/* * driver.c -- generic driver for mail fetch method protocols * * Copyright 1997 by Eric S. Raymond * For license terms, see the file COPYING in this directory. */ #include "config.h" #include #include #include #include #include #if defined(STDC_HEADERS) #include #endif #if defined(HAVE_UNISTD_H) #include #endif #if defined(HAVE_STDARG_H) #include #else #include #endif #if defined(HAVE_ALLOCA_H) #include #endif #if defined(HAVE_SYS_ITIMER_H) #include #endif #include #include #ifdef HAVE_GETHOSTBYNAME #include #include "mx.h" #endif /* HAVE_GETHOSTBYNAME */ #ifdef SUNOS #include #endif #ifdef KERBEROS_V4 #include #include #include #include #endif /* KERBEROS_V4 */ #include "fetchmail.h" #include "socket.h" #include "smtp.h" /* BSD portability hack...I know, this is an ugly place to put it */ #if !defined(SIGCHLD) && defined(SIGCLD) #define SIGCHLD SIGCLD #endif #define SMTP_PORT 25 /* standard SMTP service port */ extern char *strstr(); /* needed on sysV68 R3V7.1. */ int fetchlimit; /* how often to tear down the server connection */ int batchcount; /* count of messages sent in current batch */ bool peek_capable; /* can we peek for better error recovery? */ static const struct method *protocol; static jmp_buf restart; char tag[TAGLEN]; static int tagnum; #define GENSYM (sprintf(tag, "a%04d", ++tagnum), tag) static char *shroud; /* string to shroud in debug output, if non-NULL */ static int mytimeout; /* value of nonreponse timeout */ static void set_timeout(int timeleft) /* reset the nonresponse-timeout */ { struct itimerval ntimeout; ntimeout.it_interval.tv_sec = ntimeout.it_interval.tv_usec = 0; ntimeout.it_value.tv_sec = timeleft; ntimeout.it_value.tv_usec = 0; setitimer(ITIMER_REAL, &ntimeout, (struct itimerval *)NULL); } static void timeout_handler (int signal) /* handle server-timeout SIGALRM signal */ { longjmp(restart, 1); } #define XMIT_ACCEPT 1 #define XMIT_REJECT 2 #define XMIT_ANTISPAM 3 static int accept_count, reject_count; #ifdef HAVE_RES_SEARCH #define MX_RETRIES 3 static int is_host_alias(const char *name, struct query *ctl) /* determine whether name is a DNS alias of the hostname */ { struct hostent *he; struct mxentry *mxp, *mxrecords; /* * The first two checks are optimizations that will catch a good * many cases. (1) check against the hostname the user * specified. Odds are good this will either be the mailserver's * FQDN or a suffix of it with the mailserver's domain's default * host name omitted. Then check the rest of the `also known as' * cache accumulated by previous DNS checks. This cache is primed * by the aka list option. * * (2) check against the mailserver's FQDN, in case * it's not the same as the declared hostname. * * Either of these on a mail address is definitive. Only if the * name doesn't match either is it time to call the bind library. * If this happens odds are good we're looking at an MX name. */ if (str_in_list(&ctl->server.lead_server->names, name)) return(TRUE); else if (strcmp(name, ctl->server.canonical_name) == 0) return(TRUE); else if (!ctl->server.dns) return(FALSE); /* * We know DNS service was up at the beginning of this poll cycle. * If it's down, our nameserver has crashed. We don't want to try * delivering the current message or anything else from this * mailbox until it's back up. */ else if ((he = gethostbyname(name)) != (struct hostent *)NULL) { if (strcmp(ctl->server.canonical_name, he->h_name) == 0) goto match; else return(FALSE); } else switch (h_errno) { case HOST_NOT_FOUND: /* specified host is unknown */ case NO_ADDRESS: /* valid, but does not have an IP address */ break; case NO_RECOVERY: /* non-recoverable name server error */ case TRY_AGAIN: /* temporary error on authoritative server */ default: if (outlevel != O_SILENT) putchar('\n'); /* terminate the progress message */ error(0, 0, "nameserver failure while looking for `%s' during poll of %s.", name, ctl->server.names->id); ctl->errcount++; break; } /* * We're only here if DNS was OK but the gethostbyname() failed * with a HOST_NOT_FOUND or NO_ADDRESS error. * Search for a name match on MX records pointing to the server. */ h_errno = 0; if ((mxrecords = getmxrecords(name)) == (struct mxentry *)NULL) { switch (h_errno) { case HOST_NOT_FOUND: /* specified host is unknown */ case NO_ADDRESS: /* valid, but does not have an IP address */ return(FALSE); break; case NO_RECOVERY: /* non-recoverable name server error */ case TRY_AGAIN: /* temporary error on authoritative server */ default: error(0, 0, "nameserver failure while looking for `%s' during poll of %s.", name, ctl->server.names->id); ctl->errcount++; break; } } else { for (mxp = mxrecords; mxp->name; mxp++) if (strcmp(ctl->server.canonical_name, mxp->name) == 0) goto match; return(FALSE); match:; } /* add this name to relevant server's `also known as' list */ save_str(&ctl->server.lead_server->names, -1, name); return(TRUE); } static void map_name(name, ctl, xmit_names) /* add given name to xmit_names if it matches declared localnames */ const char *name; /* name to map */ struct query *ctl; /* list of permissible aliases */ struct idlist **xmit_names; /* list of recipient names parsed out */ { const char *lname; lname = idpair_find(&ctl->localnames, name); if (!lname && ctl->wildcard) lname = name; if (lname != (char *)NULL) { if (outlevel == O_VERBOSE) error(0, 0, "mapped %s to local %s", name, lname); save_str(xmit_names, XMIT_ACCEPT, lname); accept_count++; } } void find_server_names(hdr, ctl, xmit_names) /* parse names out of a RFC822 header into an ID list */ const char *hdr; /* RFC822 header in question */ struct query *ctl; /* list of permissible aliases */ struct idlist **xmit_names; /* list of recipient names parsed out */ { if (hdr == (char *)NULL) return; else { char *cp; if ((cp = nxtaddr(hdr)) != (char *)NULL) do { char *atsign; if ((atsign = strchr(cp, '@'))) { struct idlist *idp; /* * Does a trailing segment of the hostname match something * on the localdomains list? If so, save the whole name * and keep going. */ for (idp = ctl->server.localdomains; idp; idp = idp->next) { char *rhs; rhs = atsign + (strlen(atsign) - strlen(idp->id)); if ((rhs[-1] == '.' || rhs[-1] == '@') && strcasecmp(rhs, idp->id) == 0) { if (outlevel == O_VERBOSE) error(0, 0, "passed through %s matching %s", cp, idp->id); save_str(xmit_names, XMIT_ACCEPT, cp); accept_count++; continue; } } /* * Check to see if the right-hand part is an alias * or MX equivalent of the mailserver. If it's * not, skip this name. If it is, we'll keep * going and try to find a mapping to a client name. */ if (!is_host_alias(atsign+1, ctl)) { save_str(xmit_names, XMIT_REJECT, cp); reject_count++; continue; } atsign[0] = '\0'; } map_name(cp, ctl, xmit_names); } while ((cp = nxtaddr((char *)NULL)) != (char *)NULL); } } char *parse_received(struct query *ctl, char *bufp) /* try to extract real addressee from the Received line */ { char *ok; static char rbuf[HOSTLEN + USERNAMELEN + 4]; /* * Try to extract the real envelope addressee. We look here * specifically for the mailserver's Received line. * Note: this will only work for sendmail, or an MTA that * shares sendmail's convention for embedding the envelope * address in the Received line. Sendmail itself only * does this when the mail has a single recipient. */ if ((ok = strstr(bufp, "by ")) == (char *)NULL) ok = (char *)NULL; else { char *sp, *tp; /* extract space-delimited token after "by " */ for (sp = ok + 3; isspace(*sp); sp++) continue; tp = rbuf; for (; !isspace(*sp); sp++) *tp++ = *sp; *tp = '\0'; /* * If it's a DNS name of the mail server, look for the * recipient name after a following "for". Otherwise * punt. */ if (is_host_alias(rbuf, ctl)) ok = strstr(sp, "for "); else ok = (char *)NULL; } if (ok != 0) { char *sp, *tp; tp = rbuf; sp = ok + 4; if (*sp == '<') sp++; while (*sp && *sp != '>' && *sp != '@' && *sp != ';') if (!isspace(*sp)) *tp++ = *sp++; else { /* uh oh -- whitespace here can't be right! */ ok = (char *)NULL; break; } *tp = '\0'; } if (!ok) return(NULL); else { if (outlevel == O_VERBOSE) error(0, 0, "found Received address `%s'", rbuf); return(rbuf); } } #endif /* HAVE_RES_SEARCH */ int smtp_open(struct query *ctl) /* try to open a socket to the appropriate SMTP server for this query */ { struct idlist *idp; /* maybe it's time to close the socket in order to force delivery */ if (ctl->batchlimit > 0 && (ctl->smtp_socket != -1) && batchcount++ == ctl->batchlimit) { close(ctl->smtp_socket); ctl->smtp_socket = -1; batchcount = 0; } /* run down the SMTP hunt list looking for a server that's up */ for (idp = ctl->smtphunt; idp; idp = idp->next) { /* * RFC 1123 requires that the domain name in HELO address is a * "valid principal domain name" for the client host. We * violate this with malice aforethought in order to make the * Received headers and logging look right. * * In fact this code relies on the RFC1123 requirement that the * SMTP listener must accept messages even if verification of the * HELO name fails (RFC1123 section 5.2.5, paragraph 2). */ /* if no socket to this host is already set up, try to open ESMTP */ if (ctl->smtp_socket == -1) { if ((ctl->smtp_socket = SockOpen(idp->id,SMTP_PORT)) == -1) continue; else if (SMTP_ok(ctl->smtp_socket) != SM_OK || SMTP_ehlo(ctl->smtp_socket, ctl->server.names->id, &ctl->server.esmtp_options) != SM_OK) { /* * RFC 1869 warns that some listeners hang up on a failed EHLO, * so it's safest not to assume the socket will still be good. */ close(ctl->smtp_socket); ctl->smtp_socket = -1; } else { ctl->smtphost = idp->id; break; } } /* if opening for ESMTP failed, try SMTP */ if (ctl->smtp_socket == -1) { if ((ctl->smtp_socket = SockOpen(idp->id,SMTP_PORT)) == -1) continue; else if (SMTP_ok(ctl->smtp_socket) != SM_OK || SMTP_helo(ctl->smtp_socket, ctl->server.names->id) != SM_OK) { close(ctl->smtp_socket); ctl->smtp_socket = -1; } else { ctl->smtphost = idp->id; break; } } } return(ctl->smtp_socket); } /* these are shared by readheaders and readbody */ static FILE *sinkfp; static RETSIGTYPE (*sigchld)(); static int sizeticker; static int readheaders(sock, len, ctl, realname) /* read message headers and ship to SMTP or MDA */ int sock; /* to which the server is connected */ long len; /* length of message */ struct query *ctl; /* query control record */ char *realname; /* real name of host */ { char buf[MSGBUFSIZE+1], return_path[MSGBUFSIZE+1]; int from_offs, ctt_offs, env_offs, addressoffs[128], next_address; char *headers, *received_for; int n, linelen, oldlen, ch, remaining; char *cp; struct idlist *idp, *xmit_names; bool good_addresses, bad_addresses, has_nuls; #ifdef HAVE_RES_SEARCH bool no_local_matches = FALSE; #endif /* HAVE_RES_SEARCH */ int olderrs; next_address = sizeticker = 0; has_nuls = FALSE; return_path[0] = '\0'; olderrs = ctl->errcount; /* read message headers */ headers = received_for = NULL; from_offs = ctt_offs = env_offs = -1; oldlen = 0; for (remaining = len; remaining > 0; remaining -= linelen) { char *line; line = xmalloc(sizeof(buf)); linelen = 0; line[0] = '\0'; do { if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) return(PS_SOCKET); linelen += n; /* lines may not be properly CRLF terminated; fix this for qmail */ if (ctl->forcecr) { cp = buf + strlen(buf) - 1; if (*cp == '\n' && (cp == buf || cp[-1] != '\r')) { *cp++ = '\r'; *cp++ = '\n'; *cp++ = '\0'; } } set_timeout(ctl->server.timeout); /* leave extra room for reply_hack to play with */ line = (char *) realloc(line, strlen(line) + strlen(buf) + HOSTLEN + 1); strcat(line, buf); if (line[0] == '\r' && line[1] == '\n') break; } while /* we may need to grab RFC822 continuations */ ((ch = SockPeek(sock)) == ' ' || ch == '\t'); /* write the message size dots */ if ((outlevel > O_SILENT && outlevel < O_VERBOSE) && linelen > 0) { sizeticker += linelen; while (sizeticker >= SIZETICKER) { error_build("."); sizeticker -= SIZETICKER; } } if (linelen != strlen(line)) has_nuls = TRUE; /* check for end of headers; don't save terminating line */ if (line[0] == '\r' && line[1] == '\n') { free(line); break; } /* * This code prevents fetchmail from becoming an accessory after * the fact to upstream sendmails with the `E' option on. This * can result in an escaped Unix From_ line at the beginning of * the headers. If fetchmail just passes it through, the client * listener may think the message has *no* headers (since the first) * line it sees doesn't look RFC822-conformant) and fake up a set. * * What the user would see in this case is bogus (synthesized) * headers, followed by a blank line, followed by the >From, * followed by the real headers, followed by a blank line, * followed by text. * * We forestall this lossage by tossing anything that looks * like an escaped From_ line in headers. These aren't RFC822 * so our conscience is clear... */ if (!strncasecmp(line, ">From ", 6)) { free(line); continue; } /* * OK, this is messy. If we're forwarding by SMTP, it's the * SMTP-receiver's job (according to RFC821, page 22, section * 4.1.1) to generate a Return-Path line on final delivery. * The trouble is, we've already got one because the * mailserver's SMTP thought *it* was responsible for final * delivery. * * Stash away the contents of Return-Path for use in generating * MAIL FROM later on, then prevent the header from being saved * with the others. In effect, we strip it off here. * * If the SMTP server conforms to the standards, and fetchmail gets the * envelope sender from the Return-Path, the new Return-Path should be * exactly the same as the original one. */ if (!ctl->mda && !strncasecmp("Return-Path:", line, 12)) { strcpy(return_path, nxtaddr(line)); free(line); continue; } if (ctl->rewrite) reply_hack(line, realname); if (!headers) { oldlen = strlen(line); headers = xmalloc(oldlen + 1); (void) strcpy(headers, line); free(line); line = headers; } else { int newlen; newlen = oldlen + strlen(line); headers = (char *) realloc(headers, newlen + 1); if (headers == NULL) return(PS_IOERR); strcpy(headers + oldlen, line); free(line); line = headers + oldlen; oldlen = newlen; } if (from_offs == -1 && !strncasecmp("From:", line, 5)) from_offs = (line - headers); else if (from_offs == -1 && !strncasecmp("Resent-From:", line, 12)) from_offs = (line - headers); else if (from_offs == -1 && !strncasecmp("Apparently-From:", line, 16)) from_offs = (line - headers); else if (ctl->server.envelope != STRING_DISABLED && env_offs == -1 && !strncasecmp(ctl->server.envelope, line, strlen(ctl->server.envelope))) env_offs = (line - headers); else if (!strncasecmp("To:", line, 3)) { if (next_address >= sizeof(addressoffs)/sizeof(addressoffs[0])) error(PS_UNDEFINED, errno, "too many destination headers"); addressoffs[next_address++] = (line - headers); } else if (!strncasecmp("Cc:", line, 3)) { if (next_address >= sizeof(addressoffs)/sizeof(addressoffs[0])) error(PS_UNDEFINED, errno, "too many destination headers"); addressoffs[next_address++] = (line - headers); } else if (!strncasecmp("Bcc:", line, 4)) { if (next_address >= sizeof(addressoffs)/sizeof(addressoffs[0])) error(PS_UNDEFINED, errno, "too many destination headers"); addressoffs[next_address++] = (line - headers); } else if (!strncasecmp("Content-Transfer-Encoding:", line, 26)) ctt_offs = (line - headers); #ifdef HAVE_RES_SEARCH else if (MULTIDROP(ctl) && !received_for && !strncasecmp("Received:", line, 9)) received_for = parse_received(ctl, line); #endif /* HAVE_RES_SEARCH */ } /* * Hack time. If the first line of the message was blank, with no headers * (this happens occasionally due to bad gatewaying software) cons up * a set of fake headers. * * If you modify the fake header template below, be sure you don't * make either From or To address @-less, otherwise the reply_hack * logic will do bad things. */ if (headers == (char *)NULL) { sprintf(buf, "From: \r\nTo: %s@localhost\r\nSubject: Headerless mail from %s's mailbox on %s\r\n", fetchmailhost, user, ctl->remotename, realname); headers = xstrdup(buf); } /* * We can now process message headers before reading the text. * In fact we have to, as this will tell us where to forward to. */ /* cons up a list of local recipients */ xmit_names = (struct idlist *)NULL; bad_addresses = good_addresses = accept_count = reject_count = 0; #ifdef HAVE_RES_SEARCH /* is this a multidrop box? */ if (MULTIDROP(ctl)) { if (env_offs > -1) /* We have the actual envelope addressee */ find_server_names(headers + env_offs, ctl, &xmit_names); else if (received_for) /* * We have the Received for addressee. * It has to be a mailserver address, or we * wouldn't have got here. */ map_name(received_for, ctl, &xmit_names); else { int i; /* * We haven't extracted the envelope address. * So check all the header addresses. */ for (i = 0; i < next_address; i++) find_server_names(headers + addressoffs[i], ctl, &xmit_names); } if (!accept_count) { no_local_matches = TRUE; save_str(&xmit_names, XMIT_ACCEPT, user); if (outlevel == O_VERBOSE) error(0, 0, "no local matches, forwarding to %s", user); } } else /* it's a single-drop box, use first localname */ #endif /* HAVE_RES_SEARCH */ save_str(&xmit_names, XMIT_ACCEPT, ctl->localnames->id); /* * Time to either address the message or decide we can't deliver it yet. */ if (ctl->errcount > olderrs) /* there were DNS errors above */ { if (outlevel == O_VERBOSE) error(0,0, "forwarding and deletion suppressed due to DNS errors"); free(headers); return(PS_TRANSIENT); } else if (ctl->mda) /* we have a declared MDA */ { int length = 0; char *names, *cmd; /* * We go through this in order to be able to handle very * long lists of users and (re)implement %s. */ for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_ACCEPT) length += (strlen(idp->id) + 1); names = (char *)alloca(length); names[0] = '\0'; for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_ACCEPT) { strcat(names, idp->id); strcat(names, " "); } cmd = (char *)alloca(strlen(ctl->mda) + length); sprintf(cmd, ctl->mda, names); if (outlevel == O_VERBOSE) error(0, 0, "about to deliver with: %s", cmd); #ifdef HAVE_SETEUID /* * Arrange to run with user's permissions if we're root. * This will initialize the ownership of any files the * MDA creates properly. (The seteuid call is available * under all BSDs and Linux) */ seteuid(ctl->uid); #endif /* HAVE_SETEUID */ sinkfp = popen(cmd, "w"); #ifdef HAVE_SETEUID /* this will fail quietly if we didn't start as root */ seteuid(0); #endif /* HAVE_SETEUID */ if (!sinkfp) { error(0, -1, "MDA open failed"); return(PS_IOERR); } sigchld = signal(SIGCHLD, SIG_DFL); } else { char *ap, *ctt, options[MSGBUFSIZE]; /* build a connection to the SMTP listener */ if ((smtp_open(ctl) == -1)) { free_str_list(&xmit_names); error(0, -1, "SMTP connect to %s failed", ctl->smtphost ? ctl->smtphost : "localhost"); return(PS_SMTP); } /* * Compute ESMTP options. It's a kluge to use nxtaddr() * here because the contents of the Content-Transfer-Encoding * headers isn't semantically an address. But it has the * desired tokenizing effect. */ options[0] = '\0'; if (ctl->server.esmtp_options & ESMTP_8BITMIME) if (ctl->pass8bits) sprintf(options, " BODY=8BITMIME"); else if ((ctt_offs >= 0) && (ctt = nxtaddr(headers + ctt_offs))) { if (!strcasecmp(ctt,"7BIT")) sprintf(options, " BODY=7BIT"); else if (!strcasecmp(ctt,"8BIT")) sprintf(options, " BODY=8BITMIME"); } if ((ctl->server.esmtp_options & ESMTP_SIZE)) sprintf(options + strlen(options), " SIZE=%ld", len); /* * If there is a Return-Path address on the message, this was * almost certainly the MAIL FROM address given the originating * sendmail. This is the best thing to use for logging the * message origin (it sets up the right behavior for bounces and * mailing lists). Otherwise, take the From address. * * Try to get the SMTP listener to take the Return-Path or * From address as MAIL FROM . If it won't, fall back on the * calling-user ID. This won't affect replies, which use the * header From address anyway. * * RFC 1123 requires that the domain name part of the * MAIL FROM address be "canonicalized", that is a * FQDN or MX but not a CNAME. We'll assume the From * header is already in this form here (it certainly * is if rewrite is on). RFC 1123 is silent on whether * a nonexistent hostname part is considered canonical. * * This is a potential problem if the MTAs further upstream * didn't pass canonicalized From/Return-Path lines, *and* the * local SMTP listener insists on them. */ ap = (char *)NULL; if (return_path[0]) ap = return_path; else if (from_offs == -1 || !(ap = nxtaddr(headers + from_offs))) ap = user; if (SMTP_from(ctl->smtp_socket, ap, options) != SM_OK) { int smtperr = atoi(smtp_response); /* * Suppress error message only if the response specifically * means `excluded for policy reasons'. We *should* see * an error when the return code is less specific. */ if (smtperr >= 400 && smtperr != 571) error(0, -1, "SMTP error: %s", smtp_response); switch (smtperr) { case 571: /* sendmail's "unsolicited email refused" */ case 501: /* exim's old antispam response */ case 550: /* exim's new antispam response (temporary) */ /* * SMTP listener explicitly refuses to deliver * mail coming from this address, probably due * to an anti-spam domain exclusion. Respect * this. Don't try to ship the message, and * don't prevent it from being deleted. */ free(headers); return(PS_REFUSED); case 452: /* insufficient system storage */ /* * Temporary out-of-queue-space condition on the * ESMTP server. Don't try to ship the message, * and suppress deletion so it can be retried on * a future retrieval cycle. */ SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ free(headers); return(PS_TRANSIENT); case 552: /* message exceeds fixed maximum message size */ /* * Permanent no-go condition on the * ESMTP server. Don't try to ship the message, * and allow it to be deleted. */ SMTP_rset(ctl->smtp_socket); /* required by RFC1870 */ free(headers); return(PS_REFUSED); default: /* retry with invoking user's address */ if (SMTP_from(ctl->smtp_socket, user, options) != SM_OK) { error(0, -1, "SMTP error: %s", smtp_response); free(headers); return(PS_SMTP); /* should never happen */ } } } /* * Now list the recipient addressees * * RFC 1123 requires that the domain name part of the * RCPT TO address be "canonicalized", that is a FQDN * or MX but not a CNAME. RFC1123 doesn't say whether * the FQDN part can be null (as it frequently will be * here), but it's hard to see how this could cause a * problem. */ for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_ACCEPT) if (SMTP_rcpt(ctl->smtp_socket, idp->id) == SM_OK) good_addresses++; else { bad_addresses++; idp->val.num = XMIT_ANTISPAM; error(0, 0, "SMTP listener doesn't like recipient address `%s'", idp->id); } if (!good_addresses && SMTP_rcpt(ctl->smtp_socket, user) != SM_OK) { error(0, 0, "can't even send to calling user!"); free(headers); return(PS_SMTP); } /* tell it we're ready to send data */ SMTP_data(ctl->smtp_socket); } /* we may need to strip carriage returns */ if (ctl->stripcr) { char *sp, *tp; for (sp = tp = headers; *sp; sp++) if (*sp != '\r') *tp++ = *sp; *tp = '\0'; } /* write all the headers */ n = 0; if (ctl->mda && sinkfp) n = fwrite(headers, 1, strlen(headers), sinkfp); else if (ctl->smtp_socket != -1) n = SockWrite(ctl->smtp_socket, headers, strlen(headers)); free(headers); if (n < 0) { error(0, errno, "writing RFC822 headers"); if (ctl->mda) { pclose(sinkfp); signal(SIGCHLD, sigchld); } return(PS_IOERR); } else if (outlevel == O_VERBOSE) fputs("#", stderr); /* write error notifications */ #ifdef HAVE_RES_SEARCH if (no_local_matches || has_nuls || bad_addresses) #else if (has_nuls || bad_addresses) #endif /* HAVE_RES_SEARCH */ { int errlen = 0; char errhd[USERNAMELEN + POPBUFSIZE], *errmsg; errmsg = errhd; (void) strcpy(errhd, "X-Fetchmail-Warning: "); #ifdef HAVE_RES_SEARCH if (no_local_matches) { if (reject_count != 1) strcat(errhd, "no recipient addresses matched declared local names"); else { for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_REJECT) break; sprintf(errhd+strlen(errhd), "recipient address %s didn't match any local name", idp->id); } } #endif /* HAVE_RES_SEARCH */ if (has_nuls) { if (errhd[sizeof("X-Fetchmail-Warning: ")]) strcat(errhd, "; "); strcat(errhd, "message has embedded NULs"); } if (bad_addresses) { if (errhd[sizeof("X-Fetchmail-Warning: ")]) strcat(errhd, "; "); strcat(errhd, "SMTP listener rejected local recipient addresses: "); errlen = strlen(errhd); for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_ANTISPAM) errlen += strlen(idp->id) + 2; errmsg = alloca(errlen+3); (void) strcpy(errmsg, errhd); for (idp = xmit_names; idp; idp = idp->next) if (idp->val.num == XMIT_ANTISPAM) { strcat(errmsg, idp->id); if (idp->next) strcat(errmsg, ", "); } } if (ctl->mda && !ctl->forcecr) strcat(errmsg, "\n"); else strcat(errmsg, "\r\n"); /* we may need to strip carriage returns */ if (ctl->stripcr) { char *sp, *tp; for (sp = tp = errmsg; *sp; sp++) if (*sp != '\r') *tp++ = *sp; *tp = '\0'; } /* ship out the error line */ if (sinkfp) { if (ctl->mda) fwrite(errmsg, sizeof(char), strlen(errmsg), sinkfp); else SockWrite(ctl->smtp_socket, errmsg, strlen(errmsg)); } } free_str_list(&xmit_names); /* issue the delimiter line */ if (sinkfp && ctl->mda) fputc('\n', sinkfp); else if (ctl->smtp_socket != -1) { if (ctl->stripcr) SockWrite(ctl->smtp_socket, "\n", 1); else SockWrite(ctl->smtp_socket, "\r\n", 2); } return(PS_SUCCESS); } static int readbody(sock, ctl, forward, len, delimited) /* read and dispose of a message body presented on sock */ struct query *ctl; /* query control record */ int sock; /* to which the server is connected */ int len; /* length of message */ bool forward; /* TRUE to forward */ bool delimited; /* does the protocol use a message delimiter? */ { int linelen; char buf[MSGBUFSIZE+1], *cp; /* pass through the text lines */ while (delimited || len > 0) { if ((linelen = SockRead(sock, buf, sizeof(buf)-1)) == -1) return(PS_SOCKET); set_timeout(ctl->server.timeout); /* write the message size dots */ if (linelen > 0) { sizeticker += linelen; while (sizeticker >= SIZETICKER) { if (outlevel > O_SILENT) error_build("."); sizeticker -= SIZETICKER; } } len -= linelen; /* fix messages that have only \n line-termination (for qmail) */ if (ctl->forcecr) { cp = buf + strlen(buf) - 1; if (*cp == '\n' && (cp == buf || cp[-1] != '\r')) { *cp++ = '\r'; *cp++ = '\n'; *cp++ = '\0'; } } /* check for end of message */ if (delimited && *buf == '.') if (buf[1] == '\r' && buf[2] == '\n') break; /* ship out the text line */ if (forward) { int n; /* * SMTP byte-stuffing. We only do this if the protocol does *not* * use . as EOM. If it does, the server will already have * decorated any . lines it sends back up. */ if (!delimited && *buf == '.') if (sinkfp && ctl->mda) fputs(".", sinkfp); else if (ctl->smtp_socket != -1) SockWrite(ctl->smtp_socket, buf, 1); /* we may need to strip carriage returns */ if (ctl->stripcr) { char *sp, *tp; for (sp = tp = buf; *sp; sp++) if (*sp != '\r') *tp++ = *sp; *tp = '\0'; } n = 0; if (ctl->mda) n = fwrite(buf, 1, strlen(buf), sinkfp); else if (ctl->smtp_socket != -1) n = SockWrite(ctl->smtp_socket, buf, strlen(buf)); if (n < 0) { error(0, errno, "writing message text"); if (ctl->mda) { pclose(sinkfp); signal(SIGCHLD, sigchld); } return(PS_IOERR); } else if (outlevel == O_VERBOSE) fputc('*', stderr); } } return(PS_SUCCESS); } #ifdef KERBEROS_V4 int kerberos_auth (socket, canonical) /* authenticate to the server host using Kerberos V4 */ int socket; /* socket to server host */ const char *canonical; /* server name */ { char * host_primary; KTEXT ticket; MSG_DAT msg_data; CREDENTIALS cred; Key_schedule schedule; int rem; ticket = ((KTEXT) (malloc (sizeof (KTEXT_ST)))); rem = (krb_sendauth (0L, socket, ticket, "pop", canonical, ((char *) (krb_realmofhost (canonical))), ((unsigned long) 0), (&msg_data), (&cred), (schedule), ((struct sockaddr_in *) 0), ((struct sockaddr_in *) 0), "KPOPV0.1")); free (ticket); if (rem != KSUCCESS) { error(0, -1, "kerberos error %s", (krb_get_err_text (rem))); return (PS_ERROR); } return (0); } #endif /* KERBEROS_V4 */ int do_protocol(ctl, proto) /* retrieve messages from server using given protocol method table */ struct query *ctl; /* parsed options with merged-in defaults */ const struct method *proto; /* protocol method table */ { int ok, js, pst, sock = -1; char *msg, *cp, realname[HOSTLEN]; void (*sigsave)(); #ifndef KERBEROS_V4 if (ctl->server.preauthenticate == A_KERBEROS_V4) { error(0, -1, "Kerberos V4 support not linked."); return(PS_ERROR); } #endif /* KERBEROS_V4 */ /* lacking methods, there are some options that may fail */ if (!proto->is_old) { /* check for unsupported options */ if (ctl->flush) { error(0, 0, "Option --flush is not supported with %s", proto->name); return(PS_SYNTAX); } else if (ctl->fetchall) { error(0, 0, "Option --all is not supported with %s", proto->name); return(PS_SYNTAX); } } if (!proto->getsizes && ctl->limit) { error(0, 0, "Option --limit is not supported with %s", proto->name); return(PS_SYNTAX); } protocol = proto; tagnum = 0; tag[0] = '\0'; /* nuke any tag hanging out from previous query */ ok = 0; error_init(poll_interval == 0 && !logfile); /* set up the server-nonresponse timeout */ sigsave = signal(SIGALRM, timeout_handler); set_timeout(mytimeout = ctl->server.timeout); if ((js = setjmp(restart)) == 1) { error(0, 0, "timeout after %d seconds waiting for %s.", ctl->server.timeout, ctl->server.names->id); if (ctl->smtp_socket != -1) close(ctl->smtp_socket); if (sock != -1) close(sock); ok = PS_ERROR; } else { char buf [POPBUFSIZE+1], *sp; int *msgsizes, len, num, count, new, deletions = 0; int port, fetches; struct idlist *idp; /* execute pre-initialization command, if any */ if (ctl->preconnect && (ok = system(ctl->preconnect))) { sprintf(buf, "pre-connection command failed with status %d", ok); error(0, 0, buf); ok = PS_SYNTAX; goto closeUp; } /* open a socket to the mail server */ port = ctl->server.port ? ctl->server.port : protocol->port; if ((sock = SockOpen(ctl->server.names->id, port)) == -1) { #ifndef EHOSTUNREACH #define EHOSTUNREACH (-1) #endif if (outlevel == O_VERBOSE || errno != EHOSTUNREACH) error(0, errno, "connecting to host"); ok = PS_SOCKET; goto closeUp; } #ifdef KERBEROS_V4 if (ctl->server.preauthenticate == A_KERBEROS_V4) { ok = kerberos_auth(sock, ctl->server.canonical_name); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); } #endif /* KERBEROS_V4 */ /* accept greeting message from mail server */ ok = (protocol->parse_response)(sock, buf); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); /* * Try to parse the host's actual name out of the greeting * message. We do this so that the progress messages will * make sense even if the connection is indirected through * ssh. *Do* use this for hacking reply headers, but *don't* * use it for error logging, as the names in the log should * correlate directly back to rc file entries. * * This assumes that the first space-delimited token found * that contains at least two dots (with the characters on * each side of the dot alphanumeric to exclude version * numbers) is the hostname. The hostname candidate may not * contain @ -- if it does it's probably a mailserver * maintainer's name. If no such token is found, fall back on * the .fetchmailrc id. */ pst = 0; sp = (char *)NULL; /* sacrifice to -Wall */ for (cp = buf; *cp; cp++) { switch (pst) { case 0: /* skip to end of current token */ if (*cp == ' ') pst = 1; break; case 1: /* look for blank-delimited token */ if (*cp != ' ') { sp = cp; pst = 2; } break; case 2: /* look for first dot */ if (*cp == '@') pst = 0; else if (*cp == ' ') pst = 1; else if (*cp == '.' && isalpha(cp[1]) && isalpha(cp[-1])) pst = 3; break; case 3: /* look for second dot */ if (*cp == '@') pst = 0; else if (*cp == ' ') pst = 1; else if (*cp == '.' && isalpha(cp[1]) && isalpha(cp[-1])) pst = 4; break; case 4: /* look for trailing space */ if (*cp == '@') pst = 0; else if (*cp == ' ') { pst = 5; goto done; } break; } } done: if (pst == 5) { char *tp = realname; while (sp < cp) *tp++ = *sp++; *tp = '\0'; } else strcpy(realname, ctl->server.names->id); /* try to get authorized to fetch mail */ if (protocol->getauth) { shroud = ctl->password; ok = (protocol->getauth)(sock, ctl, buf); shroud = (char *)NULL; if (ok == PS_ERROR) ok = PS_AUTHFAIL; if (ok != 0) { error(0, -1, "Authorization failure on %s@%s", ctl->remotename, realname); goto cleanUp; } set_timeout(ctl->server.timeout); } ctl->errcount = fetches = 0; /* now iterate over each folder selected */ for (idp = ctl->mailboxes; idp; idp = idp->next) { if (outlevel >= O_VERBOSE) if (idp->next) error(0, 0, "selecting folder %s"); else error(0, 0, "selecting default folder"); /* compute number of messages and number of new messages waiting */ ok = (protocol->getrange)(sock, ctl, idp->id, &count, &new); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); /* show user how many messages we downloaded */ if (idp->id) (void) sprintf(buf, "%s@%s:%s", ctl->remotename, realname, idp->id); else (void) sprintf(buf, "%s@%s", ctl->remotename, realname); if (outlevel > O_SILENT) if (count == -1) /* only used for ETRN */ error(0, 0, "Polling %s", buf); else if (count == 0) error(0, 0, "No mail at %s", buf); else { if (new != -1 && (count - new) > 0) error(0, 0, "%d message%s (%d seen) at %s.", count, count > 1 ? "s" : "", count-new, buf); else error(0, 0, "%d message%s at %s.", count, count > 1 ? "s" : "", buf); } if (check_only) { if (new == -1 || ctl->fetchall) new = count; ok = ((new > 0) ? PS_SUCCESS : PS_NOMAIL); goto cleanUp; } else if (count > 0) { bool force_retrieval; /* * What forces this code is that in POP3 and IMAP2BIS you can't * fetch a message without having it marked `seen'. In IMAP4, * on the other hand, you can (peek_capable is set to convey * this). * * The result of being unable to peek is that if there's * any kind of transient error (DNS lookup failure, or * sendmail refusing delivery due to process-table limits) * the message will be marked "seen" on the server without * having been delivered. This is not a big problem if * fetchmail is running in foreground, because the user * will see a "skipped" message when it next runs and get * clued in. * * But in daemon mode this leads to the message being silently * ignored forever. This is not acceptable. * * We compensate for this by checking the error count from the * previous pass and forcing all messages to be considered new * if it's nonzero. */ force_retrieval = !peek_capable && (ctl->errcount > 0); /* * We may need to get sizes in order to check message * limits. Or it may be forced because the fetch methods * don't return reliable sizes. */ msgsizes = (int *)NULL; if (proto->getsizes && (proto->force_getsizes || ctl->limit > 0)) { msgsizes = (int *)alloca(sizeof(int) * count); ok = (proto->getsizes)(sock, count, msgsizes); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); } /* read, forward, and delete messages */ for (num = 1; num <= count; num++) { bool toolarge = (ctl->limit > 0) && msgsizes && (msgsizes[num-1] > ctl->limit); bool fetch_it = !toolarge && (ctl->fetchall || force_retrieval || !(protocol->is_old && (protocol->is_old)(sock,ctl,num))); bool suppress_delete = FALSE; bool suppress_forward = FALSE; /* we may want to reject this message if it's old */ if (!fetch_it) { if (outlevel > O_SILENT) { error_build("skipping message %d", num); if (toolarge) error_build(" (oversized, %d bytes)", msgsizes[num-1]); } } else { bool wholesize = !protocol->fetch_body; /* request a message */ ok = (protocol->fetch_headers)(sock, ctl, num, &len); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); /* -1 means we didn't see a size in the response */ if (len == -1 && msgsizes) { len = msgsizes[num - 1]; wholesize = TRUE; } if (outlevel > O_SILENT) { error_build("reading message %d", num); if (len > 0) error_build(" (%d %sbytes)", len, wholesize ? "" : "header "); if (outlevel == O_VERBOSE) error_complete(0, 0, ""); else error_build(" "); } /* * Read the message headers and ship them to the * output sink. */ ok = readheaders(sock, len, ctl, realname); if (ok == PS_TRANSIENT) suppress_delete = TRUE; else if (ok == PS_REFUSED) suppress_forward = TRUE; else if (ok) goto cleanUp; set_timeout(ctl->server.timeout); /* * If we're using IMAP4 or something else that * can fetch headers separately from bodies, * it's time to request the body now. This * fetch may be skipped if we got an anti-spam * or other PS_REFUSED error response during * read_headers. */ if (protocol->fetch_body) { if ((ok = (protocol->trail)(sock, ctl, num))) goto cleanUp; set_timeout(ctl->server.timeout); len = 0; if (!suppress_forward) { if ((ok=(protocol->fetch_body)(sock,ctl,num,&len))) goto cleanUp; if (outlevel > O_SILENT && !msgsizes) error_build(" (%d body bytes) ", len); set_timeout(ctl->server.timeout); } } /* process the body now */ if (len > 0) { ok = readbody(sock, ctl, !suppress_forward, len, protocol->delimited); if (ok == PS_TRANSIENT) suppress_delete = TRUE; else if (ok) goto cleanUp; set_timeout(ctl->server.timeout); /* tell server we got it OK and resynchronize */ if (protocol->trail) { ok = (protocol->trail)(sock, ctl, num); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); } } /* end-of-message processing starts here */ if (outlevel == O_VERBOSE) fputc('\n', stderr); if (ctl->mda) { int rc; /* close the delivery pipe, we'll reopen before next message */ rc = pclose(sinkfp); signal(SIGCHLD, sigchld); if (rc) { error(0, -1, "MDA exited abnormally or returned nonzero status"); goto cleanUp; } } else if (!suppress_forward) { /* write message terminator */ if (SMTP_eom(ctl->smtp_socket) != SM_OK) { error(0, -1, "SMTP listener refused delivery"); ctl->errcount++; suppress_delete = TRUE; } } fetches++; } /* * At this point in flow of control, either we've bombed * on a protocol error or had delivery refused by the SMTP * server (unlikely -- I've never seen it) or we've seen * `accepted for delivery' and the message is shipped. * It's safe to mark the message seen and delete it on the * server now. */ /* maybe we delete this message now? */ if (protocol->delete && !suppress_delete && (fetch_it ? !ctl->keep : ctl->flush)) { deletions++; if (outlevel > O_SILENT) error_complete(0, 0, " flushed"); ok = (protocol->delete)(sock, ctl, num); if (ok != 0) goto cleanUp; set_timeout(ctl->server.timeout); delete_str(&ctl->newsaved, num); } else if (outlevel > O_SILENT) error_complete(0, 0, " not flushed"); /* perhaps this as many as we're ready to handle */ if (ctl->fetchlimit > 0 && ctl->fetchlimit <= fetches) goto no_error; } } } no_error: set_timeout(ctl->server.timeout); ok = gen_transact(sock, protocol->exit_cmd); if (ok == 0) ok = (fetches > 0) ? PS_SUCCESS : PS_NOMAIL; set_timeout(0); close(sock); goto closeUp; cleanUp: set_timeout(ctl->server.timeout); if (ok != 0 && ok != PS_SOCKET) gen_transact(sock, protocol->exit_cmd); set_timeout(0); close(sock); } msg = (char *)NULL; /* sacrifice to -Wall */ switch (ok) { case PS_SOCKET: msg = "socket"; break; case PS_AUTHFAIL: msg = "authorization"; break; case PS_SYNTAX: msg = "missing or bad RFC822 header"; break; case PS_IOERR: msg = "MDA"; break; case PS_ERROR: msg = "client/server synchronization"; break; case PS_PROTOCOL: msg = "client/server protocol"; break; case PS_SMTP: msg = "SMTP transaction"; break; case PS_UNDEFINED: error(0, 0, "undefined"); break; } if (ok==PS_SOCKET || ok==PS_AUTHFAIL || ok==PS_SYNTAX || ok==PS_IOERR || ok==PS_ERROR || ok==PS_PROTOCOL || ok==PS_SMTP) error(0, -1, "%s error while fetching from %s", msg, ctl->server.names->id); closeUp: signal(SIGALRM, sigsave); return(ok); } #if defined(HAVE_STDARG_H) void gen_send(int sock, char *fmt, ... ) /* assemble command in printf(3) style and send to the server */ #else void gen_send(sock, fmt, va_alist) /* assemble command in printf(3) style and send to the server */ int sock; /* socket to which server is connected */ const char *fmt; /* printf-style format */ va_dcl #endif { char buf [POPBUFSIZE+1]; va_list ap; if (protocol->tagged) (void) sprintf(buf, "%s ", GENSYM); else buf[0] = '\0'; #if defined(HAVE_STDARG_H) va_start(ap, fmt) ; #else va_start(ap); #endif vsprintf(buf + strlen(buf), fmt, ap); va_end(ap); strcat(buf, "\r\n"); SockWrite(sock, buf, strlen(buf)); if (outlevel == O_VERBOSE) { char *cp; if (shroud && shroud[0] && (cp = strstr(buf, shroud))) { char *sp; sp = cp + strlen(shroud); *cp++ = '*'; while (*sp) *cp++ = *sp++; *cp = '\0'; } buf[strlen(buf)-2] = '\0'; error(0, 0, "%s> %s", protocol->name, buf); } } int gen_recv(sock, buf, size) /* get one line of input from the server */ int sock; /* socket to which server is connected */ char *buf; /* buffer to receive input */ int size; /* length of buffer */ { if (SockRead(sock, buf, size) == -1) return(PS_SOCKET); else { if (buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0'; if (buf[strlen(buf)-1] == '\r') buf[strlen(buf)-1] = '\r'; if (outlevel == O_VERBOSE) error(0, 0, "%s< %s", protocol->name, buf); return(PS_SUCCESS); } } #if defined(HAVE_STDARG_H) int gen_transact(int sock, char *fmt, ... ) /* assemble command in printf(3) style, send to server, accept a response */ #else int gen_transact(int sock, fmt, va_alist) /* assemble command in printf(3) style, send to server, accept a response */ int sock; /* socket to which server is connected */ const char *fmt; /* printf-style format */ va_dcl #endif { int ok; char buf [POPBUFSIZE+1]; va_list ap; if (protocol->tagged) (void) sprintf(buf, "%s ", GENSYM); else buf[0] = '\0'; #if defined(HAVE_STDARG_H) va_start(ap, fmt) ; #else va_start(ap); #endif vsprintf(buf + strlen(buf), fmt, ap); va_end(ap); strcat(buf, "\r\n"); SockWrite(sock, buf, strlen(buf)); if (outlevel == O_VERBOSE) { char *cp; if (shroud && shroud[0] && (cp = strstr(buf, shroud))) { char *sp; sp = cp + strlen(shroud); *cp++ = '*'; while (*sp) *cp++ = *sp++; *cp = '\0'; } buf[strlen(buf)-1] = '\0'; error(0, 0, "%s> %s", protocol->name, buf); } /* we presume this does its own response echoing */ ok = (protocol->parse_response)(sock, buf); set_timeout(mytimeout); return(ok); } /* driver.c ends here */