static int deliver_message(DELIVER_REQUEST *request)
{
const char *myname = "deliver_message";
VSTREAM *src;
int result = 0;
int status;
RECIPIENT *rcpt;
int nrcpt;
DSN_SPLIT dp;
DSN dsn;
if (msg_verbose)
msg_info("deliver_message: from %s", request->sender);
/*
* Sanity checks.
*/
if (request->nexthop[0] == 0)
msg_fatal("empty nexthop hostname");
if (request->rcpt_list.len <= 0)
msg_fatal("recipient count: %d", request->rcpt_list.len);
/*
* Open the queue file. Opening the file can fail for a variety of
* reasons, such as the system running out of resources. Instead of
* throwing away mail, we're raising a fatal error which forces the mail
* system to back off, and retry later.
*/
src = mail_queue_open(request->queue_name, request->queue_id,
O_RDWR, 0);
if (src == 0)
msg_fatal("%s: open %s %s: %m", myname,
request->queue_name, request->queue_id);
if (msg_verbose)
msg_info("%s: file %s", myname, VSTREAM_PATH(src));
/*
* Discard all recipients.
*/
#define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS(request->flags)
dsn_split(&dp, "2.0.0", request->nexthop);
(void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
rcpt = request->rcpt_list.info + nrcpt;
status = sent(BOUNCE_FLAGS(request), request->queue_id,
&request->msg_stats, rcpt, "none", &dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset);
result |= status;
}
/*
* Clean up.
*/
if (vstream_fclose(src))
msg_warn("close %s %s: %m", request->queue_name, request->queue_id);
return (result);
}
int cleanup_bounce(CLEANUP_STATE *state)
{
const char *myname = "cleanup_bounce";
VSTRING *buf = vstring_alloc(100);
const CLEANUP_STAT_DETAIL *detail;
DSN_SPLIT dp;
const char *dsn_status;
const char *dsn_text;
char *rcpt = 0;
RECIPIENT recipient;
DSN dsn;
char *attr_name;
char *attr_value;
char *dsn_orcpt = 0;
int dsn_notify = 0;
char *orig_rcpt = 0;
char *start;
int rec_type;
int junk;
long curr_offset;
const char *encoding;
const char *dsn_envid;
int dsn_ret;
int bounce_err;
/*
* Parse the failure reason if one was given, otherwise use a generic
* mapping from cleanup-internal error code to (DSN + text).
*/
if (state->reason) {
dsn_split(&dp, "5.0.0", state->reason);
dsn_status = DSN_STATUS(dp.dsn);
dsn_text = dp.text;
} else {
detail = cleanup_stat_detail(state->errs);
dsn_status = detail->dsn;
dsn_text = detail->text;
}
/*
* Create a bounce logfile with one entry for each final recipient.
* Degrade gracefully in case of no recipients or no queue file.
*
* Victor Duchovni observes that the number of recipients in the queue file
* can potentially be very large due to virtual alias expansion. This can
* expand the recipient count by virtual_alias_expansion_limit (default:
* 1000) times.
*
* After a queue file write error, purge any unwritten data (so that
* vstream_fseek() won't fail while trying to flush it) and reset the
* stream error flags to avoid false alarms.
*/
if (vstream_ferror(state->dst) || vstream_fflush(state->dst)) {
(void) vstream_fpurge(state->dst, VSTREAM_PURGE_BOTH);
vstream_clearerr(state->dst);
}
if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path);
while ((state->errs & CLEANUP_STAT_WRITE) == 0) {
if ((curr_offset = vstream_ftell(state->dst)) < 0)
msg_fatal("%s: vstream_ftell %s: %m", myname, cleanup_path);
if ((rec_type = rec_get(state->dst, buf, 0)) <= 0
|| rec_type == REC_TYPE_END)
break;
start = STR(buf);
if (rec_type == REC_TYPE_ATTR) {
if (split_nameval(STR(buf), &attr_name, &attr_value) != 0
|| *attr_value == 0)
continue;
/* Map attribute names to pseudo record type. */
if ((junk = rec_attr_map(attr_name)) != 0) {
start = attr_value;
rec_type = junk;
}
}
switch (rec_type) {
case REC_TYPE_DSN_ORCPT: /* RCPT TO ORCPT parameter */
if (dsn_orcpt != 0) /* can't happen */
myfree(dsn_orcpt);
dsn_orcpt = mystrdup(start);
break;
case REC_TYPE_DSN_NOTIFY: /* RCPT TO NOTIFY parameter */
if (alldig(start) && (junk = atoi(start)) > 0
&& DSN_NOTIFY_OK(junk))
dsn_notify = junk;
else
dsn_notify = 0;
break;
case REC_TYPE_ORCP: /* unmodified RCPT TO address */
if (orig_rcpt != 0) /* can't happen */
myfree(orig_rcpt);
orig_rcpt = mystrdup(start);
break;
case REC_TYPE_RCPT: /* rewritten RCPT TO address */
rcpt = start;
RECIPIENT_ASSIGN(&recipient, curr_offset,
dsn_orcpt ? dsn_orcpt : "", dsn_notify,
orig_rcpt ? orig_rcpt : rcpt, rcpt);
(void) DSN_SIMPLE(&dsn, dsn_status, dsn_text);
cleanup_bounce_append(state, &recipient, &dsn);
/* FALLTHROUGH */
case REC_TYPE_DRCP: /* canceled recipient */
case REC_TYPE_DONE: /* can't happen */
if (orig_rcpt != 0) {
myfree(orig_rcpt);
orig_rcpt = 0;
}
if (dsn_orcpt != 0) {
myfree(dsn_orcpt);
dsn_orcpt = 0;
}
dsn_notify = 0;
break;
}
}
if (orig_rcpt != 0) /* can't happen */
myfree(orig_rcpt);
if (dsn_orcpt != 0) /* can't happen */
myfree(dsn_orcpt);
/*
* No recipients. Yes, this can happen.
*/
if ((state->errs & CLEANUP_STAT_WRITE) == 0 && rcpt == 0) {
RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown");
(void) DSN_SIMPLE(&dsn, dsn_status, dsn_text);
cleanup_bounce_append(state, &recipient, &dsn);
}
vstring_free(buf);
/*
* Flush the bounce logfile to the sender. See also qmgr_active.c.
*/
if ((state->errs & CLEANUP_STAT_WRITE) == 0) {
if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) == 0)
encoding = MAIL_ATTR_ENC_NONE;
dsn_envid = state->dsn_envid ?
state->dsn_envid : "";
/* Do not send unfiltered (body) content. */
dsn_ret = (state->errs & (CLEANUP_STAT_CONT | CLEANUP_STAT_SIZE)) ?
DSN_RET_HDRS : state->dsn_ret;
if (state->verp_delims == 0 || var_verp_bounce_off) {
bounce_err =
bounce_flush(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret);
} else {
bounce_err =
bounce_flush_verp(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret, state->verp_delims);
}
if (bounce_err != 0) {
msg_warn("%s: bounce message failure", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE;
}
}
/*
* Schedule this message (and trace logfile) for deletion when all is
* well. When all is not well these files would be deleted too, but the
* client would get a different completion status so we have to carefully
* maintain the bits anyway.
*/
if ((state->errs &= CLEANUP_STAT_WRITE) == 0)
state->flags |= CLEANUP_FLAG_DISCARD;
return (state->errs);
}
void qmgr_deliver(QMGR_TRANSPORT *transport, VSTREAM *stream)
{
QMGR_QUEUE *queue;
QMGR_ENTRY *entry;
DSN dsn;
/*
* Find out if this delivery process is really available. Once elected,
* the delivery process is supposed to express its happiness. If there is
* a problem, wipe the pending deliveries for this transport. This
* routine runs in response to an external event, so it does not run
* while some other queue manipulation is happening.
*/
if (stream == 0 || qmgr_deliver_initial_reply(stream) != 0) {
#if 0
whatsup = concatenate(transport->name,
" mail transport unavailable", (char *) 0);
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsn, "4.3.0", whatsup));
myfree(whatsup);
#else
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsn, "4.3.0",
"mail transport unavailable"));
#endif
qmgr_defer_transport(transport, &dsn);
if (stream)
(void) vstream_fclose(stream);
return;
}
/*
* Find a suitable queue entry. Things may have changed since this
* transport was allocated. If no suitable entry is found,
* unceremoniously disconnect from the delivery process. The delivery
* agent request reading routine is prepared for the queue manager to
* change its mind for no apparent reason.
*/
if ((queue = qmgr_queue_select(transport)) == 0
|| (entry = qmgr_entry_select(queue)) == 0) {
(void) vstream_fclose(stream);
return;
}
/*
* Send the queue file info and recipient info to the delivery process.
* If there is a problem, wipe the pending deliveries for this transport.
* This routine runs in response to an external event, so it does not run
* while some other queue manipulation is happening.
*/
if (qmgr_deliver_send_request(entry, stream) < 0) {
qmgr_entry_unselect(queue, entry);
#if 0
whatsup = concatenate(transport->name,
" mail transport unavailable", (char *) 0);
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsn, "4.3.0", whatsup));
myfree(whatsup);
#else
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsn, "4.3.0",
"mail transport unavailable"));
#endif
qmgr_defer_transport(transport, &dsn);
/* warning: entry and queue may be dangling pointers here */
(void) vstream_fclose(stream);
return;
}
/*
* If we get this far, go wait for the delivery status report.
*/
qmgr_deliver_concurrency++;
entry->stream = stream;
event_enable_read(vstream_fileno(stream),
qmgr_deliver_update, (char *) entry);
/*
* Guard against broken systems.
*/
event_request_timer(qmgr_deliver_abort, (char *) entry, var_daemon_timeout);
}
static void qmgr_deliver_update(int unused_event, char *context)
{
QMGR_ENTRY *entry = (QMGR_ENTRY *) context;
QMGR_QUEUE *queue = entry->queue;
QMGR_TRANSPORT *transport = queue->transport;
QMGR_MESSAGE *message = entry->message;
static DSN_BUF *dsb;
int status;
/*
* Release the delivery agent from a "hot" queue entry.
*/
#define QMGR_DELIVER_RELEASE_AGENT(entry) do { \
event_disable_readwrite(vstream_fileno(entry->stream)); \
(void) vstream_fclose(entry->stream); \
entry->stream = 0; \
qmgr_deliver_concurrency--; \
} while (0)
if (dsb == 0)
dsb = dsb_create();
/*
* The message transport has responded. Stop the watchdog timer.
*/
event_cancel_timer(qmgr_deliver_abort, context);
/*
* Retrieve the delivery agent status report. The numerical status code
* indicates if delivery should be tried again. The reason text is sent
* only when a site should be avoided for a while, so that the queue
* manager can log why it does not even try to schedule delivery to the
* affected recipients.
*/
status = qmgr_deliver_final_reply(entry->stream, dsb);
/*
* The mail delivery process failed for some reason (although delivery
* may have been successful). Back off with this transport type for a
* while. Dispose of queue entries for this transport that await
* selection (the todo lists). Stay away from queue entries that have
* been selected (the busy lists), or we would have dangling pointers.
* The queue itself won't go away before we dispose of the current queue
* entry.
*/
if (status == DELIVER_STAT_CRASH) {
message->flags |= DELIVER_STAT_DEFER;
#if 0
whatsup = concatenate("unknown ", transport->name,
" mail transport error", (char *) 0);
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsb->dsn, "4.3.0", whatsup));
myfree(whatsup);
#else
qmgr_transport_throttle(transport,
DSN_SIMPLE(&dsb->dsn, "4.3.0",
"unknown mail transport error"));
#endif
msg_warn("transport %s failure -- see a previous warning/fatal/panic logfile record for the problem description",
transport->name);
/*
* Assume the worst and write a defer logfile record for each
* recipient. This omission was already present in the first queue
* manager implementation of 199703, and was fixed 200511.
*
* To avoid the synchronous qmgr_defer_recipient() operation for each
* recipient of this queue entry, release the delivery process and
* move the entry back to the todo queue. Let qmgr_defer_transport()
* log the recipient asynchronously if possible, and get out of here.
* Note: if asynchronous logging is not possible,
* qmgr_defer_transport() eventually invokes qmgr_entry_done() and
* the entry becomes a dangling pointer.
*/
QMGR_DELIVER_RELEASE_AGENT(entry);
qmgr_entry_unselect(queue, entry);
qmgr_defer_transport(transport, &dsb->dsn);
return;
}
/*
* This message must be tried again.
*
* If we have a problem talking to this site, back off with this site for a
* while; dispose of queue entries for this site that await selection
* (the todo list); stay away from queue entries that have been selected
* (the busy list), or we would have dangling pointers. The queue itself
* won't go away before we dispose of the current queue entry.
*
* XXX Caution: DSN_COPY() will panic on empty status or reason.
*/
#define SUSPENDED "delivery temporarily suspended: "
if (status == DELIVER_STAT_DEFER) {
message->flags |= DELIVER_STAT_DEFER;
if (VSTRING_LEN(dsb->status)) {
/* Sanitize the DSN status/reason from the delivery agent. */
if (!dsn_valid(vstring_str(dsb->status)))
vstring_strcpy(dsb->status, "4.0.0");
if (VSTRING_LEN(dsb->reason) == 0)
vstring_strcpy(dsb->reason, "unknown error");
vstring_prepend(dsb->reason, SUSPENDED, sizeof(SUSPENDED) - 1);
if (QMGR_QUEUE_READY(queue)) {
qmgr_queue_throttle(queue, DSN_FROM_DSN_BUF(dsb));
if (QMGR_QUEUE_THROTTLED(queue))
qmgr_defer_todo(queue, &dsb->dsn);
}
}
}
/*
* No problems detected. Mark the transport and queue as alive. The queue
* itself won't go away before we dispose of the current queue entry.
*/
if (status != DELIVER_STAT_CRASH && VSTRING_LEN(dsb->reason) == 0) {
qmgr_transport_unthrottle(transport);
qmgr_queue_unthrottle(queue);
}
/*
* Release the delivery process, and give some other queue entry a chance
* to be delivered. When all recipients for a message have been tried,
* decide what to do next with this message: defer, bounce, delete.
*/
QMGR_DELIVER_RELEASE_AGENT(entry);
qmgr_entry_done(entry, QMGR_QUEUE_BUSY);
}
static void qmgr_message_resolve(QMGR_MESSAGE *message)
{
static ARGV *defer_xport_argv;
RECIPIENT_LIST list = message->rcpt_list;
RECIPIENT *recipient;
QMGR_TRANSPORT *transport = 0;
QMGR_QUEUE *queue = 0;
RESOLVE_REPLY reply;
VSTRING *queue_name;
char *at;
char **cpp;
char *nexthop;
ssize_t len;
int status;
DSN dsn;
MSG_STATS stats;
DSN *saved_dsn;
#define STREQ(x,y) (strcmp(x,y) == 0)
#define STR vstring_str
#define LEN VSTRING_LEN
resolve_clnt_init(&reply);
queue_name = vstring_alloc(1);
for (recipient = list.info; recipient < list.info + list.len; recipient++) {
/*
* Redirect overrides all else. But only once (per entire message).
* For consistency with the remainder of Postfix, rewrite the address
* to canonical form before resolving it.
*/
if (message->redirect_addr) {
if (recipient > list.info) {
recipient->u.queue = 0;
continue;
}
message->rcpt_offset = 0;
message->rcpt_unread = 0;
rewrite_clnt_internal(REWRITE_CANON, message->redirect_addr,
reply.recipient);
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
if (qmgr_resolve_one(message, recipient,
recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
}
/*
* Content filtering overrides the address resolver.
*
* XXX Bypass content_filter inspection for user-generated probes
* (sendmail -bv). MTA-generated probes never have the "please filter
* me" bits turned on, but we handle them here anyway for the sake of
* future proofing.
*/
#define FILTER_WITHOUT_NEXTHOP(filter, next) \
(((next) = split_at((filter), ':')) == 0 || *(next) == 0)
#define RCPT_WITHOUT_DOMAIN(rcpt, next) \
((next = strrchr(rcpt, '@')) == 0 || *++(next) == 0)
else if (message->filter_xport
&& (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) {
reply.flags = 0;
vstring_strcpy(reply.transport, message->filter_xport);
if (FILTER_WITHOUT_NEXTHOP(STR(reply.transport), nexthop)
&& *(nexthop = var_def_filter_nexthop) == 0
&& RCPT_WITHOUT_DOMAIN(recipient->address, nexthop))
nexthop = var_myhostname;
vstring_strcpy(reply.nexthop, nexthop);
vstring_strcpy(reply.recipient, recipient->address);
}
/*
* Resolve the destination to (transport, nexthop, address). The
* result address may differ from the one specified by the sender.
*/
else {
if (qmgr_resolve_one(message, recipient,
recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
}
/*
* Bounce null recipients. This should never happen, but is most
* likely the result of a fault in a different program, so aborting
* the queue manager process does not help.
*/
if (recipient->address[0] == 0) {
QMGR_REDIRECT(&reply, MAIL_SERVICE_ERROR,
"5.1.3 null recipient address");
}
/*
* Discard mail to the local double bounce address here, so this
* system can run without a local delivery agent. They'd still have
* to configure something for mail directed to the local postmaster,
* though, but that is an RFC requirement anyway.
*
* XXX This lookup should be done in the resolver, and the mail should
* be directed to a general-purpose null delivery agent.
*/
if (reply.flags & RESOLVE_CLASS_LOCAL) {
at = strrchr(STR(reply.recipient), '@');
len = (at ? (at - STR(reply.recipient))
: strlen(STR(reply.recipient)));
if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
len) == 0
&& !var_double_bounce_sender[len]) {
status = sent(message->tflags, message->queue_id,
QMGR_MSG_STATS(&stats, message), recipient,
"none", DSN_SIMPLE(&dsn, "2.0.0",
"undeliverable postmaster notification discarded"));
if (status == 0) {
deliver_completed(message->fp, recipient->offset);
#if 0
/* It's the default verification probe sender address. */
msg_warn("%s: undeliverable postmaster notification discarded",
message->queue_id);
#endif
} else
message->flags |= status;
continue;
}
}
/*
* Optionally defer deliveries over specific transports, unless the
* restriction is lifted temporarily.
*/
if (*var_defer_xports && (message->qflags & QMGR_FLUSH_DFXP) == 0) {
if (defer_xport_argv == 0)
defer_xport_argv = argv_split(var_defer_xports, CHARS_COMMA_SP);
for (cpp = defer_xport_argv->argv; *cpp; cpp++)
if (strcmp(*cpp, STR(reply.transport)) == 0)
break;
if (*cpp) {
QMGR_REDIRECT(&reply, MAIL_SERVICE_RETRY,
"4.3.2 deferred transport");
}
}
/*
* Look up or instantiate the proper transport.
*/
if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) {
if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
transport = qmgr_transport_create(STR(reply.transport));
queue = 0;
}
/*
* This message is being flushed. If need-be unthrottle the
* transport.
*/
if ((message->qflags & QMGR_FLUSH_EACH) != 0
&& QMGR_TRANSPORT_THROTTLED(transport))
qmgr_transport_unthrottle(transport);
/*
* This transport is dead. Defer delivery to this recipient.
*/
if (QMGR_TRANSPORT_THROTTLED(transport)) {
saved_dsn = transport->dsn;
if ((transport = qmgr_error_transport(MAIL_SERVICE_RETRY)) != 0) {
nexthop = qmgr_error_nexthop(saved_dsn);
vstring_strcpy(reply.nexthop, nexthop);
myfree(nexthop);
queue = 0;
} else {
qmgr_defer_recipient(message, recipient, saved_dsn);
continue;
}
}
/*
* The nexthop destination provides the default name for the
* per-destination queue. When the delivery agent accepts only one
* recipient per delivery, give each recipient its own queue, so that
* deliveries to different recipients of the same message can happen
* in parallel, and so that we can enforce per-recipient concurrency
* limits and prevent one recipient from tying up all the delivery
* agent resources. We use recipient@nexthop as queue name rather
* than the actual recipient domain name, so that one recipient in
* multiple equivalent domains cannot evade the per-recipient
* concurrency limit. Split the address on the recipient delimiter if
* one is defined, so that extended addresses don't get extra
* delivery slots.
*
* Fold the result to lower case so that we don't have multiple queues
* for the same name.
*
* Important! All recipients in a queue must have the same nexthop
* value. It is OK to have multiple queues with the same nexthop
* value, but only when those queues are named after recipients.
*
* The single-recipient code below was written for local(8) like
* delivery agents, and assumes that all domains that deliver to the
* same (transport + nexthop) are aliases for $nexthop. Delivery
* concurrency is changed from per-domain into per-recipient, by
* changing the queue name from nexthop into localpart@nexthop.
*
* XXX This assumption is incorrect when different destinations share
* the same (transport + nexthop). In reality, such transports are
* rarely configured to use single-recipient deliveries. The fix is
* to decouple the per-destination recipient limit from the
* per-destination concurrency.
*/
vstring_strcpy(queue_name, STR(reply.nexthop));
if (strcmp(transport->name, MAIL_SERVICE_ERROR) != 0
&& strcmp(transport->name, MAIL_SERVICE_RETRY) != 0
&& transport->recipient_limit == 1) {
/* Copy the recipient localpart. */
at = strrchr(STR(reply.recipient), '@');
len = (at ? (at - STR(reply.recipient))
: strlen(STR(reply.recipient)));
vstring_strncpy(queue_name, STR(reply.recipient), len);
/* Remove the address extension from the recipient localpart. */
if (*var_rcpt_delim && split_addr(STR(queue_name), var_rcpt_delim))
vstring_truncate(queue_name, strlen(STR(queue_name)));
/* Assume the recipient domain is equivalent to nexthop. */
vstring_sprintf_append(queue_name, "@%s", STR(reply.nexthop));
}
lowercase(STR(queue_name));
/*
* This transport is alive. Find or instantiate a queue for this
* recipient.
*/
if (queue == 0 || !STREQ(queue->name, STR(queue_name))) {
if ((queue = qmgr_queue_find(transport, STR(queue_name))) == 0)
queue = qmgr_queue_create(transport, STR(queue_name),
STR(reply.nexthop));
}
/*
* This message is being flushed. If need-be unthrottle the queue.
*/
if ((message->qflags & QMGR_FLUSH_EACH) != 0
&& QMGR_QUEUE_THROTTLED(queue))
qmgr_queue_unthrottle(queue);
/*
* This queue is dead. Defer delivery to this recipient.
*/
if (QMGR_QUEUE_THROTTLED(queue)) {
saved_dsn = queue->dsn;
if ((queue = qmgr_error_queue(MAIL_SERVICE_RETRY, saved_dsn)) == 0) {
qmgr_defer_recipient(message, recipient, saved_dsn);
continue;
}
}
/*
* This queue is alive. Bind this recipient to this queue instance.
*/
recipient->u.queue = queue;
}
resolve_clnt_free(&reply);
vstring_free(queue_name);
}
void cleanup_out_recipient(CLEANUP_STATE *state,
const char *dsn_orcpt,
int dsn_notify,
const char *orcpt,
const char *recip)
{
ARGV *argv;
char **cpp;
/*
* XXX Not elegant, but eliminates complexity in the record reading loop.
*/
if (!var_enable_orcpt)
orcpt = "";
if (dsn_orcpt == 0)
dsn_orcpt = "";
/*
* Distinguish between different original recipient addresses that map
* onto the same mailbox. The recipient will use our original recipient
* message header to figure things out.
*
* Postfix 2.2 compatibility: when ignoring differences in Postfix original
* recipient information, also ignore differences in DSN attributes. We
* do, however, keep the DSN attributes of the recipient that survives
* duplicate elimination.
*/
#define STREQ(x, y) (strcmp((x), (y)) == 0)
if ((state->flags & CLEANUP_FLAG_MAP_OK) == 0
|| cleanup_virt_alias_maps == 0) {
if ((var_enable_orcpt ?
been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, recip) :
been_here_fixed(state->dups, recip)) == 0) {
if (dsn_notify)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
MAIL_ATTR_DSN_NOTIFY, dsn_notify);
if (*dsn_orcpt)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_DSN_ORCPT, dsn_orcpt);
cleanup_out_string(state, REC_TYPE_ORCP, orcpt);
cleanup_out_string(state, REC_TYPE_RCPT, recip);
state->rcpt_count++;
}
}
/*
* XXX DSN. RFC 3461 gives us three options for multi-recipient aliases
* (we're treating single recipient aliases as a special case of
* multi-recipient aliases, one argument being that it is none of the
* sender's business).
*
* (a) Don't propagate ENVID, NOTIFY, RET, or ORCPT. If NOTIFY specified
* SUCCESS, send a "relayed" DSN.
*
* (b) Propagate ENVID, (NOTIFY minus SUCCESS), RET, and ORCPT. If NOTIFY
* specified SUCCESS, send an "expanded" DSN.
*
* (c) Propagate ENVID, NOTIFY, RET, and ORCPT to one recipient only. Send
* no DSN.
*
* In all three cases we are modifying at least one NOTIFY value. Either we
* have to record explicit dsn_notify records, or we must not allow the
* use of a per-message non-default NOTIFY value that applies to all
* recipient records.
*
* Alternatives (a) and (c) require that we store explicit per-recipient RET
* and ENVID records, at least for the recipients that are excluded from
* RET and ENVID propagation. This means storing explicit ENVID records
* to indicate that the information does not exist. All this makes
* alternative (b) more and more attractive. It is no surprise that we
* use (b) here and in the local delivery agent.
*
* In order to generate a SUCCESS notification from the cleanup server we
* have to write the trace logfile record now. We're NOT going to flush
* the trace file from the cleanup server; if we need to write bounce
* logfile records, and the bounce service fails, we must be able to
* cancel the entire cleanup request including any success or failure
* notifications. The queue manager will flush the trace (and bounce)
* logfile, possibly after it has generated its own success or failure
* notification records.
*
* Postfix 2.2 compatibility: when ignoring differences in Postfix original
* recipient information, also ignore differences in DSN attributes. We
* do, however, keep the DSN attributes of the recipient that survives
* duplicate elimination.
*/
else {
RECIPIENT rcpt;
DSN dsn;
argv = cleanup_map1n_internal(state, recip, cleanup_virt_alias_maps,
cleanup_ext_prop_mask & EXT_PROP_VIRTUAL);
if ((dsn_notify & DSN_NOTIFY_SUCCESS)
&& (argv->argc > 1 || strcmp(recip, argv->argv[0]) != 0)) {
(void) DSN_SIMPLE(&dsn, "2.0.0", "alias expanded");
dsn.action = "expanded";
RECIPIENT_ASSIGN(&rcpt, 0, dsn_orcpt, dsn_notify, orcpt, recip);
cleanup_trace_append(state, &rcpt, &dsn);
dsn_notify = (dsn_notify == DSN_NOTIFY_SUCCESS ? DSN_NOTIFY_NEVER :
dsn_notify & ~DSN_NOTIFY_SUCCESS);
}
for (cpp = argv->argv; *cpp; cpp++) {
if ((var_enable_orcpt ?
been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, *cpp) :
been_here_fixed(state->dups, *cpp)) == 0) {
if (dsn_notify)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
MAIL_ATTR_DSN_NOTIFY, dsn_notify);
if (*dsn_orcpt)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_DSN_ORCPT, dsn_orcpt);
cleanup_out_string(state, REC_TYPE_ORCP, orcpt);
cleanup_out_string(state, REC_TYPE_RCPT, *cpp);
state->rcpt_count++;
}
}
argv_free(argv);
}
}