12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526 |
- #include "common.h"
- #include "smtpd.h"
- #include "smtp.h"
- #include <ctype.h>
- #include <ip.h>
- #include <ndb.h>
- #include <mp.h>
- #include <libsec.h>
- #include <auth.h>
- #include "../smtp/y.tab.h"
- #define DBGMX 1
- char *me;
- char *him="";
- char *dom;
- process *pp;
- String *mailer;
- NetConnInfo *nci;
- int filterstate = ACCEPT;
- int trusted;
- int logged;
- int rejectcount;
- int hardreject;
- Biobuf bin;
- int debug;
- int Dflag;
- int fflag;
- int gflag;
- int rflag;
- int sflag;
- int authenticate;
- int authenticated;
- int passwordinclear;
- char *tlscert;
- List senders;
- List rcvers;
- char pipbuf[ERRMAX];
- char *piperror;
- int pipemsg(int*);
- String* startcmd(void);
- int rejectcheck(void);
- String* mailerpath(char*);
- static int
- catchalarm(void *a, char *msg)
- {
- int rv = 1;
- USED(a);
- /* log alarms but continue */
- if(strstr(msg, "alarm")){
- if(senders.first && rcvers.first)
- syslog(0, "smtpd", "note: %s->%s: %s", s_to_c(senders.first->p),
- s_to_c(rcvers.first->p), msg);
- else
- syslog(0, "smtpd", "note: %s", msg);
- rv = 0;
- }
- /* kill the children if there are any */
- if(pp)
- syskillpg(pp->pid);
- return rv;
- }
- /* override string error functions to do something reasonable */
- void
- s_error(char *f, char *status)
- {
- char errbuf[Errlen];
- errbuf[0] = 0;
- rerrstr(errbuf, sizeof(errbuf));
- if(f && *f)
- reply("452 out of memory %s: %s\r\n", f, errbuf);
- else
- reply("452 out of memory %s\r\n", errbuf);
- syslog(0, "smtpd", "++Malloc failure %s [%s]", him, nci->rsys);
- exits(status);
- }
- void
- main(int argc, char **argv)
- {
- char *p, buf[1024];
- char *netdir;
- netdir = nil;
- quotefmtinstall();
- ARGBEGIN{
- case 'D':
- Dflag++;
- break;
- case 'd':
- debug++;
- break;
- case 'n': /* log peer ip address */
- netdir = ARGF();
- break;
- case 'f': /* disallow relaying */
- fflag = 1;
- break;
- case 'g':
- gflag = 1;
- break;
- case 'h': /* default domain name */
- dom = ARGF();
- break;
- case 'k': /* prohibited ip address */
- p = ARGF();
- if (p)
- addbadguy(p);
- break;
- case 'm': /* set mail command */
- p = ARGF();
- if(p)
- mailer = mailerpath(p);
- break;
- case 'r':
- rflag = 1; /* verify sender's domain */
- break;
- case 's': /* save blocked messages */
- sflag = 1;
- break;
- case 'a':
- authenticate = 1;
- break;
- case 'p':
- passwordinclear = 1;
- break;
- case 'c':
- tlscert = ARGF();
- break;
- case 't':
- fprint(2, "%s: the -t option is no longer supported, see -c\n", argv0);
- tlscert = "/sys/lib/ssl/smtpd-cert.pem";
- break;
- default:
- fprint(2, "usage: smtpd [-dfhrs] [-n net] [-c cert]\n");
- exits("usage");
- }ARGEND;
- nci = getnetconninfo(netdir, 0);
- if(nci == nil)
- sysfatal("can't get remote system's address");
- if(mailer == nil)
- mailer = mailerpath("send");
- if(debug){
- close(2);
- snprint(buf, sizeof(buf), "%s/smtpd.db", UPASLOG);
- if (open(buf, OWRITE) >= 0) {
- seek(2, 0, 2);
- fprint(2, "%d smtpd %s\n", getpid(), thedate());
- } else
- debug = 0;
- }
- getconf();
- Binit(&bin, 0, OREAD);
- chdir(UPASLOG);
- me = sysname_read();
- if(dom == 0 || dom[0] == 0)
- dom = domainname_read();
- if(dom == 0 || dom[0] == 0)
- dom = me;
- sayhi();
- parseinit();
- /* allow 45 minutes to parse the header */
- atnotify(catchalarm, 1);
- alarm(45*60*1000);
- zzparse();
- exits(0);
- }
- void
- listfree(List *l)
- {
- Link *lp;
- Link *next;
- for(lp = l->first; lp; lp = next){
- next = lp->next;
- s_free(lp->p);
- free(lp);
- }
- l->first = l->last = 0;
- }
- void
- listadd(List *l, String *path)
- {
- Link *lp;
- lp = (Link *)malloc(sizeof(Link));
- lp->p = path;
- lp->next = 0;
- if(l->last)
- l->last->next = lp;
- else
- l->first = lp;
- l->last = lp;
- }
- #define SIZE 4096
- int
- reply(char *fmt, ...)
- {
- char buf[SIZE], *out;
- va_list arg;
- int n;
- va_start(arg, fmt);
- out = vseprint(buf, buf+SIZE, fmt, arg);
- va_end(arg);
- n = (long)(out-buf);
- if(debug) {
- seek(2, 0, 2);
- write(2, buf, n);
- }
- write(1, buf, n);
- return n;
- }
- void
- reset(void)
- {
- if(rejectcheck())
- return;
- listfree(&rcvers);
- listfree(&senders);
- if(filterstate != DIALUP){
- logged = 0;
- filterstate = ACCEPT;
- }
- reply("250 ok\r\n");
- }
- void
- sayhi(void)
- {
- reply("220 %s SMTP\r\n", dom);
- }
- void
- hello(String *himp, int extended)
- {
- char **mynames;
- him = s_to_c(himp);
- syslog(0, "smtpd", "%s from %s as %s", extended ? "ehlo" : "helo", nci->rsys, him);
- if(rejectcheck())
- return;
- if(strchr(him, '.') && nci && !trusted && fflag && strcmp(nci->rsys, nci->lsys) != 0){
- /*
- * We don't care if he lies about who he is, but it is
- * not okay to pretend to be us. Many viruses do this,
- * just parroting back what we say in the greeting.
- */
- if(strcmp(him, dom) == 0)
- goto Liarliar;
- for(mynames=sysnames_read(); mynames && *mynames; mynames++){
- if(cistrcmp(*mynames, him) == 0){
- Liarliar:
- syslog(0, "smtpd", "Hung up on %s; claimed to be %s",
- nci->rsys, him);
- reply("554 Liar!\r\n");
- exits("client pretended to be us");
- return;
- }
- }
- }
- /*
- * it is never acceptable to claim to be "localhost",
- * "localhost.localdomain" or "localhost.example.com"; only spammers
- * do this. it is also unacceptable to claim any string that doesn't
- * look like a domain name (e.g., has at least one dot in it), but
- * Microsoft mail client software gets this wrong, so let trusted
- * (local) clients get it wrong.
- */
- if (!trusted && strchr(him, '.') == nil ||
- strcmp(him, "localhost.localdomain") == 0 ||
- strcmp(him, "localhost.example.com") == 0)
- goto Liarliar;
- /*
- * similarly, if the claimed domain is not an address-literal,
- * require at least one letter, which there will be in
- * at least the last component (e.g., .com, .net) if it's real.
- * this rejects non-address-literal IP addresses,
- * among other bogosities.
- */
- if (!trusted && him[0] != '[') {
- char *p;
- for (p = him; *p != '\0'; p++)
- if (isascii(*p) && isalpha(*p))
- break;
- if (*p == '\0')
- goto Liarliar;
- }
- if(strchr(him, '.') == 0 && nci != nil && strchr(nci->rsys, '.') != nil)
- him = nci->rsys;
- if(Dflag)
- sleep(15*1000);
- reply("250%c%s you are %s\r\n", extended ? '-' : ' ', dom, him);
- if (extended) {
- if(tlscert != nil)
- reply("250-STARTTLS\r\n");
- if (passwordinclear)
- reply("250 AUTH CRAM-MD5 PLAIN LOGIN\r\n");
- else
- reply("250 AUTH CRAM-MD5\r\n");
- }
- }
- void
- sender(String *path)
- {
- String *s;
- static char *lastsender;
- if(rejectcheck())
- return;
- if (authenticate && !authenticated) {
- rejectcount++;
- reply("530 Authentication required\r\n");
- return;
- }
- if(him == 0 || *him == 0){
- rejectcount++;
- reply("503 Start by saying HELO, please.\r\n", s_to_c(path));
- return;
- }
- /* don't add the domain onto black holes or we will loop */
- if(strchr(s_to_c(path), '!') == 0 && strcmp(s_to_c(path), "/dev/null") != 0){
- s = s_new();
- s_append(s, him);
- s_append(s, "!");
- s_append(s, s_to_c(path));
- s_terminate(s);
- s_free(path);
- path = s;
- }
- if(shellchars(s_to_c(path))){
- rejectcount++;
- reply("503 Bad character in sender address %s.\r\n", s_to_c(path));
- return;
- }
- /*
- * if the last sender address resulted in a rejection because the sending
- * domain didn't exist and this sender has the same domain, reject immediately.
- */
- if(lastsender){
- if (strncmp(lastsender, s_to_c(path), strlen(lastsender)) == 0){
- filterstate = REFUSED;
- rejectcount++;
- reply("554 Sender domain must exist: %s\r\n", s_to_c(path));
- return;
- }
- free(lastsender); /* different sender domain */
- lastsender = 0;
- }
- /*
- * see if this ip address, domain name, user name or account is blocked
- */
- filterstate = blocked(path);
- logged = 0;
- listadd(&senders, path);
- reply("250 sender is %s\r\n", s_to_c(path));
- }
- enum { Rcpt, Domain, Ntoks };
- typedef struct Sender Sender;
- struct Sender {
- Sender *next;
- char *rcpt;
- char *domain;
- };
- static Sender *sendlist, *sendlast;
- static uchar rsysip[IPaddrlen];
- static int
- rdsenders(void)
- {
- int lnlen, nf, ok = 1;
- char *line, *senderfile;
- char *toks[Ntoks];
- Biobuf *sf;
- Sender *snd;
- static int beenhere = 0;
- if (beenhere)
- return 1;
- beenhere = 1;
- fmtinstall('I', eipfmt);
- parseip(rsysip, nci->rsys);
- /*
- * we're sticking with a system-wide sender list because
- * per-user lists would require fully resolving recipient
- * addresses to determine which users they correspond to
- * (barring syntactic conventions).
- */
- senderfile = smprint("%s/senders", UPASLIB);
- sf = Bopen(senderfile, OREAD);
- free(senderfile);
- if (sf == nil)
- return 1;
- while ((line = Brdline(sf, '\n')) != nil) {
- if (line[0] == '#' || line[0] == '\n')
- continue;
- lnlen = Blinelen(sf);
- line[lnlen-1] = '\0'; /* clobber newline */
- nf = tokenize(line, toks, nelem(toks));
- if (nf != nelem(toks))
- continue; /* malformed line */
- snd = malloc(sizeof *snd);
- if (snd == nil)
- sysfatal("out of memory: %r");
- memset(snd, 0, sizeof *snd);
- snd->next = nil;
- if (sendlast == nil)
- sendlist = snd;
- else
- sendlast->next = snd;
- sendlast = snd;
- snd->rcpt = strdup(toks[Rcpt]);
- snd->domain = strdup(toks[Domain]);
- }
- Bterm(sf);
- return ok;
- }
- /*
- * read (recipient, sender's DNS) pairs from /mail/lib/senders.
- * Only allow mail to recipient from any of sender's IPs.
- * A recipient not mentioned in the file is always permitted.
- */
- static int
- senderok(char *rcpt)
- {
- int mentioned = 0, matched = 0;
- uchar dnsip[IPaddrlen];
- Sender *snd;
- Ndbtuple *nt, *next, *first;
- rdsenders();
- for (snd = sendlist; snd != nil; snd = snd->next) {
- if (strcmp(rcpt, snd->rcpt) != 0)
- continue;
- /*
- * see if this domain's ips match nci->rsys.
- * if not, perhaps a later entry's domain will.
- */
- mentioned = 1;
- if (parseip(dnsip, snd->domain) != -1 &&
- memcmp(rsysip, dnsip, IPaddrlen) == 0)
- return 1;
- /*
- * NB: nt->line links form a circular list(!).
- * we need to make one complete pass over it to free it all.
- */
- first = nt = dnsquery(nci->root, snd->domain, "ip");
- if (first == nil)
- continue;
- do {
- if (strcmp(nt->attr, "ip") == 0 &&
- parseip(dnsip, nt->val) != -1 &&
- memcmp(rsysip, dnsip, IPaddrlen) == 0)
- matched = 1;
- next = nt->line;
- free(nt);
- nt = next;
- } while (nt != first);
- }
- if (matched)
- return 1;
- else
- return !mentioned;
- }
- void
- receiver(String *path)
- {
- char *sender, *rcpt;
- if(rejectcheck())
- return;
- if(him == 0 || *him == 0){
- rejectcount++;
- reply("503 Start by saying HELO, please\r\n");
- return;
- }
- if(senders.last)
- sender = s_to_c(senders.last->p);
- else
- sender = "<unknown>";
- if(!recipok(s_to_c(path))){
- rejectcount++;
- syslog(0, "smtpd",
- "Disallowed %s (%s/%s) to blocked, unknown or invalid name %s",
- sender, him, nci->rsys, s_to_c(path));
- reply("550 %s ... user unknown\r\n", s_to_c(path));
- return;
- }
- rcpt = s_to_c(path);
- if (!senderok(rcpt)) {
- rejectcount++;
- syslog(0, "smtpd", "Disallowed sending IP of %s (%s/%s) to %s",
- sender, him, nci->rsys, rcpt);
- reply("550 %s ... sending system not allowed\r\n", rcpt);
- return;
- }
- logged = 0;
- /* forwarding() can modify 'path' on loopback request */
- if(filterstate == ACCEPT && (fflag && !authenticated) && forwarding(path)) {
- syslog(0, "smtpd", "Bad Forward %s (%s/%s) (%s)",
- s_to_c(senders.last->p), him, nci->rsys, s_to_c(path));
- rejectcount++;
- reply("550 we don't relay. send to your-path@[] for loopback.\r\n");
- return;
- }
- listadd(&rcvers, path);
- reply("250 receiver is %s\r\n", s_to_c(path));
- }
- void
- quit(void)
- {
- reply("221 Successful termination\r\n");
- close(0);
- exits(0);
- }
- void
- turn(void)
- {
- if(rejectcheck())
- return;
- reply("502 TURN unimplemented\r\n");
- }
- void
- noop(void)
- {
- if(rejectcheck())
- return;
- reply("250 Stop wasting my time!\r\n");
- }
- void
- help(String *cmd)
- {
- if(rejectcheck())
- return;
- if(cmd)
- s_free(cmd);
- reply("250 Read rfc821 and stop wasting my time\r\n");
- }
- void
- verify(String *path)
- {
- char *p, *q;
- char *av[4];
- if(rejectcheck())
- return;
- if(shellchars(s_to_c(path))){
- reply("503 Bad character in address %s.\r\n", s_to_c(path));
- return;
- }
- av[0] = s_to_c(mailer);
- av[1] = "-x";
- av[2] = s_to_c(path);
- av[3] = 0;
- pp = noshell_proc_start(av, (stream *)0, outstream(), (stream *)0, 1, 0);
- if (pp == 0) {
- reply("450 We're busy right now, try later\r\n");
- return;
- }
- p = Brdline(pp->std[1]->fp, '\n');
- if(p == 0){
- reply("550 String does not match anything.\r\n");
- } else {
- p[Blinelen(pp->std[1]->fp)-1] = 0;
- if(strchr(p, ':'))
- reply("550 String does not match anything.\r\n");
- else{
- q = strrchr(p, '!');
- if(q)
- p = q+1;
- reply("250 %s <%s@%s>\r\n", s_to_c(path), p, dom);
- }
- }
- proc_wait(pp);
- proc_free(pp);
- pp = 0;
- }
- /*
- * get a line that ends in crnl or cr, turn terminating crnl into a nl
- *
- * return 0 on EOF
- */
- static int
- getcrnl(String *s, Biobuf *fp)
- {
- int c;
- for(;;){
- c = Bgetc(fp);
- if(debug) {
- seek(2, 0, 2);
- fprint(2, "%c", c);
- }
- switch(c){
- case -1:
- goto out;
- case '\r':
- c = Bgetc(fp);
- if(c == '\n'){
- if(debug) {
- seek(2, 0, 2);
- fprint(2, "%c", c);
- }
- s_putc(s, '\n');
- goto out;
- }
- Bungetc(fp);
- s_putc(s, '\r');
- break;
- case '\n':
- s_putc(s, c);
- goto out;
- default:
- s_putc(s, c);
- break;
- }
- }
- out:
- s_terminate(s);
- return s_len(s);
- }
- void
- logcall(int nbytes)
- {
- Link *l;
- String *to, *from;
- to = s_new();
- from = s_new();
- for(l = senders.first; l; l = l->next){
- if(l != senders.first)
- s_append(from, ", ");
- s_append(from, s_to_c(l->p));
- }
- for(l = rcvers.first; l; l = l->next){
- if(l != rcvers.first)
- s_append(to, ", ");
- s_append(to, s_to_c(l->p));
- }
- syslog(0, "smtpd", "[%s/%s] %s sent %d bytes to %s", him, nci->rsys,
- s_to_c(from), nbytes, s_to_c(to));
- s_free(to);
- s_free(from);
- }
- static void
- logmsg(char *action)
- {
- Link *l;
- if(logged)
- return;
- logged = 1;
- for(l = rcvers.first; l; l = l->next)
- syslog(0, "smtpd", "%s %s (%s/%s) (%s)", action,
- s_to_c(senders.last->p), him, nci->rsys, s_to_c(l->p));
- }
- static int
- optoutall(int filterstate)
- {
- Link *l;
- switch(filterstate){
- case ACCEPT:
- case TRUSTED:
- return filterstate;
- }
- for(l = rcvers.first; l; l = l->next)
- if(!optoutofspamfilter(s_to_c(l->p)))
- return filterstate;
- return ACCEPT;
- }
- String*
- startcmd(void)
- {
- int n;
- Link *l;
- char **av;
- String *cmd;
- char *filename;
- /*
- * ignore the filterstate if the all the receivers prefer it.
- */
- filterstate = optoutall(filterstate);
- switch (filterstate){
- case BLOCKED:
- case DELAY:
- rejectcount++;
- logmsg("Blocked");
- filename = dumpfile(s_to_c(senders.last->p));
- cmd = s_new();
- s_append(cmd, "cat > ");
- s_append(cmd, filename);
- pp = proc_start(s_to_c(cmd), instream(), 0, outstream(), 0, 0);
- break;
- case DIALUP:
- logmsg("Dialup");
- rejectcount++;
- reply("554 We don't accept mail from dial-up ports.\r\n");
- /*
- * we could exit here, because we're never going to accept mail from this
- * ip address, but it's unclear that RFC821 allows that. Instead we set
- * the hardreject flag and go stupid.
- */
- hardreject = 1;
- return 0;
- case DENIED:
- logmsg("Denied");
- rejectcount++;
- reply("554-We don't accept mail from %s.\r\n", s_to_c(senders.last->p));
- reply("554 Contact postmaster@%s for more information.\r\n", dom);
- return 0;
- case REFUSED:
- logmsg("Refused");
- rejectcount++;
- reply("554 Sender domain must exist: %s\r\n", s_to_c(senders.last->p));
- return 0;
- default:
- case NONE:
- logmsg("Confused");
- rejectcount++;
- reply("554-We have had an internal mailer error classifying your message.\r\n");
- reply("554-Filterstate is %d\r\n", filterstate);
- reply("554 Contact postmaster@%s for more information.\r\n", dom);
- return 0;
- case ACCEPT:
- case TRUSTED:
- /*
- * now that all other filters have been passed,
- * do grey-list processing.
- */
- if(gflag)
- vfysenderhostok();
- /*
- * set up mail command
- */
- cmd = s_clone(mailer);
- n = 3;
- for(l = rcvers.first; l; l = l->next)
- n++;
- av = malloc(n*sizeof(char*));
- if(av == nil){
- reply("450 We're busy right now, try later\n");
- s_free(cmd);
- return 0;
- }
- n = 0;
- av[n++] = s_to_c(cmd);
- av[n++] = "-r";
- for(l = rcvers.first; l; l = l->next)
- av[n++] = s_to_c(l->p);
- av[n] = 0;
- /*
- * start mail process
- */
- pp = noshell_proc_start(av, instream(), outstream(), outstream(), 0, 0);
- free(av);
- break;
- }
- if(pp == 0) {
- reply("450 We're busy right now, try later\n");
- s_free(cmd);
- return 0;
- }
- return cmd;
- }
- /*
- * print out a header line, expanding any domainless addresses into
- * address@him
- */
- char*
- bprintnode(Biobuf *b, Node *p)
- {
- if(p->s){
- if(p->addr && strchr(s_to_c(p->s), '@') == nil){
- if(Bprint(b, "%s@%s", s_to_c(p->s), him) < 0)
- return nil;
- } else {
- if(Bwrite(b, s_to_c(p->s), s_len(p->s)) < 0)
- return nil;
- }
- }else{
- if(Bputc(b, p->c) < 0)
- return nil;
- }
- if(p->white)
- if(Bwrite(b, s_to_c(p->white), s_len(p->white)) < 0)
- return nil;
- return p->end+1;
- }
- static String*
- getaddr(Node *p)
- {
- for(; p; p = p->next)
- if(p->s && p->addr)
- return p->s;
- return nil;
- }
- /*
- * add waring headers of the form
- * X-warning: <reason>
- * for any headers that looked like they might be forged.
- *
- * return byte count of new headers
- */
- static int
- forgedheaderwarnings(void)
- {
- int nbytes;
- Field *f;
- nbytes = 0;
- /* warn about envelope sender */
- if(strcmp(s_to_c(senders.last->p), "/dev/null") != 0 && masquerade(senders.last->p, nil))
- nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect envelope domain\n");
- /*
- * check Sender: field. If it's OK, ignore the others because this is an
- * exploded mailing list.
- */
- for(f = firstfield; f; f = f->next){
- if(f->node->c == SENDER){
- if(masquerade(getaddr(f->node), him))
- nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect Sender: domain\n");
- else
- return nbytes;
- }
- }
- /* check From: */
- for(f = firstfield; f; f = f->next){
- if(f->node->c == FROM && masquerade(getaddr(f->node), him))
- nbytes += Bprint(pp->std[0]->fp, "X-warning: suspect From: domain\n");
- }
- return nbytes;
- }
- /*
- * pipe message to mailer with the following transformations:
- * - change \r\n into \n.
- * - add sender's domain to any addrs with no domain
- * - add a From: if none of From:, Sender:, or Replyto: exists
- * - add a Received: line
- */
- int
- pipemsg(int *byteswritten)
- {
- int status;
- char *cp;
- String *line;
- String *hdr;
- int n, nbytes;
- int sawdot;
- Field *f;
- Node *p;
- Link *l;
- pipesig(&status); /* set status to 1 on write to closed pipe */
- sawdot = 0;
- status = 0;
- /*
- * add a 'From ' line as envelope
- */
- nbytes = 0;
- nbytes += Bprint(pp->std[0]->fp, "From %s %s remote from \n",
- s_to_c(senders.first->p), thedate());
- /*
- * add our own Received: stamp
- */
- nbytes += Bprint(pp->std[0]->fp, "Received: from %s ", him);
- if(nci->rsys)
- nbytes += Bprint(pp->std[0]->fp, "([%s]) ", nci->rsys);
- nbytes += Bprint(pp->std[0]->fp, "by %s; %s\n", me, thedate());
- /*
- * read first 16k obeying '.' escape. we're assuming
- * the header will all be there.
- */
- line = s_new();
- hdr = s_new();
- while(sawdot == 0 && s_len(hdr) < 16*1024){
- n = getcrnl(s_reset(line), &bin);
- /* eof or error ends the message */
- if(n <= 0)
- break;
- /* a line with only a '.' ends the message */
- cp = s_to_c(line);
- if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
- sawdot = 1;
- break;
- }
- s_append(hdr, *cp == '.' ? cp+1 : cp);
- }
- /*
- * parse header
- */
- yyinit(s_to_c(hdr), s_len(hdr));
- yyparse();
- /*
- * Look for masquerades. Let Sender: trump From: to allow mailing list
- * forwarded messages.
- */
- if(fflag)
- nbytes += forgedheaderwarnings();
- /*
- * add an orginator and/or destination if either is missing
- */
- if(originator == 0){
- if(senders.last == nil)
- Bprint(pp->std[0]->fp, "From: /dev/null@%s\n", him);
- else
- Bprint(pp->std[0]->fp, "From: %s\n", s_to_c(senders.last->p));
- }
- if(destination == 0){
- Bprint(pp->std[0]->fp, "To: ");
- for(l = rcvers.first; l; l = l->next){
- if(l != rcvers.first)
- Bprint(pp->std[0]->fp, ", ");
- Bprint(pp->std[0]->fp, "%s", s_to_c(l->p));
- }
- Bprint(pp->std[0]->fp, "\n");
- }
- /*
- * add sender's domain to any domainless addresses
- * (to avoid forging local addresses)
- */
- cp = s_to_c(hdr);
- for(f = firstfield; cp != nil && f; f = f->next){
- for(p = f->node; cp != 0 && p; p = p->next)
- cp = bprintnode(pp->std[0]->fp, p);
- if(status == 0 && Bprint(pp->std[0]->fp, "\n") < 0){
- piperror = "write error";
- status = 1;
- }
- }
- if(cp == nil){
- piperror = "sender domain";
- status = 1;
- }
- /* write anything we read following the header */
- if(status == 0 && Bwrite(pp->std[0]->fp, cp, s_to_c(hdr) + s_len(hdr) - cp) < 0){
- piperror = "write error 2";
- status = 1;
- }
- s_free(hdr);
- /*
- * pass rest of message to mailer. take care of '.'
- * escapes.
- */
- while(sawdot == 0){
- n = getcrnl(s_reset(line), &bin);
- /* eof or error ends the message */
- if(n <= 0)
- break;
- /* a line with only a '.' ends the message */
- cp = s_to_c(line);
- if(n == 2 && *cp == '.' && *(cp+1) == '\n'){
- sawdot = 1;
- break;
- }
- nbytes += n;
- if(status == 0 && Bwrite(pp->std[0]->fp, *cp == '.' ? cp+1 : cp, n) < 0){
- piperror = "write error 3";
- status = 1;
- }
- }
- s_free(line);
- if(sawdot == 0){
- /* message did not terminate normally */
- snprint(pipbuf, sizeof pipbuf, "network eof: %r");
- piperror = pipbuf;
- syskillpg(pp->pid);
- status = 1;
- }
- if(status == 0 && Bflush(pp->std[0]->fp) < 0){
- piperror = "write error 4";
- status = 1;
- }
- stream_free(pp->std[0]);
- pp->std[0] = 0;
- *byteswritten = nbytes;
- pipesigoff();
- if(status && !piperror)
- piperror = "write on closed pipe";
- return status;
- }
- char*
- firstline(char *x)
- {
- static char buf[128];
- char *p;
- strncpy(buf, x, sizeof(buf));
- buf[sizeof(buf)-1] = 0;
- p = strchr(buf, '\n');
- if(p)
- *p = 0;
- return buf;
- }
- int
- sendermxcheck(void)
- {
- char *cp, *senddom, *user;
- char *who;
- int pid;
- Waitmsg *w;
- who = s_to_c(senders.first->p);
- if(strcmp(who, "/dev/null") == 0){
- /* /dev/null can only send to one rcpt at a time */
- if(rcvers.first != rcvers.last){
- werrstr("rejected: /dev/null sending to multiple recipients");
- return -1;
- }
- return 0;
- }
- if(access("/mail/lib/validatesender", AEXEC) < 0)
- return 0;
- senddom = strdup(who);
- if((cp = strchr(senddom, '!')) == nil){
- werrstr("rejected: domainless sender %s", who);
- free(senddom);
- return -1;
- }
- *cp++ = 0;
- user = cp;
- switch(pid = fork()){
- case -1:
- werrstr("deferred: fork: %r");
- return -1;
- case 0:
- /*
- * Could add an option with the remote IP address
- * to allow validatesender to implement SPF eventually.
- */
- execl("/mail/lib/validatesender", "validatesender",
- "-n", nci->root, senddom, user, nil);
- _exits("exec validatesender: %r");
- default:
- break;
- }
- free(senddom);
- w = wait();
- if(w == nil){
- werrstr("deferred: wait failed: %r");
- return -1;
- }
- if(w->pid != pid){
- werrstr("deferred: wait returned wrong pid %d != %d", w->pid, pid);
- free(w);
- return -1;
- }
- if(w->msg[0] == 0){
- free(w);
- return 0;
- }
- /*
- * skip over validatesender 143123132: prefix from rc.
- */
- cp = strchr(w->msg, ':');
- if(cp && *(cp+1) == ' ')
- werrstr("%s", cp+2);
- else
- werrstr("%s", w->msg);
- free(w);
- return -1;
- }
- void
- data(void)
- {
- String *cmd;
- String *err;
- int status, nbytes;
- char *cp, *ep;
- char errx[ERRMAX];
- Link *l;
- if(rejectcheck())
- return;
- if(senders.last == 0){
- reply("503 Data without MAIL FROM:\r\n");
- rejectcount++;
- return;
- }
- if(rcvers.last == 0){
- reply("503 Data without RCPT TO:\r\n");
- rejectcount++;
- return;
- }
- if(!trusted && sendermxcheck()){
- rerrstr(errx, sizeof errx);
- if(strncmp(errx, "rejected:", 9) == 0)
- reply("554 %s\r\n", errx);
- else
- reply("450 %s\r\n", errx);
- for(l=rcvers.first; l; l=l->next)
- syslog(0, "smtpd", "[%s/%s] %s -> %s sendercheck: %s",
- him, nci->rsys, s_to_c(senders.first->p),
- s_to_c(l->p), errx);
- rejectcount++;
- return;
- }
- cmd = startcmd();
- if(cmd == 0)
- return;
- reply("354 Input message; end with <CRLF>.<CRLF>\r\n");
- /*
- * allow 145 more minutes to move the data
- */
- alarm(145*60*1000);
- status = pipemsg(&nbytes);
- /*
- * read any error messages
- */
- err = s_new();
- while(s_read_line(pp->std[2]->fp, err))
- ;
- alarm(0);
- atnotify(catchalarm, 0);
- status |= proc_wait(pp);
- if(debug){
- seek(2, 0, 2);
- fprint(2, "%d status %ux\n", getpid(), status);
- if(*s_to_c(err))
- fprint(2, "%d error %s\n", getpid(), s_to_c(err));
- }
- /*
- * if process terminated abnormally, send back error message
- */
- if(status){
- int code;
- if(strstr(s_to_c(err), "mail refused")){
- syslog(0, "smtpd", "++[%s/%s] %s %s refused: %s", him, nci->rsys,
- s_to_c(senders.first->p), s_to_c(cmd), firstline(s_to_c(err)));
- code = 554;
- } else {
- syslog(0, "smtpd", "++[%s/%s] %s %s %s%s%sreturned %#q %s", him, nci->rsys,
- s_to_c(senders.first->p), s_to_c(cmd),
- piperror ? "error during pipemsg: " : "",
- piperror ? piperror : "",
- piperror ? "; " : "",
- pp->waitmsg->msg, firstline(s_to_c(err)));
- code = 450;
- }
- for(cp = s_to_c(err); ep = strchr(cp, '\n'); cp = ep){
- *ep++ = 0;
- reply("%d-%s\r\n", code, cp);
- }
- reply("%d mail process terminated abnormally\r\n", code);
- } else {
- /*
- * if a message appeared on stderr, despite good status,
- * log it. this can happen if rewrite.in contains a bad
- * r.e., for example.
- */
- if(*s_to_c(err))
- syslog(0, "smtpd",
- "%s returned good status, but said: %s",
- s_to_c(mailer), s_to_c(err));
- if(filterstate == BLOCKED)
- reply("554 we believe this is spam. we don't accept it.\r\n");
- else
- if(filterstate == DELAY)
- reply("554 There will be a delay in delivery of this message.\r\n");
- else {
- reply("250 sent\r\n");
- logcall(nbytes);
- }
- }
- proc_free(pp);
- pp = 0;
- s_free(cmd);
- s_free(err);
- listfree(&senders);
- listfree(&rcvers);
- }
- /*
- * when we have blocked a transaction based on IP address, there is nothing
- * that the sender can do to convince us to take the message. after the
- * first rejection, some spammers continually RSET and give a new MAIL FROM:
- * filling our logs with rejections. rejectcheck() limits the retries and
- * swiftly rejects all further commands after the first 500-series message
- * is issued.
- */
- int
- rejectcheck(void)
- {
- if(rejectcount > MAXREJECTS){
- syslog(0, "smtpd", "Rejected (%s/%s)", him, nci->rsys);
- reply("554 too many errors. transaction failed.\r\n");
- exits("errcount");
- }
- if(hardreject){
- rejectcount++;
- reply("554 We don't accept mail from dial-up ports.\r\n");
- }
- return hardreject;
- }
- /*
- * create abs path of the mailer
- */
- String*
- mailerpath(char *p)
- {
- String *s;
- if(p == nil)
- return nil;
- if(*p == '/')
- return s_copy(p);
- s = s_new();
- s_append(s, UPASBIN);
- s_append(s, "/");
- s_append(s, p);
- return s;
- }
- String *
- s_dec64(String *sin)
- {
- String *sout;
- int lin, lout;
- lin = s_len(sin);
- /*
- * if the string is coming from smtpd.y, it will have no nl.
- * if it is coming from getcrnl below, it will have an nl.
- */
- if (*(s_to_c(sin)+lin-1) == '\n')
- lin--;
- sout = s_newalloc(lin+1);
- lout = dec64((uchar *)s_to_c(sout), lin, s_to_c(sin), lin);
- if (lout < 0) {
- s_free(sout);
- return nil;
- }
- sout->ptr = sout->base + lout;
- s_terminate(sout);
- return sout;
- }
- void
- starttls(void)
- {
- uchar *cert;
- int certlen, fd;
- TLSconn *conn;
- if (tlscert == nil) {
- reply("454 TLS not available\r\n");
- return;
- }
- conn = mallocz(sizeof *conn, 1);
- cert = readcert(tlscert, &certlen);
- if (conn == nil || cert == nil) {
- if (conn != nil)
- free(conn);
- reply("454 TLS not available\r\n");
- return;
- }
- reply("220 Go ahead make my day\r\n");
- conn->cert = cert;
- conn->certlen = certlen;
- fd = tlsServer(Bfildes(&bin), conn);
- if (fd < 0) {
- free(cert);
- free(conn);
- syslog(0, "smtpd", "TLS start-up failed with %s", him);
- /* force the client to hang up */
- close(Bfildes(&bin)); /* probably fd 0 */
- close(1);
- exits("tls failed");
- }
- Bterm(&bin);
- Binit(&bin, fd, OREAD);
- if (dup(fd, 1) < 0)
- fprint(2, "dup of %d failed: %r\n", fd);
- passwordinclear = 1;
- syslog(0, "smtpd", "started TLS with %s", him);
- }
- void
- auth(String *mech, String *resp)
- {
- Chalstate *chs = nil;
- AuthInfo *ai = nil;
- String *s_resp1_64 = nil;
- String *s_resp2_64 = nil;
- String *s_resp1 = nil;
- String *s_resp2 = nil;
- char *scratch = nil;
- char *user, *pass;
- if (rejectcheck())
- goto bomb_out;
- syslog(0, "smtpd", "auth(%s, %s) from %s", s_to_c(mech),
- "(protected)", him);
- if (authenticated) {
- bad_sequence:
- rejectcount++;
- reply("503 Bad sequence of commands\r\n");
- goto bomb_out;
- }
- if (cistrcmp(s_to_c(mech), "plain") == 0) {
- if (!passwordinclear) {
- rejectcount++;
- reply("538 Encryption required for requested authentication mechanism\r\n");
- goto bomb_out;
- }
- s_resp1_64 = resp;
- if (s_resp1_64 == nil) {
- reply("334 \r\n");
- s_resp1_64 = s_new();
- if (getcrnl(s_resp1_64, &bin) <= 0) {
- goto bad_sequence;
- }
- }
- s_resp1 = s_dec64(s_resp1_64);
- if (s_resp1 == nil) {
- rejectcount++;
- reply("501 Cannot decode base64\r\n");
- goto bomb_out;
- }
- memset(s_to_c(s_resp1_64), 'X', s_len(s_resp1_64));
- user = (s_to_c(s_resp1) + strlen(s_to_c(s_resp1)) + 1);
- pass = user + (strlen(user) + 1);
- ai = auth_userpasswd(user, pass);
- authenticated = ai != nil;
- memset(pass, 'X', strlen(pass));
- goto windup;
- }
- else if (cistrcmp(s_to_c(mech), "login") == 0) {
- if (!passwordinclear) {
- rejectcount++;
- reply("538 Encryption required for requested authentication mechanism\r\n");
- goto bomb_out;
- }
- if (resp == nil) {
- reply("334 VXNlcm5hbWU6\r\n");
- s_resp1_64 = s_new();
- if (getcrnl(s_resp1_64, &bin) <= 0)
- goto bad_sequence;
- }
- reply("334 UGFzc3dvcmQ6\r\n");
- s_resp2_64 = s_new();
- if (getcrnl(s_resp2_64, &bin) <= 0)
- goto bad_sequence;
- s_resp1 = s_dec64(s_resp1_64);
- s_resp2 = s_dec64(s_resp2_64);
- memset(s_to_c(s_resp2_64), 'X', s_len(s_resp2_64));
- if (s_resp1 == nil || s_resp2 == nil) {
- rejectcount++;
- reply("501 Cannot decode base64\r\n");
- goto bomb_out;
- }
- ai = auth_userpasswd(s_to_c(s_resp1), s_to_c(s_resp2));
- authenticated = ai != nil;
- memset(s_to_c(s_resp2), 'X', s_len(s_resp2));
- windup:
- if (authenticated)
- reply("235 Authentication successful\r\n");
- else {
- rejectcount++;
- reply("535 Authentication failed\r\n");
- }
- goto bomb_out;
- }
- else if (cistrcmp(s_to_c(mech), "cram-md5") == 0) {
- char *resp;
- int chal64n;
- char *t;
- chs = auth_challenge("proto=cram role=server");
- if (chs == nil) {
- rejectcount++;
- reply("501 Couldn't get CRAM-MD5 challenge\r\n");
- goto bomb_out;
- }
- scratch = malloc(chs->nchal * 2 + 1);
- chal64n = enc64(scratch, chs->nchal * 2, (uchar *)chs->chal, chs->nchal);
- scratch[chal64n] = 0;
- reply("334 %s\r\n", scratch);
- s_resp1_64 = s_new();
- if (getcrnl(s_resp1_64, &bin) <= 0)
- goto bad_sequence;
- s_resp1 = s_dec64(s_resp1_64);
- if (s_resp1 == nil) {
- rejectcount++;
- reply("501 Cannot decode base64\r\n");
- goto bomb_out;
- }
- /* should be of form <user><space><response> */
- resp = s_to_c(s_resp1);
- t = strchr(resp, ' ');
- if (t == nil) {
- rejectcount++;
- reply("501 Poorly formed CRAM-MD5 response\r\n");
- goto bomb_out;
- }
- *t++ = 0;
- chs->user = resp;
- chs->resp = t;
- chs->nresp = strlen(t);
- ai = auth_response(chs);
- authenticated = ai != nil;
- goto windup;
- }
- rejectcount++;
- reply("501 Unrecognised authentication type %s\r\n", s_to_c(mech));
- bomb_out:
- if (ai)
- auth_freeAI(ai);
- if (chs)
- auth_freechal(chs);
- if (scratch)
- free(scratch);
- if (s_resp1)
- s_free(s_resp1);
- if (s_resp2)
- s_free(s_resp2);
- if (s_resp1_64)
- s_free(s_resp1_64);
- if (s_resp2_64)
- s_free(s_resp2_64);
- }
|