static void smtpd_peer_hostaddr_to_sockaddr(SMTPD_STATE *state)
{
const char *myname = "smtpd_peer_hostaddr_to_sockaddr";
struct addrinfo *res;
int aierr;
if ((aierr = hostaddr_to_sockaddr(state->addr, state->port,
SOCK_STREAM, &res)) != 0)
msg_fatal("%s: cannot convert client address/port to string: %s",
myname, MAI_STRERROR(aierr));
if (res->ai_addrlen > sizeof(state->sockaddr))
msg_panic("%s: address length > struct sockaddr_storage", myname);
memcpy((void *) &(state->sockaddr), res->ai_addr, res->ai_addrlen);
state->sockaddr_len = res->ai_addrlen;
freeaddrinfo(res);
}
static void smtp_update_addr_list(DNS_RR **addr_list, const char *server_addr,
int session_count)
{
DNS_RR *addr;
DNS_RR *next;
int aierr;
struct addrinfo *res0;
if (*addr_list == 0)
return;
/*
* Truncate the address list if we are not going to use it anyway.
*/
if (session_count == var_smtp_mxsess_limit
|| session_count == var_smtp_mxaddr_limit) {
dns_rr_free(*addr_list);
*addr_list = 0;
return;
}
/*
* Convert server address to internal form, and look it up in the address
* list.
*
* XXX smtp_reuse_session() breaks if we remove two or more adjacent list
* elements but do not truncate the list to zero length.
*
* XXX Extend the SMTP_SESSION structure with sockaddr information so that
* we can avoid repeated string->binary transformations for the same
* address.
*/
if ((aierr = hostaddr_to_sockaddr(server_addr, (char *) 0, 0, &res0)) != 0) {
msg_warn("hostaddr_to_sockaddr %s: %s",
server_addr, MAI_STRERROR(aierr));
} else {
for (addr = *addr_list; addr; addr = next) {
next = addr->next;
if (DNS_RR_EQ_SA(addr, (struct sockaddr *) res0->ai_addr)) {
*addr_list = dns_rr_remove(*addr_list, addr);
break;
}
}
freeaddrinfo(res0);
}
}
int main(int argc, char **argv)
{
MAI_HOSTADDR_STR hostaddr;
struct addrinfo *res0;
struct addrinfo *res;
struct addrinfo **resv;
size_t len, n;
DNS_RR *rr;
int aierr;
myname = argv[0];
if (argc < 2)
usage();
inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
while (*++argv) {
if ((aierr = hostname_to_sockaddr(argv[0], (char *) 0, 0, &res0)) != 0)
msg_fatal("%s: %s", argv[0], MAI_STRERROR(aierr));
for (len = 0, res = res0; res != 0; res = res->ai_next)
len += 1;
resv = (struct addrinfo **) mymalloc(len * sizeof(*resv));
for (len = 0, res = res0; res != 0; res = res->ai_next)
resv[len++] = res;
qsort((void *) resv, len, sizeof(*resv), compare_family);
for (n = 0; n < len; n++) {
if ((rr = dns_sa_to_rr(argv[0], 0, resv[n]->ai_addr)) == 0)
msg_fatal("dns_sa_to_rr: %m");
if (dns_rr_to_pa(rr, &hostaddr) == 0)
msg_fatal("dns_rr_to_pa: %m");
vstream_printf("%s -> %s\n", argv[0], hostaddr.buf);
vstream_fflush(VSTREAM_OUT);
dns_rr_free(rr);
}
freeaddrinfo(res0);
myfree((void *) resv);
}
return (0);
}
static SMTP_SESSION *smtp_connect_addr(SMTP_ITERATOR *iter, DSN_BUF *why,
int sess_flags)
{
const char *myname = "smtp_connect_addr";
struct sockaddr_storage ss; /* remote */
struct sockaddr *sa = (struct sockaddr *) &ss;
SOCKADDR_SIZE salen = sizeof(ss);
MAI_HOSTADDR_STR hostaddr;
DNS_RR *addr = iter->rr;
unsigned port = iter->port;
int sock;
char *bind_addr;
char *bind_var;
dsb_reset(why); /* Paranoia */
/*
* Sanity checks.
*/
if (dns_rr_to_sa(addr, port, sa, &salen) != 0) {
msg_warn("%s: skip address type %s: %m",
myname, dns_strtype(addr->type));
dsb_simple(why, "4.4.0", "network address conversion failed: %m");
return (0);
}
/*
* Initialize.
*/
if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0)
msg_fatal("%s: socket: %m", myname);
if (inet_windowsize > 0)
set_inet_windowsize(sock, inet_windowsize);
/*
* Allow the sysadmin to specify the source address, for example, as "-o
* smtp_bind_address=x.x.x.x" in the master.cf file.
*/
#ifdef HAS_IPV6
if (sa->sa_family == AF_INET6) {
bind_addr = var_smtp_bind_addr6;
bind_var = VAR_LMTP_SMTP(BIND_ADDR6);
} else
#endif
if (sa->sa_family == AF_INET) {
bind_addr = var_smtp_bind_addr;
bind_var = VAR_LMTP_SMTP(BIND_ADDR);
} else
bind_var = bind_addr = "";
if (*bind_addr) {
int aierr;
struct addrinfo *res0;
if ((aierr = hostaddr_to_sockaddr(bind_addr, (char *) 0, 0, &res0)) != 0)
msg_fatal("%s: bad %s parameter: %s: %s",
myname, bind_var, bind_addr, MAI_STRERROR(aierr));
if (bind(sock, res0->ai_addr, res0->ai_addrlen) < 0)
msg_warn("%s: bind %s: %m", myname, bind_addr);
else if (msg_verbose)
msg_info("%s: bind %s", myname, bind_addr);
freeaddrinfo(res0);
}
/*
* When running as a virtual host, bind to the virtual interface so that
* the mail appears to come from the "right" machine address.
*
* XXX The IPv6 patch expands the null host (as client endpoint) and uses
* the result as the loopback address list.
*/
else {
int count = 0;
struct sockaddr *own_addr = 0;
INET_ADDR_LIST *addr_list = own_inet_addr_list();
struct sockaddr_storage *s;
for (s = addr_list->addrs; s < addr_list->addrs + addr_list->used; s++) {
if (SOCK_ADDR_FAMILY(s) == sa->sa_family) {
if (count++ > 0)
break;
own_addr = SOCK_ADDR_PTR(s);
}
}
if (count == 1 && !sock_addr_in_loopback(own_addr)) {
if (bind(sock, own_addr, SOCK_ADDR_LEN(own_addr)) < 0) {
SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr),
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
msg_warn("%s: bind %s: %m", myname, hostaddr.buf);
} else if (msg_verbose) {
SOCKADDR_TO_HOSTADDR(own_addr, SOCK_ADDR_LEN(own_addr),
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
msg_info("%s: bind %s", myname, hostaddr.buf);
}
}
}
/*
* Connect to the server.
*/
if (msg_verbose)
msg_info("%s: trying: %s[%s] port %d...",
myname, STR(iter->host), STR(iter->addr), ntohs(port));
return (smtp_connect_sock(sock, sa, salen, iter, why, sess_flags));
}
void smtpd_peer_init(SMTPD_STATE *state)
{
const char *myname = "smtpd_peer_init";
SOCKADDR_SIZE sa_length;
struct sockaddr *sa;
INET_PROTO_INFO *proto_info = inet_proto_info();
sa = (struct sockaddr *) & (state->sockaddr);
sa_length = sizeof(state->sockaddr);
/*
* Look up the peer address information.
*
* XXX If we make local endpoint (getsockname) information available to
* Milter applications as {if_name} and {if_addr}, then we also must be
* able to provide this via the XCLIENT command for Milter testing.
*
* XXX If we make local or remote port information available to policy
* servers or Milter applications, then we must also make this testable
* with the XCLIENT command, otherwise there will be confusion.
*
* XXX If we make local or remote port information available via logging,
* then we must also support these attributes with the XFORWARD command.
*
* XXX If support were to be added for Milter applications in down-stream
* MTAs, then consistency demands that we propagate a lot of Sendmail
* macro information via the XFORWARD command. Otherwise we could end up
* with a very confusing situation.
*/
if (getpeername(vstream_fileno(state->client), sa, &sa_length) >= 0) {
errno = 0;
}
/*
* If peer went away, give up.
*/
if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->addr_family = AF_UNSPEC;
state->name_status = SMTPD_PEER_CODE_PERM;
state->reverse_name_status = SMTPD_PEER_CODE_PERM;
state->port = mystrdup(CLIENT_PORT_UNKNOWN);
}
/*
* Convert the client address to printable address and hostname.
*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
* Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
* else clause, pretend the origin is localhost[127.0.0.1], and become an
* open relay).
*/
else if (errno == 0
&& (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
MAI_SERVPORT_STR client_port;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
#ifdef AF_INET6
sa->sa_family == AF_INET6 ? "AF_INET6" :
#endif
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.
*/
if (geteuid() != var_owner_uid || getuid() != var_owner_uid) {
msg_error("incorrect SMTP server privileges: uid=%lu euid=%lu",
(unsigned long) getuid(), (unsigned long) geteuid());
msg_fatal("the Postfix SMTP server must run with $%s privileges",
VAR_MAIL_OWNER);
}
/*
* Convert the client address to printable form.
*/
if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
&client_port, 0)) != 0)
msg_fatal("%s: cannot convert client address/port to string: %s",
myname, MAI_STRERROR(aierr));
state->port = mystrdup(client_port.buf);
/*
* XXX Strip off the IPv6 datalink suffix to avoid false alarms with
* strict address syntax checks.
*/
#ifdef HAS_IPV6
(void) split_at(client_addr.buf, '%');
#endif
/*
* We convert IPv4-in-IPv6 address to 'true' IPv4 address early on,
* but only if IPv4 support is enabled (why would anyone want to turn
* it off)? With IPv4 support enabled we have no need for the IPv6
* form in logging, hostname verification and access checks.
*/
#ifdef HAS_IPV6
if (sa->sa_family == AF_INET6) {
if (strchr((char *) proto_info->sa_family_list, AF_INET) != 0
&& IN6_IS_ADDR_V4MAPPED(&SOCK_ADDR_IN6_ADDR(sa))
&& (colonp = strrchr(client_addr.buf, ':')) != 0) {
struct addrinfo *res0;
if (msg_verbose > 1)
msg_info("%s: rewriting V4-mapped address \"%s\" to \"%s\"",
myname, client_addr.buf, colonp + 1);
state->addr = mystrdup(colonp + 1);
state->rfc_addr = mystrdup(colonp + 1);
state->addr_family = AF_INET;
aierr = hostaddr_to_sockaddr(state->addr, (char *) 0, 0, &res0);
if (aierr)
msg_fatal("%s: cannot convert %s from string to binary: %s",
myname, state->addr, MAI_STRERROR(aierr));
sa_length = res0->ai_addrlen;
if (sa_length > sizeof(state->sockaddr))
sa_length = sizeof(state->sockaddr);
memcpy((char *) sa, res0->ai_addr, sa_length);
freeaddrinfo(res0); /* 200412 */
}
/*
* Following RFC 2821 section 4.1.3, an IPv6 address literal gets
* a prefix of 'IPv6:'. We do this consistently for all IPv6
* addresses that that appear in headers or envelopes. The fact
* that valid_mailhost_addr() enforces the form helps of course.
* We use the form without IPV6: prefix when doing access
* control, or when accessing the connection cache.
*/
else {
state->addr = mystrdup(client_addr.buf);
state->rfc_addr =
concatenate(IPV6_COL, client_addr.buf, (char *) 0);
state->addr_family = sa->sa_family;
}
}
/*
* An IPv4 address is in dotted quad decimal form.
*/
else
#endif
{
state->addr = mystrdup(client_addr.buf);
state->rfc_addr = mystrdup(client_addr.buf);
state->addr_family = sa->sa_family;
}
/*
* Look up and sanity check the client hostname.
*
* It is unsafe to allow numeric hostnames, especially because there
* exists pressure to turn off the name->addr double check. In that
* case an attacker could trivally bypass access restrictions.
*
* sockaddr_to_hostname() already rejects malformed or numeric names.
*/
#define TEMP_AI_ERROR(e) \
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
#define REJECT_PEER_NAME(state, code) { \
myfree(state->name); \
state->name = mystrdup(CLIENT_NAME_UNKNOWN); \
state->name_status = code; \
}
if (var_smtpd_peername_lookup == 0) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->name_status = SMTPD_PEER_CODE_PERM;
state->reverse_name_status = SMTPD_PEER_CODE_PERM;
} else if ((aierr = sockaddr_to_hostname(sa, sa_length, &client_name,
(MAI_SERVNAME_STR *) 0, 0)) != 0) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->name_status = (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM);
state->reverse_name_status = (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM);
} else {
struct addrinfo *res0;
struct addrinfo *res;
state->name = mystrdup(client_name.buf);
state->reverse_name = mystrdup(client_name.buf);
state->name_status = SMTPD_PEER_CODE_OK;
state->reverse_name_status = SMTPD_PEER_CODE_OK;
/*
* Reject the hostname if it does not list the peer address.
* Without further validation or qualification, such information
* must not be allowed to enter the audit trail, as people would
* draw false conclusions.
*/
aierr = hostname_to_sockaddr_pf(state->name, state->addr_family,
(char *) 0, 0, &res0);
if (aierr) {
msg_warn("%s: hostname %s verification failed: %s",
state->addr, state->name, MAI_STRERROR(aierr));
REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
} else {
for (res = res0; /* void */ ; res = res->ai_next) {
if (res == 0) {
msg_warn("%s: address not listed for hostname %s",
state->addr, state->name);
REJECT_PEER_NAME(state, SMTPD_PEER_CODE_FORGED);
break;
}
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
msg_info("skipping address family %d for host %s",
res->ai_family, state->name);
continue;
}
if (sock_addr_cmp_addr(res->ai_addr, sa) == 0)
break; /* keep peer name */
}
freeaddrinfo(res0);
}
}
}
/*
* If it's not Internet, assume the client is local, and avoid using the
* naming service because that can hang when the machine is disconnected.
*/
else {
state->name = mystrdup("localhost");
state->reverse_name = mystrdup("localhost");
state->addr = mystrdup("127.0.0.1"); /* XXX bogus. */
state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */
state->addr_family = AF_UNSPEC;
state->name_status = SMTPD_PEER_CODE_OK;
state->reverse_name_status = SMTPD_PEER_CODE_OK;
state->port = mystrdup("0"); /* XXX bogus. */
}
/*
* Do the name[addr]:port formatting for pretty reports.
*/
state->namaddr = SMTPD_BUILD_NAMADDRPORT(state->name, state->addr,
state->port);
}
int main(int argc, char **argv)
{
SESSION *session;
char *host;
char *port;
char *path;
int path_len;
int sessions = 1;
int ch;
int i;
char *buf;
const char *parse_err;
struct addrinfo *res;
int aierr;
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
char *message_file = 0;
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
signal(SIGPIPE, SIG_IGN);
msg_vstream_init(argv[0], VSTREAM_ERR);
/*
* Parse JCL.
*/
while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:T:vw:")) > 0) {
switch (ch) {
case '4':
protocols = INET_PROTO_NAME_IPV4;
break;
case '6':
protocols = INET_PROTO_NAME_IPV6;
break;
case 'A':
allow_reject = 1;
break;
case 'c':
count++;
break;
case 'C':
if ((connect_count = atoi(optarg)) <= 0)
msg_fatal("bad connection count: %s", optarg);
break;
case 'd':
disconnect = 0;
break;
case 'f':
sender = optarg;
break;
case 'F':
if (message_file == 0 && message_length > 0)
msg_fatal("-l option cannot be used with -F");
message_file = optarg;
break;
case 'l':
if (message_file != 0)
msg_fatal("-l option cannot be used with -F");
if ((message_length = atoi(optarg)) <= 0)
msg_fatal("bad message length: %s", optarg);
break;
case 'L':
talk_lmtp = 1;
break;
case 'm':
if ((message_count = atoi(optarg)) <= 0)
msg_fatal("bad message count: %s", optarg);
break;
case 'M':
if (*optarg == '[') {
if (!valid_mailhost_literal(optarg, DO_GRIPE))
msg_fatal("bad address literal: %s", optarg);
} else {
if (!valid_hostname(optarg, DO_GRIPE))
msg_fatal("bad hostname: %s", optarg);
}
var_myhostname = optarg;
break;
case 'N':
number_rcpts = 1;
break;
case 'o':
send_helo_first = 0;
send_headers = 0;
break;
case 'r':
if ((recipients = atoi(optarg)) <= 0)
msg_fatal("bad recipient count: %s", optarg);
break;
case 'R':
if (fixed_delay > 0)
msg_fatal("do not use -w and -R options at the same time");
if ((random_delay = atoi(optarg)) <= 0)
msg_fatal("bad random delay: %s", optarg);
break;
case 's':
if ((sessions = atoi(optarg)) <= 0)
msg_fatal("bad session count: %s", optarg);
break;
case 'S':
subject = optarg;
break;
case 't':
recipient = optarg;
break;
case 'T':
if ((inet_windowsize = atoi(optarg)) <= 0)
msg_fatal("bad TCP window size: %s", optarg);
break;
case 'v':
msg_verbose++;
break;
case 'w':
if (random_delay > 0)
msg_fatal("do not use -w and -R options at the same time");
if ((fixed_delay = atoi(optarg)) <= 0)
msg_fatal("bad fixed delay: %s", optarg);
break;
default:
usage(argv[0]);
}
}
if (argc - optind != 1)
usage(argv[0]);
if (random_delay > 0)
srand(getpid());
/*
* Initialize the message content, SMTP encoded. smtp_fputs() will append
* another \r\n but we don't care.
*/
if (message_file != 0) {
VSTREAM *fp;
VSTRING *buf = vstring_alloc(100);
VSTRING *msg = vstring_alloc(100);
if ((fp = vstream_fopen(message_file, O_RDONLY, 0)) == 0)
msg_fatal("open %s: %m", message_file);
while (vstring_get_nonl(buf, fp) != VSTREAM_EOF) {
if (*vstring_str(buf) == '.')
VSTRING_ADDCH(msg, '.');
vstring_memcat(msg, vstring_str(buf), VSTRING_LEN(buf));
vstring_memcat(msg, "\r\n", 2);
}
if (vstream_ferror(fp))
msg_fatal("read %s: %m", message_file);
vstream_fclose(fp);
vstring_free(buf);
message_length = VSTRING_LEN(msg);
message_data = vstring_export(msg);
send_headers = 0;
} else if (message_length > 0) {
message_data = mymalloc(message_length);
memset(message_data, 'X', message_length);
for (i = 80; i < message_length; i += 80) {
message_data[i - 80] = "0123456789"[(i / 80) % 10];
message_data[i - 2] = '\r';
message_data[i - 1] = '\n';
}
}
/*
* Translate endpoint address to internal form.
*/
proto_info = inet_proto_init("protocols", protocols);
if (strncmp(argv[optind], "unix:", 5) == 0) {
path = argv[optind] + 5;
path_len = strlen(path);
if (path_len >= (int) sizeof(sun.sun_path))
msg_fatal("unix-domain name too long: %s", path);
memset((char *) &sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
#ifdef HAS_SUN_LEN
sun.sun_len = path_len + 1;
#endif
memcpy(sun.sun_path, path, path_len);
sa = (struct sockaddr *) & sun;
sa_length = sizeof(sun);
} else {
if (strncmp(argv[optind], "inet:", 5) == 0)
argv[optind] += 5;
buf = mystrdup(argv[optind]);
if ((parse_err = host_port(buf, &host, (char *) 0, &port, "smtp")) != 0)
msg_fatal("%s: %s", argv[optind], parse_err);
if ((aierr = hostname_to_sockaddr(host, port, SOCK_STREAM, &res)) != 0)
msg_fatal("%s: %s", argv[optind], MAI_STRERROR(aierr));
myfree(buf);
sa = (struct sockaddr *) & ss;
if (res->ai_addrlen > sizeof(ss))
msg_fatal("address length %d > buffer length %d",
(int) res->ai_addrlen, (int) sizeof(ss));
memcpy((char *) sa, res->ai_addr, res->ai_addrlen);
sa_length = res->ai_addrlen;
#ifdef HAS_SA_LEN
sa->sa_len = sa_length;
#endif
freeaddrinfo(res);
}
/*
* Make sure the SMTP server cannot run us out of memory by sending
* never-ending lines of text.
*/
if (buffer == 0) {
buffer = vstring_alloc(100);
vstring_ctl(buffer, VSTRING_CTL_MAXLEN, (ssize_t) var_line_limit, 0);
}
/*
* Make sure we have sender and recipient addresses.
*/
if (var_myhostname == 0)
var_myhostname = get_hostname();
if (sender == 0 || recipient == 0) {
vstring_sprintf(buffer, "foo@%s", var_myhostname);
defaddr = mystrdup(vstring_str(buffer));
if (sender == 0)
sender = defaddr;
if (recipient == 0)
recipient = defaddr;
}
/*
* Start sessions.
*/
while (sessions-- > 0) {
session = (SESSION *) mymalloc(sizeof(*session));
session->stream = 0;
session->xfer_count = 0;
session->connect_count = connect_count;
session->next = 0;
session_count++;
startup(session);
}
for (;;) {
event_loop(-1);
if (session_count <= 0 && message_count <= 0) {
if (count) {
VSTREAM_PUTC('\n', VSTREAM_OUT);
vstream_fflush(VSTREAM_OUT);
}
exit(0);
}
}
}
static void psc_service(VSTREAM *smtp_client_stream,
char *unused_service,
char **unused_argv)
{
const char *myname = "psc_service";
PSC_STATE *state;
struct sockaddr_storage addr_storage;
SOCKADDR_SIZE addr_storage_len = sizeof(addr_storage);
MAI_HOSTADDR_STR smtp_client_addr;
MAI_SERVPORT_STR smtp_client_port;
MAI_HOSTADDR_STR smtp_server_addr;
MAI_SERVPORT_STR smtp_server_port;
int aierr;
const char *stamp_str;
int saved_flags;
/*
* For sanity, require that at least one of INET or INET6 is enabled.
* Otherwise, we can't look up interface information, and we can't
* convert names or addresses.
*/
if (inet_proto_info()->ai_family_list[0] == 0)
msg_fatal("all network protocols are disabled (%s = %s)",
VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* This program handles all incoming connections, so it must not block.
* We use event-driven code for all operations that introduce latency.
*
* Note: instead of using VSTREAM-level timeouts, we enforce limits on the
* total amount of time to receive a complete SMTP command line.
*/
non_blocking(vstream_fileno(smtp_client_stream), NON_BLOCKING);
/*
* We use the event_server framework. This means we get already-accepted
* connections so we have to invoke getpeername() to find out the remote
* address and port.
*/
/* Best effort - if this non-blocking write(2) fails, so be it. */
#define PSC_SERVICE_DISCONNECT_AND_RETURN(stream) do { \
(void) write(vstream_fileno(stream), \
"421 4.3.2 No system resources\r\n", \
sizeof("421 4.3.2 No system resources\r\n") - 1); \
event_server_disconnect(stream); \
return; \
} while (0);
/*
* Look up the remote SMTP client address and port.
*/
if (getpeername(vstream_fileno(smtp_client_stream), (struct sockaddr *)
& addr_storage, &addr_storage_len) < 0) {
msg_warn("getpeername: %m -- dropping this connection");
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
}
/*
* Convert the remote SMTP client address and port to printable form for
* logging and access control.
*/
if ((aierr = sockaddr_to_hostaddr((struct sockaddr *) & addr_storage,
addr_storage_len, &smtp_client_addr,
&smtp_client_port, 0)) != 0) {
msg_warn("cannot convert client address/port to string: %s"
" -- dropping this connection",
MAI_STRERROR(aierr));
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
}
if (strncasecmp("::ffff:", smtp_client_addr.buf, 7) == 0)
memmove(smtp_client_addr.buf, smtp_client_addr.buf + 7,
sizeof(smtp_client_addr.buf) - 7);
if (msg_verbose > 1)
msg_info("%s: sq=%d cq=%d connect from [%s]:%s",
myname, psc_post_queue_length, psc_check_queue_length,
smtp_client_addr.buf, smtp_client_port.buf);
/*
* Look up the local SMTP server address and port.
*/
if (getsockname(vstream_fileno(smtp_client_stream), (struct sockaddr *)
& addr_storage, &addr_storage_len) < 0) {
msg_warn("getsockname: %m -- dropping this connection");
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
}
/*
* Convert the local SMTP server address and port to printable form for
* logging and access control.
*/
if ((aierr = sockaddr_to_hostaddr((struct sockaddr *) & addr_storage,
addr_storage_len, &smtp_server_addr,
&smtp_server_port, 0)) != 0) {
msg_warn("cannot convert server address/port to string: %s"
" -- dropping this connection",
MAI_STRERROR(aierr));
PSC_SERVICE_DISCONNECT_AND_RETURN(smtp_client_stream);
}
if (strncasecmp("::ffff:", smtp_server_addr.buf, 7) == 0)
memmove(smtp_server_addr.buf, smtp_server_addr.buf + 7,
sizeof(smtp_server_addr.buf) - 7);
msg_info("CONNECT from [%s]:%s to [%s]:%s",
smtp_client_addr.buf, smtp_client_port.buf,
smtp_server_addr.buf, smtp_server_port.buf);
/*
* Bundle up all the loose session pieces. This zeroes all flags and time
* stamps.
*/
state = psc_new_session_state(smtp_client_stream, smtp_client_addr.buf,
smtp_client_port.buf);
/*
* Reply with 421 when the client has too many open connections.
*/
if (var_psc_cconn_limit > 0
&& state->client_concurrency > var_psc_cconn_limit) {
msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: too many connections",
state->smtp_client_addr, state->smtp_client_port);
PSC_DROP_SESSION_STATE(state,
"421 4.7.0 Error: too many connections\r\n");
return;
}
/*
* Reply with 421 when we can't forward more connections.
*/
if (var_psc_post_queue_limit > 0
&& psc_post_queue_length >= var_psc_post_queue_limit) {
msg_info("NOQUEUE: reject: CONNECT from [%s]:%s: all server ports busy",
state->smtp_client_addr, state->smtp_client_port);
PSC_DROP_SESSION_STATE(state,
"421 4.3.2 All server ports are busy\r\n");
return;
}
/*
* The permanent white/blacklist has highest precedence.
*/
if (psc_acl != 0) {
switch (psc_acl_eval(state, psc_acl, VAR_PSC_ACL)) {
/*
* Permanently blacklisted.
*/
case PSC_ACL_ACT_BLACKLIST:
msg_info("BLACKLISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
switch (psc_blist_action) {
case PSC_ACT_DROP:
PSC_DROP_SESSION_STATE(state,
"521 5.3.2 Service currently unavailable\r\n");
return;
case PSC_ACT_ENFORCE:
PSC_ENFORCE_SESSION_STATE(state,
"550 5.3.2 Service currently unavailable\r\n");
break;
case PSC_ACT_IGNORE:
PSC_UNFAIL_SESSION_STATE(state, PSC_STATE_FLAG_BLIST_FAIL);
/*
* Not: PSC_PASS_SESSION_STATE. Repeat this test the next
* time.
*/
break;
default:
msg_panic("%s: unknown blacklist action value %d",
myname, psc_blist_action);
}
break;
/*
* Permanently whitelisted.
*/
case PSC_ACL_ACT_WHITELIST:
msg_info("WHITELISTED [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
psc_conclude(state);
return;
/*
* Other: dunno (don't know) or error.
*/
default:
break;
}
}
/*
* The temporary whitelist (i.e. the postscreen cache) has the lowest
* precedence. This cache contains information about the results of prior
* tests. Whitelist the client when all enabled test results are still
* valid.
*/
if ((state->flags & PSC_STATE_MASK_ANY_FAIL) == 0
&& psc_cache_map != 0
&& (stamp_str = psc_cache_lookup(psc_cache_map, state->smtp_client_addr)) != 0) {
saved_flags = state->flags;
psc_parse_tests(state, stamp_str, event_time());
state->flags |= saved_flags;
if (msg_verbose)
msg_info("%s: cached + recent flags: %s",
myname, psc_print_state_flags(state->flags, myname));
if ((state->flags & PSC_STATE_MASK_ANY_TODO_FAIL) == 0) {
msg_info("PASS OLD [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
psc_conclude(state);
return;
}
} else {
saved_flags = state->flags;
psc_new_tests(state);
state->flags |= saved_flags;
if (msg_verbose)
msg_info("%s: new + recent flags: %s",
myname, psc_print_state_flags(state->flags, myname));
}
/*
* Don't whitelist clients that connect to backup MX addresses. Fail
* "closed" on error.
*/
if (addr_match_list_match(psc_wlist_if, smtp_server_addr.buf) == 0) {
state->flags |= (PSC_STATE_FLAG_WLIST_FAIL | PSC_STATE_FLAG_NOFORWARD);
msg_info("WHITELIST VETO [%s]:%s", PSC_CLIENT_ADDR_PORT(state));
}
/*
* Reply with 421 when we can't analyze more connections. That also means
* no deep protocol tests when the noforward flag is raised.
*/
if (var_psc_pre_queue_limit > 0
&& psc_check_queue_length - psc_post_queue_length
>= var_psc_pre_queue_limit) {
msg_info("reject: connect from [%s]:%s: all screening ports busy",
state->smtp_client_addr, state->smtp_client_port);
PSC_DROP_SESSION_STATE(state,
"421 4.3.2 All screening ports are busy\r\n");
return;
}
/*
* If the client has no up-to-date results for some tests, do those tests
* first. Otherwise, skip the tests and hand off the connection.
*/
if (state->flags & PSC_STATE_MASK_EARLY_TODO)
psc_early_tests(state);
else if (state->flags & (PSC_STATE_MASK_SMTPD_TODO | PSC_STATE_FLAG_NOFORWARD))
psc_smtpd_tests(state);
else
psc_conclude(state);
}
static void smtpd_peer_sockaddr_to_hostname(SMTPD_STATE *state)
{
struct sockaddr *sa = (struct sockaddr *) &(state->sockaddr);
SOCKADDR_SIZE sa_length = state->sockaddr_len;
MAI_HOSTNAME_STR client_name;
int aierr;
/*
* Look up and sanity check the client hostname.
*
* It is unsafe to allow numeric hostnames, especially because there exists
* pressure to turn off the name->addr double check. In that case an
* attacker could trivally bypass access restrictions.
*
* sockaddr_to_hostname() already rejects malformed or numeric names.
*/
#define TEMP_AI_ERROR(e) \
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
#define REJECT_PEER_NAME(state, code) { \
myfree(state->name); \
state->name = mystrdup(CLIENT_NAME_UNKNOWN); \
state->name_status = code; \
}
if (var_smtpd_peername_lookup == 0) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->name_status = SMTPD_PEER_CODE_PERM;
state->reverse_name_status = SMTPD_PEER_CODE_PERM;
} else if ((aierr = sockaddr_to_hostname(sa, sa_length, &client_name,
(MAI_SERVNAME_STR *) 0, 0)) != 0) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->name_status = (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM);
state->reverse_name_status = (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM);
} else {
struct addrinfo *res0;
struct addrinfo *res;
state->name = mystrdup(client_name.buf);
state->reverse_name = mystrdup(client_name.buf);
state->name_status = SMTPD_PEER_CODE_OK;
state->reverse_name_status = SMTPD_PEER_CODE_OK;
/*
* Reject the hostname if it does not list the peer address. Without
* further validation or qualification, such information must not be
* allowed to enter the audit trail, as people would draw false
* conclusions.
*/
aierr = hostname_to_sockaddr_pf(state->name, state->addr_family,
(char *) 0, 0, &res0);
if (aierr) {
msg_warn("hostname %s does not resolve to address %s: %s",
state->name, state->addr, MAI_STRERROR(aierr));
REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
} else {
for (res = res0; /* void */ ; res = res->ai_next) {
if (res == 0) {
msg_warn("hostname %s does not resolve to address %s",
state->name, state->addr);
REJECT_PEER_NAME(state, SMTPD_PEER_CODE_FORGED);
break;
}
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
msg_info("skipping address family %d for host %s",
res->ai_family, state->name);
continue;
}
if (sock_addr_cmp_addr(res->ai_addr, sa) == 0)
break; /* keep peer name */
}
freeaddrinfo(res0);
}
}
}
static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
{
const char *myname = "smtpd_peer_sockaddr_to_hostaddr";
struct sockaddr *sa = (struct sockaddr *) &(state->sockaddr);
SOCKADDR_SIZE sa_length = state->sockaddr_len;
/*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd,
* while Postfix IPv6 (or IPv4) support is turned off, don't (skip to the
* final else clause, pretend the origin is localhost[127.0.0.1], and
* become an open relay).
*/
if (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
) {
MAI_HOSTADDR_STR client_addr;
MAI_SERVPORT_STR client_port;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
#ifdef AF_INET6
sa->sa_family == AF_INET6 ? "AF_INET6" :
#endif
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.
*/
if (geteuid() != var_owner_uid || getuid() != var_owner_uid) {
msg_error("incorrect SMTP server privileges: uid=%lu euid=%lu",
(unsigned long) getuid(), (unsigned long) geteuid());
msg_fatal("the Postfix SMTP server must run with $%s privileges",
VAR_MAIL_OWNER);
}
/*
* Convert the client address to printable form.
*/
if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
&client_port, 0)) != 0)
msg_fatal("%s: cannot convert client address/port to string: %s",
myname, MAI_STRERROR(aierr));
state->port = mystrdup(client_port.buf);
/*
* XXX Require that the infrastructure strips off the IPv6 datalink
* suffix to avoid false alarms with strict address syntax checks.
*/
#ifdef HAS_IPV6
if (strchr(client_addr.buf, '%') != 0)
msg_panic("%s: address %s has datalink suffix",
myname, client_addr.buf);
#endif
/*
* We convert IPv4-in-IPv6 address to 'true' IPv4 address early on,
* but only if IPv4 support is enabled (why would anyone want to turn
* it off)? With IPv4 support enabled we have no need for the IPv6
* form in logging, hostname verification and access checks.
*/
#ifdef HAS_IPV6
if (sa->sa_family == AF_INET6) {
if (strchr((char *) proto_info->sa_family_list, AF_INET) != 0
&& IN6_IS_ADDR_V4MAPPED(&SOCK_ADDR_IN6_ADDR(sa))
&& (colonp = strrchr(client_addr.buf, ':')) != 0) {
struct addrinfo *res0;
if (msg_verbose > 1)
msg_info("%s: rewriting V4-mapped address \"%s\" to \"%s\"",
myname, client_addr.buf, colonp + 1);
state->addr = mystrdup(colonp + 1);
state->rfc_addr = mystrdup(colonp + 1);
state->addr_family = AF_INET;
aierr = hostaddr_to_sockaddr(state->addr, (char *) 0, 0, &res0);
if (aierr)
msg_fatal("%s: cannot convert %s from string to binary: %s",
myname, state->addr, MAI_STRERROR(aierr));
sa_length = res0->ai_addrlen;
if (sa_length > sizeof(state->sockaddr))
sa_length = sizeof(state->sockaddr);
memcpy((void *) sa, res0->ai_addr, sa_length);
freeaddrinfo(res0); /* 200412 */
}
/*
* Following RFC 2821 section 4.1.3, an IPv6 address literal gets
* a prefix of 'IPv6:'. We do this consistently for all IPv6
* addresses that that appear in headers or envelopes. The fact
* that valid_mailhost_addr() enforces the form helps of course.
* We use the form without IPV6: prefix when doing access
* control, or when accessing the connection cache.
*/
else {
state->addr = mystrdup(client_addr.buf);
state->rfc_addr =
concatenate(IPV6_COL, client_addr.buf, (char *) 0);
state->addr_family = sa->sa_family;
}
}
/*
* An IPv4 address is in dotted quad decimal form.
*/
else
#endif
{
state->addr = mystrdup(client_addr.buf);
state->rfc_addr = mystrdup(client_addr.buf);
state->addr_family = sa->sa_family;
}
return (0);
}
/*
* It's not Internet.
*/
else {
return (-1);
}
}
static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host,
unsigned pref, DSN_BUF *why)
{
const char *myname = "smtp_addr_one";
DNS_RR *addr = 0;
DNS_RR *rr;
int aierr;
struct addrinfo *res0;
struct addrinfo *res;
INET_PROTO_INFO *proto_info = inet_proto_info();
int found;
if (msg_verbose)
msg_info("%s: host %s", myname, host);
/*
* Interpret a numerical name as an address.
*/
if (hostaddr_to_sockaddr(host, (char *) 0, 0, &res0) == 0
&& strchr((char *) proto_info->sa_family_list, res0->ai_family) != 0) {
if ((addr = dns_sa_to_rr(host, pref, res0->ai_addr)) == 0)
msg_fatal("host %s: conversion error for address family %d: %m",
host, ((struct sockaddr *) (res0->ai_addr))->sa_family);
addr_list = dns_rr_append(addr_list, addr);
freeaddrinfo(res0);
return (addr_list);
}
/*
* Use DNS lookup, but keep the option open to use native name service.
*
* XXX A soft error dominates past and future hard errors. Therefore we
* should not clobber a soft error text and status code.
*/
if (smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) {
switch (dns_lookup_v(host, smtp_dns_res_opt, &addr, (VSTRING *) 0,
why->reason, DNS_REQ_FLAG_NONE,
proto_info->dns_atype_list)) {
case DNS_OK:
for (rr = addr; rr; rr = rr->next)
rr->pref = pref;
addr_list = dns_rr_append(addr_list, addr);
return (addr_list);
default:
dsb_status(why, "4.4.3");
return (addr_list);
case DNS_FAIL:
dsb_status(why, SMTP_HAS_SOFT_DSN(why) ? "4.4.3" : "5.4.3");
return (addr_list);
case DNS_INVAL:
dsb_status(why, SMTP_HAS_SOFT_DSN(why) ? "4.4.4" : "5.4.4");
return (addr_list);
case DNS_NOTFOUND:
dsb_status(why, SMTP_HAS_SOFT_DSN(why) ? "4.4.4" : "5.4.4");
/* maybe native naming service will succeed */
break;
}
}
/*
* Use the native name service which also looks in /etc/hosts.
*
* XXX A soft error dominates past and future hard errors. Therefore we
* should not clobber a soft error text and status code.
*/
#define RETRY_AI_ERROR(e) \
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
#ifdef EAI_NODATA
#define DSN_NOHOST(e) \
((e) == EAI_AGAIN || (e) == EAI_NODATA || (e) == EAI_NONAME)
#else
#define DSN_NOHOST(e) \
((e) == EAI_AGAIN || (e) == EAI_NONAME)
#endif
if (smtp_host_lookup_mask & SMTP_HOST_FLAG_NATIVE) {
if ((aierr = hostname_to_sockaddr(host, (char *) 0, 0, &res0)) != 0) {
dsb_simple(why, (SMTP_HAS_SOFT_DSN(why) || RETRY_AI_ERROR(aierr)) ?
(DSN_NOHOST(aierr) ? "4.4.4" : "4.3.0") :
(DSN_NOHOST(aierr) ? "5.4.4" : "5.3.0"),
"unable to look up host %s: %s",
host, MAI_STRERROR(aierr));
} else {
for (found = 0, res = res0; res != 0; res = res->ai_next) {
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
msg_info("skipping address family %d for host %s",
res->ai_family, host);
continue;
}
found++;
if ((addr = dns_sa_to_rr(host, pref, res->ai_addr)) == 0)
msg_fatal("host %s: conversion error for address family %d: %m",
host, ((struct sockaddr *) (res0->ai_addr))->sa_family);
addr_list = dns_rr_append(addr_list, addr);
}
freeaddrinfo(res0);
if (found == 0) {
dsb_simple(why, SMTP_HAS_SOFT_DSN(why) ? "4.4.4" : "5.4.4",
"%s: host not found", host);
}
return (addr_list);
}
}
/*
* No further alternatives for host lookup.
*/
return (addr_list);
}
static void psc_endpt_local_lookup(VSTREAM *smtp_client_stream,
PSC_ENDPT_LOOKUP_FN lookup_done)
{
struct sockaddr_storage addr_storage;
SOCKADDR_SIZE addr_storage_len = sizeof(addr_storage);
int status;
MAI_HOSTADDR_STR smtp_client_addr;
MAI_SERVPORT_STR smtp_client_port;
MAI_HOSTADDR_STR smtp_server_addr;
MAI_SERVPORT_STR smtp_server_port;
int aierr;
/*
* Look up the remote SMTP client address and port.
*/
if (getpeername(vstream_fileno(smtp_client_stream), (struct sockaddr *)
& addr_storage, &addr_storage_len) < 0) {
msg_warn("getpeername: %m -- dropping this connection");
status = -1;
}
/*
* Convert the remote SMTP client address and port to printable form for
* logging and access control.
*/
else if ((aierr = psc_sockaddr_to_hostaddr(
(struct sockaddr *) & addr_storage,
addr_storage_len, &smtp_client_addr,
&smtp_client_port, SOCK_STREAM)) != 0) {
msg_warn("cannot convert client address/port to string: %s"
" -- dropping this connection",
MAI_STRERROR(aierr));
status = -1;
}
/*
* Look up the local SMTP server address and port.
*/
else if (getsockname(vstream_fileno(smtp_client_stream),
(struct sockaddr *) & addr_storage,
&addr_storage_len) < 0) {
msg_warn("getsockname: %m -- dropping this connection");
status = -1;
}
/*
* Convert the local SMTP server address and port to printable form for
* logging.
*/
else if ((aierr = psc_sockaddr_to_hostaddr(
(struct sockaddr *) & addr_storage,
addr_storage_len, &smtp_server_addr,
&smtp_server_port, SOCK_STREAM)) != 0) {
msg_warn("cannot convert server address/port to string: %s"
" -- dropping this connection",
MAI_STRERROR(aierr));
status = -1;
} else {
status = 0;
}
lookup_done(status, smtp_client_stream,
&smtp_client_addr, &smtp_client_port,
&smtp_server_addr, &smtp_server_port);
}
int main(int argc, char **argv)
{
SESSION *session;
char *host;
char *port;
char *path;
int path_len;
int sessions = 1;
int ch;
ssize_t len;
int n;
int i;
char *buf;
const char *parse_err;
struct addrinfo *res;
int aierr;
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
signal(SIGPIPE, SIG_IGN);
msg_vstream_init(argv[0], VSTREAM_ERR);
/*
* Parse JCL.
*/
while ((ch = GETOPT(argc, argv, "46cC:f:l:m:M:r:R:s:t:vw:")) > 0) {
switch (ch) {
case '4':
protocols = INET_PROTO_NAME_IPV4;
break;
case '6':
protocols = INET_PROTO_NAME_IPV6;
break;
case 'c':
count++;
break;
case 'C':
if ((connect_count = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 'f':
sender = optarg;
break;
case 'l':
if ((message_length = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 'm':
if ((message_count = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 'M':
if (*optarg == '[') {
if (!valid_mailhost_literal(optarg, DO_GRIPE))
msg_fatal("bad address literal: %s", optarg);
} else {
if (!valid_hostname(optarg, DO_GRIPE))
msg_fatal("bad hostname: %s", optarg);
}
var_myhostname = optarg;
break;
case 'r':
if ((recipients = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 'R':
if (fixed_delay > 0 || (random_delay = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 's':
if ((sessions = atoi(optarg)) <= 0)
usage(argv[0]);
break;
case 't':
recipient = optarg;
break;
case 'v':
msg_verbose++;
break;
case 'w':
if (random_delay > 0 || (fixed_delay = atoi(optarg)) <= 0)
usage(argv[0]);
break;
default:
usage(argv[0]);
}
}
if (argc - optind != 1)
usage(argv[0]);
if (random_delay > 0)
srand(getpid());
/*
* Translate endpoint address to internal form.
*/
proto_info = inet_proto_init("protocols", protocols);
if (strncmp(argv[optind], "unix:", 5) == 0) {
path = argv[optind] + 5;
path_len = strlen(path);
if (path_len >= (int) sizeof(sun.sun_path))
msg_fatal("unix-domain name too long: %s", path);
memset((char *) &sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
#ifdef HAS_SUN_LEN
sun.sun_len = path_len + 1;
#endif
memcpy(sun.sun_path, path, path_len);
sa = (struct sockaddr *) & sun;
sa_length = sizeof(sun);
} else {
if (strncmp(argv[optind], "inet:", 5) == 0)
argv[optind] += 5;
buf = mystrdup(argv[optind]);
if ((parse_err = host_port(buf, &host, (char *) 0, &port, "628")) != 0)
msg_fatal("%s: %s", argv[optind], parse_err);
if ((aierr = hostname_to_sockaddr(host, port, SOCK_STREAM, &res)) != 0)
msg_fatal("%s: %s", argv[optind], MAI_STRERROR(aierr));
myfree(buf);
sa = (struct sockaddr *) & ss;
if (res->ai_addrlen > sizeof(ss))
msg_fatal("address length %d > buffer length %d",
(int) res->ai_addrlen, (int) sizeof(ss));
memcpy((char *) sa, res->ai_addr, res->ai_addrlen);
sa_length = res->ai_addrlen;
#ifdef HAS_SA_LEN
sa->sa_len = sa_length;
#endif
freeaddrinfo(res);
}
/*
* Allocate space for temporary buffer.
*/
buffer = vstring_alloc(100);
/*
* Make sure we have sender and recipient addresses.
*/
if (var_myhostname == 0)
var_myhostname = get_hostname();
if (sender == 0 || recipient == 0) {
vstring_sprintf(buffer, "foo@%s", var_myhostname);
defaddr = mystrdup(vstring_str(buffer));
if (sender == 0)
sender = defaddr;
if (recipient == 0)
recipient = defaddr;
}
/*
* Prepare some results that may be used multiple times: the message
* content netstring, the sender netstring, and the recipient netstrings.
*/
mydate = mail_date(time((time_t *) 0));
mypid = getpid();
message_buffer = vstring_alloc(message_length + 200);
vstring_sprintf(buffer,
"From: <%s>\nTo: <%s>\nDate: %s\nMessage-Id: <%d@%s>\n\n",
sender, recipient, mydate, mypid, var_myhostname);
for (n = 1; LEN(buffer) < message_length; n++) {
for (i = 0; i < n && i < 79; i++)
VSTRING_ADDCH(buffer, 'X');
VSTRING_ADDCH(buffer, '\n');
}
STR(buffer)[message_length - 1] = '\n';
netstring_memcpy(message_buffer, STR(buffer), message_length);
len = strlen(sender);
sender_buffer = vstring_alloc(len);
netstring_memcpy(sender_buffer, sender, len);
if (recipients == 1) {
len = strlen(recipient);
recipient_buffer = vstring_alloc(len);
netstring_memcpy(recipient_buffer, recipient, len);
} else {
recipient_buffer = vstring_alloc(100);
for (n = 0; n < recipients; n++) {
vstring_sprintf(buffer, "%d%s", n, recipient);
netstring_memcat(recipient_buffer, STR(buffer), LEN(buffer));
}
}
/*
* Start sessions.
*/
while (sessions-- > 0) {
session = (SESSION *) mymalloc(sizeof(*session));
session->stream = 0;
session->xfer_count = 0;
session->connect_count = connect_count;
session->next = 0;
session_count++;
startup(session);
}
for (;;) {
event_loop(-1);
if (session_count <= 0 && message_count <= 0) {
if (count) {
VSTREAM_PUTC('\n', VSTREAM_OUT);
vstream_fflush(VSTREAM_OUT);
}
exit(0);
}
}
}
void qmqpd_peer_init(QMQPD_STATE *state)
{
const char *myname = "qmqpd_peer_init";
struct sockaddr_storage ss;
struct sockaddr *sa;
SOCKADDR_SIZE sa_length;
INET_PROTO_INFO *proto_info = inet_proto_info();
sa = (struct sockaddr *) & ss;
sa_length = sizeof(ss);
/*
* Look up the peer address information.
*/
if (getpeername(vstream_fileno(state->client), sa, &sa_length) >= 0) {
errno = 0;
}
/*
* If peer went away, give up.
*/
if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->addr_family = AF_UNSPEC;
state->port = mystrdup(CLIENT_PORT_UNKNOWN);
}
/*
* Convert the client address to printable address and hostname.
*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
* Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
* else clause, pretend the origin is localhost[127.0.0.1], and become an
* open relay).
*/
else if (errno == 0
&& (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
MAI_SERVPORT_STR client_port;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
#ifdef AF_INET6
sa->sa_family == AF_INET6 ? "AF_INET6" :
#endif
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.
*/
if (geteuid() != var_owner_uid || getuid() != var_owner_uid) {
msg_error("incorrect QMQP server privileges: uid=%lu euid=%lu",
(unsigned long) getuid(), (unsigned long) geteuid());
msg_fatal("the Postfix QMQP server must run with $%s privileges",
VAR_MAIL_OWNER);
}
/*
* Convert the client address to printable form.
*/
if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
&client_port, 0)) != 0)
msg_fatal("%s: cannot convert client address/port to string: %s",
myname, MAI_STRERROR(aierr));
state->port = mystrdup(client_port.buf);
/*
* XXX Require that the infrastructure strips off the IPv6 datalink
* suffix to avoid false alarms with strict address syntax checks.
*/
#ifdef HAS_IPV6
if (strchr(client_addr.buf, '%') != 0)
msg_panic("%s: address %s has datalink suffix",
myname, client_addr.buf);
#endif
/*
* We convert IPv4-in-IPv6 address to 'true' IPv4 address early on,
* but only if IPv4 support is enabled (why would anyone want to turn
* it off)? With IPv4 support enabled we have no need for the IPv6
* form in logging, hostname verification and access checks.
*/
#ifdef HAS_IPV6
if (sa->sa_family == AF_INET6) {
if (strchr((char *) proto_info->sa_family_list, AF_INET) != 0
&& IN6_IS_ADDR_V4MAPPED(&SOCK_ADDR_IN6_ADDR(sa))
&& (colonp = strrchr(client_addr.buf, ':')) != 0) {
struct addrinfo *res0;
if (msg_verbose > 1)
msg_info("%s: rewriting V4-mapped address \"%s\" to \"%s\"",
myname, client_addr.buf, colonp + 1);
state->addr = mystrdup(colonp + 1);
state->rfc_addr = mystrdup(colonp + 1);
state->addr_family = AF_INET;
aierr = hostaddr_to_sockaddr(state->addr, (char *) 0, 0, &res0);
if (aierr)
msg_fatal("%s: cannot convert %s from string to binary: %s",
myname, state->addr, MAI_STRERROR(aierr));
sa_length = res0->ai_addrlen;
if (sa_length > sizeof(ss))
sa_length = sizeof(ss);
memcpy((char *) sa, res0->ai_addr, sa_length);
freeaddrinfo(res0);
}
/*
* Following RFC 2821 section 4.1.3, an IPv6 address literal gets
* a prefix of 'IPv6:'. We do this consistently for all IPv6
* addresses that that appear in headers or envelopes. The fact
* that valid_mailhost_addr() enforces the form helps of course.
* We use the form without IPV6: prefix when doing access
* control, or when accessing the connection cache.
*/
else {
state->addr = mystrdup(client_addr.buf);
state->rfc_addr =
concatenate(IPV6_COL, client_addr.buf, (char *) 0);
state->addr_family = sa->sa_family;
}
}
/*
* An IPv4 address is in dotted quad decimal form.
*/
else
#endif
{
state->addr = mystrdup(client_addr.buf);
state->rfc_addr = mystrdup(client_addr.buf);
state->addr_family = sa->sa_family;
}
/*
* Look up and sanity check the client hostname.
*
* It is unsafe to allow numeric hostnames, especially because there
* exists pressure to turn off the name->addr double check. In that
* case an attacker could trivally bypass access restrictions.
*
* sockaddr_to_hostname() already rejects malformed or numeric names.
*/
#define REJECT_PEER_NAME(state) { \
myfree(state->name); \
state->name = mystrdup(CLIENT_NAME_UNKNOWN); \
}
if ((aierr = sockaddr_to_hostname(sa, sa_length, &client_name,
(MAI_SERVNAME_STR *) 0, 0)) != 0) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
} else {
struct addrinfo *res0;
struct addrinfo *res;
state->name = mystrdup(client_name.buf);
/*
* Reject the hostname if it does not list the peer address.
*/
aierr = hostname_to_sockaddr_pf(state->name, state->addr_family,
(char *) 0, 0, &res0);
if (aierr) {
msg_warn("hostname %s does not resolve to address %s: %s",
state->name, state->addr, MAI_STRERROR(aierr));
REJECT_PEER_NAME(state);
} else {
for (res = res0; /* void */ ; res = res->ai_next) {
if (res == 0) {
msg_warn("hostname %s does not resolve to address %s",
state->addr, state->name);
REJECT_PEER_NAME(state);
break;
}
if (strchr((char *) proto_info->sa_family_list, res->ai_family) == 0) {
msg_info("skipping address family %d for host %s",
res->ai_family, state->name);
continue;
}
if (sock_addr_cmp_addr(res->ai_addr, sa) == 0)
break; /* keep peer name */
}
freeaddrinfo(res0);
}
}
}
/*
* If it's not Internet, assume the client is local, and avoid using the
* naming service because that can hang when the machine is disconnected.
*/
else {
state->name = mystrdup("localhost");
state->addr = mystrdup("127.0.0.1"); /* XXX bogus. */
state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */
state->addr_family = AF_UNSPEC;
state->port = mystrdup("0"); /* XXX bogus. */
}
/*
* Do the name[addr]:port formatting for pretty reports.
*/
state->namaddr =
concatenate(state->name, "[", state->addr, "]",
var_qmqpd_client_port_log ? ":" : (char *) 0,
state->port, (char *) 0);
}
