diff options
Diffstat (limited to '')
l--------- | src/virtual/.indent.pro | 1 | ||||
-rw-r--r-- | src/virtual/.printfck | 25 | ||||
-rw-r--r-- | src/virtual/Makefile.in | 234 | ||||
-rw-r--r-- | src/virtual/deliver_attr.c | 90 | ||||
-rw-r--r-- | src/virtual/mailbox.c | 283 | ||||
-rw-r--r-- | src/virtual/maildir.c | 254 | ||||
-rw-r--r-- | src/virtual/recipient.c | 94 | ||||
-rw-r--r-- | src/virtual/unknown.c | 65 | ||||
-rw-r--r-- | src/virtual/virtual.c | 573 | ||||
-rw-r--r-- | src/virtual/virtual.h | 150 |
10 files changed, 1769 insertions, 0 deletions
diff --git a/src/virtual/.indent.pro b/src/virtual/.indent.pro new file mode 120000 index 0000000..5c837ec --- /dev/null +++ b/src/virtual/.indent.pro @@ -0,0 +1 @@ +../../.indent.pro
\ No newline at end of file diff --git a/src/virtual/.printfck b/src/virtual/.printfck new file mode 100644 index 0000000..66016ed --- /dev/null +++ b/src/virtual/.printfck @@ -0,0 +1,25 @@ +been_here_xt 2 0 +bounce_append 5 0 +cleanup_out_format 1 0 +defer_append 5 0 +mail_command 1 0 +mail_print 1 0 +msg_error 0 0 +msg_fatal 0 0 +msg_info 0 0 +msg_panic 0 0 +msg_warn 0 0 +opened 4 0 +post_mail_fprintf 1 0 +qmgr_message_bounce 2 0 +rec_fprintf 2 0 +sent 4 0 +smtp_cmd 1 0 +smtp_mesg_fail 2 0 +smtp_printf 1 0 +smtp_rcpt_fail 3 0 +smtp_site_fail 2 0 +udp_syslog 1 0 +vstream_fprintf 1 0 +vstream_printf 0 0 +vstring_sprintf 1 0 diff --git a/src/virtual/Makefile.in b/src/virtual/Makefile.in new file mode 100644 index 0000000..31fff0e --- /dev/null +++ b/src/virtual/Makefile.in @@ -0,0 +1,234 @@ +SHELL = /bin/sh +SRCS = virtual.c mailbox.c recipient.c deliver_attr.c maildir.c unknown.c +OBJS = virtual.o mailbox.o recipient.o deliver_attr.o maildir.o unknown.o +HDRS = virtual.h +TESTSRC = +DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) +CFLAGS = $(DEBUG) $(OPT) $(DEFS) +PROG = virtual +TESTPROG= +INC_DIR = ../../include +LIBS = ../../lib/lib$(LIB_PREFIX)master$(LIB_SUFFIX) \ + ../../lib/lib$(LIB_PREFIX)global$(LIB_SUFFIX) \ + ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX) + +.c.o:; $(CC) $(CFLAGS) -c $*.c + +$(PROG): $(OBJS) $(LIBS) + $(CC) $(CFLAGS) $(SHLIB_RPATH) -o $@ $(OBJS) $(LIBS) $(SYSLIBS) + +$(OBJS): ../../conf/makedefs.out + +Makefile: Makefile.in + cat ../../conf/makedefs.out $? >$@ + +test: $(TESTPROG) + +tests: + +root_tests: + +update: ../../libexec/$(PROG) + +../../libexec/$(PROG): $(PROG) + cp $(PROG) ../../libexec + +printfck: $(OBJS) $(PROG) + rm -rf printfck + mkdir printfck + cp *.h printfck + sed '1,/^# do not edit/!d' Makefile >printfck/Makefile + set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done + cd printfck; make "INC_DIR=../../../include" `cd ..; ls *.o` + +lint: + lint $(DEFS) $(SRCS) $(LINTFIX) + +clean: + rm -f *.o *core $(PROG) $(TESTPROG) junk + rm -rf printfck + +tidy: clean + +depend: $(MAKES) + (sed '1,/^# do not edit/!d' Makefile.in; \ + set -e; for i in [a-z][a-z0-9]*.c; do \ + $(CC) -E $(DEFS) $(INCL) $$i | grep -v '[<>]' | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \ + -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' \ + -e 's/o: \.\//o: /' -e p -e '}' ; \ + done | LANG=C sort -u) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in + @$(EXPORT) make -f Makefile.in Makefile 1>&2 + +# do not edit below this line - it is generated by 'make depend' +deliver_attr.o: ../../include/argv.h +deliver_attr.o: ../../include/attr.h +deliver_attr.o: ../../include/check_arg.h +deliver_attr.o: ../../include/deliver_request.h +deliver_attr.o: ../../include/dict.h +deliver_attr.o: ../../include/dsn.h +deliver_attr.o: ../../include/dsn_buf.h +deliver_attr.o: ../../include/htable.h +deliver_attr.o: ../../include/maps.h +deliver_attr.o: ../../include/mbox_conf.h +deliver_attr.o: ../../include/msg.h +deliver_attr.o: ../../include/msg_stats.h +deliver_attr.o: ../../include/myflock.h +deliver_attr.o: ../../include/mymalloc.h +deliver_attr.o: ../../include/nvtable.h +deliver_attr.o: ../../include/recipient_list.h +deliver_attr.o: ../../include/sys_defs.h +deliver_attr.o: ../../include/vbuf.h +deliver_attr.o: ../../include/vstream.h +deliver_attr.o: ../../include/vstring.h +deliver_attr.o: deliver_attr.c +deliver_attr.o: virtual.h +mailbox.o: ../../include/argv.h +mailbox.o: ../../include/attr.h +mailbox.o: ../../include/bounce.h +mailbox.o: ../../include/check_arg.h +mailbox.o: ../../include/defer.h +mailbox.o: ../../include/deliver_request.h +mailbox.o: ../../include/dict.h +mailbox.o: ../../include/dsn.h +mailbox.o: ../../include/dsn_buf.h +mailbox.o: ../../include/dsn_util.h +mailbox.o: ../../include/htable.h +mailbox.o: ../../include/mail_addr_find.h +mailbox.o: ../../include/mail_addr_form.h +mailbox.o: ../../include/mail_copy.h +mailbox.o: ../../include/mail_params.h +mailbox.o: ../../include/maps.h +mailbox.o: ../../include/mbox_conf.h +mailbox.o: ../../include/mbox_open.h +mailbox.o: ../../include/msg.h +mailbox.o: ../../include/msg_stats.h +mailbox.o: ../../include/myflock.h +mailbox.o: ../../include/mymalloc.h +mailbox.o: ../../include/nvtable.h +mailbox.o: ../../include/recipient_list.h +mailbox.o: ../../include/safe_open.h +mailbox.o: ../../include/sent.h +mailbox.o: ../../include/set_eugid.h +mailbox.o: ../../include/stringops.h +mailbox.o: ../../include/sys_defs.h +mailbox.o: ../../include/vbuf.h +mailbox.o: ../../include/vstream.h +mailbox.o: ../../include/vstring.h +mailbox.o: mailbox.c +mailbox.o: virtual.h +maildir.o: ../../include/argv.h +maildir.o: ../../include/attr.h +maildir.o: ../../include/bounce.h +maildir.o: ../../include/check_arg.h +maildir.o: ../../include/defer.h +maildir.o: ../../include/deliver_request.h +maildir.o: ../../include/dict.h +maildir.o: ../../include/dsn.h +maildir.o: ../../include/dsn_buf.h +maildir.o: ../../include/dsn_util.h +maildir.o: ../../include/get_hostname.h +maildir.o: ../../include/htable.h +maildir.o: ../../include/mail_copy.h +maildir.o: ../../include/mail_params.h +maildir.o: ../../include/make_dirs.h +maildir.o: ../../include/maps.h +maildir.o: ../../include/mbox_conf.h +maildir.o: ../../include/mbox_open.h +maildir.o: ../../include/msg.h +maildir.o: ../../include/msg_stats.h +maildir.o: ../../include/myflock.h +maildir.o: ../../include/mymalloc.h +maildir.o: ../../include/nvtable.h +maildir.o: ../../include/recipient_list.h +maildir.o: ../../include/safe_open.h +maildir.o: ../../include/sane_fsops.h +maildir.o: ../../include/sent.h +maildir.o: ../../include/set_eugid.h +maildir.o: ../../include/stringops.h +maildir.o: ../../include/sys_defs.h +maildir.o: ../../include/vbuf.h +maildir.o: ../../include/vstream.h +maildir.o: ../../include/vstring.h +maildir.o: ../../include/warn_stat.h +maildir.o: maildir.c +maildir.o: virtual.h +recipient.o: ../../include/argv.h +recipient.o: ../../include/attr.h +recipient.o: ../../include/bounce.h +recipient.o: ../../include/check_arg.h +recipient.o: ../../include/deliver_request.h +recipient.o: ../../include/dict.h +recipient.o: ../../include/dsn.h +recipient.o: ../../include/dsn_buf.h +recipient.o: ../../include/htable.h +recipient.o: ../../include/maps.h +recipient.o: ../../include/mbox_conf.h +recipient.o: ../../include/msg.h +recipient.o: ../../include/msg_stats.h +recipient.o: ../../include/myflock.h +recipient.o: ../../include/mymalloc.h +recipient.o: ../../include/nvtable.h +recipient.o: ../../include/recipient_list.h +recipient.o: ../../include/stringops.h +recipient.o: ../../include/sys_defs.h +recipient.o: ../../include/vbuf.h +recipient.o: ../../include/vstream.h +recipient.o: ../../include/vstring.h +recipient.o: recipient.c +recipient.o: virtual.h +unknown.o: ../../include/argv.h +unknown.o: ../../include/attr.h +unknown.o: ../../include/bounce.h +unknown.o: ../../include/check_arg.h +unknown.o: ../../include/deliver_request.h +unknown.o: ../../include/dict.h +unknown.o: ../../include/dsn.h +unknown.o: ../../include/dsn_buf.h +unknown.o: ../../include/htable.h +unknown.o: ../../include/maps.h +unknown.o: ../../include/mbox_conf.h +unknown.o: ../../include/msg.h +unknown.o: ../../include/msg_stats.h +unknown.o: ../../include/myflock.h +unknown.o: ../../include/mymalloc.h +unknown.o: ../../include/nvtable.h +unknown.o: ../../include/recipient_list.h +unknown.o: ../../include/sys_defs.h +unknown.o: ../../include/vbuf.h +unknown.o: ../../include/vstream.h +unknown.o: ../../include/vstring.h +unknown.o: unknown.c +unknown.o: virtual.h +virtual.o: ../../include/argv.h +virtual.o: ../../include/attr.h +virtual.o: ../../include/check_arg.h +virtual.o: ../../include/deliver_completed.h +virtual.o: ../../include/deliver_request.h +virtual.o: ../../include/dict.h +virtual.o: ../../include/dsn.h +virtual.o: ../../include/dsn_buf.h +virtual.o: ../../include/flush_clnt.h +virtual.o: ../../include/htable.h +virtual.o: ../../include/iostuff.h +virtual.o: ../../include/mail_addr_find.h +virtual.o: ../../include/mail_addr_form.h +virtual.o: ../../include/mail_conf.h +virtual.o: ../../include/mail_params.h +virtual.o: ../../include/mail_queue.h +virtual.o: ../../include/mail_server.h +virtual.o: ../../include/mail_version.h +virtual.o: ../../include/maps.h +virtual.o: ../../include/mbox_conf.h +virtual.o: ../../include/msg.h +virtual.o: ../../include/msg_stats.h +virtual.o: ../../include/myflock.h +virtual.o: ../../include/mymalloc.h +virtual.o: ../../include/nvtable.h +virtual.o: ../../include/recipient_list.h +virtual.o: ../../include/set_eugid.h +virtual.o: ../../include/sys_defs.h +virtual.o: ../../include/vbuf.h +virtual.o: ../../include/vstream.h +virtual.o: ../../include/vstring.h +virtual.o: virtual.c +virtual.o: virtual.h diff --git a/src/virtual/deliver_attr.c b/src/virtual/deliver_attr.c new file mode 100644 index 0000000..3a5c0af --- /dev/null +++ b/src/virtual/deliver_attr.c @@ -0,0 +1,90 @@ +/*++ +/* NAME +/* deliver_attr 3 +/* SUMMARY +/* initialize message delivery attributes +/* SYNOPSIS +/* #include "virtual.h" +/* +/* void deliver_attr_init(attrp) +/* DELIVER_ATTR *attrp; +/* +/* void deliver_attr_dump(attrp) +/* DELIVER_ATTR *attrp; +/* +/* void deliver_attr_free(attrp) +/* DELIVER_ATTR *attrp; +/* DESCRIPTION +/* deliver_attr_init() initializes a structure with message delivery +/* attributes to a known initial state (all zeros). +/* +/* deliver_attr_dump() logs the contents of the given attribute list. +/* +/* deliver_attr_free() releases memory that was allocated by +/* deliver_attr_init(). +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> + +/* Utility library. */ + +#include <msg.h> +#include <vstream.h> + +/* Application-specific. */ + +#include "virtual.h" + +/* deliver_attr_init - set message delivery attributes to all-zero state */ + +void deliver_attr_init(DELIVER_ATTR *attrp) +{ + attrp->level = 0; + attrp->fp = 0; + attrp->queue_name = 0; + attrp->queue_id = 0; + attrp->offset = 0; + attrp->sender = 0; + RECIPIENT_ASSIGN(&(attrp->rcpt), 0, 0, 0, 0, 0); + attrp->user = 0; + attrp->delivered = 0; + attrp->relay = 0; + attrp->why = dsb_create(); +} + +/* deliver_attr_dump - log message delivery attributes */ + +void deliver_attr_dump(DELIVER_ATTR *attrp) +{ + msg_info("level: %d", attrp->level); + msg_info("path: %s", VSTREAM_PATH(attrp->fp)); + msg_info("fp: 0x%lx", (long) attrp->fp); + msg_info("queue_name: %s", attrp->queue_name ? attrp->queue_name : "null"); + msg_info("queue_id: %s", attrp->queue_id ? attrp->queue_id : "null"); + msg_info("offset: %ld", attrp->offset); + msg_info("sender: %s", attrp->sender ? attrp->sender : "null"); + msg_info("recipient: %s", attrp->rcpt.address ? attrp->rcpt.address : "null"); + msg_info("user: %s", attrp->user ? attrp->user : "null"); + msg_info("delivered: %s", attrp->delivered ? attrp->delivered : "null"); + msg_info("relay: %s", attrp->relay ? attrp->relay : "null"); + msg_info("why: %s", attrp->why ? "buffer" : "null"); +} + + +/* deliver_attr_free - release storage */ + +void deliver_attr_free(DELIVER_ATTR *attrp) +{ + dsb_free(attrp->why); +} diff --git a/src/virtual/mailbox.c b/src/virtual/mailbox.c new file mode 100644 index 0000000..19afca8 --- /dev/null +++ b/src/virtual/mailbox.c @@ -0,0 +1,283 @@ +/*++ +/* NAME +/* mailbox 3 +/* SUMMARY +/* mailbox delivery +/* SYNOPSIS +/* #include "virtual.h" +/* +/* int deliver_mailbox(state, usr_attr, statusp) +/* LOCAL_STATE state; +/* USER_ATTR usr_attr; +/* int *statusp; +/* DESCRIPTION +/* deliver_mailbox() delivers to UNIX-style mailbox or to maildir. +/* +/* A zero result means that the named user was not found. +/* +/* Arguments: +/* .IP state +/* The attributes that specify the message, recipient and more. +/* .IP usr_attr +/* Attributes describing user rights and mailbox location. +/* .IP statusp +/* Delivery status: see below. +/* DIAGNOSTICS +/* The message delivery status is non-zero when delivery should be tried +/* again. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> + +/* Utility library. */ + +#include <msg.h> +#include <vstring.h> +#include <vstream.h> +#include <mymalloc.h> +#include <stringops.h> +#include <set_eugid.h> + +/* Global library. */ + +#include <mail_copy.h> +#include <mbox_open.h> +#include <defer.h> +#include <sent.h> +#include <mail_params.h> +#include <mail_addr_find.h> +#include <dsn_util.h> + +/* Application-specific. */ + +#include "virtual.h" + +#define YES 1 +#define NO 0 + +/* deliver_mailbox_file - deliver to recipient mailbox */ + +static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) +{ + const char *myname = "deliver_mailbox_file"; + DSN_BUF *why = state.msg_attr.why; + MBOX *mp; + int mail_copy_status; + int deliver_status; + int copy_flags; + struct stat st; + + /* + * Make verbose logging easier to understand. + */ + state.level++; + if (msg_verbose) + MSG_LOG_STATE(myname, state); + + /* + * Don't deliver trace-only requests. + */ + if (DEL_REQ_TRACE_ONLY(state.request->flags)) { + dsb_simple(why, "2.0.0", "delivers to mailbox"); + return (sent(BOUNCE_FLAGS(state.request), + SENT_ATTR(state.msg_attr))); + } + + /* + * Initialize. Assume the operation will fail. Set the delivered + * attribute to reflect the final recipient. + */ + if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0) + msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp)); + state.msg_attr.delivered = state.msg_attr.rcpt.address; + mail_copy_status = MAIL_COPY_STAT_WRITE; + + /* + * Lock the mailbox and open/create the mailbox file. + * + * Write the file as the recipient, so that file quota work. + */ + copy_flags = MAIL_COPY_MBOX; + + set_eugid(usr_attr.uid, usr_attr.gid); + mp = mbox_open(usr_attr.mailbox, O_APPEND | O_WRONLY | O_CREAT, + S_IRUSR | S_IWUSR, &st, -1, -1, + virtual_mbox_lock_mask, "4.2.0", why); + if (mp != 0) { + if (S_ISREG(st.st_mode) == 0) { + vstream_fclose(mp->fp); + msg_warn("recipient %s: destination %s is not a regular file", + state.msg_attr.rcpt.address, usr_attr.mailbox); + dsb_simple(why, "5.3.5", "mail system configuration error"); + } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) { + vstream_fclose(mp->fp); + dsb_simple(why, "4.2.0", + "destination %s is not owned by recipient", usr_attr.mailbox); + msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", + VAR_STRICT_MBOX_OWNER); + } else { + if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0) + msg_fatal("%s: seek mailbox file %s: %m", + myname, VSTREAM_PATH(mp->fp)); + mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, + copy_flags, "\n", why); + } + mbox_release(mp); + } + set_eugid(var_owner_uid, var_owner_gid); + + /* + * As the mail system, bounce, defer delivery, or report success. + */ + if (mail_copy_status & MAIL_COPY_STAT_CORRUPT) { + deliver_status = DEL_STAT_DEFER; + } else if (mail_copy_status != 0) { + vstring_sprintf_prepend(why->reason, "delivery failed to mailbox %s: ", + usr_attr.mailbox); + deliver_status = + (STR(why->status)[0] == '4' ? + defer_append : bounce_append) + (BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + } else { + dsb_simple(why, "2.0.0", "delivered to mailbox"); + deliver_status = sent(BOUNCE_FLAGS(state.request), + SENT_ATTR(state.msg_attr)); + } + return (deliver_status); +} + +/* deliver_mailbox - deliver to recipient mailbox */ + +int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) +{ + const char *myname = "deliver_mailbox"; + const char *mailbox_res; + const char *uid_res; + const char *gid_res; + DSN_BUF *why = state.msg_attr.why; + long n; + + /* + * Make verbose logging easier to understand. + */ + state.level++; + if (msg_verbose) + MSG_LOG_STATE(myname, state); + + /* + * Sanity check. + */ + if (*var_virt_mailbox_base != '/') + msg_fatal("do not specify relative pathname: %s = %s", + VAR_VIRT_MAILBOX_BASE, var_virt_mailbox_base); + + /* + * Look up the mailbox location. Bounce if not found, defer in case of + * trouble. + */ +#define IGNORE_EXTENSION ((char **) 0) + + mailbox_res = mail_addr_find(virtual_mailbox_maps, state.msg_attr.user, + IGNORE_EXTENSION); + if (mailbox_res == 0) { + if (virtual_mailbox_maps->error == 0) + return (NO); + msg_warn("table %s: lookup %s: %m", virtual_mailbox_maps->title, + state.msg_attr.user); + dsb_simple(why, "4.3.5", "mail system configuration error"); + *statusp = defer_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + return (YES); + } + usr_attr.mailbox = concatenate(var_virt_mailbox_base, "/", + mailbox_res, (char *) 0); + +#define RETURN(res) { myfree(usr_attr.mailbox); return (res); } + + /* + * Look up the mailbox owner rights. Defer in case of trouble. + */ + uid_res = mail_addr_find(virtual_uid_maps, state.msg_attr.user, + IGNORE_EXTENSION); + if (uid_res == 0) { + msg_warn("recipient %s: not found in %s", + state.msg_attr.user, virtual_uid_maps->title); + dsb_simple(why, "4.3.5", "mail system configuration error"); + *statusp = defer_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + RETURN(YES); + } + if ((n = atol(uid_res)) < var_virt_minimum_uid) { + msg_warn("recipient %s: bad uid %s in %s", + state.msg_attr.user, uid_res, virtual_uid_maps->title); + dsb_simple(why, "4.3.5", "mail system configuration error"); + *statusp = defer_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + RETURN(YES); + } + usr_attr.uid = (uid_t) n; + + /* + * Look up the mailbox group rights. Defer in case of trouble. + */ + gid_res = mail_addr_find(virtual_gid_maps, state.msg_attr.user, + IGNORE_EXTENSION); + if (gid_res == 0) { + msg_warn("recipient %s: not found in %s", + state.msg_attr.user, virtual_gid_maps->title); + dsb_simple(why, "4.3.5", "mail system configuration error"); + *statusp = defer_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + RETURN(YES); + } + if ((n = atol(gid_res)) <= 0) { + msg_warn("recipient %s: bad gid %s in %s", + state.msg_attr.user, gid_res, virtual_gid_maps->title); + dsb_simple(why, "4.3.5", "mail system configuration error"); + *statusp = defer_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + RETURN(YES); + } + usr_attr.gid = (gid_t) n; + + if (msg_verbose) + msg_info("%s[%d]: set user_attr: %s, uid = %u, gid = %u", + myname, state.level, usr_attr.mailbox, + (unsigned) usr_attr.uid, (unsigned) usr_attr.gid); + + /* + * Deliver to mailbox or to maildir. + */ +#define LAST_CHAR(s) (s[strlen(s) - 1]) + + if (LAST_CHAR(usr_attr.mailbox) == '/') + *statusp = deliver_maildir(state, usr_attr); + else + *statusp = deliver_mailbox_file(state, usr_attr); + + /* + * Cleanup. + */ + RETURN(YES); +} diff --git a/src/virtual/maildir.c b/src/virtual/maildir.c new file mode 100644 index 0000000..a677061 --- /dev/null +++ b/src/virtual/maildir.c @@ -0,0 +1,254 @@ +/*++ +/* NAME +/* maildir 3 +/* SUMMARY +/* delivery to maildir +/* SYNOPSIS +/* #include "virtual.h" +/* +/* int deliver_maildir(state, usr_attr) +/* LOCAL_STATE state; +/* USER_ATTR usr_attr; +/* DESCRIPTION +/* deliver_maildir() delivers a message to a qmail-style maildir. +/* +/* Arguments: +/* .IP state +/* The attributes that specify the message, recipient and more. +/* .IP usr_attr +/* Attributes describing user rights and environment information. +/* DIAGNOSTICS +/* deliver_maildir() always succeeds or it bounces the message. +/* SEE ALSO +/* bounce(3) +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include "sys_defs.h" +#include <sys/stat.h> +#include <sys/time.h> +#include <unistd.h> +#include <time.h> +#include <errno.h> + +/* Utility library. */ + +#include <msg.h> +#include <mymalloc.h> +#include <stringops.h> +#include <vstream.h> +#include <vstring.h> +#include <make_dirs.h> +#include <set_eugid.h> +#include <get_hostname.h> +#include <sane_fsops.h> +#include <warn_stat.h> + +/* Global library. */ + +#include <mail_copy.h> +#include <bounce.h> +#include <defer.h> +#include <sent.h> +#include <mail_params.h> +#include <mbox_open.h> +#include <dsn_util.h> + +/* Application-specific. */ + +#include "virtual.h" + +/* deliver_maildir - delivery to maildir-style mailbox */ + +int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr) +{ + const char *myname = "deliver_maildir"; + char *newdir; + char *tmpdir; + char *curdir; + char *tmpfile; + char *newfile; + DSN_BUF *why = state.msg_attr.why; + VSTRING *buf; + VSTREAM *dst; + int mail_copy_status; + int deliver_status; + int copy_flags; + struct stat st; + struct timeval starttime; + + GETTIMEOFDAY(&starttime); + + /* + * Make verbose logging easier to understand. + */ + state.level++; + if (msg_verbose) + MSG_LOG_STATE(myname, state); + + /* + * Don't deliver trace-only requests. + */ + if (DEL_REQ_TRACE_ONLY(state.request->flags)) { + dsb_simple(why, "2.0.0", "delivers to maildir"); + return (sent(BOUNCE_FLAGS(state.request), + SENT_ATTR(state.msg_attr))); + } + + /* + * Initialize. Assume the operation will fail. Set the delivered + * attribute to reflect the final recipient. + */ + if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0) + msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp)); + state.msg_attr.delivered = state.msg_attr.rcpt.address; + mail_copy_status = MAIL_COPY_STAT_WRITE; + buf = vstring_alloc(100); + + copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH + | MAIL_COPY_DELIVERED | MAIL_COPY_ORIG_RCPT; + + newdir = concatenate(usr_attr.mailbox, "new/", (char *) 0); + tmpdir = concatenate(usr_attr.mailbox, "tmp/", (char *) 0); + curdir = concatenate(usr_attr.mailbox, "cur/", (char *) 0); + + /* + * Create and write the file as the recipient, so that file quota work. + * Create any missing directories on the fly. The file name is chosen + * according to ftp://koobera.math.uic.edu/www/proto/maildir.html: + * + * "A unique name has three pieces, separated by dots. On the left is the + * result of time(). On the right is the result of gethostname(). In the + * middle is something that doesn't repeat within one second on a single + * host. I fork a new process for each delivery, so I just use the + * process ID. If you're delivering several messages from one process, + * use starttime.pid_count.host, where starttime is the time that your + * process started, and count is the number of messages you've + * delivered." + * + * Well, that stopped working on fast machines, and on operating systems + * that randomize process ID values. When creating a file in tmp/ we use + * the process ID because it still is an exclusive resource. When moving + * the file to new/ we use the device number and inode number. I do not + * care if this breaks on a remote AFS file system, because people should + * know better. + * + * On January 26, 2003, http://cr.yp.to/proto/maildir.html said: + * + * A unique name has three pieces, separated by dots. On the left is the + * result of time() or the second counter from gettimeofday(). On the + * right is the result of gethostname(). (To deal with invalid host + * names, replace / with \057 and : with \072.) In the middle is a + * delivery identifier, discussed below. + * + * [...] + * + * Modern delivery identifiers are created by concatenating enough of the + * following strings to guarantee uniqueness: + * + * [...] + * + * In, where n is (in hexadecimal) the UNIX inode number of this file. + * Unfortunately, inode numbers aren't always available through NFS. + * + * Vn, where n is (in hexadecimal) the UNIX device number of this file. + * Unfortunately, device numbers aren't always available through NFS. + * (Device numbers are also not helpful with the standard UNIX + * filesystem: a maildir has to be within a single UNIX device for link() + * and rename() to work.) + * + * Mn, where n is (in decimal) the microsecond counter from the same + * gettimeofday() used for the left part of the unique name. + * + * Pn, where n is (in decimal) the process ID. + * + * [...] + */ + set_eugid(usr_attr.uid, usr_attr.gid); + vstring_sprintf(buf, "%lu.P%d.%s", + (unsigned long) starttime.tv_sec, var_pid, get_hostname()); + tmpfile = concatenate(tmpdir, STR(buf), (char *) 0); + newfile = 0; + if ((dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0 + && (errno != ENOENT + || make_dirs(tmpdir, 0700) < 0 + || (dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0)) { + dsb_simple(why, mbox_dsn(errno, "4.2.0"), + "create maildir file %s: %m", tmpfile); + } else if (fstat(vstream_fileno(dst), &st) < 0) { + + /* + * Coverity 200604: file descriptor leak in code that never executes. + * Code replaced by msg_fatal(), as it is not worthwhile to continue + * after an impossible error condition. + */ + msg_fatal("fstat %s: %m", tmpfile); + } else { + vstring_sprintf(buf, "%lu.V%lxI%lxM%lu.%s", + (unsigned long) starttime.tv_sec, + (unsigned long) st.st_dev, + (unsigned long) st.st_ino, + (unsigned long) starttime.tv_usec, + get_hostname()); + newfile = concatenate(newdir, STR(buf), (char *) 0); + if ((mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), + dst, copy_flags, "\n", + why)) == 0) { + if (sane_link(tmpfile, newfile) < 0 + && (errno != ENOENT + || (make_dirs(curdir, 0700), make_dirs(newdir, 0700)) < 0 + || sane_link(tmpfile, newfile) < 0)) { + dsb_simple(why, mbox_dsn(errno, "4.2.0"), + "create maildir file %s: %m", newfile); + mail_copy_status = MAIL_COPY_STAT_WRITE; + } + } + if (unlink(tmpfile) < 0) + msg_warn("remove %s: %m", tmpfile); + } + set_eugid(var_owner_uid, var_owner_gid); + + /* + * The maildir location is controlled by the mail administrator. If + * delivery fails, try again later. We would just bounce when the maildir + * location possibly under user control. + */ + if (mail_copy_status & MAIL_COPY_STAT_CORRUPT) { + deliver_status = DEL_STAT_DEFER; + } else if (mail_copy_status != 0) { + if (errno == EACCES) { + msg_warn("maildir access problem for UID/GID=%lu/%lu: %s", + (long) usr_attr.uid, (long) usr_attr.gid, + STR(why->reason)); + msg_warn("perhaps you need to create the maildirs in advance"); + } + vstring_sprintf_prepend(why->reason, "maildir delivery failed: "); + deliver_status = + (STR(why->status)[0] == '4' ? + defer_append : bounce_append) + (BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + } else { + dsb_simple(why, "2.0.0", "delivered to maildir"); + deliver_status = sent(BOUNCE_FLAGS(state.request), + SENT_ATTR(state.msg_attr)); + } + vstring_free(buf); + myfree(newdir); + myfree(tmpdir); + myfree(curdir); + myfree(tmpfile); + if (newfile) + myfree(newfile); + return (deliver_status); +} diff --git a/src/virtual/recipient.c b/src/virtual/recipient.c new file mode 100644 index 0000000..fd151f2 --- /dev/null +++ b/src/virtual/recipient.c @@ -0,0 +1,94 @@ +/*++ +/* NAME +/* recipient 3 +/* SUMMARY +/* deliver to one local recipient +/* SYNOPSIS +/* #include "virtual.h" +/* +/* int deliver_recipient(state, usr_attr) +/* LOCAL_STATE state; +/* USER_ATTR *usr_attr; +/* DESCRIPTION +/* deliver_recipient() delivers a message to a local recipient. +/* +/* Arguments: +/* .IP state +/* The attributes that specify the message, sender, and more. +/* .IP usr_attr +/* Attributes describing user rights and mailbox location. +/* DIAGNOSTICS +/* deliver_recipient() returns non-zero when delivery should be +/* tried again. +/* SEE ALSO +/* mailbox(3) delivery to UNIX-style mailbox +/* maildir(3) delivery to qmail-style maildir +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> + +/* Utility library. */ + +#include <msg.h> +#include <mymalloc.h> +#include <stringops.h> + +/* Global library. */ + +#include <bounce.h> + +/* Application-specific. */ + +#include "virtual.h" + +/* deliver_recipient - deliver one local recipient */ + +int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) +{ + const char *myname = "deliver_recipient"; + VSTRING *folded; + int rcpt_stat; + + /* + * Make verbose logging easier to understand. + */ + state.level++; + if (msg_verbose) + MSG_LOG_STATE(myname, state); + + /* + * Set up the recipient-specific attributes. The recipient's lookup + * handle is the full address. + */ + if (state.msg_attr.delivered == 0) + state.msg_attr.delivered = state.msg_attr.rcpt.address; + folded = vstring_alloc(100); + state.msg_attr.user = casefold(folded, state.msg_attr.rcpt.address); + + /* + * Deliver + */ + if (msg_verbose) + deliver_attr_dump(&state.msg_attr); + + if (deliver_mailbox(state, usr_attr, &rcpt_stat) == 0) + rcpt_stat = deliver_unknown(state); + + /* + * Cleanup. + */ + vstring_free(folded); + + return (rcpt_stat); +} diff --git a/src/virtual/unknown.c b/src/virtual/unknown.c new file mode 100644 index 0000000..ad8d64a --- /dev/null +++ b/src/virtual/unknown.c @@ -0,0 +1,65 @@ +/*++ +/* NAME +/* unknown 3 +/* SUMMARY +/* delivery of unknown recipients +/* SYNOPSIS +/* #include "virtual.h" +/* +/* int deliver_unknown(state) +/* LOCAL_STATE state; +/* DESCRIPTION +/* deliver_unknown() delivers a message for unknown recipients. +/* .PP +/* Arguments: +/* .IP state +/* Message delivery attributes (sender, recipient etc.). +/* .IP usr_attr +/* Attributes describing user rights and mailbox location. +/* DIAGNOSTICS +/* The result status is non-zero when delivery should be tried again. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include <sys_defs.h> + +/* Utility library. */ + +#include <msg.h> + +/* Global library. */ + +#include <bounce.h> + +/* Application-specific. */ + +#include "virtual.h" + +/* deliver_unknown - delivery for unknown recipients */ + +int deliver_unknown(LOCAL_STATE state) +{ + const char *myname = "deliver_unknown"; + + /* + * Make verbose logging easier to understand. + */ + state.level++; + if (msg_verbose) + MSG_LOG_STATE(myname, state); + + dsb_simple(state.msg_attr.why, "5.1.1", + "unknown user: \"%s\"", state.msg_attr.user); + return (bounce_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr))); +} diff --git a/src/virtual/virtual.c b/src/virtual/virtual.c new file mode 100644 index 0000000..9665b55 --- /dev/null +++ b/src/virtual/virtual.c @@ -0,0 +1,573 @@ +/*++ +/* NAME +/* virtual 8 +/* SUMMARY +/* Postfix virtual domain mail delivery agent +/* SYNOPSIS +/* \fBvirtual\fR [generic Postfix daemon options] +/* DESCRIPTION +/* The \fBvirtual\fR(8) delivery agent is designed for virtual mail +/* hosting services. Originally based on the Postfix \fBlocal\fR(8) +/* delivery +/* agent, this agent looks up recipients with map lookups of their +/* full recipient address, instead of using hard-coded unix password +/* file lookups of the address local part only. +/* +/* This delivery agent only delivers mail. Other features such as +/* mail forwarding, out-of-office notifications, etc., must be +/* configured via virtual_alias maps or via similar lookup mechanisms. +/* MAILBOX LOCATION +/* .ad +/* .fi +/* The mailbox location is controlled by the \fBvirtual_mailbox_base\fR +/* and \fBvirtual_mailbox_maps\fR configuration parameters (see below). +/* The \fBvirtual_mailbox_maps\fR table is indexed by the recipient +/* address as described under TABLE SEARCH ORDER below. +/* +/* The mailbox pathname is constructed as follows: +/* +/* .nf +/* \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR +/* .fi +/* +/* where \fIrecipient\fR is the full recipient address. +/* UNIX MAILBOX FORMAT +/* .ad +/* .fi +/* When the mailbox location does not end in \fB/\fR, the message +/* is delivered in UNIX mailbox format. This format stores multiple +/* messages in one textfile. +/* +/* The \fBvirtual\fR(8) delivery agent prepends a "\fBFrom \fIsender +/* time_stamp\fR" envelope header to each message, prepends a +/* \fBDelivered-To:\fR message header with the envelope recipient +/* address, +/* prepends an \fBX-Original-To:\fR header with the recipient address as +/* given to Postfix, +/* prepends a \fBReturn-Path:\fR message header with the +/* envelope sender address, prepends a \fB>\fR character to lines +/* beginning with "\fBFrom \fR", and appends an empty line. +/* +/* The mailbox is locked for exclusive access while delivery is in +/* progress. In case of problems, an attempt is made to truncate the +/* mailbox to its original length. +/* QMAIL MAILDIR FORMAT +/* .ad +/* .fi +/* When the mailbox location ends in \fB/\fR, the message is delivered +/* in qmail \fBmaildir\fR format. This format stores one message per file. +/* +/* The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered-To:\fR +/* message header with the final envelope recipient address, +/* prepends an \fBX-Original-To:\fR header with the recipient address as +/* given to Postfix, and prepends a +/* \fBReturn-Path:\fR message header with the envelope sender address. +/* +/* By definition, \fBmaildir\fR format does not require application-level +/* file locking during mail delivery or retrieval. +/* MAILBOX OWNERSHIP +/* .ad +/* .fi +/* Mailbox ownership is controlled by the \fBvirtual_uid_maps\fR +/* and \fBvirtual_gid_maps\fR lookup tables, which are indexed +/* with the full recipient address. Each table provides +/* a string with the numerical user and group ID, respectively. +/* +/* The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on +/* numerical user ID values that may be specified in any +/* \fBvirtual_uid_maps\fR. +/* CASE FOLDING +/* .ad +/* .fi +/* All delivery decisions are made using the full recipient +/* address, folded to lower case. See also the next section +/* for a few exceptions with optional address extensions. +/* TABLE SEARCH ORDER +/* .ad +/* .fi +/* Normally, a lookup table is specified as a text file that +/* serves as input to the \fBpostmap\fR(1) command. The result, an +/* indexed file in \fBdbm\fR or \fBdb\fR format, is used for fast +/* searching by the mail system. +/* +/* The search order is as follows. The search stops +/* upon the first successful lookup. +/* .IP \(bu +/* When the recipient has an optional address extension the +/* \fIuser+extension@domain.tld\fR address is looked up first. +/* .sp +/* With Postfix versions before 2.1, the optional address extension +/* is always ignored. +/* .IP \(bu +/* The \fIuser@domain.tld\fR address, without address extension, +/* is looked up next. +/* .IP \(bu +/* Finally, the recipient \fI@domain\fR is looked up. +/* .PP +/* When the table is provided via other means such as NIS, LDAP +/* or SQL, the same lookups are done as for ordinary indexed files. +/* +/* Alternatively, a table can be provided as a regular-expression +/* map where patterns are given as regular expressions. In that case, +/* only the full recipient address is given to the regular-expression +/* map. +/* SECURITY +/* .ad +/* .fi +/* The \fBvirtual\fR(8) delivery agent is not security sensitive, provided +/* that the lookup tables with recipient user/group ID information are +/* adequately protected. This program is not designed to run chrooted. +/* +/* The \fBvirtual\fR(8) delivery agent disallows regular expression +/* substitution of $1 etc. in regular expression lookup tables, +/* because that would open a security hole. +/* +/* The \fBvirtual\fR(8) delivery agent will silently ignore requests +/* to use the \fBproxymap\fR(8) server. Instead it will open the +/* table directly. Before Postfix version 2.2, the virtual +/* delivery agent will terminate with a fatal error. +/* STANDARDS +/* RFC 822 (ARPA Internet Text Messages) +/* DIAGNOSTICS +/* Mail bounces when the recipient has no mailbox or when the +/* recipient is over disk quota. In all other cases, mail for +/* an existing recipient is deferred and a warning is logged. +/* +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). +/* Corrupted message files are marked so that the queue +/* manager can move them to the \fBcorrupt\fR queue afterwards. +/* +/* Depending on the setting of the \fBnotify_classes\fR parameter, +/* the postmaster is notified of bounces and of other trouble. +/* BUGS +/* This delivery agent supports address extensions in email +/* addresses and in lookup table keys, but does not propagate +/* address extension information to the result of table lookup. +/* +/* Postfix should have lookup tables that can return multiple result +/* attributes. In order to avoid the inconvenience of maintaining +/* three tables, use an LDAP or MYSQL database. +/* CONFIGURATION PARAMETERS +/* .ad +/* .fi +/* Changes to \fBmain.cf\fR are picked up automatically, as +/* \fBvirtual\fR(8) +/* processes run for only a limited amount of time. Use the command +/* "\fBpostfix reload\fR" to speed up a change. +/* +/* The text below provides only a parameter summary. See +/* \fBpostconf\fR(5) for more details including examples. +/* MAILBOX DELIVERY CONTROLS +/* .ad +/* .fi +/* .IP "\fBvirtual_mailbox_base (empty)\fR" +/* A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname +/* results from $virtual_mailbox_maps table lookups. +/* .IP "\fBvirtual_mailbox_maps (empty)\fR" +/* Optional lookup tables with all valid addresses in the domains that +/* match $virtual_mailbox_domains. +/* .IP "\fBvirtual_minimum_uid (100)\fR" +/* The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts +/* as a result from $virtual_uid_maps table lookup. +/* .IP "\fBvirtual_uid_maps (empty)\fR" +/* Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8) +/* delivery agent uses while writing to the recipient's mailbox. +/* .IP "\fBvirtual_gid_maps (empty)\fR" +/* Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox +/* delivery. +/* .PP +/* Available in Postfix version 2.0 and later: +/* .IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" +/* Postfix is final destination for the specified list of domains; +/* mail is delivered via the $virtual_transport mail delivery transport. +/* .IP "\fBvirtual_transport (virtual)\fR" +/* The default mail delivery transport and next-hop destination for +/* final delivery to domains listed with $virtual_mailbox_domains. +/* .PP +/* Available in Postfix version 2.5.3 and later: +/* .IP "\fBstrict_mailbox_ownership (yes)\fR" +/* Defer delivery when a mailbox file is not owned by its recipient. +/* LOCKING CONTROLS +/* .ad +/* .fi +/* .IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR" +/* How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting +/* delivery. +/* .IP "\fBdeliver_lock_attempts (20)\fR" +/* The maximal number of attempts to acquire an exclusive lock on a +/* mailbox file or \fBbounce\fR(8) logfile. +/* .IP "\fBdeliver_lock_delay (1s)\fR" +/* The time between attempts to acquire an exclusive lock on a mailbox +/* file or \fBbounce\fR(8) logfile. +/* .IP "\fBstale_lock_time (500s)\fR" +/* The time after which a stale exclusive mailbox lockfile is removed. +/* RESOURCE AND RATE CONTROLS +/* .ad +/* .fi +/* .IP "\fBvirtual_mailbox_limit (51200000)\fR" +/* The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or +/* maildir file, or zero (no limit). +/* .PP +/* Implemented in the qmgr(8) daemon: +/* .IP "\fBvirtual_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +/* The maximal number of parallel deliveries to the same destination +/* via the virtual message delivery transport. +/* .IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR" +/* The maximal number of recipients per message for the virtual +/* message delivery transport. +/* MISCELLANEOUS CONTROLS +/* .ad +/* .fi +/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" +/* The default location of the Postfix main.cf and master.cf +/* configuration files. +/* .IP "\fBdaemon_timeout (18000s)\fR" +/* How much time a Postfix daemon process may take to handle a +/* request before it is terminated by a built-in watchdog timer. +/* .IP "\fBdelay_logging_resolution_limit (2)\fR" +/* The maximal number of digits after the decimal point when logging +/* sub-second delay values. +/* .IP "\fBipc_timeout (3600s)\fR" +/* The time limit for sending or receiving information over an internal +/* communication channel. +/* .IP "\fBmax_idle (100s)\fR" +/* The maximum amount of time that an idle Postfix daemon process waits +/* for an incoming connection before terminating voluntarily. +/* .IP "\fBmax_use (100)\fR" +/* The maximal number of incoming connections that a Postfix daemon +/* process will service before terminating voluntarily. +/* .IP "\fBprocess_id (read-only)\fR" +/* The process ID of a Postfix command or daemon process. +/* .IP "\fBprocess_name (read-only)\fR" +/* The process name of a Postfix command or daemon process. +/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" +/* The location of the Postfix top-level queue directory. +/* .IP "\fBsyslog_facility (mail)\fR" +/* The syslog facility of Postfix logging. +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" +/* A prefix that is prepended to the process name in syslog +/* records, so that, for example, "smtpd" becomes "prefix/smtpd". +/* .PP +/* Available in Postfix version 3.0 and later: +/* .IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" +/* Optional filter for the \fBvirtual\fR(8) delivery agent to change the +/* delivery status code or explanatory text of successful or unsuccessful +/* deliveries. +/* .PP +/* Available in Postfix version 3.3 and later: +/* .IP "\fBenable_original_recipient (yes)\fR" +/* Enable support for the original recipient address after an +/* address is rewritten to a different address (for example with +/* aliasing or with canonical mapping). +/* .IP "\fBservice_name (read-only)\fR" +/* The master.cf service name of a Postfix daemon process. +/* .PP +/* Available in Postfix 3.5 and later: +/* .IP "\fBinfo_log_address_format (external)\fR" +/* The email address form that will be used in non-debug logging +/* (info, warning, etc.). +/* SEE ALSO +/* qmgr(8), queue manager +/* bounce(8), delivery status reports +/* postconf(5), configuration parameters +/* postlogd(8), Postfix logging +/* syslogd(8), system logging +/* README_FILES +/* Use "\fBpostconf readme_directory\fR" or +/* "\fBpostconf html_directory\fR" to locate this information. +/* VIRTUAL_README, domain hosting howto +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* HISTORY +/* .ad +/* .fi +/* This delivery agent was originally based on the Postfix local delivery +/* agent. Modifications mainly consisted of removing code that either +/* was not applicable or that was not safe in this context: aliases, +/* ~user/.forward files, delivery to "|command" or to /file/name. +/* +/* The \fBDelivered-To:\fR message header appears in the \fBqmail\fR +/* system by Daniel Bernstein. +/* +/* The \fBmaildir\fR structure appears in the \fBqmail\fR system +/* by Daniel Bernstein. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* +/* Andrew McNamara +/* andrewm@connect.com.au +/* connect.com.au Pty. Ltd. +/* Level 3, 213 Miller St +/* North Sydney 2060, NSW, Australia +/*--*/ + +/* System library. */ + +#include <sys_defs.h> +#include <stdlib.h> +#ifdef USE_PATHS_H +#include <paths.h> /* XXX mail_spool_dir dependency */ +#endif + +/* Utility library. */ + +#include <msg.h> +#include <vstring.h> +#include <vstream.h> +#include <iostuff.h> +#include <set_eugid.h> +#include <dict.h> + +/* Global library. */ + +#include <mail_queue.h> +#include <recipient_list.h> +#include <deliver_request.h> +#include <deliver_completed.h> +#include <mail_params.h> +#include <mail_version.h> +#include <mail_conf.h> +#include <mail_params.h> +#include <mail_addr_find.h> +#include <flush_clnt.h> + +/* Single server skeleton. */ + +#include <mail_server.h> + +/* Application-specific. */ + +#include "virtual.h" + + /* + * Tunable parameters. + */ +char *var_virt_mailbox_maps; +char *var_virt_uid_maps; +char *var_virt_gid_maps; +int var_virt_minimum_uid; +char *var_virt_mailbox_base; +char *var_virt_mailbox_lock; +long var_virt_mailbox_limit; +char *var_mail_spool_dir; /* XXX dependency fix */ +bool var_strict_mbox_owner; +char *var_virt_dsn_filter; + + /* + * Mappings. + */ +MAPS *virtual_mailbox_maps; +MAPS *virtual_uid_maps; +MAPS *virtual_gid_maps; + + /* + * Bit masks. + */ +int virtual_mbox_lock_mask; + +/* local_deliver - deliver message with extreme prejudice */ + +static int local_deliver(DELIVER_REQUEST *rqst, char *service) +{ + const char *myname = "local_deliver"; + RECIPIENT *rcpt_end = rqst->rcpt_list.info + rqst->rcpt_list.len; + RECIPIENT *rcpt; + int rcpt_stat; + int msg_stat; + LOCAL_STATE state; + USER_ATTR usr_attr; + + if (msg_verbose) + msg_info("local_deliver: %s from %s", rqst->queue_id, rqst->sender); + + /* + * Initialize the delivery attributes that are not recipient specific. + */ + state.level = 0; + deliver_attr_init(&state.msg_attr); + state.msg_attr.queue_name = rqst->queue_name; + state.msg_attr.queue_id = rqst->queue_id; + state.msg_attr.fp = rqst->fp; + state.msg_attr.offset = rqst->data_offset; + state.msg_attr.sender = rqst->sender; + state.msg_attr.dsn_envid = rqst->dsn_envid; + state.msg_attr.dsn_ret = rqst->dsn_ret; + state.msg_attr.relay = service; + state.msg_attr.msg_stats = rqst->msg_stats; + RESET_USER_ATTR(usr_attr, state.level); + state.request = rqst; + + /* + * Iterate over each recipient named in the delivery request. When the + * mail delivery status for a given recipient is definite (i.e. bounced + * or delivered), update the message queue file and cross off the + * recipient. Update the per-message delivery status. + */ + for (msg_stat = 0, rcpt = rqst->rcpt_list.info; rcpt < rcpt_end; rcpt++) { + state.msg_attr.rcpt = *rcpt; + rcpt_stat = deliver_recipient(state, usr_attr); + if (rcpt_stat == 0 && (rqst->flags & DEL_REQ_FLAG_SUCCESS)) + deliver_completed(state.msg_attr.fp, rcpt->offset); + msg_stat |= rcpt_stat; + } + + deliver_attr_free(&state.msg_attr); + return (msg_stat); +} + +/* local_service - perform service for client */ + +static void local_service(VSTREAM *stream, char *service, char **argv) +{ + DELIVER_REQUEST *request; + int status; + + /* + * Sanity check. This service takes no command-line arguments. + */ + if (argv[0]) + msg_fatal("unexpected command-line argument: %s", argv[0]); + + /* + * This routine runs whenever a client connects to the UNIX-domain socket + * that is dedicated to local mail delivery service. What we see below is + * a little protocol to (1) tell the client that we are ready, (2) read a + * delivery request from the client, and (3) report the completion status + * of that request. + */ + if ((request = deliver_request_read(stream)) != 0) { + status = local_deliver(request, service); + deliver_request_done(stream, request, status); + } +} + +/* pre_accept - see if tables have changed */ + +static void pre_accept(char *unused_name, char **unused_argv) +{ + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); + exit(0); + } +} + +/* post_init - post-jail initialization */ + +static void post_init(char *unused_name, char **unused_argv) +{ + + /* + * Drop privileges most of the time. + */ + set_eugid(var_owner_uid, var_owner_gid); + + /* + * No case folding needed: the recipient address is case folded. + */ + virtual_mailbox_maps = + maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps, + DICT_FLAG_LOCK | DICT_FLAG_PARANOID + | DICT_FLAG_UTF8_REQUEST); + + virtual_uid_maps = + maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps, + DICT_FLAG_LOCK | DICT_FLAG_PARANOID + | DICT_FLAG_UTF8_REQUEST); + + virtual_gid_maps = + maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps, + DICT_FLAG_LOCK | DICT_FLAG_PARANOID + | DICT_FLAG_UTF8_REQUEST); + + virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock); +} + +/* pre_init - pre-jail initialization */ + +static void pre_init(char *unused_name, char **unused_argv) +{ + + /* + * Reset the file size limit from the message size limit to the mailbox + * size limit. + * + * We can't have mailbox size limit smaller than the message size limit, + * because that prohibits the delivery agent from updating the queue + * file. + */ + if (ENFORCING_SIZE_LIMIT(var_virt_mailbox_limit)) { + if (!ENFORCING_SIZE_LIMIT(var_message_limit)) + msg_fatal("configuration error: %s is limited but %s is " + "unlimited", VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT); + if (var_virt_mailbox_limit < var_message_limit) + msg_fatal("configuration error: %s is smaller than %s", + VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT); + set_file_limit(var_virt_mailbox_limit); + } + + /* + * flush client. + */ + flush_init(); +} + +MAIL_VERSION_STAMP_DECLARE; + +/* main - pass control to the single-threaded skeleton */ + +int main(int argc, char **argv) +{ + static const CONFIG_INT_TABLE int_table[] = { + VAR_VIRT_MINUID, DEF_VIRT_MINUID, &var_virt_minimum_uid, 1, 0, + 0, + }; + static const CONFIG_LONG_TABLE long_table[] = { + VAR_VIRT_MAILBOX_LIMIT, DEF_VIRT_MAILBOX_LIMIT, &var_virt_mailbox_limit, 0, 0, + 0, + }; + static const CONFIG_STR_TABLE str_table[] = { + VAR_MAIL_SPOOL_DIR, DEF_MAIL_SPOOL_DIR, &var_mail_spool_dir, 0, 0, + VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, + VAR_VIRT_UID_MAPS, DEF_VIRT_UID_MAPS, &var_virt_uid_maps, 0, 0, + VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0, + VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0, + VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, + VAR_VIRT_DSN_FILTER, DEF_VIRT_DSN_FILTER, &var_virt_dsn_filter, 0, 0, + 0, + }; + static const CONFIG_BOOL_TABLE bool_table[] = { + VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, + 0, + }; + + /* + * Fingerprint executables and core dumps. + */ + MAIL_VERSION_STAMP_ALLOCATE; + + single_server_main(argc, argv, local_service, + CA_MAIL_SERVER_INT_TABLE(int_table), + CA_MAIL_SERVER_LONG_TABLE(long_table), + CA_MAIL_SERVER_STR_TABLE(str_table), + CA_MAIL_SERVER_BOOL_TABLE(bool_table), + CA_MAIL_SERVER_PRE_INIT(pre_init), + CA_MAIL_SERVER_POST_INIT(post_init), + CA_MAIL_SERVER_PRE_ACCEPT(pre_accept), + CA_MAIL_SERVER_PRIVILEGED, + CA_MAIL_SERVER_BOUNCE_INIT(VAR_VIRT_DSN_FILTER, + &var_virt_dsn_filter), + 0); +} diff --git a/src/virtual/virtual.h b/src/virtual/virtual.h new file mode 100644 index 0000000..75dd6cd --- /dev/null +++ b/src/virtual/virtual.h @@ -0,0 +1,150 @@ +/*++ +/* NAME +/* virtual 3h +/* SUMMARY +/* virtual mail delivery +/* SYNOPSIS +/* #include "virtual.h" +/* DESCRIPTION +/* .nf + + /* + * System library. + */ +#include <unistd.h> + + /* + * Utility library. + */ +#include <vstream.h> +#include <vstring.h> + + /* + * Global library. + */ +#include <deliver_request.h> +#include <maps.h> +#include <mbox_conf.h> +#include <dsn_buf.h> +#include <dsn.h> + + /* + * Mappings. + */ +extern MAPS *virtual_mailbox_maps; +extern MAPS *virtual_uid_maps; +extern MAPS *virtual_gid_maps; + + /* + * User attributes: these control the privileges for delivery to external + * commands, external files, or mailboxes, and the initial environment of + * external commands. + */ +typedef struct USER_ATTR { + uid_t uid; /* file/command access */ + gid_t gid; /* file/command access */ + char *mailbox; /* mailbox file or directory */ +} USER_ATTR; + + /* + * Critical macros. Not for obscurity, but to ensure consistency. + */ +#define RESET_USER_ATTR(usr_attr, level) { \ + usr_attr.uid = 0; usr_attr.gid = 0; usr_attr.mailbox = 0; \ + if (msg_verbose) \ + msg_info("%s[%d]: reset user_attr", myname, level); \ + } + + /* + * The delivery attributes are inherited from files, from aliases, and from + * whatnot. Some of the information is changed on the fly. DELIVER_ATTR + * structures are therefore passed by value, so there is no need to undo + * changes. + */ +typedef struct DELIVER_ATTR { + int level; /* recursion level */ + VSTREAM *fp; /* open queue file */ + char *queue_name; /* mail queue id */ + char *queue_id; /* mail queue id */ + long offset; /* data offset */ + const char *sender; /* taken from envelope */ + char *dsn_envid; /* DSN envelope ID */ + int dsn_ret; /* DSN headers/full */ + RECIPIENT rcpt; /* from delivery request */ + char *user; /* recipient lookup handle */ + const char *delivered; /* for loop detection */ + char *relay; /* relay host */ + MSG_STATS msg_stats; /* time profile */ + DSN_BUF *why; /* delivery status */ +} DELIVER_ATTR; + +extern void deliver_attr_init(DELIVER_ATTR *); +extern void deliver_attr_dump(DELIVER_ATTR *); +extern void deliver_attr_free(DELIVER_ATTR *); + +#define FEATURE_NODELIVERED (1<<0) /* no delivered-to */ + + /* + * Rather than schlepping around dozens of arguments, here is one that has + * all. Well, almost. The user attributes are just a bit too sensitive, so + * they are passed around separately. + */ +typedef struct LOCAL_STATE { + int level; /* nesting level, for logging */ + DELIVER_ATTR msg_attr; /* message/recipient attributes */ + DELIVER_REQUEST *request; /* as from queue manager */ +} LOCAL_STATE; + + /* + * Bundle up some often-user attributes. + */ +#define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS((request)->flags) + +#define BOUNCE_ATTR(attr) \ + attr.queue_id, &attr.msg_stats, &attr.rcpt, attr.relay, \ + DSN_FROM_DSN_BUF(attr.why) +#define SENT_ATTR(attr) \ + attr.queue_id, &attr.msg_stats, &attr.rcpt, attr.relay, \ + DSN_FROM_DSN_BUF(attr.why) +#define COPY_ATTR(attr) \ + attr.sender, attr.rcpt.orig_addr, attr.delivered, attr.fp + +#define MSG_LOG_STATE(m, p) \ + msg_info("%s[%d]: recip %s deliver %s", m, \ + p.level, \ + p.msg_attr.rcpt.address ? p.msg_attr.rcpt.address : "", \ + p.msg_attr.delivered ? p.msg_attr.delivered : "") + + /* + * "inner" nodes of the delivery graph. + */ +extern int deliver_recipient(LOCAL_STATE, USER_ATTR); + + /* + * "leaf" nodes of the delivery graph. + */ +extern int deliver_mailbox(LOCAL_STATE, USER_ATTR, int *); +extern int deliver_file(LOCAL_STATE, USER_ATTR, char *); +extern int deliver_maildir(LOCAL_STATE, USER_ATTR); +extern int deliver_unknown(LOCAL_STATE); + + /* + * Mailbox lock protocol. + */ +extern int virtual_mbox_lock_mask; + + /* + * Silly little macros. + */ +#define STR(s) vstring_str(s) + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ |