void qmgr_active_done(QMGR_MESSAGE *message) { char *myname = "qmgr_active_done"; struct stat st; if (msg_verbose) msg_info("%s: %s", myname, message->queue_id); /* * During a previous iteration, an attempt to bounce this message may * have failed, so there may still be a bounce log lying around. XXX By * groping around in the bounce queue, we're trespassing on the bounce * service's territory. But doing so is more robust than depending on the * bounce daemon to do the lookup for us, and for us to do the deleting * after we have received a successful status from the bounce service. * The bounce queue directory blocks are most likely in memory anyway. If * these lookups become a performance problem we will have to build an * in-core cache into the bounce daemon. * * Don't bounce when the bounce log is empty. The bounce process obviously * failed, and the delivery agent will have requested that the message be * deferred. * * Bounces are sent asynchronously to avoid stalling while the cleanup * daemon waits for the qmgr to accept the "new mail" trigger. */ if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) { if (st.st_size == 0) { if (mail_queue_remove(MAIL_QUEUE_BOUNCE, message->queue_id)) msg_fatal("remove %s %s: %m", MAIL_QUEUE_BOUNCE, message->queue_id); } else { if (msg_verbose) msg_info("%s: bounce %s", myname, message->queue_id); if (message->verp_delims == 0 || var_verp_bounce_off) abounce_flush(BOUNCE_FLAG_KEEP, message->queue_name, message->queue_id, message->encoding, message->errors_to, qmgr_active_done_2_bounce_flush, (char *) message); else abounce_flush_verp(BOUNCE_FLAG_KEEP, message->queue_name, message->queue_id, message->encoding, message->errors_to, message->verp_delims, qmgr_active_done_2_bounce_flush, (char *) message); return; } } /* * Asynchronous processing does not reach this point. */ qmgr_active_done_2_generic(message); }
static void qmgr_active_done_3_generic(QMGR_MESSAGE *message) { const char *myname = "qmgr_active_done_3_generic"; int delay; /* * Some recipients need to be tried again. Move the queue file time * stamps into the future by the amount of time that the message is * delayed, and move the message to the deferred queue. Impose minimal * and maximal backoff times. * * Since we look at actual time in queue, not time since last delivery * attempt, backoff times will be distributed. However, we can still see * spikes in delivery activity because the interval between deferred * queue scans is finite. */ if (message->flags) { if (message->create_time > 0) { delay = event_time() - message->create_time; if (delay > var_max_backoff_time) delay = var_max_backoff_time; if (delay < var_min_backoff_time) delay = var_min_backoff_time; } else { delay = var_min_backoff_time; } qmgr_active_defer(message->queue_name, message->queue_id, MAIL_QUEUE_DEFERRED, delay); } /* * All recipients done. Remove the queue file. */ else { if (mail_queue_remove(message->queue_name, message->queue_id)) { if (errno != ENOENT) msg_fatal("%s: remove %s from %s: %m", myname, message->queue_id, message->queue_name); msg_warn("%s: remove %s from %s: %m", myname, message->queue_id, message->queue_name); } else { /* Same format as logged by postsuper. */ msg_info("%s: removed", message->queue_id); } } /* * Finally, delete the in-core message structure. */ qmgr_message_free(message); }
int bounce_trace_service(int flags, char *service, char *queue_name, char *queue_id, char *encoding, int smtputf8, char *recipient, char *dsn_envid, int unused_dsn_ret, BOUNCE_TEMPLATES *ts) { BOUNCE_INFO *bounce_info; int bounce_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); VSTRING *new_id; int count; const char *sender; /* * For consistency with fail/delay notifications, send notification for a * non-bounce message as a single-bounce message, send notification for a * single-bounce message as a double-bounce message, and drop requests to * send notification for a double-bounce message. */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_info("%s: not sending trace/success notification for " "double-bounce message", queue_id); return (0); } else if (*recipient == 0) { if ((notify_mask & MAIL_ERROR_2BOUNCE) != 0) { recipient = var_2bounce_rcpt; sender = mail_addr_double_bounce(); } else { msg_info("%s: not sending trace/success notification " "for single-bounce message", queue_id); if (mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); return (0); } } else { /* Always send notification for non-bounce message. */ sender = NULL_SENDER; } /* * Initialize. Open queue file, bounce log, etc. * * XXX DSN The trace service produces information from the trace logfile * which is used for three types of reports: * * a) "what-if" reports that show what would happen without actually * delivering mail (sendmail -bv). * * b) A report of actual deliveries (sendmail -v). * * c) DSN NOTIFY=SUCCESS reports of successful delivery ("delivered", * "expanded" or "relayed"). */ #define NON_DSN_FLAGS (DEL_REQ_FLAG_USR_VRFY | DEL_REQ_FLAG_RECORD) bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, smtputf8, dsn_envid, flags & NON_DSN_FLAGS ? ts->verify : ts->success); /* * XXX With multi-recipient mail some queue file recipients may have * NOTIFY=SUCCESS and others not. Depending on what subset of recipients * are delivered, a trace file may or may not be created. Even when the * last partial delivery attempt had no NOTIFY=SUCCESS recipients, a * trace file may still exist from a previous partial delivery attempt. * So as long as any recipient in the original queue file had * NOTIFY=SUCCESS we have to always look for the trace file and be * prepared for the file not to exist. * * See also comments in qmgr/qmgr_active.c. */ if (bounce_info->log_handle == 0) { if (msg_verbose) msg_info("%s: no trace file -- not sending a notification", queue_id); bounce_mail_free(bounce_info); return (0); } #define NULL_TRACE_FLAGS 0 /* * Send a single bounce with a template message header, some boilerplate * text that pretends that we are a polite mail system, the text with * per-recipient status, and a copy of the original message. * * XXX DSN We use the same trace file for "what-if", "verbose delivery" and * "success" delivery reports. This saves file system overhead because * there are fewer potential left-over files to remove up when we create * a new queue file. */ new_id = vstring_alloc(10); if ((bounce = post_mail_fopen_nowait(sender, recipient, MAIL_SRC_MASK_BOUNCE, NULL_TRACE_FLAGS, smtputf8, new_id)) != 0) { count = -1; if (bounce_header(bounce, bounce_info, recipient, NO_POSTMASTER_COPY) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_HDRS); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: sender delivery status notification: %s", queue_id, STR(new_id)); } else { (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } /* * Examine the completion status. Delete the trace log file only when the * status notice was posted successfully. */ if (bounce_status == 0 && mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); /* * Cleanup. */ bounce_mail_free(bounce_info); vstring_free(new_id); return (bounce_status); }
QMGR_MESSAGE *qmgr_message_alloc(const char *queue_name, const char *queue_id, int qflags, mode_t mode) { const char *myname = "qmgr_message_alloc"; QMGR_MESSAGE *message; if (msg_verbose) msg_info("%s: %s %s", myname, queue_name, queue_id); /* * Create an in-core message structure. */ message = qmgr_message_create(queue_name, queue_id, qflags); /* * Extract message envelope information: time of arrival, sender address, * recipient addresses. Skip files with malformed envelope information. */ #define QMGR_LOCK_MODE (MYFLOCK_OP_EXCLUSIVE | MYFLOCK_OP_NOWAIT) if (qmgr_message_open(message) < 0) { qmgr_message_free(message); return (0); } if (myflock(vstream_fileno(message->fp), INTERNAL_LOCK, QMGR_LOCK_MODE) < 0) { msg_info("%s: skipped, still being delivered", queue_id); qmgr_message_close(message); qmgr_message_free(message); return (QMGR_MESSAGE_LOCKED); } if (qmgr_message_read(message) < 0) { qmgr_message_close(message); qmgr_message_free(message); return (0); } else { /* * We have validated the queue file content, so it is safe to modify * the file properties now. */ if (mode != 0 && fchmod(vstream_fileno(message->fp), mode) < 0) msg_fatal("fchmod %s: %m", VSTREAM_PATH(message->fp)); /* * Reset the defer log. This code should not be here, but we must * reset the defer log *after* acquiring the exclusive lock on the * queue file and *before* resolving new recipients. Since all those * operations are encapsulated so nicely by this routine, the defer * log reset has to be done here as well. * * Note: it is safe to remove the defer logfile from a previous queue * run of this queue file, because the defer log contains information * about recipients that still exist in this queue file. */ if (mail_queue_remove(MAIL_QUEUE_DEFER, queue_id) && errno != ENOENT) msg_fatal("%s: %s: remove %s %s: %m", myname, queue_id, MAIL_QUEUE_DEFER, queue_id); qmgr_message_sort(message); qmgr_message_resolve(message); qmgr_message_sort(message); qmgr_message_assign(message); qmgr_message_close(message); if (message->rcpt_offset == 0) qmgr_message_move_limits(message); return (message); } }
int bounce_notify_service(int flags, char *service, char *queue_name, char *queue_id, char *encoding, char *recipient) { BOUNCE_INFO *bounce_info; int bounce_status = 1; int postmaster_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); char *postmaster; /* * Initialize. Open queue file, bounce log, etc. */ bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, BOUNCE_MSG_FAIL); #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_TRACE_FLAGS 0 #define BOUNCE_HEADERS 1 #define BOUNCE_ALL 0 /* * The choice of sender address depends on the recipient address. For a * single bounce (a non-delivery notification to the message originator), * the sender address is the empty string. For a double bounce (typically * a failed single bounce, or a postmaster notification that was produced * by any of the mail processes) the sender address is defined by the * var_double_bounce_sender configuration variable. When a double bounce * cannot be delivered, the queue manager blackholes the resulting triple * bounce message. */ /* * Double bounce failed. Never send a triple bounce. * * However, this does not prevent double bounces from bouncing on other * systems. In order to cope with this, either the queue manager must * recognize the double-bounce recipient address and discard mail, or * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; } /* * Single bounce failed. Optionally send a double bounce to postmaster. */ #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE) #define SKIP_IF_BOUNCE ((notify_mask & ANY_BOUNCE) == 0) else if (*recipient == 0) { if (SKIP_IF_BOUNCE) { bounce_status = 0; } else { postmaster = var_2bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { /* * Double bounce to Postmaster. This is the last opportunity * for this message to be delivered. Send the text with * reason for the bounce, and the headers of the original * message. Don't bother sending the boiler-plate text. */ if (!bounce_header(bounce, bounce_info, postmaster) && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_ALL); bounce_status = post_mail_fclose(bounce); } } } /* * Non-bounce failed. Send a single bounce. */ else { if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { /* * Send the bounce message header, some boilerplate text that * pretends that we are a polite mail system, the text with * reason for the bounce, and a copy of the original message. */ if (bounce_header(bounce, bounce_info, recipient) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_ALL); bounce_status = post_mail_fclose(bounce); } /* * Optionally, send a postmaster notice. * * This postmaster notice is not critical, so if it fails don't * retransmit the bounce that we just generated, just log a warning. */ #define WANT_IF_BOUNCE ((notify_mask & MAIL_ERROR_BOUNCE)) if (bounce_status == 0 && (WANT_IF_BOUNCE) && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of * the original message. Don't bother sending the boiler-plate * text. This postmaster notice is not critical, so if it fails * don't retransmit the bounce that we just generated, just log a * warning. */ postmaster = var_bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { if (bounce_header(bounce, bounce_info, postmaster) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_HEADERS); postmaster_status = post_mail_fclose(bounce); } if (postmaster_status) msg_warn("postmaster notice failed while bouncing to %s", recipient); } } /* * Optionally, delete the recipients from the queue file. */ if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT)) bounce_delrcpt(bounce_info); /* * Examine the completion status. Delete the bounce log file only when * the bounce was posted successfully, and only if we are bouncing for * real, not just warning. */ if (bounce_status == 0 && mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); /* * Cleanup. */ bounce_mail_free(bounce_info); return (bounce_status); }
int bounce_notify_service(int flags, char *service, char *queue_name, char *queue_id, char *encoding, char *recipient, char *dsn_envid, int dsn_ret, BOUNCE_TEMPLATES *ts) { BOUNCE_INFO *bounce_info; int bounce_status = 1; int postmaster_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); VSTRING *new_id = vstring_alloc(10); char *postmaster; int count; /* * Initialize. Open queue file, bounce log, etc. * * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports * from information in two following types of logfile: * * 1 - bounce: this file is used for RFC 3464-style reports of permanent * delivery errors by the bounce(8) service. This reports to the sender * all recipients that have no DSN NOTIFY information (compatibility) and * all recipients that have DSN NOTIFY=FAILURE; this reports to * postmaster all recipients, if postmaster notification is enabled. * * 2 - defer: this file is used for three types of report: * * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service. * This reports to the sender all recipients that have no DSN NOTIFY * information (compatibility) and all recipients that have DSN * NOTIFY=FAILURE; this reports to postmaster all recipients, if * postmaster notification is enabled. * * Other reports that other servers produce from the defer logfile: * * 2b) On-demand reports of all delayed deliveries by the showq(8) service * and mailq(1) command. This reports all recipients that have a * transient delivery error. * * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service. * This reports to the sender all recipients that have no DSN NOTIFY * information (compatibility) and all recipients that have DSN * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster * notification is enabled. */ bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, dsn_envid, ts->failure); #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_TRACE_FLAGS 0 /* * The choice of sender address depends on the recipient address. For a * single bounce (a non-delivery notification to the message originator), * the sender address is the empty string. For a double bounce (typically * a failed single bounce, or a postmaster notification that was produced * by any of the mail processes) the sender address is defined by the * var_double_bounce_sender configuration variable. When a double bounce * cannot be delivered, the queue manager blackholes the resulting triple * bounce message. */ /* * Double bounce failed. Never send a triple bounce. * * However, this does not prevent double bounces from bouncing on other * systems. In order to cope with this, either the queue manager must * recognize the double-bounce recipient address and discard mail, or * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; } /* * Single bounce failed. Optionally send a double bounce to postmaster, * subject to notify_classes restrictions. */ #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE) #define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE) else if (*recipient == 0) { if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) { bounce_status = 0; } else { postmaster = var_2bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { /* * Double bounce to Postmaster. This is the last opportunity * for this message to be delivered. Send the text with * reason for the bounce, and the headers of the original * message. Don't bother sending the boiler-plate text. */ count = -1; if (bounce_header(bounce, bounce_info, postmaster, POSTMASTER_COPY) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_FULL); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: postmaster non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } } } /* * Non-bounce failed. Send a single bounce to the sender, subject to DSN * NOTIFY restrictions. */ else { if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { /* * Send the bounce message header, some boilerplate text that * pretends that we are a polite mail system, the text with * reason for the bounce, and a copy of the original message. */ count = -1; if (bounce_header(bounce, bounce_info, recipient, NO_POSTMASTER_COPY) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_FAILURE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_FAILURE) > 0) { bounce_original(bounce, bounce_info, dsn_ret ? dsn_ret : DSN_RET_FULL); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: sender non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } /* * Optionally, send a postmaster notice, subject to notify_classes * restrictions. * * This postmaster notice is not critical, so if it fails don't * retransmit the bounce that we just generated, just log a warning. */ #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE) if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of * the original message. Don't bother sending the boiler-plate * text. This postmaster notice is not critical, so if it fails * don't retransmit the bounce that we just generated, just log a * warning. */ postmaster = var_bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { count = -1; if (bounce_header(bounce, bounce_info, postmaster, POSTMASTER_COPY) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_HDRS); postmaster_status = post_mail_fclose(bounce); if (postmaster_status == 0) msg_info("%s: postmaster non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) postmaster_status = 0; } } if (postmaster_status) msg_warn("%s: postmaster notice failed while bouncing to %s", queue_id, recipient); } } /* * Optionally, delete the recipients from the queue file. */ if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT)) bounce_delrcpt(bounce_info); /* * Examine the completion status. Delete the bounce log file only when * the bounce was posted successfully, and only if we are bouncing for * real, not just warning. */ if (bounce_status == 0 && mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); /* * Cleanup. */ bounce_mail_free(bounce_info); vstring_free(new_id); return (bounce_status); }