int bounce_warn_service(int unused_flags, char *service, char *queue_name, char *queue_id, char *encoding, char *recipient) { BOUNCE_INFO *bounce_info; int bounce_status = 1; int postmaster_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); char *postmaster; /* * Initialize. Open queue file, bounce log, etc. */ bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, BOUNCE_MSG_WARN); #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_TRACE_FLAGS 0 #define BOUNCE_HEADERS 1 /* * The choice of sender address depends on the recipient address. For a * single bounce (a non-delivery notification to the message originator), * the sender address is the empty string. For a double bounce (typically * a failed single bounce, or a postmaster notification that was produced * by any of the mail processes) the sender address is defined by the * var_double_bounce_sender configuration variable. When a double bounce * cannot be delivered, the queue manager blackholes the resulting triple * bounce message. */ /* * Double bounce failed. Never send a triple bounce. * * However, this does not prevent double bounces from bouncing on other * systems. In order to cope with this, either the queue manager must * recognize the double-bounce recipient address and discard mail, or * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; } /* * Single bounce failed. Optionally send a double bounce to postmaster. */ #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE) #define SKIP_IF_DELAY ((notify_mask & MAIL_ERROR_DELAY) == 0) else if (*recipient == 0) { if (SKIP_IF_DELAY) { bounce_status = 0; } else { postmaster = var_delay_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { /* * Double bounce to Postmaster. This is the last opportunity * for this message to be delivered. Send the text with * reason for the bounce, and the headers of the original * message. Don't bother sending the boiler-plate text. */ if (!bounce_header(bounce, bounce_info, postmaster) && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_HEADERS); bounce_status = post_mail_fclose(bounce); } } } /* * Non-bounce failed. Send a single bounce. */ else { if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { /* * Send the bounce message header, some boilerplate text that * pretends that we are a polite mail system, the text with * reason for the bounce, and a copy of the original message. */ if (bounce_header(bounce, bounce_info, recipient) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_HEADERS); bounce_status = post_mail_fclose(bounce); } /* * Optionally, send a postmaster notice. * * This postmaster notice is not critical, so if it fails don't * retransmit the bounce that we just generated, just log a warning. */ #define WANT_IF_DELAY ((notify_mask & MAIL_ERROR_DELAY)) if (bounce_status == 0 && WANT_IF_DELAY && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of * the original message. Don't bother sending the boiler-plate * text. This postmaster notice is not critical, so if it fails * don't retransmit the bounce that we just generated, just log a * warning. */ postmaster = var_delay_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, CLEANUP_FLAG_MASK_INTERNAL, NULL_TRACE_FLAGS)) != 0) { if (bounce_header(bounce, bounce_info, postmaster) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info) == 0) bounce_original(bounce, bounce_info, BOUNCE_HEADERS); postmaster_status = post_mail_fclose(bounce); } if (postmaster_status) msg_warn("postmaster notice failed while bouncing to %s", recipient); } } /* * Cleanup. */ bounce_mail_free(bounce_info); return (bounce_status); }
int bounce_trace_service(int flags, char *service, char *queue_name, char *queue_id, char *encoding, int smtputf8, char *recipient, char *dsn_envid, int unused_dsn_ret, BOUNCE_TEMPLATES *ts) { BOUNCE_INFO *bounce_info; int bounce_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); VSTRING *new_id; int count; const char *sender; /* * For consistency with fail/delay notifications, send notification for a * non-bounce message as a single-bounce message, send notification for a * single-bounce message as a double-bounce message, and drop requests to * send notification for a double-bounce message. */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_info("%s: not sending trace/success notification for " "double-bounce message", queue_id); return (0); } else if (*recipient == 0) { if ((notify_mask & MAIL_ERROR_2BOUNCE) != 0) { recipient = var_2bounce_rcpt; sender = mail_addr_double_bounce(); } else { msg_info("%s: not sending trace/success notification " "for single-bounce message", queue_id); if (mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); return (0); } } else { /* Always send notification for non-bounce message. */ sender = NULL_SENDER; } /* * Initialize. Open queue file, bounce log, etc. * * XXX DSN The trace service produces information from the trace logfile * which is used for three types of reports: * * a) "what-if" reports that show what would happen without actually * delivering mail (sendmail -bv). * * b) A report of actual deliveries (sendmail -v). * * c) DSN NOTIFY=SUCCESS reports of successful delivery ("delivered", * "expanded" or "relayed"). */ #define NON_DSN_FLAGS (DEL_REQ_FLAG_USR_VRFY | DEL_REQ_FLAG_RECORD) bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, smtputf8, dsn_envid, flags & NON_DSN_FLAGS ? ts->verify : ts->success); /* * XXX With multi-recipient mail some queue file recipients may have * NOTIFY=SUCCESS and others not. Depending on what subset of recipients * are delivered, a trace file may or may not be created. Even when the * last partial delivery attempt had no NOTIFY=SUCCESS recipients, a * trace file may still exist from a previous partial delivery attempt. * So as long as any recipient in the original queue file had * NOTIFY=SUCCESS we have to always look for the trace file and be * prepared for the file not to exist. * * See also comments in qmgr/qmgr_active.c. */ if (bounce_info->log_handle == 0) { if (msg_verbose) msg_info("%s: no trace file -- not sending a notification", queue_id); bounce_mail_free(bounce_info); return (0); } #define NULL_TRACE_FLAGS 0 /* * Send a single bounce with a template message header, some boilerplate * text that pretends that we are a polite mail system, the text with * per-recipient status, and a copy of the original message. * * XXX DSN We use the same trace file for "what-if", "verbose delivery" and * "success" delivery reports. This saves file system overhead because * there are fewer potential left-over files to remove up when we create * a new queue file. */ new_id = vstring_alloc(10); if ((bounce = post_mail_fopen_nowait(sender, recipient, MAIL_SRC_MASK_BOUNCE, NULL_TRACE_FLAGS, smtputf8, new_id)) != 0) { count = -1; if (bounce_header(bounce, bounce_info, recipient, NO_POSTMASTER_COPY) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_HDRS); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: sender delivery status notification: %s", queue_id, STR(new_id)); } else { (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } /* * Examine the completion status. Delete the trace log file only when the * status notice was posted successfully. */ if (bounce_status == 0 && mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); /* * Cleanup. */ bounce_mail_free(bounce_info); vstring_free(new_id); return (bounce_status); }
int bounce_notify_service(int flags, char *service, char *queue_name, char *queue_id, char *encoding, char *recipient, char *dsn_envid, int dsn_ret, BOUNCE_TEMPLATES *ts) { BOUNCE_INFO *bounce_info; int bounce_status = 1; int postmaster_status = 1; VSTREAM *bounce; int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, var_notify_classes); VSTRING *new_id = vstring_alloc(10); char *postmaster; int count; /* * Initialize. Open queue file, bounce log, etc. * * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports * from information in two following types of logfile: * * 1 - bounce: this file is used for RFC 3464-style reports of permanent * delivery errors by the bounce(8) service. This reports to the sender * all recipients that have no DSN NOTIFY information (compatibility) and * all recipients that have DSN NOTIFY=FAILURE; this reports to * postmaster all recipients, if postmaster notification is enabled. * * 2 - defer: this file is used for three types of report: * * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service. * This reports to the sender all recipients that have no DSN NOTIFY * information (compatibility) and all recipients that have DSN * NOTIFY=FAILURE; this reports to postmaster all recipients, if * postmaster notification is enabled. * * Other reports that other servers produce from the defer logfile: * * 2b) On-demand reports of all delayed deliveries by the showq(8) service * and mailq(1) command. This reports all recipients that have a * transient delivery error. * * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service. * This reports to the sender all recipients that have no DSN NOTIFY * information (compatibility) and all recipients that have DSN * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster * notification is enabled. */ bounce_info = bounce_mail_init(service, queue_name, queue_id, encoding, dsn_envid, ts->failure); #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_TRACE_FLAGS 0 /* * The choice of sender address depends on the recipient address. For a * single bounce (a non-delivery notification to the message originator), * the sender address is the empty string. For a double bounce (typically * a failed single bounce, or a postmaster notification that was produced * by any of the mail processes) the sender address is defined by the * var_double_bounce_sender configuration variable. When a double bounce * cannot be delivered, the queue manager blackholes the resulting triple * bounce message. */ /* * Double bounce failed. Never send a triple bounce. * * However, this does not prevent double bounces from bouncing on other * systems. In order to cope with this, either the queue manager must * recognize the double-bounce recipient address and discard mail, or * every delivery agent must recognize the double-bounce sender address * and substitute something else so mail does not come back at us. */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { msg_warn("%s: undeliverable postmaster notification discarded", queue_id); bounce_status = 0; } /* * Single bounce failed. Optionally send a double bounce to postmaster, * subject to notify_classes restrictions. */ #define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE) #define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE) else if (*recipient == 0) { if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) { bounce_status = 0; } else { postmaster = var_2bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { /* * Double bounce to Postmaster. This is the last opportunity * for this message to be delivered. Send the text with * reason for the bounce, and the headers of the original * message. Don't bother sending the boiler-plate text. */ count = -1; if (bounce_header(bounce, bounce_info, postmaster, POSTMASTER_COPY) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_FULL); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: postmaster non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } } } /* * Non-bounce failed. Send a single bounce to the sender, subject to DSN * NOTIFY restrictions. */ else { if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { /* * Send the bounce message header, some boilerplate text that * pretends that we are a polite mail system, the text with * reason for the bounce, and a copy of the original message. */ count = -1; if (bounce_header(bounce, bounce_info, recipient, NO_POSTMASTER_COPY) == 0 && bounce_boilerplate(bounce, bounce_info) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_FAILURE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_FAILURE) > 0) { bounce_original(bounce, bounce_info, dsn_ret ? dsn_ret : DSN_RET_FULL); bounce_status = post_mail_fclose(bounce); if (bounce_status == 0) msg_info("%s: sender non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) bounce_status = 0; } } /* * Optionally, send a postmaster notice, subject to notify_classes * restrictions. * * This postmaster notice is not critical, so if it fails don't * retransmit the bounce that we just generated, just log a warning. */ #define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE) if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE && strcasecmp(recipient, mail_addr_double_bounce()) != 0) { /* * Send the text with reason for the bounce, and the headers of * the original message. Don't bother sending the boiler-plate * text. This postmaster notice is not critical, so if it fails * don't retransmit the bounce that we just generated, just log a * warning. */ postmaster = var_bounce_rcpt; if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), postmaster, INT_FILT_MASK_BOUNCE, NULL_TRACE_FLAGS, new_id)) != 0) { count = -1; if (bounce_header(bounce, bounce_info, postmaster, POSTMASTER_COPY) == 0 && (count = bounce_diagnostic_log(bounce, bounce_info, DSN_NOTIFY_OVERRIDE)) > 0 && bounce_header_dsn(bounce, bounce_info) == 0 && bounce_diagnostic_dsn(bounce, bounce_info, DSN_NOTIFY_OVERRIDE) > 0) { bounce_original(bounce, bounce_info, DSN_RET_HDRS); postmaster_status = post_mail_fclose(bounce); if (postmaster_status == 0) msg_info("%s: postmaster non-delivery notification: %s", queue_id, STR(new_id)); } else { /* No applicable recipients found - cancel this notice. */ (void) vstream_fclose(bounce); if (count == 0) postmaster_status = 0; } } if (postmaster_status) msg_warn("%s: postmaster notice failed while bouncing to %s", queue_id, recipient); } } /* * Optionally, delete the recipients from the queue file. */ if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT)) bounce_delrcpt(bounce_info); /* * Examine the completion status. Delete the bounce log file only when * the bounce was posted successfully, and only if we are bouncing for * real, not just warning. */ if (bounce_status == 0 && mail_queue_remove(service, queue_id) && errno != ENOENT) msg_fatal("remove %s %s: %m", service, queue_id); /* * Cleanup. */ bounce_mail_free(bounce_info); vstring_free(new_id); return (bounce_status); }