// send to a list of comma separated addresses
static void rcptto_list(const char *list)
{
char *str = xstrdup(list);
char *s = str;
char prev = 0;
int in_quote = 0;
while (*s) {
char ch = *s++;
if (ch == '"' && prev != '\\') {
in_quote = !in_quote;
} else if (!in_quote && ch == ',') {
s[-1] = '\0';
rcptto(angle_address(str));
str = s;
}
prev = ch;
}
if (prev != ',')
rcptto(angle_address(str));
free(str);
}
void
main(int argc, char **argv)
{
int i, ok, rcvrs;
char *addr, *rv, *trv, *host, *domain;
char **errs;
char hellodomain[256];
String *from, *fromm, *sender;
alarmscale = 60*1000; /* minutes */
quotefmtinstall();
fmtinstall('[', encodefmt);
errs = malloc(argc*sizeof(char*));
reply = s_new();
host = 0;
ARGBEGIN{
case 'a':
tryauth = 1;
if(trysecure == 0)
trysecure = 1;
break;
case 'A': /* autistic: won't talk to us until we talk (Verizon) */
autistic = 1;
break;
case 'b':
if (bustedmx >= Maxbustedmx)
sysfatal("more than %d busted mxs given", Maxbustedmx);
bustedmxs[bustedmx++] = EARGF(usage());
break;
case 'd':
debug = 1;
break;
case 'f':
filter = 1;
break;
case 'g':
gdomain = EARGF(usage());
break;
case 'h':
host = EARGF(usage());
break;
case 'i':
insecure = 1;
break;
case 'p':
alarmscale = 10*1000; /* tens of seconds */
ping = 1;
break;
case 's':
if(trysecure == 0)
trysecure = 1;
break;
case 't':
trysecure = 2;
break;
case 'u':
user = EARGF(usage());
break;
default:
usage();
break;
}ARGEND;
Binit(&berr, 2, OWRITE);
Binit(&bfile, 0, OREAD);
/*
* get domain and add to host name
*/
if(*argv && **argv=='.') {
domain = *argv;
argv++; argc--;
} else
domain = domainname_read();
if(host == 0)
host = sysname_read();
strcpy(hostdomain, domainify(host, domain));
strcpy(hellodomain, domainify(sysname_read(), domain));
/*
* get destination address
*/
if(*argv == 0)
usage();
addr = *argv++; argc--;
farend = addr;
/*
* get sender's machine.
* get sender in internet style. domainify if necessary.
*/
if(*argv == 0)
usage();
sender = unescapespecial(s_copy(*argv++));
argc--;
fromm = s_clone(sender);
rv = strrchr(s_to_c(fromm), '!');
if(rv)
*rv = 0;
else
*s_to_c(fromm) = 0;
from = bangtoat(s_to_c(sender));
/*
* send the mail
*/
if(filter){
Binit(&bout, 1, OWRITE);
rv = data(from, &bfile);
if(rv != 0)
goto error;
exits(0);
}
/* mxdial uses its own timeout handler */
if((rv = connect(addr)) != 0)
exits(rv);
/* 10 minutes to get through the initial handshake */
atnotify(timeout, 1);
alarm(10*alarmscale);
if((rv = hello(hellodomain, 0)) != 0)
goto error;
alarm(10*alarmscale);
if((rv = mailfrom(s_to_c(from))) != 0)
goto error;
ok = 0;
rcvrs = 0;
/* if any rcvrs are ok, we try to send the message */
for(i = 0; i < argc; i++){
if((trv = rcptto(argv[i])) != 0){
/* remember worst error */
if(rv != Giveup)
rv = trv;
errs[rcvrs] = strdup(s_to_c(reply));
removenewline(errs[rcvrs]);
} else {
ok++;
errs[rcvrs] = 0;
}
rcvrs++;
}
/* if no ok rcvrs or worst error is retry, give up */
if(ok == 0 || rv == Retry)
goto error;
if(ping){
quit(0);
exits(0);
}
rv = data(from, &bfile);
if(rv != 0)
goto error;
quit(0);
if(rcvrs == ok)
exits(0);
/*
* here when some but not all rcvrs failed
*/
fprint(2, "%s connect to %s:\n", thedate(), addr);
for(i = 0; i < rcvrs; i++){
if(errs[i]){
syslog(0, "smtp.fail", "delivery to %s at %s failed: %s", argv[i], addr, errs[i]);
fprint(2, " mail to %s failed: %s", argv[i], errs[i]);
}
}
exits(Giveup);
/*
* here when all rcvrs failed
*/
error:
removenewline(s_to_c(reply));
syslog(0, "smtp.fail", "%s to %s failed: %s",
ping ? "ping" : "delivery",
addr, s_to_c(reply));
fprint(2, "%s connect to %s:\n%s\n", thedate(), addr, s_to_c(reply));
if(!filter)
quit(rv);
exits(rv);
}
int sendmail_main(int argc UNUSED_PARAM, char **argv)
{
char *opt_connect = opt_connect;
char *opt_from = NULL;
char *s;
llist_t *list = NULL;
char *host = sane_address(safe_gethostname());
unsigned nheaders = 0;
int code;
enum {
HDR_OTHER = 0,
HDR_TOCC,
HDR_BCC,
} last_hdr = 0;
int check_hdr;
int has_to = 0;
enum {
//--- standard options
OPT_t = 1 << 0, // read message for recipients, append them to those on cmdline
OPT_f = 1 << 1, // sender address
OPT_o = 1 << 2, // various options. -oi IMPLIED! others are IGNORED!
OPT_i = 1 << 3, // IMPLIED!
//--- BB specific options
OPT_w = 1 << 4, // network timeout
OPT_H = 1 << 5, // use external connection helper
OPT_S = 1 << 6, // specify connection string
OPT_a = 1 << 7, // authentication tokens
OPT_v = 1 << 8, // verbosity
};
// init global variables
INIT_G();
// save initial stdin since body is piped!
xdup2(STDIN_FILENO, 3);
G.fp0 = xfdopen_for_read(3);
// parse options
// -v is a counter, -H and -S are mutually exclusive, -a is a list
opt_complementary = "vv:w+:H--S:S--H:a::";
// N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
// -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
// it is still under development.
opts = getopt32(argv, "tf:o:iw:H:S:a::v", &opt_from, NULL,
&timeout, &opt_connect, &opt_connect, &list, &verbose);
//argc -= optind;
argv += optind;
// process -a[upm]<token> options
if ((opts & OPT_a) && !list)
bb_show_usage();
while (list) {
char *a = (char *) llist_pop(&list);
if ('u' == a[0])
G.user = xstrdup(a+1);
if ('p' == a[0])
G.pass = xstrdup(a+1);
// N.B. we support only AUTH LOGIN so far
//if ('m' == a[0])
// G.method = xstrdup(a+1);
}
// N.B. list == NULL here
//bb_info_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
// connect to server
// connection helper ordered? ->
if (opts & OPT_H) {
const char *args[] = { "sh", "-c", opt_connect, NULL };
// plug it in
launch_helper(args);
// Now:
// our stdout will go to helper's stdin,
// helper's stdout will be available on our stdin.
// Wait for initial server message.
// If helper (such as openssl) invokes STARTTLS, the initial 220
// is swallowed by helper (and not repeated after TLS is initiated).
// We will send NOOP cmd to server and check the response.
// We should get 220+250 on plain connection, 250 on STARTTLSed session.
//
// The problem here is some servers delay initial 220 message,
// and consider client to be a spammer if it starts sending cmds
// before 220 reached it. The code below is unsafe in this regard:
// in non-STARTTLSed case, we potentially send NOOP before 220
// is sent by server.
// Ideas? (--delay SECS opt? --assume-starttls-helper opt?)
code = smtp_check("NOOP", -1);
if (code == 220)
// we got 220 - this is not STARTTLSed connection,
// eat 250 response to our NOOP
smtp_check(NULL, 250);
else
if (code != 250)
bb_error_msg_and_die("SMTP init failed");
} else {
// vanilla connection
int fd;
// host[:port] not explicitly specified? -> use $SMTPHOST
// no $SMTPHOST? -> use localhost
if (!(opts & OPT_S)) {
opt_connect = getenv("SMTPHOST");
if (!opt_connect)
opt_connect = (char *)"127.0.0.1";
}
// do connect
fd = create_and_connect_stream_or_die(opt_connect, 25);
// and make ourselves a simple IO filter
xmove_fd(fd, STDIN_FILENO);
xdup2(STDIN_FILENO, STDOUT_FILENO);
// Wait for initial server 220 message
smtp_check(NULL, 220);
}
// we should start with modern EHLO
if (250 != smtp_checkp("EHLO %s", host, -1))
smtp_checkp("HELO %s", host, 250);
// perform authentication
if (opts & OPT_a) {
smtp_check("AUTH LOGIN", 334);
// we must read credentials unless they are given via -a[up] options
if (!G.user || !G.pass)
get_cred_or_die(4);
encode_base64(NULL, G.user, NULL);
smtp_check("", 334);
encode_base64(NULL, G.pass, NULL);
smtp_check("", 235);
}
// set sender
// N.B. we have here a very loosely defined algorythm
// since sendmail historically offers no means to specify secrets on cmdline.
// 1) server can require no authentication ->
// we must just provide a (possibly fake) reply address.
// 2) server can require AUTH ->
// we must provide valid username and password along with a (possibly fake) reply address.
// For the sake of security username and password are to be read either from console or from a secured file.
// Since reading from console may defeat usability, the solution is either to read from a predefined
// file descriptor (e.g. 4), or again from a secured file.
// got no sender address? use auth name, then UID username as a last resort
if (!opt_from) {
opt_from = xasprintf("%s@%s",
G.user ? G.user : xuid2uname(getuid()),
xgethostbyname(host)->h_name);
}
free(host);
smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
// process message
// read recipients from message and add them to those given on cmdline.
// this means we scan stdin for To:, Cc:, Bcc: lines until an empty line
// and then use the rest of stdin as message body
code = 0; // set "analyze headers" mode
while ((s = xmalloc_fgetline(G.fp0)) != NULL) {
dump:
// put message lines doubling leading dots
if (code) {
// escape leading dots
// N.B. this feature is implied even if no -i (-oi) switch given
// N.B. we need to escape the leading dot regardless of
// whether it is single or not character on the line
if ('.' == s[0] /*&& '\0' == s[1] */)
bb_putchar('.');
// dump read line
send_r_n(s);
free(s);
continue;
}
// analyze headers
// To: or Cc: headers add recipients
check_hdr = (0 == strncasecmp("To:", s, 3));
has_to |= check_hdr;
if (opts & OPT_t) {
if (check_hdr || 0 == strncasecmp("Bcc:" + 1, s, 3)) {
rcptto_list(s+3);
last_hdr = HDR_TOCC;
goto addheader;
}
// Bcc: header adds blind copy (hidden) recipient
if (0 == strncasecmp("Bcc:", s, 4)) {
rcptto_list(s+4);
free(s);
last_hdr = HDR_BCC;
continue; // N.B. Bcc: vanishes from headers!
}
}
check_hdr = (list && isspace(s[0]));
if (strchr(s, ':') || check_hdr) {
// other headers go verbatim
// N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
// Continuation is denoted by prefixing additional lines with whitespace(s).
// Thanks (stefan.seyfried at googlemail.com) for pointing this out.
if (check_hdr && last_hdr != HDR_OTHER) {
rcptto_list(s+1);
if (last_hdr == HDR_BCC)
continue;
// N.B. Bcc: vanishes from headers!
} else {
last_hdr = HDR_OTHER;
}
addheader:
// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
goto bail;
llist_add_to_end(&list, s);
} else {
// a line without ":" (an empty line too, by definition) doesn't look like a valid header
// so stop "analyze headers" mode
reenter:
// put recipients specified on cmdline
check_hdr = 1;
while (*argv) {
char *t = sane_address(*argv);
rcptto(t);
//if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
// goto bail;
if (!has_to) {
const char *hdr;
if (check_hdr && argv[1])
hdr = "To: %s,";
else if (check_hdr)
hdr = "To: %s";
else if (argv[1])
hdr = "To: %s," + 3;
else
hdr = "To: %s" + 3;
llist_add_to_end(&list,
xasprintf(hdr, t));
check_hdr = 0;
}
argv++;
}
// enter "put message" mode
// N.B. DATA fails iff no recipients were accepted (or even provided)
// in this case just bail out gracefully
if (354 != smtp_check("DATA", -1))
goto bail;
// dump the headers
while (list) {
send_r_n((char *) llist_pop(&list));
}
// stop analyzing headers
code++;
// N.B. !s means: we read nothing, and nothing to be read in the future.
// just dump empty line and break the loop
if (!s) {
send_r_n("");
break;
}
// go dump message body
// N.B. "s" already contains the first non-header line, so pretend we read it from input
goto dump;
}
}
// odd case: we didn't stop "analyze headers" mode -> message body is empty. Reenter the loop
// N.B. after reenter code will be > 0
if (!code)
goto reenter;
// finalize the message
smtp_check(".", 250);
bail:
// ... and say goodbye
smtp_check("QUIT", 221);
// cleanup
if (ENABLE_FEATURE_CLEAN_UP)
fclose(G.fp0);
return EXIT_SUCCESS;
}
int sendmail_main(int argc UNUSED_PARAM, char **argv)
{
char *opt_connect = opt_connect;
char *opt_from;
char *s;
llist_t *list = NULL;
char *domain = sane_address(safe_getdomainname());
int code;
enum {
//--- standard options
OPT_t = 1 << 0, // read message for recipients, append them to those on cmdline
OPT_f = 1 << 1, // sender address
OPT_o = 1 << 2, // various options. -oi IMPLIED! others are IGNORED!
//--- BB specific options
OPT_w = 1 << 3, // network timeout
OPT_H = 1 << 4, // use external connection helper
OPT_S = 1 << 5, // specify connection string
OPT_a = 1 << 6, // authentication tokens
};
// init global variables
INIT_G();
// save initial stdin since body is piped!
xdup2(STDIN_FILENO, 3);
G.fp0 = fdopen(3, "r");
// parse options
// -f is required. -H and -S are mutually exclusive
opt_complementary = "f:w+:H--S:S--H:a::";
// N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
// -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
// it is still under development.
opts = getopt32(argv, "tf:o:w:H:S:a::", &opt_from, NULL, &timeout, &opt_connect, &opt_connect, &list);
//argc -= optind;
argv += optind;
// process -a[upm]<token> options
if ((opts & OPT_a) && !list)
bb_show_usage();
while (list) {
char *a = (char *) llist_pop(&list);
if ('u' == a[0])
G.user = xstrdup(a+1);
if ('p' == a[0])
G.pass = xstrdup(a+1);
// N.B. we support only AUTH LOGIN so far
//if ('m' == a[0])
// G.method = xstrdup(a+1);
}
// N.B. list == NULL here
//bb_info_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
// connect to server
// connection helper ordered? ->
if (opts & OPT_H) {
const char *args[] = { "sh", "-c", opt_connect, NULL };
// plug it in
launch_helper(args);
// vanilla connection
} else {
int fd;
// host[:port] not explicitly specified? -> use $SMTPHOST
// no $SMTPHOST ? -> use localhost
if (!(opts & OPT_S)) {
opt_connect = getenv("SMTPHOST");
if (!opt_connect)
opt_connect = (char *)"127.0.0.1";
}
// do connect
fd = create_and_connect_stream_or_die(opt_connect, 25);
// and make ourselves a simple IO filter
xmove_fd(fd, STDIN_FILENO);
xdup2(STDIN_FILENO, STDOUT_FILENO);
}
// N.B. from now we know nothing about network :)
// wait for initial server OK
// N.B. if we used openssl the initial 220 answer is already swallowed during openssl TLS init procedure
// so we need to kick the server to see whether we are ok
code = smtp_check("NOOP", -1);
// 220 on plain connection, 250 on openssl-helped TLS session
if (220 == code)
smtp_check(NULL, 250); // reread the code to stay in sync
else if (250 != code)
bb_error_msg_and_die("INIT failed");
// we should start with modern EHLO
if (250 != smtp_checkp("EHLO %s", domain, -1)) {
smtp_checkp("HELO %s", domain, 250);
}
if (ENABLE_FEATURE_CLEAN_UP)
free(domain);
// perform authentication
if (opts & OPT_a) {
smtp_check("AUTH LOGIN", 334);
// we must read credentials unless they are given via -a[up] options
if (!G.user || !G.pass)
get_cred_or_die(4);
encode_base64(NULL, G.user, NULL);
smtp_check("", 334);
encode_base64(NULL, G.pass, NULL);
smtp_check("", 235);
}
// set sender
// N.B. we have here a very loosely defined algotythm
// since sendmail historically offers no means to specify secrets on cmdline.
// 1) server can require no authentication ->
// we must just provide a (possibly fake) reply address.
// 2) server can require AUTH ->
// we must provide valid username and password along with a (possibly fake) reply address.
// For the sake of security username and password are to be read either from console or from a secured file.
// Since reading from console may defeat usability, the solution is either to read from a predefined
// file descriptor (e.g. 4), or again from a secured file.
// got no sender address? -> use system username as a resort
// N.B. we marked -f as required option!
//if (!G.user) {
// // N.B. IMHO getenv("USER") can be way easily spoofed!
// G.user = xuid2uname(getuid());
// opt_from = xasprintf("%s@%s", G.user, domain);
//}
//if (ENABLE_FEATURE_CLEAN_UP)
// free(domain);
smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
// process message
// read recipients from message and add them to those given on cmdline.
// this means we scan stdin for To:, Cc:, Bcc: lines until an empty line
// and then use the rest of stdin as message body
code = 0; // set "analyze headers" mode
while ((s = xmalloc_fgetline(G.fp0)) != NULL) {
// put message lines doubling leading dots
if (code) {
// escape leading dots
// N.B. this feature is implied even if no -i (-oi) switch given
// N.B. we need to escape the leading dot regardless of
// whether it is single or not character on the line
if ('.' == s[0] /*&& '\0' == s[1] */)
printf(".");
// dump read line
printf("%s\r\n", s);
free(s);
continue;
}
// analyze headers
// To: or Cc: headers add recipients
if (0 == strncasecmp("To: ", s, 4) || 0 == strncasecmp("Bcc: " + 1, s, 4)) {
rcptto(sane_address(s+4));
// goto addh;
llist_add_to_end(&list, s);
// Bcc: header adds blind copy (hidden) recipient
} else if (0 == strncasecmp("Bcc: ", s, 5)) {
rcptto(sane_address(s+5));
free(s);
// N.B. Bcc: vanishes from headers!
// other headers go verbatim
} else if (s[0]) {
// addh:
llist_add_to_end(&list, s);
// the empty line stops analyzing headers
} else {
free(s);
// put recipients specified on cmdline
while (*argv) {
s = sane_address(*argv);
rcptto(s);
llist_add_to_end(&list, xasprintf("To: %s", s));
argv++;
}
// enter "put message" mode
smtp_check("DATA", 354);
// dump the headers
while (list) {
printf("%s\r\n", (char *) llist_pop(&list));
}
printf("%s\r\n" + 2); // quirk for format string to be reused
// stop analyzing headers
code++;
}
}
// finalize the message
smtp_check(".", 250);
// ... and say goodbye
smtp_check("QUIT", 221);
// cleanup
if (ENABLE_FEATURE_CLEAN_UP)
fclose(G.fp0);
return EXIT_SUCCESS;
}
