static void qmqpd_copy_sender(QMQPD_STATE *state)
{
char *end_prefix;
char *end_origin;
int verp_requested;
static char verp_delims[] = "-=";
/*
* If the sender address looks like prefix@origin-@[], then request
* variable envelope return path delivery, with an envelope sender
* address of prefi@origin, and with VERP delimiters of x and =. This
* way, the recipients will see envelope sender addresses that look like:
* prefixuser=domain@origin.
*/
state->where = "receiving sender address";
netstring_get(state->client, state->buf, var_line_limit);
VSTRING_TERMINATE(state->buf);
verp_requested =
((end_origin = vstring_end(state->buf) - 4) > STR(state->buf)
&& strcmp(end_origin, "-@[]") == 0
&& (end_prefix = strchr(STR(state->buf), '@')) != 0 /* XXX */
&& --end_prefix < end_origin - 2 /* non-null origin */
&& end_prefix > STR(state->buf)); /* non-null prefix */
if (verp_requested) {
verp_delims[0] = end_prefix[0];
if (verp_delims_verify(verp_delims) != 0) {
state->err |= CLEANUP_STAT_CONT; /* XXX */
vstring_sprintf(state->why_rejected, "Invalid VERP delimiters: \"%s\". Need two characters from \"%s\"",
verp_delims, var_verp_filter);
}
memmove(end_prefix, end_prefix + 1, end_origin - end_prefix - 1);
vstring_truncate(state->buf, end_origin - STR(state->buf) - 1);
}
if (state->err == CLEANUP_STAT_OK
&& REC_PUT_BUF(state->cleanup, REC_TYPE_FROM, state->buf) < 0)
state->err = CLEANUP_STAT_WRITE;
if (verp_requested)
if (state->err == CLEANUP_STAT_OK
&& rec_put(state->cleanup, REC_TYPE_VERP, verp_delims, 2) < 0)
state->err = CLEANUP_STAT_WRITE;
state->sender = mystrndup(STR(state->buf), LEN(state->buf));
}
void mail_params_init()
{
static const CONFIG_STR_TABLE first_str_defaults[] = {
VAR_SYSLOG_FACILITY, DEF_SYSLOG_FACILITY, &var_syslog_facility, 1, 0,
VAR_INET_PROTOCOLS, DEF_INET_PROTOCOLS, &var_inet_protocols, 0, 0,
VAR_MULTI_CONF_DIRS, DEF_MULTI_CONF_DIRS, &var_multi_conf_dirs, 0, 0,
/* multi_instance_wrapper may have dependencies but not dependents. */
VAR_MULTI_GROUP, DEF_MULTI_GROUP, &var_multi_group, 0, 0,
VAR_MULTI_NAME, DEF_MULTI_NAME, &var_multi_name, 0, 0,
0,
};
static const CONFIG_BOOL_TABLE first_bool_defaults[] = {
/* read and process the following before opening tables. */
VAR_DAEMON_OPEN_FATAL, DEF_DAEMON_OPEN_FATAL, &var_daemon_open_fatal,
0,
};
static const CONFIG_STR_FN_TABLE function_str_defaults[] = {
VAR_MYHOSTNAME, check_myhostname, &var_myhostname, 1, 0,
VAR_MYDOMAIN, check_mydomainname, &var_mydomain, 1, 0,
0,
};
static const CONFIG_STR_TABLE other_str_defaults[] = {
VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name, 1, 0,
VAR_SYSLOG_NAME, DEF_SYSLOG_NAME, &var_syslog_name, 1, 0,
VAR_MAIL_OWNER, DEF_MAIL_OWNER, &var_mail_owner, 1, 0,
VAR_SGID_GROUP, DEF_SGID_GROUP, &var_sgid_group, 1, 0,
VAR_MYDEST, DEF_MYDEST, &var_mydest, 0, 0,
VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin, 1, 0,
VAR_RELAYHOST, DEF_RELAYHOST, &var_relayhost, 0, 0,
VAR_DAEMON_DIR, DEF_DAEMON_DIR, &var_daemon_dir, 1, 0,
VAR_DATA_DIR, DEF_DATA_DIR, &var_data_dir, 1, 0,
VAR_COMMAND_DIR, DEF_COMMAND_DIR, &var_command_dir, 1, 0,
VAR_QUEUE_DIR, DEF_QUEUE_DIR, &var_queue_dir, 1, 0,
VAR_PID_DIR, DEF_PID_DIR, &var_pid_dir, 1, 0,
VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 0, 0,
VAR_PROXY_INTERFACES, DEF_PROXY_INTERFACES, &var_proxy_interfaces, 0, 0,
VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
VAR_MAIL_RELEASE, DEF_MAIL_RELEASE, &var_mail_release, 1, 0,
VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim, 0, 0,
VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0,
VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0,
VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0,
VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,
VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
VAR_PAR_DOM_MATCH, DEF_PAR_DOM_MATCH, &var_par_dom_match, 0, 0,
VAR_CONFIG_DIRS, DEF_CONFIG_DIRS, &var_config_dirs, 0, 0,
VAR_BOUNCE_SERVICE, DEF_BOUNCE_SERVICE, &var_bounce_service, 1, 0,
VAR_CLEANUP_SERVICE, DEF_CLEANUP_SERVICE, &var_cleanup_service, 1, 0,
VAR_DEFER_SERVICE, DEF_DEFER_SERVICE, &var_defer_service, 1, 0,
VAR_PICKUP_SERVICE, DEF_PICKUP_SERVICE, &var_pickup_service, 1, 0,
VAR_QUEUE_SERVICE, DEF_QUEUE_SERVICE, &var_queue_service, 1, 0,
VAR_REWRITE_SERVICE, DEF_REWRITE_SERVICE, &var_rewrite_service, 1, 0,
VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0,
VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0,
VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
VAR_VERIFY_SERVICE, DEF_VERIFY_SERVICE, &var_verify_service, 1, 0,
VAR_TRACE_SERVICE, DEF_TRACE_SERVICE, &var_trace_service, 1, 0,
VAR_PROXYMAP_SERVICE, DEF_PROXYMAP_SERVICE, &var_proxymap_service, 1, 0,
VAR_PROXYWRITE_SERVICE, DEF_PROXYWRITE_SERVICE, &var_proxywrite_service, 1, 0,
VAR_INT_FILT_CLASSES, DEF_INT_FILT_CLASSES, &var_int_filt_classes, 0, 0,
/* multi_instance_wrapper may have dependencies but not dependents. */
VAR_MULTI_WRAPPER, DEF_MULTI_WRAPPER, &var_multi_wrapper, 0, 0,
0,
};
static const CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
VAR_MYNETWORKS, mynetworks, &var_mynetworks, 0, 0,
0,
};
static const CONFIG_INT_TABLE other_int_defaults[] = {
VAR_PROC_LIMIT, DEF_PROC_LIMIT, &var_proc_limit, 1, 0,
VAR_MAX_USE, DEF_MAX_USE, &var_use_limit, 1, 0,
VAR_DONT_REMOVE, DEF_DONT_REMOVE, &var_dont_remove, 0, 0,
VAR_LINE_LIMIT, DEF_LINE_LIMIT, &var_line_limit, 512, 0,
VAR_HASH_QUEUE_DEPTH, DEF_HASH_QUEUE_DEPTH, &var_hash_queue_depth, 1, 0,
VAR_FORK_TRIES, DEF_FORK_TRIES, &var_fork_tries, 1, 0,
VAR_FLOCK_TRIES, DEF_FLOCK_TRIES, &var_flock_tries, 1, 0,
VAR_DEBUG_PEER_LEVEL, DEF_DEBUG_PEER_LEVEL, &var_debug_peer_level, 1, 0,
VAR_FAULT_INJ_CODE, DEF_FAULT_INJ_CODE, &var_fault_inj_code, 0, 0,
VAR_DB_CREATE_BUF, DEF_DB_CREATE_BUF, &var_db_create_buf, 1, 0,
VAR_DB_READ_BUF, DEF_DB_READ_BUF, &var_db_read_buf, 1, 0,
VAR_HEADER_LIMIT, DEF_HEADER_LIMIT, &var_header_limit, 1, 0,
VAR_TOKEN_LIMIT, DEF_TOKEN_LIMIT, &var_token_limit, 1, 0,
VAR_MIME_MAXDEPTH, DEF_MIME_MAXDEPTH, &var_mime_maxdepth, 1, 0,
VAR_MIME_BOUND_LEN, DEF_MIME_BOUND_LEN, &var_mime_bound_len, 1, 0,
VAR_DELAY_MAX_RES, DEF_DELAY_MAX_RES, &var_delay_max_res, MIN_DELAY_MAX_RES, MAX_DELAY_MAX_RES,
VAR_INET_WINDOW, DEF_INET_WINDOW, &var_inet_windowsize, 0, 0,
0,
};
static const CONFIG_LONG_TABLE long_defaults[] = {
VAR_MESSAGE_LIMIT, DEF_MESSAGE_LIMIT, &var_message_limit, 0, 0,
VAR_LMDB_MAP_SIZE, DEF_LMDB_MAP_SIZE, &var_lmdb_map_size, 1, 0,
0,
};
static const CONFIG_TIME_TABLE time_defaults[] = {
VAR_EVENT_DRAIN, DEF_EVENT_DRAIN, &var_event_drain, 1, 0,
VAR_MAX_IDLE, DEF_MAX_IDLE, &var_idle_limit, 1, 0,
VAR_IPC_TIMEOUT, DEF_IPC_TIMEOUT, &var_ipc_timeout, 1, 0,
VAR_IPC_IDLE, DEF_IPC_IDLE, &var_ipc_idle_limit, 1, 0,
VAR_IPC_TTL, DEF_IPC_TTL, &var_ipc_ttl_limit, 1, 0,
VAR_TRIGGER_TIMEOUT, DEF_TRIGGER_TIMEOUT, &var_trigger_timeout, 1, 0,
VAR_FORK_DELAY, DEF_FORK_DELAY, &var_fork_delay, 1, 0,
VAR_FLOCK_DELAY, DEF_FLOCK_DELAY, &var_flock_delay, 1, 0,
VAR_FLOCK_STALE, DEF_FLOCK_STALE, &var_flock_stale, 1, 0,
VAR_DAEMON_TIMEOUT, DEF_DAEMON_TIMEOUT, &var_daemon_timeout, 1, 0,
VAR_IN_FLOW_DELAY, DEF_IN_FLOW_DELAY, &var_in_flow_delay, 0, 10,
0,
};
static const CONFIG_BOOL_TABLE bool_defaults[] = {
VAR_DISABLE_DNS, DEF_DISABLE_DNS, &var_disable_dns,
VAR_SOFT_BOUNCE, DEF_SOFT_BOUNCE, &var_soft_bounce,
VAR_OWNREQ_SPECIAL, DEF_OWNREQ_SPECIAL, &var_ownreq_special,
VAR_STRICT_8BITMIME, DEF_STRICT_8BITMIME, &var_strict_8bitmime,
VAR_STRICT_7BIT_HDRS, DEF_STRICT_7BIT_HDRS, &var_strict_7bit_hdrs,
VAR_STRICT_8BIT_BODY, DEF_STRICT_8BIT_BODY, &var_strict_8bit_body,
VAR_STRICT_ENCODING, DEF_STRICT_ENCODING, &var_strict_encoding,
VAR_DISABLE_MIME_INPUT, DEF_DISABLE_MIME_INPUT, &var_disable_mime_input,
VAR_DISABLE_MIME_OCONV, DEF_DISABLE_MIME_OCONV, &var_disable_mime_oconv,
VAR_VERIFY_NEG_CACHE, DEF_VERIFY_NEG_CACHE, &var_verify_neg_cache,
VAR_OLDLOG_COMPAT, DEF_OLDLOG_COMPAT, &var_oldlog_compat,
VAR_HELPFUL_WARNINGS, DEF_HELPFUL_WARNINGS, &var_helpful_warnings,
VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid,
VAR_MULTI_ENABLE, DEF_MULTI_ENABLE, &var_multi_enable,
VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
0,
};
const char *cp;
INET_PROTO_INFO *proto_info;
/*
* Extract syslog_facility early, so that from here on all errors are
* logged with the proper facility.
*/
get_mail_conf_str_table(first_str_defaults);
if (!msg_syslog_facility(var_syslog_facility))
msg_fatal("file %s/%s: parameter %s: unrecognized value: %s",
var_config_dir, MAIN_CONF_FILE,
VAR_SYSLOG_FACILITY, var_syslog_facility);
/*
* Should daemons terminate after table open error, or should they
* continue execution with reduced functionality?
*/
get_mail_conf_bool_table(first_bool_defaults);
if (var_daemon_open_fatal)
dict_allow_surrogate = 0;
/*
* What protocols should we attempt to support? The result is stored in
* the global inet_proto_table variable.
*/
proto_info = inet_proto_init(VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Variables whose defaults are determined at runtime. Some sites use
* short hostnames in the host table; some sites name their system after
* the domain.
*/
get_mail_conf_str_fn_table(function_str_defaults);
if (!valid_hostname(var_myhostname, DO_GRIPE))
msg_fatal("file %s/%s: parameter %s: bad parameter value: %s",
var_config_dir, MAIN_CONF_FILE,
VAR_MYHOSTNAME, var_myhostname);
if (!valid_hostname(var_mydomain, DO_GRIPE))
msg_fatal("file %s/%s: parameter %s: bad parameter value: %s",
var_config_dir, MAIN_CONF_FILE,
VAR_MYDOMAIN, var_mydomain);
/*
* Variables that are needed by almost every program.
*
* XXX Reading the myorigin value from file is originally a Debian Linux
* feature. This code is not enabled by default because of problems: 1)
* it re-implements its own parameter syntax checks, and 2) it does not
* implement $name expansions.
*/
get_mail_conf_str_table(other_str_defaults);
#ifdef MYORIGIN_FROM_FILE
if (*var_myorigin == '/') {
char *origin = read_param_from_file(var_myorigin);
if (*origin == 0)
msg_fatal("%s file %s is empty", VAR_MYORIGIN, var_myorigin);
myfree(var_myorigin); /* FIX 20070501 */
var_myorigin = origin;
}
#endif
get_mail_conf_int_table(other_int_defaults);
get_mail_conf_long_table(long_defaults);
get_mail_conf_bool_table(bool_defaults);
get_mail_conf_time_table(time_defaults);
check_default_privs();
check_mail_owner();
check_sgid_group();
check_overlap();
#ifdef HAS_DB
dict_db_cache_size = var_db_read_buf;
#endif
#ifdef HAS_LMDB
dict_lmdb_map_size = var_lmdb_map_size;
#endif
inet_windowsize = var_inet_windowsize;
/*
* Variables whose defaults are determined at runtime, after other
* variables have been set. This dependency is admittedly a bit tricky.
* XXX Perhaps we should just register variables, and let the evaluator
* figure out in what order to evaluate things.
*/
get_mail_conf_str_fn_table(function_str_defaults_2);
/*
* FIX 200412 The IPv6 patch did not call own_inet_addr_list() before
* entering the chroot jail on Linux IPv6 systems. Linux has the IPv6
* interface list in /proc, which is not available after chrooting.
*/
(void) own_inet_addr_list();
/*
* The PID variable cannot be set from the configuration file!!
*/
set_mail_conf_int(VAR_PID, var_pid = getpid());
/*
* Neither can the start time variable. It isn't even visible.
*/
time(&var_starttime);
/*
* Export the syslog name so children can inherit and use it before they
* have initialized.
*/
if ((cp = safe_getenv(CONF_ENV_LOGTAG)) == 0
|| strcmp(cp, var_syslog_name) != 0)
if (setenv(CONF_ENV_LOGTAG, var_syslog_name, 1) < 0)
msg_fatal("setenv %s %s: %m", CONF_ENV_LOGTAG, var_syslog_name);
/*
* I have seen this happen just too often.
*/
if (strcasecmp(var_myhostname, var_relayhost) == 0)
msg_fatal("%s and %s parameter settings must not be identical: %s",
VAR_MYHOSTNAME, VAR_RELAYHOST, var_myhostname);
/*
* XXX These should be caught by a proper parameter parsing algorithm.
*/
if (var_myorigin[strcspn(var_myorigin, ", \t\r\n")])
msg_fatal("%s parameter setting must not contain multiple values: %s",
VAR_MYORIGIN, var_myorigin);
if (var_relayhost[strcspn(var_relayhost, ", \t\r\n")])
msg_fatal("%s parameter setting must not contain multiple values: %s",
VAR_RELAYHOST, var_relayhost);
/*
* One more sanity check.
*/
if ((cp = verp_delims_verify(var_verp_delims)) != 0)
msg_fatal("file %s/%s: parameters %s and %s: %s",
var_config_dir, MAIN_CONF_FILE,
VAR_VERP_DELIMS, VAR_VERP_FILTER, cp);
}
static int qmgr_message_read(QMGR_MESSAGE *message)
{
VSTRING *buf;
int rec_type;
long curr_offset;
long save_offset = message->rcpt_offset; /* save a flag */
int save_unread = message->rcpt_unread; /* save a count */
char *start;
int recipient_limit;
const char *error_text;
char *name;
char *value;
char *orig_rcpt = 0;
int count;
int dsn_notify = 0;
char *dsn_orcpt = 0;
int n;
int have_log_client_attr = 0;
/*
* Initialize. No early returns or we have a memory leak.
*/
buf = vstring_alloc(100);
/*
* If we re-open this file, skip over on-file recipient records that we
* already looked at, and refill the in-core recipient address list.
*
* For the first time, the message recipient limit is calculated from the
* global recipient limit. This is to avoid reading little recipients
* when the active queue is near empty. When the queue becomes full, only
* the necessary amount is read in core. Such priming is necessary
* because there are no message jobs yet.
*
* For the next time, the recipient limit is based solely on the message
* jobs' positions in the job lists and/or job stacks.
*/
if (message->rcpt_offset) {
if (message->rcpt_list.len)
msg_panic("%s: recipient list not empty on recipient reload",
message->queue_id);
if (vstream_fseek(message->fp, message->rcpt_offset, SEEK_SET) < 0)
msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp));
message->rcpt_offset = 0;
recipient_limit = message->rcpt_limit - message->rcpt_count;
} else {
recipient_limit = var_qmgr_rcpt_limit - qmgr_recipient_count;
if (recipient_limit < message->rcpt_limit)
recipient_limit = message->rcpt_limit;
}
/* Keep interrupt latency in check. */
if (recipient_limit > 5000)
recipient_limit = 5000;
if (recipient_limit <= 0)
msg_panic("%s: no recipient slots available", message->queue_id);
if (msg_verbose)
msg_info("%s: recipient limit %d", message->queue_id, recipient_limit);
/*
* Read envelope records. XXX Rely on the front-end programs to enforce
* record size limits. Read up to recipient_limit recipients from the
* queue file, to protect against memory exhaustion. Recipient records
* may appear before or after the message content, so we keep reading
* from the queue file until we have enough recipients (rcpt_offset != 0)
* and until we know all the non-recipient information.
*
* Note that the total recipient count record is accurate only for fresh
* queue files. After some of the recipients are marked as done and the
* queue file is deferred, it can be used as upper bound estimate only.
* Fortunately, this poses no major problem on the scheduling algorithm,
* as the only impact is that the already deferred messages are not
* chosen by qmgr_job_candidate() as often as they could.
*
* On the first open, we must examine all non-recipient records.
*
* Optimization: when we know that recipient records are not mixed with
* non-recipient records, as is typical with mailing list mail, then we
* can avoid having to examine all the queue file records before we can
* start deliveries. This avoids some file system thrashing with huge
* mailing lists.
*/
for (;;) {
if ((curr_offset = vstream_ftell(message->fp)) < 0)
msg_fatal("vstream_ftell %s: %m", VSTREAM_PATH(message->fp));
if (curr_offset == message->data_offset && curr_offset > 0) {
if (vstream_fseek(message->fp, message->data_size, SEEK_CUR) < 0)
msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp));
curr_offset += message->data_size;
}
rec_type = rec_get_raw(message->fp, buf, 0, REC_FLAG_NONE);
start = vstring_str(buf);
if (msg_verbose > 1)
msg_info("record %c %s", rec_type, start);
if (rec_type == REC_TYPE_PTR) {
if ((rec_type = rec_goto(message->fp, start)) == REC_TYPE_ERROR)
break;
/* Need to update curr_offset after pointer jump. */
continue;
}
if (rec_type <= 0) {
msg_warn("%s: message rejected: missing end record",
message->queue_id);
break;
}
if (rec_type == REC_TYPE_END) {
message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT;
break;
}
/*
* Map named attributes to pseudo record types, so that we don't have
* to pollute the queue file with records that are incompatible with
* past Postfix versions. Preferably, people should be able to back
* out from an upgrade without losing mail.
*/
if (rec_type == REC_TYPE_ATTR) {
if ((error_text = split_nameval(start, &name, &value)) != 0) {
msg_warn("%s: ignoring bad attribute: %s: %.200s",
message->queue_id, error_text, start);
rec_type = REC_TYPE_ERROR;
break;
}
if ((n = rec_attr_map(name)) != 0) {
start = value;
rec_type = n;
}
}
/*
* Process recipient records.
*/
if (rec_type == REC_TYPE_RCPT) {
/* See also below for code setting orig_rcpt etc. */
if (message->rcpt_offset == 0) {
message->rcpt_unread--;
recipient_list_add(&message->rcpt_list, curr_offset,
dsn_orcpt ? dsn_orcpt : "",
dsn_notify ? dsn_notify : 0,
orig_rcpt ? orig_rcpt : "", start);
if (dsn_orcpt) {
myfree(dsn_orcpt);
dsn_orcpt = 0;
}
if (orig_rcpt) {
myfree(orig_rcpt);
orig_rcpt = 0;
}
if (dsn_notify)
dsn_notify = 0;
if (message->rcpt_list.len >= recipient_limit) {
if ((message->rcpt_offset = vstream_ftell(message->fp)) < 0)
msg_fatal("vstream_ftell %s: %m",
VSTREAM_PATH(message->fp));
if (message->rflags & QMGR_READ_FLAG_SEEN_ALL_NON_RCPT)
/* We already examined all non-recipient records. */
break;
if (message->rflags & QMGR_READ_FLAG_MIXED_RCPT_OTHER)
/* Examine all remaining non-recipient records. */
continue;
/* Optimizations for "pure recipient" record sections. */
if (curr_offset > message->data_offset) {
/* We already examined all non-recipient records. */
message->rflags |= QMGR_READ_FLAG_SEEN_ALL_NON_RCPT;
break;
}
/* Examine non-recipient records in extracted segment. */
if (vstream_fseek(message->fp, message->data_offset
+ message->data_size, SEEK_SET) < 0)
msg_fatal("seek file %s: %m", VSTREAM_PATH(message->fp));
continue;
}
}
continue;
}
if (rec_type == REC_TYPE_DONE || rec_type == REC_TYPE_DRCP) {
if (message->rcpt_offset == 0) {
message->rcpt_unread--;
if (dsn_orcpt) {
myfree(dsn_orcpt);
dsn_orcpt = 0;
}
if (orig_rcpt) {
myfree(orig_rcpt);
orig_rcpt = 0;
}
if (dsn_notify)
dsn_notify = 0;
}
continue;
}
if (rec_type == REC_TYPE_DSN_ORCPT) {
/* See also above for code clearing dsn_orcpt. */
if (dsn_orcpt != 0) {
msg_warn("%s: ignoring out-of-order DSN original recipient address <%.200s>",
message->queue_id, dsn_orcpt);
myfree(dsn_orcpt);
dsn_orcpt = 0;
}
if (message->rcpt_offset == 0)
dsn_orcpt = mystrdup(start);
continue;
}
if (rec_type == REC_TYPE_DSN_NOTIFY) {
/* See also above for code clearing dsn_notify. */
if (dsn_notify != 0) {
msg_warn("%s: ignoring out-of-order DSN notify flags <%d>",
message->queue_id, dsn_notify);
dsn_notify = 0;
}
if (message->rcpt_offset == 0) {
if (!alldig(start) || (n = atoi(start)) == 0 || !DSN_NOTIFY_OK(n))
msg_warn("%s: ignoring malformed DSN notify flags <%.200s>",
message->queue_id, start);
else
dsn_notify = n;
continue;
}
}
if (rec_type == REC_TYPE_ORCP) {
/* See also above for code clearing orig_rcpt. */
if (orig_rcpt != 0) {
msg_warn("%s: ignoring out-of-order original recipient <%.200s>",
message->queue_id, orig_rcpt);
myfree(orig_rcpt);
orig_rcpt = 0;
}
if (message->rcpt_offset == 0)
orig_rcpt = mystrdup(start);
continue;
}
/*
* Process non-recipient records.
*/
if (message->rflags & QMGR_READ_FLAG_SEEN_ALL_NON_RCPT)
/* We already examined all non-recipient records. */
continue;
if (rec_type == REC_TYPE_SIZE) {
if (message->data_offset == 0) {
if ((count = sscanf(start, "%ld %ld %d %d %ld %d",
&message->data_size, &message->data_offset,
&message->rcpt_unread, &message->rflags,
&message->cont_length,
&message->smtputf8)) >= 3) {
/* Postfix >= 1.0 (a.k.a. 20010228). */
if (message->data_offset <= 0 || message->data_size <= 0) {
msg_warn("%s: invalid size record: %.100s",
message->queue_id, start);
rec_type = REC_TYPE_ERROR;
break;
}
if (message->rflags & ~QMGR_READ_FLAG_USER) {
msg_warn("%s: invalid flags in size record: %.100s",
message->queue_id, start);
rec_type = REC_TYPE_ERROR;
break;
}
} else if (count == 1) {
/* Postfix < 1.0 (a.k.a. 20010228). */
qmgr_message_oldstyle_scan(message);
} else {
/* Can't happen. */
msg_warn("%s: message rejected: weird size record",
message->queue_id);
rec_type = REC_TYPE_ERROR;
break;
}
}
/* Postfix < 2.4 compatibility. */
if (message->cont_length == 0) {
message->cont_length = message->data_size;
} else if (message->cont_length < 0) {
msg_warn("%s: invalid size record: %.100s",
message->queue_id, start);
rec_type = REC_TYPE_ERROR;
break;
}
continue;
}
if (rec_type == REC_TYPE_TIME) {
if (message->arrival_time.tv_sec == 0)
REC_TYPE_TIME_SCAN(start, message->arrival_time);
continue;
}
if (rec_type == REC_TYPE_CTIME) {
if (message->create_time == 0)
message->create_time = atol(start);
continue;
}
if (rec_type == REC_TYPE_FILT) {
if (message->filter_xport != 0)
myfree(message->filter_xport);
message->filter_xport = mystrdup(start);
continue;
}
if (rec_type == REC_TYPE_INSP) {
if (message->inspect_xport != 0)
myfree(message->inspect_xport);
message->inspect_xport = mystrdup(start);
continue;
}
if (rec_type == REC_TYPE_RDR) {
if (message->redirect_addr != 0)
myfree(message->redirect_addr);
message->redirect_addr = mystrdup(start);
continue;
}
if (rec_type == REC_TYPE_FROM) {
if (message->sender == 0) {
message->sender = mystrdup(start);
opened(message->queue_id, message->sender,
message->cont_length, message->rcpt_unread,
"queue %s", message->queue_name);
}
continue;
}
if (rec_type == REC_TYPE_DSN_ENVID) {
if (message->dsn_envid == 0)
message->dsn_envid = mystrdup(start);
}
if (rec_type == REC_TYPE_DSN_RET) {
if (message->dsn_ret == 0) {
if (!alldig(start) || (n = atoi(start)) == 0 || !DSN_RET_OK(n))
msg_warn("%s: ignoring malformed DSN RET flags in queue file record:%.100s",
message->queue_id, start);
else
message->dsn_ret = n;
}
}
if (rec_type == REC_TYPE_ATTR) {
/* Allow extra segment to override envelope segment info. */
if (strcmp(name, MAIL_ATTR_ENCODING) == 0) {
if (message->encoding != 0)
myfree(message->encoding);
message->encoding = mystrdup(value);
}
/*
* Backwards compatibility. Before Postfix 2.3, the logging
* attributes were called client_name, etc. Now they are called
* log_client_name. etc., and client_name is used for the actual
* client information. To support old queue files we accept both
* names for the purpose of logging; the new name overrides the
* old one.
*
* XXX Do not use the "legacy" client_name etc. attribute values for
* initializing the logging attributes, when this file already
* contains the "modern" log_client_name etc. logging attributes.
* Otherwise, logging attributes that are not present in the
* queue file would be set with information from the real client.
*/
else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_name == 0)
message->client_name = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) {
if (have_log_client_attr == 0 && message->client_addr == 0)
message->client_addr = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) {
if (have_log_client_attr == 0 && message->client_port == 0)
message->client_port = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_proto == 0)
message->client_proto = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_helo == 0)
message->client_helo = mystrdup(value);
}
/* Original client attributes. */
else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_NAME) == 0) {
if (message->client_name != 0)
myfree(message->client_name);
message->client_name = mystrdup(value);
have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_ADDR) == 0) {
if (message->client_addr != 0)
myfree(message->client_addr);
message->client_addr = mystrdup(value);
have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_PORT) == 0) {
if (message->client_port != 0)
myfree(message->client_port);
message->client_port = mystrdup(value);
have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_PROTO_NAME) == 0) {
if (message->client_proto != 0)
myfree(message->client_proto);
message->client_proto = mystrdup(value);
have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_LOG_HELO_NAME) == 0) {
if (message->client_helo != 0)
myfree(message->client_helo);
message->client_helo = mystrdup(value);
have_log_client_attr = 1;
} else if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
if (message->sasl_method == 0)
message->sasl_method = mystrdup(value);
else
msg_warn("%s: ignoring multiple %s attribute: %s",
message->queue_id, MAIL_ATTR_SASL_METHOD, value);
} else if (strcmp(name, MAIL_ATTR_SASL_USERNAME) == 0) {
if (message->sasl_username == 0)
message->sasl_username = mystrdup(value);
else
msg_warn("%s: ignoring multiple %s attribute: %s",
message->queue_id, MAIL_ATTR_SASL_USERNAME, value);
} else if (strcmp(name, MAIL_ATTR_SASL_SENDER) == 0) {
if (message->sasl_sender == 0)
message->sasl_sender = mystrdup(value);
else
msg_warn("%s: ignoring multiple %s attribute: %s",
message->queue_id, MAIL_ATTR_SASL_SENDER, value);
} else if (strcmp(name, MAIL_ATTR_LOG_IDENT) == 0) {
if (message->log_ident == 0)
message->log_ident = mystrdup(value);
else
msg_warn("%s: ignoring multiple %s attribute: %s",
message->queue_id, MAIL_ATTR_LOG_IDENT, value);
} else if (strcmp(name, MAIL_ATTR_RWR_CONTEXT) == 0) {
if (message->rewrite_context == 0)
message->rewrite_context = mystrdup(value);
else
msg_warn("%s: ignoring multiple %s attribute: %s",
message->queue_id, MAIL_ATTR_RWR_CONTEXT, value);
}
/*
* Optional tracing flags (verify, sendmail -v, sendmail -bv).
* This record is killed after a trace logfile report is sent and
* after the logfile is deleted.
*/
else if (strcmp(name, MAIL_ATTR_TRACE_FLAGS) == 0) {
message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
if (message->tflags == DEL_REQ_FLAG_RECORD)
message->tflags_offset = curr_offset;
else
message->tflags_offset = 0;
}
continue;
}
if (rec_type == REC_TYPE_WARN) {
if (message->warn_offset == 0) {
message->warn_offset = curr_offset;
REC_TYPE_WARN_SCAN(start, message->warn_time);
}
continue;
}
if (rec_type == REC_TYPE_VERP) {
if (message->verp_delims == 0) {
if (message->sender == 0 || message->sender[0] == 0) {
msg_warn("%s: ignoring VERP request for null sender",
message->queue_id);
} else if (verp_delims_verify(start) != 0) {
msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
message->queue_id, start);
} else {
if (msg_verbose)
msg_info("%s: enabling VERP for sender \"%.100s\"",
message->queue_id, message->sender);
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
}
continue;
}
}
/*
* Grr.
*/
if (dsn_orcpt != 0) {
if (rec_type > 0)
msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>",
message->queue_id, dsn_orcpt);
myfree(dsn_orcpt);
}
if (orig_rcpt != 0) {
if (rec_type > 0)
msg_warn("%s: ignoring out-of-order original recipient <%.200s>",
message->queue_id, orig_rcpt);
myfree(orig_rcpt);
}
/*
* After sending a "delayed" warning, request sender notification when
* message delivery is completed. While "mail delayed" notifications are
* bad enough because they multiply the amount of email traffic, "delay
* cleared" notifications are even worse because they come in a sudden
* burst when the queue drains after a network outage.
*/
if (var_dsn_delay_cleared && message->warn_time < 0)
message->tflags |= DEL_REQ_FLAG_REC_DLY_SENT;
/*
* Remember when we have read the last recipient batch. Note that we do
* it here after reading as reading might have used considerable amount
* of time.
*/
message->refill_time = sane_time();
/*
* Avoid clumsiness elsewhere in the program. When sending data across an
* IPC channel, sending an empty string is more convenient than sending a
* null pointer.
*/
if (message->dsn_envid == 0)
message->dsn_envid = mystrdup("");
if (message->encoding == 0)
message->encoding = mystrdup(MAIL_ATTR_ENC_NONE);
if (message->client_name == 0)
message->client_name = mystrdup("");
if (message->client_addr == 0)
message->client_addr = mystrdup("");
if (message->client_port == 0)
message->client_port = mystrdup("");
if (message->client_proto == 0)
message->client_proto = mystrdup("");
if (message->client_helo == 0)
message->client_helo = mystrdup("");
if (message->sasl_method == 0)
message->sasl_method = mystrdup("");
if (message->sasl_username == 0)
message->sasl_username = mystrdup("");
if (message->sasl_sender == 0)
message->sasl_sender = mystrdup("");
if (message->log_ident == 0)
message->log_ident = mystrdup("");
if (message->rewrite_context == 0)
message->rewrite_context = mystrdup(MAIL_ATTR_RWR_LOCAL);
/* Postfix < 2.3 compatibility. */
if (message->create_time == 0)
message->create_time = message->arrival_time.tv_sec;
/*
* Clean up.
*/
vstring_free(buf);
/*
* Sanity checks. Verify that all required information was found,
* including the queue file end marker.
*/
if (message->rcpt_unread < 0
|| (message->rcpt_offset == 0 && message->rcpt_unread != 0)) {
msg_warn("%s: rcpt count mismatch (%d)",
message->queue_id, message->rcpt_unread);
message->rcpt_unread = 0;
}
if (rec_type <= 0) {
/* Already logged warning. */
} else if (message->arrival_time.tv_sec == 0) {
msg_warn("%s: message rejected: missing arrival time record",
message->queue_id);
} else if (message->sender == 0) {
msg_warn("%s: message rejected: missing sender record",
message->queue_id);
} else if (message->data_offset == 0) {
msg_warn("%s: message rejected: missing size record",
message->queue_id);
} else {
return (0);
}
message->rcpt_offset = save_offset; /* restore flag */
message->rcpt_unread = save_unread; /* restore count */
recipient_list_free(&message->rcpt_list);
recipient_list_init(&message->rcpt_list, RCPT_LIST_INIT_QUEUE);
return (-1);
}
int main(int argc, char **argv)
{
static char *full_name = 0; /* sendmail -F */
struct stat st;
char *slash;
char *sender = 0; /* sendmail -f */
int c;
int fd;
int mode;
ARGV *ext_argv;
int debug_me = 0;
int err;
int n;
int flags = SM_FLAG_DEFAULT;
char *site_to_flush = 0;
char *id_to_flush = 0;
char *encoding = 0;
char *qtime = 0;
const char *errstr;
uid_t uid;
const char *rewrite_context = MAIL_ATTR_RWR_LOCAL;
int dsn_notify = 0;
int dsn_ret = 0;
const char *dsn_envid = 0;
int saved_optind;
/*
* Fingerprint executables and core dumps.
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
* Be consistent with file permissions.
*/
umask(022);
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
* fstat can return EBADF on an open file descriptor.
*/
for (fd = 0; fd < 3; fd++)
if (fstat(fd, &st) == -1
&& (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
msg_fatal_status(EX_OSERR, "open /dev/null: %m");
/*
* The CDE desktop calendar manager leaks a parent file descriptor into
* the child process. For the sake of sendmail compatibility we have to
* close the file descriptor otherwise mail notification will hang.
*/
for ( /* void */ ; fd < 100; fd++)
(void) close(fd);
/*
* Process environment options as early as we can. We might be called
* from a set-uid (set-gid) program, so be careful with importing
* environment variables.
*/
if (safe_getenv(CONF_ENV_VERB))
msg_verbose = 1;
if (safe_getenv(CONF_ENV_DEBUG))
debug_me = 1;
/*
* Initialize. Set up logging, read the global configuration file and
* extract configuration information. Set up signal handlers so that we
* can clean up incomplete output.
*/
if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
argv[0] = slash + 1;
msg_vstream_init(argv[0], VSTREAM_ERR);
msg_cleanup(tempfail);
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0]));
/*
* Check the Postfix library version as soon as we enable logging.
*/
MAIL_VERSION_CHECK;
/*
* Some sites mistakenly install Postfix sendmail as set-uid root. Drop
* set-uid privileges only when root, otherwise some systems will not
* reset the saved set-userid, which would be a security vulnerability.
*/
if (geteuid() == 0 && getuid() != 0) {
msg_warn("the Postfix sendmail command has set-uid root file permissions");
msg_warn("or the command is run from a set-uid root process");
msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions");
set_ugid(getuid(), getgid());
}
/*
* Further initialization. Load main.cf first, so that command-line
* options can override main.cf settings. Pre-scan the argument list so
* that we load the right main.cf file.
*/
#define GETOPT_LIST "A:B:C:F:GIL:N:O:R:UV:X:b:ce:f:h:imno:p:r:q:tvx"
saved_optind = optind;
while (argv[OPTIND] != 0) {
if (strcmp(argv[OPTIND], "-q") == 0) { /* not getopt compatible */
optind++;
continue;
}
if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
break;
if (c == 'C') {
VSTRING *buf = vstring_alloc(1);
if (setenv(CONF_ENV_PATH,
strcmp(sane_basename(buf, optarg), MAIN_CONF_FILE) == 0 ?
sane_dirname(buf, optarg) : optarg, 1) < 0)
msg_fatal_status(EX_UNAVAILABLE, "out of memory");
vstring_free(buf);
}
}
optind = saved_optind;
mail_conf_read();
/* Re-evaluate mail_task() after reading main.cf. */
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
get_mail_conf_str_table(str_table);
if (chdir(var_queue_dir))
msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
signal(SIGPIPE, SIG_IGN);
/*
* Optionally start the debugger on ourself. This must be done after
* reading the global configuration file, because that file specifies
* what debugger command to execute.
*/
if (debug_me)
debug_process();
/*
* The default mode of operation is determined by the process name. It
* can, however, be changed via command-line options (for example,
* "newaliases -bp" will show the mail queue).
*/
if (strcmp(argv[0], "mailq") == 0) {
mode = SM_MODE_MAILQ;
} else if (strcmp(argv[0], "newaliases") == 0) {
mode = SM_MODE_NEWALIAS;
} else if (strcmp(argv[0], "smtpd") == 0) {
mode = SM_MODE_DAEMON;
} else {
mode = SM_MODE_ENQUEUE;
}
/*
* Parse JCL. Sendmail has been around for a long time, and has acquired
* a large number of options in the course of time. Some options such as
* -q are not parsable with GETOPT() and get special treatment.
*/
#define OPTIND (optind > 0 ? optind : 1)
while (argv[OPTIND] != 0) {
if (strcmp(argv[OPTIND], "-q") == 0) {
if (mode == SM_MODE_DAEMON)
msg_warn("ignoring -q option in daemon mode");
else
mode = SM_MODE_FLUSHQ;
optind++;
continue;
}
if (strcmp(argv[OPTIND], "-V") == 0
&& argv[OPTIND + 1] != 0 && strlen(argv[OPTIND + 1]) == 2) {
msg_warn("option -V is deprecated with Postfix 2.3; "
"specify -XV instead");
argv[OPTIND] = "-XV";
}
if (strncmp(argv[OPTIND], "-V", 2) == 0 && strlen(argv[OPTIND]) == 4) {
msg_warn("option %s is deprecated with Postfix 2.3; "
"specify -X%s instead",
argv[OPTIND], argv[OPTIND] + 1);
argv[OPTIND] = concatenate("-X", argv[OPTIND] + 1, (char *) 0);
}
if (strcmp(argv[OPTIND], "-XV") == 0) {
verp_delims = var_verp_delims;
optind++;
continue;
}
if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
break;
switch (c) {
default:
if (msg_verbose)
msg_info("-%c option ignored", c);
break;
case 'n':
msg_fatal_status(EX_USAGE, "-%c option not supported", c);
case 'B':
if (strcmp(optarg, "8BITMIME") == 0)/* RFC 1652 */
encoding = MAIL_ATTR_ENC_8BIT;
else if (strcmp(optarg, "7BIT") == 0) /* RFC 1652 */
encoding = MAIL_ATTR_ENC_7BIT;
else
msg_fatal_status(EX_USAGE, "-B option needs 8BITMIME or 7BIT");
break;
case 'F': /* full name */
full_name = optarg;
break;
case 'G': /* gateway submission */
rewrite_context = MAIL_ATTR_RWR_REMOTE;
break;
case 'I': /* newaliases */
mode = SM_MODE_NEWALIAS;
break;
case 'N':
if ((dsn_notify = dsn_notify_mask(optarg)) == 0)
msg_warn("bad -N option value -- ignored");
break;
case 'R':
if ((dsn_ret = dsn_ret_code(optarg)) == 0)
msg_warn("bad -R option value -- ignored");
break;
case 'V': /* DSN, was: VERP */
if (strlen(optarg) > 100)
msg_warn("too long -V option value -- ignored");
else if (!allprint(optarg))
msg_warn("bad syntax in -V option value -- ignored");
else
dsn_envid = optarg;
break;
case 'X':
switch (*optarg) {
default:
msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
case 'V': /* VERP */
if (verp_delims_verify(optarg + 1) != 0)
msg_fatal_status(EX_USAGE, "-V requires two characters from %s",
var_verp_filter);
verp_delims = optarg + 1;
break;
}
break;
case 'b':
switch (*optarg) {
default:
msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
case 'd': /* daemon mode */
case 'l': /* daemon mode */
if (mode == SM_MODE_FLUSHQ)
msg_warn("ignoring -q option in daemon mode");
mode = SM_MODE_DAEMON;
break;
case 'h': /* print host status */
case 'H': /* flush host status */
mode = SM_MODE_IGNORE;
break;
case 'i': /* newaliases */
mode = SM_MODE_NEWALIAS;
break;
case 'm': /* deliver mail */
mode = SM_MODE_ENQUEUE;
break;
case 'p': /* mailq */
mode = SM_MODE_MAILQ;
break;
case 's': /* stand-alone mode */
mode = SM_MODE_USER;
break;
case 'v': /* expand recipients */
flags |= DEL_REQ_FLAG_USR_VRFY;
break;
}
break;
case 'f':
sender = optarg;
break;
case 'i':
flags &= ~SM_FLAG_AEOF;
break;
case 'o':
switch (*optarg) {
default:
if (msg_verbose)
msg_info("-%c%c option ignored", c, *optarg);
break;
case 'A':
if (optarg[1] == 0)
msg_fatal_status(EX_USAGE, "-oA requires pathname");
myfree(var_alias_db_map);
var_alias_db_map = mystrdup(optarg + 1);
set_mail_conf_str(VAR_ALIAS_DB_MAP, var_alias_db_map);
break;
case '7':
case '8':
break;
case 'i':
flags &= ~SM_FLAG_AEOF;
break;
case 'm':
break;
}
break;
case 'r': /* obsoleted by -f */
sender = optarg;
break;
case 'q':
if (ISDIGIT(optarg[0])) {
qtime = optarg;
} else if (optarg[0] == 'R') {
site_to_flush = optarg + 1;
if (*site_to_flush == 0)
msg_fatal_status(EX_USAGE, "specify: -qRsitename");
} else if (optarg[0] == 'I') {
id_to_flush = optarg + 1;
if (*id_to_flush == 0)
msg_fatal_status(EX_USAGE, "specify: -qIqueueid");
} else {
msg_fatal_status(EX_USAGE, "-q%c is not implemented",
optarg[0]);
}
break;
case 't':
flags |= SM_FLAG_XRCPT;
break;
case 'v':
msg_verbose++;
break;
case '?':
msg_fatal_status(EX_USAGE, "usage: %s [options]", argv[0]);
}
}
/*
* Look for conflicting options and arguments.
*/
if ((flags & SM_FLAG_XRCPT) && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-t can be used only in delivery mode");
if (site_to_flush && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-qR can be used only in delivery mode");
if (id_to_flush && mode != SM_MODE_ENQUEUE)
msg_fatal_status(EX_USAGE, "-qI can be used only in delivery mode");
if (flags & DEL_REQ_FLAG_USR_VRFY) {
if (flags & SM_FLAG_XRCPT)
msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv");
if (dsn_notify)
msg_fatal_status(EX_USAGE, "-N option cannot be used with -bv");
if (dsn_ret)
msg_fatal_status(EX_USAGE, "-R option cannot be used with -bv");
if (msg_verbose == 1)
msg_fatal_status(EX_USAGE, "-v option cannot be used with -bv");
}
/*
* The -v option plays double duty. One requests verbose delivery, more
* than one requests verbose logging.
*/
if (msg_verbose == 1 && mode == SM_MODE_ENQUEUE) {
msg_verbose = 0;
flags |= DEL_REQ_FLAG_RECORD;
}
/*
* Start processing. Everything is delegated to external commands.
*/
if (qtime && mode != SM_MODE_DAEMON)
exit(0);
switch (mode) {
default:
msg_panic("unknown operation mode: %d", mode);
/* NOTREACHED */
case SM_MODE_ENQUEUE:
if (site_to_flush) {
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "flush site requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-s", site_to_flush, (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
} else if (id_to_flush) {
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "flush queue_id requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-i", id_to_flush, (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
} else {
enqueue(flags, encoding, dsn_envid, dsn_ret, dsn_notify,
rewrite_context, sender, full_name, argv + OPTIND);
exit(0);
/* NOTREACHED */
}
break;
case SM_MODE_MAILQ:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"display queue mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-p", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_FLUSHQ:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"flush queue mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postqueue", "-f", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_DAEMON:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE, "daemon mode requires no recipient");
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postfix", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_add(ext_argv, "start", (char *) 0);
argv_terminate(ext_argv);
err = (mail_run_background(var_command_dir, ext_argv->argv) < 0);
argv_free(ext_argv);
exit(err);
break;
case SM_MODE_NEWALIAS:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"alias initialization mode requires no recipient");
if (*var_alias_db_map == 0)
return (0);
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postalias", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_split_append(ext_argv, var_alias_db_map, CHARS_COMMA_SP);
argv_terminate(ext_argv);
mail_run_replace(var_command_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_USER:
if (argv[OPTIND])
msg_fatal_status(EX_USAGE,
"stand-alone mode requires no recipient");
/* The actual enforcement happens in the postdrop command. */
if ((errstr = check_user_acl_byuid(VAR_SUBMIT_ACL, var_submit_acl,
uid = getuid())) != 0)
msg_fatal_status(EX_NOPERM,
"User %s(%ld) is not allowed to submit mail",
errstr, (long) uid);
ext_argv = argv_alloc(2);
argv_add(ext_argv, "smtpd", "-S", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(ext_argv, "-v", (char *) 0);
argv_terminate(ext_argv);
mail_run_replace(var_daemon_dir, ext_argv->argv);
/* NOTREACHED */
case SM_MODE_IGNORE:
exit(0);
/* NOTREACHED */
}
}
