d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import sendmail 8.15.1

Browse Source
This commit is contained in:
Gregory Neil Shapiro 2014-12-12 04:10:50 +00:00
parent 4a67213fda
commit ba87e25c2e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/sendmail/dist/; revision=275719
svn path=/vendor/sendmail/8.15.1/; revision=275720; tag=vendor/sendmail/8.15.1
79 changed files with 16984 additions and 10380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
FAQ
View File

@ -1,8 +1,4 @@
The FAQ is no longer maintained with the sendmail release. It is
available at http://www.sendmail.org/faq/ .
A plain-text version of the questions only, with URLs referring to
the answers, is posted to comp.mail.sendmail on the 10th and 25th
of each month.
$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $
$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $

5
INSTALL
View File

@ -28,8 +28,9 @@ sendmail/SECURITY for more installation information.
/etc/mail/submit.cf. This can be done in the cf/cf by using
"sh ./Build install-cf".
Please read sendmail/SECURITY before continuing; you have to create a
new user smmsp and a new group smmsp for the default installation.
Please read sendmail/SECURITY before continuing; you may have to create
a new user smmsp and a new group smmsp for the default installation
if you are updating from a really old version.
Then install the sendmail binary built in step 3 by cd-ing back to
sendmail/ and running "sh ./Build install".

13
KNOWNBUGS
View File

@ -62,9 +62,9 @@ This list is not guaranteed to be complete.
libmilter and hence the communication fails. This can be avoided by
increasing the constant MILTER_CHUNK_SIZE in
include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
all (statically linked) milters (or by using an undocumented compile
time option: _FFR_MAXDATASIZE; you have to read the source code in
order to use this properly).
all (statically linked) milters (or by using undocumented compile
time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
read the source code in order to use these properly).
* Sender addresses whose domain part cause a temporary A record lookup
failure but have a valid MX record will be temporarily rejected in
@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon
Header addresses that have the \231 character (and possibly others
in the range \201 - \237) behave in odd and usually unexpected ways.
* AuthRealm for Cyrus SASL may not work as expected. The man page
and the actual usage for sasl_server_new() seem to differ.
Feedback for the "correct" usage is welcome, a patch to match
the description of the man page is in contrib/AuthRealm.p0.
* accept() problem on SVR4.
Apparently, the sendmail daemon loop (doing accept()s on the network)
@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon
* Race condition for delivery to set-user-ID files
Sendmail will deliver to a fail if the file is owned by the DefaultUser
Sendmail will deliver to a file if the file is owned by the DefaultUser
or has the set-user-ID bit set. Unfortunately, some systems clear that bit
when a file is modified. Sendmail compensates by resetting the file mode
back to it's original settings. Unfortunately, there's still a

22
README
View File

@ -211,29 +211,11 @@ There are other files you should read. Rooted in this directory are:
+--------------+
There are several related RFCs that you may wish to read -- they are
available via anonymous FTP to several sites. For a list of the
primary repositories see:
http://www.isi.edu/in-notes/rfc-retrieval.txt
They are also online at:
available from several sites, see
http://www.rfc-editor.org/
http://www.ietf.org/
They can also be retrieved via electronic mail by sending
email to one of:
mail-server@nisc.sri.com
Put "send rfcNNN" in message body
nis-info@nis.nsf.net
Put "send RFCnnn.TXT-1" in message body
sendrfc@jvnc.net
Put "RFCnnn" as Subject: line
For further instructions see:
http://www.isi.edu/in-notes/rfc-editor/rfc-info
Important RFCs for electronic mail are:
RFC821 SMTP protocol

124
RELEASE_NOTES
View File

@ -5,6 +5,124 @@ This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.15.1/8.15.1 2014/12/06
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
If header rewriting fails due to a temporary map lookup failure,
queue the mail for later retry instead of sending it
without rewriting the header. Note: this is done
while the mail is being sent and hence the transaction
is aborted, which only works for SMTP/LMTP mailers
hence the handling of temporary map failures is
suppressed for other mailers. SMTP/LMTP servers may
complain about aborted transactions when this problem
occurs.
See also "DNS Lookups" in sendmail/TUNING.
Incompatible Change: Use uncompressed IPv6 addresses by default,
i.e., they will not contain "::". For example,
instead of ::1 it will be 0:0:0:0:0:0:0:1. This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
This change requires that configuration data
(including maps, files, classes, custom ruleset,
etc) must use the same format, so make certain such
configuration data is updated before using 8.15.
As a very simple check search for patterns like
'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
the prior format can be retained by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
in your devtools/Site/site.config.m4 file.
If debugging is turned on (-d0.14) also print the OpenSSL
versions, both build time and run time
(provided STARTTLS is compiled in).
If a connection to the MTA is dropped by the client before its
hostname can be validated, treat it as "may be forged",
so that the unvalidated hostname is not passed to a
milter in xxfi_connect().
Add a timeout for communication with socket map servers
which can be specified using the -d option.
Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
numeric logins even if HESIOD is enabled.
The new option CertFingerprintAlgorithm specifies the finger-
print algorithm (digest) to use for the presented cert.
If the option is not set, md5 is used and the macro
{cert_md5} contains the cert fingerprint.
However, if the option is set, the specified algorithm
(e.g., sha1) is used and the macro {cert_fp} contains
the cert fingerprint.
That is, as long as the option is not set, the behaviour
does not change, but otherwise, {cert_md5} is superseded
by {cert_fp} even if you set CertFingerprintAlgorithm
to md5.
The options ServerSSLOptions and ClientSSLOptions can be used
to set SSL options for the server and client side
respectively. See SSL_CTX_set_options(3) for a list.
Note: this change turns on SSL_OP_NO_SSLv2 and
SSL_OP_NO_TICKET for the client. See doc/op/op.me
for details.
The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values.
Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
if a CRLFfile is in use (and LogLevel is 14 or higher.)
Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3.
Properly set {client_port} value on little endian machines.
Patch from Kelsey Cummings of Sonic.net.
Per RFC 3848, indicate in the Received: header whether SSL or
SMTP AUTH was negotiated by setting the protocol clause
to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
If the 'C' flag is listed as TLSSrvOptions the requirement for the
TLS server to have a cert is removed. This only works
under very specific circumstances and should only be used
if the consequences are understood, e.g., clients
may not work with a server using this.
The options ClientCertFile, ClientKeyFile, ServerCertFile, and
ServerKeyFile can take a second file name, which must be
separated from the first with a comma (note: do not use
any spaces) to set up a second cert/key pair. This can
be used to have certs of different types, e.g., RSA
and DSA.
A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa.
New operation mode 'C' just checks the configuration file, e.g.,
sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf.
The mailer flag 'I' is deprecated and will be removed in a
future version.
Allow local (not just TCP) socket connections to the server, e.g.,
O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
can be used.
If the new option MaxQueueAge is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached which
is doubled for each attempt. The maximum retry time is
limited by the specified value.
New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
to relax requirement for DefaultAuthInfo file.
Reset timeout after receiving a message to appropriate value if
STARTTLS is in use. Based on patch by Kelsey Cummings
of Sonic.net.
Report correct error messages from the LDAP library for a range of
small negative return values covering those used by OpenLDAP.
Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
Allan E Johannesen of Worcester Polytechnic Institute.
CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
nospecial which describes whether to disallow "%" in the
local part of an address.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
LIBMILTER: Mark communication socket as close-on-exec in case
a user's filter starts other applications.
Based on patch from Paul Howarth.
Portability:
SunOS 5.12 has changed the API for sigwait(2) to conform
with XPG7. Based on patch from Roger Faulkner of Oracle.
Deleted Files:
libsm/path.c
8.14.9/8.14.9 2014/05/21
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
@ -681,7 +799,7 @@ summary of the changes in that release.
LIBMILTER: The "hostname" argument of the xxfi_connect() callback
previously was the equivalent of {client_ptr}. However,
this did not match the documentation of the function, hence
it has been changed to {client_name}. See doc/op/op.*
it has been changed to {client_name}. See doc/op/op.me
about these macros.
8.13.7/8.13.7 2006/06/14
@ -3509,11 +3627,11 @@ summary of the changes in that release.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
cf/README and doc/op/op.me.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
in cf/README and doc/op/op.me.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which

59
cf/README
View File

@ -397,6 +397,10 @@ SMTP_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to one of
the SMTP mailers and which are converted to MIME will
be labeled with this character set.
RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data
that ARRIVE from an address that resolves to the
relay mailers and which are converted to MIME will
be labeled with this character set.
SMTP_MAILER_LL [990] The maximum line length for SMTP mailers
(except the relay mailer).
RELAY_MAILER_LL [2040] The maximum line length for the relay mailer.
@ -743,6 +747,16 @@ nouucp Don't route UUCP addresses. This feature takes one
2. don't remove "!" from OperatorChars if `reject' is
given as parameter.
nopercenthack Don't treat % as routing character. This feature takes one
parameter:
`reject': reject addresses which have % in the local
part unless it originates from a system
that is allowed to relay.
`nospecial': don't do anything special with %.
Warnings: 1. See the notice in the anti-spam section.
2. Don't remove % from OperatorChars if `reject' is
given as parameter.
nocanonify Don't pass addresses to $[ ... $] for canonification
by default, i.e., host/domain names are considered canonical,
except for unqualified names, which must not be used in this
@ -2442,17 +2456,19 @@ should only be used for sites which have no control over the addresses
that they provide a gateway for. Use this FEATURE with caution as it
can allow spammers to relay through your server if not setup properly.
NOTICE: It is possible to relay mail through a system which the anti-relay
rules do not prevent: the case of a system that does use FEATURE(`nouucp',
`nospecial') (system A) and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use
FEATURE(`nouucp') at all, addresses of the form
<example.net!user@local.host> would be relayed to <user@example.net>.
System A doesn't recognize `!' as an address separator and therefore
forwards it to the mail hub which in turns relays it because it came from
a trusted local host. So if a mailserver allows UUCP (bang-format)
addresses, all systems from which it allows relaying should do the same
or reject those addresses.
NOTICE: It is possible to relay mail through a system which the
anti-relay rules do not prevent: the case of a system that does use
FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial')
(system A) and relays local messages to a mail hub (e.g., via
LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the
same feature (nouucp / nopercenthack) at all, addresses of the form
<example.net!user@local.host> / <user%example.net@local.host>
would be relayed to <user@example.net>.
System A doesn't recognize `!' / `%' as an address separator and
therefore forwards it to the mail hub which in turns relays it
because it came from a trusted local host. So if a mailserver
allows UUCP (bang-format) / %-hack addresses, all systems from which
it allows relaying should do the same or reject those addresses.
As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
an unresolvable domain (i.e., one that DNS, your local name service,
@ -3990,6 +4006,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] Cost of each delivery attempt.
confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm:
Priority, Host, Filename, Random,
Modification, or Time.
confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater
than zero, entries in the queue
will be retried during a queue run
only if the individual retry time
has been reached which is doubled
for each attempt. The maximum retry
time is limited by the specified value.
confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job
must sit in the queue between queue
runs. This allows you to set the
@ -4208,7 +4231,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSAPI KERBEROS_V4 DIGEST-MD5
confAUTH_REALM AuthRealm [undefined] The authentication realm
that is passed to the Cyrus SASL
library. If no realm is specified,
$j is used.
$j is used. See KNOWNBUGS.
confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains
authentication information for
outgoing connections. This file must
@ -4241,6 +4264,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If this option is 'V' no client
verification is performed, i.e.,
the server doesn't ask for a
certificate.
confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related
options for server side. See
SSL_CTX_set_options(3) for a list.
confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related
options for client side. See
SSL_CTX_set_options(3) for a list.
confCIPHER_LIST CipherList [undefined] Cipher list for TLS.
See ciphers(1) for possible values.
confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map
specification for LDAP maps. The
value should only contain LDAP
@ -4281,6 +4312,10 @@ confRAND_FILE RandFile [undefined] File containing random
requires this option if the compile
flag HASURANDOM is not set (see
sendmail/README).
confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm
[undefined] The fingerprint algorithm
(digest) to use for the presented
cert.
confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of
queue runners is set the given value
(nice(3)).

23
cf/cf/generic-bsd4.4.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -122,7 +122,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -509,6 +512,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -532,6 +541,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -539,6 +550,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-hpux10.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-hpux9.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-linux.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -127,7 +127,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -264,6 +264,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -514,6 +517,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -537,6 +546,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -544,6 +555,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -656,6 +669,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -788,6 +802,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -825,6 +840,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-mpeix.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-nextstep3.3.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:51 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -122,7 +122,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -509,6 +512,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -532,6 +541,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -539,6 +550,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-osf1.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-solaris.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -122,7 +122,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -259,6 +259,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -509,6 +512,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -532,6 +541,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -539,6 +550,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -651,6 +664,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -783,6 +797,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -820,6 +835,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-sunos4.1.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/generic-ultrix4.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -123,7 +123,7 @@ DnMAILER-DAEMON
CPREDIRECT
# Configuration version number
DZ8.14.9
DZ8.15.1
###############
@ -260,6 +260,9 @@ O PrivacyOptions=authwarnings
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -510,6 +513,12 @@ O MaxHeadersLength=32768
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -533,6 +542,8 @@ O MaxHeadersLength=32768
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -540,6 +551,8 @@ O MaxHeadersLength=32768
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -652,6 +665,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -784,6 +798,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -821,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

23
cf/cf/submit.cf
View File

@ -16,8 +16,8 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014
##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf
##### built by ca@sandman.dev-lab.sendmail.com on Tue Dec 2 16:21:20 PST 2014
##### in /x/ca/sm8.git/sendmail/OpenSource/sendmail-8.15.1/cf/cf
##### using ../ as configuration include directory
#####
######################################################################
@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
# Configuration version number
DZ8.14.9/Submit
DZ8.15.1/Submit
###############
@ -251,6 +251,9 @@ O PrivacyOptions=goaway,noetrn,restrictqrun
# minimum time in queue before retry
#O MinQueueAge=30m
# maximum time in queue before retry (if > 0; only for exponential delay)
#O MaxQueueAge
# how many jobs can you process in the queue?
#O MaxQueueRunSize=0
@ -501,6 +504,12 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
# SMTP STARTTLS server options
#O TLSSrvOptions
# SSL cipherlist
#O CipherList
# server side SSL options
#O ServerSSLOptions
# client side SSL options
#O ClientSSLOptions
# Input mail filters
#O InputMailFilters
@ -524,6 +533,8 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile
# fingerprint algorithm (digest) to use for the presented cert
#O CertFingerprintAlgorithm
# Maximum number of "useless" commands before slowing down
#O MaxNOOPCommands=20
@ -531,6 +542,8 @@ O PidFile=/var/spool/clientmqueue/sm-client.pid
# Name to use for EHLO (defaults to $j)
#O HeloName
############################
# QUEUE GROUP DEFINITIONS #
############################
@ -647,6 +660,7 @@ R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -781,6 +795,7 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -818,6 +833,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain
R$=L $#local $: @ $1 special local names
R$+ $#local $: $1 regular local names
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################

90
cf/feature/bcc.m4 Normal file
View File

@ -0,0 +1,90 @@
divert(-1)
#
# Copyright (c) 2014 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(-1)
# Arguments:
# 1: Map to use
# - empty/none: default map bcctable
# - `access': to use access_db (with bcc: as tag)
# - map definition
# The map contains domain names and the RHS should be simply "ok".
# If the access map is used, then its lookup algorithm is used.
# Otherwise:
# domain ok
# matches anything@domain
# .domain ok
# matches any subdomain, e.g., l@sub.domain and l@sub.dom.domain
# On a match, the original address will be used as bcc address unless
# argument 3 is set.
# 2: Name of host ([mailer:]host)
# 3: Default bcc address: if set, this will be always used.
# Only one of 2/3 can be empty.
# Note: if Bcc address is used then only one copy will be sent!
# (due to duplicate elimination)
# 4: Map definition for canonicalRcpt map of address rewriting to
# apply to the added bcc envelope recipients.
# The option -T<TMPF> is required to handle temporary map failures.
#
# The ruleset must return either
# - an e-mail address (user@dom.ain) which is then added as "bcc" recipient.
# - an empty string: do not add a "bcc" recipient, or
# - $#error: fail the SMTP transaction (e.g., temporary lookup failure)
#
# This feature sets O AddBcc=true
ifelse(lower(_ARG_),`access',`define(`_BCC_ACCESS_', `1')')
define(`_ADD_BCC_', `1')
ifdef(`_BCC_ACCESS_', `dnl
ifdef(`_ACCESS_TABLE_', `',
`errprint(`*** ERROR: FEATURE(`bcc') requires FEATURE(`access_db')
')')')
ifdef(`_BCC_ACCESS_', `', `
LOCAL_CONFIG
Kbcctable ifelse(defn(`_ARG_'), `', DATABASE_MAP_TYPE MAIL_SETTINGS_DIR`bcctable', `_ARG_')')
LOCAL_CONFIG
O AddBcc=true
ifelse(len(X`'_ARG2_),`1', `', `
DA`'_ARG2_')
ifelse(len(X`'_ARG4_), `1', `',
`define(`_CANONIFY_BCC_', `1')dnl
define(`_NEED_SMTPOPMODES_', `1')dnl
# canonical address look up for AddBcc recipients
KcanonicalRcpt _ARG4_
')dnl
LOCAL_RULESETS
Sbcc
R< $+ > $1
ifdef(`_BCC_ACCESS_', `dnl
R$+ @ $+ $: $1@$2 $| $>SearchList <! bcc> $| <D:$2> <>',
`R$+ @ $+ $: $1@$2 $| $>BCC $2')
R$* $| <?> $@
R$* $| $* $: ifelse(len(X`'_ARG3_),`1', `$1', `_ARG3_')
ifdef(`_CANONIFY_BCC_', `dnl
R$+ @ $+ $: $1@$2 $| <$(canonicalRcpt $1 @ $2 $: $)>
R$* $| <> $@
R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $| <$+> $@ $2 map matched?
')
ifdef(`_BCC_ACCESS_', `', `
SBCC
R$+ $: $1 < $(bcctable $1 $: ? $) >
R$- . $+ <?> $: $2 < $(bcctable .$2 $: ? $) >
R$- . $+ <?> $: $>BCC $2
R$* <$*> $: <$2>
')

2
cf/feature/ldap_routing.m4
View File

@ -35,6 +35,8 @@ ifelse(len(X`'_ARG6_), `1', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')',
_ARG6_, `tempfail', `define(`_LDAP_ROUTE_MAPTEMP_', `_TEMPFAIL_')',
_ARG6_, `queue', `define(`_LDAP_ROUTE_MAPTEMP_', `_QUEUE_')')
define(`_NEED_SMTPOPMODES_', `1')
LOCAL_CONFIG
# LDAP routing maps
Kldapmh ifelse(len(X`'_ARG1_), `1',

27
cf/feature/nopercenthack.m4 Normal file
View File

@ -0,0 +1,27 @@
divert(-1)
#
# Copyright (c) 1998, 1999 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(0)
VERSIONID(`$Id: nopercenthack.m4,v 8.14 2013/01/31 15:07:00 ca Exp $')
divert(-1)
ifelse(defn(`_ARG_'), `',
`errprint(`*** ERROR: missing argument for FEATURE(nopercenthack):
use `reject' or `nospecial'. See cf/README.
')define(`_NO_PERCENTHACK_', `e')',
substr(_ARG_,0,1), `r', `define(`_NO_PERCENTHACK_', `r')',
substr(_ARG_,0,1), `n', `define(`_NO_PERCENTHACK_', `n')',
`errprint(`*** ERROR: illegal argument _ARG_ for FEATURE(nopercenthack)
')
')

24
cf/feature/prefixmod.m4 Normal file
View File

@ -0,0 +1,24 @@
divert(-1)
#
# Copyright (c) 2014 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#
divert(-1)
# Arguments:
# 1: prefix to match; must be one or more tokens
# (this is not a "substring" match)
# 2: flags to set
# NYI: 3: replacement for 1 (empty for now)
ifelse(defn(`_ARG_'), `', `errprint(`Feature "prefixmod" requires argument')',
`define(`_PREFIX_MOD_', _ARG_)')
ifelse(len(X`'_ARG2_),`1', `errprint(`Feature "prefixmod" requires two arguments')',
`define(`_PREFIX_FLAGS_', _ARG2_)')
define(`_NEED_MACRO_MAP_', `1')

37
cf/hack/xconnect.m4 Normal file
View File

@ -0,0 +1,37 @@
divert(-1)
#
# Copyright (c) 1998-2011 Proofpoint, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)
VERSIONID(`$Id: xconnect.m4,v 1.3 2013-11-22 20:51:13 ca Exp $')
divert(-1)
ifdef(`_ACCESS_TABLE_', `dnl
LOCAL_RULESETS
#
# x_connect ruleset for looking up XConnect: tag in access DB to enable
# XCONNECT support in MTA
#
Sx_connect
dnl workspace: {client_name} $| {client_addr}
R$+ $| $+ $: $>D < $1 > <?> <! XConnect> < $2 >
dnl workspace: <result-of-lookup> <{client_addr}>
dnl OR $| $+ if client_name is empty
R $| $+ $: $>A < $1 > <?> <! XConnect> <> empty client_name
dnl workspace: <result-of-lookup> <{client_addr}>
R<?> <$+> $: $>A < $1 > <?> <! XConnect> <> no: another lookup
dnl workspace: <result-of-lookup> (<>|<{client_addr}>)
R<?> <$*> $# no found nothing
dnl workspace: <result-of-lookup> (<>|<{client_addr}>) | OK
R<$+> <$*> $@ yes found in access DB',
`errprint(`*** ERROR: HACK(xconnect) requires FEATURE(access_db)
')')

41
cf/m4/proto.m4
View File

@ -149,7 +149,7 @@ DL`'LUSER_RELAY',
`dnl')
# operators that cannot be in local usernames (i.e., network indicators)
CO @ % ifdef(`_NO_UUCP_', `', `!')
CO @ ifdef(`_NO_PERCENTHACK_', `', `%') ifdef(`_NO_UUCP_', `', `!')
# a class with just dot (for identifying canonical names)
C..
@ -387,6 +387,9 @@ _OPTION(QueueSortOrder, `confQUEUE_SORT_ORDER', `priority')
# minimum time in queue before retry
_OPTION(MinQueueAge, `confMIN_QUEUE_AGE', `30m')
# maximum time in queue before retry (if > 0; only for exponential delay)
_OPTION(MaxQueueAge, `confMAX_QUEUE_AGE', `')
# how many jobs can you process in the queue?
_OPTION(MaxQueueRunSize, `confMAX_QUEUE_RUN_SIZE', `0')
@ -641,6 +644,12 @@ _OPTION(AuthMaxBits, `confAUTH_MAX_BITS', `')
# SMTP STARTTLS server options
_OPTION(TLSSrvOptions, `confTLS_SRV_OPTIONS', `')
# SSL cipherlist
_OPTION(CipherList, `confCIPHER_LIST', `')
# server side SSL options
_OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `')
# client side SSL options
_OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `')
# Input mail filters
_OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `')
@ -674,6 +683,8 @@ _OPTION(CRLFile, `confCRL', `')
_OPTION(DHParameters, `confDH_PARAMETERS', `')
# Random data source (required for systems without /dev/urandom under OpenSSL)
_OPTION(RandFile, `confRAND_FILE', `')
# fingerprint algorithm (digest) to use for the presented cert
_OPTION(CertFingerprintAlgorithm, `confCERT_FINGERPRINT_ALGORITHM', `')
# Maximum number of "useless" commands before slowing down
_OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
@ -681,6 +692,10 @@ _OPTION(MaxNOOPCommands, `confMAX_NOOP_COMMANDS', `20')
# Name to use for EHLO (defaults to $j)
_OPTION(HeloName, `confHELO_NAME')
ifdef(`_NEED_SMTPOPMODES_', `dnl
# SMTP operation modes
C{SMTPOpModes} s d D')
############################
`# QUEUE GROUP DEFINITIONS #'
############################
@ -808,10 +823,12 @@ R$- :: $+ $@ $>Canonify2 $2 < @ $1 .DECNET > resolve DECnet names
R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1.$2 .DECNET > numeric DECnet addr
',
`dnl')
# if we have % signs, take the rightmost one
ifdef(`_NO_PERCENTHACK_', `dnl',
`# if we have % signs, take the rightmost one
R$* % $* $1 @ $2 First make them all @s.
R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last.
R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish
')
# else we must be a local name
R$* $@ $>Canonify2 $1
@ -1036,6 +1053,13 @@ R$* $=O $* < @ *LOCAL* >
$@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ...
R$* < @ *LOCAL* > $: $1
ifdef(`_ADD_BCC_', `dnl
R$+ $: $>ParseBcc $1', `dnl')
ifdef(`_PREFIX_MOD_', `dnl
dnl do this only for addr_type=e r?
R _PREFIX_MOD_ $+ $: $1 $(macro {rcpt_flags} $@ _PREFIX_FLAGS_ $)
')dnl
#
# Parse1 -- the bottom half of ruleset 0.
#
@ -1198,6 +1222,13 @@ ifdef(`_MAILER_smtp_',
R$=L $#_LOCAL_ $: @ $1 special local names
R$+ $#_LOCAL_ $: $1 regular local names
ifdef(`_ADD_BCC_', `dnl
SParseBcc
R$+ $: $&{addr_type} $| $&A $| $1
Re b $| $+ $| $+ $>MailerToTriple < $1 > $2 copy?
R$* $| $* $| $+ $@ $3 no copy
')
###########################################################################
### Ruleset 5 -- special rewriting after aliases have been expanded ###
###########################################################################
@ -1457,9 +1488,6 @@ ifdef(`_LDAP_ROUTING_', `dnl
### Parsed address (user < @ domain . >)
######################################################################
# SMTP operation modes
C{SMTPOpModes} s d D
SLDAPExpand
# do the LDAP lookups
R<$+><$+><$*> $: <$(ldapmra $2 $: $)> <$(ldapmh $2 $: $)> <$1> <$2> <$3>
@ -2137,6 +2165,9 @@ dnl workspace: localpart<@domain> | localpart
ifelse(defn(`_NO_UUCP_'), `r',
`R$* ! $* < @ $* > $: <REMOTE> $2 < @ BANG_PATH >
R$* ! $* $: <REMOTE> $2 < @ BANG_PATH >', `dnl')
ifelse(defn(`_NO_PERCENTHACK_'), `r',
`R$* % $* < @ $* > $: <REMOTE> $1 < @ PERCENT_HACK >
R$* % $* $: <REMOTE> $1 < @ PERCENT_HACK >', `dnl')
# anything terminating locally is ok
ifdef(`_RELAY_ENTIRE_DOMAIN_', `dnl
R$+ < @ $* $=m > $@ RELAY', `dnl')

4
cf/m4/version.m4
View File

@ -11,8 +11,8 @@ divert(-1)
# the sendmail distribution.
#
#
VERSIONID(`$Id: version.m4,v 8.236 2013-11-27 00:38:51 ca Exp $')
VERSIONID(`$Id: version.m4,v 8.237 2014-01-27 12:55:17 ca Exp $')
#
divert(0)
# Configuration version number
DZ8.14.9`'ifdef(`confCF_VERSION', `/confCF_VERSION')
DZ8.15.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')

44
contrib/AuthRealm.p0 Normal file
View File

@ -0,0 +1,44 @@
Patch from John Marshall (slightly modified).
diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
index 7dba983..bf804ab 100644
--- a/sendmail/srvrsmtp.c
+++ b/sendmail/srvrsmtp.c
@@ -84,7 +84,7 @@ static int reset_saslconn __P((sasl_conn_t **_conn, char *_hostname,
# define RESET_SASLCONN \
do \
{ \
- result = reset_saslconn(&conn, AuthRealm, remoteip, \
+ result = reset_saslconn(&conn, hostname, remoteip, \
localip, auth_id, &ext_ssf); \
if (result != SASL_OK) \
sasl_ok = false; \
@@ -938,8 +938,6 @@ smtp(nullserver, d_flags, e)
e->e_features = features;
hostname = macvalue('j', e);
#if SASL
- if (AuthRealm == NULL)
- AuthRealm = hostname;
sasl_ok = bitset(SRV_OFFER_AUTH, features);
n_mechs = 0;
authenticating = SASL_NOT_AUTH;
@@ -948,8 +946,8 @@ smtp(nullserver, d_flags, e)
if (sasl_ok)
{
# if SASL >= 20000
- result = sasl_server_new("smtp", AuthRealm, NULL, NULL, NULL,
- NULL, 0, &conn);
+ result = sasl_server_new("smtp", hostname, AuthRealm, NULL,
+ NULL, NULL, 0, &conn);
# elif SASL > 10505
/* use empty realm: only works in SASL > 1.5.5 */
result = sasl_server_new("smtp", AuthRealm, "", NULL, 0, &conn);
@@ -5392,7 +5390,7 @@ reset_saslconn(sasl_conn_t **conn, char *hostname,
sasl_dispose(conn);
# if SASL >= 20000
- result = sasl_server_new("smtp", hostname, NULL, NULL, NULL,
+ result = sasl_server_new("smtp", hostname, AuthRealm, NULL, NULL,
NULL, 0, conn);
# elif SASL > 10505
/* use empty realm: only works in SASL > 1.5.5 */

44
devtools/bin/Build
View File

@ -675,30 +675,30 @@ then
echo "Creating $obj using $BUILDTOOLS/OS/$oscf"
${mkdir} $obj
ln="ln -s"
(cd $obj
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.[chly13458]
do
if [ -f $i ]
then
$ln $i .
fi
done
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.0
do
if [ -f $i ]
then
$ln $i `basename $i`.dist
fi
done)
if [ -f helpfile ]
ln="ln -s"
(cd $obj
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.[chly13458]
do
if [ -f $i ]
then
(cd $obj; $ln ${obj_rel_base_dir}/${src_dir}/helpfile .)
$ln $i .
fi
done
# This glob doesn't actually glob to something everywhere,
# thus the protective measures.
for i in ${obj_rel_base_dir}/${src_dir}/*.0
do
if [ -f $i ]
then
$ln $i `basename $i`.dist
fi
done)
if [ -f helpfile ]
then
(cd $obj; $ln ${obj_rel_base_dir}/${src_dir}/helpfile .)
fi
rm -f $obj/.settings$$
echo 'divert(-1)' > $obj/.settings$$

140
doc/op/op.me
View File

@ -93,7 +93,7 @@ Version \\$2
.Ve $Revision: 8.759 $
.rm Ve
.sp
For Sendmail Version 8.14
For Sendmail Version 8.15
.)l
.(f
Sendmail is a trademark of Proofpoint, Inc.
@ -3262,6 +3262,8 @@ to program and files.
Accept a group-readable key file for STARTTLS.
.ip GroupReadableSASLDBFile
Accept a group-readable Cyrus SASL password file.
.ip GroupReadableDefaultAuthInfoFile
Accept a group-readable DefaultAuthInfo file for SASL.
.ip GroupWritableAliasFile
Allow group-writable alias files.
.ip GroupWritableDirPathSafe
@ -4870,12 +4872,28 @@ used for the security layer of a SASL mechanism.
The message body type
(7BIT or 8BITMIME),
as determined from the envelope.
.ip ${cert_fp}
The fingerprint of the presented certificate (STARTTLS only).
Note: this macro is only defined if the option
.b CertFingerprintAlgorithm
is set,
in which case the specified fingerprint algorithm is used.
The valid algorithms depend on the OpenSSL version,
but usually md5, sha1, and sha256 are available.
See
.(b
openssl dgst -h
.)b
for a list.
.ip ${cert_issuer}
The DN (distinguished name) of the CA (certificate authority)
that signed the presented certificate (the cert issuer)
(STARTTLS only).
.ip ${cert_md5}
The MD5 hash of the presented certificate (STARTTLS only).
Note: this macro is only defined if the option
.b CertFingerprintAlgorithm
is not set.
.ip ${cert_subject}
The DN of the presented certificate (called the cert subject)
(STARTTLS only).
@ -5756,6 +5774,8 @@ for this mailer.
.ip i
Do User Database rewriting on envelope sender address.
.ip I
This flag is deprecated
and will be removed from a future version.
This mailer will be speaking SMTP
to another
.i sendmail
@ -6534,6 +6554,7 @@ The authentication realm that is passed to the Cyrus SASL library.
If no realm is specified,
.b $j
is used.
See also KNOWNBUGS.
.ip BadRcptThrottle=\fIN\fP
[no short name]
If set and the specified number of recipients in a single SMTP
@ -6554,6 +6575,22 @@ as filenames (or as links to them).
[no short name]
File containing one or more CA certificates;
see section about STARTTLS for more information.
.ip CertFingerprintAlgorithm
Specify the fingerprint algorithm (digest) to use for the presented cert.
If the option is not set,
md5 is used and the macro
.p ${cert_md5}
contains the cert fingerprint.
If the option is explicitly set,
the specified algorithm (e.g., sha1) is used
and the macro
.b ${cert_fp}
contains the cert fingerprint.
.ip CipherList
Specify cipher list for STARTTLS.
See
.i ciphers (1)
for possible values.
.ip CheckAliases
[n]
Validate the RHS of aliases when rebuilding the alias database.
@ -6636,6 +6673,24 @@ in order to give settings for each protocol family
(e.g., one for Family=inet and one for Family=inet6).
A restriction placed on one family only affects
outgoing connections on that particular family.
.ip ClientSSLOptions
A space separated list of SSL related options for client side.
See
.i SSL_CTX_set_options (3)
for a list;
the available values depend on the OpenSSL version against which
.i sendmail
is compiled.
By default,
.i SSL_OP_ALL
.i SSL_OP_NO_SSLv2
.i SSL_OP_NO_TICKET
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
Options can be cleared by preceeding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ColonOkInAddr
[no short name]
If set, colons are acceptable in e-mail addresses
@ -6784,8 +6839,10 @@ The
key is used for error messages and logging.
The
.i Addr ess
mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
or a network name.
mask may be
a numeric address in IPv4 dot notation or IPv6 colon notation,
or a network name,
or a path to a local socket.
Note that if a network name is specified,
only the first IP address returned for it will be used.
This may cause indeterminate behavior for network names
@ -6798,6 +6855,10 @@ IPv6 users who wish to also accept IPv6 connections
should add additional Family=inet6
.b DaemonPortOptions
lines.
For a local socket, use
Family=local
or
Family=unix.
The
.i InputMailFilters
key overrides the default list of input mail filters listed in the
@ -7543,6 +7604,13 @@ If there is insufficient space
gives a 452 response
to the MAIL command.
This invites the sender to try again later.
.ip MaxQueueAge=\fIage\fP
[no short name]
If this is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached
which is doubled for each attempt.
The maximum retry time is limited by the specified value.
.ip MinQueueAge=\fIage\fP
[no short name]
Don't process any queued jobs
@ -8031,6 +8099,22 @@ is used when sendmail acts as server
[no short name]
File containing the private key belonging to the server certificate
(used for STARTTLS).
.ip ServerSSLOptions
A space separated list of SSL related options for client side.
See
.i SSL_CTX_set_options (3)
for a list;
the available values depend on the OpenSSL version against which
.i sendmail
is compiled.
By default,
.i SSL_OP_ALL
.i -SSL_OP_TLSEXT_PADDING
are used
(if those options are available).
Options can be cleared by preceeding them with a minus sign.
It is also possible to specify numerical values, e.g.,
.b -0x0010 .
.ip ServiceSwitchFile=\fIfilename\fP
[no short name]
If your host operating system has a service switch abstraction
@ -8186,7 +8270,11 @@ consisting of single characters
with intervening white space or commas.
The flag ``V'' disables client verification, and hence
it is not possible to use a client certificate for relaying.
Currently there are no other flags available.
The flag ``C'' removes the requirement for the TLS server
to have a cert.
This only works under very specific circumstances
and should only be used if the consequences are understood,
e.g., clients may not work with a server using this.
.ip TempFileMode=\fImode\fP
[F]
The file mode for transcript files, files to which
@ -8786,6 +8874,31 @@ A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
A map lookup will return only one record.
Hence for some types, e.g., MX records, the return value might be a random
element of the list due to randomizing in the DNS resolver.
.ip arpa
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
i.e., the string for the PTR lookup,
but without trailing
.b ip6.arpa
or
.b in-addr.arpa .
For example, the following configuration lines:
.(b
Karpa arpa
SArpa
R$+ $: $(arpa $1 $)
.)b
work like this in test mode:
.(b
sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> Arpa IPv6:1:2:dead:beef:9876:0:0:1
Arpa input: IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1
Arpa returns: 1 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 . 0 . 1 . 0 . 0 . 0
> Arpa 1.2.3.4
Arpa input: 1 . 2 . 3 . 4
Arpa returns: 4 . 3 . 2 . 1
.)b
.ip sequence
The arguments on the `K' line are a list of maps;
the resulting map searches the argument maps in order
@ -9211,6 +9324,11 @@ The dns map has another flag:
.ip "\-B"
basedomain: specify a domain that is always appended to queries.
.pp
Socket maps have an optional flag:
.ip "\-d"
timeout: specify the timeout (in seconds) for communication
with the socket map server.
.pp
The following additional flags are present in the ldap map only:
.ip "\-R"
Do not auto chase referrals. sendmail must be compiled with
@ -10699,6 +10817,19 @@ To allow for automatic startup of sendmail, private keys
must be stored unencrypted.
The keys are only protected by the permissions of the file system.
Never make a private key available to a third party.
.pp
The options
.i ClientCertFile ,
.i ClientKeyFile ,
.i ServerCertFile ,
and
.i ServerKeyFile
can take a second file name,
which must be separated from the first with a comma
(note: do not use any spaces)
to set up a second cert/key pair.
This can be used to have certs of different types,
e.g., RSA and DSA.
.sh 3 "PRNG for STARTTLS"
.pp
STARTTLS requires a strong pseudo random number generator (PRNG)
@ -10883,6 +11014,7 @@ Operation modes are:
m Deliver mail (default)
s Speak SMTP on input side
a\(dg ``Arpanet'' mode (get envelope sender information from header)
C Check the configuration file
d Run as a daemon in background
D Run as a daemon in foreground
t Run in test mode

23653
doc/op/op.ps
View File

File diff suppressed because it is too large Load Diff

7
editmap/editmap.c
View File

@ -76,7 +76,6 @@ main(argc, argv)
{
char *progname;
char *cfile;
bool verbose = false;
bool query = false;
bool update = false;
bool remove = false;
@ -131,7 +130,7 @@ main(argc, argv)
(void) sm_strlcpy(user_info.smdbu_name, RunAsUserName,
SMDB_MAX_USER_NAME_LEN);
#define OPTIONS "C:fquxvN"
#define OPTIONS "C:fquxN"
while ((opt = getopt(argc, argv, OPTIONS)) != -1)
{
switch (opt)
@ -159,10 +158,6 @@ main(argc, argv)
nops++;
break;
case 'v':
verbose = true;
break;
case 'N':
inclnull = true;
break;

4
include/sendmail/sendmail.h
View File

@ -117,9 +117,7 @@ extern bool filechanged __P((char *, int, struct stat *));
#define DBS_WORLDWRITABLEFORWARDFILE 39
#define DBS_WORLDWRITABLEINCLUDEFILE 40
#define DBS_GROUPREADABLEKEYFILE 41
#if _FFR_GROUPREADABLEAUTHINFOFILE
# define DBS_GROUPREADABLEAUTHINFOFILE 42
#endif /* _FFR_GROUPREADABLEAUTHINFOFILE */
#define DBS_GROUPREADABLEAUTHINFOFILE 42
/* struct defining such things */
struct dbsval

8
include/sm/bdb.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2003 Proofpoint, Inc. and its suppliers.
* Copyright (c) 2002, 2003, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
@ -19,7 +19,7 @@
# define DB_VERSION_MAJOR 1
# endif /* ! DB_VERSION_MAJOR */
# if DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1
# if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
# define DBTXN NULL ,
@ -32,7 +32,7 @@
# define SM_DB_FLAG_ADD(flag) (flag) |= DB_FCNTL_LOCKING
# else /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */
# else /* (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 */
# define DBTXN
# if !HASFLOCK && defined(DB_FCNTL_LOCKING)
@ -41,7 +41,7 @@
# define SM_DB_FLAG_ADD(flag) ((void) 0)
# endif /* !HASFLOCK && defined(DB_FCNTL_LOCKING) */
# endif /* DB_VERSION_MAJOR >= 4 && DB_VERSION_MINOR >= 1 */
# endif /* (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5 */
#endif /* NEWDB */
#endif /* ! SM_BDB_H */

6
include/sm/cdefs.h
View File

@ -121,11 +121,11 @@
*/
# ifndef SM_CONF_FORMAT_TEST
# if __GNUC__ == 2 && __GNUC_MINOR__ >= 7
# if (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) || __GNUC__ > 2
# define SM_CONF_FORMAT_TEST 1
# else /* __GNUC__ == 2 && __GNUC_MINOR__ >= 7 */
# else
# define SM_CONF_FORMAT_TEST 0
# endif /* __GNUC__ == 2 && __GNUC_MINOR__ >= 7 */
# endif
# endif /* SM_CONF_FORMAT_TEST */
# ifndef PRINTFLIKE

8
include/sm/conf.h
View File

@ -473,6 +473,9 @@ typedef int pid_t;
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) causes core dumps pre-2.7 */
# endif /* ! HASGETUSERSHELL */
# if SOLARIS < 21200
# define SIGWAIT_TAKES_1_ARG 1 /* S12 moves to UNIX V7 semantic */
# endif /* SOLARIS < 21200 */
# else /* SOLARIS */
/* SunOS 4.0.3 or 4.1.x */
@ -1906,6 +1909,7 @@ extern struct passwd * sendmail_mpe_getpwuid __P((uid_t));
# define GIDSET_T gid_t
# define SOCKADDR_LEN_T size_t
# define SOCKOPT_LEN_T size_t
# define SIGWAIT_TAKES_1_ARG 1
# ifndef _PATH_UNIX
# define _PATH_UNIX "/stand/unix"
# endif /* ! _PATH_UNIX */
@ -2920,6 +2924,10 @@ typedef void (*sigfunc_t) __P((int));
# define FD_SETSIZE 256
#endif /* ! FD_SETSIZE */
#ifndef SIGWAIT_TAKES_1_ARG
# define SIGWAIT_TAKES_1_ARG 0
#endif /* ! SIGWAIT_TAKES_1_ARG */
/*
** Size of prescan buffer.
** Despite comments in the _sendmail_ book, this probably should

12
include/sm/errstring.h
View File

@ -49,9 +49,17 @@ extern int errno;
#define E_SM_WRFILE (E_PSEUDOBASE + 11) /* o readable file */
#define E_DNSBASE (E_PSEUDOBASE + 20) /* base for DNS h_errno */
#define E_SMDBBASE (E_PSEUDOBASE + 40) /* base for libsmdb errors */
#define E_LDAPBASE (E_PSEUDOBASE + 70) /* base for LDAP errors */
#define E_LDAPURLBASE (E_PSEUDOBASE + 200) /* base for LDAP URL errors */
#define E_LDAPREALBASE (E_PSEUDOBASE + 70) /* start of range for LDAP */
#define E_LDAPBASE (E_LDAPREALBASE + E_LDAP_SHIM) /* LDAP error zero */
#define E_LDAPURLBASE (E_PSEUDOBASE + 230) /* base for LDAP URL errors */
/*
** OpenLDAP uses small negative errors for internal (non-protocol)
** errors. We expect them to be between zero and -E_LDAP_SHIM
** (and then offset by E_LDAPBASE).
*/
#define E_LDAP_SHIM 30
/* libsmdb */
#define SMDBE_OK 0

8
include/sm/fdset.h
View File

@ -17,9 +17,9 @@
** before.
*/
# define SM_FD_SET(fd, pfdset) FD_SET(fd, pfdset)
# define SM_FD_ISSET(fd, pfdset) FD_ISSET(fd, pfdset)
# define SM_FD_SETSIZE FD_SETSIZE
# define SM_FD_OK_SELECT(fd) (FD_SETSIZE <= 0 || (fd) < FD_SETSIZE)
#define SM_FD_SET(fd, pfdset) FD_SET(fd, pfdset)
#define SM_FD_ISSET(fd, pfdset) FD_ISSET(fd, pfdset)
#define SM_FD_SETSIZE FD_SETSIZE
#define SM_FD_OK_SELECT(fd) (SM_FD_SETSIZE <= 0 || (fd) < SM_FD_SETSIZE)
#endif /* SM_FDSET_H */

4
libmilter/engine.c
View File

@ -726,7 +726,7 @@ sendreply(r, sd, timeout_ptr, ctx)
}
/*
** CLR_MACROS -- clear set of macros starting from a given index
** MI_CLR_MACROS -- clear set of macros starting from a given index
**
** Parameters:
** ctx -- context structure
@ -1816,7 +1816,7 @@ dec_arg2(buf, len, s1, s2)
}
/*
** SENDOK -- is it ok for the filter to send stuff to the MTA?
** MI_SENDOK -- is it ok for the filter to send stuff to the MTA?
**
** Parameters:
** ctx -- context structure

2
libmilter/handler.c
View File

@ -15,7 +15,7 @@ SM_RCSID("@(#)$Id: handler.c,v 8.40 2013-11-22 20:51:36 ca Exp $")
#if !_FFR_WORKERS_POOL
/*
** HANDLE_SESSION -- Handle a connected session in its own context
** MI_HANDLE_SESSION -- Handle a connected session in its own context
**
** Parameters:
** ctx -- context structure

15
libmilter/listener.c
View File

@ -728,6 +728,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
int acnt = 0; /* error count for accept() failures */
int scnt = 0; /* error count for select() failures */
int save_errno = 0;
int fdflags;
#if !_FFR_WORKERS_POOL
sthread_t thread_id;
#endif /* !_FFR_WORKERS_POOL */
@ -885,6 +886,20 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
}
#endif /* _FFR_DUP_FD */
/*
** Need to set close-on-exec for connfd in case a user's
** filter starts other applications.
** Note: errors will not stop processing (for now).
*/
if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 ||
fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to set close-on-exec: %s",
smfi->xxfi_name, sm_errstring(errno));
}
if (setsockopt(connfd, SOL_SOCKET, SO_KEEPALIVE,
(void *) &sockopt, sizeof sockopt) < 0)
{

6
libmilter/signal.c
View File

@ -104,11 +104,11 @@ mi_signal_thread(name)
for (;;)
{
sigerr = sig = 0;
#if defined(SOLARIS) || defined(__svr5__)
#if SIGWAIT_TAKES_1_ARG
if ((sig = sigwait(&set)) < 0)
#else /* defined(SOLARIS) || defined(__svr5__) */
#else
if ((sigerr = sigwait(&set, &sig)) != 0)
#endif /* defined(SOLARIS) || defined(__svr5__) */
#endif
{
/* some OS return -1 and set errno: copy it */
if (sigerr <= 0)

2
libmilter/worker.c
View File

@ -254,7 +254,7 @@ nonblocking(int fd, const char *name)
}
/*
** MI_POOL_CONTROLER_INIT -- Launch the worker pool controller
** MI_POOL_CONTROLLER_INIT -- Launch the worker pool controller
** Must be called before starting sessions.
**
** Parameters:

2
libsm/Makefile.m4
View File

@ -6,7 +6,7 @@ define(`confREQUIRE_LIBSM', `true')
define(`confREQUIRE_SM_OS_H', `true')
PREPENDDEF(`confENVDEF', `confMAPDEF')
bldPRODUCT_START(`library', `libsm')
define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ')
bldPRODUCT_END
dnl msg.c
dnl syslogio.c

6
libsm/errstring.c
View File

@ -264,10 +264,12 @@ sm_errstring(errnum)
#if LDAPMAP
/*
** LDAP error messages.
** LDAP error messages. Handle small negative errors from
** libldap (in the range -E_LDAP_SHIM to zero, offset by E_LDAPBASE)
** as well.
*/
if (errnum >= E_LDAPBASE)
if (errnum >= E_LDAPBASE - E_LDAP_SHIM)
return ldap_err2string(errnum - E_LDAPBASE);
#endif /* LDAPMAP */

3
libsm/local.h
View File

@ -20,6 +20,7 @@
*/
#include <sm/time.h>
#include <sm/fdset.h>
#if !SM_CONF_MEMCHR
# include <memory.h>
#endif /* !SM_CONF_MEMCHR */
@ -244,7 +245,7 @@ int sm_flags __P((int));
sm_io_to.tv_sec = (to) / 1000; \
sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 1000; \
} \
if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
if (!SM_FD_OK_SELECT(fd)) \
{ \
errno = EINVAL; \
return SM_IO_EOF; \

4
libsm/mbdb.c
View File

@ -315,7 +315,7 @@ mbdb_pw_lookup(name, user)
{
struct passwd *pw;
#ifdef HESIOD
#if HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN
/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
{
char *p;
@ -326,7 +326,7 @@ mbdb_pw_lookup(name, user)
if (*p == '\0')
return EX_NOUSER;
}
#endif /* HESIOD */
#endif /* HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN */
errno = 0;
pw = getpwnam(name);

15
libsm/path.c
View File

@ -1,15 +0,0 @@
/*
* Copyright (c) 2000-2001 Proofpoint, Inc. and its suppliers.
* All rights reserved.
*
* By using this file, you agree to the terms and conditions set
* forth in the LICENSE file which can be found at the top level of
* the sendmail distribution.
*/
#include <sm/gen.h>
SM_RCSID("@(#)$Id: path.c,v 1.10 2013-11-22 20:51:43 ca Exp $")
#include <sm/path.h>
#include <sm/string.h>

3
libsm/refill.c
View File

@ -25,6 +25,7 @@ SM_RCSID("@(#)$Id: refill.c,v 1.54 2013-11-22 20:51:43 ca Exp $")
#include <sm/io.h>
#include <sm/conf.h>
#include <sm/assert.h>
#include <sm/fdset.h>
#include "local.h"
static int sm_lflush __P((SM_FILE_T *, int *));
@ -65,7 +66,7 @@ static int sm_lflush __P((SM_FILE_T *, int *));
errno = EAGAIN; \
return SM_IO_EOF; \
} \
if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
if (!SM_FD_OK_SELECT(fd)) \
{ \
errno = EINVAL; \
return SM_IO_EOF; \

2
libsm/stdio.c
View File

@ -317,7 +317,7 @@ sm_stdsetinfo(fp, what, valp)
}
/*
** SM_GETINFO -- get information about the open file
** SM_STDGETINFO -- get information about the open file
**
** Parameters:
** fp -- file to get info for

2
libsm/vfprintf.c
View File

@ -156,7 +156,7 @@ sm_bprintf(fp, fmt, ap)
#define FPT 0x100 /* Floating point number */
/*
** SM_IO_VPRINTF -- performs actual formating for o/p
** SM_IO_VFPRINTF -- performs actual formating for o/p
**
** Parameters:
** fp -- file pointer for o/p

6
libsmdb/smdb.c
View File

@ -198,12 +198,16 @@ smdb_open_database(database, db_name, mode, mode_mask, sff, type, user_info,
SMDB_USER_INFO *user_info;
SMDB_DBPARAMS *params;
{
#if defined(NEWDB) && defined(NDBM)
bool type_was_default = false;
#endif
if (type == SMDB_TYPE_DEFAULT)
{
type_was_default = true;
#ifdef NEWDB
# ifdef NDBM
type_was_default = true;
# endif
type = SMDB_TYPE_HASH;
#else /* NEWDB */
# ifdef NDBM

10
src/README
View File

@ -189,10 +189,11 @@ replies are text based and encoded as netstrings. The socket map
uses the same syntax as milters the specify the remote endpoint,
e.g.:
Ksocket mySocketMap inet:12345@127.0.0.1
KmySocketMap socket inet:12345@127.0.0.1
See doc/op/op.me for details.
+---------------+
| COMPILE FLAGS |
+---------------+
@ -630,8 +631,7 @@ EGD Define this if your system has EGD installed, see
http://egd.sourceforge.net/ . It should be used to
seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
(http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later
(if compatible with this version), do not use 0.9.3.
(http://www.OpenSSL.org/); use OpenSSL 0.9.8zc or later.
See STARTTLS COMPILATION AND CONFIGURATION for further
information.
TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS.
@ -653,6 +653,9 @@ REQUIRES_DIR_FSYNC Turn on support for file systems that require to
chattr +S on Linux.
DBMMODE The default file permissions to use when creating new
database files for maps and aliases. Defaults to 0640.
IPV6_FULL Use uncompressed IPv6 addresses (set by default). This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
Generic notice: If you enable a compile time option that needs
libraries or include files that don't come with sendmail or are
@ -1733,6 +1736,7 @@ Fedora Core 5, 64 bit version
Problem noted by Daniel Krones, solution suggested by
Anthony Howe.
+--------------+
| MANUAL PAGES |
+--------------+

6
src/TRACEFLAGS
View File

@ -87,11 +87,17 @@
71,>99 milter.c quarantine on errors
73 queue.c shared memory updates
74,>99 map.c LDAP map defer
#if _FFR_XCNCT
75 debug FFR_XC*
#endif /* _FFR_XCNCT */
80 content length
81 sun remote mode
83 collect.c timeout
84 deliver.c timeout
85 map.c dprintf map
#if _FFR_PROXY
87 srvrsmtp.c proxy mode
#endif
89 conf.c >=8 use sm_dprintf() instead of syslog()
91 mci.c syslogging of MCI cache information
93,>99 * Prevent daemon connection fork for profiling/debugging

13
src/TUNING
View File

@ -1,4 +1,4 @@
# Copyright (c) 2001-2003 Proofpoint, Inc. and its suppliers.
# Copyright (c) 2001-2003, 2014 Proofpoint, Inc. and its suppliers.
# All rights reserved.
#
# By using this file, you agree to the terms and conditions set
@ -135,6 +135,17 @@ to send e-mail then either the -G option should be used or
should be added to the .mc file.
Note: starting with 8.15, sendmail will not ignore temporary map
lookup failures during header rewriting, which means that DNS lookup
problems even for headers will cause messages to stay in the queue.
Hence it is strongly suggested to use the nocanonify feature;
at least turning it on for the MTA, but maybe disabling it for the
MSA, i.e., use Modifiers for DaemonPortOptions accordingly.
As a last resort, it is possible to override the host map to ignore
temporary failures, e.g.,
Khost host -t
However, this can cause inconsistent header rewriting.
* Mailing Lists and Large Aliases (1-n Mailing)
-----------------------------------------------

3
src/bf.c
View File

@ -695,7 +695,8 @@ sm_bfcommit(fp)
sm_dprintf("bfcommit(%s): to disk\n", bfp->bf_filename);
if (tTd(58, 32))
sm_dprintf("bfcommit(): filemode %o flags %ld\n",
bfp->bf_filemode, bfp->bf_flags);
(unsigned int) bfp->bf_filemode,
bfp->bf_flags);
}
if (stat(bfp->bf_filename, &st) == 0)

14
src/collect.c
View File

@ -59,7 +59,7 @@ collect_eoh(e, numhdrs, hdrslen)
sm_dprintf("collect: rscheck(\"check_eoh\", \"%s $| %s\")\n",
hnum, hsize);
(void) rscheck("check_eoh", hnum, hsize, e, RSF_UNSTRUCTURED|RSF_COUNT,
3, NULL, e->e_id, NULL);
3, NULL, e->e_id, NULL, NULL);
/*
** Process the header,
@ -297,6 +297,7 @@ collect(fp, smtpmode, hdrp, e, rsetsize)
int hdrslen;
int numhdrs;
int afd;
int old_rd_tmo;
unsigned char *pbp;
unsigned char peekbuf[8];
char bufbuf[MAXLINE];
@ -311,7 +312,7 @@ collect(fp, smtpmode, hdrp, e, rsetsize)
dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
: SM_TIME_FOREVER;
sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
set_tls_rd_tmo(TimeOuts.to_datablock);
old_rd_tmo = set_tls_rd_tmo(TimeOuts.to_datablock);
c = SM_IO_EOF;
inputerr = false;
headeronly = hdrp != NULL;
@ -720,7 +721,7 @@ collect(fp, smtpmode, hdrp, e, rsetsize)
}
if (headeronly)
return;
goto end;
if (mstate != MS_BODY)
{
@ -940,6 +941,9 @@ collect(fp, smtpmode, hdrp, e, rsetsize)
+ e->e_nrcpts * WkRecipFact;
markstats(e, (ADDRESS *) NULL, STATS_NORMAL);
}
end:
(void) set_tls_rd_tmo(old_rd_tmo);
}
/*
@ -1026,8 +1030,8 @@ dferror(df, msg, e)
#endif /* 0 */
}
else
syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%d, gid=%d)",
dfname, msg, (int) geteuid(), (int) getegid());
syserr("421 4.3.0 collect: Cannot write %s (%s, uid=%ld, gid=%ld)",
dfname, msg, (long) geteuid(), (long) getegid());
if (sm_io_reopen(SmFtStdio, SM_TIME_DEFAULT, SM_PATH_DEVNULL,
SM_IO_WRONLY, NULL, df) == NULL)
sm_syslog(LOG_ERR, e->e_id,

520
src/conf.c
View File

File diff suppressed because it is too large Load Diff

94
src/daemon.c
View File

@ -32,7 +32,7 @@ SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013-11-22 20:51:55 ca Exp $")
#endif /* defined(USE_SOCK_STREAM) */
#if STARTTLS
# include <openssl/rand.h>
# include <openssl/rand.h>
#endif /* STARTTLS */
#include <sm/time.h>
@ -517,14 +517,12 @@ getrequests(e)
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "unspec");
break;
#if _FFR_DAEMON_NETUNIX
# if NETUNIX
#if NETUNIX
case AF_UNIX:
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{daemon_family}"), "local");
break;
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
#if NETINET
case AF_INET:
macdefine(&BlankEnvelope.e_macro, A_PERM,
@ -827,6 +825,17 @@ getrequests(e)
OutChannel = outchannel;
DisConnected = false;
#if _FFR_XCNCT
t = xconnect(inchannel);
if (t <= 0)
{
clrbitn(D_XCNCT, Daemons[curdaemon].d_flags);
clrbitn(D_XCNCT_M, Daemons[curdaemon].d_flags);
}
else
setbitn(t, Daemons[curdaemon].d_flags);
#endif /* _FFR_XCNCT */
#if XLA
if (!xla_host_ok(RealHostName))
@ -1060,8 +1069,7 @@ opendaemonsocket(d, firsttime)
(void) sleep(5);
if (firsttime || d->d_socket < 0)
{
#if _FFR_DAEMON_NETUNIX
# if NETUNIX
#if NETUNIX
if (d->d_addr.sa.sa_family == AF_UNIX)
{
int rval;
@ -1084,8 +1092,7 @@ opendaemonsocket(d, firsttime)
/* Don't try to overtake an existing socket */
(void) unlink(d->d_addr.sunix.sun_path);
}
# endif /* NETUNIX */
#endif /* _FFR_DOMAIN_NETUNIX */
#endif /* NETUNIX */
d->d_socket = socket(d->d_addr.sa.sa_family,
SOCK_STREAM, 0);
if (d->d_socket < 0)
@ -1113,7 +1120,7 @@ opendaemonsocket(d, firsttime)
continue;
}
if (SM_FD_SETSIZE > 0 && d->d_socket >= SM_FD_SETSIZE)
if (!SM_FD_OK_SELECT(d->d_socket))
{
save_errno = EINVAL;
syserr("opendaemonsocket: daemon %s: server SMTP socket (%d) too large",
@ -1168,13 +1175,11 @@ opendaemonsocket(d, firsttime)
switch (d->d_addr.sa.sa_family)
{
#if _FFR_DAEMON_NETUNIX
# ifdef NETUNIX
#ifdef NETUNIX
case AF_UNIX:
socksize = sizeof(d->d_addr.sunix);
break;
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
#if NETINET
case AF_INET:
socksize = sizeof(d->d_addr.sin);
@ -1493,6 +1498,9 @@ setsockaddroptions(p, d)
case SM_DEFER:
case SM_DELIVER:
case SM_FORK:
#if _FFR_PROXY
case SM_PROXY_REQ:
#endif /* _FFR_PROXY */
d->d_dm = *v;
break;
default:
@ -1512,13 +1520,11 @@ setsockaddroptions(p, d)
#endif /* !_FFR_DPO_CS */
if (isascii(*v) && isdigit(*v))
d->d_addr.sa.sa_family = atoi(v);
#if _FFR_DAEMON_NETUNIX
# ifdef NETUNIX
#ifdef NETUNIX
else if (sm_strcasecmp(v, "unix") == 0 ||
sm_strcasecmp(v, "local") == 0)
d->d_addr.sa.sa_family = AF_UNIX;
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
#if NETINET
else if (sm_strcasecmp(v, "inet") == 0)
d->d_addr.sa.sa_family = AF_INET;
@ -1628,14 +1634,14 @@ setsockaddroptions(p, d)
{
switch (d->d_addr.sa.sa_family)
{
#if _FFR_DAEMON_NETUNIX
# if NETUNIX
#if NETUNIX
case AF_UNIX:
if (strlen(addr) >= sizeof(d->d_addr.sunix.sun_path))
{
errno = ENAMETOOLONG;
syserr("setsockaddroptions: domain socket name too long: %s > %d",
addr, sizeof(d->d_addr.sunix.sun_path));
syserr("setsockaddroptions: domain socket name too long: %s > %ld",
addr,
(long) sizeof(d->d_addr.sunix.sun_path));
break;
}
@ -1646,8 +1652,7 @@ setsockaddroptions(p, d)
addr,
sizeof(d->d_addr.sunix.sun_path));
break;
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
#if NETINET
case AF_INET:
if (!isascii(*addr) || !isdigit(*addr) ||
@ -1998,16 +2003,14 @@ addr_family(addr)
return AF_INET6;
}
#endif /* NETINET6 */
#if _FFR_DAEMON_NETUNIX
# if NETUNIX
#if NETUNIX
if (*addr == '/')
{
if (tTd(16, 9))
sm_dprintf("addr_family(%s): LOCAL\n", addr);
return AF_UNIX;
}
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
if (tTd(16, 9))
sm_dprintf("addr_family(%s): UNSPEC\n", addr);
return AF_UNSPEC;
@ -2045,7 +2048,7 @@ chkclientmodifiers(flag)
#if MILTER
/*
** SETUP_DAEMON_FILTERS -- Parse per-socket filters
** SETUP_DAEMON_MILTERS -- Parse per-socket filters
**
** Parameters:
** none
@ -3047,8 +3050,7 @@ shutdown_daemon()
(void) close(Daemons[i].d_socket);
Daemons[i].d_socket = -1;
#if _FFR_DAEMON_NETUNIX
# if NETUNIX
#if NETUNIX
/* Remove named sockets */
if (Daemons[i].d_addr.sa.sa_family == AF_UNIX)
{
@ -3070,8 +3072,7 @@ shutdown_daemon()
sm_errstring(errno));
}
}
# endif /* NETUNIX */
#endif /* _FFR_DAEMON_NETUNIX */
#endif /* NETUNIX */
}
}
@ -3413,7 +3414,7 @@ getauthinfo(fd, may_be_forged)
char ibuf[MAXNAME + 1];
static char hbuf[MAXNAME + MAXAUTHINFO + 11];
*may_be_forged = false;
*may_be_forged = true;
falen = sizeof(RealHostAddr);
if (isatty(fd) || (i = getpeername(fd, &RealHostAddr.sa, &falen)) < 0 ||
falen <= 0 || RealHostAddr.sa.sa_family == 0)
@ -3430,6 +3431,8 @@ getauthinfo(fd, may_be_forged)
return NULL;
errno = 0;
}
*may_be_forged = false;
(void) sm_strlcpyn(hbuf, sizeof(hbuf), 2, RealUserName,
"@localhost");
if (tTd(9, 1))
@ -3446,8 +3449,10 @@ getauthinfo(fd, may_be_forged)
}
/* cross check RealHostName with forward DNS lookup */
if (anynet_ntoa(&RealHostAddr)[0] != '[' &&
RealHostName[0] != '[')
if (anynet_ntoa(&RealHostAddr)[0] == '[' ||
RealHostName[0] == '[')
*may_be_forged = false;
else
{
int family;
@ -3473,19 +3478,16 @@ getauthinfo(fd, may_be_forged)
/* try to match the reverse against the forward lookup */
hp = sm_gethostbyname(RealHostName, family);
if (hp == NULL)
{
/* XXX: Could be a temporary error on forward lookup */
*may_be_forged = true;
}
else
if (hp != NULL)
{
for (ha = hp->h_addr_list; *ha != NULL; ha++)
{
if (addrcmp(hp, *ha, &RealHostAddr) == 0)
{
*may_be_forged = false;
break;
}
}
*may_be_forged = *ha == NULL;
#if NETINET6
freehostent(hp);
hp = NULL;
@ -4259,11 +4261,11 @@ anynet_ntop(s6a, dst, dst_len)
return NULL;
dst += sz;
dst_len -= sz;
# if _FFR_IPV6_FULL
# if IPV6_FULL
ap = sm_inet6_ntop(s6a, dst, dst_len);
# else /* _FFR_IPV6_FULL */
# else /* IPV6_FULL */
ap = (char *) inet_ntop(AF_INET6, s6a, dst, dst_len);
# endif /* _FFR_IPV6_FULL */
# endif /* IPV6_FULL */
/* Restore pointer to beginning of string */
if (ap != NULL)

123
src/deliver.c
View File

@ -37,7 +37,7 @@ static void sendenvelope __P((ENVELOPE *, int));
static int coloncmp __P((const char *, const char *));
#if STARTTLS
# include <openssl/err.h>
# include <openssl/err.h>
static int starttls __P((MAILER *, MCI *, ENVELOPE *));
static int endtlsclt __P((MCI *));
#endif /* STARTTLS */
@ -1223,6 +1223,7 @@ should_try_fbsh(e, tried_fallbacksmarthost, hostbuf, hbsz, status)
}
return false;
}
/*
** DELIVER -- Deliver a message to a list of addresses.
**
@ -1392,6 +1393,8 @@ deliver(e, firstto)
else
p = e->e_from.q_paddr;
rpath = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e);
if (rcode != EX_OK && bitnset(M_xSMTP, m->m_flags))
goto cleanup;
if (strlen(rpath) > MAXNAME)
{
rpath = shortenstring(rpath, MAXSHORTSTR);
@ -1468,6 +1471,7 @@ deliver(e, firstto)
/* running LMTP or SMTP */
clever = true;
*pvp = NULL;
setbitn(M_xSMTP, m->m_flags);
}
else if (bitnset(M_LMTP, m->m_flags))
{
@ -1600,7 +1604,7 @@ deliver(e, firstto)
quarantine = (e->e_quarmsg != NULL);
rcode = rscheck("check_compat", e->e_from.q_paddr, to->q_paddr,
e, RSF_RMCOMM|RSF_COUNT, 3, NULL,
e->e_id, NULL);
e->e_id, NULL, NULL);
if (rcode == EX_OK)
{
/* do in-code checking if not discarding */
@ -2465,8 +2469,8 @@ deliver(e, firstto)
ctladdr->q_gid) == -1
&& suidwarn)
{
syserr("openmailer: initgroups(%s, %d) failed",
user, ctladdr->q_gid);
syserr("openmailer: initgroups(%s, %ld) failed",
user, (long) ctladdr->q_gid);
exit(EX_TEMPFAIL);
}
}
@ -2492,8 +2496,8 @@ deliver(e, firstto)
if (initgroups(DefUser, DefGid) == -1 &&
suidwarn)
{
syserr("openmailer: initgroups(%s, %d) failed",
DefUser, DefGid);
syserr("openmailer: initgroups(%s, %ld) failed",
DefUser, (long) DefGid);
exit(EX_TEMPFAIL);
}
}
@ -2522,9 +2526,9 @@ deliver(e, firstto)
new_gid != getegid())
{
/* Only root can change the gid */
syserr("openmailer: insufficient privileges to change gid, RunAsUid=%d, new_gid=%d, gid=%d, egid=%d",
(int) RunAsUid, (int) new_gid,
(int) getgid(), (int) getegid());
syserr("openmailer: insufficient privileges to change gid, RunAsUid=%ld, new_gid=%ld, gid=%ld, egid=%ld",
(long) RunAsUid, (long) new_gid,
(long) getgid(), (long) getegid());
exit(EX_TEMPFAIL);
}
@ -2619,8 +2623,8 @@ deliver(e, firstto)
if (RunAsUid != 0 && new_euid != RunAsUid)
{
/* Only root can change the uid */
syserr("openmailer: insufficient privileges to change uid, new_euid=%d, RunAsUid=%d",
(int) new_euid, (int) RunAsUid);
syserr("openmailer: insufficient privileges to change uid, new_euid=%ld, RunAsUid=%ld",
(long) new_euid, (long) RunAsUid);
exit(EX_TEMPFAIL);
}
@ -2662,9 +2666,9 @@ deliver(e, firstto)
}
if (tTd(11, 2))
sm_dprintf("openmailer: running as r/euid=%d/%d, r/egid=%d/%d\n",
(int) getuid(), (int) geteuid(),
(int) getgid(), (int) getegid());
sm_dprintf("openmailer: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n",
(long) getuid(), (long) geteuid(),
(long) getgid(), (long) getegid());
/* move into some "safe" directory */
if (m->m_execdir != NULL)
@ -2964,8 +2968,8 @@ deliver(e, firstto)
QuickAbort = false;
SuprErrs = true;
if (rscheck("try_tls", host, NULL, e,
RSF_RMCOMM, 7, host, NOQID, NULL)
!= EX_OK
RSF_RMCOMM, 7, host, NOQID, NULL,
NULL) != EX_OK
|| Errors > olderrors)
{
usetls = false;
@ -3039,7 +3043,7 @@ deliver(e, firstto)
if (rscheck("tls_server",
macvalue(macid("{verify}"), e),
NULL, e, RSF_RMCOMM|RSF_COUNT, 5,
host, NOQID, NULL) != EX_OK ||
host, NOQID, NULL, NULL) != EX_OK ||
Errors > olderrors ||
rcode == EX_SOFTWARE)
{
@ -3364,7 +3368,7 @@ deliver(e, firstto)
# if STARTTLS
i = rscheck("tls_rcpt", to->q_user, NULL, e,
RSF_RMCOMM|RSF_COUNT, 3,
mci->mci_host, e->e_id, NULL);
mci->mci_host, e->e_id, NULL, NULL);
if (i != EX_OK)
{
markfailure(e, to, mci, i, false);
@ -3590,7 +3594,7 @@ deliver(e, firstto)
if (tobuf[0] != '\0')
{
giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e, tochain);
giveresponse(rcode, NULL, m, mci, ctladdr, xstart, e, NULL);
#if 0
/*
** This code is disabled for now because I am not
@ -4166,14 +4170,13 @@ giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to)
/*
** Final cleanup.
** Log a record of the transaction. Compute the new
** ExitStat -- if we already had an error, stick with
** that.
** Log a record of the transaction. Compute the new ExitStat
** -- if we already had an error, stick with that.
*/
if (OpMode != MD_VERIFY && !bitset(EF_VRFYONLY, e->e_flags) &&
LogLevel > ((status == EX_TEMPFAIL) ? 8 : (status == EX_OK) ? 7 : 6))
logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e);
logdelivery(m, mci, dsn, statmsg + off, ctladdr, xstart, e, to, status);
if (tTd(11, 2))
sm_dprintf("giveresponse: status=%d, dsn=%s, e->e_message=%s, errnum=%d\n",
@ -4215,6 +4218,8 @@ giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to)
** xstart -- the transaction start time, used for
** computing transaction delay.
** e -- the current envelope.
** to -- the current recipient (NULL if none).
** rcode -- status code
**
** Returns:
** none
@ -4224,7 +4229,7 @@ giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to)
*/
void
logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
logdelivery(m, mci, dsn, status, ctladdr, xstart, e, to, rcode)
MAILER *m;
register MCI *mci;
char *dsn;
@ -4232,6 +4237,8 @@ logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
ADDRESS *ctladdr;
time_t xstart;
register ENVELOPE *e;
ADDRESS *to;
int rcode;
{
register char *bp;
register char *p;
@ -4276,6 +4283,16 @@ logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
bp += strlen(bp);
}
# if _FFR_LOG_MORE2
# if STARTTLS
p = macvalue(macid("{verify}"), e);
if (p == NULL || *p == '\0')
p = "NONE";
(void) sm_snprintf(bp, SPACELEFT(buf, bp), ", tls_verify=%.20s", p);
bp += strlen(bp);
# endif /* STARTTLS */
# endif /* _FFR_LOG_MORE2 */
/* pri: changes with each delivery attempt */
(void) sm_snprintf(bp, SPACELEFT(buf, bp), ", pri=%ld",
PRT_NONNEGL(e->e_msgpriority));
@ -4342,6 +4359,43 @@ logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
# define STATLEN 203
# endif /* (STATLEN) > 203 */
#if _FFR_LOGREPLY
/*
** Notes:
** per-rcpt status: to->q_rstatus
** global status: e->e_text
**
** We (re)use STATLEN here, is that a good choice?
**
** stat=Deferred: ...
** has sometimes the same text?
**
** Note: this doesn't show the stage at which the error happened.
** can/should we log that?
** XS_* in reply() basically encodes the state.
*/
/* only show errors */
if (rcode != EX_OK && to != NULL && to->q_rstatus != NULL &&
*to->q_rstatus != '\0')
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", reply=%s",
shortenstring(to->q_rstatus, STATLEN));
bp += strlen(bp);
}
else if (rcode != EX_OK && e->e_text != NULL)
{
(void) sm_snprintf(bp, SPACELEFT(buf, bp),
", reply=%d %s%s%s",
e->e_rcode,
e->e_renhsc,
(e->e_renhsc[0] != '\0') ? " " : "",
shortenstring(e->e_text, STATLEN));
bp += strlen(bp);
}
#endif
/* stat: max 210 bytes */
if ((bp - buf) > (sizeof(buf) - ((STATLEN) + 20)))
{
@ -4368,6 +4422,7 @@ logdelivery(m, mci, dsn, status, ctladdr, xstart, e)
for (q = p + l; q > p; q--)
{
/* XXX a comma in an address will break this! */
if (*q == ',')
break;
}
@ -5327,8 +5382,8 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
if (RunAsUid != 0 && RealUid != RunAsUid)
{
/* Only root can change the uid */
syserr("mailfile: insufficient privileges to change uid, RunAsUid=%d, RealUid=%d",
(int) RunAsUid, (int) RealUid);
syserr("mailfile: insufficient privileges to change uid, RunAsUid=%ld, RealUid=%ld",
(long) RunAsUid, (long) RealUid);
RETURN(EX_TEMPFAIL);
}
}
@ -5368,9 +5423,9 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
RealGid != getegid()))
{
/* Only root can change the gid */
syserr("mailfile: insufficient privileges to change gid, RealGid=%d, RunAsUid=%d, gid=%d, egid=%d",
(int) RealGid, (int) RunAsUid,
(int) getgid(), (int) getegid());
syserr("mailfile: insufficient privileges to change gid, RealGid=%ld, RunAsUid=%ld, gid=%ld, egid=%ld",
(long) RealGid, (long) RunAsUid,
(long) getgid(), (long) getegid());
RETURN(EX_TEMPFAIL);
}
}
@ -5411,8 +5466,8 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
{
if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
{
syserr("mailfile: initgroups(%s, %d) failed",
RealUserName, RealGid);
syserr("mailfile: initgroups(%s, %ld) failed",
RealUserName, (long) RealGid);
RETURN(EX_TEMPFAIL);
}
}
@ -5474,9 +5529,9 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
}
if (tTd(11, 2))
sm_dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n",
(int) getuid(), (int) geteuid(),
(int) getgid(), (int) getegid());
sm_dprintf("mailfile: running as r/euid=%ld/%ld, r/egid=%ld/%ld\n",
(long) getuid(), (long) geteuid(),
(long) getgid(), (long) getegid());
/* move into some "safe" directory */

20
src/envelope.c
View File

@ -42,11 +42,9 @@ clrsessenvelope(e)
macdefine(&e->e_macro, A_PERM, macid("{cipher}"), "");
macdefine(&e->e_macro, A_PERM, macid("{tls_version}"), "");
macdefine(&e->e_macro, A_PERM, macid("{verify}"), "");
# if _FFR_TLS_1
macdefine(&e->e_macro, A_PERM, macid("{alg_bits}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cn_issuer}"), "");
macdefine(&e->e_macro, A_PERM, macid("{cn_subject}"), "");
# endif /* _FFR_TLS_1 */
#endif /* STARTTLS */
}
@ -246,6 +244,16 @@ dropenvelope(e, fulldrop, split)
e->e_flags |= EF_FATALERRS|EF_CLRQUEUE;
}
#if _FFR_PROXY
if (tTd(87, 2))
{
q = e->e_sendqueue;
sm_dprintf("dropenvelope: mode=%c, e=%p, sibling=%p, nrcpts=%d, sendqueue=%p, next=%p, state=%d\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts, q,
(q == NULL) ? (void *)0 : q->q_next,
(q == NULL) ? -1 : q->q_state);
}
#endif /* _FFR_PROXY */
e->e_flags &= ~EF_QUEUERUN;
for (q = e->e_sendqueue; q != NULL; q = q->q_next)
@ -253,6 +261,10 @@ dropenvelope(e, fulldrop, split)
if (QS_IS_UNDELIVERED(q->q_state))
queueit = true;
#if _FFR_PROXY
if (queueit && e->e_sendmode == SM_PROXY)
queueit = false;
#endif /* _FFR_PROXY */
/* see if a notification is needed */
if (bitset(QPINGONFAILURE, q->q_flags) &&
@ -577,9 +589,9 @@ dropenvelope(e, fulldrop, split)
if (!split_by_recipient(e) &&
bitset(EF_FATALERRS, e->e_flags))
{
syserr("!dropenvelope(%s): cannot commit data file %s, uid=%d",
syserr("!dropenvelope(%s): cannot commit data file %s, uid=%ld",
e->e_id, queuename(e, DATAFL_LETTER),
(int) geteuid());
(long) geteuid());
}
for (ee = e->e_sibling; ee != NULL; ee = ee->e_sibling)
queueup(ee, false, true);

122
src/err.c
View File

@ -94,7 +94,7 @@ fatal_error(exc)
** reply code defaults to 451 or 554, depending on errno.
**
** Parameters:
** fmt -- the format string. An optional '!' or '@',
** fmt -- the format string. An optional '!', '@', or '+',
** followed by an optional three-digit SMTP
** reply code, followed by message text.
** (others) -- parameters
@ -127,8 +127,7 @@ syserr(fmt, va_alist)
{
register char *p;
int save_errno = errno;
bool panic;
bool exiting;
bool panic, exiting, keep;
char *user;
char *enhsc;
char *errtxt;
@ -136,21 +135,22 @@ syserr(fmt, va_alist)
char ubuf[80];
SM_VA_LOCAL_DECL
panic = exiting = keep = false;
switch (*fmt)
{
case '!':
++fmt;
panic = true;
exiting = true;
panic = exiting = true;
break;
case '@':
++fmt;
panic = false;
exiting = true;
break;
case '+':
++fmt;
keep = true;
break;
default:
panic = false;
exiting = false;
break;
}
@ -182,7 +182,7 @@ syserr(fmt, va_alist)
puterrmsg(MsgBuf);
/* save this message for mailq printing */
if (!panic && CurEnv != NULL)
if (!panic && CurEnv != NULL && (!keep || CurEnv->e_message == NULL))
{
char *nmsg = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
@ -479,6 +479,108 @@ message(msg, va_alist)
}
}
#if _FFR_PROXY
/*
** EMESSAGE -- print message (not necessarily an error)
** (same as message() but requires reply code and enhanced status code)
**
** Parameters:
** replycode -- SMTP reply code.
** enhsc -- enhanced status code.
** msg -- the message (sm_io_printf fmt) -- it can begin with
** an SMTP reply code. If not, 050 is assumed.
** (others) -- sm_io_printf arguments
**
** Returns:
** none
**
** Side Effects:
** none.
*/
/*VARARGS3*/
void
# ifdef __STDC__
emessage(const char *replycode, const char *enhsc, const char *msg, ...)
# else /* __STDC__ */
emessage(replycode, enhsc, msg, va_alist)
const char *replycode;
const char *enhsc;
const char *msg;
va_dcl
# endif /* __STDC__ */
{
char *errtxt;
SM_VA_LOCAL_DECL
errno = 0;
SM_VA_START(ap, msg);
errtxt = fmtmsg(MsgBuf, CurEnv->e_to, replycode, enhsc, 0, msg, ap);
SM_VA_END(ap);
putoutmsg(MsgBuf, false, false);
/* save this message for mailq printing */
switch (MsgBuf[0])
{
case '4':
case '8':
if (CurEnv->e_message != NULL)
break;
/* FALLTHROUGH */
case '5':
if (CurEnv->e_rpool == NULL && CurEnv->e_message != NULL)
sm_free(CurEnv->e_message);
CurEnv->e_message = sm_rpool_strdup_x(CurEnv->e_rpool, errtxt);
break;
}
}
/*
** EXTSC -- check and extract a status codes
**
** Parameters:
** msg -- string with possible enhanced status code.
** delim -- delim for enhanced status code.
** replycode -- pointer to storage for SMTP reply code;
** must be != NULL and have space for at least
** 4 characters.
** enhsc -- pointer to storage for enhanced status code;
** must be != NULL and have space for at least
** 10 characters ([245].[0-9]{1,3}.[0-9]{1,3})
**
** Returns:
** -1 -- no SMTP reply code.
** >=3 -- offset of error text in msg.
** (<=4 -- no enhanced status code)
*/
int
extsc(msg, delim, replycode, enhsc)
const char *msg;
int delim;
char *replycode;
char *enhsc;
{
int offset;
SM_REQUIRE(replycode != NULL);
SM_REQUIRE(enhsc != NULL);
replycode[0] = '\0';
enhsc[0] = '\0';
if (msg == NULL)
return -1;
if (!ISSMTPREPLY(msg))
return -1;
sm_strlcpy(replycode, msg, 4);
if (msg[3] == '\0')
return 3;
offset = 4;
if (isenhsc(msg + 4, delim))
offset = extenhsc(msg + 4, delim, enhsc) + 4;
return offset;
}
#endif /* _FFR_PROXY */
/*
** NMESSAGE -- print message (not necessarily an error)
@ -1138,7 +1240,7 @@ sm_errstring(errnum)
}
#if LDAPMAP
if (errnum >= E_LDAPBASE)
if (errnum >= E_LDAPBASE - E_LDAP_SHIM)
return ldap_err2string(errnum - E_LDAPBASE);
#endif /* LDAPMAP */

32
src/headers.c
View File

@ -360,7 +360,7 @@ dochompheader(line, pflag, hdrp, e)
macdefine(&e->e_macro, A_PERM,
macid("{addr_type}"), "h");
(void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
NULL, e->e_id, NULL);
NULL, e->e_id, NULL, NULL);
}
}
@ -415,7 +415,7 @@ dochompheader(line, pflag, hdrp, e)
** the RCPT mailer.
*/
if (bitnset(M_NOMHHACK,
if (bitnset(M_NOMHHACK,
e->e_from.q_mailer->m_flags))
{
h->h_flags &= ~H_CHECK;
@ -1194,6 +1194,22 @@ logsender(e, msgid)
", daemon=%.20s", p);
sbp += strlen(sbp);
}
# if _FFR_LOG_MORE1
# if STARTTLS
p = macvalue(macid("{verify}"), e);
if (p == NULL || *p == '\0')
p = "NONE";
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp), ", tls_verify=%.20s", p);
sbp += strlen(sbp);
# endif /* STARTTLS */
# if SASL
p = macvalue(macid("{auth_type}"), e);
if (p == NULL || *p == '\0')
p = "NONE";
(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp), ", auth=%.20s", p);
sbp += strlen(sbp);
# endif /* SASL */
# endif /* _FFR_LOG_MORE1 */
sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
#else /* (SYSLOG_BUFSIZE) >= 256 */
@ -1892,8 +1908,10 @@ putheader(mci, hdr, e, flags)
if (bitset(H_FROM, h->h_flags))
oldstyle = false;
commaize(h, p, oldstyle, mci, e,
PXLF_HEADER | PXLF_STRIPMQUOTE);
if (!commaize(h, p, oldstyle, mci, e,
PXLF_HEADER | PXLF_STRIPMQUOTE)
&& bitnset(M_xSMTP, mci->mci_mailer->m_flags))
goto writeerr;
}
else
{
@ -2169,6 +2187,12 @@ commaize(h, p, oldstyle, mci, e, putflags)
#endif /* USERDB */
status = EX_OK;
name = remotename(name, mci->mci_mailer, flags, &status, e);
if (status != EX_OK && bitnset(M_xSMTP, mci->mci_mailer->m_flags))
{
if (status == EX_TEMPFAIL)
mci->mci_flags |= MCIF_NOTSTICKY;
goto writeerr;
}
if (*name == '\0')
{
*p = savechar;

67
src/main.c
View File

@ -406,9 +406,7 @@ main(argc, argv, envp)
case MD_HOSTSTAT:
case MD_PURGESTAT:
case MD_ARPAFTP:
#if _FFR_CHECKCONFIG
case MD_CHECKCONFIG:
#endif /* _FFR_CHECKCONFIG */
OpMode = j;
break;
@ -645,6 +643,17 @@ main(argc, argv, envp)
sm_printoptions(FFRCompileOptions);
}
#if STARTTLS
if (tTd(0, 14))
{
/* exit(EX_CONFIG) if different? */
sm_dprintf(" OpenSSL: compiled 0x%08x\n",
(uint) OPENSSL_VERSION_NUMBER);
sm_dprintf(" OpenSSL: linked 0x%08x\n",
(uint) SSLeay());
}
#endif /* STARTTLS */
/* clear sendmail's environment */
ExternalEnviron = environ;
emptyenviron[0] = NULL;
@ -2566,6 +2575,38 @@ main(argc, argv, envp)
** Set _ macro in BlankEnvelope before calling newenvelope().
*/
#if _FFR_XCNCT
if (bitnset(D_XCNCT, *p_flags) || bitnset(D_XCNCT_M, *p_flags))
{
/* copied from getauthinfo() */
if (RealHostName == NULL)
{
RealHostName = newstr(hostnamebyanyaddr(&RealHostAddr));
if (strlen(RealHostName) > MAXNAME)
RealHostName[MAXNAME] = '\0'; /* XXX - 1 ? */
}
snprintf(buf, sizeof(buf), "%s [%s]",
RealHostName, anynet_ntoa(&RealHostAddr));
forged = bitnset(D_XCNCT_M, *p_flags);
if (forged)
{
(void) sm_strlcat(buf, " (may be forged)",
sizeof(buf));
macdefine(&BlankEnvelope.e_macro, A_PERM,
macid("{client_resolve}"), "FORGED");
}
/* HACK! variable used only two times right below */
authinfo = buf;
if (tTd(75, 9))
sm_syslog(LOG_INFO, NOQID,
"main: where=not_calling_getauthinfo, RealHostAddr=%s",
anynet_ntoa(&RealHostAddr));
}
else
/* WARNING: "non-braced" else */
#endif /* _FFR_XCNCT */
authinfo = getauthinfo(sm_io_getinfo(InChannel, SM_IO_WHAT_FD,
NULL), &forged);
macdefine(&BlankEnvelope.e_macro, A_TEMP, '_', authinfo);
@ -2622,13 +2663,13 @@ main(argc, argv, envp)
#if NETINET
case AF_INET:
(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
RealHostAddr.sin.sin_port);
ntohs(RealHostAddr.sin.sin_port));
break;
#endif /* NETINET */
#if NETINET6
case AF_INET6:
(void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
RealHostAddr.sin6.sin6_port);
ntohs(RealHostAddr.sin6.sin6_port));
break;
#endif /* NETINET6 */
default:
@ -3696,12 +3737,12 @@ drop_privileges(to_real_uid)
GIDSET_T emptygidset[1];
if (tTd(47, 1))
sm_dprintf("drop_privileges(%d): Real[UG]id=%d:%d, get[ug]id=%d:%d, gete[ug]id=%d:%d, RunAs[UG]id=%d:%d\n",
sm_dprintf("drop_privileges(%d): Real[UG]id=%ld:%ld, get[ug]id=%ld:%ld, gete[ug]id=%ld:%ld, RunAs[UG]id=%ld:%ld\n",
(int) to_real_uid,
(int) RealUid, (int) RealGid,
(int) getuid(), (int) getgid(),
(int) geteuid(), (int) getegid(),
(int) RunAsUid, (int) RunAsGid);
(long) RealUid, (long) RealGid,
(long) getuid(), (long) getgid(),
(long) geteuid(), (long) getegid(),
(long) RunAsUid, (long) RunAsGid);
if (to_real_uid)
{
@ -3776,15 +3817,15 @@ drop_privileges(to_real_uid)
{
if (setgid(RunAsGid) < 0 && (!UseMSP || getegid() != RunAsGid))
{
syserr("drop_privileges: setgid(%d) failed",
(int) RunAsGid);
syserr("drop_privileges: setgid(%ld) failed",
(long) RunAsGid);
rval = EX_OSERR;
}
errno = 0;
if (rval == EX_OK && getegid() != RunAsGid)
{
syserr("drop_privileges: Unable to set effective gid=%d to RunAsGid=%d",
(int) getegid(), (int) RunAsGid);
syserr("drop_privileges: Unable to set effective gid=%ld to RunAsGid=%ld",
(long) getegid(), (long) RunAsGid);
rval = EX_OSERR;
}
}

40
src/map.c
View File

@ -204,6 +204,20 @@ map_parseargs(map, ap)
map->map_app = ++p;
break;
case 'd':
{
char *h;
++p;
h = strchr(p, ' ');
if (h != NULL)
*h = '\0';
map->map_timeout = convtime(p, 's');
if (h != NULL)
*h = ' ';
}
break;
case 'T':
map->map_tapp = ++p;
break;
@ -1826,7 +1840,7 @@ ndbm_map_store(map, lhs, rhs)
data.dptr = buf;
if (tTd(38, 9))
sm_dprintf("ndbm_map_store append=%s\n",
data.dptr);
(char *)data.dptr);
}
}
status = dbm_store((DBM *) map->map_db1,
@ -7366,7 +7380,6 @@ arith_map_lookup(map, name, av, statp)
return NULL;
}
#if _FFR_ARPA_MAP
char *
arpa_map_lookup(map, name, av, statp)
MAP *map;
@ -7419,7 +7432,7 @@ arpa_map_lookup(map, name, av, statp)
{
struct in_addr in_addr;
r = anynet_pton(AF_INET, name, &in_addr);
r = inet_pton(AF_INET, name, &in_addr);
if (r == 1)
{
unsigned char *src;
@ -7445,7 +7458,6 @@ arpa_map_lookup(map, name, av, statp)
}
return rval;
}
#endif /* _FFR_ARPA_MAP */
#if SOCKETMAP
@ -7466,6 +7478,7 @@ socket_map_open(map, mode)
{
STAB *s;
int sock = 0;
int tmo;
SOCKADDR_LEN_T addrlen = 0;
int addrno = 0;
int save_errno;
@ -7865,6 +7878,13 @@ socket_map_open(map, mode)
return false;
}
tmo = map->map_timeout;
if (tmo == 0)
tmo = 30000; /* default: 30s */
else
tmo *= 1000; /* s -> ms */
sm_io_setinfo(map->map_db1, SM_IO_WHAT_TIMEOUT, &tmo);
/* Save connection for reuse */
s->s_socketmap = map;
return true;
@ -7999,8 +8019,16 @@ socket_map_lookup(map, name, av, statp)
if (sm_io_fscanf(f, SM_TIME_DEFAULT, "%9u", &replylen) != 1)
{
syserr("451 4.3.0 socket_map_lookup(%s): failed to read length parameter of reply",
map->map_mname);
if (errno == EAGAIN)
{
syserr("451 4.3.0 socket_map_lookup(%s): read timeout",
map->map_mname);
}
else
{
syserr("451 4.3.0 socket_map_lookup(%s): failed to read length parameter of reply %d",
map->map_mname, errno);
}
*statp = EX_TEMPFAIL;
goto errcl;
}

1
src/mci.c
View File

@ -352,6 +352,7 @@ mci_get(host, m)
#if PIPELINING
mci->mci_okrcpts = 0;
#endif /* PIPELINING */
mci->mci_flags &= ~MCIF_NOTSTICKY;
if (mci->mci_rpool == NULL)
mci->mci_rpool = sm_rpool_new_x(NULL);

27
src/milter.c
View File

@ -204,7 +204,7 @@ static size_t MilterMaxDataSize = MILTER_MAX_DATA_SIZE;
fd_set fds; \
struct timeval tv; \
\
if (SM_FD_SETSIZE > 0 && m->mf_sock >= SM_FD_SETSIZE) \
if (!SM_FD_OK_SELECT(m->mf_sock)) \
{ \
if (tTd(64, 5)) \
sm_dprintf("milter_%s(%s): socket %d is larger than FD_SETSIZE %d\n", \
@ -1642,8 +1642,8 @@ milter_set_option(name, val, sticky)
MilterMaxDataSize != MILTER_MDS_1M)
{
sm_syslog(LOG_WARNING, NOQID,
"WARNING: Milter.%s=%d, allowed are only %d, %d, and %d",
name, MilterMaxDataSize,
"WARNING: Milter.%s=%lu, allowed are only %d, %d, and %d",
name, (unsigned long) MilterMaxDataSize,
MILTER_MDS_64K, MILTER_MDS_256K,
MILTER_MDS_1M);
if (MilterMaxDataSize < MILTER_MDS_64K)
@ -2421,7 +2421,9 @@ milter_negotiate(m, e, milters)
if (tTd(64, 5))
sm_dprintf("milter_negotiate(%s): send: version %lu, fflags 0x%lx, pflags 0x%lx\n",
m->mf_name, ntohl(fvers), ntohl(fflags), ntohl(pflags));
m->mf_name, (unsigned long) ntohl(fvers),
(unsigned long) ntohl(fflags),
(unsigned long) ntohl(pflags));
response = milter_read(m, &rcmd, &rlen, m->mf_timeout[SMFTO_READ], e,
"negotiate");
@ -2526,8 +2528,9 @@ milter_negotiate(m, e, milters)
{
/* this should not happen... */
sm_syslog(LOG_WARNING, NOQID,
"WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d",
MilterMaxDataSize, MILTER_MDS_1M);
"WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
(unsigned long) MilterMaxDataSize,
MILTER_MDS_1M);
MilterMaxDataSize = MILTER_MDS_1M;
}
}
@ -2536,16 +2539,18 @@ milter_negotiate(m, e, milters)
if (MilterMaxDataSize != MILTER_MDS_256K)
{
sm_syslog(LOG_WARNING, NOQID,
"WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d",
MilterMaxDataSize, MILTER_MDS_256K);
"WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
(unsigned long) MilterMaxDataSize,
MILTER_MDS_256K);
MilterMaxDataSize = MILTER_MDS_256K;
}
}
else if (MilterMaxDataSize != MILTER_MDS_64K)
{
sm_syslog(LOG_WARNING, NOQID,
"WARNING: Milter.maxdatasize: configured=%d, set by libmilter=%d",
MilterMaxDataSize, MILTER_MDS_64K);
"WARNING: Milter.maxdatasize: configured=%lu, set by libmilter=%d",
(unsigned long) MilterMaxDataSize,
MILTER_MDS_64K);
MilterMaxDataSize = MILTER_MDS_64K;
}
m->mf_pflags &= ~SMFI_INTERNAL;
@ -3976,6 +3981,7 @@ milter_connect(hostname, addr, e, state)
else
milter_per_connection_check(e);
#if !_FFR_MILTER_CONNECT_REPLYCODE
/*
** SMFIR_REPLYCODE can't work with connect due to
** the requirements of SMTP. Therefore, ignore the
@ -4000,6 +4006,7 @@ milter_connect(hostname, addr, e, state)
response = NULL;
}
}
#endif /* !_FFR_MILTER_CONNECT_REPLYCODE */
return response;
}

28
src/parseaddr.c
View File

@ -2362,6 +2362,10 @@ sameaddr(a, b)
if (strcmp(a->q_user, b->q_user) != 0)
return false;
/* do the required flags match? */
if (!ADDR_FLAGS_MATCH(a, b))
return false;
/* if we have good uids for both but they differ, these are different */
if (a->q_mailer == ProgMailer)
{
@ -2409,6 +2413,7 @@ struct qflags
unsigned long qf_bit;
};
/* :'a,.s;^#define \(Q[A-Z]*\) .*; { "\1", \1 },; */
static struct qflags AddressFlags[] =
{
{ "QGOODUID", QGOODUID },
@ -2426,6 +2431,12 @@ static struct qflags AddressFlags[] =
{ "QDELIVERED", QDELIVERED },
{ "QDELAYED", QDELAYED },
{ "QTHISPASS", QTHISPASS },
{ "QALIAS", QALIAS },
{ "QBYTRACE", QBYTRACE },
{ "QBYNDELAY", QBYNDELAY },
{ "QBYNRELAY", QBYNRELAY },
{ "QINTBCC", QINTBCC },
{ "QDYNMAILER", QDYNMAILER },
{ "QRCPTOK", QRCPTOK },
{ NULL, 0 }
};
@ -2789,7 +2800,7 @@ remotename(name, m, flags, pstat, e)
{
sm_dprintf("remotename => `");
xputs(sm_debug_file(), buf);
sm_dprintf("'\n");
sm_dprintf("', stat=%d\n", *pstat);
}
return buf;
}
@ -3060,6 +3071,8 @@ dequote_map(map, name, av, statp)
** logid -- id for sm_syslog.
** addr -- if not NULL and ruleset returns $#error:
** store mailer triple here.
** addrstr -- if not NULL and ruleset does not return $#:
** address string
**
** Returns:
** EX_OK -- if the rwset doesn't resolve to $#error
@ -3067,7 +3080,7 @@ dequote_map(map, name, av, statp)
*/
int
rscheck(rwset, p1, p2, e, flags, logl, host, logid, addr)
rscheck(rwset, p1, p2, e, flags, logl, host, logid, addr, addrstr)
char *rwset;
char *p1;
char *p2;
@ -3077,6 +3090,7 @@ rscheck(rwset, p1, p2, e, flags, logl, host, logid, addr)
char *host;
char *logid;
ADDRESS *addr;
char **addrstr;
{
char *volatile buf;
size_t bufsize;
@ -3150,6 +3164,16 @@ rscheck(rwset, p1, p2, e, flags, logl, host, logid, addr)
(void) REWRITE(pvp, rsno, e);
if (bitset(RSF_UNSTRUCTURED, flags))
SuprErrs = saveSuprErrs;
if (pvp[0] != NULL && (pvp[0][0] & 0377) != CANONNET &&
bitset(RSF_ADDR, flags) && addrstr != NULL)
{
cataddr(&(pvp[0]), NULL, ubuf, sizeof(ubuf), ' ', true);
*addrstr = sm_rpool_strdup_x(e->e_rpool, ubuf);
goto finis;
}
if (pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET ||
pvp[1] == NULL || (strcmp(pvp[1], "error") != 0 &&
strcmp(pvp[1], "discard") != 0))

134
src/queue.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998-2009, 2011, 2012 Proofpoint, Inc. and its suppliers.
* Copyright (c) 1998-2009, 2011, 2012, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
@ -125,13 +125,6 @@ static SM_DEBUG_T DebugLeakQ = SM_DEBUG_INITIALIZER("leak_q",
"@(#)$Debug: leak_q - trace memory leaks during queue processing $");
#endif /* SM_HEAP_CHECK */
/*
** We use EmptyString instead of "" to avoid
** 'zero-length format string' warnings from gcc
*/
static const char EmptyString[] = "";
static void grow_wlist __P((int, int));
static int multiqueue_cache __P((char *, int, QUEUEGRP *, int, unsigned int *));
static int gatherq __P((int, int, bool, bool *, bool *, int *));
@ -304,7 +297,7 @@ hash_q(p, h)
** d data file directory name (added in 8.12)
** E error recipient
** F flag bits
** G free (was: queue delay algorithm if _FFR_QUEUEDELAY)
** G free
** H header
** I data file's inode number
** K time of last delivery attempt
@ -320,7 +313,7 @@ hash_q(p, h)
** T init time
** V queue file version
** X free (was: character set if _FFR_SAVE_CHARSET)
** Y free (was: current delay if _FFR_QUEUEDELAY)
** Y free
** Z original envelope id from ESMTP
** ! deliver by (added in 8.12)
** $ define macro
@ -404,8 +397,8 @@ queueup(e, announce, msync)
printopenfds(true);
errno = save_errno;
syserr("!queueup: cannot create queue file %s, euid=%d, fd=%d, fp=%p",
tf, (int) geteuid(), tfd, tfp);
syserr("!queueup: cannot create queue file %s, euid=%ld, fd=%d, fp=%p",
tf, (long) geteuid(), tfd, tfp);
/* NOTREACHED */
}
e->e_lockfp = tfp;
@ -427,8 +420,8 @@ queueup(e, announce, msync)
break;
if (LogLevel > 0 && (i % 32) == 0)
sm_syslog(LOG_ALERT, e->e_id,
"queueup: cannot create %s, euid=%d: %s",
tf, (int) geteuid(),
"queueup: cannot create %s, euid=%ld: %s",
tf, (long) geteuid(),
sm_errstring(errno));
}
#if SM_OPEN_EXLOCK
@ -473,8 +466,8 @@ queueup(e, announce, msync)
printopenfds(true);
errno = save_errno;
syserr("!queueup: cannot create queue temp file %s, uid=%d",
tf, (int) geteuid());
syserr("!queueup: cannot create queue temp file %s, uid=%ld",
tf, (long) geteuid());
}
}
@ -518,8 +511,8 @@ queueup(e, announce, msync)
sm_io_setinfo(e->e_dfp, SM_BF_COMMIT, NULL) < 0 &&
errno != EINVAL)
{
syserr("!queueup: cannot commit data file %s, uid=%d",
queuename(e, DATAFL_LETTER), (int) geteuid());
syserr("!queueup: cannot commit data file %s, uid=%ld",
queuename(e, DATAFL_LETTER), (long) geteuid());
}
if (e->e_dfp != NULL &&
SuperSafe == SAFE_INTERACTIVE && msync)
@ -560,8 +553,8 @@ queueup(e, announce, msync)
if (dfd < 0 || (dfp = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
(void *) &dfd, SM_IO_WRONLY_B,
NULL)) == NULL)
syserr("!queueup: cannot create data temp file %s, uid=%d",
df, (int) geteuid());
syserr("!queueup: cannot create data temp file %s, uid=%ld",
df, (long) geteuid());
if (fstat(dfd, &stbuf) < 0)
e->e_dfino = -1;
else
@ -595,8 +588,8 @@ queueup(e, announce, msync)
}
if (sm_io_close(dfp, SM_TIME_DEFAULT) < 0)
syserr("!queueup: cannot save data temp file %s, uid=%d",
df, (int) geteuid());
syserr("!queueup: cannot save data temp file %s, uid=%ld",
df, (long) geteuid());
e->e_putbody = putbody;
}
@ -733,9 +726,15 @@ queueup(e, announce, msync)
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'F');
if (bitset(QPINGONDELAY, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'D');
if (bitset(QINTBCC, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'B');
if (q->q_alias != NULL &&
bitset(QALIAS, q->q_alias->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, 'A');
/* _FFR_RCPTFLAGS */
if (bitset(QDYNMAILER, q->q_flags))
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, QDYNMAILFLG);
(void) sm_io_putc(tfp, SM_TIME_DEFAULT, ':');
(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "%s\n",
denlstring(q->q_paddr, true, false));
@ -747,10 +746,10 @@ queueup(e, announce, msync)
tag = "quarantined";
e->e_to = q->q_paddr;
message(tag);
message("%s", tag);
if (LogLevel > 8)
logdelivery(q->q_mailer, NULL, q->q_status,
tag, NULL, (time_t) 0, e);
tag, NULL, (time_t) 0, e, q, EX_OK);
e->e_to = NULL;
}
if (tTd(40, 1))
@ -888,8 +887,8 @@ queueup(e, announce, msync)
(void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER),
sizeof(qf));
if (rename(tf, qf) < 0)
syserr("cannot rename(%s, %s), uid=%d",
tf, qf, (int) geteuid());
syserr("cannot rename(%s, %s), uid=%ld",
tf, qf, (long) geteuid());
else
{
/*
@ -1785,7 +1784,7 @@ runner_work(e, sequenceno, didfork, skip, njobs)
if (shouldqueue(w->w_pri, w->w_ctime))
{
if (Verbose)
message(EmptyString);
message("%s", "");
if (QueueSortOrder == QSO_BYPRIORITY)
{
if (Verbose)
@ -1813,7 +1812,7 @@ runner_work(e, sequenceno, didfork, skip, njobs)
{
if (Verbose)
{
message(EmptyString);
message("%s", "");
message("Running %s/%s (sequence %d of %d)",
qid_printqueue(w->w_qgrp, w->w_qdir),
w->w_name + 2, sequenceno, njobs);
@ -2042,9 +2041,7 @@ run_work_group(wgrp, flags)
{
IgnoreHostStatus = true;
MinQueueAge = 0;
#if _FFR_EXPDELAY
MaxQueueAge = 0;
#endif /* _FFR_EXPDELAY */
}
/*
@ -2871,7 +2868,6 @@ gatherq(qgrp, qdir, doall, full, more, pnentries)
break;
case 'K':
#if _FFR_EXPDELAY
if (MaxQueueAge > 0)
{
time_t lasttry, delay;
@ -2884,7 +2880,6 @@ gatherq(qgrp, qdir, doall, full, more, pnentries)
w->w_tooyoung = true;
break;
}
#endif /* _FFR_EXPDELAY */
age = curtime() - (time_t) atol(&lbuf[1]);
if (age >= 0 && MinQueueAge > 0 &&
@ -4096,8 +4091,9 @@ readqf(e, openonly)
if (LogLevel > 0)
{
sm_syslog(LOG_ALERT, e->e_id,
"bogus queue file, uid=%d, gid=%d, mode=%o",
st.st_uid, st.st_gid, st.st_mode);
"bogus queue file, uid=%ld, gid=%ld, mode=%o",
(long) st.st_uid, (long) st.st_gid,
(unsigned int) st.st_mode);
}
if (tTd(40, 8))
sm_dprintf("readqf(%s): bogus file\n", qf);
@ -4418,6 +4414,14 @@ readqf(e, openonly)
ctladdr->q_flags |= QALIAS;
break;
case 'B':
qflags |= QINTBCC;
break;
case QDYNMAILFLG:
qflags |= QDYNMAILER;
break;
default: /* ignore or complain? */
break;
}
@ -4426,7 +4430,7 @@ readqf(e, openonly)
else
qflags |= QPRIMARY;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"),
"e r");
((qflags & QINTBCC) != 0) ? "e b" : "e r");
if (*p != '\0')
q = parseaddr(++p, NULLADDR, RF_COPYALL, '\0',
NULL, e, true);
@ -4443,6 +4447,10 @@ readqf(e, openonly)
q->q_flags |= qflags;
q->q_finalrcpt = frcpt;
q->q_orcpt = orcpt;
#if _FFR_RCPTFLAGS
if (bitset(QDYNMAILER, qflags))
newmodmailer(q, QDYNMAILFLG);
#endif
(void) recipient(q, &e->e_sendqueue, 0, e);
}
frcpt = NULL;
@ -4500,24 +4508,6 @@ readqf(e, openonly)
nomore = true;
break;
#if _FFR_QUEUEDELAY
case 'G':
case 'Y':
/*
** Maintain backward compatibility for
** users who defined _FFR_QUEUEDELAY in
** previous releases. Remove this
** code in 8.14 or 8.15.
*/
if (qfver == 5 || qfver == 7)
break;
/* If not qfver 5 or 7, then 'G' or 'Y' is invalid */
/* FALLTHROUGH */
#endif /* _FFR_QUEUEDELAY */
default:
syserr("readqf: %s: line %d: bad line \"%s\"",
qf, LineNumber, shortenstring(bp, MAXSHORTSTR));
@ -4635,6 +4625,14 @@ readqf(e, openonly)
static void prtstr __P((char *, int));
#if _FFR_BOUNCE_QUEUE
# define SKIP_BOUNCE_QUEUE \
if (i == BounceQueue) \
continue;
#else
# define SKIP_BOUNCE_QUEUE
#endif
static void
prtstr(s, ml)
char *s;
@ -4698,6 +4696,7 @@ printnqe(out, prefix)
{
int j;
SKIP_BOUNCE_QUEUE
k++;
for (j = 0; j < Queue[i]->qg_numqueues; j++)
{
@ -5643,8 +5642,8 @@ loseqfile(e, why)
{
p = queuename(e, LOSEQF_LETTER);
if (rename(buf, p) < 0)
syserr("cannot rename(%s, %s), uid=%d",
buf, p, (int) geteuid());
syserr("cannot rename(%s, %s), uid=%ld",
buf, p, (long) geteuid());
else if (LogLevel > 0)
sm_syslog(LOG_ALERT, e->e_id,
"Losing %s: %s", buf, why);
@ -6656,8 +6655,8 @@ init_sem(owner)
r = sm_semsetowner(SemId, RunAsUid, RunAsGid, 0660);
if (r != 0)
sm_syslog(LOG_ERR, NOQID,
"key=%ld, sm_semsetowner=%d, RunAsUid=%d, RunAsGid=%d",
(long) SemKey, r, RunAsUid, RunAsGid);
"key=%ld, sm_semsetowner=%d, RunAsUid=%ld, RunAsGid=%ld",
(long) SemKey, r, (long) RunAsUid, (long) RunAsGid);
}
#endif /* SM_CONF_SEM */
#endif /* _FFR_USE_SEM_LOCKING */
@ -6815,8 +6814,8 @@ write_key_file(keypath, key)
int err = errno;
sm_syslog(LOG_ALERT, NOQID,
"ownership change on %s to %d failed: %s",
keypath, RunAsUid, sm_errstring(err));
"ownership change on %s to %ld failed: %s",
keypath, (long) RunAsUid, sm_errstring(err));
}
# endif /* HASFCHOWN */
}
@ -6966,8 +6965,8 @@ init_shm(qn, owner, hash)
i = sm_shmsetowner(ShmId, RunAsUid, RunAsGid, 0660);
if (i != 0)
sm_syslog(LOG_ERR, NOQID,
"key=%ld, sm_shmsetowner=%d, RunAsUid=%d, RunAsGid=%d",
(long) ShmKey, i, RunAsUid, RunAsGid);
"key=%ld, sm_shmsetowner=%d, RunAsUid=%ld, RunAsGid=%ld",
(long) ShmKey, i, (long) RunAsUid, (long) RunAsGid);
}
p = (int *) Pshm;
if (owner)
@ -7155,19 +7154,19 @@ setup_queues(owner)
safefile(" ", RunAsUid, RunAsGid, RunAsUserName, sff,
QueueFileMode, NULL) != 0)
{
syserr("can not write to queue directory %s (RunAsGid=%d, required=%d)",
basedir, (int) RunAsGid, (int) st.st_gid);
syserr("can not write to queue directory %s (RunAsGid=%ld, required=%ld)",
basedir, (long) RunAsGid, (long) st.st_gid);
}
if (bitset(S_IWOTH|S_IXOTH, st.st_mode))
{
#if _FFR_MSP_PARANOIA
syserr("dangerous permissions=%o on queue directory %s",
(int) st.st_mode, basedir);
(unsigned int) st.st_mode, basedir);
#else /* _FFR_MSP_PARANOIA */
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"dangerous permissions=%o on queue directory %s",
(int) st.st_mode, basedir);
(unsigned int) st.st_mode, basedir);
#endif /* _FFR_MSP_PARANOIA */
}
#if _FFR_MSP_PARANOIA
@ -7619,7 +7618,7 @@ cmpidx(a, b)
}
/*
** MAKEWORKGROUP -- balance queue groups into work groups per MaxQueueChildren
** MAKEWORKGROUPS -- balance queue groups into work groups per MaxQueueChildren
**
** Take the now defined queue groups and assign them to work groups.
** This is done to balance out the number of concurrently active
@ -7691,6 +7690,7 @@ makeworkgroups()
NumWorkGroups = 0;
for (i = 0; i < NumQueue; i++)
{
SKIP_BOUNCE_QUEUE
total_runners += si[i].sg_maxqrun;
if (MaxQueueChildren <= 0 || total_runners <= MaxQueueChildren)
NumWorkGroups++;
@ -7716,6 +7716,8 @@ makeworkgroups()
dir = 1;
for (i = 0; i < NumQueue; i++)
{
SKIP_BOUNCE_QUEUE
/* a to-and-fro packing scheme, continue from last position */
if (j >= NumWorkGroups)
{

338
src/readcf.c
View File

@ -33,6 +33,51 @@ static void toomany __P((int, int));
static char *extrquotstr __P((char *, char **, char *, bool *));
static void parse_class_words __P((int, char *));
#if _FFR_BOUNCE_QUEUE
static char *bouncequeue = NULL;
static void initbouncequeue __P((void));
/*
** INITBOUNCEQUEUE -- determine BounceQueue if option is set.
**
** Parameters:
** none.
**
** Returns:
** none.
**
** Side Effects:
** sets BounceQueue
*/
static void
initbouncequeue()
{
STAB *s;
BounceQueue = NOQGRP;
if (bouncequeue == NULL || bouncequeue[0] == '\0')
return;
s = stab(bouncequeue, ST_QUEUE, ST_FIND);
if (s == NULL)
{
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Warning: option BounceQueue: unknown queue group %s\n",
bouncequeue);
}
else
BounceQueue = s->s_quegrp->qg_index;
}
#endif /* _FFR_BOUNCE_QUEUE */
#if _FFR_RCPTFLAGS
void setupdynmailers __P((void));
#else
#define setupdynmailers()
#endif
/*
** READCF -- read configuration file.
**
@ -117,13 +162,18 @@ readcf(cfname, safe, e)
#if STARTTLS
Srv_SSL_Options = SSL_OP_ALL;
Clt_SSL_Options = SSL_OP_ALL
#ifdef SSL_OP_NO_SSLv2
# ifdef SSL_OP_NO_SSLv2
| SSL_OP_NO_SSLv2
#endif
#ifdef SSL_OP_NO_TICKET
# endif
# ifdef SSL_OP_NO_TICKET
| SSL_OP_NO_TICKET
#endif
# endif
;
# ifdef SSL_OP_TLSEXT_PADDING
/* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
# endif /* SSL_OP_TLSEXT_PADDING */
#endif /* STARTTLS */
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
@ -725,6 +775,10 @@ readcf(cfname, safe, e)
(void) sm_io_close(cf, SM_TIME_DEFAULT);
FileName = NULL;
#if _FFR_BOUNCE_QUEUE
initbouncequeue();
#endif
/* initialize host maps from local service tables */
inithostmaps();
@ -751,6 +805,7 @@ readcf(cfname, safe, e)
}
}
}
setupdynmailers();
}
/*
@ -1170,6 +1225,127 @@ fileclass(class, filename, fmt, ismap, safe, optional)
if (pid > 0)
(void) waitfor(pid);
}
#if _FFR_RCPTFLAGS
/* first character for dynamically created mailers */
static char dynmailerp = ' ';
/* list of first characters for cf defined mailers */
static char frst[MAXMAILERS + 1];
/*
** SETUPDYNMAILERS -- find a char that isn't used as first element of any
** mailer name.
**
** Parameters:
** none
**
** Returns:
** none
**
** Note: space is not valid in cf defined mailers hence the function
** will always find a char. It's not nice, but this is for
** internal names only.
*/
void
setupdynmailers()
{
int i;
char pp[] = "YXZ0123456789ABCDEFGHIJKLMNOPQRSTUVWyxzabcfghijkmnoqtuvw ";
frst[MAXMAILERS] = '\0';
for (i = 0; i < strlen(pp); i++)
{
if (strchr(frst, pp[i]) == NULL)
{
dynmailerp = pp[i];
if (tTd(25, 8))
sm_dprintf("dynmailerp=%c\n", dynmailerp);
return;
}
}
/* NOTREACHED */
SM_ASSERT(0);
}
/*
** NEWMODMAILER -- Create a new mailer with modifications
**
** Parameters:
** rcpt -- current RCPT
** fl -- flag to set
**
** Returns:
** true iff successful.
**
** Note: this creates a copy of the mailer for the rcpt and
** modifies exactly one flag. It does not work
** for multiple flags!
*/
#define SM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
bool
newmodmailer(rcpt, fl)
ADDRESS *rcpt;
char fl;
{
int idx;
struct mailer *m;
STAB *s;
char mname[256];
SM_REQUIRE(rcpt != NULL);
if (rcpt->q_mailer == NULL)
return false;
if (tTd(25, 8))
sm_dprintf("newmodmailer: rcpt=%s\n", rcpt->q_paddr);
SM_REQUIRE(rcpt->q_mailer->m_name != NULL);
SM_REQUIRE(rcpt->q_mailer->m_name[0] != '\0');
sm_strlcpy(mname, rcpt->q_mailer->m_name, sizeof(mname));
mname[0] = dynmailerp;
if (tTd(25, 8))
sm_dprintf("newmodmailer: name=%s\n", mname);
s = stab(mname, ST_MAILER, ST_ENTER);
if (s->s_mailer != NULL)
{
idx = s->s_mailer->m_mno;
if (tTd(25, 6))
sm_dprintf("newmodmailer: found idx=%d\n", idx);
}
else
{
idx = rcpt->q_mailer->m_mno;
idx += MAXMAILERS;
if (tTd(25, 6))
sm_dprintf("newmodmailer: idx=%d\n", idx);
if (idx > SM_ARRAY_SIZE(Mailer))
return false;
}
m = Mailer[idx];
if (m == NULL)
m = (struct mailer *) xalloc(sizeof(*m));
memset((char *) m, '\0', sizeof(*m));
STRUCTCOPY(*rcpt->q_mailer, *m);
Mailer[idx] = m;
/* "modify" the mailer */
setbitn(bitidx(fl), m->m_flags);
rcpt->q_mailer = m;
m->m_mno = idx;
m->m_name = newstr(mname);
if (tTd(25, 1))
sm_dprintf("newmodmailer: mailer[%d]=%s %p\n",
idx, Mailer[idx]->m_name, Mailer[idx]);
return true;
}
#endif /* _FFR_RCPTFLAGS */
/*
** MAKEMAILER -- define a new mailer.
**
@ -1203,6 +1379,7 @@ fileclass(class, filename, fmt, ismap, safe, optional)
** enters the mailer into the mailer table.
*/
void
makemailer(line)
char *line;
@ -1233,6 +1410,9 @@ makemailer(line)
return;
}
m->m_name = newstr(line);
#if _FFR_RCPTFLAGS
frst[nextmailer] = line[0];
#endif
m->m_qgrp = NOQGRP;
m->m_uid = NO_UID;
m->m_gid = NO_GID;
@ -1274,12 +1454,10 @@ makemailer(line)
{
if (!(isascii(*p) && isspace(*p)))
{
#if _FFR_DEPRECATE_MAILER_FLAG_I
if (*p == M_INTERNAL)
sm_syslog(LOG_WARNING, NOQID,
"WARNING: mailer=%s, flag=%c deprecated",
m->m_name, *p);
#endif /* _FFR_DEPRECATE_MAILER_FLAG_I */
setbitn(bitidx(*p), m->m_flags);
}
}
@ -1934,6 +2112,7 @@ printmailer(fp, m)
}
(void) sm_io_fprintf(fp, SM_TIME_DEFAULT, "\n");
}
/*
** SETOPTION -- set global processing option
**
@ -2175,12 +2354,10 @@ static struct optioninfo
{ "AuthOptions", O_SASLOPTS, OI_NONE },
#define O_QUEUE_FILE_MODE 0xbe
{ "QueueFileMode", O_QUEUE_FILE_MODE, OI_NONE },
#if _FFR_TLS_1
# define O_DHPARAMS5 0xbf
{ "DHParameters512", O_DHPARAMS5, OI_NONE },
# define O_CIPHERLIST 0xc0
#define O_DIG_ALG 0xbf
{ "CertFingerprintAlgorithm", O_DIG_ALG, OI_NONE },
#define O_CIPHERLIST 0xc0
{ "CipherList", O_CIPHERLIST, OI_NONE },
#endif /* _FFR_TLS_1 */
#define O_RANDFILE 0xc1
{ "RandFile", O_RANDFILE, OI_NONE },
#define O_TLS_SRV_OPTS 0xc2
@ -2266,16 +2443,12 @@ static struct optioninfo
# define O_RCPTSHUTDG 0xe2
{ "BadRcptShutdownGood", O_RCPTSHUTDG, OI_SAFE },
#endif /* _FFR_BADRCPT_SHUTDOWN */
#if STARTTLS && _FFR_TLS_1
# define O_SRV_SSL_OPTIONS 0xe3
#define O_SRV_SSL_OPTIONS 0xe3
{ "ServerSSLOptions", O_SRV_SSL_OPTIONS, OI_NONE },
# define O_CLT_SSL_OPTIONS 0xe4
#define O_CLT_SSL_OPTIONS 0xe4
{ "ClientSSLOptions", O_CLT_SSL_OPTIONS, OI_NONE },
#endif /* STARTTLS && _FFR_TLS_1 */
#if _FFR_EXPDELAY
# define O_MAX_QUEUE_AGE 0xe5
#define O_MAX_QUEUE_AGE 0xe5
{ "MaxQueueAge", O_MAX_QUEUE_AGE, OI_NONE },
#endif /* _FFR_EXPDELAY */
#if _FFR_RCPTTHROTDELAY
# define O_RCPTTHROTDELAY 0xe6
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
@ -2292,15 +2465,23 @@ static struct optioninfo
# define O_REJECTNUL 0xe9
{ "RejectNUL", O_REJECTNUL, OI_SAFE },
#endif /* _FFR_REJECT_NUL_BYTE */
#if _FFR_BOUNCE_QUEUE
# define O_BOUNCEQUEUE 0xea
{ "BounceQueue", O_BOUNCEQUEUE, OI_NONE },
#endif /* _FFR_BOUNCE_QUEUE */
#if _FFR_ADD_BCC
# define O_ADDBCC 0xeb
{ "AddBcc", O_ADDBCC, OI_NONE },
#endif
{ NULL, '\0', OI_NONE }
};
#if STARTTLS && _FFR_TLS_1
#if STARTTLS
static struct ssl_options
{
const char *sslopt_name; /* name of the flag */
long sslopt_bits; /* bits to set/clear */
unsigned long sslopt_bits; /* bits to set/clear */
} SSL_Option[] =
{
/* Workaround for bugs are turned on by default (as well as some others) */
@ -2405,10 +2586,13 @@ static struct ssl_options
#endif
#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
#endif
#ifdef SSL_OP_TLSEXT_PADDING
{ "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
#endif
{ NULL, 0 }
};
#endif /* STARTTLS && _FFR_TLS_1 */
#endif /* STARTTLS */
# define CANONIFY(val)
@ -2451,9 +2635,9 @@ setoption(opt, val, safe, sticky, e)
char *newval;
char exbuf[MAXLINE];
#endif /* STARTTLS || SM_CONF_SHM */
#if STARTTLS && _FFR_TLS_1
long *pssloptions = NULL;
#endif /* STARTTLS && _FFR_TLS_1 */
#if STARTTLS
unsigned long *pssloptions = NULL;
#endif
errno = 0;
if (opt == ' ')
@ -2698,6 +2882,11 @@ setoption(opt, val, safe, sticky, e)
set_delivery_mode(*val, e);
break;
#if _FFR_PROXY
case SM_PROXY_REQ:
set_delivery_mode(*val, e);
break;
#endif /* _FFR_PROXY */
default:
syserr("Unknown delivery mode %c", *val);
@ -3151,11 +3340,9 @@ setoption(opt, val, safe, sticky, e)
MinQueueAge = convtime(val, 'm');
break;
#if _FFR_EXPDELAY
case O_MAX_QUEUE_AGE:
MaxQueueAge = convtime(val, 'm');
break;
#endif /* _FFR_EXPDELAY */
case O_DEFCHARSET: /* default character set for mimefying */
DefaultCharSet = newstr(denlstring(val, true, true));
@ -3370,9 +3557,9 @@ setoption(opt, val, safe, sticky, e)
RunAsGid = pw->pw_gid;
else if (UseMSP && *p == '\0')
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%d, want=%d)\n",
(int) EffGid,
(int) pw->pw_gid);
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) pw->pw_gid);
}
# ifdef UID_MAX
if (RunAsUid > UID_MAX)
@ -3394,9 +3581,9 @@ setoption(opt, val, safe, sticky, e)
else if (UseMSP)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%d, want=%d)\n",
(int) EffGid,
(int) runasgid);
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) runasgid);
}
else
{
@ -3411,9 +3598,9 @@ setoption(opt, val, safe, sticky, e)
else if (UseMSP)
(void) sm_io_fprintf(smioout,
SM_TIME_DEFAULT,
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%d, want=%d)\n",
(int) EffGid,
(int) gr->gr_gid);
"WARNING: RunAsUser for MSP ignored, check group ids (egid=%ld, want=%ld)\n",
(long) EffGid,
(long) gr->gr_gid);
}
}
if (tTd(47, 5))
@ -3741,11 +3928,10 @@ setoption(opt, val, safe, sticky, e)
SET_STRING_EXP(CACertPath);
case O_DHPARAMS:
SET_STRING_EXP(DHParams);
# if _FFR_TLS_1
case O_DHPARAMS5:
SET_STRING_EXP(DHParams5);
case O_CIPHERLIST:
SET_STRING_EXP(CipherList);
case O_DIG_ALG:
SET_STRING_EXP(CertFingerprintAlgorithm);
case O_SRV_SSL_OPTIONS:
pssloptions = &Srv_SSL_Options;
case O_CLT_SSL_OPTIONS:
@ -3755,6 +3941,7 @@ setoption(opt, val, safe, sticky, e)
{
bool clearmode;
char *q;
unsigned long sslopt_val;
struct ssl_options *sslopts;
while (*p == ' ')
@ -3769,28 +3956,54 @@ setoption(opt, val, safe, sticky, e)
p++;
if (*p != '\0')
*p++ = '\0';
for (sslopts = SSL_Option;
sslopts->sslopt_name != NULL; sslopts++)
sslopt_val = 0;
if (isdigit(*q))
{
if (sm_strcasecmp(q, sslopts->sslopt_name) == 0)
break;
char *end;
sslopt_val = strtoul(q, &end, 0);
/* not a complete "syntax" check but good enough */
if (end == q)
{
errno = 0;
syserr("readcf: %s option value %s not a number",
o->o_name, q);
sslopt_val = 0;
}
}
if (sslopts->sslopt_name == NULL)
{
errno = 0;
syserr("readcf: %s option value %s unrecognized",
o->o_name, q);
}
else if (clearmode)
*pssloptions &= ~sslopts->sslopt_bits;
else
*pssloptions |= sslopts->sslopt_bits;
{
for (sslopts = SSL_Option;
sslopts->sslopt_name != NULL; sslopts++)
{
if (sm_strcasecmp(q, sslopts->sslopt_name) == 0)
{
sslopt_val = sslopts->sslopt_bits;
break;
}
}
if (sslopts->sslopt_name == NULL)
{
errno = 0;
syserr("readcf: %s option value %s unrecognized",
o->o_name, q);
}
}
if (sslopt_val != 0)
{
if (clearmode)
*pssloptions &= ~sslopt_val;
else
*pssloptions |= sslopt_val;
}
}
if (tTd(37, 8))
sm_dprintf("ssloptions=%#lx\n", *pssloptions);
pssloptions = NULL;
break;
# endif /* _FFR_TLS_1 */
case O_CRLFILE:
# if OPENSSL_VERSION_NUMBER > 0x00907000L
SET_STRING_EXP(CRLFile);
@ -3831,7 +4044,6 @@ setoption(opt, val, safe, sticky, e)
case 'V':
TLS_Srv_Opts |= TLS_I_NO_VRFY;
break;
# if _FFR_TLS_1
/*
** Server without a cert? That works only if
** AnonDH is enabled as cipher, which is not in the
@ -3843,7 +4055,6 @@ setoption(opt, val, safe, sticky, e)
case 'C':
TLS_Srv_Opts &= ~TLS_I_SRV_CERT;
break;
# endif /* _FFR_TLS_1 */
case ' ': /* ignore */
case '\t': /* ignore */
case ',': /* ignore */
@ -3876,10 +4087,9 @@ setoption(opt, val, safe, sticky, e)
case O_CACERTFILE:
case O_CACERTPATH:
case O_DHPARAMS:
# if _FFR_TLS_1
case O_DHPARAMS5:
case O_SRV_SSL_OPTIONS:
case O_CLT_SSL_OPTIONS:
case O_CIPHERLIST:
# endif /* _FFR_TLS_1 */
case O_CRLFILE:
# if _FFR_CRLPATH
case O_CRLPATH:
@ -4056,6 +4266,18 @@ setoption(opt, val, safe, sticky, e)
break;
#endif /* _FFR_REJECT_NUL_BYTE */
#if _FFR_BOUNCE_QUEUE
case O_BOUNCEQUEUE:
bouncequeue = newstr(val);
break;
#endif /* _FFR_BOUNCE_QUEUE */
#if _FFR_ADD_BCC
case O_ADDBCC:
AddBcc = atobool(val);
break;
#endif
default:
if (tTd(37, 1))
{

70
src/recipient.c
View File

@ -667,8 +667,8 @@ recipient(new, sendq, aliaslevel, e)
new->q_status = "5.7.1";
if (new->q_alias->q_ruser == NULL)
usrerrenh(new->q_status,
"550 UID %d is an unknown user: cannot mail to programs",
new->q_alias->q_uid);
"550 UID %ld is an unknown user: cannot mail to programs",
(long) new->q_alias->q_uid);
else
usrerrenh(new->q_status,
"550 User %s@%s doesn't have a valid shell for mailing to programs",
@ -890,8 +890,8 @@ recipient(new, sendq, aliaslevel, e)
new->q_status = "5.7.1";
if (new->q_alias->q_ruser == NULL)
usrerrenh(new->q_status,
"550 UID %d is an unknown user: cannot mail to files",
new->q_alias->q_uid);
"550 UID %ld is an unknown user: cannot mail to files",
(long) new->q_alias->q_uid);
else
usrerrenh(new->q_status,
"550 User %s@%s doesn't have a valid shell for mailing to files",
@ -1174,7 +1174,7 @@ finduser(name, fuzzyp, user)
*fuzzyp = false;
#if HESIOD
#if HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN
/* DEC Hesiod getpwnam accepts numeric strings -- short circuit it */
for (p = name; *p != '\0'; p++)
if (!isascii(*p) || !isdigit(*p))
@ -1185,7 +1185,7 @@ finduser(name, fuzzyp, user)
sm_dprintf("failed (numeric input)\n");
return EX_NOUSER;
}
#endif /* HESIOD */
#endif /* HESIOD && !HESIOD_ALLOW_NUMERIC_LOGIN */
/* look up this login name using fast path */
status = sm_mbdb_lookup(name, user);
@ -1446,8 +1446,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (tTd(27, 2))
sm_dprintf("include(%s)\n", fname);
if (tTd(27, 4))
sm_dprintf(" ruid=%d euid=%d\n",
(int) getuid(), (int) geteuid());
sm_dprintf(" ruid=%ld euid=%ld\n",
(long) getuid(), (long) geteuid());
if (tTd(27, 14))
{
sm_dprintf("ctladdr ");
@ -1455,8 +1455,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
}
if (tTd(27, 9))
sm_dprintf("include: old uid = %d/%d\n",
(int) getuid(), (int) geteuid());
sm_dprintf("include: old uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
if (forwarding)
{
@ -1483,8 +1483,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
!bitnset(DBS_NONROOTSAFEADDR, DontBlameSendmail))
{
if (tTd(27, 4))
sm_dprintf("include: not safe (euid=%d, RunAsUid=%d)\n",
(int) geteuid(), (int) RunAsUid);
sm_dprintf("include: not safe (euid=%ld, RunAsUid=%ld)\n",
(long) geteuid(), (long) RunAsUid);
ctladdr->q_flags |= QUNSAFEADDR;
}
@ -1512,8 +1512,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (initgroups(user, gid) == -1)
{
rval = EAGAIN;
syserr("include: initgroups(%s, %d) failed",
user, gid);
syserr("include: initgroups(%s, %ld) failed",
user, (long) gid);
goto resetuid;
}
}
@ -1533,7 +1533,7 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (gid != 0 && setgid(gid) < -1)
{
rval = EAGAIN;
syserr("setgid(%d) failure", gid);
syserr("setgid(%ld) failure", (long) gid);
goto resetuid;
}
if (uid != 0)
@ -1542,8 +1542,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (seteuid(uid) < 0)
{
rval = EAGAIN;
syserr("seteuid(%d) failure (real=%d, eff=%d)",
uid, (int) getuid(), (int) geteuid());
syserr("seteuid(%ld) failure (real=%ld, eff=%ld)",
(long) uid, (long) getuid(), (long) geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETEUID */
@ -1551,8 +1551,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
if (setreuid(0, uid) < 0)
{
rval = EAGAIN;
syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
uid, (int) getuid(), (int) geteuid());
syserr("setreuid(0, %ld) failure (real=%ld, eff=%ld)",
(long) uid, (long) getuid(), (long) geteuid());
goto resetuid;
}
# endif /* MAILER_SETUID_METHOD == USE_SETREUID */
@ -1561,8 +1561,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
#endif /* MAILER_SETUID_METHOD != USE_SETUID */
if (tTd(27, 9))
sm_dprintf("include: new uid = %d/%d\n",
(int) getuid(), (int) geteuid());
sm_dprintf("include: new uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
/*
** If home directory is remote mounted but server is down,
@ -1655,8 +1655,8 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
{
/* don't use this :include: file */
if (tTd(27, 4))
sm_dprintf("include: not safe (uid=%d): %s\n",
(int) uid, sm_errstring(rval));
sm_dprintf("include: not safe (uid=%ld): %s\n",
(long) uid, sm_errstring(rval));
}
else if ((fp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, fname,
SM_IO_RDONLY, NULL)) == NULL)
@ -1683,28 +1683,28 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
{
# if USESETEUID
if (seteuid(0) < 0)
syserr("!seteuid(0) failure (real=%d, eff=%d)",
(int) getuid(), (int) geteuid());
syserr("!seteuid(0) failure (real=%ld, eff=%ld)",
(long) getuid(), (long) geteuid());
# else /* USESETEUID */
if (setreuid(-1, 0) < 0)
syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
(int) getuid(), (int) geteuid());
syserr("!setreuid(-1, 0) failure (real=%ld, eff=%ld)",
(long) getuid(), (long) geteuid());
if (setreuid(RealUid, 0) < 0)
syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
(int) RealUid, (int) getuid(),
(int) geteuid());
syserr("!setreuid(%ld, 0) failure (real=%ld, eff=%ld)",
(long) RealUid, (long) getuid(),
(long) geteuid());
# endif /* USESETEUID */
}
if (setgid(savedgid) < 0)
syserr("!setgid(%d) failure (real=%d eff=%d)",
(int) savedgid, (int) getgid(),
(int) getegid());
syserr("!setgid(%ld) failure (real=%ld eff=%ld)",
(long) savedgid, (long) getgid(),
(long) getegid());
}
#endif /* HASSETREUID || USESETEUID */
if (tTd(27, 9))
sm_dprintf("include: reset uid = %d/%d\n",
(int) getuid(), (int) geteuid());
sm_dprintf("include: reset uid = %ld/%ld\n",
(long) getuid(), (long) geteuid());
if (rval == E_SM_OPENTIMEOUT)
usrerr("451 4.4.1 open timeout on %s", fname);

15
src/savemail.c
View File

@ -581,6 +581,10 @@ returntosender(msg, returnq, flags, e)
else
ee->e_flags |= EF_NO_BODY_RETN;
#if _FFR_BOUNCE_QUEUE
if (BounceQueue != NOQGRP)
ee->e_qgrp = ee->e_dfqgrp = BounceQueue;
#endif /* _FFR_BOUNCE_QUEUE */
if (!setnewqueue(ee))
{
syserr("554 5.3.0 returntosender: cannot select queue for %s",
@ -702,8 +706,15 @@ returntosender(msg, returnq, flags, e)
/* mark statistics */
markstats(ee, NULLADDR, STATS_NORMAL);
/* actually deliver the error message */
sendall(ee, SM_DELIVER);
#if _FFR_BOUNCE_QUEUE
if (BounceQueue == NOQGRP)
{
#endif
/* actually deliver the error message */
sendall(ee, SM_DELIVER);
#if _FFR_BOUNCE_QUEUE
}
#endif
(void) dropenvelope(ee, true, false);
/* check for delivery errors */

2
src/sendmail.0
View File

@ -48,6 +48,8 @@ DDEESSCCRRIIPPTTIIOONN
Also, the ``From:'' and ``Sender:'' fields are examined for the
name of the sender.
--bbCC Check the configuration file.
--bbdd Run as a daemon. SSeennddmmaaiill will fork and run in background lis-
tening on socket 25 for incoming SMTP connections. This is nor-
mally run from /etc/rc.

3
src/sendmail.8
View File

@ -92,6 +92,9 @@ Also,
the ``From:'' and ``Sender:''
fields are examined for the name of the sender.
.TP
.B \-bC
Check the configuration file.
.TP
.B \-bd
Run as a daemon.
.B Sendmail

115
src/sendmail.h
View File

@ -122,7 +122,7 @@ SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1104 2013-11-22 20:5
# endif /* HESIOD */
#if STARTTLS
# include <openssl/ssl.h>
# include <openssl/ssl.h>
# if !TLS_NO_RSA
# if _FFR_FIPSMODE
# define RSA_KEYLENGTH 1024
@ -199,9 +199,17 @@ typedef int (*sasl_callback_ft)(void);
# define INADDR_NONE 0xffffffff
#endif /* ! INADDR_NONE */
/* By default use uncompressed IPv6 address format (no "::") */
#ifndef IPV6_FULL
# define IPV6_FULL 1
#endif
/* (f)open() modes for queue files */
# define QF_O_EXTRA 0
#define QF_O_EXTRA 0
#if _FFR_PROXY || _FFR_LOGREPLY
# define _FFR_ERRCODE 1
#endif
/*
@ -283,11 +291,23 @@ typedef struct address ADDRESS;
#define QBYTRACE 0x00008000 /* DeliverBy: trace */
#define QBYNDELAY 0x00010000 /* DeliverBy: notify, delay */
#define QBYNRELAY 0x00020000 /* DeliverBy: notify, relayed */
#define QINTBCC 0x00040000 /* internal Bcc */
#define QDYNMAILER 0x00080000 /* "dynamic mailer" */
#define QTHISPASS 0x40000000 /* temp: address set this pass */
#define QRCPTOK 0x80000000 /* recipient() processed address */
#define QDYNMAILFLG 'Y'
#define Q_PINGFLAGS (QPINGONSUCCESS|QPINGONFAILURE|QPINGONDELAY)
#if _FFR_RCPTFLAGS
# define QMATCHFLAGS (QINTBCC|QDYNMAILER)
# define QMATCH_FLAG(a) ((a)->q_flags & QMATCHFLAGS)
# define ADDR_FLAGS_MATCH(a, b) (QMATCH_FLAG(a) == QMATCH_FLAG(b))
#else
# define ADDR_FLAGS_MATCH(a, b) true
#endif
/* values for q_state */
#define QS_OK 0 /* address ok (for now)/not yet tried */
#define QS_SENT 1 /* good address, delivery complete */
@ -422,6 +442,7 @@ struct mailer
};
/* bits for m_flags */
#define M_xSMTP 0x01 /* internal: {ES,S,L}MTP */
#define M_ESMTP 'a' /* run Extended SMTP */
#define M_ALIASABLE 'A' /* user can be LHS of an alias */
#define M_BLANKEND 'b' /* ensure blank line at end of message */
@ -449,6 +470,7 @@ struct mailer
#define M_NHDR 'n' /* don't insert From line */
#define M_MANYSTATUS 'N' /* MAIL11V3: DATA returns multi-status */
#define M_RUNASRCPT 'o' /* always run mailer as recipient */
/* 'O' free? */
#define M_FROMPATH 'p' /* use reverse-path in MAIL FROM: */
/* 'P' CF: include Return-Path: */
#define M_VRFY250 'q' /* VRFY command returns 250 instead of 252 */
@ -464,11 +486,14 @@ struct mailer
#define M_NOHOSTSTAT 'W' /* ignore long term host status information */
/* 'x' CF: include Full-Name: */
#define M_XDOT 'X' /* use hidden-dot algorithm */
/* 'y' free? */
/* 'Y' free? */
#define M_LMTP 'z' /* run Local Mail Transport Protocol */
#define M_DIALDELAY 'Z' /* apply dial delay sleeptime */
#define M_NOMX '0' /* turn off MX lookups */
#define M_NONULLS '1' /* don't send null bytes */
#define M_FSMTP '2' /* force SMTP (no ESMTP even if offered) */
/* '4' free? */
#define M_EBCDIC '3' /* extend Q-P encoding for EBCDIC */
#define M_TRYRULESET5 '5' /* use ruleset 5 after local aliasing */
#define M_7BITHDRS '6' /* strip headers to 7 bits even in 8 bit path */
@ -498,7 +523,11 @@ EXTERN MAILER *FileMailer; /* ptr to *file* mailer */
EXTERN MAILER *InclMailer; /* ptr to *include* mailer */
EXTERN MAILER *LocalMailer; /* ptr to local mailer */
EXTERN MAILER *ProgMailer; /* ptr to program mailer */
#if _FFR_RCPTFLAGS
EXTERN MAILER *Mailer[MAXMAILERS * 2 + 1];
#else
EXTERN MAILER *Mailer[MAXMAILERS + 1];
#endif
/*
** Queue group definition structure.
@ -742,6 +771,12 @@ MCI
#define MCIF_INLONGLINE 0x01000000 /* in the middle of a long line */
#define MCIF_AUTH2 0x02000000 /* got 2 AUTH lines */
#define MCIF_ONLY_EHLO 0x10000000 /* use only EHLO in smtpinit */
#if _FFR_HANDLE_HDR_RW_TEMPFAIL
/* an error is not sticky (if put{header,body}() etc fail) */
# define MCIF_NOTSTICKY 0x20000000
#else
# define MCIF_NOTSTICKY 0
#endif
#define MCIF_EXTENS (MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS | MCIF_AUTH2)
@ -945,10 +980,16 @@ struct envelope
int e_dlvr_flag; /* deliver by flag */
SM_RPOOL_T *e_rpool; /* resource pool for this envelope */
unsigned int e_features; /* server features */
#if _FFR_MILTER_ENHSC
#define ENHSC_LEN 11
#if _FFR_MILTER_ENHSC
char e_enhsc[ENHSC_LEN]; /* enhanced status code */
#endif /* _FFR_MILTER_ENHSC */
#if _FFR_ERRCODE
/* smtp error codes during delivery */
int e_rcode; /* reply code */
char e_renhsc[ENHSC_LEN]; /* enhanced status code */
char *e_text; /* reply text */
#endif /* _FFR_ERRCODE */
};
#define PRT_NONNEGL(v) ((v) < 0 ? LONG_MAX : (v))
@ -1141,7 +1182,7 @@ extern int macid_parse __P((char *, char **));
#define macid(name) macid_parse(name, NULL)
extern char *macname __P((int));
extern char *macvalue __P((int, ENVELOPE *));
extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *));
extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **));
extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int));
extern void setclass __P((int, char *));
extern int strtorwset __P((char *, char **, int));
@ -1305,15 +1346,6 @@ MAP
#define MA_UNAVAIL 1 /* member map is not available */
#define MA_TRYAGAIN 2 /* member map returns temp failure */
/* macros to handle MapTempFail */
#define BIT_IS_MTP 0x01 /* temp.failure occurred */
#define BIT_ASK_MTP 0x02 /* do we care about MapTempFail? */
#define RESET_MAPTEMPFAIL MapTempFail = 0
#define INIT_MAPTEMPFAIL MapTempFail = BIT_ASK_MTP
#define SET_MAPTEMPFAIL MapTempFail |= BIT_IS_MTP
#define IS_MAPTEMPFAIL bitset(BIT_IS_MTP, MapTempFail)
#define ASK_MAPTEMPFAIL bitset(BIT_ASK_MTP, MapTempFail)
/*
** The class of a map -- essentially the functions to call
*/
@ -1633,6 +1665,10 @@ EXTERN bool V6LoopbackAddrFound; /* found an IPv6 loopback address */
/* values for e_sendmode -- send modes */
#define SM_DELIVER 'i' /* interactive delivery */
#if _FFR_PROXY
#define SM_PROXY_REQ 's' /* synchronous mode requested */
#define SM_PROXY 'S' /* synchronous mode activated */
#endif /* _FFR_PROXY */
#define SM_FORK 'b' /* deliver in background */
#if _FFR_DM_ONE
#define SM_DM_ONE 'o' /* deliver first TA in background, then queue */
@ -1641,7 +1677,11 @@ EXTERN bool V6LoopbackAddrFound; /* found an IPv6 loopback address */
#define SM_DEFER 'd' /* defer map lookups as well as queue */
#define SM_VERIFY 'v' /* verify only (used internally) */
#define DM_NOTSET (-1) /* DeliveryMode (per daemon) option not set */
#if _FFR_PROXY
# define SM_IS_INTERACTIVE(m) ((m) == SM_DELIVER || (m) == SM_PROXY_REQ || (m) == SM_PROXY)
#else /* _FFR_PROXY */
# define SM_IS_INTERACTIVE(m) ((m) == SM_DELIVER)
#endif /* _FFR_PROXY */
#define WILL_BE_QUEUED(m) ((m) == SM_QUEUE || (m) == SM_DEFER)
@ -1736,6 +1776,7 @@ EXTERN unsigned long PrivacyFlags; /* privacy flags */
#define RSF_RMCOMM 0x0001 /* strip comments */
#define RSF_UNSTRUCTURED 0x0002 /* unstructured, ignore syntax errors */
#define RSF_COUNT 0x0004 /* count rejections (statistics)? */
#define RSF_ADDR 0x0008 /* reassemble address */
/*
** Flags passed to mime8to7 and putheader.
@ -1893,6 +1934,10 @@ struct termescape
#define D_OPTIONAL 'O' /* optional socket */
#define D_DISABLE ((char)0x02) /* optional socket disabled */
#define D_ISSET ((char)0x03) /* this client struct is set */
#if _FFR_XCNCT
#define D_XCNCT ((char)0x04) /* X-Connect was used */
#define D_XCNCT_M ((char)0x05) /* X-Connect was used + "forged" */
#endif /* _FFR_XCNCT */
#if STARTTLS
/*
@ -1947,7 +1992,7 @@ struct termescape
/* functions */
extern bool init_tls_library __P((bool _fipsmode));
extern bool inittls __P((SSL_CTX **, unsigned long, long, bool, char *, char *, char *, char *, char *));
extern bool inittls __P((SSL_CTX **, unsigned long, unsigned long, bool, char *, char *, char *, char *, char *));
extern bool initclttls __P((bool));
extern void setclttls __P((bool));
extern bool initsrvtls __P((bool));
@ -1960,10 +2005,9 @@ EXTERN char *CACertPath; /* path to CA certificates (dir. with hashes) */
EXTERN char *CACertFile; /* file with CA certificate */
EXTERN char *CltCertFile; /* file with client certificate */
EXTERN char *CltKeyFile; /* file with client private key */
# if _FFR_TLS_1
EXTERN char *CipherList; /* list of ciphers */
EXTERN char *DHParams5; /* file with DH parameters (512) */
# endif /* _FFR_TLS_1 */
EXTERN char *CertFingerprintAlgorithm; /* name of fingerprint alg */
EXTERN const EVP_MD *EVP_digest; /* digest for cert fp */
EXTERN char *DHParams; /* file with DH parameters */
EXTERN char *RandFile; /* source of random data */
EXTERN char *SrvCertFile; /* file with server certificate */
@ -1973,7 +2017,7 @@ EXTERN char *CRLFile; /* file CRLs */
EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */
#endif /* _FFR_CRLPATH */
EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */
EXTERN long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */
EXTERN unsigned long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */
#endif /* STARTTLS */
/*
@ -2054,9 +2098,7 @@ EXTERN int QueueFileMode; /* mode on files in mail queue */
EXTERN int QueueMode; /* which queue items to act upon */
EXTERN int QueueSortOrder; /* queue sorting order algorithm */
EXTERN time_t MinQueueAge; /* min delivery interval */
#if _FFR_EXPDELAY
EXTERN time_t MaxQueueAge; /* max delivery interval */
#endif /* _FFR_EXPDELAY */
EXTERN time_t QueueIntvl; /* intervals between running the queue */
EXTERN char *QueueDir; /* location of queue directory */
EXTERN QUEUE_CHAR *QueueLimitId; /* limit queue run to id */
@ -2064,6 +2106,9 @@ EXTERN QUEUE_CHAR *QueueLimitQuarantine; /* limit queue run to quarantine reason
EXTERN QUEUE_CHAR *QueueLimitRecipient; /* limit queue run to rcpt */
EXTERN QUEUE_CHAR *QueueLimitSender; /* limit queue run to sender */
EXTERN QUEUEGRP *Queue[MAXQUEUEGROUPS + 1]; /* queue groups */
#if _FFR_BOUNCE_QUEUE
EXTERN int BounceQueue;
#endif
/* functions */
extern void assign_queueid __P((ENVELOPE *));
@ -2265,7 +2310,7 @@ extern unsigned char tTdvect[100]; /* trace vector */
} while (0)
/* reply types (text in SmtpMsgBuffer) */
#define XS_DEFAULT 0
#define XS_DEFAULT 0 /* other commands, e.g., RSET */
#define XS_STARTTLS 1
#define XS_AUTH 2
#define XS_GREET 3
@ -2274,14 +2319,16 @@ extern unsigned char tTdvect[100]; /* trace vector */
#define XS_RCPT 6
#define XS_DATA 7
#define XS_EOM 8
#define XS_DATA2 9
#define XS_RCPT2 10
#define XS_QUIT 15
#define XS_DATA2 9 /* LMTP */
#define XS_QUIT 10
/*
** Global variables.
*/
#if _FFR_ADD_BCC
EXTERN bool AddBcc;
#endif
#if _FFR_ADDR_TYPE_MODES
EXTERN bool AddrTypeModes; /* addr_type: extra "mode" information */
#endif /* _FFR_ADDR_TYPE_MODES */
@ -2504,6 +2551,10 @@ extern void buffer_errors __P((void));
extern void flush_errors __P((bool));
extern void PRINTFLIKE(1, 2) message __P((const char *, ...));
extern void PRINTFLIKE(1, 2) nmessage __P((const char *, ...));
#if _FFR_PROXY
extern void PRINTFLIKE(3, 4) emessage __P((const char *, const char *, const char *, ...));
extern int extsc __P((const char *, int, char *, char *));
#endif /* _FFR_PROXY */
extern void PRINTFLIKE(1, 2) syserr __P((const char *, ...));
extern void PRINTFLIKE(2, 3) usrerrenh __P((char *, const char *, ...));
extern void PRINTFLIKE(1, 2) usrerr __P((const char *, ...));
@ -2519,7 +2570,7 @@ extern bool rebuildaliases __P((MAP *, bool));
extern void setalias __P((char *));
/* logging */
extern void logdelivery __P((MAILER *, MCI *, char *, const char *, ADDRESS *, time_t, ENVELOPE *));
extern void logdelivery __P((MAILER *, MCI *, char *, const char *, ADDRESS *, time_t, ENVELOPE *, ADDRESS *, int));
extern void logsender __P((ENVELOPE *, char *));
extern void PRINTFLIKE(3, 4) sm_syslog __P((int, const char *, const char *, ...));
@ -2719,10 +2770,10 @@ extern sigfunc_t setsignal __P((int, sigfunc_t));
extern void sm_setuserenv __P((const char *, const char *));
extern void settime __P((ENVELOPE *));
#if STARTTLS
extern void set_tls_rd_tmo __P((int));
#else /* STARTTLS */
#define set_tls_rd_tmo(rd_tmo)
#endif /* STARTTLS */
extern int set_tls_rd_tmo __P((int));
#else
# define set_tls_rd_tmo(rd_tmo) 0
#endif
extern char *sfgets __P((char *, int, SM_FILE_T *, time_t, char *));
extern char *shortenstring __P((const char *, size_t));
extern char *shorten_hostname __P((char []));
@ -2778,12 +2829,18 @@ extern char *xalloc_tagged __P((int, char*, int));
#else /* SM_HEAP_CHECK */
extern char *xalloc __P((int));
#endif /* SM_HEAP_CHECK */
#if _FFR_XCNCT
extern int xconnect __P((SM_FILE_T *));
#endif /* _FFR_XCNCT */
extern void xputs __P((SM_FILE_T *, const char *));
extern char *xtextify __P((char *, char *));
extern bool xtextok __P((char *));
extern int xunlink __P((char *));
extern char *xuntextify __P((char *));
#if _FFR_RCPTFLAGS
extern bool newmodmailer __P((ADDRESS *, char fl));
#endif
#undef EXTERN
#endif /* ! _SENDMAIL_H */

18
src/sfsasl.c
View File

@ -13,6 +13,7 @@ SM_RCSID("@(#)$Id: sfsasl.c,v 8.121 2013-11-22 20:51:56 ca Exp $")
#include <stdlib.h>
#include <sendmail.h>
#include <sm/time.h>
#include <sm/fdset.h>
#include <errno.h>
/* allow to disable error handling code just in case... */
@ -415,7 +416,7 @@ sfdcsasl(fin, fout, conn, tmo)
#if STARTTLS
# include "sfsasl.h"
# include <openssl/err.h>
# include <openssl/err.h>
/* Structure used by the "tls" file type */
struct tls_obj
@ -618,9 +619,8 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
where, rfd, wfd, err);
}
if (FD_SETSIZE > 0 &&
((err == SSL_ERROR_WANT_READ && rfd >= FD_SETSIZE) ||
(err == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
if ((err == SSL_ERROR_WANT_READ && !SM_FD_OK_SELECT(rfd)) ||
(err == SSL_ERROR_WANT_WRITE && !SM_FD_OK_SELECT(wfd)))
{
if (LogLevel > 5)
{
@ -685,17 +685,21 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
** rd_tmo -- read timeout
**
** Results:
** none
** previous read timeout
** This is a hack: there is no way to pass it in
*/
static int tls_rd_tmo = -1;
void
int
set_tls_rd_tmo(rd_tmo)
int rd_tmo;
{
int old_rd_tmo;
old_rd_tmo = tls_rd_tmo;
tls_rd_tmo = rd_tmo;
return old_rd_tmo;
}
/*
@ -820,7 +824,7 @@ tls_read(fp, buf, size)
}
else if (LogLevel > 7)
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d",
"STARTTLS: read error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
err, r, errno, try, ssl_err);
errno = save_errno;
}

2
src/sm_resolve.c
View File

@ -235,7 +235,7 @@ parse_dns_reply(data, len)
if (LogLevel > 5)
sm_syslog(LOG_WARNING, NOQID,
"ERROR: DNS RDLENGTH=%d > data len=%d",
size, len - (p - data));
size, len - (int)(p - data));
dns_free_data(r);
return NULL;
}

419
src/srvrsmtp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998-2010, 2012, 2013 Proofpoint, Inc. and its suppliers.
* Copyright (c) 1998-2010, 2012-2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
@ -30,7 +30,7 @@ SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.1016 2013-11-22 20:51:56 ca Exp $")
static int saslmechs __P((sasl_conn_t *, char **));
#endif /* SASL */
#if STARTTLS
# include <openssl/err.h>
# include <openssl/err.h>
# include <sysexits.h>
static SSL_CTX *srv_ctx = NULL; /* TLS server context */
@ -204,6 +204,174 @@ parse_esmtp_args(e, addr_st, p, delimptr, which, args, esmtp_args)
args[argno] = NULL;
}
#if _FFR_ADD_BCC
/*
** ADDRCPT -- Add a rcpt to sendq list
**
** Parameters:
** rcpt -- rcpt
** sendq -- a pointer to the head of a queue to put
** these people into.
** e -- the envelope in which to add these recipients.
**
** Returns:
** The number of addresses added to the list.
*/
static int
addrcpt(rcpt, sendq, e)
char *rcpt;
ADDRESS **sendq;
ENVELOPE *e;
{
int r;
char *oldto;
ADDRESS *a;
SM_REQUIRE(rcpt != NULL);
SM_REQUIRE(sendq != NULL);
SM_REQUIRE(e != NULL);
oldto = e->e_to;
if (tTd(25, 1))
sm_dprintf("addrcpt: rcpt=%s\n", rcpt);
r = Errors;
a = NULL;
SM_TRY
{
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), "e b");
a = parseaddr(rcpt, NULLADDR, RF_COPYALL, ' ', NULL, e, true);
if (a == NULL)
return 0;
a->q_flags &= ~Q_PINGFLAGS;
a->q_flags |= QINTBCC;
a->q_owner = "<>";
/* disable alias expansion? */
a = recipient(a, sendq, 0, e);
}
SM_FINALLY
{
e->e_to = oldto;
macdefine(&e->e_macro, A_PERM, macid("{addr_type}"), NULL);
}
SM_END_TRY
if (tTd(25, 1))
sm_dprintf("addrcpt: rcpt=%s, flags=%#lx\n", rcpt,
a != NULL ? a->q_flags : 0);
Errors = r;
return 1;
}
/*
** ADDBCC -- Maybe create a copy of an e-mail
**
** Parameters:
** a -- current RCPT
** e -- the envelope.
**
** Returns:
** nothing
**
** Side Effects:
** rscheck() can trigger an "exception"
*/
static void
addbcc(a, e)
ADDRESS *a;
ENVELOPE *e;
{
int nobcc;
char *newrcpt, empty[1];
if (!AddBcc)
return;
nobcc = false;
empty[0] = '\0';
newrcpt = empty;
nobcc = rscheck("bcc", a->q_paddr, NULL, e, RSF_ADDR, 12, NULL, NOQID,
NULL, &newrcpt);
if (tTd(25, 1))
sm_dprintf("addbcc: nobcc=%d, Errors=%d, newrcpt=<%s>\n", nobcc, Errors, newrcpt);
if (nobcc != EX_OK || Errors > 0 || *newrcpt == '\0')
return;
(void) addrcpt(newrcpt, &e->e_sendqueue, e);
return;
}
#else /* _FFR_ADD_BCC */
# define addbcc(a, e)
#endif /* _FFR_ADD_BCC */
#if _FFR_RCPTFLAGS
/*
** RCPTMODS -- Perform rcpt modifications if requested
**
** Parameters:
** rcpt -- current RCPT
** e -- the envelope.
**
** Returns:
** nothing.
*/
void
rcptmods(rcpt, e)
ADDRESS *rcpt;
ENVELOPE *e;
{
char *fl;
SM_REQUIRE(rcpt != NULL);
SM_REQUIRE(e != NULL);
fl = macvalue(macid("{rcpt_flags}"), e);
if (fl == NULL || *fl == '\0')
return;
if (tTd(25, 1))
sm_dprintf("rcptmods: rcpt=%s, flags=%s\n", rcpt->q_paddr, fl);
/* parse flags */
for ( ; *fl != '\0'; ++fl)
{
switch (*fl)
{
case 'n':
rcpt->q_flags &= ~Q_PINGFLAGS;
rcpt->q_flags |= QINTBCC;
rcpt->q_owner = "<>";
break;
case 'N':
rcpt->q_flags &= ~Q_PINGFLAGS;
rcpt->q_owner = "<>";
break;
case QDYNMAILFLG:
rcpt->q_flags |= QDYNMAILER;
newmodmailer(rcpt, *fl);
break;
default:
sm_syslog(LOG_INFO, e->e_id,
"rcpt=%s, rcpt_flags=%s, status=unknown",
rcpt->q_paddr, fl);
break;
}
}
/* reset macro to avoid confusion later on */
macdefine(&e->e_macro, A_PERM, macid("{rcpt_flags}"), NULL);
}
#else /* _FFR_RCPTFLAGS */
# define rcptmods(a, e)
#endif /* _FFR_RCPTFLAGS */
/*
** SMTP -- run the SMTP protocol.
**
@ -541,6 +709,24 @@ do \
qid_printname(e), CurSmtpClient, inp); \
}
/*
** Determine the correct protocol keyword to use in the
** Received: header, following RFC 3848.
*/
#if !STARTTLS
# define tls_active false
#endif
#if SASL
# define auth_active (authenticating == SASL_IS_AUTH)
#else
# define auth_active false
#endif
#define GET_PROTOCOL() \
(auth_active \
? (tls_active ? "ESMTPSA" : "ESMTPA") \
: (tls_active ? "ESMTPS" : "ESMTP"))
static bool SevenBitInput_Saved; /* saved version of SevenBitInput */
void
@ -577,6 +763,7 @@ smtp(nullserver, d_flags, e)
SMTP_T smtp;
char *addr;
char *greetcode = "220";
const char *greetmsg = "not accepting messages";
char *hostname; /* my hostname ($j) */
QUEUE_CHAR *new;
char *args[MAXSMTPARGS];
@ -907,11 +1094,7 @@ smtp(nullserver, d_flags, e)
}
#endif /* SASL */
#if STARTTLS
set_tls_rd_tmo(TimeOuts.to_nextcommand);
#endif /* STARTTLS */
(void) set_tls_rd_tmo(TimeOuts.to_nextcommand);
#if MILTER
if (smtp.sm_milterize)
@ -968,7 +1151,73 @@ smtp(nullserver, d_flags, e)
response = milter_connect(q, RealHostAddr, e, &state);
switch (state)
{
#if _FFR_MILTER_CONNECT_REPLYCODE
case SMFIR_REPLYCODE:
if (*response == '5')
{
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, reject=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
greetcode = "554"; /* Required by 2821 3.1 */
nullserver = newstr(response);
if (strlen(nullserver) > 4)
{
int skip;
greetmsg = nullserver + 4;
/* skip over enhanced status code */
skip = isenhsc(greetmsg, ' ');
if (skip > 0)
greetmsg += skip + 1;
}
smtp.sm_milterize = false;
break;
}
else if (strncmp(response, "421 ", 4) == 0)
{
int skip;
const char *msg = response + 4;
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, shutdown=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
tempfail = true;
smtp.sm_milterize = false;
/* skip over enhanced status code */
skip = isenhsc(msg, ' ');
if (skip > 0)
msg += skip + 1;
message("421 %s %s", MyHostName, msg);
/* arrange to ignore send list */
e->e_sendqueue = NULL;
goto doquit;
}
else
{
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
"Milter: connect: host=%s, addr=%s, temp failing commands=%s",
peerhostname,
anynet_ntoa(&RealHostAddr),
response);
/*tempfail = true;*/
smtp.sm_milterize = false;
nullserver = newstr(response);
break;
}
#else /* _FFR_MILTER_CONNECT_REPLYCODE */
case SMFIR_REPLYCODE: /* REPLYCODE shouldn't happen */
#endif /* _FFR_MILTER_CONNECT_REPLYCODE */
case SMFIR_REJECT:
if (MilterLogLevel > 3)
sm_syslog(LOG_INFO, e->e_id,
@ -1006,7 +1255,7 @@ smtp(nullserver, d_flags, e)
goto doquit;
}
if (response != NULL)
sm_free(response); /* XXX */
sm_free(response);
}
#endif /* MILTER */
@ -1097,8 +1346,8 @@ smtp(nullserver, d_flags, e)
/* output the first line, inserting "ESMTP" as second word */
if (*greetcode == '5')
(void) sm_snprintf(inp, sizeof(inp),
"%s not accepting messages", hostname);
(void) sm_snprintf(inp, sizeof(inp), "%s %s", hostname,
greetmsg);
else
expand(SmtpGreeting, inp, sizeof(inp), e);
@ -1400,6 +1649,8 @@ smtp(nullserver, d_flags, e)
*ssf);
}
protocol = GET_PROTOCOL();
/*
** Only switch to encrypted connection
** if a security layer has been negotiated
@ -1898,11 +2149,9 @@ smtp(nullserver, d_flags, e)
SSL_set_accept_state(srv_ssl);
# define SSL_ACC(s) SSL_accept(s)
tlsstart = curtime();
ssl_retry:
if ((r = SSL_ACC(srv_ssl)) <= 0)
if ((r = SSL_accept(srv_ssl)) <= 0)
{
int i, ssl_err;
@ -1962,7 +2211,7 @@ smtp(nullserver, d_flags, e)
macvalue(macid("{verify}"), e),
"STARTTLS", e,
RSF_RMCOMM|RSF_COUNT,
5, NULL, NOQID, NULL) != EX_OK ||
5, NULL, NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
{
extern char MsgBuf[];
@ -2052,7 +2301,7 @@ smtp(nullserver, d_flags, e)
DELAY_CONN("EHLO");
if (c->cmd_code == CMDEHLO)
{
protocol = "ESMTP";
protocol = GET_PROTOCOL();
SmtpPhase = "server EHLO";
}
else
@ -2468,7 +2717,7 @@ smtp(nullserver, d_flags, e)
#endif /* _FFR_MAIL_MACRO */
if (rscheck("check_mail", addr,
NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
NULL, e->e_id, NULL) != EX_OK ||
NULL, e->e_id, NULL, NULL) != EX_OK ||
Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
macdefine(&e->e_macro, A_PERM,
@ -2731,7 +2980,7 @@ smtp(nullserver, d_flags, e)
macid("{addr_type}"), "e r");
if (rscheck("check_rcpt", addr,
NULL, e, RSF_RMCOMM|RSF_COUNT, 3,
NULL, e->e_id, p_addr_st) != EX_OK ||
NULL, e->e_id, p_addr_st, NULL) != EX_OK ||
Errors > 0)
goto rcpt_done;
macdefine(&e->e_macro, A_PERM,
@ -2744,6 +2993,9 @@ smtp(nullserver, d_flags, e)
milter_cmd_safe = true;
#endif
addbcc(a, e);
rcptmods(a, e);
/* save in recipient list after ESMTP mods */
a = recipient(a, &e->e_sendqueue, 0, e);
/* may trigger exception... */
@ -2821,6 +3073,7 @@ smtp(nullserver, d_flags, e)
#if !MILTER
rcpt_done:
#endif /* !MILTER */
macdefine(&e->e_macro, A_PERM,
macid("{rcpt_mailer}"), NULL);
macdefine(&e->e_macro, A_PERM,
@ -2974,8 +3227,8 @@ smtp(nullserver, d_flags, e)
{
/* do config file checking of the address */
if (rscheck(vrfy ? "check_vrfy" : "check_expn",
p, NULL, e, RSF_RMCOMM,
3, NULL, NOQID, NULL) != EX_OK ||
p, NULL, e, RSF_RMCOMM, 3, NULL,
NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
sm_exc_raisenew_x(&EtypeQuickAbort, 1);
(void) sendtolist(p, NULLADDR, &vrfyqueue, 0, e);
@ -3070,9 +3323,8 @@ smtp(nullserver, d_flags, e)
** available to make a decision.
*/
if (rscheck("check_etrn", p, NULL, e,
RSF_RMCOMM, 3, NULL, NOQID, NULL)
!= EX_OK ||
if (rscheck("check_etrn", p, NULL, e, RSF_RMCOMM, 3,
NULL, NOQID, NULL, NULL) != EX_OK ||
Errors > 0)
break;
@ -3371,7 +3623,7 @@ smtp_data(smtp, e)
(void) sm_snprintf(buf, sizeof(buf), "%u", smtp->sm_nrcpts);
if (rscheck("check_data", buf, NULL, e,
RSF_RMCOMM|RSF_UNSTRUCTURED|RSF_COUNT, 3, NULL,
e->e_id, NULL) != EX_OK)
e->e_id, NULL, NULL) != EX_OK)
return true;
#if MILTER && SMFI_VERSION > 3
@ -3494,7 +3746,7 @@ smtp_data(smtp, e)
/* rscheck() will set Errors or EF_DISCARD if it trips */
(void) rscheck("check_eom", buf, NULL, e, RSF_UNSTRUCTURED|RSF_COUNT,
3, NULL, e->e_id, NULL);
3, NULL, e->e_id, NULL, NULL);
#if MILTER
milteraccept = true;
@ -3735,6 +3987,38 @@ smtp_data(smtp, e)
_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
#endif /* NAMED_BIND */
#if _FFR_PROXY
if (SM_PROXY_REQ == e->e_sendmode)
{
/* is proxy mode possible? */
if (e->e_sibling == NULL && e->e_nrcpts == 1
&& smtp->sm_nrcpts == 1
&& (a = e->e_sendqueue) != NULL && a->q_next == NULL)
{
a->q_flags &= ~(QPINGONFAILURE|QPINGONSUCCESS|
QPINGONDELAY);
e->e_errormode = EM_QUIET;
e->e_sendmode = SM_PROXY;
}
else
{
if (tTd(87, 2))
{
a = e->e_sendqueue;
sm_dprintf("srv: mode=%c, e=%p, sibling=%p, nrcpts=%d, sm_nrcpts=%d, sendqueue=%p, next=%p\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts,
smtp->sm_nrcpts, a,
(a == NULL) ? (void *)0 : a->q_next);
}
/* switch to interactive mode */
e->e_sendmode = SM_DELIVER;
if (LogLevel > 9)
sm_syslog(LOG_DEBUG, e->e_id,
"proxy mode requested but not possible");
}
}
#endif /* _FFR_PROXY */
for (ee = e; ee != NULL; ee = ee->e_sibling)
{
@ -3779,6 +4063,84 @@ smtp_data(smtp, e)
oldid = CurEnv->e_id;
CurEnv->e_id = id;
#if _FFR_PROXY
a = e->e_sendqueue;
if (tTd(87, 1))
{
sm_dprintf("srv: mode=%c, e=%p, sibling=%p, nrcpts=%d, msg=%s, sendqueue=%p, next=%p, state=%d, SmtpError=%s, rcode=%d, renhsc=%s, text=%s\n",
e->e_sendmode, e, e->e_sibling, e->e_nrcpts, e->e_message, a,
(a == NULL) ? (void *)0 : a->q_next,
(a == NULL) ? -1 : a->q_state, SmtpError, e->e_rcode,
e->e_renhsc, e->e_text);
}
if (SM_PROXY == e->e_sendmode && a->q_state != QS_SENT &&
a->q_state != QS_VERIFIED) /* discarded! */
{
char *m, *errtext;
char replycode[4];
char enhsc[10];
int offset;
#define NN_MSG(e) (((e)->e_message != NULL) ? (e)->e_message : "")
m = e->e_message;
#define SM_MSG_DEFERRED "Deferred: "
if (m != NULL && strncmp(SM_MSG_DEFERRED, m,
sizeof(SM_MSG_DEFERRED) - 1) == 0)
m += sizeof(SM_MSG_DEFERRED) - 1;
offset = extsc(m, ' ', replycode, enhsc);
if (tTd(87, 2))
{
sm_dprintf("srv: SmtpError=%s, rcode=%d, renhsc=%s, replycode=%s, enhsc=%s, offset=%d\n",
SmtpError, e->e_rcode, e->e_renhsc,
replycode, enhsc, offset);
}
#define DIG2CHAR(d) ((d) + '0')
if (e->e_rcode != 0 && (replycode[0] == '\0' ||
replycode[0] == DIG2CHAR(REPLYTYPE(e->e_rcode))))
{
replycode[0] = DIG2CHAR(REPLYTYPE(e->e_rcode));
replycode[1] = DIG2CHAR(REPLYCLASS(e->e_rcode));
replycode[2] = DIG2CHAR(REPLYMINOR(e->e_rcode));
replycode[3] = '\0';
if (e->e_renhsc[0] == replycode[0])
sm_strlcpy(enhsc, e->e_renhsc, sizeof(enhsc));
if (offset < 0)
offset = 0;
}
if (e->e_text != NULL)
{
(void) strreplnonprt(e->e_text, '_');
errtext = e->e_text;
}
else
errtext = m + offset;
if (replycode[0] != '\0' && enhsc[0] != '\0')
emessage(replycode, enhsc, "%s", errtext);
else if (replycode[0] != '\0')
emessage(replycode, smtptodsn(atoi(replycode)),
"%s", errtext);
else if (QS_IS_TEMPFAIL(a->q_state))
{
if (m != NULL)
message("450 4.5.1 %s", m);
else
message("450 4.5.1 Temporary error");
}
else
{
if (m != NULL)
message("550 5.5.1 %s", m);
else
message("550 5.0.0 Permanent error");
}
}
else
{
#endif /* _FFR_PROXY */
/* issue success message */
#if _FFR_MSG_ACCEPT
if (MessageAccept != NULL && *MessageAccept != '\0')
@ -3791,6 +4153,9 @@ smtp_data(smtp, e)
else
#endif /* _FFR_MSG_ACCEPT */
message("250 2.0.0 %s Message accepted for delivery", id);
#if _FFR_PROXY
}
#endif /* _FFR_PROXY */
CurEnv->e_id = oldid;
/* if we just queued, poke it */
@ -3937,7 +4302,7 @@ logundelrcpts(e, msg, level, all)
? e->e_enhsc :
#endif /* _FFR_MILTER_ENHSC */
a->q_status,
msg, NULL, (time_t) 0, e);
msg, NULL, (time_t) 0, e, a, EX_OK /* ??? */);
}
e->e_to = NULL;
}
@ -4339,8 +4704,8 @@ mail_esmtp_args(a, kp, vp, e)
SuprErrs = true;
QuickAbort = false;
if (strcmp(auth_param, "<>") != 0 &&
(rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM,
9, NULL, NOQID, NULL) != EX_OK || Errors > 0))
(rscheck("trust_auth", auth_param, NULL, e, RSF_RMCOMM, 9,
NULL, NOQID, NULL, NULL) != EX_OK || Errors > 0))
{
if (tTd(95, 8))
{

200
src/tls.c
View File

@ -13,21 +13,21 @@
SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 gshapiro Exp $")
#if STARTTLS
# include <openssl/err.h>
# include <openssl/bio.h>
# include <openssl/pem.h>
# ifndef HASURANDOMDEV
# include <openssl/rand.h>
# endif /* ! HASURANDOMDEV */
# include <openssl/err.h>
# include <openssl/bio.h>
# include <openssl/pem.h>
# ifndef HASURANDOMDEV
# include <openssl/rand.h>
# endif /* ! HASURANDOMDEV */
# if !TLS_NO_RSA
static RSA *rsa_tmp = NULL; /* temporary RSA key */
static RSA *tmp_rsa_key __P((SSL *, int, int));
# endif /* !TLS_NO_RSA */
# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L
static int tls_verify_cb __P((X509_STORE_CTX *));
# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
# else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
static int tls_verify_cb __P((X509_STORE_CTX *, void *));
# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
# if OPENSSL_VERSION_NUMBER > 0x00907000L
static int x509_verify_cb __P((int, X509_STORE_CTX *));
@ -41,7 +41,7 @@ static int x509_verify_cb __P((int, X509_STORE_CTX *));
static void apps_ssl_info_cb __P((CONST097 SSL *, int , int));
static bool tls_ok_f __P((char *, char *, int));
static bool tls_safe_f __P((char *, long, bool));
static int tls_verify_log __P((int, X509_STORE_CTX *, char *));
static int tls_verify_log __P((int, X509_STORE_CTX *, const char *));
# if !NO_DH
static DH *get_dh512 __P((void));
@ -311,8 +311,25 @@ init_tls_library(fipsmode)
}
}
#endif /* _FFR_FIPSMODE */
if (bv && CertFingerprintAlgorithm != NULL)
{
const EVP_MD *md;
md = EVP_get_digestbyname(CertFingerprintAlgorithm);
if (NULL == md)
{
bv = false;
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
"STARTTLS=init, CertFingerprintAlgorithm=%s, status=invalid"
, CertFingerprintAlgorithm);
}
else
EVP_digest = md;
}
return bv;
}
/*
** TLS_SET_VERIFY -- request client certificate?
**
@ -369,12 +386,10 @@ tls_set_verify(ctx, ssl, vrfy)
# define TLS_S_CRLF_EX 0x00000100 /* CRL file exists */
# define TLS_S_CRLF_OK 0x00000200 /* CRL file is ok */
# if _FFR_TLS_1
# define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */
# define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */
# define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */
# define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */
# endif /* _FFR_TLS_1 */
# define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */
# define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */
# define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */
# define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */
# define TLS_S_DH_OK 0x00200000 /* DH cert is ok */
# define TLS_S_DHPAR_EX 0x00400000 /* DH param file exists */
@ -545,7 +560,7 @@ bool
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
SSL_CTX **ctx;
unsigned long req;
long options;
unsigned long options;
bool srv;
char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam;
{
@ -556,12 +571,10 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
bool ok;
long sff, status;
char *who;
# if _FFR_TLS_1
char *cf2, *kf2;
# endif /* _FFR_TLS_1 */
# if SM_CONF_SHM
# if SM_CONF_SHM
extern int ShmId;
# endif /* SM_CONF_SHM */
# endif /* SM_CONF_SHM */
# if OPENSSL_VERSION_NUMBER > 0x00907000L
BIO *crl_file;
X509_CRL *crl;
@ -586,7 +599,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
return true;
ok = true;
# if _FFR_TLS_1
/*
** look for a second filename: it must be separated by a ','
** no blanks allowed (they won't be skipped).
@ -605,7 +617,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
if (keyfile != NULL && (kf2 = strchr(keyfile, ',')) != NULL)
*kf2++ = '\0';
}
# endif /* _FFR_TLS_1 */
/*
** Check whether files/paths are defined
@ -625,7 +636,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
TLS_S_CRLF_EX, TLS_T_OTHER);
# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
# if _FFR_TLS_1
/*
** if the second file is specified it must exist
** XXX: it is possible here to define only one of those files
@ -641,7 +651,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
TLS_OK_F(kf2, "KeyFile", bitset(TLS_I_KEY_EX, req),
TLS_S_KEY2_EX, srv ? TLS_T_SRV : TLS_T_CLT);
}
# endif /* _FFR_TLS_1 */
/*
** valid values for dhparam are (only the first char is checked)
@ -715,7 +724,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
# endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
if (!ok)
return ok;
# if _FFR_TLS_1
if (cf2 != NULL)
{
TLS_SAFE_F(cf2, sff | TLS_UNR(TLS_I_CERT_UNR, req),
@ -728,7 +736,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
bitset(TLS_I_KEY_EX, req),
bitset(TLS_S_KEY2_EX, status), TLS_S_KEY2_OK, srv);
}
# endif /* _FFR_TLS_1 */
/* create a method and a new context */
if ((*ctx = SSL_CTX_new(srv ? SSLv23_server_method() :
@ -823,13 +830,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
*/
if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
# if SM_CONF_SHM
&& ShmId != SM_SHM_NO_ID &&
(rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
NULL)) == NULL
# else /* SM_CONF_SHM */
# else /* SM_CONF_SHM */
&& 0 /* no shared memory: no need to generate key now */
# endif /* SM_CONF_SHM */
# endif /* SM_CONF_SHM */
)
{
if (LogLevel > 7)
@ -865,16 +872,25 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
return false;
}
#if _FFR_TLS_USE_CERTIFICATE_CHAIN_FILE
# define SSL_CTX_use_cert(ssl_ctx, certfile) \
SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile)
# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_chain_file"
#else
# define SSL_CTX_use_cert(ssl_ctx, certfile) \
SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM)
# define SSL_CTX_USE_CERT "SSL_CTX_use_certificate_file"
#endif
/* get the certificate file */
if (bitset(TLS_S_CERT_OK, status) &&
SSL_CTX_use_certificate_file(*ctx, certfile,
SSL_FILETYPE_PEM) <= 0)
SSL_CTX_use_cert(*ctx, certfile) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
who, certfile);
"STARTTLS=%s, error: %s(%s) failed",
who, SSL_CTX_USE_CERT, certfile);
if (LogLevel > 9)
tlslogerr(LOG_WARNING, who);
}
@ -899,7 +915,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
return false;
}
# if _FFR_TLS_1
/* XXX this code is pretty much duplicated from above! */
/* load private key */
@ -918,13 +933,13 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
/* get the certificate file */
if (bitset(TLS_S_CERT2_OK, status) &&
SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0)
SSL_CTX_use_cert(*ctx, cf2) <= 0)
{
if (LogLevel > 7)
{
sm_syslog(LOG_WARNING, NOQID,
"STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
who, cf2);
"STARTTLS=%s, error: %s(%s) failed",
who, SSL_CTX_USE_CERT, cf2);
if (LogLevel > 9)
tlslogerr(LOG_WARNING, who);
}
@ -944,7 +959,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
tlslogerr(LOG_WARNING, who);
}
}
# endif /* _FFR_TLS_1 */
/* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */
@ -968,7 +982,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
}
#endif
SSL_CTX_set_options(*ctx, options);
SSL_CTX_set_options(*ctx, (long) options);
# if !NO_DH
/* Diffie-Hellman initialization */
@ -1153,7 +1167,6 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
if (tTd(96, 9))
SSL_CTX_set_info_callback(*ctx, apps_ssl_info_cb);
# if _FFR_TLS_1
/* install our own cipher list */
if (CipherList != NULL && *CipherList != '\0')
{
@ -1171,29 +1184,73 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
/* failure if setting to this list is required? */
}
}
# endif /* _FFR_TLS_1 */
if (LogLevel > 12)
sm_syslog(LOG_INFO, NOQID, "STARTTLS=%s, init=%d", who, ok);
# if _FFR_TLS_1
# if 0
# if 0
/*
** this label is required if we want to have a "clean" exit
** see the comments above at the initialization of cf2
*/
endinittls:
# endif /* 0 */
# endif /* 0 */
/* undo damage to global variables */
if (cf2 != NULL)
*--cf2 = ',';
if (kf2 != NULL)
*--kf2 = ',';
# endif /* _FFR_TLS_1 */
return ok;
}
/*
** CERT_FP -- get cert fingerprint
**
** Parameters:
** cert -- TLS cert
** mac -- macro storage
** macro -- where to store cert fp
**
** Returns:
** <=0: cert fp calculation failed
** >0: cert fp calculation ok
*/
static int
cert_fp(cert, evp_digest, mac, macro)
X509 *cert;
const EVP_MD *evp_digest;
MACROS_T *mac;
char *macro;
{
unsigned int n;
int r;
unsigned char md[EVP_MAX_MD_SIZE];
char md5h[EVP_MAX_MD_SIZE * 3];
static const char hexcodes[] = "0123456789ABCDEF";
n = 0;
if (X509_digest(cert, EVP_digest, md, &n) == 0 || n <= 0)
{
macdefine(mac, A_TEMP, macid(macro), "");
return 0;
}
SM_ASSERT((n * 3) + 2 < sizeof(md5h));
for (r = 0; r < (int) n; r++)
{
md5h[r * 3] = hexcodes[(md[r] & 0xf0) >> 4];
md5h[(r * 3) + 1] = hexcodes[(md[r] & 0x0f)];
md5h[(r * 3) + 2] = ':';
}
md5h[(n * 3) - 1] = '\0';
macdefine(mac, A_TEMP, macid(macro), md5h);
return 1;
}
/*
** TLS_GET_INFO -- get information about TLS connection
**
@ -1208,9 +1265,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
** result of authentication.
**
** Side Effects:
** sets macros: {cipher}, {tls_version}, {verify},
** {cipher_bits}, {alg_bits}, {cert}, {cert_subject},
** {cert_issuer}, {cn_subject}, {cn_issuer}
** sets various TLS related macros.
*/
int
@ -1238,7 +1293,7 @@ tls_get_info(ssl, srv, host, mac, certreq)
macdefine(mac, A_TEMP, macid("{cipher_bits}"), bitstr);
(void) sm_snprintf(bitstr, sizeof(bitstr), "%d", r);
macdefine(mac, A_TEMP, macid("{alg_bits}"), bitstr);
s = SSL_CIPHER_get_version(c);
s = (char *) SSL_get_version(ssl);
if (s == NULL)
s = "UNKNOWN";
macdefine(mac, A_TEMP, macid("{tls_version}"), s);
@ -1252,9 +1307,7 @@ tls_get_info(ssl, srv, host, mac, certreq)
who, verifyok, (unsigned long) cert);
if (cert != NULL)
{
unsigned int n;
X509_NAME *subj, *issuer;
unsigned char md[EVP_MAX_MD_SIZE];
char buf[MAXNAME];
subj = X509_get_subject_name(cert);
@ -1268,6 +1321,8 @@ tls_get_info(ssl, srv, host, mac, certreq)
# define LL_BADCERT 8
#define CERTFPMACRO (CertFingerprintAlgorithm != NULL ? "{cert_fp}" : "{cert_md5}")
#define CHECK_X509_NAME(which) \
do { \
if (r == -1) \
@ -1313,24 +1368,7 @@ tls_get_info(ssl, srv, host, mac, certreq)
CHECK_X509_NAME("cn_issuer");
macdefine(mac, A_TEMP, macid("{cn_issuer}"),
xtextify(buf, "<>\")"));
n = 0;
if (X509_digest(cert, EVP_md5(), md, &n) != 0 && n > 0)
{
char md5h[EVP_MAX_MD_SIZE * 3];
static const char hexcodes[] = "0123456789ABCDEF";
SM_ASSERT((n * 3) + 2 < sizeof(md5h));
for (r = 0; r < (int) n; r++)
{
md5h[r * 3] = hexcodes[(md[r] & 0xf0) >> 4];
md5h[(r * 3) + 1] = hexcodes[(md[r] & 0x0f)];
md5h[(r * 3) + 2] = ':';
}
md5h[(n * 3) - 1] = '\0';
macdefine(mac, A_TEMP, macid("{cert_md5}"), md5h);
}
else
macdefine(mac, A_TEMP, macid("{cert_md5}"), "");
(void) cert_fp(cert, EVP_digest, mac, CERTFPMACRO);
}
else
{
@ -1338,7 +1376,7 @@ tls_get_info(ssl, srv, host, mac, certreq)
macdefine(mac, A_PERM, macid("{cert_issuer}"), "");
macdefine(mac, A_PERM, macid("{cn_subject}"), "");
macdefine(mac, A_PERM, macid("{cn_issuer}"), "");
macdefine(mac, A_TEMP, macid("{cert_md5}"), "");
macdefine(mac, A_TEMP, macid(CERTFPMACRO), "");
}
switch (verifyok)
{
@ -1633,9 +1671,9 @@ apps_ssl_info_cb(s, where, ret)
** Parameters:
** ok -- verify ok?
** ctx -- x509 context
** name -- from where is this called?
**
** Returns:
** 0 -- fatal error
** 1 -- ok
*/
@ -1643,9 +1681,8 @@ static int
tls_verify_log(ok, ctx, name)
int ok;
X509_STORE_CTX *ctx;
char *name;
const char *name;
{
SSL *ssl;
X509 *cert;
int reason, depth;
char buf[512];
@ -1653,17 +1690,6 @@ tls_verify_log(ok, ctx, name)
cert = X509_STORE_CTX_get_current_cert(ctx);
reason = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
ssl = (SSL *) X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
if (ssl == NULL)
{
/* internal error */
sm_syslog(LOG_ERR, NOQID,
"STARTTLS: internal error: tls_verify_cb: ssl == NULL");
return 0;
}
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
sm_syslog(LOG_INFO, NOQID,
"STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s",
@ -1729,10 +1755,10 @@ tlslogerr(level, who)
unsigned long es;
char *file, *data;
char buf[256];
# define CP (const char **)
es = CRYPTO_thread_id();
while ((l = ERR_get_error_line_data(CP &file, &line, CP &data, &flags))
while ((l = ERR_get_error_line_data((const char **) &file, &line,
(const char **) &data, &flags))
!= 0)
{
sm_syslog(level, NOQID,

65
src/usersmtp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998-2006, 2008-2010 Proofpoint, Inc. and its suppliers.
* Copyright (c) 1998-2006, 2008-2010, 2014 Proofpoint, Inc. and its suppliers.
* All rights reserved.
* Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
* Copyright (c) 1988, 1993
@ -92,6 +92,11 @@ smtpinit(m, mci, e, onlyhelo)
CurHostName = MyHostName;
SmtpNeedIntro = true;
state = mci->mci_state;
#if _FFR_ERRCODE
e->e_rcode = 0;
e->e_renhsc[0] = '\0';
e->e_text = NULL;
#endif /* _FFR_ERRCODE */
switch (state)
{
case MCIS_MAIL:
@ -227,10 +232,7 @@ smtpinit(m, mci, e, onlyhelo)
*/
if ((UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags))
# if !_FFR_DEPRECATE_MAILER_FLAG_I
|| bitnset(M_INTERNAL, m->m_flags)
# endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */
)
|| bitnset(M_INTERNAL, m->m_flags))
{
/* tell it to be verbose */
smtpmessage("VERB", m, mci);
@ -768,9 +770,7 @@ readauth(filename, safe, sai, rpool)
pid = -1;
sff = SFF_REGONLY|SFF_SAFEDIRPATH|SFF_NOWLINK
|SFF_NOGWFILES|SFF_NOWWFILES|SFF_NOWRFILES;
# if _FFR_GROUPREADABLEAUTHINFOFILE
if (!bitnset(DBS_GROUPREADABLEAUTHINFOFILE, DontBlameSendmail))
# endif /* _FFR_GROUPREADABLEAUTHINFOFILE */
sff |= SFF_NOGRFILES;
if (DontLockReadFiles)
sff |= SFF_NOLOCK;
@ -2770,7 +2770,10 @@ smtpdata(m, mci, e, ctladdr, xstart)
writeerr:
mci->mci_errno = errno;
mci->mci_state = MCIS_ERROR;
mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
mci_setstat(mci, bitset(MCIF_NOTSTICKY, mci->mci_flags)
? EX_NOTSTICKY: EX_TEMPFAIL,
"4.4.2", NULL);
mci->mci_flags &= ~MCIF_NOTSTICKY;
/*
** If putbody() couldn't finish due to a timeout,
@ -2782,7 +2785,7 @@ smtpdata(m, mci, e, ctladdr, xstart)
(void) bfrewind(e->e_dfp);
errno = mci->mci_errno;
syserr("451 4.4.1 timeout writing message to %s", CurHostName);
syserr("+451 4.4.1 timeout writing message to %s", CurHostName);
smtpquit(m, mci, e);
return EX_TEMPFAIL;
}
@ -3085,7 +3088,7 @@ reply(m, mci, e, timeout, pfunc, enhstat, rtype)
*/
bufp = SmtpReplyBuffer;
set_tls_rd_tmo(timeout);
(void) set_tls_rd_tmo(timeout);
for (;;)
{
register char *p;
@ -3247,6 +3250,48 @@ reply(m, mci, e, timeout, pfunc, enhstat, rtype)
firstline = false;
continue;
}
#if _FFR_ERRCODE
# if _FFR_PROXY
if ((e->e_rcode == 0 || REPLYTYPE(e->e_rcode) < 5)
&& REPLYTYPE(r) > 3 && firstline)
# endif
# if _FFR_LOGREPLY
if (REPLYTYPE(r) > 3 && firstline)
# endif
{
int o = -1;
# if PIPELINING
/*
** ignore error iff: DATA, 5xy error, but we had
** "retryable" recipients. XREF: smtpdata()
*/
if (!(rtype == XS_DATA && REPLYTYPE(r) == 5 &&
mci->mci_okrcpts <= 0 && mci->mci_retryrcpt))
# endif /* PIPELINING */
{
o = extenhsc(bufp + 4, ' ', enhstatcode);
if (o > 0)
{
sm_strlcpy(e->e_renhsc, enhstatcode,
sizeof(e->e_renhsc));
/* skip SMTP reply code, delimiters */
o += 5;
}
else
o = 4;
e->e_rcode = r;
e->e_text = sm_rpool_strdup_x(e->e_rpool,
bufp + o);
}
if (tTd(87, 2))
{
sm_dprintf("user: offset=%d, bufp=%s, rcode=%d, enhstat=%s, text=%s\n",
o, bufp, r, e->e_renhsc, e->e_text);
}
}
#endif /* _FFR_ERRCODE */
firstline = false;

146
src/util.c
View File

@ -1833,7 +1833,7 @@ dumpfd(fd, printclosed, logit)
}
(void) sm_snprintf(p, SPACELEFT(buf, p), "mode=%o: ",
(int) st.st_mode);
(unsigned int) st.st_mode);
p += strlen(p);
switch (st.st_mode & S_IFMT)
{
@ -1936,11 +1936,11 @@ dumpfd(fd, printclosed, logit)
default:
defprint:
(void) sm_snprintf(p, SPACELEFT(buf, p),
"dev=%d/%d, ino=%llu, nlink=%d, u/gid=%d/%d, ",
major(st.st_dev), minor(st.st_dev),
"dev=%ld/%ld, ino=%llu, nlink=%d, u/gid=%ld/%ld, ",
(long) major(st.st_dev), (long) minor(st.st_dev),
(ULONGLONG_T) st.st_ino,
(int) st.st_nlink, (int) st.st_uid,
(int) st.st_gid);
(int) st.st_nlink, (long) st.st_uid,
(long) st.st_gid);
p += strlen(p);
(void) sm_snprintf(p, SPACELEFT(buf, p), "size=%llu",
(ULONGLONG_T) st.st_size);
@ -2866,3 +2866,139 @@ count_open_connections(hostaddr)
return n;
}
#if _FFR_XCNCT
/*
** XCONNECT -- get X-CONNECT info
**
** Parameters:
** inchannel -- FILE to check
**
** Returns:
** -1 on error
** 0 if X-CONNECT was not given
** >0 if X-CONNECT was used successfully (D_XCNCT*)
*/
int
xconnect(inchannel)
SM_FILE_T *inchannel;
{
int r, i;
char *p, *b, delim, inp[MAXINPLINE];
SOCKADDR addr;
char **pvp;
char pvpbuf[PSBUFSIZE];
char *peerhostname; /* name of SMTP peer or "localhost" */
extern ENVELOPE BlankEnvelope;
#define XCONNECT "X-CONNECT "
#define XCNNCTLEN (sizeof(XCONNECT) - 1)
/* Ask the ruleset whether to use x-connect */
pvp = NULL;
peerhostname = RealHostName;
if (peerhostname == NULL)
peerhostname = "localhost";
r = rscap("x_connect", peerhostname,
anynet_ntoa(&RealHostAddr), &BlankEnvelope,
&pvp, pvpbuf, sizeof(pvpbuf));
if (tTd(75, 8))
sm_syslog(LOG_INFO, NOQID, "x-connect: rscap=%d", r);
if (r == EX_UNAVAILABLE)
return 0;
if (r != EX_OK)
{
/* ruleset error */
sm_syslog(LOG_INFO, NOQID, "x-connect: rscap=%d", r);
return 0;
}
if (pvp != NULL && pvp[0] != NULL && (pvp[0][0] & 0377) == CANONNET)
{
/* $#: no x-connect */
if (tTd(75, 7))
sm_syslog(LOG_INFO, NOQID, "x-connect: nope");
return 0;
}
p = sfgets(inp, sizeof(inp), InChannel, TimeOuts.to_nextcommand, "pre");
if (tTd(75, 6))
sm_syslog(LOG_INFO, NOQID, "x-connect: input=%s", p);
if (p == NULL || strncasecmp(p, XCONNECT, XCNNCTLEN) != 0)
return -1;
p += XCNNCTLEN;
while (isascii(*p) && isspace(*p))
p++;
/* parameters: IPAddress [Hostname[ M]] */
b = p;
while (*p != '\0' && isascii(*p) &&
(isalnum(*p) || *p == '.' || *p== ':'))
p++;
delim = *p;
*p = '\0';
memset(&addr, '\0', sizeof(addr));
addr.sin.sin_addr.s_addr = inet_addr(b);
if (addr.sin.sin_addr.s_addr != INADDR_NONE)
{
addr.sa.sa_family = AF_INET;
memcpy(&RealHostAddr, &addr, sizeof(addr));
if (tTd(75, 2))
sm_syslog(LOG_INFO, NOQID, "x-connect: addr=%s",
anynet_ntoa(&RealHostAddr));
}
# if NETINET6
else if ((r = inet_pton(AF_INET6, b, &addr.sin6.sin6_addr)) == 1)
{
addr.sa.sa_family = AF_INET6;
memcpy(&RealHostAddr, &addr, sizeof(addr));
}
# endif /* NETINET6 */
else
return -1;
/* more parameters? */
if (delim != ' ')
return D_XCNCT;
while (*p != '\0' && isascii(*p) && isspace(*p))
p++;
for (b = ++p, i = 0;
*p != '\0' && isascii(*p) && (isalnum(*p) || *p == '.' || *p == '-');
p++, i++)
;
if (i == 0)
return D_XCNCT;
delim = *p;
if (i > MAXNAME)
b[MAXNAME] = '\0';
else
b[i] = '\0';
SM_FREE_CLR(RealHostName);
RealHostName = newstr(b);
if (tTd(75, 2))
sm_syslog(LOG_INFO, NOQID, "x-connect: host=%s", b);
*p = delim;
b = p;
if (*p != ' ')
return D_XCNCT;
while (*p != '\0' && isascii(*p) && isspace(*p))
p++;
if (tTd(75, 4))
{
char *e;
e = strpbrk(p, "\r\n");
if (e != NULL)
*e = '\0';
sm_syslog(LOG_INFO, NOQID, "x-connect: rest=%s", p);
}
if (*p == 'M')
return D_XCNCT_M;
return D_XCNCT;
}
#endif /* _FFR_XCNCT */

4
src/version.c
View File

@ -13,6 +13,6 @@
#include <sm/gen.h>
SM_RCSID("@(#)$Id: version.c,v 8.249 2013-11-27 00:38:50 ca Exp $")
SM_RCSID("@(#)$Id: version.c,v 8.250 2014-01-27 12:55:16 ca Exp $")
char Version[] = "8.14.9";
char Version[] = "8.15.1";