No empty .Rs/.Re
[netbsd-mini2440.git] / external / ibm-public / postfix / dist / src / sendmail / sendmail.c
blob73c320728dbc15196bb3620bc3164e6f891e7272
1 /* $NetBSD$ */
3 /*++
4 /* NAME
5 /* sendmail 1
6 /* SUMMARY
7 /* Postfix to Sendmail compatibility interface
8 /* SYNOPSIS
9 /* \fBsendmail\fR [\fIoption ...\fR] [\fIrecipient ...\fR]
11 /* \fBmailq\fR
12 /* \fBsendmail -bp\fR
14 /* \fBnewaliases\fR
15 /* \fBsendmail -I\fR
16 /* DESCRIPTION
17 /* The Postfix \fBsendmail\fR(1) command implements the Postfix
18 /* to Sendmail compatibility interface.
19 /* For the sake of compatibility with existing applications, some
20 /* Sendmail command-line options are recognized but silently ignored.
22 /* By default, Postfix \fBsendmail\fR(1) reads a message from
23 /* standard input
24 /* until EOF or until it reads a line with only a \fB.\fR character,
25 /* and arranges for delivery. Postfix \fBsendmail\fR(1) relies on the
26 /* \fBpostdrop\fR(1) command to create a queue file in the \fBmaildrop\fR
27 /* directory.
29 /* Specific command aliases are provided for other common modes of
30 /* operation:
31 /* .IP \fBmailq\fR
32 /* List the mail queue. Each entry shows the queue file ID, message
33 /* size, arrival time, sender, and the recipients that still need to
34 /* be delivered. If mail could not be delivered upon the last attempt,
35 /* the reason for failure is shown. The queue ID string is
36 /* followed by an optional status character:
37 /* .RS
38 /* .IP \fB*\fR
39 /* The message is in the \fBactive\fR queue, i.e. the message is
40 /* selected for delivery.
41 /* .IP \fB!\fR
42 /* The message is in the \fBhold\fR queue, i.e. no further delivery
43 /* attempt will be made until the mail is taken off hold.
44 /* .RE
45 /* .IP
46 /* This mode of operation is implemented by executing the
47 /* \fBpostqueue\fR(1) command.
48 /* .IP \fBnewaliases\fR
49 /* Initialize the alias database. If no input file is specified (with
50 /* the \fB-oA\fR option, see below), the program processes the file(s)
51 /* specified with the \fBalias_database\fR configuration parameter.
52 /* If no alias database type is specified, the program uses the type
53 /* specified with the \fBdefault_database_type\fR configuration parameter.
54 /* This mode of operation is implemented by running the \fBpostalias\fR(1)
55 /* command.
56 /* .sp
57 /* Note: it may take a minute or so before an alias database update
58 /* becomes visible. Use the "\fBpostfix reload\fR" command to eliminate
59 /* this delay.
60 /* .PP
61 /* These and other features can be selected by specifying the
62 /* appropriate combination of command-line options. Some features are
63 /* controlled by parameters in the \fBmain.cf\fR configuration file.
65 /* The following options are recognized:
66 /* .IP "\fB-Am\fR (ignored)"
67 /* .IP "\fB-Ac\fR (ignored)"
68 /* Postfix sendmail uses the same configuration file regardless of
69 /* whether or not a message is an initial submission.
70 /* .IP "\fB-B \fIbody_type\fR"
71 /* The message body MIME type: \fB7BIT\fR or \fB8BITMIME\fR.
72 /* .IP \fB-bd\fR
73 /* Go into daemon mode. This mode of operation is implemented by
74 /* executing the "\fBpostfix start\fR" command.
75 /* .IP "\fB-bh\fR (ignored)"
76 /* .IP "\fB-bH\fR (ignored)"
77 /* Postfix has no persistent host status database.
78 /* .IP \fB-bi\fR
79 /* Initialize alias database. See the \fBnewaliases\fR
80 /* command above.
81 /* .IP \fB-bm\fR
82 /* Read mail from standard input and arrange for delivery.
83 /* This is the default mode of operation.
84 /* .IP \fB-bp\fR
85 /* List the mail queue. See the \fBmailq\fR command above.
86 /* .IP \fB-bs\fR
87 /* Stand-alone SMTP server mode. Read SMTP commands from
88 /* standard input, and write responses to standard output.
89 /* In stand-alone SMTP server mode, mail relaying and other
90 /* access controls are disabled by default. To enable them,
91 /* run the process as the \fBmail_owner\fR user.
92 /* .sp
93 /* This mode of operation is implemented by running the
94 /* \fBsmtpd\fR(8) daemon.
95 /* .IP \fB-bv\fR
96 /* Do not collect or deliver a message. Instead, send an email
97 /* report after verifying each recipient address. This is useful
98 /* for testing address rewriting and routing configurations.
99 /* .sp
100 /* This feature is available in Postfix version 2.1 and later.
101 /* .IP "\fB-C \fIconfig_file\fR"
102 /* .IP "\fB-C \fIconfig_dir\fR"
103 /* The path name of the Postfix \fBmain.cf\fR file, or of its
104 /* parent directory. This information is ignored with Postfix
105 /* versions before 2.3.
107 /* With all Postfix versions, you can specify a directory pathname
108 /* with the MAIL_CONFIG environment variable to override the
109 /* location of configuration files.
110 /* .IP "\fB-F \fIfull_name\fR
111 /* Set the sender full name. This overrides the NAME environment
112 /* variable, and is used only with messages that
113 /* have no \fBFrom:\fR message header.
114 /* .IP "\fB-f \fIsender\fR"
115 /* Set the envelope sender address. This is the address where
116 /* delivery problems are sent to. With Postfix versions before 2.1, the
117 /* \fBErrors-To:\fR message header overrides the error return address.
118 /* .IP \fB-G\fR
119 /* Gateway (relay) submission, as opposed to initial user
120 /* submission. Either do not rewrite addresses at all, or
121 /* update incomplete addresses with the domain information
122 /* specified with \fBremote_header_rewrite_domain\fR.
124 /* This option is ignored before Postfix version 2.3.
125 /* .IP "\fB-h \fIhop_count\fR (ignored)"
126 /* Hop count limit. Use the \fBhopcount_limit\fR configuration
127 /* parameter instead.
128 /* .IP \fB-I\fR
129 /* Initialize alias database. See the \fBnewaliases\fR
130 /* command above.
131 /* .IP "\fB-i\fR"
132 /* When reading a message from standard input, don\'t treat a line
133 /* with only a \fB.\fR character as the end of input.
134 /* .IP "\fB-L \fIlabel\fR (ignored)"
135 /* The logging label. Use the \fBsyslog_name\fR configuration
136 /* parameter instead.
137 /* .IP "\fB-m\fR (ignored)"
138 /* Backwards compatibility.
139 /* .IP "\fB-N \fIdsn\fR (default: 'delay, failure')"
140 /* Delivery status notification control. Specify either a
141 /* comma-separated list with one or more of \fBfailure\fR (send
142 /* notification when delivery fails), \fBdelay\fR (send
143 /* notification when delivery is delayed), or \fBsuccess\fR
144 /* (send notification when the message is delivered); or specify
145 /* \fBnever\fR (don't send any notifications at all).
147 /* This feature is available in Postfix 2.3 and later.
148 /* .IP "\fB-n\fR (ignored)"
149 /* Backwards compatibility.
150 /* .IP "\fB-oA\fIalias_database\fR"
151 /* Non-default alias database. Specify \fIpathname\fR or
152 /* \fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for
153 /* details.
154 /* .IP "\fB-O \fIoption=value\fR (ignored)"
155 /* Backwards compatibility.
156 /* .IP "\fB-o7\fR (ignored)"
157 /* .IP "\fB-o8\fR (ignored)"
158 /* To send 8-bit or binary content, use an appropriate MIME encapsulation
159 /* and specify the appropriate \fB-B\fR command-line option.
160 /* .IP "\fB-oi\fR"
161 /* When reading a message from standard input, don\'t treat a line
162 /* with only a \fB.\fR character as the end of input.
163 /* .IP "\fB-om\fR (ignored)"
164 /* The sender is never eliminated from alias etc. expansions.
165 /* .IP "\fB-o \fIx value\fR (ignored)"
166 /* Set option \fIx\fR to \fIvalue\fR. Use the equivalent
167 /* configuration parameter in \fBmain.cf\fR instead.
168 /* .IP "\fB-r \fIsender\fR"
169 /* Set the envelope sender address. This is the address where
170 /* delivery problems are sent to. With Postfix versions before 2.1, the
171 /* \fBErrors-To:\fR message header overrides the error return address.
172 /* .IP "\fB-R \fIreturn_limit\fR (ignored)"
173 /* Limit the size of bounced mail. Use the \fBbounce_size_limit\fR
174 /* configuration parameter instead.
175 /* .IP \fB-q\fR
176 /* Attempt to deliver all queued mail. This is implemented by
177 /* executing the \fBpostqueue\fR(1) command.
179 /* Warning: flushing undeliverable mail frequently will result in
180 /* poor delivery performance of all other mail.
181 /* .IP "\fB-q\fIinterval\fR (ignored)"
182 /* The interval between queue runs. Use the \fBqueue_run_delay\fR
183 /* configuration parameter instead.
184 /* .IP \fB-qI\fIqueueid\fR
185 /* Schedule immediate delivery of mail with the specified queue
186 /* ID. This option is implemented by executing the
187 /* \fBpostqueue\fR(1) command, and is available with Postfix
188 /* version 2.4 and later.
189 /* .IP \fB-qR\fIsite\fR
190 /* Schedule immediate delivery of all mail that is queued for the named
191 /* \fIsite\fR. This option accepts only \fIsite\fR names that are
192 /* eligible for the "fast flush" service, and is implemented by
193 /* executing the \fBpostqueue\fR(1) command.
194 /* See \fBflush\fR(8) for more information about the "fast flush"
195 /* service.
196 /* .IP \fB-qS\fIsite\fR
197 /* This command is not implemented. Use the slower "\fBsendmail -q\fR"
198 /* command instead.
199 /* .IP \fB-t\fR
200 /* Extract recipients from message headers. These are added to any
201 /* recipients specified on the command line.
203 /* With Postfix versions prior to 2.1, this option requires that
204 /* no recipient addresses are specified on the command line.
205 /* .IP "\fB-U\fR (ignored)"
206 /* Initial user submission.
207 /* .IP "\fB-V \fIenvid\fR"
208 /* Specify the envelope ID for notification by servers that
209 /* support DSN.
211 /* This feature is available in Postfix 2.3 and later.
212 /* .IP "\fB-XV\fR (Postfix 2.2 and earlier: \fB-V\fR)"
213 /* Variable Envelope Return Path. Given an envelope sender address
214 /* of the form \fIowner-listname\fR@\fIorigin\fR, each recipient
215 /* \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
216 /* sender address.
217 /* .sp
218 /* By default, the personalized envelope sender address is
219 /* \fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
220 /* \fB+\fR and \fB=\fR characters are configurable with the
221 /* \fBdefault_verp_delimiters\fR configuration parameter.
222 /* .IP "\fB-XV\fIxy\fR (Postfix 2.2 and earlier: \fB-V\fIxy\fR)"
223 /* As \fB-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
224 /* characters, instead of the characters specified with the
225 /* \fBdefault_verp_delimiters\fR configuration parameter.
226 /* .IP \fB-v\fR
227 /* Send an email report of the first delivery attempt (Postfix
228 /* versions 2.1 and later). Mail delivery
229 /* always happens in the background. When multiple \fB-v\fR
230 /* options are given, enable verbose logging for debugging purposes.
231 /* .IP "\fB-X \fIlog_file\fR (ignored)"
232 /* Log mailer traffic. Use the \fBdebug_peer_list\fR and
233 /* \fBdebug_peer_level\fR configuration parameters instead.
234 /* SECURITY
235 /* .ad
236 /* .fi
237 /* By design, this program is not set-user (or group) id. However,
238 /* it must handle data from untrusted, possibly remote, users.
239 /* Thus, the usual precautions need to be taken against malicious
240 /* inputs.
241 /* DIAGNOSTICS
242 /* Problems are logged to \fBsyslogd\fR(8) and to the standard error
243 /* stream.
244 /* ENVIRONMENT
245 /* .ad
246 /* .fi
247 /* .IP \fBMAIL_CONFIG\fR
248 /* Directory with Postfix configuration files.
249 /* .IP "\fBMAIL_VERBOSE\fR (value does not matter)"
250 /* Enable verbose logging for debugging purposes.
251 /* .IP "\fBMAIL_DEBUG\fR (value does not matter)"
252 /* Enable debugging with an external command, as specified with the
253 /* \fBdebugger_command\fR configuration parameter.
254 /* .IP \fBNAME\fR
255 /* The sender full name. This is used only with messages that
256 /* have no \fBFrom:\fR message header. See also the \fB-F\fR
257 /* option above.
258 /* CONFIGURATION PARAMETERS
259 /* .ad
260 /* .fi
261 /* The following \fBmain.cf\fR parameters are especially relevant to
262 /* this program.
263 /* The text below provides only a parameter summary. See
264 /* \fBpostconf\fR(5) for more details including examples.
265 /* TROUBLE SHOOTING CONTROLS
266 /* .ad
267 /* .fi
268 /* The DEBUG_README file gives examples of how to trouble shoot a
269 /* Postfix system.
270 /* .IP "\fBdebugger_command (empty)\fR"
271 /* The external command to execute when a Postfix daemon program is
272 /* invoked with the -D option.
273 /* .IP "\fBdebug_peer_level (2)\fR"
274 /* The increment in verbose logging level when a remote client or
275 /* server matches a pattern in the debug_peer_list parameter.
276 /* .IP "\fBdebug_peer_list (empty)\fR"
277 /* Optional list of remote client or server hostname or network
278 /* address patterns that cause the verbose logging level to increase
279 /* by the amount specified in $debug_peer_level.
280 /* ACCESS CONTROLS
281 /* .ad
282 /* .fi
283 /* Available in Postfix version 2.2 and later:
284 /* .IP "\fBauthorized_flush_users (static:anyone)\fR"
285 /* List of users who are authorized to flush the queue.
286 /* .IP "\fBauthorized_mailq_users (static:anyone)\fR"
287 /* List of users who are authorized to view the queue.
288 /* .IP "\fBauthorized_submit_users (static:anyone)\fR"
289 /* List of users who are authorized to submit mail with the \fBsendmail\fR(1)
290 /* command (and with the privileged \fBpostdrop\fR(1) helper command).
291 /* RESOURCE AND RATE CONTROLS
292 /* .ad
293 /* .fi
294 /* .IP "\fBbounce_size_limit (50000)\fR"
295 /* The maximal amount of original message text that is sent in a
296 /* non-delivery notification.
297 /* .IP "\fBfork_attempts (5)\fR"
298 /* The maximal number of attempts to fork() a child process.
299 /* .IP "\fBfork_delay (1s)\fR"
300 /* The delay between attempts to fork() a child process.
301 /* .IP "\fBhopcount_limit (50)\fR"
302 /* The maximal number of Received: message headers that is allowed
303 /* in the primary message headers.
304 /* .IP "\fBqueue_run_delay (300s)\fR"
305 /* The time between deferred queue scans by the queue manager;
306 /* prior to Postfix 2.4 the default value was 1000s.
307 /* FAST FLUSH CONTROLS
308 /* .ad
309 /* .fi
310 /* The ETRN_README file describes configuration and operation
311 /* details for the Postfix "fast flush" service.
312 /* .IP "\fBfast_flush_domains ($relay_domains)\fR"
313 /* Optional list of destinations that are eligible for per-destination
314 /* logfiles with mail that is queued to those destinations.
315 /* VERP CONTROLS
316 /* .ad
317 /* .fi
318 /* The VERP_README file describes configuration and operation
319 /* details of Postfix support for variable envelope return
320 /* path addresses.
321 /* .IP "\fBdefault_verp_delimiters (+=)\fR"
322 /* The two default VERP delimiter characters.
323 /* .IP "\fBverp_delimiter_filter (-=+)\fR"
324 /* The characters Postfix accepts as VERP delimiter characters on the
325 /* Postfix \fBsendmail\fR(1) command line and in SMTP commands.
326 /* MISCELLANEOUS CONTROLS
327 /* .ad
328 /* .fi
329 /* .IP "\fBalias_database (see 'postconf -d' output)\fR"
330 /* The alias databases for \fBlocal\fR(8) delivery that are updated with
331 /* "\fBnewaliases\fR" or with "\fBsendmail -bi\fR".
332 /* .IP "\fBcommand_directory (see 'postconf -d' output)\fR"
333 /* The location of all postfix administrative commands.
334 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
335 /* The default location of the Postfix main.cf and master.cf
336 /* configuration files.
337 /* .IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
338 /* The directory with Postfix support programs and daemon programs.
339 /* .IP "\fBdefault_database_type (see 'postconf -d' output)\fR"
340 /* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
341 /* and \fBpostmap\fR(1) commands.
342 /* .IP "\fBdelay_warning_time (0h)\fR"
343 /* The time after which the sender receives the message headers of
344 /* mail that is still queued.
345 /* .IP "\fBenable_errors_to (no)\fR"
346 /* Report mail delivery errors to the address specified with the
347 /* non-standard Errors-To: message header, instead of the envelope
348 /* sender address (this feature is removed with Postfix version 2.2, is
349 /* turned off by default with Postfix version 2.1, and is always turned on
350 /* with older Postfix versions).
351 /* .IP "\fBmail_owner (postfix)\fR"
352 /* The UNIX system account that owns the Postfix queue and most Postfix
353 /* daemon processes.
354 /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
355 /* The location of the Postfix top-level queue directory.
356 /* .IP "\fBremote_header_rewrite_domain (empty)\fR"
357 /* Don't rewrite message headers from remote clients at all when
358 /* this parameter is empty; otherwise, rewrite message headers and
359 /* append the specified domain name to incomplete addresses.
360 /* .IP "\fBsyslog_facility (mail)\fR"
361 /* The syslog facility of Postfix logging.
362 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
363 /* The mail system name that is prepended to the process name in syslog
364 /* records, so that "smtpd" becomes, for example, "postfix/smtpd".
365 /* FILES
366 /* /var/spool/postfix, mail queue
367 /* /etc/postfix, configuration files
368 /* SEE ALSO
369 /* pickup(8), mail pickup daemon
370 /* qmgr(8), queue manager
371 /* smtpd(8), SMTP server
372 /* flush(8), fast flush service
373 /* postsuper(1), queue maintenance
374 /* postalias(1), create/update/query alias database
375 /* postdrop(1), mail posting utility
376 /* postfix(1), mail system control
377 /* postqueue(1), mail queue control
378 /* syslogd(8), system logging
379 /* README_FILES
380 /* .ad
381 /* .fi
382 /* Use "\fBpostconf readme_directory\fR" or
383 /* "\fBpostconf html_directory\fR" to locate this information.
384 /* .na
385 /* .nf
386 /* DEBUG_README, Postfix debugging howto
387 /* ETRN_README, Postfix ETRN howto
388 /* VERP_README, Postfix VERP howto
389 /* LICENSE
390 /* .ad
391 /* .fi
392 /* The Secure Mailer license must be distributed with this software.
393 /* AUTHOR(S)
394 /* Wietse Venema
395 /* IBM T.J. Watson Research
396 /* P.O. Box 704
397 /* Yorktown Heights, NY 10598, USA
398 /*--*/
400 /* System library. */
402 #include <sys_defs.h>
403 #include <sys/stat.h>
404 #include <unistd.h>
405 #include <string.h>
406 #include <stdio.h> /* remove() */
407 #include <stdlib.h>
408 #include <signal.h>
409 #include <fcntl.h>
410 #include <syslog.h>
411 #include <time.h>
412 #include <errno.h>
413 #include <ctype.h>
414 #include <stdarg.h>
415 #include <sysexits.h>
417 /* Utility library. */
419 #include <msg.h>
420 #include <mymalloc.h>
421 #include <vstream.h>
422 #include <msg_vstream.h>
423 #include <msg_syslog.h>
424 #include <vstring_vstream.h>
425 #include <username.h>
426 #include <fullname.h>
427 #include <argv.h>
428 #include <safe.h>
429 #include <iostuff.h>
430 #include <stringops.h>
431 #include <set_ugid.h>
432 #include <connect.h>
433 #include <split_at.h>
435 /* Global library. */
437 #include <mail_queue.h>
438 #include <mail_proto.h>
439 #include <mail_params.h>
440 #include <mail_version.h>
441 #include <record.h>
442 #include <rec_type.h>
443 #include <rec_streamlf.h>
444 #include <mail_conf.h>
445 #include <cleanup_user.h>
446 #include <mail_task.h>
447 #include <mail_run.h>
448 #include <debug_process.h>
449 #include <tok822.h>
450 #include <mail_flush.h>
451 #include <mail_stream.h>
452 #include <verp_sender.h>
453 #include <deliver_request.h>
454 #include <mime_state.h>
455 #include <header_opts.h>
456 #include <user_acl.h>
457 #include <dsn_mask.h>
459 /* Application-specific. */
462 * Modes of operation.
464 #define SM_MODE_ENQUEUE 1 /* delivery mode */
465 #define SM_MODE_NEWALIAS 2 /* initialize alias database */
466 #define SM_MODE_MAILQ 3 /* list mail queue */
467 #define SM_MODE_DAEMON 4 /* daemon mode */
468 #define SM_MODE_USER 5 /* user (stand-alone) mode */
469 #define SM_MODE_FLUSHQ 6 /* user (stand-alone) mode */
470 #define SM_MODE_IGNORE 7 /* ignore this mode */
473 * Flag parade. Flags 8-15 are reserved for delivery request trace flags.
475 #define SM_FLAG_AEOF (1<<0) /* archaic EOF */
476 #define SM_FLAG_XRCPT (1<<1) /* extract recipients from headers */
478 #define SM_FLAG_DEFAULT (SM_FLAG_AEOF)
481 * VERP support.
483 static char *verp_delims;
486 * Callback context for extracting recipients.
488 typedef struct SM_STATE {
489 VSTREAM *dst; /* output stream */
490 ARGV *recipients; /* recipients from regular headers */
491 ARGV *resent_recip; /* recipients from resent headers */
492 int resent; /* resent flag */
493 const char *saved_sender; /* for error messages */
494 uid_t uid; /* for error messages */
495 VSTRING *temp; /* scratch buffer */
496 } SM_STATE;
499 * Mail submission ACL
501 char *var_submit_acl;
503 static const CONFIG_STR_TABLE str_table[] = {
504 VAR_SUBMIT_ACL, DEF_SUBMIT_ACL, &var_submit_acl, 0, 0,
509 * Silly little macros (SLMs).
511 #define STR vstring_str
513 /* output_text - output partial or complete text line */
515 static void output_text(void *context, int rec_type, const char *buf, ssize_t len,
516 off_t unused_offset)
518 SM_STATE *state = (SM_STATE *) context;
520 if (rec_put(state->dst, rec_type, buf, len) < 0)
521 msg_fatal_status(EX_TEMPFAIL,
522 "%s(%ld): error writing queue file: %m",
523 state->saved_sender, (long) state->uid);
526 /* output_header - output one message header */
528 static void output_header(void *context, int header_class,
529 const HEADER_OPTS *header_info,
530 VSTRING *buf, off_t offset)
532 SM_STATE *state = (SM_STATE *) context;
533 TOK822 *tree;
534 TOK822 **addr_list;
535 TOK822 **tpp;
536 ARGV *rcpt;
537 char *start;
538 char *line;
539 char *next_line;
540 ssize_t len;
543 * Parse the header line, and save copies of recipient addresses in the
544 * appropriate place.
546 if (header_class == MIME_HDR_PRIMARY
547 && header_info
548 && (header_info->flags & HDR_OPT_RECIP)
549 && (header_info->flags & HDR_OPT_EXTRACT)
550 && (state->resent == 0 || (header_info->flags & HDR_OPT_RR))) {
551 if (header_info->flags & HDR_OPT_RR) {
552 rcpt = state->resent_recip;
553 if (state->resent == 0)
554 state->resent = 1;
555 } else
556 rcpt = state->recipients;
557 tree = tok822_parse(STR(buf) + strlen(header_info->name) + 1);
558 addr_list = tok822_grep(tree, TOK822_ADDR);
559 for (tpp = addr_list; *tpp; tpp++) {
560 tok822_internalize(state->temp, tpp[0]->head, TOK822_STR_DEFL);
561 argv_add(rcpt, STR(state->temp), (char *) 0);
563 myfree((char *) addr_list);
564 tok822_free_tree(tree);
568 * Pipe the unmodified message header through the header line folding
569 * routine, and ensure that long lines are chopped appropriately.
571 for (line = start = STR(buf); line; line = next_line) {
572 next_line = split_at(line, '\n');
573 len = next_line ? next_line - line - 1 : strlen(line);
574 do {
575 if (len > var_line_limit) {
576 output_text(context, REC_TYPE_CONT, line, var_line_limit, offset);
577 line += var_line_limit;
578 len -= var_line_limit;
579 offset += var_line_limit;
580 } else {
581 output_text(context, REC_TYPE_NORM, line, len, offset);
582 offset += len;
583 break;
585 } while (len > 0);
586 offset += 1;
590 /* enqueue - post one message */
592 static void enqueue(const int flags, const char *encoding,
593 const char *dsn_envid, int dsn_notify,
594 const char *rewrite_context, const char *sender,
595 const char *full_name, char **recipients)
597 VSTRING *buf;
598 VSTREAM *dst;
599 char *saved_sender;
600 char **cpp;
601 int type;
602 char *start;
603 int skip_from_;
604 TOK822 *tree;
605 TOK822 *tp;
606 int rcpt_count = 0;
607 enum {
608 STRIP_CR_DUNNO, STRIP_CR_DO, STRIP_CR_DONT
609 } strip_cr;
610 MAIL_STREAM *handle;
611 VSTRING *postdrop_command;
612 uid_t uid = getuid();
613 int status;
614 int naddr;
615 int prev_type;
616 MIME_STATE *mime_state = 0;
617 SM_STATE state;
618 int mime_errs;
619 const char *errstr;
620 int addr_count;
621 int level;
624 * Access control is enforced in the postdrop command. The code here
625 * merely produces a more user-friendly interface.
627 if ((errstr = check_user_acl_byuid(var_submit_acl, uid)) != 0)
628 msg_fatal_status(EX_NOPERM,
629 "User %s(%ld) is not allowed to submit mail", errstr, (long) uid);
632 * Initialize.
634 buf = vstring_alloc(100);
637 * Stop run-away process accidents by limiting the queue file size. This
638 * is not a defense against DOS attack.
640 if (var_message_limit > 0 && get_file_limit() > var_message_limit)
641 set_file_limit((off_t) var_message_limit);
644 * The sender name is provided by the user. In principle, the mail pickup
645 * service could deduce the sender name from queue file ownership, but:
646 * pickup would not be able to run chrooted, and it may not be desirable
647 * to use login names at all.
649 if (sender != 0) {
650 VSTRING_RESET(buf);
651 VSTRING_TERMINATE(buf);
652 tree = tok822_parse(sender);
653 for (naddr = 0, tp = tree; tp != 0; tp = tp->next)
654 if (tp->type == TOK822_ADDR && naddr++ == 0)
655 tok822_internalize(buf, tp->head, TOK822_STR_DEFL);
656 tok822_free_tree(tree);
657 saved_sender = mystrdup(STR(buf));
658 if (naddr > 1)
659 msg_warn("-f option specified malformed sender: %s", sender);
660 } else {
661 if ((sender = username()) == 0)
662 msg_fatal_status(EX_OSERR, "no login name found for user ID %lu",
663 (unsigned long) uid);
664 saved_sender = mystrdup(sender);
668 * Let the postdrop command open the queue file for us, and sanity check
669 * the content. XXX Make postdrop a manifest constant.
671 errno = 0;
672 postdrop_command = vstring_alloc(1000);
673 vstring_sprintf(postdrop_command, "%s/postdrop -r", var_command_dir);
674 for (level = 0; level < msg_verbose; level++)
675 vstring_strcat(postdrop_command, " -v");
676 if ((handle = mail_stream_command(STR(postdrop_command))) == 0)
677 msg_fatal_status(EX_UNAVAILABLE, "%s(%ld): unable to execute %s: %m",
678 saved_sender, (long) uid, STR(postdrop_command));
679 vstring_free(postdrop_command);
680 dst = handle->stream;
683 * First, write envelope information to the output stream.
685 * For sendmail compatibility, parse each command-line recipient as if it
686 * were an RFC 822 message header; some MUAs specify comma-separated
687 * recipient lists; and some MUAs even specify "word word <address>".
689 * Sort-uniq-ing the recipient list is done after address canonicalization,
690 * before recipients are written to queue file. That's cleaner than
691 * having the queue manager nuke duplicate recipient status records.
693 * XXX Should limit the size of envelope records.
695 * With "sendmail -N", instead of a per-message NOTIFY record we store one
696 * per recipient so that we can simplify the implementation somewhat.
698 if (dsn_envid)
699 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s",
700 MAIL_ATTR_DSN_ENVID, dsn_envid);
701 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s",
702 MAIL_ATTR_RWR_CONTEXT, rewrite_context);
703 if (full_name || (full_name = fullname()) != 0)
704 rec_fputs(dst, REC_TYPE_FULL, full_name);
705 rec_fputs(dst, REC_TYPE_FROM, saved_sender);
706 if (verp_delims && *saved_sender == 0)
707 msg_fatal_status(EX_USAGE,
708 "%s(%ld): -V option requires non-null sender address",
709 saved_sender, (long) uid);
710 if (encoding)
711 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_ENCODING, encoding);
712 if (DEL_REQ_TRACE_FLAGS(flags))
713 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d", MAIL_ATTR_TRACE_FLAGS,
714 DEL_REQ_TRACE_FLAGS(flags));
715 if (verp_delims)
716 rec_fputs(dst, REC_TYPE_VERP, verp_delims);
717 if (recipients) {
718 for (cpp = recipients; *cpp != 0; cpp++) {
719 tree = tok822_parse(*cpp);
720 for (addr_count = 0, tp = tree; tp != 0; tp = tp->next) {
721 if (tp->type == TOK822_ADDR) {
722 tok822_internalize(buf, tp->head, TOK822_STR_DEFL);
723 if (dsn_notify)
724 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d",
725 MAIL_ATTR_DSN_NOTIFY, dsn_notify);
726 if (REC_PUT_BUF(dst, REC_TYPE_RCPT, buf) < 0)
727 msg_fatal_status(EX_TEMPFAIL,
728 "%s(%ld): error writing queue file: %m",
729 saved_sender, (long) uid);
730 ++rcpt_count;
731 ++addr_count;
734 tok822_free_tree(tree);
735 if (addr_count == 0) {
736 if (rec_put(dst, REC_TYPE_RCPT, "", 0) < 0)
737 msg_fatal_status(EX_TEMPFAIL,
738 "%s(%ld): error writing queue file: %m",
739 saved_sender, (long) uid);
740 ++rcpt_count;
746 * Append the message contents to the queue file. Write chunks of at most
747 * 1kbyte. Internally, we use different record types for data ending in
748 * LF and for data that doesn't, so we can actually be binary transparent
749 * for local mail. Unfortunately, SMTP has no record continuation
750 * convention, so there is no guarantee that arbitrary data will be
751 * delivered intact via SMTP. Strip leading From_ lines. For the benefit
752 * of UUCP environments, also get rid of leading >>>From_ lines.
754 rec_fputs(dst, REC_TYPE_MESG, "");
755 if (DEL_REQ_TRACE_ONLY(flags) != 0) {
756 if (flags & SM_FLAG_XRCPT)
757 msg_fatal_status(EX_USAGE, "%s(%ld): -t option cannot be used with -bv",
758 saved_sender, (long) uid);
759 if (*saved_sender)
760 rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender);
761 rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe");
762 if (recipients) {
763 rec_fprintf(dst, REC_TYPE_CONT, "To:");
764 for (cpp = recipients; *cpp != 0; cpp++) {
765 rec_fprintf(dst, REC_TYPE_NORM, " %s%s",
766 *cpp, cpp[1] ? "," : "");
769 } else {
772 * Initialize the MIME processor and set up the callback context.
774 if (flags & SM_FLAG_XRCPT) {
775 state.dst = dst;
776 state.recipients = argv_alloc(2);
777 state.resent_recip = argv_alloc(2);
778 state.resent = 0;
779 state.saved_sender = saved_sender;
780 state.uid = uid;
781 state.temp = vstring_alloc(10);
782 mime_state = mime_state_alloc(MIME_OPT_DISABLE_MIME
783 | MIME_OPT_REPORT_TRUNC_HEADER,
784 output_header,
785 (MIME_STATE_ANY_END) 0,
786 output_text,
787 (MIME_STATE_ANY_END) 0,
788 (MIME_STATE_ERR_PRINT) 0,
789 (void *) &state);
793 * Process header/body lines.
795 skip_from_ = 1;
796 strip_cr = STRIP_CR_DUNNO;
797 for (prev_type = 0; (type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit))
798 != REC_TYPE_EOF; prev_type = type) {
799 if (strip_cr == STRIP_CR_DUNNO && type == REC_TYPE_NORM) {
800 if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r')
801 strip_cr = STRIP_CR_DO;
802 else
803 strip_cr = STRIP_CR_DONT;
805 if (skip_from_) {
806 if (type == REC_TYPE_NORM) {
807 start = STR(buf);
808 if (strncmp(start + strspn(start, ">"), "From ", 5) == 0)
809 continue;
811 skip_from_ = 0;
813 if (strip_cr == STRIP_CR_DO && type == REC_TYPE_NORM)
814 if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r')
815 vstring_truncate(buf, VSTRING_LEN(buf) - 1);
816 if ((flags & SM_FLAG_AEOF) && prev_type != REC_TYPE_CONT
817 && VSTRING_LEN(buf) == 1 && *STR(buf) == '.')
818 break;
819 if (mime_state) {
820 mime_errs = mime_state_update(mime_state, type, STR(buf),
821 VSTRING_LEN(buf));
822 if (mime_errs)
823 msg_fatal_status(EX_DATAERR,
824 "%s(%ld): unable to extract recipients: %s",
825 saved_sender, (long) uid,
826 mime_state_error(mime_errs));
827 } else {
828 if (REC_PUT_BUF(dst, type, buf) < 0)
829 msg_fatal_status(EX_TEMPFAIL,
830 "%s(%ld): error writing queue file: %m",
831 saved_sender, (long) uid);
837 * Finish MIME processing. We need a final mime_state_update() call in
838 * order to flush text that is still buffered. That can happen when the
839 * last line did not end in newline.
841 if (mime_state) {
842 mime_errs = mime_state_update(mime_state, REC_TYPE_EOF, "", 0);
843 if (mime_errs)
844 msg_fatal_status(EX_DATAERR,
845 "%s(%ld): unable to extract recipients: %s",
846 saved_sender, (long) uid,
847 mime_state_error(mime_errs));
848 mime_state = mime_state_free(mime_state);
852 * Append recipient addresses that were extracted from message headers.
854 rec_fputs(dst, REC_TYPE_XTRA, "");
855 if (flags & SM_FLAG_XRCPT) {
856 for (cpp = state.resent ? state.resent_recip->argv :
857 state.recipients->argv; *cpp; cpp++) {
858 if (dsn_notify)
859 rec_fprintf(dst, REC_TYPE_ATTR, "%s=%d",
860 MAIL_ATTR_DSN_NOTIFY, dsn_notify);
861 if (rec_put(dst, REC_TYPE_RCPT, *cpp, strlen(*cpp)) < 0)
862 msg_fatal_status(EX_TEMPFAIL,
863 "%s(%ld): error writing queue file: %m",
864 saved_sender, (long) uid);
865 ++rcpt_count;
867 argv_free(state.recipients);
868 argv_free(state.resent_recip);
869 vstring_free(state.temp);
871 if (rcpt_count == 0)
872 msg_fatal_status(EX_USAGE, (flags & SM_FLAG_XRCPT) ?
873 "%s(%ld): No recipient addresses found in message header" :
874 "Recipient addresses must be specified on"
875 " the command line or via the -t option",
876 saved_sender, (long) uid);
879 * Identify the end of the queue file.
881 rec_fputs(dst, REC_TYPE_END, "");
884 * Make sure that the message makes it to the file system. Once we have
885 * terminated with successful exit status we cannot lose the message due
886 * to "frivolous reasons". If all goes well, prevent the run-time error
887 * handler from removing the file.
889 if (vstream_ferror(VSTREAM_IN))
890 msg_fatal_status(EX_DATAERR, "%s(%ld): error reading input: %m",
891 saved_sender, (long) uid);
892 if ((status = mail_stream_finish(handle, (VSTRING *) 0)) != 0)
893 msg_fatal_status((status & CLEANUP_STAT_BAD) ? EX_SOFTWARE :
894 (status & CLEANUP_STAT_WRITE) ? EX_TEMPFAIL :
895 EX_UNAVAILABLE, "%s(%ld): %s", saved_sender,
896 (long) uid, cleanup_strerror(status));
899 * Don't leave them in the dark.
901 if (DEL_REQ_TRACE_FLAGS(flags)) {
902 vstream_printf("Mail Delivery Status Report will be mailed to <%s>.\n",
903 saved_sender);
904 vstream_fflush(VSTREAM_OUT);
908 * Cleanup. Not really necessary as we're about to exit, but good for
909 * debugging purposes.
911 vstring_free(buf);
912 myfree(saved_sender);
915 /* tempfail - sanitize exit status after library run-time error */
917 static void tempfail(void)
919 exit(EX_TEMPFAIL);
922 MAIL_VERSION_STAMP_DECLARE;
924 /* main - the main program */
926 int main(int argc, char **argv)
928 static char *full_name = 0; /* sendmail -F */
929 struct stat st;
930 char *slash;
931 char *sender = 0; /* sendmail -f */
932 int c;
933 int fd;
934 int mode;
935 ARGV *ext_argv;
936 int debug_me = 0;
937 int err;
938 int n;
939 int flags = SM_FLAG_DEFAULT;
940 char *site_to_flush = 0;
941 char *id_to_flush = 0;
942 char *encoding = 0;
943 char *qtime = 0;
944 const char *errstr;
945 uid_t uid;
946 const char *rewrite_context = MAIL_ATTR_RWR_LOCAL;
947 int dsn_notify = 0;
948 const char *dsn_envid = 0;
949 int saved_optind;
952 * Fingerprint executables and core dumps.
954 MAIL_VERSION_STAMP_ALLOCATE;
957 * Be consistent with file permissions.
959 umask(022);
962 * To minimize confusion, make sure that the standard file descriptors
963 * are open before opening anything else. XXX Work around for 44BSD where
964 * fstat can return EBADF on an open file descriptor.
966 for (fd = 0; fd < 3; fd++)
967 if (fstat(fd, &st) == -1
968 && (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
969 msg_fatal_status(EX_OSERR, "open /dev/null: %m");
972 * The CDE desktop calendar manager leaks a parent file descriptor into
973 * the child process. For the sake of sendmail compatibility we have to
974 * close the file descriptor otherwise mail notification will hang.
976 for ( /* void */ ; fd < 100; fd++)
977 (void) close(fd);
980 * Process environment options as early as we can. We might be called
981 * from a set-uid (set-gid) program, so be careful with importing
982 * environment variables.
984 if (safe_getenv(CONF_ENV_VERB))
985 msg_verbose = 1;
986 if (safe_getenv(CONF_ENV_DEBUG))
987 debug_me = 1;
990 * Initialize. Set up logging, read the global configuration file and
991 * extract configuration information. Set up signal handlers so that we
992 * can clean up incomplete output.
994 if ((slash = strrchr(argv[0], '/')) != 0 && slash[1])
995 argv[0] = slash + 1;
996 msg_vstream_init(argv[0], VSTREAM_ERR);
997 msg_cleanup(tempfail);
998 msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
999 set_mail_conf_str(VAR_PROCNAME, var_procname = mystrdup(argv[0]));
1002 * Some sites mistakenly install Postfix sendmail as set-uid root. Drop
1003 * set-uid privileges only when root, otherwise some systems will not
1004 * reset the saved set-userid, which would be a security vulnerability.
1006 if (geteuid() == 0 && getuid() != 0) {
1007 msg_warn("the Postfix sendmail command has set-uid root file permissions");
1008 msg_warn("or the command is run from a set-uid root process");
1009 msg_warn("the Postfix sendmail command must be installed without set-uid root file permissions");
1010 set_ugid(getuid(), getgid());
1014 * Further initialization. Load main.cf first, so that command-line
1015 * options can override main.cf settings. Pre-scan the argument list so
1016 * that we load the right main.cf file.
1018 #define GETOPT_LIST "A:B:C:F:GIL:N:O:R:UV:X:b:ce:f:h:imno:p:r:q:tvx"
1020 saved_optind = optind;
1021 while (argv[OPTIND] != 0) {
1022 if (strcmp(argv[OPTIND], "-q") == 0) { /* not getopt compatible */
1023 optind++;
1024 continue;
1026 if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
1027 break;
1028 if (c == 'C') {
1029 VSTRING *buf = vstring_alloc(1);
1031 if (setenv(CONF_ENV_PATH,
1032 strcmp(sane_basename(buf, optarg), MAIN_CONF_FILE) == 0 ?
1033 sane_dirname(buf, optarg) : optarg, 1) < 0)
1034 msg_fatal_status(EX_UNAVAILABLE, "out of memory");
1035 vstring_free(buf);
1038 optind = saved_optind;
1039 mail_conf_read();
1040 if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
1041 msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
1042 get_mail_conf_str_table(str_table);
1044 if (chdir(var_queue_dir))
1045 msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
1047 signal(SIGPIPE, SIG_IGN);
1050 * Optionally start the debugger on ourself. This must be done after
1051 * reading the global configuration file, because that file specifies
1052 * what debugger command to execute.
1054 if (debug_me)
1055 debug_process();
1058 * The default mode of operation is determined by the process name. It
1059 * can, however, be changed via command-line options (for example,
1060 * "newaliases -bp" will show the mail queue).
1062 if (strcmp(argv[0], "mailq") == 0) {
1063 mode = SM_MODE_MAILQ;
1064 } else if (strcmp(argv[0], "newaliases") == 0) {
1065 mode = SM_MODE_NEWALIAS;
1066 } else if (strcmp(argv[0], "smtpd") == 0) {
1067 mode = SM_MODE_DAEMON;
1068 } else {
1069 mode = SM_MODE_ENQUEUE;
1073 * Parse JCL. Sendmail has been around for a long time, and has acquired
1074 * a large number of options in the course of time. Some options such as
1075 * -q are not parsable with GETOPT() and get special treatment.
1077 #define OPTIND (optind > 0 ? optind : 1)
1079 while (argv[OPTIND] != 0) {
1080 if (strcmp(argv[OPTIND], "-q") == 0) {
1081 if (mode == SM_MODE_DAEMON)
1082 msg_warn("ignoring -q option in daemon mode");
1083 else
1084 mode = SM_MODE_FLUSHQ;
1085 optind++;
1086 continue;
1088 if (strcmp(argv[OPTIND], "-V") == 0) {
1089 msg_warn("option -V is deprecated with Postfix 2.3; "
1090 "specify -XV instead");
1091 argv[OPTIND] = "-XV";
1093 if (strncmp(argv[OPTIND], "-V", 2) == 0 && strlen(argv[OPTIND]) == 4) {
1094 msg_warn("option %s is deprecated with Postfix 2.3; "
1095 "specify -X%s instead",
1096 argv[OPTIND], argv[OPTIND] + 1);
1097 argv[OPTIND] = concatenate("-X", argv[OPTIND] + 1, (char *) 0);
1099 if (strcmp(argv[OPTIND], "-XV") == 0) {
1100 verp_delims = var_verp_delims;
1101 optind++;
1102 continue;
1104 if ((c = GETOPT(argc, argv, GETOPT_LIST)) <= 0)
1105 break;
1106 switch (c) {
1107 default:
1108 if (msg_verbose)
1109 msg_info("-%c option ignored", c);
1110 break;
1111 case 'n':
1112 msg_fatal_status(EX_USAGE, "-%c option not supported", c);
1113 case 'B':
1114 if (strcmp(optarg, "8BITMIME") == 0)/* RFC 1652 */
1115 encoding = MAIL_ATTR_ENC_8BIT;
1116 else if (strcmp(optarg, "7BIT") == 0) /* RFC 1652 */
1117 encoding = MAIL_ATTR_ENC_7BIT;
1118 else
1119 msg_fatal_status(EX_USAGE, "-B option needs 8BITMIME or 7BIT");
1120 break;
1121 case 'F': /* full name */
1122 full_name = optarg;
1123 break;
1124 case 'G': /* gateway submission */
1125 rewrite_context = MAIL_ATTR_RWR_REMOTE;
1126 break;
1127 case 'I': /* newaliases */
1128 mode = SM_MODE_NEWALIAS;
1129 break;
1130 case 'N':
1131 if ((dsn_notify = dsn_notify_mask(optarg)) == 0)
1132 msg_warn("bad -N option value -- ignored");
1133 break;
1134 case 'V': /* DSN, was: VERP */
1135 if (strlen(optarg) > 100)
1136 msg_warn("too long -V option value -- ignored");
1137 else if (!allprint(optarg))
1138 msg_warn("bad syntax in -V option value -- ignored");
1139 else
1140 dsn_envid = optarg;
1141 break;
1142 case 'X':
1143 switch (*optarg) {
1144 default:
1145 msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
1146 case 'V': /* VERP */
1147 if (verp_delims_verify(optarg + 1) != 0)
1148 msg_fatal_status(EX_USAGE, "-V requires two characters from %s",
1149 var_verp_filter);
1150 verp_delims = optarg + 1;
1151 break;
1153 break;
1154 case 'b':
1155 switch (*optarg) {
1156 default:
1157 msg_fatal_status(EX_USAGE, "unsupported: -%c%c", c, *optarg);
1158 case 'd': /* daemon mode */
1159 if (mode == SM_MODE_FLUSHQ)
1160 msg_warn("ignoring -q option in daemon mode");
1161 mode = SM_MODE_DAEMON;
1162 break;
1163 case 'h': /* print host status */
1164 case 'H': /* flush host status */
1165 mode = SM_MODE_IGNORE;
1166 break;
1167 case 'i': /* newaliases */
1168 mode = SM_MODE_NEWALIAS;
1169 break;
1170 case 'm': /* deliver mail */
1171 mode = SM_MODE_ENQUEUE;
1172 break;
1173 case 'p': /* mailq */
1174 mode = SM_MODE_MAILQ;
1175 break;
1176 case 's': /* stand-alone mode */
1177 mode = SM_MODE_USER;
1178 break;
1179 case 'v': /* expand recipients */
1180 flags |= DEL_REQ_FLAG_USR_VRFY;
1181 break;
1183 break;
1184 case 'f':
1185 sender = optarg;
1186 break;
1187 case 'i':
1188 flags &= ~SM_FLAG_AEOF;
1189 break;
1190 case 'o':
1191 switch (*optarg) {
1192 default:
1193 if (msg_verbose)
1194 msg_info("-%c%c option ignored", c, *optarg);
1195 break;
1196 case 'A':
1197 if (optarg[1] == 0)
1198 msg_fatal_status(EX_USAGE, "-oA requires pathname");
1199 myfree(var_alias_db_map);
1200 var_alias_db_map = mystrdup(optarg + 1);
1201 set_mail_conf_str(VAR_ALIAS_DB_MAP, var_alias_db_map);
1202 break;
1203 case '7':
1204 case '8':
1205 break;
1206 case 'i':
1207 flags &= ~SM_FLAG_AEOF;
1208 break;
1209 case 'm':
1210 break;
1212 break;
1213 case 'r': /* obsoleted by -f */
1214 sender = optarg;
1215 break;
1216 case 'q':
1217 if (ISDIGIT(optarg[0])) {
1218 qtime = optarg;
1219 } else if (optarg[0] == 'R') {
1220 site_to_flush = optarg + 1;
1221 if (*site_to_flush == 0)
1222 msg_fatal_status(EX_USAGE, "specify: -qRsitename");
1223 } else if (optarg[0] == 'I') {
1224 id_to_flush = optarg + 1;
1225 if (*id_to_flush == 0)
1226 msg_fatal_status(EX_USAGE, "specify: -qIqueueid");
1227 } else {
1228 msg_fatal_status(EX_USAGE, "-q%c is not implemented",
1229 optarg[0]);
1231 break;
1232 case 't':
1233 flags |= SM_FLAG_XRCPT;
1234 break;
1235 case 'v':
1236 msg_verbose++;
1237 break;
1238 case '?':
1239 msg_fatal_status(EX_USAGE, "usage: %s [options]", argv[0]);
1244 * Look for conflicting options and arguments.
1246 if ((flags & SM_FLAG_XRCPT) && mode != SM_MODE_ENQUEUE)
1247 msg_fatal_status(EX_USAGE, "-t can be used only in delivery mode");
1249 if (site_to_flush && mode != SM_MODE_ENQUEUE)
1250 msg_fatal_status(EX_USAGE, "-qR can be used only in delivery mode");
1252 if (id_to_flush && mode != SM_MODE_ENQUEUE)
1253 msg_fatal_status(EX_USAGE, "-qI can be used only in delivery mode");
1255 if (flags & DEL_REQ_FLAG_USR_VRFY) {
1256 if (flags & SM_FLAG_XRCPT)
1257 msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv");
1258 if (dsn_notify)
1259 msg_fatal_status(EX_USAGE, "-N option cannot be used with -bv");
1260 if (msg_verbose == 1)
1261 msg_fatal_status(EX_USAGE, "-v option cannot be used with -bv");
1265 * The -v option plays double duty. One requests verbose delivery, more
1266 * than one requests verbose logging.
1268 if (msg_verbose == 1 && mode == SM_MODE_ENQUEUE) {
1269 msg_verbose = 0;
1270 flags |= DEL_REQ_FLAG_RECORD;
1274 * Start processing. Everything is delegated to external commands.
1276 if (qtime && mode != SM_MODE_DAEMON)
1277 exit(0);
1278 switch (mode) {
1279 default:
1280 msg_panic("unknown operation mode: %d", mode);
1281 /* NOTREACHED */
1282 case SM_MODE_ENQUEUE:
1283 if (site_to_flush) {
1284 if (argv[OPTIND])
1285 msg_fatal_status(EX_USAGE, "flush site requires no recipient");
1286 ext_argv = argv_alloc(2);
1287 argv_add(ext_argv, "postqueue", "-s", site_to_flush, (char *) 0);
1288 for (n = 0; n < msg_verbose; n++)
1289 argv_add(ext_argv, "-v", (char *) 0);
1290 argv_terminate(ext_argv);
1291 mail_run_replace(var_command_dir, ext_argv->argv);
1292 /* NOTREACHED */
1293 } else if (id_to_flush) {
1294 if (argv[OPTIND])
1295 msg_fatal_status(EX_USAGE, "flush queue_id requires no recipient");
1296 ext_argv = argv_alloc(2);
1297 argv_add(ext_argv, "postqueue", "-i", id_to_flush, (char *) 0);
1298 for (n = 0; n < msg_verbose; n++)
1299 argv_add(ext_argv, "-v", (char *) 0);
1300 argv_terminate(ext_argv);
1301 mail_run_replace(var_command_dir, ext_argv->argv);
1302 /* NOTREACHED */
1303 } else {
1304 enqueue(flags, encoding, dsn_envid, dsn_notify,
1305 rewrite_context, sender, full_name, argv + OPTIND);
1306 exit(0);
1307 /* NOTREACHED */
1309 break;
1310 case SM_MODE_MAILQ:
1311 if (argv[OPTIND])
1312 msg_fatal_status(EX_USAGE,
1313 "display queue mode requires no recipient");
1314 ext_argv = argv_alloc(2);
1315 argv_add(ext_argv, "postqueue", "-p", (char *) 0);
1316 for (n = 0; n < msg_verbose; n++)
1317 argv_add(ext_argv, "-v", (char *) 0);
1318 argv_terminate(ext_argv);
1319 mail_run_replace(var_command_dir, ext_argv->argv);
1320 /* NOTREACHED */
1321 case SM_MODE_FLUSHQ:
1322 if (argv[OPTIND])
1323 msg_fatal_status(EX_USAGE,
1324 "flush queue mode requires no recipient");
1325 ext_argv = argv_alloc(2);
1326 argv_add(ext_argv, "postqueue", "-f", (char *) 0);
1327 for (n = 0; n < msg_verbose; n++)
1328 argv_add(ext_argv, "-v", (char *) 0);
1329 argv_terminate(ext_argv);
1330 mail_run_replace(var_command_dir, ext_argv->argv);
1331 /* NOTREACHED */
1332 case SM_MODE_DAEMON:
1333 if (argv[OPTIND])
1334 msg_fatal_status(EX_USAGE, "daemon mode requires no recipient");
1335 ext_argv = argv_alloc(2);
1336 argv_add(ext_argv, "postfix", (char *) 0);
1337 for (n = 0; n < msg_verbose; n++)
1338 argv_add(ext_argv, "-v", (char *) 0);
1339 argv_add(ext_argv, "start", (char *) 0);
1340 argv_terminate(ext_argv);
1341 err = (mail_run_background(var_command_dir, ext_argv->argv) < 0);
1342 argv_free(ext_argv);
1343 exit(err);
1344 break;
1345 case SM_MODE_NEWALIAS:
1346 if (argv[OPTIND])
1347 msg_fatal_status(EX_USAGE,
1348 "alias initialization mode requires no recipient");
1349 if (*var_alias_db_map == 0)
1350 return (0);
1351 ext_argv = argv_alloc(2);
1352 argv_add(ext_argv, "postalias", (char *) 0);
1353 for (n = 0; n < msg_verbose; n++)
1354 argv_add(ext_argv, "-v", (char *) 0);
1355 argv_split_append(ext_argv, var_alias_db_map, ", \t\r\n");
1356 argv_terminate(ext_argv);
1357 mail_run_replace(var_command_dir, ext_argv->argv);
1358 /* NOTREACHED */
1359 case SM_MODE_USER:
1360 if (argv[OPTIND])
1361 msg_fatal_status(EX_USAGE,
1362 "stand-alone mode requires no recipient");
1363 /* The actual enforcement happens in the postdrop command. */
1364 if ((errstr = check_user_acl_byuid(var_submit_acl, uid = getuid())) != 0)
1365 msg_fatal_status(EX_NOPERM,
1366 "User %s(%ld) is not allowed to submit mail",
1367 errstr, (long) uid);
1368 ext_argv = argv_alloc(2);
1369 argv_add(ext_argv, "smtpd", "-S", (char *) 0);
1370 for (n = 0; n < msg_verbose; n++)
1371 argv_add(ext_argv, "-v", (char *) 0);
1372 argv_terminate(ext_argv);
1373 mail_run_replace(var_daemon_dir, ext_argv->argv);
1374 /* NOTREACHED */
1375 case SM_MODE_IGNORE:
1376 exit(0);
1377 /* NOTREACHED */