd(56, 2)) dprintf("mci_traverse: Failed to stat %s: %s\n", pathname, errstring(errno)); return ret; } if (S_ISDIR(statbuf.st_mode)) { struct dirent *e; char *newptr; char newpath[MAXPATHLEN + 1]; bool leftone, removedone; if ((d = opendir(pathname)) == NULL) { if (tTd(56, 2)) dprintf("mci_traverse: opendir %s: %s\n", pathname, errstring(errno)); return -1; } if (strlen(pathname) >= sizeof newpath - MAXNAMLEN - 3) { if (tTd(56, 2)) dprintf("mci_traverse: path \"%s\" too long", pathname); return -1; } (void) strlcpy(newpath, pathname, sizeof newpath); newptr = newpath + strlen(newpath); *newptr++ = '/'; /* ** repeat until no file has been removed ** this may become ugly when several files "expire" ** during these loops, but it's better than doing ** a rewinddir() inside the inner loop */ do { leftone = removedone = FALSE; while ((e = readdir(d)) != NULL) { if (e->d_name[0] == '.') continue; (void) strlcpy(newptr, e->d_name, sizeof newpath - (newptr - newpath)); ret = mci_traverse_persistent(action, newpath); if (ret < 0) break; if (ret == 1) leftone = TRUE; if (!removedone && ret == 0 && action == mci_purge_persistent) removedone = TRUE; } if (ret < 0) break; /* ** The following appears to be ** necessary during purges, since ** we modify the directory structure */ if (removedone) rewinddir(d); if (tTd(56, 40)) dprintf("mci_traverse: path %s: ret %d removed %d left %d\n", pathname, ret, removedone, leftone); } while (removedone); /* purge (or whatever) the directory proper */ if (!leftone) { *--newptr = '\0'; ret = (*action)(newpath, NULL); } (void) closedir(d); } else if (S_ISREG(statbuf.st_mode)) { char *end = pathname + strlen(pathname) - 1; char *start; char *scan; char host[MAXHOSTNAMELEN]; char *hostptr = host; /* ** Reconstruct the host name from the path to the ** persistent information. */ do { if (hostptr != host) *(hostptr++) = '.'; start = end; while (*(start - 1) != '/') start--; if (*end == '.') end--; for (scan = start; scan <= end; scan++) *(hostptr++) = *scan; end = start - 2; } while (*end == '.'); *hostptr = '\0'; /* ** Do something with the file containing the persistent ** information. */ ret = (*action)(pathname, host); } return ret; } /* ** MCI_PRINT_PERSISTENT -- print persistent info ** ** Dump the persistent information in the file 'pathname' ** ** Parameters: ** pathname -- the pathname to the status file. ** hostname -- the corresponding host name. ** ** Returns: ** 0 */ int mci_print_persistent(pathname, hostname) char *pathname; char *hostname; { static int initflag = FALSE; FILE *fp; int width = Verbose ? 78 : 25; bool locked; MCI mcib; /* skip directories */ if (hostname == NULL) return 0; if (!initflag) { initflag = TRUE; printf(" -------------- Hostname --------------- How long ago ---------Results---------\n"); } fp = safefopen(pathname, O_RDWR, FileMode, SFF_NOLOCK|SFF_NOLINK|SFF_OPENASROOT|SFF_REGONLY|SFF_SAFEDIRPATH); if (fp == NULL) { if (tTd(56, 1)) dprintf("mci_print_persistent: cannot open %s: %s\n", pathname, errstring(errno)); return 0; } FileName = pathname; memset(&mcib, '\0', sizeof mcib); if (mci_read_persistent(fp, &mcib) < 0) { syserr("%s: could not read status file", pathname); (void) fclose(fp); FileName = NULL; return 0; } locked = !lockfile(fileno(fp), pathname, "", LOCK_EX|LOCK_NB); (void) fclose(fp); FileName = NULL; printf("%c%-39s %12s ", locked ? '*' : ' ', hostname, pintvl(curtime() - mcib.mci_lastuse, TRUE)); if (mcib.mci_rstatus != NULL) printf("%.*s\n", width, mcib.mci_rstatus); else if (mcib.mci_exitstat == EX_TEMPFAIL && mcib.mci_errno != 0) printf("Deferred: %.*s\n", width - 10, errstring(mcib.mci_errno)); else if (mcib.mci_exitstat != 0) { int i = mcib.mci_exitstat - EX__BASE; extern int N_SysEx; extern char *SysExMsg[]; if (i < 0 || i >= N_SysEx) { char buf[80]; snprintf(buf, sizeof buf, "Unknown mailer error %d", mcib.mci_exitstat); printf("%.*s\n", width, buf); } else printf("%.*s\n", width, &(SysExMsg[i])[5]); } else if (mcib.mci_errno == 0) printf("OK\n"); else printf("OK: %.*s\n", width - 4, errstring(mcib.mci_errno)); return 0; } /* ** MCI_PURGE_PERSISTENT -- Remove a persistence status file. ** ** Parameters: ** pathname -- path to the status file. ** hostname -- name of host corresponding to that file. ** NULL if this is a directory (domain). ** ** Returns: ** 0 -- ok ** 1 -- file not deleted (too young, incorrect format) ** < 0 -- some error occurred */ int mci_purge_persistent(pathname, hostname) char *pathname; char *hostname; { struct stat statbuf; char *end = pathname + strlen(pathname) - 1; int ret; if (tTd(56, 1)) dprintf("mci_purge_persistent: purging %s\n", pathname); ret = stat(pathname, &statbuf); if (ret < 0) { if (tTd(56, 2)) dprintf("mci_purge_persistent: Failed to stat %s: %s\n", pathname, errstring(errno)); return ret; } if (curtime() - statbuf.st_mtime < MciInfoTimeout) return 1; if (hostname != NULL) { /* remove the file */ if (unlink(pathname) < 0) { if (tTd(56, 2)) dprintf("mci_purge_persistent: failed to unlink %s: %s\n", pathname, errstring(errno)); } } else { /* remove the directory */ if (*end != '.') return 1; if (tTd(56, 1)) dprintf("mci_purge_persistent: dpurge %s\n", pathname); if (rmdir(pathname) < 0) { if (tTd(56, 2)) dprintf("mci_purge_persistent: rmdir %s: %s\n", pathname, errstring(errno)); } } return 0; } /* ** MCI_GENERATE_PERSISTENT_PATH -- generate path from hostname ** ** Given `host', convert from a.b.c to $QueueDir/.hoststat/c./b./a, ** putting the result into `path'. if `createflag' is set, intervening ** directories will be created as needed. ** ** Parameters: ** host -- host name to convert from. ** path -- place to store result. ** pathlen -- length of path buffer. ** createflag -- if set, create intervening directories as ** needed. ** ** Returns: ** 0 -- success ** -1 -- failure */ static int mci_generate_persistent_path(host, path, pathlen, createflag) const char *host; char *path; int pathlen; bool createflag; { char *elem, *p, *x, ch; int ret = 0; int len; char t_host[MAXHOSTNAMELEN]; #if NETINET6 struct in6_addr in6_addr; #endif /* NETINET6 */ /* ** Rationality check the arguments. */ if (host == NULL) { syserr("mci_generate_persistent_path: null host"); return -1; } if (path == NULL) { syserr("mci_generate_persistent_path: null path"); return -1; } if (tTd(56, 80)) dprintf("mci_generate_persistent_path(%s): ", host); if (*host == '\0' || *host == '.') return -1; /* make certain this is not a bracketed host number */ if (strlen(host) > sizeof t_host - 1) return -1; if (host[0] == '[') (void) strlcpy(t_host, host + 1, sizeof t_host); else (void) strlcpy(t_host, host, sizeof t_host); /* ** Delete any trailing dots from the hostname. ** Leave 'elem' pointing at the \0. */ elem = t_host + strlen(t_host); while (elem > t_host && (elem[-1] == '.' || (host[0] == '[' && elem[-1] == ']'))) *--elem = '\0'; #if NETINET || NETINET6 /* check for bogus bracketed address */ - if (host[0] == '[' && + if (host[0] == '[' # if NETINET6 - inet_pton(AF_INET6, t_host, &in6_addr) != 1 && + && inet_pton(AF_INET6, t_host, &in6_addr) != 1 # endif /* NETINET6 */ # if NETINET - inet_addr(t_host) == INADDR_NONE + && inet_addr(t_host) == INADDR_NONE # endif /* NETINET */ ) return -1; #endif /* NETINET || NETINET6 */ /* check for what will be the final length of the path */ len = strlen(HostStatDir) + 2; for (p = (char *) t_host; *p != '\0'; p++) { if (*p == '.') len++; len++; if (p[0] == '.' && p[1] == '.') return -1; } if (len > pathlen || len < 1) return -1; (void) strlcpy(path, HostStatDir, pathlen); p = path + strlen(path); while (elem > t_host) { if (!path_is_dir(path, createflag)) { ret = -1; break; } elem--; while (elem >= t_host && *elem != '.') elem--; *p++ = '/'; x = elem + 1; while ((ch = *x++) != '\0' && ch != '.') { if (isascii(ch) && isupper(ch)) ch = tolower(ch); if (ch == '/') ch = ':'; /* / -> : */ *p++ = ch; } if (elem >= t_host) *p++ = '.'; *p = '\0'; } if (tTd(56, 80)) { if (ret < 0) dprintf("FAILURE %d\n", ret); else dprintf("SUCCESS %s\n", path); } return ret; } Index: stable/4/contrib/sendmail/src/milter.c =================================================================== --- stable/4/contrib/sendmail/src/milter.c (revision 71887) +++ stable/4/contrib/sendmail/src/milter.c (revision 71888) @@ -1,3405 +1,3489 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: milter.c,v 8.50.4.33 2000/09/19 19:40:15 gshapiro Exp $"; +static char id[] = "@(#)$Id: milter.c,v 8.50.4.41 2000/12/27 21:35:32 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_MILTER # include # include # include # if NETINET || NETINET6 # include # endif /* NETINET || NETINET6 */ +# define SM_FD_SET FD_SET +# define SM_FD_ISSET FD_ISSET +# define SM_FD_SETSIZE FD_SETSIZE static void milter_error __P((struct milter *)); static int milter_open __P((struct milter *, bool, ENVELOPE *)); static void milter_parse_timeouts __P((char *, struct milter *)); static char *MilterConnectMacros[MAXFILTERMACROS + 1]; static char *MilterHeloMacros[MAXFILTERMACROS + 1]; static char *MilterEnvFromMacros[MAXFILTERMACROS + 1]; static char *MilterEnvRcptMacros[MAXFILTERMACROS + 1]; # define MILTER_CHECK_DONE_MSG() \ if (*state == SMFIR_REPLYCODE || \ *state == SMFIR_REJECT || \ *state == SMFIR_DISCARD || \ *state == SMFIR_TEMPFAIL) \ { \ /* Abort the filters to let them know we are done with msg */ \ milter_abort(e); \ } # define MILTER_CHECK_ERROR(action) \ if (bitnset(SMF_TEMPFAIL, m->mf_flags)) \ *state = SMFIR_TEMPFAIL; \ else if (bitnset(SMF_REJECT, m->mf_flags)) \ *state = SMFIR_REJECT; \ else \ action; # define MILTER_CHECK_REPLYCODE(default) \ if (response == NULL || \ strlen(response) + 1 != (size_t) rlen || \ rlen < 3 || \ (response[0] != '4' && response[0] != '5') || \ !isascii(response[1]) || !isdigit(response[1]) || \ !isascii(response[2]) || !isdigit(response[2])) \ { \ if (response != NULL) \ free(response); \ response = newstr(default); \ } \ else \ { \ char *ptr = response; \ \ /* Check for unprotected %'s in the string */ \ while (*ptr != '\0') \ { \ if (*ptr == '%' && *++ptr != '%') \ { \ free(response); \ response = newstr(default); \ break; \ } \ ptr++; \ } \ } # define MILTER_DF_ERROR(msg) \ { \ int save_errno = errno; \ \ if (tTd(64, 5)) \ { \ dprintf(msg, dfname, errstring(save_errno)); \ dprintf("\n"); \ } \ if (LogLevel > 0) \ sm_syslog(LOG_ERR, e->e_id, msg, dfname, errstring(save_errno)); \ if (SuperSafe) \ { \ if (e->e_dfp != NULL) \ { \ (void) fclose(e->e_dfp); \ e->e_dfp = NULL; \ } \ e->e_flags &= ~EF_HAS_DF; \ } \ errno = save_errno; \ } /* ** MILTER_TIMEOUT -- make sure socket is ready in time ** ** Parameters: ** routine -- routine name for debug/logging ** secs -- number of seconds in timeout ** write -- waiting to read or write? ** ** Assumes 'm' is a milter structure for the current socket. */ - -# define MILTER_TIMEOUT(routine, secs, write) \ +# define MILTER_TIMEOUT(routine, secs, write) \ { \ int ret; \ int save_errno; \ fd_set fds; \ struct timeval tv; \ \ - if (m->mf_sock >= FD_SETSIZE) \ + if (SM_FD_SETSIZE != 0 && m->mf_sock >= SM_FD_SETSIZE) \ { \ if (tTd(64, 5)) \ dprintf("%s(%s): socket %d is larger than FD_SETSIZE %d\n", \ - routine, m->mf_name, m->mf_sock, FD_SETSIZE); \ + routine, m->mf_name, m->mf_sock, SM_FD_SETSIZE); \ if (LogLevel > 0) \ sm_syslog(LOG_ERR, e->e_id, \ "%s(%s): socket %d is larger than FD_SETSIZE %d\n", \ - routine, m->mf_name, m->mf_sock, FD_SETSIZE); \ + routine, m->mf_name, m->mf_sock, SM_FD_SETSIZE); \ milter_error(m); \ return NULL; \ } \ \ FD_ZERO(&fds); \ - FD_SET(m->mf_sock, &fds); \ + SM_FD_SET(m->mf_sock, &fds); \ tv.tv_sec = secs; \ tv.tv_usec = 0; \ ret = select(m->mf_sock + 1, \ write ? NULL : &fds, \ write ? &fds : NULL, \ NULL, &tv); \ \ switch (ret) \ { \ case 0: \ if (tTd(64, 5)) \ dprintf("%s(%s): timeout\n", routine, m->mf_name); \ if (LogLevel > 0) \ sm_syslog(LOG_ERR, e->e_id, "%s(%s): timeout\n", \ routine, m->mf_name); \ milter_error(m); \ return NULL; \ \ case -1: \ save_errno = errno; \ if (tTd(64, 5)) \ dprintf("%s(%s): select: %s\n", \ routine, m->mf_name, errstring(save_errno)); \ if (LogLevel > 0) \ sm_syslog(LOG_ERR, e->e_id, \ "%s(%s): select: %s\n", \ routine, m->mf_name, errstring(save_errno)); \ milter_error(m); \ return NULL; \ \ default: \ - if (FD_ISSET(m->mf_sock, &fds)) \ + if (SM_FD_ISSET(m->mf_sock, &fds)) \ break; \ if (tTd(64, 5)) \ dprintf("%s(%s): socket not ready\n", \ routine, m->mf_name); \ if (LogLevel > 0) \ sm_syslog(LOG_ERR, e->e_id, \ "%s(%s): socket not ready\n", \ m->mf_name, routine); \ milter_error(m); \ return NULL; \ } \ } - /* ** Low level functions */ /* ** MILTER_READ -- read from a remote milter filter ** ** Parameters: ** m -- milter to read from. ** cmd -- return param for command read. ** rlen -- return length of response string. ** to -- timeout in seconds. ** e -- current envelope. ** ** Returns: ** response string (may be NULL) */ static char * milter_sysread(m, buf, sz, to, e) struct milter *m; char *buf; ssize_t sz; time_t to; ENVELOPE *e; { time_t readstart = 0; ssize_t len, curl; curl = 0; if (to > 0) readstart = curtime(); for (;;) { if (to > 0) { time_t now; now = curtime(); if (now - readstart >= to) { if (tTd(64, 5)) dprintf("milter_read(%s): timeout before data read\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_read(%s): timeout before data read\n", m->mf_name); milter_error(m); return NULL; } to -= now - readstart; readstart = now; MILTER_TIMEOUT("milter_read", to, FALSE); } len = read(m->mf_sock, buf + curl, sz - curl); if (len < 0) { int save_errno = errno; if (tTd(64, 5)) dprintf("milter_read(%s): read returned %ld: %s\n", m->mf_name, (long) len, errstring(save_errno)); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_read(%s): read returned %ld: %s", m->mf_name, (long) len, errstring(save_errno)); milter_error(m); return NULL; } curl += len; if (len == 0 || len >= sz) break; } if (curl != sz) { if (tTd(64, 5)) dprintf("milter_read(%s): read returned %ld, expecting %ld\n", m->mf_name, (long) curl, (long) sz); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_read(%s): read returned %ld, expecting %ld", m->mf_name, (long) curl, (long) sz); milter_error(m); return NULL; } return buf; } static char * milter_read(m, cmd, rlen, to, e) struct milter *m; char *cmd; ssize_t *rlen; time_t to; ENVELOPE *e; { time_t readstart = 0; ssize_t expl; mi_int32 i; char *buf; char data[MILTER_LEN_BYTES + 1]; *rlen = 0; *cmd = '\0'; if (to > 0) readstart = curtime(); if (milter_sysread(m, data, sizeof data, to, e) == NULL) return NULL; /* reset timeout */ if (to > 0) { time_t now; now = curtime(); if (now - readstart >= to) { if (tTd(64, 5)) dprintf("milter_read(%s): timeout before data read\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_read(%s): timeout before data read\n", m->mf_name); milter_error(m); return NULL; } to -= now - readstart; } *cmd = data[MILTER_LEN_BYTES]; data[MILTER_LEN_BYTES] = '\0'; (void) memcpy(&i, data, MILTER_LEN_BYTES); expl = ntohl(i) - 1; if (tTd(64, 25)) dprintf("milter_read(%s): expecting %ld bytes\n", m->mf_name, (long) expl); if (expl < 0) { if (tTd(64, 5)) dprintf("milter_read(%s): read size %ld out of range\n", m->mf_name, (long) expl); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_read(%s): read size %ld out of range", m->mf_name, (long) expl); milter_error(m); return NULL; } if (expl == 0) return NULL; buf = (char *)xalloc(expl); if (milter_sysread(m, buf, expl, to, e) == NULL) { free(buf); return NULL; } if (tTd(64, 50)) dprintf("milter_read(%s): Returning %*s\n", m->mf_name, (int) expl, buf); *rlen = expl; return buf; } /* ** MILTER_WRITE -- write to a remote milter filter ** ** Parameters: ** m -- milter to read from. ** cmd -- command to send. ** buf -- optional command data. ** len -- length of buf. ** to -- timeout in seconds. ** e -- current envelope. ** ** Returns: ** buf if successful, NULL otherwise ** Not actually used anywhere but function prototype ** must match milter_read() */ static char * milter_write(m, cmd, buf, len, to, e) struct milter *m; char cmd; char *buf; ssize_t len; time_t to; ENVELOPE *e; { time_t writestart = (time_t) 0; ssize_t sl, i; mi_int32 nl; char data[MILTER_LEN_BYTES + 1]; if (len < 0 || len > MILTER_CHUNK_SIZE) { if (tTd(64, 5)) dprintf("milter_write(%s): length %ld out of range\n", m->mf_name, (long) len); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_write(%s): length %ld out of range", m->mf_name, (long) len); milter_error(m); return NULL; } if (tTd(64, 20)) dprintf("milter_write(%s): cmd %c, len %ld\n", m->mf_name, cmd, (long) len); nl = htonl(len + 1); /* add 1 for the cmd char */ (void) memcpy(data, (char *) &nl, MILTER_LEN_BYTES); data[MILTER_LEN_BYTES] = cmd; sl = MILTER_LEN_BYTES + 1; if (to > 0) { writestart = curtime(); MILTER_TIMEOUT("milter_write", to, TRUE); } /* use writev() instead to send the whole stuff at once? */ i = write(m->mf_sock, (void *) data, sl); if (i != sl) { int save_errno = errno; if (tTd(64, 5)) dprintf("milter_write(%s): write(%c) returned %ld, expected %ld: %s\n", m->mf_name, cmd, (long) i, (long) sl, errstring(save_errno)); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_write(%s): write(%c) returned %ld, expected %ld: %s", m->mf_name, cmd, (long) i, (long) sl, errstring(save_errno)); milter_error(m); return buf; } if (len <= 0 || buf == NULL) return buf; if (tTd(64, 50)) dprintf("milter_write(%s): Sending %*s\n", m->mf_name, (int) len, buf); if (to > 0) { time_t now; now = curtime(); if (now - writestart >= to) { if (tTd(64, 5)) dprintf("milter_write(%s): timeout before data send\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_write(%s): timeout before data send\n", m->mf_name); milter_error(m); return NULL; } else { to -= now - writestart; MILTER_TIMEOUT("milter_write", to, TRUE); } } i = write(m->mf_sock, (void *) buf, len); if (i != len) { int save_errno = errno; if (tTd(64, 5)) dprintf("milter_write(%s): write(%c) returned %ld, expected %ld: %s\n", m->mf_name, cmd, (long) i, (long) sl, errstring(save_errno)); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_write(%s): write(%c) returned %ld, expected %ld: %s", m->mf_name, cmd, (long) i, (long) len, errstring(save_errno)); milter_error(m); return NULL; } return buf; } /* ** Utility functions */ /* ** MILTER_OPEN -- connect to remote milter filter ** ** Parameters: ** m -- milter to connect to. ** parseonly -- parse but don't connect. ** e -- current envelope. ** ** Returns: ** connected socket if sucessful && !parseonly, ** 0 upon parse success if parseonly, ** -1 otherwise. */ static int milter_open(m, parseonly, e) struct milter *m; bool parseonly; ENVELOPE *e; { int sock = 0; SOCKADDR_LEN_T addrlen = 0; int addrno = 0; int save_errno; char *p; char *colon; char *at; struct hostent *hp = NULL; SOCKADDR addr; if (m->mf_conn == NULL || m->mf_conn[0] == '\0') { if (tTd(64, 5)) dprintf("X%s: empty or missing socket information\n", m->mf_name); if (parseonly) syserr("X%s: empty or missing socket information", m->mf_name); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: empty or missing socket information", m->mf_name); milter_error(m); return -1; } /* protocol:filename or protocol:port@host */ p = m->mf_conn; colon = strchr(p, ':'); if (colon != NULL) { *colon = '\0'; if (*p == '\0') { # if NETUNIX /* default to AF_UNIX */ addr.sa.sa_family = AF_UNIX; # else /* NETUNIX */ # if NETINET /* default to AF_INET */ addr.sa.sa_family = AF_INET; # else /* NETINET */ # if NETINET6 /* default to AF_INET6 */ addr.sa.sa_family = AF_INET6; # else /* NETINET6 */ /* no protocols available */ sm_syslog(LOG_ERR, e->e_id, "X%s: no valid socket protocols available", m->mf_name); milter_error(m); return -1; # endif /* NETINET6 */ # endif /* NETINET */ # endif /* NETUNIX */ } # if NETUNIX else if (strcasecmp(p, "unix") == 0 || strcasecmp(p, "local") == 0) addr.sa.sa_family = AF_UNIX; # endif /* NETUNIX */ # if NETINET else if (strcasecmp(p, "inet") == 0) addr.sa.sa_family = AF_INET; # endif /* NETINET */ # if NETINET6 else if (strcasecmp(p, "inet6") == 0) addr.sa.sa_family = AF_INET6; # endif /* NETINET6 */ else { # ifdef EPROTONOSUPPORT errno = EPROTONOSUPPORT; # else /* EPROTONOSUPPORT */ errno = EINVAL; # endif /* EPROTONOSUPPORT */ if (tTd(64, 5)) dprintf("X%s: unknown socket type %s\n", m->mf_name, p); if (parseonly) syserr("X%s: unknown socket type %s", m->mf_name, p); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: unknown socket type %s", m->mf_name, p); milter_error(m); return -1; } *colon++ = ':'; } else { /* default to AF_UNIX */ addr.sa.sa_family = AF_UNIX; colon = p; } # if NETUNIX if (addr.sa.sa_family == AF_UNIX) { long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_EXECOK; at = colon; if (strlen(colon) >= sizeof addr.sunix.sun_path) { if (tTd(64, 5)) dprintf("X%s: local socket name %s too long\n", m->mf_name, colon); errno = EINVAL; if (parseonly) syserr("X%s: local socket name %s too long", m->mf_name, colon); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: local socket name %s too long", m->mf_name, colon); milter_error(m); return -1; } errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR|S_IWUSR, NULL); /* if just parsing .cf file, socket doesn't need to exist */ if (parseonly && errno == ENOENT) { if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON) fprintf(stderr, "WARNING: X%s: local socket name %s missing\n", m->mf_name, colon); } else if (errno != 0) { /* if not safe, don't create */ save_errno = errno; if (tTd(64, 5)) dprintf("X%s: local socket name %s unsafe\n", m->mf_name, colon); errno = save_errno; if (parseonly) { if (OpMode == MD_DAEMON || OpMode == MD_FGDAEMON || OpMode == MD_SMTP) syserr("X%s: local socket name %s unsafe", m->mf_name, colon); } else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: local socket name %s unsafe", m->mf_name, colon); milter_error(m); return -1; } (void) strlcpy(addr.sunix.sun_path, colon, sizeof addr.sunix.sun_path); addrlen = sizeof (struct sockaddr_un); } else # endif /* NETUNIX */ # if NETINET || NETINET6 if (FALSE # if NETINET || addr.sa.sa_family == AF_INET # endif /* NETINET */ # if NETINET6 || addr.sa.sa_family == AF_INET6 # endif /* NETINET6 */ ) { u_short port; /* Parse port@host */ at = strchr(colon, '@'); if (at == NULL) { if (tTd(64, 5)) dprintf("X%s: bad address %s (expected port@host)\n", m->mf_name, colon); if (parseonly) syserr("X%s: bad address %s (expected port@host)", m->mf_name, colon); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: bad address %s (expected port@host)", m->mf_name, colon); milter_error(m); return -1; } *at = '\0'; if (isascii(*colon) && isdigit(*colon)) port = htons((u_short) atoi(colon)); else { # ifdef NO_GETSERVBYNAME if (tTd(64, 5)) dprintf("X%s: invalid port number %s\n", m->mf_name, colon); if (parseonly) syserr("X%s: invalid port number %s", m->mf_name, colon); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: invalid port number %s", m->mf_name, colon); milter_error(m); return -1; # else /* NO_GETSERVBYNAME */ register struct servent *sp; sp = getservbyname(colon, "tcp"); if (sp == NULL) { save_errno = errno; if (tTd(64, 5)) dprintf("X%s: unknown port name %s\n", m->mf_name, colon); errno = save_errno; if (parseonly) syserr("X%s: unknown port name %s", m->mf_name, colon); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: unknown port name %s", m->mf_name, colon); milter_error(m); return -1; } port = sp->s_port; # endif /* NO_GETSERVBYNAME */ } *at++ = '@'; if (*at == '[') { char *end; end = strchr(at, ']'); if (end != NULL) { bool found = FALSE; # if NETINET unsigned long hid = INADDR_NONE; # endif /* NETINET */ # if NETINET6 struct sockaddr_in6 hid6; # endif /* NETINET6 */ *end = '\0'; # if NETINET if (addr.sa.sa_family == AF_INET && (hid = inet_addr(&at[1])) != INADDR_NONE) { addr.sin.sin_addr.s_addr = hid; addr.sin.sin_port = port; found = TRUE; } # endif /* NETINET */ # if NETINET6 (void) memset(&hid6, '\0', sizeof hid6); if (addr.sa.sa_family == AF_INET6 && inet_pton(AF_INET6, &at[1], &hid6.sin6_addr) == 1) { addr.sin6.sin6_addr = hid6.sin6_addr; addr.sin6.sin6_port = port; found = TRUE; } # endif /* NETINET6 */ *end = ']'; if (!found) { if (tTd(64, 5)) dprintf("X%s: Invalid numeric domain spec \"%s\"\n", m->mf_name, at); if (parseonly) syserr("X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); milter_error(m); return -1; } } else { if (tTd(64, 5)) dprintf("X%s: Invalid numeric domain spec \"%s\"\n", m->mf_name, at); if (parseonly) syserr("X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: Invalid numeric domain spec \"%s\"", m->mf_name, at); milter_error(m); return -1; } } else { hp = sm_gethostbyname(at, addr.sa.sa_family); if (hp == NULL) { save_errno = errno; if (tTd(64, 5)) dprintf("X%s: Unknown host name %s\n", m->mf_name, at); errno = save_errno; if (parseonly) syserr("X%s: Unknown host name %s", m->mf_name, at); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: Unknown host name %s", m->mf_name, at); milter_error(m); return -1; } addr.sa.sa_family = hp->h_addrtype; switch (hp->h_addrtype) { # if NETINET case AF_INET: memmove(&addr.sin.sin_addr, hp->h_addr, INADDRSZ); addr.sin.sin_port = port; addrlen = sizeof (struct sockaddr_in); addrno = 1; break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, hp->h_addr, IN6ADDRSZ); addr.sin6.sin6_port = port; addrlen = sizeof (struct sockaddr_in6); addrno = 1; break; # endif /* NETINET6 */ default: if (tTd(64, 5)) dprintf("X%s: Unknown protocol for %s (%d)\n", m->mf_name, at, hp->h_addrtype); if (parseonly) syserr("X%s: Unknown protocol for %s (%d)", m->mf_name, at, hp->h_addrtype); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: Unknown protocol for %s (%d)", m->mf_name, at, hp->h_addrtype); milter_error(m); +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return -1; } } } else # endif /* NETINET || NETINET6 */ { if (tTd(64, 5)) dprintf("X%s: unknown socket protocol\n", m->mf_name); if (parseonly) syserr("X%s: unknown socket protocol", m->mf_name); else if (LogLevel > 10) sm_syslog(LOG_ERR, e->e_id, "X%s: unknown socket protocol", m->mf_name); milter_error(m); return -1; } /* just parsing through? */ if (parseonly) { m->mf_state = SMFS_READY; +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return 0; } /* sanity check */ if (m->mf_state != SMFS_READY && m->mf_state != SMFS_CLOSED) { /* shouldn't happen */ if (tTd(64, 1)) dprintf("milter_open(%s): Trying to open filter in state %c\n", m->mf_name, (char) m->mf_state); milter_error(m); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return -1; } /* nope, actually connecting */ for (;;) { sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); if (sock < 0) { save_errno = errno; if (tTd(64, 5)) dprintf("X%s: error creating socket: %s\n", m->mf_name, errstring(save_errno)); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "X%s: error creating socket: %s", m->mf_name, errstring(save_errno)); milter_error(m); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return -1; } if (connect(sock, (struct sockaddr *) &addr, addrlen) >= 0) break; /* couldn't connect.... try next address */ save_errno = errno; p = CurHostName; CurHostName = at; if (tTd(64, 5)) dprintf("milter_open(%s): %s failed: %s\n", m->mf_name, at, errstring(save_errno)); if (LogLevel >= 14) sm_syslog(LOG_INFO, e->e_id, "milter_open(%s): %s failed: %s", m->mf_name, at, errstring(save_errno)); CurHostName = p; (void) close(sock); /* try next address */ if (hp != NULL && hp->h_addr_list[addrno] != NULL) { switch (addr.sa.sa_family) { # if NETINET case AF_INET: memmove(&addr.sin.sin_addr, hp->h_addr_list[addrno++], INADDRSZ); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: memmove(&addr.sin6.sin6_addr, hp->h_addr_list[addrno++], IN6ADDRSZ); break; # endif /* NETINET6 */ default: if (tTd(64, 5)) dprintf("X%s: Unknown protocol for %s (%d)\n", m->mf_name, at, hp->h_addrtype); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "X%s: Unknown protocol for %s (%d)", m->mf_name, at, hp->h_addrtype); milter_error(m); +# if _FFR_FREEHOSTENT && NETINET6 + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return -1; } continue; } if (tTd(64, 5)) dprintf("X%s: error connecting to filter\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "X%s: error connecting to filter", m->mf_name); milter_error(m); +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + freehostent(hp); +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return -1; } m->mf_state = SMFS_OPEN; +# if _FFR_FREEHOSTENT && NETINET6 + if (hp != NULL) + { + freehostent(hp); + hp = NULL; + } +# endif /* _FFR_FREEHOSTENT && NETINET6 */ return sock; } /* ** MILTER_SETUP -- setup structure for a mail filter ** ** Parameters: ** line -- the options line. ** ** Returns: ** none */ void milter_setup(line) char *line; { char fcode; register char *p; register struct milter *m; STAB *s; /* collect the filter name */ for (p = line; *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p)); p++) continue; if (*p != '\0') *p++ = '\0'; if (line[0] == '\0') { syserr("name required for mail filter"); return; } m = (struct milter *)xalloc(sizeof *m); memset((char *) m, '\0', sizeof *m); m->mf_name = newstr(line); m->mf_state = SMFS_READY; m->mf_sock = -1; m->mf_timeout[SMFTO_WRITE] = (time_t) 10; m->mf_timeout[SMFTO_READ] = (time_t) 10; m->mf_timeout[SMFTO_EOM] = (time_t) 300; /* now scan through and assign info from the fields */ while (*p != '\0') { char *delimptr; while (*p != '\0' && (*p == ',' || (isascii(*p) && isspace(*p)))) p++; /* p now points to field code */ fcode = *p; while (*p != '\0' && *p != '=' && *p != ',') p++; if (*p++ != '=') { syserr("X%s: `=' expected", m->mf_name); return; } while (isascii(*p) && isspace(*p)) p++; /* p now points to the field body */ p = munchstring(p, &delimptr, ','); /* install the field into the filter struct */ switch (fcode) { case 'S': /* socket */ if (p == NULL) m->mf_conn = NULL; else m->mf_conn = newstr(p); break; case 'F': /* Milter flags configured on MTA */ for (; *p != '\0'; p++) { if (!(isascii(*p) && isspace(*p))) - setbitn(*p, m->mf_flags); + setbitn(bitidx(*p), m->mf_flags); } break; case 'T': /* timeouts */ milter_parse_timeouts(p, m); break; default: syserr("X%s: unknown filter equate %c=", m->mf_name, fcode); break; } p = delimptr; } /* early check for errors */ (void) milter_open(m, TRUE, CurEnv); /* enter the filter into the symbol table */ s = stab(m->mf_name, ST_MILTER, ST_ENTER); if (s->s_milter != NULL) syserr("X%s: duplicate filter definition", m->mf_name); else s->s_milter = m; } /* ** MILTER_PARSE_LIST -- parse option list into an array ** ** Called when reading configuration file. ** ** Parameters: ** spec -- the filter list. ** list -- the array to fill in. ** max -- the maximum number of entries in list. ** ** Returns: ** none */ void milter_parse_list(spec, list, max) char *spec; struct milter **list; int max; { int numitems = 0; register char *p; /* leave one for the NULL signifying the end of the list */ max--; for (p = spec; p != NULL; ) { STAB *s; while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; spec = p; if (numitems >= max) { syserr("Too many filters defined, %d max", max); if (max > 0) list[0] = NULL; return; } p = strpbrk(p, ","); if (p != NULL) *p++ = '\0'; s = stab(spec, ST_MILTER, ST_FIND); if (s == NULL) { syserr("InputFilter %s not defined", spec); ExitStat = EX_CONFIG; return; } list[numitems++] = s->s_milter; } list[numitems] = NULL; } /* ** MILTER_PARSE_TIMEOUTS -- parse timeout list ** ** Called when reading configuration file. ** ** Parameters: ** spec -- the timeout list. ** m -- milter to set. ** ** Returns: ** none */ static void milter_parse_timeouts(spec, m) char *spec; struct milter *m; { char fcode; register char *p; p = spec; /* now scan through and assign info from the fields */ while (*p != '\0') { char *delimptr; while (*p != '\0' && (*p == ';' || (isascii(*p) && isspace(*p)))) p++; /* p now points to field code */ fcode = *p; while (*p != '\0' && *p != ':') p++; if (*p++ != ':') { syserr("X%s, T=: `:' expected", m->mf_name); return; } while (isascii(*p) && isspace(*p)) p++; /* p now points to the field body */ p = munchstring(p, &delimptr, ';'); /* install the field into the filter struct */ switch (fcode) { case 'S': m->mf_timeout[SMFTO_WRITE] = convtime(p, 's'); if (tTd(64, 5)) printf("X%s: %c=%ld\n", m->mf_name, fcode, (u_long) m->mf_timeout[SMFTO_WRITE]); break; case 'R': m->mf_timeout[SMFTO_READ] = convtime(p, 's'); if (tTd(64, 5)) printf("X%s: %c=%ld\n", m->mf_name, fcode, (u_long) m->mf_timeout[SMFTO_READ]); break; case 'E': m->mf_timeout[SMFTO_EOM] = convtime(p, 's'); if (tTd(64, 5)) printf("X%s: %c=%ld\n", m->mf_name, fcode, (u_long) m->mf_timeout[SMFTO_EOM]); break; default: if (tTd(64, 5)) printf("X%s: %c unknown\n", m->mf_name, fcode); syserr("X%s: unknown filter timeout %c", m->mf_name, fcode); break; } p = delimptr; } } /* ** MILTER_SET_OPTION -- set an individual milter option ** ** Parameters: ** name -- the name of the option. ** val -- the value of the option. ** sticky -- if set, don't let other setoptions override ** this value. ** ** Returns: ** none. */ /* set if Milter sub-option is stuck */ static BITMAP256 StickyMilterOpt; static struct milteropt { char *mo_name; /* long name of milter option */ u_char mo_code; /* code for option */ } MilterOptTab[] = { # define MO_MACROS_CONNECT 0x01 { "macros.connect", MO_MACROS_CONNECT }, # define MO_MACROS_HELO 0x02 { "macros.helo", MO_MACROS_HELO }, # define MO_MACROS_ENVFROM 0x03 { "macros.envfrom", MO_MACROS_ENVFROM }, # define MO_MACROS_ENVRCPT 0x04 { "macros.envrcpt", MO_MACROS_ENVRCPT }, { NULL, 0 }, }; void milter_set_option(name, val, sticky) char *name; char *val; bool sticky; { int nummac = 0; register struct milteropt *mo; char *p; char **macros = NULL; if (tTd(37, 2) || tTd(64, 5)) dprintf("milter_set_option(%s = %s)", name, val); for (mo = MilterOptTab; mo->mo_name != NULL; mo++) { if (strcasecmp(mo->mo_name, name) == 0) break; } if (mo->mo_name == NULL) syserr("milter_set_option: invalid Milter option %s", name); /* ** See if this option is preset for us. */ if (!sticky && bitnset(mo->mo_code, StickyMilterOpt)) { if (tTd(37, 2) || tTd(64,5)) dprintf(" (ignored)\n"); return; } if (tTd(37, 2) || tTd(64,5)) dprintf("\n"); switch (mo->mo_code) { case MO_MACROS_CONNECT: if (macros == NULL) macros = MilterConnectMacros; /* FALLTHROUGH */ case MO_MACROS_HELO: if (macros == NULL) macros = MilterHeloMacros; /* FALLTHROUGH */ case MO_MACROS_ENVFROM: if (macros == NULL) macros = MilterEnvFromMacros; /* FALLTHROUGH */ case MO_MACROS_ENVRCPT: if (macros == NULL) macros = MilterEnvRcptMacros; p = newstr(val); while (*p != '\0') { char *macro; /* Skip leading commas, spaces */ while (*p != '\0' && (*p == ',' || (isascii(*p) && isspace(*p)))) p++; if (*p == '\0') break; /* Find end of macro */ macro = p; while (*p != '\0' && *p != ',' && isascii(*p) && !isspace(*p)) p++; if (*p != '\0') *p++ = '\0'; if (nummac >= MAXFILTERMACROS) { syserr("milter_set_option: too many macros in Milter.%s (max %d)", name, MAXFILTERMACROS); macros[nummac] = NULL; break; } macros[nummac++] = macro; } macros[nummac] = NULL; break; default: syserr("milter_set_option: invalid Milter option %s", name); break; } if (sticky) setbitn(mo->mo_code, StickyMilterOpt); } /* ** MILTER_REOPEN_DF -- open & truncate the df file (for replbody) ** ** Parameters: ** e -- current envelope. ** ** Returns: ** 0 if succesful, -1 otherwise */ static int milter_reopen_df(e) ENVELOPE *e; { char dfname[MAXPATHLEN]; (void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname); /* ** In SuperSafe mode, e->e_dfp is a read-only FP so ** close and reopen writable (later close and reopen ** read only again). ** ** In !SuperSafe mode, e->e_dfp still points at the ** buffered file I/O descriptor, still open for writing ** so there isn't as much work to do, just truncate it ** and go. */ if (SuperSafe) { /* close read-only df */ if (bitset(EF_HAS_DF, e->e_flags) && e->e_dfp != NULL) { (void) fclose(e->e_dfp); e->e_flags &= ~EF_HAS_DF; } /* open writable */ if ((e->e_dfp = fopen(dfname, "w+")) == NULL) { MILTER_DF_ERROR("milter_reopen_df: fopen %s: %s"); return -1; } } else if (e->e_dfp == NULL) { /* shouldn't happen */ errno = ENOENT; MILTER_DF_ERROR("milter_reopen_df: NULL e_dfp (%s: %s)"); return -1; } return 0; } /* ** MILTER_RESET_DF -- re-open read-only the df file (for replbody) ** ** Parameters: ** e -- current envelope. ** ** Returns: ** 0 if succesful, -1 otherwise */ static int milter_reset_df(e) ENVELOPE *e; { int afd; char dfname[MAXPATHLEN]; (void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname); if (fflush(e->e_dfp) != 0 || ferror(e->e_dfp)) { MILTER_DF_ERROR("milter_reset_df: error writing/flushing %s: %s"); return -1; } else if (!SuperSafe) { /* skip next few clauses */ /* EMPTY */ } else if ((afd = fileno(e->e_dfp)) >= 0 && fsync(afd) < 0) { MILTER_DF_ERROR("milter_reset_df: error sync'ing %s: %s"); return -1; } else if (fclose(e->e_dfp) < 0) { MILTER_DF_ERROR("milter_reset_df: error closing %s: %s"); return -1; } else if ((e->e_dfp = fopen(dfname, "r")) == NULL) { MILTER_DF_ERROR("milter_reset_df: error reopening %s: %s"); return -1; } else e->e_flags |= EF_HAS_DF; return 0; } /* ** MILTER_CAN_DELRCPTS -- can any milter filters delete recipients? ** ** Parameters: ** none ** ** Returns: ** TRUE if any filter deletes recipients, FALSE otherwise */ bool milter_can_delrcpts() { bool can = FALSE; int i; if (tTd(64, 10)) dprintf("milter_can_delrcpts:"); for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; if (bitset(SMFIF_DELRCPT, m->mf_fflags)) { can = TRUE; break; } } if (tTd(64, 10)) dprintf("%s\n", can ? "TRUE" : "FALSE"); return can; } /* ** MILTER_QUIT_FILTER -- close down a single filter ** ** Parameters: ** m -- milter structure of filter to close down. ** e -- current envelope. ** ** Returns: ** none */ static void milter_quit_filter(m, e) struct milter *m; ENVELOPE *e; { if (tTd(64, 10)) dprintf("milter_quit_filter(%s)\n", m->mf_name); /* Never replace error state */ if (m->mf_state == SMFS_ERROR) return; if (m->mf_sock < 0 || m->mf_state == SMFS_CLOSED || m->mf_state == SMFS_READY) { m->mf_sock = -1; m->mf_state = SMFS_CLOSED; return; } (void) milter_write(m, SMFIC_QUIT, (char *) NULL, 0, m->mf_timeout[SMFTO_WRITE], e); - (void) close(m->mf_sock); - m->mf_sock = -1; + if (m->mf_sock >= 0) + { + (void) close(m->mf_sock); + m->mf_sock = -1; + } if (m->mf_state != SMFS_ERROR) m->mf_state = SMFS_CLOSED; } /* ** MILTER_ABORT_FILTER -- tell filter to abort current message ** ** Parameters: ** m -- milter structure of filter to abort. ** e -- current envelope. ** ** Returns: ** none */ static void milter_abort_filter(m, e) struct milter *m; ENVELOPE *e; { if (tTd(64, 10)) dprintf("milter_abort_filter(%s)\n", m->mf_name); if (m->mf_sock < 0 || m->mf_state != SMFS_INMSG) return; (void) milter_write(m, SMFIC_ABORT, (char *) NULL, 0, m->mf_timeout[SMFTO_WRITE], e); if (m->mf_state != SMFS_ERROR) m->mf_state = SMFS_DONE; } /* ** MILTER_SEND_MACROS -- provide macros to the filters ** ** Parameters: ** m -- milter to send macros to. ** macros -- macros to send for filter smfi_getsymval(). ** cmd -- which command the macros are associated with. ** e -- current envelope (for macro access). ** ** Returns: ** none */ static void milter_send_macros(m, macros, cmd, e) struct milter *m; char **macros; char cmd; ENVELOPE *e; { int i; int mid; char *v; char *buf, *bp; ssize_t s; /* sanity check */ if (macros == NULL || macros[0] == NULL) return; /* put together data */ s = 1; /* for the command character */ for (i = 0; macros[i] != NULL; i++) { mid = macid(macros[i], NULL); - if (mid == '\0') + if (mid == 0) continue; v = macvalue(mid, e); if (v == NULL) continue; s += strlen(macros[i]) + 1 + strlen(v) + 1; } buf = (char *)xalloc(s); bp = buf; *bp++ = cmd; for (i = 0; macros[i] != NULL; i++) { mid = macid(macros[i], NULL); - if (mid == '\0') + if (mid == 0) continue; v = macvalue(mid, e); if (v == NULL) continue; if (tTd(64, 10)) dprintf("milter_send_macros(%s, %c): %s=%s\n", m->mf_name, cmd, macros[i], v); (void) strlcpy(bp, macros[i], s - (bp - buf)); bp += strlen(bp) + 1; (void) strlcpy(bp, v, s - (bp - buf)); bp += strlen(bp) + 1; } (void) milter_write(m, SMFIC_MACRO, buf, s, m->mf_timeout[SMFTO_WRITE], e); free(buf); } /* ** MILTER_SEND_COMMAND -- send a command and return the response for a filter ** ** Parameters: ** m -- current milter filter ** command -- command to send. ** data -- optional command data. ** sz -- length of buf. ** e -- current envelope (for e->e_id). ** state -- return state word. ** ** Returns: ** response string (may be NULL) */ static char * milter_send_command(m, command, data, sz, e, state) struct milter *m; char command; void *data; ssize_t sz; ENVELOPE *e; char *state; { char rcmd; ssize_t rlen; u_long skipflag; char *defresponse; char *response; if (tTd(64, 10)) dprintf("milter_send_command(%s): cmd %c len %ld\n", m->mf_name, (char) command, (long) sz); /* find skip flag and default failure */ switch (command) { case SMFIC_CONNECT: skipflag = SMFIP_NOCONNECT; defresponse = "554 Command rejected"; break; case SMFIC_HELO: skipflag = SMFIP_NOHELO; defresponse = "550 Command rejected"; break; case SMFIC_MAIL: skipflag = SMFIP_NOMAIL; defresponse = "550 5.7.1 Command rejected"; break; case SMFIC_RCPT: skipflag = SMFIP_NORCPT; defresponse = "550 5.7.1 Command rejected"; break; case SMFIC_HEADER: skipflag = SMFIP_NOHDRS; defresponse = "550 5.7.1 Command rejected"; break; case SMFIC_BODY: skipflag = SMFIP_NOBODY; defresponse = "554 5.7.1 Command rejected"; break; case SMFIC_EOH: skipflag = SMFIP_NOEOH; defresponse = "550 5.7.1 Command rejected"; break; case SMFIC_BODYEOB: case SMFIC_OPTNEG: case SMFIC_MACRO: case SMFIC_ABORT: case SMFIC_QUIT: /* NOTE: not handled by milter_send_command() */ /* FALLTHROUGH */ default: skipflag = 0; defresponse = "550 5.7.1 Command rejected"; break; } /* check if filter wants this command */ if (skipflag != 0 && bitset(skipflag, m->mf_pflags)) return NULL; (void) milter_write(m, command, data, sz, m->mf_timeout[SMFTO_WRITE], e); if (m->mf_state == SMFS_ERROR) { MILTER_CHECK_ERROR(/* EMPTY */;); return NULL; } response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e); if (m->mf_state == SMFS_ERROR) { MILTER_CHECK_ERROR(/* EMPTY */;); return NULL; } if (tTd(64, 10)) dprintf("milter_send_command(%s): returned %c\n", m->mf_name, (char) rcmd); switch (rcmd) { case SMFIR_REPLYCODE: MILTER_CHECK_REPLYCODE(defresponse); /* FALLTHROUGH */ case SMFIR_REJECT: case SMFIR_DISCARD: case SMFIR_TEMPFAIL: *state = rcmd; break; case SMFIR_ACCEPT: /* this filter is done with message/connection */ m->mf_state = SMFS_DONE; break; case SMFIR_CONTINUE: /* if MAIL command is ok, filter is in message state */ if (command == SMFIC_MAIL) m->mf_state = SMFS_INMSG; break; default: /* Invalid response to command */ if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_send_command(%s): returned bogus response %c", m->mf_name, rcmd); milter_error(m); break; } if (*state != SMFIR_REPLYCODE && response != NULL) { free(response); response = NULL; } return response; } /* ** MILTER_COMMAND -- send a command and return the response for each filter ** ** Parameters: ** command -- command to send. ** data -- optional command data. ** sz -- length of buf. ** macros -- macros to send for filter smfi_getsymval(). ** e -- current envelope (for macro access). ** state -- return state word. ** ** Returns: ** response string (may be NULL) */ static char * milter_command(command, data, sz, macros, e, state) char command; void *data; ssize_t sz; char **macros; ENVELOPE *e; char *state; { int i; char *response = NULL; if (tTd(64, 10)) dprintf("milter_command: cmd %c len %ld\n", (char) command, (long) sz); *state = SMFIR_CONTINUE; for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; + /* previous problem? */ + if (m->mf_state == SMFS_ERROR) + { + MILTER_CHECK_ERROR(continue); + break; + } + /* sanity check */ if (m->mf_sock < 0 || (m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG)) continue; /* send macros (regardless of whether we send command) */ if (macros != NULL && macros[0] != NULL) { milter_send_macros(m, macros, command, e); if (m->mf_state == SMFS_ERROR) { MILTER_CHECK_ERROR(continue); break; } } response = milter_send_command(m, command, data, sz, e, state); if (*state != SMFIR_CONTINUE) break; } return response; } /* ** MILTER_NEGOTIATE -- get version and flags from filter ** ** Parameters: ** m -- milter filter structure. ** e -- current envelope. ** ** Returns: ** 0 on success, -1 otherwise */ static int milter_negotiate(m, e) struct milter *m; ENVELOPE *e; { char rcmd; mi_int32 fvers; mi_int32 fflags; mi_int32 pflags; char *response; ssize_t rlen; char data[MILTER_OPTLEN]; /* sanity check */ if (m->mf_sock < 0 || m->mf_state != SMFS_OPEN) { if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): impossible state", m->mf_name); milter_error(m); return -1; } fvers = htonl(SMFI_VERSION); fflags = htonl(SMFI_CURR_ACTS); pflags = htonl(SMFI_CURR_PROT); (void) memcpy(data, (char *) &fvers, MILTER_LEN_BYTES); (void) memcpy(data + MILTER_LEN_BYTES, (char *) &fflags, MILTER_LEN_BYTES); (void) memcpy(data + (MILTER_LEN_BYTES * 2), (char *) &pflags, MILTER_LEN_BYTES); (void) milter_write(m, SMFIC_OPTNEG, data, sizeof data, m->mf_timeout[SMFTO_WRITE], e); if (m->mf_state == SMFS_ERROR) return -1; response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e); if (m->mf_state == SMFS_ERROR) return -1; if (rcmd != SMFIC_OPTNEG) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): returned %c instead of %c\n", m->mf_name, rcmd, SMFIC_OPTNEG); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): returned %c instead of %c", m->mf_name, rcmd, SMFIC_OPTNEG); if (response != NULL) free(response); milter_error(m); return -1; } /* Make sure we have enough bytes for the version */ if (response == NULL || rlen < MILTER_LEN_BYTES) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): did not return valid info\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): did not return valid info", m->mf_name); if (response != NULL) free(response); milter_error(m); return -1; } /* extract information */ (void) memcpy((char *) &fvers, response, MILTER_LEN_BYTES); /* Now make sure we have enough for the feature bitmap */ if (rlen != MILTER_OPTLEN) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): did not return enough info\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): did not return enough info", m->mf_name); if (response != NULL) free(response); milter_error(m); return -1; } (void) memcpy((char *) &fflags, response + MILTER_LEN_BYTES, MILTER_LEN_BYTES); (void) memcpy((char *) &pflags, response + (MILTER_LEN_BYTES * 2), MILTER_LEN_BYTES); free(response); response = NULL; m->mf_fvers = ntohl(fvers); m->mf_fflags = ntohl(fflags); m->mf_pflags = ntohl(pflags); /* check for version compatibility */ if (m->mf_fvers == 1 || m->mf_fvers > SMFI_VERSION) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): version %lu != MTA milter version %d\n", m->mf_name, m->mf_fvers, SMFI_VERSION); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): version %ld != MTA milter version %d", m->mf_name, m->mf_fvers, SMFI_VERSION); milter_error(m); return -1; } /* check for filter feature mismatch */ if ((m->mf_fflags & SMFI_CURR_ACTS) != m->mf_fflags) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): filter abilities 0x%lx != MTA milter abilities 0x%lx\n", m->mf_name, m->mf_fflags, (u_long) SMFI_CURR_ACTS); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): filter abilities 0x%lx != MTA milter abilities 0x%lx\n", m->mf_name, m->mf_fflags, (u_long) SMFI_CURR_ACTS); milter_error(m); return -1; } /* check for protocol feature mismatch */ if ((m->mf_pflags & SMFI_CURR_PROT) != m->mf_pflags) { if (tTd(64, 5)) dprintf("milter_negotiate(%s): protocol abilities 0x%lx != MTA milter abilities 0x%lx\n", m->mf_name, m->mf_pflags, (u_long) SMFI_CURR_PROT); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_negotiate(%s): protocol abilities 0x%lx != MTA milter abilities 0x%lx\n", m->mf_name, m->mf_pflags, (u_long) SMFI_CURR_PROT); milter_error(m); return -1; } if (tTd(64, 5)) dprintf("milter_negotiate(%s): version %lu, fflags 0x%lx, pflags 0x%lx\n", m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags); return 0; } /* ** MILTER_PER_CONNECTION_CHECK -- checks on per-connection commands ** ** Reduce code duplication by putting these checks in one place ** ** Parameters: ** e -- current envelope. ** ** Returns: ** none */ static void milter_per_connection_check(e) ENVELOPE *e; { int i; /* see if we are done with any of the filters */ for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; if (m->mf_state == SMFS_DONE) milter_quit_filter(m, e); } } /* ** MILTER_ERROR -- Put a milter filter into error state ** ** Parameters: ** m -- the broken filter. ** ** Returns: ** none */ static void milter_error(m) struct milter *m; { /* ** We could send a quit here but ** we may have gotten here due to ** an I/O error so we don't want ** to try to make things worse. */ if (m->mf_sock >= 0) { (void) close(m->mf_sock); m->mf_sock = -1; } m->mf_state = SMFS_ERROR; } /* ** MILTER_HEADERS -- send headers to a single milter filter ** ** Parameters: ** m -- current filter. ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ static char * milter_headers(m, e, state) struct milter *m; ENVELOPE *e; char *state; { char *response = NULL; HDR *h; for (h = e->e_header; h != NULL; h = h->h_link) { char *buf; ssize_t s; /* don't send over deleted headers */ if (h->h_value == NULL) { /* strip H_USER so not counted in milter_chgheader() */ h->h_flags &= ~H_USER; continue; } /* skip auto-generated */ if (!bitset(H_USER, h->h_flags)) continue; if (tTd(64, 10)) dprintf("milter_headers: %s: %s\n", h->h_field, h->h_value); s = strlen(h->h_field) + 1 + strlen(h->h_value) + 1; buf = (char *) xalloc(s); snprintf(buf, s, "%s%c%s", h->h_field, '\0', h->h_value); /* send it over */ response = milter_send_command(m, SMFIC_HEADER, buf, s, e, state); free(buf); if (m->mf_state == SMFS_ERROR || m->mf_state == SMFS_DONE || *state != SMFIR_CONTINUE) break; } return response; } /* ** MILTER_BODY -- send the body to a filter ** ** Parameters: ** m -- current filter. ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ static char * milter_body(m, e, state) struct milter *m; ENVELOPE *e; char *state; { char bufchar = '\0'; char prevchar = '\0'; int c; char *response = NULL; char *bp; char buf[MILTER_CHUNK_SIZE]; if (tTd(64, 10)) dprintf("milter_body\n"); if (bfrewind(e->e_dfp) < 0) { ExitStat = EX_IOERR; *state = SMFIR_TEMPFAIL; syserr("milter_body: %s/df%s: rewind error", qid_printqueue(e->e_queuedir), e->e_id); return NULL; } bp = buf; while ((c = getc(e->e_dfp)) != EOF) { /* Change LF to CRLF */ if (c == '\n') { /* Not a CRLF already? */ if (prevchar != '\r') { /* Room for CR now? */ if (bp + 2 > &buf[sizeof buf]) { /* No room, buffer LF */ bufchar = c; /* and send CR now */ c = '\r'; } else { /* Room to do it now */ *bp++ = '\r'; prevchar = '\r'; } } } *bp++ = (char) c; prevchar = c; if (bp >= &buf[sizeof buf]) { /* send chunk */ response = milter_send_command(m, SMFIC_BODY, buf, bp - buf, e, state); bp = buf; if (bufchar != '\0') { *bp++ = bufchar; bufchar = '\0'; prevchar = bufchar; } } if (m->mf_state == SMFS_ERROR || m->mf_state == SMFS_DONE || *state != SMFIR_CONTINUE) break; } /* check for read errors */ if (ferror(e->e_dfp)) { ExitStat = EX_IOERR; if (*state == SMFIR_CONTINUE || *state == SMFIR_ACCEPT) { *state = SMFIR_TEMPFAIL; if (response != NULL) { free(response); response = NULL; } } syserr("milter_body: %s/df%s: read error", qid_printqueue(e->e_queuedir), e->e_id); return response; } /* send last body chunk */ if (bp > buf && m->mf_state != SMFS_ERROR && m->mf_state != SMFS_DONE && *state == SMFIR_CONTINUE) { /* send chunk */ response = milter_send_command(m, SMFIC_BODY, buf, bp - buf, e, state); bp = buf; } return response; } /* ** Actions */ /* ** MILTER_ADDHEADER -- Add the supplied header to the message ** ** Parameters: ** response -- encoded form of header/value. ** rlen -- length of response. ** e -- current envelope. ** ** Returns: ** none */ static void milter_addheader(response, rlen, e) char *response; ssize_t rlen; ENVELOPE *e; { char *val; + HDR *h; if (tTd(64, 10)) dprintf("milter_addheader: "); /* sanity checks */ if (response == NULL) { if (tTd(64, 10)) dprintf("NULL response\n"); return; } if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (total len)\n"); return; } /* Find separating NUL */ val = response + strlen(response) + 1; /* another sanity check */ if (strlen(response) + strlen(val) + 2 != (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (part len)\n"); return; } if (*response == '\0') { if (tTd(64, 10)) dprintf("empty field name\n"); return; } + for (h = e->e_header; h != NULL; h = h->h_link) + { + if (strcasecmp(h->h_field, response) == 0 && + !bitset(H_USER, h->h_flags) && + !bitset(H_TRACE, h->h_flags)) + break; + } + /* add to e_msgsize */ e->e_msgsize += strlen(response) + 2 + strlen(val); - if (tTd(64, 10)) - dprintf("Add %s: %s\n", response, val); - - addheader(newstr(response), val, H_USER, &e->e_header); + if (h != NULL) + { + if (tTd(64, 10)) + dprintf("Replace default header %s value with %s\n", + h->h_field, val); + h->h_value = newstr(val); + h->h_flags |= H_USER; + } + else + { + if (tTd(64, 10)) + dprintf("Add %s: %s\n", response, val); + addheader(newstr(response), val, H_USER, &e->e_header); + } } /* ** MILTER_CHANGEHEADER -- Change the supplied header in the message ** ** Parameters: ** response -- encoded form of header/index/value. ** rlen -- length of response. ** e -- current envelope. ** ** Returns: ** none */ static void milter_changeheader(response, rlen, e) char *response; ssize_t rlen; ENVELOPE *e; { mi_int32 i, index; char *field, *val; - HDR *h; + HDR *h, *sysheader; if (tTd(64, 10)) dprintf("milter_changeheader: "); /* sanity checks */ if (response == NULL) { if (tTd(64, 10)) dprintf("NULL response\n"); return; } if (rlen < 2 || strlen(response) + 1 >= (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (total len)\n"); return; } /* Find separating NUL */ (void) memcpy((char *) &i, response, MILTER_LEN_BYTES); index = ntohl(i); field = response + MILTER_LEN_BYTES; val = field + strlen(field) + 1; /* another sanity check */ if (MILTER_LEN_BYTES + strlen(field) + 1 + strlen(val) + 1 != (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (part len)\n"); return; } if (*field == '\0') { if (tTd(64, 10)) dprintf("empty field name\n"); return; } + sysheader = NULL; for (h = e->e_header; h != NULL; h = h->h_link) { - if (bitset(H_USER, h->h_flags) && - strcasecmp(h->h_field, field) == 0 && - --index <= 0) - break; + if (strcasecmp(h->h_field, field) == 0) + { + if (bitset(H_USER, h->h_flags) && + --index <= 0) + { + sysheader = NULL; + break; + } + else if (!bitset(H_USER, h->h_flags) && + !bitset(H_TRACE, h->h_flags)) + { + /* + ** DRUMS msg-fmt draft says can only have + ** multiple occurences of trace fields, + ** so make sure we replace any non-trace, + ** non-user field. + */ + + sysheader = h; + } + } } + /* if not found as user-provided header at index, use sysheader */ if (h == NULL) + h = sysheader; + + if (h == NULL) { if (*val == '\0') { if (tTd(64, 10)) dprintf("Delete (noop) %s:\n", field); } else { /* treat modify value with no existing header as add */ if (tTd(64, 10)) dprintf("Add %s: %s\n", field, val); addheader(newstr(field), val, H_USER, &e->e_header); } return; } if (tTd(64, 10)) { if (*val == '\0') { - dprintf("Delete %s: %s\n", field, + dprintf("Delete%s %s: %s\n", + h == sysheader ? " (default header)" : "", + field, h->h_value == NULL ? "" : h->h_value); } else { - dprintf("Change %s: from %s to %s\n", + dprintf("Change%s %s: from %s to %s\n", + h == sysheader ? " (default header)" : "", field, h->h_value == NULL ? "" : h->h_value, val); } } - if (h->h_value != NULL) + if (h != sysheader && h->h_value != NULL) { e->e_msgsize -= strlen(h->h_value); free(h->h_value); } if (*val == '\0') { /* Remove "Field: " from message size */ - e->e_msgsize -= strlen(h->h_field) + 2; + if (h != sysheader) + e->e_msgsize -= strlen(h->h_field) + 2; h->h_value = NULL; } else { h->h_value = newstr(val); + h->h_flags |= H_USER; e->e_msgsize += strlen(h->h_value); } } /* ** MILTER_ADDRCPT -- Add the supplied recipient to the message ** ** Parameters: ** response -- encoded form of recipient address. ** rlen -- length of response. ** e -- current envelope. ** ** Returns: ** none */ static void milter_addrcpt(response, rlen, e) char *response; ssize_t rlen; ENVELOPE *e; { if (tTd(64, 10)) dprintf("milter_addrcpt: "); /* sanity checks */ if (response == NULL) { if (tTd(64, 10)) dprintf("NULL response\n"); return; } if (*response == '\0' || strlen(response) + 1 != (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (total len %d != rlen %d)\n", strlen(response), rlen -1); return; } if (tTd(64, 10)) dprintf("%s\n", response); (void) sendtolist(response, NULLADDR, &e->e_sendqueue, 0, e); return; } /* ** MILTER_DELRCPT -- Delete the supplied recipient from the message ** ** Parameters: ** response -- encoded form of recipient address. ** rlen -- length of response. ** e -- current envelope. ** ** Returns: ** none */ static void milter_delrcpt(response, rlen, e) char *response; ssize_t rlen; ENVELOPE *e; { if (tTd(64, 10)) dprintf("milter_delrcpt: "); /* sanity checks */ if (response == NULL) { if (tTd(64, 10)) dprintf("NULL response\n"); return; } if (*response == '\0' || strlen(response) + 1 != (size_t) rlen) { if (tTd(64, 10)) dprintf("didn't follow protocol (total len)\n"); return; } if (tTd(64, 10)) dprintf("%s\n", response); (void) removefromlist(response, &e->e_sendqueue, e); return; } /* ** MILTER_REPLBODY -- Replace the current df file with new body ** ** Parameters: ** response -- encoded form of new body. ** rlen -- length of response. ** newfilter -- if first time called by a new filter ** e -- current envelope. ** ** Returns: ** 0 upon success, -1 upon failure */ static int milter_replbody(response, rlen, newfilter, e) char *response; ssize_t rlen; bool newfilter; ENVELOPE *e; { static char prevchar; int i; if (tTd(64, 10)) dprintf("milter_replbody\n"); /* If a new filter, reset previous character and truncate df */ if (newfilter) { off_t prevsize = 0; char dfname[MAXPATHLEN]; (void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname); /* Reset prevchar */ prevchar = '\0'; /* Get the current df information */ if (bitset(EF_HAS_DF, e->e_flags) && e->e_dfp != NULL) { int afd; struct stat st; afd = fileno(e->e_dfp); if (afd > 0 && fstat(afd, &st) == 0) prevsize = st.st_size; } /* truncate current df file */ if (bftruncate(e->e_dfp) < 0) { MILTER_DF_ERROR("milter_reopen_df: bftruncate %s: %s"); return -1; } else { if (prevsize > e->e_msgsize) e->e_msgsize = 0; else e->e_msgsize -= prevsize; } } if (response == NULL) { /* Flush the buffered '\r' */ if (prevchar == '\r') { (void) putc(prevchar, e->e_dfp); e->e_msgsize++; } return 0; } for (i = 0; i < rlen; i++) { /* Buffered char from last chunk */ if (i == 0 && prevchar == '\r') { /* Not CRLF, output prevchar */ if (response[i] != '\n') { (void) putc(prevchar, e->e_dfp); e->e_msgsize++; } prevchar = '\0'; } /* Turn CRLF into LF */ if (response[i] == '\r') { /* check if at end of chunk */ if (i + 1 < rlen) { /* If LF, strip CR */ if (response[i + 1] == '\n') i++; } else { /* check next chunk */ prevchar = '\r'; continue; } } (void) putc(response[i], e->e_dfp); e->e_msgsize++; } return 0; } /* ** MTA callouts */ /* ** MILTER_INIT -- open and negotiate with all of the filters ** ** Parameters: ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** none */ /* ARGSUSED */ void milter_init(e, state) ENVELOPE *e; char *state; { int i; if (tTd(64, 10)) dprintf("milter_init\n"); *state = SMFIR_CONTINUE; for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; m->mf_sock = milter_open(m, FALSE, e); if (m->mf_state == SMFS_ERROR) { MILTER_CHECK_ERROR(continue); break; } if (m->mf_sock < 0 || milter_negotiate(m, e) < 0 || m->mf_state == SMFS_ERROR) { if (tTd(64, 5)) dprintf("milter_init(%s): failed to %s\n", m->mf_name, m->mf_sock < 0 ? "open" : "negotiate"); /* if negotation failure, close socket */ - if (m->mf_sock >= 0) - { - (void) close(m->mf_sock); - m->mf_sock = -1; - } milter_error(m); - if (m->mf_state == SMFS_ERROR) - { - MILTER_CHECK_ERROR(continue); - break; - } + MILTER_CHECK_ERROR(continue); } } /* ** If something temp/perm failed with one of the filters, ** we won't be using any of them, so clear any existing ** connections. */ if (*state != SMFIR_CONTINUE) milter_quit(e); } /* ** MILTER_CONNECT -- send connection info to milter filters ** ** Parameters: ** hostname -- hostname of remote machine. ** addr -- address of remote machine. ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ char * milter_connect(hostname, addr, e, state) char *hostname; SOCKADDR addr; ENVELOPE *e; char *state; { char family; u_short port; char *buf, *bp; char *response; char *sockinfo = NULL; ssize_t s; # if NETINET6 char buf6[INET6_ADDRSTRLEN]; # endif /* NETINET6 */ if (tTd(64, 10)) dprintf("milter_connect(%s)\n", hostname); /* gather data */ switch (addr.sa.sa_family) { # if NETUNIX case AF_UNIX: family = SMFIA_UNIX; port = htons(0); sockinfo = addr.sunix.sun_path; break; # endif /* NETUNIX */ # if NETINET case AF_INET: family = SMFIA_INET; port = htons(addr.sin.sin_port); sockinfo = (char *) inet_ntoa(addr.sin.sin_addr); break; # endif /* NETINET */ # if NETINET6 case AF_INET6: family = SMFIA_INET6; port = htons(addr.sin6.sin6_port); sockinfo = anynet_ntop(&addr.sin6.sin6_addr, buf6, sizeof buf6); if (sockinfo == NULL) sockinfo = ""; break; # endif /* NETINET6 */ default: family = SMFIA_UNKNOWN; break; } s = strlen(hostname) + 1 + sizeof(family); if (family != SMFIA_UNKNOWN) s += sizeof(port) + strlen(sockinfo) + 1; buf = (char *)xalloc(s); bp = buf; /* put together data */ (void) memcpy(bp, hostname, strlen(hostname)); bp += strlen(hostname); *bp++ = '\0'; (void) memcpy(bp, &family, sizeof family); bp += sizeof family; if (family != SMFIA_UNKNOWN) { (void) memcpy(bp, &port, sizeof port); bp += sizeof port; /* include trailing '\0' */ (void) memcpy(bp, sockinfo, strlen(sockinfo) + 1); } response = milter_command(SMFIC_CONNECT, buf, s, MilterConnectMacros, e, state); free(buf); /* ** If this message connection is done for, ** close the filters. */ if (*state != SMFIR_CONTINUE) milter_quit(e); else milter_per_connection_check(e); /* ** SMFIR_REPLYCODE can't work with connect due to ** the requirements of SMTP. Therefore, ignore the ** reply code text but keep the state it would reflect. */ if (*state == SMFIR_REPLYCODE) { if (response != NULL && *response == '4') *state = SMFIR_TEMPFAIL; else *state = SMFIR_REJECT; if (response != NULL) { free(response); response = NULL; } } return response; } /* ** MILTER_HELO -- send SMTP HELO/EHLO command info to milter filters ** ** Parameters: ** helo -- argument to SMTP HELO/EHLO command. ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ char * milter_helo(helo, e, state) char *helo; ENVELOPE *e; char *state; { char *response; if (tTd(64, 10)) dprintf("milter_helo(%s)\n", helo); response = milter_command(SMFIC_HELO, helo, strlen(helo) + 1, MilterHeloMacros, e, state); milter_per_connection_check(e); return response; } /* ** MILTER_ENVFROM -- send SMTP MAIL command info to milter filters ** ** Parameters: ** args -- SMTP MAIL command args (args[0] == sender). ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ char * milter_envfrom(args, e, state) char **args; ENVELOPE *e; char *state; { int i; char *buf, *bp; char *response; ssize_t s; if (tTd(64, 10)) { dprintf("milter_envfrom:"); for (i = 0; args[i] != NULL; i++) dprintf(" %s", args[i]); dprintf("\n"); } /* sanity check */ if (args[0] == NULL) { *state = SMFIR_REJECT; return NULL; } /* new message, so ... */ for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; switch (m->mf_state) { case SMFS_INMSG: /* abort in message filters */ milter_abort_filter(m, e); /* FALLTHROUGH */ case SMFS_DONE: /* reset done filters */ m->mf_state = SMFS_OPEN; break; } } /* put together data */ s = 0; for (i = 0; args[i] != NULL; i++) s += strlen(args[i]) + 1; buf = (char *)xalloc(s); bp = buf; for (i = 0; args[i] != NULL; i++) { (void) strlcpy(bp, args[i], s - (bp - buf)); bp += strlen(bp) + 1; } /* send it over */ response = milter_command(SMFIC_MAIL, buf, s, MilterEnvFromMacros, e, state); free(buf); /* ** If filter rejects/discards a per message command, ** abort the other filters since we are done with the ** current message. */ MILTER_CHECK_DONE_MSG(); return response; } /* ** MILTER_ENVRCPT -- send SMTP RCPT command info to milter filters ** ** Parameters: ** args -- SMTP MAIL command args (args[0] == recipient). ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) */ char * milter_envrcpt(args, e, state) char **args; ENVELOPE *e; char *state; { int i; char *buf, *bp; char *response; ssize_t s; if (tTd(64, 10)) { dprintf("milter_envrcpt:"); for (i = 0; args[i] != NULL; i++) dprintf(" %s", args[i]); dprintf("\n"); } /* sanity check */ if (args[0] == NULL) { *state = SMFIR_REJECT; return NULL; } /* put together data */ s = 0; for (i = 0; args[i] != NULL; i++) s += strlen(args[i]) + 1; buf = (char *)xalloc(s); bp = buf; for (i = 0; args[i] != NULL; i++) { (void) strlcpy(bp, args[i], s - (bp - buf)); bp += strlen(bp) + 1; } /* send it over */ response = milter_command(SMFIC_RCPT, buf, s, MilterEnvRcptMacros, e, state); free(buf); return response; } /* ** MILTER_DATA -- send message headers/body and gather final message results ** ** Parameters: ** e -- current envelope. ** state -- return state from response. ** ** Returns: ** response string (may be NULL) ** ** Side effects: ** - Uses e->e_dfp for access to the body ** - Can call the various milter action routines to ** modify the envelope or message. */ # define MILTER_CHECK_RESULTS() \ if (*state == SMFIR_ACCEPT || \ m->mf_state == SMFS_DONE || \ m->mf_state == SMFS_ERROR) \ { \ if (m->mf_state != SMFS_ERROR) \ m->mf_state = SMFS_DONE; \ continue; /* to next filter */ \ } \ if (*state != SMFIR_CONTINUE) \ { \ m->mf_state = SMFS_DONE; \ goto finishup; \ } char * milter_data(e, state) ENVELOPE *e; char *state; { bool replbody = FALSE; /* milter_replbody() called? */ bool replfailed = FALSE; /* milter_replbody() failed? */ bool rewind = FALSE; /* rewind df file? */ bool dfopen = FALSE; /* df open for writing? */ bool newfilter; /* reset on each new filter */ char rcmd; int i; int save_errno; char *response = NULL; time_t eomsent; ssize_t rlen; if (tTd(64, 10)) dprintf("milter_data\n"); *state = SMFIR_CONTINUE; /* ** XXX: Should actually send body chunks to each filter ** a chunk at a time instead of sending the whole body to ** each filter in turn. However, only if the filters don't ** change the body. */ for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; if (*state != SMFIR_CONTINUE && *state != SMFIR_ACCEPT) { /* ** A previous filter has dealt with the message, ** safe to stop processing the filters. */ break; } /* Now reset state for later evaluation */ *state = SMFIR_CONTINUE; newfilter = TRUE; + + /* previous problem? */ + if (m->mf_state == SMFS_ERROR) + { + MILTER_CHECK_ERROR(continue); + break; + } /* sanity checks */ if (m->mf_sock < 0 || (m->mf_state != SMFS_OPEN && m->mf_state != SMFS_INMSG)) continue; m->mf_state = SMFS_INMSG; /* check if filter wants the headers */ if (!bitset(SMFIP_NOHDRS, m->mf_pflags)) { response = milter_headers(m, e, state); MILTER_CHECK_RESULTS(); } /* check if filter wants EOH */ if (!bitset(SMFIP_NOEOH, m->mf_pflags)) { if (tTd(64, 10)) dprintf("milter_data: eoh\n"); /* send it over */ response = milter_send_command(m, SMFIC_EOH, NULL, 0, e, state); MILTER_CHECK_RESULTS(); } /* check if filter wants the body */ if (!bitset(SMFIP_NOBODY, m->mf_pflags) && e->e_dfp != NULL) { rewind = TRUE; response = milter_body(m, e, state); MILTER_CHECK_RESULTS(); } /* send the final body chunk */ (void) milter_write(m, SMFIC_BODYEOB, NULL, 0, m->mf_timeout[SMFTO_WRITE], e); /* Get time EOM sent for timeout */ eomsent = curtime(); /* deal with the possibility of multiple responses */ while (*state == SMFIR_CONTINUE) { /* Check total timeout from EOM to final ACK/NAK */ if (m->mf_timeout[SMFTO_EOM] > 0 && curtime() - eomsent >= m->mf_timeout[SMFTO_EOM]) { if (tTd(64, 5)) dprintf("milter_data(%s): EOM ACK/NAK timeout\n", m->mf_name); if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_data(%s): EOM ACK/NAK timeout\n", m->mf_name); milter_error(m); MILTER_CHECK_ERROR(continue); break; } response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e); if (m->mf_state == SMFS_ERROR) break; if (tTd(64, 10)) dprintf("milter_data(%s): state %c\n", m->mf_name, (char) rcmd); switch (rcmd) { case SMFIR_REPLYCODE: MILTER_CHECK_REPLYCODE("554 5.7.1 Command rejected"); *state = rcmd; m->mf_state = SMFS_DONE; break; case SMFIR_REJECT: case SMFIR_DISCARD: case SMFIR_TEMPFAIL: *state = rcmd; m->mf_state = SMFS_DONE; break; case SMFIR_CONTINUE: case SMFIR_ACCEPT: /* this filter is done with message */ if (replfailed) *state = SMFIR_TEMPFAIL; else *state = SMFIR_ACCEPT; m->mf_state = SMFS_DONE; break; case SMFIR_PROGRESS: break; case SMFIR_ADDHEADER: if (!bitset(SMFIF_ADDHDRS, m->mf_fflags)) { if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "milter_data(%s): lied about adding headers, honoring request anyway", m->mf_name); } milter_addheader(response, rlen, e); break; case SMFIR_CHGHEADER: if (!bitset(SMFIF_CHGHDRS, m->mf_fflags)) { if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "milter_data(%s): lied about changing headers, honoring request anyway", m->mf_name); } milter_changeheader(response, rlen, e); break; case SMFIR_ADDRCPT: if (!bitset(SMFIF_ADDRCPT, m->mf_fflags)) { if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "milter_data(%s) lied about adding recipients, honoring request anyway", m->mf_name); } milter_addrcpt(response, rlen, e); break; case SMFIR_DELRCPT: if (!bitset(SMFIF_DELRCPT, m->mf_fflags)) { if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "milter_data(%s): lied about removing recipients, honoring request anyway", m->mf_name); } milter_delrcpt(response, rlen, e); break; case SMFIR_REPLBODY: if (!bitset(SMFIF_MODBODY, m->mf_fflags)) { if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_data(%s): lied about replacing body, rejecting request and tempfailing message", m->mf_name); replfailed = TRUE; break; } /* already failed in attempt */ if (replfailed) break; if (!dfopen) { if (milter_reopen_df(e) < 0) { replfailed = TRUE; break; } dfopen = TRUE; rewind = TRUE; } if (milter_replbody(response, rlen, newfilter, e) < 0) replfailed = TRUE; newfilter = FALSE; replbody = TRUE; break; default: /* Invalid response to command */ if (LogLevel > 0) sm_syslog(LOG_ERR, e->e_id, "milter_data(%s): returned bogus response %c", m->mf_name, rcmd); milter_error(m); break; } if (rcmd != SMFIR_REPLYCODE && response != NULL) { free(response); response = NULL; } if (m->mf_state == SMFS_ERROR) break; } if (replbody && !replfailed) { /* flush possible buffered character */ milter_replbody(NULL, 0, !replbody, e); replbody = FALSE; } if (m->mf_state == SMFS_ERROR) { MILTER_CHECK_ERROR(continue); goto finishup; } } finishup: /* leave things in the expected state if we touched it */ if (replfailed) { if (*state == SMFIR_CONTINUE || *state == SMFIR_ACCEPT) { *state = SMFIR_TEMPFAIL; if (response != NULL) { free(response); response = NULL; } } if (dfopen) { (void) fclose(e->e_dfp); e->e_dfp = NULL; e->e_flags &= ~EF_HAS_DF; dfopen = FALSE; } rewind = FALSE; } if ((dfopen && milter_reset_df(e) < 0) || (rewind && bfrewind(e->e_dfp) < 0)) { save_errno = errno; ExitStat = EX_IOERR; /* ** If filter told us to keep message but we had ** an error, we can't really keep it, tempfail it. */ if (*state == SMFIR_CONTINUE || *state == SMFIR_ACCEPT) { *state = SMFIR_TEMPFAIL; if (response != NULL) { free(response); response = NULL; } } errno = save_errno; syserr("milter_data: %s/df%s: read error", qid_printqueue(e->e_queuedir), e->e_id); } MILTER_CHECK_DONE_MSG(); return response; } /* ** MILTER_QUIT -- informs the filter(s) we are done and closes connection(s) ** ** Parameters: ** e -- current envelope. ** ** Returns: ** none */ void milter_quit(e) ENVELOPE *e; { int i; if (tTd(64, 10)) dprintf("milter_quit\n"); for (i = 0; InputFilters[i] != NULL; i++) milter_quit_filter(InputFilters[i], e); } /* ** MILTER_ABORT -- informs the filter(s) that we are aborting current message ** ** Parameters: ** e -- current envelope. ** ** Returns: ** none */ void milter_abort(e) ENVELOPE *e; { int i; if (tTd(64, 10)) dprintf("milter_abort\n"); for (i = 0; InputFilters[i] != NULL; i++) { struct milter *m = InputFilters[i]; /* sanity checks */ if (m->mf_sock < 0 || m->mf_state != SMFS_INMSG) continue; milter_abort_filter(m, e); } } #endif /* _FFR_MILTER */ Index: stable/4/contrib/sendmail/src/mime.c =================================================================== --- stable/4/contrib/sendmail/src/mime.c (revision 71887) +++ stable/4/contrib/sendmail/src/mime.c (revision 71888) @@ -1,1195 +1,1197 @@ /* - * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1994, 1996-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1994 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #include #ifndef lint -static char id[] = "@(#)$Id: mime.c,v 8.94 1999/10/17 17:35:58 ca Exp $"; +static char id[] = "@(#)$Id: mime.c,v 8.94.16.3 2000/10/09 02:46:10 gshapiro Exp $"; #endif /* ! lint */ static int isboundary __P((char *, char **)); static int mimeboundary __P((char *, char **)); static int mime_fromqp __P((u_char *, u_char **, int, int)); static int mime_getchar __P((FILE *, char **, int *)); static int mime_getchar_crlf __P((FILE *, char **, int *)); /* ** MIME support. ** ** I am indebted to John Beck of Hewlett-Packard, who contributed ** his code to me for inclusion. As it turns out, I did not use ** his code since he used a "minimum change" approach that used ** several temp files, and I wanted a "minimum impact" approach ** that would avoid copying. However, looking over his code ** helped me cement my understanding of the problem. ** ** I also looked at, but did not directly use, Nathaniel ** Borenstein's "code.c" module. Again, it functioned as ** a file-to-file translator, which did not fit within my ** design bounds, but it was a useful base for understanding ** the problem. */ #if MIME8TO7 /* character set for hex and base64 encoding */ static char Base16Code[] = "0123456789ABCDEF"; static char Base64Code[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /* types of MIME boundaries */ # define MBT_SYNTAX 0 /* syntax error */ # define MBT_NOTSEP 1 /* not a boundary */ # define MBT_INTERMED 2 /* intermediate boundary (no trailing --) */ # define MBT_FINAL 3 /* final boundary (trailing -- included) */ static char *MimeBoundaryNames[] = { "SYNTAX", "NOTSEP", "INTERMED", "FINAL" }; static bool MapNLtoCRLF; /* ** MIME8TO7 -- output 8 bit body in 7 bit format ** ** The header has already been output -- this has to do the ** 8 to 7 bit conversion. It would be easy if we didn't have ** to deal with nested formats (multipart/xxx and message/rfc822). ** ** We won't be called if we don't have to do a conversion, and ** appropriate MIME-Version: and Content-Type: fields have been ** output. Any Content-Transfer-Encoding: field has not been ** output, and we can add it here. ** ** Parameters: ** mci -- mailer connection information. ** header -- the header for this body part. ** e -- envelope. ** boundaries -- the currently pending message boundaries. ** NULL if we are processing the outer portion. ** flags -- to tweak processing. ** ** Returns: ** An indicator of what terminated the message part: ** MBT_FINAL -- the final boundary ** MBT_INTERMED -- an intermediate boundary ** MBT_NOTSEP -- an end of file */ struct args { char *a_field; /* name of field */ char *a_value; /* value of that field */ }; int mime8to7(mci, header, e, boundaries, flags) register MCI *mci; HDR *header; register ENVELOPE *e; char **boundaries; int flags; { register char *p; int linelen; int bt; off_t offset; size_t sectionsize, sectionhighbits; int i; char *type; char *subtype; char *cte; char **pvp; int argc = 0; char *bp; bool use_qp = FALSE; struct args argv[MAXMIMEARGS]; char bbuf[128]; char buf[MAXLINE]; char pvpbuf[MAXLINE]; extern u_char MimeTokenTab[256]; if (tTd(43, 1)) { dprintf("mime8to7: flags = %x, boundaries =", flags); if (boundaries[0] == NULL) dprintf(" "); else { for (i = 0; boundaries[i] != NULL; i++) dprintf(" %s", boundaries[i]); } dprintf("\n"); } MapNLtoCRLF = TRUE; p = hvalue("Content-Transfer-Encoding", header); if (p == NULL || (pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL, MimeTokenTab)) == NULL || pvp[0] == NULL) { cte = NULL; } else { cataddr(pvp, NULL, buf, sizeof buf, '\0'); cte = newstr(buf); } type = subtype = NULL; p = hvalue("Content-Type", header); if (p == NULL) { if (bitset(M87F_DIGEST, flags)) p = "message/rfc822"; else p = "text/plain"; } if (p != NULL && (pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL, MimeTokenTab)) != NULL && pvp[0] != NULL) { if (tTd(43, 40)) { for (i = 0; pvp[i] != NULL; i++) dprintf("pvp[%d] = \"%s\"\n", i, pvp[i]); } type = *pvp++; if (*pvp != NULL && strcmp(*pvp, "/") == 0 && *++pvp != NULL) { subtype = *pvp++; } /* break out parameters */ while (*pvp != NULL && argc < MAXMIMEARGS) { /* skip to semicolon separator */ while (*pvp != NULL && strcmp(*pvp, ";") != 0) pvp++; if (*pvp++ == NULL || *pvp == NULL) break; /* complain about empty values */ if (strcmp(*pvp, ";") == 0) { usrerr("mime8to7: Empty parameter in Content-Type header"); /* avoid bounce loops */ e->e_flags |= EF_DONT_MIME; continue; } /* extract field name */ argv[argc].a_field = *pvp++; /* see if there is a value */ if (*pvp != NULL && strcmp(*pvp, "=") == 0 && (*++pvp == NULL || strcmp(*pvp, ";") != 0)) { argv[argc].a_value = *pvp; argc++; } } } /* check for disaster cases */ if (type == NULL) type = "-none-"; if (subtype == NULL) subtype = "-none-"; /* don't propogate some flags more than one level into the message */ flags &= ~M87F_DIGEST; /* ** Check for cases that can not be encoded. ** ** For example, you can't encode certain kinds of types ** or already-encoded messages. If we find this case, ** just copy it through. */ snprintf(buf, sizeof buf, "%.100s/%.100s", type, subtype); if (wordinclass(buf, 'n') || (cte != NULL && !wordinclass(cte, 'e'))) flags |= M87F_NO8BIT; # ifdef USE_B_CLASS if (wordinclass(buf, 'b') || wordinclass(type, 'b')) MapNLtoCRLF = FALSE; # endif /* USE_B_CLASS */ if (wordinclass(buf, 'q') || wordinclass(type, 'q')) use_qp = TRUE; /* ** Multipart requires special processing. ** ** Do a recursive descent into the message. */ if (strcasecmp(type, "multipart") == 0 && (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags))) { if (strcasecmp(subtype, "digest") == 0) flags |= M87F_DIGEST; for (i = 0; i < argc; i++) { if (strcasecmp(argv[i].a_field, "boundary") == 0) break; } if (i >= argc || argv[i].a_value == NULL) { usrerr("mime8to7: Content-Type: \"%s\": %s boundary", i >= argc ? "missing" : "bogus", p); p = "---"; /* avoid bounce loops */ e->e_flags |= EF_DONT_MIME; } else { p = argv[i].a_value; stripquotes(p); } if (strlcpy(bbuf, p, sizeof bbuf) >= sizeof bbuf) { usrerr("mime8to7: multipart boundary \"%s\" too long", p); /* avoid bounce loops */ e->e_flags |= EF_DONT_MIME; } if (tTd(43, 1)) dprintf("mime8to7: multipart boundary \"%s\"\n", bbuf); for (i = 0; i < MAXMIMENESTING; i++) + { if (boundaries[i] == NULL) break; + } if (i >= MAXMIMENESTING) { usrerr("mime8to7: multipart nesting boundary too deep"); /* avoid bounce loops */ e->e_flags |= EF_DONT_MIME; } else { boundaries[i] = bbuf; boundaries[i + 1] = NULL; } mci->mci_flags |= MCIF_INMIME; /* skip the early "comment" prologue */ putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; bt = MBT_FINAL; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { bt = mimeboundary(buf, boundaries); if (bt != MBT_NOTSEP) break; putxline(buf, strlen(buf), mci, PXLF_MAPFROM|PXLF_STRIP8BIT); if (tTd(43, 99)) dprintf(" ...%s", buf); } if (feof(e->e_dfp)) bt = MBT_FINAL; while (bt != MBT_FINAL) { auto HDR *hdr = NULL; snprintf(buf, sizeof buf, "--%s", bbuf); putline(buf, mci); if (tTd(43, 35)) dprintf(" ...%s\n", buf); collect(e->e_dfp, FALSE, &hdr, e); if (tTd(43, 101)) putline("+++after collect", mci); putheader(mci, hdr, e, flags); if (tTd(43, 101)) putline("+++after putheader", mci); bt = mime8to7(mci, hdr, e, boundaries, flags); } snprintf(buf, sizeof buf, "--%s--", bbuf); putline(buf, mci); if (tTd(43, 35)) dprintf(" ...%s\n", buf); boundaries[i] = NULL; mci->mci_flags &= ~MCIF_INMIME; /* skip the late "comment" epilogue */ while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { bt = mimeboundary(buf, boundaries); if (bt != MBT_NOTSEP) break; putxline(buf, strlen(buf), mci, PXLF_MAPFROM|PXLF_STRIP8BIT); if (tTd(43, 99)) dprintf(" ...%s", buf); } if (feof(e->e_dfp)) bt = MBT_FINAL; if (tTd(43, 3)) dprintf("\t\t\tmime8to7=>%s (multipart)\n", MimeBoundaryNames[bt]); return bt; } /* ** Message/xxx types -- recurse exactly once. ** ** Class 's' is predefined to have "rfc822" only. */ if (strcasecmp(type, "message") == 0) { if (!wordinclass(subtype, 's')) { flags |= M87F_NO8BIT; } else { auto HDR *hdr = NULL; putline("", mci); mci->mci_flags |= MCIF_INMIME; collect(e->e_dfp, FALSE, &hdr, e); if (tTd(43, 101)) putline("+++after collect", mci); putheader(mci, hdr, e, flags); if (tTd(43, 101)) putline("+++after putheader", mci); if (hvalue("MIME-Version", hdr) == NULL) putline("MIME-Version: 1.0", mci); bt = mime8to7(mci, hdr, e, boundaries, flags); mci->mci_flags &= ~MCIF_INMIME; return bt; } } /* ** Non-compound body type ** ** Compute the ratio of seven to eight bit characters; ** use that as a heuristic to decide how to do the ** encoding. */ sectionsize = sectionhighbits = 0; if (!bitset(M87F_NO8BIT|M87F_NO8TO7, flags)) { /* remember where we were */ offset = ftell(e->e_dfp); if (offset == -1) syserr("mime8to7: cannot ftell on df%s", e->e_id); /* do a scan of this body type to count character types */ while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { if (mimeboundary(buf, boundaries) != MBT_NOTSEP) break; for (p = buf; *p != '\0'; p++) { /* count bytes with the high bit set */ sectionsize++; if (bitset(0200, *p)) sectionhighbits++; } /* ** Heuristic: if 1/4 of the first 4K bytes are 8-bit, ** assume base64. This heuristic avoids double-reading ** large graphics or video files. */ if (sectionsize >= 4096 && sectionhighbits > sectionsize / 4) break; } /* return to the original offset for processing */ /* XXX use relative seeks to handle >31 bit file sizes? */ if (fseek(e->e_dfp, offset, SEEK_SET) < 0) syserr("mime8to7: cannot fseek on df%s", e->e_id); else clearerr(e->e_dfp); } /* ** Heuristically determine encoding method. ** If more than 1/8 of the total characters have the ** eighth bit set, use base64; else use quoted-printable. ** However, only encode binary encoded data as base64, ** since otherwise the NL=>CRLF mapping will be a problem. */ if (tTd(43, 8)) { dprintf("mime8to7: %ld high bit(s) in %ld byte(s), cte=%s, type=%s/%s\n", (long) sectionhighbits, (long) sectionsize, cte == NULL ? "[none]" : cte, type == NULL ? "[none]" : type, subtype == NULL ? "[none]" : subtype); } if (cte != NULL && strcasecmp(cte, "binary") == 0) sectionsize = sectionhighbits; linelen = 0; bp = buf; if (sectionhighbits == 0) { /* no encoding necessary */ if (cte != NULL && bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) && !bitset(M87F_NO8TO7, flags)) { /* ** Skip _unless_ in MIME mode and potentially ** converting from 8 bit to 7 bit MIME. See ** putheader() for the counterpart where the ** CTE header is skipped in the opposite ** situation. */ snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %.200s", cte); putline(buf, mci); if (tTd(43, 36)) dprintf(" ...%s\n", buf); } putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { bt = mimeboundary(buf, boundaries); if (bt != MBT_NOTSEP) break; putline(buf, mci); } if (feof(e->e_dfp)) bt = MBT_FINAL; } else if (!MapNLtoCRLF || (sectionsize / 8 < sectionhighbits && !use_qp)) { /* use base64 encoding */ int c1, c2; if (tTd(43, 36)) dprintf(" ...Content-Transfer-Encoding: base64\n"); putline("Content-Transfer-Encoding: base64", mci); snprintf(buf, sizeof buf, "X-MIME-Autoconverted: from 8bit to base64 by %s id %s", MyHostName, e->e_id); putline(buf, mci); putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; while ((c1 = mime_getchar_crlf(e->e_dfp, boundaries, &bt)) != EOF) { if (linelen > 71) { *bp = '\0'; putline(buf, mci); linelen = 0; bp = buf; } linelen += 4; *bp++ = Base64Code[(c1 >> 2)]; c1 = (c1 & 0x03) << 4; c2 = mime_getchar_crlf(e->e_dfp, boundaries, &bt); if (c2 == EOF) { *bp++ = Base64Code[c1]; *bp++ = '='; *bp++ = '='; break; } c1 |= (c2 >> 4) & 0x0f; *bp++ = Base64Code[c1]; c1 = (c2 & 0x0f) << 2; c2 = mime_getchar_crlf(e->e_dfp, boundaries, &bt); if (c2 == EOF) { *bp++ = Base64Code[c1]; *bp++ = '='; break; } c1 |= (c2 >> 6) & 0x03; *bp++ = Base64Code[c1]; *bp++ = Base64Code[c2 & 0x3f]; } *bp = '\0'; putline(buf, mci); } else { /* use quoted-printable encoding */ int c1, c2; int fromstate; BITMAP256 badchars; /* set up map of characters that must be mapped */ clrbitmap(badchars); for (c1 = 0x00; c1 < 0x20; c1++) setbitn(c1, badchars); clrbitn('\t', badchars); for (c1 = 0x7f; c1 < 0x100; c1++) setbitn(c1, badchars); setbitn('=', badchars); if (bitnset(M_EBCDIC, mci->mci_mailer->m_flags)) for (p = "!\"#$@[\\]^`{|}~"; *p != '\0'; p++) setbitn(*p, badchars); if (tTd(43, 36)) dprintf(" ...Content-Transfer-Encoding: quoted-printable\n"); putline("Content-Transfer-Encoding: quoted-printable", mci); snprintf(buf, sizeof buf, "X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s", MyHostName, e->e_id); putline(buf, mci); putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; fromstate = 0; c2 = '\n'; while ((c1 = mime_getchar(e->e_dfp, boundaries, &bt)) != EOF) { if (c1 == '\n') { if (c2 == ' ' || c2 == '\t') { *bp++ = '='; *bp++ = Base16Code[(c2 >> 4) & 0x0f]; *bp++ = Base16Code[c2 & 0x0f]; } if (buf[0] == '.' && bp == &buf[1]) { buf[0] = '='; *bp++ = Base16Code[('.' >> 4) & 0x0f]; *bp++ = Base16Code['.' & 0x0f]; } *bp = '\0'; putline(buf, mci); linelen = fromstate = 0; bp = buf; c2 = c1; continue; } if (c2 == ' ' && linelen == 4 && fromstate == 4 && bitnset(M_ESCFROM, mci->mci_mailer->m_flags)) { *bp++ = '='; *bp++ = '2'; *bp++ = '0'; linelen += 3; } else if (c2 == ' ' || c2 == '\t') { *bp++ = c2; linelen++; } if (linelen > 72 && (linelen > 75 || c1 != '.' || (linelen > 73 && c2 == '.'))) { if (linelen > 73 && c2 == '.') bp--; else c2 = '\n'; *bp++ = '='; *bp = '\0'; putline(buf, mci); linelen = fromstate = 0; bp = buf; if (c2 == '.') { *bp++ = '.'; linelen++; } } - if (bitnset(c1 & 0xff, badchars)) + if (bitnset(bitidx(c1), badchars)) { *bp++ = '='; *bp++ = Base16Code[(c1 >> 4) & 0x0f]; *bp++ = Base16Code[c1 & 0x0f]; linelen += 3; } else if (c1 != ' ' && c1 != '\t') { if (linelen < 4 && c1 == "From"[linelen]) fromstate++; *bp++ = c1; linelen++; } c2 = c1; } /* output any saved character */ if (c2 == ' ' || c2 == '\t') { *bp++ = '='; *bp++ = Base16Code[(c2 >> 4) & 0x0f]; *bp++ = Base16Code[c2 & 0x0f]; linelen += 3; } if (linelen > 0 || boundaries[0] != NULL) { *bp = '\0'; putline(buf, mci); } } if (tTd(43, 3)) dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]); return bt; } /* ** MIME_GETCHAR -- get a character for MIME processing ** ** Treats boundaries as EOF. ** ** Parameters: ** fp -- the input file. ** boundaries -- the current MIME boundaries. ** btp -- if the return value is EOF, *btp is set to ** the type of the boundary. ** ** Returns: ** The next character in the input stream. */ static int mime_getchar(fp, boundaries, btp) register FILE *fp; char **boundaries; int *btp; { int c; static u_char *bp = NULL; static int buflen = 0; static bool atbol = TRUE; /* at beginning of line */ static int bt = MBT_SYNTAX; /* boundary type of next EOF */ static u_char buf[128]; /* need not be a full line */ int start = 0; /* indicates position of - in buffer */ if (buflen == 1 && *bp == '\n') { /* last \n in buffer may be part of next MIME boundary */ c = *bp; } else if (buflen > 0) { buflen--; return *bp++; } else c = getc(fp); bp = buf; buflen = 0; if (c == '\n') { /* might be part of a MIME boundary */ *bp++ = c; atbol = TRUE; c = getc(fp); if (c == '\n') { (void) ungetc(c, fp); return c; } start = 1; } if (c != EOF) *bp++ = c; else bt = MBT_FINAL; if (atbol && c == '-') { /* check for a message boundary */ c = getc(fp); if (c != '-') { if (c != EOF) *bp++ = c; else bt = MBT_FINAL; buflen = bp - buf - 1; bp = buf; return *bp++; } /* got "--", now check for rest of separator */ *bp++ = '-'; while (bp < &buf[sizeof buf - 2] && (c = getc(fp)) != EOF && c != '\n') { *bp++ = c; } *bp = '\0'; bt = mimeboundary((char *) &buf[start], boundaries); switch (bt) { case MBT_FINAL: case MBT_INTERMED: /* we have a message boundary */ buflen = 0; *btp = bt; return EOF; } atbol = c == '\n'; if (c != EOF) *bp++ = c; } buflen = bp - buf - 1; if (buflen < 0) { *btp = bt; return EOF; } bp = buf; return *bp++; } /* ** MIME_GETCHAR_CRLF -- do mime_getchar, but translate NL => CRLF ** ** Parameters: ** fp -- the input file. ** boundaries -- the current MIME boundaries. ** btp -- if the return value is EOF, *btp is set to ** the type of the boundary. ** ** Returns: ** The next character in the input stream. */ static int mime_getchar_crlf(fp, boundaries, btp) register FILE *fp; char **boundaries; int *btp; { static bool sendlf = FALSE; int c; if (sendlf) { sendlf = FALSE; return '\n'; } c = mime_getchar(fp, boundaries, btp); if (c == '\n' && MapNLtoCRLF) { sendlf = TRUE; return '\r'; } return c; } /* ** MIMEBOUNDARY -- determine if this line is a MIME boundary & its type ** ** Parameters: ** line -- the input line. ** boundaries -- the set of currently pending boundaries. ** ** Returns: ** MBT_NOTSEP -- if this is not a separator line ** MBT_INTERMED -- if this is an intermediate separator ** MBT_FINAL -- if this is a final boundary ** MBT_SYNTAX -- if this is a boundary for the wrong ** enclosure -- i.e., a syntax error. */ static int mimeboundary(line, boundaries) register char *line; char **boundaries; { int type = MBT_NOTSEP; int i; int savec; if (line[0] != '-' || line[1] != '-' || boundaries == NULL) return MBT_NOTSEP; i = strlen(line); - if (line[i - 1] == '\n') + if (i > 0 && line[i - 1] == '\n') i--; /* strip off trailing whitespace */ - while (line[i - 1] == ' ' || line[i - 1] == '\t') + while (i > 0 && (line[i - 1] == ' ' || line[i - 1] == '\t')) i--; savec = line[i]; line[i] = '\0'; if (tTd(43, 5)) dprintf("mimeboundary: line=\"%s\"... ", line); /* check for this as an intermediate boundary */ if (isboundary(&line[2], boundaries) >= 0) type = MBT_INTERMED; else if (i > 2 && strncmp(&line[i - 2], "--", 2) == 0) { /* check for a final boundary */ line[i - 2] = '\0'; if (isboundary(&line[2], boundaries) >= 0) type = MBT_FINAL; line[i - 2] = '-'; } line[i] = savec; if (tTd(43, 5)) dprintf("%s\n", MimeBoundaryNames[type]); return type; } /* ** DEFCHARSET -- return default character set for message ** ** The first choice for character set is for the mailer ** corresponding to the envelope sender. If neither that ** nor the global configuration file has a default character ** set defined, return "unknown-8bit" as recommended by ** RFC 1428 section 3. ** ** Parameters: ** e -- the envelope for this message. ** ** Returns: ** The default character set for that mailer. */ char * defcharset(e) register ENVELOPE *e; { if (e != NULL && e->e_from.q_mailer != NULL && e->e_from.q_mailer->m_defcharset != NULL) return e->e_from.q_mailer->m_defcharset; if (DefaultCharSet != NULL) return DefaultCharSet; return "unknown-8bit"; } /* ** ISBOUNDARY -- is a given string a currently valid boundary? ** ** Parameters: ** line -- the current input line. ** boundaries -- the list of valid boundaries. ** ** Returns: ** The index number in boundaries if the line is found. ** -1 -- otherwise. ** */ static int isboundary(line, boundaries) char *line; char **boundaries; { register int i; - for (i = 0; boundaries[i] != NULL; i++) + for (i = 0; i <= MAXMIMENESTING && boundaries[i] != NULL; i++) { if (strcmp(line, boundaries[i]) == 0) return i; } return -1; } #endif /* MIME8TO7 */ #if MIME7TO8 /* ** MIME7TO8 -- output 7 bit encoded MIME body in 8 bit format ** ** This is a hack. Supports translating the two 7-bit body-encodings ** (quoted-printable and base64) to 8-bit coded bodies. ** ** There is not much point in supporting multipart here, as the UA ** will be able to deal with encoded MIME bodies if it can parse MIME ** multipart messages. ** ** Note also that we wont be called unless it is a text/plain MIME ** message, encoded base64 or QP and mailer flag '9' has been defined ** on mailer. ** ** Contributed by Marius Olaffson . ** ** Parameters: ** mci -- mailer connection information. ** header -- the header for this body part. ** e -- envelope. ** ** Returns: ** none. */ static char index_64[128] = { -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63, 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1,-1,-1,-1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14, 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1, -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40, 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1 }; # define CHAR64(c) (((c) < 0 || (c) > 127) ? -1 : index_64[(c)]) void mime7to8(mci, header, e) register MCI *mci; HDR *header; register ENVELOPE *e; { register char *p; char *cte; char **pvp; u_char *fbufp; char buf[MAXLINE]; u_char fbuf[MAXLINE + 1]; char pvpbuf[MAXLINE]; extern u_char MimeTokenTab[256]; p = hvalue("Content-Transfer-Encoding", header); if (p == NULL || (pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL, MimeTokenTab)) == NULL || pvp[0] == NULL) { /* "can't happen" -- upper level should have caught this */ syserr("mime7to8: unparsable CTE %s", p == NULL ? "" : p); /* avoid bounce loops */ e->e_flags |= EF_DONT_MIME; /* cheap failsafe algorithm -- should work on text/plain */ if (p != NULL) { snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s", p); putline(buf, mci); } putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) putline(buf, mci); return; } cataddr(pvp, NULL, buf, sizeof buf, '\0'); cte = newstr(buf); mci->mci_flags |= MCIF_INHEADER; putline("Content-Transfer-Encoding: 8bit", mci); snprintf(buf, sizeof buf, "X-MIME-Autoconverted: from %.200s to 8bit by %s id %s", cte, MyHostName, e->e_id); putline(buf, mci); putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; /* ** Translate body encoding to 8-bit. Supports two types of ** encodings; "base64" and "quoted-printable". Assume qp if ** it is not base64. */ if (strcasecmp(cte, "base64") == 0) { int c1, c2, c3, c4; fbufp = fbuf; while ((c1 = fgetc(e->e_dfp)) != EOF) { if (isascii(c1) && isspace(c1)) continue; do { c2 = fgetc(e->e_dfp); } while (isascii(c2) && isspace(c2)); if (c2 == EOF) break; do { c3 = fgetc(e->e_dfp); } while (isascii(c3) && isspace(c3)); if (c3 == EOF) break; do { c4 = fgetc(e->e_dfp); } while (isascii(c4) && isspace(c4)); if (c4 == EOF) break; if (c1 == '=' || c2 == '=') continue; c1 = CHAR64(c1); c2 = CHAR64(c2); *fbufp = (c1 << 2) | ((c2 & 0x30) >> 4); if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { if (*--fbufp != '\n' || (fbufp > fbuf && *--fbufp != '\r')) fbufp++; putxline((char *) fbuf, fbufp - fbuf, mci, PXLF_MAPFROM); fbufp = fbuf; } if (c3 == '=') continue; c3 = CHAR64(c3); *fbufp = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { if (*--fbufp != '\n' || (fbufp > fbuf && *--fbufp != '\r')) fbufp++; putxline((char *) fbuf, fbufp - fbuf, mci, PXLF_MAPFROM); fbufp = fbuf; } if (c4 == '=') continue; c4 = CHAR64(c4); *fbufp = ((c3 & 0x03) << 6) | c4; if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE]) { if (*--fbufp != '\n' || (fbufp > fbuf && *--fbufp != '\r')) fbufp++; putxline((char *) fbuf, fbufp - fbuf, mci, PXLF_MAPFROM); fbufp = fbuf; } } } else { /* quoted-printable */ fbufp = fbuf; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) { if (mime_fromqp((u_char *) buf, &fbufp, 0, &fbuf[MAXLINE] - fbufp) == 0) continue; if (fbufp - fbuf > 0) putxline((char *) fbuf, fbufp - fbuf - 1, mci, PXLF_MAPFROM); fbufp = fbuf; } } /* force out partial last line */ if (fbufp > fbuf) { *fbufp = '\0'; putxline((char *) fbuf, fbufp - fbuf, mci, PXLF_MAPFROM); } if (tTd(43, 3)) dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte); } /* ** The following is based on Borenstein's "codes.c" module, with simplifying ** changes as we do not deal with multipart, and to do the translation in-core, ** with an attempt to prevent overrun of output buffers. ** ** What is needed here are changes to defned this code better against ** bad encodings. Questionable to always return 0xFF for bad mappings. */ static char index_hex[128] = { -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1, -1,-1,-1,-1, -1,10,11,12, 13,14,15,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,10,11,12, 13,14,15,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1 }; # define HEXCHAR(c) (((c) < 0 || (c) > 127) ? -1 : index_hex[(c)]) static int mime_fromqp(infile, outfile, state, maxlen) u_char *infile; u_char **outfile; int state; /* Decoding body (0) or header (1) */ int maxlen; /* Max # of chars allowed in outfile */ { int c1, c2; int nchar = 0; while ((c1 = *infile++) != '\0') { if (c1 == '=') { if ((c1 = *infile++) == 0) break; if (c1 == '\n' || (c1 = HEXCHAR(c1)) == -1) { /* ignore it */ if (state == 0) return 0; } else { do { if ((c2 = *infile++) == '\0') { c2 = -1; break; } } while ((c2 = HEXCHAR(c2)) == -1); if (c2 == -1 || ++nchar > maxlen) break; *(*outfile)++ = c1 << 4 | c2; } } else { if (state == 1 && c1 == '_') c1 = ' '; if (++nchar > maxlen) break; *(*outfile)++ = c1; if (c1 == '\n') break; } } *(*outfile)++ = '\0'; return 1; } #endif /* MIME7TO8 */ Index: stable/4/contrib/sendmail/src/newaliases.1 =================================================================== --- stable/4/contrib/sendmail/src/newaliases.1 (revision 71887) +++ stable/4/contrib/sendmail/src/newaliases.1 (revision 71888) @@ -1,41 +1,41 @@ .\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1997 Eric P. Allman. All rights reserved. .\" Copyright (c) 1985, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: newaliases.1,v 8.15 1999/06/22 20:41:34 tony Exp $ +.\" $Id: newaliases.1,v 8.15.28.1 2000/12/14 23:08:15 gshapiro Exp $ .\" -.TH NEWALIASES 1 "$Date: 1999/06/22 20:41:34 $" +.TH NEWALIASES 1 "$Date: 2000/12/14 23:08:15 $" .SH NAME -.B newaliases +newaliases \- rebuild the data base for the mail aliases file .SH SYNOPSIS .B newaliases .SH DESCRIPTION .B Newaliases rebuilds the random access data base for the mail aliases file /etc/mail/aliases. It must be run each time this file is changed in order for the change to take effect. .PP .B Newaliases is identical to ``sendmail -bi''. .PP The .B newaliases utility exits 0 on success, and >0 if an error occurs. .SH FILES .TP 2i /etc/mail/aliases The mail aliases file .SH SEE ALSO aliases(5), sendmail(8) .SH HISTORY The .B newaliases command appeared in 4.0BSD. Index: stable/4/contrib/sendmail/src/parseaddr.c =================================================================== --- stable/4/contrib/sendmail/src/parseaddr.c (revision 71887) +++ stable/4/contrib/sendmail/src/parseaddr.c (revision 71888) @@ -1,2805 +1,2812 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: parseaddr.c,v 8.234.4.5 2000/09/25 07:53:29 gshapiro Exp $"; +static char id[] = "@(#)$Id: parseaddr.c,v 8.234.4.9 2000/10/09 03:14:48 gshapiro Exp $"; #endif /* ! lint */ #include static void allocaddr __P((ADDRESS *, int, char *)); static int callsubr __P((char**, int, ENVELOPE *)); static char *map_lookup __P((STAB *, char *, char **, int *, ENVELOPE *)); static ADDRESS *buildaddr __P((char **, ADDRESS *, int, ENVELOPE *)); /* ** PARSEADDR -- Parse an address ** ** Parses an address and breaks it up into three parts: a ** net to transmit the message on, the host to transmit it ** to, and a user on that host. These are loaded into an ** ADDRESS header with the values squirreled away if necessary. ** The "user" part may not be a real user; the process may ** just reoccur on that machine. For example, on a machine ** with an arpanet connection, the address ** csvax.bill@berkeley ** will break up to a "user" of 'csvax.bill' and a host ** of 'berkeley' -- to be transmitted over the arpanet. ** ** Parameters: ** addr -- the address to parse. ** a -- a pointer to the address descriptor buffer. ** If NULL, a header will be created. ** flags -- describe detail for parsing. See RF_ definitions ** in sendmail.h. ** delim -- the character to terminate the address, passed ** to prescan. ** delimptr -- if non-NULL, set to the location of the ** delim character that was found. ** e -- the envelope that will contain this address. ** ** Returns: ** A pointer to the address descriptor header (`a' if ** `a' is non-NULL). ** NULL on error. ** ** Side Effects: ** none */ /* following delimiters are inherent to the internal algorithms */ #define DELIMCHARS "()<>,;\r\n" /* default word delimiters */ ADDRESS * parseaddr(addr, a, flags, delim, delimptr, e) char *addr; register ADDRESS *a; int flags; int delim; char **delimptr; register ENVELOPE *e; { register char **pvp; auto char *delimptrbuf; bool qup; char pvpbuf[PSBUFSIZE]; /* ** Initialize and prescan address. */ e->e_to = addr; if (tTd(20, 1)) dprintf("\n--parseaddr(%s)\n", addr); if (delimptr == NULL) delimptr = &delimptrbuf; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL); if (pvp == NULL) { if (tTd(20, 1)) dprintf("parseaddr-->NULL\n"); return NULL; } if (invalidaddr(addr, delim == '\0' ? NULL : *delimptr)) { if (tTd(20, 1)) dprintf("parseaddr-->bad address\n"); return NULL; } /* ** Save addr if we are going to have to. ** ** We have to do this early because there is a chance that ** the map lookups in the rewriting rules could clobber ** static memory somewhere. */ if (bitset(RF_COPYPADDR, flags) && addr != NULL) { char savec = **delimptr; if (savec != '\0') **delimptr = '\0'; e->e_to = addr = newstr(addr); if (savec != '\0') **delimptr = savec; } /* ** Apply rewriting rules. ** Ruleset 0 does basic parsing. It must resolve. */ qup = FALSE; if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL) qup = TRUE; if (rewrite(pvp, 0, 0, e) == EX_TEMPFAIL) qup = TRUE; /* ** Build canonical address from pvp. */ a = buildaddr(pvp, a, flags, e); /* ** Make local copies of the host & user and then ** transport them out. */ allocaddr(a, flags, addr); if (QS_IS_BADADDR(a->q_state)) return a; /* ** If there was a parsing failure, mark it for queueing. */ if (qup && OpMode != MD_INITALIAS) { char *msg = "Transient parse error -- message queued for future delivery"; if (e->e_sendmode == SM_DEFER) msg = "Deferring message until queue run"; if (tTd(20, 1)) dprintf("parseaddr: queuing message\n"); message(msg); if (e->e_message == NULL && e->e_sendmode != SM_DEFER) e->e_message = newstr(msg); a->q_state = QS_QUEUEUP; a->q_status = "4.4.3"; } /* ** Compute return value. */ if (tTd(20, 1)) { dprintf("parseaddr-->"); printaddr(a, FALSE); } return a; } /* ** INVALIDADDR -- check for address containing meta-characters ** ** Parameters: ** addr -- the address to check. ** ** Returns: ** TRUE -- if the address has any "wierd" characters ** FALSE -- otherwise. */ bool invalidaddr(addr, delimptr) register char *addr; char *delimptr; { char savedelim = '\0'; if (delimptr != NULL) { savedelim = *delimptr; if (savedelim != '\0') *delimptr = '\0'; } if (strlen(addr) > MAXNAME - 1) { usrerr("553 5.1.1 Address too long (%d bytes max)", MAXNAME - 1); goto failure; } for (; *addr != '\0'; addr++) { if ((*addr & 0340) == 0200) break; } if (*addr == '\0') { if (delimptr != NULL && savedelim != '\0') *delimptr = savedelim; return FALSE; } setstat(EX_USAGE); usrerr("553 5.1.1 Address contained invalid control characters"); failure: if (delimptr != NULL && savedelim != '\0') *delimptr = savedelim; return TRUE; } /* ** ALLOCADDR -- do local allocations of address on demand. ** ** Also lowercases the host name if requested. ** ** Parameters: ** a -- the address to reallocate. ** flags -- the copy flag (see RF_ definitions in sendmail.h ** for a description). ** paddr -- the printname of the address. ** ** Returns: ** none. ** ** Side Effects: ** Copies portions of a into local buffers as requested. */ static void allocaddr(a, flags, paddr) register ADDRESS *a; int flags; char *paddr; { if (tTd(24, 4)) dprintf("allocaddr(flags=%x, paddr=%s)\n", flags, paddr); a->q_paddr = paddr; if (a->q_user == NULL) a->q_user = newstr(""); if (a->q_host == NULL) a->q_host = newstr(""); if (bitset(RF_COPYPARSE, flags)) { a->q_host = newstr(a->q_host); if (a->q_user != a->q_paddr) a->q_user = newstr(a->q_user); } if (a->q_paddr == NULL) a->q_paddr = newstr(a->q_user); } /* ** PRESCAN -- Prescan name and make it canonical ** ** Scans a name and turns it into a set of tokens. This process ** deletes blanks and comments (in parentheses) (if the token type ** for left paren is SPC). ** ** This routine knows about quoted strings and angle brackets. ** ** There are certain subtleties to this routine. The one that ** comes to mind now is that backslashes on the ends of names ** are silently stripped off; this is intentional. The problem ** is that some versions of sndmsg (like at LBL) set the kill ** character to something other than @ when reading addresses; ** so people type "csvax.eric\@berkeley" -- which screws up the ** berknet mailer. ** ** Parameters: ** addr -- the name to chomp. ** delim -- the delimiter for the address, normally ** '\0' or ','; \0 is accepted in any case. ** If '\t' then we are reading the .cf file. ** pvpbuf -- place to put the saved text -- note that ** the pointers are static. ** pvpbsize -- size of pvpbuf. ** delimptr -- if non-NULL, set to the location of the ** terminating delimiter. ** toktab -- if set, a token table to use for parsing. ** If NULL, use the default table. ** ** Returns: ** A pointer to a vector of tokens. ** NULL on error. */ /* states and character types */ #define OPR 0 /* operator */ #define ATM 1 /* atom */ #define QST 2 /* in quoted string */ #define SPC 3 /* chewing up spaces */ #define ONE 4 /* pick up one character */ #define ILL 5 /* illegal character */ #define NSTATES 6 /* number of states */ #define TYPE 017 /* mask to select state type */ /* meta bits for table */ #define M 020 /* meta character; don't pass through */ #define B 040 /* cause a break */ #define MB M|B /* meta-break */ static short StateTab[NSTATES][NSTATES] = { /* oldst chtype> OPR ATM QST SPC ONE ILL */ /*OPR*/ { OPR|B, ATM|B, QST|B, SPC|MB, ONE|B, ILL|MB }, /*ATM*/ { OPR|B, ATM, QST|B, SPC|MB, ONE|B, ILL|MB }, /*QST*/ { QST, QST, OPR, QST, QST, QST }, /*SPC*/ { OPR, ATM, QST, SPC|M, ONE, ILL|MB }, /*ONE*/ { OPR, OPR, OPR, OPR, OPR, ILL|MB }, /*ILL*/ { OPR|B, ATM|B, QST|B, SPC|MB, ONE|B, ILL|M }, }; /* token type table -- it gets modified with $o characters */ static u_char TokTypeTab[256] = { /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* sp ! " # $ % & ' ( ) * + , - . / */ SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,ATM,ATM,ATM,ATM, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* @ A B C D E F G H I J K L M N O */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* ` a b c d e f g h i j k l m n o */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* p q r s t u v w x y z { | } ~ del */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ OPR,OPR,ONE,OPR,OPR,OPR,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ OPR,OPR,OPR,ONE,ONE,ONE,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR, /* sp ! " # $ % & ' ( ) * + , - . / */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* @ A B C D E F G H I J K L M N O */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* ` a b c d e f g h i j k l m n o */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* p q r s t u v w x y z { | } ~ del */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, }; /* token type table for MIME parsing */ u_char MimeTokenTab[256] = { /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,SPC,SPC,SPC,SPC,SPC,ILL,ILL, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* sp ! " # $ % & ' ( ) * + , - . / */ SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, SPC,SPC,ATM,ATM,OPR,ATM,ATM,OPR, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,OPR,OPR,OPR,OPR,OPR,OPR, /* @ A B C D E F G H I J K L M N O */ OPR,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,OPR,OPR,OPR,ATM,ATM, /* ` a b c d e f g h i j k l m n o */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* p q r s t u v w x y z { | } ~ del */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* sp ! " # $ % & ' ( ) * + , - . / */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* @ A B C D E F G H I J K L M N O */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* ` a b c d e f g h i j k l m n o */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, /* p q r s t u v w x y z { | } ~ del */ ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, ILL,ILL,ILL,ILL,ILL,ILL,ILL,ILL, }; /* token type table: don't strip comments */ u_char TokTypeNoC[256] = { /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,SPC,SPC,SPC,SPC,SPC,ATM,ATM, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* sp ! " # $ % & ' ( ) * + , - . / */ SPC,ATM,QST,ATM,ATM,ATM,ATM,ATM, OPR,OPR,ATM,ATM,ATM,ATM,ATM,ATM, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* @ A B C D E F G H I J K L M N O */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* ` a b c d e f g h i j k l m n o */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* p q r s t u v w x y z { | } ~ del */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* nul soh stx etx eot enq ack bel bs ht nl vt np cr so si */ OPR,OPR,ONE,OPR,OPR,OPR,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR, /* dle dc1 dc2 dc3 dc4 nak syn etb can em sub esc fs gs rs us */ OPR,OPR,OPR,ONE,ONE,ONE,OPR,OPR, OPR,OPR,OPR,OPR,OPR,OPR,OPR,OPR, /* sp ! " # $ % & ' ( ) * + , - . / */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* @ A B C D E F G H I J K L M N O */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* P Q R S T U V W X Y Z [ \ ] ^ _ */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* ` a b c d e f g h i j k l m n o */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, /* p q r s t u v w x y z { | } ~ del */ ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, ATM,ATM,ATM,ATM,ATM,ATM,ATM,ATM, }; #define NOCHAR -1 /* signal nothing in lookahead token */ char ** prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab) char *addr; int delim; char pvpbuf[]; int pvpbsize; char **delimptr; u_char *toktab; { register char *p; register char *q; register int c; char **avp; bool bslashmode; bool route_syntax; int cmntcnt; int anglecnt; char *tok; int state; int newstate; char *saveto = CurEnv->e_to; static char *av[MAXATOM + 1]; static char firsttime = TRUE; extern int errno; if (firsttime) { /* initialize the token type table */ char obuf[50]; firsttime = FALSE; if (OperatorChars == NULL) { if (ConfigLevel < 7) OperatorChars = macvalue('o', CurEnv); if (OperatorChars == NULL) OperatorChars = ".:@[]"; } expand(OperatorChars, obuf, sizeof obuf - sizeof DELIMCHARS, CurEnv); (void) strlcat(obuf, DELIMCHARS, sizeof obuf); for (p = obuf; *p != '\0'; p++) { if (TokTypeTab[*p & 0xff] == ATM) TokTypeTab[*p & 0xff] = OPR; if (TokTypeNoC[*p & 0xff] == ATM) TokTypeNoC[*p & 0xff] = OPR; } } if (toktab == NULL) toktab = TokTypeTab; /* make sure error messages don't have garbage on them */ errno = 0; q = pvpbuf; bslashmode = FALSE; route_syntax = FALSE; cmntcnt = 0; anglecnt = 0; avp = av; state = ATM; c = NOCHAR; p = addr; CurEnv->e_to = p; if (tTd(22, 11)) { dprintf("prescan: "); xputs(p); dprintf("\n"); } do { /* read a token */ tok = q; for (;;) { /* store away any old lookahead character */ if (c != NOCHAR && !bslashmode) { /* see if there is room */ if (q >= &pvpbuf[pvpbsize - 5]) { usrerr("553 5.1.1 Address too long"); if (strlen(addr) > (SIZE_T) MAXNAME) addr[MAXNAME] = '\0'; returnnull: if (delimptr != NULL) *delimptr = p; CurEnv->e_to = saveto; return NULL; } /* squirrel it away */ *q++ = c; } /* read a new input character */ c = *p++; if (c == '\0') { /* diagnose and patch up bad syntax */ if (state == QST) { usrerr("653 Unbalanced '\"'"); c = '"'; } else if (cmntcnt > 0) { usrerr("653 Unbalanced '('"); c = ')'; } else if (anglecnt > 0) { c = '>'; usrerr("653 Unbalanced '<'"); } else break; p--; } else if (c == delim && cmntcnt <= 0 && state != QST) { if (anglecnt <= 0) break; /* special case for better error management */ if (delim == ',' && !route_syntax) { usrerr("653 Unbalanced '<'"); c = '>'; p--; } } if (tTd(22, 101)) dprintf("c=%c, s=%d; ", c, state); /* chew up special characters */ *q = '\0'; if (bslashmode) { bslashmode = FALSE; /* kludge \! for naive users */ if (cmntcnt > 0) { c = NOCHAR; continue; } else if (c != '!' || state == QST) { *q++ = '\\'; continue; } } if (c == '\\') { bslashmode = TRUE; } else if (state == QST) { /* EMPTY */ /* do nothing, just avoid next clauses */ } else if (c == '(' && toktab['('] == SPC) { cmntcnt++; c = NOCHAR; } else if (c == ')' && toktab['('] == SPC) { if (cmntcnt <= 0) { usrerr("653 Unbalanced ')'"); c = NOCHAR; } else cmntcnt--; } else if (cmntcnt > 0) { c = NOCHAR; } else if (c == '<') { char *ptr = p; anglecnt++; while (isascii(*ptr) && isspace(*ptr)) ptr++; if (*ptr == '@') route_syntax = TRUE; } else if (c == '>') { if (anglecnt <= 0) { usrerr("653 Unbalanced '>'"); c = NOCHAR; } else anglecnt--; route_syntax = FALSE; } else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (c == NOCHAR) continue; /* see if this is end of input */ if (c == delim && anglecnt <= 0 && state != QST) break; newstate = StateTab[state][toktab[c & 0xff]]; if (tTd(22, 101)) dprintf("ns=%02o\n", newstate); state = newstate & TYPE; if (state == ILL) { if (isascii(c) && isprint(c)) usrerr("653 Illegal character %c", c); else usrerr("653 Illegal character 0x%02x", c); } if (bitset(M, newstate)) c = NOCHAR; if (bitset(B, newstate)) break; } /* new token */ if (tok != q) { *q++ = '\0'; if (tTd(22, 36)) { dprintf("tok="); xputs(tok); dprintf("\n"); } if (avp >= &av[MAXATOM]) { usrerr("553 5.1.0 prescan: too many tokens"); goto returnnull; } if (q - tok > MAXNAME) { usrerr("553 5.1.0 prescan: token too long"); goto returnnull; } *avp++ = tok; } } while (c != '\0' && (c != delim || anglecnt > 0)); *avp = NULL; p--; if (delimptr != NULL) *delimptr = p; if (tTd(22, 12)) { dprintf("prescan==>"); printav(av); } CurEnv->e_to = saveto; if (av[0] == NULL) { if (tTd(22, 1)) dprintf("prescan: null leading token\n"); return NULL; } return av; } /* ** REWRITE -- apply rewrite rules to token vector. ** ** This routine is an ordered production system. Each rewrite ** rule has a LHS (called the pattern) and a RHS (called the ** rewrite); 'rwr' points the the current rewrite rule. ** ** For each rewrite rule, 'avp' points the address vector we ** are trying to match against, and 'pvp' points to the pattern. ** If pvp points to a special match value (MATCHZANY, MATCHANY, ** MATCHONE, MATCHCLASS, MATCHNCLASS) then the address in avp ** matched is saved away in the match vector (pointed to by 'mvp'). ** ** When a match between avp & pvp does not match, we try to ** back out. If we back up over MATCHONE, MATCHCLASS, or MATCHNCLASS ** we must also back out the match in mvp. If we reach a ** MATCHANY or MATCHZANY we just extend the match and start ** over again. ** ** When we finally match, we rewrite the address vector ** and try over again. ** ** Parameters: ** pvp -- pointer to token vector. ** ruleset -- the ruleset to use for rewriting. ** reclevel -- recursion level (to catch loops). ** e -- the current envelope. ** ** Returns: ** A status code. If EX_TEMPFAIL, higher level code should ** attempt recovery. ** ** Side Effects: ** pvp is modified. */ struct match { char **match_first; /* first token matched */ char **match_last; /* last token matched */ char **match_pattern; /* pointer to pattern */ }; #define MAXMATCH 9 /* max params per rewrite */ int rewrite(pvp, ruleset, reclevel, e) char **pvp; int ruleset; int reclevel; register ENVELOPE *e; { register char *ap; /* address pointer */ register char *rp; /* rewrite pointer */ register char *rulename; /* ruleset name */ register char *prefix; register char **avp; /* address vector pointer */ register char **rvp; /* rewrite vector pointer */ register struct match *mlp; /* cur ptr into mlist */ register struct rewrite *rwr; /* pointer to current rewrite rule */ int ruleno; /* current rule number */ int rstat = EX_OK; /* return status */ int loopcount; struct match mlist[MAXMATCH]; /* stores match on LHS */ char *npvp[MAXATOM + 1]; /* temporary space for rebuild */ char buf[MAXLINE]; char name[6]; if (ruleset < 0 || ruleset >= MAXRWSETS) { syserr("554 5.3.5 rewrite: illegal ruleset number %d", ruleset); return EX_CONFIG; } rulename = RuleSetNames[ruleset]; if (rulename == NULL) { snprintf(name, sizeof name, "%d", ruleset); rulename = name; } if (OpMode == MD_TEST) prefix = ""; else prefix = "rewrite: ruleset "; if (OpMode == MD_TEST) { printf("%s%-16.16s input:", prefix, rulename); printav(pvp); } else if (tTd(21, 1)) { dprintf("%s%-16.16s input:", prefix, rulename); printav(pvp); } if (reclevel++ > MaxRuleRecursion) { syserr("rewrite: excessive recursion (max %d), ruleset %s", MaxRuleRecursion, rulename); return EX_CONFIG; } if (pvp == NULL) return EX_USAGE; /* ** Run through the list of rewrite rules, applying ** any that match. */ ruleno = 1; loopcount = 0; for (rwr = RewriteRules[ruleset]; rwr != NULL; ) { int status; /* if already canonical, quit now */ if (pvp[0] != NULL && (pvp[0][0] & 0377) == CANONNET) break; if (tTd(21, 12)) { if (tTd(21, 15)) dprintf("-----trying rule (line %d):", rwr->r_line); else dprintf("-----trying rule:"); printav(rwr->r_lhs); } /* try to match on this rule */ mlp = mlist; rvp = rwr->r_lhs; avp = pvp; if (++loopcount > 100) { syserr("554 5.3.5 Infinite loop in ruleset %s, rule %d", rulename, ruleno); if (tTd(21, 1)) { dprintf("workspace: "); printav(pvp); } break; } while ((ap = *avp) != NULL || *rvp != NULL) { rp = *rvp; if (tTd(21, 35)) { dprintf("ADVANCE rp="); xputs(rp); dprintf(", ap="); xputs(ap); dprintf("\n"); } if (rp == NULL) { /* end-of-pattern before end-of-address */ goto backup; } if (ap == NULL && (*rp & 0377) != MATCHZANY && (*rp & 0377) != MATCHZERO) { /* end-of-input with patterns left */ goto backup; } switch (*rp & 0377) { case MATCHCLASS: /* match any phrase in a class */ mlp->match_pattern = rvp; mlp->match_first = avp; extendclass: ap = *avp; if (ap == NULL) goto backup; mlp->match_last = avp++; cataddr(mlp->match_first, mlp->match_last, buf, sizeof buf, '\0'); if (!wordinclass(buf, rp[1])) { if (tTd(21, 36)) { dprintf("EXTEND rp="); xputs(rp); dprintf(", ap="); xputs(ap); dprintf("\n"); } goto extendclass; } if (tTd(21, 36)) dprintf("CLMATCH\n"); mlp++; break; case MATCHNCLASS: /* match any token not in a class */ if (wordinclass(ap, rp[1])) goto backup; /* FALLTHROUGH */ case MATCHONE: case MATCHANY: /* match exactly one token */ mlp->match_pattern = rvp; mlp->match_first = avp; mlp->match_last = avp++; mlp++; break; case MATCHZANY: /* match zero or more tokens */ mlp->match_pattern = rvp; mlp->match_first = avp; mlp->match_last = avp - 1; mlp++; break; case MATCHZERO: /* match zero tokens */ break; case MACRODEXPAND: /* ** Match against run-time macro. ** This algorithm is broken for the ** general case (no recursive macros, ** improper tokenization) but should ** work for the usual cases. */ ap = macvalue(rp[1], e); mlp->match_first = avp; if (tTd(21, 2)) dprintf("rewrite: LHS $&%s => \"%s\"\n", macname(rp[1]), ap == NULL ? "(NULL)" : ap); if (ap == NULL) break; while (*ap != '\0') { if (*avp == NULL || strncasecmp(ap, *avp, strlen(*avp)) != 0) { /* no match */ avp = mlp->match_first; goto backup; } ap += strlen(*avp++); } /* match */ break; default: /* must have exact match */ if (sm_strcasecmp(rp, ap)) goto backup; avp++; break; } /* successful match on this token */ rvp++; continue; backup: /* match failed -- back up */ while (--mlp >= mlist) { rvp = mlp->match_pattern; rp = *rvp; avp = mlp->match_last + 1; ap = *avp; if (tTd(21, 36)) { dprintf("BACKUP rp="); xputs(rp); dprintf(", ap="); xputs(ap); dprintf("\n"); } if (ap == NULL) { /* run off the end -- back up again */ continue; } if ((*rp & 0377) == MATCHANY || (*rp & 0377) == MATCHZANY) { /* extend binding and continue */ mlp->match_last = avp++; rvp++; mlp++; break; } if ((*rp & 0377) == MATCHCLASS) { /* extend binding and try again */ mlp->match_last = avp; goto extendclass; } } if (mlp < mlist) { /* total failure to match */ break; } } /* ** See if we successfully matched */ if (mlp < mlist || *rvp != NULL) { if (tTd(21, 10)) dprintf("----- rule fails\n"); rwr = rwr->r_next; ruleno++; loopcount = 0; continue; } rvp = rwr->r_rhs; if (tTd(21, 12)) { dprintf("-----rule matches:"); printav(rvp); } rp = *rvp; if (rp != NULL) { if ((*rp & 0377) == CANONUSER) { rvp++; rwr = rwr->r_next; ruleno++; loopcount = 0; } else if ((*rp & 0377) == CANONHOST) { rvp++; rwr = NULL; } } /* substitute */ for (avp = npvp; *rvp != NULL; rvp++) { register struct match *m; register char **pp; rp = *rvp; if ((*rp & 0377) == MATCHREPL) { /* substitute from LHS */ m = &mlist[rp[1] - '1']; if (m < mlist || m >= mlp) { syserr("554 5.3.5 rewrite: ruleset %s: replacement $%c out of bounds", rulename, rp[1]); return EX_CONFIG; } if (tTd(21, 15)) { dprintf("$%c:", rp[1]); pp = m->match_first; while (pp <= m->match_last) { dprintf(" %lx=\"", (u_long) *pp); (void) dflush(); dprintf("%s\"", *pp++); } dprintf("\n"); } pp = m->match_first; while (pp <= m->match_last) { if (avp >= &npvp[MAXATOM]) { syserr("554 5.3.0 rewrite: expansion too long"); return EX_DATAERR; } *avp++ = *pp++; } } else { /* some sort of replacement */ if (avp >= &npvp[MAXATOM]) { toolong: syserr("554 5.3.0 rewrite: expansion too long"); return EX_DATAERR; } if ((*rp & 0377) != MACRODEXPAND) { /* vanilla replacement */ *avp++ = rp; } else { /* $&x replacement */ char *mval = macvalue(rp[1], e); char **xpvp; int trsize = 0; static size_t pvpb1_size = 0; static char **pvpb1 = NULL; char pvpbuf[PSBUFSIZE]; if (tTd(21, 2)) dprintf("rewrite: RHS $&%s => \"%s\"\n", macname(rp[1]), mval == NULL ? "(NULL)" : mval); if (mval == NULL || *mval == '\0') continue; /* save the remainder of the input */ for (xpvp = pvp; *xpvp != NULL; xpvp++) trsize += sizeof *xpvp; if ((size_t) trsize > pvpb1_size) { if (pvpb1 != NULL) free(pvpb1); pvpb1 = (char **)xalloc(trsize); pvpb1_size = trsize; } memmove((char *) pvpb1, (char *) pvp, trsize); /* scan the new replacement */ xpvp = prescan(mval, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL); if (xpvp == NULL) { /* prescan pre-printed error */ return EX_DATAERR; } /* insert it into the output stream */ while (*xpvp != NULL) { if (tTd(21, 19)) dprintf(" ... %s\n", *xpvp); *avp++ = newstr(*xpvp); if (avp >= &npvp[MAXATOM]) goto toolong; xpvp++; } if (tTd(21, 19)) dprintf(" ... DONE\n"); /* restore the old trailing input */ memmove((char *) pvp, (char *) pvpb1, trsize); } } } *avp++ = NULL; /* ** Check for any hostname/keyword lookups. */ for (rvp = npvp; *rvp != NULL; rvp++) { char **hbrvp; char **xpvp; int trsize; char *replac; int endtoken; STAB *map; char *mapname; char **key_rvp; char **arg_rvp; char **default_rvp; char cbuf[MAXNAME + 1]; char *pvpb1[MAXATOM + 1]; char *argvect[10]; char pvpbuf[PSBUFSIZE]; char *nullpvp[1]; if ((**rvp & 0377) != HOSTBEGIN && (**rvp & 0377) != LOOKUPBEGIN) continue; /* ** Got a hostname/keyword lookup. ** ** This could be optimized fairly easily. */ hbrvp = rvp; if ((**rvp & 0377) == HOSTBEGIN) { endtoken = HOSTEND; mapname = "host"; } else { endtoken = LOOKUPEND; mapname = *++rvp; } map = stab(mapname, ST_MAP, ST_FIND); if (map == NULL) syserr("554 5.3.0 rewrite: map %s not found", mapname); /* extract the match part */ key_rvp = ++rvp; default_rvp = NULL; arg_rvp = argvect; xpvp = NULL; replac = pvpbuf; while (*rvp != NULL && (**rvp & 0377) != endtoken) { int nodetype = **rvp & 0377; if (nodetype != CANONHOST && nodetype != CANONUSER) { rvp++; continue; } *rvp++ = NULL; if (xpvp != NULL) { cataddr(xpvp, NULL, replac, &pvpbuf[sizeof pvpbuf] - replac, '\0'); *++arg_rvp = replac; replac += strlen(replac) + 1; xpvp = NULL; } switch (nodetype) { case CANONHOST: xpvp = rvp; break; case CANONUSER: default_rvp = rvp; break; } } if (*rvp != NULL) *rvp++ = NULL; if (xpvp != NULL) { cataddr(xpvp, NULL, replac, &pvpbuf[sizeof pvpbuf] - replac, '\0'); *++arg_rvp = replac; } *++arg_rvp = NULL; /* save the remainder of the input string */ trsize = (int) (avp - rvp + 1) * sizeof *rvp; memmove((char *) pvpb1, (char *) rvp, trsize); /* look it up */ cataddr(key_rvp, NULL, cbuf, sizeof cbuf, map == NULL ? '\0' : map->s_map.map_spacesub); argvect[0] = cbuf; replac = map_lookup(map, cbuf, argvect, &rstat, e); /* if no replacement, use default */ if (replac == NULL && default_rvp != NULL) { /* create the default */ cataddr(default_rvp, NULL, cbuf, sizeof cbuf, '\0'); replac = cbuf; } if (replac == NULL) { xpvp = key_rvp; } else if (*replac == '\0') { /* null replacement */ nullpvp[0] = NULL; xpvp = nullpvp; } else { /* scan the new replacement */ xpvp = prescan(replac, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL); if (xpvp == NULL) { /* prescan already printed error */ return EX_DATAERR; } } /* append it to the token list */ for (avp = hbrvp; *xpvp != NULL; xpvp++) { *avp++ = newstr(*xpvp); if (avp >= &npvp[MAXATOM]) goto toolong; } /* restore the old trailing information */ rvp = avp - 1; for (xpvp = pvpb1; (*avp++ = *xpvp++) != NULL; ) if (avp >= &npvp[MAXATOM]) goto toolong; } /* ** Check for subroutine calls. */ status = callsubr(npvp, reclevel, e); if (rstat == EX_OK || status == EX_TEMPFAIL) rstat = status; /* copy vector back into original space. */ for (avp = npvp; *avp++ != NULL;) continue; memmove((char *) pvp, (char *) npvp, (int) (avp - npvp) * sizeof *avp); if (tTd(21, 4)) { dprintf("rewritten as:"); printav(pvp); } } if (OpMode == MD_TEST) { printf("%s%-16.16s returns:", prefix, rulename); printav(pvp); } else if (tTd(21, 1)) { dprintf("%s%-16.16s returns:", prefix, rulename); printav(pvp); } return rstat; } /* ** CALLSUBR -- call subroutines in rewrite vector ** ** Parameters: ** pvp -- pointer to token vector. ** reclevel -- the current recursion level. ** e -- the current envelope. ** ** Returns: ** The status from the subroutine call. ** ** Side Effects: ** pvp is modified. */ static int callsubr(pvp, reclevel, e) char **pvp; int reclevel; ENVELOPE *e; { char **avp; char **rvp; register int i; int subr; int status; int rstat = EX_OK; char *tpvp[MAXATOM + 1]; for (avp = pvp; *avp != NULL; avp++) { if ((**avp & 0377) == CALLSUBR && avp[1] != NULL) { stripquotes(avp[1]); subr = strtorwset(avp[1], NULL, ST_FIND); if (subr < 0) { syserr("Unknown ruleset %s", avp[1]); return EX_CONFIG; } if (tTd(21, 3)) dprintf("-----callsubr %s (%d)\n", avp[1], subr); /* ** Take care of possible inner calls first. ** use a full size temporary buffer to avoid ** overflows in rewrite, but strip off the ** subroutine call. */ for (i = 2; avp[i] != NULL; i++) tpvp[i - 2] = avp[i]; tpvp[i - 2] = NULL; status = callsubr(tpvp, reclevel, e); if (rstat == EX_OK || status == EX_TEMPFAIL) rstat = status; /* ** Now we need to call the ruleset specified for ** the subroutine. we can do this with the ** temporary buffer that we set up earlier, ** since it has all the data we want to rewrite. */ status = rewrite(tpvp, subr, reclevel, e); if (rstat == EX_OK || status == EX_TEMPFAIL) rstat = status; /* ** Find length of tpvp and current offset into ** pvp, if the total is greater than MAXATOM, ** then it would overflow the buffer if we copied ** it back in to pvp, in which case we throw a ** fit. */ for (rvp = tpvp; *rvp != NULL; rvp++) continue; if (((rvp - tpvp) + (avp - pvp)) > MAXATOM) { syserr("554 5.3.0 callsubr: expansion too long"); return EX_DATAERR; } /* ** Now we can copy the rewritten code over ** the initial subroutine call in the buffer. */ for (i = 0; tpvp[i] != NULL; i++) avp[i] = tpvp[i]; avp[i] = NULL; /* ** If we got this far, we've processed the left ** most subroutine, and recursively called ourselves ** to handle any other subroutines. We're done. */ break; } } return rstat; } /* ** MAP_LOOKUP -- do lookup in map ** ** Parameters: ** map -- the map to use for the lookup. ** key -- the key to look up. ** argvect -- arguments to pass to the map lookup. ** pstat -- a pointer to an integer in which to store the ** status from the lookup. ** e -- the current envelope. ** ** Returns: ** The result of the lookup. ** NULL -- if there was no data for the given key. */ static char * map_lookup(smap, key, argvect, pstat, e) STAB *smap; char key[]; char **argvect; int *pstat; ENVELOPE *e; { auto int status = EX_OK; MAP *map; char *replac; if (smap == NULL) return NULL; map = &smap->s_map; DYNOPENMAP(map); if (e->e_sendmode == SM_DEFER && bitset(MF_DEFER, map->map_mflags)) { /* don't do any map lookups */ if (tTd(60, 1)) dprintf("map_lookup(%s, %s) => DEFERRED\n", smap->s_name, key); *pstat = EX_TEMPFAIL; return NULL; } if (!bitset(MF_KEEPQUOTES, map->map_mflags)) stripquotes(key); if (tTd(60, 1)) { dprintf("map_lookup(%s, %s", smap->s_name, key); if (tTd(60, 5)) { int i; for (i = 0; argvect[i] != NULL; i++) dprintf(", %%%d=%s", i, argvect[i]); } dprintf(") => "); } replac = (*map->map_class->map_lookup)(map, key, argvect, &status); if (tTd(60, 1)) dprintf("%s (%d)\n", replac != NULL ? replac : "NOT FOUND", status); /* should recover if status == EX_TEMPFAIL */ if (status == EX_TEMPFAIL && !bitset(MF_NODEFER, map->map_mflags)) { *pstat = EX_TEMPFAIL; if (tTd(60, 1)) dprintf("map_lookup(%s, %s) tempfail: errno=%d\n", smap->s_name, key, errno); if (e->e_message == NULL) { char mbuf[320]; snprintf(mbuf, sizeof mbuf, "%.80s map: lookup (%s): deferred", smap->s_name, shortenstring(key, MAXSHORTSTR)); e->e_message = newstr(mbuf); } } if (status == EX_TEMPFAIL && map->map_tapp != NULL) { size_t i = strlen(key) + strlen(map->map_tapp) + 1; static char *rwbuf = NULL; static size_t rwbuflen = 0; if (i > rwbuflen) { if (rwbuf != NULL) free(rwbuf); rwbuflen = i; rwbuf = (char *) xalloc(rwbuflen); } snprintf(rwbuf, rwbuflen, "%s%s", key, map->map_tapp); if (tTd(60, 4)) dprintf("map_lookup tempfail: returning \"%s\"\n", rwbuf); return rwbuf; } return replac; } /* ** INITERRMAILERS -- initialize error and discard mailers ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** initializes error and discard mailers. */ static MAILER discardmailer; static MAILER errormailer; static char *discardargv[] = { "DISCARD", NULL }; static char *errorargv[] = { "ERROR", NULL }; void initerrmailers() { if (discardmailer.m_name == NULL) { /* initialize the discard mailer */ discardmailer.m_name = "*discard*"; discardmailer.m_mailer = "DISCARD"; discardmailer.m_argv = discardargv; } if (errormailer.m_name == NULL) { /* initialize the bogus mailer */ errormailer.m_name = "*error*"; errormailer.m_mailer = "ERROR"; errormailer.m_argv = errorargv; } } /* ** BUILDADDR -- build address from token vector. ** ** Parameters: ** tv -- token vector. ** a -- pointer to address descriptor to fill. ** If NULL, one will be allocated. ** flags -- info regarding whether this is a sender or ** a recipient. ** e -- the current envelope. ** ** Returns: ** NULL if there was an error. ** 'a' otherwise. ** ** Side Effects: ** fills in 'a' */ static struct errcodes { char *ec_name; /* name of error code */ int ec_code; /* numeric code */ } ErrorCodes[] = { { "usage", EX_USAGE }, { "nouser", EX_NOUSER }, { "nohost", EX_NOHOST }, { "unavailable", EX_UNAVAILABLE }, { "software", EX_SOFTWARE }, { "tempfail", EX_TEMPFAIL }, { "protocol", EX_PROTOCOL }, #ifdef EX_CONFIG { "config", EX_CONFIG }, #endif /* EX_CONFIG */ { NULL, EX_UNAVAILABLE } }; static ADDRESS * buildaddr(tv, a, flags, e) register char **tv; register ADDRESS *a; int flags; register ENVELOPE *e; { struct mailer **mp; register struct mailer *m; register char *p; char *mname; char **hostp; char hbuf[MAXNAME + 1]; static char ubuf[MAXNAME + 2]; if (tTd(24, 5)) { dprintf("buildaddr, flags=%x, tv=", flags); printav(tv); } if (a == NULL) a = (ADDRESS *) xalloc(sizeof *a); memset((char *) a, '\0', sizeof *a); hbuf[0] = '\0'; /* set up default error return flags */ a->q_flags |= DefaultNotify; /* figure out what net/mailer to use */ if (*tv == NULL || (**tv & 0377) != CANONNET) { syserr("554 5.3.5 buildaddr: no mailer in parsed address"); badaddr: if (ExitStat == EX_TEMPFAIL) a->q_state = QS_QUEUEUP; else { a->q_state = QS_BADADDR; a->q_mailer = &errormailer; } return a; } mname = *++tv; /* extract host and user portions */ if (*++tv != NULL && (**tv & 0377) == CANONHOST) hostp = ++tv; else hostp = NULL; while (*tv != NULL && (**tv & 0377) != CANONUSER) tv++; if (*tv == NULL) { syserr("554 5.3.5 buildaddr: no user"); goto badaddr; } if (tv == hostp) hostp = NULL; else if (hostp != NULL) cataddr(hostp, tv - 1, hbuf, sizeof hbuf, '\0'); cataddr(++tv, NULL, ubuf, sizeof ubuf, ' '); /* save away the host name */ if (strcasecmp(mname, "error") == 0) { /* Set up triplet for use by -bv */ a->q_mailer = &errormailer; a->q_user = newstr(ubuf); if (hostp != NULL) { register struct errcodes *ep; a->q_host = newstr(hbuf); if (strchr(hbuf, '.') != NULL) { a->q_status = newstr(hbuf); setstat(dsntoexitstat(hbuf)); } else if (isascii(hbuf[0]) && isdigit(hbuf[0])) { setstat(atoi(hbuf)); } else { for (ep = ErrorCodes; ep->ec_name != NULL; ep++) if (strcasecmp(ep->ec_name, hbuf) == 0) break; setstat(ep->ec_code); } } else { a->q_host = NULL; setstat(EX_UNAVAILABLE); } stripquotes(ubuf); if (ISSMTPCODE(ubuf) && ubuf[3] == ' ') { char fmt[16]; int off; if ((off = isenhsc(ubuf + 4, ' ')) > 0) { ubuf[off + 4] = '\0'; off += 5; } else { off = 4; ubuf[3] = '\0'; } (void) snprintf(fmt, sizeof fmt, "%s %%s", ubuf); if (off > 4) usrerr(fmt, ubuf + off); else if (isenhsc(hbuf, '\0') > 0) usrerrenh(hbuf, fmt, ubuf + off); else usrerr(fmt, ubuf + off); /* XXX ubuf[off - 1] = ' '; */ } else { usrerr("553 5.3.0 %s", ubuf); } goto badaddr; } for (mp = Mailer; (m = *mp++) != NULL; ) { if (strcasecmp(m->m_name, mname) == 0) break; } if (m == NULL) { syserr("554 5.3.5 buildaddr: unknown mailer %s", mname); goto badaddr; } a->q_mailer = m; /* figure out what host (if any) */ if (hostp == NULL) { if (!bitnset(M_LOCALMAILER, m->m_flags)) { syserr("554 5.3.5 buildaddr: no host"); goto badaddr; } a->q_host = NULL; } else a->q_host = newstr(hbuf); /* figure out the user */ p = ubuf; if (bitnset(M_CHECKUDB, m->m_flags) && *p == '@') { p++; tv++; a->q_flags |= QNOTREMOTE; } /* do special mapping for local mailer */ if (*p == '"') p++; if (*p == '|' && bitnset(M_CHECKPROG, m->m_flags)) a->q_mailer = m = ProgMailer; else if (*p == '/' && bitnset(M_CHECKFILE, m->m_flags)) a->q_mailer = m = FileMailer; else if (*p == ':' && bitnset(M_CHECKINCLUDE, m->m_flags)) { /* may be :include: */ stripquotes(ubuf); if (strncasecmp(ubuf, ":include:", 9) == 0) { /* if :include:, don't need further rewriting */ a->q_mailer = m = InclMailer; a->q_user = newstr(&ubuf[9]); return a; } } /* rewrite according recipient mailer rewriting rules */ define('h', a->q_host, e); #if _FFR_ADDR_TYPE /* ** Note, change the 9 to a 10 before removing #if FFR check ** in a future version. */ if (ConfigLevel >= 9 || !bitset(RF_SENDERADDR|RF_HEADERADDR, flags)) #else /* _FFR_ADDR_TYPE */ if (!bitset(RF_SENDERADDR|RF_HEADERADDR, flags)) #endif /* _FFR_ADDR_TYPE */ { /* sender addresses done later */ (void) rewrite(tv, 2, 0, e); if (m->m_re_rwset > 0) (void) rewrite(tv, m->m_re_rwset, 0, e); } (void) rewrite(tv, 4, 0, e); /* save the result for the command line/RCPT argument */ cataddr(tv, NULL, ubuf, sizeof ubuf, '\0'); a->q_user = newstr(ubuf); /* ** Do mapping to lower case as requested by mailer */ if (a->q_host != NULL && !bitnset(M_HST_UPPER, m->m_flags)) makelower(a->q_host); if (!bitnset(M_USR_UPPER, m->m_flags)) makelower(a->q_user); if (tTd(24, 6)) { dprintf("buildaddr => "); printaddr(a, FALSE); } return a; } /* ** CATADDR -- concatenate pieces of addresses (putting in subs) ** ** Parameters: ** pvp -- parameter vector to rebuild. ** evp -- last parameter to include. Can be NULL to ** use entire pvp. ** buf -- buffer to build the string into. ** sz -- size of buf. ** spacesub -- the space separator character; if null, ** use SpaceSub. ** ** Returns: ** none. ** ** Side Effects: ** Destroys buf. */ void cataddr(pvp, evp, buf, sz, spacesub) char **pvp; char **evp; char *buf; register int sz; int spacesub; { bool oatomtok = FALSE; bool natomtok = FALSE; register int i; register char *p; if (sz <= 0) return; if (spacesub == '\0') spacesub = SpaceSub; if (pvp == NULL) { *buf = '\0'; return; } p = buf; sz -= 2; while (*pvp != NULL && (i = strlen(*pvp)) < sz - 1) { natomtok = (TokTypeTab[**pvp & 0xff] == ATM); if (oatomtok && natomtok) { *p++ = spacesub; --sz; } (void) strlcpy(p, *pvp, sz); oatomtok = natomtok; p += i; sz -= i; if (pvp++ == evp) break; } *p = '\0'; } /* ** SAMEADDR -- Determine if two addresses are the same ** ** This is not just a straight comparison -- if the mailer doesn't ** care about the host we just ignore it, etc. ** ** Parameters: ** a, b -- pointers to the internal forms to compare. ** ** Returns: ** TRUE -- they represent the same mailbox. ** FALSE -- they don't. ** ** Side Effects: ** none. */ bool sameaddr(a, b) register ADDRESS *a; register ADDRESS *b; { register ADDRESS *ca, *cb; /* if they don't have the same mailer, forget it */ if (a->q_mailer != b->q_mailer) return FALSE; /* if the user isn't the same, we can drop out */ if (strcmp(a->q_user, b->q_user) != 0) return FALSE; /* if we have good uids for both but they differ, these are different */ if (a->q_mailer == ProgMailer) { ca = getctladdr(a); cb = getctladdr(b); if (ca != NULL && cb != NULL && bitset(QGOODUID, ca->q_flags & cb->q_flags) && ca->q_uid != cb->q_uid) return FALSE; } /* otherwise compare hosts (but be careful for NULL ptrs) */ if (a->q_host == b->q_host) { /* probably both null pointers */ return TRUE; } if (a->q_host == NULL || b->q_host == NULL) { /* only one is a null pointer */ return FALSE; } if (strcmp(a->q_host, b->q_host) != 0) return FALSE; return TRUE; } /* ** PRINTADDR -- print address (for debugging) ** ** Parameters: ** a -- the address to print ** follow -- follow the q_next chain. ** ** Returns: ** none. ** ** Side Effects: ** none. */ struct qflags { char *qf_name; u_long qf_bit; }; static struct qflags AddressFlags[] = { { "QGOODUID", QGOODUID }, { "QPRIMARY", QPRIMARY }, { "QNOTREMOTE", QNOTREMOTE }, { "QSELFREF", QSELFREF }, { "QBOGUSSHELL", QBOGUSSHELL }, { "QUNSAFEADDR", QUNSAFEADDR }, { "QPINGONSUCCESS", QPINGONSUCCESS }, { "QPINGONFAILURE", QPINGONFAILURE }, { "QPINGONDELAY", QPINGONDELAY }, { "QHASNOTIFY", QHASNOTIFY }, { "QRELAYED", QRELAYED }, { "QEXPANDED", QEXPANDED }, { "QDELIVERED", QDELIVERED }, { "QDELAYED", QDELAYED }, { "QTHISPASS", QTHISPASS }, { "QRCPTOK", QRCPTOK }, - { NULL } + { NULL, 0 } }; void printaddr(a, follow) register ADDRESS *a; bool follow; { register MAILER *m; MAILER pseudomailer; register struct qflags *qfp; bool firstone; if (a == NULL) { printf("[NULL]\n"); return; } while (a != NULL) { printf("%lx=", (u_long) a); (void) fflush(stdout); /* find the mailer -- carefully */ m = a->q_mailer; if (m == NULL) { m = &pseudomailer; m->m_mno = -1; m->m_name = "NULL"; } printf("%s:\n\tmailer %d (%s), host `%s'\n", a->q_paddr == NULL ? "" : a->q_paddr, m->m_mno, m->m_name, a->q_host == NULL ? "" : a->q_host); printf("\tuser `%s', ruser `%s'\n", a->q_user, a->q_ruser == NULL ? "" : a->q_ruser); printf("\tstate="); switch (a->q_state) { case QS_OK: printf("OK"); break; case QS_DONTSEND: printf("DONTSEND"); break; case QS_BADADDR: printf("BADADDR"); break; case QS_QUEUEUP: printf("QUEUEUP"); break; case QS_SENT: printf("SENT"); break; case QS_VERIFIED: printf("VERIFIED"); break; case QS_EXPANDED: printf("EXPANDED"); break; case QS_SENDER: printf("SENDER"); break; case QS_CLONED: printf("CLONED"); break; case QS_DISCARDED: printf("DISCARDED"); break; case QS_REPLACED: printf("REPLACED"); break; case QS_REMOVED: printf("REMOVED"); break; case QS_DUPLICATE: printf("DUPLICATE"); break; case QS_INCLUDED: printf("INCLUDED"); break; default: printf("%d", a->q_state); break; } printf(", next=%lx, alias %lx, uid %d, gid %d\n", (u_long) a->q_next, (u_long) a->q_alias, (int) a->q_uid, (int) a->q_gid); printf("\tflags=%lx<", a->q_flags); firstone = TRUE; for (qfp = AddressFlags; qfp->qf_name != NULL; qfp++) { if (!bitset(qfp->qf_bit, a->q_flags)) continue; if (!firstone) printf(","); firstone = FALSE; printf("%s", qfp->qf_name); } printf(">\n"); printf("\towner=%s, home=\"%s\", fullname=\"%s\"\n", a->q_owner == NULL ? "(none)" : a->q_owner, a->q_home == NULL ? "(none)" : a->q_home, a->q_fullname == NULL ? "(none)" : a->q_fullname); printf("\torcpt=\"%s\", statmta=%s, status=%s\n", a->q_orcpt == NULL ? "(none)" : a->q_orcpt, a->q_statmta == NULL ? "(none)" : a->q_statmta, a->q_status == NULL ? "(none)" : a->q_status); printf("\trstatus=\"%s\"\n", a->q_rstatus == NULL ? "(none)" : a->q_rstatus); printf("\tspecificity=%d, statdate=%s\n", a->q_specificity, a->q_statdate == 0 ? "(none)" : ctime(&a->q_statdate)); if (!follow) return; a = a->q_next; } } /* ** EMPTYADDR -- return TRUE if this address is empty (``<>'') ** ** Parameters: ** a -- pointer to the address ** ** Returns: ** TRUE -- if this address is "empty" (i.e., no one should ** ever generate replies to it. ** FALSE -- if it is a "regular" (read: replyable) address. */ bool emptyaddr(a) register ADDRESS *a; { return a->q_paddr == NULL || strcmp(a->q_paddr, "<>") == 0 || a->q_user == NULL || strcmp(a->q_user, "<>") == 0; } /* ** REMOTENAME -- return the name relative to the current mailer ** ** Parameters: ** name -- the name to translate. ** m -- the mailer that we want to do rewriting relative ** to. ** flags -- fine tune operations. ** pstat -- pointer to status word. ** e -- the current envelope. ** ** Returns: ** the text string representing this address relative to ** the receiving mailer. ** ** Side Effects: ** none. ** ** Warnings: ** The text string returned is tucked away locally; ** copy it if you intend to save it. */ char * remotename(name, m, flags, pstat, e) char *name; struct mailer *m; int flags; int *pstat; register ENVELOPE *e; { register char **pvp; char *fancy; char *oldg = macvalue('g', e); int rwset; static char buf[MAXNAME + 1]; char lbuf[MAXNAME + 1]; char pvpbuf[PSBUFSIZE]; #if _FFR_ADDR_TYPE char addrtype[4]; #endif /* _FFR_ADDR_TYPE */ if (tTd(12, 1)) dprintf("remotename(%s)\n", name); /* don't do anything if we are tagging it as special */ if (bitset(RF_SENDERADDR, flags)) { rwset = bitset(RF_HEADERADDR, flags) ? m->m_sh_rwset : m->m_se_rwset; #if _FFR_ADDR_TYPE addrtype[2] = 's'; #endif /* _FFR_ADDR_TYPE */ } else { rwset = bitset(RF_HEADERADDR, flags) ? m->m_rh_rwset : m->m_re_rwset; #if _FFR_ADDR_TYPE addrtype[2] = 'r'; #endif /* _FFR_ADDR_TYPE */ } if (rwset < 0) return name; #if _FFR_ADDR_TYPE addrtype[1] = ' '; addrtype[3] = '\0'; addrtype[0] = bitset(RF_HEADERADDR, flags) ? 'h' : 'e'; define(macid("{addr_type}", NULL), addrtype, e); #endif /* _FFR_ADDR_TYPE */ /* ** Do a heuristic crack of this name to extract any comment info. ** This will leave the name as a comment and a $g macro. */ if (bitset(RF_CANONICAL, flags) || bitnset(M_NOCOMMENT, m->m_flags)) fancy = "\201g"; else fancy = crackaddr(name); /* ** Turn the name into canonical form. ** Normally this will be RFC 822 style, i.e., "user@domain". ** If this only resolves to "user", and the "C" flag is ** specified in the sending mailer, then the sender's ** domain will be appended. */ pvp = prescan(name, '\0', pvpbuf, sizeof pvpbuf, NULL, NULL); if (pvp == NULL) return name; if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; if (bitset(RF_ADDDOMAIN, flags) && e->e_fromdomain != NULL) { /* append from domain to this address */ register char **pxp = pvp; int l = MAXATOM; /* size of buffer for pvp */ /* see if there is an "@domain" in the current name */ while (*pxp != NULL && strcmp(*pxp, "@") != 0) { pxp++; --l; } if (*pxp == NULL) { /* no.... append the "@domain" from the sender */ register char **qxq = e->e_fromdomain; while ((*pxp++ = *qxq++) != NULL) { if (--l <= 0) { *--pxp = NULL; usrerr("553 5.1.0 remotename: too many tokens"); *pstat = EX_UNAVAILABLE; break; } } if (rewrite(pvp, 3, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; } } /* ** Do more specific rewriting. ** Rewrite using ruleset 1 or 2 depending on whether this is ** a sender address or not. ** Then run it through any receiving-mailer-specific rulesets. */ if (bitset(RF_SENDERADDR, flags)) { if (rewrite(pvp, 1, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; } else { if (rewrite(pvp, 2, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; } if (rwset > 0) { if (rewrite(pvp, rwset, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; } /* ** Do any final sanitation the address may require. ** This will normally be used to turn internal forms ** (e.g., user@host.LOCAL) into external form. This ** may be used as a default to the above rules. */ if (rewrite(pvp, 4, 0, e) == EX_TEMPFAIL) *pstat = EX_TEMPFAIL; /* ** Now restore the comment information we had at the beginning. */ cataddr(pvp, NULL, lbuf, sizeof lbuf, '\0'); define('g', lbuf, e); /* need to make sure route-addrs have */ if (bitset(RF_CANONICAL, flags) && lbuf[0] == '@') expand("<\201g>", buf, sizeof buf, e); else expand(fancy, buf, sizeof buf, e); define('g', oldg, e); if (tTd(12, 1)) dprintf("remotename => `%s'\n", buf); return buf; } /* ** MAPLOCALUSER -- run local username through ruleset 5 for final redirection ** ** Parameters: ** a -- the address to map (but just the user name part). ** sendq -- the sendq in which to install any replacement ** addresses. ** aliaslevel -- the alias nesting depth. ** e -- the envelope. ** ** Returns: ** none. */ #define Q_COPYFLAGS (QPRIMARY|QBOGUSSHELL|QUNSAFEADDR|\ Q_PINGFLAGS|QHASNOTIFY|\ QRELAYED|QEXPANDED|QDELIVERED|QDELAYED) void maplocaluser(a, sendq, aliaslevel, e) register ADDRESS *a; ADDRESS **sendq; int aliaslevel; ENVELOPE *e; { register char **pvp; register ADDRESS *a1 = NULL; auto char *delimptr; char pvpbuf[PSBUFSIZE]; if (tTd(29, 1)) { dprintf("maplocaluser: "); printaddr(a, FALSE); } pvp = prescan(a->q_user, '\0', pvpbuf, sizeof pvpbuf, &delimptr, NULL); if (pvp == NULL) { if (tTd(29, 9)) dprintf("maplocaluser: cannot prescan %s\n", a->q_user); return; } define('h', a->q_host, e); define('u', a->q_user, e); define('z', a->q_home, e); #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), "e r", e); #endif /* _FFR_ADDR_TYPE */ if (rewrite(pvp, 5, 0, e) == EX_TEMPFAIL) { if (tTd(29, 9)) dprintf("maplocaluser: rewrite tempfail\n"); a->q_state = QS_QUEUEUP; a->q_status = "4.4.3"; return; } if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET) { if (tTd(29, 9)) dprintf("maplocaluser: doesn't resolve\n"); return; } /* if non-null, mailer destination specified -- has it changed? */ a1 = buildaddr(pvp, NULL, 0, e); if (a1 == NULL || sameaddr(a, a1)) { if (tTd(29, 9)) dprintf("maplocaluser: address unchanged\n"); if (a1 != NULL) free(a1); return; } /* make new address take on flags and print attributes of old */ a1->q_flags &= ~Q_COPYFLAGS; a1->q_flags |= a->q_flags & Q_COPYFLAGS; a1->q_paddr = newstr(a->q_paddr); a1->q_orcpt = a->q_orcpt; /* mark old address as dead; insert new address */ a->q_state = QS_REPLACED; if (tTd(29, 5)) { dprintf("maplocaluser: QS_REPLACED "); printaddr(a, FALSE); } a1->q_alias = a; allocaddr(a1, RF_COPYALL, newstr(a->q_paddr)); (void) recipient(a1, sendq, aliaslevel, e); } /* ** DEQUOTE_INIT -- initialize dequote map ** ** This is a no-op. ** ** Parameters: ** map -- the internal map structure. ** args -- arguments. ** ** Returns: ** TRUE. */ bool dequote_init(map, args) MAP *map; char *args; { register char *p = args; /* there is no check whether there is really an argument */ map->map_mflags |= MF_KEEPQUOTES; for (;;) { while (isascii(*p) && isspace(*p)) p++; if (*p != '-') break; switch (*++p) { case 'a': map->map_app = ++p; break; case 'D': map->map_mflags |= MF_DEFER; break; case 'S': case 's': map->map_spacesub = *++p; break; } while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p = '\0'; } if (map->map_app != NULL) map->map_app = newstr(map->map_app); return TRUE; } /* ** DEQUOTE_MAP -- unquote an address ** ** Parameters: ** map -- the internal map structure (ignored). ** name -- the name to dequote. ** av -- arguments (ignored). ** statp -- pointer to status out-parameter. ** ** Returns: ** NULL -- if there were no quotes, or if the resulting ** unquoted buffer would not be acceptable to prescan. ** else -- The dequoted buffer. */ /* ARGSUSED2 */ char * dequote_map(map, name, av, statp) MAP *map; char *name; char **av; int *statp; { register char *p; register char *q; register char c; int anglecnt = 0; int cmntcnt = 0; int quotecnt = 0; int spacecnt = 0; bool quotemode = FALSE; bool bslashmode = FALSE; char spacesub = map->map_spacesub; for (p = q = name; (c = *p++) != '\0'; ) { if (bslashmode) { bslashmode = FALSE; *q++ = c; continue; } if (c == ' ' && spacesub != '\0') c = spacesub; switch (c) { case '\\': bslashmode = TRUE; break; case '(': cmntcnt++; break; case ')': if (cmntcnt-- <= 0) return NULL; break; case ' ': case '\t': spacecnt++; break; } if (cmntcnt > 0) { *q++ = c; continue; } switch (c) { case '"': quotemode = !quotemode; quotecnt++; continue; case '<': anglecnt++; break; case '>': if (anglecnt-- <= 0) return NULL; break; } *q++ = c; } if (anglecnt != 0 || cmntcnt != 0 || bslashmode || quotemode || quotecnt <= 0 || spacecnt != 0) return NULL; *q++ = '\0'; return map_rewrite(map, name, strlen(name), NULL); } /* ** RSCHECK -- check string(s) for validity using rewriting sets ** ** Parameters: ** rwset -- the rewriting set to use. ** p1 -- the first string to check. ** p2 -- the second string to check -- may be null. ** e -- the current envelope. ** rmcomm -- remove comments? ** cnt -- count rejections (statistics)? ** logl -- logging level +** host -- NULL or relay host. ** ** Returns: ** EX_OK -- if the rwset doesn't resolve to $#error ** else -- the failure status (message printed) */ int -rscheck(rwset, p1, p2, e, rmcomm, cnt, logl) +rscheck(rwset, p1, p2, e, rmcomm, cnt, logl, host) char *rwset; char *p1; char *p2; ENVELOPE *e; bool rmcomm, cnt; int logl; + char *host; { char *buf; int bufsize; int saveexitstat; int rstat = EX_OK; char **pvp; int rsno; bool discard = FALSE; auto ADDRESS a1; bool saveQuickAbort = QuickAbort; bool saveSuprErrs = SuprErrs; char buf0[MAXLINE]; char pvpbuf[PSBUFSIZE]; extern char MsgBuf[]; if (tTd(48, 2)) dprintf("rscheck(%s, %s, %s)\n", rwset, p1, p2 == NULL ? "(NULL)" : p2); rsno = strtorwset(rwset, NULL, ST_FIND); if (rsno < 0) return EX_OK; if (p2 != NULL) { bufsize = strlen(p1) + strlen(p2) + 2; if (bufsize > sizeof buf0) buf = xalloc(bufsize); else { buf = buf0; bufsize = sizeof buf0; } (void) snprintf(buf, bufsize, "%s%c%s", p1, CONDELSE, p2); } else { bufsize = strlen(p1) + 1; if (bufsize > sizeof buf0) buf = xalloc(bufsize); else { buf = buf0; bufsize = sizeof buf0; } (void) snprintf(buf, bufsize, "%s", p1); } SuprErrs = TRUE; QuickAbort = FALSE; pvp = prescan(buf, '\0', pvpbuf, sizeof pvpbuf, NULL, rmcomm ? NULL : TokTypeNoC); SuprErrs = saveSuprErrs; if (pvp == NULL) { if (tTd(48, 2)) dprintf("rscheck: cannot prescan input\n"); /* syserr("rscheck: cannot prescan input: \"%s\"", shortenstring(buf, MAXSHORTSTR)); rstat = EX_DATAERR; */ goto finis; } MapOpenErr = FALSE; (void) rewrite(pvp, rsno, 0, e); if (MapOpenErr) usrerrenh("4.3.0", "451 Temporary failure"); if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET || pvp[1] == NULL || (strcmp(pvp[1], "error") != 0 && strcmp(pvp[1], "discard") != 0)) { goto finis; } if (strcmp(pvp[1], "discard") == 0) { if (tTd(48, 2)) dprintf("rscheck: discard mailer selected\n"); e->e_flags |= EF_DISCARD; discard = TRUE; } else { int savelogusrerrs = LogUsrErrs; static bool logged = FALSE; /* got an error -- process it */ saveexitstat = ExitStat; LogUsrErrs = FALSE; (void) buildaddr(pvp, &a1, 0, e); LogUsrErrs = savelogusrerrs; rstat = ExitStat; ExitStat = saveexitstat; if (!logged) { if (cnt) markstats(e, &a1, TRUE); logged = TRUE; } } if (LogLevel >= logl) { char *relay; char *p; char lbuf[MAXLINE]; p = lbuf; if (p2 != NULL) { snprintf(p, SPACELEFT(lbuf, p), ", arg2=%s", p2); p += strlen(p); } - if ((relay = macvalue('_', e)) != NULL) + + if (host != NULL) + relay = host; + else + relay = macvalue('_', e); + if (relay != NULL) { snprintf(p, SPACELEFT(lbuf, p), ", relay=%s", relay); p += strlen(p); } *p = '\0'; if (discard) sm_syslog(LOG_NOTICE, e->e_id, "ruleset=%s, arg1=%s%s, discard", rwset, p1, lbuf); else sm_syslog(LOG_NOTICE, e->e_id, "ruleset=%s, arg1=%s%s, reject=%s", rwset, p1, lbuf, MsgBuf); } finis: /* clean up */ QuickAbort = saveQuickAbort; setstat(rstat); if (buf != buf0) free(buf); if (rstat != EX_OK && QuickAbort) longjmp(TopFrame, 2); return rstat; } Index: stable/4/contrib/sendmail/src/queue.c =================================================================== --- stable/4/contrib/sendmail/src/queue.c (revision 71887) +++ stable/4/contrib/sendmail/src/queue.c (revision 71888) @@ -1,3376 +1,3396 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #ifndef lint # if QUEUE -static char id[] = "@(#)$Id: queue.c,v 8.343.4.17 2000/09/15 03:34:51 gshapiro Exp $ (with queueing)"; +static char id[] = "@(#)$Id: queue.c,v 8.343.4.38 2000/12/08 14:33:02 ca Exp $ (with queueing)"; # else /* QUEUE */ -static char id[] = "@(#)$Id: queue.c,v 8.343.4.17 2000/09/15 03:34:51 gshapiro Exp $ (without queueing)"; +static char id[] = "@(#)$Id: queue.c,v 8.343.4.38 2000/12/08 14:33:02 ca Exp $ (without queueing)"; # endif /* QUEUE */ #endif /* ! lint */ # include #if QUEUE # if _FFR_QUEUEDELAY # define QF_VERSION 5 /* version number of this queue format */ static time_t queuedelay __P((ENVELOPE *)); # else /* _FFR_QUEUEDELAY */ # define QF_VERSION 4 /* version number of this queue format */ # define queuedelay(e) MinQueueAge # endif /* _FFR_QUEUEDELAY */ /* ** Work queue. */ struct work { char *w_name; /* name of control file */ char *w_host; /* name of recipient host */ bool w_lock; /* is message locked? */ bool w_tooyoung; /* is it too young to run? */ long w_pri; /* priority of message, see below */ time_t w_ctime; /* creation time of message */ struct work *w_next; /* next in queue */ }; typedef struct work WORK; static WORK *WorkQ; /* queue of things to be done */ static void grow_wlist __P((int)); static int orderq __P((int, bool)); static void printctladdr __P((ADDRESS *, FILE *)); static int print_single_queue __P((int)); static bool readqf __P((ENVELOPE *)); static void runqueueevent __P((void)); static int run_single_queue __P((int, bool, bool)); static char *strrev __P((char *)); static ADDRESS *setctluser __P((char *, int)); static int workcmpf0(); static int workcmpf1(); static int workcmpf2(); static int workcmpf3(); static int workcmpf4(); /* ** QUEUEUP -- queue a message up for future transmission. ** ** Parameters: ** e -- the envelope to queue up. ** announce -- if TRUE, tell when you are queueing up. ** ** Returns: ** none. ** ** Side Effects: ** The current request are saved in a control file. ** The queue file is left locked. */ # define TEMPQF_LETTER 'T' +# define LOSEQF_LETTER 'Q' void queueup(e, announce) register ENVELOPE *e; bool announce; { char *qf; register FILE *tfp; register HDR *h; register ADDRESS *q; int tfd = -1; int i; bool newid; register char *p; MAILER nullmailer; MCI mcibuf; char tf[MAXPATHLEN]; char buf[MAXLINE]; /* ** Create control file. */ newid = (e->e_id == NULL) || !bitset(EF_INQUEUE, e->e_flags); /* if newid, queuename will create a locked qf file in e->lockfp */ (void) strlcpy(tf, queuename(e, 't'), sizeof tf); tfp = e->e_lockfp; if (tfp == NULL) newid = FALSE; /* if newid, just write the qf file directly (instead of tf file) */ if (!newid) { int flags; flags = O_CREAT|O_WRONLY|O_EXCL; /* get a locked tf file */ for (i = 0; i < 128; i++) { if (tfd < 0) { #if _FFR_QUEUE_FILE_MODE MODE_T oldumask; if (bitset(S_IWGRP, QueueFileMode)) oldumask = umask(002); tfd = open(tf, flags, QueueFileMode); if (bitset(S_IWGRP, QueueFileMode)) (void) umask(oldumask); #else /* _FFR_QUEUE_FILE_MODE */ tfd = open(tf, flags, FileMode); #endif /* _FFR_QUEUE_FILE_MODE */ if (tfd < 0) { if (errno != EEXIST) break; if (LogLevel > 0 && (i % 32) == 0) sm_syslog(LOG_ALERT, e->e_id, "queueup: cannot create %s, uid=%d: %s", tf, geteuid(), errstring(errno)); } } if (tfd >= 0) { if (lockfile(tfd, tf, NULL, LOCK_EX|LOCK_NB)) break; else if (LogLevel > 0 && (i % 32) == 0) sm_syslog(LOG_ALERT, e->e_id, "queueup: cannot lock %s: %s", tf, errstring(errno)); if ((i % 32) == 31) { (void) close(tfd); tfd = -1; } } if ((i % 32) == 31) { /* save the old temp file away */ (void) rename(tf, queuename(e, TEMPQF_LETTER)); } else (void) sleep(i % 32); } if (tfd < 0 || (tfp = fdopen(tfd, "w")) == NULL) { int save_errno = errno; printopenfds(TRUE); errno = save_errno; syserr("!queueup: cannot create queue temp file %s, uid=%d", tf, geteuid()); } } if (tTd(40, 1)) dprintf("\n>>>>> queueing %s/qf%s%s >>>>>\n", qid_printqueue(e->e_queuedir), e->e_id, newid ? " (new id)" : ""); if (tTd(40, 3)) { dprintf(" e_flags="); printenvflags(e); } if (tTd(40, 32)) { dprintf(" sendq="); printaddr(e->e_sendqueue, TRUE); } if (tTd(40, 9)) { dprintf(" tfp="); dumpfd(fileno(tfp), TRUE, FALSE); dprintf(" lockfp="); if (e->e_lockfp == NULL) dprintf("NULL\n"); else dumpfd(fileno(e->e_lockfp), TRUE, FALSE); } /* ** If there is no data file yet, create one. */ if (bitset(EF_HAS_DF, e->e_flags)) { if (e->e_dfp != NULL && bfcommit(e->e_dfp) < 0) syserr("!queueup: cannot commit data file %s, uid=%d", queuename(e, 'd'), geteuid()); } else { int dfd; register FILE *dfp = NULL; char dfname[MAXPATHLEN]; struct stat stbuf; if (e->e_dfp != NULL && bftest(e->e_dfp)) syserr("committing over bf file"); (void) strlcpy(dfname, queuename(e, 'd'), sizeof dfname); #if _FFR_QUEUE_FILE_MODE { MODE_T oldumask; if (bitset(S_IWGRP, QueueFileMode)) oldumask = umask(002); dfd = open(dfname, O_WRONLY|O_CREAT|O_TRUNC, QueueFileMode); if (bitset(S_IWGRP, QueueFileMode)) (void) umask(oldumask); } #else /* _FFR_QUEUE_FILE_MODE */ dfd = open(dfname, O_WRONLY|O_CREAT|O_TRUNC, FileMode); #endif /* _FFR_QUEUE_FILE_MODE */ if (dfd < 0 || (dfp = fdopen(dfd, "w")) == NULL) syserr("!queueup: cannot create data temp file %s, uid=%d", dfname, geteuid()); if (fstat(dfd, &stbuf) < 0) e->e_dfino = -1; else { e->e_dfdev = stbuf.st_dev; e->e_dfino = stbuf.st_ino; } e->e_flags |= EF_HAS_DF; memset(&mcibuf, '\0', sizeof mcibuf); mcibuf.mci_out = dfp; mcibuf.mci_mailer = FileMailer; (*e->e_putbody)(&mcibuf, e, NULL); if (fclose(dfp) < 0) syserr("!queueup: cannot save data temp file %s, uid=%d", dfname, geteuid()); e->e_putbody = putbody; } /* ** Output future work requests. ** Priority and creation time should be first, since ** they are required by orderq. */ /* output queue version number (must be first!) */ fprintf(tfp, "V%d\n", QF_VERSION); /* output creation time */ fprintf(tfp, "T%ld\n", (long) e->e_ctime); /* output last delivery time */ # if _FFR_QUEUEDELAY fprintf(tfp, "K%ld\n", (long) e->e_dtime); fprintf(tfp, "G%d\n", e->e_queuealg); fprintf(tfp, "Y%ld\n", (long) e->e_queuedelay); if (tTd(40, 64)) sm_syslog(LOG_INFO, e->e_id, "queue alg: %d delay %ld next: %ld (now: %ld)\n", e->e_queuealg, e->e_queuedelay, e->e_dtime, curtime()); # else /* _FFR_QUEUEDELAY */ fprintf(tfp, "K%ld\n", (long) e->e_dtime); # endif /* _FFR_QUEUEDELAY */ /* output number of delivery attempts */ fprintf(tfp, "N%d\n", e->e_ntries); /* output message priority */ fprintf(tfp, "P%ld\n", e->e_msgpriority); /* output inode number of data file */ /* XXX should probably include device major/minor too */ if (e->e_dfino != -1) { /*CONSTCOND*/ if (sizeof e->e_dfino > sizeof(long)) fprintf(tfp, "I%ld/%ld/%s\n", (long) major(e->e_dfdev), (long) minor(e->e_dfdev), quad_to_string(e->e_dfino)); else fprintf(tfp, "I%ld/%ld/%lu\n", (long) major(e->e_dfdev), (long) minor(e->e_dfdev), (unsigned long) e->e_dfino); } /* output body type */ if (e->e_bodytype != NULL) fprintf(tfp, "B%s\n", denlstring(e->e_bodytype, TRUE, FALSE)); # if _FFR_SAVE_CHARSET if (e->e_charset != NULL) fprintf(tfp, "X%s\n", denlstring(e->e_charset, TRUE, FALSE)); # endif /* _FFR_SAVE_CHARSET */ /* message from envelope, if it exists */ if (e->e_message != NULL) fprintf(tfp, "M%s\n", denlstring(e->e_message, TRUE, FALSE)); /* send various flag bits through */ p = buf; if (bitset(EF_WARNING, e->e_flags)) *p++ = 'w'; if (bitset(EF_RESPONSE, e->e_flags)) *p++ = 'r'; if (bitset(EF_HAS8BIT, e->e_flags)) *p++ = '8'; if (bitset(EF_DELETE_BCC, e->e_flags)) *p++ = 'b'; if (bitset(EF_RET_PARAM, e->e_flags)) *p++ = 'd'; if (bitset(EF_NO_BODY_RETN, e->e_flags)) *p++ = 'n'; *p++ = '\0'; if (buf[0] != '\0') fprintf(tfp, "F%s\n", buf); /* save $={persistentMacros} macro values */ queueup_macros(macid("{persistentMacros}", NULL), tfp, e); /* output name of sender */ if (bitnset(M_UDBENVELOPE, e->e_from.q_mailer->m_flags)) p = e->e_sender; else p = e->e_from.q_paddr; fprintf(tfp, "S%s\n", denlstring(p, TRUE, FALSE)); /* output ESMTP-supplied "original" information */ if (e->e_envid != NULL) fprintf(tfp, "Z%s\n", denlstring(e->e_envid, TRUE, FALSE)); /* output AUTH= parameter */ if (e->e_auth_param != NULL) fprintf(tfp, "A%s\n", denlstring(e->e_auth_param, TRUE, FALSE)); /* output list of recipient addresses */ printctladdr(NULL, NULL); for (q = e->e_sendqueue; q != NULL; q = q->q_next) { if (!QS_IS_UNDELIVERED(q->q_state)) continue; printctladdr(q, tfp); if (q->q_orcpt != NULL) fprintf(tfp, "Q%s\n", denlstring(q->q_orcpt, TRUE, FALSE)); (void) putc('R', tfp); if (bitset(QPRIMARY, q->q_flags)) (void) putc('P', tfp); if (bitset(QHASNOTIFY, q->q_flags)) (void) putc('N', tfp); if (bitset(QPINGONSUCCESS, q->q_flags)) (void) putc('S', tfp); if (bitset(QPINGONFAILURE, q->q_flags)) (void) putc('F', tfp); if (bitset(QPINGONDELAY, q->q_flags)) (void) putc('D', tfp); + if (q->q_alias != NULL && + bitset(QALIAS, q->q_alias->q_flags)) + (void) putc('A', tfp); (void) putc(':', tfp); (void) fprintf(tfp, "%s\n", denlstring(q->q_paddr, TRUE, FALSE)); if (announce) { e->e_to = q->q_paddr; message("queued"); if (LogLevel > 8) logdelivery(q->q_mailer, NULL, q->q_status, "queued", NULL, (time_t) 0, e); e->e_to = NULL; } if (tTd(40, 1)) { dprintf("queueing "); printaddr(q, FALSE); } } /* ** Output headers for this message. ** Expand macros completely here. Queue run will deal with ** everything as absolute headers. ** All headers that must be relative to the recipient ** can be cracked later. ** We set up a "null mailer" -- i.e., a mailer that will have ** no effect on the addresses as they are output. */ memset((char *) &nullmailer, '\0', sizeof nullmailer); nullmailer.m_re_rwset = nullmailer.m_rh_rwset = nullmailer.m_se_rwset = nullmailer.m_sh_rwset = -1; nullmailer.m_eol = "\n"; memset(&mcibuf, '\0', sizeof mcibuf); mcibuf.mci_mailer = &nullmailer; mcibuf.mci_out = tfp; define('g', "\201f", e); for (h = e->e_header; h != NULL; h = h->h_link) { if (h->h_value == NULL) continue; /* don't output resent headers on non-resent messages */ if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags)) continue; /* expand macros; if null, don't output header at all */ if (bitset(H_DEFAULT, h->h_flags)) { (void) expand(h->h_value, buf, sizeof buf, e); if (buf[0] == '\0') continue; } /* output this header */ fprintf(tfp, "H?"); /* output conditional macro if present */ if (h->h_macro != '\0') { if (bitset(0200, h->h_macro)) fprintf(tfp, "${%s}", - macname(h->h_macro & 0377)); + macname(bitidx(h->h_macro))); else fprintf(tfp, "$%c", h->h_macro); } else if (!bitzerop(h->h_mflags) && bitset(H_CHECK|H_ACHECK, h->h_flags)) { int j; /* if conditional, output the set of conditions */ for (j = '\0'; j <= '\177'; j++) if (bitnset(j, h->h_mflags)) (void) putc(j, tfp); } (void) putc('?', tfp); /* output the header: expand macros, convert addresses */ if (bitset(H_DEFAULT, h->h_flags) && !bitset(H_BINDLATE, h->h_flags)) { fprintf(tfp, "%s: %s\n", h->h_field, denlstring(buf, FALSE, TRUE)); } else if (bitset(H_FROM|H_RCPT, h->h_flags) && !bitset(H_BINDLATE, h->h_flags)) { bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags); FILE *savetrace = TrafficLogFile; TrafficLogFile = NULL; if (bitset(H_FROM, h->h_flags)) oldstyle = FALSE; commaize(h, h->h_value, oldstyle, &mcibuf, e); TrafficLogFile = savetrace; } else { fprintf(tfp, "%s: %s\n", h->h_field, denlstring(h->h_value, FALSE, TRUE)); } } /* ** Clean up. ** ** Write a terminator record -- this is to prevent ** scurrilous crackers from appending any data. */ fprintf(tfp, ".\n"); if (fflush(tfp) < 0 || (SuperSafe && fsync(fileno(tfp)) < 0) || ferror(tfp)) { if (newid) syserr("!552 Error writing control file %s", tf); else syserr("!452 Error writing control file %s", tf); } if (!newid) { /* rename (locked) tf to be (locked) qf */ qf = queuename(e, 'q'); if (rename(tf, qf) < 0) syserr("cannot rename(%s, %s), uid=%d", tf, qf, geteuid()); - /* ** fsync() after renaming to make sure ** metadata is written to disk on ** filesystems in which renames are ** not guaranteed such as softupdates. */ if (tfd >= 0 && SuperSafe && fsync(tfd) < 0) - syserr("!queueup: cannot fsync queue temp file %s", - tf); + syserr("!queueup: cannot fsync queue temp file %s", tf); /* close and unlock old (locked) qf */ if (e->e_lockfp != NULL) (void) fclose(e->e_lockfp); e->e_lockfp = tfp; } else qf = tf; errno = 0; e->e_flags |= EF_INQUEUE; /* save log info */ if (LogLevel > 79) sm_syslog(LOG_DEBUG, e->e_id, "queueup, qf=%s", qf); if (tTd(40, 1)) dprintf("<<<<< done queueing %s <<<<<\n\n", e->e_id); return; } static void printctladdr(a, tfp) register ADDRESS *a; FILE *tfp; { char *user; register ADDRESS *q; uid_t uid; gid_t gid; static ADDRESS *lastctladdr = NULL; static uid_t lastuid; /* initialization */ if (a == NULL || a->q_alias == NULL || tfp == NULL) { if (lastctladdr != NULL && tfp != NULL) fprintf(tfp, "C\n"); lastctladdr = NULL; lastuid = 0; return; } /* find the active uid */ q = getctladdr(a); if (q == NULL) { user = NULL; uid = 0; gid = 0; } else { user = q->q_ruser != NULL ? q->q_ruser : q->q_user; uid = q->q_uid; gid = q->q_gid; } a = a->q_alias; /* check to see if this is the same as last time */ if (lastctladdr != NULL && uid == lastuid && strcmp(lastctladdr->q_paddr, a->q_paddr) == 0) return; lastuid = uid; lastctladdr = a; if (uid == 0 || user == NULL || user[0] == '\0') fprintf(tfp, "C"); else fprintf(tfp, "C%s:%ld:%ld", denlstring(user, TRUE, FALSE), (long) uid, (long) gid); fprintf(tfp, ":%s\n", denlstring(a->q_paddr, TRUE, FALSE)); } /* ** RUNQUEUE -- run the jobs in the queue. ** ** Gets the stuff out of the queue in some presumably logical ** order and processes them. ** ** Parameters: ** forkflag -- TRUE if the queue scanning should be done in ** a child process. We double-fork so it is not our ** child and we don't have to clean up after it. ** FALSE can be ignored if we have multiple queues. ** verbose -- if TRUE, print out status information. ** ** Returns: ** TRUE if the queue run successfully began. ** ** Side Effects: ** runs things in the mail queue. */ static ENVELOPE QueueEnvelope; /* the queue run envelope */ int NumQueues = 0; /* number of queues */ static time_t LastQueueTime = 0; /* last time a queue ID assigned */ static pid_t LastQueuePid = -1; /* last PID which had a queue ID */ struct qpaths_s { char *qp_name; /* name of queue dir */ short qp_subdirs; /* use subdirs? */ }; typedef struct qpaths_s QPATHS; /* values for qp_supdirs */ #define QP_NOSUB 0x0000 /* No subdirectories */ #define QP_SUBDF 0x0001 /* "df" subdirectory */ #define QP_SUBQF 0x0002 /* "qf" subdirectory */ #define QP_SUBXF 0x0004 /* "xf" subdirectory */ static QPATHS *QPaths = NULL; /* list of queue directories */ bool runqueue(forkflag, verbose) bool forkflag; bool verbose; { int i; bool ret = TRUE; static int curnum = 0; + DoQueueRun = FALSE; + + if (!forkflag && NumQueues > 1 && !verbose) forkflag = TRUE; for (i = 0; i < NumQueues; i++) { /* ** Pick up where we left off, in case we ** used up all the children last time ** without finishing. */ ret = run_single_queue(curnum, forkflag, verbose); /* ** Failure means a message was printed for ETRN ** and subsequent queues are likely to fail as well. */ if (!ret) break; if (++curnum >= NumQueues) curnum = 0; } if (QueueIntvl != 0) (void) setevent(QueueIntvl, runqueueevent, 0); return ret; } /* ** RUN_SINGLE_QUEUE -- run the jobs in a single queue. ** ** Gets the stuff out of the queue in some presumably logical ** order and processes them. ** ** Parameters: ** queuedir -- queue to process ** forkflag -- TRUE if the queue scanning should be done in ** a child process. We double-fork so it is not our ** child and we don't have to clean up after it. ** verbose -- if TRUE, print out status information. ** ** Returns: ** TRUE if the queue run successfully began. ** ** Side Effects: ** runs things in the mail queue. */ static bool run_single_queue(queuedir, forkflag, verbose) int queuedir; bool forkflag; bool verbose; { register ENVELOPE *e; int njobs; int sequenceno = 0; - time_t current_la_time; + time_t current_la_time, now; extern ENVELOPE BlankEnvelope; - DoQueueRun = FALSE; - /* ** If no work will ever be selected, don't even bother reading ** the queue. */ CurrentLA = sm_getla(NULL); /* get load average */ current_la_time = curtime(); if (shouldqueue(WkRecipFact, current_la_time)) { char *msg = "Skipping queue run -- load average too high"; if (verbose) message("458 %s\n", msg); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg); return FALSE; } /* ** See if we already have too many children. */ if (forkflag && QueueIntvl != 0 && MaxChildren > 0 && CurChildren >= MaxChildren) { char *msg = "Skipping queue run -- too many children"; if (verbose) message("458 %s (%d)\n", msg, CurChildren); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s (%d)", msg, CurChildren); return FALSE; } /* ** See if we want to go off and do other useful work. */ if (forkflag) { pid_t pid; (void) blocksignal(SIGCHLD); (void) setsignal(SIGCHLD, reapchild); pid = dofork(); if (pid == -1) { const char *msg = "Skipping queue run -- fork() failed"; const char *err = errstring(errno); if (verbose) message("458 %s: %s\n", msg, err); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s: %s", msg, err); (void) releasesignal(SIGCHLD); return FALSE; } if (pid != 0) { /* parent -- pick up intermediate zombie */ (void) blocksignal(SIGALRM); proc_list_add(pid, "Queue runner", PROC_QUEUE); (void) releasesignal(SIGALRM); (void) releasesignal(SIGCHLD); return TRUE; } /* child -- clean up signals */ clrcontrol(); proc_list_clear(); /* Add parent process as first child item */ proc_list_add(getpid(), "Queue runner child process", PROC_QUEUE_CHILD); (void) releasesignal(SIGCHLD); (void) setsignal(SIGCHLD, SIG_DFL); (void) setsignal(SIGHUP, intsig); } sm_setproctitle(TRUE, CurEnv, "running queue: %s", qid_printqueue(queuedir)); if (LogLevel > 69 || tTd(63, 99)) sm_syslog(LOG_DEBUG, NOQID, "runqueue %s, pid=%d, forkflag=%d", qid_printqueue(queuedir), getpid(), forkflag); /* ** Release any resources used by the daemon code. */ # if DAEMON clrdaemon(); # endif /* DAEMON */ /* force it to run expensive jobs */ NoConnect = FALSE; /* drop privileges */ if (geteuid() == (uid_t) 0) (void) drop_privileges(FALSE); /* ** Create ourselves an envelope */ CurEnv = &QueueEnvelope; e = newenvelope(&QueueEnvelope, CurEnv); e->e_flags = BlankEnvelope.e_flags; /* make sure we have disconnected from parent */ if (forkflag) { disconnect(1, e); QuickAbort = FALSE; } /* ** If we are running part of the queue, always ignore stored ** host status. */ if (QueueLimitId != NULL || QueueLimitSender != NULL || QueueLimitRecipient != NULL) { IgnoreHostStatus = TRUE; MinQueueAge = 0; } /* ** Start making passes through the queue. ** First, read and sort the entire queue. ** Then, process the work in that order. ** But if you take too long, start over. */ /* order the existing work requests */ njobs = orderq(queuedir, FALSE); /* process them once at a time */ while (WorkQ != NULL) { WORK *w = WorkQ; WorkQ = WorkQ->w_next; e->e_to = NULL; /* ** Ignore jobs that are too expensive for the moment. ** ** Get new load average every 30 seconds. */ - if (current_la_time < curtime() - 30) + now = curtime(); + if (current_la_time < now - 30) { CurrentLA = sm_getla(e); - current_la_time = curtime(); + current_la_time = now; } if (shouldqueue(WkRecipFact, current_la_time)) { char *msg = "Aborting queue run: load average too high"; if (Verbose) message("%s", msg); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: %s", msg); break; } sequenceno++; if (shouldqueue(w->w_pri, w->w_ctime)) { if (Verbose) message(""); if (QueueSortOrder == QSO_BYPRIORITY) { if (Verbose) message("Skipping %s/%s (sequence %d of %d) and flushing rest of queue", qid_printqueue(queuedir), w->w_name + 2, sequenceno, njobs); if (LogLevel > 8) sm_syslog(LOG_INFO, NOQID, "runqueue: Flushing queue from %s/%s (pri %ld, LA %d, %d of %d)", qid_printqueue(queuedir), w->w_name + 2, w->w_pri, CurrentLA, sequenceno, njobs); break; } else if (Verbose) message("Skipping %s/%s (sequence %d of %d)", qid_printqueue(queuedir), w->w_name + 2, sequenceno, njobs); } else { pid_t pid; if (Verbose) { message(""); message("Running %s/%s (sequence %d of %d)", qid_printqueue(queuedir), w->w_name + 2, sequenceno, njobs); } if (tTd(63, 100)) sm_syslog(LOG_DEBUG, NOQID, "runqueue %s dowork(%s)", qid_printqueue(queuedir), w->w_name + 2); pid = dowork(queuedir, w->w_name + 2, ForkQueueRuns, FALSE, e); errno = 0; if (pid != 0) (void) waitfor(pid); } free(w->w_name); if (w->w_host) free(w->w_host); free((char *) w); } /* exit without the usual cleanup */ e->e_id = NULL; if (forkflag) finis(TRUE, ExitStat); /* NOTREACHED */ return TRUE; } /* ** RUNQUEUEEVENT -- stub for use in setevent */ static void runqueueevent() { DoQueueRun = TRUE; } /* ** ORDERQ -- order the work queue. ** ** Parameters: ** queuedir -- the index of the queue directory. ** doall -- if set, include everything in the queue (even ** the jobs that cannot be run because the load ** average is too high). Otherwise, exclude those ** jobs. ** ** Returns: ** The number of request in the queue (not necessarily ** the number of requests in WorkQ however). ** ** Side Effects: ** Sets WorkQ to the queue of available work, in order. */ # define NEED_P 001 # define NEED_T 002 # define NEED_R 004 # define NEED_S 010 +# define NEED_H 020 static WORK *WorkList = NULL; static int WorkListSize = 0; static int orderq(queuedir, doall) int queuedir; bool doall; { register struct dirent *d; register WORK *w; register char *p; DIR *f; register int i; int wn = -1; int wc; QUEUE_CHAR *check; char qd[MAXPATHLEN]; char qf[MAXPATHLEN]; if (queuedir == NOQDIR) (void) strlcpy(qd, ".", sizeof qd); else (void) snprintf(qd, sizeof qd, "%s%s", QPaths[queuedir].qp_name, (bitset(QP_SUBQF, QPaths[queuedir].qp_subdirs) ? "/qf" : "")); if (tTd(41, 1)) { dprintf("orderq:\n"); check = QueueLimitId; while (check != NULL) { dprintf("\tQueueLimitId = %s\n", check->queue_match); check = check->queue_next; } check = QueueLimitSender; while (check != NULL) { dprintf("\tQueueLimitSender = %s\n", check->queue_match); check = check->queue_next; } check = QueueLimitRecipient; while (check != NULL) { dprintf("\tQueueLimitRecipient = %s\n", check->queue_match); check = check->queue_next; } } /* clear out old WorkQ */ for (w = WorkQ; w != NULL; ) { register WORK *nw = w->w_next; WorkQ = nw; free(w->w_name); if (w->w_host != NULL) free(w->w_host); free((char *) w); w = nw; } /* open the queue directory */ f = opendir(qd); if (f == NULL) { syserr("orderq: cannot open \"%s\"", qid_printqueue(queuedir)); return 0; } /* ** Read the work directory. */ while ((d = readdir(f)) != NULL) { FILE *cf; int qfver = 0; char lbuf[MAXNAME + 1]; struct stat sbuf; if (tTd(41, 50)) dprintf("orderq: checking %s\n", d->d_name); /* is this an interesting entry? */ if (d->d_name[0] != 'q' || d->d_name[1] != 'f') continue; if (strlen(d->d_name) >= MAXQFNAME) { if (Verbose) printf("orderq: %s too long, %d max characters\n", d->d_name, MAXQFNAME); if (LogLevel > 0) sm_syslog(LOG_ALERT, NOQID, "orderq: %s too long, %d max characters", d->d_name, MAXQFNAME); continue; } check = QueueLimitId; while (check != NULL) { if (strcontainedin(check->queue_match, d->d_name)) break; else check = check->queue_next; } if (QueueLimitId != NULL && check == NULL) continue; /* grow work list if necessary */ if (++wn >= MaxQueueRun && MaxQueueRun > 0) { if (wn == MaxQueueRun && LogLevel > 0) sm_syslog(LOG_WARNING, NOQID, "WorkList for %s maxed out at %d", qid_printqueue(queuedir), MaxQueueRun); continue; } if (wn >= WorkListSize) { grow_wlist(queuedir); if (wn >= WorkListSize) continue; } w = &WorkList[wn]; (void) snprintf(qf, sizeof qf, "%s/%s", qd, d->d_name); if (stat(qf, &sbuf) < 0) { if (errno != ENOENT) sm_syslog(LOG_INFO, NOQID, "orderq: can't stat %s/%s", qid_printqueue(queuedir), d->d_name); wn--; continue; } if (!bitset(S_IFREG, sbuf.st_mode)) { /* Yikes! Skip it or we will hang on open! */ syserr("orderq: %s/%s is not a regular file", qid_printqueue(queuedir), d->d_name); wn--; continue; } /* avoid work if possible */ if (QueueSortOrder == QSO_BYFILENAME && QueueLimitSender == NULL && QueueLimitRecipient == NULL) { w->w_name = newstr(d->d_name); w->w_host = NULL; w->w_lock = w->w_tooyoung = FALSE; w->w_pri = 0; w->w_ctime = 0; continue; } /* open control file */ cf = fopen(qf, "r"); + if (cf == NULL) { /* this may be some random person sending hir msgs */ /* syserr("orderq: cannot open %s", cbuf); */ if (tTd(41, 2)) dprintf("orderq: cannot open %s: %s\n", d->d_name, errstring(errno)); errno = 0; wn--; continue; } w->w_name = newstr(d->d_name); w->w_host = NULL; w->w_lock = !lockfile(fileno(cf), w->w_name, NULL, LOCK_SH|LOCK_NB); w->w_tooyoung = FALSE; /* make sure jobs in creation don't clog queue */ w->w_pri = 0x7fffffff; w->w_ctime = 0; /* extract useful information */ i = NEED_P | NEED_T; + if (QueueSortOrder == QSO_BYHOST) + { + /* need w_host set for host sort order */ + i |= NEED_H; + } if (QueueLimitSender != NULL) i |= NEED_S; if (QueueLimitRecipient != NULL) i |= NEED_R; while (i != 0 && fgets(lbuf, sizeof lbuf, cf) != NULL) { int c; time_t age; p = strchr(lbuf, '\n'); if (p != NULL) *p = '\0'; else { /* flush rest of overly long line */ while ((c = getc(cf)) != EOF && c != '\n') continue; } switch (lbuf[0]) { case 'V': qfver = atoi(&lbuf[1]); break; case 'P': w->w_pri = atol(&lbuf[1]); i &= ~NEED_P; break; case 'T': w->w_ctime = atol(&lbuf[1]); i &= ~NEED_T; break; case 'R': if (w->w_host == NULL && (p = strrchr(&lbuf[1], '@')) != NULL) { w->w_host = strrev(&p[1]); makelower(w->w_host); + i &= ~NEED_H; } if (QueueLimitRecipient == NULL) { i &= ~NEED_R; break; } if (qfver > 0) { p = strchr(&lbuf[1], ':'); if (p == NULL) p = &lbuf[1]; } else p = &lbuf[1]; check = QueueLimitRecipient; while (check != NULL) { if (strcontainedin(check->queue_match, p)) break; else check = check->queue_next; } if (check != NULL) i &= ~NEED_R; break; case 'S': check = QueueLimitSender; while (check != NULL) { if (strcontainedin(check->queue_match, &lbuf[1])) break; else check = check->queue_next; } if (check != NULL) i &= ~NEED_S; break; case 'K': age = curtime() - (time_t) atol(&lbuf[1]); if (age >= 0 && MinQueueAge > 0 && age < MinQueueAge) w->w_tooyoung = TRUE; break; case 'N': if (atol(&lbuf[1]) == 0) w->w_tooyoung = FALSE; break; # if _FFR_QUEUEDELAY /* case 'G': queuealg = atoi(lbuf[1]); break; case 'Y': queuedelay = (time_t) atol(&lbuf[1]); break; */ # endif /* _FFR_QUEUEDELAY */ } } (void) fclose(cf); if ((!doall && shouldqueue(w->w_pri, w->w_ctime)) || bitset(NEED_R|NEED_S, i)) { /* don't even bother sorting this job in */ if (tTd(41, 49)) dprintf("skipping %s (%x)\n", w->w_name, i); free(w->w_name); if (w->w_host) free(w->w_host); wn--; } } (void) closedir(f); wn++; WorkQ = NULL; if (WorkList == NULL) return 0; wc = min(wn, WorkListSize); if (wc > MaxQueueRun && MaxQueueRun > 0) wc = MaxQueueRun; if (QueueSortOrder == QSO_BYHOST) { /* ** Sort the work directory for the first time, ** based on host name, lock status, and priority. */ qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf1); /* ** If one message to host is locked, "lock" all messages ** to that host. */ i = 0; while (i < wc) { if (!WorkList[i].w_lock) { i++; continue; } w = &WorkList[i]; while (++i < wc) { if (WorkList[i].w_host == NULL && w->w_host == NULL) WorkList[i].w_lock = TRUE; else if (WorkList[i].w_host != NULL && w->w_host != NULL && sm_strcasecmp(WorkList[i].w_host, w->w_host) == 0) WorkList[i].w_lock = TRUE; else break; } } /* ** Sort the work directory for the second time, ** based on lock status, host name, and priority. */ qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf2); } else if (QueueSortOrder == QSO_BYTIME) { /* ** Simple sort based on submission time only. */ qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf3); } else if (QueueSortOrder == QSO_BYFILENAME) { /* ** Sort based on qf filename. */ qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf4); } else { /* ** Simple sort based on queue priority only. */ qsort((char *) WorkList, wc, sizeof *WorkList, workcmpf0); } /* ** Convert the work list into canonical form. ** Should be turning it into a list of envelopes here perhaps. */ for (i = wc; --i >= 0; ) { w = (WORK *) xalloc(sizeof *w); w->w_name = WorkList[i].w_name; w->w_host = WorkList[i].w_host; w->w_lock = WorkList[i].w_lock; w->w_tooyoung = WorkList[i].w_tooyoung; w->w_pri = WorkList[i].w_pri; w->w_ctime = WorkList[i].w_ctime; w->w_next = WorkQ; WorkQ = w; } if (WorkList != NULL) free(WorkList); WorkList = NULL; WorkListSize = 0; if (tTd(40, 1)) { for (w = WorkQ; w != NULL; w = w->w_next) { if (w->w_host != NULL) dprintf("%22s: pri=%ld %s\n", w->w_name, w->w_pri, w->w_host); else dprintf("%32s: pri=%ld\n", w->w_name, w->w_pri); } } return wn; } /* ** GROW_WLIST -- make the work list larger ** ** Parameters: ** queuedir -- the index for the queue directory. ** ** Returns: ** none. ** ** Side Effects: ** Adds another QUEUESEGSIZE entries to WorkList if possible. ** It can fail if there isn't enough memory, so WorkListSize ** should be checked again upon return. */ static void grow_wlist(queuedir) int queuedir; { if (tTd(41, 1)) dprintf("grow_wlist: WorkListSize=%d\n", WorkListSize); if (WorkList == NULL) { WorkList = (WORK *) xalloc((sizeof *WorkList) * (QUEUESEGSIZE + 1)); WorkListSize = QUEUESEGSIZE; } else { int newsize = WorkListSize + QUEUESEGSIZE; WORK *newlist = (WORK *) realloc((char *)WorkList, (unsigned)sizeof(WORK) * (newsize + 1)); if (newlist != NULL) { WorkListSize = newsize; WorkList = newlist; if (LogLevel > 1) { sm_syslog(LOG_INFO, NOQID, "grew WorkList for %s to %d", qid_printqueue(queuedir), WorkListSize); } } else if (LogLevel > 0) { sm_syslog(LOG_ALERT, NOQID, "FAILED to grow WorkList for %s to %d", qid_printqueue(queuedir), newsize); } } if (tTd(41, 1)) dprintf("grow_wlist: WorkListSize now %d\n", WorkListSize); } /* ** WORKCMPF0 -- simple priority-only compare function. ** ** Parameters: ** a -- the first argument. ** b -- the second argument. ** ** Returns: ** -1 if a < b ** 0 if a == b ** +1 if a > b ** ** Side Effects: ** none. */ static int workcmpf0(a, b) register WORK *a; register WORK *b; { long pa = a->w_pri; long pb = b->w_pri; if (pa == pb) return 0; else if (pa > pb) return 1; else return -1; } /* ** WORKCMPF1 -- first compare function for ordering work based on host name. ** ** Sorts on host name, lock status, and priority in that order. ** ** Parameters: ** a -- the first argument. ** b -- the second argument. ** ** Returns: ** <0 if a < b ** 0 if a == b ** >0 if a > b ** ** Side Effects: ** none. */ static int workcmpf1(a, b) register WORK *a; register WORK *b; { int i; /* host name */ if (a->w_host != NULL && b->w_host == NULL) return 1; else if (a->w_host == NULL && b->w_host != NULL) return -1; if (a->w_host != NULL && b->w_host != NULL && (i = sm_strcasecmp(a->w_host, b->w_host)) != 0) return i; /* lock status */ if (a->w_lock != b->w_lock) return b->w_lock - a->w_lock; /* job priority */ return a->w_pri - b->w_pri; } /* ** WORKCMPF2 -- second compare function for ordering work based on host name. ** ** Sorts on lock status, host name, and priority in that order. ** ** Parameters: ** a -- the first argument. ** b -- the second argument. ** ** Returns: ** <0 if a < b ** 0 if a == b ** >0 if a > b ** ** Side Effects: ** none. */ static int workcmpf2(a, b) register WORK *a; register WORK *b; { int i; /* lock status */ if (a->w_lock != b->w_lock) return a->w_lock - b->w_lock; /* host name */ if (a->w_host != NULL && b->w_host == NULL) return 1; else if (a->w_host == NULL && b->w_host != NULL) return -1; if (a->w_host != NULL && b->w_host != NULL && (i = sm_strcasecmp(a->w_host, b->w_host)) != 0) return i; /* job priority */ return a->w_pri - b->w_pri; } /* ** WORKCMPF3 -- simple submission-time-only compare function. ** ** Parameters: ** a -- the first argument. ** b -- the second argument. ** ** Returns: ** -1 if a < b ** 0 if a == b ** +1 if a > b ** ** Side Effects: ** none. */ static int workcmpf3(a, b) register WORK *a; register WORK *b; { if (a->w_ctime > b->w_ctime) return 1; else if (a->w_ctime < b->w_ctime) return -1; else return 0; } /* ** WORKCMPF4 -- compare based on file name ** ** Parameters: ** a -- the first argument. ** b -- the second argument. ** ** Returns: ** -1 if a < b ** 0 if a == b ** +1 if a > b ** ** Side Effects: ** none. */ static int workcmpf4(a, b) register WORK *a; register WORK *b; { return strcmp(a->w_name, b->w_name); } /* ** STRREV -- reverse string ** ** Returns a pointer to a new string that is the reverse of ** the string pointed to by fwd. The space for the new ** string is obtained using xalloc(). ** ** Parameters: ** fwd -- the string to reverse. ** ** Returns: ** the reversed string. */ static char * strrev(fwd) char *fwd; { char *rev = NULL; int len, cnt; len = strlen(fwd); rev = xalloc(len + 1); for (cnt = 0; cnt < len; ++cnt) rev[cnt] = fwd[len - cnt - 1]; rev[len] = '\0'; return rev; } /* ** DOWORK -- do a work request. ** ** Parameters: ** queuedir -- the index of the queue directory for the job. ** id -- the ID of the job to run. ** forkflag -- if set, run this in background. ** requeueflag -- if set, reinstantiate the queue quickly. ** This is used when expanding aliases in the queue. ** If forkflag is also set, it doesn't wait for the ** child. ** e - the envelope in which to run it. ** ** Returns: ** process id of process that is running the queue job. ** ** Side Effects: ** The work request is satisfied if possible. */ pid_t dowork(queuedir, id, forkflag, requeueflag, e) int queuedir; char *id; bool forkflag; bool requeueflag; register ENVELOPE *e; { register pid_t pid; if (tTd(40, 1)) dprintf("dowork(%s/%s)\n", qid_printqueue(queuedir), id); /* ** Fork for work. */ if (forkflag) { /* ** Since the delivery may happen in a child and the ** parent does not wait, the parent may close the ** maps thereby removing any shared memory used by ** the map. Therefore, close the maps now so the ** child will dynamically open them if necessary. */ closemaps(); pid = fork(); if (pid < 0) { syserr("dowork: cannot fork"); return 0; } else if (pid > 0) { /* parent -- clean out connection cache */ mci_flush(FALSE, NULL); } else { /* child -- error messages to the transcript */ QuickAbort = OnlyOneError = FALSE; } } else { pid = 0; } if (pid == 0) { /* ** CHILD ** Lock the control file to avoid duplicate deliveries. ** Then run the file as though we had just read it. ** We save an idea of the temporary name so we ** can recover on interrupt. */ /* set basic modes, etc. */ (void) alarm(0); clearstats(); clearenvelope(e, FALSE); e->e_flags |= EF_QUEUERUN|EF_GLOBALERRS; set_delivery_mode(SM_DELIVER, e); e->e_errormode = EM_MAIL; e->e_id = id; e->e_queuedir = queuedir; GrabTo = UseErrorsTo = FALSE; ExitStat = EX_OK; if (forkflag) { disconnect(1, e); OpMode = MD_QUEUERUN; } sm_setproctitle(TRUE, e, "%s: from queue", qid_printname(e)); if (LogLevel > 76) sm_syslog(LOG_DEBUG, e->e_id, "dowork, pid=%d", getpid()); /* don't use the headers from sendmail.cf... */ e->e_header = NULL; /* read the queue control file -- return if locked */ if (!readqf(e)) { if (tTd(40, 4) && e->e_id != NULL) dprintf("readqf(%s) failed\n", qid_printname(e)); e->e_id = NULL; if (forkflag) finis(FALSE, EX_OK); else return 0; } e->e_flags |= EF_INQUEUE; eatheader(e, requeueflag); if (requeueflag) queueup(e, FALSE); /* do the delivery */ sendall(e, SM_DELIVER); /* finish up and exit */ if (forkflag) finis(TRUE, ExitStat); else dropenvelope(e, TRUE); } e->e_id = NULL; return pid; } /* ** READQF -- read queue file and set up environment. ** ** Parameters: ** e -- the envelope of the job to run. ** ** Returns: ** TRUE if it successfully read the queue file. ** FALSE otherwise. ** ** Side Effects: ** The queue file is returned locked. */ static bool readqf(e) register ENVELOPE *e; { register FILE *qfp; ADDRESS *ctladdr; struct stat st; char *bp; int qfver = 0; long hdrsize = 0; register char *p; char *orcpt = NULL; bool nomore = FALSE; MODE_T qsafe; char qf[MAXPATHLEN]; char buf[MAXLINE]; /* ** Read and process the file. */ (void) strlcpy(qf, queuename(e, 'q'), sizeof qf); qfp = fopen(qf, "r+"); if (qfp == NULL) { int save_errno = errno; if (tTd(40, 8)) dprintf("readqf(%s): fopen failure (%s)\n", qf, errstring(errno)); errno = save_errno; if (errno != ENOENT ) syserr("readqf: no control file %s", qf); return FALSE; } if (!lockfile(fileno(qfp), qf, NULL, LOCK_EX|LOCK_NB)) { /* being processed by another queuer */ if (Verbose) printf("%s: locked\n", e->e_id); if (tTd(40, 8)) dprintf("%s: locked\n", e->e_id); if (LogLevel > 19) sm_syslog(LOG_DEBUG, e->e_id, "locked"); (void) fclose(qfp); return FALSE; } /* ** Check the queue file for plausibility to avoid attacks. */ if (fstat(fileno(qfp), &st) < 0) { /* must have been being processed by someone else */ if (tTd(40, 8)) dprintf("readqf(%s): fstat failure (%s)\n", qf, errstring(errno)); (void) fclose(qfp); return FALSE; } qsafe = S_IWOTH|S_IWGRP; #if _FFR_QUEUE_FILE_MODE if (bitset(S_IWGRP, QueueFileMode)) qsafe &= ~S_IWGRP; #endif /* _FFR_QUEUE_FILE_MODE */ if ((st.st_uid != geteuid() && st.st_uid != TrustedUid && geteuid() != RealUid) || bitset(qsafe, st.st_mode)) { if (LogLevel > 0) { sm_syslog(LOG_ALERT, e->e_id, "bogus queue file, uid=%d, mode=%o", st.st_uid, st.st_mode); } if (tTd(40, 8)) dprintf("readqf(%s): bogus file\n", qf); loseqfile(e, "bogus file uid in mqueue"); (void) fclose(qfp); return FALSE; } if (st.st_size == 0) { /* must be a bogus file -- if also old, just remove it */ if (st.st_ctime + 10 * 60 < curtime()) { (void) xunlink(queuename(e, 'd')); (void) xunlink(queuename(e, 'q')); } (void) fclose(qfp); return FALSE; } if (st.st_nlink == 0) { /* ** Race condition -- we got a file just as it was being ** unlinked. Just assume it is zero length. */ (void) fclose(qfp); return FALSE; } /* good file -- save this lock */ e->e_lockfp = qfp; /* do basic system initialization */ initsys(e); define('i', e->e_id, e); LineNumber = 0; e->e_flags |= EF_GLOBALERRS; OpMode = MD_QUEUERUN; ctladdr = NULL; e->e_dfino = -1; e->e_msgsize = -1; # if _FFR_QUEUEDELAY e->e_queuealg = QD_LINEAR; e->e_queuedelay = (time_t) 0; # endif /* _FFR_QUEUEDELAY */ while ((bp = fgetfolded(buf, sizeof buf, qfp)) != NULL) { u_long qflags; ADDRESS *q; int mid; + time_t now; auto char *ep; if (tTd(40, 4)) dprintf("+++++ %s\n", bp); if (nomore) { /* hack attack */ syserr("SECURITY ALERT: extra data in qf: %s", bp); (void) fclose(qfp); loseqfile(e, "bogus queue line"); return FALSE; } switch (bp[0]) { case 'V': /* queue file version number */ qfver = atoi(&bp[1]); if (qfver <= QF_VERSION) break; syserr("Version number in qf (%d) greater than max (%d)", qfver, QF_VERSION); (void) fclose(qfp); loseqfile(e, "unsupported qf file version"); return FALSE; case 'C': /* specify controlling user */ ctladdr = setctluser(&bp[1], qfver); break; case 'Q': /* original recipient */ orcpt = newstr(&bp[1]); break; case 'R': /* specify recipient */ p = bp; qflags = 0; if (qfver >= 1) { /* get flag bits */ while (*++p != '\0' && *p != ':') { switch (*p) { case 'N': qflags |= QHASNOTIFY; break; case 'S': qflags |= QPINGONSUCCESS; break; case 'F': qflags |= QPINGONFAILURE; break; case 'D': qflags |= QPINGONDELAY; break; case 'P': qflags |= QPRIMARY; break; + + case 'A': + if (ctladdr != NULL) + ctladdr->q_flags |= QALIAS; + break; } } } else qflags |= QPRIMARY; q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0', NULL, e); if (q != NULL) { q->q_alias = ctladdr; if (qfver >= 1) q->q_flags &= ~Q_PINGFLAGS; q->q_flags |= qflags; q->q_orcpt = orcpt; (void) recipient(q, &e->e_sendqueue, 0, e); } orcpt = NULL; break; case 'E': /* specify error recipient */ /* no longer used */ break; case 'H': /* header */ (void) chompheader(&bp[1], CHHDR_QUEUE, NULL, e); hdrsize += strlen(&bp[1]); break; case 'L': /* Solaris Content-Length: */ case 'M': /* message */ /* ignore this; we want a new message next time */ break; case 'S': /* sender */ setsender(newstr(&bp[1]), e, NULL, '\0', TRUE); break; case 'B': /* body type */ e->e_bodytype = newstr(&bp[1]); break; # if _FFR_SAVE_CHARSET case 'X': /* character set */ e->e_charset = newstr(&bp[1]); break; # endif /* _FFR_SAVE_CHARSET */ case 'D': /* data file name */ /* obsolete -- ignore */ break; case 'T': /* init time */ e->e_ctime = atol(&bp[1]); break; case 'I': /* data file's inode number */ /* regenerated below */ break; case 'K': /* time of last delivery attempt */ e->e_dtime = atol(&buf[1]); break; # if _FFR_QUEUEDELAY case 'G': /* queue delay algorithm */ e->e_queuealg = atoi(&buf[1]); break; case 'Y': /* current delay */ e->e_queuedelay = (time_t) atol(&buf[1]); break; # endif /* _FFR_QUEUEDELAY */ case 'N': /* number of delivery attempts */ e->e_ntries = atoi(&buf[1]); /* if this has been tried recently, let it be */ - if (e->e_ntries > 0 && e->e_dtime <= curtime() && - curtime() < e->e_dtime + queuedelay(e)) + now = curtime(); + if (e->e_ntries > 0 && e->e_dtime <= now && + now < e->e_dtime + queuedelay(e)) { char *howlong; - howlong = pintvl(curtime() - e->e_dtime, TRUE); + howlong = pintvl(now - e->e_dtime, TRUE); if (Verbose) printf("%s: too young (%s)\n", e->e_id, howlong); if (tTd(40, 8)) dprintf("%s: too young (%s)\n", e->e_id, howlong); if (LogLevel > 19) sm_syslog(LOG_DEBUG, e->e_id, "too young (%s)", howlong); e->e_id = NULL; unlockqueue(e); return FALSE; } define(macid("{ntries}", NULL), newstr(&buf[1]), e); # if NAMED_BIND /* adjust BIND parameters immediately */ if (e->e_ntries == 0) { _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; } else { _res.retry = TimeOuts.res_retry[RES_TO_NORMAL]; _res.retrans = TimeOuts.res_retrans[RES_TO_NORMAL]; } # endif /* NAMED_BIND */ break; case 'P': /* message priority */ e->e_msgpriority = atol(&bp[1]) + WkTimeFact; break; case 'F': /* flag bits */ if (strncmp(bp, "From ", 5) == 0) { /* we are being spoofed! */ syserr("SECURITY ALERT: bogus qf line %s", bp); (void) fclose(qfp); loseqfile(e, "bogus queue line"); return FALSE; } for (p = &bp[1]; *p != '\0'; p++) { switch (*p) { case 'w': /* warning sent */ e->e_flags |= EF_WARNING; break; case 'r': /* response */ e->e_flags |= EF_RESPONSE; break; case '8': /* has 8 bit data */ e->e_flags |= EF_HAS8BIT; break; case 'b': /* delete Bcc: header */ e->e_flags |= EF_DELETE_BCC; break; case 'd': /* envelope has DSN RET= */ e->e_flags |= EF_RET_PARAM; break; case 'n': /* don't return body */ e->e_flags |= EF_NO_BODY_RETN; break; } } break; case 'Z': /* original envelope id from ESMTP */ e->e_envid = newstr(&bp[1]); define(macid("{dsn_envid}", NULL), newstr(&bp[1]), e); break; case 'A': /* AUTH= parameter */ e->e_auth_param = newstr(&bp[1]); break; case '$': /* define macro */ { char *p; mid = macid(&bp[1], &ep); + if (mid == 0) + break; + p = newstr(ep); define(mid, p, e); /* ** HACK ALERT: Unfortunately, 8.10 and ** 8.11 reused the ${if_addr} and ** ${if_family} macros for both the incoming ** interface address/family (getrequests()) ** and the outgoing interface address/family ** (makeconnection()). In order for D_BINDIF ** to work properly, have to preserve the ** incoming information in the queue file for ** later delivery attempts. The original ** information is stored in the envelope ** in readqf() so it can be stored in ** queueup_macros(). This should be fixed ** in 8.12. */ if (strcmp(macname(mid), "if_addr") == 0) e->e_if_macros[EIF_ADDR] = p; } break; case '.': /* terminate file */ nomore = TRUE; break; default: syserr("readqf: %s: line %d: bad line \"%s\"", qf, LineNumber, shortenstring(bp, MAXSHORTSTR)); (void) fclose(qfp); loseqfile(e, "unrecognized line"); return FALSE; } if (bp != buf) free(bp); } /* ** If we haven't read any lines, this queue file is empty. ** Arrange to remove it without referencing any null pointers. */ if (LineNumber == 0) { errno = 0; e->e_flags |= EF_CLRQUEUE | EF_FATALERRS | EF_RESPONSE; return TRUE; } /* possibly set ${dsn_ret} macro */ if (bitset(EF_RET_PARAM, e->e_flags)) { if (bitset(EF_NO_BODY_RETN, e->e_flags)) define(macid("{dsn_ret}", NULL), "hdrs", e); else define(macid("{dsn_ret}", NULL), "full", e); } /* ** Arrange to read the data file. */ p = queuename(e, 'd'); e->e_dfp = fopen(p, "r"); if (e->e_dfp == NULL) { syserr("readqf: cannot open %s", p); } else { e->e_flags |= EF_HAS_DF; if (fstat(fileno(e->e_dfp), &st) >= 0) { e->e_msgsize = st.st_size + hdrsize; e->e_dfdev = st.st_dev; e->e_dfino = st.st_ino; } } return TRUE; } /* ** PRTSTR -- print a string, "unprintable" characters are shown as \oct ** ** Parameters: ** s -- string to print ** ml -- maximum length of output ** ** Returns: ** none. ** ** Side Effects: ** Prints a string on stdout. */ static void prtstr(s, ml) char *s; int ml; { char c; if (s == NULL) return; while (ml-- > 0 && ((c = *s++) != '\0')) { if (c == '\\') { if (ml-- > 0) { putchar(c); putchar(c); } } else if (isascii(c) && isprint(c)) putchar(c); else { if ((ml -= 3) > 0) printf("\\%03o", c); } } } /* ** PRINTQUEUE -- print out a representation of the mail queue ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** Prints a listing of the mail queue on the standard output. */ void printqueue() { int i, nrequests = 0; for (i = 0; i < NumQueues; i++) nrequests += print_single_queue(i); if (NumQueues > 1) printf("\t\tTotal Requests: %d\n", nrequests); } /* ** PRINT_SINGLE_QUEUE -- print out a representation of a single mail queue ** ** Parameters: ** queuedir -- queue directory ** ** Returns: -** none. +** number of entries ** ** Side Effects: ** Prints a listing of the mail queue on the standard output. */ static int print_single_queue(queuedir) int queuedir; { register WORK *w; FILE *f; int nrequests; char qd[MAXPATHLEN]; char qddf[MAXPATHLEN]; char buf[MAXLINE]; if (queuedir == NOQDIR) { (void) strlcpy(qd, ".", sizeof qd); (void) strlcpy(qddf, ".", sizeof qddf); } else { (void) snprintf(qd, sizeof qd, "%s%s", QPaths[queuedir].qp_name, (bitset(QP_SUBQF, QPaths[queuedir].qp_subdirs) ? "/qf" : "")); (void) snprintf(qddf, sizeof qddf, "%s%s", QPaths[queuedir].qp_name, (bitset(QP_SUBDF, QPaths[queuedir].qp_subdirs) ? "/df" : "")); } /* ** Check for permission to print the queue */ if (bitset(PRIV_RESTRICTMAILQ, PrivacyFlags) && RealUid != 0) { struct stat st; # ifdef NGROUPS_MAX int n; extern GIDSET_T InitialGidSet[NGROUPS_MAX]; # endif /* NGROUPS_MAX */ if (stat(qd, &st) < 0) { syserr("Cannot stat %s", qid_printqueue(queuedir)); return 0; } # ifdef NGROUPS_MAX n = NGROUPS_MAX; while (--n >= 0) { if (InitialGidSet[n] == st.st_gid) break; } if (n < 0 && RealGid != st.st_gid) # else /* NGROUPS_MAX */ if (RealGid != st.st_gid) # endif /* NGROUPS_MAX */ { usrerr("510 You are not permitted to see the queue"); setstat(EX_NOPERM); return 0; } } /* ** Read and order the queue. */ nrequests = orderq(queuedir, TRUE); /* ** Print the work list that we have read. */ /* first see if there is anything */ if (nrequests <= 0) { printf("%s is empty\n", qid_printqueue(queuedir)); return 0; } CurrentLA = sm_getla(NULL); /* get load average */ printf("\t\t%s (%d request%s", qid_printqueue(queuedir), nrequests, nrequests == 1 ? "" : "s"); if (MaxQueueRun > 0 && nrequests > MaxQueueRun) printf(", only %d printed", MaxQueueRun); if (Verbose) printf(")\n----Q-ID---- --Size-- -Priority- ---Q-Time--- ---------Sender/Recipient--------\n"); else printf(")\n----Q-ID---- --Size-- -----Q-Time----- ------------Sender/Recipient------------\n"); for (w = WorkQ; w != NULL; w = w->w_next) { struct stat st; auto time_t submittime = 0; long dfsize; int flags = 0; int qfver; char statmsg[MAXLINE]; char bodytype[MAXNAME + 1]; char qf[MAXPATHLEN]; printf("%12s", w->w_name + 2); (void) snprintf(qf, sizeof qf, "%s/%s", qd, w->w_name); f = fopen(qf, "r"); if (f == NULL) { printf(" (job completed)\n"); errno = 0; continue; } w->w_name[0] = 'd'; (void) snprintf(qf, sizeof qf, "%s/%s", qddf, w->w_name); if (stat(qf, &st) >= 0) dfsize = st.st_size; else dfsize = -1; if (w->w_lock) printf("*"); else if (w->w_tooyoung) printf("-"); else if (shouldqueue(w->w_pri, w->w_ctime)) printf("X"); else printf(" "); errno = 0; statmsg[0] = bodytype[0] = '\0'; qfver = 0; while (fgets(buf, sizeof buf, f) != NULL) { register int i; register char *p; fixcrlf(buf, TRUE); switch (buf[0]) { case 'V': /* queue file version */ qfver = atoi(&buf[1]); break; case 'M': /* error message */ if ((i = strlen(&buf[1])) >= sizeof statmsg) i = sizeof statmsg - 1; memmove(statmsg, &buf[1], i); statmsg[i] = '\0'; break; case 'B': /* body type */ if ((i = strlen(&buf[1])) >= sizeof bodytype) i = sizeof bodytype - 1; memmove(bodytype, &buf[1], i); bodytype[i] = '\0'; break; case 'S': /* sender name */ if (Verbose) { printf("%8ld %10ld%c%.12s ", dfsize, w->w_pri, bitset(EF_WARNING, flags) ? '+' : ' ', ctime(&submittime) + 4); prtstr(&buf[1], 78); } else { printf("%8ld %.16s ", dfsize, ctime(&submittime)); prtstr(&buf[1], 40); } if (statmsg[0] != '\0' || bodytype[0] != '\0') { printf("\n %10.10s", bodytype); if (statmsg[0] != '\0') printf(" (%.*s)", Verbose ? 100 : 60, statmsg); } break; case 'C': /* controlling user */ if (Verbose) printf("\n\t\t\t\t (---%.74s---)", &buf[1]); break; case 'R': /* recipient name */ p = &buf[1]; if (qfver >= 1) { p = strchr(p, ':'); if (p == NULL) break; p++; } if (Verbose) { printf("\n\t\t\t\t\t "); prtstr(p, 73); } else { printf("\n\t\t\t\t "); prtstr(p, 40); } break; case 'T': /* creation time */ submittime = atol(&buf[1]); break; case 'F': /* flag bits */ for (p = &buf[1]; *p != '\0'; p++) { switch (*p) { case 'w': flags |= EF_WARNING; break; } } } } if (submittime == (time_t) 0) printf(" (no control file)"); printf("\n"); (void) fclose(f); } return nrequests; } /* ** QUEUENAME -- build a file name in the queue directory for this envelope. ** ** Parameters: ** e -- envelope to build it in/from. ** type -- the file type, used as the first character ** of the file name. ** ** Returns: ** a pointer to the queue name (in a static buffer). ** ** Side Effects: ** If no id code is already assigned, queuename() will ** assign an id code with assign_queueid(). If no queue ** directory is assigned, one will be set with setnewqueue(). */ char * queuename(e, type) register ENVELOPE *e; int type; { char *sub = ""; static char buf[MAXPATHLEN]; /* Assign an ID if needed */ if (e->e_id == NULL) assign_queueid(e); /* Assign a queue directory if needed */ if (e->e_queuedir == NOQDIR) setnewqueue(e); if (e->e_queuedir == NOQDIR) (void) snprintf(buf, sizeof buf, "%cf%s", type, e->e_id); else { switch (type) { case 'd': if (bitset(QP_SUBDF, QPaths[e->e_queuedir].qp_subdirs)) sub = "/df"; break; - case 'T': + case TEMPQF_LETTER: case 't': - case 'Q': + case LOSEQF_LETTER: case 'q': if (bitset(QP_SUBQF, QPaths[e->e_queuedir].qp_subdirs)) sub = "/qf"; break; case 'x': if (bitset(QP_SUBXF, QPaths[e->e_queuedir].qp_subdirs)) sub = "/xf"; break; } (void) snprintf(buf, sizeof buf, "%s%s/%cf%s", QPaths[e->e_queuedir].qp_name, sub, type, e->e_id); } if (tTd(7, 2)) dprintf("queuename: %s\n", buf); return buf; } /* ** ASSIGN_QUEUEID -- assign a queue ID for this envelope. ** ** Assigns an id code if one does not already exist. ** This code assumes that nothing will remain in the queue for ** longer than 60 years. It is critical that files with the given ** name not already exist in the queue. ** Also initializes e_queuedir to NOQDIR. ** ** Parameters: ** e -- envelope to set it in. ** ** Returns: ** none. */ static char Base60Code[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx"; void assign_queueid(e) register ENVELOPE *e; { pid_t pid = getpid(); static char cX = 0; static long random_offset; struct tm *tm; char idbuf[MAXQFNAME - 2]; if (e->e_id != NULL) return; /* see if we need to get a new base time/pid */ if (cX >= 60 || LastQueueTime == 0 || LastQueuePid != pid) { time_t then = LastQueueTime; /* if the first time through, pick a random offset */ if (LastQueueTime == 0) random_offset = get_random(); while ((LastQueueTime = curtime()) == then && LastQueuePid == pid) { (void) sleep(1); } LastQueuePid = getpid(); cX = 0; } if (tTd(7, 50)) dprintf("assign_queueid: random_offset = %ld (%d)\n", random_offset, (int)(cX + random_offset) % 60); tm = gmtime(&LastQueueTime); idbuf[0] = Base60Code[tm->tm_year % 60]; idbuf[1] = Base60Code[tm->tm_mon]; idbuf[2] = Base60Code[tm->tm_mday]; idbuf[3] = Base60Code[tm->tm_hour]; idbuf[4] = Base60Code[tm->tm_min]; idbuf[5] = Base60Code[tm->tm_sec]; idbuf[6] = Base60Code[((int)cX++ + random_offset) % 60]; (void) snprintf(&idbuf[7], sizeof idbuf - 7, "%05d", (int) LastQueuePid); e->e_id = newstr(idbuf); define('i', e->e_id, e); e->e_queuedir = NOQDIR; if (tTd(7, 1)) dprintf("assign_queueid: assigned id %s, e=%lx\n", e->e_id, (u_long) e); if (LogLevel > 93) sm_syslog(LOG_DEBUG, e->e_id, "assigned id"); } /* ** SYNC_QUEUE_TIME -- Assure exclusive PID in any given second ** ** Make sure one PID can't be used by two processes in any one second. ** ** If the system rotates PIDs fast enough, may get the ** same pid in the same second for two distinct processes. ** This will interfere with the queue file naming system. ** ** Parameters: ** none ** ** Returns: ** none */ void sync_queue_time() { # if FAST_PID_RECYCLE if (OpMode != MD_TEST && OpMode != MD_VERIFY && LastQueueTime > 0 && LastQueuePid == getpid() && curtime() == LastQueueTime) (void) sleep(1); # endif /* FAST_PID_RECYCLE */ } /* ** UNLOCKQUEUE -- unlock the queue entry for a specified envelope ** ** Parameters: ** e -- the envelope to unlock. ** ** Returns: ** none ** ** Side Effects: ** unlocks the queue for `e'. */ void unlockqueue(e) ENVELOPE *e; { if (tTd(51, 4)) dprintf("unlockqueue(%s)\n", e->e_id == NULL ? "NOQUEUE" : e->e_id); /* if there is a lock file in the envelope, close it */ if (e->e_lockfp != NULL) (void) fclose(e->e_lockfp); e->e_lockfp = NULL; /* don't create a queue id if we don't already have one */ if (e->e_id == NULL) return; /* remove the transcript */ if (LogLevel > 87) sm_syslog(LOG_DEBUG, e->e_id, "unlock"); if (!tTd(51, 104)) xunlink(queuename(e, 'x')); } /* ** SETCTLUSER -- create a controlling address ** ** Create a fake "address" given only a local login name; this is ** used as a "controlling user" for future recipient addresses. ** ** Parameters: ** user -- the user name of the controlling user. ** qfver -- the version stamp of this qf file. ** ** Returns: ** An address descriptor for the controlling user. ** ** Side Effects: ** none. */ static ADDRESS * setctluser(user, qfver) char *user; int qfver; { register ADDRESS *a; struct passwd *pw; char *p; /* ** See if this clears our concept of controlling user. */ if (user == NULL || *user == '\0') return NULL; /* ** Set up addr fields for controlling user. */ a = (ADDRESS *) xalloc(sizeof *a); memset((char *) a, '\0', sizeof *a); if (*user == '\0') { p = NULL; a->q_user = newstr(DefUser); } else if (*user == ':') { p = &user[1]; a->q_user = newstr(p); } else { p = strtok(user, ":"); a->q_user = newstr(user); if (qfver >= 2) { if ((p = strtok(NULL, ":")) != NULL) a->q_uid = atoi(p); if ((p = strtok(NULL, ":")) != NULL) a->q_gid = atoi(p); if ((p = strtok(NULL, ":")) != NULL) a->q_flags |= QGOODUID; } else if ((pw = sm_getpwnam(user)) != NULL) { if (*pw->pw_dir == '\0') a->q_home = NULL; else if (strcmp(pw->pw_dir, "/") == 0) a->q_home = ""; else a->q_home = newstr(pw->pw_dir); a->q_uid = pw->pw_uid; a->q_gid = pw->pw_gid; a->q_flags |= QGOODUID; } } a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */ a->q_mailer = LocalMailer; if (p == NULL) a->q_paddr = newstr(a->q_user); else a->q_paddr = newstr(p); return a; } /* ** LOSEQFILE -- save the qf as Qf and try to let someone know ** ** Parameters: ** e -- the envelope (e->e_id will be used). ** why -- reported to whomever can hear. ** ** Returns: ** none. */ -# define LOSEQF_LETTER 'Q' - void loseqfile(e, why) register ENVELOPE *e; char *why; { char *p; char buf[MAXPATHLEN]; if (e == NULL || e->e_id == NULL) return; p = queuename(e, 'q'); if (strlen(p) >= (SIZE_T) sizeof buf) return; (void) strlcpy(buf, p, sizeof buf); p = queuename(e, LOSEQF_LETTER); if (rename(buf, p) < 0) syserr("cannot rename(%s, %s), uid=%d", buf, p, geteuid()); else if (LogLevel > 0) sm_syslog(LOG_ALERT, e->e_id, "Losing %s: %s", buf, why); } /* ** QID_PRINTNAME -- create externally printable version of queue id ** ** Parameters: ** e -- the envelope. ** ** Returns: ** a printable version */ char * qid_printname(e) ENVELOPE *e; { char *id; static char idbuf[MAXQFNAME + 34]; if (e == NULL) return ""; if (e->e_id == NULL) id = ""; else id = e->e_id; if (e->e_queuedir == NOQDIR) return id; (void) snprintf(idbuf, sizeof idbuf, "%.32s/%s", QPaths[e->e_queuedir].qp_name, id); return idbuf; } /* ** QID_PRINTQUEUE -- create full version of queue directory for df files ** ** Parameters: ** queuedir -- the short version of the queue directory ** ** Returns: ** the full pathname to the queue (static) */ char * qid_printqueue(queuedir) int queuedir; { char *subdir; static char dir[MAXPATHLEN]; if (queuedir == NOQDIR) return QueueDir; if (strcmp(QPaths[queuedir].qp_name, ".") == 0) subdir = NULL; else subdir = QPaths[queuedir].qp_name; (void) snprintf(dir, sizeof dir, "%s%s%s%s", QueueDir, subdir == NULL ? "" : "/", subdir == NULL ? "" : subdir, (bitset(QP_SUBDF, QPaths[queuedir].qp_subdirs) ? "/df" : "")); return dir; } /* ** SETNEWQUEUE -- Sets a new queue directory ** ** Assign a queue directory to an envelope and store the directory ** in e->e_queuedir. The queue is chosen at random. ** ** This routine may be improved in the future to allow for more ** elaborate queueing schemes. Suggestions and code contributions ** are welcome. ** ** Parameters: ** e -- envelope to assign a queue for. ** ** Returns: ** none. */ void setnewqueue(e) ENVELOPE *e; { int idx; if (tTd(41, 20)) dprintf("setnewqueue: called\n"); if (e->e_queuedir != NOQDIR) { if (tTd(41, 20)) dprintf("setnewqueue: e_queuedir already assigned (%s)\n", qid_printqueue(e->e_queuedir)); return; } if (NumQueues == 1) idx = 0; else { #if RANDOMSHIFT /* lower bits are not random "enough", select others */ idx = (get_random() >> RANDOMSHIFT) % NumQueues; #else /* RANDOMSHIFT */ idx = get_random() % NumQueues; #endif /* RANDOMSHIFT */ if (tTd(41, 15)) dprintf("setnewqueue: get_random() %% %d = %d\n", NumQueues, idx); } e->e_queuedir = idx; if (tTd(41, 3)) dprintf("setnewqueue: Assigned queue directory %s\n", qid_printqueue(e->e_queuedir)); } /* ** CHKQDIR -- check a queue directory ** ** Parameters: ** name -- name of queue directory ** sff -- flags for safefile() ** ** Returns: ** is it a queue directory? */ static bool chkqdir(name, sff) char *name; long sff; { struct stat statb; int i; /* skip over . and .. directories */ if (name[0] == '.' && (name[1] == '\0' || (name[2] == '.' && name[3] == '\0'))) return FALSE; # if HASLSTAT if (lstat(name, &statb) < 0) # else /* HASLSTAT */ if (stat(name, &statb) < 0) # endif /* HASLSTAT */ { if (tTd(41, 2)) dprintf("multiqueue_cache: stat(\"%s\"): %s\n", name, errstring(errno)); return FALSE; } # if HASLSTAT if (S_ISLNK(statb.st_mode)) { /* ** For a symlink we need to make sure the ** target is a directory */ if (stat(name, &statb) < 0) { if (tTd(41, 2)) dprintf("multiqueue_cache: stat(\"%s\"): %s\n", name, errstring(errno)); return FALSE; } } # endif /* HASLSTAT */ if (!S_ISDIR(statb.st_mode)) { if (tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": Not a directory\n", name); return FALSE; } /* Print a warning if unsafe (but still use it) */ i = safedirpath(name, RunAsUid, RunAsGid, NULL, sff, 0, 0); if (i != 0 && tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": Not safe: %s\n", name, errstring(i)); return TRUE; } /* ** MULTIQUEUE_CACHE -- cache a list of paths to queues. ** ** Each potential queue is checked as the cache is built. ** Thereafter, each is blindly trusted. ** Note that we can be called again after a timeout to rebuild ** (although code for that is not ready yet). ** ** Parameters: ** none ** ** Returns: ** none */ void multiqueue_cache() { register DIR *dp; register struct dirent *d; char *cp; int i, len; int slotsleft = 0; long sff = SFF_ANYFILE; char qpath[MAXPATHLEN]; char subdir[MAXPATHLEN]; if (tTd(41, 20)) dprintf("multiqueue_cache: called\n"); if (NumQueues != 0 && QPaths != NULL) { for (i = 0; i < NumQueues; i++) { if (QPaths[i].qp_name != NULL) (void) free(QPaths[i].qp_name); } (void) free((char *)QPaths); QPaths = NULL; NumQueues = 0; } /* If running as root, allow safedirpath() checks to use privs */ if (RunAsUid == 0) sff |= SFF_ROOTOK; (void) snprintf(qpath, sizeof qpath, "%s", QueueDir); len = strlen(qpath) - 1; cp = &qpath[len]; if (*cp == '*') { *cp = '\0'; if ((cp = strrchr(qpath, '/')) == NULL) { syserr("QueueDirectory: can not wildcard relative path"); if (tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": Can not wildcard relative path.\n", - QueueDir); + qpath); ExitStat = EX_CONFIG; return; } if (cp == qpath) { /* ** Special case of top level wildcard, like /foo* */ (void) snprintf(qpath + 1, sizeof qpath - 1, "%s", qpath); ++cp; } *(cp++) = '\0'; len = strlen(cp); if (tTd(41, 2)) dprintf("multiqueue_cache: prefix=\"%s\"\n", cp); QueueDir = newstr(qpath); /* ** XXX Should probably wrap this whole loop in a timeout ** in case some wag decides to NFS mount the queues. */ /* test path to get warning messages */ i= safedirpath(QueueDir, RunAsUid, RunAsGid, NULL, sff, 0, 0); if (i != 0 && tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": Not safe: %s\n", QueueDir, errstring(i)); if (chdir(QueueDir) < 0) { syserr("can not chdir(%s)", QueueDir); if (tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": %s\n", qpath, errstring(errno)); ExitStat = EX_CONFIG; return; } if ((dp = opendir(".")) == NULL) { syserr("can not opendir(%s)", QueueDir); if (tTd(41, 2)) dprintf("multiqueue_cache: opendir(\"%s\"): %s\n", QueueDir, errstring(errno)); ExitStat = EX_CONFIG; return; } while ((d = readdir(dp)) != NULL) { if (strncmp(d->d_name, cp, len) != 0) { if (tTd(41, 5)) dprintf("multiqueue_cache: \"%s\", skipped\n", d->d_name); continue; } if (!chkqdir(d->d_name, sff)) continue; if (QPaths == NULL) { slotsleft = 20; QPaths = (QPATHS *)xalloc((sizeof *QPaths) * slotsleft); NumQueues = 0; } else if (slotsleft < 1) { QPaths = (QPATHS *)realloc((char *)QPaths, (sizeof *QPaths) * (NumQueues + 10)); if (QPaths == NULL) { (void) closedir(dp); return; } slotsleft += 10; } /* check subdirs */ QPaths[NumQueues].qp_subdirs = QP_NOSUB; (void) snprintf(subdir, sizeof subdir, "%s/%s/%s", qpath, d->d_name, "qf"); if (chkqdir(subdir, sff)) QPaths[NumQueues].qp_subdirs |= QP_SUBQF; (void) snprintf(subdir, sizeof subdir, "%s/%s/%s", qpath, d->d_name, "df"); if (chkqdir(subdir, sff)) QPaths[NumQueues].qp_subdirs |= QP_SUBDF; (void) snprintf(subdir, sizeof subdir, "%s/%s/%s", qpath, d->d_name, "xf"); if (chkqdir(subdir, sff)) QPaths[NumQueues].qp_subdirs |= QP_SUBXF; /* assert(strlen(d->d_name) < MAXPATHLEN - 14) */ /* maybe even - 17 (subdirs) */ QPaths[NumQueues].qp_name = newstr(d->d_name); if (tTd(41, 2)) dprintf("multiqueue_cache: %d: \"%s\" cached (%x).\n", NumQueues, d->d_name, QPaths[NumQueues].qp_subdirs); NumQueues++; slotsleft--; } (void) closedir(dp); } if (NumQueues == 0) { if (*cp != '*' && tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": No wildcard suffix character\n", QueueDir); QPaths = (QPATHS *)xalloc(sizeof *QPaths); QPaths[0].qp_name = newstr("."); QPaths[0].qp_subdirs = QP_NOSUB; NumQueues = 1; /* test path to get warning messages */ (void) safedirpath(QueueDir, RunAsUid, RunAsGid, NULL, sff, 0, 0); if (chdir(QueueDir) < 0) { syserr("can not chdir(%s)", QueueDir); if (tTd(41, 2)) dprintf("multiqueue_cache: \"%s\": %s\n", QueueDir, errstring(errno)); ExitStat = EX_CONFIG; } /* check subdirs */ (void) snprintf(subdir, sizeof subdir, "%s/qf", QueueDir); if (chkqdir(subdir, sff)) QPaths[0].qp_subdirs |= QP_SUBQF; (void) snprintf(subdir, sizeof subdir, "%s/df", QueueDir); if (chkqdir(subdir, sff)) QPaths[0].qp_subdirs |= QP_SUBDF; (void) snprintf(subdir, sizeof subdir, "%s/xf", QueueDir); if (chkqdir(subdir, sff)) QPaths[0].qp_subdirs |= QP_SUBXF; } } # if 0 /* ** HASHFQN -- calculate a hash value for a fully qualified host name ** ** Arguments: ** fqn -- an all lower-case host.domain string ** buckets -- the number of buckets (queue directories) ** ** Returns: ** a bucket number (signed integer) ** -1 on error ** ** Contributed by Exactis.com, Inc. */ int hashfqn(fqn, buckets) register char *fqn; int buckets; { register char *p; register int h = 0, hash, cnt; # define WATERINC (1000) if (fqn == NULL) return -1; /* ** A variation on the gdb hash ** This is the best as of Feb 19, 1996 --bcx */ p = fqn; h = 0x238F13AF * strlen(p); for (cnt = 0; *p != 0; ++p, cnt++) { h = (h + (*p << (cnt * 5 % 24))) & 0x7FFFFFFF; } h = (1103515243 * h + 12345) & 0x7FFFFFFF; if (buckets < 2) hash = 0; else hash = (h % buckets); return hash; } # endif /* 0 */ # if _FFR_QUEUEDELAY /* ** QUEUEDELAY -- compute queue delay time ** ** Parameters: ** e -- the envelope to queue up. ** ** Returns: ** queue delay time ** ** Side Effects: ** may change e_queuedelay */ static time_t queuedelay(e) ENVELOPE *e; { time_t qd; if (e->e_queuealg == QD_EXP) { if (e->e_queuedelay == 0) e->e_queuedelay = QueueInitDelay; else { e->e_queuedelay *= 2; if (e->e_queuedelay > QueueMaxDelay) e->e_queuedelay = QueueMaxDelay; } qd = e->e_queuedelay; } else qd = MinQueueAge; return qd; } # endif /* _FFR_QUEUEDELAY */ #endif /* QUEUE */ Index: stable/4/contrib/sendmail/src/readcf.c =================================================================== --- stable/4/contrib/sendmail/src/readcf.c (revision 71887) +++ stable/4/contrib/sendmail/src/readcf.c (revision 71888) @@ -1,3620 +1,3667 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: readcf.c,v 8.382.4.27 2000/09/28 01:31:16 gshapiro Exp $"; +static char id[] = "@(#)$Id: readcf.c,v 8.382.4.31 2000/12/18 18:00:43 ca Exp $"; #endif /* ! lint */ #include #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ #define SECONDS #define MINUTES * 60 #define HOUR * 3600 #define HOURS HOUR static void fileclass __P((int, char *, char *, bool, bool)); static char **makeargv __P((char *)); static void settimeout __P((char *, char *, bool)); static void toomany __P((int, int)); /* ** READCF -- read configuration file. ** ** This routine reads the configuration file and builds the internal ** form. ** ** The file is formatted as a sequence of lines, each taken ** atomically. The first character of each line describes how ** the line is to be interpreted. The lines are: ** Dxval Define macro x to have value val. ** Cxword Put word into class x. ** Fxfile [fmt] Read file for lines to put into ** class x. Use scanf string 'fmt' ** or "%s" if not present. Fmt should ** only produce one string-valued result. ** Hname: value Define header with field-name 'name' ** and value as specified; this will be ** macro expanded immediately before ** use. ** Sn Use rewriting set n. ** Rlhs rhs Rewrite addresses that match lhs to ** be rhs. ** Mn arg=val... Define mailer. n is the internal name. ** Args specify mailer parameters. ** Oxvalue Set option x to value. ** Pname=value Set precedence name to value. ** Vversioncode[/vendorcode] ** Version level/vendor name of ** configuration syntax. ** Kmapname mapclass arguments.... ** Define keyed lookup of a given class. ** Arguments are class dependent. ** Eenvar=value Set the environment value to the given value. ** ** Parameters: ** cfname -- configuration file name. ** safe -- TRUE if this is the system config file; ** FALSE otherwise. ** e -- the main envelope. ** ** Returns: ** none. ** ** Side Effects: ** Builds several internal tables. */ void readcf(cfname, safe, e) char *cfname; bool safe; register ENVELOPE *e; { FILE *cf; int ruleset = -1; char *q; struct rewrite *rwp = NULL; char *bp; auto char *ep; int nfuzzy; char *file; bool optional; int mid; register char *p; long sff = SFF_OPENASROOT; struct stat statb; char buf[MAXLINE]; char exbuf[MAXLINE]; char pvpbuf[MAXLINE + MAXATOM]; static char *null_list[1] = { NULL }; extern u_char TokTypeNoC[]; FileName = cfname; LineNumber = 0; if (DontLockReadFiles) sff |= SFF_NOLOCK; cf = safefopen(cfname, O_RDONLY, 0444, sff); if (cf == NULL) { syserr("cannot open"); finis(FALSE, EX_OSFILE); } if (fstat(fileno(cf), &statb) < 0) { syserr("cannot fstat"); finis(FALSE, EX_OSFILE); } if (!S_ISREG(statb.st_mode)) { syserr("not a plain file"); finis(FALSE, EX_OSFILE); } if (OpMode != MD_TEST && bitset(S_IWGRP|S_IWOTH, statb.st_mode)) { if (OpMode == MD_DAEMON || OpMode == MD_INITALIAS) fprintf(stderr, "%s: WARNING: dangerous write permissions\n", FileName); if (LogLevel > 0) sm_syslog(LOG_CRIT, NOQID, "%s: WARNING: dangerous write permissions", FileName); } #ifdef XLA xla_zero(); #endif /* XLA */ while ((bp = fgetfolded(buf, sizeof buf, cf)) != NULL) { if (bp[0] == '#') { if (bp != buf) free(bp); continue; } /* do macro expansion mappings */ translate_dollars(bp); /* interpret this line */ errno = 0; switch (bp[0]) { case '\0': case '#': /* comment */ break; case 'R': /* rewriting rule */ if (ruleset < 0) { syserr("missing valid ruleset for \"%s\"", bp); break; } for (p = &bp[1]; *p != '\0' && *p != '\t'; p++) continue; if (*p == '\0') { syserr("invalid rewrite line \"%s\" (tab expected)", bp); break; } /* allocate space for the rule header */ if (rwp == NULL) { RewriteRules[ruleset] = rwp = (struct rewrite *) xalloc(sizeof *rwp); } else { rwp->r_next = (struct rewrite *) xalloc(sizeof *rwp); rwp = rwp->r_next; } rwp->r_next = NULL; /* expand and save the LHS */ *p = '\0'; expand(&bp[1], exbuf, sizeof exbuf, e); rwp->r_lhs = prescan(exbuf, '\t', pvpbuf, sizeof pvpbuf, NULL, ConfigLevel >= 9 ? TokTypeNoC : NULL); nfuzzy = 0; if (rwp->r_lhs != NULL) { register char **ap; rwp->r_lhs = copyplist(rwp->r_lhs, TRUE); /* count the number of fuzzy matches in LHS */ for (ap = rwp->r_lhs; *ap != NULL; ap++) { char *botch; botch = NULL; switch (**ap & 0377) { case MATCHZANY: case MATCHANY: case MATCHONE: case MATCHCLASS: case MATCHNCLASS: nfuzzy++; break; case MATCHREPL: botch = "$0-$9"; break; case CANONUSER: botch = "$:"; break; case CALLSUBR: botch = "$>"; break; case CONDIF: botch = "$?"; break; case CONDFI: botch = "$."; break; case HOSTBEGIN: botch = "$["; break; case HOSTEND: botch = "$]"; break; case LOOKUPBEGIN: botch = "$("; break; case LOOKUPEND: botch = "$)"; break; } if (botch != NULL) syserr("Inappropriate use of %s on LHS", botch); } rwp->r_line = LineNumber; } else { syserr("R line: null LHS"); rwp->r_lhs = null_list; } /* expand and save the RHS */ while (*++p == '\t') continue; q = p; while (*p != '\0' && *p != '\t') p++; *p = '\0'; expand(q, exbuf, sizeof exbuf, e); rwp->r_rhs = prescan(exbuf, '\t', pvpbuf, sizeof pvpbuf, NULL, ConfigLevel >= 9 ? TokTypeNoC : NULL); if (rwp->r_rhs != NULL) { register char **ap; rwp->r_rhs = copyplist(rwp->r_rhs, TRUE); /* check no out-of-bounds replacements */ nfuzzy += '0'; for (ap = rwp->r_rhs; *ap != NULL; ap++) { char *botch; botch = NULL; switch (**ap & 0377) { case MATCHREPL: if ((*ap)[1] <= '0' || (*ap)[1] > nfuzzy) { syserr("replacement $%c out of bounds", (*ap)[1]); } break; case MATCHZANY: botch = "$*"; break; case MATCHANY: botch = "$+"; break; case MATCHONE: botch = "$-"; break; case MATCHCLASS: botch = "$="; break; case MATCHNCLASS: botch = "$~"; break; } if (botch != NULL) syserr("Inappropriate use of %s on RHS", botch); } } else { syserr("R line: null RHS"); rwp->r_rhs = null_list; } break; case 'S': /* select rewriting set */ expand(&bp[1], exbuf, sizeof exbuf, e); ruleset = strtorwset(exbuf, NULL, ST_ENTER); if (ruleset < 0) break; rwp = RewriteRules[ruleset]; if (rwp != NULL) { if (OpMode == MD_TEST) printf("WARNING: Ruleset %s has multiple definitions\n", &bp[1]); if (tTd(37, 1)) dprintf("WARNING: Ruleset %s has multiple definitions\n", &bp[1]); while (rwp->r_next != NULL) rwp = rwp->r_next; } break; case 'D': /* macro definition */ mid = macid(&bp[1], &ep); + if (mid == 0) + break; p = munchstring(ep, NULL, '\0'); define(mid, newstr(p), e); break; case 'H': /* required header line */ (void) chompheader(&bp[1], CHHDR_DEF, NULL, e); break; case 'C': /* word class */ case 'T': /* trusted user (set class `t') */ if (bp[0] == 'C') { mid = macid(&bp[1], &ep); + if (mid == 0) + break; expand(ep, exbuf, sizeof exbuf, e); p = exbuf; } else { mid = 't'; p = &bp[1]; } while (*p != '\0') { register char *wd; char delim; while (*p != '\0' && isascii(*p) && isspace(*p)) p++; wd = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; delim = *p; *p = '\0'; if (wd[0] != '\0') setclass(mid, wd); *p = delim; } break; case 'F': /* word class from file */ mid = macid(&bp[1], &ep); + if (mid == 0) + break; for (p = ep; isascii(*p) && isspace(*p); ) p++; if (p[0] == '-' && p[1] == 'o') { optional = TRUE; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; while (isascii(*p) && isspace(*p)) p++; } else optional = FALSE; file = p; q = p; while (*q != '\0' && !(isascii(*q) && isspace(*q))) q++; if (*file == '|') p = "%s"; else { p = q; if (*p == '\0') p = "%s"; else { *p = '\0'; while (isascii(*++p) && isspace(*p)) continue; } } fileclass(mid, file, p, safe, optional); break; #ifdef XLA case 'L': /* extended load average description */ xla_init(&bp[1]); break; #endif /* XLA */ #if defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO) case 'L': /* lookup macro */ case 'G': /* lookup class */ /* reserved for Sun -- NIS+ database lookup */ if (VendorCode != VENDOR_SUN) goto badline; sun_lg_config_line(bp, e); break; #endif /* defined(SUN_EXTENSIONS) && defined(SUN_LOOKUP_MACRO) */ case 'M': /* define mailer */ makemailer(&bp[1]); break; case 'O': /* set option */ setoption(bp[1], &bp[2], safe, FALSE, e); break; case 'P': /* set precedence */ if (NumPriorities >= MAXPRIORITIES) { toomany('P', MAXPRIORITIES); break; } for (p = &bp[1]; *p != '\0' && *p != '='; p++) continue; if (*p == '\0') goto badline; *p = '\0'; Priorities[NumPriorities].pri_name = newstr(&bp[1]); Priorities[NumPriorities].pri_val = atoi(++p); NumPriorities++; break; case 'V': /* configuration syntax version */ for (p = &bp[1]; isascii(*p) && isspace(*p); p++) continue; if (!isascii(*p) || !isdigit(*p)) { syserr("invalid argument to V line: \"%.20s\"", &bp[1]); break; } ConfigLevel = strtol(p, &ep, 10); /* ** Do heuristic tweaking for back compatibility. */ if (ConfigLevel >= 5) { /* level 5 configs have short name in $w */ p = macvalue('w', e); if (p != NULL && (p = strchr(p, '.')) != NULL) *p = '\0'; define('w', macvalue('w', e), e); } if (ConfigLevel >= 6) { ColonOkInAddr = FALSE; } /* ** Look for vendor code. */ if (*ep++ == '/') { /* extract vendor code */ for (p = ep; isascii(*p) && isalpha(*p); ) p++; *p = '\0'; if (!setvendor(ep)) syserr("invalid V line vendor code: \"%s\"", ep); } break; case 'K': expand(&bp[1], exbuf, sizeof exbuf, e); (void) makemapentry(exbuf); break; case 'E': p = strchr(bp, '='); if (p != NULL) *p++ = '\0'; setuserenv(&bp[1], p); break; #if _FFR_MILTER case 'X': /* mail filter */ milter_setup(&bp[1]); break; #endif /* _FFR_MILTER */ default: badline: syserr("unknown configuration line \"%s\"", bp); } if (bp != buf) free(bp); } if (ferror(cf)) { syserr("I/O read error"); finis(FALSE, EX_OSFILE); } (void) fclose(cf); FileName = NULL; /* initialize host maps from local service tables */ inithostmaps(); /* initialize daemon (if not defined yet) */ initdaemon(); /* determine if we need to do special name-server frotz */ { int nmaps; char *maptype[MAXMAPSTACK]; short mapreturn[MAXMAPACTIONS]; nmaps = switch_map_find("hosts", maptype, mapreturn); UseNameServer = FALSE; if (nmaps > 0 && nmaps <= MAXMAPSTACK) { register int mapno; for (mapno = 0; mapno < nmaps && !UseNameServer; mapno++) { if (strcmp(maptype[mapno], "dns") == 0) UseNameServer = TRUE; } } #ifdef HESIOD nmaps = switch_map_find("passwd", maptype, mapreturn); UseHesiod = FALSE; if (nmaps > 0 && nmaps <= MAXMAPSTACK) { register int mapno; for (mapno = 0; mapno < nmaps && !UseHesiod; mapno++) { if (strcmp(maptype[mapno], "hesiod") == 0) UseHesiod = TRUE; } } #endif /* HESIOD */ } } /* ** TRANSLATE_DOLLARS -- convert $x into internal form ** ** Actually does all appropriate pre-processing of a config line ** to turn it into internal form. ** ** Parameters: ** bp -- the buffer to translate. ** ** Returns: ** None. The buffer is translated in place. Since the ** translations always make the buffer shorter, this is ** safe without a size parameter. */ void translate_dollars(bp) char *bp; { register char *p; auto char *ep; for (p = bp; *p != '\0'; p++) { if (*p == '#' && p > bp && ConfigLevel >= 3) { /* this is an on-line comment */ register char *e; switch (*--p & 0377) { case MACROEXPAND: /* it's from $# -- let it go through */ p++; break; case '\\': /* it's backslash escaped */ (void) strlcpy(p, p + 1, strlen(p)); break; default: /* delete leading white space */ while (isascii(*p) && isspace(*p) && *p != '\n' && p > bp) p--; if ((e = strchr(++p, '\n')) != NULL) (void) strlcpy(p, e, strlen(p)); else *p-- = '\0'; break; } continue; } if (*p != '$' || p[1] == '\0') continue; if (p[1] == '$') { /* actual dollar sign.... */ (void) strlcpy(p, p + 1, strlen(p)); continue; } /* convert to macro expansion character */ *p++ = MACROEXPAND; /* special handling for $=, $~, $&, and $? */ if (*p == '=' || *p == '~' || *p == '&' || *p == '?') p++; /* convert macro name to code */ *p = macid(p, &ep); if (ep != p + 1) (void) strlcpy(p + 1, ep, strlen(p + 1)); } /* strip trailing white space from the line */ while (--p > bp && isascii(*p) && isspace(*p)) *p = '\0'; } /* ** TOOMANY -- signal too many of some option ** ** Parameters: ** id -- the id of the error line ** maxcnt -- the maximum possible values ** ** Returns: ** none. ** ** Side Effects: ** gives a syserr. */ static void toomany(id, maxcnt) int id; int maxcnt; { syserr("too many %c lines, %d max", id, maxcnt); } /* ** FILECLASS -- read members of a class from a file ** ** Parameters: ** class -- class to define. ** filename -- name of file to read. ** fmt -- scanf string to use for match. ** safe -- if set, this is a safe read. ** optional -- if set, it is not an error for the file to ** not exist. ** ** Returns: ** none ** ** Side Effects: ** ** puts all lines in filename that match a scanf into ** the named class. */ static void fileclass(class, filename, fmt, safe, optional) int class; char *filename; char *fmt; bool safe; bool optional; { FILE *f; long sff; pid_t pid; register char *p; char buf[MAXLINE]; if (tTd(37, 2)) dprintf("fileclass(%s, fmt=%s)\n", filename, fmt); if (filename[0] == '|') { auto int fd; int i; char *argv[MAXPV + 1]; i = 0; for (p = strtok(&filename[1], " \t"); p != NULL; p = strtok(NULL, " \t")) { if (i >= MAXPV) break; argv[i++] = p; } argv[i] = NULL; pid = prog_open(argv, &fd, CurEnv); if (pid < 0) f = NULL; else f = fdopen(fd, "r"); } else { pid = -1; sff = SFF_REGONLY; if (!bitnset(DBS_CLASSFILEINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; if (!bitnset(DBS_LINKEDCLASSFILEINWRITABLEDIR, DontBlameSendmail)) sff |= SFF_NOWLINK; if (safe) sff |= SFF_OPENASROOT; if (DontLockReadFiles) sff |= SFF_NOLOCK; f = safefopen(filename, O_RDONLY, 0, sff); } if (f == NULL) { if (!optional) syserr("fileclass: cannot open '%s'", filename); return; } while (fgets(buf, sizeof buf, f) != NULL) { #if SCANF char wordbuf[MAXLINE + 1]; #endif /* SCANF */ if (buf[0] == '#') continue; #if SCANF if (sscanf(buf, fmt, wordbuf) != 1) continue; p = wordbuf; #else /* SCANF */ p = buf; #endif /* SCANF */ /* ** Break up the match into words. */ while (*p != '\0') { register char *q; /* strip leading spaces */ while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; /* find the end of the word */ q = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; /* enter the word in the symbol table */ setclass(class, q); } } (void) fclose(f); if (pid > 0) (void) waitfor(pid); } /* ** MAKEMAILER -- define a new mailer. ** ** Parameters: ** line -- description of mailer. This is in labeled ** fields. The fields are: ** A -- the argv for this mailer ** C -- the character set for MIME conversions ** D -- the directory to run in ** E -- the eol string ** F -- the flags associated with the mailer ** L -- the maximum line length ** M -- the maximum message size ** N -- the niceness at which to run ** P -- the path to the mailer ** R -- the recipient rewriting set ** S -- the sender rewriting set ** T -- the mailer type (for DSNs) ** U -- the uid to run as ** W -- the time to wait at the end ** The first word is the canonical name of the mailer. ** ** Returns: ** none. ** ** Side Effects: ** enters the mailer into the mailer table. */ void makemailer(line) char *line; { register char *p; register struct mailer *m; register STAB *s; int i; char fcode; auto char *endp; extern int NextMailer; /* allocate a mailer and set up defaults */ m = (struct mailer *) xalloc(sizeof *m); memset((char *) m, '\0', sizeof *m); /* collect the mailer name */ for (p = line; *p != '\0' && *p != ',' && !(isascii(*p) && isspace(*p)); p++) continue; if (*p != '\0') *p++ = '\0'; if (line[0] == '\0') + { syserr("name required for mailer"); + return; + } m->m_name = newstr(line); /* now scan through and assign info from the fields */ while (*p != '\0') { auto char *delimptr; while (*p != '\0' && (*p == ',' || (isascii(*p) && isspace(*p)))) p++; /* p now points to field code */ fcode = *p; while (*p != '\0' && *p != '=' && *p != ',') p++; if (*p++ != '=') { syserr("mailer %s: `=' expected", m->m_name); return; } while (isascii(*p) && isspace(*p)) p++; /* p now points to the field body */ p = munchstring(p, &delimptr, ','); /* install the field into the mailer struct */ switch (fcode) { case 'P': /* pathname */ if (*p == '\0') syserr("mailer %s: empty path name", m->m_name); - m->m_mailer = newstr(p); + else + m->m_mailer = newstr(p); break; case 'F': /* flags */ for (; *p != '\0'; p++) if (!(isascii(*p) && isspace(*p))) - setbitn(*p, m->m_flags); + setbitn(bitidx(*p), m->m_flags); break; case 'S': /* sender rewriting ruleset */ case 'R': /* recipient rewriting ruleset */ i = strtorwset(p, &endp, ST_ENTER); if (i < 0) return; if (fcode == 'S') m->m_sh_rwset = m->m_se_rwset = i; else m->m_rh_rwset = m->m_re_rwset = i; p = endp; if (*p++ == '/') { i = strtorwset(p, NULL, ST_ENTER); if (i < 0) return; if (fcode == 'S') m->m_sh_rwset = i; else m->m_rh_rwset = i; } break; case 'E': /* end of line string */ if (*p == '\0') syserr("mailer %s: null end-of-line string", m->m_name); - m->m_eol = newstr(p); + else + m->m_eol = newstr(p); break; case 'A': /* argument vector */ if (*p == '\0') syserr("mailer %s: null argument vector", m->m_name); - m->m_argv = makeargv(p); + else + m->m_argv = makeargv(p); break; case 'M': /* maximum message size */ m->m_maxsize = atol(p); break; case 'm': /* maximum messages per connection */ m->m_maxdeliveries = atoi(p); break; #if _FFR_DYNAMIC_TOBUF case 'r': /* max recipient per envelope */ m->m_maxrcpt = atoi(p); break; #endif /* _FFR_DYNAMIC_TOBUF */ case 'L': /* maximum line length */ m->m_linelimit = atoi(p); if (m->m_linelimit < 0) m->m_linelimit = 0; break; case 'N': /* run niceness */ m->m_nice = atoi(p); break; case 'D': /* working directory */ if (*p == '\0') syserr("mailer %s: null working directory", m->m_name); - m->m_execdir = newstr(p); + else + m->m_execdir = newstr(p); break; case 'C': /* default charset */ if (*p == '\0') syserr("mailer %s: null charset", m->m_name); - m->m_defcharset = newstr(p); + else + m->m_defcharset = newstr(p); break; case 'T': /* MTA-Name/Address/Diagnostic types */ /* extract MTA name type; default to "dns" */ m->m_mtatype = newstr(p); p = strchr(m->m_mtatype, '/'); if (p != NULL) { *p++ = '\0'; if (*p == '\0') p = NULL; } if (*m->m_mtatype == '\0') m->m_mtatype = "dns"; /* extract address type; default to "rfc822" */ m->m_addrtype = p; if (p != NULL) p = strchr(p, '/'); if (p != NULL) { *p++ = '\0'; if (*p == '\0') p = NULL; } if (m->m_addrtype == NULL || *m->m_addrtype == '\0') m->m_addrtype = "rfc822"; /* extract diagnostic type; default to "smtp" */ m->m_diagtype = p; if (m->m_diagtype == NULL || *m->m_diagtype == '\0') m->m_diagtype = "smtp"; break; case 'U': /* user id */ if (isascii(*p) && !isdigit(*p)) { char *q = p; struct passwd *pw; while (*p != '\0' && isascii(*p) && (isalnum(*p) || strchr("-_", *p) != NULL)) p++; while (isascii(*p) && isspace(*p)) *p++ = '\0'; if (*p != '\0') *p++ = '\0'; if (*q == '\0') + { syserr("mailer %s: null user name", m->m_name); + break; + } pw = sm_getpwnam(q); if (pw == NULL) + { syserr("readcf: mailer U= flag: unknown user %s", q); + break; + } else { m->m_uid = pw->pw_uid; m->m_gid = pw->pw_gid; } } else { auto char *q; m->m_uid = strtol(p, &q, 0); p = q; while (isascii(*p) && isspace(*p)) p++; if (*p != '\0') p++; } while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; if (isascii(*p) && !isdigit(*p)) { char *q = p; struct group *gr; while (isascii(*p) && isalnum(*p)) p++; *p++ = '\0'; if (*q == '\0') + { syserr("mailer %s: null group name", m->m_name); + break; + } gr = getgrnam(q); if (gr == NULL) + { syserr("readcf: mailer U= flag: unknown group %s", q); + break; + } else m->m_gid = gr->gr_gid; } else { m->m_gid = strtol(p, NULL, 0); } break; case 'W': /* wait timeout */ m->m_wait = convtime(p, 's'); break; case '/': /* new root directory */ if (*p == '\0') syserr("mailer %s: null root directory", m->m_name); else m->m_rootdir = newstr(p); break; default: syserr("M%s: unknown mailer equate %c=", m->m_name, fcode); break; } p = delimptr; } /* do some rationality checking */ if (m->m_argv == NULL) { syserr("M%s: A= argument required", m->m_name); return; } if (m->m_mailer == NULL) { syserr("M%s: P= argument required", m->m_name); return; } if (NextMailer >= MAXMAILERS) { syserr("too many mailers defined (%d max)", MAXMAILERS); return; } #if _FFR_DYNAMIC_TOBUF if (m->m_maxrcpt <= 0) m->m_maxrcpt = DEFAULT_MAX_RCPT; #endif /* _FFR_DYNAMIC_TOBUF */ /* do some heuristic cleanup for back compatibility */ if (bitnset(M_LIMITS, m->m_flags)) { if (m->m_linelimit == 0) m->m_linelimit = SMTPLINELIM; if (ConfigLevel < 2) setbitn(M_7BITS, m->m_flags); } if (strcmp(m->m_mailer, "[TCP]") == 0) { #if _FFR_REMOVE_TCP_MAILER_PATH syserr("M%s: P=[TCP] is deprecated, use P=[IPC] instead\n", m->m_name); + return; #else /* _FFR_REMOVE_TCP_MAILER_PATH */ printf("M%s: Warning: P=[TCP] is deprecated, use P=[IPC] instead\n", m->m_name); #endif /* _FFR_REMOVE_TCP_MAILER_PATH */ } if (strcmp(m->m_mailer, "[IPC]") == 0 #if !_FFR_REMOVE_TCP_MAILER_PATH || strcmp(m->m_mailer, "[TCP]") == 0 #endif /* !_FFR_REMOVE_TCP_MAILER_PATH */ ) { /* Use the second argument for host or path to socket */ if (m->m_argv[0] == NULL || m->m_argv[1] == NULL || m->m_argv[1][0] == '\0') { syserr("M%s: too few parameters for %s mailer", m->m_name, m->m_mailer); + return; } if (strcmp(m->m_argv[0], "TCP") != 0 #if NETUNIX && strcmp(m->m_argv[0], "FILE") != 0 #endif /* NETUNIX */ #if !_FFR_DEPRECATE_IPC_MAILER_ARG && strcmp(m->m_argv[0], "IPC") != 0 #endif /* !_FFR_DEPRECATE_IPC_MAILER_ARG */ ) { printf("M%s: Warning: first argument in %s mailer must be %s\n", m->m_name, m->m_mailer, #if NETUNIX "TCP or FILE" #else /* NETUNIX */ "TCP" #endif /* NETUNIX */ ); } } else if (strcmp(m->m_mailer, "[FILE]") == 0) { /* Use the second argument for filename */ if (m->m_argv[0] == NULL || m->m_argv[1] == NULL || m->m_argv[2] != NULL) { syserr("M%s: too %s parameters for [FILE] mailer", m->m_name, (m->m_argv[0] == NULL || m->m_argv[1] == NULL) ? "few" : "many"); + return; } else if (strcmp(m->m_argv[0], "FILE") != 0) { syserr("M%s: first argument in [FILE] mailer must be FILE", m->m_name); + return; } } if (strcmp(m->m_mailer, "[IPC]") == 0 || strcmp(m->m_mailer, "[TCP]") == 0) { if (m->m_mtatype == NULL) m->m_mtatype = "dns"; if (m->m_addrtype == NULL) m->m_addrtype = "rfc822"; if (m->m_diagtype == NULL) { if (m->m_argv[0] != NULL && strcmp(m->m_argv[0], "FILE") == 0) m->m_diagtype = "x-unix"; else m->m_diagtype = "smtp"; } } if (m->m_eol == NULL) { char **pp; /* default for SMTP is \r\n; use \n for local delivery */ for (pp = m->m_argv; *pp != NULL; pp++) { for (p = *pp; *p != '\0'; ) { if ((*p++ & 0377) == MACROEXPAND && *p == 'u') break; } if (*p != '\0') break; } if (*pp == NULL) m->m_eol = "\r\n"; else m->m_eol = "\n"; } /* enter the mailer into the symbol table */ s = stab(m->m_name, ST_MAILER, ST_ENTER); if (s->s_mailer != NULL) { i = s->s_mailer->m_mno; free(s->s_mailer); } else { i = NextMailer++; } Mailer[i] = s->s_mailer = m; m->m_mno = i; } /* ** MUNCHSTRING -- translate a string into internal form. ** ** Parameters: ** p -- the string to munch. ** delimptr -- if non-NULL, set to the pointer of the ** field delimiter character. ** delim -- the delimiter for the field. ** ** Returns: ** the munched string. ** ** Side Effects: ** the munched string is a local static buffer. ** it must be copied before the function is called again. */ char * munchstring(p, delimptr, delim) register char *p; char **delimptr; int delim; { register char *q; bool backslash = FALSE; bool quotemode = FALSE; static char buf[MAXLINE]; for (q = buf; *p != '\0' && q < &buf[sizeof buf - 1]; p++) { if (backslash) { /* everything is roughly literal */ backslash = FALSE; switch (*p) { case 'r': /* carriage return */ *q++ = '\r'; continue; case 'n': /* newline */ *q++ = '\n'; continue; case 'f': /* form feed */ *q++ = '\f'; continue; case 'b': /* backspace */ *q++ = '\b'; continue; } *q++ = *p; } else { if (*p == '\\') backslash = TRUE; else if (*p == '"') quotemode = !quotemode; else if (quotemode || *p != delim) *q++ = *p; else break; } } if (delimptr != NULL) *delimptr = p; *q++ = '\0'; return buf; } /* ** MAKEARGV -- break up a string into words ** ** Parameters: ** p -- the string to break up. ** ** Returns: ** a char **argv (dynamically allocated) ** ** Side Effects: ** munges p. */ static char ** makeargv(p) register char *p; { char *q; int i; char **avp; char *argv[MAXPV + 1]; /* take apart the words */ i = 0; while (*p != '\0' && i < MAXPV) { q = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; while (isascii(*p) && isspace(*p)) *p++ = '\0'; argv[i++] = newstr(q); } argv[i++] = NULL; /* now make a copy of the argv */ avp = (char **) xalloc(sizeof *avp * i); memmove((char *) avp, (char *) argv, sizeof *avp * i); return avp; } /* ** PRINTRULES -- print rewrite rules (for debugging) ** ** Parameters: ** none. ** ** Returns: ** none. ** ** Side Effects: ** prints rewrite rules. */ void printrules() { register struct rewrite *rwp; register int ruleset; for (ruleset = 0; ruleset < 10; ruleset++) { if (RewriteRules[ruleset] == NULL) continue; printf("\n----Rule Set %d:", ruleset); for (rwp = RewriteRules[ruleset]; rwp != NULL; rwp = rwp->r_next) { printf("\nLHS:"); printav(rwp->r_lhs); printf("RHS:"); printav(rwp->r_rhs); } } } /* ** PRINTMAILER -- print mailer structure (for debugging) ** ** Parameters: ** m -- the mailer to print ** ** Returns: ** none. */ void printmailer(m) register MAILER *m; { int j; printf("mailer %d (%s): P=%s S=", m->m_mno, m->m_name, m->m_mailer); if (RuleSetNames[m->m_se_rwset] == NULL) printf("%d/", m->m_se_rwset); else printf("%s/", RuleSetNames[m->m_se_rwset]); if (RuleSetNames[m->m_sh_rwset] == NULL) printf("%d R=", m->m_sh_rwset); else printf("%s R=", RuleSetNames[m->m_sh_rwset]); if (RuleSetNames[m->m_re_rwset] == NULL) printf("%d/", m->m_re_rwset); else printf("%s/", RuleSetNames[m->m_re_rwset]); if (RuleSetNames[m->m_rh_rwset] == NULL) printf("%d ", m->m_rh_rwset); else printf("%s ", RuleSetNames[m->m_rh_rwset]); printf("M=%ld U=%d:%d F=", m->m_maxsize, (int) m->m_uid, (int) m->m_gid); for (j = '\0'; j <= '\177'; j++) if (bitnset(j, m->m_flags)) (void) putchar(j); printf(" L=%d E=", m->m_linelimit); xputs(m->m_eol); if (m->m_defcharset != NULL) printf(" C=%s", m->m_defcharset); printf(" T=%s/%s/%s", m->m_mtatype == NULL ? "" : m->m_mtatype, m->m_addrtype == NULL ? "" : m->m_addrtype, m->m_diagtype == NULL ? "" : m->m_diagtype); #if _FFR_DYNAMIC_TOBUF printf(" r=%d", m->m_maxrcpt); #endif /* _FFR_DYNAMIC_TOBUF */ if (m->m_argv != NULL) { char **a = m->m_argv; printf(" A="); while (*a != NULL) { if (a != m->m_argv) printf(" "); xputs(*a++); } } printf("\n"); } /* ** SETOPTION -- set global processing option ** ** Parameters: ** opt -- option name. ** val -- option value (as a text string). ** safe -- set if this came from a configuration file. ** Some options (if set from the command line) will ** reset the user id to avoid security problems. ** sticky -- if set, don't let other setoptions override ** this value. ** e -- the main envelope. ** ** Returns: ** none. ** ** Side Effects: ** Sets options as implied by the arguments. */ static BITMAP256 StickyOpt; /* set if option is stuck */ #if NAMED_BIND static struct resolverflags { char *rf_name; /* name of the flag */ long rf_bits; /* bits to set/clear */ } ResolverFlags[] = { { "debug", RES_DEBUG }, { "aaonly", RES_AAONLY }, { "usevc", RES_USEVC }, { "primary", RES_PRIMARY }, { "igntc", RES_IGNTC }, { "recurse", RES_RECURSE }, { "defnames", RES_DEFNAMES }, { "stayopen", RES_STAYOPEN }, { "dnsrch", RES_DNSRCH }, { "true", 0 }, /* avoid error on old syntax */ { NULL, 0 } }; #endif /* NAMED_BIND */ #define OI_NONE 0 /* no special treatment */ #define OI_SAFE 0x0001 /* safe for random people to use */ #define OI_SUBOPT 0x0002 /* option has suboptions */ static struct optioninfo { char *o_name; /* long name of option */ u_char o_code; /* short name of option */ u_short o_flags; /* option flags */ } OptionTab[] = { #if defined(SUN_EXTENSIONS) && defined(REMOTE_MODE) { "RemoteMode", '>', OI_NONE }, #endif /* defined(SUN_EXTENSIONS) && defined(REMOTE_MODE) */ { "SevenBitInput", '7', OI_SAFE }, #if MIME8TO7 { "EightBitMode", '8', OI_SAFE }, #endif /* MIME8TO7 */ { "AliasFile", 'A', OI_NONE }, { "AliasWait", 'a', OI_NONE }, { "BlankSub", 'B', OI_NONE }, { "MinFreeBlocks", 'b', OI_SAFE }, { "CheckpointInterval", 'C', OI_SAFE }, { "HoldExpensive", 'c', OI_NONE }, #if !_FFR_REMOVE_AUTOREBUILD { "AutoRebuildAliases", 'D', OI_NONE }, #endif /* !_FFR_REMOVE_AUTOREBUILD */ { "DeliveryMode", 'd', OI_SAFE }, { "ErrorHeader", 'E', OI_NONE }, { "ErrorMode", 'e', OI_SAFE }, { "TempFileMode", 'F', OI_NONE }, { "SaveFromLine", 'f', OI_NONE }, { "MatchGECOS", 'G', OI_NONE }, { "HelpFile", 'H', OI_NONE }, { "MaxHopCount", 'h', OI_NONE }, { "ResolverOptions", 'I', OI_NONE }, { "IgnoreDots", 'i', OI_SAFE }, { "ForwardPath", 'J', OI_NONE }, { "SendMimeErrors", 'j', OI_SAFE }, { "ConnectionCacheSize", 'k', OI_NONE }, { "ConnectionCacheTimeout", 'K', OI_NONE }, { "UseErrorsTo", 'l', OI_NONE }, { "LogLevel", 'L', OI_SAFE }, { "MeToo", 'm', OI_SAFE }, { "CheckAliases", 'n', OI_NONE }, { "OldStyleHeaders", 'o', OI_SAFE }, { "DaemonPortOptions", 'O', OI_NONE }, { "PrivacyOptions", 'p', OI_SAFE }, { "PostmasterCopy", 'P', OI_NONE }, { "QueueFactor", 'q', OI_NONE }, { "QueueDirectory", 'Q', OI_NONE }, { "DontPruneRoutes", 'R', OI_NONE }, { "Timeout", 'r', OI_SUBOPT }, { "StatusFile", 'S', OI_NONE }, { "SuperSafe", 's', OI_SAFE }, { "QueueTimeout", 'T', OI_NONE }, { "TimeZoneSpec", 't', OI_NONE }, { "UserDatabaseSpec", 'U', OI_NONE }, { "DefaultUser", 'u', OI_NONE }, { "FallbackMXhost", 'V', OI_NONE }, { "Verbose", 'v', OI_SAFE }, { "TryNullMXList", 'w', OI_NONE }, { "QueueLA", 'x', OI_NONE }, { "RefuseLA", 'X', OI_NONE }, { "RecipientFactor", 'y', OI_NONE }, { "ForkEachJob", 'Y', OI_NONE }, { "ClassFactor", 'z', OI_NONE }, { "RetryFactor", 'Z', OI_NONE }, #define O_QUEUESORTORD 0x81 { "QueueSortOrder", O_QUEUESORTORD, OI_SAFE }, #define O_HOSTSFILE 0x82 { "HostsFile", O_HOSTSFILE, OI_NONE }, #define O_MQA 0x83 { "MinQueueAge", O_MQA, OI_SAFE }, #define O_DEFCHARSET 0x85 { "DefaultCharSet", O_DEFCHARSET, OI_SAFE }, #define O_SSFILE 0x86 { "ServiceSwitchFile", O_SSFILE, OI_NONE }, #define O_DIALDELAY 0x87 { "DialDelay", O_DIALDELAY, OI_SAFE }, #define O_NORCPTACTION 0x88 { "NoRecipientAction", O_NORCPTACTION, OI_SAFE }, #define O_SAFEFILEENV 0x89 { "SafeFileEnvironment", O_SAFEFILEENV, OI_NONE }, #define O_MAXMSGSIZE 0x8a { "MaxMessageSize", O_MAXMSGSIZE, OI_NONE }, #define O_COLONOKINADDR 0x8b { "ColonOkInAddr", O_COLONOKINADDR, OI_SAFE }, #define O_MAXQUEUERUN 0x8c { "MaxQueueRunSize", O_MAXQUEUERUN, OI_SAFE }, #define O_MAXCHILDREN 0x8d { "MaxDaemonChildren", O_MAXCHILDREN, OI_NONE }, #define O_KEEPCNAMES 0x8e { "DontExpandCnames", O_KEEPCNAMES, OI_NONE }, #define O_MUSTQUOTE 0x8f { "MustQuoteChars", O_MUSTQUOTE, OI_NONE }, #define O_SMTPGREETING 0x90 { "SmtpGreetingMessage", O_SMTPGREETING, OI_NONE }, #define O_UNIXFROM 0x91 { "UnixFromLine", O_UNIXFROM, OI_NONE }, #define O_OPCHARS 0x92 { "OperatorChars", O_OPCHARS, OI_NONE }, #define O_DONTINITGRPS 0x93 { "DontInitGroups", O_DONTINITGRPS, OI_NONE }, #define O_SLFH 0x94 { "SingleLineFromHeader", O_SLFH, OI_SAFE }, #define O_ABH 0x95 { "AllowBogusHELO", O_ABH, OI_SAFE }, #define O_CONNTHROT 0x97 { "ConnectionRateThrottle", O_CONNTHROT, OI_NONE }, #define O_UGW 0x99 { "UnsafeGroupWrites", O_UGW, OI_NONE }, #define O_DBLBOUNCE 0x9a { "DoubleBounceAddress", O_DBLBOUNCE, OI_NONE }, #define O_HSDIR 0x9b { "HostStatusDirectory", O_HSDIR, OI_NONE }, #define O_SINGTHREAD 0x9c { "SingleThreadDelivery", O_SINGTHREAD, OI_NONE }, #define O_RUNASUSER 0x9d { "RunAsUser", O_RUNASUSER, OI_NONE }, #define O_DSN_RRT 0x9e { "RrtImpliesDsn", O_DSN_RRT, OI_NONE }, #define O_PIDFILE 0x9f { "PidFile", O_PIDFILE, OI_NONE }, #define O_DONTBLAMESENDMAIL 0xa0 { "DontBlameSendmail", O_DONTBLAMESENDMAIL, OI_NONE }, #define O_DPI 0xa1 { "DontProbeInterfaces", O_DPI, OI_NONE }, #define O_MAXRCPT 0xa2 { "MaxRecipientsPerMessage", O_MAXRCPT, OI_SAFE }, #define O_DEADLETTER 0xa3 { "DeadLetterDrop", O_DEADLETTER, OI_NONE }, #if _FFR_DONTLOCKFILESFORREAD_OPTION # define O_DONTLOCK 0xa4 { "DontLockFilesForRead", O_DONTLOCK, OI_NONE }, #endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */ #define O_MAXALIASRCSN 0xa5 { "MaxAliasRecursion", O_MAXALIASRCSN, OI_NONE }, #define O_CNCTONLYTO 0xa6 { "ConnectOnlyTo", O_CNCTONLYTO, OI_NONE }, #define O_TRUSTUSER 0xa7 { "TrustedUser", O_TRUSTUSER, OI_NONE }, #define O_MAXMIMEHDRLEN 0xa8 { "MaxMimeHeaderLength", O_MAXMIMEHDRLEN, OI_NONE }, #define O_CONTROLSOCKET 0xa9 { "ControlSocketName", O_CONTROLSOCKET, OI_NONE }, #define O_MAXHDRSLEN 0xaa { "MaxHeadersLength", O_MAXHDRSLEN, OI_NONE }, #if _FFR_MAX_FORWARD_ENTRIES # define O_MAXFORWARD 0xab { "MaxForwardEntries", O_MAXFORWARD, OI_NONE }, #endif /* _FFR_MAX_FORWARD_ENTRIES */ #define O_PROCTITLEPREFIX 0xac { "ProcessTitlePrefix", O_PROCTITLEPREFIX, OI_NONE }, #define O_SASLINFO 0xad #if _FFR_ALLOW_SASLINFO { "DefaultAuthInfo", O_SASLINFO, OI_SAFE }, #else /* _FFR_ALLOW_SASLINFO */ { "DefaultAuthInfo", O_SASLINFO, OI_NONE }, #endif /* _FFR_ALLOW_SASLINFO */ #define O_SASLMECH 0xae { "AuthMechanisms", O_SASLMECH, OI_NONE }, #define O_CLIENTPORT 0xaf { "ClientPortOptions", O_CLIENTPORT, OI_NONE }, #define O_DF_BUFSIZE 0xb0 { "DataFileBufferSize", O_DF_BUFSIZE, OI_NONE }, #define O_XF_BUFSIZE 0xb1 { "XscriptFileBufferSize", O_XF_BUFSIZE, OI_NONE }, # define O_LDAPDEFAULTSPEC 0xb2 { "LDAPDefaultSpec", O_LDAPDEFAULTSPEC, OI_NONE }, #if _FFR_QUEUEDELAY #define O_QUEUEDELAY 0xb3 { "QueueDelay", O_QUEUEDELAY, OI_NONE }, #endif /* _FFR_QUEUEDELAY */ # define O_SRVCERTFILE 0xb4 { "ServerCertFile", O_SRVCERTFILE, OI_NONE }, # define O_SRVKEYFILE 0xb5 { "Serverkeyfile", O_SRVKEYFILE, OI_NONE }, # define O_CLTCERTFILE 0xb6 { "ClientCertFile", O_CLTCERTFILE, OI_NONE }, # define O_CLTKEYFILE 0xb7 { "Clientkeyfile", O_CLTKEYFILE, OI_NONE }, # define O_CACERTFILE 0xb8 { "CACERTFile", O_CACERTFILE, OI_NONE }, # define O_CACERTPATH 0xb9 { "CACERTPath", O_CACERTPATH, OI_NONE }, # define O_DHPARAMS 0xba { "DHParameters", O_DHPARAMS, OI_NONE }, #if _FFR_MILTER #define O_INPUTMILTER 0xbb { "InputMailFilters", O_INPUTMILTER, OI_NONE }, #define O_MILTER 0xbc { "Milter", O_MILTER, OI_SUBOPT }, #endif /* _FFR_MILTER */ #define O_SASLOPTS 0xbd { "AuthOptions", O_SASLOPTS, OI_NONE }, #if _FFR_QUEUE_FILE_MODE #define O_QUEUE_FILE_MODE 0xbe { "QueueFileMode", O_QUEUE_FILE_MODE, OI_NONE }, #endif /* _FFR_QUEUE_FILE_MODE */ # if _FFR_TLS_1 # define O_DHPARAMS5 0xbf { "DHParameters512", O_DHPARAMS5, OI_NONE }, # define O_CIPHERLIST 0xc0 { "CipherList", O_CIPHERLIST, OI_NONE }, # endif /* _FFR_TLS_1 */ # define O_RANDFILE 0xc1 { "RandFile", O_RANDFILE, OI_NONE }, { NULL, '\0', OI_NONE } }; void setoption(opt, val, safe, sticky, e) int opt; char *val; bool safe; bool sticky; register ENVELOPE *e; { register char *p; register struct optioninfo *o; char *subopt; int mid; bool can_setuid = RunAsUid == 0; auto char *ep; char buf[50]; extern bool Warn_Q_option; #if _FFR_ALLOW_SASLINFO extern int SubmitMode; #endif /* _FFR_ALLOW_SASLINFO */ errno = 0; if (opt == ' ') { /* full word options */ struct optioninfo *sel; p = strchr(val, '='); if (p == NULL) p = &val[strlen(val)]; while (*--p == ' ') continue; while (*++p == ' ') *p = '\0'; if (p == val) { syserr("readcf: null option name"); return; } if (*p == '=') *p++ = '\0'; while (*p == ' ') p++; subopt = strchr(val, '.'); if (subopt != NULL) *subopt++ = '\0'; sel = NULL; for (o = OptionTab; o->o_name != NULL; o++) { if (strncasecmp(o->o_name, val, strlen(val)) != 0) continue; if (strlen(o->o_name) == strlen(val)) { /* completely specified -- this must be it */ sel = NULL; break; } if (sel != NULL) break; sel = o; } if (sel != NULL && o->o_name == NULL) o = sel; else if (o->o_name == NULL) { syserr("readcf: unknown option name %s", val); return; } else if (sel != NULL) { syserr("readcf: ambiguous option name %s (matches %s and %s)", val, sel->o_name, o->o_name); return; } if (strlen(val) != strlen(o->o_name)) { int oldVerbose = Verbose; Verbose = 1; message("Option %s used as abbreviation for %s", val, o->o_name); Verbose = oldVerbose; } opt = o->o_code; val = p; } else { for (o = OptionTab; o->o_name != NULL; o++) { if (o->o_code == opt) break; } subopt = NULL; } if (subopt != NULL && !bitset(OI_SUBOPT, o->o_flags)) { if (tTd(37, 1)) dprintf("setoption: %s does not support suboptions, ignoring .%s\n", o->o_name == NULL ? "" : o->o_name, subopt); subopt = NULL; } if (tTd(37, 1)) { dprintf(isascii(opt) && isprint(opt) ? "setoption %s (%c)%s%s=" : "setoption %s (0x%x)%s%s=", o->o_name == NULL ? "" : o->o_name, opt, subopt == NULL ? "" : ".", subopt == NULL ? "" : subopt); xputs(val); } /* ** See if this option is preset for us. */ if (!sticky && bitnset(opt, StickyOpt)) { if (tTd(37, 1)) dprintf(" (ignored)\n"); return; } /* ** Check to see if this option can be specified by this user. */ if (!safe && RealUid == 0) safe = TRUE; if (!safe && !bitset(OI_SAFE, o->o_flags)) { if (opt != 'M' || (val[0] != 'r' && val[0] != 's')) { int dp; if (tTd(37, 1)) dprintf(" (unsafe)"); dp = drop_privileges(TRUE); setstat(dp); } } if (tTd(37, 1)) dprintf("\n"); switch (opt & 0xff) { case '7': /* force seven-bit input */ SevenBitInput = atobool(val); break; #if MIME8TO7 case '8': /* handling of 8-bit input */ switch (*val) { case 'm': /* convert 8-bit, convert MIME */ MimeMode = MM_CVTMIME|MM_MIME8BIT; break; case 'p': /* pass 8 bit, convert MIME */ MimeMode = MM_CVTMIME|MM_PASS8BIT; break; case 's': /* strict adherence */ MimeMode = MM_CVTMIME; break; # if 0 case 'r': /* reject 8-bit, don't convert MIME */ MimeMode = 0; break; case 'j': /* "just send 8" */ MimeMode = MM_PASS8BIT; break; case 'a': /* encode 8 bit if available */ MimeMode = MM_MIME8BIT|MM_PASS8BIT|MM_CVTMIME; break; case 'c': /* convert 8 bit to MIME, never 7 bit */ MimeMode = MM_MIME8BIT; break; # endif /* 0 */ default: syserr("Unknown 8-bit mode %c", *val); finis(FALSE, EX_USAGE); } break; #endif /* MIME8TO7 */ case 'A': /* set default alias file */ if (val[0] == '\0') setalias("aliases"); else setalias(val); break; case 'a': /* look N minutes for "@:@" in alias file */ if (val[0] == '\0') SafeAlias = 5 * 60; /* five minutes */ else SafeAlias = convtime(val, 'm'); break; case 'B': /* substitution for blank character */ SpaceSub = val[0]; if (SpaceSub == '\0') SpaceSub = ' '; break; case 'b': /* min blocks free on queue fs/max msg size */ p = strchr(val, '/'); if (p != NULL) { *p++ = '\0'; MaxMessageSize = atol(p); } MinBlocksFree = atol(val); break; case 'c': /* don't connect to "expensive" mailers */ NoConnect = atobool(val); break; case 'C': /* checkpoint every N addresses */ CheckpointInterval = atoi(val); break; case 'd': /* delivery mode */ switch (*val) { case '\0': set_delivery_mode(SM_DELIVER, e); break; case SM_QUEUE: /* queue only */ case SM_DEFER: /* queue only and defer map lookups */ #if !QUEUE syserr("need QUEUE to set -odqueue or -oddefer"); + break; #endif /* !QUEUE */ /* FALLTHROUGH */ case SM_DELIVER: /* do everything */ case SM_FORK: /* fork after verification */ set_delivery_mode(*val, e); break; default: syserr("Unknown delivery mode %c", *val); finis(FALSE, EX_USAGE); } break; #if !_FFR_REMOVE_AUTOREBUILD case 'D': /* rebuild alias database as needed */ AutoRebuild = atobool(val); break; #endif /* !_FFR_REMOVE_AUTOREBUILD */ case 'E': /* error message header/header file */ if (*val != '\0') ErrMsgFile = newstr(val); break; case 'e': /* set error processing mode */ switch (*val) { case EM_QUIET: /* be silent about it */ case EM_MAIL: /* mail back */ case EM_BERKNET: /* do berknet error processing */ case EM_WRITE: /* write back (or mail) */ case EM_PRINT: /* print errors normally (default) */ e->e_errormode = *val; break; } break; case 'F': /* file mode */ FileMode = atooct(val) & 0777; break; case 'f': /* save Unix-style From lines on front */ SaveFrom = atobool(val); break; case 'G': /* match recipients against GECOS field */ MatchGecos = atobool(val); break; case 'g': /* default gid */ g_opt: if (isascii(*val) && isdigit(*val)) DefGid = atoi(val); else { register struct group *gr; DefGid = -1; gr = getgrnam(val); if (gr == NULL) syserr("readcf: option %c: unknown group %s", opt, val); else DefGid = gr->gr_gid; } break; case 'H': /* help file */ if (val[0] == '\0') HelpFile = "helpfile"; else HelpFile = newstr(val); break; case 'h': /* maximum hop count */ MaxHopCount = atoi(val); break; case 'I': /* use internet domain name server */ #if NAMED_BIND for (p = val; *p != 0; ) { bool clearmode; char *q; struct resolverflags *rfp; while (*p == ' ') p++; if (*p == '\0') break; clearmode = FALSE; if (*p == '-') clearmode = TRUE; else if (*p != '+') p--; p++; q = p; while (*p != '\0' && !(isascii(*p) && isspace(*p))) p++; if (*p != '\0') *p++ = '\0'; if (strcasecmp(q, "HasWildcardMX") == 0) { HasWildcardMX = !clearmode; continue; } for (rfp = ResolverFlags; rfp->rf_name != NULL; rfp++) { if (strcasecmp(q, rfp->rf_name) == 0) break; } if (rfp->rf_name == NULL) syserr("readcf: I option value %s unrecognized", q); else if (clearmode) _res.options &= ~rfp->rf_bits; else _res.options |= rfp->rf_bits; } if (tTd(8, 2)) dprintf("_res.options = %x, HasWildcardMX = %d\n", (u_int) _res.options, HasWildcardMX); #else /* NAMED_BIND */ usrerr("name server (I option) specified but BIND not compiled in"); #endif /* NAMED_BIND */ break; case 'i': /* ignore dot lines in message */ IgnrDot = atobool(val); break; case 'j': /* send errors in MIME (RFC 1341) format */ SendMIMEErrors = atobool(val); break; case 'J': /* .forward search path */ ForwardPath = newstr(val); break; case 'k': /* connection cache size */ MaxMciCache = atoi(val); if (MaxMciCache < 0) MaxMciCache = 0; break; case 'K': /* connection cache timeout */ MciCacheTimeout = convtime(val, 'm'); break; case 'l': /* use Errors-To: header */ UseErrorsTo = atobool(val); break; case 'L': /* log level */ if (safe || LogLevel < atoi(val)) LogLevel = atoi(val); break; case 'M': /* define macro */ + sticky = FALSE; mid = macid(val, &ep); + if (mid == 0) + break; p = newstr(ep); if (!safe) cleanstrcpy(p, p, MAXNAME); define(mid, p, CurEnv); - sticky = FALSE; break; case 'm': /* send to me too */ MeToo = atobool(val); break; case 'n': /* validate RHS in newaliases */ CheckAliases = atobool(val); break; /* 'N' available -- was "net name" */ case 'O': /* daemon options */ #if DAEMON if (!setdaemonoptions(val)) - { syserr("too many daemons defined (%d max)", MAXDAEMONS); - } #else /* DAEMON */ syserr("DaemonPortOptions (O option) set but DAEMON not compiled in"); #endif /* DAEMON */ break; case 'o': /* assume old style headers */ if (atobool(val)) CurEnv->e_flags |= EF_OLDSTYLE; else CurEnv->e_flags &= ~EF_OLDSTYLE; break; case 'p': /* select privacy level */ p = val; for (;;) { register struct prival *pv; extern struct prival PrivacyValues[]; while (isascii(*p) && (isspace(*p) || ispunct(*p))) p++; if (*p == '\0') break; val = p; while (isascii(*p) && isalnum(*p)) p++; if (*p != '\0') *p++ = '\0'; for (pv = PrivacyValues; pv->pv_name != NULL; pv++) { if (strcasecmp(val, pv->pv_name) == 0) break; } if (pv->pv_name == NULL) syserr("readcf: Op line: %s unrecognized", val); - PrivacyFlags |= pv->pv_flag; + else + PrivacyFlags |= pv->pv_flag; } sticky = FALSE; break; case 'P': /* postmaster copy address for returned mail */ PostMasterCopy = newstr(val); break; case 'q': /* slope of queue only function */ QueueFactor = atoi(val); break; case 'Q': /* queue directory */ if (val[0] == '\0') { QueueDir = "mqueue"; } else { QueueDir = newstr(val); } if (RealUid != 0 && !safe) Warn_Q_option = TRUE; break; case 'R': /* don't prune routes */ DontPruneRoutes = atobool(val); break; case 'r': /* read timeout */ if (subopt == NULL) inittimeouts(val, sticky); else settimeout(subopt, val, sticky); break; case 'S': /* status file */ if (val[0] == '\0') StatFile = "statistics"; else StatFile = newstr(val); break; case 's': /* be super safe, even if expensive */ SuperSafe = atobool(val); break; case 'T': /* queue timeout */ p = strchr(val, '/'); if (p != NULL) { *p++ = '\0'; settimeout("queuewarn", p, sticky); } settimeout("queuereturn", val, sticky); break; case 't': /* time zone name */ TimeZoneSpec = newstr(val); break; case 'U': /* location of user database */ UdbSpec = newstr(val); break; case 'u': /* set default uid */ for (p = val; *p != '\0'; p++) { if (*p == '.' || *p == '/' || *p == ':') { *p++ = '\0'; break; } } if (isascii(*val) && isdigit(*val)) { DefUid = atoi(val); setdefuser(); } else { register struct passwd *pw; DefUid = -1; pw = sm_getpwnam(val); if (pw == NULL) + { syserr("readcf: option u: unknown user %s", val); + break; + } else { DefUid = pw->pw_uid; DefGid = pw->pw_gid; DefUser = newstr(pw->pw_name); } } #ifdef UID_MAX if (DefUid > UID_MAX) { syserr("readcf: option u: uid value (%ld) > UID_MAX (%ld); ignored", - DefUid, UID_MAX); + (long) DefUid, (long) UID_MAX); + break; } #endif /* UID_MAX */ /* handle the group if it is there */ if (*p == '\0') break; val = p; goto g_opt; case 'V': /* fallback MX host */ if (val[0] != '\0') FallBackMX = newstr(val); break; case 'v': /* run in verbose mode */ Verbose = atobool(val) ? 1 : 0; break; case 'w': /* if we are best MX, try host directly */ TryNullMXList = atobool(val); break; /* 'W' available -- was wizard password */ case 'x': /* load avg at which to auto-queue msgs */ QueueLA = atoi(val); break; case 'X': /* load avg at which to auto-reject connections */ RefuseLA = atoi(val); break; case 'y': /* work recipient factor */ WkRecipFact = atoi(val); break; case 'Y': /* fork jobs during queue runs */ ForkQueueRuns = atobool(val); break; case 'z': /* work message class factor */ WkClassFact = atoi(val); break; case 'Z': /* work time factor */ WkTimeFact = atoi(val); break; case O_QUEUESORTORD: /* queue sorting order */ switch (*val) { case 'h': /* Host first */ case 'H': QueueSortOrder = QSO_BYHOST; break; case 'p': /* Priority order */ case 'P': QueueSortOrder = QSO_BYPRIORITY; break; case 't': /* Submission time */ case 'T': QueueSortOrder = QSO_BYTIME; break; case 'f': /* File Name */ case 'F': QueueSortOrder = QSO_BYFILENAME; break; default: syserr("Invalid queue sort order \"%s\"", val); } break; #if _FFR_QUEUEDELAY case O_QUEUEDELAY: /* queue delay algorithm */ switch (*val) { case 'e': /* exponential */ case 'E': QueueAlg = QD_EXP; QueueInitDelay = 10 MINUTES; QueueMaxDelay = 2 HOURS; p = strchr(val, '/'); if (p != NULL) { char *q; *p++ = '\0'; q = strchr(p, '/'); if (q != NULL) *q++ = '\0'; QueueInitDelay = convtime(p, 's'); if (q != NULL) { QueueMaxDelay = convtime(q, 's'); } } break; case 'l': /* linear */ case 'L': QueueAlg = QD_LINEAR; break; default: syserr("Invalid queue delay algorithm \"%s\"", val); } break; #endif /* _FFR_QUEUEDELAY */ case O_HOSTSFILE: /* pathname of /etc/hosts file */ HostsFile = newstr(val); break; case O_MQA: /* minimum queue age between deliveries */ MinQueueAge = convtime(val, 'm'); break; case O_DEFCHARSET: /* default character set for mimefying */ DefaultCharSet = newstr(denlstring(val, TRUE, TRUE)); break; case O_SSFILE: /* service switch file */ ServiceSwitchFile = newstr(val); break; case O_DIALDELAY: /* delay for dial-on-demand operation */ DialDelay = convtime(val, 's'); break; case O_NORCPTACTION: /* what to do if no recipient */ if (strcasecmp(val, "none") == 0) NoRecipientAction = NRA_NO_ACTION; else if (strcasecmp(val, "add-to") == 0) NoRecipientAction = NRA_ADD_TO; else if (strcasecmp(val, "add-apparently-to") == 0) NoRecipientAction = NRA_ADD_APPARENTLY_TO; else if (strcasecmp(val, "add-bcc") == 0) NoRecipientAction = NRA_ADD_BCC; else if (strcasecmp(val, "add-to-undisclosed") == 0) NoRecipientAction = NRA_ADD_TO_UNDISCLOSED; else syserr("Invalid NoRecipientAction: %s", val); break; case O_SAFEFILEENV: /* chroot() environ for writing to files */ SafeFileEnv = newstr(val); break; case O_MAXMSGSIZE: /* maximum message size */ MaxMessageSize = atol(val); break; case O_COLONOKINADDR: /* old style handling of colon addresses */ ColonOkInAddr = atobool(val); break; case O_MAXQUEUERUN: /* max # of jobs in a single queue run */ MaxQueueRun = atol(val); break; case O_MAXCHILDREN: /* max # of children of daemon */ MaxChildren = atoi(val); break; #if _FFR_MAX_FORWARD_ENTRIES case O_MAXFORWARD: /* max # of forward entries */ MaxForwardEntries = atoi(val); break; #endif /* _FFR_MAX_FORWARD_ENTRIES */ case O_KEEPCNAMES: /* don't expand CNAME records */ DontExpandCnames = atobool(val); break; case O_MUSTQUOTE: /* must quote these characters in phrases */ (void) strlcpy(buf, "@,;:\\()[]", sizeof buf); if (strlen(val) < (SIZE_T) sizeof buf - 10) (void) strlcat(buf, val, sizeof buf); else printf("Warning: MustQuoteChars too long, ignored.\n"); MustQuoteChars = newstr(buf); break; case O_SMTPGREETING: /* SMTP greeting message (old $e macro) */ SmtpGreeting = newstr(munchstring(val, NULL, '\0')); break; case O_UNIXFROM: /* UNIX From_ line (old $l macro) */ UnixFromLine = newstr(munchstring(val, NULL, '\0')); break; case O_OPCHARS: /* operator characters (old $o macro) */ if (OperatorChars != NULL) printf("Warning: OperatorChars is being redefined.\n It should only be set before ruleset definitions.\n"); OperatorChars = newstr(munchstring(val, NULL, '\0')); break; case O_DONTINITGRPS: /* don't call initgroups(3) */ DontInitGroups = atobool(val); break; case O_SLFH: /* make sure from fits on one line */ SingleLineFromHeader = atobool(val); break; case O_ABH: /* allow HELO commands with syntax errors */ AllowBogusHELO = atobool(val); break; case O_CONNTHROT: /* connection rate throttle */ ConnRateThrottle = atoi(val); break; case O_UGW: /* group writable files are unsafe */ if (!atobool(val)) { setbitn(DBS_GROUPWRITABLEFORWARDFILESAFE, DontBlameSendmail); setbitn(DBS_GROUPWRITABLEINCLUDEFILESAFE, DontBlameSendmail); } break; case O_DBLBOUNCE: /* address to which to send double bounces */ if (val[0] != '\0') DoubleBounceAddr = newstr(val); else syserr("readcf: option DoubleBounceAddress: value required"); break; case O_HSDIR: /* persistent host status directory */ if (val[0] != '\0') HostStatDir = newstr(val); break; case O_SINGTHREAD: /* single thread deliveries (requires hsdir) */ SingleThreadDelivery = atobool(val); break; case O_RUNASUSER: /* run bulk of code as this user */ for (p = val; *p != '\0'; p++) { if (*p == '.' || *p == '/' || *p == ':') { *p++ = '\0'; break; } } if (isascii(*val) && isdigit(*val)) { if (can_setuid) RunAsUid = atoi(val); } else { register struct passwd *pw; pw = sm_getpwnam(val); if (pw == NULL) + { syserr("readcf: option RunAsUser: unknown user %s", val); + break; + } else if (can_setuid) { if (*p == '\0') RunAsUserName = newstr(val); RunAsUid = pw->pw_uid; RunAsGid = pw->pw_gid; } } #ifdef UID_MAX if (RunAsUid > UID_MAX) { syserr("readcf: option RunAsUser: uid value (%ld) > UID_MAX (%ld); ignored", - RunAsUid, UID_MAX); + (long) RunAsUid, (long) UID_MAX); + break; } #endif /* UID_MAX */ if (*p != '\0') { if (isascii(*p) && isdigit(*p)) { if (can_setuid) RunAsGid = atoi(p); } else { register struct group *gr; gr = getgrnam(p); if (gr == NULL) syserr("readcf: option RunAsUser: unknown group %s", p); else if (can_setuid) RunAsGid = gr->gr_gid; } } if (tTd(47, 5)) dprintf("readcf: RunAsUser = %d:%d\n", (int)RunAsUid, (int)RunAsGid); break; case O_DSN_RRT: RrtImpliesDsn = atobool(val); break; case O_PIDFILE: if (PidFile != NULL) free(PidFile); PidFile = newstr(val); break; case O_DONTBLAMESENDMAIL: p = val; for (;;) { register struct dbsval *dbs; extern struct dbsval DontBlameSendmailValues[]; while (isascii(*p) && (isspace(*p) || ispunct(*p))) p++; if (*p == '\0') break; val = p; while (isascii(*p) && isalnum(*p)) p++; if (*p != '\0') *p++ = '\0'; for (dbs = DontBlameSendmailValues; dbs->dbs_name != NULL; dbs++) { if (strcasecmp(val, dbs->dbs_name) == 0) break; } if (dbs->dbs_name == NULL) syserr("readcf: DontBlameSendmail option: %s unrecognized", val); else if (dbs->dbs_flag == DBS_SAFE) clrbitmap(DontBlameSendmail); else setbitn(dbs->dbs_flag, DontBlameSendmail); } sticky = FALSE; break; case O_DPI: DontProbeInterfaces = atobool(val); break; case O_MAXRCPT: MaxRcptPerMsg = atoi(val); break; case O_DEADLETTER: if (DeadLetterDrop != NULL) free(DeadLetterDrop); DeadLetterDrop = newstr(val); break; #if _FFR_DONTLOCKFILESFORREAD_OPTION case O_DONTLOCK: DontLockReadFiles = atobool(val); break; #endif /* _FFR_DONTLOCKFILESFORREAD_OPTION */ case O_MAXALIASRCSN: MaxAliasRecursion = atoi(val); break; case O_CNCTONLYTO: /* XXX should probably use gethostbyname */ #if NETINET || NETINET6 # if NETINET6 if (inet_addr(val) == INADDR_NONE) { ConnectOnlyTo.sa.sa_family = AF_INET6; if (inet_pton(AF_INET6, val, &ConnectOnlyTo.sin6.sin6_addr) != 1) syserr("readcf: option ConnectOnlyTo: invalid IP address %s", val); } else # endif /* NETINET6 */ { ConnectOnlyTo.sa.sa_family = AF_INET; ConnectOnlyTo.sin.sin_addr.s_addr = inet_addr(val); } #endif /* NETINET || NETINET6 */ break; case O_TRUSTUSER: #if HASFCHOWN if (isascii(*val) && isdigit(*val)) TrustedUid = atoi(val); else { register struct passwd *pw; TrustedUid = 0; pw = sm_getpwnam(val); if (pw == NULL) + { syserr("readcf: option TrustedUser: unknown user %s", val); + break; + } else TrustedUid = pw->pw_uid; } # ifdef UID_MAX if (TrustedUid > UID_MAX) { syserr("readcf: option TrustedUser: uid value (%ld) > UID_MAX (%ld)", - TrustedUid, UID_MAX); + (long) TrustedUid, (long) UID_MAX); TrustedUid = 0; } # endif /* UID_MAX */ #else /* HASFCHOWN */ syserr("readcf: option TrustedUser: can not be used on systems which do not support fchown()"); #endif /* HASFCHOWN */ break; case O_MAXMIMEHDRLEN: p = strchr(val, '/'); if (p != NULL) *p++ = '\0'; MaxMimeHeaderLength = atoi(val); if (p != NULL && *p != '\0') MaxMimeFieldLength = atoi(p); else MaxMimeFieldLength = MaxMimeHeaderLength / 2; if (MaxMimeHeaderLength < 0) MaxMimeHeaderLength = 0; else if (MaxMimeHeaderLength < 128) printf("Warning: MaxMimeHeaderLength: header length limit set lower than 128\n"); if (MaxMimeFieldLength < 0) MaxMimeFieldLength = 0; else if (MaxMimeFieldLength < 40) printf("Warning: MaxMimeHeaderLength: field length limit set lower than 40\n"); break; case O_CONTROLSOCKET: if (ControlSocketName != NULL) free(ControlSocketName); ControlSocketName = newstr(val); break; case O_MAXHDRSLEN: MaxHeadersLength = atoi(val); if (MaxHeadersLength > 0 && MaxHeadersLength < (MAXHDRSLEN / 2)) printf("Warning: MaxHeadersLength: headers length limit set lower than %d\n", (MAXHDRSLEN / 2)); break; case O_PROCTITLEPREFIX: if (ProcTitlePrefix != NULL) free(ProcTitlePrefix); ProcTitlePrefix = newstr(val); break; #if SASL case O_SASLINFO: #if _FFR_ALLOW_SASLINFO /* ** Allow users to select their own authinfo file. ** However, this is not a "perfect" solution. ** If mail is queued, the authentication info ** will not be used in subsequent delivery attempts. ** If we really want to support this, then it has ** to be stored in the queue file. */ if (!bitset(SUBMIT_MSA, SubmitMode) && RealUid != 0 && RunAsUid != RealUid) { errno = 0; syserr("Error: %s only allowed with -U\n", o->o_name == NULL ? "" : o->o_name); ExitStat = EX_USAGE; break; } #endif /* _FFR_ALLOW_SASLINFO */ if (SASLInfo != NULL) free(SASLInfo); SASLInfo = newstr(val); break; case O_SASLMECH: if (AuthMechanisms != NULL) free(AuthMechanisms); if (*val != '\0') AuthMechanisms = newstr(val); else AuthMechanisms = NULL; break; case O_SASLOPTS: while (val != NULL && *val != '\0') { switch(*val) { case 'A': SASLOpts |= SASL_AUTH_AUTH; break; # if _FFR_SASL_OPTS case 'a': SASLOpts |= SASL_SEC_NOACTIVE; break; case 'c': SASLOpts |= SASL_SEC_PASS_CREDENTIALS; break; case 'd': SASLOpts |= SASL_SEC_NODICTIONARY; break; case 'f': SASLOpts |= SASL_SEC_FORWARD_SECRECY; break; case 'p': SASLOpts |= SASL_SEC_NOPLAINTEXT; break; case 'y': SASLOpts |= SASL_SEC_NOANONYMOUS; break; # endif /* _FFR_SASL_OPTS */ default: printf("Warning: Option: %s unknown parameter '%c'\n", o->o_name == NULL ? "" : o->o_name, (isascii(*val) && isprint(*val)) ? *val : '?'); break; } ++val; val = strpbrk(val, ", \t"); if (val != NULL) ++val; } break; #else /* SASL */ case O_SASLINFO: case O_SASLMECH: case O_SASLOPTS: printf("Warning: Option: %s requires SASL support (-DSASL)\n", o->o_name == NULL ? "" : o->o_name); break; #endif /* SASL */ #if STARTTLS case O_SRVCERTFILE: if (SrvCERTfile != NULL) free(SrvCERTfile); SrvCERTfile = newstr(val); break; case O_SRVKEYFILE: if (Srvkeyfile != NULL) free(Srvkeyfile); Srvkeyfile = newstr(val); break; case O_CLTCERTFILE: if (CltCERTfile != NULL) free(CltCERTfile); CltCERTfile = newstr(val); break; case O_CLTKEYFILE: if (Cltkeyfile != NULL) free(Cltkeyfile); Cltkeyfile = newstr(val); break; case O_CACERTFILE: if (CACERTfile != NULL) free(CACERTfile); CACERTfile = newstr(val); break; case O_CACERTPATH: if (CACERTpath != NULL) free(CACERTpath); CACERTpath = newstr(val); break; case O_DHPARAMS: if (DHParams != NULL) free(DHParams); DHParams = newstr(val); break; # if _FFR_TLS_1 case O_DHPARAMS5: if (DHParams5 != NULL) free(DHParams5); DHParams5 = newstr(val); break; case O_CIPHERLIST: if (CipherList != NULL) free(CipherList); CipherList = newstr(val); break; # endif /* _FFR_TLS_1 */ case O_RANDFILE: if (RandFile != NULL) free(RandFile); RandFile= newstr(val); break; # else /* STARTTLS */ case O_SRVCERTFILE: case O_SRVKEYFILE: case O_CLTCERTFILE: case O_CLTKEYFILE: case O_CACERTFILE: case O_CACERTPATH: case O_DHPARAMS: # if _FFR_TLS_1 case O_DHPARAMS5: case O_CIPHERLIST: # endif /* _FFR_TLS_1 */ case O_RANDFILE: printf("Warning: Option: %s requires TLS support\n", o->o_name == NULL ? "" : o->o_name); break; # endif /* STARTTLS */ case O_CLIENTPORT: #if DAEMON setclientoptions(val); #else /* DAEMON */ syserr("ClientPortOptions (O option) set but DAEMON not compiled in"); #endif /* DAEMON */ break; case O_DF_BUFSIZE: DataFileBufferSize = atoi(val); break; case O_XF_BUFSIZE: XscriptFileBufferSize = atoi(val); break; case O_LDAPDEFAULTSPEC: #ifdef LDAPMAP ldapmap_set_defaults(val); #else /* LDAPMAP */ printf("Warning: Option: %s requires LDAP support (-DLDAPMAP)\n", o->o_name == NULL ? "" : o->o_name); #endif /* LDAPMAP */ break; #if _FFR_MILTER case O_INPUTMILTER: InputFilterList = newstr(val); break; case O_MILTER: milter_set_option(subopt, val, sticky); break; #endif /* _FFR_MILTER */ #if _FFR_QUEUE_FILE_MODE case O_QUEUE_FILE_MODE: /* queue file mode */ QueueFileMode = atooct(val) & 0777; break; #endif /* _FFR_QUEUE_FILE_MODE */ default: if (tTd(37, 1)) { if (isascii(opt) && isprint(opt)) dprintf("Warning: option %c unknown\n", opt); else dprintf("Warning: option 0x%x unknown\n", opt); } break; } /* ** Options with suboptions are responsible for taking care ** of sticky-ness (e.g., that a command line setting is kept ** when reading in the sendmail.cf file). This has to be done ** when the suboptions are parsed since each suboption must be ** sticky, not the root option. */ if (sticky && !bitset(OI_SUBOPT, o->o_flags)) setbitn(opt, StickyOpt); } /* ** SETCLASS -- set a string into a class ** ** Parameters: ** class -- the class to put the string in. ** str -- the string to enter ** ** Returns: ** none. ** ** Side Effects: ** puts the word into the symbol table. */ void setclass(class, str) int class; char *str; { register STAB *s; if ((*str & 0377) == MATCHCLASS) { int mid; str++; mid = macid(str, NULL); - if (mid == '\0') + if (mid == 0) return; if (tTd(37, 8)) dprintf("setclass(%s, $=%s)\n", macname(class), macname(mid)); copy_class(mid, class); } else { if (tTd(37, 8)) dprintf("setclass(%s, %s)\n", macname(class), str); s = stab(str, ST_CLASS, ST_ENTER); - setbitn(class, s->s_class); + setbitn(bitidx(class), s->s_class); } } /* ** MAKEMAPENTRY -- create a map entry ** ** Parameters: ** line -- the config file line ** ** Returns: ** A pointer to the map that has been created. ** NULL if there was a syntax error. ** ** Side Effects: ** Enters the map into the dictionary. */ MAP * makemapentry(line) char *line; { register char *p; char *mapname; char *classname; register STAB *s; STAB *class; for (p = line; isascii(*p) && isspace(*p); p++) continue; if (!(isascii(*p) && isalnum(*p))) { syserr("readcf: config K line: no map name"); return NULL; } mapname = p; while ((isascii(*++p) && isalnum(*p)) || *p == '_' || *p == '.') continue; if (*p != '\0') *p++ = '\0'; while (isascii(*p) && isspace(*p)) p++; if (!(isascii(*p) && isalnum(*p))) { syserr("readcf: config K line, map %s: no map class", mapname); return NULL; } classname = p; while (isascii(*++p) && isalnum(*p)) continue; if (*p != '\0') *p++ = '\0'; while (isascii(*p) && isspace(*p)) p++; /* look up the class */ class = stab(classname, ST_MAPCLASS, ST_FIND); if (class == NULL) { syserr("readcf: map %s: class %s not available", mapname, classname); return NULL; } /* enter the map */ s = stab(mapname, ST_MAP, ST_ENTER); s->s_map.map_class = &class->s_mapclass; s->s_map.map_mname = newstr(mapname); if (class->s_mapclass.map_parse(&s->s_map, p)) s->s_map.map_mflags |= MF_VALID; if (tTd(37, 5)) { dprintf("map %s, class %s, flags %lx, file %s,\n", s->s_map.map_mname, s->s_map.map_class->map_cname, s->s_map.map_mflags, s->s_map.map_file == NULL ? "(null)" : s->s_map.map_file); dprintf("\tapp %s, domain %s, rebuild %s\n", s->s_map.map_app == NULL ? "(null)" : s->s_map.map_app, s->s_map.map_domain == NULL ? "(null)" : s->s_map.map_domain, s->s_map.map_rebuild == NULL ? "(null)" : s->s_map.map_rebuild); } return &s->s_map; } /* ** STRTORWSET -- convert string to rewriting set number ** ** Parameters: ** p -- the pointer to the string to decode. ** endp -- if set, store the trailing delimiter here. ** stabmode -- ST_ENTER to create this entry, ST_FIND if ** it must already exist. ** ** Returns: ** The appropriate ruleset number. ** -1 if it is not valid (error already printed) */ int strtorwset(p, endp, stabmode) char *p; char **endp; int stabmode; { int ruleset; static int nextruleset = MAXRWSETS; while (isascii(*p) && isspace(*p)) p++; if (!isascii(*p)) { syserr("invalid ruleset name: \"%.20s\"", p); return -1; } if (isdigit(*p)) { ruleset = strtol(p, endp, 10); if (ruleset >= MAXRWSETS / 2 || ruleset < 0) { syserr("bad ruleset %d (%d max)", ruleset, MAXRWSETS / 2); ruleset = -1; } } else { STAB *s; char delim; char *q = NULL; q = p; while (*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '_')) p++; if (q == p || !(isascii(*q) && isalpha(*q))) { /* no valid characters */ syserr("invalid ruleset name: \"%.20s\"", q); return -1; } while (isascii(*p) && isspace(*p)) *p++ = '\0'; delim = *p; if (delim != '\0') *p = '\0'; s = stab(q, ST_RULESET, stabmode); if (delim != '\0') *p = delim; if (s == NULL) return -1; if (stabmode == ST_ENTER && delim == '=') { while (isascii(*++p) && isspace(*p)) continue; if (!(isascii(*p) && isdigit(*p))) { syserr("bad ruleset definition \"%s\" (number required after `=')", q); ruleset = -1; } else { ruleset = strtol(p, endp, 10); if (ruleset >= MAXRWSETS / 2 || ruleset < 0) { syserr("bad ruleset number %d in \"%s\" (%d max)", ruleset, q, MAXRWSETS / 2); ruleset = -1; } } } else { if (endp != NULL) *endp = p; if (s->s_ruleset >= 0) ruleset = s->s_ruleset; else if ((ruleset = --nextruleset) < MAXRWSETS / 2) { syserr("%s: too many named rulesets (%d max)", q, MAXRWSETS / 2); ruleset = -1; } } if (s->s_ruleset >= 0 && ruleset >= 0 && ruleset != s->s_ruleset) { syserr("%s: ruleset changed value (old %d, new %d)", q, s->s_ruleset, ruleset); ruleset = s->s_ruleset; } else if (ruleset >= 0) { s->s_ruleset = ruleset; } - if (stabmode == ST_ENTER) + if (stabmode == ST_ENTER && ruleset >= 0) { char *h = NULL; if (RuleSetNames[ruleset] != NULL) free(RuleSetNames[ruleset]); if (delim != '\0' && (h = strchr(q, delim)) != NULL) *h = '\0'; RuleSetNames[ruleset] = newstr(q); if (delim == '/' && h != NULL) *h = delim; /* put back delim */ } } return ruleset; } /* ** SETTIMEOUT -- set an individual timeout ** ** Parameters: ** name -- the name of the timeout. ** val -- the value of the timeout. ** sticky -- if set, don't let other setoptions override ** this value. ** ** Returns: ** none. */ /* set if Timeout sub-option is stuck */ static BITMAP256 StickyTimeoutOpt; static struct timeoutinfo { char *to_name; /* long name of timeout */ u_char to_code; /* code for option */ } TimeOutTab[] = { #define TO_INITIAL 0x01 { "initial", TO_INITIAL }, #define TO_MAIL 0x02 { "mail", TO_MAIL }, #define TO_RCPT 0x03 { "rcpt", TO_RCPT }, #define TO_DATAINIT 0x04 { "datainit", TO_DATAINIT }, #define TO_DATABLOCK 0x05 { "datablock", TO_DATABLOCK }, #define TO_DATAFINAL 0x06 { "datafinal", TO_DATAFINAL }, #define TO_COMMAND 0x07 { "command", TO_COMMAND }, #define TO_RSET 0x08 { "rset", TO_RSET }, #define TO_HELO 0x09 { "helo", TO_HELO }, #define TO_QUIT 0x0A { "quit", TO_QUIT }, #define TO_MISC 0x0B { "misc", TO_MISC }, #define TO_IDENT 0x0C { "ident", TO_IDENT }, #define TO_FILEOPEN 0x0D { "fileopen", TO_FILEOPEN }, #define TO_CONNECT 0x0E { "connect", TO_CONNECT }, #define TO_ICONNECT 0x0F { "iconnect", TO_ICONNECT }, #define TO_QUEUEWARN 0x10 { "queuewarn", TO_QUEUEWARN }, { "queuewarn.*", TO_QUEUEWARN }, #define TO_QUEUEWARN_NORMAL 0x11 { "queuewarn.normal", TO_QUEUEWARN_NORMAL }, #define TO_QUEUEWARN_URGENT 0x12 { "queuewarn.urgent", TO_QUEUEWARN_URGENT }, #define TO_QUEUEWARN_NON_URGENT 0x13 { "queuewarn.non-urgent", TO_QUEUEWARN_NON_URGENT }, #define TO_QUEUERETURN 0x14 { "queuereturn", TO_QUEUERETURN }, { "queuereturn.*", TO_QUEUERETURN }, #define TO_QUEUERETURN_NORMAL 0x15 { "queuereturn.normal", TO_QUEUERETURN_NORMAL }, #define TO_QUEUERETURN_URGENT 0x16 { "queuereturn.urgent", TO_QUEUERETURN_URGENT }, #define TO_QUEUERETURN_NON_URGENT 0x17 { "queuereturn.non-urgent", TO_QUEUERETURN_NON_URGENT }, #define TO_HOSTSTATUS 0x18 { "hoststatus", TO_HOSTSTATUS }, #define TO_RESOLVER_RETRANS 0x19 { "resolver.retrans", TO_RESOLVER_RETRANS }, #define TO_RESOLVER_RETRANS_NORMAL 0x1A { "resolver.retrans.normal", TO_RESOLVER_RETRANS_NORMAL }, #define TO_RESOLVER_RETRANS_FIRST 0x1B { "resolver.retrans.first", TO_RESOLVER_RETRANS_FIRST }, #define TO_RESOLVER_RETRY 0x1C { "resolver.retry", TO_RESOLVER_RETRY }, #define TO_RESOLVER_RETRY_NORMAL 0x1D { "resolver.retry.normal", TO_RESOLVER_RETRY_NORMAL }, #define TO_RESOLVER_RETRY_FIRST 0x1E { "resolver.retry.first", TO_RESOLVER_RETRY_FIRST }, #define TO_CONTROL 0x1F { "control", TO_CONTROL }, { NULL, 0 }, }; static void settimeout(name, val, sticky) char *name; char *val; bool sticky; { register struct timeoutinfo *to; int i; time_t toval; if (tTd(37, 2)) dprintf("settimeout(%s = %s)", name, val); for (to = TimeOutTab; to->to_name != NULL; to++) { if (strcasecmp(to->to_name, name) == 0) break; } if (to->to_name == NULL) + { + errno = 0; /* avoid bogus error text */ syserr("settimeout: invalid timeout %s", name); + return; + } /* ** See if this option is preset for us. */ if (!sticky && bitnset(to->to_code, StickyTimeoutOpt)) { if (tTd(37, 2)) dprintf(" (ignored)\n"); return; } if (tTd(37, 2)) dprintf("\n"); toval = convtime(val, 'm'); switch (to->to_code) { case TO_INITIAL: TimeOuts.to_initial = toval; break; case TO_MAIL: TimeOuts.to_mail = toval; break; case TO_RCPT: TimeOuts.to_rcpt = toval; break; case TO_DATAINIT: TimeOuts.to_datainit = toval; break; case TO_DATABLOCK: TimeOuts.to_datablock = toval; break; case TO_DATAFINAL: TimeOuts.to_datafinal = toval; break; case TO_COMMAND: TimeOuts.to_nextcommand = toval; break; case TO_RSET: TimeOuts.to_rset = toval; break; case TO_HELO: TimeOuts.to_helo = toval; break; case TO_QUIT: TimeOuts.to_quit = toval; break; case TO_MISC: TimeOuts.to_miscshort = toval; break; case TO_IDENT: TimeOuts.to_ident = toval; break; case TO_FILEOPEN: TimeOuts.to_fileopen = toval; break; case TO_CONNECT: TimeOuts.to_connect = toval; break; case TO_ICONNECT: TimeOuts.to_iconnect = toval; break; case TO_QUEUEWARN: toval = convtime(val, 'h'); TimeOuts.to_q_warning[TOC_NORMAL] = toval; TimeOuts.to_q_warning[TOC_URGENT] = toval; TimeOuts.to_q_warning[TOC_NONURGENT] = toval; break; case TO_QUEUEWARN_NORMAL: toval = convtime(val, 'h'); TimeOuts.to_q_warning[TOC_NORMAL] = toval; break; case TO_QUEUEWARN_URGENT: toval = convtime(val, 'h'); TimeOuts.to_q_warning[TOC_URGENT] = toval; break; case TO_QUEUEWARN_NON_URGENT: toval = convtime(val, 'h'); TimeOuts.to_q_warning[TOC_NONURGENT] = toval; break; case TO_QUEUERETURN: toval = convtime(val, 'd'); TimeOuts.to_q_return[TOC_NORMAL] = toval; TimeOuts.to_q_return[TOC_URGENT] = toval; TimeOuts.to_q_return[TOC_NONURGENT] = toval; break; case TO_QUEUERETURN_NORMAL: toval = convtime(val, 'd'); TimeOuts.to_q_return[TOC_NORMAL] = toval; break; case TO_QUEUERETURN_URGENT: toval = convtime(val, 'd'); TimeOuts.to_q_return[TOC_URGENT] = toval; break; case TO_QUEUERETURN_NON_URGENT: toval = convtime(val, 'd'); TimeOuts.to_q_return[TOC_NONURGENT] = toval; break; case TO_HOSTSTATUS: MciInfoTimeout = toval; break; case TO_RESOLVER_RETRANS: toval = convtime(val, 's'); TimeOuts.res_retrans[RES_TO_DEFAULT] = toval; TimeOuts.res_retrans[RES_TO_FIRST] = toval; TimeOuts.res_retrans[RES_TO_NORMAL] = toval; break; case TO_RESOLVER_RETRY: i = atoi(val); TimeOuts.res_retry[RES_TO_DEFAULT] = i; TimeOuts.res_retry[RES_TO_FIRST] = i; TimeOuts.res_retry[RES_TO_NORMAL] = i; break; case TO_RESOLVER_RETRANS_NORMAL: TimeOuts.res_retrans[RES_TO_NORMAL] = convtime(val, 's'); break; case TO_RESOLVER_RETRY_NORMAL: TimeOuts.res_retry[RES_TO_NORMAL] = atoi(val); break; case TO_RESOLVER_RETRANS_FIRST: TimeOuts.res_retrans[RES_TO_FIRST] = convtime(val, 's'); break; case TO_RESOLVER_RETRY_FIRST: TimeOuts.res_retry[RES_TO_FIRST] = atoi(val); break; case TO_CONTROL: TimeOuts.to_control = toval; break; default: syserr("settimeout: invalid timeout %s", name); break; } if (sticky) setbitn(to->to_code, StickyTimeoutOpt); } /* ** INITTIMEOUTS -- parse and set timeout values ** ** Parameters: ** val -- a pointer to the values. If NULL, do initial ** settings. ** sticky -- if set, don't let other setoptions override ** this suboption value. ** ** Returns: ** none. ** ** Side Effects: ** Initializes the TimeOuts structure */ void inittimeouts(val, sticky) register char *val; bool sticky; { register char *p; if (tTd(37, 2)) dprintf("inittimeouts(%s)\n", val == NULL ? "" : val); if (val == NULL) { TimeOuts.to_connect = (time_t) 0 SECONDS; TimeOuts.to_initial = (time_t) 5 MINUTES; TimeOuts.to_helo = (time_t) 5 MINUTES; TimeOuts.to_mail = (time_t) 10 MINUTES; TimeOuts.to_rcpt = (time_t) 1 HOUR; TimeOuts.to_datainit = (time_t) 5 MINUTES; TimeOuts.to_datablock = (time_t) 1 HOUR; TimeOuts.to_datafinal = (time_t) 1 HOUR; TimeOuts.to_rset = (time_t) 5 MINUTES; TimeOuts.to_quit = (time_t) 2 MINUTES; TimeOuts.to_nextcommand = (time_t) 1 HOUR; TimeOuts.to_miscshort = (time_t) 2 MINUTES; #if IDENTPROTO TimeOuts.to_ident = (time_t) 5 SECONDS; #else /* IDENTPROTO */ TimeOuts.to_ident = (time_t) 0 SECONDS; #endif /* IDENTPROTO */ TimeOuts.to_fileopen = (time_t) 60 SECONDS; TimeOuts.to_control = (time_t) 2 MINUTES; if (tTd(37, 5)) { dprintf("Timeouts:\n"); dprintf(" connect = %ld\n", (long)TimeOuts.to_connect); dprintf(" initial = %ld\n", (long)TimeOuts.to_initial); dprintf(" helo = %ld\n", (long)TimeOuts.to_helo); dprintf(" mail = %ld\n", (long)TimeOuts.to_mail); dprintf(" rcpt = %ld\n", (long)TimeOuts.to_rcpt); dprintf(" datainit = %ld\n", (long)TimeOuts.to_datainit); dprintf(" datablock = %ld\n", (long)TimeOuts.to_datablock); dprintf(" datafinal = %ld\n", (long)TimeOuts.to_datafinal); dprintf(" rset = %ld\n", (long)TimeOuts.to_rset); dprintf(" quit = %ld\n", (long)TimeOuts.to_quit); dprintf(" nextcommand = %ld\n", (long)TimeOuts.to_nextcommand); dprintf(" miscshort = %ld\n", (long)TimeOuts.to_miscshort); dprintf(" ident = %ld\n", (long)TimeOuts.to_ident); dprintf(" fileopen = %ld\n", (long)TimeOuts.to_fileopen); dprintf(" control = %ld\n", (long)TimeOuts.to_control); } return; } for (;; val = p) { while (isascii(*val) && isspace(*val)) val++; if (*val == '\0') break; for (p = val; *p != '\0' && *p != ','; p++) continue; if (*p != '\0') *p++ = '\0'; if (isascii(*val) && isdigit(*val)) { /* old syntax -- set everything */ TimeOuts.to_mail = convtime(val, 'm'); TimeOuts.to_rcpt = TimeOuts.to_mail; TimeOuts.to_datainit = TimeOuts.to_mail; TimeOuts.to_datablock = TimeOuts.to_mail; TimeOuts.to_datafinal = TimeOuts.to_mail; TimeOuts.to_nextcommand = TimeOuts.to_mail; if (sticky) { setbitn(TO_MAIL, StickyTimeoutOpt); setbitn(TO_RCPT, StickyTimeoutOpt); setbitn(TO_DATAINIT, StickyTimeoutOpt); setbitn(TO_DATABLOCK, StickyTimeoutOpt); setbitn(TO_DATAFINAL, StickyTimeoutOpt); setbitn(TO_COMMAND, StickyTimeoutOpt); } continue; } else { register char *q = strchr(val, ':'); if (q == NULL && (q = strchr(val, '=')) == NULL) { /* syntax error */ continue; } *q++ = '\0'; settimeout(val, q, sticky); } } } Index: stable/4/contrib/sendmail/src/savemail.c =================================================================== --- stable/4/contrib/sendmail/src/savemail.c (revision 71887) +++ stable/4/contrib/sendmail/src/savemail.c (revision 71888) @@ -1,1614 +1,1622 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: savemail.c,v 8.212.4.5 2000/08/22 22:46:00 gshapiro Exp $"; +static char id[] = "@(#)$Id: savemail.c,v 8.212.4.11 2000/12/18 18:00:44 ca Exp $"; #endif /* ! lint */ /* $FreeBSD$ */ #include static void errbody __P((MCI *, ENVELOPE *, char *)); static bool pruneroute __P((char *)); /* ** SAVEMAIL -- Save mail on error ** ** If mailing back errors, mail it back to the originator ** together with an error message; otherwise, just put it in ** dead.letter in the user's home directory (if he exists on ** this machine). ** ** Parameters: ** e -- the envelope containing the message in error. ** sendbody -- if TRUE, also send back the body of the ** message; otherwise just send the header. ** ** Returns: ** none ** ** Side Effects: ** Saves the letter, by writing or mailing it back to the ** sender, or by putting it in dead.letter in her home ** directory. */ /* defines for state machine */ #define ESM_REPORT 0 /* report to sender's terminal */ #define ESM_MAIL 1 /* mail back to sender */ #define ESM_QUIET 2 /* mail has already been returned */ #define ESM_DEADLETTER 3 /* save in ~/dead.letter */ #define ESM_POSTMASTER 4 /* return to postmaster */ #define ESM_DEADLETTERDROP 5 /* save in DeadLetterDrop */ #define ESM_PANIC 6 /* call loseqfile() */ #define ESM_DONE 7 /* message is successfully delivered */ void savemail(e, sendbody) register ENVELOPE *e; bool sendbody; { register struct passwd *pw; register FILE *fp; int state; auto ADDRESS *q = NULL; register char *p; MCI mcibuf; int flags; long sff; char buf[MAXLINE + 1]; if (tTd(6, 1)) { dprintf("\nsavemail, errormode = %c, id = %s, ExitStat = %d\n e_from=", e->e_errormode, e->e_id == NULL ? "NONE" : e->e_id, ExitStat); printaddr(&e->e_from, FALSE); } if (e->e_id == NULL) { /* can't return a message with no id */ return; } /* ** In the unhappy event we don't know who to return the mail ** to, make someone up. */ if (e->e_from.q_paddr == NULL) { e->e_sender = "Postmaster"; if (parseaddr(e->e_sender, &e->e_from, RF_COPYPARSE|RF_SENDERADDR, '\0', NULL, e) == NULL) { syserr("553 5.3.5 Cannot parse Postmaster!"); finis(TRUE, EX_SOFTWARE); } } e->e_to = NULL; /* ** Basic state machine. ** ** This machine runs through the following states: ** ** ESM_QUIET Errors have already been printed iff the ** sender is local. ** ESM_REPORT Report directly to the sender's terminal. ** ESM_MAIL Mail response to the sender. ** ESM_DEADLETTER Save response in ~/dead.letter. ** ESM_POSTMASTER Mail response to the postmaster. ** ESM_DEADLETTERDROP ** If DeadLetterDrop set, save it there. ** ESM_PANIC Save response anywhere possible. */ /* determine starting state */ switch (e->e_errormode) { case EM_WRITE: state = ESM_REPORT; break; case EM_BERKNET: case EM_MAIL: state = ESM_MAIL; break; case EM_PRINT: case '\0': state = ESM_QUIET; break; case EM_QUIET: /* no need to return anything at all */ return; default: syserr("554 5.3.0 savemail: bogus errormode x%x\n", e->e_errormode); state = ESM_MAIL; break; } /* if this is already an error response, send to postmaster */ if (bitset(EF_RESPONSE, e->e_flags)) { if (e->e_parent != NULL && bitset(EF_RESPONSE, e->e_parent->e_flags)) { /* got an error sending a response -- can it */ return; } state = ESM_POSTMASTER; } while (state != ESM_DONE) { if (tTd(6, 5)) dprintf(" state %d\n", state); switch (state) { case ESM_QUIET: if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags)) state = ESM_DEADLETTER; else state = ESM_MAIL; break; case ESM_REPORT: /* ** If the user is still logged in on the same terminal, ** then write the error messages back to hir (sic). */ p = ttypath(); if (p == NULL || freopen(p, "w", stdout) == NULL) { state = ESM_MAIL; break; } expand("\201n", buf, sizeof buf, e); printf("\r\nMessage from %s...\r\n", buf); printf("Errors occurred while sending mail.\r\n"); if (e->e_xfp != NULL) { (void) bfrewind(e->e_xfp); printf("Transcript follows:\r\n"); while (fgets(buf, sizeof buf, e->e_xfp) != NULL && !ferror(stdout)) (void) fputs(buf, stdout); } else { syserr("Cannot open %s", queuename(e, 'x')); printf("Transcript of session is unavailable.\r\n"); } printf("Original message will be saved in dead.letter.\r\n"); state = ESM_DEADLETTER; break; case ESM_MAIL: /* ** If mailing back, do it. ** Throw away all further output. Don't alias, ** since this could cause loops, e.g., if joe ** mails to joe@x, and for some reason the network ** for @x is down, then the response gets sent to ** joe@x, which gives a response, etc. Also force ** the mail to be delivered even if a version of ** it has already been sent to the sender. ** ** If this is a configuration or local software ** error, send to the local postmaster as well, ** since the originator can't do anything ** about it anyway. Note that this is a full ** copy of the message (intentionally) so that ** the Postmaster can forward things along. */ if (ExitStat == EX_CONFIG || ExitStat == EX_SOFTWARE) { (void) sendtolist("postmaster", NULLADDR, &e->e_errorqueue, 0, e); } if (!emptyaddr(&e->e_from)) { char from[TOBUFSIZE]; if (strlen(e->e_from.q_paddr) >= sizeof from) { state = ESM_POSTMASTER; break; } (void) strlcpy(from, e->e_from.q_paddr, sizeof from); if (!DontPruneRoutes && pruneroute(from)) { ADDRESS *a; for (a = e->e_errorqueue; a != NULL; a = a->q_next) { if (sameaddr(a, &e->e_from)) a->q_state = QS_DUPLICATE; } } (void) sendtolist(from, NULLADDR, &e->e_errorqueue, 0, e); } /* ** Deliver a non-delivery report to the ** Postmaster-designate (not necessarily ** Postmaster). This does not include the ** body of the message, for privacy reasons. ** You really shouldn't need this. */ e->e_flags |= EF_PM_NOTIFY; /* check to see if there are any good addresses */ for (q = e->e_errorqueue; q != NULL; q = q->q_next) { if (QS_IS_SENDABLE(q->q_state)) break; } if (q == NULL) { /* this is an error-error */ state = ESM_POSTMASTER; break; } if (returntosender(e->e_message, e->e_errorqueue, sendbody ? RTSF_SEND_BODY : RTSF_NO_BODY, e) == 0) { state = ESM_DONE; break; } /* didn't work -- return to postmaster */ state = ESM_POSTMASTER; break; case ESM_POSTMASTER: /* ** Similar to previous case, but to system postmaster. */ q = NULL; expand(DoubleBounceAddr, buf, sizeof buf, e); if (sendtolist(buf, NULLADDR, &q, 0, e) <= 0) { syserr("553 5.3.0 cannot parse %s!", buf); ExitStat = EX_SOFTWARE; state = ESM_DEADLETTERDROP; break; } flags = RTSF_PM_BOUNCE; if (sendbody) flags |= RTSF_SEND_BODY; if (returntosender(e->e_message, q, flags, e) == 0) { state = ESM_DONE; break; } /* didn't work -- last resort */ state = ESM_DEADLETTERDROP; break; case ESM_DEADLETTER: /* ** Save the message in dead.letter. ** If we weren't mailing back, and the user is ** local, we should save the message in ** ~/dead.letter so that the poor person doesn't ** have to type it over again -- and we all know ** what poor typists UNIX users are. */ p = NULL; if (bitnset(M_HASPWENT, e->e_from.q_mailer->m_flags)) { if (e->e_from.q_home != NULL) p = e->e_from.q_home; else if ((pw = sm_getpwnam(e->e_from.q_user)) != NULL && *pw->pw_dir != '\0') p = pw->pw_dir; } if (p == NULL || e->e_dfp == NULL) { /* no local directory or no data file */ state = ESM_MAIL; break; } /* we have a home directory; write dead.letter */ define('z', p, e); /* get the sender for the UnixFromLine */ p = macvalue('g', e); define('g', e->e_sender, e); expand("\201z/dead.letter", buf, sizeof buf, e); sff = SFF_CREAT|SFF_REGONLY|SFF_RUNASREALUID; if (RealUid == 0) sff |= SFF_ROOTOK; e->e_to = buf; if (writable(buf, NULL, sff) && mailfile(buf, FileMailer, NULL, sff, e) == EX_OK) { int oldverb = Verbose; if (OpMode != MD_DAEMON && OpMode != MD_SMTP) Verbose = 1; if (Verbose > 0) message("Saved message in %s", buf); Verbose = oldverb; define('g', p, e); state = ESM_DONE; break; } define('g', p, e); state = ESM_MAIL; break; case ESM_DEADLETTERDROP: /* ** Log the mail in DeadLetterDrop file. */ if (e->e_class < 0) { state = ESM_DONE; break; } if ((SafeFileEnv != NULL && SafeFileEnv[0] != '\0') || DeadLetterDrop == NULL || DeadLetterDrop[0] == '\0') { state = ESM_PANIC; break; } sff = SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT|SFF_MUSTOWN; if (!writable(DeadLetterDrop, NULL, sff) || (fp = safefopen(DeadLetterDrop, O_WRONLY|O_APPEND, FileMode, sff)) == NULL) { state = ESM_PANIC; break; } memset(&mcibuf, '\0', sizeof mcibuf); mcibuf.mci_out = fp; mcibuf.mci_mailer = FileMailer; if (bitnset(M_7BITS, FileMailer->m_flags)) mcibuf.mci_flags |= MCIF_7BIT; /* get the sender for the UnixFromLine */ p = macvalue('g', e); define('g', e->e_sender, e); putfromline(&mcibuf, e); (*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER); (*e->e_putbody)(&mcibuf, e, NULL); putline("\n", &mcibuf); (void) fflush(fp); if (ferror(fp) || fclose(fp) < 0) state = ESM_PANIC; else { int oldverb = Verbose; if (OpMode != MD_DAEMON && OpMode != MD_SMTP) Verbose = 1; if (Verbose > 0) message("Saved message in %s", DeadLetterDrop); Verbose = oldverb; if (LogLevel > 3) sm_syslog(LOG_NOTICE, e->e_id, "Saved message in %s", DeadLetterDrop); state = ESM_DONE; } define('g', p, e); break; default: syserr("554 5.3.5 savemail: unknown state %d", state); /* FALLTHROUGH */ case ESM_PANIC: /* leave the locked queue & transcript files around */ loseqfile(e, "savemail panic"); errno = 0; syserr("!554 savemail: cannot save rejected email anywhere"); } } } /* ** RETURNTOSENDER -- return a message to the sender with an error. ** ** Parameters: ** msg -- the explanatory message. ** returnq -- the queue of people to send the message to. ** flags -- flags tweaking the operation: ** RTSF_SENDBODY -- include body of message (otherwise ** just send the header). ** RTSF_PMBOUNCE -- this is a postmaster bounce. ** e -- the current envelope. ** ** Returns: ** zero -- if everything went ok. ** else -- some error. ** ** Side Effects: ** Returns the current message to the sender via ** mail. */ #define MAXRETURNS 6 /* max depth of returning messages */ #define ERRORFUDGE 100 /* nominal size of error message text */ int returntosender(msg, returnq, flags, e) char *msg; ADDRESS *returnq; int flags; register ENVELOPE *e; { register ENVELOPE *ee; ENVELOPE *oldcur = CurEnv; ENVELOPE errenvelope; static int returndepth = 0; register ADDRESS *q; char *p; char buf[MAXNAME + 1]; if (returnq == NULL) return -1; if (msg == NULL) msg = "Unable to deliver mail"; if (tTd(6, 1)) { dprintf("\n*** Return To Sender: msg=\"%s\", depth=%d, e=%lx, returnq=", msg, returndepth, (u_long) e); printaddr(returnq, TRUE); if (tTd(6, 20)) { dprintf("Sendq="); printaddr(e->e_sendqueue, TRUE); } } if (++returndepth >= MAXRETURNS) { if (returndepth != MAXRETURNS) syserr("554 5.3.0 returntosender: infinite recursion on %s", returnq->q_paddr); /* don't "unrecurse" and fake a clean exit */ /* returndepth--; */ return 0; } define('g', e->e_sender, e); define('u', NULL, e); /* initialize error envelope */ ee = newenvelope(&errenvelope, e); define('a', "\201b", ee); define('r', "", ee); define('s', "localhost", ee); define('_', "localhost", ee); #if SASL define(macid("{auth_type}", NULL), "", ee); define(macid("{auth_authen}", NULL), "", ee); define(macid("{auth_author}", NULL), "", ee); define(macid("{auth_ssf}", NULL), "", ee); #endif /* SASL */ #if STARTTLS define(macid("{cert_issuer}", NULL), "", ee); define(macid("{cert_subject}", NULL), "", ee); define(macid("{cipher_bits}", NULL), "", ee); define(macid("{cipher}", NULL), "", ee); define(macid("{tls_version}", NULL), "", ee); define(macid("{verify}", NULL), "", ee); # if _FFR_TLS_1 define(macid("{alg_bits}", NULL), "", ee); define(macid("{cn_issuer}", NULL), "", ee); define(macid("{cn_subject}", NULL), "", ee); # endif /* _FFR_TLS_1 */ #endif /* STARTTLS */ ee->e_puthdr = putheader; ee->e_putbody = errbody; ee->e_flags |= EF_RESPONSE|EF_METOO; if (!bitset(EF_OLDSTYLE, e->e_flags)) ee->e_flags &= ~EF_OLDSTYLE; if (bitset(EF_DONT_MIME, e->e_flags)) { ee->e_flags |= EF_DONT_MIME; /* ** If we can't convert to MIME and we don't pass ** 8-bit, we can't send the body. */ if (bitset(EF_HAS8BIT, e->e_flags) && !bitset(MM_PASS8BIT, MimeMode)) flags &= ~RTSF_SEND_BODY; } ee->e_sendqueue = returnq; ee->e_msgsize = ERRORFUDGE; if (bitset(RTSF_SEND_BODY, flags) && !bitset(PRIV_NOBODYRETN, PrivacyFlags)) ee->e_msgsize += e->e_msgsize; else ee->e_flags |= EF_NO_BODY_RETN; initsys(ee); #if NAMED_BIND _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; #endif /* NAMED_BIND */ for (q = returnq; q != NULL; q = q->q_next) { if (QS_IS_BADADDR(q->q_state)) continue; q->q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); q->q_flags |= QPINGONFAILURE; if (!QS_IS_DEAD(q->q_state)) ee->e_nrcpts++; if (q->q_alias == NULL) addheader("To", q->q_paddr, 0, &ee->e_header); } if (LogLevel > 5) { if (bitset(EF_RESPONSE, e->e_flags)) p = "return to sender"; else if (bitset(EF_WARNING, e->e_flags)) p = "sender notify"; else if (bitset(RTSF_PM_BOUNCE, flags)) p = "postmaster notify"; else p = "DSN"; sm_syslog(LOG_INFO, e->e_id, "%s: %s: %s", ee->e_id, p, shortenstring(msg, MAXSHORTSTR)); } if (SendMIMEErrors) { addheader("MIME-Version", "1.0", 0, &ee->e_header); (void) snprintf(buf, sizeof buf, "%s.%ld/%.100s", ee->e_id, (long) curtime(), MyHostName); ee->e_msgboundary = newstr(buf); (void) snprintf(buf, sizeof buf, #if DSN "multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"", #else /* DSN */ "multipart/mixed; boundary=\"%s\"", #endif /* DSN */ ee->e_msgboundary); addheader("Content-Type", buf, 0, &ee->e_header); p = hvalue("Content-Transfer-Encoding", e->e_header); if (p != NULL && strcasecmp(p, "binary") != 0) p = NULL; if (p == NULL && bitset(EF_HAS8BIT, e->e_flags)) p = "8bit"; if (p != NULL) addheader("Content-Transfer-Encoding", p, 0, &ee->e_header); } if (strncmp(msg, "Warning:", 8) == 0) { addheader("Subject", msg, 0, &ee->e_header); p = "warning-timeout"; } else if (strncmp(msg, "Postmaster warning:", 19) == 0) { addheader("Subject", msg, 0, &ee->e_header); p = "postmaster-warning"; } else if (strcmp(msg, "Return receipt") == 0) { addheader("Subject", msg, 0, &ee->e_header); p = "return-receipt"; } else if (bitset(RTSF_PM_BOUNCE, flags)) { snprintf(buf, sizeof buf, "Postmaster notify: see transcript for details"); addheader("Subject", buf, 0, &ee->e_header); p = "postmaster-notification"; } else { snprintf(buf, sizeof buf, "Returned mail: see transcript for details"); addheader("Subject", buf, 0, &ee->e_header); p = "failure"; } (void) snprintf(buf, sizeof buf, "auto-generated (%s)", p); addheader("Auto-Submitted", buf, 0, &ee->e_header); /* fake up an address header for the from person */ expand("\201n", buf, sizeof buf, e); if (parseaddr(buf, &ee->e_from, RF_COPYALL|RF_SENDERADDR, '\0', NULL, e) == NULL) { syserr("553 5.3.5 Can't parse myself!"); ExitStat = EX_SOFTWARE; returndepth--; return -1; } ee->e_from.q_flags &= ~(QHASNOTIFY|Q_PINGFLAGS); ee->e_from.q_flags |= QPINGONFAILURE; ee->e_sender = ee->e_from.q_paddr; /* push state into submessage */ CurEnv = ee; define('f', "\201n", ee); define('x', "Mail Delivery Subsystem", ee); eatheader(ee, TRUE); /* mark statistics */ markstats(ee, NULLADDR, FALSE); /* actually deliver the error message */ sendall(ee, SM_DELIVER); /* restore state */ dropenvelope(ee, TRUE); CurEnv = oldcur; returndepth--; /* check for delivery errors */ if (ee->e_parent == NULL || !bitset(EF_RESPONSE, ee->e_parent->e_flags)) return 0; for (q = ee->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_ATTEMPTED(q->q_state)) return 0; } return -1; } /* ** ERRBODY -- output the body of an error message. ** ** Typically this is a copy of the transcript plus a copy of the ** original offending message. ** ** Parameters: ** mci -- the mailer connection information. ** e -- the envelope we are working in. ** separator -- any possible MIME separator. ** ** Returns: ** none ** ** Side Effects: ** Outputs the body of an error message. */ /* ARGSUSED2 */ static void errbody(mci, e, separator) register MCI *mci; register ENVELOPE *e; char *separator; { bool printheader; bool sendbody; bool pm_notify; int save_errno; register FILE *xfile; char *p; register ADDRESS *q = NULL; char buf[MAXLINE]; if (bitset(MCIF_INHEADER, mci->mci_flags)) { putline("", mci); mci->mci_flags &= ~MCIF_INHEADER; } if (e->e_parent == NULL) { syserr("errbody: null parent"); putline(" ----- Original message lost -----\n", mci); return; } /* ** Output MIME header. */ if (e->e_msgboundary != NULL) { putline("This is a MIME-encapsulated message", mci); putline("", mci); (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("", mci); } /* ** Output introductory information. */ pm_notify = FALSE; p = hvalue("subject", e->e_header); if (p != NULL && strncmp(p, "Postmaster ", 11) == 0) pm_notify = TRUE; else { for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_BADADDR(q->q_state)) break; } } if (!pm_notify && q == NULL && !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags)) { putline(" **********************************************", mci); putline(" ** THIS IS A WARNING MESSAGE ONLY **", mci); putline(" ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **", mci); putline(" **********************************************", mci); putline("", mci); } snprintf(buf, sizeof buf, "The original message was received at %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); expand("from \201_", buf, sizeof buf, e->e_parent); putline(buf, mci); /* include id in postmaster copies */ if (pm_notify && e->e_parent->e_id != NULL) { snprintf(buf, sizeof buf, "with id %s", e->e_parent->e_id); putline(buf, mci); } putline("", mci); /* ** Output error message header (if specified and available). */ if (ErrMsgFile != NULL && !bitset(EF_SENDRECEIPT, e->e_parent->e_flags)) { if (*ErrMsgFile == '/') { long sff = SFF_ROOTOK|SFF_REGONLY; if (DontLockReadFiles) sff |= SFF_NOLOCK; if (!bitnset(DBS_ERRORHEADERINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; xfile = safefopen(ErrMsgFile, O_RDONLY, 0444, sff); if (xfile != NULL) { while (fgets(buf, sizeof buf, xfile) != NULL) { translate_dollars(buf); expand(buf, buf, sizeof buf, e); putline(buf, mci); } (void) fclose(xfile); putline("\n", mci); } } else { expand(ErrMsgFile, buf, sizeof buf, e); putline(buf, mci); putline("", mci); } } /* ** Output message introduction */ printheader = TRUE; for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) { if (!QS_IS_BADADDR(q->q_state) || !bitset(QPINGONFAILURE, q->q_flags)) continue; if (printheader) { putline(" ----- The following addresses had permanent fatal errors -----", mci); printheader = FALSE; } snprintf(buf, sizeof buf, "%s", shortenstring(q->q_paddr, MAXSHORTSTR)); putline(buf, mci); if (q->q_rstatus != NULL) { snprintf(buf, sizeof buf, " (reason: %s)", shortenstring(exitstat(q->q_rstatus), MAXSHORTSTR)); putline(buf, mci); } if (q->q_alias != NULL) { snprintf(buf, sizeof buf, " (expanded from: %s)", shortenstring(q->q_alias->q_paddr, MAXSHORTSTR)); putline(buf, mci); } } if (!printheader) putline("", mci); printheader = TRUE; for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_BADADDR(q->q_state) || !bitset(QPRIMARY, q->q_flags) || !bitset(QDELAYED, q->q_flags)) continue; if (printheader) { putline(" ----- The following addresses had transient non-fatal errors -----", mci); printheader = FALSE; } snprintf(buf, sizeof buf, "%s", shortenstring(q->q_paddr, MAXSHORTSTR)); putline(buf, mci); if (q->q_alias != NULL) { snprintf(buf, sizeof buf, " (expanded from: %s)", shortenstring(q->q_alias->q_paddr, MAXSHORTSTR)); putline(buf, mci); } } if (!printheader) putline("", mci); printheader = TRUE; for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) { if (QS_IS_BADADDR(q->q_state) || !bitset(QPRIMARY, q->q_flags) || bitset(QDELAYED, q->q_flags)) continue; else if (!bitset(QPINGONSUCCESS, q->q_flags)) continue; else if (bitset(QRELAYED, q->q_flags)) p = "relayed to non-DSN-aware mailer"; else if (bitset(QDELIVERED, q->q_flags)) { if (bitset(QEXPANDED, q->q_flags)) p = "successfully delivered to mailing list"; else p = "successfully delivered to mailbox"; } else if (bitset(QEXPANDED, q->q_flags)) p = "expanded by alias"; else continue; if (printheader) { putline(" ----- The following addresses had successful delivery notifications -----", mci); printheader = FALSE; } snprintf(buf, sizeof buf, "%s (%s)", shortenstring(q->q_paddr, MAXSHORTSTR), p); putline(buf, mci); if (q->q_alias != NULL) { snprintf(buf, sizeof buf, " (expanded from: %s)", shortenstring(q->q_alias->q_paddr, MAXSHORTSTR)); putline(buf, mci); } } if (!printheader) putline("", mci); /* ** Output transcript of errors */ (void) fflush(stdout); if (e->e_parent->e_xfp == NULL) { putline(" ----- Transcript of session is unavailable -----\n", mci); } else { printheader = TRUE; (void) bfrewind(e->e_parent->e_xfp); if (e->e_xfp != NULL) (void) fflush(e->e_xfp); while (fgets(buf, sizeof buf, e->e_parent->e_xfp) != NULL) { if (printheader) putline(" ----- Transcript of session follows -----\n", mci); printheader = FALSE; putline(buf, mci); } } errno = 0; #if DSN /* ** Output machine-readable version. */ if (e->e_msgboundary != NULL) { + time_t now = curtime(); + putline("", mci); (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("Content-Type: message/delivery-status", mci); putline("", mci); /* ** Output per-message information. */ /* original envelope id from MAIL FROM: line */ if (e->e_parent->e_envid != NULL) { (void) snprintf(buf, sizeof buf, "Original-Envelope-Id: %.800s", xuntextify(e->e_parent->e_envid)); putline(buf, mci); } /* Reporting-MTA: is us (required) */ (void) snprintf(buf, sizeof buf, "Reporting-MTA: dns; %.800s", MyHostName); putline(buf, mci); /* DSN-Gateway: not relevant since we are not translating */ /* Received-From-MTA: shows where we got this message from */ if (RealHostName != NULL) { /* XXX use $s for type? */ if (e->e_parent->e_from.q_mailer == NULL || (p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL) p = "dns"; (void) snprintf(buf, sizeof buf, "Received-From-MTA: %s; %.800s", p, RealHostName); putline(buf, mci); } /* Arrival-Date: -- when it arrived here */ (void) snprintf(buf, sizeof buf, "Arrival-Date: %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); /* ** Output per-address information. */ for (q = e->e_parent->e_sendqueue; q != NULL; q = q->q_next) { register ADDRESS *r; char *action; if (QS_IS_BADADDR(q->q_state)) + { + /* RFC 1891, 6.2.6 (b) */ + if (bitset(QHASNOTIFY, q->q_flags) && + !bitset(QPINGONFAILURE, q->q_flags)) + continue; action = "failed"; + } else if (!bitset(QPRIMARY, q->q_flags)) continue; else if (bitset(QDELIVERED, q->q_flags)) { if (bitset(QEXPANDED, q->q_flags)) action = "delivered (to mailing list)"; else action = "delivered (to mailbox)"; } else if (bitset(QRELAYED, q->q_flags)) action = "relayed (to non-DSN-aware mailer)"; else if (bitset(QEXPANDED, q->q_flags)) action = "expanded (to multi-recipient alias)"; else if (bitset(QDELAYED, q->q_flags)) action = "delayed"; else continue; putline("", mci); /* Original-Recipient: -- passed from on high */ if (q->q_orcpt != NULL) { (void) snprintf(buf, sizeof buf, "Original-Recipient: %.800s", q->q_orcpt); putline(buf, mci); } /* Final-Recipient: -- the name from the RCPT command */ p = e->e_parent->e_from.q_mailer->m_addrtype; if (p == NULL) p = "rfc822"; for (r = q; r->q_alias != NULL; r = r->q_alias) continue; if (strcasecmp(p, "rfc822") != 0) { (void) snprintf(buf, sizeof buf, "Final-Recipient: %s; %.800s", r->q_mailer->m_addrtype, r->q_user); } else if (strchr(r->q_user, '@') != NULL) { (void) snprintf(buf, sizeof buf, "Final-Recipient: %s; %.800s", p, r->q_user); } else if (strchr(r->q_paddr, '@') != NULL) { char *qp; bool b; qp = r->q_paddr; /* strip brackets from address */ b = FALSE; if (*qp == '<') { b = qp[strlen(qp) - 1] == '>'; if (b) qp[strlen(qp) - 1] = '\0'; qp++; } (void) snprintf(buf, sizeof buf, "Final-Recipient: %s; %.800s", p, qp); /* undo damage */ if (b) qp[strlen(qp)] = '>'; } else { (void) snprintf(buf, sizeof buf, "Final-Recipient: %s; %.700s@%.100s", p, r->q_user, MyHostName); } putline(buf, mci); /* X-Actual-Recipient: -- the real problem address */ if (r != q && q->q_user[0] != '\0') { if (q->q_mailer != NULL && q->q_mailer->m_addrtype != NULL) p = q->q_mailer->m_addrtype; else p = "rfc822"; if (strcasecmp(p, "rfc822") == 0 && strchr(q->q_user, '@') == NULL) { (void) snprintf(buf, sizeof buf, "X-Actual-Recipient: %s; %.700s@%.100s", p, q->q_user, MyHostName); } else { (void) snprintf(buf, sizeof buf, "X-Actual-Recipient: %s; %.800s", p, q->q_user); } putline(buf, mci); } /* Action: -- what happened? */ snprintf(buf, sizeof buf, "Action: %s", action); putline(buf, mci); /* Status: -- what _really_ happened? */ if (q->q_status != NULL) p = q->q_status; else if (QS_IS_BADADDR(q->q_state)) p = "5.0.0"; else if (QS_IS_QUEUEUP(q->q_state)) p = "4.0.0"; else p = "2.0.0"; snprintf(buf, sizeof buf, "Status: %s", p); putline(buf, mci); /* Remote-MTA: -- who was I talking to? */ if (q->q_statmta != NULL) { if (q->q_mailer == NULL || (p = q->q_mailer->m_mtatype) == NULL) p = "dns"; (void) snprintf(buf, sizeof buf, "Remote-MTA: %s; %.800s", p, q->q_statmta); p = &buf[strlen(buf) - 1]; if (*p == '.') *p = '\0'; putline(buf, mci); } /* Diagnostic-Code: -- actual result from other end */ if (q->q_rstatus != NULL) { p = q->q_mailer->m_diagtype; if (p == NULL) p = "smtp"; (void) snprintf(buf, sizeof buf, "Diagnostic-Code: %s; %.800s", p, q->q_rstatus); putline(buf, mci); } /* Last-Attempt-Date: -- fine granularity */ if (q->q_statdate == (time_t) 0L) - q->q_statdate = curtime(); + q->q_statdate = now; (void) snprintf(buf, sizeof buf, "Last-Attempt-Date: %s", arpadate(ctime(&q->q_statdate))); putline(buf, mci); /* Will-Retry-Until: -- for delayed messages only */ if (QS_IS_QUEUEUP(q->q_state)) { time_t xdate; xdate = e->e_parent->e_ctime + TimeOuts.to_q_return[e->e_parent->e_timeoutclass]; snprintf(buf, sizeof buf, "Will-Retry-Until: %s", arpadate(ctime(&xdate))); putline(buf, mci); } } } #endif /* DSN */ /* ** Output text of original message */ putline("", mci); if (bitset(EF_HAS_DF, e->e_parent->e_flags)) { sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) && !bitset(EF_NO_BODY_RETN, e->e_flags); if (e->e_msgboundary == NULL) { if (sendbody) putline(" ----- Original message follows -----\n", mci); else putline(" ----- Message header follows -----\n", mci); } else { (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); (void) snprintf(buf, sizeof buf, "Content-Type: %s", sendbody ? "message/rfc822" : "text/rfc822-headers"); putline(buf, mci); p = hvalue("Content-Transfer-Encoding", e->e_parent->e_header); if (p != NULL && strcasecmp(p, "binary") != 0) p = NULL; if (p == NULL && bitset(EF_HAS8BIT, e->e_parent->e_flags)) p = "8bit"; if (p != NULL) { (void) snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s", p); putline(buf, mci); } } putline("", mci); save_errno = errno; putheader(mci, e->e_parent->e_header, e->e_parent, M87F_OUTER); errno = save_errno; if (sendbody) putbody(mci, e->e_parent, e->e_msgboundary); else if (e->e_msgboundary == NULL) { putline("", mci); putline(" ----- Message body suppressed -----", mci); } } else if (e->e_msgboundary == NULL) { putline(" ----- No message was collected -----\n", mci); } if (e->e_msgboundary != NULL) { putline("", mci); (void) snprintf(buf, sizeof buf, "--%s--", e->e_msgboundary); putline(buf, mci); } putline("", mci); (void) fflush(mci->mci_out); /* ** Cleanup and exit */ if (errno != 0) syserr("errbody: I/O error"); } /* ** SMTPTODSN -- convert SMTP to DSN status code ** ** Parameters: ** smtpstat -- the smtp status code (e.g., 550). ** ** Returns: ** The DSN version of the status code. */ char * smtptodsn(smtpstat) int smtpstat; { if (smtpstat < 0) return "4.4.2"; switch (smtpstat) { case 450: /* Req mail action not taken: mailbox unavailable */ return "4.2.0"; case 451: /* Req action aborted: local error in processing */ return "4.3.0"; case 452: /* Req action not taken: insufficient sys storage */ return "4.3.1"; case 500: /* Syntax error, command unrecognized */ return "5.5.2"; case 501: /* Syntax error in parameters or arguments */ return "5.5.4"; case 502: /* Command not implemented */ return "5.5.1"; case 503: /* Bad sequence of commands */ return "5.5.1"; case 504: /* Command parameter not implemented */ return "5.5.4"; case 550: /* Req mail action not taken: mailbox unavailable */ return "5.2.0"; case 551: /* User not local; please try <...> */ return "5.1.6"; case 552: /* Req mail action aborted: exceeded storage alloc */ return "5.2.2"; case 553: /* Req action not taken: mailbox name not allowed */ return "5.1.0"; case 554: /* Transaction failed */ return "5.0.0"; } if ((smtpstat / 100) == 2) return "2.0.0"; if ((smtpstat / 100) == 4) return "4.0.0"; return "5.0.0"; } /* ** XTEXTIFY -- take regular text and turn it into DSN-style xtext ** ** Parameters: ** t -- the text to convert. ** taboo -- additional characters that must be encoded. ** ** Returns: ** The xtext-ified version of the same string. */ char * xtextify(t, taboo) register char *t; char *taboo; { register char *p; int l; int nbogus; static char *bp = NULL; static int bplen = 0; if (taboo == NULL) taboo = ""; /* figure out how long this xtext will have to be */ nbogus = l = 0; for (p = t; *p != '\0'; p++) { register int c = (*p & 0xff); /* ASCII dependence here -- this is the way the spec words it */ if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' || strchr(taboo, c) != NULL) nbogus++; l++; } if (nbogus == 0) return t; l += nbogus * 2 + 1; /* now allocate space if necessary for the new string */ if (l > bplen) { if (bp != NULL) free(bp); bp = xalloc(l); bplen = l; } /* ok, copy the text with byte expansion */ for (p = bp; *t != '\0'; ) { register int c = (*t++ & 0xff); /* ASCII dependence here -- this is the way the spec words it */ if (c < '!' || c > '~' || c == '+' || c == '\\' || c == '(' || strchr(taboo, c) != NULL) { *p++ = '+'; *p++ = "0123456789ABCDEF"[c >> 4]; *p++ = "0123456789ABCDEF"[c & 0xf]; } else *p++ = c; } *p = '\0'; return bp; } /* ** XUNTEXTIFY -- take xtext and turn it into plain text ** ** Parameters: ** t -- the xtextified text. ** ** Returns: ** The decoded text. No attempt is made to deal with ** null strings in the resulting text. */ char * xuntextify(t) register char *t; { register char *p; int l; static char *bp = NULL; static int bplen = 0; /* heuristic -- if no plus sign, just return the input */ if (strchr(t, '+') == NULL) return t; /* xtext is always longer than decoded text */ l = strlen(t); if (l > bplen) { if (bp != NULL) free(bp); bp = xalloc(l); bplen = l; } /* ok, copy the text with byte compression */ for (p = bp; *t != '\0'; t++) { register int c = *t & 0xff; if (c != '+') { *p++ = c; continue; } c = *++t & 0xff; if (!isascii(c) || !isxdigit(c)) { /* error -- first digit is not hex */ usrerr("bogus xtext: +%c", c); t--; continue; } if (isdigit(c)) c -= '0'; else if (isupper(c)) c -= 'A' - 10; else c -= 'a' - 10; *p = c << 4; c = *++t & 0xff; if (!isascii(c) || !isxdigit(c)) { /* error -- second digit is not hex */ usrerr("bogus xtext: +%x%c", *p >> 4, c); t--; continue; } if (isdigit(c)) c -= '0'; else if (isupper(c)) c -= 'A' - 10; else c -= 'a' - 10; *p++ |= c; } *p = '\0'; return bp; } /* ** XTEXTOK -- check if a string is legal xtext ** ** Xtext is used in Delivery Status Notifications. The spec was ** taken from RFC 1891, ``SMTP Service Extension for Delivery ** Status Notifications''. ** ** Parameters: ** s -- the string to check. ** ** Returns: ** TRUE -- if 's' is legal xtext. ** FALSE -- if it has any illegal characters in it. */ bool xtextok(s) char *s; { int c; while ((c = *s++) != '\0') { if (c == '+') { c = *s++; if (!isascii(c) || !isxdigit(c)) return FALSE; c = *s++; if (!isascii(c) || !isxdigit(c)) return FALSE; } else if (c < '!' || c > '~' || c == '=') return FALSE; } return TRUE; } /* ** PRUNEROUTE -- prune an RFC-822 source route ** ** Trims down a source route to the last internet-registered hop. ** This is encouraged by RFC 1123 section 5.3.3. ** ** Parameters: ** addr -- the address ** ** Returns: ** TRUE -- address was modified ** FALSE -- address could not be pruned ** ** Side Effects: ** modifies addr in-place */ static bool pruneroute(addr) char *addr; { #if NAMED_BIND char *start, *at, *comma; char c; int rcode; int i; char hostbuf[BUFSIZ]; char *mxhosts[MAXMXHOSTS + 1]; /* check to see if this is really a route-addr */ if (*addr != '<' || addr[1] != '@' || addr[strlen(addr) - 1] != '>') return FALSE; start = strchr(addr, ':'); at = strrchr(addr, '@'); if (start == NULL || at == NULL || at < start) return FALSE; /* slice off the angle brackets */ i = strlen(at + 1); if (i >= (SIZE_T) sizeof hostbuf) return FALSE; (void) strlcpy(hostbuf, at + 1, sizeof hostbuf); hostbuf[i - 1] = '\0'; while (start) { if (getmxrr(hostbuf, mxhosts, NULL, FALSE, &rcode) > 0) { (void) strlcpy(addr + 1, start + 1, strlen(addr) - 1); return TRUE; } c = *start; *start = '\0'; comma = strrchr(addr, ','); if (comma != NULL && comma[1] == '@' && strlen(comma + 2) < (SIZE_T) sizeof hostbuf) (void) strlcpy(hostbuf, comma + 2, sizeof hostbuf); else comma = NULL; *start = c; start = comma; } #endif /* NAMED_BIND */ return FALSE; } Index: stable/4/contrib/sendmail/src/sendmail.8 =================================================================== --- stable/4/contrib/sendmail/src/sendmail.8 (revision 71887) +++ stable/4/contrib/sendmail/src/sendmail.8 (revision 71888) @@ -1,692 +1,692 @@ .\" Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1983, 1997 Eric P. Allman. All rights reserved. .\" Copyright (c) 1988, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: sendmail.8,v 8.36.8.2 2000/09/07 21:14:00 ca Exp $ +.\" $Id: sendmail.8,v 8.36.8.3 2000/12/14 23:08:15 gshapiro Exp $ .\" .\" $FreeBSD$ .\" -.TH SENDMAIL 8 "$Date: 2000/09/07 21:14:00 $" +.TH SENDMAIL 8 "$Date: 2000/12/14 23:08:15 $" .SH NAME -.B sendmail +sendmail \- an electronic mail transport agent .SH SYNOPSIS .B sendmail .RI [ flags "] [" "address ..." ] .br .B newaliases .br .B mailq .RB [ \-v ] .br .B hoststat .br .B purgestat .br .B smtpd .SH DESCRIPTION .B Sendmail sends a message to one or more .I recipients, routing the message over whatever networks are necessary. .B Sendmail does internetwork forwarding as necessary to deliver the message to the correct place. .PP .B Sendmail is not intended as a user interface routine; other programs provide user-friendly front ends; .B sendmail is used only to deliver pre-formatted messages. .PP With no flags, .B sendmail reads its standard input up to an end-of-file or a line consisting only of a single dot and sends a copy of the message found there to all of the addresses listed. It determines the network(s) to use based on the syntax and contents of the addresses. .PP Local addresses are looked up in a file and aliased appropriately. Aliasing can be prevented by preceding the address with a backslash. Beginning with 8.10, the sender is included in any alias expansions, e.g., if `john' sends to `group', and `group' includes `john' in the expansion, then the letter will also be delivered to `john'. .SS Parameters .TP .BI \-B type Set the body type to .IR type . Current legal values are 7BIT or 8BITMIME. .TP .B \-ba Go into ARPANET mode. All input lines must end with a CR-LF, and all messages will be generated with a CR-LF at the end. Also, the ``From:'' and ``Sender:'' fields are examined for the name of the sender. .TP .B \-bd Run as a daemon. This requires Berkeley IPC. .B Sendmail will fork and run in background listening on socket 25 for incoming SMTP connections. This is normally run from /etc/rc. .TP .B \-bD Same as .B \-bd except runs in foreground. .TP .B \-bh Print the persistent host status database. .TP .B \-bH Purge expired entries from the persistent host status database. .TP .B \-bi Initialize the alias database. .TP .B \-bm Deliver mail in the usual way (default). .TP .B \-bp Print a listing of the queue. .TP .B \-bs Use the SMTP protocol as described in RFC821 on standard input and output. This flag implies all the operations of the .B \-ba flag that are compatible with SMTP. .TP .B \-bt Run in address test mode. This mode reads addresses and shows the steps in parsing; it is used for debugging configuration tables. .TP .B \-bv Verify names only \- do not try to collect or deliver a message. Verify mode is normally used for validating users or mailing lists. .TP .BI \-C file Use alternate configuration file. .B Sendmail refuses to run as root if an alternate configuration file is specified. .TP .BI \-d X Set debugging value to .IR X . .ne 1i .TP .BI \-F fullname Set the full name of the sender. .TP .BI \-f name Sets the name of the ``from'' person (i.e., the envelope sender of the mail). This address may also be used in the From: header if that header is missing during initial submission. The envelope sender address is used as the recipient for delivery status notifications and may also appear in a Return-Path: header. .B \-f should only be used by ``trusted'' users (normally .IR root ", " daemon , and .IR network ) or if the person you are trying to become is the same as the person you are. Otherwise, an X-Authentication-Warning header will be added to the message. .TP .BI \-G Relay (gateway) submission of a message, e.g., when .BR rmail calls .B sendmail . .TP .BI \-h N Set the hop count to .IR N . The hop count is incremented every time the mail is processed. When it reaches a limit, the mail is returned with an error message, the victim of an aliasing loop. If not specified, ``Received:'' lines in the message are counted. .TP .B \-i Ignore dots alone on lines by themselves in incoming messages. This should be set if you are reading data from a file. .TP .BI "\-L " tag Set the identifier used in syslog messages to the supplied .IR tag . .TP .BI "\-N " dsn Set delivery status notification conditions to .IR dsn , which can be `never' for no notifications or a comma separated list of the values `failure' to be notified if delivery failed, `delay' to be notified if delivery is delayed, and `success' to be notified when the message is successfully delivered. .TP .B \-n Don't do aliasing. .TP \fB\-O\fP \fIoption\fR=\fIvalue\fR Set option .I option to the specified .IR value . This form uses long names. See below for more details. .TP .BI \-o "x value" Set option .I x to the specified .IR value . This form uses single character names only. The short names are not described in this manual page; see the .I "Sendmail Installation and Operation Guide" for details. .TP .BI \-p protocol Set the name of the protocol used to receive the message. This can be a simple protocol name such as ``UUCP'' or a protocol and hostname, such as ``UUCP:ucbvax''. .TP \fB\-q\fR[\fItime\fR] Processed saved messages in the queue at given intervals. If .I time is omitted, process the queue once. .I Time is given as a tagged number, with `s' being seconds, `m' being minutes, `h' being hours, `d' being days, and `w' being weeks. For example, `\-q1h30m' or `\-q90m' would both set the timeout to one hour thirty minutes. If .I time is specified, .B sendmail will run in the background. This option can be used safely with .BR \-bd . .TP .BI \-qI substr Limit processed jobs to those containing .I substr as a substring of the queue id. .TP .BI \-qR substr Limit processed jobs to those containing .I substr as a substring of one of the recipients. .TP .BI \-qS substr Limit processed jobs to those containing .I substr as a substring of the sender. .TP .BI "\-R " return Set the amount of the message to be returned if the message bounces. The .I return parameter can be `full' to return the entire message or `hdrs' to return only the headers. In the latter case also local bounces return only the headers. .TP .BI \-r name An alternate and obsolete form of the .B \-f flag. .TP .B \-t Read message for recipients. To:, Cc:, and Bcc: lines will be scanned for recipient addresses. The Bcc: line will be deleted before transmission. .TP .B \-U Initial (user) submission. This should .I always be set when called from a user agent such as .B Mail or .B exmh and .I never be set when called by a network delivery agent such as .BR rmail . .TP .BI "\-V " envid Set the original envelope id. This is propagated across SMTP to servers that support DSNs and is returned in DSN-compliant error messages. .TP .B \-v Go into verbose mode. Alias expansions will be announced, etc. .TP .BI "\-X " logfile Log all traffic in and out of mailers in the indicated log file. This should only be used as a last resort for debugging mailer bugs. It will log a lot of data very quickly. .TP .B \-\- Stop processing command flags and use the rest of the arguments as addresses. .SS Options There are also a number of processing options that may be set. Normally these will only be used by a system administrator. Options may be set either on the command line using the .B \-o flag (for short names), the .B \-O flag (for long names), or in the configuration file. This is a partial list limited to those options that are likely to be useful on the command line and only shows the long names; for a complete list (and details), consult the .IR "Sendmail Installation and Operation Guide" . The options are: .TP .RI AliasFile= file Use alternate alias file. .TP HoldExpensive On mailers that are considered ``expensive'' to connect to, don't initiate immediate connection. This requires queueing. .TP .RI CheckpointInterval= N Checkpoint the queue file after every .I N successful deliveries (default 10). This avoids excessive duplicate deliveries when sending to long mailing lists interrupted by system crashes. .ne 1i .TP .RI DeliveryMode= x Set the delivery mode to .IR x . Delivery modes are `i' for interactive (synchronous) delivery, `b' for background (asynchronous) delivery, `q' for queue only \- i.e., actual delivery is done the next time the queue is run, and `d' for deferred \- the same as `q' except that database lookups for maps which have set the \-D option (default for the host map) are avoided. .TP .RI ErrorMode= x Set error processing to mode .IR x . Valid modes are `m' to mail back the error message, `w' to ``write'' back the error message (or mail it back if the sender is not logged in), `p' to print the errors on the terminal (default), `q' to throw away error messages (only exit status is returned), and `e' to do special processing for the BerkNet. If the text of the message is not mailed back by modes `m' or `w' and if the sender is local to this machine, a copy of the message is appended to the file .I dead.letter in the sender's home directory. .TP SaveFromLine Save UNIX-style From lines at the front of messages. .TP .RI MaxHopCount= N The maximum number of times a message is allowed to ``hop'' before we decide it is in a loop. .TP IgnoreDots Do not take dots on a line by themselves as a message terminator. .TP SendMimeErrors Send error messages in MIME format. If not set, the DSN (Delivery Status Notification) SMTP extension is disabled. .TP .RI ConnectionCacheTimeout= timeout Set connection cache timeout. .TP .RI ConnectionCacheSize= N Set connection cache size. .TP .RI LogLevel= n The log level. .TP .RI MeToo= False Don't send to ``me'' (the sender) if I am in an alias expansion. .TP CheckAliases Validate the right hand side of aliases during a newaliases(1) command. .TP OldStyleHeaders If set, this message may have old style headers. If not set, this message is guaranteed to have new style headers (i.e., commas instead of spaces between addresses). If set, an adaptive algorithm is used that will correctly determine the header format in most cases. .TP .RI QueueDirectory= queuedir Select the directory in which to queue messages. .TP .RI StatusFile= file Save statistics in the named file. .TP .RI Timeout.queuereturn= time Set the timeout on undelivered messages in the queue to the specified time. After delivery has failed (e.g., because of a host being down) for this amount of time, failed messages will be returned to the sender. The default is five days. .TP .RI UserDatabaseSpec= userdatabase If set, a user database is consulted to get forwarding information. You can consider this an adjunct to the aliasing mechanism, except that the database is intended to be distributed; aliases are local to a particular host. This may not be available if your sendmail does not have the USERDB option compiled in. .TP ForkEachJob Fork each job during queue runs. May be convenient on memory-poor machines. .TP SevenBitInput Strip incoming messages to seven bits. .TP .RI EightBitMode= mode Set the handling of eight bit input to seven bit destinations to .IR mode : m (mimefy) will convert to seven-bit MIME format, p (pass) will pass it as eight bits (but violates protocols), and s (strict) will bounce the message. .TP .RI MinQueueAge= timeout Sets how long a job must ferment in the queue between attempts to send it. .TP .RI DefaultCharSet= charset Sets the default character set used to label 8-bit data that is not otherwise labelled. .TP .RI DialDelay= sleeptime If opening a connection fails, sleep for .I sleeptime seconds and try again. Useful on dial-on-demand sites. .TP .RI NoRecipientAction= action Set the behaviour when there are no recipient headers (To:, Cc: or Bcc:) in the message to .IR action : none leaves the message unchanged, add-to adds a To: header with the envelope recipients, add-apparently-to adds an Apparently-To: header with the envelope recipients, add-bcc adds an empty Bcc: header, and add-to-undisclosed adds a header reading `To: undisclosed-recipients:;'. .TP .RI MaxDaemonChildren= N Sets the maximum number of children that an incoming SMTP daemon will allow to spawn at any time to .IR N . .TP .RI ConnectionRateThrottle= N Sets the maximum number of connections per second to the SMTP port to .IR N . .PP In aliases, the first character of a name may be a vertical bar to cause interpretation of the rest of the name as a command to pipe the mail to. It may be necessary to quote the name to keep .B sendmail from suppressing the blanks from between arguments. For example, a common alias is: .IP msgs: "|/usr/bin/msgs -s" .PP Aliases may also have the syntax .RI ``:include: filename '' to ask .B sendmail to read the named file for a list of recipients. For example, an alias such as: .IP poets: ":include:/usr/local/lib/poets.list" .PP would read .I /usr/local/lib/poets.list for the list of addresses making up the group. .PP .B Sendmail returns an exit status describing what it did. The codes are defined in .RI < sysexits.h >: .TP EX_OK Successful completion on all addresses. .TP EX_NOUSER User name not recognized. .TP EX_UNAVAILABLE Catchall meaning necessary resources were not available. .TP EX_SYNTAX Syntax error in address. .TP EX_SOFTWARE Internal software error, including bad arguments. .TP EX_OSERR Temporary operating system error, such as ``cannot fork''. .TP EX_NOHOST Host name not recognized. .TP EX_TEMPFAIL Message could not be sent immediately, but was queued. .PP If invoked as .BR newaliases , .B sendmail will rebuild the alias database. If invoked as .BR mailq , .B sendmail will print the contents of the mail queue. If invoked as .BR hoststat , .B sendmail will print the persistent host status database. If invoked as .BR purgestat , .B sendmail will purge expired entries from the persistent host status database. If invoked as .BR smtpd , .B sendmail will act as a daemon, as if the .B \-bd option were specified. .SH NOTES .B sendmail often gets blamed for many problems that are actually the result of other problems, such as overly permissive modes on directories. For this reason, .B sendmail checks the modes on system directories and files to determine if they can be trusted. Although these checks can be turned off and your system security reduced by setting the .BR DontBlameSendmail option, the permission problems should be fixed. For more information, see: .I http://www.sendmail.org/tips/DontBlameSendmail.html .SH FILES Except for the file .I /etc/mail/sendmail.cf itself the following pathnames are all specified in .IR /etc/mail/sendmail.cf . Thus, these values are only approximations. .PP .TP /etc/mail/aliases raw data for alias names .TP /etc/mail/aliases.db data base of alias names .TP /etc/mail/sendmail.cf configuration file .TP /etc/mail/helpfile help file .TP /etc/mail/statistics collected statistics .TP /var/spool/mqueue/* temp files .SH SEE ALSO mail(1), syslog(3), aliases(5), mailaddr(7), mail.local(8), rc(8), rmail(8) .PP DARPA Internet Request For Comments .IR RFC819 , .IR RFC821 , .IR RFC822 . .IR "Sendmail Installation and Operation Guide" , No. 8, SMM. .PP http://www.sendmail.org/ .SH HISTORY The .B sendmail command appeared in 4.2BSD. Index: stable/4/contrib/sendmail/src/sendmail.h =================================================================== --- stable/4/contrib/sendmail/src/sendmail.h (revision 71887) +++ stable/4/contrib/sendmail/src/sendmail.h (revision 71888) @@ -1,2101 +1,2102 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. */ /* ** SENDMAIL.H -- MTA-specific definitions for sendmail. */ #ifndef _SENDMAIL_H #define _SENDMAIL_H 1 #ifdef _DEFINE # define EXTERN # ifndef lint -static char SmailId[] = "@(#)$Id: sendmail.h,v 8.517.4.37 2000/09/25 07:53:29 gshapiro Exp $"; +static char SmailId[] = "@(#)$Id: sendmail.h,v 8.517.4.45 2000/12/28 23:46:44 gshapiro Exp $"; # endif /* ! lint */ #else /* _DEFINE */ # define EXTERN extern #endif /* _DEFINE */ #include #if SFIO # include # if defined(SFIO_VERSION) && SFIO_VERSION > 20000000L ERROR README: SFIO 2000 does not work with sendmail, use SFIO 1999 instead. # endif /* defined(SFIO_VERSION) && SFIO_VERSION > 20000000L */ #endif /* SFIO */ #include #include #if !SFIO # include #endif /* !SFIO */ #include #include #include #include # ifdef EX_OK # undef EX_OK /* for SVr4.2 SMP */ # endif /* EX_OK */ #include #include "sendmail/sendmail.h" #include "bf.h" #include "timers.h" #ifdef LOG # include #endif /* LOG */ # if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 # include # endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */ # if NETUNIX # include # endif /* NETUNIX */ # if NETINET || NETINET6 # include # endif /* NETINET || NETINET6 */ # if NETINET6 /* ** There is no standard yet for IPv6 includes. ** Specify OS specific implementation in conf.h */ # endif /* NETINET6 */ # if NETISO # include # endif /* NETISO */ # if NETNS # include # endif /* NETNS */ # if NETX25 # include # endif /* NETX25 */ # if NAMED_BIND # include # ifdef NOERROR # undef NOERROR /* avoid conflict */ # endif /* NOERROR */ # include # endif /* NAMED_BIND */ # ifdef HESIOD # include # if !defined(HES_ER_OK) || defined(HESIOD_INTERFACES) # define HESIOD_INIT /* support for the new interface */ # endif /* !defined(HES_ER_OK) || defined(HESIOD_INTERFACES) */ # endif /* HESIOD */ #if STARTTLS # if !SFIO && !_FFR_TLS_TOREK ERROR README: STARTTLS requires SFIO # endif /* !SFIO && !_FFR_TLS_TOREK */ # if SFIO && _FFR_TLS_TOREK ERROR README: Can not do both SFIO and _FFR_TLS_TOREK # endif /* SFIO && _FFR_TLS_TOREK */ # include #endif /* STARTTLS */ #if SASL /* include the sasl include files if we have them */ # include # if defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) # define SASL_VERSION (SASL_VERSION_MAJOR * 10000) + (SASL_VERSION_MINOR * 100) + SASL_VERSION_STEP # if SASL == 1 # undef SASL # define SASL SASL_VERSION # else /* SASL == 1 */ # if SASL != SASL_VERSION ERROR README: -DSASL (SASL) does not agree with the version of the CYRUS_SASL library (SASL_VERSION) ERROR README: see README! # endif /* SASL != SASL_VERSION */ # endif /* SASL == 1 */ # else /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */ # if SASL == 1 ERROR README: please set -DSASL to the version of the CYRUS_SASL library ERROR README: see README! # endif /* SASL == 1 */ # endif /* defined(SASL_VERSION_MAJOR) && defined(SASL_VERSION_MINOR) && defined(SASL_VERSION_STEP) */ #endif /* SASL */ /* ** Following are "sort of" configuration constants, but they should ** be pretty solid on most architectures today. They have to be ** defined after because some versions of that ** file also define them. In all cases, we can't use sizeof because ** some systems (e.g., Crays) always treat everything as being at ** least 64 bits. */ #ifndef INADDRSZ # define INADDRSZ 4 /* size of an IPv4 address in bytes */ #endif /* ! INADDRSZ */ #ifndef IN6ADDRSZ # define IN6ADDRSZ 16 /* size of an IPv6 address in bytes */ #endif /* ! IN6ADDRSZ */ #ifndef INT16SZ # define INT16SZ 2 /* size of a 16 bit integer in bytes */ #endif /* ! INT16SZ */ #ifndef INT32SZ # define INT32SZ 4 /* size of a 32 bit integer in bytes */ #endif /* ! INT32SZ */ /* ** Error return from inet_addr(3), in case not defined in /usr/include. */ #ifndef INADDR_NONE # define INADDR_NONE 0xffffffff #endif /* ! INADDR_NONE */ /* forward references for prototypes */ typedef struct envelope ENVELOPE; typedef struct mailer MAILER; /* ** Address structure. ** Addresses are stored internally in this structure. */ struct address { char *q_paddr; /* the printname for the address */ char *q_user; /* user name */ char *q_ruser; /* real user name, or NULL if q_user */ char *q_host; /* host name */ struct mailer *q_mailer; /* mailer to use */ u_long q_flags; /* status flags, see below */ uid_t q_uid; /* user-id of receiver (if known) */ gid_t q_gid; /* group-id of receiver (if known) */ char *q_home; /* home dir (local mailer only) */ char *q_fullname; /* full name if known */ struct address *q_next; /* chain */ struct address *q_alias; /* address this results from */ char *q_owner; /* owner of q_alias */ struct address *q_tchain; /* temporary use chain */ char *q_orcpt; /* ORCPT parameter from RCPT TO: line */ char *q_status; /* status code for DSNs */ char *q_rstatus; /* remote status message for DSNs */ time_t q_statdate; /* date of status messages */ char *q_statmta; /* MTA generating q_rstatus */ short q_state; /* address state, see below */ short q_specificity; /* how "specific" this address is */ }; typedef struct address ADDRESS; /* bit values for q_flags */ #define QGOODUID 0x00000001 /* the q_uid q_gid fields are good */ #define QPRIMARY 0x00000002 /* set from RCPT or argv */ #define QNOTREMOTE 0x00000004 /* address not for remote forwarding */ #define QSELFREF 0x00000008 /* this address references itself */ #define QBOGUSSHELL 0x00000010 /* user has no valid shell listed */ #define QUNSAFEADDR 0x00000020 /* address acquired via unsafe path */ #define QPINGONSUCCESS 0x00000040 /* give return on successful delivery */ #define QPINGONFAILURE 0x00000080 /* give return on failure */ #define QPINGONDELAY 0x00000100 /* give return on message delay */ #define QHASNOTIFY 0x00000200 /* propogate notify parameter */ #define QRELAYED 0x00000400 /* DSN: relayed to non-DSN aware sys */ #define QEXPANDED 0x00000800 /* DSN: undergone list expansion */ #define QDELIVERED 0x00001000 /* DSN: successful final delivery */ #define QDELAYED 0x00002000 /* DSN: message delayed */ #define QALIAS 0x00004000 /* expanded alias */ #define QTHISPASS 0x40000000 /* temp: address set this pass */ #define QRCPTOK 0x80000000 /* recipient() processed address */ #define Q_PINGFLAGS (QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY) /* values for q_state */ #define QS_OK 0 /* address ok (for now)/not yet tried */ #define QS_SENT 1 /* good address, delivery complete */ #define QS_BADADDR 2 /* illegal address */ #define QS_QUEUEUP 3 /* save address in queue */ #define QS_VERIFIED 4 /* verified, but not expanded */ #define QS_DONTSEND 5 /* don't send to this address */ -#define QS_EXPANDED 6 /* expanded */ -#define QS_SENDER 7 /* message sender (MeToo) */ -#define QS_CLONED 8 /* addr cloned to a split envelope */ -#define QS_DISCARDED 9 /* recipient discarded (EF_DISCARD) */ -#define QS_REPLACED 10 /* maplocaluser()/UserDB replaced */ -#define QS_REMOVED 11 /* removed (removefromlist()) */ -#define QS_DUPLICATE 12 /* duplicate suppressed */ -#define QS_INCLUDED 13 /* :include: delivery */ +#define QS_EXPANDED 6 /* QS_DONTSEND: expanded */ +#define QS_SENDER 7 /* QS_DONTSEND: message sender (MeToo) */ +#define QS_CLONED 8 /* QS_DONTSEND: addr cloned to split envelope */ +#define QS_DISCARDED 9 /* QS_DONTSEND: rcpt discarded (EF_DISCARD) */ +#define QS_REPLACED 10 /* QS_DONTSEND: maplocaluser()/UserDB replaced */ +#define QS_REMOVED 11 /* QS_DONTSEND: removed (removefromlist()) */ +#define QS_DUPLICATE 12 /* QS_DONTSEND: duplicate suppressed */ +#define QS_INCLUDED 13 /* QS_DONTSEND: :include: delivery */ /* address state testing primitives */ #define QS_IS_OK(s) ((s) == QS_OK) #define QS_IS_SENT(s) ((s) == QS_SENT) #define QS_IS_BADADDR(s) ((s) == QS_BADADDR) #define QS_IS_QUEUEUP(s) ((s) == QS_QUEUEUP) #define QS_IS_VERIFIED(s) ((s) == QS_VERIFIED) #define QS_IS_EXPANDED(s) ((s) == QS_EXPANDED) #define QS_IS_REMOVED(s) ((s) == QS_REMOVED) #define QS_IS_UNDELIVERED(s) ((s) == QS_OK || \ (s) == QS_QUEUEUP || \ (s) == QS_VERIFIED) #define QS_IS_SENDABLE(s) ((s) == QS_OK || \ (s) == QS_QUEUEUP) #define QS_IS_ATTEMPTED(s) ((s) == QS_QUEUEUP || \ (s) == QS_SENT) #define QS_IS_DEAD(s) ((s) == QS_DONTSEND || \ (s) == QS_CLONED || \ (s) == QS_SENDER || \ (s) == QS_DISCARDED || \ (s) == QS_REPLACED || \ (s) == QS_REMOVED || \ (s) == QS_DUPLICATE || \ (s) == QS_INCLUDED || \ (s) == QS_EXPANDED) #define NULLADDR ((ADDRESS *) NULL) extern ADDRESS NullAddress; /* a null (template) address [main.c] */ /* functions */ extern void cataddr __P((char **, char **, char *, int, int)); extern char *crackaddr __P((char *)); extern bool emptyaddr __P((ADDRESS *)); extern ADDRESS *getctladdr __P((ADDRESS *)); extern int include __P((char *, bool, ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern bool invalidaddr __P((char *, char *)); extern ADDRESS *parseaddr __P((char *, ADDRESS *, int, int, char **, ENVELOPE *)); extern char **prescan __P((char *, int, char[], int, char **, u_char *)); extern void printaddr __P((ADDRESS *, bool)); extern ADDRESS *recipient __P((ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern char *remotename __P((char *, MAILER *, int, int *, ENVELOPE *)); extern int rewrite __P((char **, int, int, ENVELOPE *)); extern bool sameaddr __P((ADDRESS *, ADDRESS *)); extern int sendtolist __P((char *, ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern int removefromlist __P((char *, ADDRESS **, ENVELOPE *)); extern void setsender __P((char *, ENVELOPE *, char **, int, bool)); /* ** Mailer definition structure. ** Every mailer known to the system is declared in this ** structure. It defines the pathname of the mailer, some ** flags associated with it, and the argument vector to ** pass to it. The flags are defined in conf.c ** ** The argument vector is expanded before actual use. All ** words except the first are passed through the macro ** processor. */ struct mailer { char *m_name; /* symbolic name of this mailer */ char *m_mailer; /* pathname of the mailer to use */ char *m_mtatype; /* type of this MTA */ char *m_addrtype; /* type for addresses */ char *m_diagtype; /* type for diagnostics */ BITMAP256 m_flags; /* status flags, see below */ short m_mno; /* mailer number internally */ short m_nice; /* niceness to run at (mostly for prog) */ char **m_argv; /* template argument vector */ short m_sh_rwset; /* rewrite set: sender header addresses */ short m_se_rwset; /* rewrite set: sender envelope addresses */ short m_rh_rwset; /* rewrite set: recipient header addresses */ short m_re_rwset; /* rewrite set: recipient envelope addresses */ char *m_eol; /* end of line string */ long m_maxsize; /* size limit on message to this mailer */ int m_linelimit; /* max # characters per line */ int m_maxdeliveries; /* max deliveries per mailer connection */ char *m_execdir; /* directory to chdir to before execv */ char *m_rootdir; /* directory to chroot to before execv */ uid_t m_uid; /* UID to run as */ gid_t m_gid; /* GID to run as */ char *m_defcharset; /* default character set */ time_t m_wait; /* timeout to wait for end */ #if _FFR_DYNAMIC_TOBUF int m_maxrcpt; /* max recipients per envelope client-side */ #endif /* _FFR_DYNAMIC_TOBUF */ }; /* bits for m_flags */ #define M_ESMTP 'a' /* run Extended SMTP protocol */ #define M_ALIASABLE 'A' /* user can be LHS of an alias */ #define M_BLANKEND 'b' /* ensure blank line at end of message */ #define M_NOCOMMENT 'c' /* don't include comment part of address */ #define M_CANONICAL 'C' /* make addresses canonical "u@dom" */ #define M_NOBRACKET 'd' /* never angle bracket envelope route-addrs */ /* 'D' CF: include Date: */ #define M_EXPENSIVE 'e' /* it costs to use this mailer.... */ #define M_ESCFROM 'E' /* escape From lines to >From */ #define M_FOPT 'f' /* mailer takes picky -f flag */ /* 'F' CF: include From: or Resent-From: */ #define M_NO_NULL_FROM 'g' /* sender of errors should be $g */ #define M_HST_UPPER 'h' /* preserve host case distinction */ #define M_PREHEAD 'H' /* MAIL11V3: preview headers */ #define M_UDBENVELOPE 'i' /* do udbsender rewriting on envelope */ #define M_INTERNAL 'I' /* SMTP to another sendmail site */ #define M_UDBRECIPIENT 'j' /* do udbsender rewriting on recipient lines */ #define M_NOLOOPCHECK 'k' /* don't check for loops in HELO command */ #define M_CHUNKING 'K' /* CHUNKING: reserved for future use */ #define M_LOCALMAILER 'l' /* delivery is to this host */ #define M_LIMITS 'L' /* must enforce SMTP line limits */ #define M_MUSER 'm' /* can handle multiple users at once */ /* 'M' CF: include Message-Id: */ #define M_NHDR 'n' /* don't insert From line */ #define M_MANYSTATUS 'N' /* MAIL11V3: DATA returns multi-status */ #define M_RUNASRCPT 'o' /* always run mailer as recipient */ #define M_FROMPATH 'p' /* use reverse-path in MAIL FROM: */ /* 'P' CF: include Return-Path: */ #define M_VRFY250 'q' /* VRFY command returns 250 instead of 252 */ #define M_ROPT 'r' /* mailer takes picky -r flag */ #define M_SECURE_PORT 'R' /* try to send on a reserved TCP port */ #define M_STRIPQ 's' /* strip quote chars from user/host */ #define M_SPECIFIC_UID 'S' /* run as specific uid/gid */ #define M_USR_UPPER 'u' /* preserve user case distinction */ #define M_UGLYUUCP 'U' /* this wants an ugly UUCP from line */ #define M_CONTENT_LEN 'v' /* add Content-Length: header (SVr4) */ /* 'V' UIUC: !-relativize all addresses */ #define M_HASPWENT 'w' /* check for /etc/passwd entry */ /* 'x' CF: include Full-Name: */ #define M_XDOT 'X' /* use hidden-dot algorithm */ #define M_LMTP 'z' /* run Local Mail Transport Protocol */ #define M_NOMX '0' /* turn off MX lookups */ #define M_NONULLS '1' /* don't send null bytes */ #define M_EBCDIC '3' /* extend Q-P encoding for EBCDIC */ #define M_TRYRULESET5 '5' /* use ruleset 5 after local aliasing */ #define M_7BITHDRS '6' /* strip headers to 7 bits even in 8 bit path */ #define M_7BITS '7' /* use 7-bit path */ #define M_8BITS '8' /* force "just send 8" behaviour */ #define M_MAKE8BIT '9' /* convert 7 -> 8 bit if appropriate */ #define M_CHECKINCLUDE ':' /* check for :include: files */ #define M_CHECKPROG '|' /* check for |program addresses */ #define M_CHECKFILE '/' /* check for /file addresses */ #define M_CHECKUDB '@' /* user can be user database key */ #define M_CHECKHDIR '~' /* SGI: check for valid home directory */ #define M_HOLD '%' /* Hold delivery until ETRN/-qI/-qR/-qS */ #define M_PLUS '+' /* Reserved: Used in mc for adding new flags */ #define M_MINUS '-' /* Reserved: Used in mc for removing flags */ /* functions */ extern void initerrmailers __P((void)); extern void makemailer __P((char *)); /* ** Information about currently open connections to mailers, or to ** hosts that we have looked up recently. */ #define MCI struct mailer_con_info MCI { u_long mci_flags; /* flag bits, see below */ short mci_errno; /* error number on last connection */ short mci_herrno; /* h_errno from last DNS lookup */ short mci_exitstat; /* exit status from last connection */ short mci_state; /* SMTP state */ int mci_deliveries; /* delivery attempts for connection */ long mci_maxsize; /* max size this server will accept */ #if SFIO Sfio_t *mci_in; /* input side of connection */ Sfio_t *mci_out; /* output side of connection */ #else /* SFIO */ FILE *mci_in; /* input side of connection */ FILE *mci_out; /* output side of connection */ #endif /* SFIO */ pid_t mci_pid; /* process id of subordinate proc */ char *mci_phase; /* SMTP phase string */ struct mailer *mci_mailer; /* ptr to the mailer for this conn */ char *mci_host; /* host name */ char *mci_status; /* DSN status to be copied to addrs */ char *mci_rstatus; /* SMTP status to be copied to addrs */ time_t mci_lastuse; /* last usage time */ FILE *mci_statfile; /* long term status file */ char *mci_heloname; /* name to use as HELO arg */ #if SASL bool mci_sasl_auth; /* authenticated? */ int mci_sasl_string_len; char *mci_sasl_string; /* sasl reply string */ char *mci_saslcap; /* SASL list of mechanisms */ sasl_conn_t *mci_conn; /* SASL connection */ #endif /* SASL */ #if STARTTLS SSL *mci_ssl; /* SSL connection */ #endif /* STARTTLS */ }; /* flag bits */ #define MCIF_VALID 0x00000001 /* this entry is valid */ #define MCIF_TEMP 0x00000002 /* don't cache this connection */ #define MCIF_CACHED 0x00000004 /* currently in open cache */ #define MCIF_ESMTP 0x00000008 /* this host speaks ESMTP */ #define MCIF_EXPN 0x00000010 /* EXPN command supported */ #define MCIF_SIZE 0x00000020 /* SIZE option supported */ #define MCIF_8BITMIME 0x00000040 /* BODY=8BITMIME supported */ #define MCIF_7BIT 0x00000080 /* strip this message to 7 bits */ #define MCIF_MULTSTAT 0x00000100 /* MAIL11V3: handles MULT status */ #define MCIF_INHEADER 0x00000200 /* currently outputing header */ #define MCIF_CVT8TO7 0x00000400 /* convert from 8 to 7 bits */ #define MCIF_DSN 0x00000800 /* DSN extension supported */ #define MCIF_8BITOK 0x00001000 /* OK to send 8 bit characters */ #define MCIF_CVT7TO8 0x00002000 /* convert from 7 to 8 bits */ #define MCIF_INMIME 0x00004000 /* currently reading MIME header */ #define MCIF_AUTH 0x00008000 /* AUTH= supported */ #define MCIF_AUTHACT 0x00010000 /* SASL (AUTH) active */ #define MCIF_ENHSTAT 0x00020000 /* ENHANCEDSTATUSCODES supported */ #if STARTTLS #define MCIF_TLS 0x00100000 /* STARTTLS supported */ #define MCIF_TLSACT 0x00200000 /* STARTTLS active */ #define MCIF_EXTENS (MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS) #else /* STARTTLS */ #define MCIF_EXTENS (MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT) #endif /* STARTTLS */ +#define MCIF_ONLY_EHLO 0x10000000 /* use only EHLO in smtpinit */ + /* states */ #define MCIS_CLOSED 0 /* no traffic on this connection */ #define MCIS_OPENING 1 /* sending initial protocol */ #define MCIS_OPEN 2 /* open, initial protocol sent */ #define MCIS_ACTIVE 3 /* message being sent */ #define MCIS_QUITING 4 /* running quit protocol */ #define MCIS_SSD 5 /* service shutting down */ #define MCIS_ERROR 6 /* I/O error on connection */ /* functions */ extern void mci_cache __P((MCI *)); extern void mci_dump __P((MCI *, bool)); extern void mci_dump_all __P((bool)); extern void mci_flush __P((bool, MCI *)); extern MCI *mci_get __P((char *, MAILER *)); extern int mci_lock_host __P((MCI *)); extern bool mci_match __P((char *, MAILER *)); extern int mci_print_persistent __P((char *, char *)); extern int mci_purge_persistent __P((char *, char *)); extern MCI **mci_scan __P((MCI *)); extern void mci_setstat __P((MCI *, int, char *, char *)); extern void mci_store_persistent __P((MCI *)); extern int mci_traverse_persistent __P((int (*)(), char *)); extern void mci_unlock_host __P((MCI *)); /* ** Header structure. ** This structure is used internally to store header items. */ struct header { char *h_field; /* the name of the field */ char *h_value; /* the value of that field */ struct header *h_link; /* the next header */ u_char h_macro; /* include header if macro defined */ u_long h_flags; /* status bits, see below */ BITMAP256 h_mflags; /* m_flags bits needed */ }; typedef struct header HDR; /* ** Header information structure. ** Defined in conf.c, this struct declares the header fields ** that have some magic meaning. */ struct hdrinfo { char *hi_field; /* the name of the field */ u_long hi_flags; /* status bits, see below */ char *hi_ruleset; /* validity check ruleset */ }; extern struct hdrinfo HdrInfo[]; /* bits for h_flags and hi_flags */ #define H_EOH 0x00000001 /* field terminates header */ #define H_RCPT 0x00000002 /* contains recipient addresses */ #define H_DEFAULT 0x00000004 /* if another value is found, drop this */ #define H_RESENT 0x00000008 /* this address is a "Resent-..." address */ #define H_CHECK 0x00000010 /* check h_mflags against m_flags */ #define H_ACHECK 0x00000020 /* ditto, but always (not just default) */ #define H_FORCE 0x00000040 /* force this field, even if default */ #define H_TRACE 0x00000080 /* this field contains trace information */ #define H_FROM 0x00000100 /* this is a from-type field */ #define H_VALID 0x00000200 /* this field has a validated value */ #define H_RECEIPTTO 0x00000400 /* field has return receipt info */ #define H_ERRORSTO 0x00000800 /* field has error address info */ #define H_CTE 0x00001000 /* field is a content-transfer-encoding */ #define H_CTYPE 0x00002000 /* this is a content-type field */ #define H_BCC 0x00004000 /* Bcc: header: strip value or delete */ #define H_ENCODABLE 0x00008000 /* field can be RFC 1522 encoded */ #define H_STRIPCOMM 0x00010000 /* header check: strip comments */ #define H_BINDLATE 0x00020000 /* only expand macros at deliver */ #define H_USER 0x00040000 /* header came from the user/SMTP */ /* bits for chompheader() */ #define CHHDR_DEF 0x0001 /* default header */ #define CHHDR_CHECK 0x0002 /* call ruleset for header */ #define CHHDR_USER 0x0004 /* header from user */ #define CHHDR_QUEUE 0x0008 /* header from qf file */ /* functions */ extern void addheader __P((char *, char *, int, HDR **)); extern u_long chompheader __P((char *, int, HDR **, ENVELOPE *)); extern void commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *)); extern HDR *copyheader __P((HDR *)); extern void eatheader __P((ENVELOPE *, bool)); extern char *hvalue __P((char *, HDR *)); extern bool isheader __P((char *)); extern void putfromline __P((MCI *, ENVELOPE *)); extern void setupheaders __P((void)); /* ** Performance monitoring */ #define TIMERS struct sm_timers TIMERS { TIMER ti_overall; /* the whole process */ }; #define PUSHTIMER(l, t) { if (tTd(98, l)) pushtimer(&t); } #define POPTIMER(l, t) { if (tTd(98, l)) poptimer(&t); } /* ** Envelope structure. ** This structure defines the message itself. There is usually ** only one of these -- for the message that we originally read ** and which is our primary interest -- but other envelopes can ** be generated during processing. For example, error messages ** will have their own envelope. */ struct envelope { HDR *e_header; /* head of header list */ long e_msgpriority; /* adjusted priority of this message */ time_t e_ctime; /* time message appeared in the queue */ char *e_to; /* the target person */ ADDRESS e_from; /* the person it is from */ char *e_sender; /* e_from.q_paddr w comments stripped */ char **e_fromdomain; /* the domain part of the sender */ ADDRESS *e_sendqueue; /* list of message recipients */ ADDRESS *e_errorqueue; /* the queue for error responses */ /* ** Overflow detection is based on < 0, so don't change this ** to unsigned. We don't use unsigned and == ULONG_MAX because ** some libc's don't have strtoul(), see mail_esmtp_args(). */ long e_msgsize; /* size of the message in bytes */ long e_flags; /* flags, see below */ int e_nrcpts; /* number of recipients */ short e_class; /* msg class (priority, junk, etc.) */ short e_hopcount; /* number of times processed */ short e_nsent; /* number of sends since checkpoint */ short e_sendmode; /* message send mode */ short e_errormode; /* error return mode */ short e_timeoutclass; /* message timeout class */ void (*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int)); /* function to put header of message */ void (*e_putbody)__P((MCI *, ENVELOPE *, char *)); /* function to put body of message */ ENVELOPE *e_parent; /* the message this one encloses */ ENVELOPE *e_sibling; /* the next envelope of interest */ char *e_bodytype; /* type of message body */ FILE *e_dfp; /* data file */ char *e_id; /* code for this entry in queue */ int e_queuedir; /* index into queue directories */ FILE *e_xfp; /* transcript file */ FILE *e_lockfp; /* the lock file for this message */ char *e_message; /* error message */ char *e_statmsg; /* stat msg (changes per delivery) */ char *e_msgboundary; /* MIME-style message part boundary */ char *e_origrcpt; /* original recipient (one only) */ char *e_envid; /* envelope id from MAIL FROM: line */ char *e_status; /* DSN status for this message */ time_t e_dtime; /* time of last delivery attempt */ int e_ntries; /* number of delivery attempts */ dev_t e_dfdev; /* df file's device, for crash recov */ ino_t e_dfino; /* df file's ino, for crash recovery */ - char *e_macro[256]; /* macro definitions */ + char *e_macro[MAXMACROID + 1]; /* macro definitions */ char *e_if_macros[2]; /* HACK: incoming interface info */ char *e_auth_param; TIMERS e_timers; /* per job timers */ #if _FFR_QUEUEDELAY int e_queuealg; /* algorithm for queue delay */ time_t e_queuedelay; /* current delay */ #endif /* _FFR_QUEUEDELAY */ }; /* values for e_flags */ #define EF_OLDSTYLE 0x0000001L /* use spaces (not commas) in hdrs */ #define EF_INQUEUE 0x0000002L /* this message is fully queued */ #define EF_NO_BODY_RETN 0x0000004L /* omit message body on error */ #define EF_CLRQUEUE 0x0000008L /* disk copy is no longer needed */ #define EF_SENDRECEIPT 0x0000010L /* send a return receipt */ #define EF_FATALERRS 0x0000020L /* fatal errors occurred */ #define EF_DELETE_BCC 0x0000040L /* delete Bcc: headers entirely */ #define EF_RESPONSE 0x0000080L /* this is an error or return receipt */ #define EF_RESENT 0x0000100L /* this message is being forwarded */ #define EF_VRFYONLY 0x0000200L /* verify only (don't expand aliases) */ #define EF_WARNING 0x0000400L /* warning message has been sent */ #define EF_QUEUERUN 0x0000800L /* this envelope is from queue */ #define EF_GLOBALERRS 0x0001000L /* treat errors as global */ #define EF_PM_NOTIFY 0x0002000L /* send return mail to postmaster */ #define EF_METOO 0x0004000L /* send to me too */ #define EF_LOGSENDER 0x0008000L /* need to log the sender */ #define EF_NORECEIPT 0x0010000L /* suppress all return-receipts */ #define EF_HAS8BIT 0x0020000L /* at least one 8-bit char in body */ #define EF_NL_NOT_EOL 0x0040000L /* don't accept raw NL as EOLine */ #define EF_CRLF_NOT_EOL 0x0080000L /* don't accept CR-LF as EOLine */ #define EF_RET_PARAM 0x0100000L /* RCPT command had RET argument */ #define EF_HAS_DF 0x0200000L /* set when df file is instantiated */ #define EF_IS_MIME 0x0400000L /* really is a MIME message */ #define EF_DONT_MIME 0x0800000L /* never MIME this message */ #define EF_DISCARD 0x1000000L /* discard the message */ #define EF_TOOBIG 0x2000000L /* message is too big */ /* values for e_if_macros */ #define EIF_ADDR 0 /* ${if_addr} */ /* functions */ extern void clearenvelope __P((ENVELOPE *, bool)); extern void dropenvelope __P((ENVELOPE *, bool)); extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *)); extern void printenvflags __P((ENVELOPE *)); extern void putbody __P((MCI *, ENVELOPE *, char *)); extern void putheader __P((MCI *, HDR *, ENVELOPE *, int)); /* ** Message priority classes. ** ** The message class is read directly from the Priority: header ** field in the message. ** ** CurEnv->e_msgpriority is the number of bytes in the message plus ** the creation time (so that jobs ``tend'' to be ordered correctly), ** adjusted by the message class, the number of recipients, and the ** amount of time the message has been sitting around. This number ** is used to order the queue. Higher values mean LOWER priority. ** ** Each priority class point is worth WkClassFact priority points; ** each recipient is worth WkRecipFact priority points. Each time ** we reprocess a message the priority is adjusted by WkTimeFact. ** WkTimeFact should normally decrease the priority so that jobs ** that have historically failed will be run later; thanks go to ** Jay Lepreau at Utah for pointing out the error in my thinking. ** ** The "class" is this number, unadjusted by the age or size of ** this message. Classes with negative representations will have ** error messages thrown away if they are not local. */ struct priority { char *pri_name; /* external name of priority */ int pri_val; /* internal value for same */ }; /* ** Rewrite rules. */ struct rewrite { char **r_lhs; /* pattern match */ char **r_rhs; /* substitution value */ struct rewrite *r_next;/* next in chain */ int r_line; /* rule line in sendmail.cf */ }; /* ** Special characters in rewriting rules. ** These are used internally only. ** The COND* rules are actually used in macros rather than in ** rewriting rules, but are given here because they ** cannot conflict. */ /* left hand side items */ #define MATCHZANY ((u_char)0220) /* match zero or more tokens */ #define MATCHANY ((u_char)0221) /* match one or more tokens */ #define MATCHONE ((u_char)0222) /* match exactly one token */ #define MATCHCLASS ((u_char)0223) /* match one token in a class */ #define MATCHNCLASS ((u_char)0224) /* match anything not in class */ #define MATCHREPL ((u_char)0225) /* replacement on RHS for above */ /* right hand side items */ #define CANONNET ((u_char)0226) /* canonical net, next token */ #define CANONHOST ((u_char)0227) /* canonical host, next token */ #define CANONUSER ((u_char)0230) /* canonical user, next N tokens */ #define CALLSUBR ((u_char)0231) /* call another rewriting set */ /* conditionals in macros */ #define CONDIF ((u_char)0232) /* conditional if-then */ #define CONDELSE ((u_char)0233) /* conditional else */ #define CONDFI ((u_char)0234) /* conditional fi */ /* bracket characters for host name lookup */ #define HOSTBEGIN ((u_char)0235) /* hostname lookup begin */ #define HOSTEND ((u_char)0236) /* hostname lookup end */ /* bracket characters for generalized lookup */ #define LOOKUPBEGIN ((u_char)0205) /* generalized lookup begin */ #define LOOKUPEND ((u_char)0206) /* generalized lookup end */ /* macro substitution character */ #define MACROEXPAND ((u_char)0201) /* macro expansion */ #define MACRODEXPAND ((u_char)0202) /* deferred macro expansion */ /* to make the code clearer */ #define MATCHZERO CANONHOST /* external <==> internal mapping table */ struct metamac { char metaname; /* external code (after $) */ u_char metaval; /* internal code (as above) */ }; /* values for macros with external names only */ #define MID_OPMODE 0202 /* operation mode */ /* functions */ extern void define __P((int, char *, ENVELOPE *)); extern void expand __P((char *, char *, size_t, ENVELOPE *)); extern int macid __P((char *, char **)); extern char *macname __P((int)); extern char *macvalue __P((int, ENVELOPE *)); -extern int rscheck __P((char *, char *, char *, ENVELOPE *, bool, bool, int)); +extern int rscheck __P((char *, char *, char *, ENVELOPE *, bool, bool, int, char *)); extern void setclass __P((int, char *)); extern int strtorwset __P((char *, char **, int)); extern void translate_dollars __P((char *)); extern bool wordinclass __P((char *, int)); /* ** Name canonification short circuit. ** ** If the name server for a host is down, the process of trying to ** canonify the name can hang. This is similar to (but alas, not ** identical to) looking up the name for delivery. This stab type ** caches the result of the name server lookup so we don't hang ** multiple times. */ #define NAMECANON struct _namecanon NAMECANON { short nc_errno; /* cached errno */ short nc_herrno; /* cached h_errno */ short nc_stat; /* cached exit status code */ short nc_flags; /* flag bits */ char *nc_cname; /* the canonical name */ }; /* values for nc_flags */ #define NCF_VALID 0x0001 /* entry valid */ /* functions */ extern bool getcanonname __P((char *, int, bool)); extern int getmxrr __P((char *, char **, u_short *, bool, int *)); /* ** Mapping functions ** ** These allow arbitrary mappings in the config file. The idea ** (albeit not the implementation) comes from IDA sendmail. */ #define MAPCLASS struct _mapclass #define MAP struct _map #define MAXMAPACTIONS 5 /* size of map_actions array */ /* ** An actual map. */ MAP { MAPCLASS *map_class; /* the class of this map */ char *map_mname; /* name of this map */ long map_mflags; /* flags, see below */ char *map_file; /* the (nominal) filename */ ARBPTR_T map_db1; /* the open database ptr */ ARBPTR_T map_db2; /* an "extra" database pointer */ char *map_keycolnm; /* key column name */ char *map_valcolnm; /* value column name */ u_char map_keycolno; /* key column number */ u_char map_valcolno; /* value column number */ char map_coldelim; /* column delimiter */ char map_spacesub; /* spacesub */ char *map_app; /* to append to successful matches */ char *map_tapp; /* to append to "tempfail" matches */ char *map_domain; /* the (nominal) NIS domain */ char *map_rebuild; /* program to run to do auto-rebuild */ time_t map_mtime; /* last database modification time */ pid_t map_pid; /* PID of process which opened map */ int map_lockfd; /* auxiliary lock file descriptor */ short map_specificity; /* specificity of aliases */ MAP *map_stack[MAXMAPSTACK]; /* list for stacked maps */ short map_return[MAXMAPACTIONS]; /* return bitmaps for stacked maps */ }; /* bit values for map_mflags */ #define MF_VALID 0x00000001 /* this entry is valid */ #define MF_INCLNULL 0x00000002 /* include null byte in key */ #define MF_OPTIONAL 0x00000004 /* don't complain if map not found */ #define MF_NOFOLDCASE 0x00000008 /* don't fold case in keys */ #define MF_MATCHONLY 0x00000010 /* don't use the map value */ #define MF_OPEN 0x00000020 /* this entry is open */ #define MF_WRITABLE 0x00000040 /* open for writing */ #define MF_ALIAS 0x00000080 /* this is an alias file */ #define MF_TRY0NULL 0x00000100 /* try with no null byte */ #define MF_TRY1NULL 0x00000200 /* try with the null byte */ #define MF_LOCKED 0x00000400 /* this map is currently locked */ #define MF_ALIASWAIT 0x00000800 /* alias map in aliaswait state */ #define MF_IMPL_HASH 0x00001000 /* implicit: underlying hash database */ #define MF_IMPL_NDBM 0x00002000 /* implicit: underlying NDBM database */ #define MF_UNSAFEDB 0x00004000 /* this map is world writable */ #define MF_APPEND 0x00008000 /* append new entry on rebuild */ #define MF_KEEPQUOTES 0x00010000 /* don't dequote key before lookup */ #define MF_NODEFER 0x00020000 /* don't defer if map lookup fails */ #define MF_REGEX_NOT 0x00040000 /* regular expression negation */ #define MF_DEFER 0x00080000 /* don't lookup map in defer mode */ #define MF_SINGLEMATCH 0x00100000 /* successful only if match one key */ #define MF_NOREWRITE 0x00200000 /* don't rewrite result, return as-is */ #define DYNOPENMAP(map) if (!bitset(MF_OPEN, (map)->map_mflags)) \ { \ if (!openmap(map)) \ return NULL; \ } /* indices for map_actions */ #define MA_NOTFOUND 0 /* member map returned "not found" */ #define MA_UNAVAIL 1 /* member map is not available */ #define MA_TRYAGAIN 2 /* member map returns temp failure */ /* ** The class of a map -- essentially the functions to call */ MAPCLASS { char *map_cname; /* name of this map class */ char *map_ext; /* extension for database file */ short map_cflags; /* flag bits, see below */ bool (*map_parse)__P((MAP *, char *)); /* argument parsing function */ char *(*map_lookup)__P((MAP *, char *, char **, int *)); /* lookup function */ void (*map_store)__P((MAP *, char *, char *)); /* store function */ bool (*map_open)__P((MAP *, int)); /* open function */ void (*map_close)__P((MAP *)); /* close function */ }; /* bit values for map_cflags */ #define MCF_ALIASOK 0x0001 /* can be used for aliases */ #define MCF_ALIASONLY 0x0002 /* usable only for aliases */ #define MCF_REBUILDABLE 0x0004 /* can rebuild alias files */ #define MCF_OPTFILE 0x0008 /* file name is optional */ /* functions */ extern void closemaps __P((void)); extern bool impl_map_open __P((MAP *, int)); extern void initmaps __P((void)); extern MAP *makemapentry __P((char *)); extern void maplocaluser __P((ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern char *map_rewrite __P((MAP *, const char *, size_t, char **)); #if NETINFO extern char *ni_propval __P((char *, char *, char *, char *, int)); #endif /* NETINFO */ extern bool openmap __P((MAP *)); #if USERDB extern void _udbx_close __P((void)); extern int udbexpand __P((ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern char *udbsender __P((char *)); #endif /* USERDB */ /* ** LDAP related items */ #ifdef LDAPMAP struct ldapmap_struct { /* needed for ldap_open or ldap_init */ char *ldap_host; int ldap_port; /* options set in ld struct before ldap_bind_s */ int ldap_deref; time_t ldap_timelimit; int ldap_sizelimit; int ldap_options; /* args for ldap_bind_s */ LDAP *ldap_ld; char *ldap_binddn; char *ldap_secret; int ldap_method; /* args for ldap_search */ char *ldap_base; int ldap_scope; char *ldap_filter; char *ldap_attr[LDAPMAP_MAX_ATTR + 1]; bool ldap_attrsonly; /* args for ldap_result */ struct timeval ldap_timeout; LDAPMessage *ldap_res; }; typedef struct ldapmap_struct LDAPMAP_STRUCT; /* struct defining LDAP Auth Methods */ struct lamvalues { char *lam_name; /* name of LDAP auth method */ int lam_code; /* numeric code */ }; /* struct defining LDAP Alias Dereferencing */ struct ladvalues { char *lad_name; /* name of LDAP alias dereferencing method */ int lad_code; /* numeric code */ }; /* struct defining LDAP Search Scope */ struct lssvalues { char *lss_name; /* name of LDAP search scope */ int lss_code; /* numeric code */ }; /* functions */ extern bool ldapmap_parseargs __P((MAP *, char *)); extern void ldapmap_set_defaults __P((char *)); #endif /* LDAPMAP */ /* ** PH related items */ #ifdef PH_MAP struct ph_map_struct { char *ph_servers; /* list of ph servers */ char *ph_field_list; /* list of fields to search for match */ FILE *ph_to_server; FILE *ph_from_server; int ph_sockfd; time_t ph_timeout; }; typedef struct ph_map_struct PH_MAP_STRUCT; # define DEFAULT_PH_MAP_FIELDS "alias callsign name spacedname" #endif /* PH_MAP */ /* ** Process List (proclist) */ struct procs { pid_t proc_pid; char *proc_task; int proc_type; }; #define NO_PID ((pid_t) 0) #ifndef PROC_LIST_SEG # define PROC_LIST_SEG 32 /* number of pids to alloc at a time */ #endif /* ! PROC_LIST_SEG */ /* process types */ #define PROC_NONE 0 #define PROC_DAEMON 1 #define PROC_DAEMON_CHILD 2 #define PROC_QUEUE 3 #define PROC_QUEUE_CHILD 3 #define PROC_CONTROL 4 #define PROC_CONTROL_CHILD 5 /* functions */ extern void proc_list_add __P((pid_t, char *, int)); extern void proc_list_clear __P((void)); extern void proc_list_display __P((FILE *)); extern int proc_list_drop __P((pid_t)); extern void proc_list_probe __P((void)); extern void proc_list_set __P((pid_t, char *)); /* ** Symbol table definitions */ struct symtab { char *s_name; /* name to be entered */ short s_type; /* general type (see below) */ short s_len; /* length of this entry */ struct symtab *s_next; /* pointer to next in chain */ union { BITMAP256 sv_class; /* bit-map of word classes */ ADDRESS *sv_addr; /* pointer to address header */ MAILER *sv_mailer; /* pointer to mailer */ char *sv_alias; /* alias */ MAPCLASS sv_mapclass; /* mapping function class */ MAP sv_map; /* mapping function */ char *sv_hostsig; /* host signature */ MCI sv_mci; /* mailer connection info */ NAMECANON sv_namecanon; /* canonical name cache */ int sv_macro; /* macro name => id mapping */ int sv_ruleset; /* ruleset index */ struct hdrinfo sv_header; /* header metainfo */ char *sv_service[MAXMAPSTACK]; /* service switch */ #ifdef LDAPMAP LDAP *sv_ldap; /* LDAP connection */ #endif /* LDAPMAP */ #if _FFR_MILTER struct milter *sv_milter; /* milter filter name */ #endif /* _FFR_MILTER */ } s_value; }; typedef struct symtab STAB; /* symbol types */ #define ST_UNDEF 0 /* undefined type */ #define ST_CLASS 1 /* class map */ #define ST_ADDRESS 2 /* an address in parsed format */ #define ST_MAILER 3 /* a mailer header */ #define ST_ALIAS 4 /* an alias */ #define ST_MAPCLASS 5 /* mapping function class */ #define ST_MAP 6 /* mapping function */ #define ST_HOSTSIG 7 /* host signature */ #define ST_NAMECANON 8 /* cached canonical name */ #define ST_MACRO 9 /* macro name to id mapping */ #define ST_RULESET 10 /* ruleset index */ #define ST_SERVICE 11 /* service switch entry */ #define ST_HEADER 12 /* special header flags */ #ifdef LDAPMAP # define ST_LDAP 13 /* LDAP connection */ #endif /* LDAPMAP */ #if _FFR_MILTER # define ST_MILTER 14 /* milter filter */ #endif /* _FFR_MILTER */ #define ST_MCI 16 /* mailer connection info (offset) */ #define s_class s_value.sv_class #define s_address s_value.sv_addr #define s_mailer s_value.sv_mailer #define s_alias s_value.sv_alias #define s_mci s_value.sv_mci #define s_mapclass s_value.sv_mapclass #define s_hostsig s_value.sv_hostsig #define s_map s_value.sv_map #define s_namecanon s_value.sv_namecanon #define s_macro s_value.sv_macro #define s_ruleset s_value.sv_ruleset #define s_service s_value.sv_service #define s_header s_value.sv_header #ifdef LDAPMAP # define s_ldap s_value.sv_ldap #endif /* LDAPMAP */ #if _FFR_MILTER # define s_milter s_value.sv_milter #endif /* _FFR_MILTER */ /* opcodes to stab */ #define ST_FIND 0 /* find entry */ #define ST_ENTER 1 /* enter if not there */ /* functions */ extern STAB *stab __P((char *, int, int)); extern void stabapply __P((void (*)(STAB *, int), int)); /* ** STRUCT EVENT -- event queue. ** ** Maintained in sorted order. ** ** We store the pid of the process that set this event to insure ** that when we fork we will not take events intended for the parent. */ struct event { time_t ev_time; /* time of the function call */ void (*ev_func)__P((int)); /* function to call */ int ev_arg; /* argument to ev_func */ int ev_pid; /* pid that set this event */ struct event *ev_link; /* link to next item */ }; typedef struct event EVENT; /* functions */ extern void clrevent __P((EVENT *)); extern void clear_events __P((void)); extern EVENT *setevent __P((time_t, void(*)(), int)); /* ** Operation, send, error, and MIME modes ** ** The operation mode describes the basic operation of sendmail. ** This can be set from the command line, and is "send mail" by ** default. ** ** The send mode tells how to send mail. It can be set in the ** configuration file. It's setting determines how quickly the ** mail will be delivered versus the load on your system. If the ** -v (verbose) flag is given, it will be forced to SM_DELIVER ** mode. ** ** The error mode tells how to return errors. */ #define MD_DELIVER 'm' /* be a mail sender */ #define MD_SMTP 's' /* run SMTP on standard input */ #define MD_ARPAFTP 'a' /* obsolete ARPANET mode (Grey Book) */ #define MD_DAEMON 'd' /* run as a daemon */ #define MD_FGDAEMON 'D' /* run daemon in foreground */ #define MD_VERIFY 'v' /* verify: don't collect or deliver */ #define MD_TEST 't' /* test mode: resolve addrs only */ #define MD_INITALIAS 'i' /* initialize alias database */ #define MD_PRINT 'p' /* print the queue */ #define MD_FREEZE 'z' /* freeze the configuration file */ #define MD_HOSTSTAT 'h' /* print persistent host stat info */ #define MD_PURGESTAT 'H' /* purge persistent host stat info */ #define MD_QUEUERUN 'q' /* queue run */ /* values for e_sendmode -- send modes */ #define SM_DELIVER 'i' /* interactive delivery */ #define SM_FORK 'b' /* deliver in background */ #define SM_QUEUE 'q' /* queue, don't deliver */ #define SM_DEFER 'd' /* defer map lookups as well as queue */ #define SM_VERIFY 'v' /* verify only (used internally) */ /* used only as a parameter to sendall */ #define SM_DEFAULT '\0' /* unspecified, use SendMode */ /* functions */ extern void set_delivery_mode __P((int, ENVELOPE *)); /* values for e_errormode -- error handling modes */ #define EM_PRINT 'p' /* print errors */ #define EM_MAIL 'm' /* mail back errors */ #define EM_WRITE 'w' /* write back errors */ #define EM_BERKNET 'e' /* special berknet processing */ #define EM_QUIET 'q' /* don't print messages (stat only) */ /* bit values for MimeMode */ #define MM_CVTMIME 0x0001 /* convert 8 to 7 bit MIME */ #define MM_PASS8BIT 0x0002 /* just send 8 bit data blind */ #define MM_MIME8BIT 0x0004 /* convert 8-bit data to MIME */ /* how to handle messages without any recipient addresses */ #define NRA_NO_ACTION 0 /* just leave it as is */ #define NRA_ADD_TO 1 /* add To: header */ #define NRA_ADD_APPARENTLY_TO 2 /* add Apparently-To: header */ #define NRA_ADD_BCC 3 /* add empty Bcc: header */ #define NRA_ADD_TO_UNDISCLOSED 4 /* add To: undisclosed:; header */ /* flags to putxline */ #define PXLF_NOTHINGSPECIAL 0 /* no special mapping */ #define PXLF_MAPFROM 0x0001 /* map From_ to >From_ */ #define PXLF_STRIP8BIT 0x0002 /* strip 8th bit */ #define PXLF_HEADER 0x0004 /* map newlines in headers */ /* ** Privacy flags ** These are bit values for the PrivacyFlags word. */ #define PRIV_PUBLIC 0 /* what have I got to hide? */ #define PRIV_NEEDMAILHELO 0x0001 /* insist on HELO for MAIL, at least */ #define PRIV_NEEDEXPNHELO 0x0002 /* insist on HELO for EXPN */ #define PRIV_NEEDVRFYHELO 0x0004 /* insist on HELO for VRFY */ #define PRIV_NOEXPN 0x0008 /* disallow EXPN command entirely */ #define PRIV_NOVRFY 0x0010 /* disallow VRFY command entirely */ #define PRIV_AUTHWARNINGS 0x0020 /* flag possible authorization probs */ #define PRIV_NORECEIPTS 0x0040 /* disallow return receipts */ #define PRIV_NOVERB 0x0100 /* disallow VERB command entirely */ #define PRIV_RESTRICTMAILQ 0x1000 /* restrict mailq command */ #define PRIV_RESTRICTQRUN 0x2000 /* restrict queue run */ #define PRIV_NOETRN 0x4000 /* disallow ETRN command entirely */ #define PRIV_NOBODYRETN 0x8000 /* do not return bodies on bounces */ /* don't give no info, anyway, anyhow */ #define PRIV_GOAWAY (0x0fff & ~PRIV_NORECEIPTS) /* struct defining such things */ struct prival { char *pv_name; /* name of privacy flag */ u_short pv_flag; /* numeric level */ }; /* ** Flags passed to remotename, parseaddr, allocaddr, and buildaddr. */ #define RF_SENDERADDR 0x001 /* this is a sender address */ #define RF_HEADERADDR 0x002 /* this is a header address */ #define RF_CANONICAL 0x004 /* strip comment information */ #define RF_ADDDOMAIN 0x008 /* OK to do domain extension */ #define RF_COPYPARSE 0x010 /* copy parsed user & host */ #define RF_COPYPADDR 0x020 /* copy print address */ #define RF_COPYALL (RF_COPYPARSE|RF_COPYPADDR) #define RF_COPYNONE 0 /* ** Flags passed to mime8to7 and putheader. */ #define M87F_OUTER 0 /* outer context */ #define M87F_NO8BIT 0x0001 /* can't have 8-bit in this section */ #define M87F_DIGEST 0x0002 /* processing multipart/digest */ #define M87F_NO8TO7 0x0004 /* don't do 8->7 bit conversions */ /* functions */ extern void mime7to8 __P((MCI *, HDR *, ENVELOPE *)); extern int mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int)); /* ** Flags passed to returntosender. */ #define RTSF_NO_BODY 0 /* send headers only */ #define RTSF_SEND_BODY 0x0001 /* include body of message in return */ #define RTSF_PM_BOUNCE 0x0002 /* this is a postmaster bounce */ /* functions */ extern int returntosender __P((char *, ADDRESS *, int, ENVELOPE *)); /* ** Regular UNIX sockaddrs are too small to handle ISO addresses, so ** we are forced to declare a supertype here. */ #if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 union bigsockaddr { struct sockaddr sa; /* general version */ # if NETUNIX struct sockaddr_un sunix; /* UNIX family */ # endif /* NETUNIX */ # if NETINET struct sockaddr_in sin; /* INET family */ # endif /* NETINET */ # if NETINET6 struct sockaddr_in6 sin6; /* INET/IPv6 */ # endif /* NETINET6 */ # if NETISO struct sockaddr_iso siso; /* ISO family */ # endif /* NETISO */ # if NETNS struct sockaddr_ns sns; /* XNS family */ # endif /* NETNS */ # if NETX25 struct sockaddr_x25 sx25; /* X.25 family */ # endif /* NETX25 */ }; # define SOCKADDR union bigsockaddr /* functions */ extern char *anynet_ntoa __P((SOCKADDR *)); # if NETINET6 extern char *anynet_ntop __P((struct in6_addr *, char *, size_t)); # endif /* NETINET6 */ extern char *hostnamebyanyaddr __P((SOCKADDR *)); # if DAEMON extern char *validate_connection __P((SOCKADDR *, char *, ENVELOPE *)); # endif /* DAEMON */ #endif /* NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 */ #if _FFR_MILTER /* ** Mail Filters (milter) */ #include #define SMFTO_WRITE 0 /* Timeout for sending information */ #define SMFTO_READ 1 /* Timeout waiting for a response */ #define SMFTO_EOM 2 /* Timeout for ACK/NAK to EOM */ #define SMFTO_NUM_TO 3 /* Total number of timeouts */ struct milter { char *mf_name; /* filter name */ BITMAP256 mf_flags; /* MTA flags */ u_long mf_fvers; /* filter version */ u_long mf_fflags; /* filter flags */ u_long mf_pflags; /* protocol flags */ char *mf_conn; /* connection info */ int mf_sock; /* connected socket */ char mf_state; /* state of filter */ time_t mf_timeout[SMFTO_NUM_TO]; /* timeouts */ }; /* MTA flags */ # define SMF_REJECT 'R' /* Reject connection on filter fail */ # define SMF_TEMPFAIL 'T' /* tempfail connection on failure */ /* states */ # define SMFS_CLOSED 'C' /* closed for all further actions */ # define SMFS_OPEN 'O' /* connected to remote milter filter */ # define SMFS_INMSG 'M' /* currently servicing a message */ # define SMFS_DONE 'D' /* done with current message */ # define SMFS_ERROR 'E' /* error state */ # define SMFS_READY 'R' /* ready for action */ /* 32-bit type used by milter */ typedef SM_INT32 mi_int32; EXTERN struct milter *InputFilters[MAXFILTERS]; EXTERN char *InputFilterList; #endif /* _FFR_MILTER */ /* ** Vendor codes ** ** Vendors can customize sendmail to add special behaviour, ** generally for back compatibility. Ideally, this should ** be set up in the .cf file using the "V" command. However, ** it's quite reasonable for some vendors to want the default ** be their old version; this can be set using ** -DVENDOR_DEFAULT=VENDOR_xxx ** in the Makefile. ** ** Vendors should apply to sendmail@sendmail.org for ** unique vendor codes. */ #define VENDOR_BERKELEY 1 /* Berkeley-native configuration file */ #define VENDOR_SUN 2 /* Sun-native configuration file */ #define VENDOR_HP 3 /* Hewlett-Packard specific config syntax */ #define VENDOR_IBM 4 /* IBM specific config syntax */ #define VENDOR_SENDMAIL 5 /* Sendmail, Inc. specific config syntax */ /* prototypes for vendor-specific hook routines */ extern void vendor_daemon_setup __P((ENVELOPE *)); extern void vendor_set_uid __P((UID_T)); /* ** Terminal escape codes. ** ** To make debugging output clearer. */ struct termescape { char *te_rv_on; /* turn reverse-video on */ char *te_rv_off; /* turn reverse-video off */ }; /* ** Additional definitions */ /* d_flags, see daemon.c */ /* general rule: lower case: required, upper case: No */ #define D_AUTHREQ 'a' /* authentication required */ #define D_BINDIF 'b' /* use if_addr for outgoing connection */ #define D_CANONREQ 'c' /* canonification required (cf) */ #define D_IFNHELO 'h' /* use if name for HELO */ #define D_FQMAIL 'f' /* fq sender address required (cf) */ #if _FFR_TLS_CLT1 #define D_CLTNOTLS 'S' /* don't use STARTTLS in client */ #endif /* _FFR_TLS_CLT1 */ #define D_FQRCPT 'r' /* fq recipient address required (cf) */ #define D_UNQUALOK 'u' /* unqualified address is ok (cf) */ #define D_NOCANON 'C' /* no canonification (cf) */ #define D_NOETRN 'E' /* no ETRN (MSA) */ #define D_ETRNONLY ((char)0x01) /* allow only ETRN (disk low) */ /* Flags for submitmode */ #define SUBMIT_UNKNOWN 0x0000 /* unknown agent type */ #define SUBMIT_MTA 0x0001 /* act like a message transfer agent */ #define SUBMIT_MSA 0x0002 /* act like a message submission agent */ #if SASL /* ** SASL */ /* authenticated? */ # define SASL_NOT_AUTH 0 /* not authenticated */ # define SASL_PROC_AUTH 1 /* in process of authenticating */ # define SASL_IS_AUTH 2 /* authenticated */ /* SASL options */ # define SASL_AUTH_AUTH 0x1000 /* use auth= only if authenticated */ # if _FFR_SASL_OPTS # define SASL_SEC_MASK 0x0fff /* mask for SASL_SEC_* values: sasl.h */ # if (SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 || \ (SASL_SEC_NOACTIVE & SASL_SEC_MASK) == 0 || \ (SASL_SEC_NODICTIONARY & SASL_SEC_MASK) == 0 || \ (SASL_SEC_FORWARD_SECRECY & SASL_SEC_MASK) == 0 || \ (SASL_SEC_NOANONYMOUS & SASL_SEC_MASK) == 0 || \ (SASL_SEC_PASS_CREDENTIALS & SASL_SEC_MASK) == 0 ERROR: change SASL_SEC_MASK_ notify sendmail.org! # endif # endif /* _FFR_SASL_OPTS */ # define MAXOUTLEN 1024 /* length of output buffer */ #endif /* SASL */ #if STARTTLS /* ** TLS */ /* what to do in the TLS initialization */ #define TLS_I_NONE 0x00000000 /* no requirements... */ #define TLS_I_CERT_EX 0x00000001 /* CERT must exist */ #define TLS_I_CERT_UNR 0x00000002 /* CERT must be g/o unreadable */ #define TLS_I_KEY_EX 0x00000004 /* KEY must exist */ #define TLS_I_KEY_UNR 0x00000008 /* KEY must be g/o unreadable */ #define TLS_I_CERTP_EX 0x00000010 /* CA CERT PATH must exist */ #define TLS_I_CERTP_UNR 0x00000020 /* CA CERT PATH must be g/o unreadable */ #define TLS_I_CERTF_EX 0x00000040 /* CA CERT FILE must exist */ #define TLS_I_CERTF_UNR 0x00000080 /* CA CERT FILE must be g/o unreadable */ #define TLS_I_RSA_TMP 0x00000100 /* RSA TMP must be generated */ #define TLS_I_USE_KEY 0x00000200 /* private key must usable */ #define TLS_I_USE_CERT 0x00000400 /* certificate must be usable */ #define TLS_I_VRFY_PATH 0x00000800 /* load verify path must succeed */ #define TLS_I_VRFY_LOC 0x00001000 /* load verify default must succeed */ #define TLS_I_CACHE 0x00002000 /* require cache */ #define TLS_I_TRY_DH 0x00004000 /* try DH certificate */ #define TLS_I_REQ_DH 0x00008000 /* require DH certificate */ #define TLS_I_DHPAR_EX 0x00010000 /* require DH parameters */ #define TLS_I_DHPAR_UNR 0x00020000 /* DH param. must be g/o unreadable */ #define TLS_I_DH512 0x00040000 /* generate 512bit DH param */ #define TLS_I_DH1024 0x00080000 /* generate 1024bit DH param */ #define TLS_I_DH2048 0x00100000 /* generate 2048bit DH param */ /* server requirements */ #define TLS_I_SRV (TLS_I_CERT_EX | TLS_I_KEY_EX | TLS_I_KEY_UNR | \ TLS_I_CERTP_EX | TLS_I_CERTF_EX | TLS_I_RSA_TMP | \ TLS_I_USE_KEY | TLS_I_USE_CERT | TLS_I_VRFY_PATH | \ TLS_I_VRFY_LOC | TLS_I_TRY_DH | \ TLS_I_DH512) /* client requirements */ #define TLS_I_CLT (TLS_I_KEY_UNR) #define TLS_AUTH_OK 0 #define TLS_AUTH_NO 1 #define TLS_AUTH_FAIL (-1) #endif /* STARTTLS */ /* ** Queue related items */ /* queue sort order */ #define QSO_BYPRIORITY 0 /* sort by message priority */ #define QSO_BYHOST 1 /* sort by first host name */ #define QSO_BYTIME 2 /* sort by submission time */ #define QSO_BYFILENAME 3 /* sort by file name only */ #if _FFR_QUEUEDELAY #define QD_LINEAR 0 /* linear (old) delay alg */ #define QD_EXP 1 /* exponential delay alg */ #endif /* _FFR_QUEUEDELAY */ #define NOQDIR (-1) /* no queue directory (yet) */ #define NOW ((time_t) (-1)) /* queue return: now */ /* Queue Run Limitations */ struct queue_char { char *queue_match; /* string to match */ struct queue_char *queue_next; }; typedef struct queue_char QUEUE_CHAR; /* functions */ extern void assign_queueid __P((ENVELOPE *)); extern ADDRESS *copyqueue __P((ADDRESS *)); extern void initsys __P((ENVELOPE *)); extern void loseqfile __P((ENVELOPE *, char *)); extern void multiqueue_cache __P((void)); extern char *qid_printname __P((ENVELOPE *)); extern char *qid_printqueue __P((int)); extern char *queuename __P((ENVELOPE *, int)); extern void queueup __P((ENVELOPE *, bool)); extern bool runqueue __P((bool, bool)); extern void setnewqueue __P((ENVELOPE *)); extern bool shouldqueue __P((long, time_t)); extern void sync_queue_time __P((void)); /* ** Timeouts ** ** Indicated values are the MINIMUM per RFC 1123 section 5.3.2. */ EXTERN struct { /* RFC 1123-specified timeouts [minimum value] */ time_t to_initial; /* initial greeting timeout [5m] */ time_t to_mail; /* MAIL command [5m] */ time_t to_rcpt; /* RCPT command [5m] */ time_t to_datainit; /* DATA initiation [2m] */ time_t to_datablock; /* DATA block [3m] */ time_t to_datafinal; /* DATA completion [10m] */ time_t to_nextcommand; /* next command [5m] */ /* following timeouts are not mentioned in RFC 1123 */ time_t to_iconnect; /* initial connection timeout (first try) */ time_t to_connect; /* initial connection timeout (later tries) */ time_t to_rset; /* RSET command */ time_t to_helo; /* HELO command */ time_t to_quit; /* QUIT command */ time_t to_miscshort; /* misc short commands (NOOP, VERB, etc) */ time_t to_ident; /* IDENT protocol requests */ time_t to_fileopen; /* opening :include: and .forward files */ time_t to_control; /* process a control socket command */ /* following are per message */ time_t to_q_return[MAXTOCLASS]; /* queue return timeouts */ time_t to_q_warning[MAXTOCLASS]; /* queue warning timeouts */ time_t res_retrans[MAXRESTOTYPES]; /* resolver retransmit */ int res_retry[MAXRESTOTYPES]; /* resolver retry */ } TimeOuts; /* timeout classes for return and warning timeouts */ #define TOC_NORMAL 0 /* normal delivery */ #define TOC_URGENT 1 /* urgent delivery */ #define TOC_NONURGENT 2 /* non-urgent delivery */ /* resolver timeout specifiers */ #define RES_TO_FIRST 0 /* first attempt */ #define RES_TO_NORMAL 1 /* subsequent attempts */ #define RES_TO_DEFAULT 2 /* default value */ /* functions */ extern void inittimeouts __P((char *, bool)); /* ** Trace information */ /* macros for debugging flags */ #define tTd(flag, level) (tTdvect[flag] >= (u_char)level) #define tTdlevel(flag) (tTdvect[flag]) /* variables */ extern u_char tTdvect[100]; /* trace vector */ /* ** Miscellaneous information. */ /* ** The "no queue id" queue id for sm_syslog */ #define NOQID "*~*" /* ** Some in-line functions */ /* set exit status */ #define setstat(s) { \ if (ExitStat == EX_OK || ExitStat == EX_TEMPFAIL) \ ExitStat = s; \ } /* make a copy of a string */ #define newstr(s) strcpy(xalloc(strlen(s) + 1), s) #define STRUCTCOPY(s, d) d = s /* ** Global variables. */ EXTERN bool AllowBogusHELO; /* allow syntax errors on HELO command */ #if !_FFR_REMOVE_AUTOREBUILD EXTERN bool AutoRebuild; /* auto-rebuild the alias database as needed */ #endif /* !_FFR_REMOVE_AUTOREBUILD */ EXTERN bool CheckAliases; /* parse addresses during newaliases */ EXTERN bool ChownAlwaysSafe; /* treat chown(2) as safe */ EXTERN bool ColonOkInAddr; /* single colon legal in address */ EXTERN bool ConfigFileRead; /* configuration file has been read */ EXTERN bool DataProgress; /* have we sent anything since last check */ EXTERN bool DisConnected; /* running with OutChannel redirected to xf */ EXTERN bool DoQueueRun; /* non-interrupt time queue run needed */ EXTERN bool DontExpandCnames; /* do not $[...$] expand CNAMEs */ EXTERN bool DontInitGroups; /* avoid initgroups() because of NIS cost */ EXTERN bool DontLockReadFiles; /* don't read lock support files */ EXTERN bool DontProbeInterfaces; /* don't probe interfaces for names */ EXTERN bool DontPruneRoutes; /* don't prune source routes */ EXTERN bool ForkQueueRuns; /* fork for each job when running the queue */ EXTERN bool FromFlag; /* if set, "From" person is explicit */ EXTERN bool GrabTo; /* if set, get recipients from msg */ EXTERN bool HasEightBits; /* has at least one eight bit input byte */ EXTERN bool HasWildcardMX; /* don't use MX records when canonifying */ EXTERN bool HoldErrs; /* only output errors to transcript */ EXTERN bool IgnoreHostStatus; /* ignore long term host status files */ EXTERN bool IgnrDot; /* don't let dot end messages */ EXTERN bool InChild; /* true if running in an SMTP subprocess */ EXTERN bool LogUsrErrs; /* syslog user errors (e.g., SMTP RCPT cmd) */ EXTERN bool MapOpenErr; /* error opening a non-optional map */ EXTERN bool MatchGecos; /* look for user names in gecos field */ EXTERN bool MeToo; /* send to the sender also */ EXTERN bool NoAlias; /* suppress aliasing */ EXTERN bool NoConnect; /* don't connect to non-local mailers */ EXTERN bool OnlyOneError; /* .... or only want to give one SMTP reply */ EXTERN bool QuickAbort; /* .... but only if we want a quick abort */ EXTERN bool RrtImpliesDsn; /* turn Return-Receipt-To: into DSN */ EXTERN bool SaveFrom; /* save leading "From" lines */ EXTERN bool SendMIMEErrors; /* send error messages in MIME format */ EXTERN bool SevenBitInput; /* force 7-bit data on input */ EXTERN bool SingleLineFromHeader; /* force From: header to be one line */ EXTERN bool SingleThreadDelivery; /* single thread hosts on delivery */ EXTERN bool SuperSafe; /* be extra careful, even if expensive */ EXTERN bool SuprErrs; /* set if we are suppressing errors */ EXTERN bool TryNullMXList; /* if we are the best MX, try host directly */ EXTERN bool UseErrorsTo; /* use Errors-To: header (back compat) */ EXTERN bool UseHesiod; /* using Hesiod -- interpret Hesiod errors */ EXTERN bool UseNameServer; /* using DNS -- interpret h_errno & MX RRs */ EXTERN char InetMode; /* default network for daemon mode */ EXTERN char OpMode; /* operation mode, see below */ EXTERN char SpaceSub; /* substitution for */ EXTERN int CheckpointInterval; /* queue file checkpoint interval */ EXTERN int ConfigLevel; /* config file level */ EXTERN int ConnRateThrottle; /* throttle for SMTP connection rate */ EXTERN int CurChildren; /* current number of daemonic children */ EXTERN int CurrentLA; /* current load average */ EXTERN int DefaultNotify; /* default DSN notification flags */ EXTERN int Errors; /* set if errors (local to single pass) */ EXTERN int ExitStat; /* exit status code */ EXTERN int FileMode; /* mode on files */ EXTERN int LineNumber; /* line number in current input */ EXTERN int LogLevel; /* level of logging to perform */ EXTERN int MaxAliasRecursion; /* maximum depth of alias recursion */ EXTERN int MaxChildren; /* maximum number of daemonic children */ EXTERN int MaxForwardEntries; /* maximum number of forward entries */ EXTERN int MaxHeadersLength; /* max length of headers */ EXTERN int MaxHopCount; /* max # of hops until bounce */ EXTERN int MaxMacroRecursion; /* maximum depth of macro recursion */ EXTERN int MaxMciCache; /* maximum entries in MCI cache */ EXTERN int MaxMimeFieldLength; /* maximum MIME field length */ EXTERN int MaxMimeHeaderLength; /* maximum MIME header length */ EXTERN int MaxQueueRun; /* maximum number of jobs in one queue run */ EXTERN int MaxRcptPerMsg; /* max recipients per SMTP message */ EXTERN int MaxRuleRecursion; /* maximum depth of ruleset recursion */ EXTERN int MimeMode; /* MIME processing mode */ EXTERN int NoRecipientAction; EXTERN int NumPriorities; /* pointer into Priorities */ EXTERN u_short PrivacyFlags; /* privacy flags */ #if _FFR_QUEUE_FILE_MODE EXTERN int QueueFileMode; /* mode on qf/tf/df files */ #endif /* _FFR_QUEUE_FILE_MODE */ EXTERN int QueueLA; /* load average starting forced queueing */ EXTERN int QueueSortOrder; /* queue sorting order algorithm */ EXTERN int RefuseLA; /* load average refusing connections are */ EXTERN int VendorCode; /* vendor-specific operation enhancements */ EXTERN int Verbose; /* set if blow-by-blow desired */ EXTERN gid_t DefGid; /* default gid to run as */ EXTERN gid_t RealGid; /* real gid of caller */ EXTERN gid_t RunAsGid; /* GID to become for bulk of run */ EXTERN uid_t DefUid; /* default uid to run as */ EXTERN uid_t RealUid; /* real uid of caller */ EXTERN uid_t RunAsUid; /* UID to become for bulk of run */ EXTERN uid_t TrustedUid; /* uid of trusted user for files and startup */ EXTERN size_t DataFileBufferSize; /* size of buffer for in-core df */ EXTERN size_t XscriptFileBufferSize; /* size of buffer for in-core xf */ EXTERN time_t DialDelay; /* delay between dial-on-demand tries */ EXTERN time_t MciCacheTimeout; /* maximum idle time on connections */ EXTERN time_t MciInfoTimeout; /* how long 'til we retry down hosts */ EXTERN time_t MinQueueAge; /* min delivery interval */ EXTERN time_t QueueIntvl; /* intervals between running the queue */ EXTERN time_t SafeAlias; /* interval to wait until @:@ in alias file */ EXTERN time_t ServiceCacheMaxAge; /* refresh interval for cache */ EXTERN time_t ServiceCacheTime; /* time service switch was cached */ EXTERN MODE_T OldUmask; /* umask when sendmail starts up */ EXTERN long MaxMessageSize; /* advertised max size we will accept */ EXTERN long MinBlocksFree; /* min # of blocks free on queue fs */ EXTERN long QueueFactor; /* slope of queue function */ EXTERN long WkClassFact; /* multiplier for message class -> priority */ EXTERN long WkRecipFact; /* multiplier for # of recipients -> priority */ EXTERN long WkTimeFact; /* priority offset each time this job is run */ #if SASL EXTERN char *AuthMechanisms; /* AUTH mechanisms */ EXTERN char *SASLInfo; /* file with AUTH info */ #endif /* SASL */ EXTERN int SASLOpts; /* options for SASL */ #if STARTTLS EXTERN char *CACERTpath; /* path to CA certificates (dir. with hashes) */ EXTERN char *CACERTfile; /* file with CA certificate */ EXTERN char *SrvCERTfile; /* file with server certificate */ EXTERN char *Srvkeyfile; /* file with server private key */ EXTERN char *CltCERTfile; /* file with client certificate */ EXTERN char *Cltkeyfile; /* file with client private key */ EXTERN char *DHParams; /* file with DH parameters */ EXTERN char *RandFile; /* source of random data */ # if _FFR_TLS_1 EXTERN char *DHParams5; /* file with DH parameters (512) */ EXTERN char *CipherList; /* list of ciphers */ # endif /* _FFR_TLS_1 */ #endif /* STARTTLS */ EXTERN char *ConfFile; /* location of configuration file [conf.c] */ EXTERN char *ControlSocketName; /* control socket filename [control.c] */ EXTERN char *CurHostName; /* current host we are dealing with */ EXTERN char *DeadLetterDrop; /* path to dead letter office */ EXTERN char *DefUser; /* default user to run as (from DefUid) */ EXTERN char *DefaultCharSet; /* default character set for MIME */ EXTERN char *DoubleBounceAddr; /* where to send double bounces */ EXTERN char *ErrMsgFile; /* file to prepend to all error messages */ EXTERN char *FallBackMX; /* fall back MX host */ EXTERN char *FileName; /* name to print on error messages */ EXTERN char *ForwardPath; /* path to search for .forward files */ EXTERN char *HelpFile; /* location of SMTP help file */ EXTERN char *HostStatDir; /* location of host status information */ EXTERN char *HostsFile; /* path to /etc/hosts file */ EXTERN char *MustQuoteChars; /* quote these characters in phrases */ EXTERN char *MyHostName; /* name of this host for SMTP messages */ EXTERN char *OperatorChars; /* operators (old $o macro) */ EXTERN char *PidFile; /* location of proc id file [conf.c] */ EXTERN char *PostMasterCopy; /* address to get errs cc's */ EXTERN char *ProcTitlePrefix; /* process title prefix */ EXTERN char *QueueDir; /* location of queue directory */ #if _FFR_QUEUEDELAY EXTERN int QueueAlg; /* algorithm for queue delays */ EXTERN time_t QueueInitDelay; /* initial queue delay */ EXTERN time_t QueueMaxDelay; /* maximum queue delay */ #endif /* _FFR_QUEUEDELAY */ EXTERN char *RealHostName; /* name of host we are talking to */ EXTERN char *RealUserName; /* real user name of caller */ EXTERN char *RunAsUserName; /* user to become for bulk of run */ EXTERN char *SafeFileEnv; /* chroot location for file delivery */ EXTERN char *ServiceSwitchFile; /* backup service switch */ EXTERN char *SmtpGreeting; /* SMTP greeting message (old $e macro) */ EXTERN char *SmtpPhase; /* current phase in SMTP processing */ EXTERN char SmtpError[MAXLINE]; /* save failure error messages */ EXTERN char *StatFile; /* location of statistics summary */ EXTERN char *TimeZoneSpec; /* override time zone specification */ EXTERN char *UdbSpec; /* user database source spec */ EXTERN char *UnixFromLine; /* UNIX From_ line (old $l macro) */ EXTERN char **ExternalEnviron; /* input environment */ /* saved user environment */ EXTERN BITMAP256 DontBlameSendmail; /* DontBlameSendmail bits */ #if SFIO EXTERN Sfio_t *InChannel; /* input connection */ EXTERN Sfio_t *OutChannel; /* output connection */ #else /* SFIO */ EXTERN FILE *InChannel; /* input connection */ EXTERN FILE *OutChannel; /* output connection */ #endif /* SFIO */ EXTERN FILE *TrafficLogFile; /* file in which to log all traffic */ #ifdef HESIOD EXTERN void *HesiodContext; #endif /* HESIOD */ EXTERN ENVELOPE *CurEnv; /* envelope currently being processed */ EXTERN EVENT *EventQueue; /* head of event queue */ EXTERN MAILER *LocalMailer; /* ptr to local mailer */ EXTERN MAILER *ProgMailer; /* ptr to program mailer */ EXTERN MAILER *FileMailer; /* ptr to *file* mailer */ EXTERN MAILER *InclMailer; /* ptr to *include* mailer */ EXTERN QUEUE_CHAR *QueueLimitRecipient; /* limit queue run to rcpt */ EXTERN QUEUE_CHAR *QueueLimitSender; /* limit queue run to sender */ EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */ EXTERN MAILER *Mailer[MAXMAILERS + 1]; EXTERN struct rewrite *RewriteRules[MAXRWSETS]; EXTERN char *RuleSetNames[MAXRWSETS]; /* ruleset number to name */ EXTERN char *UserEnviron[MAXUSERENVIRON + 1]; EXTERN struct priority Priorities[MAXPRIORITIES]; EXTERN struct termescape TermEscape; /* terminal escape codes */ EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */ EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */ EXTERN jmp_buf TopFrame; /* branch-to-top-of-loop-on-error frame */ EXTERN TIMERS Timers; /* ** Declarations of useful functions */ #if SASL extern char *intersect __P((char *, char *)); extern char *iteminlist __P((char *, char *, char *)); extern int proxy_policy __P((void *, const char *, const char *, const char **, const char **)); # if SASL > 10515 extern int safesaslfile __P((void *, char *, int)); # else /* SASL > 10515 */ extern int safesaslfile __P((void *, char *)); # endif /* SASL > 10515 */ extern int sasl_decode64 __P((const char *, unsigned, char *, unsigned *)); extern int sasl_encode64 __P((const char *, unsigned, char *, unsigned, unsigned *)); #endif /* SASL */ #if STARTTLS extern void apps_ssl_info_cb __P((SSL *, int , int)); extern bool inittls __P((SSL_CTX **, u_long, bool, char *, char *, char *, char *, char *)); extern bool initclttls __P((void)); extern bool initsrvtls __P((void)); -extern int tls_get_info __P((SSL *, ENVELOPE *, bool, char *)); +extern int tls_get_info __P((SSL *, ENVELOPE *, bool, char *, bool)); extern int endtls __P((SSL *, char *)); extern int endtlsclt __P((MCI *)); extern void tlslogerr __P((void)); extern bool tls_rand_init __P((char *, int)); #endif /* STARTTLS */ /* Transcript file */ extern void closexscript __P((ENVELOPE *)); extern void openxscript __P((ENVELOPE *)); /* error related */ extern void buffer_errors __P((void)); extern void flush_errors __P((bool)); extern void message __P((const char *, ...)); extern void nmessage __P((const char *, ...)); extern void syserr __P((const char *, ...)); extern void usrerrenh __P((char *, const char *, ...)); extern void usrerr __P((const char *, ...)); extern int isenhsc __P((const char *, int)); extern int extenhsc __P((const char *, int, char *)); /* alias file */ extern void alias __P((ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern bool aliaswait __P((MAP *, char *, bool)); extern void forward __P((ADDRESS *, ADDRESS **, int, ENVELOPE *)); extern void readaliases __P((MAP *, FILE *, bool, bool)); extern bool rebuildaliases __P((MAP *, bool)); extern void setalias __P((char *)); /* logging */ extern void logdelivery __P((MAILER *, MCI *, char *, const char *, ADDRESS *, time_t, ENVELOPE *)); extern void logsender __P((ENVELOPE *, char *)); extern void sm_syslog __P((int, const char *, const char *, ...)); /* SMTP */ extern void giveresponse __P((int, char *, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *)); extern int reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)(), char **)); extern void smtp __P((char *volatile, BITMAP256, ENVELOPE *volatile)); #if SASL extern int smtpauth __P((MAILER *, MCI *, ENVELOPE *)); #endif /* SASL */ extern int smtpdata __P((MAILER *, MCI *, ENVELOPE *)); extern int smtpgetstat __P((MAILER *, MCI *, ENVELOPE *)); extern int smtpmailfrom __P((MAILER *, MCI *, ENVELOPE *)); extern void smtpmessage __P((char *, MAILER *, MCI *, ...)); extern void smtpinit __P((MAILER *, MCI *, ENVELOPE *, bool)); extern char *smtptodsn __P((int)); extern int smtpprobe __P((MCI *)); extern void smtpquit __P((MAILER *, MCI *, ENVELOPE *)); extern int smtprcpt __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *)); extern void smtprset __P((MAILER *, MCI *, ENVELOPE *)); #define ISSMTPCODE(c) (isascii(c[0]) && isdigit(c[0]) && \ isascii(c[1]) && isdigit(c[1]) && \ isascii(c[2]) && isdigit(c[2])) #define ISSMTPREPLY(c) (ISSMTPCODE(c) && \ (c[3] == ' ' || c[3] == '-' || c[3] == '\0')) /* delivery */ extern pid_t dowork __P((int, char *, bool, bool, ENVELOPE *)); extern int endmailer __P((MCI *, ENVELOPE *, char **)); extern int mailfile __P((char *volatile, MAILER *volatile, ADDRESS *, volatile long, ENVELOPE *)); extern void sendall __P((ENVELOPE *, int)); /* stats */ extern void markstats __P((ENVELOPE *, ADDRESS *, bool)); extern void clearstats __P((void)); extern void poststats __P((char *)); /* control socket */ extern void closecontrolsocket __P((bool)); extern void clrcontrol __P((void)); extern void control_command __P((int, ENVELOPE *)); extern int opencontrolsocket __P((void)); #if _FFR_MILTER /* milter functions */ extern void milter_parse_list __P((char *, struct milter **, int)); extern void milter_setup __P((char *)); extern void milter_set_option __P((char *, char *, bool)); extern bool milter_can_delrcpts __P((void)); extern void milter_init __P((ENVELOPE *, char *)); extern void milter_quit __P((ENVELOPE *)); extern void milter_abort __P((ENVELOPE *)); extern char *milter_connect __P((char *, SOCKADDR, ENVELOPE *, char *)); extern char *milter_helo __P((char *, ENVELOPE *, char *)); extern char *milter_envfrom __P((char **, ENVELOPE *, char *)); extern char *milter_envrcpt __P((char **, ENVELOPE *, char *)); extern char *milter_data __P((ENVELOPE *, char *)); #endif /* _FFR_MILTER */ extern char *addquotes __P((char *)); extern char *arpadate __P((char *)); extern bool atobool __P((char *)); extern int atooct __P((char *)); extern void auth_warning __P((ENVELOPE *, const char *, ...)); extern int blocksignal __P((int)); extern bool bitintersect __P((BITMAP256, BITMAP256)); extern bool bitzerop __P((BITMAP256)); extern void buildfname __P((char *, char *, char *, int)); extern int checkcompat __P((ADDRESS *, ENVELOPE *)); #ifdef XDEBUG extern void checkfd012 __P((char *)); extern void checkfdopen __P((int, char *)); #endif /* XDEBUG */ extern void checkfds __P((char *)); extern bool chownsafe __P((int, bool)); extern void cleanstrcpy __P((char *, char *, int)); extern void clrdaemon __P((void)); extern void collect __P((FILE *, bool, HDR **, ENVELOPE *)); extern time_t convtime __P((char *, int)); extern char **copyplist __P((char **, bool)); extern void copy_class __P((int, int)); extern time_t curtime __P((void)); extern char *defcharset __P((ENVELOPE *)); extern char *denlstring __P((char *, bool, bool)); extern void disconnect __P((int, ENVELOPE *)); extern bool dns_getcanonname __P((char *, int, bool, int *)); extern int dofork __P((void)); extern int drop_privileges __P((bool)); extern int dsntoexitstat __P((char *)); extern void dumpfd __P((int, bool, bool)); extern void dumpstate __P((char *)); extern bool enoughdiskspace __P((long, bool)); extern char *exitstat __P((char *)); extern char *fgetfolded __P((char *, int, FILE *)); extern void fill_fd __P((int, char *)); extern char *find_character __P((char *, int)); extern struct passwd *finduser __P((char *, bool *)); extern void finis __P((bool, volatile int)); extern void fixcrlf __P((char *, bool)); extern long freediskspace __P((char *, long *)); extern char *get_column __P((char *, int, int, char *, int)); extern char *getauthinfo __P((int, bool *)); extern char *getcfname __P((void)); extern char *getextenv __P((const char *)); extern int getdtsize __P((void)); extern BITMAP256 *getrequests __P((ENVELOPE *)); extern char *getvendor __P((int)); extern void help __P((char *, ENVELOPE *)); extern void init_md __P((int, char **)); extern void initdaemon __P((void)); extern void inithostmaps __P((void)); extern void initmacros __P((ENVELOPE *)); extern void initsetproctitle __P((int, char **, char **)); extern void init_vendor_macros __P((ENVELOPE *)); extern SIGFUNC_DECL intindebug __P((int)); extern SIGFUNC_DECL intsig __P((int)); extern bool isloopback __P((SOCKADDR sa)); extern void load_if_names __P((void)); extern bool lockfile __P((int, char *, char *, int)); extern void log_sendmail_pid __P((ENVELOPE *)); extern char lower __P((int)); extern void makelower __P((char *)); extern int makeconnection_ds __P((char *, MCI *)); extern int makeconnection __P((char *, volatile u_int, MCI *, ENVELOPE *)); extern char * munchstring __P((char *, char **, int)); extern struct hostent *myhostname __P((char *, int)); extern char *nisplus_default_domain __P((void)); /* extern for Sun */ extern bool path_is_dir __P((char *, bool)); extern char *pintvl __P((time_t, bool)); extern void printav __P((char **)); extern void printmailer __P((MAILER *)); extern void printopenfds __P((bool)); extern void printqueue __P((void)); extern void printrules __P((void)); extern int prog_open __P((char **, int *, ENVELOPE *)); extern void putline __P((char *, MCI *)); extern void putxline __P((char *, size_t, MCI *, int)); extern void queueup_macros __P((int, FILE *, ENVELOPE *)); extern SIGFUNC_DECL quiesce __P((int)); extern void readcf __P((char *, bool, ENVELOPE *)); extern SIGFUNC_DECL reapchild __P((int)); -extern bool refuseconnections __P((char *, ENVELOPE *, int)); extern int releasesignal __P((int)); extern void resetlimits __P((void)); extern bool rfc822_string __P((char *)); extern void savemail __P((ENVELOPE *, bool)); extern void seed_random __P((void)); extern void sendtoargv __P((char **, ENVELOPE *)); extern void setclientoptions __P((char *)); extern bool setdaemonoptions __P((char *)); extern void setdefaults __P((ENVELOPE *)); extern void setdefuser __P((void)); extern bool setvendor __P((char *)); extern void setoption __P((int, char *, bool, bool, ENVELOPE *)); extern sigfunc_t setsignal __P((int, sigfunc_t)); extern void setuserenv __P((const char *, const char *)); extern void settime __P((ENVELOPE *)); extern char *sfgets __P((char *, int, FILE *, time_t, char *)); extern char *shortenstring __P((const char *, int)); extern void shorten_hostname __P((char [])); extern bool shorten_rfc822_string __P((char *, size_t)); extern SIGFUNC_DECL sigusr1 __P((int)); extern SIGFUNC_DECL sighup __P((int)); extern void sm_dopr __P((char *, const char *, va_list)); extern struct hostent *sm_gethostbyname __P((char *, int)); extern struct hostent *sm_gethostbyaddr __P((char *, int, int)); extern int sm_getla __P((ENVELOPE *)); extern struct passwd *sm_getpwnam __P((char *)); extern struct passwd *sm_getpwuid __P((UID_T)); extern void sm_setproctitle __P((bool, ENVELOPE *, const char *, ...)); extern int sm_strcasecmp __P((const char *, const char *)); extern bool strcontainedin __P((char *, char *)); extern void stripquotes __P((char *)); extern int switch_map_find __P((char *, char *[], short [])); extern bool transienterror __P((int)); extern void tTflag __P((char *)); extern void tTsetup __P((u_char *, int, char *)); extern SIGFUNC_DECL tick __P((int)); extern char *ttypath __P((void)); extern void unlockqueue __P((ENVELOPE *)); #if !HASUNSETENV extern void unsetenv __P((char *)); #endif /* !HASUNSETENV */ extern char *username __P((void)); extern bool usershellok __P((char *, char *)); extern void vendor_post_defaults __P((ENVELOPE *)); extern void vendor_pre_defaults __P((ENVELOPE *)); extern int waitfor __P((pid_t)); extern bool writable __P((char *, ADDRESS *, long)); extern char *xalloc __P((int)); extern void xputs __P((const char *)); extern char *xtextify __P((char *, char *)); extern bool xtextok __P((char *)); extern void xunlink __P((char *)); extern char *xuntextify __P((char *)); #endif /* _SENDMAIL_H */ Index: stable/4/contrib/sendmail/src/sfsasl.c =================================================================== --- stable/4/contrib/sendmail/src/sfsasl.c (revision 71887) +++ stable/4/contrib/sendmail/src/sfsasl.c (revision 71888) @@ -1,376 +1,408 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: sfsasl.c,v 8.17.4.8 2000/09/14 00:14:13 ca Exp $"; +static char id[] = "@(#)$Id: sfsasl.c,v 8.17.4.13 2000/11/03 00:24:49 gshapiro Exp $"; #endif /* ! lint */ #if SFIO # include #endif /* SFIO */ #include #include #if SASL && SFIO /* ** SASL */ # include # include "sfsasl.h" +/* how to deallocate a buffer allocated by SASL */ +# define SASL_DEALLOC(b) free(b) + static ssize_t sasl_read(f, buf, size, disc) Sfio_t *f; Void_t *buf; size_t size; Sfdisc_t *disc; { int len, result; - char *outbuf; - unsigned int outlen; + static char *outbuf = NULL; + static unsigned int outlen = 0; + static unsigned int offset = 0; Sasldisc_t *sd = (Sasldisc_t *) disc; - len = sfrd(f, buf, size, disc); + /* + ** sasl_decode() may require more data than a single read() returns. + ** Hence we have to put a loop around the decoding. + ** This also requires that we may have to split up the returned + ** data since it might be larger than the allowed size. + ** Therefore we use a static pointer and return portions of it + ** if necessary. + */ - if (len <= 0) - return len; - - result = sasl_decode(sd->conn, buf, len, &outbuf, &outlen); - - if (result != SASL_OK) + while (outbuf == NULL && outlen == 0) { - /* eventually, we'll want an exception here */ - return -1; + len = sfrd(f, buf, size, disc); + if (len <= 0) + return len; + result = sasl_decode(sd->conn, buf, len, &outbuf, &outlen); + if (result != SASL_OK) + { + outbuf = NULL; + offset = 0; + outlen = 0; + return -1; + } } if (outbuf != NULL) { - (void)memcpy(buf, outbuf, outlen); - free(outbuf); + if (outlen - offset > size) + { + /* return another part of the buffer */ + (void) memcpy(buf, outbuf + offset, (size_t) size); + offset += size; + result = size; + } + else + { + /* return the rest of the buffer */ + result = outlen - offset; + (void) memcpy(buf, outbuf + offset, (size_t) result); + SASL_DEALLOC(outbuf); + outbuf = NULL; + offset = 0; + outlen = 0; + } } - return outlen; + else + { + /* be paranoid: outbuf == NULL but outlen != 0 */ + syserr("!sasl_read failure: outbuf == NULL but outlen != 0"); + } + return result; } static ssize_t sasl_write(f, buf, size, disc) Sfio_t *f; const Void_t *buf; size_t size; Sfdisc_t *disc; { int result; char *outbuf; unsigned int outlen; Sasldisc_t *sd = (Sasldisc_t *) disc; result = sasl_encode(sd->conn, buf, size, &outbuf, &outlen); if (result != SASL_OK) - { - /* eventually, we'll want an exception here */ return -1; - } if (outbuf != NULL) { sfwr(f, outbuf, outlen, disc); - free(outbuf); + SASL_DEALLOC(outbuf); } return size; } int sfdcsasl(fin, fout, conn) Sfio_t *fin; Sfio_t *fout; sasl_conn_t *conn; { Sasldisc_t *saslin, *saslout; if (conn == NULL) { /* no need to do anything */ return 0; } if ((saslin = (Sasldisc_t *) malloc(sizeof(Sasldisc_t))) == NULL) return -1; if ((saslout = (Sasldisc_t *) malloc(sizeof(Sasldisc_t))) == NULL) { free(saslin); return -1; } saslin->disc.readf = sasl_read; saslin->disc.writef = sasl_write; saslin->disc.seekf = NULL; saslin->disc.exceptf = NULL; saslout->disc.readf = sasl_read; saslout->disc.writef = sasl_write; saslout->disc.seekf = NULL; saslout->disc.exceptf = NULL; saslin->conn = conn; saslout->conn = conn; if (sfdisc(fin, (Sfdisc_t *) saslin) != (Sfdisc_t *) saslin || sfdisc(fout, (Sfdisc_t *) saslout) != (Sfdisc_t *) saslout) { free(saslin); free(saslout); return -1; } return 0; } #endif /* SASL && SFIO */ #if STARTTLS && (SFIO || _FFR_TLS_TOREK) /* ** STARTTLS */ # include "sfsasl.h" # include static ssize_t # if SFIO tls_read(f, buf, size, disc) Sfio_t *f; Void_t *buf; size_t size; Sfdisc_t *disc; # else /* SFIO */ tls_read(disc, buf, size) void *disc; void *buf; size_t size; # endif /* SFIO */ { int r; Tlsdisc_t *sd; /* Cast back to correct type */ sd = (Tlsdisc_t *) disc; r = SSL_read(sd->con, (char *) buf, size); if (r < 0 && LogLevel > 7) { char *err; err = NULL; switch (SSL_get_error(sd->con, r)) { case SSL_ERROR_NONE: break; case SSL_ERROR_WANT_WRITE: err = "write W BLOCK"; break; case SSL_ERROR_WANT_READ: err = "write R BLOCK"; break; case SSL_ERROR_WANT_X509_LOOKUP: err = "write X BLOCK"; break; case SSL_ERROR_ZERO_RETURN: break; case SSL_ERROR_SYSCALL: err = "syscall error"; /* get_last_socket_error()); */ break; case SSL_ERROR_SSL: err = "generic SSL error"; break; } if (err != NULL) sm_syslog(LOG_WARNING, NOQID, "TLS: read error: %s", err); } return r; } static ssize_t # if SFIO tls_write(f, buf, size, disc) Sfio_t *f; const Void_t *buf; size_t size; Sfdisc_t *disc; # else /* SFIO */ tls_write(disc, buf, size) void *disc; const void *buf; size_t size; # endif /* SFIO */ { int r; Tlsdisc_t *sd; /* Cast back to correct type */ sd = (Tlsdisc_t *) disc; r = SSL_write(sd->con, (char *)buf, size); if (r < 0 && LogLevel > 7) { char *err; err = NULL; switch (SSL_get_error(sd->con, r)) { case SSL_ERROR_NONE: break; case SSL_ERROR_WANT_WRITE: err = "write W BLOCK"; break; case SSL_ERROR_WANT_READ: err = "write R BLOCK"; break; case SSL_ERROR_WANT_X509_LOOKUP: err = "write X BLOCK"; break; case SSL_ERROR_ZERO_RETURN: break; case SSL_ERROR_SYSCALL: err = "syscall error"; /* get_last_socket_error()); */ break; case SSL_ERROR_SSL: err = "generic SSL error"; /* ERR_GET_REASON(ERR_peek_error())); */ break; } if (err != NULL) sm_syslog(LOG_WARNING, NOQID, "TLS: write error: %s", err); } return r; } # if !SFIO static int tls_close(cookie) void *cookie; { int retval = 0; Tlsdisc_t *tc; /* Cast back to correct type */ tc = (Tlsdisc_t *)cookie; if (tc->fp != NULL) { retval = fclose(tc->fp); tc->fp = NULL; } free(tc); return retval; } # endif /* !SFIO */ int sfdctls(fin, fout, con) # if SFIO Sfio_t *fin; Sfio_t *fout; # else /* SFIO */ FILE **fin; FILE **fout; # endif /* SFIO */ SSL *con; { Tlsdisc_t *tlsin, *tlsout; # if !SFIO FILE *fp; # else /* !SFIO */ int rfd, wfd; # endif /* !SFIO */ if (con == NULL) return 0; if ((tlsin = (Tlsdisc_t *) malloc(sizeof(Tlsdisc_t))) == NULL) return -1; if ((tlsout = (Tlsdisc_t *) malloc(sizeof(Tlsdisc_t))) == NULL) { free(tlsin); return -1; } # if SFIO tlsin->disc.readf = tls_read; tlsin->disc.writef = tls_write; tlsin->disc.seekf = NULL; tlsin->disc.exceptf = NULL; tlsin->con = con; tlsout->disc.readf = tls_read; tlsout->disc.writef = tls_write; tlsout->disc.seekf = NULL; tlsout->disc.exceptf = NULL; tlsout->con = con; rfd = fileno(fin); wfd = fileno(fout); if (rfd < 0 || wfd < 0 || SSL_set_rfd(con, rfd) <= 0 || SSL_set_wfd(con, wfd) <= 0) { free(tlsin); free(tlsout); return -1; } if (sfdisc(fin, (Sfdisc_t *) tlsin) != (Sfdisc_t *) tlsin || sfdisc(fout, (Sfdisc_t *) tlsout) != (Sfdisc_t *) tlsout) { free(tlsin); free(tlsout); return -1; } # else /* SFIO */ tlsin->fp = *fin; tlsin->con = con; fp = funopen(tlsin, tls_read, tls_write, NULL, tls_close); if (fp == NULL) { free(tlsin); return -1; } *fin = fp; tlsout->fp = *fout; tlsout->con = con; fp = funopen(tlsout, tls_read, tls_write, NULL, tls_close); if (fp == NULL) { FILE *save; /* Hack: Don't close underlying fp */ save = tlsin->fp; tlsin->fp = NULL; fclose(*fin); *fin = save; free(tlsout); return -1; } *fout = fp; SSL_set_rfd(con, fileno(tlsin->fp)); SSL_set_wfd(con, fileno(tlsout->fp)); # endif /* SFIO */ return 0; } #endif /* STARTTLS && (SFIO || _FFR_TLS_TOREK) */ Index: stable/4/contrib/sendmail/src/srvrsmtp.c =================================================================== --- stable/4/contrib/sendmail/src/srvrsmtp.c (revision 71887) +++ stable/4/contrib/sendmail/src/srvrsmtp.c (revision 71888) @@ -1,4265 +1,4275 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #ifndef lint # if SMTP -static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.58 2000/09/21 21:52:18 ca Exp $ (with SMTP)"; +static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.66 2000/12/18 18:00:44 ca Exp $ (with SMTP)"; # else /* SMTP */ -static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.58 2000/09/21 21:52:18 ca Exp $ (without SMTP)"; +static char id[] = "@(#)$Id: srvrsmtp.c,v 8.471.2.2.2.66 2000/12/18 18:00:44 ca Exp $ (without SMTP)"; # endif /* SMTP */ #endif /* ! lint */ #if SMTP # if SASL || STARTTLS # include "sfsasl.h" # endif /* SASL || STARTTLS */ # if SASL # define ENC64LEN(l) (((l) + 2) * 4 / 3 + 1) static int saslmechs __P((sasl_conn_t *, char **)); # endif /* SASL */ # if STARTTLS # include # include # include # include # ifndef HASURANDOMDEV # include # endif /* !HASURANDOMDEV */ static SSL *srv_ssl = NULL; static SSL_CTX *srv_ctx = NULL; # if !TLS_NO_RSA static RSA *rsa = NULL; # endif /* !TLS_NO_RSA */ static bool tls_ok = FALSE; static int tls_verify_cb __P((X509_STORE_CTX *)); # if !TLS_NO_RSA # define RSA_KEYLENGTH 512 # endif /* !TLS_NO_RSA */ # endif /* STARTTLS */ static time_t checksmtpattack __P((volatile int *, int, bool, char *, ENVELOPE *)); static void mail_esmtp_args __P((char *, char *, ENVELOPE *)); static void printvrfyaddr __P((ADDRESS *, bool, bool)); static void rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *)); static int runinchild __P((char *, ENVELOPE *)); static char *skipword __P((char *volatile, char *)); extern ENVELOPE BlankEnvelope; /* ** SMTP -- run the SMTP protocol. ** ** Parameters: ** nullserver -- if non-NULL, rejection message for ** all SMTP commands. ** e -- the envelope. ** ** Returns: ** never. ** ** Side Effects: ** Reads commands from the input channel and processes ** them. */ struct cmd { char *cmd_name; /* command name */ int cmd_code; /* internal code, see below */ }; /* values for cmd_code */ # define CMDERROR 0 /* bad command */ # define CMDMAIL 1 /* mail -- designate sender */ # define CMDRCPT 2 /* rcpt -- designate recipient */ # define CMDDATA 3 /* data -- send message text */ # define CMDRSET 4 /* rset -- reset state */ # define CMDVRFY 5 /* vrfy -- verify address */ # define CMDEXPN 6 /* expn -- expand address */ # define CMDNOOP 7 /* noop -- do nothing */ # define CMDQUIT 8 /* quit -- close connection and die */ # define CMDHELO 9 /* helo -- be polite */ # define CMDHELP 10 /* help -- give usage info */ # define CMDEHLO 11 /* ehlo -- extended helo (RFC 1425) */ # define CMDETRN 12 /* etrn -- flush queue */ # if SASL # define CMDAUTH 13 /* auth -- SASL authenticate */ # endif /* SASL */ # if STARTTLS # define CMDSTLS 14 /* STARTTLS -- start TLS session */ # endif /* STARTTLS */ /* non-standard commands */ # define CMDONEX 16 /* onex -- sending one transaction only */ # define CMDVERB 17 /* verb -- go into verbose mode */ # define CMDXUSR 18 /* xusr -- initial (user) submission */ /* unimplemented commands from RFC 821 */ # define CMDUNIMPL 19 /* unimplemented rfc821 commands */ /* use this to catch and log "door handle" attempts on your system */ # define CMDLOGBOGUS 23 /* bogus command that should be logged */ /* debugging-only commands, only enabled if SMTPDEBUG is defined */ # define CMDDBGQSHOW 24 /* showq -- show send queue */ # define CMDDBGDEBUG 25 /* debug -- set debug mode */ /* ** Note: If you change this list, ** remember to update 'helpfile' */ static struct cmd CmdTab[] = { { "mail", CMDMAIL }, { "rcpt", CMDRCPT }, { "data", CMDDATA }, { "rset", CMDRSET }, { "vrfy", CMDVRFY }, { "expn", CMDEXPN }, { "help", CMDHELP }, { "noop", CMDNOOP }, { "quit", CMDQUIT }, { "helo", CMDHELO }, { "ehlo", CMDEHLO }, { "etrn", CMDETRN }, { "verb", CMDVERB }, { "onex", CMDONEX }, { "xusr", CMDXUSR }, { "send", CMDUNIMPL }, { "saml", CMDUNIMPL }, { "soml", CMDUNIMPL }, { "turn", CMDUNIMPL }, # if SASL { "auth", CMDAUTH, }, # endif /* SASL */ # if STARTTLS { "starttls", CMDSTLS, }, # endif /* STARTTLS */ /* remaining commands are here only to trap and log attempts to use them */ { "showq", CMDDBGQSHOW }, { "debug", CMDDBGDEBUG }, { "wiz", CMDLOGBOGUS }, { NULL, CMDERROR } }; static bool OneXact = FALSE; /* one xaction only this run */ static char *CurSmtpClient; /* who's at the other end of channel */ # define MAXBADCOMMANDS 25 /* maximum number of bad commands */ # define MAXNOOPCOMMANDS 20 /* max "noise" commands before slowdown */ # define MAXHELOCOMMANDS 3 /* max HELO/EHLO commands before slowdown */ # define MAXVRFYCOMMANDS 6 /* max VRFY/EXPN commands before slowdown */ # define MAXETRNCOMMANDS 8 /* max ETRN commands before slowdown */ # define MAXTIMEOUT (4 * 60) /* max timeout for bad commands */ /* runinchild() returns */ # define RIC_INCHILD 0 /* in a child process */ # define RIC_INPARENT 1 /* still in parent process */ # define RIC_TEMPFAIL 2 /* temporary failure occurred */ void smtp(nullserver, d_flags, e) char *volatile nullserver; BITMAP256 d_flags; register ENVELOPE *volatile e; { register char *volatile p; register struct cmd *volatile c = NULL; char *cmd; auto ADDRESS *vrfyqueue; ADDRESS *a; volatile bool gotmail; /* mail command received */ volatile bool gothello; /* helo command received */ bool vrfy; /* set if this is a vrfy command */ char *volatile protocol; /* sending protocol */ char *volatile sendinghost; /* sending hostname */ char *volatile peerhostname; /* name of SMTP peer or "localhost" */ auto char *delimptr; char *id; volatile int nrcpts = 0; /* number of RCPT commands */ int ric; bool doublequeue; volatile bool discard; volatile int badcommands = 0; /* count of bad commands */ volatile int nverifies = 0; /* count of VRFY/EXPN commands */ volatile int n_etrn = 0; /* count of ETRN commands */ volatile int n_noop = 0; /* count of NOOP/VERB/ONEX etc cmds */ volatile int n_helo = 0; /* count of HELO/EHLO commands */ volatile int delay = 1; /* timeout for bad commands */ bool ok; volatile bool tempfail = FALSE; # if _FFR_MILTER volatile bool milterize = (nullserver == NULL); # endif /* _FFR_MILTER */ volatile time_t wt; /* timeout after too many commands */ volatile time_t previous; /* time after checksmtpattack() */ volatile bool lognullconnection = TRUE; register char *q; char *addr; char *greetcode = "220"; QUEUE_CHAR *new; int argno; char *args[MAXSMTPARGS]; char inp[MAXLINE]; char cmdbuf[MAXLINE]; # if SASL sasl_conn_t *conn; volatile bool sasl_ok; volatile int n_auth = 0; /* count of AUTH commands */ bool ismore; int result; volatile int authenticating; char *hostname; char *user; char *in, *out, *out2; const char *errstr; int inlen, out2len; unsigned int outlen; char *volatile auth_type; char *mechlist; volatile int n_mechs; int len; sasl_security_properties_t ssp; sasl_external_properties_t ext_ssf; # if SFIO sasl_ssf_t *ssf; # endif /* SFIO */ # endif /* SASL */ # if STARTTLS int r; int rfd, wfd; volatile bool usetls = TRUE; volatile bool tls_active = FALSE; bool saveQuickAbort; bool saveSuprErrs; # endif /* STARTTLS */ if (fileno(OutChannel) != fileno(stdout)) { /* arrange for debugging output to go to remote host */ (void) dup2(fileno(OutChannel), fileno(stdout)); } settime(e); (void)sm_getla(e); peerhostname = RealHostName; if (peerhostname == NULL) peerhostname = "localhost"; CurHostName = peerhostname; CurSmtpClient = macvalue('_', e); if (CurSmtpClient == NULL) CurSmtpClient = CurHostName; /* check_relay may have set discard bit, save for later */ discard = bitset(EF_DISCARD, e->e_flags); sm_setproctitle(TRUE, e, "server %s startup", CurSmtpClient); # if SASL sasl_ok = FALSE; /* SASL can't be used (yet) */ n_mechs = 0; /* SASL server new connection */ hostname = macvalue('j', e); # if SASL > 10505 /* use empty realm: only works in SASL > 1.5.5 */ result = sasl_server_new("smtp", hostname, "", NULL, 0, &conn); # else /* SASL > 10505 */ /* use no realm -> realm is set to hostname by SASL lib */ result = sasl_server_new("smtp", hostname, NULL, NULL, 0, &conn); # endif /* SASL > 10505 */ if (result == SASL_OK) { sasl_ok = TRUE; /* ** SASL set properties for sasl ** set local/remote IP ** XXX only IPv4: Cyrus SASL doesn't support anything else ** ** XXX where exactly are these used/required? ** Kerberos_v4 */ # if NETINET in = macvalue(macid("{daemon_family}", NULL), e); if (in != NULL && strcmp(in, "inet") == 0) { SOCKADDR_LEN_T addrsize; struct sockaddr_in saddr_l; struct sockaddr_in saddr_r; addrsize = sizeof(struct sockaddr_in); if (getpeername(fileno(InChannel), (struct sockaddr *)&saddr_r, &addrsize) == 0) { sasl_setprop(conn, SASL_IP_REMOTE, &saddr_r); addrsize = sizeof(struct sockaddr_in); if (getsockname(fileno(InChannel), (struct sockaddr *)&saddr_l, &addrsize) == 0) sasl_setprop(conn, SASL_IP_LOCAL, &saddr_l); } } # endif /* NETINET */ authenticating = SASL_NOT_AUTH; auth_type = NULL; mechlist = NULL; user = NULL; # if 0 define(macid("{auth_author}", NULL), NULL, &BlankEnvelope); # endif /* 0 */ /* set properties */ (void) memset(&ssp, '\0', sizeof ssp); # if SFIO /* XXX should these be options settable via .cf ? */ /* ssp.min_ssf = 0; is default due to memset() */ { ssp.max_ssf = INT_MAX; ssp.maxbufsize = MAXOUTLEN; } # endif /* SFIO */ # if _FFR_SASL_OPTS ssp.security_flags = SASLOpts & SASL_SEC_MASK; # endif /* _FFR_SASL_OPTS */ sasl_ok = sasl_setprop(conn, SASL_SEC_PROPS, &ssp) == SASL_OK; if (sasl_ok) { /* ** external security strength factor; ** we have none so zero # if STARTTLS ** we may have to change this for STARTTLS ** (dynamically) # endif */ ext_ssf.ssf = 0; ext_ssf.auth_id = NULL; sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL, &ext_ssf) == SASL_OK; } if (sasl_ok) { n_mechs = saslmechs(conn, &mechlist); sasl_ok = n_mechs > 0; } } else { if (LogLevel > 9) sm_syslog(LOG_WARNING, NOQID, "SASL error: sasl_server_new failed=%d", result); } # endif /* SASL */ # if STARTTLS # if _FFR_TLS_O_T saveQuickAbort = QuickAbort; saveSuprErrs = SuprErrs; SuprErrs = TRUE; QuickAbort = FALSE; - if (rscheck("offer_tls", CurSmtpClient, "", e, TRUE, FALSE, 8) != EX_OK - || Errors > 0) + if (rscheck("offer_tls", CurSmtpClient, "", e, TRUE, FALSE, 8, + NULL) != EX_OK || Errors > 0) usetls = FALSE; QuickAbort = saveQuickAbort; SuprErrs = saveSuprErrs; # endif /* _FFR_TLS_O_T */ # endif /* STARTTLS */ # if _FFR_MILTER if (milterize) { char state; /* initialize mail filter connection */ milter_init(e, &state); switch (state) { case SMFIR_REJECT: greetcode = "554"; nullserver = "Command rejected"; milterize = FALSE; break; case SMFIR_TEMPFAIL: tempfail = TRUE; milterize = FALSE; break; } } if (milterize && !bitset(EF_DISCARD, e->e_flags)) { char state; (void) milter_connect(peerhostname, RealHostAddr, e, &state); switch (state) { case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */ case SMFIR_REJECT: greetcode = "554"; nullserver = "Command rejected"; milterize = FALSE; break; case SMFIR_TEMPFAIL: tempfail = TRUE; milterize = FALSE; break; } } # endif /* _FFR_MILTER */ /* output the first line, inserting "ESMTP" as second word */ expand(SmtpGreeting, inp, sizeof inp, e); p = strchr(inp, '\n'); if (p != NULL) *p++ = '\0'; id = strchr(inp, ' '); if (id == NULL) id = &inp[strlen(inp)]; if (p == NULL) snprintf(cmdbuf, sizeof cmdbuf, "%s %%.*s ESMTP%%s", greetcode); else snprintf(cmdbuf, sizeof cmdbuf, "%s-%%.*s ESMTP%%s", greetcode); message(cmdbuf, (int) (id - inp), inp, id); /* output remaining lines */ while ((id = p) != NULL && (p = strchr(id, '\n')) != NULL) { *p++ = '\0'; if (isascii(*id) && isspace(*id)) id++; (void) snprintf(cmdbuf, sizeof cmdbuf, "%s-%%s", greetcode); message(cmdbuf, id); } if (id != NULL) { if (isascii(*id) && isspace(*id)) id++; (void) snprintf(cmdbuf, sizeof cmdbuf, "%s %%s", greetcode); message(cmdbuf, id); } protocol = NULL; sendinghost = macvalue('s', e); gothello = FALSE; gotmail = FALSE; for (;;) { /* arrange for backout */ (void) setjmp(TopFrame); QuickAbort = FALSE; HoldErrs = FALSE; SuprErrs = FALSE; LogUsrErrs = FALSE; OnlyOneError = TRUE; e->e_flags &= ~(EF_VRFYONLY|EF_GLOBALERRS); /* setup for the read */ e->e_to = NULL; Errors = 0; FileName = NULL; (void) fflush(stdout); /* read the input line */ SmtpPhase = "server cmd read"; sm_setproctitle(TRUE, e, "server %s cmd read", CurSmtpClient); # if SASL /* ** SMTP AUTH requires accepting any length, ** at least for challenge/response ** XXX */ # endif /* SASL */ /* handle errors */ if (ferror(OutChannel) || (p = sfgets(inp, sizeof inp, InChannel, TimeOuts.to_nextcommand, SmtpPhase)) == NULL) { char *d; d = macvalue(macid("{daemon_name}", NULL), e); if (d == NULL) d = "stdin"; /* end of file, just die */ disconnect(1, e); # if _FFR_MILTER /* close out milter filters */ milter_quit(e); # endif /* _FFR_MILTER */ message("421 4.4.1 %s Lost input channel from %s", MyHostName, CurSmtpClient); if (LogLevel > (gotmail ? 1 : 19)) sm_syslog(LOG_NOTICE, e->e_id, "lost input channel from %.100s to %s after %s", CurSmtpClient, d, (c == NULL || c->cmd_name == NULL) ? "startup" : c->cmd_name); /* ** If have not accepted mail (DATA), do not bounce ** bad addresses back to sender. */ if (bitset(EF_CLRQUEUE, e->e_flags)) e->e_sendqueue = NULL; goto doquit; } /* clean up end of line */ fixcrlf(inp, TRUE); # if SASL if (authenticating == SASL_PROC_AUTH) { # if 0 if (*inp == '\0') { authenticating = SASL_NOT_AUTH; message("501 5.5.2 missing input"); continue; } # endif /* 0 */ if (*inp == '*' && *(inp + 1) == '\0') { authenticating = SASL_NOT_AUTH; /* rfc 2254 4. */ message("501 5.0.0 AUTH aborted"); continue; } /* could this be shorter? XXX */ out = xalloc(strlen(inp)); result = sasl_decode64(inp, strlen(inp), out, &outlen); if (result != SASL_OK) { authenticating = SASL_NOT_AUTH; /* rfc 2254 4. */ message("501 5.5.4 cannot decode AUTH parameter %s", inp); continue; } result = sasl_server_step(conn, out, outlen, &out, &outlen, &errstr); /* get an OK if we're done */ if (result == SASL_OK) { authenticated: message("235 2.0.0 OK Authenticated"); authenticating = SASL_IS_AUTH; define(macid("{auth_type}", NULL), newstr(auth_type), &BlankEnvelope); result = sasl_getprop(conn, SASL_USERNAME, (void **)&user); if (result != SASL_OK) { user = ""; define(macid("{auth_authen}", NULL), NULL, &BlankEnvelope); } else { define(macid("{auth_authen}", NULL), newstr(user), &BlankEnvelope); } # if 0 /* get realm? */ sasl_getprop(conn, SASL_REALM, (void **) &data); # endif /* 0 */ # if SFIO /* get security strength (features) */ result = sasl_getprop(conn, SASL_SSF, (void **) &ssf); if (result != SASL_OK) { define(macid("{auth_ssf}", NULL), "0", &BlankEnvelope); ssf = NULL; } else { char pbuf[8]; snprintf(pbuf, sizeof pbuf, "%u", *ssf); define(macid("{auth_ssf}", NULL), newstr(pbuf), &BlankEnvelope); if (tTd(95, 8)) dprintf("SASL auth_ssf: %u\n", *ssf); } /* ** only switch to encrypted connection ** if a security layer has been negotiated */ if (ssf != NULL && *ssf > 0) { /* ** convert sfio stuff to use SASL ** check return values ** if the call fails, ** fall back to unencrypted version ** unless some cf option requires ** encryption then the connection must ** be aborted */ if (sfdcsasl(InChannel, OutChannel, conn) == 0) { /* restart dialogue */ gothello = FALSE; OneXact = TRUE; n_helo = 0; } else syserr("503 5.3.3 SASL TLS failed"); if (LogLevel > 9) sm_syslog(LOG_INFO, NOQID, "SASL: connection from %.64s: mech=%.16s, id=%.64s, bits=%d", CurSmtpClient, auth_type, user, *ssf); } # else /* SFIO */ if (LogLevel > 9) sm_syslog(LOG_INFO, NOQID, "SASL: connection from %.64s: mech=%.16s, id=%.64s", CurSmtpClient, auth_type, user); # endif /* SFIO */ } else if (result == SASL_CONTINUE) { len = ENC64LEN(outlen); out2 = xalloc(len); result = sasl_encode64(out, outlen, out2, len, (u_int *)&out2len); if (result != SASL_OK) { /* correct code? XXX */ /* 454 Temp. authentication failure */ message("454 4.5.4 Internal error: unable to encode64"); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, "SASL encode64 error [%d for \"%s\"]", result, out); /* start over? */ authenticating = SASL_NOT_AUTH; } else { message("334 %s", out2); if (tTd(95, 2)) dprintf("SASL continue: msg='%s' len=%d\n", out2, out2len); } } else { /* not SASL_OK or SASL_CONT */ message("500 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "AUTH failure (%s): %s (%d)", auth_type, sasl_errstring(result, NULL, NULL), result); authenticating = SASL_NOT_AUTH; } } else { /* don't want to do any of this if authenticating */ # endif /* SASL */ /* echo command to transcript */ if (e->e_xfp != NULL) fprintf(e->e_xfp, "<<< %s\n", inp); if (LogLevel >= 15) sm_syslog(LOG_INFO, e->e_id, "<-- %s", inp); if (e->e_id == NULL) sm_setproctitle(TRUE, e, "%s: %.80s", CurSmtpClient, inp); else sm_setproctitle(TRUE, e, "%s %s: %.80s", qid_printname(e), CurSmtpClient, inp); /* break off command */ for (p = inp; isascii(*p) && isspace(*p); p++) continue; cmd = cmdbuf; while (*p != '\0' && !(isascii(*p) && isspace(*p)) && cmd < &cmdbuf[sizeof cmdbuf - 2]) *cmd++ = *p++; *cmd = '\0'; /* throw away leading whitespace */ while (isascii(*p) && isspace(*p)) p++; /* decode command */ for (c = CmdTab; c->cmd_name != NULL; c++) { if (strcasecmp(c->cmd_name, cmdbuf) == 0) break; } /* reset errors */ errno = 0; /* ** Process command. ** ** If we are running as a null server, return 550 ** to everything. */ if (nullserver != NULL || bitnset(D_ETRNONLY, d_flags)) { switch (c->cmd_code) { case CMDQUIT: case CMDHELO: case CMDEHLO: case CMDNOOP: case CMDRSET: /* process normally */ break; case CMDETRN: if (bitnset(D_ETRNONLY, d_flags) && nullserver == NULL) break; continue; default: if (++badcommands > MAXBADCOMMANDS) { delay *= 2; if (delay >= MAXTIMEOUT) delay = MAXTIMEOUT; (void) sleep(delay); } if (nullserver != NULL) { if (ISSMTPREPLY(nullserver)) usrerr(nullserver); else usrerr("550 5.0.0 %s", nullserver); } else usrerr("452 4.4.5 Insufficient disk space; try again later"); continue; } } /* non-null server */ switch (c->cmd_code) { case CMDMAIL: case CMDEXPN: case CMDVRFY: case CMDETRN: lognullconnection = FALSE; } switch (c->cmd_code) { # if SASL case CMDAUTH: /* sasl */ if (!sasl_ok) { message("503 5.3.3 AUTH not available"); break; } if (authenticating == SASL_IS_AUTH) { message("503 5.5.0 Already Authenticated"); break; } if (gotmail) { message("503 5.5.0 AUTH not permitted during a mail transaction"); break; } if (tempfail) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, "SMTP AUTH command (%.100s) from %.100s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("454 4.7.1 Please try again later"); break; } ismore = FALSE; /* crude way to avoid crack attempts */ (void) checksmtpattack(&n_auth, n_mechs + 1, TRUE, "AUTH", e); /* make sure it's a valid string */ for (q = p; *q != '\0' && isascii(*q); q++) { if (isspace(*q)) { *q = '\0'; while (*++q != '\0' && isascii(*q) && isspace(*q)) continue; *(q - 1) = '\0'; ismore = (*q != '\0'); break; } } /* check whether mechanism is available */ if (iteminlist(p, mechlist, " ") == NULL) { message("503 5.3.3 AUTH mechanism %s not available", p); break; } if (ismore) { /* could this be shorter? XXX */ in = xalloc(strlen(q)); result = sasl_decode64(q, strlen(q), in, (u_int *)&inlen); if (result != SASL_OK) { message("501 5.5.4 cannot BASE64 decode '%s'", q); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, "SASL decode64 error [%d for \"%s\"]", result, q); /* start over? */ authenticating = SASL_NOT_AUTH; in = NULL; inlen = 0; break; } # if 0 if (tTd(95, 99)) { int i; dprintf("AUTH: more \""); for (i = 0; i < inlen; i++) { if (isascii(in[i]) && isprint(in[i])) dprintf("%c", in[i]); else dprintf("_"); } dprintf("\"\n"); } # endif /* 0 */ } else { in = NULL; inlen = 0; } /* see if that auth type exists */ result = sasl_server_start(conn, p, in, inlen, &out, &outlen, &errstr); if (result != SASL_OK && result != SASL_CONTINUE) { message("500 5.7.0 authentication failed"); if (LogLevel > 9) sm_syslog(LOG_ERR, e->e_id, "AUTH failure (%s): %s (%d)", p, sasl_errstring(result, NULL, NULL), result); break; } auth_type = newstr(p); if (result == SASL_OK) { /* ugly, but same code */ goto authenticated; /* authenticated by the initial response */ } /* len is at least 2 */ len = ENC64LEN(outlen); out2 = xalloc(len); result = sasl_encode64(out, outlen, out2, len, (u_int *)&out2len); if (result != SASL_OK) { message("454 4.5.4 Temporary authentication failure"); if (LogLevel > 5) sm_syslog(LOG_WARNING, e->e_id, "SASL encode64 error [%d for \"%s\"]", result, out); /* start over? */ authenticating = SASL_NOT_AUTH; } else { message("334 %s", out2); authenticating = SASL_PROC_AUTH; } break; # endif /* SASL */ # if STARTTLS case CMDSTLS: /* starttls */ if (*p != '\0') { message("501 5.5.2 Syntax error (no parameters allowed)"); break; } if (!usetls) { message("503 5.5.0 TLS not available"); break; } if (!tls_ok) { message("454 4.3.3 TLS not available after start"); break; } if (gotmail) { message("503 5.5.0 TLS not permitted during a mail transaction"); break; } if (tempfail) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, "SMTP STARTTLS command (%.100s) from %.100s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("454 4.7.1 Please try again later"); break; } # if TLS_NO_RSA /* ** XXX do we need a temp key ? */ # else /* TLS_NO_RSA */ if (SSL_CTX_need_tmp_RSA(srv_ctx) && !SSL_CTX_set_tmp_rsa(srv_ctx, (rsa = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL))) ) { message("454 4.3.3 TLS not available: error generating RSA temp key"); if (rsa != NULL) RSA_free(rsa); break; } # endif /* TLS_NO_RSA */ if (srv_ssl != NULL) SSL_clear(srv_ssl); else if ((srv_ssl = SSL_new(srv_ctx)) == NULL) { message("454 4.3.3 TLS not available: error generating SSL handle"); break; } rfd = fileno(InChannel); wfd = fileno(OutChannel); if (rfd < 0 || wfd < 0 || SSL_set_rfd(srv_ssl, rfd) <= 0 || SSL_set_wfd(srv_ssl, wfd) <= 0) { message("454 4.3.3 TLS not available: error set fd"); SSL_free(srv_ssl); srv_ssl = NULL; break; } message("220 2.0.0 Ready to start TLS"); SSL_set_accept_state(srv_ssl); # define SSL_ACC(s) SSL_accept(s) if ((r = SSL_ACC(srv_ssl)) <= 0) { int i; /* what to do in this case? */ i = SSL_get_error(srv_ssl, r); if (LogLevel > 5) { sm_syslog(LOG_WARNING, e->e_id, "TLS: error: accept failed=%d (%d)", r, i); if (LogLevel > 9) tlslogerr(); } tls_ok = FALSE; SSL_free(srv_ssl); srv_ssl = NULL; /* ** according to the next draft of ** RFC 2487 the connection should be dropped */ /* arrange to ignore any current send list */ e->e_sendqueue = NULL; goto doquit; } /* ignore return code for now, it's in {verify} */ (void) tls_get_info(srv_ssl, &BlankEnvelope, TRUE, - CurSmtpClient); + CurSmtpClient, TRUE); /* ** call Stls_client to find out whether ** to accept the connection from the client */ saveQuickAbort = QuickAbort; saveSuprErrs = SuprErrs; SuprErrs = TRUE; QuickAbort = FALSE; if (rscheck("tls_client", macvalue(macid("{verify}", NULL), e), - "STARTTLS", e, TRUE, TRUE, 6) != EX_OK || - Errors > 0) + "STARTTLS", e, TRUE, TRUE, 6, NULL) != + EX_OK || Errors > 0) { extern char MsgBuf[]; if (MsgBuf[0] != '\0' && ISSMTPREPLY(MsgBuf)) nullserver = newstr(MsgBuf); else nullserver = "503 5.7.0 Authentication required."; } QuickAbort = saveQuickAbort; SuprErrs = saveSuprErrs; tls_ok = FALSE; /* don't offer STARTTLS again */ gothello = FALSE; /* discard info */ n_helo = 0; OneXact = TRUE; /* only one xaction this run */ # if SASL if (sasl_ok) { char *s; if ((s = macvalue(macid("{cipher_bits}", NULL), e)) != NULL && (ext_ssf.ssf = atoi(s)) > 0) { # if _FFR_EXT_MECH ext_ssf.auth_id = macvalue(macid("{cert_subject}", NULL), e); # endif /* _FFR_EXT_MECH */ sasl_ok = sasl_setprop(conn, SASL_SSF_EXTERNAL, &ext_ssf) == SASL_OK; if (mechlist != NULL) free(mechlist); mechlist = NULL; if (sasl_ok) { n_mechs = saslmechs(conn, &mechlist); sasl_ok = n_mechs > 0; } } } # endif /* SASL */ /* switch to secure connection */ #if SFIO r = sfdctls(InChannel, OutChannel, srv_ssl); #else /* SFIO */ # if _FFR_TLS_TOREK r = sfdctls(&InChannel, &OutChannel, srv_ssl); # endif /* _FFR_TLS_TOREK */ #endif /* SFIO */ if (r == 0) tls_active = TRUE; else { /* ** XXX this is an internal error ** how to deal with it? ** we can't generate an error message ** since the other side switched to an ** encrypted layer, but we could not... ** just "hang up"? */ nullserver = "454 4.3.3 TLS not available: can't switch to encrypted layer"; syserr("TLS: can't switch to encrypted layer"); } break; # endif /* STARTTLS */ case CMDHELO: /* hello -- introduce yourself */ case CMDEHLO: /* extended hello */ if (c->cmd_code == CMDEHLO) { protocol = "ESMTP"; SmtpPhase = "server EHLO"; } else { protocol = "SMTP"; SmtpPhase = "server HELO"; } /* avoid denial-of-service */ (void) checksmtpattack(&n_helo, MAXHELOCOMMANDS, TRUE, "HELO/EHLO", e); /* check for duplicate HELO/EHLO per RFC 1651 4.2 */ if (gothello) { usrerr("503 %s Duplicate HELO/EHLO", MyHostName); break; } /* check for valid domain name (re 1123 5.2.5) */ if (*p == '\0' && !AllowBogusHELO) { usrerr("501 %s requires domain address", cmdbuf); break; } /* check for long domain name (hides Received: info) */ if (strlen(p) > MAXNAME) { usrerr("501 Invalid domain name"); if (LogLevel > 9) sm_syslog(LOG_INFO, CurEnv->e_id, "invalid domain name (too long) from %.100s", CurSmtpClient); break; } for (q = p; *q != '\0'; q++) { if (!isascii(*q)) break; if (isalnum(*q)) continue; if (isspace(*q)) { *q = '\0'; break; } if (strchr("[].-_#", *q) == NULL) break; } if (*q == '\0') { q = "pleased to meet you"; sendinghost = newstr(p); } else if (!AllowBogusHELO) { usrerr("501 Invalid domain name"); if (LogLevel > 9) sm_syslog(LOG_INFO, CurEnv->e_id, "invalid domain name (%.100s) from %.100s", p, CurSmtpClient); break; } else { q = "accepting invalid domain name"; } gothello = TRUE; # if _FFR_MILTER if (milterize && !bitset(EF_DISCARD, e->e_flags)) { char state; char *response; response = milter_helo(p, e, &state); switch (state) { case SMFIR_REPLYCODE: nullserver = response; milterize = FALSE; break; case SMFIR_REJECT: nullserver = "Command rejected"; milterize = FALSE; break; case SMFIR_TEMPFAIL: tempfail = TRUE; milterize = FALSE; break; } } # endif /* _FFR_MILTER */ /* print HELO response message */ if (c->cmd_code != CMDEHLO) { message("250 %s Hello %s, %s", MyHostName, CurSmtpClient, q); break; } message("250-%s Hello %s, %s", MyHostName, CurSmtpClient, q); /* offer ENHSC even for nullserver */ if (nullserver != NULL) { message("250 ENHANCEDSTATUSCODES"); break; } /* ** print EHLO features list ** ** Note: If you change this list, ** remember to update 'helpfile' */ message("250-ENHANCEDSTATUSCODES"); if (!bitset(PRIV_NOEXPN, PrivacyFlags)) { message("250-EXPN"); if (!bitset(PRIV_NOVERB, PrivacyFlags)) message("250-VERB"); } # if MIME8TO7 message("250-8BITMIME"); # endif /* MIME8TO7 */ if (MaxMessageSize > 0) message("250-SIZE %ld", MaxMessageSize); else message("250-SIZE"); # if DSN if (SendMIMEErrors && !bitset(PRIV_NORECEIPTS, PrivacyFlags)) message("250-DSN"); # endif /* DSN */ message("250-ONEX"); if (!bitset(PRIV_NOETRN, PrivacyFlags) && !bitnset(D_NOETRN, d_flags)) message("250-ETRN"); message("250-XUSR"); # if SASL if (sasl_ok && mechlist != NULL && *mechlist != '\0') message("250-AUTH %s", mechlist); # endif /* SASL */ # if STARTTLS if (tls_ok && usetls) message("250-STARTTLS"); # endif /* STARTTLS */ message("250 HELP"); break; case CMDMAIL: /* mail -- designate sender */ SmtpPhase = "server MAIL"; /* check for validity of this command */ if (!gothello && bitset(PRIV_NEEDMAILHELO, PrivacyFlags)) { usrerr("503 5.0.0 Polite people say HELO first"); break; } if (gotmail) { usrerr("503 5.5.0 Sender already specified"); break; } if (InChild) { errno = 0; syserr("503 5.5.0 Nested MAIL command: MAIL %s", p); finis(TRUE, ExitStat); } # if SASL if (bitnset(D_AUTHREQ, d_flags) && authenticating != SASL_IS_AUTH) { usrerr("530 5.7.0 Authentication required"); break; } # endif /* SASL */ p = skipword(p, "from"); if (p == NULL) break; if (tempfail) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, "SMTP MAIL command (%.100s) from %.100s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("451 4.7.1 Please try again later"); break; } /* make sure we know who the sending host is */ if (sendinghost == NULL) sendinghost = peerhostname; /* fork a subprocess to process this command */ ric = runinchild("SMTP-MAIL", e); /* Catch a problem and stop processing */ if (ric == RIC_TEMPFAIL && nullserver == NULL) nullserver = "452 4.3.0 Internal software error"; if (ric != RIC_INCHILD) break; if (Errors > 0) goto undo_subproc_no_pm; if (!gothello) { auth_warning(e, "%s didn't use HELO protocol", CurSmtpClient); } # ifdef PICKY_HELO_CHECK if (strcasecmp(sendinghost, peerhostname) != 0 && (strcasecmp(peerhostname, "localhost") != 0 || strcasecmp(sendinghost, MyHostName) != 0)) { auth_warning(e, "Host %s claimed to be %s", CurSmtpClient, sendinghost); } # endif /* PICKY_HELO_CHECK */ if (protocol == NULL) protocol = "SMTP"; define('r', protocol, e); define('s', sendinghost, e); if (Errors > 0) goto undo_subproc_no_pm; nrcpts = 0; define(macid("{ntries}", NULL), "0", e); e->e_flags |= EF_CLRQUEUE; sm_setproctitle(TRUE, e, "%s %s: %.80s", qid_printname(e), CurSmtpClient, inp); /* child -- go do the processing */ if (setjmp(TopFrame) > 0) { /* this failed -- undo work */ undo_subproc_no_pm: e->e_flags &= ~EF_PM_NOTIFY; undo_subproc: if (InChild) { QuickAbort = FALSE; SuprErrs = TRUE; e->e_flags &= ~EF_FATALERRS; if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; finis(TRUE, ExitStat); } break; } QuickAbort = TRUE; /* must parse sender first */ delimptr = NULL; setsender(p, e, &delimptr, ' ', FALSE); if (delimptr != NULL && *delimptr != '\0') *delimptr++ = '\0'; if (Errors > 0) goto undo_subproc_no_pm; /* Successfully set e_from, allow logging */ e->e_flags |= EF_LOGSENDER; /* put resulting triple from parseaddr() into macros */ if (e->e_from.q_mailer != NULL) define(macid("{mail_mailer}", NULL), e->e_from.q_mailer->m_name, e); else define(macid("{mail_mailer}", NULL), NULL, e); if (e->e_from.q_host != NULL) define(macid("{mail_host}", NULL), e->e_from.q_host, e); else define(macid("{mail_host}", NULL), "localhost", e); if (e->e_from.q_user != NULL) define(macid("{mail_addr}", NULL), e->e_from.q_user, e); else define(macid("{mail_addr}", NULL), NULL, e); if (Errors > 0) goto undo_subproc_no_pm; /* check for possible spoofing */ if (RealUid != 0 && OpMode == MD_SMTP && !wordinclass(RealUserName, 't') && (!bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) || strcmp(e->e_from.q_user, RealUserName) != 0)) { auth_warning(e, "%s owned process doing -bs", RealUserName); } /* now parse ESMTP arguments */ e->e_msgsize = 0; addr = p; argno = 0; args[argno++] = p; p = delimptr; while (p != NULL && *p != '\0') { char *kp; char *vp = NULL; char *equal = NULL; /* locate the beginning of the keyword */ while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; kp = p; /* skip to the value portion */ while ((isascii(*p) && isalnum(*p)) || *p == '-') p++; if (*p == '=') { equal = p; *p++ = '\0'; vp = p; /* skip to the end of the value */ while (*p != '\0' && *p != ' ' && !(isascii(*p) && iscntrl(*p)) && *p != '=') p++; } if (*p != '\0') *p++ = '\0'; if (tTd(19, 1)) dprintf("MAIL: got arg %s=\"%s\"\n", kp, vp == NULL ? "" : vp); mail_esmtp_args(kp, vp, e); if (equal != NULL) *equal = '='; args[argno++] = kp; if (argno >= MAXSMTPARGS - 1) usrerr("501 5.5.4 Too many parameters"); if (Errors > 0) goto undo_subproc_no_pm; } args[argno] = NULL; if (Errors > 0) goto undo_subproc_no_pm; /* do config file checking of the sender */ if (rscheck("check_mail", addr, - NULL, e, TRUE, TRUE, 4) != EX_OK || + NULL, e, TRUE, TRUE, 4, NULL) != EX_OK || Errors > 0) goto undo_subproc_no_pm; if (MaxMessageSize > 0 && (e->e_msgsize > MaxMessageSize || e->e_msgsize < 0)) { usrerr("552 5.2.3 Message size exceeds fixed maximum message size (%ld)", MaxMessageSize); goto undo_subproc_no_pm; } if (!enoughdiskspace(e->e_msgsize, TRUE)) { usrerr("452 4.4.5 Insufficient disk space; try again later"); goto undo_subproc_no_pm; } if (Errors > 0) goto undo_subproc_no_pm; # if _FFR_MILTER LogUsrErrs = TRUE; if (milterize && !bitset(EF_DISCARD, e->e_flags)) { char state; char *response; response = milter_envfrom(args, e, &state); switch (state) { case SMFIR_REPLYCODE: usrerr(response); break; case SMFIR_REJECT: usrerr("550 5.7.1 Command rejected"); break; case SMFIR_DISCARD: e->e_flags |= EF_DISCARD; break; case SMFIR_TEMPFAIL: usrerr("451 4.7.1 Please try again later"); break; } if (response != NULL) free(response); } # endif /* _FFR_MILTER */ if (Errors > 0) goto undo_subproc_no_pm; message("250 2.1.0 Sender ok"); gotmail = TRUE; break; case CMDRCPT: /* rcpt -- designate recipient */ if (!gotmail) { usrerr("503 5.0.0 Need MAIL before RCPT"); break; } SmtpPhase = "server RCPT"; if (setjmp(TopFrame) > 0) { e->e_flags &= ~(EF_FATALERRS|EF_PM_NOTIFY); break; } QuickAbort = TRUE; LogUsrErrs = TRUE; /* limit flooding of our machine */ if (MaxRcptPerMsg > 0 && nrcpts >= MaxRcptPerMsg) { usrerr("452 4.5.3 Too many recipients"); break; } if (e->e_sendmode != SM_DELIVER) e->e_flags |= EF_VRFYONLY; # if _FFR_MILTER /* ** If the filter will be deleting recipients, ** don't expand them at RCPT time (in the call ** to recipient()). If they are expanded, it ** is impossible for removefromlist() to figure ** out the expanded members of the original ** recipient and mark them as QS_DONTSEND. */ if (milter_can_delrcpts()) e->e_flags |= EF_VRFYONLY; # endif /* _FFR_MILTER */ p = skipword(p, "to"); if (p == NULL) break; # if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), "e r", e); # endif /* _FFR_ADDR_TYPE */ a = parseaddr(p, NULLADDR, RF_COPYALL, ' ', &delimptr, e); #if _FFR_ADDR_TYPE define(macid("{addr_type}", NULL), NULL, e); #endif /* _FFR_ADDR_TYPE */ if (Errors > 0) break; if (a == NULL) { usrerr("501 5.0.0 Missing recipient"); break; } if (delimptr != NULL && *delimptr != '\0') *delimptr++ = '\0'; /* put resulting triple from parseaddr() into macros */ if (a->q_mailer != NULL) define(macid("{rcpt_mailer}", NULL), a->q_mailer->m_name, e); else define(macid("{rcpt_mailer}", NULL), NULL, e); if (a->q_host != NULL) define(macid("{rcpt_host}", NULL), a->q_host, e); else define(macid("{rcpt_host}", NULL), "localhost", e); if (a->q_user != NULL) define(macid("{rcpt_addr}", NULL), a->q_user, e); else define(macid("{rcpt_addr}", NULL), NULL, e); if (Errors > 0) break; /* now parse ESMTP arguments */ addr = p; argno = 0; args[argno++] = p; p = delimptr; while (p != NULL && *p != '\0') { char *kp; char *vp = NULL; char *equal = NULL; /* locate the beginning of the keyword */ while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') break; kp = p; /* skip to the value portion */ while ((isascii(*p) && isalnum(*p)) || *p == '-') p++; if (*p == '=') { equal = p; *p++ = '\0'; vp = p; /* skip to the end of the value */ while (*p != '\0' && *p != ' ' && !(isascii(*p) && iscntrl(*p)) && *p != '=') p++; } if (*p != '\0') *p++ = '\0'; if (tTd(19, 1)) dprintf("RCPT: got arg %s=\"%s\"\n", kp, vp == NULL ? "" : vp); rcpt_esmtp_args(a, kp, vp, e); if (equal != NULL) *equal = '='; args[argno++] = kp; if (argno >= MAXSMTPARGS - 1) usrerr("501 5.5.4 Too many parameters"); if (Errors > 0) break; } args[argno] = NULL; if (Errors > 0) break; /* do config file checking of the recipient */ if (rscheck("check_rcpt", addr, - NULL, e, TRUE, TRUE, 4) != EX_OK || + NULL, e, TRUE, TRUE, 4, NULL) != EX_OK || Errors > 0) break; # if _FFR_MILTER if (milterize && !bitset(EF_DISCARD, e->e_flags)) { char state; char *response; response = milter_envrcpt(args, e, &state); switch (state) { case SMFIR_REPLYCODE: usrerr(response); break; case SMFIR_REJECT: usrerr("550 5.7.1 Command rejected"); break; case SMFIR_DISCARD: e->e_flags |= EF_DISCARD; break; case SMFIR_TEMPFAIL: usrerr("451 4.7.1 Please try again later"); break; } if (response != NULL) free(response); } # endif /* _FFR_MILTER */ define(macid("{rcpt_mailer}", NULL), NULL, e); define(macid("{rcpt_relay}", NULL), NULL, e); define(macid("{rcpt_addr}", NULL), NULL, e); define(macid("{dsn_notify}", NULL), NULL, e); if (Errors > 0) break; /* save in recipient list after ESMTP mods */ a = recipient(a, &e->e_sendqueue, 0, e); if (Errors > 0) break; /* no errors during parsing, but might be a duplicate */ e->e_to = a->q_paddr; if (!QS_IS_BADADDR(a->q_state)) { if (e->e_queuedir == NOQDIR) initsys(e); message("250 2.1.5 Recipient ok%s", QS_IS_QUEUEUP(a->q_state) ? " (will queue)" : ""); nrcpts++; } else { /* punt -- should keep message in ADDRESS.... */ usrerr("550 5.1.1 Addressee unknown"); } break; case CMDDATA: /* data -- text of mail */ SmtpPhase = "server DATA"; if (!gotmail) { usrerr("503 5.0.0 Need MAIL command"); break; } else if (nrcpts <= 0) { usrerr("503 5.0.0 Need RCPT (recipient)"); break; } /* put back discard bit */ if (discard) e->e_flags |= EF_DISCARD; /* check to see if we need to re-expand aliases */ /* also reset QS_BADADDR on already-diagnosted addrs */ doublequeue = FALSE; for (a = e->e_sendqueue; a != NULL; a = a->q_next) { if (QS_IS_VERIFIED(a->q_state) && !bitset(EF_DISCARD, e->e_flags)) { /* need to re-expand aliases */ doublequeue = TRUE; } if (QS_IS_BADADDR(a->q_state)) { /* make this "go away" */ a->q_state = QS_DONTSEND; } } /* collect the text of the message */ SmtpPhase = "collect"; buffer_errors(); collect(InChannel, TRUE, NULL, e); # if _FFR_MILTER if (milterize && Errors <= 0 && !bitset(EF_DISCARD, e->e_flags)) { char state; char *response; response = milter_data(e, &state); switch (state) { case SMFIR_REPLYCODE: usrerr(response); break; case SMFIR_REJECT: usrerr("554 5.7.1 Command rejected"); break; case SMFIR_DISCARD: e->e_flags |= EF_DISCARD; break; case SMFIR_TEMPFAIL: usrerr("451 4.7.1 Please try again later"); break; } if (response != NULL) free(response); } /* abort message filters that didn't get the body */ if (milterize) milter_abort(e); # endif /* _FFR_MILTER */ /* redefine message size */ if ((q = macvalue(macid("{msg_size}", NULL), e)) != NULL) free(q); snprintf(inp, sizeof inp, "%ld", e->e_msgsize); define(macid("{msg_size}", NULL), newstr(inp), e); if (Errors > 0) { /* Log who the mail would have gone to */ if (LogLevel > 8 && e->e_message != NULL) { for (a = e->e_sendqueue; a != NULL; a = a->q_next) { if (!QS_IS_UNDELIVERED(a->q_state)) continue; e->e_to = a->q_paddr; logdelivery(NULL, NULL, a->q_status, e->e_message, NULL, (time_t) 0, e); } e->e_to = NULL; } flush_errors(TRUE); buffer_errors(); goto abortmessage; } /* make sure we actually do delivery */ e->e_flags &= ~EF_CLRQUEUE; /* from now on, we have to operate silently */ buffer_errors(); e->e_errormode = EM_MAIL; /* ** Arrange to send to everyone. ** If sending to multiple people, mail back ** errors rather than reporting directly. ** In any case, don't mail back errors for ** anything that has happened up to ** now (the other end will do this). ** Truncate our transcript -- the mail has gotten ** to us successfully, and if we have ** to mail this back, it will be easier ** on the reader. ** Then send to everyone. ** Finally give a reply code. If an error has ** already been given, don't mail a ** message back. ** We goose error returns by clearing error bit. */ SmtpPhase = "delivery"; (void) bftruncate(e->e_xfp); id = e->e_id; /* ** If a header/body check (header checks or milter) ** set EF_DISCARD, don't queueup the message -- ** that would lose the EF_DISCARD bit and deliver ** the message. */ if (bitset(EF_DISCARD, e->e_flags)) doublequeue = FALSE; if (doublequeue) { /* make sure it is in the queue */ queueup(e, FALSE); } else { /* send to all recipients */ # if NAMED_BIND _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; # endif /* NAMED_BIND */ sendall(e, SM_DEFAULT); } e->e_to = NULL; /* issue success message */ message("250 2.0.0 %s Message accepted for delivery", id); /* if we just queued, poke it */ if (doublequeue && e->e_sendmode != SM_QUEUE && e->e_sendmode != SM_DEFER) { CurrentLA = sm_getla(e); if (!shouldqueue(e->e_msgpriority, e->e_ctime)) { /* close all the queue files */ closexscript(e); if (e->e_dfp != NULL) (void) bfclose(e->e_dfp); e->e_dfp = NULL; unlockqueue(e); (void) dowork(e->e_queuedir, id, TRUE, TRUE, e); } } abortmessage: if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; /* if in a child, pop back to our parent */ if (InChild) finis(TRUE, ExitStat); /* clean up a bit */ gotmail = FALSE; dropenvelope(e, TRUE); CurEnv = e = newenvelope(e, CurEnv); e->e_flags = BlankEnvelope.e_flags; break; case CMDRSET: /* rset -- reset state */ # if _FFR_MILTER /* abort milter filters */ milter_abort(e); # endif /* _FFR_MILTER */ if (tTd(94, 100)) message("451 4.0.0 Test failure"); else message("250 2.0.0 Reset state"); /* arrange to ignore any current send list */ e->e_sendqueue = NULL; e->e_flags |= EF_CLRQUEUE; if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; if (InChild) finis(TRUE, ExitStat); /* clean up a bit */ gotmail = FALSE; SuprErrs = TRUE; dropenvelope(e, TRUE); CurEnv = e = newenvelope(e, CurEnv); break; case CMDVRFY: /* vrfy -- verify address */ case CMDEXPN: /* expn -- expand address */ if (tempfail) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, "SMTP %s command (%.100s) from %.100s tempfailed (due to previous checks)", c->cmd_code == CMDVRFY ? "VRFY" : "EXPN", p, CurSmtpClient); usrerr("550 5.7.1 Please try again later"); break; } wt = checksmtpattack(&nverifies, MAXVRFYCOMMANDS, FALSE, c->cmd_code == CMDVRFY ? "VRFY" : "EXPN", e); previous = curtime(); vrfy = c->cmd_code == CMDVRFY; if (bitset(vrfy ? PRIV_NOVRFY : PRIV_NOEXPN, PrivacyFlags)) { if (vrfy) message("252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)"); else message("502 5.7.0 Sorry, we do not allow this operation"); if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, "%.100s: %s [rejected]", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); break; } else if (!gothello && bitset(vrfy ? PRIV_NEEDVRFYHELO : PRIV_NEEDEXPNHELO, PrivacyFlags)) { usrerr("503 5.0.0 I demand that you introduce yourself first"); break; } if (runinchild(vrfy ? "SMTP-VRFY" : "SMTP-EXPN", e) > 0) break; if (Errors > 0) goto undo_subproc; if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, "%.100s: %s", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); if (setjmp(TopFrame) > 0) goto undo_subproc; QuickAbort = TRUE; vrfyqueue = NULL; if (vrfy) e->e_flags |= EF_VRFYONLY; while (*p != '\0' && isascii(*p) && isspace(*p)) p++; if (*p == '\0') { usrerr("501 5.5.2 Argument required"); } else { /* do config file checking of the address */ if (rscheck(vrfy ? "check_vrfy" : "check_expn", - p, NULL, e, TRUE, FALSE, 4) + p, NULL, e, TRUE, FALSE, 4, NULL) != EX_OK || Errors > 0) goto undo_subproc; (void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e); } if (wt > 0) - (void) sleep(wt - (curtime() - previous)); + { + time_t t; + + t = wt - (curtime() - previous); + if (t > 0) + (void) sleep(t); + } if (Errors > 0) goto undo_subproc; if (vrfyqueue == NULL) { usrerr("554 5.5.2 Nothing to %s", vrfy ? "VRFY" : "EXPN"); } while (vrfyqueue != NULL) { if (!QS_IS_UNDELIVERED(vrfyqueue->q_state)) { vrfyqueue = vrfyqueue->q_next; continue; } /* see if there is more in the vrfy list */ a = vrfyqueue; while ((a = a->q_next) != NULL && (!QS_IS_UNDELIVERED(a->q_state))) continue; printvrfyaddr(vrfyqueue, a == NULL, vrfy); vrfyqueue = a; } if (InChild) finis(TRUE, ExitStat); break; case CMDETRN: /* etrn -- force queue flush */ if (bitset(PRIV_NOETRN, PrivacyFlags) || bitnset(D_NOETRN, d_flags)) { /* different message for MSA ? */ message("502 5.7.0 Sorry, we do not allow this operation"); if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, "%.100s: %s [rejected]", CurSmtpClient, shortenstring(inp, MAXSHORTSTR)); break; } if (tempfail) { if (LogLevel > 9) sm_syslog(LOG_INFO, e->e_id, "SMTP ETRN command (%.100s) from %.100s tempfailed (due to previous checks)", p, CurSmtpClient); usrerr("451 4.7.1 Please try again later"); break; } if (strlen(p) <= 0) { usrerr("500 5.5.2 Parameter required"); break; } /* crude way to avoid denial-of-service attacks */ (void) checksmtpattack(&n_etrn, MAXETRNCOMMANDS, TRUE, "ETRN", e); /* do config file checking of the parameter */ - if (rscheck("check_etrn", p, NULL, e, TRUE, FALSE, 4) - != EX_OK || Errors > 0) + if (rscheck("check_etrn", p, NULL, e, TRUE, FALSE, 4, + NULL) != EX_OK || Errors > 0) break; if (LogLevel > 5) sm_syslog(LOG_INFO, e->e_id, "%.100s: ETRN %s", CurSmtpClient, shortenstring(p, MAXSHORTSTR)); id = p; if (*id == '@') id++; else *--id = '@'; if ((new = (QUEUE_CHAR *)malloc(sizeof(QUEUE_CHAR))) == NULL) { syserr("500 5.5.0 ETRN out of memory"); break; } new->queue_match = id; new->queue_next = NULL; QueueLimitRecipient = new; ok = runqueue(TRUE, FALSE); free(QueueLimitRecipient); QueueLimitRecipient = NULL; if (ok && Errors == 0) message("250 2.0.0 Queuing for node %s started", p); break; case CMDHELP: /* help -- give user info */ help(p, e); break; case CMDNOOP: /* noop -- do nothing */ (void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE, "NOOP", e); message("250 2.0.0 OK"); break; case CMDQUIT: /* quit -- leave mail */ message("221 2.0.0 %s closing connection", MyHostName); /* arrange to ignore any current send list */ e->e_sendqueue = NULL; # if STARTTLS /* shutdown TLS connection */ if (tls_active) { (void) endtls(srv_ssl, "server"); tls_active = FALSE; } # endif /* STARTTLS */ # if SASL if (authenticating == SASL_IS_AUTH) { sasl_dispose(&conn); authenticating = SASL_NOT_AUTH; } # endif /* SASL */ doquit: /* avoid future 050 messages */ disconnect(1, e); # if _FFR_MILTER /* close out milter filters */ milter_quit(e); # endif /* _FFR_MILTER */ if (InChild) ExitStat = EX_QUIT; if (LogLevel > 4 && bitset(EF_LOGSENDER, e->e_flags)) logsender(e, NULL); e->e_flags &= ~EF_LOGSENDER; if (lognullconnection && LogLevel > 5) { char *d; d = macvalue(macid("{daemon_name}", NULL), e); if (d == NULL) d = "stdin"; sm_syslog(LOG_INFO, NULL, "%.100s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s", CurSmtpClient, d); } finis(TRUE, ExitStat); /* NOTREACHED */ case CMDVERB: /* set verbose mode */ if (bitset(PRIV_NOEXPN, PrivacyFlags) || bitset(PRIV_NOVERB, PrivacyFlags)) { /* this would give out the same info */ message("502 5.7.0 Verbose unavailable"); break; } (void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE, "VERB", e); Verbose = 1; set_delivery_mode(SM_DELIVER, e); message("250 2.0.0 Verbose mode"); break; case CMDONEX: /* doing one transaction only */ (void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE, "ONEX", e); OneXact = TRUE; message("250 2.0.0 Only one transaction"); break; case CMDXUSR: /* initial (user) submission */ (void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, TRUE, "XUSR", e); define(macid("{daemon_flags}", NULL), "c u", CurEnv); message("250 2.0.0 Initial submission"); break; # if SMTPDEBUG case CMDDBGQSHOW: /* show queues */ printf("Send Queue="); printaddr(e->e_sendqueue, TRUE); break; case CMDDBGDEBUG: /* set debug mode */ tTsetup(tTdvect, sizeof tTdvect, "0-99.1"); tTflag(p); message("200 2.0.0 Debug set"); break; # else /* SMTPDEBUG */ case CMDDBGQSHOW: /* show queues */ case CMDDBGDEBUG: /* set debug mode */ # endif /* SMTPDEBUG */ case CMDLOGBOGUS: /* bogus command */ if (LogLevel > 0) sm_syslog(LOG_CRIT, e->e_id, "\"%s\" command from %.100s (%.100s)", c->cmd_name, CurSmtpClient, anynet_ntoa(&RealHostAddr)); /* FALLTHROUGH */ case CMDERROR: /* unknown command */ if (++badcommands > MAXBADCOMMANDS) { message("421 4.7.0 %s Too many bad commands; closing connection", MyHostName); /* arrange to ignore any current send list */ e->e_sendqueue = NULL; goto doquit; } usrerr("500 5.5.1 Command unrecognized: \"%s\"", shortenstring(inp, MAXSHORTSTR)); break; case CMDUNIMPL: usrerr("502 5.5.1 Command not implemented: \"%s\"", shortenstring(inp, MAXSHORTSTR)); break; default: errno = 0; syserr("500 5.5.0 smtp: unknown code %d", c->cmd_code); break; } # if SASL } # endif /* SASL */ } } /* ** CHECKSMTPATTACK -- check for denial-of-service attack by repetition ** ** Parameters: ** pcounter -- pointer to a counter for this command. ** maxcount -- maximum value for this counter before we ** slow down. ** waitnow -- sleep now (in this routine)? ** cname -- command name for logging. ** e -- the current envelope. ** ** Returns: -** none. +** time to wait. ** ** Side Effects: ** Slows down if we seem to be under attack. */ static time_t checksmtpattack(pcounter, maxcount, waitnow, cname, e) volatile int *pcounter; int maxcount; bool waitnow; char *cname; ENVELOPE *e; { if (++(*pcounter) >= maxcount) { time_t s; if (*pcounter == maxcount && LogLevel > 5) { sm_syslog(LOG_INFO, e->e_id, "%.100s: %.40s attack?", CurSmtpClient, cname); } s = 1 << (*pcounter - maxcount); if (s >= MAXTIMEOUT) s = MAXTIMEOUT; /* sleep at least 1 second before returning */ (void) sleep(*pcounter / maxcount); s -= *pcounter / maxcount; if (waitnow) { (void) sleep(s); return(0); } return(s); } return((time_t) 0); } /* ** SKIPWORD -- skip a fixed word. ** ** Parameters: ** p -- place to start looking. ** w -- word to skip. ** ** Returns: ** p following w. ** NULL on error. ** ** Side Effects: ** clobbers the p data area. */ static char * skipword(p, w) register char *volatile p; char *w; { register char *q; char *firstp = p; /* find beginning of word */ while (isascii(*p) && isspace(*p)) p++; q = p; /* find end of word */ while (*p != '\0' && *p != ':' && !(isascii(*p) && isspace(*p))) p++; while (isascii(*p) && isspace(*p)) *p++ = '\0'; if (*p != ':') { syntax: usrerr("501 5.5.2 Syntax error in parameters scanning \"%s\"", shortenstring(firstp, MAXSHORTSTR)); return NULL; } *p++ = '\0'; while (isascii(*p) && isspace(*p)) p++; if (*p == '\0') goto syntax; /* see if the input word matches desired word */ if (strcasecmp(q, w)) goto syntax; return p; } /* ** MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line ** ** Parameters: ** kp -- the parameter key. ** vp -- the value of that parameter. ** e -- the envelope. ** ** Returns: ** none. */ static void mail_esmtp_args(kp, vp, e) char *kp; char *vp; ENVELOPE *e; { if (strcasecmp(kp, "size") == 0) { if (vp == NULL) { usrerr("501 5.5.2 SIZE requires a value"); /* NOTREACHED */ } define(macid("{msg_size}", NULL), newstr(vp), e); - e->e_msgsize = strtol(vp, (char **) NULL, 10); + e->e_msgsize = strtol(vp, (char **) NULL, 10); if (e->e_msgsize == LONG_MAX && errno == ERANGE) { usrerr("552 5.2.3 Message size exceeds maximum value"); /* NOTREACHED */ } } else if (strcasecmp(kp, "body") == 0) { if (vp == NULL) { usrerr("501 5.5.2 BODY requires a value"); /* NOTREACHED */ } else if (strcasecmp(vp, "8bitmime") == 0) { SevenBitInput = FALSE; } else if (strcasecmp(vp, "7bit") == 0) { SevenBitInput = TRUE; } else { usrerr("501 5.5.4 Unknown BODY type %s", vp); /* NOTREACHED */ } e->e_bodytype = newstr(vp); } else if (strcasecmp(kp, "envid") == 0) { if (bitset(PRIV_NORECEIPTS, PrivacyFlags)) { usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN"); /* NOTREACHED */ } if (vp == NULL) { usrerr("501 5.5.2 ENVID requires a value"); /* NOTREACHED */ } if (!xtextok(vp)) { usrerr("501 5.5.4 Syntax error in ENVID parameter value"); /* NOTREACHED */ } if (e->e_envid != NULL) { usrerr("501 5.5.0 Duplicate ENVID parameter"); /* NOTREACHED */ } e->e_envid = newstr(vp); define(macid("{dsn_envid}", NULL), newstr(vp), e); } else if (strcasecmp(kp, "ret") == 0) { if (bitset(PRIV_NORECEIPTS, PrivacyFlags)) { usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN"); /* NOTREACHED */ } if (vp == NULL) { usrerr("501 5.5.2 RET requires a value"); /* NOTREACHED */ } if (bitset(EF_RET_PARAM, e->e_flags)) { usrerr("501 5.5.0 Duplicate RET parameter"); /* NOTREACHED */ } e->e_flags |= EF_RET_PARAM; if (strcasecmp(vp, "hdrs") == 0) e->e_flags |= EF_NO_BODY_RETN; else if (strcasecmp(vp, "full") != 0) { usrerr("501 5.5.2 Bad argument \"%s\" to RET", vp); /* NOTREACHED */ } define(macid("{dsn_ret}", NULL), newstr(vp), e); } # if SASL else if (strcasecmp(kp, "auth") == 0) { int len; char *q; char *auth_param; /* the value of the AUTH=x */ bool saveQuickAbort = QuickAbort; bool saveSuprErrs = SuprErrs; char pbuf[256]; if (vp == NULL) { usrerr("501 5.5.2 AUTH= requires a value"); /* NOTREACHED */ } if (e->e_auth_param != NULL) { usrerr("501 5.5.0 Duplicate AUTH parameter"); /* NOTREACHED */ } if ((q = strchr(vp, ' ')) != NULL) len = q - vp + 1; else len = strlen(vp) + 1; auth_param = xalloc(len); (void) strlcpy(auth_param, vp, len); if (!xtextok(auth_param)) { usrerr("501 5.5.4 Syntax error in AUTH parameter value"); /* just a warning? */ /* NOTREACHED */ } /* XXX this might be cut off */ snprintf(pbuf, sizeof pbuf, "%s", xuntextify(auth_param)); /* xalloc() the buffer instead? */ /* XXX define this always or only if trusted? */ define(macid("{auth_author}", NULL), newstr(pbuf), e); /* ** call Strust_auth to find out whether ** auth_param is acceptable (trusted) ** we shouldn't trust it if not authenticated ** (required by RFC, leave it to ruleset?) */ SuprErrs = TRUE; QuickAbort = FALSE; if (strcmp(auth_param, "<>") != 0 && - (rscheck("trust_auth", pbuf, NULL, e, TRUE, FALSE, 10) - != EX_OK || Errors > 0)) + (rscheck("trust_auth", pbuf, NULL, e, TRUE, FALSE, 10, + NULL) != EX_OK || Errors > 0)) { if (tTd(95, 8)) { q = e->e_auth_param; dprintf("auth=\"%.100s\" not trusted user=\"%.100s\"\n", pbuf, (q == NULL) ? "" : q); } /* not trusted */ e->e_auth_param = newstr("<>"); } else { if (tTd(95, 8)) dprintf("auth=\"%.100s\" trusted\n", pbuf); e->e_auth_param = newstr(auth_param); } free(auth_param); /* reset values */ Errors = 0; QuickAbort = saveQuickAbort; SuprErrs = saveSuprErrs; } # endif /* SASL */ else { usrerr("555 5.5.4 %s parameter unrecognized", kp); /* NOTREACHED */ } } /* ** RCPT_ESMTP_ARGS -- process ESMTP arguments from RCPT line ** ** Parameters: ** a -- the address corresponding to the To: parameter. ** kp -- the parameter key. ** vp -- the value of that parameter. ** e -- the envelope. ** ** Returns: ** none. */ static void rcpt_esmtp_args(a, kp, vp, e) ADDRESS *a; char *kp; char *vp; ENVELOPE *e; { if (strcasecmp(kp, "notify") == 0) { char *p; if (bitset(PRIV_NORECEIPTS, PrivacyFlags)) { usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN"); /* NOTREACHED */ } if (vp == NULL) { usrerr("501 5.5.2 NOTIFY requires a value"); /* NOTREACHED */ } a->q_flags &= ~(QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY); a->q_flags |= QHASNOTIFY; define(macid("{dsn_notify}", NULL), newstr(vp), e); if (strcasecmp(vp, "never") == 0) return; for (p = vp; p != NULL; vp = p) { p = strchr(p, ','); if (p != NULL) *p++ = '\0'; if (strcasecmp(vp, "success") == 0) a->q_flags |= QPINGONSUCCESS; else if (strcasecmp(vp, "failure") == 0) a->q_flags |= QPINGONFAILURE; else if (strcasecmp(vp, "delay") == 0) a->q_flags |= QPINGONDELAY; else { usrerr("501 5.5.4 Bad argument \"%s\" to NOTIFY", vp); /* NOTREACHED */ } } } else if (strcasecmp(kp, "orcpt") == 0) { if (bitset(PRIV_NORECEIPTS, PrivacyFlags)) { usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN"); /* NOTREACHED */ } if (vp == NULL) { usrerr("501 5.5.2 ORCPT requires a value"); /* NOTREACHED */ } if (strchr(vp, ';') == NULL || !xtextok(vp)) { usrerr("501 5.5.4 Syntax error in ORCPT parameter value"); /* NOTREACHED */ } if (a->q_orcpt != NULL) { usrerr("501 5.5.0 Duplicate ORCPT parameter"); /* NOTREACHED */ } a->q_orcpt = newstr(vp); } else { usrerr("555 5.5.4 %s parameter unrecognized", kp); /* NOTREACHED */ } } /* ** PRINTVRFYADDR -- print an entry in the verify queue ** ** Parameters: ** a -- the address to print ** last -- set if this is the last one. ** vrfy -- set if this is a VRFY command. ** ** Returns: ** none. ** ** Side Effects: ** Prints the appropriate 250 codes. */ #define OFFF (3 + 1 + 5 + 1) /* offset in fmt: SMTP reply + enh. code */ static void printvrfyaddr(a, last, vrfy) register ADDRESS *a; bool last; bool vrfy; { char fmtbuf[30]; if (vrfy && a->q_mailer != NULL && !bitnset(M_VRFY250, a->q_mailer->m_flags)) (void) strlcpy(fmtbuf, "252", sizeof fmtbuf); else (void) strlcpy(fmtbuf, "250", sizeof fmtbuf); fmtbuf[3] = last ? ' ' : '-'; (void) strlcpy(&fmtbuf[4], "2.1.5 ", sizeof fmtbuf - 4); if (a->q_fullname == NULL) { if ((a->q_mailer == NULL || a->q_mailer->m_addrtype == NULL || strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) && strchr(a->q_user, '@') == NULL) (void) strlcpy(&fmtbuf[OFFF], "<%s@%s>", sizeof fmtbuf - OFFF); else (void) strlcpy(&fmtbuf[OFFF], "<%s>", sizeof fmtbuf - OFFF); message(fmtbuf, a->q_user, MyHostName); } else { if ((a->q_mailer == NULL || a->q_mailer->m_addrtype == NULL || strcasecmp(a->q_mailer->m_addrtype, "rfc822") == 0) && strchr(a->q_user, '@') == NULL) (void) strlcpy(&fmtbuf[OFFF], "%s <%s@%s>", sizeof fmtbuf - OFFF); else (void) strlcpy(&fmtbuf[OFFF], "%s <%s>", sizeof fmtbuf - OFFF); message(fmtbuf, a->q_fullname, a->q_user, MyHostName); } } /* ** RUNINCHILD -- return twice -- once in the child, then in the parent again ** ** Parameters: ** label -- a string used in error messages ** ** Returns: ** RIC_INCHILD in the child ** RIC_INPARENT in the parent ** RIC_TEMPFAIL tempfail condition ** ** Side Effects: ** none. */ static int runinchild(label, e) char *label; register ENVELOPE *e; { pid_t childpid; if (!OneXact) { extern int NumQueues; /* ** advance state of PRNG ** this is necessary because otherwise all child processes ** will produce the same PRN sequence and hence the selection ** of a queue directory is not "really" random. */ if (NumQueues > 1) (void) get_random(); /* ** Disable child process reaping, in case ETRN has preceded ** MAIL command, and then fork. */ (void) blocksignal(SIGCHLD); + childpid = dofork(); if (childpid < 0) { syserr("451 4.3.0 %s: cannot fork", label); (void) releasesignal(SIGCHLD); return RIC_INPARENT; } if (childpid > 0) { auto int st; /* parent -- wait for child to complete */ sm_setproctitle(TRUE, e, "server %s child wait", CurSmtpClient); st = waitfor(childpid); if (st == -1) syserr("451 4.3.0 %s: lost child", label); else if (!WIFEXITED(st)) { syserr("451 4.3.0 %s: died on signal %d", label, st & 0177); return RIC_TEMPFAIL; } /* if exited on a QUIT command, complete the process */ if (WEXITSTATUS(st) == EX_QUIT) { disconnect(1, e); finis(TRUE, ExitStat); } /* restore the child signal */ (void) releasesignal(SIGCHLD); return RIC_INPARENT; } else { /* child */ InChild = TRUE; QuickAbort = FALSE; clearstats(); clearenvelope(e, FALSE); assign_queueid(e); (void) setsignal(SIGCHLD, SIG_DFL); (void) releasesignal(SIGCHLD); } } return RIC_INCHILD; } # if SASL /* ** SASLMECHS -- get list of possible AUTH mechanisms ** ** Parameters: ** conn -- SASL connection info ** mechlist -- output parameter for list of mechanisms ** ** Returns: ** number of mechs */ static int saslmechs(conn, mechlist) sasl_conn_t *conn; char **mechlist; { int len, num, result; /* "user" is currently unused */ result = sasl_listmech(conn, "user", /* XXX */ "", " ", "", mechlist, (u_int *)&len, (u_int *)&num); if (result == SASL_OK && num > 0) { if (LogLevel > 11) sm_syslog(LOG_INFO, NOQID, "SASL: available mech=%s, allowed mech=%s", *mechlist, AuthMechanisms); *mechlist = intersect(AuthMechanisms, *mechlist); } else { if (LogLevel > 9) sm_syslog(LOG_WARNING, NOQID, "SASL error: listmech=%d, num=%d", result, num); + num = 0; } return num; } /* ** PROXY_POLICY -- define proxy policy for AUTH ** ** Parameters: ** conntext -- unused ** auth_identity -- authentication identity ** requested_user -- authorization identity ** user -- allowed user (output) ** errstr -- possible error string (output) ** ** Returns: ** ok? */ int proxy_policy(context, auth_identity, requested_user, user, errstr) void *context; const char *auth_identity; const char *requested_user; const char **user; const char **errstr; { if (user == NULL || auth_identity == NULL) return SASL_FAIL; *user = newstr(auth_identity); return SASL_OK; } # endif /* SASL */ # if STARTTLS # if !TLS_NO_RSA RSA *rsa_tmp; /* temporary RSA key */ static RSA * tmp_rsa_key __P((SSL *, int, int)); # endif /* !TLS_NO_RSA */ # if !NO_DH static DH *get_dh512 __P((void)); static unsigned char dh512_p[] = { 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 0x47,0x74,0xE8,0x33 }; static unsigned char dh512_g[] = { 0x02 }; static DH * get_dh512() { DH *dh = NULL; if ((dh = DH_new()) == NULL) return(NULL); dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((dh->p == NULL) || (dh->g == NULL)) return(NULL); return(dh); } # endif /* !NO_DH */ /* ** TLS_RAND_INIT -- initialize STARTTLS random generator ** ** Parameters: ** randfile -- name of file with random data ** logl -- loglevel ** ** Returns: ** success/failure ** ** Side Effects: ** initializes PRNG for tls library. */ #define MIN_RAND_BYTES 16 /* 128 bits */ bool tls_rand_init(randfile, logl) char *randfile; int logl; { # ifndef HASURANDOMDEV /* not required if /dev/urandom exists, OpenSSL does it internally */ #define RF_OK 0 /* randfile OK */ #define RF_MISS 1 /* randfile == NULL || *randfile == '\0' */ #define RF_UNKNOWN 2 /* unknown prefix for randfile */ #define RI_NONE 0 /* no init yet */ #define RI_SUCCESS 1 /* init was successful */ #define RI_FAIL 2 /* init failed */ bool ok; int randdef; static int done = RI_NONE; /* ** initialize PRNG */ /* did we try this before? if yes: return old value */ if (done != RI_NONE) return done == RI_SUCCESS; /* set default values */ ok = FALSE; done = RI_FAIL; randdef = (randfile == NULL || *randfile == '\0') ? RF_MISS : RF_OK; # if EGD if (randdef == RF_OK && strncasecmp(randfile, "egd:", 4) == 0) { randfile += 4; if (RAND_egd(randfile) < 0) { sm_syslog(LOG_WARNING, NOQID, "TLS: RAND_egd(%s) failed: random number generator not seeded", randfile); } else ok = TRUE; } else # endif /* EGD */ if (randdef == RF_OK && strncasecmp(randfile, "file:", 5) == 0) { int fd; long sff; struct stat st; randfile += 5; sff = SFF_SAFEDIRPATH | SFF_NOWLINK | SFF_NOGWFILES | SFF_NOWWFILES | SFF_NOGRFILES | SFF_NOWRFILES | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT; if ((fd = safeopen(randfile, O_RDONLY, 0, sff)) >= 0) { if (fstat(fd, &st) < 0) { if (LogLevel > logl) sm_syslog(LOG_ERR, NOQID, "TLS: can't fstat(%s)", randfile); } else { bool use, problem; use = TRUE; problem = FALSE; if (st.st_mtime + 600 < curtime()) { use = bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail); problem = TRUE; if (LogLevel > logl) sm_syslog(LOG_ERR, NOQID, "TLS: RandFile %s too old: %s", randfile, use ? "unsafe" : "unusable"); } if (use && st.st_size < MIN_RAND_BYTES) { use = bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail); problem = TRUE; if (LogLevel > logl) sm_syslog(LOG_ERR, NOQID, "TLS: size(%s) < %d: %s", randfile, MIN_RAND_BYTES, use ? "unsafe" : "unusable"); } if (use) ok = RAND_load_file(randfile, -1) >= MIN_RAND_BYTES; if (use && !ok) { if (LogLevel > logl) sm_syslog(LOG_WARNING, NOQID, "TLS: RAND_load_file(%s) failed: random number generator not seeded", randfile); } if (problem) ok = FALSE; } if (ok || bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail)) { /* add this even if fstat() failed */ RAND_seed((void *) &st, sizeof st); } (void) close(fd); } else { if (LogLevel > logl) sm_syslog(LOG_WARNING, NOQID, "TLS: Warning: safeopen(%s) failed", randfile); } } else if (randdef == RF_OK) { if (LogLevel > logl) sm_syslog(LOG_WARNING, NOQID, "TLS: Error: no proper random file definition %s", randfile); randdef = RF_UNKNOWN; } if (randdef == RF_MISS) { if (LogLevel > logl) sm_syslog(LOG_WARNING, NOQID, "TLS: Error: missing random file definition"); } if (!ok && bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail)) { int i; long r; unsigned char buf[MIN_RAND_BYTES]; /* assert((MIN_RAND_BYTES % sizeof(long)) == 0); */ for (i = 0; i <= sizeof(buf) - sizeof(long); i += sizeof(long)) { r = get_random(); (void) memcpy(buf + i, (void *) &r, sizeof(long)); } RAND_seed(buf, sizeof buf); if (LogLevel > logl) sm_syslog(LOG_WARNING, NOQID, "TLS: Warning: random number generator not properly seeded"); ok = TRUE; } done = ok ? RI_SUCCESS : RI_FAIL; return ok; # else /* !HASURANDOMDEV */ return TRUE; # endif /* !HASURANDOMDEV */ } /* ** status in initialization ** these flags keep track of the status of the initialization ** i.e., whether a file exists (_EX) and whether it can be used (_OK) ** [due to permissions] */ #define TLS_S_NONE 0x00000000 /* none yet */ #define TLS_S_CERT_EX 0x00000001 /* CERT file exists */ #define TLS_S_CERT_OK 0x00000002 /* CERT file is ok */ #define TLS_S_KEY_EX 0x00000004 /* KEY file exists */ #define TLS_S_KEY_OK 0x00000008 /* KEY file is ok */ #define TLS_S_CERTP_EX 0x00000010 /* CA CERT PATH exists */ #define TLS_S_CERTP_OK 0x00000020 /* CA CERT PATH is ok */ #define TLS_S_CERTF_EX 0x00000040 /* CA CERT FILE exists */ #define TLS_S_CERTF_OK 0x00000080 /* CA CERT FILE is ok */ # if _FFR_TLS_1 #define TLS_S_CERT2_EX 0x00001000 /* 2nd CERT file exists */ #define TLS_S_CERT2_OK 0x00002000 /* 2nd CERT file is ok */ #define TLS_S_KEY2_EX 0x00004000 /* 2nd KEY file exists */ #define TLS_S_KEY2_OK 0x00008000 /* 2nd KEY file is ok */ # endif /* _FFR_TLS_1 */ #define TLS_S_DH_OK 0x00200000 /* DH cert is ok */ #define TLS_S_DHPAR_EX 0x00400000 /* DH param file exists */ #define TLS_S_DHPAR_OK 0x00800000 /* DH param file is ok to use */ /* ** TLS_OK_F -- can var be an absolute filename? ** ** Parameters: ** var -- filename ** fn -- what is the filename used for? ** ** Returns: ** ok? */ static bool tls_ok_f(var, fn) char *var; char *fn; { /* must be absolute pathname */ if (var != NULL && *var == '/') return TRUE; if (LogLevel > 12) sm_syslog(LOG_WARNING, NOQID, "TLS: file %s missing", fn); return FALSE; } /* ** TLS_SAFE_F -- is a file safe to use? ** ** Parameters: ** var -- filename ** sff -- flags for safefile() ** ** Returns: ** ok? */ static bool tls_safe_f(var, sff) char *var; long sff; { int ret; if ((ret = safefile(var, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR, NULL)) == 0) return TRUE; if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "TLS: file %s unsafe: %s", var, errstring(ret)); return FALSE; } /* ** TLS_OK_F -- macro to simplify calls to tls_ok_f ** ** Parameters: ** var -- filename ** fn -- what is the filename used for? ** req -- is the file required? ** st -- status bit to set if ok ** ** Side Effects: ** uses r, ok; may change ok and status. ** */ #define TLS_OK_F(var, fn, req, st) if (ok) \ { \ r = tls_ok_f(var, fn); \ if (r) \ status |= st; \ else if (req) \ ok = FALSE; \ } /* ** TLS_UNR -- macro to return whether a file should be unreadable ** ** Parameters: ** bit -- flag to test ** req -- flags ** ** Returns: ** 0/SFF_NORFILES */ #define TLS_UNR(bit, req) (bitset(bit, req) ? SFF_NORFILES : 0) /* ** TLS_SAFE_F -- macro to simplify calls to tls_safe_f ** ** Parameters: ** var -- filename ** sff -- flags for safefile() ** req -- is the file required? ** ex -- does the file exist? ** st -- status bit to set if ok ** ** Side Effects: ** uses r, ok, ex; may change ok and status. ** */ #define TLS_SAFE_F(var, sff, req, ex, st) if (ex && ok) \ { \ r = tls_safe_f(var, sff); \ if (r) \ status |= st; \ else if (req) \ ok = FALSE; \ } /* ** INITTLS -- initialize TLS ** ** Parameters: ** ctx -- pointer to context ** req -- requirements for initialization (see sendmail.h) ** srv -- server side? ** certfile -- filename of certificate ** keyfile -- filename of private key ** cacertpath -- path to CAs ** cacertfile -- file with CA ** dhparam -- parameters for DH ** ** Returns: ** succeeded? */ bool inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) SSL_CTX **ctx; u_long req; bool srv; char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam; { # if !NO_DH static DH *dh = NULL; # endif /* !NO_DH */ int r; bool ok; long sff, status; char *who; # if _FFR_TLS_1 char *cf2, *kf2; # endif /* _FFR_TLS_1 */ status = TLS_S_NONE; who = srv ? "srv" : "clt"; if (ctx == NULL) syserr("TLS: %s:inittls: ctx == NULL", who); /* already initialized? (we could re-init...) */ if (*ctx != NULL) return TRUE; /* PRNG seeded? */ if (!tls_rand_init(RandFile, 10)) return FALSE; /* let's start with the assumption it will work */ ok = TRUE; # if _FFR_TLS_1 /* ** look for a second filename: it must be separated by a ',' ** no blanks allowed (they won't be skipped). ** we change a global variable here! this change will be undone ** before return from the function but only if it returns TRUE. ** this isn't a problem since in a failure case this function ** won't be called again with the same (overwritten) values. ** otherwise each return must be replaced with a goto endinittls. */ cf2 = NULL; kf2 = NULL; if (certfile != NULL && (cf2 = strchr(certfile, ',')) != NULL) { *cf2++ = '\0'; if (keyfile != NULL && (kf2 = strchr(keyfile, ',')) != NULL) *kf2++ = '\0'; } # endif /* _FFR_TLS_1 */ /* ** what do we require from the client? ** must it have CERTs? ** introduce an option and decide based on that */ TLS_OK_F(certfile, "CertFile", bitset(TLS_I_CERT_EX, req), TLS_S_CERT_EX); TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req), TLS_S_KEY_EX); TLS_OK_F(cacertpath, "CACERTPath", bitset(TLS_I_CERTP_EX, req), TLS_S_CERTP_EX); TLS_OK_F(cacertfile, "CACERTFile", bitset(TLS_I_CERTF_EX, req), TLS_S_CERTF_EX); # if _FFR_TLS_1 if (cf2 != NULL) { TLS_OK_F(cf2, "CertFile", bitset(TLS_I_CERT_EX, req), TLS_S_CERT2_EX); } if (kf2 != NULL) { TLS_OK_F(kf2, "KeyFile", bitset(TLS_I_KEY_EX, req), TLS_S_KEY2_EX); } # endif /* _FFR_TLS_1 */ /* ** valid values for dhparam are (only the first char is checked) ** none no parameters: don't use DH ** 512 generate 512 bit parameters (fixed) ** 1024 generate 1024 bit parameters ** /file/name read parameters from /file/name ** default is: 1024 for server, 512 for client (OK? XXX) */ if (bitset(TLS_I_TRY_DH, req)) { if (dhparam != NULL) { char c = *dhparam; if (c == '1') req |= TLS_I_DH1024; else if (c == '5') req |= TLS_I_DH512; else if (c != 'n' && c != 'N' && c != '/') { if (LogLevel > 12) sm_syslog(LOG_WARNING, NOQID, "TLS: error: illegal value '%s' for DHParam", dhparam); dhparam = NULL; } } if (dhparam == NULL) dhparam = srv ? "1" : "5"; else if (*dhparam == '/') { TLS_OK_F(dhparam, "DHParameters", bitset(TLS_I_DHPAR_EX, req), TLS_S_DHPAR_EX); } } if (!ok) return ok; /* certfile etc. must be "safe". */ sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK | SFF_NOGWFILES | SFF_NOWWFILES | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT; if (DontLockReadFiles) sff |= SFF_NOLOCK; TLS_SAFE_F(certfile, sff | TLS_UNR(TLS_I_CERT_UNR, req), bitset(TLS_I_CERT_EX, req), bitset(TLS_S_CERT_EX, status), TLS_S_CERT_OK); TLS_SAFE_F(keyfile, sff | TLS_UNR(TLS_I_KEY_UNR, req), bitset(TLS_I_KEY_EX, req), bitset(TLS_S_KEY_EX, status), TLS_S_KEY_OK); TLS_SAFE_F(cacertfile, sff | TLS_UNR(TLS_I_CERTF_UNR, req), bitset(TLS_I_CERTF_EX, req), bitset(TLS_S_CERTF_EX, status), TLS_S_CERTF_OK); TLS_SAFE_F(dhparam, sff | TLS_UNR(TLS_I_DHPAR_UNR, req), bitset(TLS_I_DHPAR_EX, req), bitset(TLS_S_DHPAR_EX, status), TLS_S_DHPAR_OK); if (!ok) return ok; # if _FFR_TLS_1 if (cf2 != NULL) { TLS_SAFE_F(cf2, sff | TLS_UNR(TLS_I_CERT_UNR, req), bitset(TLS_I_CERT_EX, req), bitset(TLS_S_CERT2_EX, status), TLS_S_CERT2_OK); } if (kf2 != NULL) { TLS_SAFE_F(kf2, sff | TLS_UNR(TLS_I_KEY_UNR, req), bitset(TLS_I_KEY_EX, req), bitset(TLS_S_KEY2_EX, status), TLS_S_KEY2_OK); } # endif /* _FFR_TLS_1 */ /* create a method and a new context */ if (srv) { if ((*ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "TLS: error: SSL_CTX_new(SSLv23_server_method()) failed"); return FALSE; } } else { if ((*ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "TLS: error: SSL_CTX_new(SSLv23_client_method()) failed"); return FALSE; } } # if TLS_NO_RSA /* turn off backward compatibility, required for no-rsa */ SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2); # endif /* TLS_NO_RSA */ # if !TLS_NO_RSA /* ** Create a temporary RSA key ** XXX Maybe we shouldn't create this always (even though it ** is only at startup). ** It is a time-consuming operation and it is not always necessary. ** maybe we should do it only on demand... */ if (bitset(TLS_I_RSA_TMP, req) && (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL)) == NULL ) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: RSA_generate_key failed", who); if (LogLevel > 9) tlslogerr(); } return FALSE; } # endif /* !TLS_NO_RSA */ /* ** load private key ** XXX change this for DSA-only version */ if (bitset(TLS_S_KEY_OK, status) && SSL_CTX_use_PrivateKey_file(*ctx, keyfile, SSL_FILETYPE_PEM) <= 0) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_use_PrivateKey_file(%s) failed", who, keyfile); if (LogLevel > 9) tlslogerr(); } if (bitset(TLS_I_USE_KEY, req)) return FALSE; } /* get the certificate file */ if (bitset(TLS_S_CERT_OK, status) && SSL_CTX_use_certificate_file(*ctx, certfile, SSL_FILETYPE_PEM) <= 0) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_use_certificate_file(%s) failed", who, certfile); if (LogLevel > 9) tlslogerr(); } if (bitset(TLS_I_USE_CERT, req)) return FALSE; } /* check the private key */ if (bitset(TLS_S_KEY_OK, status) && (r = SSL_CTX_check_private_key(*ctx)) <= 0) { /* Private key does not match the certificate public key */ if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_check_private_key failed(%s): %d", who, keyfile, r); if (LogLevel > 9) tlslogerr(); } if (bitset(TLS_I_USE_KEY, req)) return FALSE; } # if _FFR_TLS_1 /* XXX this code is pretty much duplicated from above! */ /* load private key */ if (bitset(TLS_S_KEY2_OK, status) && SSL_CTX_use_PrivateKey_file(*ctx, kf2, SSL_FILETYPE_PEM) <= 0) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_use_PrivateKey_file(%s) failed", who, kf2); if (LogLevel > 9) tlslogerr(); } } /* get the certificate file */ if (bitset(TLS_S_CERT2_OK, status) && SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_use_certificate_file(%s) failed", who, cf2); if (LogLevel > 9) tlslogerr(); } } /* we should also check the private key: */ if (bitset(TLS_S_KEY2_OK, status) && (r = SSL_CTX_check_private_key(*ctx)) <= 0) { /* Private key does not match the certificate public key */ if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_check_private_key 2 failed: %d", who, r); if (LogLevel > 9) tlslogerr(); } } # endif /* _FFR_TLS_1 */ /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ SSL_CTX_set_options(*ctx, SSL_OP_ALL); /* XXX bug compatibility? */ # if !NO_DH /* Diffie-Hellman initialization */ if (bitset(TLS_I_TRY_DH, req)) { if (bitset(TLS_S_DHPAR_OK, status)) { BIO *bio; if ((bio = BIO_new_file(dhparam, "r")) != NULL) { dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); if (dh == NULL && LogLevel > 7) { u_long err; err = ERR_get_error(); sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: cannot read DH parameters(%s): %s", who, dhparam, ERR_error_string(err, NULL)); if (LogLevel > 9) tlslogerr(); } } else { if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: BIO_new_file(%s) failed", who, dhparam); if (LogLevel > 9) tlslogerr(); } } } if (dh == NULL && bitset(TLS_I_DH1024, req)) { DSA *dsa; /* this takes a while! (7-130s on a 450MHz AMD K6-2) */ dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); dh = DSA_dup_DH(dsa); DSA_free(dsa); } else if (dh == NULL && bitset(TLS_I_DH512, req)) dh = get_dh512(); if (dh == NULL) { if (LogLevel > 9) { u_long err; err = ERR_get_error(); sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: cannot read or set DH parameters(%s): %s", who, dhparam, ERR_error_string(err, NULL)); } if (bitset(TLS_I_REQ_DH, req)) return FALSE; } else { SSL_CTX_set_tmp_dh(*ctx, dh); /* important to avoid small subgroup attacks */ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_DH_USE); if (LogLevel > 12) sm_syslog(LOG_INFO, NOQID, "TLS: %s: Diffie-Hellman init, key=%d bit (%c)", who, 8 * DH_size(dh), *dhparam); DH_free(dh); } } # endif /* !NO_DH */ /* XXX do we need this cache here? */ if (bitset(TLS_I_CACHE, req)) SSL_CTX_sess_set_cache_size(*ctx, 128); /* timeout? SSL_CTX_set_timeout(*ctx, TimeOut...); */ /* load certificate locations and default CA paths */ if (bitset(TLS_S_CERTP_EX, status) && bitset(TLS_S_CERTF_EX, status)) { if ((r = SSL_CTX_load_verify_locations(*ctx, cacertfile, cacertpath)) == 1) { # if !TLS_NO_RSA if (bitset(TLS_I_RSA_TMP, req)) SSL_CTX_set_tmp_rsa_callback(*ctx, tmp_rsa_key); # endif /* !TLS_NO_RSA */ /* ask to verify the peer */ SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER, NULL); /* install verify callback */ SSL_CTX_set_cert_verify_callback(*ctx, tls_verify_cb, NULL); SSL_CTX_set_client_CA_list(*ctx, SSL_load_client_CA_file(cacertfile)); } else { /* ** can't load CA data; do we care? ** the data is necessary to authenticate the client, ** which in turn would be necessary ** if we want to allow relaying based on it. */ if (LogLevel > 5) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: %d load verify locs %s, %s", who, r, cacertpath, cacertfile); if (LogLevel > 9) tlslogerr(); } if (bitset(TLS_I_VRFY_LOC, req)) return FALSE; } } /* XXX: make this dependent on an option? */ if (tTd(96, 9)) SSL_CTX_set_info_callback(*ctx, apps_ssl_info_cb); # if _FFR_TLS_1 /* ** XXX install our own cipher list: option? */ if (CipherList != NULL && *CipherList != '\0') { if (SSL_CTX_set_cipher_list(*ctx, CipherList) <= 0) { if (LogLevel > 7) { sm_syslog(LOG_WARNING, NOQID, "TLS: error: %s: SSL_CTX_set_cipher_list(%s) failed, list ignored", who, CipherList); if (LogLevel > 9) tlslogerr(); } /* failure if setting to this list is required? */ } } # endif /* _FFR_TLS_1 */ if (LogLevel > 12) sm_syslog(LOG_INFO, NOQID, "TLS: init(%s)=%d", who, ok); # if _FFR_TLS_1 # if 0 /* ** this label is required if we want to have a "clean" exit ** see the comments above at the initialization of cf2 */ endinittls: # endif /* 0 */ /* undo damage to global variables */ if (cf2 != NULL) *--cf2 = ','; if (kf2 != NULL) *--kf2 = ','; # endif /* _FFR_TLS_1 */ return ok; } /* ** INITSRVTLS -- initialize server side TLS ** ** Parameters: ** none. ** ** Returns: ** succeeded? */ bool initsrvtls() { tls_ok = inittls(&srv_ctx, TLS_I_SRV, TRUE, SrvCERTfile, Srvkeyfile, CACERTpath, CACERTfile, DHParams); return tls_ok; } /* ** TLS_GET_INFO -- get information about TLS connection ** ** Parameters: ** ssl -- SSL connection structure ** e -- current envelope ** srv -- server or client ** host -- hostname of other side +** log -- log connection information? ** ** Returns: ** result of authentication. ** ** Side Effects: ** sets ${cipher}, ${tls_version}, ${verify}, ${cipher_bits}, ** ${cert} */ int -tls_get_info(ssl, e, srv, host) +tls_get_info(ssl, e, srv, host, log) SSL *ssl; ENVELOPE *e; bool srv; char *host; + bool log; { SSL_CIPHER *c; int b, r; char *s; char bitstr[16]; X509 *cert; c = SSL_get_current_cipher(ssl); define(macid("{cipher}", NULL), newstr(SSL_CIPHER_get_name(c)), e); b = SSL_CIPHER_get_bits(c, &r); (void) snprintf(bitstr, sizeof bitstr, "%d", b); define(macid("{cipher_bits}", NULL), newstr(bitstr), e); # if _FFR_TLS_1 (void) snprintf(bitstr, sizeof bitstr, "%d", r); define(macid("{alg_bits}", NULL), newstr(bitstr), e); # endif /* _FFR_TLS_1 */ s = SSL_CIPHER_get_version(c); if (s == NULL) s = "UNKNOWN"; define(macid("{tls_version}", NULL), newstr(s), e); cert = SSL_get_peer_certificate(ssl); - if (LogLevel >= 14) + if (log && LogLevel >= 14) sm_syslog(LOG_INFO, e->e_id, "TLS: get_verify in %s: %ld get_peer: 0x%lx", srv ? "srv" : "clt", SSL_get_verify_result(ssl), (u_long) cert); if (cert != NULL) { char buf[MAXNAME]; X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf); define(macid("{cert_subject}", NULL), newstr(xtextify(buf, "<>\")")), e); X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof buf); define(macid("{cert_issuer}", NULL), newstr(xtextify(buf, "<>\")")), e); # if _FFR_TLS_1 X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, sizeof buf); define(macid("{cn_subject}", NULL), newstr(xtextify(buf, "<>\")")), e); X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), NID_commonName, buf, sizeof buf); define(macid("{cn_issuer}", NULL), newstr(xtextify(buf, "<>\")")), e); # endif /* _FFR_TLS_1 */ } else { define(macid("{cert_subject}", NULL), "", e); define(macid("{cert_issuer}", NULL), "", e); # if _FFR_TLS_1 define(macid("{cn_subject}", NULL), "", e); define(macid("{cn_issuer}", NULL), "", e); # endif /* _FFR_TLS_1 */ } switch(SSL_get_verify_result(ssl)) { case X509_V_OK: if (cert != NULL) { s = "OK"; r = TLS_AUTH_OK; } else { s = "NO"; r = TLS_AUTH_NO; } break; default: s = "FAIL"; r = TLS_AUTH_FAIL; break; } define(macid("{verify}", NULL), newstr(s), e); if (cert != NULL) X509_free(cert); /* do some logging */ - if (LogLevel > 9) + if (log && LogLevel > 9) { char *vers, *s1, *s2, *bits; vers = macvalue(macid("{tls_version}", NULL), e); bits = macvalue(macid("{cipher_bits}", NULL), e); s1 = macvalue(macid("{verify}", NULL), e); s2 = macvalue(macid("{cipher}", NULL), e); sm_syslog(LOG_INFO, NOQID, "TLS: connection %s %.64s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s", srv ? "from" : "to", host == NULL ? "none" : host, vers == NULL ? "none" : vers, s1 == NULL ? "none" : s1, s2 == NULL ? "none" : s2, bits == NULL ? "0" : bits); if (LogLevel > 11) { /* ** maybe run xuntextify on the strings? ** that is easier to read but makes it maybe a bit ** more complicated to figure out the right values ** for the access map... */ s1 = macvalue(macid("{cert_subject}", NULL), e); s2 = macvalue(macid("{cert_issuer}", NULL), e); sm_syslog(LOG_INFO, NOQID, "TLS: %s cert subject:%.128s, cert issuer=%.128s", srv ? "client" : "server", s1 == NULL ? "none" : s1, s2 == NULL ? "none" : s2); } } return r; } # if !TLS_NO_RSA /* ** TMP_RSA_KEY -- return temporary RSA key ** ** Parameters: ** s -- SSL connection structure ** export -- ** keylength -- ** ** Returns: ** temporary RSA key. */ /* ARGUSED0 */ static RSA * tmp_rsa_key(s, export, keylength) SSL *s; int export; int keylength; { return rsa_tmp; } # endif /* !TLS_NO_RSA */ /* ** APPS_SSL_INFO_CB -- info callback for TLS connections ** ** Parameters: ** s -- SSL connection structure ** where -- ** ret -- ** ** Returns: ** none. */ void apps_ssl_info_cb(s, where, ret) SSL *s; int where; int ret; { char *str; int w; BIO *bio_err = NULL; if (LogLevel > 14) sm_syslog(LOG_INFO, NOQID, "info_callback where 0x%x ret %d", where, ret); w = where & ~SSL_ST_MASK; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (w & SSL_ST_CONNECT) str = "SSL_connect"; else if (w & SSL_ST_ACCEPT) str = "SSL_accept"; else str = "undefined"; if (where & SSL_CB_LOOP) { if (LogLevel > 12) sm_syslog(LOG_NOTICE, NOQID, "%s:%s\n", str, SSL_state_string_long(s)); } else if (where & SSL_CB_ALERT) { str = (where & SSL_CB_READ) ? "read" : "write"; if (LogLevel > 12) sm_syslog(LOG_NOTICE, NOQID, "SSL3 alert %s:%s:%s\n", str, SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); } else if (where & SSL_CB_EXIT) { if (ret == 0) { if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "%s:failed in %s\n", str, SSL_state_string_long(s)); } else if (ret < 0) { if (LogLevel > 7) sm_syslog(LOG_WARNING, NOQID, "%s:error in %s\n", str, SSL_state_string_long(s)); } } } /* ** TLS_VERIFY_LOG -- log verify error for TLS certificates ** ** Parameters: ** ok -- verify ok? ** ctx -- x509 context ** ** Returns: ** 0 -- fatal error ** 1 -- ok */ static int tls_verify_log(ok, ctx) int ok; X509_STORE_CTX *ctx; { SSL *ssl; X509 *cert; int reason, depth; char buf[512]; cert = X509_STORE_CTX_get_current_cert(ctx); reason = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); ssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); if (ssl == NULL) { /* internal error */ sm_syslog(LOG_ERR, NOQID, "TLS: internal error: tls_verify_cb: ssl == NULL"); return 0; } X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf); sm_syslog(LOG_INFO, NOQID, "TLS cert verify: depth=%d %s, state=%d, reason=%s\n", depth, buf, ok, X509_verify_cert_error_string(reason)); return 1; } /* ** TLS_VERIFY_CB -- verify callback for TLS certificates ** ** Parameters: ** ctx -- x509 context ** ** Returns: ** accept connection? ** currently: always yes. */ static int tls_verify_cb(ctx) X509_STORE_CTX *ctx; { int ok; ok = X509_verify_cert(ctx); if (ok == 0) { if (LogLevel > 13) return tls_verify_log(ok, ctx); return 1; /* override it */ } return ok; } /* ** TLSLOGERR -- log the errors from the TLS error stack ** ** Parameters: ** none. ** ** Returns: ** none. */ void tlslogerr() { unsigned long l; int line, flags; unsigned long es; char *file, *data; char buf[256]; #define CP (const char **) es = CRYPTO_thread_id(); while ((l = ERR_get_error_line_data(CP &file, &line, CP &data, &flags)) != 0) { sm_syslog(LOG_WARNING, NOQID, "TLS: %lu:%s:%s:%d:%s\n", es, ERR_error_string(l, buf), file, line, (flags & ERR_TXT_STRING) ? data : ""); } } # endif /* STARTTLS */ #endif /* SMTP */ /* ** HELP -- implement the HELP command. ** ** Parameters: ** topic -- the topic we want help for. ** e -- envelope ** ** Returns: ** none. ** ** Side Effects: ** outputs the help file to message output. */ #define HELPVSTR "#vers " #define HELPVERSION 2 void help(topic, e) char *topic; ENVELOPE *e; { register FILE *hf; register char *p; int len; bool noinfo; bool first = TRUE; long sff = SFF_OPENASROOT|SFF_REGONLY; char buf[MAXLINE]; char inp[MAXLINE]; static int foundvers = -1; extern char Version[]; if (DontLockReadFiles) sff |= SFF_NOLOCK; if (!bitnset(DBS_HELPFILEINUNSAFEDIRPATH, DontBlameSendmail)) sff |= SFF_SAFEDIRPATH; if (HelpFile == NULL || (hf = safefopen(HelpFile, O_RDONLY, 0444, sff)) == NULL) { /* no help */ errno = 0; message("502 5.3.0 Sendmail %s -- HELP not implemented", Version); return; } if (topic == NULL || *topic == '\0') { topic = "smtp"; noinfo = FALSE; } else { makelower(topic); noinfo = TRUE; } len = strlen(topic); while (fgets(buf, sizeof buf, hf) != NULL) { if (buf[0] == '#') { if (foundvers < 0 && strncmp(buf, HELPVSTR, strlen(HELPVSTR)) == 0) { int h; if (sscanf(buf + strlen(HELPVSTR), "%d", &h) == 1) foundvers = h; } continue; } if (strncmp(buf, topic, len) == 0) { if (first) { first = FALSE; /* print version if no/old vers# in file */ if (foundvers < 2 && !noinfo) message("214-2.0.0 This is Sendmail version %s", Version); } p = strpbrk(buf, " \t"); if (p == NULL) p = buf + strlen(buf) - 1; else p++; fixcrlf(p, TRUE); if (foundvers >= 2) { translate_dollars(p); expand(p, inp, sizeof inp, e); p = inp; } message("214-2.0.0 %s", p); noinfo = FALSE; } } if (noinfo) message("504 5.3.0 HELP topic \"%.10s\" unknown", topic); else message("214 2.0.0 End of HELP info"); if (foundvers != 0 && foundvers < HELPVERSION) { if (LogLevel > 1) sm_syslog(LOG_WARNING, e->e_id, "%s too old (require version %d)", HelpFile, HELPVERSION); /* avoid log next time */ foundvers = 0; } (void) fclose(hf); } Index: stable/4/contrib/sendmail/src/stab.c =================================================================== --- stable/4/contrib/sendmail/src/stab.c (revision 71887) +++ stable/4/contrib/sendmail/src/stab.c (revision 71888) @@ -1,338 +1,341 @@ /* - * Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. + * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: stab.c,v 8.40.16.2 2000/06/05 21:46:59 gshapiro Exp $"; +static char id[] = "@(#)$Id: stab.c,v 8.40.16.3 2000/10/09 02:46:12 gshapiro Exp $"; #endif /* ! lint */ #include /* ** STAB -- manage the symbol table ** ** Parameters: ** name -- the name to be looked up or inserted. ** type -- the type of symbol. ** op -- what to do: ** ST_ENTER -- enter the name if not ** already present. ** ST_FIND -- find it only. ** ** Returns: ** pointer to a STAB entry for this name. ** NULL if not found and not entered. ** ** Side Effects: ** can update the symbol table. */ #define STABSIZE 2003 static STAB *SymTab[STABSIZE]; STAB * stab(name, type, op) char *name; int type; int op; { register STAB *s; register STAB **ps; register int hfunc; register char *p; int len; if (tTd(36, 5)) dprintf("STAB: %s %d ", name, type); /* ** Compute the hashing function */ hfunc = type; for (p = name; *p != '\0'; p++) hfunc = ((hfunc << 1) ^ (lower(*p) & 0377)) % STABSIZE; if (tTd(36, 9)) dprintf("(hfunc=%d) ", hfunc); ps = &SymTab[hfunc]; if (type == ST_MACRO || type == ST_RULESET) { while ((s = *ps) != NULL && (s->s_type != type || strcmp(name, s->s_name))) ps = &s->s_next; } else { while ((s = *ps) != NULL && (s->s_type != type || strcasecmp(name, s->s_name))) ps = &s->s_next; } /* ** Dispose of the entry. */ if (s != NULL || op == ST_FIND) { if (tTd(36, 5)) { if (s == NULL) dprintf("not found\n"); else { long *lp = (long *) s->s_class; dprintf("type %d val %lx %lx %lx %lx\n", s->s_type, lp[0], lp[1], lp[2], lp[3]); } } return s; } /* ** Make a new entry and link it in. */ if (tTd(36, 5)) dprintf("entered\n"); /* determine size of new entry */ switch (type) { case ST_CLASS: len = sizeof s->s_class; break; case ST_ADDRESS: len = sizeof s->s_address; break; case ST_MAILER: len = sizeof s->s_mailer; break; case ST_ALIAS: len = sizeof s->s_alias; break; case ST_MAPCLASS: len = sizeof s->s_mapclass; break; case ST_MAP: len = sizeof s->s_map; break; case ST_HOSTSIG: len = sizeof s->s_hostsig; break; case ST_NAMECANON: len = sizeof s->s_namecanon; break; case ST_MACRO: len = sizeof s->s_macro; break; case ST_RULESET: len = sizeof s->s_ruleset; break; case ST_HEADER: len = sizeof s->s_header; break; case ST_SERVICE: len = sizeof s->s_service; break; #ifdef LDAPMAP case ST_LDAP: len = sizeof s->s_ldap; break; #endif /* LDAPMAP */ #if _FFR_MILTER case ST_MILTER: len = sizeof s->s_milter; break; #endif /* _FFR_MILTER */ default: /* ** Each mailer has it's own MCI stab entry: ** ** s = stab(host, ST_MCI + m->m_mno, ST_ENTER); ** ** Therefore, anything ST_MCI or larger is an s_mci. */ if (type >= ST_MCI) len = sizeof s->s_mci; else { syserr("stab: unknown symbol type %d", type); len = sizeof s->s_value; } break; } len += sizeof *s - sizeof s->s_value; if (tTd(36, 15)) dprintf("size of stab entry: %d\n", len); /* make new entry */ s = (STAB *) xalloc(len); memset((char *) s, '\0', len); s->s_name = newstr(name); s->s_type = type; s->s_len = len; /* link it in */ *ps = s; /* set a default value for rulesets */ if (type == ST_RULESET) s->s_ruleset = -1; return s; } /* ** STABAPPLY -- apply function to all stab entries ** ** Parameters: ** func -- the function to apply. It will be given one ** parameter (the stab entry). ** arg -- an arbitrary argument, passed to func. ** ** Returns: ** none. */ void stabapply(func, arg) void (*func)__P((STAB *, int)); int arg; { register STAB **shead; register STAB *s; for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++) { for (s = *shead; s != NULL; s = s->s_next) { if (tTd(36, 90)) dprintf("stabapply: trying %d/%s\n", s->s_type, s->s_name); func(s, arg); } } } /* ** QUEUEUP_MACROS -- queueup the macros in a class ** ** Write the macros listed in the specified class into the ** file referenced by qfp. ** ** Parameters: ** class -- class ID. ** qfp -- file pointer to the qf file. ** e -- the envelope. ** ** Returns: ** none. */ void queueup_macros(class, qfp, e) int class; FILE *qfp; ENVELOPE *e; { register STAB **shead; register STAB *s; if (e == NULL) return; + class = bitidx(class); for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++) { for (s = *shead; s != NULL; s = s->s_next) { int m; char *p; if (s->s_type == ST_CLASS && - bitnset(class & 0xff, s->s_class) && + bitnset(class, s->s_class) && (m = macid(s->s_name, NULL)) != '\0' && (p = macvalue(m, e)) != NULL) { /* ** HACK ALERT: Unfortunately, 8.10 and ** 8.11 reused the ${if_addr} and ** ${if_family} macros for both the incoming ** interface address/family (getrequests()) ** and the outgoing interface address/family ** (makeconnection()). In order for D_BINDIF ** to work properly, have to preserve the ** incoming information in the queue file for ** later delivery attempts. The original ** information is stored in the envelope ** in readqf() so it can be stored in ** queueup_macros(). This should be fixed ** in 8.12. */ if (e->e_if_macros[EIF_ADDR] != NULL && strcmp(s->s_name, "{if_addr}") == 0) p = e->e_if_macros[EIF_ADDR]; fprintf(qfp, "$%s%s\n", s->s_name, denlstring(p, TRUE, FALSE)); } } } } /* ** COPY_CLASS -- copy class members from one class to another ** ** Parameters: ** src -- source class. ** dst -- destination class. ** ** Returns: ** none. */ void copy_class(src, dst) int src; int dst; { register STAB **shead; register STAB *s; + src = bitidx(src); + dst = bitidx(dst); for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++) { for (s = *shead; s != NULL; s = s->s_next) { if (s->s_type == ST_CLASS && - bitnset(src & 0xff, s->s_class)) + bitnset(src, s->s_class)) setbitn(dst, s->s_class); } } } Index: stable/4/contrib/sendmail/src/timers.c =================================================================== --- stable/4/contrib/sendmail/src/timers.c (revision 71887) +++ stable/4/contrib/sendmail/src/timers.c (revision 71888) @@ -1,229 +1,232 @@ /* - * Copyright (c) 1999 Sendmail, Inc. and its suppliers. + * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * * Contributed by Exactis.com, Inc. * */ #ifndef lint -static char id[] = "@(#)$Id: timers.c,v 8.13 1999/11/23 07:22:28 gshapiro Exp $"; +static char id[] = "@(#)$Id: timers.c,v 8.13.16.1 2000/10/09 01:06:45 gshapiro Exp $"; #endif /* ! lint */ #if _FFR_TIMERS # include # include # include "sendmail.h" # include /* Must be after sendmail.h for NCR MP-RAS */ static TIMER BaseTimer; /* current baseline */ static int NTimers; /* current pointer into stack */ static TIMER *TimerStack[MAXTIMERSTACK]; static void # ifdef __STDC__ warntimer(const char *msg, ...) # else /* __STDC__ */ warntimer(msg, va_alist) const char *msg; va_dcl # endif /* __STDC__ */ { char buf[MAXLINE]; VA_LOCAL_DECL # if 0 if (!tTd(98, 30)) return; # endif /* 0 */ VA_START(msg); vsnprintf(buf, sizeof buf, msg, ap); VA_END; sm_syslog(LOG_NOTICE, CurEnv->e_id, "%s; e_timers=0x%lx", buf, (u_long) &CurEnv->e_timers); } static void zerotimer(ptimer) TIMER *ptimer; { memset(ptimer, '\0', sizeof *ptimer); } static void addtimer(ta, tb) TIMER *ta; TIMER *tb; { tb->ti_wall_sec += ta->ti_wall_sec; tb->ti_wall_usec += ta->ti_wall_usec; if (tb->ti_wall_usec > 1000000) { tb->ti_wall_sec++; tb->ti_wall_usec -= 1000000; } tb->ti_cpu_sec += ta->ti_cpu_sec; tb->ti_cpu_usec += ta->ti_cpu_usec; if (tb->ti_cpu_usec > 1000000) { tb->ti_cpu_sec++; tb->ti_cpu_usec -= 1000000; } } static void subtimer(ta, tb) TIMER *ta; TIMER *tb; { tb->ti_wall_sec -= ta->ti_wall_sec; tb->ti_wall_usec -= ta->ti_wall_usec; if (tb->ti_wall_usec < 0) { tb->ti_wall_sec--; tb->ti_wall_usec += 1000000; } tb->ti_cpu_sec -= ta->ti_cpu_sec; tb->ti_cpu_usec -= ta->ti_cpu_usec; if (tb->ti_cpu_usec < 0) { tb->ti_cpu_sec--; tb->ti_cpu_usec += 1000000; } } static int getcurtimer(ptimer) TIMER *ptimer; { struct rusage ru; struct timeval now; if (getrusage(RUSAGE_SELF, &ru) < 0 || gettimeofday(&now, NULL) < 0) return -1; ptimer->ti_wall_sec = now.tv_sec; ptimer->ti_wall_usec = now.tv_usec; ptimer->ti_cpu_sec = ru.ru_utime.tv_sec + ru.ru_stime.tv_sec; ptimer->ti_cpu_usec = ru.ru_utime.tv_usec + ru.ru_stime.tv_usec; if (ptimer->ti_cpu_usec > 1000000) { ptimer->ti_cpu_sec++; ptimer->ti_cpu_usec -= 1000000; } return 0; } static void getinctimer(ptimer) TIMER *ptimer; { TIMER cur; if (getcurtimer(&cur) < 0) { zerotimer(ptimer); return; } if (BaseTimer.ti_wall_sec == 0) { /* first call */ memset(ptimer, '\0', sizeof *ptimer); } else { *ptimer = cur; subtimer(&BaseTimer, ptimer); } BaseTimer = cur; } void flushtimers() { NTimers = 0; (void) getcurtimer(&BaseTimer); } void pushtimer(ptimer) TIMER *ptimer; { int i; int save_errno = errno; TIMER incr; /* find how much time has changed since last call */ getinctimer(&incr); /* add that into the old timers */ i = NTimers; if (i > MAXTIMERSTACK) i = MAXTIMERSTACK; while (--i >= 0) { addtimer(&incr, TimerStack[i]); if (TimerStack[i] == ptimer) { warntimer("Timer@0x%lx already on stack, index=%d, NTimers=%d", (u_long) ptimer, i, NTimers); errno = save_errno; return; } } errno = save_errno; /* handle stack overflow */ if (NTimers >= MAXTIMERSTACK) return; /* now add the timer to the stack */ TimerStack[NTimers++] = ptimer; } void poptimer(ptimer) TIMER *ptimer; { int i; int save_errno = errno; TIMER incr; /* find how much time has changed since last call */ getinctimer(&incr); /* add that into the old timers */ i = NTimers; if (i > MAXTIMERSTACK) i = MAXTIMERSTACK; while (--i >= 0) addtimer(&incr, TimerStack[i]); /* pop back to this timer */ for (i = 0; i < NTimers; i++) + { if (TimerStack[i] == ptimer) break; + } + if (i != NTimers - 1) warntimer("poptimer: odd pop (timer=0x%lx, index=%d, NTimers=%d)", (u_long) ptimer, i, NTimers); NTimers = i; /* clean up and return */ errno = save_errno; } char * strtimer(ptimer) TIMER *ptimer; { static char buf[40]; snprintf(buf, sizeof buf, "%ld.%06ldr/%ld.%06ldc", ptimer->ti_wall_sec, ptimer->ti_wall_usec, ptimer->ti_cpu_sec, ptimer->ti_cpu_usec); return buf; } #endif /* _FFR_TIMERS */ Index: stable/4/contrib/sendmail/src/usersmtp.c =================================================================== --- stable/4/contrib/sendmail/src/usersmtp.c (revision 71887) +++ stable/4/contrib/sendmail/src/usersmtp.c (revision 71888) @@ -1,2421 +1,2425 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #include #ifndef lint # if SMTP -static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.13 2000/09/26 00:46:21 gshapiro Exp $ (with SMTP)"; +static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.18 2000/12/20 16:36:11 ca Exp $ (with SMTP)"; # else /* SMTP */ -static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.13 2000/09/26 00:46:21 gshapiro Exp $ (without SMTP)"; +static char id[] = "@(#)$Id: usersmtp.c,v 8.245.4.18 2000/12/20 16:36:11 ca Exp $ (without SMTP)"; # endif /* SMTP */ #endif /* ! lint */ #include #if SMTP static void datatimeout __P((void)); static void esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *)); static void helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *)); /* ** USERSMTP -- run SMTP protocol from the user end. ** ** This protocol is described in RFC821. */ # define REPLYTYPE(r) ((r) / 100) /* first digit of reply code */ # define REPLYCLASS(r) (((r) / 10) % 10) /* second digit of reply code */ # define SMTPCLOSING 421 /* "Service Shutting Down" */ #define ENHSCN(e, d) (e) == NULL ? (d) : newstr(e) static char SmtpMsgBuffer[MAXLINE]; /* buffer for commands */ static char SmtpReplyBuffer[MAXLINE]; /* buffer for replies */ static bool SmtpNeedIntro; /* need "while talking" in transcript */ /* ** SMTPINIT -- initialize SMTP. ** ** Opens the connection and sends the initial protocol. ** ** Parameters: ** m -- mailer to create connection to. ** mci -- the mailer connection info. ** e -- the envelope. ** onlyhelo -- send only helo command? ** ** Returns: ** none. ** ** Side Effects: ** creates connection and sends initial protocol. */ void smtpinit(m, mci, e, onlyhelo) MAILER *m; register MCI *mci; ENVELOPE *e; bool onlyhelo; { register int r; register char *p; register char *hn; char *enhsc; enhsc = NULL; if (tTd(18, 1)) { dprintf("smtpinit "); mci_dump(mci, FALSE); } /* ** Open the connection to the mailer. */ SmtpError[0] = '\0'; CurHostName = mci->mci_host; /* XXX UGLY XXX */ if (CurHostName == NULL) CurHostName = MyHostName; SmtpNeedIntro = TRUE; switch (mci->mci_state) { case MCIS_ACTIVE: /* need to clear old information */ smtprset(m, mci, e); /* FALLTHROUGH */ case MCIS_OPEN: if (!onlyhelo) return; break; case MCIS_ERROR: case MCIS_QUITING: case MCIS_SSD: /* shouldn't happen */ smtpquit(m, mci, e); /* FALLTHROUGH */ case MCIS_CLOSED: syserr("451 4.4.0 smtpinit: state CLOSED"); return; case MCIS_OPENING: break; } if (onlyhelo) goto helo; mci->mci_state = MCIS_OPENING; /* ** Get the greeting message. ** This should appear spontaneously. Give it five minutes to ** happen. */ SmtpPhase = mci->mci_phase = "client greeting"; sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL); if (r < 0) goto tempfail1; if (REPLYTYPE(r) == 4) goto tempfail2; if (REPLYTYPE(r) != 2) goto unavailable; /* ** Send the HELO command. ** My mother taught me to always introduce myself. */ helo: if (bitnset(M_ESMTP, m->m_flags) || bitnset(M_LMTP, m->m_flags)) mci->mci_flags |= MCIF_ESMTP; hn = mci->mci_heloname ? mci->mci_heloname : MyHostName; tryhelo: if (bitnset(M_LMTP, m->m_flags)) { smtpmessage("LHLO %s", m, mci, hn); SmtpPhase = mci->mci_phase = "client LHLO"; } else if (bitset(MCIF_ESMTP, mci->mci_flags)) { smtpmessage("EHLO %s", m, mci, hn); SmtpPhase = mci->mci_phase = "client EHLO"; } else { smtpmessage("HELO %s", m, mci, hn); SmtpPhase = mci->mci_phase = "client HELO"; } sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); r = reply(m, mci, e, TimeOuts.to_helo, helo_options, NULL); if (r < 0) goto tempfail1; else if (REPLYTYPE(r) == 5) { if (bitset(MCIF_ESMTP, mci->mci_flags) && !bitnset(M_LMTP, m->m_flags)) { /* try old SMTP instead */ mci->mci_flags &= ~MCIF_ESMTP; goto tryhelo; } goto unavailable; } else if (REPLYTYPE(r) != 2) goto tempfail2; /* ** Check to see if we actually ended up talking to ourself. ** This means we didn't know about an alias or MX, or we managed ** to connect to an echo server. */ p = strchr(&SmtpReplyBuffer[4], ' '); if (p != NULL) *p = '\0'; if (!bitnset(M_NOLOOPCHECK, m->m_flags) && !bitnset(M_LMTP, m->m_flags) && strcasecmp(&SmtpReplyBuffer[4], MyHostName) == 0) { syserr("553 5.3.5 %s config error: mail loops back to me (MX problem?)", CurHostName); mci_setstat(mci, EX_CONFIG, "5.3.5", "system config error"); mci->mci_errno = 0; smtpquit(m, mci, e); return; } /* ** If this is expected to be another sendmail, send some internal ** commands. */ if (bitnset(M_INTERNAL, m->m_flags)) { /* tell it to be verbose */ smtpmessage("VERB", m, mci); r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, &enhsc); if (r < 0) goto tempfail1; } if (mci->mci_state != MCIS_CLOSED) { mci->mci_state = MCIS_OPEN; return; } /* got a 421 error code during startup */ tempfail1: if (mci->mci_errno == 0) mci->mci_errno = errno; mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.4.2"), NULL); if (mci->mci_state != MCIS_CLOSED) smtpquit(m, mci, e); return; tempfail2: if (mci->mci_errno == 0) mci->mci_errno = errno; /* XXX should use code from other end iff ENHANCEDSTATUSCODES */ mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"), SmtpReplyBuffer); if (mci->mci_state != MCIS_CLOSED) smtpquit(m, mci, e); return; unavailable: mci->mci_errno = errno; mci_setstat(mci, EX_UNAVAILABLE, "5.5.0", SmtpReplyBuffer); smtpquit(m, mci, e); return; } /* ** ESMTP_CHECK -- check to see if this implementation likes ESMTP protocol ** ** Parameters: ** line -- the response line. ** firstline -- set if this is the first line of the reply. ** m -- the mailer. ** mci -- the mailer connection info. ** e -- the envelope. ** ** Returns: ** none. */ static void esmtp_check(line, firstline, m, mci, e) char *line; bool firstline; MAILER *m; register MCI *mci; ENVELOPE *e; { if (strstr(line, "ESMTP") != NULL) mci->mci_flags |= MCIF_ESMTP; if (strstr(line, "8BIT-OK") != NULL) mci->mci_flags |= MCIF_8BITOK; } # if SASL /* ** STR_UNION -- create the union of two lists ** ** Parameters: ** s1, s2 -- lists of items (separated by single blanks). ** ** Returns: ** the union of both lists. */ static char * str_union(s1, s2) char *s1, *s2; { char *hr, *h1, *h, *res; int l1, l2, rl; if (s1 == NULL || *s1 == '\0') return s2; if (s2 == NULL || *s2 == '\0') return s1; l1 = strlen(s1); l2 = strlen(s2); rl = l1 + l2; res = (char *)malloc(rl + 2); if (res == NULL) { if (l1 > l2) return s1; return s2; } (void) strlcpy(res, s1, rl); hr = res; h1 = s2; h = s2; /* walk through s2 */ while (h != NULL && *h1 != '\0') { /* is there something after the current word? */ if ((h = strchr(h1, ' ')) != NULL) *h = '\0'; l1 = strlen(h1); /* does the current word appear in s1 ? */ if (iteminlist(h1, s1, " ") == NULL) { /* add space as delimiter */ *hr++ = ' '; /* copy the item */ memcpy(hr, h1, l1); /* advance pointer in result list */ hr += l1; *hr = '\0'; } if (h != NULL) { /* there are more items */ *h = ' '; h1 = h + 1; } } return res; } # endif /* SASL */ /* ** HELO_OPTIONS -- process the options on a HELO line. ** ** Parameters: ** line -- the response line. ** firstline -- set if this is the first line of the reply. ** m -- the mailer. ** mci -- the mailer connection info. ** e -- the envelope. ** ** Returns: ** none. */ static void helo_options(line, firstline, m, mci, e) char *line; bool firstline; MAILER *m; register MCI *mci; ENVELOPE *e; { register char *p; if (firstline) { # if SASL if (mci->mci_saslcap != NULL) free(mci->mci_saslcap); mci->mci_saslcap = NULL; # endif /* SASL */ return; } if (strlen(line) < (SIZE_T) 5) return; line += 4; p = strpbrk(line, " ="); if (p != NULL) *p++ = '\0'; if (strcasecmp(line, "size") == 0) { mci->mci_flags |= MCIF_SIZE; if (p != NULL) mci->mci_maxsize = atol(p); } else if (strcasecmp(line, "8bitmime") == 0) { mci->mci_flags |= MCIF_8BITMIME; mci->mci_flags &= ~MCIF_7BIT; } else if (strcasecmp(line, "expn") == 0) mci->mci_flags |= MCIF_EXPN; else if (strcasecmp(line, "dsn") == 0) mci->mci_flags |= MCIF_DSN; else if (strcasecmp(line, "enhancedstatuscodes") == 0) mci->mci_flags |= MCIF_ENHSTAT; # if STARTTLS else if (strcasecmp(line, "starttls") == 0) mci->mci_flags |= MCIF_TLS; # endif /* STARTTLS */ # if SASL else if (strcasecmp(line, "auth") == 0) { if (p != NULL && *p != '\0') { if (mci->mci_saslcap != NULL) { char *h; /* ** create the union with previous auth ** offerings because we recognize "auth " ** and "auth=" (old format). */ h = mci->mci_saslcap; mci->mci_saslcap = str_union(h, p); if (h != mci->mci_saslcap) free(h); mci->mci_flags |= MCIF_AUTH; } else { int l; l = strlen(p) + 1; mci->mci_saslcap = (char *)malloc(l); /* XXX this may be leaked */ if (mci->mci_saslcap != NULL) { (void) strlcpy(mci->mci_saslcap, p, l); mci->mci_flags |= MCIF_AUTH; } } } } # endif /* SASL */ } # if SASL /* ** GETSASLDATA -- process the challenges from the SASL protocol ** ** This gets the relevant sasl response data out of the reply ** from the server ** ** Parameters: ** line -- the response line. ** firstline -- set if this is the first line of the reply. ** m -- the mailer. ** mci -- the mailer connection info. ** e -- the envelope. ** ** Returns: ** none. */ void getsasldata(line, firstline, m, mci, e) char *line; bool firstline; MAILER *m; register MCI *mci; ENVELOPE *e; { int len; char *out; int result; /* if not a continue we don't care about it */ if ((strlen(line) <= 4) || (line[0] != '3') || (line[1] != '3') || (line[2] != '4')) { mci->mci_sasl_string = NULL; return; } /* forget about "334 " */ line += 4; len = strlen(line); out = xalloc(len + 1); result = sasl_decode64(line, len, out, (u_int *)&len); if (result != SASL_OK) { len = 0; *out = '\0'; } if (mci->mci_sasl_string != NULL) { if (mci->mci_sasl_string_len <= len) { free(mci->mci_sasl_string); mci->mci_sasl_string = xalloc(len + 1); } } else mci->mci_sasl_string = xalloc(len + 1); /* XXX this is probably leaked */ memcpy(mci->mci_sasl_string, out, len); mci->mci_sasl_string[len] = '\0'; mci->mci_sasl_string_len = len; free(out); return; } /* ** READAUTH -- read auth value from a file ** ** Parameters: ** l -- line to define. ** filename -- name of file to read. ** safe -- if set, this is a safe read. ** ** Returns: ** line from file ** ** Side Effects: ** overwrites local static buffer. The caller should copy ** the result. ** */ /* lines in authinfo file */ # define SASL_USER 1 # define SASL_AUTHID 2 # define SASL_PASSWORD 3 # define SASL_DEFREALM 4 # define SASL_MECH 5 static char *sasl_info_name[] = { "", "user id", "authorization id", "password", "realm", "mechanism" }; static char * readauth(l, filename, safe) int l; char *filename; bool safe; { FILE *f; long sff; pid_t pid; int lc; static char buf[MAXLINE]; if (filename == NULL || filename[0] == '\0') return ""; #if !_FFR_ALLOW_SASLINFO /* ** make sure we don't use a program that is not ** accesible to the user who specified a different authinfo file. ** However, currently we don't pass this info (authinfo file ** specified by user) around, so we just turn off program access. */ if (filename[0] == '|') { auto int fd; int i; char *p; char *argv[MAXPV + 1]; i = 0; for (p = strtok(&filename[1], " \t"); p != NULL; p = strtok(NULL, " \t")) { if (i >= MAXPV) break; argv[i++] = p; } argv[i] = NULL; pid = prog_open(argv, &fd, CurEnv); if (pid < 0) f = NULL; else f = fdopen(fd, "r"); } else #endif /* !_FFR_ALLOW_SASLINFO */ { pid = -1; sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK | SFF_NOGWFILES | SFF_NOWWFILES | SFF_NORFILES; if (DontLockReadFiles) sff |= SFF_NOLOCK; #if _FFR_ALLOW_SASLINFO /* ** XXX: make sure we don't read or open files that are not ** accesible to the user who specified a different authinfo ** file. */ sff |= SFF_MUSTOWN; #else /* _FFR_ALLOW_SASLINFO */ if (safe) sff |= SFF_OPENASROOT; #endif /* _FFR_ALLOW_SASLINFO */ f = safefopen(filename, O_RDONLY, 0, sff); } if (f == NULL) { syserr("readauth: cannot open %s", filename); return ""; } lc = 0; while (lc < l && fgets(buf, sizeof buf, f) != NULL) { if (buf[0] != '#') lc++; } (void) fclose(f); if (pid > 0) (void) waitfor(pid); if (lc < l) { if (LogLevel >= 9) sm_syslog(LOG_WARNING, NOQID, "SASL: error: can't read %s from %s", sasl_info_name[l], filename); return ""; } lc = strlen(buf) - 1; if (lc >= 0) buf[lc] = '\0'; if (tTd(95, 6)) dprintf("readauth(%s, %d) = '%s'\n", filename, l, buf); return buf; } # ifndef __attribute__ # define __attribute__(x) # endif /* ! __attribute__ */ static int getsimple __P((void *, int, const char **, unsigned *)); static int getsecret __P((sasl_conn_t *, void *, int, sasl_secret_t **)); static int saslgetrealm __P((void *, int, const char **, const char **)); static sasl_callback_t callbacks[] = { { SASL_CB_GETREALM, &saslgetrealm, NULL }, # define CB_GETREALM_IDX 0 { SASL_CB_PASS, &getsecret, NULL }, # define CB_PASS_IDX 1 { SASL_CB_USER, &getsimple, NULL }, # define CB_USER_IDX 2 { SASL_CB_AUTHNAME, &getsimple, NULL }, # define CB_AUTHNAME_IDX 3 { SASL_CB_VERIFYFILE, &safesaslfile, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; /* ** GETSIMPLE -- callback to get userid or authid ** ** Parameters: ** context -- unused ** id -- what to do ** result -- (pointer to) result ** len -- (pointer to) length of result ** ** Returns: ** OK/failure values */ static int getsimple(context, id, result, len) void *context __attribute__((unused)); int id; const char **result; unsigned *len; { char *h; # if SASL > 10509 int addrealm; static int addedrealm = FALSE; # endif /* SASL > 10509 */ static char *user = NULL; static char *authid = NULL; if (result == NULL) return SASL_BADPARAM; switch (id) { case SASL_CB_USER: if (user == NULL) { h = readauth(SASL_USER, SASLInfo, TRUE); user = newstr(h); } *result = user; if (tTd(95, 5)) dprintf("AUTH username '%s'\n", *result); if (len != NULL) *len = user ? strlen(user) : 0; break; case SASL_CB_AUTHNAME: # if SASL > 10509 /* XXX maybe other mechanisms too?! */ addrealm = context != NULL && strcasecmp(context, "CRAM-MD5") == 0; if (addedrealm != addrealm && authid != NULL) { # if SASL > 10522 /* ** digest-md5 prior to 1.5.23 doesn't copy the ** value it gets from the callback, but free()s ** it later on ** workaround: don't free() it here ** this can cause a memory leak! */ free(authid); # endif /* SASL > 10522 */ authid = NULL; addedrealm = addrealm; } # endif /* SASL > 10509 */ if (authid == NULL) { h = readauth(SASL_AUTHID, SASLInfo, TRUE); # if SASL > 10509 if (addrealm && strchr(h, '@') == NULL) { size_t l; char *realm; realm = callbacks[CB_GETREALM_IDX].context; l = strlen(h) + strlen(realm) + 2; authid = xalloc(l); snprintf(authid, l, "%s@%s", h, realm); } else # endif /* SASL > 10509 */ authid = newstr(h); } *result = authid; if (tTd(95, 5)) dprintf("AUTH authid '%s'\n", *result); if (len != NULL) *len = authid ? strlen(authid) : 0; break; case SASL_CB_LANGUAGE: *result = NULL; if (len != NULL) *len = 0; break; default: return SASL_BADPARAM; } return SASL_OK; } /* ** GETSECRET -- callback to get password ** ** Parameters: ** conn -- connection information ** context -- unused ** id -- what to do ** psecret -- (pointer to) result ** ** Returns: ** OK/failure values */ static int getsecret(conn, context, id, psecret) sasl_conn_t *conn; void *context __attribute__((unused)); int id; sasl_secret_t **psecret; { char *h; int len; static char *authpass = NULL; if (conn == NULL || psecret == NULL || id != SASL_CB_PASS) return SASL_BADPARAM; if (authpass == NULL) { h = readauth(SASL_PASSWORD, SASLInfo, TRUE); authpass = newstr(h); } len = strlen(authpass); *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len + 1); if (*psecret == NULL) return SASL_FAIL; (void) strlcpy((*psecret)->data, authpass, len + 1); (*psecret)->len = len; return SASL_OK; } /* ** SAFESASLFILE -- callback for sasl: is file safe? ** ** Parameters: ** context -- pointer to context between invocations (unused) ** file -- name of file to check ** type -- type of file to check ** ** Returns: ** SASL_OK: file can be used ** SASL_CONTINUE: don't use file ** SASL_FAIL: failure (not used here) ** */ int # if SASL > 10515 safesaslfile(context, file, type) # else /* SASL > 10515 */ safesaslfile(context, file) # endif /* SASL > 10515 */ void *context; char *file; # if SASL > 10515 int type; # endif /* SASL > 10515 */ { long sff; int r; char *p; if (file == NULL || *file == '\0') return SASL_OK; sff = SFF_SAFEDIRPATH|SFF_NOWLINK|SFF_NOGWFILES|SFF_NOWWFILES|SFF_ROOTOK; if ((p = strrchr(file, '/')) == NULL) p = file; else ++p; # if SASL <= 10515 /* everything beside libs and .conf files must not be readable */ r = strlen(p); if ((r <= 3 || strncmp(p, "lib", 3) != 0) && (r <= 5 || strncmp(p + r - 5, ".conf", 5) != 0) # if _FFR_UNSAFE_SASL && !bitnset(DBS_GROUPREADABLESASLFILE, DontBlameSendmail) # endif /* _FFR_UNSAFE_SASL */ ) sff |= SFF_NORFILES; # else /* SASL > 10515 */ /* files containing passwords should be not readable */ if (type == SASL_VRFY_PASSWD) { # if _FFR_UNSAFE_SASL if (bitnset(DBS_GROUPREADABLESASLFILE, DontBlameSendmail)) sff |= SFF_NOWRFILES; else # endif /* _FFR_UNSAFE_SASL */ sff |= SFF_NORFILES; } # endif /* SASL <= 10515 */ if ((r = safefile(file, RunAsUid, RunAsGid, RunAsUserName, sff, S_IRUSR, NULL)) == 0) return SASL_OK; if (LogLevel >= 11 || (r != ENOENT && LogLevel >= 9)) sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s", file, errstring(r)); return SASL_CONTINUE; } /* ** SASLGETREALM -- return the realm for SASL ** ** return the realm for the client ** ** Parameters: ** context -- context shared between invocations ** here: realm to return ** availrealms -- list of available realms ** {realm, realm, ...} ** result -- pointer to result ** ** Returns: ** failure/success */ static int saslgetrealm(context, id, availrealms, result) void *context; int id; const char **availrealms; const char **result; { if (LogLevel > 12) sm_syslog(LOG_INFO, NOQID, "saslgetrealm: realm %s available realms %s", context == NULL ? "" : (char *) context, (availrealms == NULL || *availrealms == NULL) ? "" : *availrealms); if (context == NULL) return SASL_FAIL; /* check whether context is in list? */ if (availrealms != NULL && *availrealms != NULL) { if (iteminlist(context, (char *)(*availrealms + 1), " ,}") == NULL) { if (LogLevel > 8) sm_syslog(LOG_ERR, NOQID, "saslgetrealm: realm %s not in list %s", context, *availrealms); return SASL_FAIL; } } *result = (char *)context; return SASL_OK; } /* ** ITEMINLIST -- does item appear in list? ** ** Check whether item appears in list (which must be separated by a ** character in delim) as a "word", i.e. it must appear at the begin ** of the list or after a space, and it must end with a space or the ** end of the list. ** ** Parameters: ** item -- item to search. ** list -- list of items. ** delim -- list of delimiters. ** ** Returns: ** pointer to occurrence (NULL if not found). */ char * iteminlist(item, list, delim) char *item; char *list; char *delim; { char *s; int len; if (list == NULL || *list == '\0') return NULL; if (item == NULL || *item == '\0') return NULL; s = list; len = strlen(item); while (s != NULL && *s != '\0') { if (strncasecmp(s, item, len) == 0 && (s[len] == '\0' || strchr(delim, s[len]) != NULL)) return s; s = strpbrk(s, delim); if (s != NULL) while (*++s == ' ') continue; } return NULL; } /* ** REMOVEMECH -- remove item [rem] from list [list] ** ** Parameters: ** rem -- item to remove ** list -- list of items ** ** Returns: ** pointer to new list (NULL in case of error). */ char * removemech(rem, list) char *rem; char *list; { char *ret; char *needle; int len; if (list == NULL) return NULL; if (rem == NULL || *rem == '\0') { /* take out what? */ return NULL; } /* find the item in the list */ if ((needle = iteminlist(rem, list, " ")) == NULL) { /* not in there: return original */ return list; } /* length of string without rem */ len = strlen(list) - strlen(rem); if (len == 0) { ret = xalloc(1); /* XXX leaked */ *ret = '\0'; return ret; } ret = xalloc(len); /* XXX leaked */ memset(ret, '\0', len); /* copy from start to removed item */ memcpy(ret, list, needle - list); /* length of rest of string past removed item */ len = strlen(needle) - strlen(rem) - 1; if (len > 0) { /* not last item -- copy into string */ memcpy(ret + (needle - list), list + (needle - list) + strlen(rem) + 1, len); } else ret[(needle - list) - 1] = '\0'; return ret; } /* ** INTERSECT -- create the intersection between two lists ** ** Parameters: ** s1, s2 -- lists of items (separated by single blanks). ** ** Returns: ** the intersection of both lists. */ char * intersect(s1, s2) char *s1, *s2; { char *hr, *h1, *h, *res; int l1, l2, rl; if (s1 == NULL || s2 == NULL) /* NULL string(s) -> NULL result */ return NULL; l1 = strlen(s1); l2 = strlen(s2); rl = min(l1, l2); res = (char *)malloc(rl + 1); if (res == NULL) return NULL; *res = '\0'; if (rl == 0) /* at least one string empty? */ return res; hr = res; h1 = s1; h = s1; /* walk through s1 */ while (h != NULL && *h1 != '\0') { /* is there something after the current word? */ if ((h = strchr(h1, ' ')) != NULL) *h = '\0'; l1 = strlen(h1); /* does the current word appear in s2 ? */ if (iteminlist(h1, s2, " ") != NULL) { /* add a blank if not first item */ if (hr != res) *hr++ = ' '; /* copy the item */ memcpy(hr, h1, l1); /* advance pointer in result list */ hr += l1; *hr = '\0'; } if (h != NULL) { /* there are more items */ *h = ' '; h1 = h + 1; } } return res; } /* ** ATTEMPTAUTH -- try to AUTHenticate using one mechanism ** ** Parameters: ** m -- the mailer. ** mci -- the mailer connection structure. ** e -- the envelope (including the sender to specify). ** mechused - filled in with mechanism used ** ** Returns: ** EX_OK/EX_TEMPFAIL */ int attemptauth(m, mci, e, mechused) MAILER *m; MCI *mci; ENVELOPE *e; char **mechused; { int saslresult, smtpresult; sasl_external_properties_t ssf; sasl_interact_t *client_interact = NULL; char *out; unsigned int outlen; static char *mechusing; sasl_security_properties_t ssp; char in64[MAXOUTLEN]; # if NETINET extern SOCKADDR CurHostAddr; # endif /* NETINET */ *mechused = NULL; if (mci->mci_conn != NULL) { sasl_dispose(&(mci->mci_conn)); /* just in case, sasl_dispose() should take care of it */ mci->mci_conn = NULL; } /* make a new client sasl connection */ saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp" : "smtp", CurHostName, NULL, 0, &mci->mci_conn); /* set properties */ (void) memset(&ssp, '\0', sizeof ssp); # if SFIO /* XXX should these be options settable via .cf ? */ /* ssp.min_ssf = 0; is default due to memset() */ { ssp.max_ssf = INT_MAX; ssp.maxbufsize = MAXOUTLEN; # if 0 ssp.security_flags = SASL_SEC_NOPLAINTEXT; # endif /* 0 */ } # endif /* SFIO */ saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp); if (saslresult != SASL_OK) return EX_TEMPFAIL; /* external security strength factor, authentication id */ ssf.ssf = 0; ssf.auth_id = NULL; # if _FFR_EXT_MECH out = macvalue(macid("{cert_subject}", NULL), e); if (out != NULL && *out != '\0') ssf.auth_id = out; out = macvalue(macid("{cipher_bits}", NULL), e); if (out != NULL && *out != '\0') ssf.ssf = atoi(out); # endif /* _FFR_EXT_MECH */ saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf); if (saslresult != SASL_OK) return EX_TEMPFAIL; # if NETINET /* set local/remote ipv4 addresses */ if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET) { SOCKADDR_LEN_T addrsize; struct sockaddr_in saddr_l; if (sasl_setprop(mci->mci_conn, SASL_IP_REMOTE, (struct sockaddr_in *) &CurHostAddr) != SASL_OK) return EX_TEMPFAIL; addrsize = sizeof(struct sockaddr_in); if (getsockname(fileno(mci->mci_out), - (struct sockaddr *) &saddr_l, &addrsize) != 0) + (struct sockaddr *) &saddr_l, &addrsize) == 0) { if (sasl_setprop(mci->mci_conn, SASL_IP_LOCAL, &saddr_l) != SASL_OK) return EX_TEMPFAIL; } } # endif /* NETINET */ /* start client side of sasl */ saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap, NULL, &client_interact, &out, &outlen, (const char **)&mechusing); callbacks[CB_AUTHNAME_IDX].context = mechusing; if (saslresult != SASL_OK && saslresult != SASL_CONTINUE) { # if SFIO if (saslresult == SASL_NOMECH && LogLevel > 8) { sm_syslog(LOG_NOTICE, e->e_id, "available AUTH mechanisms do not fulfill requirements"); } # endif /* SFIO */ return EX_TEMPFAIL; } *mechused = mechusing; /* send the info across the wire */ if (outlen > 0) { saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); if (saslresult != SASL_OK) /* internal error */ { if (LogLevel > 8) sm_syslog(LOG_ERR, e->e_id, "encode64 for AUTH failed"); return EX_TEMPFAIL; } smtpmessage("AUTH %s %s", m, mci, mechusing, in64); } else { smtpmessage("AUTH %s", m, mci, mechusing); } /* get the reply */ smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, getsasldata, NULL); /* which timeout? XXX */ for (;;) { /* check return code from server */ if (smtpresult == 235) { define(macid("{auth_type}", NULL), newstr(mechusing), e); # if !SFIO if (LogLevel > 9) sm_syslog(LOG_INFO, NOQID, "SASL: outgoing connection to %.64s: mech=%.16s", mci->mci_host, mechusing); # endif /* !SFIO */ return EX_OK; } if (smtpresult == -1) return EX_IOERR; if (smtpresult != 334) return EX_TEMPFAIL; saslresult = sasl_client_step(mci->mci_conn, mci->mci_sasl_string, mci->mci_sasl_string_len, &client_interact, &out, &outlen); if (saslresult != SASL_OK && saslresult != SASL_CONTINUE) { if (tTd(95, 5)) dprintf("AUTH FAIL: %s (%d)\n", sasl_errstring(saslresult, NULL, NULL), saslresult); /* fail deliberately, see RFC 2254 4. */ smtpmessage("*", m, mci); /* ** but we should only fail for this authentication ** mechanism; how to do that? */ smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, getsasldata, NULL); return EX_TEMPFAIL; } if (outlen > 0) { saslresult = sasl_encode64(out, outlen, in64, MAXOUTLEN, NULL); if (saslresult != SASL_OK) { /* give an error reply to the other side! */ smtpmessage("*", m, mci); return EX_TEMPFAIL; } } else in64[0] = '\0'; - smtpmessage(in64, m, mci); + smtpmessage("%s", m, mci, in64); smtpresult = reply(m, mci, e, TimeOuts.to_datafinal, getsasldata, NULL); /* which timeout? XXX */ } /* NOTREACHED */ } /* ** SMTPAUTH -- try to AUTHenticate ** ** This will try mechanisms in the order the sasl library decided until: ** - there are no more mechanisms ** - a mechanism succeeds ** - the sasl library fails initializing ** ** Parameters: ** m -- the mailer. ** mci -- the mailer connection info. ** e -- the envelope. ** ** Returns: ** EX_OK/EX_TEMPFAIL */ int smtpauth(m, mci, e) MAILER *m; MCI *mci; ENVELOPE *e; { int result; char *mechused; char *h; static char *defrealm = NULL; static char *mechs = NULL; mci->mci_sasl_auth = FALSE; if (defrealm == NULL) { h = readauth(SASL_DEFREALM, SASLInfo, TRUE); if (h != NULL && *h != '\0') defrealm = newstr(h); } if (defrealm == NULL || *defrealm == '\0') defrealm = newstr(macvalue('j', CurEnv)); callbacks[CB_GETREALM_IDX].context = defrealm; # if _FFR_DEFAUTHINFO_MECHS if (mechs == NULL) { h = readauth(SASL_MECH, SASLInfo, TRUE); if (h != NULL && *h != '\0') mechs = newstr(h); } # endif /* _FFR_DEFAUTHINFO_MECHS */ if (mechs == NULL || *mechs == '\0') mechs = AuthMechanisms; mci->mci_saslcap = intersect(mechs, mci->mci_saslcap); /* initialize sasl client library */ result = sasl_client_init(callbacks); if (result != SASL_OK) return EX_TEMPFAIL; do { result = attemptauth(m, mci, e, &mechused); if (result == EX_OK) mci->mci_sasl_auth = TRUE; else if (result == EX_TEMPFAIL) { mci->mci_saslcap = removemech(mechused, mci->mci_saslcap); if (mci->mci_saslcap == NULL || *(mci->mci_saslcap) == '\0') return EX_TEMPFAIL; } else /* all others for now */ return EX_TEMPFAIL; } while (result != EX_OK); return result; } # endif /* SASL */ /* ** SMTPMAILFROM -- send MAIL command ** ** Parameters: ** m -- the mailer. ** mci -- the mailer connection structure. ** e -- the envelope (including the sender to specify). */ int smtpmailfrom(m, mci, e) MAILER *m; MCI *mci; ENVELOPE *e; { int r; char *bufp; char *bodytype; char buf[MAXNAME + 1]; char optbuf[MAXLINE]; char *enhsc; if (tTd(18, 2)) dprintf("smtpmailfrom: CurHost=%s\n", CurHostName); enhsc = NULL; /* set up appropriate options to include */ if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0) { snprintf(optbuf, sizeof optbuf, " SIZE=%ld", e->e_msgsize); bufp = &optbuf[strlen(optbuf)]; } else { optbuf[0] = '\0'; bufp = optbuf; } bodytype = e->e_bodytype; if (bitset(MCIF_8BITMIME, mci->mci_flags)) { if (bodytype == NULL && bitset(MM_MIME8BIT, MimeMode) && bitset(EF_HAS8BIT, e->e_flags) && !bitset(EF_DONT_MIME, e->e_flags) && !bitnset(M_8BITS, m->m_flags)) bodytype = "8BITMIME"; if (bodytype != NULL && SPACELEFT(optbuf, bufp) > strlen(bodytype) + 7) { snprintf(bufp, SPACELEFT(optbuf, bufp), " BODY=%s", bodytype); bufp += strlen(bufp); } } else if (bitnset(M_8BITS, m->m_flags) || !bitset(EF_HAS8BIT, e->e_flags) || bitset(MCIF_8BITOK, mci->mci_flags)) { /* EMPTY */ /* just pass it through */ } # if MIME8TO7 else if (bitset(MM_CVTMIME, MimeMode) && !bitset(EF_DONT_MIME, e->e_flags) && (!bitset(MM_PASS8BIT, MimeMode) || bitset(EF_IS_MIME, e->e_flags))) { /* must convert from 8bit MIME format to 7bit encoded */ mci->mci_flags |= MCIF_CVT8TO7; } # endif /* MIME8TO7 */ else if (!bitset(MM_PASS8BIT, MimeMode)) { /* cannot just send a 8-bit version */ extern char MsgBuf[]; usrerrenh("5.6.3", "%s does not support 8BITMIME", CurHostName); mci_setstat(mci, EX_NOTSTICKY, "5.6.3", MsgBuf); return EX_DATAERR; } if (bitset(MCIF_DSN, mci->mci_flags)) { if (e->e_envid != NULL && SPACELEFT(optbuf, bufp) > strlen(e->e_envid) + 7) { snprintf(bufp, SPACELEFT(optbuf, bufp), " ENVID=%s", e->e_envid); bufp += strlen(bufp); } /* RET= parameter */ if (bitset(EF_RET_PARAM, e->e_flags) && SPACELEFT(optbuf, bufp) > 9) { snprintf(bufp, SPACELEFT(optbuf, bufp), " RET=%s", bitset(EF_NO_BODY_RETN, e->e_flags) ? "HDRS" : "FULL"); bufp += strlen(bufp); } } if (bitset(MCIF_AUTH, mci->mci_flags) && e->e_auth_param != NULL && SPACELEFT(optbuf, bufp) > strlen(e->e_auth_param) + 7 # if SASL && (!bitset(SASL_AUTH_AUTH, SASLOpts) || mci->mci_sasl_auth) # endif /* SASL */ ) { snprintf(bufp, SPACELEFT(optbuf, bufp), " AUTH=%s", e->e_auth_param); bufp += strlen(bufp); } /* ** Send the MAIL command. ** Designates the sender. */ mci->mci_state = MCIS_ACTIVE; if (bitset(EF_RESPONSE, e->e_flags) && !bitnset(M_NO_NULL_FROM, m->m_flags)) buf[0] = '\0'; else expand("\201g", buf, sizeof buf, e); if (buf[0] == '<') { /* strip off (put back on below) */ bufp = &buf[strlen(buf) - 1]; if (*bufp == '>') *bufp = '\0'; bufp = &buf[1]; } else bufp = buf; if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) || !bitnset(M_FROMPATH, m->m_flags)) { smtpmessage("MAIL From:<%s>%s", m, mci, bufp, optbuf); } else { smtpmessage("MAIL From:<@%s%c%s>%s", m, mci, MyHostName, *bufp == '@' ? ',' : ':', bufp, optbuf); } SmtpPhase = mci->mci_phase = "client MAIL"; sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc); if (r < 0) { /* communications failure */ mci->mci_errno = errno; mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL); smtpquit(m, mci, e); return EX_TEMPFAIL; } - else if (r == 421) + else if (r == SMTPCLOSING) { /* service shutting down */ mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"), SmtpReplyBuffer); smtpquit(m, mci, e); return EX_TEMPFAIL; } else if (REPLYTYPE(r) == 4) { mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer); return EX_TEMPFAIL; } else if (REPLYTYPE(r) == 2) { return EX_OK; } else if (r == 501) { /* syntax error in arguments */ mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.5.2"), SmtpReplyBuffer); return EX_DATAERR; } else if (r == 553) { /* mailbox name not allowed */ mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.1.3"), SmtpReplyBuffer); return EX_DATAERR; } else if (r == 552) { /* exceeded storage allocation */ mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.3.4"), SmtpReplyBuffer); if (bitset(MCIF_SIZE, mci->mci_flags)) e->e_flags |= EF_NO_BODY_RETN; return EX_UNAVAILABLE; } else if (REPLYTYPE(r) == 5) { /* unknown error */ mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.0.0"), SmtpReplyBuffer); return EX_UNAVAILABLE; } if (LogLevel > 1) { sm_syslog(LOG_CRIT, e->e_id, "%.100s: SMTP MAIL protocol error: %s", CurHostName, shortenstring(SmtpReplyBuffer, 403)); } /* protocol error -- close up */ mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"), SmtpReplyBuffer); smtpquit(m, mci, e); return EX_PROTOCOL; } /* ** SMTPRCPT -- designate recipient. ** ** Parameters: ** to -- address of recipient. ** m -- the mailer we are sending to. ** mci -- the connection info for this transaction. ** e -- the envelope for this transaction. ** ** Returns: ** exit status corresponding to recipient status. ** ** Side Effects: ** Sends the mail via SMTP. */ int smtprcpt(to, m, mci, e) ADDRESS *to; register MAILER *m; MCI *mci; ENVELOPE *e; { register int r; char *bufp; char optbuf[MAXLINE]; char *enhsc; enhsc = NULL; optbuf[0] = '\0'; bufp = optbuf; /* ** warning: in the following it is assumed that the free space ** in bufp is sizeof optbuf */ if (bitset(MCIF_DSN, mci->mci_flags)) { /* NOTIFY= parameter */ if (bitset(QHASNOTIFY, to->q_flags) && bitset(QPRIMARY, to->q_flags) && !bitnset(M_LOCALMAILER, m->m_flags)) { bool firstone = TRUE; (void) strlcat(bufp, " NOTIFY=", sizeof optbuf); if (bitset(QPINGONSUCCESS, to->q_flags)) { (void) strlcat(bufp, "SUCCESS", sizeof optbuf); firstone = FALSE; } if (bitset(QPINGONFAILURE, to->q_flags)) { if (!firstone) (void) strlcat(bufp, ",", sizeof optbuf); (void) strlcat(bufp, "FAILURE", sizeof optbuf); firstone = FALSE; } if (bitset(QPINGONDELAY, to->q_flags)) { if (!firstone) (void) strlcat(bufp, ",", sizeof optbuf); (void) strlcat(bufp, "DELAY", sizeof optbuf); firstone = FALSE; } if (firstone) (void) strlcat(bufp, "NEVER", sizeof optbuf); bufp += strlen(bufp); } /* ORCPT= parameter */ if (to->q_orcpt != NULL && SPACELEFT(optbuf, bufp) > strlen(to->q_orcpt) + 7) { snprintf(bufp, SPACELEFT(optbuf, bufp), " ORCPT=%s", to->q_orcpt); bufp += strlen(bufp); } } smtpmessage("RCPT To:<%s>%s", m, mci, to->q_user, optbuf); SmtpPhase = mci->mci_phase = "client RCPT"; sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc); to->q_rstatus = newstr(SmtpReplyBuffer); to->q_status = ENHSCN(enhsc, smtptodsn(r)); if (!bitnset(M_LMTP, m->m_flags)) to->q_statmta = mci->mci_host; if (r < 0 || REPLYTYPE(r) == 4) return EX_TEMPFAIL; else if (REPLYTYPE(r) == 2) return EX_OK; else if (r == 550) { to->q_status = ENHSCN(enhsc, "5.1.1"); return EX_NOUSER; } else if (r == 551) { to->q_status = ENHSCN(enhsc, "5.1.6"); return EX_NOUSER; } else if (r == 553) { to->q_status = ENHSCN(enhsc, "5.1.3"); return EX_NOUSER; } else if (REPLYTYPE(r) == 5) { return EX_UNAVAILABLE; } if (LogLevel > 1) { sm_syslog(LOG_CRIT, e->e_id, "%.100s: SMTP RCPT protocol error: %s", CurHostName, shortenstring(SmtpReplyBuffer, 403)); } mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"), SmtpReplyBuffer); return EX_PROTOCOL; } /* ** SMTPDATA -- send the data and clean up the transaction. ** ** Parameters: ** m -- mailer being sent to. ** mci -- the mailer connection information. ** e -- the envelope for this message. ** ** Returns: ** exit status corresponding to DATA command. ** ** Side Effects: ** none. */ static jmp_buf CtxDataTimeout; int smtpdata(m, mci, e) MAILER *m; register MCI *mci; register ENVELOPE *e; { register int r; register EVENT *ev; int rstat; int xstat; time_t timeout; char *enhsc; enhsc = NULL; /* ** Send the data. ** First send the command and check that it is ok. ** Then send the data. ** Follow it up with a dot to terminate. ** Finally get the results of the transaction. */ /* send the command and check ok to proceed */ smtpmessage("DATA", m, mci); SmtpPhase = mci->mci_phase = "client DATA 354"; sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc); if (r < 0 || REPLYTYPE(r) == 4) { smtpquit(m, mci, e); return EX_TEMPFAIL; } else if (REPLYTYPE(r) == 5) { smtprset(m, mci, e); return EX_UNAVAILABLE; } else if (REPLYTYPE(r) != 3) { if (LogLevel > 1) { sm_syslog(LOG_CRIT, e->e_id, "%.100s: SMTP DATA-1 protocol error: %s", CurHostName, shortenstring(SmtpReplyBuffer, 403)); } smtprset(m, mci, e); mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"), SmtpReplyBuffer); return EX_PROTOCOL; } /* ** Set timeout around data writes. Make it at least large ** enough for DNS timeouts on all recipients plus some fudge ** factor. The main thing is that it should not be infinite. */ if (setjmp(CtxDataTimeout) != 0) { mci->mci_errno = errno; mci->mci_state = MCIS_ERROR; mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL); /* ** If putbody() couldn't finish due to a timeout, ** rewind it here in the timeout handler. See ** comments at the end of putbody() for reasoning. */ if (e->e_dfp != NULL) (void) bfrewind(e->e_dfp); errno = mci->mci_errno; syserr("451 4.4.1 timeout writing message to %s", CurHostName); smtpquit(m, mci, e); return EX_TEMPFAIL; } if (tTd(18, 101)) { /* simulate a DATA timeout */ timeout = 1; } else timeout = DATA_PROGRESS_TIMEOUT; ev = setevent(timeout, datatimeout, 0); if (tTd(18, 101)) { /* simulate a DATA timeout */ (void) sleep(1); } /* ** Output the actual message. */ (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER); (*e->e_putbody)(mci, e, NULL); /* ** Cleanup after sending message. */ clrevent(ev); # if _FFR_CATCH_BROKEN_MTAS { fd_set readfds; struct timeval timeout; FD_ZERO(&readfds); FD_SET(fileno(mci->mci_in), &readfds); timeout.tv_sec = 0; timeout.tv_usec = 0; if (select(fileno(mci->mci_in) + 1, FDSET_CAST &readfds, NULL, NULL, &timeout) > 0 && FD_ISSET(fileno(mci->mci_in), &readfds)) { /* terminate the message */ fprintf(mci->mci_out, ".%s", m->m_eol); if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d >>> .\n", (int) getpid()); if (Verbose) nmessage(">>> ."); mci->mci_errno = EIO; mci->mci_state = MCIS_ERROR; mci_setstat(mci, EX_PROTOCOL, "5.5.0", NULL); smtpquit(m, mci, e); return EX_PROTOCOL; } } # endif /* _FFR_CATCH_BROKEN_MTAS */ if (ferror(mci->mci_out)) { /* error during processing -- don't send the dot */ mci->mci_errno = EIO; mci->mci_state = MCIS_ERROR; mci_setstat(mci, EX_IOERR, "4.4.2", NULL); smtpquit(m, mci, e); return EX_IOERR; } /* terminate the message */ fprintf(mci->mci_out, ".%s", m->m_eol); if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d >>> .\n", (int) getpid()); if (Verbose) nmessage(">>> ."); /* check for the results of the transaction */ SmtpPhase = mci->mci_phase = "client DATA status"; sm_setproctitle(TRUE, e, "%s %s: %s", qid_printname(e), CurHostName, mci->mci_phase); if (bitnset(M_LMTP, m->m_flags)) return EX_OK; r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc); if (r < 0) { smtpquit(m, mci, e); return EX_TEMPFAIL; } mci->mci_state = MCIS_OPEN; xstat = EX_NOTSTICKY; if (r == 452) rstat = EX_TEMPFAIL; else if (REPLYTYPE(r) == 4) rstat = xstat = EX_TEMPFAIL; else if (REPLYCLASS(r) != 5) rstat = xstat = EX_PROTOCOL; else if (REPLYTYPE(r) == 2) rstat = xstat = EX_OK; else if (REPLYTYPE(r) == 5) rstat = EX_UNAVAILABLE; else rstat = EX_PROTOCOL; mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer); if (e->e_statmsg != NULL) free(e->e_statmsg); if (bitset(MCIF_ENHSTAT, mci->mci_flags) && (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0) r += 5; else r = 4; e->e_statmsg = newstr(&SmtpReplyBuffer[r]); if (rstat != EX_PROTOCOL) return rstat; if (LogLevel > 1) { sm_syslog(LOG_CRIT, e->e_id, "%.100s: SMTP DATA-2 protocol error: %s", CurHostName, shortenstring(SmtpReplyBuffer, 403)); } return rstat; } static void datatimeout() { if (DataProgress) { time_t timeout; register EVENT *ev; /* check back again later */ if (tTd(18, 101)) { /* simulate a DATA timeout */ timeout = 1; } else timeout = DATA_PROGRESS_TIMEOUT; DataProgress = FALSE; ev = setevent(timeout, datatimeout, 0); } else { /* no progress, give up */ longjmp(CtxDataTimeout, 1); } } /* ** SMTPGETSTAT -- get status code from DATA in LMTP ** ** Parameters: ** m -- the mailer to which we are sending the message. ** mci -- the mailer connection structure. ** e -- the current envelope. ** ** Returns: ** The exit status corresponding to the reply code. */ int smtpgetstat(m, mci, e) MAILER *m; MCI *mci; ENVELOPE *e; { int r; int status; char *enhsc; enhsc = NULL; /* check for the results of the transaction */ r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc); if (r < 0) { smtpquit(m, mci, e); return EX_TEMPFAIL; } if (REPLYTYPE(r) == 4) status = EX_TEMPFAIL; else if (REPLYCLASS(r) != 5) status = EX_PROTOCOL; else if (REPLYTYPE(r) == 2) status = EX_OK; else if (REPLYTYPE(r) == 5) status = EX_UNAVAILABLE; else status = EX_PROTOCOL; if (e->e_statmsg != NULL) free(e->e_statmsg); if (bitset(MCIF_ENHSTAT, mci->mci_flags) && (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0) r += 5; else r = 4; e->e_statmsg = newstr(&SmtpReplyBuffer[r]); mci_setstat(mci, status, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer); if (LogLevel > 1 && status == EX_PROTOCOL) { sm_syslog(LOG_CRIT, e->e_id, "%.100s: SMTP DATA-3 protocol error: %s", CurHostName, shortenstring(SmtpReplyBuffer, 403)); } return status; } /* ** SMTPQUIT -- close the SMTP connection. ** ** Parameters: ** m -- a pointer to the mailer. ** mci -- the mailer connection information. ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** sends the final protocol and closes the connection. */ void smtpquit(m, mci, e) register MAILER *m; register MCI *mci; ENVELOPE *e; { bool oldSuprErrs = SuprErrs; int rcode; CurHostName = mci->mci_host; /* XXX UGLY XXX */ if (CurHostName == NULL) CurHostName = MyHostName; /* ** Suppress errors here -- we may be processing a different ** job when we do the quit connection, and we don't want the ** new job to be penalized for something that isn't it's ** problem. */ SuprErrs = TRUE; /* send the quit message if we haven't gotten I/O error */ if (mci->mci_state != MCIS_ERROR && mci->mci_state != MCIS_QUITING) { int origstate = mci->mci_state; SmtpPhase = "client QUIT"; mci->mci_state = MCIS_QUITING; smtpmessage("QUIT", m, mci); (void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL); SuprErrs = oldSuprErrs; if (mci->mci_state == MCIS_CLOSED || origstate == MCIS_CLOSED) return; } /* now actually close the connection and pick up the zombie */ rcode = endmailer(mci, e, NULL); if (rcode != EX_OK) { char *mailer = NULL; if (mci->mci_mailer != NULL && mci->mci_mailer->m_name != NULL) mailer = mci->mci_mailer->m_name; /* look for naughty mailers */ sm_syslog(LOG_ERR, e->e_id, - "smtpquit: mailer%s%s exited with exit value %d\n", + "smtpquit: mailer%s%s exited with exit value %d", mailer == NULL ? "" : " ", mailer == NULL ? "" : mailer, rcode); } SuprErrs = oldSuprErrs; } /* ** SMTPRSET -- send a RSET (reset) command */ void smtprset(m, mci, e) register MAILER *m; register MCI *mci; ENVELOPE *e; { int r; CurHostName = mci->mci_host; /* XXX UGLY XXX */ if (CurHostName == NULL) CurHostName = MyHostName; SmtpPhase = "client RSET"; smtpmessage("RSET", m, mci); r = reply(m, mci, e, TimeOuts.to_rset, NULL, NULL); if (r < 0) mci->mci_state = MCIS_ERROR; else { /* ** Any response is deemed to be acceptable. ** The standard does not state the proper action ** to take when a value other than 250 is received. + ** + ** However, if 421 is returned for the RSET, leave + ** mci_state as MCIS_SSD (set in reply()). */ - mci->mci_state = MCIS_OPEN; + if (mci->mci_state != MCIS_SSD) + mci->mci_state = MCIS_OPEN; return; } smtpquit(m, mci, e); } /* ** SMTPPROBE -- check the connection state */ int smtpprobe(mci) register MCI *mci; { int r; MAILER *m = mci->mci_mailer; ENVELOPE *e; extern ENVELOPE BlankEnvelope; CurHostName = mci->mci_host; /* XXX UGLY XXX */ if (CurHostName == NULL) CurHostName = MyHostName; e = &BlankEnvelope; SmtpPhase = "client probe"; smtpmessage("RSET", m, mci); r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, NULL); if (r < 0 || REPLYTYPE(r) != 2) smtpquit(m, mci, e); return r; } /* ** REPLY -- read arpanet reply ** ** Parameters: ** m -- the mailer we are reading the reply from. ** mci -- the mailer connection info structure. ** e -- the current envelope. ** timeout -- the timeout for reads. ** pfunc -- processing function called on each line of response. ** If null, no special processing is done. ** ** Returns: ** reply code it reads. ** ** Side Effects: ** flushes the mail file. */ int reply(m, mci, e, timeout, pfunc, enhstat) MAILER *m; MCI *mci; ENVELOPE *e; time_t timeout; void (*pfunc)(); char **enhstat; { register char *bufp; register int r; bool firstline = TRUE; char junkbuf[MAXLINE]; static char enhstatcode[ENHSCLEN]; int save_errno; if (mci->mci_out != NULL) (void) fflush(mci->mci_out); if (tTd(18, 1)) dprintf("reply\n"); /* ** Read the input line, being careful not to hang. */ bufp = SmtpReplyBuffer; for (;;) { register char *p; /* actually do the read */ if (e->e_xfp != NULL) (void) fflush(e->e_xfp); /* for debugging */ /* if we are in the process of closing just give the code */ if (mci->mci_state == MCIS_CLOSED) return SMTPCLOSING; if (mci->mci_out != NULL) (void) fflush(mci->mci_out); /* get the line from the other side */ p = sfgets(bufp, MAXLINE, mci->mci_in, timeout, SmtpPhase); mci->mci_lastuse = curtime(); if (p == NULL) { bool oldholderrs; extern char MsgBuf[]; /* if the remote end closed early, fake an error */ if (errno == 0) # ifdef ECONNRESET errno = ECONNRESET; # else /* ECONNRESET */ errno = EPIPE; # endif /* ECONNRESET */ mci->mci_errno = errno; oldholderrs = HoldErrs; HoldErrs = TRUE; usrerr("451 4.4.1 reply: read error from %s", CurHostName == NULL ? "NO_HOST" : CurHostName); /* errors on QUIT should not be persistent */ if (strncmp(SmtpMsgBuffer, "QUIT", 4) != 0) mci_setstat(mci, EX_TEMPFAIL, "4.4.2", MsgBuf); /* if debugging, pause so we can see state */ if (tTd(18, 100)) (void) pause(); mci->mci_state = MCIS_ERROR; save_errno = errno; smtpquit(m, mci, e); # if XDEBUG { char wbuf[MAXLINE]; int wbufleft = sizeof wbuf; p = wbuf; if (e->e_to != NULL) { int plen; snprintf(p, wbufleft, "%s... ", shortenstring(e->e_to, MAXSHORTSTR)); plen = strlen(p); p += plen; wbufleft -= plen; } snprintf(p, wbufleft, "reply(%.100s) during %s", CurHostName == NULL ? "NO_HOST" : CurHostName, SmtpPhase); checkfd012(wbuf); } # endif /* XDEBUG */ errno = save_errno; HoldErrs = oldholderrs; return -1; } fixcrlf(bufp, TRUE); /* EHLO failure is not a real error */ if (e->e_xfp != NULL && (bufp[0] == '4' || (bufp[0] == '5' && strncmp(SmtpMsgBuffer, "EHLO", 4) != 0))) { /* serious error -- log the previous command */ if (SmtpNeedIntro) { /* inform user who we are chatting with */ fprintf(CurEnv->e_xfp, "... while talking to %s:\n", CurHostName == NULL ? "NO_HOST" : CurHostName); SmtpNeedIntro = FALSE; } if (SmtpMsgBuffer[0] != '\0') fprintf(e->e_xfp, ">>> %s\n", SmtpMsgBuffer); SmtpMsgBuffer[0] = '\0'; /* now log the message as from the other side */ fprintf(e->e_xfp, "<<< %s\n", bufp); } /* display the input for verbose mode */ if (Verbose) nmessage("050 %s", bufp); /* ignore improperly formatted input */ if (!ISSMTPREPLY(bufp)) continue; if (bitset(MCIF_ENHSTAT, mci->mci_flags) && enhstat != NULL && extenhsc(bufp + 4, ' ', enhstatcode) > 0) *enhstat = enhstatcode; /* process the line */ if (pfunc != NULL) (*pfunc)(bufp, firstline, m, mci, e); firstline = FALSE; /* decode the reply code */ r = atoi(bufp); /* extra semantics: 0xx codes are "informational" */ if (r < 100) continue; /* if no continuation lines, return this line */ if (bufp[3] != '-') break; /* first line of real reply -- ignore rest */ bufp = junkbuf; } /* ** Now look at SmtpReplyBuffer -- only care about the first ** line of the response from here on out. */ /* save temporary failure messages for posterity */ if (SmtpReplyBuffer[0] == '4' && (bitnset(M_LMTP, m->m_flags) || SmtpError[0] == '\0')) snprintf(SmtpError, sizeof SmtpError, "%s", SmtpReplyBuffer); /* reply code 421 is "Service Shutting Down" */ if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD) { /* send the quit protocol */ mci->mci_state = MCIS_SSD; smtpquit(m, mci, e); } return r; } /* ** SMTPMESSAGE -- send message to server ** ** Parameters: ** f -- format ** m -- the mailer to control formatting. ** a, b, c -- parameters ** ** Returns: ** none. ** ** Side Effects: ** writes message to mci->mci_out. */ /*VARARGS1*/ void # ifdef __STDC__ smtpmessage(char *f, MAILER *m, MCI *mci, ...) # else /* __STDC__ */ smtpmessage(f, m, mci, va_alist) char *f; MAILER *m; MCI *mci; va_dcl # endif /* __STDC__ */ { VA_LOCAL_DECL VA_START(mci); (void) vsnprintf(SmtpMsgBuffer, sizeof SmtpMsgBuffer, f, ap); VA_END; if (tTd(18, 1) || Verbose) nmessage(">>> %s", SmtpMsgBuffer); if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d >>> %s\n", (int) getpid(), SmtpMsgBuffer); if (mci->mci_out != NULL) { fprintf(mci->mci_out, "%s%s", SmtpMsgBuffer, m == NULL ? "\r\n" : m->m_eol); } else if (tTd(18, 1)) { dprintf("smtpmessage: NULL mci_out\n"); } } #endif /* SMTP */ Index: stable/4/contrib/sendmail/src/util.c =================================================================== --- stable/4/contrib/sendmail/src/util.c (revision 71887) +++ stable/4/contrib/sendmail/src/util.c (revision 71888) @@ -1,2478 +1,2518 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: util.c,v 8.225.2.1.2.8 2000/07/03 18:28:56 geir Exp $"; +static char id[] = "@(#)$Id: util.c,v 8.225.2.1.2.15 2000/10/18 23:46:07 ca Exp $"; #endif /* ! lint */ #include #include static void readtimeout __P((time_t)); /* ** STRIPQUOTES -- Strip quotes & quote bits from a string. ** ** Runs through a string and strips off unquoted quote ** characters and quote bits. This is done in place. ** ** Parameters: ** s -- the string to strip. ** ** Returns: ** none. ** ** Side Effects: ** none. */ void stripquotes(s) char *s; { register char *p; register char *q; register char c; if (s == NULL) return; p = q = s; do { c = *p++; if (c == '\\') c = *p++; else if (c == '"') continue; *q++ = c; } while (c != '\0'); } /* ** ADDQUOTES -- Adds quotes & quote bits to a string. ** ** Runs through a string and adds characters and quote bits. ** ** Parameters: ** s -- the string to modify. ** ** Returns: ** pointer to quoted string. ** ** Side Effects: ** none. ** */ char * addquotes(s) char *s; { int len = 0; char c; char *p = s, *q, *r; if (s == NULL) return NULL; /* Find length of quoted string */ while ((c = *p++) != '\0') { len++; if (c == '\\' || c == '"') len++; } q = r = xalloc(len + 3); p = s; /* add leading quote */ *q++ = '"'; while ((c = *p++) != '\0') { /* quote \ or " */ if (c == '\\' || c == '"') *q++ = '\\'; *q++ = c; } *q++ = '"'; *q = '\0'; return r; } /* ** RFC822_STRING -- Checks string for proper RFC822 string quoting. ** ** Runs through a string and verifies RFC822 special characters ** are only found inside comments, quoted strings, or backslash ** escaped. Also verified balanced quotes and parenthesis. ** ** Parameters: ** s -- the string to modify. ** ** Returns: ** TRUE -- if the string is RFC822 compliant. ** FALSE -- if the string is not RFC822 compliant. ** ** Side Effects: ** none. ** */ bool rfc822_string(s) char *s; { bool quoted = FALSE; int commentlev = 0; char *c = s; if (s == NULL) return FALSE; while (*c != '\0') { /* escaped character */ if (*c == '\\') { c++; if (*c == '\0') return FALSE; } else if (commentlev == 0 && *c == '"') quoted = !quoted; else if (!quoted) { if (*c == ')') { /* unbalanced ')' */ if (commentlev == 0) return FALSE; else commentlev--; } else if (*c == '(') commentlev++; else if (commentlev == 0 && strchr(MustQuoteChars, *c) != NULL) return FALSE; } c++; } /* unbalanced '"' or '(' */ if (quoted || commentlev != 0) return FALSE; else return TRUE; } /* ** SHORTEN_RFC822_STRING -- Truncate and rebalance an RFC822 string ** ** Arbitrarily shorten (in place) an RFC822 string and rebalance ** comments and quotes. ** ** Parameters: ** string -- the string to shorten ** length -- the maximum size, 0 if no maximum ** ** Returns: ** TRUE if string is changed, FALSE otherwise ** ** Side Effects: ** Changes string in place, possibly resulting ** in a shorter string. */ bool shorten_rfc822_string(string, length) char *string; size_t length; { bool backslash = FALSE; bool modified = FALSE; bool quoted = FALSE; size_t slen; int parencount = 0; char *ptr = string; /* ** If have to rebalance an already short enough string, ** need to do it within allocated space. */ + slen = strlen(string); if (length == 0 || slen < length) length = slen; while (*ptr != '\0') { if (backslash) { backslash = FALSE; goto increment; } if (*ptr == '\\') backslash = TRUE; else if (*ptr == '(') { if (!quoted) parencount++; } else if (*ptr == ')') { if (--parencount < 0) parencount = 0; } /* Inside a comment, quotes don't matter */ if (parencount <= 0 && *ptr == '"') quoted = !quoted; increment: /* Check for sufficient space for next character */ if (length - (ptr - string) <= (size_t) ((backslash ? 1 : 0) + parencount + (quoted ? 1 : 0))) { /* Not enough, backtrack */ if (*ptr == '\\') backslash = FALSE; else if (*ptr == '(' && !quoted) parencount--; else if (*ptr == '"' && parencount == 0) quoted = FALSE; break; } ptr++; } /* Rebalance */ while (parencount-- > 0) { if (*ptr != ')') { modified = TRUE; *ptr = ')'; } ptr++; } if (quoted) { if (*ptr != '"') { modified = TRUE; *ptr = '"'; } ptr++; } if (*ptr != '\0') { modified = TRUE; *ptr = '\0'; } return modified; } /* ** FIND_CHARACTER -- find an unquoted character in an RFC822 string ** ** Find an unquoted, non-commented character in an RFC822 ** string and return a pointer to its location in the ** string. ** ** Parameters: ** string -- the string to search ** character -- the character to find ** ** Returns: ** pointer to the character, or ** a pointer to the end of the line if character is not found */ char * find_character(string, character) char *string; int character; { bool backslash = FALSE; bool quoted = FALSE; int parencount = 0; while (string != NULL && *string != '\0') { if (backslash) { backslash = FALSE; if (!quoted && character == '\\' && *string == '\\') break; string++; continue; } switch (*string) { case '\\': backslash = TRUE; break; case '(': if (!quoted) parencount++; break; case ')': if (--parencount < 0) parencount = 0; break; } /* Inside a comment, nothing matters */ if (parencount > 0) { string++; continue; } if (*string == '"') quoted = !quoted; else if (*string == character && !quoted) break; string++; } /* Return pointer to the character */ return string; } /* ** XALLOC -- Allocate memory and bitch wildly on failure. ** ** THIS IS A CLUDGE. This should be made to give a proper ** error -- but after all, what can we do? ** ** Parameters: ** sz -- size of area to allocate. ** ** Returns: ** pointer to data region. ** ** Side Effects: ** Memory is allocated. */ char * xalloc(sz) register int sz; { register char *p; /* some systems can't handle size zero mallocs */ if (sz <= 0) sz = 1; p = malloc((unsigned) sz); if (p == NULL) { syserr("!Out of memory!!"); /* exit(EX_UNAVAILABLE); */ } return p; } /* ** COPYPLIST -- copy list of pointers. ** ** This routine is the equivalent of newstr for lists of ** pointers. ** ** Parameters: ** list -- list of pointers to copy. ** Must be NULL terminated. ** copycont -- if TRUE, copy the contents of the vector ** (which must be a string) also. ** ** Returns: ** a copy of 'list'. ** ** Side Effects: ** none. */ char ** copyplist(list, copycont) char **list; bool copycont; { register char **vp; register char **newvp; for (vp = list; *vp != NULL; vp++) continue; vp++; newvp = (char **) xalloc((int) (vp - list) * sizeof *vp); memmove((char *) newvp, (char *) list, (int) (vp - list) * sizeof *vp); if (copycont) { for (vp = newvp; *vp != NULL; vp++) *vp = newstr(*vp); } return newvp; } /* ** COPYQUEUE -- copy address queue. ** ** This routine is the equivalent of newstr for address queues ** addresses marked as QS_IS_DEAD() aren't copied ** ** Parameters: ** addr -- list of address structures to copy. ** ** Returns: ** a copy of 'addr'. ** ** Side Effects: ** none. */ ADDRESS * copyqueue(addr) ADDRESS *addr; { register ADDRESS *newaddr; ADDRESS *ret; register ADDRESS **tail = &ret; while (addr != NULL) { if (!QS_IS_DEAD(addr->q_state)) { newaddr = (ADDRESS *) xalloc(sizeof *newaddr); STRUCTCOPY(*addr, *newaddr); *tail = newaddr; tail = &newaddr->q_next; } addr = addr->q_next; } *tail = NULL; return ret; } /* ** LOG_SENDMAIL_PID -- record sendmail pid and command line. ** ** Parameters: ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** writes pidfile. */ void log_sendmail_pid(e) ENVELOPE *e; { long sff; FILE *pidf; char pidpath[MAXPATHLEN + 1]; /* write the pid to the log file for posterity */ sff = SFF_NOLINK|SFF_ROOTOK|SFF_REGONLY|SFF_CREAT; if (TrustedUid != 0 && RealUid == TrustedUid) sff |= SFF_OPENASROOT; expand(PidFile, pidpath, sizeof pidpath, e); pidf = safefopen(pidpath, O_WRONLY|O_TRUNC, 0644, sff); if (pidf == NULL) { sm_syslog(LOG_ERR, NOQID, "unable to write %s", pidpath); } else { + long pid; extern char *CommandLineArgs; + pid = (long) getpid(); + /* write the process id on line 1 */ - fprintf(pidf, "%ld\n", (long) getpid()); + fprintf(pidf, "%ld\n", pid); /* line 2 contains all command line flags */ fprintf(pidf, "%s\n", CommandLineArgs); /* flush and close */ (void) fclose(pidf); } } /* ** SET_DELIVERY_MODE -- set and record the delivery mode ** ** Parameters: ** mode -- delivery mode ** e -- the current envelope. ** ** Returns: ** none. ** ** Side Effects: ** sets $&{deliveryMode} macro */ void set_delivery_mode(mode, e) int mode; ENVELOPE *e; { char buf[2]; e->e_sendmode = (char)mode; buf[0] = (char)mode; buf[1] = '\0'; define(macid("{deliveryMode}", NULL), newstr(buf), e); } /* ** PRINTAV -- print argument vector. ** ** Parameters: ** av -- argument vector. ** ** Returns: ** none. ** ** Side Effects: ** prints av. */ void printav(av) register char **av; { while (*av != NULL) { if (tTd(0, 44)) dprintf("\n\t%08lx=", (u_long) *av); else (void) putchar(' '); xputs(*av++); } (void) putchar('\n'); } /* ** LOWER -- turn letter into lower case. ** ** Parameters: ** c -- character to turn into lower case. ** ** Returns: ** c, in lower case. ** ** Side Effects: ** none. */ char lower(c) register int c; { return ((isascii(c) && isupper(c)) ? tolower(c) : c); } /* ** XPUTS -- put string doing control escapes. ** ** Parameters: ** s -- string to put. ** ** Returns: ** none. ** ** Side Effects: ** output to stdout */ void xputs(s) register const char *s; { register int c; register struct metamac *mp; bool shiftout = FALSE; extern struct metamac MetaMacros[]; if (s == NULL) { printf("%s%s", TermEscape.te_rv_on, TermEscape.te_rv_off); return; } while ((c = (*s++ & 0377)) != '\0') { if (shiftout) { printf("%s", TermEscape.te_rv_off); shiftout = FALSE; } if (!isascii(c)) { if (c == MATCHREPL) { printf("%s$", TermEscape.te_rv_on); shiftout = TRUE; if (*s == '\0') continue; c = *s++ & 0377; goto printchar; } if (c == MACROEXPAND || c == MACRODEXPAND) { printf("%s$", TermEscape.te_rv_on); if (c == MACRODEXPAND) (void) putchar('&'); shiftout = TRUE; if (*s == '\0') continue; if (strchr("=~&?", *s) != NULL) (void) putchar(*s++); if (bitset(0200, *s)) - printf("{%s}", macname(*s++ & 0377)); + printf("{%s}", macname(bitidx(*s++))); else printf("%c", *s++); continue; } for (mp = MetaMacros; mp->metaname != '\0'; mp++) { if ((mp->metaval & 0377) == c) { printf("%s$%c", TermEscape.te_rv_on, mp->metaname); shiftout = TRUE; break; } } if (c == MATCHCLASS || c == MATCHNCLASS) { if (bitset(0200, *s)) printf("{%s}", macname(*s++ & 0377)); else if (*s != '\0') printf("%c", *s++); } if (mp->metaname != '\0') continue; /* unrecognized meta character */ printf("%sM-", TermEscape.te_rv_on); shiftout = TRUE; c &= 0177; } printchar: if (isprint(c)) { (void) putchar(c); continue; } /* wasn't a meta-macro -- find another way to print it */ switch (c) { case '\n': c = 'n'; break; case '\r': c = 'r'; break; case '\t': c = 't'; break; } if (!shiftout) { printf("%s", TermEscape.te_rv_on); shiftout = TRUE; } if (isprint(c)) { (void) putchar('\\'); (void) putchar(c); } else { (void) putchar('^'); (void) putchar(c ^ 0100); } } if (shiftout) printf("%s", TermEscape.te_rv_off); (void) fflush(stdout); } /* ** MAKELOWER -- Translate a line into lower case ** ** Parameters: ** p -- the string to translate. If NULL, return is ** immediate. ** ** Returns: ** none. ** ** Side Effects: ** String pointed to by p is translated to lower case. */ void makelower(p) register char *p; { register char c; if (p == NULL) return; for (; (c = *p) != '\0'; p++) if (isascii(c) && isupper(c)) *p = tolower(c); } /* ** BUILDFNAME -- build full name from gecos style entry. ** ** This routine interprets the strange entry that would appear ** in the GECOS field of the password file. ** ** Parameters: ** p -- name to build. ** user -- the login name of this user (for &). ** buf -- place to put the result. ** buflen -- length of buf. ** ** Returns: ** none. ** ** Side Effects: ** none. */ void buildfname(gecos, user, buf, buflen) register char *gecos; char *user; char *buf; int buflen; { register char *p; register char *bp = buf; if (*gecos == '*') gecos++; /* copy gecos, interpolating & to be full name */ for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) { if (bp >= &buf[buflen - 1]) { /* buffer overflow -- just use login name */ snprintf(buf, buflen, "%s", user); return; } if (*p == '&') { /* interpolate full name */ snprintf(bp, buflen - (bp - buf), "%s", user); *bp = toupper(*bp); bp += strlen(bp); } else *bp++ = *p; } *bp = '\0'; } /* ** FIXCRLF -- fix in line. ** ** Looks for the combination and turns it into the ** UNIX canonical character. It only takes one line, ** i.e., it is assumed that the first found is the end ** of the line. ** ** Parameters: ** line -- the line to fix. ** stripnl -- if true, strip the newline also. ** ** Returns: ** none. ** ** Side Effects: ** line is changed in place. */ void fixcrlf(line, stripnl) char *line; bool stripnl; { register char *p; p = strchr(line, '\n'); if (p == NULL) return; if (p > line && p[-1] == '\r') p--; if (!stripnl) *p++ = '\n'; *p = '\0'; } /* ** PUTLINE -- put a line like fputs obeying SMTP conventions ** ** This routine always guarantees outputing a newline (or CRLF, ** as appropriate) at the end of the string. ** ** Parameters: ** l -- line to put. ** mci -- the mailer connection information. ** ** Returns: ** none ** ** Side Effects: ** output of l to fp. */ void putline(l, mci) register char *l; register MCI *mci; { putxline(l, strlen(l), mci, PXLF_MAPFROM); } /* ** PUTXLINE -- putline with flags bits. ** ** This routine always guarantees outputing a newline (or CRLF, ** as appropriate) at the end of the string. ** ** Parameters: ** l -- line to put. ** len -- the length of the line. ** mci -- the mailer connection information. ** pxflags -- flag bits: ** PXLF_MAPFROM -- map From_ to >From_. ** PXLF_STRIP8BIT -- strip 8th bit. ** PXLF_HEADER -- map bare newline in header to newline space. ** ** Returns: ** none ** ** Side Effects: ** output of l to fp. */ void putxline(l, len, mci, pxflags) register char *l; size_t len; register MCI *mci; int pxflags; { bool dead = FALSE; register char *p, *end; int slop = 0; /* strip out 0200 bits -- these can look like TELNET protocol */ if (bitset(MCIF_7BIT, mci->mci_flags) || bitset(PXLF_STRIP8BIT, pxflags)) { register char svchar; for (p = l; (svchar = *p) != '\0'; ++p) if (bitset(0200, svchar)) *p = svchar &~ 0200; } end = l + len; do { /* find the end of the line */ p = memchr(l, '\n', end - l); if (p == NULL) p = end; if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d >>> ", (int) getpid()); /* check for line overflow */ while (mci->mci_mailer->m_linelimit > 0 && (p - l + slop) > mci->mci_mailer->m_linelimit) { char *l_base = l; register char *q = &l[mci->mci_mailer->m_linelimit - slop - 1]; if (l[0] == '.' && slop == 0 && bitnset(M_XDOT, mci->mci_mailer->m_flags)) { if (putc('.', mci->mci_out) == EOF) dead = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) (void) putc('.', TrafficLogFile); } else if (l[0] == 'F' && slop == 0 && bitset(PXLF_MAPFROM, pxflags) && strncmp(l, "From ", 5) == 0 && bitnset(M_ESCFROM, mci->mci_mailer->m_flags)) { if (putc('>', mci->mci_out) == EOF) dead = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) (void) putc('>', TrafficLogFile); } if (dead) break; while (l < q) { if (putc((unsigned char) *l++, mci->mci_out) == EOF) { dead = TRUE; break; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } } if (dead) break; if (putc('!', mci->mci_out) == EOF || fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF || putc(' ', mci->mci_out) == EOF) { dead = TRUE; break; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; - + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) { for (l = l_base; l < q; l++) (void) putc((unsigned char)*l, TrafficLogFile); fprintf(TrafficLogFile, "!\n%05d >>> ", (int) getpid()); } slop = 1; } if (dead) break; /* output last part */ if (l[0] == '.' && slop == 0 && bitnset(M_XDOT, mci->mci_mailer->m_flags)) { if (putc('.', mci->mci_out) == EOF) break; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) (void) putc('.', TrafficLogFile); } else if (l[0] == 'F' && slop == 0 && bitset(PXLF_MAPFROM, pxflags) && strncmp(l, "From ", 5) == 0 && bitnset(M_ESCFROM, mci->mci_mailer->m_flags)) { if (putc('>', mci->mci_out) == EOF) break; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) (void) putc('>', TrafficLogFile); } for ( ; l < p; ++l) { if (TrafficLogFile != NULL) (void) putc((unsigned char)*l, TrafficLogFile); if (putc((unsigned char) *l, mci->mci_out) == EOF) { dead = TRUE; break; } - - /* record progress for DATA timeout */ - DataProgress = TRUE; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } } if (dead) break; if (TrafficLogFile != NULL) (void) putc('\n', TrafficLogFile); if (fputs(mci->mci_mailer->m_eol, mci->mci_out) == EOF) break; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (l < end && *l == '\n') { if (*++l != ' ' && *l != '\t' && *l != '\0' && bitset(PXLF_HEADER, pxflags)) { if (putc(' ', mci->mci_out) == EOF) break; + else + { + /* record progress for DATA timeout */ + DataProgress = TRUE; + } if (TrafficLogFile != NULL) (void) putc(' ', TrafficLogFile); } } - - /* record progress for DATA timeout */ - DataProgress = TRUE; } while (l < end); } /* ** XUNLINK -- unlink a file, doing logging as appropriate. ** ** Parameters: ** f -- name of file to unlink. ** ** Returns: ** none. ** ** Side Effects: ** f is unlinked. */ void xunlink(f) char *f; { register int i; if (LogLevel > 98) sm_syslog(LOG_DEBUG, CurEnv->e_id, "unlink %s", f); i = unlink(f); if (i < 0 && LogLevel > 97) sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s: unlink-fail %d", f, errno); } /* ** SFGETS -- "safe" fgets -- times out and ignores random interrupts. ** ** Parameters: ** buf -- place to put the input line. ** siz -- size of buf. ** fp -- file to read from. ** timeout -- the timeout before error occurs. ** during -- what we are trying to read (for error messages). ** ** Returns: ** NULL on error (including timeout). This will also leave ** buf containing a null string. ** buf otherwise. ** ** Side Effects: ** none. */ static jmp_buf CtxReadTimeout; char * sfgets(buf, siz, fp, timeout, during) char *buf; int siz; FILE *fp; time_t timeout; char *during; { register EVENT *ev = NULL; register char *p; int save_errno; if (fp == NULL) { buf[0] = '\0'; return NULL; } /* set the timeout */ if (timeout != 0) { if (setjmp(CtxReadTimeout) != 0) { if (LogLevel > 1) sm_syslog(LOG_NOTICE, CurEnv->e_id, "timeout waiting for input from %.100s during %s", CurHostName ? CurHostName : "local", during); buf[0] = '\0'; #if XDEBUG checkfd012(during); #endif /* XDEBUG */ if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d <<< [TIMEOUT]\n", (int) getpid()); errno = 0; return NULL; } ev = setevent(timeout, readtimeout, 0); } /* try to read */ p = NULL; errno = 0; while (!feof(fp) && !ferror(fp)) { errno = 0; p = fgets(buf, siz, fp); if (p != NULL || errno != EINTR) break; clearerr(fp); } save_errno = errno; /* clear the event if it has not sprung */ clrevent(ev); /* clean up the books and exit */ LineNumber++; if (p == NULL) { buf[0] = '\0'; if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d <<< [EOF]\n", (int) getpid()); errno = save_errno; return NULL; } if (TrafficLogFile != NULL) fprintf(TrafficLogFile, "%05d <<< %s", (int) getpid(), buf); if (SevenBitInput) { for (p = buf; *p != '\0'; p++) *p &= ~0200; } else if (!HasEightBits) { for (p = buf; *p != '\0'; p++) { if (bitset(0200, *p)) { HasEightBits = TRUE; break; } } } return buf; } /* ARGSUSED */ static void readtimeout(timeout) time_t timeout; { longjmp(CtxReadTimeout, 1); } /* ** FGETFOLDED -- like fgets, but know about folded lines. ** ** Parameters: ** buf -- place to put result. ** n -- bytes available. ** f -- file to read from. ** ** Returns: ** input line(s) on success, NULL on error or EOF. ** This will normally be buf -- unless the line is too ** long, when it will be xalloc()ed. ** ** Side Effects: ** buf gets lines from f, with continuation lines (lines ** with leading white space) appended. CRLF's are mapped ** into single newlines. Any trailing NL is stripped. */ char * fgetfolded(buf, n, f) char *buf; register int n; FILE *f; { register char *p = buf; char *bp = buf; register int i; n--; while ((i = getc(f)) != EOF) { if (i == '\r') { i = getc(f); if (i != '\n') { if (i != EOF) (void) ungetc(i, f); i = '\r'; } } if (--n <= 0) { /* allocate new space */ char *nbp; int nn; nn = (p - bp); if (nn < MEMCHUNKSIZE) nn *= 2; else nn += MEMCHUNKSIZE; nbp = xalloc(nn); memmove(nbp, bp, p - bp); p = &nbp[p - bp]; if (bp != buf) free(bp); bp = nbp; n = nn - (p - bp); } *p++ = i; if (i == '\n') { LineNumber++; i = getc(f); if (i != EOF) (void) ungetc(i, f); if (i != ' ' && i != '\t') break; } } if (p == bp) return NULL; if (p[-1] == '\n') p--; *p = '\0'; return bp; } /* ** CURTIME -- return current time. ** ** Parameters: ** none. ** ** Returns: ** the current time. ** ** Side Effects: ** none. */ time_t curtime() { auto time_t t; (void) time(&t); return t; } /* ** ATOBOOL -- convert a string representation to boolean. ** ** Defaults to "TRUE" ** ** Parameters: ** s -- string to convert. Takes "tTyY" as true, ** others as false. ** ** Returns: ** A boolean representation of the string. ** ** Side Effects: ** none. */ bool atobool(s) register char *s; { if (s == NULL || *s == '\0' || strchr("tTyY", *s) != NULL) return TRUE; return FALSE; } /* ** ATOOCT -- convert a string representation to octal. ** ** Parameters: ** s -- string to convert. ** ** Returns: ** An integer representing the string interpreted as an ** octal number. ** ** Side Effects: ** none. */ int atooct(s) register char *s; { register int i = 0; while (*s >= '0' && *s <= '7') i = (i << 3) | (*s++ - '0'); return i; } /* ** BITINTERSECT -- tell if two bitmaps intersect ** ** Parameters: ** a, b -- the bitmaps in question ** ** Returns: ** TRUE if they have a non-null intersection ** FALSE otherwise ** ** Side Effects: ** none. */ bool bitintersect(a, b) BITMAP256 a; BITMAP256 b; { int i; for (i = BITMAPBYTES / sizeof (int); --i >= 0; ) + { if ((a[i] & b[i]) != 0) return TRUE; + } return FALSE; } /* ** BITZEROP -- tell if a bitmap is all zero ** ** Parameters: ** map -- the bit map to check ** ** Returns: ** TRUE if map is all zero. ** FALSE if there are any bits set in map. ** ** Side Effects: ** none. */ bool bitzerop(map) BITMAP256 map; { int i; for (i = BITMAPBYTES / sizeof (int); --i >= 0; ) + { if (map[i] != 0) return FALSE; + } return TRUE; } /* ** STRCONTAINEDIN -- tell if one string is contained in another ** ** Parameters: ** a -- possible substring. ** b -- possible superstring. ** ** Returns: ** TRUE if a is contained in b. ** FALSE otherwise. */ bool strcontainedin(a, b) register char *a; register char *b; { int la; int lb; int c; la = strlen(a); lb = strlen(b); c = *a; if (isascii(c) && isupper(c)) c = tolower(c); for (; lb-- >= la; b++) { if (*b != c && isascii(*b) && isupper(*b) && tolower(*b) != c) continue; if (strncasecmp(a, b, la) == 0) return TRUE; } return FALSE; } /* ** CHECKFD012 -- check low numbered file descriptors ** ** File descriptors 0, 1, and 2 should be open at all times. ** This routine verifies that, and fixes it if not true. ** ** Parameters: ** where -- a tag printed if the assertion failed ** ** Returns: ** none */ void checkfd012(where) char *where; { #if XDEBUG register int i; for (i = 0; i < 3; i++) fill_fd(i, where); #endif /* XDEBUG */ } /* ** CHECKFDOPEN -- make sure file descriptor is open -- for extended debugging ** ** Parameters: ** fd -- file descriptor to check. ** where -- tag to print on failure. ** ** Returns: ** none. */ void checkfdopen(fd, where) int fd; char *where; { #if XDEBUG struct stat st; if (fstat(fd, &st) < 0 && errno == EBADF) { syserr("checkfdopen(%d): %s not open as expected!", fd, where); printopenfds(TRUE); } #endif /* XDEBUG */ } /* ** CHECKFDS -- check for new or missing file descriptors ** ** Parameters: ** where -- tag for printing. If null, take a base line. ** ** Returns: ** none ** ** Side Effects: ** If where is set, shows changes since the last call. */ void checkfds(where) char *where; { int maxfd; register int fd; bool printhdr = TRUE; int save_errno = errno; static BITMAP256 baseline; extern int DtableSize; - if (DtableSize > 256) - maxfd = 256; + if (DtableSize > BITMAPBITS) + maxfd = BITMAPBITS; else maxfd = DtableSize; if (where == NULL) clrbitmap(baseline); for (fd = 0; fd < maxfd; fd++) { struct stat stbuf; if (fstat(fd, &stbuf) < 0 && errno != EOPNOTSUPP) { if (!bitnset(fd, baseline)) continue; clrbitn(fd, baseline); } else if (!bitnset(fd, baseline)) setbitn(fd, baseline); else continue; /* file state has changed */ if (where == NULL) continue; if (printhdr) { sm_syslog(LOG_DEBUG, CurEnv->e_id, "%s: changed fds:", where); printhdr = FALSE; } dumpfd(fd, TRUE, TRUE); } errno = save_errno; } /* ** PRINTOPENFDS -- print the open file descriptors (for debugging) ** ** Parameters: ** logit -- if set, send output to syslog; otherwise ** print for debugging. ** ** Returns: ** none. */ #if NETINET || NETINET6 # include #endif /* NETINET || NETINET6 */ void printopenfds(logit) bool logit; { register int fd; extern int DtableSize; for (fd = 0; fd < DtableSize; fd++) dumpfd(fd, FALSE, logit); } /* ** DUMPFD -- dump a file descriptor ** ** Parameters: ** fd -- the file descriptor to dump. ** printclosed -- if set, print a notification even if ** it is closed; otherwise print nothing. ** logit -- if set, send output to syslog instead of stdout. */ void dumpfd(fd, printclosed, logit) int fd; bool printclosed; bool logit; { register char *p; char *hp; #ifdef S_IFSOCK SOCKADDR sa; #endif /* S_IFSOCK */ auto SOCKADDR_LEN_T slen; int i; #if STAT64 > 0 struct stat64 st; #else /* STAT64 > 0 */ struct stat st; #endif /* STAT64 > 0 */ char buf[200]; p = buf; snprintf(p, SPACELEFT(buf, p), "%3d: ", fd); p += strlen(p); if ( #if STAT64 > 0 fstat64(fd, &st) #else /* STAT64 > 0 */ fstat(fd, &st) #endif /* STAT64 > 0 */ < 0) { if (errno != EBADF) { snprintf(p, SPACELEFT(buf, p), "CANNOT STAT (%s)", errstring(errno)); goto printit; } else if (printclosed) { snprintf(p, SPACELEFT(buf, p), "CLOSED"); goto printit; } return; } i = fcntl(fd, F_GETFL, NULL); if (i != -1) { snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", i); p += strlen(p); } snprintf(p, SPACELEFT(buf, p), "mode=%o: ", (int) st.st_mode); p += strlen(p); switch (st.st_mode & S_IFMT) { #ifdef S_IFSOCK case S_IFSOCK: snprintf(p, SPACELEFT(buf, p), "SOCK "); p += strlen(p); memset(&sa, '\0', sizeof sa); slen = sizeof sa; if (getsockname(fd, &sa.sa, &slen) < 0) snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (hp == NULL) { /* EMPTY */ /* do nothing */ } # if NETINET else if (sa.sa.sa_family == AF_INET) snprintf(p, SPACELEFT(buf, p), "%s/%d", hp, ntohs(sa.sin.sin_port)); # endif /* NETINET */ # if NETINET6 else if (sa.sa.sa_family == AF_INET6) snprintf(p, SPACELEFT(buf, p), "%s/%d", hp, ntohs(sa.sin6.sin6_port)); # endif /* NETINET6 */ else snprintf(p, SPACELEFT(buf, p), "%s", hp); } p += strlen(p); snprintf(p, SPACELEFT(buf, p), "->"); p += strlen(p); slen = sizeof sa; if (getpeername(fd, &sa.sa, &slen) < 0) snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (hp == NULL) { /* EMPTY */ /* do nothing */ } # if NETINET else if (sa.sa.sa_family == AF_INET) snprintf(p, SPACELEFT(buf, p), "%s/%d", hp, ntohs(sa.sin.sin_port)); # endif /* NETINET */ # if NETINET6 else if (sa.sa.sa_family == AF_INET6) snprintf(p, SPACELEFT(buf, p), "%s/%d", hp, ntohs(sa.sin6.sin6_port)); # endif /* NETINET6 */ else snprintf(p, SPACELEFT(buf, p), "%s", hp); } break; #endif /* S_IFSOCK */ case S_IFCHR: snprintf(p, SPACELEFT(buf, p), "CHR: "); p += strlen(p); goto defprint; case S_IFBLK: snprintf(p, SPACELEFT(buf, p), "BLK: "); p += strlen(p); goto defprint; #if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) case S_IFIFO: snprintf(p, SPACELEFT(buf, p), "FIFO: "); p += strlen(p); goto defprint; #endif /* defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) */ #ifdef S_IFDIR case S_IFDIR: snprintf(p, SPACELEFT(buf, p), "DIR: "); p += strlen(p); goto defprint; #endif /* S_IFDIR */ #ifdef S_IFLNK case S_IFLNK: snprintf(p, SPACELEFT(buf, p), "LNK: "); p += strlen(p); goto defprint; #endif /* S_IFLNK */ default: defprint: /*CONSTCOND*/ if (sizeof st.st_ino > sizeof (long)) snprintf(p, SPACELEFT(buf, p), "dev=%d/%d, ino=%s, nlink=%d, u/gid=%d/%d, ", major(st.st_dev), minor(st.st_dev), quad_to_string(st.st_ino), (int) st.st_nlink, (int) st.st_uid, (int) st.st_gid); else snprintf(p, SPACELEFT(buf, p), "dev=%d/%d, ino=%lu, nlink=%d, u/gid=%d/%d, ", major(st.st_dev), minor(st.st_dev), (unsigned long) st.st_ino, (int) st.st_nlink, (int) st.st_uid, (int) st.st_gid); /*CONSTCOND*/ if (sizeof st.st_size > sizeof (long)) snprintf(p, SPACELEFT(buf, p), "size=%s", quad_to_string(st.st_size)); else snprintf(p, SPACELEFT(buf, p), "size=%lu", (unsigned long) st.st_size); break; } printit: if (logit) sm_syslog(LOG_DEBUG, CurEnv ? CurEnv->e_id : NULL, "%.800s", buf); else printf("%s\n", buf); } /* ** SHORTEN_HOSTNAME -- strip local domain information off of hostname. ** ** Parameters: ** host -- the host to shorten (stripped in place). ** ** Returns: ** none. */ void shorten_hostname(host) char host[]; { register char *p; char *mydom; int i; bool canon = FALSE; /* strip off final dot */ p = &host[strlen(host) - 1]; if (*p == '.') { *p = '\0'; canon = TRUE; } /* see if there is any domain at all -- if not, we are done */ p = strchr(host, '.'); if (p == NULL) return; /* yes, we have a domain -- see if it looks like us */ mydom = macvalue('m', CurEnv); if (mydom == NULL) mydom = ""; i = strlen(++p); if ((canon ? strcasecmp(p, mydom) : strncasecmp(p, mydom, i)) == 0 && (mydom[i] == '.' || mydom[i] == '\0')) *--p = '\0'; } /* ** PROG_OPEN -- open a program for reading ** ** Parameters: ** argv -- the argument list. ** pfd -- pointer to a place to store the file descriptor. ** e -- the current envelope. ** ** Returns: ** pid of the process -- -1 if it failed. */ int prog_open(argv, pfd, e) char **argv; int *pfd; ENVELOPE *e; { int pid; int i; int save_errno; int fdv[2]; char *p, *q; char buf[MAXLINE + 1]; extern int DtableSize; if (pipe(fdv) < 0) { syserr("%s: cannot create pipe for stdout", argv[0]); return -1; } pid = fork(); if (pid < 0) { syserr("%s: cannot fork", argv[0]); (void) close(fdv[0]); (void) close(fdv[1]); return -1; } if (pid > 0) { /* parent */ (void) close(fdv[1]); *pfd = fdv[0]; return pid; } /* child -- close stdin */ (void) close(0); /* stdout goes back to parent */ (void) close(fdv[0]); if (dup2(fdv[1], 1) < 0) { syserr("%s: cannot dup2 for stdout", argv[0]); _exit(EX_OSERR); } (void) close(fdv[1]); /* stderr goes to transcript if available */ if (e->e_xfp != NULL) { int xfd; xfd = fileno(e->e_xfp); if (xfd >= 0 && dup2(xfd, 2) < 0) { syserr("%s: cannot dup2 for stderr", argv[0]); _exit(EX_OSERR); } } /* this process has no right to the queue file */ if (e->e_lockfp != NULL) (void) close(fileno(e->e_lockfp)); /* chroot to the program mailer directory, if defined */ if (ProgMailer != NULL && ProgMailer->m_rootdir != NULL) { expand(ProgMailer->m_rootdir, buf, sizeof buf, e); if (chroot(buf) < 0) { syserr("prog_open: cannot chroot(%s)", buf); exit(EX_TEMPFAIL); } if (chdir("/") < 0) { syserr("prog_open: cannot chdir(/)"); exit(EX_TEMPFAIL); } } /* run as default user */ endpwent(); if (setgid(DefGid) < 0 && geteuid() == 0) { syserr("prog_open: setgid(%ld) failed", (long) DefGid); exit(EX_TEMPFAIL); } if (setuid(DefUid) < 0 && geteuid() == 0) { syserr("prog_open: setuid(%ld) failed", (long) DefUid); exit(EX_TEMPFAIL); } /* run in some directory */ if (ProgMailer != NULL) p = ProgMailer->m_execdir; else p = NULL; for (; p != NULL; p = q) { q = strchr(p, ':'); if (q != NULL) *q = '\0'; expand(p, buf, sizeof buf, e); if (q != NULL) *q++ = ':'; if (buf[0] != '\0' && chdir(buf) >= 0) break; } if (p == NULL) { /* backup directories */ if (chdir("/tmp") < 0) (void) chdir("/"); } /* arrange for all the files to be closed */ for (i = 3; i < DtableSize; i++) { register int j; if ((j = fcntl(i, F_GETFD, 0)) != -1) (void) fcntl(i, F_SETFD, j | FD_CLOEXEC); } /* now exec the process */ (void) execve(argv[0], (ARGV_T) argv, (ARGV_T) UserEnviron); /* woops! failed */ save_errno = errno; syserr("%s: cannot exec", argv[0]); if (transienterror(save_errno)) _exit(EX_OSERR); _exit(EX_CONFIG); return -1; /* avoid compiler warning on IRIX */ } /* ** GET_COLUMN -- look up a Column in a line buffer ** ** Parameters: ** line -- the raw text line to search. ** col -- the column number to fetch. ** delim -- the delimiter between columns. If null, ** use white space. ** buf -- the output buffer. ** buflen -- the length of buf. ** ** Returns: ** buf if successful. ** NULL otherwise. */ char * get_column(line, col, delim, buf, buflen) char line[]; int col; int delim; char buf[]; int buflen; { char *p; char *begin, *end; int i; char delimbuf[4]; if ((char)delim == '\0') (void) strlcpy(delimbuf, "\n\t ", sizeof delimbuf); else { delimbuf[0] = (char)delim; delimbuf[1] = '\0'; } p = line; if (*p == '\0') return NULL; /* line empty */ if (*p == (char)delim && col == 0) return NULL; /* first column empty */ begin = line; if (col == 0 && (char)delim == '\0') { while (*begin != '\0' && isascii(*begin) && isspace(*begin)) begin++; } for (i = 0; i < col; i++) { if ((begin = strpbrk(begin, delimbuf)) == NULL) return NULL; /* no such column */ begin++; if ((char)delim == '\0') { while (*begin != '\0' && isascii(*begin) && isspace(*begin)) begin++; } } end = strpbrk(begin, delimbuf); if (end == NULL) i = strlen(begin); else i = end - begin; if (i >= buflen) i = buflen - 1; (void) strlcpy(buf, begin, i + 1); return buf; } /* ** CLEANSTRCPY -- copy string keeping out bogus characters ** ** Parameters: ** t -- "to" string. ** f -- "from" string. ** l -- length of space available in "to" string. ** ** Returns: ** none. */ void cleanstrcpy(t, f, l) register char *t; register char *f; int l; { /* check for newlines and log if necessary */ (void) denlstring(f, TRUE, TRUE); if (l <= 0) syserr("!cleanstrcpy: length == 0"); l--; while (l > 0 && *f != '\0') { if (isascii(*f) && (isalnum(*f) || strchr("!#$%&'*+-./^_`{|}~", *f) != NULL)) { l--; *t++ = *f; } f++; } *t = '\0'; } /* ** DENLSTRING -- convert newlines in a string to spaces ** ** Parameters: ** s -- the input string ** strict -- if set, don't permit continuation lines. ** logattacks -- if set, log attempted attacks. ** ** Returns: ** A pointer to a version of the string with newlines ** mapped to spaces. This should be copied. */ char * denlstring(s, strict, logattacks) char *s; bool strict; bool logattacks; { register char *p; int l; static char *bp = NULL; static int bl = 0; p = s; while ((p = strchr(p, '\n')) != NULL) if (strict || (*++p != ' ' && *p != '\t')) break; if (p == NULL) return s; l = strlen(s) + 1; if (bl < l) { /* allocate more space */ if (bp != NULL) free(bp); bp = xalloc(l); bl = l; } (void) strlcpy(bp, s, l); for (p = bp; (p = strchr(p, '\n')) != NULL; ) *p++ = ' '; if (logattacks) { sm_syslog(LOG_NOTICE, CurEnv->e_id, "POSSIBLE ATTACK from %.100s: newline in string \"%s\"", RealHostName == NULL ? "[UNKNOWN]" : RealHostName, shortenstring(bp, MAXSHORTSTR)); } return bp; } /* ** PATH_IS_DIR -- check to see if file exists and is a directory. ** ** There are some additional checks for security violations in ** here. This routine is intended to be used for the host status ** support. ** ** Parameters: ** pathname -- pathname to check for directory-ness. ** createflag -- if set, create directory if needed. ** ** Returns: ** TRUE -- if the indicated pathname is a directory ** FALSE -- otherwise */ int path_is_dir(pathname, createflag) char *pathname; bool createflag; { struct stat statbuf; #if HASLSTAT if (lstat(pathname, &statbuf) < 0) #else /* HASLSTAT */ if (stat(pathname, &statbuf) < 0) #endif /* HASLSTAT */ { if (errno != ENOENT || !createflag) return FALSE; if (mkdir(pathname, 0755) < 0) return FALSE; return TRUE; } if (!S_ISDIR(statbuf.st_mode)) { errno = ENOTDIR; return FALSE; } /* security: don't allow writable directories */ if (bitset(S_IWGRP|S_IWOTH, statbuf.st_mode)) { errno = EACCES; return FALSE; } return TRUE; } /* ** PROC_LIST_ADD -- add process id to list of our children ** ** Parameters: ** pid -- pid to add to list. ** task -- task of pid. ** type -- type of process. ** ** Returns: ** none */ static struct procs *ProcListVec = NULL; static int ProcListSize = 0; void proc_list_add(pid, task, type) pid_t pid; char *task; int type; { int i; for (i = 0; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == NO_PID) break; } if (i >= ProcListSize) { /* probe the existing vector to avoid growing infinitely */ proc_list_probe(); /* now scan again */ for (i = 0; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == NO_PID) break; } } if (i >= ProcListSize) { /* grow process list */ struct procs *npv; npv = (struct procs *) xalloc((sizeof *npv) * (ProcListSize + PROC_LIST_SEG)); if (ProcListSize > 0) { memmove(npv, ProcListVec, ProcListSize * sizeof (struct procs)); free(ProcListVec); } for (i = ProcListSize; i < ProcListSize + PROC_LIST_SEG; i++) { npv[i].proc_pid = NO_PID; npv[i].proc_task = NULL; npv[i].proc_type = PROC_NONE; } i = ProcListSize; ProcListSize += PROC_LIST_SEG; ProcListVec = npv; } ProcListVec[i].proc_pid = pid; if (ProcListVec[i].proc_task != NULL) free(ProcListVec[i].proc_task); ProcListVec[i].proc_task = newstr(task); ProcListVec[i].proc_type = type; /* if process adding itself, it's not a child */ if (pid != getpid()) CurChildren++; } /* ** PROC_LIST_SET -- set pid task in process list ** ** Parameters: ** pid -- pid to set ** task -- task of pid ** ** Returns: ** none. */ void proc_list_set(pid, task) pid_t pid; char *task; { int i; for (i = 0; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == pid) { if (ProcListVec[i].proc_task != NULL) free(ProcListVec[i].proc_task); ProcListVec[i].proc_task = newstr(task); break; } } } /* ** PROC_LIST_DROP -- drop pid from process list ** ** Parameters: ** pid -- pid to drop ** ** Returns: ** type of process */ int proc_list_drop(pid) pid_t pid; { int i; int type = PROC_NONE; for (i = 0; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == pid) { ProcListVec[i].proc_pid = NO_PID; type = ProcListVec[i].proc_type; break; } } if (CurChildren > 0) CurChildren--; return type; } /* ** PROC_LIST_CLEAR -- clear the process list ** ** Parameters: ** none. ** ** Returns: ** none. */ void proc_list_clear() { int i; /* start from 1 since 0 is the daemon itself */ for (i = 1; i < ProcListSize; i++) { ProcListVec[i].proc_pid = NO_PID; } CurChildren = 0; } /* ** PROC_LIST_PROBE -- probe processes in the list to see if they still exist ** ** Parameters: ** none ** ** Returns: ** none */ void proc_list_probe() { int i; /* start from 1 since 0 is the daemon itself */ for (i = 1; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == NO_PID) continue; if (kill(ProcListVec[i].proc_pid, 0) < 0) { if (LogLevel > 3) sm_syslog(LOG_DEBUG, CurEnv->e_id, "proc_list_probe: lost pid %d", (int) ProcListVec[i].proc_pid); ProcListVec[i].proc_pid = NO_PID; CurChildren--; } } if (CurChildren < 0) CurChildren = 0; } /* ** PROC_LIST_DISPLAY -- display the process list ** ** Parameters: ** out -- output file pointer ** ** Returns: ** none. */ void proc_list_display(out) FILE *out; { int i; for (i = 0; i < ProcListSize; i++) { if (ProcListVec[i].proc_pid == NO_PID) continue; fprintf(out, "%d %s%s\n", (int) ProcListVec[i].proc_pid, ProcListVec[i].proc_task != NULL ? ProcListVec[i].proc_task : "(unknown)", (OpMode == MD_SMTP || OpMode == MD_DAEMON || OpMode == MD_ARPAFTP) ? "\r" : ""); } } /* ** SM_STRCASECMP -- 8-bit clean version of strcasecmp ** ** Thank you, vendors, for making this all necessary. */ /* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; #endif /* defined(LIBC_SCCS) && !defined(lint) */ /* * This array is designed for mapping upper and lower case letter * together for a case independent comparison. The mappings are * based upon ascii character sequences. */ static const u_char charmap[] = { 0000, 0001, 0002, 0003, 0004, 0005, 0006, 0007, 0010, 0011, 0012, 0013, 0014, 0015, 0016, 0017, 0020, 0021, 0022, 0023, 0024, 0025, 0026, 0027, 0030, 0031, 0032, 0033, 0034, 0035, 0036, 0037, 0040, 0041, 0042, 0043, 0044, 0045, 0046, 0047, 0050, 0051, 0052, 0053, 0054, 0055, 0056, 0057, 0060, 0061, 0062, 0063, 0064, 0065, 0066, 0067, 0070, 0071, 0072, 0073, 0074, 0075, 0076, 0077, 0100, 0141, 0142, 0143, 0144, 0145, 0146, 0147, 0150, 0151, 0152, 0153, 0154, 0155, 0156, 0157, 0160, 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0170, 0171, 0172, 0133, 0134, 0135, 0136, 0137, 0140, 0141, 0142, 0143, 0144, 0145, 0146, 0147, 0150, 0151, 0152, 0153, 0154, 0155, 0156, 0157, 0160, 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0200, 0201, 0202, 0203, 0204, 0205, 0206, 0207, 0210, 0211, 0212, 0213, 0214, 0215, 0216, 0217, 0220, 0221, 0222, 0223, 0224, 0225, 0226, 0227, 0230, 0231, 0232, 0233, 0234, 0235, 0236, 0237, 0240, 0241, 0242, 0243, 0244, 0245, 0246, 0247, 0250, 0251, 0252, 0253, 0254, 0255, 0256, 0257, 0260, 0261, 0262, 0263, 0264, 0265, 0266, 0267, 0270, 0271, 0272, 0273, 0274, 0275, 0276, 0277, 0300, 0301, 0302, 0303, 0304, 0305, 0306, 0307, 0310, 0311, 0312, 0313, 0314, 0315, 0316, 0317, 0320, 0321, 0322, 0323, 0324, 0325, 0326, 0327, 0330, 0331, 0332, 0333, 0334, 0335, 0336, 0337, 0340, 0341, 0342, 0343, 0344, 0345, 0346, 0347, 0350, 0351, 0352, 0353, 0354, 0355, 0356, 0357, 0360, 0361, 0362, 0363, 0364, 0365, 0366, 0367, 0370, 0371, 0372, 0373, 0374, 0375, 0376, 0377, }; int sm_strcasecmp(s1, s2) const char *s1, *s2; { register const u_char *cm = charmap, *us1 = (const u_char *)s1, *us2 = (const u_char *)s2; while (cm[*us1] == cm[*us2++]) if (*us1++ == '\0') return 0; return (cm[*us1] - cm[*--us2]); } int sm_strncasecmp(s1, s2, n) const char *s1, *s2; register size_t n; { if (n != 0) { register const u_char *cm = charmap, *us1 = (const u_char *)s1, *us2 = (const u_char *)s2; do { if (cm[*us1] != cm[*us2++]) return (cm[*us1] - cm[*--us2]); if (*us1++ == '\0') break; } while (--n != 0); } return 0; } Index: stable/4/contrib/sendmail/src/version.c =================================================================== --- stable/4/contrib/sendmail/src/version.c (revision 71887) +++ stable/4/contrib/sendmail/src/version.c (revision 71888) @@ -1,18 +1,18 @@ /* * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint -static char id[] = "@(#)$Id: version.c,v 8.43.4.16 2000/09/21 04:12:23 geir Exp $"; +static char id[] = "@(#)$Id: version.c,v 8.43.4.25 2000/12/29 18:22:18 gshapiro Exp $"; #endif /* ! lint */ -char Version[] = "8.11.1"; +char Version[] = "8.11.2"; Index: stable/4/contrib/sendmail/vacation/vacation.1 =================================================================== --- stable/4/contrib/sendmail/vacation/vacation.1 (revision 71887) +++ stable/4/contrib/sendmail/vacation/vacation.1 (revision 71888) @@ -1,200 +1,208 @@ .\" Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. .\" All rights reserved. .\" Copyright (c) 1985, 1987, 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" .\" By using this file, you agree to the terms and conditions set .\" forth in the LICENSE file which can be found at the top level of .\" the sendmail distribution. .\" .\" -.\" $Id: vacation.1,v 8.11 2000/03/17 07:32:50 gshapiro Exp $ +.\" $Id: vacation.1,v 8.11.4.6 2000/12/29 18:12:23 gshapiro Exp $ .\" -.TH VACATION 1 "$Date: 2000/03/17 07:32:50 $" +.TH VACATION 1 "$Date: 2000/12/29 18:12:23 $" .SH NAME -.B vacation +vacation \- return ``I am not here'' indication .SH SYNOPSIS .B vacation -.B \-i +.RB [ \-i ] +.RB [ \-I ] .RB [ \-r .IR interval ] .RB [ \-x ] -.B vacation .RB [ \-a .IR alias ] .RB [ \-f .IR database ] .RB [ \-m .IR message ] .RB [ \-s .IR address ] .RB [ \-t .IR time ] .RB [ \-z ] .I login .SH DESCRIPTION .B Vacation returns a message to the sender of a message telling them that you are currently not reading your mail. The intended use is in a .I .forward file. For example, your .I .forward file might have: .IP \eeric, "|/usr/bin/vacation -a allman eric" .PP which would send messages to you (assuming your login name was eric) and reply to any messages for ``eric'' or ``allman''. .PP Available options: .TP .BI \-a " alias" Handle messages for .Ar alias in the same manner as those received for the user's login name. .TP .BI \-f " filename" Use .I filename as name of the database instead of .IR ~/.vacation.db . Unless the .I filename starts with / it is relative to ~. .TP .B \-i Initialize the vacation database files. It should be used before you modify your .I .forward file. .TP +.B \-I +Same as +.B \-i +(for backwards compatibility). +.TP .BI \-m " filename" Use .I filename as name of the file containing the message to send instead of .IR ~/.vacation.msg . Unless the .I filename starts with / it is relative to ~. .TP .BI \-r " interval" Set the reply interval to .I interval days. The default is one week. An interval of ``0'' or ``infinite'' (actually, any non-numeric character) will never send more than one reply. .TP .BI \-s " address" Use .I address -instead of the sender address in the +instead of the incoming message sender address on the .I From -line to determine the reply address. +line as the recipient for the vacation message. .TP .BI \-t " time" Ignored, available only for compatibility with Sun's vacation program. .TP .B \-x reads an exclusion list from stdin (one address per line). Mails coming from an address in this exclusion list won't get a reply by .BR vacation . It is possible to exclude complete domains by specifying ``@domain'' as element of the exclusion list. .TP .B \-z Set the sender of the vacation message to ``<>'' instead of the user. This probably violates the RFCs since vacation messages are not required by a standards-track RFC to have a null reverse-path. .PP No message will be sent unless .I login (or an .I alias supplied using the .B \-a option) is part of either the ``To:'' or ``Cc:'' headers of the mail. No messages from ``???-REQUEST'', +``???-RELAY'', +``???-OWNER'', +``OWNER-???'', ``Postmaster'', ``UUCP'', ``MAILER'', or ``MAILER-DAEMON'' will be replied to (where these strings are case insensitive) nor is a notification sent if a ``Precedence: bulk'' or ``Precedence: junk'' line is included in the mail headers. The people who have sent you messages are maintained as a db(3) database in the file .I .vacation.db in your home directory. .PP .B Vacation expects a file .IR .vacation.msg , in your home directory, containing a message to be sent back to each sender. It should be an entire message (including headers). For example, it might contain: .IP .nf From: eric@CS.Berkeley.EDU (Eric Allman) Subject: I am on vacation Delivered-By-The-Graces-Of: The Vacation program Precedence: bulk I am on vacation until July 22. If you have something urgent, please contact Keith Bostic . --eric .fi .PP .B Vacation reads the first line from the standard input for a UNIX ``From'' line to determine the sender. Sendmail(8) includes this ``From'' line automatically. .PP Fatal errors, such as calling .B vacation with incorrect arguments, or with non-existent .IR login s, are logged in the system log file, using syslog(8). .SH FILES .TP 1.8i ~/.vacation.db -database file +default database file .TP ~/.vacation.msg -message to send +default message to send .SH SEE ALSO sendmail(8), syslog(8) .SH HISTORY The .B vacation command appeared in 4.3BSD. Index: stable/4/contrib/sendmail/vacation/vacation.c =================================================================== --- stable/4/contrib/sendmail/vacation/vacation.c (revision 71887) +++ stable/4/contrib/sendmail/vacation/vacation.c (revision 71888) @@ -1,1068 +1,1158 @@ /* * Copyright (c) 1999-2000 Sendmail, Inc. and its suppliers. * All rights reserved. * Copyright (c) 1983, 1987, 1993 * The Regents of the University of California. All rights reserved. * Copyright (c) 1983 Eric P. Allman. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of * the sendmail distribution. * */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ All rights reserved.\n\ Copyright (c) 1983, 1987, 1993\n\ The Regents of the University of California. All rights reserved.\n\ Copyright (c) 1983 Eric P. Allman. All rights reserved.\n"; #endif /* ! lint */ #ifndef lint -static char id[] = "@(#)$Id: vacation.c,v 8.68.4.7 2000/09/05 21:48:45 gshapiro Exp $"; +static char id[] = "@(#)$Id: vacation.c,v 8.68.4.15 2000/11/27 22:17:27 ca Exp $"; #endif /* ! lint */ #include #include #include #include #include #ifdef EX_OK # undef EX_OK /* unistd.h may have another use for this */ #endif /* EX_OK */ #include #include "sendmail/sendmail.h" #include "libsmdb/smdb.h" #if defined(__hpux) && !defined(HPUX11) # undef syslog /* Undo hard_syslog conf.h change */ #endif /* defined(__hpux) && !defined(HPUX11) */ #ifndef _PATH_SENDMAIL # define _PATH_SENDMAIL "/usr/lib/sendmail" #endif /* ! _PATH_SENDMAIL */ #define ONLY_ONCE ((time_t) 0) /* send at most one reply */ #define INTERVAL_UNDEF ((time_t) (-1)) /* no value given */ +#ifndef TRUE +# define TRUE 1 +# define FALSE 0 +#endif /* ! TRUE */ + uid_t RealUid; gid_t RealGid; char *RealUserName; uid_t RunAsUid; uid_t RunAsGid; char *RunAsUserName; int Verbose = 2; bool DontInitGroups = FALSE; uid_t TrustedUid = 0; BITMAP256 DontBlameSendmail; /* ** VACATION -- return a message to the sender when on vacation. ** ** This program is invoked as a message receiver. It returns a ** message specified by the user to whomever sent the mail, taking ** care not to return a message too often to prevent "I am on ** vacation" loops. */ #define VDB ".vacation" /* vacation database */ #define VMSG ".vacation.msg" /* vacation message */ #define SECSPERDAY (60 * 60 * 24) #define DAYSPERWEEK 7 -#ifndef TRUE -# define TRUE 1 -# define FALSE 0 -#endif /* ! TRUE */ - #ifndef __P # ifdef __STDC__ # define __P(protos) protos # else /* __STDC__ */ # define __P(protos) () # define const # endif /* __STDC__ */ #endif /* ! __P */ typedef struct alias { char *name; struct alias *next; } ALIAS; ALIAS *Names = NULL; SMDB_DATABASE *Db; char From[MAXLINE]; #if _FFR_DEBUG void (*msglog)(int, const char *, ...) = &syslog; static void debuglog __P((int, const char *, ...)); #else /* _FFR_DEBUG */ # define msglog syslog #endif /* _FFR_DEBUG */ static void eatmsg __P((void)); /* exit after reading input */ #define EXITIT(excode) { \ eatmsg(); \ - exit(excode); \ + return excode; \ } int main(argc, argv) int argc; char **argv; { bool iflag, emptysender, exclude; #if _FFR_LISTDB bool lflag = FALSE; #endif /* _FFR_LISTDB */ int mfail = 0, ufail = 0; int ch; int result; long sff; time_t interval; struct passwd *pw; ALIAS *cur; char *dbfilename = VDB; char *msgfilename = VMSG; char *name; SMDB_USER_INFO user_info; static char rnamebuf[MAXNAME]; extern int optind, opterr; extern char *optarg; extern void usage __P((void)); extern void setinterval __P((time_t)); - extern void readheaders __P((void)); + extern int readheaders __P((void)); extern bool recent __P((void)); extern void setreply __P((char *, time_t)); extern void sendmessage __P((char *, char *, bool)); extern void xclude __P((FILE *)); #if _FFR_LISTDB #define EXITM(excode) { \ if (!iflag && !lflag) \ eatmsg(); \ exit(excode); \ } #else /* _FFR_LISTDB */ #define EXITM(excode) { \ if (!iflag) \ eatmsg(); \ exit(excode); \ } #endif /* _FFR_LISTDB */ /* Vars needed to link with smutil */ clrbitmap(DontBlameSendmail); RunAsUid = RealUid = getuid(); RunAsGid = RealGid = getgid(); pw = getpwuid(RealUid); if (pw != NULL) { if (strlen(pw->pw_name) > MAXNAME - 1) pw->pw_name[MAXNAME] = '\0'; snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name); } else snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", (int) RealUid); RunAsUserName = RealUserName = rnamebuf; #ifdef LOG_MAIL openlog("vacation", LOG_PID, LOG_MAIL); #else /* LOG_MAIL */ openlog("vacation", LOG_PID); #endif /* LOG_MAIL */ opterr = 0; iflag = FALSE; emptysender = FALSE; exclude = FALSE; interval = INTERVAL_UNDEF; *From = '\0'; #if _FFR_DEBUG && _FFR_LISTDB # define OPTIONS "a:df:Iilm:r:s:t:xz" #else /* _FFR_DEBUG && _FFR_LISTDB */ # if _FFR_DEBUG # define OPTIONS "a:df:Iim:r:s:t:xz" # else /* _FFR_DEBUG */ # if _FFR_LISTDB # define OPTIONS "a:f:Iilm:r:s:t:xz" # else /* _FFR_LISTDB */ # define OPTIONS "a:f:Iim:r:s:t:xz" # endif /* _FFR_LISTDB */ # endif /* _FFR_DEBUG */ #endif /* _FFR_DEBUG && _FFR_LISTDB */ while (mfail == 0 && ufail == 0 && (ch = getopt(argc, argv, OPTIONS)) != -1) { switch((char)ch) { case 'a': /* alias */ cur = (ALIAS *)malloc((u_int)sizeof(ALIAS)); if (cur == NULL) { mfail++; break; } cur->name = optarg; cur->next = Names; Names = cur; break; #if _FFR_DEBUG case 'd': /* debug mode */ msglog = &debuglog; break; #endif /* _FFR_DEBUG */ case 'f': /* alternate database */ dbfilename = optarg; break; case 'I': /* backward compatible */ case 'i': /* init the database */ iflag = TRUE; break; #if _FFR_LISTDB case 'l': lflag = TRUE; /* list the database */ break; #endif /* _FFR_LISTDB */ case 'm': /* alternate message file */ msgfilename = optarg; break; case 'r': if (isascii(*optarg) && isdigit(*optarg)) { interval = atol(optarg) * SECSPERDAY; if (interval < 0) ufail++; } else interval = ONLY_ONCE; break; case 's': /* alternate sender name */ (void) strlcpy(From, optarg, sizeof From); break; case 't': /* SunOS: -t1d (default expire) */ break; case 'x': exclude = TRUE; break; case 'z': emptysender = TRUE; break; case '?': default: ufail++; break; } } argc -= optind; argv += optind; if (mfail != 0) { msglog(LOG_NOTICE, "vacation: can't allocate memory for alias.\n"); EXITM(EX_TEMPFAIL); } if (ufail != 0) usage(); if (argc != 1) { if (!iflag && #if _FFR_LISTDB !lflag && #endif /* _FFR_LISTDB */ !exclude) usage(); if ((pw = getpwuid(getuid())) == NULL) { msglog(LOG_ERR, "vacation: no such user uid %u.\n", getuid()); EXITM(EX_NOUSER); } } #if _FFR_BLACKBOX name = *argv; #else /* _FFR_BLACKBOX */ else if ((pw = getpwnam(*argv)) == NULL) { msglog(LOG_ERR, "vacation: no such user %s.\n", *argv); EXITM(EX_NOUSER); } name = pw->pw_name; if (chdir(pw->pw_dir) != 0) { msglog(LOG_NOTICE, "vacation: no such directory %s.\n", pw->pw_dir); EXITM(EX_NOINPUT); } #endif /* _FFR_BLACKBOX */ user_info.smdbu_id = pw->pw_uid; user_info.smdbu_group_id = pw->pw_gid; (void) strlcpy(user_info.smdbu_name, pw->pw_name, SMDB_MAX_USER_NAME_LEN); sff = SFF_CREAT; #if _FFR_BLACKBOX if (getegid() != getgid()) RunAsGid = user_info.smdbu_group_id = getegid(); sff |= SFF_NOPATHCHECK|SFF_OPENASROOT; #endif /* _FFR_BLACKBOX */ result = smdb_open_database(&Db, dbfilename, O_CREAT|O_RDWR | (iflag ? O_TRUNC : 0), S_IRUSR|S_IWUSR, sff, SMDB_TYPE_DEFAULT, &user_info, NULL); if (result != SMDBE_OK) { msglog(LOG_NOTICE, "vacation: %s: %s\n", dbfilename, errstring(result)); EXITM(EX_DATAERR); } #if _FFR_LISTDB if (lflag) { static void listdb __P((void)); listdb(); - (void)Db->smdb_close(Db); + (void) Db->smdb_close(Db); exit(EX_OK); } #endif /* _FFR_LISTDB */ if (interval != INTERVAL_UNDEF) setinterval(interval); - if (iflag) + if (iflag && !exclude) { - result = Db->smdb_close(Db); - if (!exclude) - exit(EX_OK); + (void) Db->smdb_close(Db); + exit(EX_OK); } if (exclude) { xclude(stdin); - result = Db->smdb_close(Db); + (void) Db->smdb_close(Db); EXITM(EX_OK); } if ((cur = (ALIAS *)malloc((u_int)sizeof(ALIAS))) == NULL) { msglog(LOG_NOTICE, "vacation: can't allocate memory for username.\n"); + (void) Db->smdb_close(Db); EXITM(EX_OSERR); } cur->name = name; cur->next = Names; Names = cur; - readheaders(); - if (!recent()) + result = readheaders(); + if (result == EX_OK && !recent()) { time_t now; (void) time(&now); setreply(From, now); - result = Db->smdb_close(Db); + (void) Db->smdb_close(Db); sendmessage(name, msgfilename, emptysender); } else - result = Db->smdb_close(Db); - exit(EX_OK); - /* NOTREACHED */ - return EX_OK; + (void) Db->smdb_close(Db); + if (result == EX_NOUSER) + result = EX_OK; + exit(result); } /* ** EATMSG -- read stdin till EOF ** ** Parameters: ** none. ** ** Returns: ** nothing. ** */ static void eatmsg() { /* ** read the rest of the e-mail and ignore it to avoid problems ** with EPIPE in sendmail */ while (getc(stdin) != EOF) continue; } /* ** READHEADERS -- read mail headers ** ** Parameters: ** none. ** ** Returns: -** nothing. +** a exit code: NOUSER if no reply, OK if reply, * if error ** ** Side Effects: ** may exit(). ** */ -void + +int readheaders() { bool tome, cont; register char *p; register ALIAS *cur; char buf[MAXLINE]; extern bool junkmail __P((char *)); extern bool nsearch __P((char *, char *)); cont = tome = FALSE; while (fgets(buf, sizeof(buf), stdin) && *buf != '\n') { switch(*buf) { case 'F': /* "From " */ cont = FALSE; if (strncmp(buf, "From ", 5) == 0) { bool quoted = FALSE; p = buf + 5; while (*p != '\0') { /* escaped character */ if (*p == '\\') { p++; if (*p == '\0') { msglog(LOG_NOTICE, "vacation: badly formatted \"From \" line.\n"); EXITIT(EX_DATAERR); } } else if (*p == '"') quoted = !quoted; else if (*p == '\r' || *p == '\n') break; else if (*p == ' ' && !quoted) break; p++; } if (quoted) { msglog(LOG_NOTICE, "vacation: badly formatted \"From \" line.\n"); EXITIT(EX_DATAERR); } *p = '\0'; /* ok since both strings have MAXLINE length */ if (*From == '\0') - (void)strlcpy(From, buf + 5, - sizeof From); + (void) strlcpy(From, buf + 5, + sizeof From); if ((p = strchr(buf + 5, '\n')) != NULL) *p = '\0'; if (junkmail(buf + 5)) - EXITIT(EX_OK); + EXITIT(EX_NOUSER); } break; case 'P': /* "Precedence:" */ case 'p': cont = FALSE; if (strlen(buf) <= 10 || strncasecmp(buf, "Precedence", 10) != 0 || (buf[10] != ':' && buf[10] != ' ' && buf[10] != '\t')) break; if ((p = strchr(buf, ':')) == NULL) break; while (*++p != '\0' && isascii(*p) && isspace(*p)); if (*p == '\0') break; if (strncasecmp(p, "junk", 4) == 0 || strncasecmp(p, "bulk", 4) == 0 || strncasecmp(p, "list", 4) == 0) - EXITIT(EX_OK); + EXITIT(EX_NOUSER); break; case 'C': /* "Cc:" */ case 'c': if (strncasecmp(buf, "Cc:", 3) != 0) break; cont = TRUE; goto findme; case 'T': /* "To:" */ case 't': if (strncasecmp(buf, "To:", 3) != 0) break; cont = TRUE; goto findme; default: if (!isascii(*buf) || !isspace(*buf) || !cont || tome) { cont = FALSE; break; } findme: for (cur = Names; !tome && cur != NULL; cur = cur->next) tome = nsearch(cur->name, buf); } } if (!tome) - EXITIT(EX_OK); + EXITIT(EX_NOUSER); if (*From == '\0') { msglog(LOG_NOTICE, "vacation: no initial \"From \" line.\n"); EXITIT(EX_DATAERR); } + EXITIT(EX_OK); } /* ** NSEARCH -- ** do a nice, slow, search of a string for a substring. ** ** Parameters: ** name -- name to search. ** str -- string in which to search. ** ** Returns: ** is name a substring of str? ** */ bool nsearch(name, str) register char *name, *str; { register size_t len; register char *s; len = strlen(name); for (s = str; *s != '\0'; ++s) { /* ** Check to make sure that the string matches and ** the previous character is not an alphanumeric and ** the next character after the match is not an alphanumeric. ** ** This prevents matching "eric" to "derick" while still ** matching "eric" to "". */ if (tolower(*s) == tolower(*name) && strncasecmp(name, s, len) == 0 && (s == str || !isascii(*(s - 1)) || !isalnum(*(s - 1))) && (!isascii(*(s + len)) || !isalnum(*(s + len)))) return TRUE; } return FALSE; } /* ** JUNKMAIL -- ** read the header and return if automagic/junk/bulk/list mail ** ** Parameters: ** from -- sender address. ** ** Returns: ** is this some automated/junk/bulk/list mail? ** */ + +struct ignore +{ + char *name; + size_t len; +}; + +typedef struct ignore IGNORE_T; + +#define MAX_USER_LEN 256 /* maximum length of local part (sender) */ + +/* delimiters for the local part of an address */ +#define isdelim(c) ((c) == '%' || (c) == '@' || (c) == '+') + bool junkmail(from) char *from; { - register size_t len; - register char *p; - register struct ignore *cur; - static struct ignore + bool quot; + char *e; + size_t len; + IGNORE_T *cur; + char sender[MAX_USER_LEN]; + static IGNORE_T ignore[] = { - char *name; - size_t len; - } ignore[] = - { - { "-request", 8 }, { "postmaster", 10 }, { "uucp", 4 }, { "mailer-daemon", 13 }, { "mailer", 6 }, + { NULL, 0 } + }; + + static IGNORE_T ignorepost[] = + { + { "-request", 8 }, { "-relay", 6 }, + { "-owner", 6 }, { NULL, 0 } }; + static IGNORE_T ignorepre[] = + { + { "owner-", 6 }, + { NULL, 0 } + }; + /* - * This is mildly amusing, and I'm not positive it's right; trying - * to find the "real" name of the sender, assuming that addresses - * will be some variant of: - * - * From site!site!SENDER%site.domain%site.domain@site.domain - */ - if ((p = strchr(from, '%')) == NULL && - (p = strchr(from, '@')) == NULL) + ** This is mildly amusing, and I'm not positive it's right; trying + ** to find the "real" name of the sender, assuming that addresses + ** will be some variant of: + ** + ** From site!site!SENDER%site.domain%site.domain@site.domain + */ + + quot = FALSE; + e = from; + len = 0; + while (*e != '\0' && (quot || !isdelim(*e))) { - if ((p = strrchr(from, '!')) != NULL) - ++p; - else - p = from; - for (; *p; ++p) + if (*e == '"') + { + quot = !quot; + ++e; continue; + } + if (*e == '\\') + { + if (*(++e) == '\0') + { + /* '\\' at end of string? */ + break; + } + if (len < MAX_USER_LEN) + sender[len++] = *e; + ++e; + continue; + } + if (*e == '!' && !quot) + { + len = 0; + sender[len] = '\0'; + } + else + if (len < MAX_USER_LEN) + sender[len++] = *e; + ++e; } - len = p - from; + if (len < MAX_USER_LEN) + sender[len] = '\0'; + else + sender[MAX_USER_LEN - 1] = '\0'; + + if (len <= 0) + return FALSE; +#if 0 + if (quot) + return FALSE; /* syntax error... */ +#endif /* 0 */ + + /* test prefixes */ + for (cur = ignorepre; cur->name != NULL; ++cur) + { + if (len >= cur->len && + strncasecmp(cur->name, sender, cur->len) == 0) + return TRUE; + } + + /* + ** If the name is truncated, don't test the rest. + ** We could extract the "tail" of the sender address and + ** compare it it ignorepost, however, it seems not worth + ** the effort. + ** The address surely can't match any entry in ignore[] + ** (as long as all of them are shorter than MAX_USER_LEN). + */ + + if (len > MAX_USER_LEN) + return FALSE; + + /* test full local parts */ for (cur = ignore; cur->name != NULL; ++cur) { + if (len == cur->len && + strncasecmp(cur->name, sender, cur->len) == 0) + return TRUE; + } + + /* test postfixes */ + for (cur = ignorepost; cur->name != NULL; ++cur) + { if (len >= cur->len && - strncasecmp(cur->name, p - cur->len, cur->len) == 0) + strncasecmp(cur->name, e - cur->len - 1, + cur->len) == 0) return TRUE; } + return FALSE; } #define VIT "__VACATION__INTERVAL__TIMER__" /* ** RECENT -- ** find out if user has gotten a vacation message recently. ** ** Parameters: ** none. ** ** Returns: ** TRUE iff user has gotten a vacation message recently. ** */ bool recent() { SMDB_DBENT key, data; time_t then, next; bool trydomain = FALSE; int st; char *domain; memset(&key, '\0', sizeof key); memset(&data, '\0', sizeof data); /* get interval time */ - key.data.data = VIT; - key.data.size = sizeof(VIT); + key.data = VIT; + key.size = sizeof(VIT); st = Db->smdb_get(Db, &key, &data, 0); if (st != SMDBE_OK) next = SECSPERDAY * DAYSPERWEEK; else - memmove(&next, data.data.data, sizeof(next)); + memmove(&next, data.data, sizeof(next)); memset(&data, '\0', sizeof data); /* get record for this address */ - key.data.data = From; - key.data.size = strlen(From); + key.data = From; + key.size = strlen(From); do { st = Db->smdb_get(Db, &key, &data, 0); if (st == SMDBE_OK) { - memmove(&then, data.data.data, sizeof(then)); + memmove(&then, data.data, sizeof(then)); if (next == ONLY_ONCE || then == ONLY_ONCE || then + next > time(NULL)) return TRUE; } if ((trydomain = !trydomain) && (domain = strchr(From, '@')) != NULL) { - key.data.data = domain; - key.data.size = strlen(domain); + key.data = domain; + key.size = strlen(domain); } } while (trydomain); return FALSE; } /* ** SETINTERVAL -- ** store the reply interval ** ** Parameters: ** interval -- time interval for replies. ** ** Returns: ** nothing. ** ** Side Effects: ** stores the reply interval in database. */ void setinterval(interval) time_t interval; { SMDB_DBENT key, data; memset(&key, '\0', sizeof key); memset(&data, '\0', sizeof data); - key.data.data = VIT; - key.data.size = sizeof(VIT); - data.data.data = (char*) &interval; - data.data.size = sizeof(interval); - (void)(Db->smdb_put)(Db, &key, &data, 0); + key.data = VIT; + key.size = sizeof(VIT); + data.data = (char*) &interval; + data.size = sizeof(interval); + (void) (Db->smdb_put)(Db, &key, &data, 0); } /* ** SETREPLY -- ** store that this user knows about the vacation. ** ** Parameters: ** from -- sender address. ** when -- last reply time. ** ** Returns: ** nothing. ** ** Side Effects: ** stores user/time in database. */ void setreply(from, when) char *from; time_t when; { SMDB_DBENT key, data; memset(&key, '\0', sizeof key); memset(&data, '\0', sizeof data); - key.data.data = from; - key.data.size = strlen(from); - data.data.data = (char*) &when; - data.data.size = sizeof(when); - (void)(Db->smdb_put)(Db, &key, &data, 0); + key.data = from; + key.size = strlen(from); + data.data = (char*) &when; + data.size = sizeof(when); + (void) (Db->smdb_put)(Db, &key, &data, 0); } /* ** XCLUDE -- ** add users to vacation db so they don't get a reply. ** ** Parameters: ** f -- file pointer with list of address to exclude ** ** Returns: ** nothing. ** ** Side Effects: ** stores users in database. */ void xclude(f) FILE *f; { char buf[MAXLINE], *p; if (f == NULL) return; while (fgets(buf, sizeof buf, f)) { if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; setreply(buf, ONLY_ONCE); } } /* ** SENDMESSAGE -- ** exec sendmail to send the vacation file to sender ** ** Parameters: ** myname -- user name. ** msgfn -- name of file with vacation message. ** emptysender -- use <> as sender address? ** ** Returns: ** nothing. ** ** Side Effects: ** sends vacation reply. */ void sendmessage(myname, msgfn, emptysender) char *myname; char *msgfn; bool emptysender; { FILE *mfp, *sfp; int i; int pvect[2]; char buf[MAXLINE]; mfp = fopen(msgfn, "r"); if (mfp == NULL) { if (msgfn[0] == '/') msglog(LOG_NOTICE, "vacation: no %s file.\n", msgfn); else msglog(LOG_NOTICE, "vacation: no ~%s/%s file.\n", myname, msgfn); exit(EX_NOINPUT); } if (pipe(pvect) < 0) { msglog(LOG_ERR, "vacation: pipe: %s", errstring(errno)); exit(EX_OSERR); } i = fork(); if (i < 0) { msglog(LOG_ERR, "vacation: fork: %s", errstring(errno)); exit(EX_OSERR); } if (i == 0) { (void) dup2(pvect[0], 0); (void) close(pvect[0]); (void) close(pvect[1]); (void) fclose(mfp); if (emptysender) myname = "<>"; (void) execl(_PATH_SENDMAIL, "sendmail", "-oi", "-f", myname, "--", From, NULL); msglog(LOG_ERR, "vacation: can't exec %s: %s", _PATH_SENDMAIL, errstring(errno)); exit(EX_UNAVAILABLE); } /* check return status of the following calls? XXX */ (void) close(pvect[0]); if ((sfp = fdopen(pvect[1], "w")) != NULL) { (void) fprintf(sfp, "To: %s\n", From); (void) fprintf(sfp, "Auto-Submitted: auto-generated\n"); while (fgets(buf, sizeof buf, mfp)) (void) fputs(buf, sfp); (void) fclose(mfp); (void) fclose(sfp); } else { (void) fclose(mfp); msglog(LOG_ERR, "vacation: can't open pipe to sendmail"); exit(EX_UNAVAILABLE); } } void usage() { msglog(LOG_NOTICE, "uid %u: usage: vacation [-i] [-a alias]%s [-f db]%s [-m msg] [-r interval] [-s sender] [-t time] [-x] [-z] login\n", getuid(), #if _FFR_DEBUG " [-d]", #else /* _FFR_DEBUG */ "", #endif /* _FFR_DEBUG */ #if _FFR_LISTDB " [-l]" #else /* _FFR_LISTDB */ "" #endif /* _FFR_LISTDB */ ); exit(EX_USAGE); } #if _FFR_LISTDB /* ** LISTDB -- list the contents of the vacation database ** ** Parameters: ** none. ** ** Returns: ** nothing. */ static void listdb() { int result; time_t t; SMDB_CURSOR *cursor = NULL; SMDB_DBENT db_key, db_value; memset(&db_key, '\0', sizeof db_key); memset(&db_value, '\0', sizeof db_value); result = Db->smdb_cursor(Db, &cursor, 0); if (result != SMDBE_OK) { fprintf(stderr, "vacation: set cursor: %s\n", errstring(result)); return; } while ((result = cursor->smdbc_get(cursor, &db_key, &db_value, SMDB_CURSOR_GET_NEXT)) == SMDBE_OK) { /* skip magic VIT entry */ - if ((int)db_key.data.size -1 == strlen(VIT) && - strncmp((char *)db_key.data.data, VIT, - (int)db_key.data.size - 1) == 0) + if ((int)db_key.size -1 == strlen(VIT) && + strncmp((char *)db_key.data, VIT, + (int)db_key.size - 1) == 0) continue; /* skip bogus values */ - if (db_value.data.size != sizeof t) + if (db_value.size != sizeof t) { fprintf(stderr, "vacation: %.*s invalid time stamp\n", - (int) db_key.data.size, - (char *) db_key.data.data); + (int) db_key.size, (char *) db_key.data); continue; } - memcpy(&t, db_value.data.data, sizeof t); + memcpy(&t, db_value.data, sizeof t); - if (db_key.data.size > 40) - db_key.data.size = 40; + if (db_key.size > 40) + db_key.size = 40; printf("%-40.*s %-10s", - (int) db_key.data.size, (char *) db_key.data.data, - ctime(&t)); + (int) db_key.size, (char *) db_key.data, ctime(&t)); memset(&db_key, '\0', sizeof db_key); memset(&db_value, '\0', sizeof db_value); } if (result != SMDBE_OK && result != SMDBE_LAST_ENTRY) { fprintf(stderr, "vacation: get value at cursor: %s\n", errstring(result)); if (cursor != NULL) { (void) cursor->smdbc_close(cursor); cursor = NULL; } return; } (void) cursor->smdbc_close(cursor); cursor = NULL; } #endif /* _FFR_LISTDB */ #if _FFR_DEBUG /* ** DEBUGLOG -- write message to standard error ** ** Append a message to the standard error for the convenience of ** end-users debugging without access to the syslog messages. ** ** Parameters: ** i -- syslog log level ** fmt -- string format ** ** Returns: ** nothing. */ /*VARARGS2*/ static void #ifdef __STDC__ debuglog(int i, const char *fmt, ...) #else /* __STDC__ */ debuglog(i, fmt, va_alist) int i; const char *fmt; va_dcl #endif /* __STDC__ */ { VA_LOCAL_DECL VA_START(fmt); vfprintf(stderr, fmt, ap); VA_END; } #endif /* _FFR_DEBUG */ /*VARARGS1*/ void #ifdef __STDC__ message(const char *msg, ...) #else /* __STDC__ */ message(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } /*VARARGS1*/ void #ifdef __STDC__ syserr(const char *msg, ...) #else /* __STDC__ */ syserr(msg, va_alist) const char *msg; va_dcl #endif /* __STDC__ */ { const char *m; VA_LOCAL_DECL m = msg; if (isascii(m[0]) && isdigit(m[0]) && isascii(m[1]) && isdigit(m[1]) && isascii(m[2]) && isdigit(m[2]) && m[3] == ' ') m += 4; VA_START(msg); (void) vfprintf(stderr, m, ap); VA_END; (void) fprintf(stderr, "\n"); } void dumpfd(fd, printclosed, logit) int fd; bool printclosed; bool logit; { return; }