Google Git
Sign in
plan9port / plan9 / 3ebbd193dce0724e106ec9af627a3782676ae510 / . / src / cmd / upas / smtp / smtpd.c
blob: e59dbddd2ae63c26d0e94675e086be081e8e3cbd [file] [log] [blame]
#include "common.h"
#include "smtpd.h"
#include "smtp.h"
#include <ctype.h>
#include <ip.h>
#include <ndb.h>
#include <mp.h>
#include <libsec.h>
#include <auth.h>
#include <thread.h>
#include "../smtp/rfc822.tab.h"
#define DBGMX 1
char *me;
char *him="";
char *dom;
process *pp;
String *mailer;
NetConnInfo *nci;
int filterstate = ACCEPT;
int trusted;
int logged;
int rejectcount;
int hardreject;
Biobuf bin;
int debug;
int Dflag;
int fflag;
int gflag;
int rflag;
int sflag;
int authenticate;
int authenticated;
int passwordinclear;
char *tlscert;
List senders;
List rcvers;
char pipbuf[ERRMAX];
char *piperror;
int pipemsg(int*);
String* startcmd(void);
int rejectcheck(void);
String* mailerpath(char*);
static int
catchalarm(void *a, char *msg)
{
int rv = 1;
USED(a);
/* log alarms but continue */
if(strstr(msg, "alarm")){
if(senders.first && rcvers.first)
syslog(0, "smtpd", "note: %s->%s: %s", s_to_c(senders.first->p),
s_to_c(rcvers.first->p), msg);
else
syslog(0, "smtpd", "note: %s", msg);
rv = 0;
}
/* kill the children if there are any */
if(pp)
syskillpg(pp->pid);
return rv;
}
/* override string error functions to do something reasonable */
void
s_error(char *f, char *status)
{
char errbuf[Errlen];
errbuf[0] = 0;
rerrstr(errbuf, sizeof(errbuf));
if(f && *f)
reply("452 out of memory %s: %s\r\n", f, errbuf);
else
reply("452 out of memory %s\r\n", errbuf);
syslog(0, "smtpd", "++Malloc failure %s [%s]", him, nci->rsys);
threadexitsall(status);
}
void
threadmain(int argc, char **argv)
{
char *p, buf[1024];
char *netdir;
netdir = nil;
quotefmtinstall();
ARGBEGIN{
case 'D':
Dflag++;
break;
case 'd':
debug++;
break;
case 'n': /* log peer ip address */
netdir = ARGF();
break;
case 'f': /* disallow relaying */
fflag = 1;
break;
case 'g':
gflag = 1;
break;
case 'h': /* default domain name */
dom = ARGF();
break;
case 'k': /* prohibited ip address */
p = ARGF();
if (p)
addbadguy(p);
break;
case 'm': /* set mail command */
p = ARGF();
if(p)
mailer = mailerpath(p);
break;
case 'r':
rflag = 1; /* verify sender's domain */
break;
case 's': /* save blocked messages */
sflag = 1;
break;
case 'a':
authenticate = 1;
break;
case 'p':
passwordinclear = 1;
break;
case 'c':
fprint(2, "tls is not available\n");
threadexitsall("no tls");
tlscert = ARGF();
break;
case 't':
fprint(2, "%s: the -t option is no longer supported, see -c\n", argv0);
tlscert = "/sys/lib/ssl/smtpd-cert.pem";
break;
default:
fprint(2, "usage: smtpd [-dfhrs] [-n net] [-c cert]\n");
threadexitsall("usage");
}ARGEND;
nci = getnetconninfo(netdir, 0);
if(nci == nil)
sysfatal("can't get remote system's address");
if(mailer == nil)
mailer = mailerpath("send");
if(debug){
close(2);
snprint(buf, sizeof(buf), "%s/smtpd.db", UPASLOG);
if (open(buf, OWRITE) >= 0) {
seek(2, 0, 2);
fprint(2, "%d smtpd %s\n", getpid(), thedate());
} else
debug = 0;
}
getconf();
Binit(&bin, 0, OREAD);
chdir(UPASLOG);
me = sysname_read();
if(dom == 0 || dom[0] == 0)
dom = domainname_read();
if(dom == 0 || dom[0] == 0)
dom = me;
sayhi();
parseinit();
/* allow 45 minutes to parse the header */
atnotify(catchalarm, 1);
alarm(45*60*1000);
zzparse();
threadexitsall(0);
}
void
listfree(List *l)
{
Link *lp;
Link *next;
for(lp = l->first; lp; lp = next){
next = lp->next;
s_free(lp->p);
free(lp);
}
l->first = l->last = 0;
}
void
listadd(List *l, String *path)
{
Link *lp;
lp = (Link *)malloc(sizeof(Link));
lp->p = path;
lp->next = 0;
if(l->last)
l->last->next = lp;
else
l->first = lp;
l->last = lp;
}
#define SIZE 4096
int
reply(char *fmt, ...)
{
char buf[SIZE], *out;
va_list arg;
int n;
va_start(arg, fmt);
out = vseprint(buf, buf+SIZE, fmt, arg);
va_end(arg);
n = (long)(out-buf);
if(debug) {
seek(2, 0, 2);
write(2, buf, n);
}
write(1, buf, n);
return n;
}
void
reset(void)
{
if(rejectcheck())
return;
listfree(&rcvers);
listfree(&senders);
if(filterstate != DIALUP){
logged = 0;
filterstate = ACCEPT;
}
reply("250 ok\r\n");
}
void
sayhi(void)
{
reply("220 %s SMTP\r\n", dom);
}
void
hello(String *himp, int extended)
{
char **mynames;
him = s_to_c(himp);
syslog(0, "smtpd", "%s from %s as %s", extended ? "ehlo" : "helo", nci->rsys, him);
if(rejectcheck())
return;
if(strchr(him, '.') && nci && !trusted && fflag && strcmp(nci->rsys, nci->lsys) != 0){
/*
* We don't care if he lies about who he is, but it is
* not okay to pretend to be us. Many viruses do this,
* just parroting back what we say in the greeting.
*/
if(strcmp(him, dom) == 0)
goto Liarliar;
for(mynames=sysnames_read(); mynames && *mynames; mynames++){
if(cistrcmp(*mynames, him) == 0){
Liarliar:
syslog(0, "smtpd", "Hung up on %s; claimed to be %s",
nci->rsys, him);
reply("554 Liar!\r\n");
threadexitsall("client pretended to be us");
return;
}
}
}
/*
* it is never acceptable to claim to be "localhost",
* "localhost.localdomain" or "localhost.example.com"; only spammers
* do this. it should be unacceptable to claim any string that doesn't
* look like a domain name (e.g., has at least one dot in it), but
* Microsoft mail software gets this wrong.
*/
if (strcmp(him, "localhost") == 0 ||
strcmp(him, "localhost.localdomain") == 0 ||
strcmp(him, "localhost.example.com") == 0)
goto Liarliar;
if(strchr(him, '.') == 0 && nci != nil && strchr(nci->rsys, '.') != nil)
him = nci->rsys;
if(Dflag)
sleep(15*1000);
reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
if (extended) {
if(tlscert != nil)
reply("250-STARTTLS\r\n");
if (passwordinclear)
reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
else
reply("250 AUTH CRAM-MD5\r\n");
}
}
void
sender(String *path)
{
String *s;
static char *lastsender;
if(rejectcheck())
return;
if (authenticate && !authenticated) {
rejectcount++;
reply("530 Authentication required\r\n");
return;
}
if(him == 0 || *him == 0){
rejectcount++;
reply("503 Start by saying HELO, please.\r\n", s_to_c(path));
return;
}
/* don't add the domain onto black holes or we will loop */
if(strchr(s_to_c(path), '!') == 0 && strcmp(s_to_c(path), "/dev/null") != 0){
s = s_new();
s_append(s, him);
s_append(s, "!");
s_append(s, s_to_c(path));
s_terminate(s);
s_free(path);
path = s;
}
if(shellchars(s_to_c(path))){
rejectcount++;
reply("503 Bad character in sender address %s.\r\n", s_to_c(path));
return;
}
/*
* if the last sender address resulted in a rejection because the sending
* domain didn't exist and this sender has the same domain, reject immediately.
*/
if(lastsender){
if (strncmp(lastsender, s_to_c(path), strlen(lastsender)) == 0){
filterstate = REFUSED;
rejectcount++;
reply("554 Sender domain must exist: %s\r\n", s_to_c(path));
return;
}
free(lastsender); /* different sender domain */
lastsender = 0;
}
/*
* see if this ip address, domain name, user name or account is blocked
*/
filterstate = blocked(path);
logged = 0;
listadd(&senders, path);
reply("250 sender is %s\r\n", s_to_c(path));
}
enum { Rcpt, Domain, Ntoks };
typedef struct Sender Sender;
struct Sender {
Sender *next;
char *rcpt;
char *domain;
};
static Sender *sendlist, *sendlast;
static uchar rsysip[IPaddrlen];
static int
rdsenders(void)
{
int lnlen, nf, ok = 1;
char *line, *senderfile;
char *toks[Ntoks];
Biobuf *sf;
Sender *snd;
static int beenhere = 0;
if (beenhere)
return 1;
beenhere = 1;
fmtinstall('I', eipfmt);
parseip(rsysip, nci->rsys);
/*
* we're sticking with a system-wide sender list because
* per-user lists would require fully resolving recipient
* addresses to determine which users they correspond to
* (barring syntactic conventions).
*/
senderfile = smprint("%s/senders", UPASLIB);
sf = Bopen(senderfile, OREAD);
free(senderfile);
if (sf == nil)
return 1;
while ((line = Brdline(sf, '\n')) != nil) {
if (line[0] == '#' || line[0] == '\n')
continue;
lnlen = Blinelen(sf);
line[lnlen-1] = '\0'; /* clobber newline */
nf = tokenize(line, toks, nelem(toks));
if (nf != nelem(toks))
continue; /* malformed line */
snd = malloc(sizeof *snd);
if (snd == nil)
sysfatal("out of memory: %r");
memset(snd, 0, sizeof *snd);
snd->next = nil;
if (sendlast == nil)
sendlist = snd;
else
sendlast->next = snd;
sendlast = snd;
snd->rcpt = strdup(toks[Rcpt]);
snd->domain = strdup(toks[Domain]);
}
Bterm(sf);
return ok;
}
/*
* read (recipient, sender's DNS) pairs from /mail/lib/senders.
* Only allow mail to recipient from any of sender's IPs.
* A recipient not mentioned in the file is always permitted.
*/
static int
senderok(char *rcpt)
{
int mentioned = 0, matched = 0;
uchar dnsip[IPaddrlen];
Sender *snd;
Ndbtuple *nt, *next, *first;
rdsenders();
for (snd = sendlist; snd != nil; snd = snd->next) {
if (strcmp(rcpt, snd->rcpt) != 0)
continue;
/*
* see if this domain's ips match nci->rsys.
* if not, perhaps a later entry's domain will.
*/
mentioned = 1;
if (parseip(dnsip, snd->domain) != -1 &&
memcmp(rsysip, dnsip, IPaddrlen) == 0)
return 1;
/*
* NB: nt->line links form a circular list(!).
* we need to make one complete pass over it to free it all.
*/
first = nt = dnsquery(nci->root, snd->domain, "ip");
if (first == nil)
continue;
do {
if (strcmp(nt->attr, "ip") == 0 &&
parseip(dnsip, nt->val) != -1 &&
memcmp(rsysip, dnsip, IPaddrlen) == 0)
matched = 1;
next = nt->line;
free(nt);
nt = next;
} while (nt != first);
}
if (matched)
return 1;
else
return !mentioned;
}
void
receiver(String *path)
{
char *sender, *rcpt;
if(rejectcheck())
return;
if(him == 0 || *him == 0){
rejectcount++;
reply("503 Start by saying HELO, please\r\n");
return;
}
if(senders.last)
sender = s_to_c(senders.last->p);
else
sender = "<unknown>";
if(!recipok(s_to_c(path))){
rejectcount++;
syslog(0, "smtpd", "Disallowed %s (%s/%s) to blocked name %s",
sender, him, nci->rsys, s_to_c(path));
reply("550 %s ... user unknown\r\n", s_to_c(path));
return;
}
rcpt = s_to_c(path);
if (!senderok(rcpt)) {
rejectcount++;
syslog(0, "smtpd", "Disallowed sending IP of %s (%s/%s) to %s",
sender, him, nci->rsys, rcpt);
reply("550 %s ... sending system not allowed\r\n", rcpt);
return;
}
logged = 0;
/* forwarding() can modify 'path' on loopback request */
if(filterstate == ACCEPT && (fflag && !authenticated) && forwarding(path)) {
syslog(0, "smtpd", "Bad Forward %s (%s/%s) (%s)",
s_to_c(senders.last->p), him, nci->rsys, s_to_c(path));
rejectcount++;
reply("550 we don't relay. send to your-path@[] for loopback.\r\n");
return;
}
listadd(&rcvers, path);
reply("250 receiver is %s\r\n", s_to_c(path));
}
void
quit(void)
{
reply("221 Successful termination\r\n");
close(0);
threadexitsall(0);
}
void
turn(void)
{
if(rejectcheck())
return;
reply("502 TURN unimplemented\r\n");
}
void
noop(void)
{
if(rejectcheck())
return;
reply("250 Stop wasting my time!\r\n");
}
void
help(String *cmd)
{
if(rejectcheck())
return;
if(cmd)
s_free(cmd);
reply("250 Read rfc821 and stop wasting my time\r\n");
}
void
verify(String *path)
{
char *p, *q;
char *av[4];
if(rejectcheck())
return;
if(shellchars(s_to_c(path))){
reply("503 Bad character in address %s.\r\n", s_to_c(path));
return;
}
av[0] = s_to_c(mailer);
av[1] = "-x";
av[2] = s_to_c(path);
av[3] = 0;
pp = noshell_proc_start(av, (stream *)0, outstream(), (stream *)0, 1, 0);
if (pp == 0) {
reply("450 We're busy right now, try later\r\n");
return;
}
p = Brdline(pp->std[1]->fp, '\n');
if(p == 0){
reply("550 String does not match anything.\r\n");
} else {
p[Blinelen(pp->std[1]->fp)-1] = 0;
if(strchr(p, ':'))
reply("550 String does not match anything.\r\n");
else{
q = strrchr(p, '!');
if(q)
p = q+1;
reply("250 %s <%s@%s>\r\n", s_to_c(path), p, dom);
}
}
proc_wait(pp);
proc_free(pp);
pp = 0;
}
/*
* get a line that ends in crnl or cr, turn terminating crnl into a nl
*
* return 0 on EOF
*/
static int
getcrnl(String *s, Biobuf *fp)
{
int c;
for(;;){
c = Bgetc(fp);
if(debug) {
seek(2, 0, 2);
fprint(2, "%c", c);
}
switch(c){
case -1:
goto out;
case '\r':
c = Bgetc(fp);
if(c == '\n'){
if(debug) {
seek(2, 0, 2);
fprint(2, "%c", c);
}
s_putc(s, '\n');
goto out;
}
Bungetc(fp);
s_putc(s, '\r');
break;
case '\n':
s_putc(s, c);
goto out;
default:
s_putc(s, c);
break;
}
}
out:
s_terminate(s);
return s_len(s);
}
void
logcall(int nbytes)
{
Link *l;
String *to, *from;
to = s_new();
from = s_new();
for(l = senders.first; l; l = l->next){
if(l != senders.first)
s_append(from, ", ");
s_append(from, s_to_c(l->p));
}
for(l = rcvers.first; l; l = l->next){
if(l != rcvers.first)
s_append(to, ", ");
s_append(to, s_to_c(l->p));
}
syslog(0, "smtpd", "[%s/%s] %s sent %d bytes to %s", him, nci->rsys,
s_to_c(from), nbytes, s_to_c(to));
s_free(to);
s_free(from);
}
static void
logmsg(char *action)
{
Link *l;
if(logged)
return;
logged = 1;
for(l = rcvers.first; l; l = l->next)
syslog(0, "smtpd", "%s %s (%s/%s) (%s)", action,
s_to_c(senders.last->p), him, nci->rsys, s_to_c(l->p));
}
static int
optoutall(int filterstate)
{
Link *l;
switch(filterstate){
case ACCEPT:
case TRUSTED:
return filterstate;
}
for(l = rcvers.first; l; l = l->next)
if(!optoutofspamfilter(s_to_c(l->p)))
return filterstate;
return ACCEPT;
}
String*
startcmd(void)
{
int n;
Link *l;
char **av;
String *cmd;
char *filename;
/*
* ignore the filterstate if the all the receivers prefer it.
*/
filterstate = optoutall(filterstate);
switch (filterstate){
case BLOCKED:
case DELAY:
rejectcount++;
logmsg("Blocked");
filename = dumpfile(s_to_c(senders.last->p));
cmd = s_new();
s_append(cmd, "cat > ");
s_append(cmd, filename);
pp = proc_start(s_to_c(cmd), instream(), 0, outstream(), 0, 0);
break;
case DIALUP:
logmsg("Dialup");
rejectcount++;
reply("554 We don't accept mail from dial-up ports.\r\n");
/*
* we could exit here, because we're never going to accept mail from this
* ip address, but it's unclear that RFC821 allows that. Instead we set
* the hardreject flag and go stupid.
*/
hardreject = 1;
return 0;
case DENIED:
logmsg("Denied");
rejectcount++;
reply("554-We don't accept mail from %s.\r\n", s_to_c(senders.last->p));
reply("554 Contact postmaster@%s for more information.\r\n", dom);
return 0;
case REFUSED:
logmsg("Refused");
rejectcount++;
reply("554 Sender domain must exist: %s\r\n", s_to_c(senders.last->p));
return 0;
default:
case NONE:
logmsg("Confused");
rejectcount++;
reply("554-We have had an internal mailer error classifying your message.\r\n");
reply("554-Filterstate is %d\r\n", filterstate);
reply("554 Contact postmaster@%s for more information.\r\n", dom);
return 0;
case ACCEPT:
case TRUSTED:
/*
* now that all other filters have been passed,
* do grey-list processing.
*/
if(gflag)
vfysenderhostok();
/*
* set up mail command
*/
cmd = s_clone(mailer);
n = 3;
for(l = rcvers.first; l; l = l->next)
n++;
av = malloc(n*sizeof(char*));
if(av == nil){
reply("450 We're busy right now, try later\n");
s_free(cmd);
return 0;
}
n = 0;
av[n++] = s_to_c(cmd);
av[n++] = "-r";
for(l = rcvers.first; l; l = l->next)
av[n++] = s_to_c(l->p);
av[n] = 0;
/*
* start mail process
*/
pp = noshell_proc_start(av, instream(), outstream(), outstream(), 0, 0);
free(av);
break;
}
if(pp == 0) {
reply("450 We're busy right now, try later\n");
s_free(cmd);
return 0;
}
return cmd;
}
/*
* print out a header line, expanding any domainless addresses into
* address@him
*/
char*
bprintnode(Biobuf *b, Node *p)
{
if(p->s){
if(p->addr && strchr(s_to_c(p->s), '@') == nil){
if(Bprint(b, "%s@%s", s_to_c(p->s), him) < 0)
return nil;
} else {
if(Bwrite(b, s_to_c(p->s), s_len(p->s)) < 0)
return nil;
}
}else{
if(Bputc(b, p->c) < 0)
return nil;
}
if(p->white)
if(Bwrite(b, s_to_c(p->white), s_len(p->white)) < 0)
return nil;
return p->end+1;
}
static String*
getaddr(Node *p)
{
for(; p; p = p->next)
if(p->s && p->addr)
return p->s;
return nil;
}
/*
* add waring headers of the form
* X-warning: <reason>
* for any headers that looked like they might be forged.
*
* return byte count of new headers
*/
static int
forgedheaderwarnings(void)
{
int nbytes;
Field *f;
nbytes = 0;
/* warn about envelope sender */
if(strcmp(s_to_c(senders.last->p), "/dev/null") != 0 && masquerade(senders.last->p, nil))
nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect envelope domain\n");
/*
* check Sender: field. If it's OK, ignore the others because this is an
* exploded mailing list.
*/
for(f = firstfield; f; f = f->next){
if(f->node->c == SENDER){
if(masquerade(getaddr(f->node), him))
nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect Sender: domain\n");
else
return nbytes;
}
}
/* check From: */
for(f = firstfield; f; f = f->next){
if(f->node->c == FROM && masquerade(getaddr(f->node), him))
nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect From: domain\n");
}
return nbytes;
}
/*
* pipe message to mailer with the following transformations:
* - change \r\n into \n.
* - add sender's domain to any addrs with no domain
* - add a From: if none of From:, Sender:, or Replyto: exists
* - add a Received: line
*/
int
pipemsg(int *byteswritten)
{
int status;
char *cp;
String *line;
String *hdr;
int n, nbytes;
int sawdot;
Field *f;
Node *p;
Link *l;
pipesig(&status); /* set status to 1 on write to closed pipe */
sawdot = 0;
status = 0;
/*
* add a 'From ' line as envelope
*/
nbytes = 0;
nbytes += Bprint(pp->std[0]->fp, "From %s %s remote from \n",
s_to_c(senders.first->p), thedate());
/*
* add our own Received: stamp
*/
nbytes += Bprint(pp->std[0]->fp, "Received: from %s ", him);
if(nci->rsys)
nbytes += Bprint(pp->std[0]->fp, "([%s]) ", nci->rsys);
nbytes += Bprint(pp->std[0]->fp, "by %s; %s\n", me, thedate());
/*
* read first 16k obeying '.' escape. we're assuming
* the header will all be there.
*/
line = s_new();
hdr = s_new();
while(sawdot == 0 && s_len(hdr) < 16*1024){
n = getcrnl(s_reset(line), &bin);
/* eof or error ends the message */
if(n <= 0)
break;
/* a line with only a '.' ends the message */
cp = s_to_c(line);
if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
sawdot = 1;
break;
}
s_append(hdr, *cp == '.' ? cp+1 : cp);
}
/*
* parse header
*/
yyinit(s_to_c(hdr), s_len(hdr));
yyparse();
/*
* Look for masquerades. Let Sender: trump From: to allow mailing list
* forwarded messages.
*/
if(fflag)
nbytes += forgedheaderwarnings();
/*
* add an orginator and/or destination if either is missing
*/
if(originator == 0){
if(senders.last == nil)
Bprint(pp->std[0]->fp, "From: /dev/null@%s\n", him);
else
Bprint(pp->std[0]->fp, "From: %s\n", s_to_c(senders.last->p));
}
if(destination == 0){
Bprint(pp->std[0]->fp, "To: ");
for(l = rcvers.first; l; l = l->next){
if(l != rcvers.first)
Bprint(pp->std[0]->fp, ", ");
Bprint(pp->std[0]->fp, "%s", s_to_c(l->p));
}
Bprint(pp->std[0]->fp, "\n");
}
/*
* add sender's domain to any domainless addresses
* (to avoid forging local addresses)
*/
cp = s_to_c(hdr);
for(f = firstfield; cp != nil && f; f = f->next){
for(p = f->node; cp != 0 && p; p = p->next)
cp = bprintnode(pp->std[0]->fp, p);
if(status == 0 && Bprint(pp->std[0]->fp, "\n") < 0){
piperror = "write error";
status = 1;
}
}
if(cp == nil){
piperror = "sender domain";
status = 1;
}
/* write anything we read following the header */
if(status == 0 && Bwrite(pp->std[0]->fp, cp, s_to_c(hdr) + s_len(hdr) - cp) < 0){
piperror = "write error 2";
status = 1;
}
s_free(hdr);
/*
* pass rest of message to mailer. take care of '.'
* escapes.
*/
while(sawdot == 0){
n = getcrnl(s_reset(line), &bin);
/* eof or error ends the message */
if(n <= 0)
break;
/* a line with only a '.' ends the message */
cp = s_to_c(line);
if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
sawdot = 1;
break;
}
nbytes += n;
if(status == 0 && Bwrite(pp->std[0]->fp, *cp == '.' ? cp+1 : cp, n) < 0){
piperror = "write error 3";
status = 1;
}
}
s_free(line);
if(sawdot == 0){
/* message did not terminate normally */
snprint(pipbuf, sizeof pipbuf, "network eof: %r");
piperror = pipbuf;
syskillpg(pp->pid);
status = 1;
}
if(status == 0 && Bflush(pp->std[0]->fp) < 0){
piperror = "write error 4";
status = 1;
}
stream_free(pp->std[0]);
pp->std[0] = 0;
*byteswritten = nbytes;
pipesigoff();
if(status && !piperror)
piperror = "write on closed pipe";
return status;
}
char*
firstline(char *x)
{
static char buf[128];
char *p;
strncpy(buf, x, sizeof(buf));
buf[sizeof(buf)-1] = 0;
p = strchr(buf, '\n');
if(p)
*p = 0;
return buf;
}
int
sendermxcheck(void)
{
char *cp, *senddom, *user;
char *who;
int pid;
Waitmsg *w;
static char *validate;
who = s_to_c(senders.first->p);
if(strcmp(who, "/dev/null") == 0){
/* /dev/null can only send to one rcpt at a time */
if(rcvers.first != rcvers.last){
werrstr("rejected: /dev/null sending to multiple recipients");
return -1;
}
return 0;
}
if(validate == nil)
validate = unsharp("#9/mail/lib/validatesender");
if(access(validate, AEXEC) < 0)
return 0;
senddom = strdup(who);
if((cp = strchr(senddom, '!')) == nil){
werrstr("rejected: domainless sender %s", who);
free(senddom);
return -1;
}
*cp++ = 0;
user = cp;
switch(pid = fork()){
case -1:
werrstr("deferred: fork: %r");
return -1;
case 0:
/*
* Could add an option with the remote IP address
* to allow validatesender to implement SPF eventually.
*/
execl(validate, "validatesender",
"-n", nci->root, senddom, user, nil);
threadexitsall("exec validatesender: %r");
default:
break;
}
free(senddom);
w = wait();
if(w == nil){
werrstr("deferred: wait failed: %r");
return -1;
}
if(w->pid != pid){
werrstr("deferred: wait returned wrong pid %d != %d", w->pid, pid);
free(w);
return -1;
}
if(w->msg[0] == 0){
free(w);
return 0;
}
/*
* skip over validatesender 143123132: prefix from rc.
*/
cp = strchr(w->msg, ':');
if(cp && *(cp+1) == ' ')
werrstr("%s", cp+2);
else
werrstr("%s", w->msg);
free(w);
return -1;
}
void
data(void)
{
String *cmd;
String *err;
int status, nbytes;
char *cp, *ep;
char errx[ERRMAX];
Link *l;
if(rejectcheck())
return;
if(senders.last == 0){
reply("503 Data without MAIL FROM:\r\n");
rejectcount++;
return;
}
if(rcvers.last == 0){
reply("503 Data without RCPT TO:\r\n");
rejectcount++;
return;
}
if(sendermxcheck()){
rerrstr(errx, sizeof errx);
if(strncmp(errx, "rejected:", 9) == 0)
reply("554 %s\r\n", errx);
else
reply("450 %s\r\n", errx);
for(l=rcvers.first; l; l=l->next)
syslog(0, "smtpd", "[%s/%s] %s -> %s sendercheck: %s",
him, nci->rsys, s_to_c(senders.first->p),
s_to_c(l->p), errx);
rejectcount++;
return;
}
cmd = startcmd();
if(cmd == 0)
return;
reply("354 Input message; end with <CRLF>.<CRLF>\r\n");
/*
* allow 145 more minutes to move the data
*/
alarm(145*60*1000);
status = pipemsg(&nbytes);
/*
* read any error messages
*/
err = s_new();
while(s_read_line(pp->std[2]->fp, err))
;
alarm(0);
atnotify(catchalarm, 0);
status |= proc_wait(pp);
if(debug){
seek(2, 0, 2);
fprint(2, "%d status %ux\n", getpid(), status);
if(*s_to_c(err))
fprint(2, "%d error %s\n", getpid(), s_to_c(err));
}
/*
* if process terminated abnormally, send back error message
*/
if(status){
int code;
if(strstr(s_to_c(err), "mail refused")){
syslog(0, "smtpd", "++[%s/%s] %s %s refused: %s", him, nci->rsys,
s_to_c(senders.first->p), s_to_c(cmd), firstline(s_to_c(err)));
code = 554;
} else {
syslog(0, "smtpd", "++[%s/%s] %s %s %s%s%sreturned %#q %s", him, nci->rsys,
s_to_c(senders.first->p), s_to_c(cmd),
piperror ? "error during pipemsg: " : "",
piperror ? piperror : "",
piperror ? "; " : "",
pp->waitmsg->msg, firstline(s_to_c(err)));
code = 450;
}
for(cp = s_to_c(err); ep = strchr(cp, '\n'); cp = ep){
*ep++ = 0;
reply("%d-%s\r\n", code, cp);
}
reply("%d mail process terminated abnormally\r\n", code);
} else {
/*
* if a message appeared on stderr, despite good status,
* log it. this can happen if rewrite.in contains a bad
* r.e., for example.
*/
if(*s_to_c(err))
syslog(0, "smtpd",
"%s returned good status, but said: %s",
s_to_c(mailer), s_to_c(err));
if(filterstate == BLOCKED)
reply("554 we believe this is spam. we don't accept it.\r\n");
else
if(filterstate == DELAY)
reply("554 There will be a delay in delivery of this message.\r\n");
else {
reply("250 sent\r\n");
logcall(nbytes);
}
}
proc_free(pp);
pp = 0;
s_free(cmd);
s_free(err);
listfree(&senders);
listfree(&rcvers);
}
/*
* when we have blocked a transaction based on IP address, there is nothing
* that the sender can do to convince us to take the message. after the
* first rejection, some spammers continually RSET and give a new MAIL FROM:
* filling our logs with rejections. rejectcheck() limits the retries and
* swiftly rejects all further commands after the first 500-series message
* is issued.
*/
int
rejectcheck(void)
{
if(rejectcount > MAXREJECTS){
syslog(0, "smtpd", "Rejected (%s/%s)", him, nci->rsys);
reply("554 too many errors. transaction failed.\r\n");
threadexitsall("errcount");
}
if(hardreject){
rejectcount++;
reply("554 We don't accept mail from dial-up ports.\r\n");
}
return hardreject;
}
/*
* create abs path of the mailer
*/
String*
mailerpath(char *p)
{
String *s;
if(p == nil)
return nil;
if(*p == '/')
return s_copy(p);
s = s_new();
s_append(s, UPASBIN);
s_append(s, "/");
s_append(s, p);
return s;
}
String *
s_dec64(String *sin)
{
String *sout;
int lin, lout;
lin = s_len(sin);
/*
* if the string is coming from smtpd.y, it will have no nl.
* if it is coming from getcrnl below, it will have an nl.
*/
if (*(s_to_c(sin)+lin-1) == '\n')
lin--;
sout = s_newalloc(lin+1);
lout = dec64((uchar *)s_to_c(sout), lin, s_to_c(sin), lin);
if (lout < 0) {
s_free(sout);
return nil;
}
sout->ptr = sout->base + lout;
s_terminate(sout);
return sout;
}
void
starttls(void)
{
uchar *cert;
int certlen, fd;
TLSconn *conn;
conn = mallocz(sizeof *conn, 1);
cert = readcert(tlscert, &certlen);
if (conn == nil || cert == nil) {
if (conn != nil)
free(conn);
reply("454 TLS not available\r\n");
return;
}
reply("220 Go ahead make my day\r\n");
conn->cert = cert;
conn->certlen = certlen;
fd = tlsServer(Bfildes(&bin), conn);
if (fd < 0) {
free(cert);
free(conn);
syslog(0, "smtpd", "TLS start-up failed with %s", him);
/* force the client to hang up */
close(Bfildes(&bin)); /* probably fd 0 */
close(1);
threadexitsall("tls failed");
}
Bterm(&bin);
Binit(&bin, fd, OREAD);
if (dup(fd, 1) < 0)
fprint(2, "dup of %d failed: %r\n", fd);
passwordinclear = 1;
syslog(0, "smtpd", "started TLS with %s", him);
}
void
auth(String *mech, String *resp)
{
Chalstate *chs = nil;
AuthInfo *ai = nil;
String *s_resp1_64 = nil;
String *s_resp2_64 = nil;
String *s_resp1 = nil;
String *s_resp2 = nil;
char *scratch = nil;
char *user, *pass;
if (rejectcheck())
goto bomb_out;
syslog(0, "smtpd", "auth(%s, %s) from %s", s_to_c(mech),
"(protected)", him);
if (authenticated) {
bad_sequence:
rejectcount++;
reply("503 Bad sequence of commands\r\n");
goto bomb_out;
}
if (cistrcmp(s_to_c(mech), "plain") == 0) {
if (!passwordinclear) {
rejectcount++;
reply("538 Encryption required for requested authentication mechanism\r\n");
goto bomb_out;
}
s_resp1_64 = resp;
if (s_resp1_64 == nil) {
reply("334 \r\n");
s_resp1_64 = s_new();
if (getcrnl(s_resp1_64, &bin) <= 0) {
goto bad_sequence;
}
}
s_resp1 = s_dec64(s_resp1_64);
if (s_resp1 == nil) {
rejectcount++;
reply("501 Cannot decode base64\r\n");
goto bomb_out;
}
memset(s_to_c(s_resp1_64), 'X', s_len(s_resp1_64));
user = (s_to_c(s_resp1) + strlen(s_to_c(s_resp1)) + 1);
pass = user + (strlen(user) + 1);
ai = auth_userpasswd(user, pass);
authenticated = ai != nil;
memset(pass, 'X', strlen(pass));
goto windup;
}
else if (cistrcmp(s_to_c(mech), "login") == 0) {
if (!passwordinclear) {
rejectcount++;
reply("538 Encryption required for requested authentication mechanism\r\n");
goto bomb_out;
}
if (resp == nil) {
reply("334 VXNlcm5hbWU6\r\n");
s_resp1_64 = s_new();
if (getcrnl(s_resp1_64, &bin) <= 0)
goto bad_sequence;
}
reply("334 UGFzc3dvcmQ6\r\n");
s_resp2_64 = s_new();
if (getcrnl(s_resp2_64, &bin) <= 0)
goto bad_sequence;
s_resp1 = s_dec64(s_resp1_64);
s_resp2 = s_dec64(s_resp2_64);
memset(s_to_c(s_resp2_64), 'X', s_len(s_resp2_64));
if (s_resp1 == nil || s_resp2 == nil) {
rejectcount++;
reply("501 Cannot decode base64\r\n");
goto bomb_out;
}
ai = auth_userpasswd(s_to_c(s_resp1), s_to_c(s_resp2));
authenticated = ai != nil;
memset(s_to_c(s_resp2), 'X', s_len(s_resp2));
windup:
if (authenticated)
reply("235 Authentication successful\r\n");
else {
rejectcount++;
reply("535 Authentication failed\r\n");
}
goto bomb_out;
}
else if (cistrcmp(s_to_c(mech), "cram-md5") == 0) {
char *resp;
int chal64n;
char *t;
chs = auth_challenge("proto=cram role=server");
if (chs == nil) {
rejectcount++;
reply("501 Couldn't get CRAM-MD5 challenge\r\n");
goto bomb_out;
}
scratch = malloc(chs->nchal * 2 + 1);
chal64n = enc64(scratch, chs->nchal * 2, (uchar *)chs->chal, chs->nchal);
scratch[chal64n] = 0;
reply("334 %s\r\n", scratch);
s_resp1_64 = s_new();
if (getcrnl(s_resp1_64, &bin) <= 0)
goto bad_sequence;
s_resp1 = s_dec64(s_resp1_64);
if (s_resp1 == nil) {
rejectcount++;
reply("501 Cannot decode base64\r\n");
goto bomb_out;
}
/* should be of form <user><space><response> */
resp = s_to_c(s_resp1);
t = strchr(resp, ' ');
if (t == nil) {
rejectcount++;
reply("501 Poorly formed CRAM-MD5 response\r\n");
goto bomb_out;
}
*t++ = 0;
chs->user = resp;
chs->resp = t;
chs->nresp = strlen(t);
ai = auth_response(chs);
authenticated = ai != nil;
goto windup;
}
rejectcount++;
reply("501 Unrecognised authentication type %s\r\n", s_to_c(mech));
bomb_out:
if (ai)
auth_freeAI(ai);
if (chs)
auth_freechal(chs);
if (scratch)
free(scratch);
if (s_resp1)
s_free(s_resp1);
if (s_resp2)
s_free(s_resp2);
if (s_resp1_64)
s_free(s_resp1_64);
if (s_resp2_64)
s_free(s_resp2_64);
}