1
/* $Cambridge: exim/exim-src/src/deliver.c,v 1.21 2005/06/28 10:23:35 ph10 Exp $ */
1
3
/*************************************************
2
4
* Exim - an Internet mail transport agent *
3
5
*************************************************/
5
/* Copyright (c) University of Cambridge 1995 - 2004 */
7
/* Copyright (c) University of Cambridge 1995 - 2005 */
6
8
/* See the file NOTICE for conditions of use and distribution. */
8
10
/* The main code for delivering a message. */
201
212
deliver_localpart_suffix = addr->parent->suffix;
216
#ifdef EXPERIMENTAL_BRIGHTMAIL
217
/* Set expansion variables related to Brightmail AntiSpam */
218
bmi_base64_verdict = bmi_get_base64_verdict(deliver_localpart_orig, deliver_domain_orig);
219
bmi_base64_tracker_verdict = bmi_get_base64_tracker_verdict(bmi_base64_verdict);
220
/* get message delivery status (0 - don't deliver | 1 - deliver) */
221
bmi_deliver = bmi_get_delivery_status(bmi_base64_verdict);
222
/* if message is to be delivered, get eventual alternate location */
223
if (bmi_deliver == 1) {
224
bmi_alt_location = bmi_get_alt_location(bmi_base64_verdict);
206
230
/* For multiple addresses, don't set local part, and leave the domain and
706
730
/* If there's an error message set, ensure that it contains only printing
707
731
characters - it should, but occasionally things slip in and this at least
708
stops the log format from getting wrecked. */
732
stops the log format from getting wrecked. We also scan the message for an LDAP
733
expansion item that has a password setting, and flatten the password. This is a
734
fudge, but I don't know a cleaner way of doing this. (If the item is badly
735
malformed, it won't ever have gone near LDAP.) */
710
if (addr->message != NULL) addr->message = string_printing(addr->message);
737
if (addr->message != NULL)
739
addr->message = string_printing(addr->message);
740
if (Ustrstr(addr->message, "failed to expand") != NULL &&
741
(Ustrstr(addr->message, "ldap:") != NULL ||
742
Ustrstr(addr->message, "ldapdn:") != NULL ||
743
Ustrstr(addr->message, "ldapm:") != NULL))
745
uschar *p = Ustrstr(addr->message, "pass=");
749
while (*p != 0 && !isspace(*p)) *p++ = 'x';
712
754
/* If we used a transport that has one of the "return_output" options set, and
713
755
if it did in fact generate some output, then for return_output we treat the
836
878
if ((log_extra_selector & LX_sender_on_delivery) != 0)
837
879
s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">");
839
if ((log_extra_selector & LX_return_path_on_delivery) != 0)
840
s = string_append(s, &size, &ptr, 3, US" P=<", return_path, US">");
881
#ifdef EXPERIMENTAL_SRS
882
if(addr->p.srs_sender)
883
s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->p.srs_sender, US">");
886
/* You might think that the return path must always be set for a successful
887
delivery; indeed, I did for some time, until this statement crashed. The case
888
when it is not set is for a delivery to /dev/null which is optimised by not
891
if (used_return_path != NULL &&
892
(log_extra_selector & LX_return_path_on_delivery) != 0)
893
s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
842
895
/* For a delivery from a system filter, there may not be a router */
1036
1089
setflag(addr, af_ignore_error);
1038
1091
/* Freeze the message if requested, or if this is a bounce message (or other
1039
message with null sender). However, don't freeze if errors are being ignored.
1040
The actual code to ignore occurs later, instead of sending a message. Logging
1041
of freezing occurs later, just before writing the -H file. */
1092
message with null sender) and this address does not have its own errors
1093
address. However, don't freeze if errors are being ignored. The actual code
1094
to ignore occurs later, instead of sending a message. Logging of freezing
1095
occurs later, just before writing the -H file. */
1043
1097
if (!testflag(addr, af_ignore_error) &&
1044
(addr->special_action == SPECIAL_FREEZE || sender_address[0] == 0))
1098
(addr->special_action == SPECIAL_FREEZE ||
1099
(sender_address[0] == 0 && addr->p.errors_address == NULL)
1046
1102
frozen_info = (addr->special_action == SPECIAL_FREEZE)? US"" :
1047
1103
(sender_local && !local_error_message)?
1074
1130
if ((log_extra_selector & LX_sender_on_delivery) != 0)
1075
1131
s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">");
1077
/* Return patch may not be set if no delivery actually happened */
1133
/* Return path may not be set if no delivery actually happened */
1079
if (return_path != NULL &&
1135
if (used_return_path != NULL &&
1080
1136
(log_extra_selector & LX_return_path_on_delivery) != 0)
1082
s = string_append(s, &size, &ptr, 3, US" P=<", return_path, US">");
1138
s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
1085
1141
if (addr->router != NULL)
1398
1454
*************************************************/
1400
1456
/* Check that this base address hasn't previously been delivered to its routed
1401
transport. The check is necessary at delivery time in order to handle homonymic
1402
addresses correctly in cases where the pattern of redirection changes between
1403
delivery attempts (so the unique fields change). Non-homonymic previous
1404
delivery is detected earlier, at routing time (which saves unnecessary
1407
Argument: the address item
1457
transport. If it has been delivered, mark it done. The check is necessary at
1458
delivery time in order to handle homonymic addresses correctly in cases where
1459
the pattern of redirection changes between delivery attempts (so the unique
1460
fields change). Non-homonymic previous delivery is detected earlier, at routing
1461
time (which saves unnecessary routing).
1464
addr the address item
1465
testing TRUE if testing wanted only, without side effects
1408
1467
Returns: TRUE if previously delivered by the transport
1412
previously_transported(address_item *addr)
1471
previously_transported(address_item *addr, BOOL testing)
1414
1473
(void)string_format(big_buffer, big_buffer_size, "%s/%s",
1415
1474
addr->unique + (testflag(addr, af_homonym)? 3:0), addr->transport->name);
1483
1542
/* Set up the return path from the errors or sender address. If the transport
1484
1543
has its own return path setting, expand it and replace the existing value. */
1486
return_path = (addr->p.errors_address != NULL)?
1487
addr->p.errors_address : sender_address;
1545
if(addr->p.errors_address != NULL)
1546
return_path = addr->p.errors_address;
1547
#ifdef EXPERIMENTAL_SRS
1548
else if(addr->p.srs_sender != NULL)
1549
return_path = addr->p.srs_sender;
1552
return_path = sender_address;
1489
1554
if (tp->return_path != NULL)
1502
1567
else return_path = new_return_path;
1570
/* For local deliveries, one at a time, the value used for logging can just be
1571
set directly, once and for all. */
1573
used_return_path = return_path;
1505
1575
/* Sort out the uid, gid, and initgroups flag. If an error occurs, the message
1506
1576
gets put into the address(es), and the expansions are unset, so we can just
1657
1728
half - for transports that exec things (e.g. pipe). Then set the required
1660
close(pfd[pipe_read]);
1661
fcntl(pfd[pipe_write], F_SETFD, fcntl(pfd[pipe_write], F_GETFD) |
1731
(void)close(pfd[pipe_read]);
1732
(void)fcntl(pfd[pipe_write], F_SETFD, fcntl(pfd[pipe_write], F_GETFD) |
1663
1734
exim_setugid(uid, gid, use_initgroups,
1664
1735
string_sprintf("local delivery to %s <%s> transport=%s", addr->local_part,
1723
1794
int local_part_length = Ustrlen(addr2->local_part);
1726
write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int));
1727
write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count));
1728
write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags));
1729
write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int));
1730
write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int));
1731
write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int));
1732
write(pfd[pipe_write], (void *)&(addr2->transport),
1797
(void)write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int));
1798
(void)write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count));
1799
(void)write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags));
1800
(void)write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int));
1801
(void)write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int));
1802
(void)write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int));
1803
(void)write(pfd[pipe_write], (void *)&(addr2->transport),
1733
1804
sizeof(transport_instance *));
1735
1806
/* For a file delivery, pass back the local part, in case the original
1739
1810
if (testflag(addr2, af_file))
1741
write(pfd[pipe_write], (void *)&local_part_length, sizeof(int));
1742
write(pfd[pipe_write], addr2->local_part, local_part_length);
1812
(void)write(pfd[pipe_write], (void *)&local_part_length, sizeof(int));
1813
(void)write(pfd[pipe_write], addr2->local_part, local_part_length);
1745
1816
/* Now any messages */
1747
1818
for (i = 0, s = addr2->message; i < 2; i++, s = addr2->user_message)
1749
1820
int message_length = (s == NULL)? 0 : Ustrlen(s) + 1;
1750
write(pfd[pipe_write], (void *)&message_length, sizeof(int));
1751
if (message_length > 0) write(pfd[pipe_write], s, message_length);
1821
(void)write(pfd[pipe_write], (void *)&message_length, sizeof(int));
1822
if (message_length > 0) (void)write(pfd[pipe_write], s, message_length);
1755
1826
/* OK, this process is now done. Free any cached resources that it opened,
1756
1827
and close the pipe we were writing down before exiting. */
1758
close(pfd[pipe_write]);
1829
(void)close(pfd[pipe_write]);
1759
1830
search_tidyup();
1760
1831
exit(EXIT_SUCCESS);
2518
2591
Read in large chunks into the big buffer and then scan through, interpreting
2519
2592
the data therein. In most cases, only a single read will be necessary. No
2520
individual item will ever be anywhere near 500 bytes in length, so by ensuring
2521
that we read the next chunk when there is less than 500 bytes left in the
2522
non-final chunk, we can assume each item is complete in store before handling
2523
it. Actually, each item is written using a single write(), which is atomic for
2524
small items (less than PIPE_BUF, which seems to be at least 512 in any Unix) so
2525
even if we are reading while the subprocess is still going, we should never
2526
have only a partial item in the buffer.
2593
individual item will ever be anywhere near 2500 bytes in length, so by ensuring
2594
that we read the next chunk when there is less than 2500 bytes left in the
2595
non-final chunk, we can assume each item is complete in the buffer before
2596
handling it. Each item is written using a single write(), which is atomic for
2597
small items (less than PIPE_BUF, which seems to be at least 512 in any Unix and
2598
often bigger) so even if we are reading while the subprocess is still going, we
2599
should never have only a partial item in the buffer.
2529
2602
poffset the offset of the parlist item
2560
2633
Each separate item is written to the pipe in a single write(), and as they are
2561
2634
all short items, the writes will all be atomic and we should never find
2562
ourselves in the position of having read an incomplete item. */
2635
ourselves in the position of having read an incomplete item. "Short" in this
2636
case can mean up to about 1K in the case when there is a long error message
2637
associated with an address. */
2564
2639
DEBUG(D_deliver) debug_printf("reading pipe for subprocess %d (%s)\n",
2565
2640
(int)p->pid, eop? "ended" : "not ended");
3182
3257
else if (!parlist[poffset].done) (void)par_read_pipe(poffset, TRUE);
3184
/* Put the data count into a global, mark the data slot unused, decrement the
3185
count of subprocesses, and return the address chain. */
3259
/* Put the data count and return path into globals, mark the data slot unused,
3260
decrement the count of subprocesses, and return the address chain. */
3187
3262
transport_count = parlist[poffset].transport_count;
3263
used_return_path = parlist[poffset].return_path;
3188
3264
parlist[poffset].pid = 0;
3190
3266
return addrlist;
3239
3315
to an existing delivery channel, skip all but those addresses that can go to
3240
3316
that channel. The skipped addresses just get deferred.
3318
If mua_wrapper is set, all addresses must be able to be sent in a single
3319
transaction. If not, this function yields FALSE.
3242
3321
In Exim 4, remote deliveries are always done in separate processes, even
3243
3322
if remote_max_parallel = 1 or if there's only one delivery to do. The reason
3244
3323
is so that the base process can retain privilege. This makes the
3448
3539
/* Compute the return path, expanding a new one if required. The old one
3449
3540
must be set first, as it might be referred to in the expansion. */
3451
return_path = (addr->p.errors_address != NULL)?
3452
addr->p.errors_address : sender_address;
3542
if(addr->p.errors_address != NULL)
3543
return_path = addr->p.errors_address;
3544
#ifdef EXPERIMENTAL_SRS
3545
else if(addr->p.srs_sender != NULL)
3546
return_path = addr->p.srs_sender;
3549
return_path = sender_address;
3454
3551
if (tp->return_path != NULL)
3576
3673
distinguishes between EOF and no-more-data. */
3578
3675
#ifdef O_NONBLOCK
3579
fcntl(pfd[pipe_read], F_SETFL, O_NONBLOCK);
3676
(void)fcntl(pfd[pipe_read], F_SETFL, O_NONBLOCK);
3581
fcntl(pfd[pipe_read], F_SETFL, O_NDELAY);
3678
(void)fcntl(pfd[pipe_read], F_SETFL, O_NDELAY);
3584
3681
/* If the maximum number of subprocesses already exist, wait for a process
3651
3748
a new process that may be forked to do another delivery down the same
3652
3749
SMTP connection. */
3654
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
3751
(void)fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
3656
3753
/* Close open file descriptors for the pipes of other processes
3657
3754
that are running in parallel. */
3659
3756
for (poffset = 0; poffset < remote_max_parallel; poffset++)
3660
if (parlist[poffset].pid != 0) close(parlist[poffset].fd);
3757
if (parlist[poffset].pid != 0) (void)close(parlist[poffset].fd);
3662
3759
/* This process has inherited a copy of the file descriptor
3663
3760
for the data file, but its file pointer is shared with all the
3721
3818
if (h->address == NULL || h->status < hstatus_unusable) continue;
3722
3819
sprintf(CS big_buffer, "H%c%c%s", h->status, h->why, h->address);
3723
write(fd, big_buffer, Ustrlen(big_buffer+3) + 4);
3820
(void)write(fd, big_buffer, Ustrlen(big_buffer+3) + 4);
3726
3823
/* The number of bytes written. This is the same for each address. Even
3731
3828
big_buffer[0] = 'S';
3732
3829
memcpy(big_buffer+1, &transport_count, sizeof(transport_count));
3733
write(fd, big_buffer, sizeof(transport_count) + 1);
3830
(void)write(fd, big_buffer, sizeof(transport_count) + 1);
3735
3832
/* Information about what happened to each address. Three item types are
3736
3833
used: an optional 'X' item first, for TLS information, followed by 'R'
3798
3895
if (addr->message == NULL) *ptr++ = 0; else
3800
sprintf(CS ptr, "%.512s", addr->message);
3897
sprintf(CS ptr, "%.1024s", addr->message);
3804
3901
if (addr->user_message == NULL) *ptr++ = 0; else
3806
sprintf(CS ptr, "%.512s", addr->user_message);
3903
sprintf(CS ptr, "%.1024s", addr->user_message);
3816
3913
memcpy(ptr, &(addr->host_used->port), sizeof(addr->host_used->port));
3817
3914
ptr += sizeof(addr->host_used->port);
3819
write(fd, big_buffer, ptr - big_buffer);
3916
(void)write(fd, big_buffer, ptr - big_buffer);
3822
3919
/* Add termination flag, close the pipe, and that's it. The character
3827
3924
big_buffer[0] = 'Z';
3828
3925
big_buffer[1] = (continue_transport == NULL)? '0' : '1';
3829
write(fd, big_buffer, 2);
3926
(void)write(fd, big_buffer, 2);
3831
3928
exit(EXIT_SUCCESS);
3834
3931
/* Back in the mainline: close the unwanted half of the pipe. */
3836
close(pfd[pipe_write]);
3933
(void)close(pfd[pipe_write]);
3838
3935
/* Fork failed; defer with error message */
3842
close(pfd[pipe_read]);
3939
(void)close(pfd[pipe_read]);
3843
3940
remote_post_process(addr, LOG_MAIN|LOG_PANIC,
3844
3941
string_sprintf("fork failed for remote delivery to %s: %s",
3845
3942
addr->domain, strerror(errno)), fallback);
4145
4242
introducing newlines. All lines are indented by 4; the initial printing
4146
4243
position must be set before calling.
4245
This function used always to print the error. Nowadays we want to restrict it
4246
to cases such as SMTP errors from a remote host, and errors from :fail: and
4247
filter "fail". We no longer pass other information willy-nilly in bounce and
4248
warning messages. Text in user_message is always output; text in message only
4249
if the af_pass_message flag is set.
4149
addr points to the address
4150
4253
f the FILE to print on
4152
4256
Returns: nothing
4156
print_address_error(address_item *addr, FILE *f)
4260
print_address_error(address_item *addr, FILE *f, uschar *t)
4262
int count = Ustrlen(t);
4158
4263
uschar *s = (addr->user_message != NULL)? addr->user_message : addr->message;
4159
if (addr->basic_errno > 0)
4161
fprintf(f, "%s%s", strerror(addr->basic_errno),
4162
(s == NULL)? "" : ":\n ");
4166
if (addr->basic_errno <= 0) fprintf(f, "unknown error");
4265
if (addr->user_message != NULL)
4266
s = addr->user_message;
4173
if (*s == '\\' && s[1] == 'n')
4269
if (!testflag(addr, af_pass_message) || addr->message == NULL) return;
4273
fprintf(f, "\n %s", t);
4277
if (*s == '\\' && s[1] == 'n')
4287
if (*s++ == ':' && isspace(*s) && count > 45)
4289
fprintf(f, "\n "); /* sic (because space follows) */
4183
if (*s++ == ':' && isspace(*s) && count > 45)
4185
fprintf(f, "\n "); /* sic (because space follows) */
4301
/*************************************************
4302
* Check list of addresses for duplication *
4303
*************************************************/
4305
/* This function was introduced when the test for duplicate addresses that are
4306
not pipes, files, or autoreplies was moved from the middle of routing to when
4307
routing was complete. That was to fix obscure cases when the routing history
4308
affects the subsequent routing of identical addresses. If that change has to be
4309
reversed, this function is no longer needed. For a while, the old code that was
4310
affected by this change is commented with !!!OLD-DE-DUP!!! so it can be found
4313
This function is called after routing, to check that the final routed addresses
4314
are not duplicates. If we detect a duplicate, we remember what it is a
4315
duplicate of. Note that pipe, file, and autoreply de-duplication is handled
4316
during routing, so we must leave such "addresses" alone here, as otherwise they
4317
will incorrectly be discarded.
4319
Argument: address of list anchor
4324
do_duplicate_check(address_item **anchor)
4327
while ((addr = *anchor) != NULL)
4330
if (testflag(addr, af_pfr))
4332
anchor = &(addr->next);
4334
else if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
4336
DEBUG(D_deliver|D_route)
4337
debug_printf("%s is a duplicate address: discarded\n", addr->unique);
4338
*anchor = addr->next;
4339
addr->dupof = tnode->data.ptr;
4340
addr->next = addr_duplicate;
4341
addr_duplicate = addr;
4345
tree_add_duplicate(addr->unique, addr);
4346
anchor = &(addr->next);
4204
4362
will be locked.
4206
4364
If no delivery is attempted for any of the above reasons, the function returns
4207
FALSE, otherwise TRUE.
4365
DELIVER_NOT_ATTEMPTED.
4209
4367
If the give_up flag is set true, do not attempt any deliveries, but instead
4210
4368
fail all outstanding addresses and return the message to the sender (or
4213
4371
A delivery operation has a process all to itself; we never deliver more than
4214
one message in the same process. Therefore we needn't worry about store
4372
one message in the same process. Therefore we needn't worry too much about
4218
4376
id the id of the message to be delivered
4221
4379
give_up TRUE if an administrator has requested that delivery attempts
4224
Returns: OK if an attempt was made at delivering the message
4382
Returns: When the global variable mua_wrapper is FALSE:
4383
DELIVER_ATTEMPTED_NORMAL if a delivery attempt was made
4384
DELIVER_NOT_ATTEMPTED otherwise (see comment above)
4385
When the global variable mua_wrapper is TRUE:
4386
DELIVER_MUA_SUCCEEDED if delivery succeeded
4387
DELIVER_MUA_FAILED if delivery failed
4388
DELIVER_NOT_ATTEMPTED if not attempted (should not occur)
4229
4392
deliver_message(uschar *id, BOOL forced, BOOL give_up)
4395
int final_yield = DELIVER_ATTEMPTED_NORMAL;
4232
4396
time_t now = time(NULL);
4233
4397
address_item *addr_last = NULL;
4234
4398
uschar *filter_message = NULL;
4242
4406
string_sprintf("delivering %s (queue run pid %d)", id, queue_run_pid);
4244
4408
/* If the D_process_info bit is on, set_process_info() will output debugging
4245
information. If not, we want to show this inifial information if D_deliver or
4246
D_queue_run is set. */
4409
information. If not, we want to show this initial information if D_deliver or
4410
D_queue_run is set or in verbose mode. */
4248
4412
set_process_info("%s", info);
4250
4414
if ((debug_selector & D_process_info) == 0 &&
4251
(debug_selector & (D_deliver|D_queue_run)) != 0)
4415
(debug_selector & (D_deliver|D_queue_run|D_v)) != 0)
4252
4416
debug_printf("%s\n", info);
4254
4418
/* Ensure that we catch any subprocesses that are created. Although Exim
4317
4482
sprintf(CS big_buffer, "%s/input/%s/%s", spool_directory, message_subdir,
4319
4484
if (Ustat(big_buffer, &statbuf) == 0)
4321
int size = statbuf.st_size; /* Because might be a long */
4322
log_write(0, LOG_MAIN, "Format error in spool file %s: size=%d",
4485
log_write(0, LOG_MAIN, "Format error in spool file %s: "
4486
"size=" OFF_T_FMT, spoolname, statbuf.st_size);
4325
4487
else log_write(0, LOG_MAIN, "Format error in spool file %s", spoolname);
4390
4552
log_write(0, LOG_MAIN|LOG_PANIC, "attempt to open journal for reading gave: "
4391
4553
"%s", strerror(errno));
4392
return continue_closedown();
4554
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
4395
4557
/* A null recipients list indicates some kind of disaster. */
4397
4559
if (recipients_list == NULL)
4399
close(deliver_datafile);
4561
(void)close(deliver_datafile);
4400
4562
deliver_datafile = -1;
4401
4563
log_write(0, LOG_MAIN, "Spool error: no recipients for %s", spoolname);
4402
return continue_closedown();
4564
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
4439
4601
log_write(0, LOG_MAIN, "Unfrozen by errmsg timer");
4442
/* If there's no auto thaw, or we haven't reached the auto thaw time yet, and
4443
this delivery is not forced by an admin user, do not attempt delivery of this
4444
message. Note that forced is set for continuing messages down the same
4445
channel, in order to skip load checking and ignore hold domains, but we
4446
don't want unfreezing in that case. */
4604
/* If this is a bounce message, or there's no auto thaw, or we haven't
4605
reached the auto thaw time yet, and this delivery is not forced by an admin
4606
user, do not attempt delivery of this message. Note that forced is set for
4607
continuing messages down the same channel, in order to skip load checking and
4608
ignore hold domains, but we don't want unfreezing in that case. */
4450
if ((auto_thaw <= 0 || now <= deliver_frozen_at + auto_thaw) &&
4451
(!forced || !deliver_force_thaw || !admin_user ||
4452
continue_hostname != NULL))
4612
if ((sender_address[0] == 0 ||
4614
now <= deliver_frozen_at + auto_thaw
4617
(!forced || !deliver_force_thaw || !admin_user ||
4618
continue_hostname != NULL
4454
close(deliver_datafile);
4621
(void)close(deliver_datafile);
4455
4622
deliver_datafile = -1;
4456
4623
log_write(L_skip_delivery, LOG_MAIN, "Message is frozen");
4457
return continue_closedown();
4624
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
4460
4627
/* If delivery was forced (by an admin user), assume a manual thaw.
4574
4741
NULL, /* No :include: restriction (not used in filter) */
4742
NULL, /* No sieve vacation directory (not sieve!) */
4743
NULL, /* No sieve user address (not sieve!) */
4744
NULL, /* No sieve subaddress (not sieve!) */
4575
4745
&ugid, /* uid/gid data */
4576
4746
&addr_new, /* Where to hang generated addresses */
4577
4747
&filter_message, /* Where to put error message */
4584
4754
if (rc == FF_ERROR || rc == FF_NONEXIST)
4586
close(deliver_datafile);
4756
(void)close(deliver_datafile);
4587
4757
deliver_datafile = -1;
4588
4758
log_write(0, LOG_MAIN|LOG_PANIC, "Error in system filter: %s",
4589
4759
string_printing(filter_message));
4590
return continue_closedown();
4760
return continue_closedown(); /* yields DELIVER_NOT_ATTEMPTED */
4593
4763
/* Reset things. If the filter message is an empty string, which can happen
5373
/* !!!OLD-DE-DUP!!! We used to test for duplicates at this point, in order
5374
to save effort on routing duplicate addresses. However, facilities have
5375
been added to Exim so that now two identical addresses that are children of
5376
other addresses may be routed differently as a result of their previous
5377
routing history. For example, different redirect routers may have given
5378
them different redirect_router values, but there are other cases too.
5379
Therefore, tests for duplicates now take place when routing is complete.
5380
This is the old code, kept for a while for the record, and in case this
5381
radical change has to be backed out for some reason. */
5201
5384
/* If it's a duplicate, remember what it's a duplicate of */
5203
5386
if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
5525
5711
local_user_gid = (gid_t)(-1);
5526
5712
local_user_uid = (uid_t)(-1);
5715
/* !!!OLD-DE-DUP!!! The next two statement were introduced when checking for
5716
duplicates was moved from within routing to afterwards. If that change has to
5717
be backed out, they should be removed. */
5719
/* Check for any duplicate addresses. This check is delayed until after
5720
routing, because the flexibility of the routing configuration means that
5721
identical addresses with different parentage may end up being redirected to
5722
different addresses. Checking for duplicates too early (as we previously used
5723
to) makes this kind of thing not work. */
5725
do_duplicate_check(&addr_local);
5726
do_duplicate_check(&addr_remote);
5729
/* When acting as an MUA wrapper, we proceed only if all addresses route to a
5730
remote transport. The check that they all end up in one transaction happens in
5731
the do_remote_deliveries() function. */
5733
if (mua_wrapper && (addr_local != NULL || addr_failed != NULL ||
5734
addr_defer != NULL))
5737
uschar *which, *colon, *msg;
5739
if (addr_local != NULL)
5744
else if (addr_defer != NULL)
5747
which = US"deferred";
5755
while (addr->parent != NULL) addr = addr->parent;
5757
if (addr->message != NULL)
5760
msg = addr->message;
5762
else colon = msg = US"";
5764
/* We don't need to log here for a forced failure as it will already
5765
have been logged. Defer will also have been logged, but as a defer, so we do
5766
need to do the failure logging. */
5768
if (addr != addr_failed)
5769
log_write(0, LOG_MAIN, "** %s routing yielded a %s delivery",
5770
addr->address, which);
5772
/* Always write an error to the caller */
5774
fprintf(stderr, "routing %s yielded a %s delivery%s%s\n", addr->address,
5777
final_yield = DELIVER_MUA_FAILED;
5778
addr_failed = addr_defer = NULL; /* So that we remove the message */
5779
goto DELIVERY_TIDYUP;
5528
5783
/* If this is a run to continue deliveries to an external channel that is
5529
5784
already set up, defer any local deliveries. */
5584
5839
log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open journal file %s: %s",
5585
5840
spoolname, strerror(errno));
5841
return DELIVER_NOT_ATTEMPTED;
5589
5844
/* Set the close-on-exec flag, make the file owned by Exim, and ensure
5590
5845
that the mode is correct - the group setting doesn't always seem to get
5591
5846
set automatically. */
5593
fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC);
5594
fchown(journal_fd, exim_uid, exim_gid);
5595
fchmod(journal_fd, SPOOL_MODE);
5848
(void)fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC);
5849
(void)fchown(journal_fd, exim_uid, exim_gid);
5850
(void)fchmod(journal_fd, SPOOL_MODE);
5650
5905
regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
5653
/* Now sort the addresses if required, and do the deliveries. */
5908
/* Now sort the addresses if required, and do the deliveries. The yield of
5909
do_remote_deliveries is FALSE when mua_wrapper is set and all addresses
5910
cannot be delivered in one transaction. */
5655
5912
if (remote_sort_domains != NULL) sort_remote_deliveries();
5656
do_remote_deliveries(FALSE);
5913
if (!do_remote_deliveries(FALSE))
5915
log_write(0, LOG_MAIN, "** mua_wrapper is set but recipients cannot all "
5916
"be delivered in one transaction");
5917
fprintf(stderr, "delivery to smarthost failed (configuration problem)\n");
5919
final_yield = DELIVER_MUA_FAILED;
5920
addr_failed = addr_defer = NULL; /* So that we remove the message */
5921
goto DELIVERY_TIDYUP;
5658
5924
/* See if any of the addresses that failed got put on the queue for delivery
5659
5925
to their fallback hosts. We do it this way because often the same fallback
5660
5926
host is used for many domains, so all can be sent in a single transaction
5661
5927
(if appropriately configured). */
5663
if (addr_fallback != NULL)
5929
if (addr_fallback != NULL && !mua_wrapper)
5665
5931
DEBUG(D_deliver) debug_printf("Delivering to fallback hosts\n");
5666
5932
addr_remote = addr_fallback;
5685
5951
set_process_info("tidying up after delivering %s", message_id);
5686
5952
signal(SIGTERM, SIG_IGN);
5688
/* First we update the retry database. This is done in one fell swoop at the
5689
end in order not to keep opening and closing (and locking) the database. The
5690
code for handling retries is hived off into a separate module for convenience.
5691
We pass it the addresses of the various chains, because deferred addresses can
5692
get moved onto the failed chain if the retry cutoff time has expired for all
5693
alternative destinations. Bypass the updating of the database if the -N flag is
5694
set, which is a debugging thing that prevents actual delivery. */
5696
if (!dont_deliver) retry_update(&addr_defer, &addr_failed, &addr_succeed);
5954
/* When we are acting as an MUA wrapper, the smtp transport will either have
5955
succeeded for all addresses, or failed them all in normal cases. However, there
5956
are some setup situations (e.g. when a named port does not exist) that cause an
5957
immediate exit with deferral of all addresses. Convert those into failures. We
5958
do not ever want to retry, nor do we want to send a bounce message. */
5962
if (addr_defer != NULL)
5964
address_item *addr, *nextaddr;
5965
for (addr = addr_defer; addr != NULL; addr = nextaddr)
5967
log_write(0, LOG_MAIN, "** %s mua_wrapper forced failure for deferred "
5968
"delivery", addr->address);
5969
nextaddr = addr->next;
5970
addr->next = addr_failed;
5976
/* Now all should either have succeeded or failed. */
5978
if (addr_failed == NULL) final_yield = DELIVER_MUA_SUCCEEDED; else
5980
uschar *s = (addr_failed->user_message != NULL)?
5981
addr_failed->user_message : addr_failed->message;
5983
fprintf(stderr, "Delivery failed: ");
5984
if (addr_failed->basic_errno > 0)
5986
fprintf(stderr, "%s", strerror(addr_failed->basic_errno));
5987
if (s != NULL) fprintf(stderr, ": ");
5991
if (addr_failed->basic_errno <= 0) fprintf(stderr, "unknown error");
5993
else fprintf(stderr, "%s", CS s);
5994
fprintf(stderr, "\n");
5996
final_yield = DELIVER_MUA_FAILED;
6001
/* In a normal configuration, we now update the retry database. This is done in
6002
one fell swoop at the end in order not to keep opening and closing (and
6003
locking) the database. The code for handling retries is hived off into a
6004
separate module for convenience. We pass it the addresses of the various
6005
chains, because deferred addresses can get moved onto the failed chain if the
6006
retry cutoff time has expired for all alternative destinations. Bypass the
6007
updating of the database if the -N flag is set, which is a debugging thing that
6008
prevents actual delivery. */
6010
else if (!dont_deliver) retry_update(&addr_defer, &addr_failed, &addr_succeed);
5698
6012
/* If any addresses failed, we must send a message to somebody, unless
5699
6013
af_ignore_error is set, in which case no action is taken. It is possible for
5914
6228
/* Process the addresses, leaving them on the msgchain if they have a
5915
6229
file name for a return message. (There has already been a check in
5916
post_process_one() for the existence of data in the message file.) */
6230
post_process_one() for the existence of data in the message file.) A TRUE
6231
return from print_address_information() means that the address is not
5918
6234
paddr = &msgchain;
5919
6235
for (addr = msgchain; addr != NULL; addr = *paddr)
5921
6237
if (print_address_information(addr, f, US" ", US"\n ", US""))
5923
/* A TRUE return from print_address_information() means that the
5924
address is not hidden. If there is a return file, it has already
5925
been checked to ensure it is not empty. Omit the bland "return
5926
message generated" error, but otherwise include error information. */
5928
if (addr->return_file < 0 ||
5929
addr->message == NULL ||
5930
Ustrcmp(addr->message, "return message generated") != 0)
5933
print_address_error(addr, f);
6238
print_address_error(addr, f, US"");
5937
6240
/* End the final line for the address */
6081
6384
emf_text = next_emf(emf, US"final");
6082
6385
if (emf_text != NULL) fprintf(f, "%s", CS emf_text);
6086
6389
/* Close the file, which should send an EOF to the child process
6087
6390
that is receiving the message. Wait for it to finish. */
6090
6393
rc = child_close(pid, 0); /* Waits for child to close, no timeout */
6092
6395
/* In the test harness, let the child do it's thing first. */
6178
6485
sprintf(CS spoolname, "%s/input/%s/%s-H", spool_directory, message_subdir, id);
6179
6486
if (Uunlink(spoolname) < 0)
6180
6487
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s", spoolname);
6181
log_write(0, LOG_MAIN, "Completed");
6489
/* Log the end of this message, with queue time if requested. */
6491
if ((log_extra_selector & LX_queue_time_overall) != 0)
6492
log_write(0, LOG_MAIN, "Completed QT=%s",
6493
readconf_printtime(time(NULL) - received_time));
6495
log_write(0, LOG_MAIN, "Completed");
6184
6498
/* If there are deferred addresses, we are keeping this message because it is
6423
6737
(addr_defer->next == NULL)? "is": "are");
6426
/* List the addresses. For any that are hidden, don't give the delay
6427
reason, because it might expose that which is hidden. Also, do not give
6428
"retry time not reached" because that isn't helpful. */
6740
/* List the addresses, with error information if allowed */
6430
6742
fprintf(f, "\n");
6431
6743
while (addr_defer != NULL)
6433
6745
address_item *addr = addr_defer;
6434
6746
addr_defer = addr->next;
6435
if (print_address_information(addr, f, US" ", US"\n ", US"") &&
6436
addr->basic_errno > ERRNO_RETRY_BASE)
6438
fprintf(f, "\n Delay reason: ");
6439
print_address_error(addr, f);
6747
if (print_address_information(addr, f, US" ", US"\n ", US""))
6748
print_address_error(addr, f, US"Delay reason: ");
6441
6749
fprintf(f, "\n");
6443
6751
fprintf(f, "\n");