1 files changed, 327 insertions, 0 deletions
diff --git a/src/bounce/bounce_notify_service.c b/src/bounce/bounce_notify_service.c
new file mode 100644
index 0000000..d6c751f
--- /dev/null
+++ b/src/bounce/bounce_notify_service.c
@@ -0,0 +1,327 @@
+/*++
+/* NAME
+/*	bounce_notify_service 3
+/* SUMMARY
+/*	send non-delivery report to sender, server side
+/* SYNOPSIS
+/*	#include "bounce_service.h"
+/*
+/*	int     bounce_notify_service(flags, service, queue_name, queue_id,
+/*					encoding, smtputf8, sender, dsn_envid,
+/*					dsn_ret, templates)
+/*	int	flags;
+/*	char	*service;
+/*	char	*queue_name;
+/*	char	*queue_id;
+/*	char	*encoding;
+/*	int	smtputf8;
+/*	char	*sender;
+/*	char	*dsn_envid;
+/*	int	dsn_ret;
+/*	BOUNCE_TEMPLATES *templates;
+/* DESCRIPTION
+/*	This module implements the server side of the bounce_flush()
+/*	(send bounce message) request.
+/*
+/*	When a message bounces, a full copy is sent to the originator,
+/*	and an optional copy of the diagnostics with message headers is
+/*	sent to the postmaster.  The result is non-zero when the operation
+/*	should be tried again. Otherwise, the logfile is removed.
+/*
+/*	When a bounce is sent, the sender address is the empty
+/*	address.  When a bounce bounces, an optional double bounce
+/*	with the entire undeliverable mail is sent to the postmaster,
+/*	with as sender address the double bounce address.
+/* DIAGNOSTICS
+/*	Fatal error: error opening existing file.
+/* BUGS
+/* SEE ALSO
+/*	bounce(3) basic bounce service client interface
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+
+/* Utility library. */
+
+#include <msg.h>
+#include <vstream.h>
+#include <name_mask.h>
+#include <stringops.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+#include <mail_queue.h>
+#include <post_mail.h>
+#include <mail_addr.h>
+#include <mail_error.h>
+#include <bounce.h>
+#include <dsn_mask.h>
+#include <rec_type.h>
+
+/* Application-specific. */
+
+#include "bounce_service.h"
+
+#define STR vstring_str
+
+/* bounce_notify_service - send a bounce */
+
+int     bounce_notify_service(int flags, char *service, char *queue_name,
+			              char *queue_id, char *encoding,
+			              int smtputf8, char *recipient,
+			              char *dsn_envid, int dsn_ret,
+			              BOUNCE_TEMPLATES *ts)
+{
+    BOUNCE_INFO *bounce_info;
+    int     bounce_status = 1;
+    int     postmaster_status = 1;
+    VSTREAM *bounce;
+    int     notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks,
+				    var_notify_classes);
+    VSTRING *new_id = vstring_alloc(10);
+    char   *postmaster;
+    int     count;
+
+    /*
+     * Initialize. Open queue file, bounce log, etc.
+     * 
+     * XXX DSN The bounce service produces RFC 3464-style "failed mail" reports
+     * from information in two following types of logfile:
+     * 
+     * 1 - bounce: this file is used for RFC 3464-style reports of permanent
+     * delivery errors by the bounce(8) service. This reports to the sender
+     * all recipients that have no DSN NOTIFY information (compatibility) and
+     * all recipients that have DSN NOTIFY=FAILURE; this reports to
+     * postmaster all recipients, if postmaster notification is enabled.
+     * 
+     * 2 - defer: this file is used for three types of report:
+     * 
+     * 2a) RFC 3464-style "mail is too old" reports by the bounce(8) service.
+     * This reports to the sender all recipients that have no DSN NOTIFY
+     * information (compatibility) and all recipients that have DSN
+     * NOTIFY=FAILURE; this reports to postmaster all recipients, if
+     * postmaster notification is enabled.
+     * 
+     * Other reports that other servers produce from the defer logfile:
+     * 
+     * 2b) On-demand reports of all delayed deliveries by the showq(8) service
+     * and mailq(1) command. This reports all recipients that have a
+     * transient delivery error.
+     * 
+     * 2c) RFC 3464-style "delayed mail" notifications by the defer(8) service.
+     * This reports to the sender all recipients that have no DSN NOTIFY
+     * information (compatibility) and all recipients that have DSN
+     * NOTIFY=DELAY; this reports to postmaster all recipients, if postmaster
+     * notification is enabled.
+     */
+    bounce_info = bounce_mail_init(service, queue_name, queue_id,
+				   encoding, smtputf8, dsn_envid,
+				   ts->failure);
+
+#define NULL_SENDER		MAIL_ADDR_EMPTY	/* special address */
+#define NULL_TRACE_FLAGS	0
+
+    /*
+     * The choice of sender address depends on the recipient address. For a
+     * single bounce (a non-delivery notification to the message originator),
+     * the sender address is the empty string. For a double bounce (typically
+     * a failed single bounce, or a postmaster notification that was produced
+     * by any of the mail processes) the sender address is defined by the
+     * var_double_bounce_sender configuration variable. When a double bounce
+     * cannot be delivered, the queue manager blackholes the resulting triple
+     * bounce message.
+     */
+
+    /*
+     * Double bounce failed. Never send a triple bounce.
+     * 
+     * However, this does not prevent double bounces from bouncing on other
+     * systems. In order to cope with this, either the queue manager must
+     * recognize the double-bounce recipient address and discard mail, or
+     * every delivery agent must recognize the double-bounce sender address
+     * and substitute something else so mail does not come back at us.
+     */
+    if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) {
+	msg_warn("%s: undeliverable postmaster notification discarded",
+		 queue_id);
+	bounce_status = 0;
+    }
+
+    /*
+     * Single bounce failed. Optionally send a double bounce to postmaster,
+     * subject to notify_classes restrictions.
+     */
+#define ANY_BOUNCE (MAIL_ERROR_2BOUNCE | MAIL_ERROR_BOUNCE)
+#define SEND_POSTMASTER_ANY_BOUNCE_NOTICE (notify_mask & ANY_BOUNCE)
+
+    else if (*recipient == 0) {
+	if (!SEND_POSTMASTER_ANY_BOUNCE_NOTICE) {
+	    bounce_status = 0;
+	} else {
+	    postmaster = var_2bounce_rcpt;
+	    if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
+						 postmaster,
+						 MAIL_SRC_MASK_BOUNCE,
+						 NULL_TRACE_FLAGS,
+						 smtputf8,
+						 new_id)) != 0) {
+
+		/*
+		 * Double bounce to Postmaster. This is the last opportunity
+		 * for this message to be delivered. Send the text with
+		 * reason for the bounce, and the headers of the original
+		 * message. Don't bother sending the boiler-plate text.
+		 */
+		count = -1;
+		if (bounce_header(bounce, bounce_info, postmaster,
+				  POSTMASTER_COPY) == 0
+		    && (count = bounce_diagnostic_log(bounce, bounce_info,
+						   DSN_NOTIFY_OVERRIDE)) > 0
+		    && bounce_header_dsn(bounce, bounce_info) == 0
+		    && bounce_diagnostic_dsn(bounce, bounce_info,
+					     DSN_NOTIFY_OVERRIDE) > 0) {
+		    bounce_original(bounce, bounce_info, DSN_RET_FULL);
+		    bounce_status = post_mail_fclose(bounce);
+		    if (bounce_status == 0)
+			msg_info("%s: postmaster non-delivery notification: %s",
+				 queue_id, STR(new_id));
+		} else {
+		    /* No applicable recipients found - cancel this notice. */
+		    (void) vstream_fclose(bounce);
+		    if (count == 0)
+			bounce_status = 0;
+		}
+	    }
+	}
+    }
+
+    /*
+     * Non-bounce failed. Send a single bounce to the sender, subject to DSN
+     * NOTIFY restrictions.
+     */
+    else {
+	if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
+					     MAIL_SRC_MASK_BOUNCE,
+					     NULL_TRACE_FLAGS,
+					     smtputf8,
+					     new_id)) != 0) {
+
+	    /*
+	     * Send the bounce message header, some boilerplate text that
+	     * pretends that we are a polite mail system, the text with
+	     * reason for the bounce, and a copy of the original message.
+	     */
+	    count = -1;
+	    if (bounce_header(bounce, bounce_info, recipient,
+			      NO_POSTMASTER_COPY) == 0
+		&& bounce_boilerplate(bounce, bounce_info) == 0
+		&& (count = bounce_diagnostic_log(bounce, bounce_info,
+						  DSN_NOTIFY_FAILURE)) > 0
+		&& bounce_header_dsn(bounce, bounce_info) == 0
+		&& bounce_diagnostic_dsn(bounce, bounce_info,
+					 DSN_NOTIFY_FAILURE) > 0) {
+		bounce_original(bounce, bounce_info, dsn_ret ?
+				dsn_ret : DSN_RET_FULL);
+		bounce_status = post_mail_fclose(bounce);
+		if (bounce_status == 0)
+		    msg_info("%s: sender non-delivery notification: %s",
+			     queue_id, STR(new_id));
+	    } else {
+		/* No applicable recipients found - cancel this notice. */
+		(void) vstream_fclose(bounce);
+		if (count == 0)
+		    bounce_status = 0;
+	    }
+	}
+
+	/*
+	 * Optionally, send a postmaster notice, subject to notify_classes
+	 * restrictions.
+	 * 
+	 * This postmaster notice is not critical, so if it fails don't
+	 * retransmit the bounce that we just generated, just log a warning.
+	 */
+#define SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE (notify_mask & MAIL_ERROR_BOUNCE)
+
+	if (bounce_status == 0 && SEND_POSTMASTER_SINGLE_BOUNCE_NOTICE
+	    && strcasecmp_utf8(recipient, mail_addr_double_bounce()) != 0) {
+
+	    /*
+	     * Send the text with reason for the bounce, and the headers of
+	     * the original message. Don't bother sending the boiler-plate
+	     * text. This postmaster notice is not critical, so if it fails
+	     * don't retransmit the bounce that we just generated, just log a
+	     * warning.
+	     */
+	    postmaster = var_bounce_rcpt;
+	    if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
+						 postmaster,
+						 MAIL_SRC_MASK_BOUNCE,
+						 NULL_TRACE_FLAGS,
+						 smtputf8,
+						 new_id)) != 0) {
+		count = -1;
+		if (bounce_header(bounce, bounce_info, postmaster,
+				  POSTMASTER_COPY) == 0
+		    && (count = bounce_diagnostic_log(bounce, bounce_info,
+						   DSN_NOTIFY_OVERRIDE)) > 0
+		    && bounce_header_dsn(bounce, bounce_info) == 0
+		    && bounce_diagnostic_dsn(bounce, bounce_info,
+					     DSN_NOTIFY_OVERRIDE) > 0) {
+		    bounce_original(bounce, bounce_info, DSN_RET_HDRS);
+		    postmaster_status = post_mail_fclose(bounce);
+		    if (postmaster_status == 0)
+			msg_info("%s: postmaster non-delivery notification: %s",
+				 queue_id, STR(new_id));
+		} else {
+		    /* No applicable recipients found - cancel this notice. */
+		    (void) vstream_fclose(bounce);
+		    if (count == 0)
+			postmaster_status = 0;
+		}
+	    }
+	    if (postmaster_status)
+		msg_warn("%s: postmaster notice failed while bouncing to %s",
+			 queue_id, recipient);
+	}
+    }
+
+    /*
+     * Optionally, delete the recipients from the queue file.
+     */
+    if (bounce_status == 0 && (flags & BOUNCE_FLAG_DELRCPT))
+	bounce_delrcpt(bounce_info);
+
+    /*
+     * Examine the completion status. Delete the bounce log file only when
+     * the bounce was posted successfully, and only if we are bouncing for
+     * real, not just warning.
+     */
+    if (bounce_status == 0 && mail_queue_remove(service, queue_id)
+	&& errno != ENOENT)
+	msg_fatal("remove %s %s: %m", service, queue_id);
+
+    /*
+     * Cleanup.
+     */
+    bounce_mail_free(bounce_info);
+    vstring_free(new_id);
+
+    return (bounce_status);
+}