1 /* $Cambridge: exim/src/src/receive.c,v 1.2 2004/10/18 11:36:23 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
10 /* Code for receiving a message and setting up spool files. */
17 /*************************************************
18 * Local static variables *
19 *************************************************/
21 static FILE *data_file = NULL;
22 static int data_fd = -1;
23 static uschar spool_name[256];
27 /*************************************************
28 * Non-SMTP character reading functions *
29 *************************************************/
31 /* These are the default functions that are set up in the variables such as
32 receive_getc initially. They just call the standard functions, passing stdin as
33 the file. (When SMTP input is occurring, different functions are used by
34 changing the pointer variables.) */
45 return ungetc(c, stdin);
63 /*************************************************
64 * Check that a set sender is allowed *
65 *************************************************/
67 /* This function is called when a local caller sets an explicit sender address.
68 It checks whether this is permitted, which it is for trusted callers.
69 Otherwise, it must match the pattern(s) in untrusted_set_sender.
71 Arguments: the proposed sender address
72 Returns: TRUE for a trusted caller
73 TRUE if the address has been set, untrusted_set_sender has been
74 set, and the address matches something in the list
79 receive_check_set_sender(uschar *newsender)
82 if (trusted_caller) return TRUE;
83 if (newsender == NULL || untrusted_set_sender == NULL) return FALSE;
84 qnewsender = (Ustrchr(newsender, '@') != NULL)?
85 newsender : string_sprintf("%s@%s", newsender, qualify_domain_sender);
87 match_address_list(qnewsender, TRUE, TRUE, &untrusted_set_sender, NULL, -1,
94 /*************************************************
95 * Check space on spool and log partitions *
96 *************************************************/
98 /* This function is called before accepting a message; if any thresholds are
99 set, it checks them. If a message_size is supplied, it checks that there is
100 enough space for that size plus the threshold - i.e. that the message won't
101 reduce the space to the threshold. Not all OS have statvfs(); for those that
102 don't, this function always returns TRUE. For some OS the old function and
103 struct name statfs is used; that is handled by a macro, defined in exim.h.
106 msg_size the (estimated) size of an incoming message
108 Returns: FALSE if there isn't enough space, or if the information cannot
110 TRUE if no check was done or there is enough space
114 receive_check_fs(int msg_size)
118 struct STATVFS statbuf;
120 memset(&statbuf, 0, sizeof(statbuf));
122 /* The field names are macros, because not all OS have F_FAVAIL and it seems
123 tidier to have macros for F_BAVAIL and F_FILES as well. Some kinds of file
124 server do not have inodes, and they return -1 for the number available, so we
125 do the check only when this field is non-negative.
127 Later: It turns out that some file systems that do not have the concept of
128 inodes return 0 rather than -1. Such systems should also return 0 for the total
129 number of inodes, so we require that to be greater than zero before doing the
132 if (check_spool_space > 0 || msg_size > 0 || check_spool_inodes > 0)
134 if (STATVFS(CS spool_directory, &statbuf) != 0)
136 log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
137 "spool directory %s: %s", spool_directory, strerror(errno));
138 smtp_closedown(US"spool directory problem");
139 exim_exit(EXIT_FAILURE);
142 /* check_spool_space is held in K because disks are getting huge */
144 if (statbuf.F_BAVAIL < (unsigned long)
145 ((((double)check_spool_space) * 1024.0 + (double)msg_size) /
146 (double)statbuf.F_FRSIZE)
148 (statbuf.F_FILES > 0 &&
149 statbuf.F_FAVAIL >= 0 &&
150 statbuf.F_FAVAIL < check_spool_inodes))
154 debug_printf("spool directory %s space = %d blocks; inodes = %d; "
155 "check_space = %dK (%d blocks); inodes = %d; msg_size = %d (%d blocks)\n",
156 spool_directory, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
158 (int)(((double)check_spool_space * 1024.0) / (double)statbuf.F_FRSIZE),
159 check_spool_inodes, msg_size, (int)(msg_size / statbuf.F_FRSIZE));
163 log_write(0, LOG_MAIN, "spool directory space check failed: space=%d "
164 "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
169 /* Need to cut down the log file path to the directory, and to ignore any
170 appearance of "syslog" in it. */
172 if (check_log_space > 0 || check_log_inodes > 0)
175 int sep = ':'; /* Not variable - outside scripts use */
177 uschar *p = log_file_path;
180 /* An empty log_file_path means "use the default". This is the same as an
181 empty item in a list. */
183 if (*p == 0) p = US":";
184 while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))) != NULL)
186 if (Ustrcmp(path, "syslog") != 0) break;
189 if (path == NULL) return TRUE; /* No log files, so no problem */
191 /* An empty string means use the default */
194 path = string_sprintf("%s/log/%%slog", spool_directory);
196 if ((cp = Ustrrchr(path, '/')) == NULL)
198 DEBUG(D_receive) debug_printf("cannot find slash in %s\n", path);
203 if (STATVFS(CS path, &statbuf) != 0)
205 log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
206 "log directory %s: %s", path, strerror(errno));
207 smtp_closedown(US"log directory problem");
208 exim_exit(EXIT_FAILURE);
211 if (statbuf.F_BAVAIL < (unsigned long)
212 (((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE)
214 statbuf.F_FAVAIL < check_log_inodes) rc = FALSE;
217 debug_printf("log directory %s space = %d blocks; inodes = %d; "
218 "check_space = %dK (%d blocks); inodes = %d\n",
219 path, (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL,
221 (int)(((double)check_log_space * 1024.0) / (double)statbuf.F_FRSIZE),
226 log_write(0, LOG_MAIN, "log directory space check failed: space=%d "
227 "inodes=%d", (int)statbuf.F_BAVAIL, (int)statbuf.F_FAVAIL);
238 /*************************************************
239 * Bomb out while reading a message *
240 *************************************************/
242 /* The common case of wanting to bomb out is if a SIGTERM or SIGINT is
243 received, or if there is a timeout. A rarer case might be if the log files are
244 screwed up and Exim can't open them to record a message's arrival. Handling
245 that case is done by setting a flag to cause the log functions to call this
246 function if there is an ultimate disaster. That is why it is globally
249 Arguments: SMTP response to give if in an SMTP session
254 receive_bomb_out(uschar *msg)
256 /* If spool_name is set, it contains the name of the data file that is being
257 written. Unlink it before closing so that it cannot be picked up by a delivery
258 process. Ensure that any header file is also removed. */
260 if (spool_name[0] != 0)
263 spool_name[Ustrlen(spool_name) - 1] = 'H';
267 /* Now close the file if it is open, either as a fd or a stream. */
269 if (data_file != NULL) fclose(data_file);
270 else if (data_fd >= 0) close(data_fd);
272 /* Attempt to close down an SMTP connection tidily. */
276 if (!smtp_batched_input)
278 smtp_printf("421 %s %s - closing connection.\r\n", smtp_active_hostname,
283 /* Control does not return from moan_smtp_batch(). */
285 else moan_smtp_batch(NULL, "421 %s - message abandoned", msg);
288 /* Exit from the program (non-BSMTP cases) */
290 exim_exit(EXIT_FAILURE);
294 /*************************************************
295 * Data read timeout *
296 *************************************************/
298 /* Handler function for timeouts that occur while reading the data that
301 Argument: the signal number
306 data_timeout_handler(int sig)
310 sig = sig; /* Keep picky compilers happy */
314 msg = US"SMTP incoming data timeout";
315 log_write(L_lost_incoming_connection,
316 LOG_MAIN, "SMTP data timeout (message abandoned) on connection "
318 (sender_fullhost != NULL)? sender_fullhost : US"local process");
322 fprintf(stderr, "exim: timed out while reading - message abandoned\n");
323 log_write(L_lost_incoming_connection,
324 LOG_MAIN, "timed out while reading local message");
327 receive_bomb_out(msg); /* Does not return */
332 /*************************************************
333 * local_scan() timeout *
334 *************************************************/
336 /* Handler function for timeouts that occur while running a local_scan()
339 Argument: the signal number
344 local_scan_timeout_handler(int sig)
346 sig = sig; /* Keep picky compilers happy */
347 log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function timed out - "
348 "message temporarily rejected (size %d)", message_size);
349 receive_bomb_out(US"local verification problem"); /* Does not return */
354 /*************************************************
355 * local_scan() crashed *
356 *************************************************/
358 /* Handler function for signals that occur while running a local_scan()
361 Argument: the signal number
366 local_scan_crash_handler(int sig)
368 log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() function crashed with "
369 "signal %d - message temporarily rejected (size %d)", sig, message_size);
370 receive_bomb_out(US"local verification problem"); /* Does not return */
374 /*************************************************
375 * SIGTERM or SIGINT received *
376 *************************************************/
378 /* Handler for SIGTERM or SIGINT signals that occur while reading the
379 data that comprises a message.
381 Argument: the signal number
386 data_sigterm_sigint_handler(int sig)
392 msg = US"Service not available - SIGTERM or SIGINT received";
393 log_write(0, LOG_MAIN, "%s closed after %s", smtp_get_connection_info(),
394 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
398 if (filter_test == NULL)
400 fprintf(stderr, "\nexim: %s received - message abandoned\n",
401 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
402 log_write(0, LOG_MAIN, "%s received while reading local message",
403 (sig == SIGTERM)? "SIGTERM" : "SIGINT");
407 receive_bomb_out(msg); /* Does not return */
412 /*************************************************
413 * Add new recipient to list *
414 *************************************************/
416 /* This function builds a list of recipient addresses in argc/argv
420 recipient the next address to add to recipients_list
421 pno parent number for fixed aliases; -1 otherwise
427 receive_add_recipient(uschar *recipient, int pno)
429 if (recipients_count >= recipients_list_max)
431 recipient_item *oldlist = recipients_list;
432 int oldmax = recipients_list_max;
433 recipients_list_max = recipients_list_max? 2*recipients_list_max : 50;
434 recipients_list = store_get(recipients_list_max * sizeof(recipient_item));
436 memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item));
439 recipients_list[recipients_count].address = recipient;
440 recipients_list[recipients_count].pno = pno;
441 recipients_list[recipients_count++].errors_to = NULL;
447 /*************************************************
448 * Remove a recipient from the list *
449 *************************************************/
451 /* This function is provided for local_scan() to use.
454 recipient address to remove
456 Returns: TRUE if it did remove something; FALSE otherwise
460 receive_remove_recipient(uschar *recipient)
463 DEBUG(D_receive) debug_printf("receive_remove_recipient(\"%s\") called\n",
465 for (count = 0; count < recipients_count; count++)
467 if (Ustrcmp(recipients_list[count].address, recipient) == 0)
469 if ((--recipients_count - count) > 0)
470 memmove(recipients_list + count, recipients_list + count + 1,
471 (recipients_count - count)*sizeof(recipient_item));
482 /*************************************************
483 * Read data portion of a non-SMTP message *
484 *************************************************/
486 /* This function is called to read the remainder of a message (following the
487 header) when the input is not from SMTP - we are receiving a local message on
488 a standard input stream. The message is always terminated by EOF, and is also
489 terminated by a dot on a line by itself if the flag dot_ends is TRUE. Split the
490 two cases for maximum efficiency.
492 Ensure that the body ends with a newline. This will naturally be the case when
493 the termination is "\n.\n" but may not be otherwise. The RFC defines messages
494 as "sequences of lines" - this of course strictly applies only to SMTP, but
495 deliveries into BSD-type mailbox files also require it. Exim used to have a
496 flag for doing this at delivery time, but as it was always set for all
497 transports, I decided to simplify things by putting the check here instead.
499 There is at least one MUA (dtmail) that sends CRLF via this interface, and
500 other programs are known to do this as well. Exim used to have a option for
501 dealing with this: in July 2003, after much discussion, the code has been
502 changed to default to treat any of LF, CRLF, and bare CR as line terminators.
504 However, for the case when a dot on a line by itself terminates a message, the
505 only recognized terminating sequences before and after the dot are LF and CRLF.
506 Otherwise, having read EOL . CR, you don't know whether to read another
509 Internally, in messages stored in Exim's spool files, LF is used as the line
510 terminator. Under the new regime, bare CRs will no longer appear in these
514 fout a FILE to which to write the message
516 Returns: One of the END_xxx values indicating why it stopped reading
520 read_message_data(FILE *fout)
525 /* Handle the case when only EOF terminates the message */
529 register int last_ch = '\n';
531 for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
533 if (ch == 0) body_zerocount++;
534 if (last_ch == '\r' && ch != '\n')
536 if (fputc('\n', fout) == EOF) return END_WERROR;
540 if (ch == '\r') continue;
542 if (fputc(ch, fout) == EOF) return END_WERROR;
543 if (ch == '\n') body_linecount++;
544 if (++message_size > thismessage_size_limit) return END_SIZE;
549 if (fputc('\n', fout) == EOF) return END_WERROR;
557 /* Handle the case when a dot on a line on its own, or EOF, terminates. */
561 while ((ch = (receive_getc)()) != EOF)
563 if (ch == 0) body_zerocount++;
566 case 0: /* Normal state (previous char written) */
568 { body_linecount++; ch_state = 1; }
570 { ch_state = 2; continue; }
573 case 1: /* After written "\n" */
574 if (ch == '.') { ch_state = 3; continue; }
575 if (ch != '\n') ch_state = 0;
579 body_linecount++; /* After unwritten "\r" */
584 if (message_size++, fputc('\n', fout) == EOF) return END_WERROR;
585 if (ch == '\r') continue;
590 case 3: /* After "\n." (\n written, dot not) */
591 if (ch == '\n') return END_DOT;
592 if (ch == '\r') { ch_state = 4; continue; }
594 if (fputc('.', fout) == EOF) return END_WERROR;
598 case 4: /* After "\n.\r" (\n written, rest not) */
599 if (ch == '\n') return END_DOT;
602 if (fputs(".\n", fout) == EOF) return END_WERROR;
603 if (ch == '\r') { ch_state = 2; continue; }
608 if (fputc(ch, fout) == EOF) return END_WERROR;
609 if (++message_size > thismessage_size_limit) return END_SIZE;
612 /* Get here if EOF read. Unless we have just written "\n", we need to ensure
613 the message ends with a newline, and we must also write any characters that
614 were saved up while testing for an ending dot. */
618 static uschar *ends[] = { US"\n", NULL, US"\n", US".\n", US".\n" };
619 if (fputs(CS ends[ch_state], fout) == EOF) return END_WERROR;
620 message_size += Ustrlen(ends[ch_state]);
630 /*************************************************
631 * Read data portion of an SMTP message *
632 *************************************************/
634 /* This function is called to read the remainder of an SMTP message (after the
635 headers), or to skip over it when an error has occurred. In this case, the
636 output file is passed as NULL.
638 If any line begins with a dot, that character is skipped. The input should only
639 be successfully terminated by CR LF . CR LF unless it is local (non-network)
640 SMTP, in which case the CRs are optional, but...
642 FUDGE: It seems that sites on the net send out messages with just LF
643 terminators, despite the warnings in the RFCs, and other MTAs handle this. So
644 we make the CRs optional in all cases.
646 July 2003: Bare CRs cause trouble. We now treat them as line terminators as
647 well, so that there are no CRs in spooled messages. However, the message
648 terminating dot is not recognized between two bare CRs.
651 fout a FILE to which to write the message; NULL if skipping
653 Returns: One of the END_xxx values indicating why it stopped reading
657 read_message_data_smtp(FILE *fout)
662 while ((ch = (receive_getc)()) != EOF)
664 if (ch == 0) body_zerocount++;
667 case 0: /* After LF or CRLF */
671 continue; /* Don't ever write . after LF */
675 /* Else fall through to handle as normal uschar. */
677 case 1: /* Normal state */
690 case 2: /* After (unwritten) CR */
699 if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
700 if (ch != '\r') ch_state = 1; else continue;
704 case 3: /* After [CR] LF . */
712 ch_state = 1; /* The dot itself is removed */
715 case 4: /* After [CR] LF . CR */
716 if (ch == '\n') return END_DOT;
719 if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
729 /* Add the character to the spool file, unless skipping; then loop for the
735 if (fputc(ch, fout) == EOF) return END_WERROR;
736 if (message_size > thismessage_size_limit) return END_SIZE;
740 /* Fall through here if EOF encountered. This indicates some kind of error,
741 since a correct message is terminated by [CR] LF . [CR] LF. */
749 /*************************************************
750 * Swallow SMTP message *
751 *************************************************/
753 /* This function is called when there has been some kind of error while reading
754 an SMTP message, and the remaining data may need to be swallowed. It is global
755 because it is called from smtp_closedown() to shut down an incoming call
758 Argument: a FILE from which to read the message
763 receive_swallow_smtp(void)
765 if (message_ended >= END_NOTENDED)
766 message_ended = read_message_data_smtp(NULL);
771 /*************************************************
772 * Handle lost SMTP connection *
773 *************************************************/
775 /* This function logs connection loss incidents and generates an appropriate
778 Argument: additional data for the message
779 Returns: the SMTP response
783 handle_lost_connection(uschar *s)
785 log_write(L_lost_incoming_connection | L_smtp_connection, LOG_MAIN,
786 "%s lost while reading message data%s", smtp_get_connection_info(), s);
787 return US"421 Lost incoming connection";
793 /*************************************************
794 * Handle a non-smtp reception error *
795 *************************************************/
797 /* This function is called for various errors during the reception of non-SMTP
798 messages. It either sends a message to the sender of the problem message, or it
799 writes to the standard error stream.
802 errcode code for moan_to_sender(), identifying the error
803 text1 first message text, passed to moan_to_sender()
804 text2 second message text, used only for stderrr
805 error_rc code to pass to exim_exit if no problem
806 f FILE containing body of message (may be stdin)
807 hptr pointer to instore headers or NULL
809 Returns: calls exim_exit(), which does not return
813 give_local_error(int errcode, uschar *text1, uschar *text2, int error_rc,
814 FILE *f, header_line *hptr)
816 if (error_handling == ERRORS_SENDER)
820 eblock.text1 = text1;
821 if (!moan_to_sender(errcode, &eblock, hptr, f, FALSE))
822 error_rc = EXIT_FAILURE;
824 else fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */
831 /*************************************************
832 * Add header lines set up by ACL *
833 *************************************************/
835 /* This function is called to add the header lines that were set up by "warn"
836 statements in an ACL onto the list of headers in memory. It is done in two
837 stages like this, because when the ACL for RCPT is running, the other headers
838 have not yet been received. This function is called twice; once just before
839 running the DATA ACL, and once after. This is so that header lines added by
840 MAIL or RCPT are visible to the DATA ACL.
842 Originally these header lines were added at the end. Now there is support for
843 three different places: top, bottom, and after the Received: header(s). There
844 will always be at least one Received: header, even if it is marked deleted, and
845 even if something else has been put in front of it.
848 acl_name text to identify which ACL
854 add_acl_headers(uschar *acl_name)
856 header_line *h, *next;
857 header_line *last_received = NULL;
859 if (acl_warn_headers == NULL) return;
860 DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name);
862 for (h = acl_warn_headers; h != NULL; h = next)
869 h->next = header_list;
871 DEBUG(D_receive|D_acl) debug_printf(" (at top)");
875 if (last_received == NULL)
877 last_received = header_list;
878 while (!header_testname(last_received, US"Received", 8, FALSE))
879 last_received = last_received->next;
880 while (last_received->next != NULL &&
881 header_testname(last_received->next, US"Received", 8, FALSE))
882 last_received = last_received->next;
884 h->next = last_received->next;
885 last_received->next = h;
886 DEBUG(D_receive|D_acl) debug_printf(" (after Received:)");
891 header_last->next = h;
895 if (h->next == NULL) header_last = h;
897 /* Check for one of the known header types (From:, To:, etc.) though in
898 practice most added headers are going to be "other". Lower case
899 identification letters are never stored with the header; they are used
900 for existence tests when messages are received. So discard any lower case
903 h->type = header_checkname(h, FALSE);
904 if (h->type >= 'a') h->type = htype_other;
906 DEBUG(D_receive|D_acl) debug_printf(" %s", header_last->text);
909 acl_warn_headers = NULL;
910 DEBUG(D_receive|D_acl) debug_printf(">>\n");
915 /*************************************************
916 * Add host information for log line *
917 *************************************************/
919 /* Called for acceptance and rejecting log lines. This adds information about
920 the calling host to a string that is being built dynamically.
924 sizeptr points to the size variable
925 ptrptr points to the pointer variable
927 Returns: the extended string
931 add_host_info_for_log(uschar *s, int *sizeptr, int *ptrptr)
933 if (sender_fullhost != NULL)
935 s = string_append(s, sizeptr, ptrptr, 2, US" H=", sender_fullhost);
936 if ((log_extra_selector & LX_incoming_interface) != 0 &&
937 interface_address != NULL)
939 uschar *ss = string_sprintf(" I=[%s]:%d", interface_address,
941 s = string_cat(s, sizeptr, ptrptr, ss, Ustrlen(ss));
944 if (sender_ident != NULL)
945 s = string_append(s, sizeptr, ptrptr, 2, US" U=", sender_ident);
946 if (received_protocol != NULL)
947 s = string_append(s, sizeptr, ptrptr, 2, US" P=", received_protocol);
954 /*************************************************
956 *************************************************/
958 /* Receive a message on the given input, and put it into a pair of spool files.
959 Either a non-null list of recipients, or the extract flag will be true, or
960 both. The flag sender_local is true for locally generated messages. The flag
961 submission_mode is true if an ACL has obeyed "control = submission". The flag
962 smtp_input is true if the message is to be handled using SMTP conventions about
963 termination and lines starting with dots. For non-SMTP messages, dot_ends is
964 true for dot-terminated messages.
966 If a message was successfully read, message_id[0] will be non-zero.
968 The general actions of this function are:
970 . Read the headers of the message (if any) into a chain of store
973 . If there is a "sender:" header and the message is locally originated,
974 throw it away, unless the caller is trusted, or unless local_sender_retain
975 is set - which can only happen if local_from_check is false.
977 . If recipients are to be extracted from the message, build the
978 recipients list from the headers, removing any that were on the
979 original recipients list (unless extract_addresses_remove_arguments is
980 false), and at the same time, remove any bcc header that may be present.
982 . Get the spool file for the data, sort out its unique name, open
983 and lock it (but don't give it the name yet).
985 . Generate a "Message-Id" header if the message doesn't have one, for
986 locally-originated messages.
988 . Generate a "Received" header.
990 . Ensure the recipients list is fully qualified and rewritten if necessary.
992 . If there are any rewriting rules, apply them to the sender address
993 and also to the headers.
995 . If there is no from: header, generate one, for locally-generated messages
996 and messages in "submission mode" only.
998 . If the sender is local, check that from: is correct, and if not, generate
999 a Sender: header, unless message comes from a trusted caller, or this
1000 feature is disabled by no_local_from_check.
1002 . If there is no "date" header, generate one, for locally-originated
1003 or submission mode messages only.
1005 . Copy the rest of the input, or up to a terminating "." if in SMTP or
1006 dot_ends mode, to the data file. Leave it open, to hold the lock.
1008 . Write the envelope and the headers to a new file.
1010 . Set the name for the header file; close it.
1012 . Set the name for the data file; close it.
1014 Because this function can potentially be called many times in a single
1015 SMTP connection, all store should be got by store_get(), so that it will be
1016 automatically retrieved after the message is accepted.
1018 FUDGE: It seems that sites on the net send out messages with just LF
1019 terminators, despite the warnings in the RFCs, and other MTAs handle this. So
1020 we make the CRs optional in all cases.
1022 July 2003: Bare CRs in messages, especially in header lines, cause trouble. A
1023 new regime is now in place in which bare CRs in header lines are turned into LF
1024 followed by a space, so as not to terminate the header line.
1026 February 2004: A bare LF in a header line in a message whose first line was
1027 terminated by CRLF is treated in the same way as a bare CR.
1030 extract_recip TRUE if recipients are to be extracted from the message's
1033 Returns: TRUE there are more messages to be read (SMTP input)
1034 FALSE there are no more messages to be read (non-SMTP input
1035 or SMTP connection collapsed, or other failure)
1037 When reading a message for filter testing, the returned value indicates
1038 whether the headers (which is all that is read) were terminated by '.' or
1042 receive_msg(BOOL extract_recip)
1046 int process_info_len = Ustrlen(process_info);
1047 int error_rc = (error_handling == ERRORS_SENDER)?
1048 errors_sender_rc : EXIT_FAILURE;
1049 int header_size = 256;
1050 int start, end, domain, size, sptr;
1054 register int ptr = 0;
1056 BOOL contains_resent_headers = FALSE;
1057 BOOL extracted_ignored = FALSE;
1058 BOOL first_line_ended_crlf = TRUE_UNSET;
1059 BOOL smtp_yield = TRUE;
1062 BOOL resents_exist = FALSE;
1063 uschar *resent_prefix = US"";
1064 uschar *blackholed_by = NULL;
1067 error_block *bad_addresses = NULL;
1069 uschar *frozen_by = NULL;
1070 uschar *queued_by = NULL;
1073 struct stat statbuf;
1075 /* Final message to give to SMTP caller */
1077 uschar *smtp_reply = NULL;
1079 /* Working header pointers */
1081 header_line *h, *next;
1083 /* Flags for noting the existence of certain headers */
1085 /**** No longer check for these (Nov 2003)
1086 BOOL to_or_cc_header_exists = FALSE;
1087 BOOL bcc_header_exists = FALSE;
1090 BOOL date_header_exists = FALSE;
1092 /* Pointers to receive the addresses of headers whose contents we need. */
1094 header_line *from_header = NULL;
1095 header_line *subject_header = NULL;
1096 header_line *msgid_header = NULL;
1097 header_line *received_header;
1099 /* Variables for use when building the Received: header. */
1105 /* Release any open files that might have been cached while preparing to
1106 accept the message - e.g. by verifying addresses - because reading a message
1107 might take a fair bit of real time. */
1111 /* Initialize the chain of headers by setting up a place-holder for Received:
1112 header. Temporarily mark it as "old", i.e. not to be used. We keep header_last
1113 pointing to the end of the chain to make adding headers simple. */
1115 received_header = header_list = header_last = store_get(sizeof(header_line));
1116 header_list->next = NULL;
1117 header_list->type = htype_old;
1118 header_list->text = NULL;
1119 header_list->slen = 0;
1121 /* Control block for the next header to be read. */
1123 next = store_get(sizeof(header_line));
1124 next->text = store_get(header_size);
1126 /* Initialize message id to be null (indicating no message read), and the
1127 header names list to be the normal list. Indicate there is no data file open
1128 yet, initialize the size and warning count, and deal with no size limit. */
1136 received_count = 1; /* For the one we will add */
1138 if (thismessage_size_limit <= 0) thismessage_size_limit = INT_MAX;
1140 /* While reading the message, body_linecount and body_zerocount is computed.
1141 The full message_ linecount is set up only when the headers are read back in
1142 from the spool for delivery. */
1144 body_linecount = body_zerocount = 0;
1146 /* Remember the time of reception. Exim uses time+pid for uniqueness of message
1147 ids, and fractions of a second are required. See the comments that precede the
1148 message id creation below. */
1150 (void)gettimeofday(&message_id_tv, NULL);
1152 /* For other uses of the received time we can operate with granularity of one
1153 second, and for that we use the global variable received_time. This is for
1154 things like ultimate message timeouts. */
1156 received_time = message_id_tv.tv_sec;
1158 /* If SMTP input, set the special handler for timeouts. The alarm() calls
1159 happen in the smtp_getc() function when it refills its buffer. */
1161 if (smtp_input) os_non_restarting_signal(SIGALRM, data_timeout_handler);
1163 /* If not SMTP input, timeout happens only if configured, and we just set a
1164 single timeout for the whole message. */
1166 else if (receive_timeout > 0)
1168 os_non_restarting_signal(SIGALRM, data_timeout_handler);
1169 alarm(receive_timeout);
1172 /* SIGTERM and SIGINT are caught always. */
1174 signal(SIGTERM, data_sigterm_sigint_handler);
1175 signal(SIGINT, data_sigterm_sigint_handler);
1177 /* Header lines in messages are not supposed to be very long, though when
1178 unfolded, to: and cc: headers can take up a lot of store. We must also cope
1179 with the possibility of junk being thrown at us. Start by getting 256 bytes for
1180 storing the header, and extend this as necessary using string_cat().
1182 To cope with total lunacies, impose an upper limit on the length of the header
1183 section of the message, as otherwise the store will fill up. We must also cope
1184 with the possibility of binary zeros in the data. Hence we cannot use fgets().
1185 Folded header lines are joined into one string, leaving the '\n' characters
1186 inside them, so that writing them out reproduces the input.
1188 Loop for each character of each header; the next structure for chaining the
1189 header is set up already, with ptr the offset of the next character in
1194 int ch = (receive_getc)();
1196 /* If we hit EOF on a SMTP connection, it's an error, since incoming
1197 SMTP must have a correct "." terminator. */
1199 if (ch == EOF && smtp_input /* && !smtp_batched_input */)
1201 smtp_reply = handle_lost_connection(US" (header)");
1203 goto TIDYUP; /* Skip to end of function */
1206 /* See if we are at the current header's size limit - there must be at least
1207 four bytes left. This allows for the new character plus a zero, plus two for
1208 extra insertions when we are playing games with dots and carriage returns. If
1209 we are at the limit, extend the text buffer. This could have been done
1210 automatically using string_cat() but because this is a tightish loop storing
1211 only one character at a time, we choose to do it inline. Normally
1212 store_extend() will be able to extend the block; only at the end of a big
1213 store block will a copy be needed. To handle the case of very long headers
1214 (and sometimes lunatic messages can have ones that are 100s of K long) we
1215 call store_release() for strings that have been copied - if the string is at
1216 the start of a block (and therefore the only thing in it, because we aren't
1217 doing any other gets), the block gets freed. We can only do this because we
1218 know there are no other calls to store_get() going on. */
1220 if (ptr >= header_size - 4)
1222 int oldsize = header_size;
1223 /* header_size += 256; */
1225 if (!store_extend(next->text, oldsize, header_size))
1227 uschar *newtext = store_get(header_size);
1228 memcpy(newtext, next->text, ptr);
1229 store_release(next->text);
1230 next->text = newtext;
1234 /* Cope with receiving a binary zero. There is dispute about whether
1235 these should be allowed in RFC 822 messages. The middle view is that they
1236 should not be allowed in headers, at least. Exim takes this attitude at
1237 the moment. We can't just stomp on them here, because we don't know that
1238 this line is a header yet. Set a flag to cause scanning later. */
1240 if (ch == 0) had_zero++;
1242 /* Test for termination. Lines in remote SMTP are terminated by CRLF, while
1243 those from data files use just LF. Treat LF in local SMTP input as a
1244 terminator too. Treat EOF as a line terminator always. */
1246 if (ch == EOF) goto EOL;
1248 /* FUDGE: There are sites out there that don't send CRs before their LFs, and
1249 other MTAs accept this. We are therefore forced into this "liberalisation"
1250 too, so we accept LF as a line terminator whatever the source of the message.
1251 However, if the first line of the message ended with a CRLF, we treat a bare
1252 LF specially by inserting a white space after it to ensure that the header
1253 line is not terminated. */
1257 if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
1258 else if (first_line_ended_crlf) receive_ungetc(' ');
1262 /* This is not the end of the line. If this is SMTP input and this is
1263 the first character in the line and it is a "." character, ignore it.
1264 This implements the dot-doubling rule, though header lines starting with
1265 dots aren't exactly common. They are legal in RFC 822, though. If the
1266 following is CRLF or LF, this is the line that that terminates the
1267 entire message. We set message_ended to indicate this has happened (to
1268 prevent further reading), and break out of the loop, having freed the
1269 empty header, and set next = NULL to indicate no data line. */
1271 if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
1273 ch = (receive_getc)();
1276 ch = (receive_getc)();
1280 ch = '\r'; /* Revert to CR */
1285 message_ended = END_DOT;
1288 break; /* End character-reading loop */
1291 /* For non-SMTP input, the dot at the start of the line was really a data
1292 character. What is now in ch is the following character. We guaranteed
1293 enough space for this above. */
1297 next->text[ptr++] = '.';
1302 /* If CR is immediately followed by LF, end the line, ignoring the CR, and
1303 remember this case if this is the first line ending. */
1307 ch = (receive_getc)();
1310 if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
1314 /* Otherwise, put back the character after CR, and turn the bare CR
1317 ch = (receive_ungetc)(ch);
1318 next->text[ptr++] = '\n';
1323 /* We have a data character for the header line. */
1325 next->text[ptr++] = ch; /* Add to buffer */
1326 message_size++; /* Total message size so far */
1328 /* Handle failure due to a humungously long header section. The >= allows
1329 for the terminating \n. Add what we have so far onto the headers list so
1330 that it gets reflected in any error message, and back up the just-read
1333 if (message_size >= header_maxsize)
1335 next->text[ptr] = 0;
1337 next->type = htype_other;
1339 header_last->next = next;
1342 log_write(0, LOG_MAIN, "ridiculously long message header received from "
1343 "%s (more than %d characters): message abandoned",
1344 sender_host_unknown? sender_ident : sender_fullhost, header_maxsize);
1348 smtp_reply = US"552 Message header is ridiculously long";
1349 receive_swallow_smtp();
1350 goto TIDYUP; /* Skip to end of function */
1355 give_local_error(ERRMESS_VLONGHEADER,
1356 string_sprintf("message header longer than %d characters received: "
1357 "message not accepted", header_maxsize), US"", error_rc, stdin,
1359 /* Does not return */
1363 continue; /* With next input character */
1365 /* End of header line reached */
1368 receive_linecount++; /* For BSMTP errors */
1370 /* Now put in the terminating newline. There is always space for
1371 at least two more characters. */
1373 next->text[ptr++] = '\n';
1376 /* A blank line signals the end of the headers; release the unwanted
1377 space and set next to NULL to indicate this. */
1386 /* There is data in the line; see if the next input character is a
1387 whitespace character. If it is, we have a continuation of this header line.
1388 There is always space for at least one character at this point. */
1392 int nextch = (receive_getc)();
1393 if (nextch == ' ' || nextch == '\t')
1395 next->text[ptr++] = nextch;
1397 continue; /* Iterate the loop */
1399 else if (nextch != EOF) (receive_ungetc)(nextch); /* For next time */
1400 else ch = EOF; /* Cause main loop to exit at end */
1403 /* We have got to the real line end. Terminate the string and release store
1404 beyond it. If it turns out to be a real header, internal binary zeros will
1405 be squashed later. */
1407 next->text[ptr] = 0;
1409 store_reset(next->text + ptr + 1);
1411 /* Check the running total size against the overall message size limit. We
1412 don't expect to fail here, but if the overall limit is set less than MESSAGE_
1413 MAXSIZE and a big header is sent, we want to catch it. Just stop reading
1414 headers - the code to read the body will then also hit the buffer. */
1416 if (message_size > thismessage_size_limit) break;
1418 /* A line that is not syntactically correct for a header also marks
1419 the end of the headers. In this case, we leave next containing the
1420 first data line. This might actually be several lines because of the
1421 continuation logic applied above, but that doesn't matter.
1423 It turns out that smail, and presumably sendmail, accept leading lines
1426 From ph10 Fri Jan 5 12:35 GMT 1996
1428 in messages. The "mail" command on Solaris 2 sends such lines. I cannot
1429 find any documentation of this, but for compatibility it had better be
1430 accepted. Exim restricts it to the case of non-smtp messages, and
1431 treats it as an alternative to the -f command line option. Thus it is
1432 ignored except for trusted users or filter testing. Otherwise it is taken
1433 as the sender address, unless -f was used (sendmail compatibility).
1435 It further turns out that some UUCPs generate the From_line in a different
1438 From ph10 Fri, 7 Jan 97 14:00:00 GMT
1440 The regex for matching these things is now capable of recognizing both
1441 formats (including 2- and 4-digit years in the latter). In fact, the regex
1442 is now configurable, as is the expansion string to fish out the sender.
1444 Even further on it has been discovered that some broken clients send
1445 these lines in SMTP messages. There is now an option to ignore them from
1446 specified hosts or networks. Sigh. */
1448 if (header_last == header_list &&
1451 (sender_host_address != NULL &&
1452 verify_check_host(&ignore_fromline_hosts) == OK)
1454 (sender_host_address == NULL && ignore_fromline_local)
1456 regex_match_and_setup(regex_From, next->text, 0, -1))
1458 if (!sender_address_forced)
1460 uschar *uucp_sender = expand_string(uucp_from_sender);
1461 if (uucp_sender == NULL)
1463 log_write(0, LOG_MAIN|LOG_PANIC,
1464 "expansion of \"%s\" failed after matching "
1465 "\"From \" line: %s", uucp_from_sender, expand_string_message);
1469 int start, end, domain;
1471 uschar *newsender = parse_extract_address(uucp_sender, &errmess,
1472 &start, &end, &domain, TRUE);
1473 if (newsender != NULL)
1475 if (domain == 0 && newsender[0] != 0)
1476 newsender = rewrite_address_qualify(newsender, FALSE);
1478 if (filter_test != NULL || receive_check_set_sender(newsender))
1480 sender_address = newsender;
1482 if (trusted_caller || filter_test != NULL)
1484 authenticated_sender = NULL;
1485 originator_name = US"";
1486 sender_local = FALSE;
1489 if (filter_test != NULL)
1490 printf("Sender taken from \"From \" line\n");
1497 /* Not a leading "From " line. Check to see if it is a valid header line.
1498 Header names may contain any non-control characters except space and colon,
1503 uschar *p = next->text;
1505 /* If not a valid header line, break from the header reading loop, leaving
1506 next != NULL, indicating that it holds the first line of the body. */
1508 if (isspace(*p)) break;
1509 while (mac_isgraph(*p) && *p != ':') p++;
1510 while (isspace(*p)) p++;
1513 body_zerocount = had_zero;
1517 /* We have a valid header line. If there were any binary zeroes in
1518 the line, stomp on them here. */
1521 for (p = next->text; p < next->text + ptr; p++) if (*p == 0) *p = '?';
1523 /* It is perfectly legal to have an empty continuation line
1524 at the end of a header, but it is confusing to humans
1525 looking at such messages, since it looks like a blank line.
1526 Reduce confusion by removing redundant white space at the
1527 end. We know that there is at least one printing character
1528 (the ':' tested for above) so there is no danger of running
1531 p = next->text + ptr - 2;
1534 while (*p == ' ' || *p == '\t') p--;
1535 if (*p != '\n') break;
1536 ptr = (p--) - next->text + 1;
1537 message_size -= next->slen - ptr;
1538 next->text[ptr] = 0;
1542 /* Add the header to the chain */
1544 next->type = htype_other;
1546 header_last->next = next;
1549 /* Check the limit for individual line lengths. This comes after adding to
1550 the chain so that the failing line is reflected if a bounce is generated
1551 (for a local message). */
1553 if (header_line_maxsize > 0 && next->slen > header_line_maxsize)
1555 log_write(0, LOG_MAIN, "overlong message header line received from "
1556 "%s (more than %d characters): message abandoned",
1557 sender_host_unknown? sender_ident : sender_fullhost,
1558 header_line_maxsize);
1562 smtp_reply = US"552 A message header line is too long";
1563 receive_swallow_smtp();
1564 goto TIDYUP; /* Skip to end of function */
1569 give_local_error(ERRMESS_VLONGHDRLINE,
1570 string_sprintf("message header line longer than %d characters "
1571 "received: message not accepted", header_line_maxsize), US"",
1572 error_rc, stdin, header_list->next);
1573 /* Does not return */
1577 /* Note if any resent- fields exist. */
1579 if (!resents_exist && strncmpic(next->text, US"resent-", 7) == 0)
1581 resents_exist = TRUE;
1582 resent_prefix = US"Resent-";
1586 /* The line has been handled. If we have hit EOF, break out of the loop,
1587 indicating no pending data line. */
1589 if (ch == EOF) { next = NULL; break; }
1591 /* Set up for the next header */
1594 next = store_get(sizeof(header_line));
1595 next->text = store_get(header_size);
1598 } /* Continue, starting to read the next header */
1600 /* At this point, we have read all the headers into a data structure in main
1601 store. The first header is still the dummy placeholder for the Received: header
1602 we are going to generate a bit later on. If next != NULL, it contains the first
1603 data line - which terminated the headers before reaching a blank line (not the
1608 debug_printf(">>Headers received:\n");
1609 for (h = header_list->next; h != NULL; h = h->next)
1610 debug_printf("%s", h->text);
1614 /* End of file on any SMTP connection is an error. If an incoming SMTP call
1615 is dropped immediately after valid headers, the next thing we will see is EOF.
1616 We must test for this specially, as further down the reading of the data is
1617 skipped if already at EOF. */
1619 if (smtp_input && (receive_feof)())
1621 smtp_reply = handle_lost_connection(US" (after header)");
1623 goto TIDYUP; /* Skip to end of function */
1626 /* If this is a filter test run and no headers were read, output a warning
1627 in case there is a mistake in the test message. */
1629 if (filter_test != NULL && header_list->next == NULL)
1630 printf("Warning: no message headers read\n");
1633 /* Scan the headers to identify them. Some are merely marked for later
1634 processing; some are dealt with here. */
1636 for (h = header_list->next; h != NULL; h = h->next)
1638 BOOL is_resent = strncmpic(h->text, US"resent-", 7) == 0;
1639 if (is_resent) contains_resent_headers = TRUE;
1641 switch (header_checkname(h, is_resent))
1643 /* "Bcc:" gets flagged, and its existence noted, whether it's resent- or
1647 h->type = htype_bcc;
1649 bcc_header_exists = TRUE;
1653 /* "Cc:" gets flagged, and the existence of a recipient header is noted,
1654 whether it's resent- or not. */
1659 to_or_cc_header_exists = TRUE;
1663 /* Record whether a Date: or Resent-Date: header exists, as appropriate. */
1666 date_header_exists = !resents_exist || is_resent;
1669 /* Same comments as about Return-Path: below. */
1671 case htype_delivery_date:
1672 if (delivery_date_remove) h->type = htype_old;
1675 /* Same comments as about Return-Path: below. */
1677 case htype_envelope_to:
1678 if (envelope_to_remove) h->type = htype_old;
1681 /* Mark all "From:" headers so they get rewritten. Save the one that is to
1682 be used for Sender: checking. For Sendmail compatibility, if the "From:"
1683 header consists of just the login id of the user who called Exim, rewrite
1684 it with the gecos field first. Apply this rule to Resent-From: if there
1685 are resent- fields. */
1688 h->type = htype_from;
1689 if (!resents_exist || is_resent)
1694 uschar *s = Ustrchr(h->text, ':') + 1;
1695 while (isspace(*s)) s++;
1696 if (strncmpic(s, originator_login, h->slen - (s - h->text) - 1) == 0)
1698 uschar *name = is_resent? US"Resent-From" : US"From";
1699 header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name,
1700 originator_login, qualify_domain_sender);
1701 from_header = header_last;
1702 h->type = htype_old;
1703 DEBUG(D_receive|D_rewrite)
1704 debug_printf("rewrote \"%s:\" header using gecos\n", name);
1710 /* Identify the Message-id: header for generating "in-reply-to" in the
1711 autoreply transport. For incoming logging, save any resent- value. In both
1712 cases, take just the first of any multiples. */
1715 if (msgid_header == NULL && (!resents_exist || is_resent))
1722 /* Flag all Received: headers */
1724 case htype_received:
1725 h->type = htype_received;
1729 /* "Reply-to:" is just noted (there is no resent-reply-to field) */
1731 case htype_reply_to:
1732 h->type = htype_reply_to;
1735 /* The Return-path: header is supposed to be added to messages when
1736 they leave the SMTP system. We shouldn't receive messages that already
1737 contain Return-path. However, since Exim generates Return-path: on
1738 local delivery, resent messages may well contain it. We therefore
1739 provide an option (which defaults on) to remove any Return-path: headers
1740 on input. Removal actually means flagging as "old", which prevents the
1741 header being transmitted with the message. */
1743 case htype_return_path:
1744 if (return_path_remove) h->type = htype_old;
1746 /* If we are testing a mail filter file, use the value of the
1747 Return-Path: header to set up the return_path variable, which is not
1748 otherwise set. However, remove any <> that surround the address
1749 because the variable doesn't have these. */
1751 if (filter_test != NULL)
1753 uschar *start = h->text + 12;
1754 uschar *end = start + Ustrlen(start);
1755 while (isspace(*start)) start++;
1756 while (end > start && isspace(end[-1])) end--;
1757 if (*start == '<' && end[-1] == '>')
1762 return_path = string_copyn(start, end - start);
1763 printf("Return-path taken from \"Return-path:\" header line\n");
1767 /* If there is a "Sender:" header and the message is locally originated,
1768 and from an untrusted caller, or if we are in submission mode for a remote
1769 message, mark it "old" so that it will not be transmitted with the message,
1770 unless local_sender_retain is set. (This can only be true if
1771 local_from_check is false.) If there are any resent- headers in the
1772 message, apply this rule to Resent-Sender: instead of Sender:. Messages
1773 with multiple resent- header sets cannot be tidily handled. (For this
1774 reason, at least one MUA - Pine - turns old resent- headers into X-resent-
1775 headers when resending, leaving just one set.) */
1779 (sender_local && !trusted_caller && !local_sender_retain) ||
1782 (!resents_exist||is_resent))?
1783 htype_old : htype_sender;
1786 /* Remember the Subject: header for logging. There is no Resent-Subject */
1792 /* "To:" gets flagged, and the existence of a recipient header is noted,
1793 whether it's resent- or not. */
1798 to_or_cc_header_exists = TRUE;
1804 /* Extract recipients from the headers if that is required (the -t option).
1805 Note that this is documented as being done *before* any address rewriting takes
1806 place. There are two possibilities:
1808 (1) According to sendmail documentation for Solaris, IRIX, and HP-UX, any
1809 recipients already listed are to be REMOVED from the message. Smail 3 works
1810 like this. We need to build a non-recipients tree for that list, because in
1811 subsequent processing this data is held in a tree and that's what the
1812 spool_write_header() function expects. Make sure that non-recipient addresses
1813 are fully qualified and rewritten if necessary.
1815 (2) According to other sendmail documentation, -t ADDS extracted recipients to
1816 those in the command line arguments (and it is rumoured some other MTAs do
1817 this). Therefore, there is an option to make Exim behave this way.
1819 *** Notes on "Resent-" header lines ***
1821 The presence of resent-headers in the message makes -t horribly ambiguous.
1822 Experiments with sendmail showed that it uses recipients for all resent-
1823 headers, totally ignoring the concept of "sets of resent- headers" as described
1824 in RFC 2822 section 3.6.6. Sendmail also amalgamates them into a single set
1825 with all the addresses in one instance of each header.
1827 This seems to me not to be at all sensible. Before release 4.20, Exim 4 gave an
1828 error for -t if there were resent- headers in the message. However, after a
1829 discussion on the mailing list, I've learned that there are MUAs that use
1830 resent- headers with -t, and also that the stuff about sets of resent- headers
1831 and their ordering in RFC 2822 is generally ignored. An MUA that submits a
1832 message with -t and resent- header lines makes sure that only *its* resent-
1833 headers are present; previous ones are often renamed as X-resent- for example.
1835 Consequently, Exim has been changed so that, if any resent- header lines are
1836 present, the recipients are taken from all of the appropriate resent- lines,
1837 and not from the ordinary To:, Cc:, etc. */
1842 error_block **bnext = &bad_addresses;
1844 if (extract_addresses_remove_arguments)
1846 while (recipients_count-- > 0)
1848 uschar *s = rewrite_address(recipients_list[recipients_count].address,
1849 TRUE, TRUE, global_rewrite_rules, rewrite_existflags);
1850 tree_add_nonrecipient(s);
1852 recipients_list = NULL;
1853 recipients_count = recipients_list_max = 0;
1856 parse_allow_group = TRUE; /* Allow address group syntax */
1858 /* Now scan the headers */
1860 for (h = header_list->next; h != NULL; h = h->next)
1862 if ((h->type == htype_to || h->type == htype_cc || h->type == htype_bcc) &&
1863 (!contains_resent_headers || strncmpic(h->text, US"resent-", 7) == 0))
1865 uschar *s = Ustrchr(h->text, ':') + 1;
1866 while (isspace(*s)) s++;
1870 uschar *ss = parse_find_address_end(s, FALSE);
1871 uschar *recipient, *errmess, *p, *pp;
1872 int start, end, domain;
1874 /* Check on maximum */
1876 if (recipients_max > 0 && ++rcount > recipients_max)
1878 give_local_error(ERRMESS_TOOMANYRECIP, US"too many recipients",
1879 US"message rejected: ", error_rc, stdin, NULL);
1880 /* Does not return */
1883 /* Make a copy of the address, and remove any internal newlines. These
1884 may be present as a result of continuations of the header line. The
1885 white space that follows the newline must not be removed - it is part
1888 pp = recipient = store_get(ss - s + 1);
1889 for (p = s; p < ss; p++) if (*p != '\n') *pp++ = *p;
1891 recipient = parse_extract_address(recipient, &errmess, &start, &end,
1894 /* Keep a list of all the bad addresses so we can send a single
1895 error message at the end. However, an empty address is not an error;
1896 just ignore it. This can come from an empty group list like
1898 To: Recipients of list:;
1900 If there are no recipients at all, an error will occur later. */
1902 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1904 int len = Ustrlen(s);
1905 error_block *b = store_get(sizeof(error_block));
1906 while (len > 0 && isspace(s[len-1])) len--;
1908 b->text1 = string_printing(string_copyn(s, len));
1914 /* If the recipient is already in the nonrecipients tree, it must
1915 have appeared on the command line with the option extract_addresses_
1916 remove_arguments set. Do not add it to the recipients, and keep a note
1917 that this has happened, in order to give a better error if there are
1918 no recipients left. */
1920 else if (recipient != NULL)
1922 if (tree_search(tree_nonrecipients, recipient) == NULL)
1923 receive_add_recipient(recipient, -1);
1925 extracted_ignored = TRUE;
1928 /* Move on past this address */
1930 s = ss + (*ss? 1:0);
1931 while (isspace(*s)) s++;
1934 /* If this was the bcc: header, mark it "old", which means it
1935 will be kept on the spool, but not transmitted as part of the
1938 if (h->type == htype_bcc)
1940 h->type = htype_old;
1942 bcc_header_exists = FALSE;
1945 } /* For appropriate header line */
1946 } /* For each header line */
1948 parse_allow_group = FALSE; /* Reset group syntax flags */
1949 parse_found_group = FALSE;
1952 /* Now build the unique message id. This has changed several times over the
1953 lifetime of Exim. This description was rewritten for Exim 4.14 (February 2003).
1954 Retaining all the history in the comment has become too unwieldy - read
1955 previous release sources if you want it.
1957 The message ID has 3 parts: tttttt-pppppp-ss. Each part is a number in base 62.
1958 The first part is the current time, in seconds. The second part is the current
1959 pid. Both are large enough to hold 32-bit numbers in base 62. The third part
1960 can hold a number in the range 0-3843. It used to be a computed sequence
1961 number, but is now the fractional component of the current time in units of
1962 1/2000 of a second (i.e. a value in the range 0-1999). After a message has been
1963 received, Exim ensures that the timer has ticked at the appropriate level
1964 before proceeding, to avoid duplication if the pid happened to be re-used
1965 within the same time period. It seems likely that most messages will take at
1966 least half a millisecond to be received, so no delay will normally be
1967 necessary. At least for some time...
1969 There is a modification when localhost_number is set. Formerly this was allowed
1970 to be as large as 255. Now it is restricted to the range 0-16, and the final
1971 component of the message id becomes (localhost_number * 200) + fractional time
1972 in units of 1/200 of a second (i.e. a value in the range 0-3399).
1974 Some not-really-Unix operating systems use case-insensitive file names (Darwin,
1975 Cygwin). For these, we have to use base 36 instead of base 62. Luckily, this
1976 still allows the tttttt field to hold a large enough number to last for some
1977 more decades, and the final two-digit field can hold numbers up to 1295, which
1978 is enough for milliseconds (instead of 1/2000 of a second).
1980 However, the pppppp field cannot hold a 32-bit pid, but it can hold a 31-bit
1981 pid, so it is probably safe because pids have to be positive. The
1982 localhost_number is restricted to 0-10 for these hosts, and when it is set, the
1983 final field becomes (localhost_number * 100) + fractional time in centiseconds.
1985 Note that string_base62() returns its data in a static storage block, so it
1986 must be copied before calling string_base62() again. It always returns exactly
1989 There doesn't seem to be anything in the RFC which requires a message id to
1990 start with a letter, but Smail was changed to ensure this. The external form of
1991 the message id (as supplied by string expansion) therefore starts with an
1992 additional leading 'E'. The spool file names do not include this leading
1993 letter and it is not used internally.
1995 NOTE: If ever the format of message ids is changed, the regular expression for
1996 checking that a string is in this format must be updated in a corresponding
1997 way. It appears in the initializing code in exim.c. The macro MESSAGE_ID_LENGTH
1998 must also be changed to reflect the correct string length. Then, of course,
1999 other programs that rely on the message id format will need updating too. */
2001 Ustrncpy(message_id, string_base62((long int)(message_id_tv.tv_sec)), 6);
2002 message_id[6] = '-';
2003 Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6);
2005 /* Deal with the case where the host number is set. The value of the number was
2006 checked when it was read, to ensure it isn't too big. The timing granularity is
2007 left in id_resolution so that an appropriate wait can be done after receiving
2008 the message, if necessary (we hope it won't be). */
2010 if (host_number_string != NULL)
2012 id_resolution = (BASE_62 == 62)? 5000 : 10000;
2013 sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
2014 string_base62((long int)(
2015 host_number * (1000000/id_resolution) +
2016 message_id_tv.tv_usec/id_resolution)) + 4);
2019 /* Host number not set: final field is just the fractional time at an
2020 appropriate resolution. */
2024 id_resolution = (BASE_62 == 62)? 500 : 1000;
2025 sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
2026 string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4);
2029 /* Add the current message id onto the current process info string if
2032 (void)string_format(process_info + process_info_len,
2033 PROCESS_INFO_SIZE - process_info_len, " id=%s", message_id);
2035 /* If we are using multiple input directories, set up the one for this message
2036 to be the least significant base-62 digit of the time of arrival. Otherwise
2037 ensure that it is an empty string. */
2039 message_subdir[0] = split_spool_directory? message_id[5] : 0;
2041 /* Now that we have the message-id, if there is no message-id: header, generate
2042 one, but only for local or submission mode messages. This can be
2043 user-configured if required, but we had better flatten any illegal characters
2046 if (msgid_header == NULL && (sender_host_address == NULL || submission_mode))
2049 uschar *id_text = US"";
2050 uschar *id_domain = primary_hostname;
2052 /* Permit only letters, digits, dots, and hyphens in the domain */
2054 if (message_id_domain != NULL)
2056 uschar *new_id_domain = expand_string(message_id_domain);
2057 if (new_id_domain == NULL)
2059 if (!expand_string_forcedfail)
2060 log_write(0, LOG_MAIN|LOG_PANIC,
2061 "expansion of \"%s\" (message_id_header_domain) "
2062 "failed: %s", message_id_domain, expand_string_message);
2064 else if (*new_id_domain != 0)
2066 id_domain = new_id_domain;
2067 for (p = id_domain; *p != 0; p++)
2068 if (!isalnum(*p) && *p != '.') *p = '-'; /* No need to test '-' ! */
2072 /* Permit all characters except controls and RFC 2822 specials in the
2073 additional text part. */
2075 if (message_id_text != NULL)
2077 uschar *new_id_text = expand_string(message_id_text);
2078 if (new_id_text == NULL)
2080 if (!expand_string_forcedfail)
2081 log_write(0, LOG_MAIN|LOG_PANIC,
2082 "expansion of \"%s\" (message_id_header_text) "
2083 "failed: %s", message_id_text, expand_string_message);
2085 else if (*new_id_text != 0)
2087 id_text = new_id_text;
2088 for (p = id_text; *p != 0; p++)
2089 if (mac_iscntrl_or_special(*p)) *p = '-';
2093 /* Add the header line */
2095 header_add(htype_id, "%sMessage-Id: <%s%s%s@%s>\n", resent_prefix,
2096 message_id_external, (*id_text == 0)? "" : ".", id_text, id_domain);
2099 /* If we are to log recipients, keep a copy of the raw ones before any possible
2100 rewriting. Must copy the count, because later ACLs and the local_scan()
2101 function may mess with the real recipients. */
2103 if ((log_extra_selector & LX_received_recipients) != 0)
2105 raw_recipients = store_get(recipients_count * sizeof(uschar *));
2106 for (i = 0; i < recipients_count; i++)
2107 raw_recipients[i] = string_copy(recipients_list[i].address);
2108 raw_recipients_count = recipients_count;
2111 /* Ensure the recipients list is fully qualified and rewritten. Unqualified
2112 recipients will get here only if the conditions were right (allow_unqualified_
2113 recipient is TRUE). */
2115 for (i = 0; i < recipients_count; i++)
2116 recipients_list[i].address =
2117 rewrite_address(recipients_list[i].address, TRUE, TRUE,
2118 global_rewrite_rules, rewrite_existflags);
2120 /* If there is no From: header, generate one for local or submission_mode
2121 messages. If there is no sender address, but the sender is local or this is a
2122 local delivery error, use the originator login. This shouldn't happen for
2123 genuine bounces, but might happen for autoreplies. The addition of From: must
2124 be done *before* checking for the possible addition of a Sender: header,
2125 because untrusted_set_sender allows an untrusted user to set anything in the
2126 envelope (which might then get info From:) but we still want to ensure a valid
2127 Sender: if it is required. */
2129 if (from_header == NULL && (sender_host_address == NULL || submission_mode))
2131 /* Envelope sender is empty */
2133 if (sender_address[0] == 0)
2135 if (sender_local || local_error_message)
2137 header_add(htype_from, "%sFrom: %s%s%s@%s%s\n", resent_prefix,
2139 (originator_name[0] == 0)? "" : " <",
2140 local_part_quote(originator_login),
2141 qualify_domain_sender,
2142 (originator_name[0] == 0)? "" : ">");
2144 else if (submission_mode && authenticated_id != NULL)
2146 if (submission_domain == NULL)
2148 header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
2149 local_part_quote(authenticated_id), qualify_domain_sender);
2151 else if (submission_domain[0] == 0) /* empty => whole address set */
2153 header_add(htype_from, "%sFrom: %s\n", resent_prefix,
2158 header_add(htype_from, "%sFrom: %s@%s\n", resent_prefix,
2159 local_part_quote(authenticated_id), submission_domain);
2161 from_header = header_last; /* To get it checked for Sender: */
2165 /* There is a non-null envelope sender. Build the header using the original
2166 sender address, before any rewriting that might have been done while
2171 if (!smtp_input || sender_local)
2172 header_add(htype_from, "%sFrom: %s%s%s%s\n",
2173 resent_prefix, originator_name,
2174 (originator_name[0] == 0)? "" : " <",
2175 (sender_address_unrewritten == NULL)?
2176 sender_address : sender_address_unrewritten,
2177 (originator_name[0] == 0)? "" : ">");
2179 header_add(htype_from, "%sFrom: %s\n", resent_prefix, sender_address);
2181 from_header = header_last; /* To get it checked for Sender: */
2186 /* If the sender is local, or if we are in submission mode and there is an
2187 authenticated_id, check that an existing From: is correct, and if not, generate
2188 a Sender: header, unless disabled. Any previously-existing Sender: header was
2189 removed above. Note that sender_local, as well as being TRUE if the caller of
2190 exim is not trusted, is also true if a trusted caller did not supply a -f
2191 argument for non-smtp input. To allow trusted callers to forge From: without
2192 supplying -f, we have to test explicitly here. If the From: header contains
2193 more than one address, then the call to parse_extract_address fails, and a
2194 Sender: header is inserted, as required. */
2196 if (from_header != NULL &&
2198 (sender_local && local_from_check && !trusted_caller) ||
2199 (submission_mode && authenticated_id != NULL)
2202 BOOL make_sender = TRUE;
2203 int start, end, domain;
2205 uschar *from_address =
2206 parse_extract_address(Ustrchr(from_header->text, ':') + 1, &errmess,
2207 &start, &end, &domain, FALSE);
2208 uschar *generated_sender_address;
2210 if (submission_mode)
2212 if (submission_domain == NULL)
2214 generated_sender_address = string_sprintf("%s@%s",
2215 local_part_quote(authenticated_id), qualify_domain_sender);
2217 else if (submission_domain[0] == 0) /* empty => full address */
2219 generated_sender_address = string_sprintf("%s",
2224 generated_sender_address = string_sprintf("%s@%s",
2225 local_part_quote(authenticated_id), submission_domain);
2229 generated_sender_address = string_sprintf("%s@%s",
2230 local_part_quote(originator_login), qualify_domain_sender);
2232 /* Remove permitted prefixes and suffixes from the local part of the From:
2233 address before doing the comparison with the generated sender. */
2235 if (from_address != NULL)
2238 uschar *at = (domain == 0)? NULL : from_address + domain - 1;
2240 if (at != NULL) *at = 0;
2241 from_address += route_check_prefix(from_address, local_from_prefix);
2242 slen = route_check_suffix(from_address, local_from_suffix);
2245 memmove(from_address+slen, from_address, Ustrlen(from_address)-slen);
2246 from_address += slen;
2248 if (at != NULL) *at = '@';
2250 if (strcmpic(generated_sender_address, from_address) == 0 ||
2251 (domain == 0 && strcmpic(from_address, originator_login) == 0))
2252 make_sender = FALSE;
2255 /* We have to cause the Sender header to be rewritten if there are
2256 appropriate rewriting rules. */
2260 if (submission_mode)
2261 header_add(htype_sender, "%sSender: %s\n", resent_prefix,
2262 generated_sender_address);
2264 header_add(htype_sender, "%sSender: %s <%s>\n",
2265 resent_prefix, originator_name, generated_sender_address);
2270 /* If there are any rewriting rules, apply them to the sender address, unless
2271 it has already been rewritten as part of verification for SMTP input. */
2273 if (global_rewrite_rules != NULL && sender_address_unrewritten == NULL &&
2274 sender_address[0] != 0)
2276 sender_address = rewrite_address(sender_address, FALSE, TRUE,
2277 global_rewrite_rules, rewrite_existflags);
2278 DEBUG(D_receive|D_rewrite)
2279 debug_printf("rewritten sender = %s\n", sender_address);
2283 /* The headers must be run through rewrite_header(), because it ensures that
2284 addresses are fully qualified, as well as applying any rewriting rules that may
2287 Qualification of header addresses in a message from a remote host happens only
2288 if the host is in sender_unqualified_hosts or recipient_unqualified hosts, as
2289 appropriate. For local messages, qualification always happens, unless -bnq is
2290 used to explicitly suppress it. No rewriting is done for an unqualified address
2291 that is left untouched.
2293 We start at the second header, skipping our own Received:. This rewriting is
2294 documented as happening *after* recipient addresses are taken from the headers
2295 by the -t command line option. An added Sender: gets rewritten here. */
2297 for (h = header_list->next; h != NULL; h = h->next)
2299 header_line *newh = rewrite_header(h, NULL, NULL, global_rewrite_rules,
2300 rewrite_existflags, TRUE);
2301 if (newh != NULL) h = newh;
2305 /* An RFC 822 (sic) message is not legal unless it has at least one of "to",
2306 "cc", or "bcc". Note that although the minimal examples in RFC822 show just
2307 "to" or "bcc", the full syntax spec allows "cc" as well. If any resent- header
2308 exists, this applies to the set of resent- headers rather than the normal set.
2310 The requirement for a recipient header has been removed in RFC 2822. Earlier
2311 versions of Exim added a To: header for locally submitted messages, and an
2312 empty Bcc: header for others or when always_bcc was set. In the light of the
2313 changes in RFC 2822, we now always add Bcc: just in case there are still MTAs
2314 out there that insist on the RFC 822 syntax.
2316 November 2003: While generally revising what Exim does to fix up headers, it
2317 seems like a good time to remove this altogether. */
2320 if (!to_or_cc_header_exists && !bcc_header_exists)
2321 header_add(htype_bcc, "Bcc:\n");
2324 /* If there is no date header, generate one if the message originates locally
2325 (i.e. not over TCP/IP) or the submission mode flag is set. Messages without
2326 Date: are not valid, but it seems to be more confusing if Exim adds one to
2327 all remotely-originated messages. */
2329 if (!date_header_exists && (sender_host_address == NULL || submission_mode))
2330 header_add(htype_other, "%sDate: %s\n", resent_prefix, tod_stamp(tod_full));
2332 search_tidyup(); /* Free any cached resources */
2334 /* Show the complete set of headers if debugging. Note that the first one (the
2335 new Received:) has not yet been set. */
2339 debug_printf(">>Headers after rewriting and local additions:\n");
2340 for (h = header_list->next; h != NULL; h = h->next)
2341 debug_printf("%c %s", h->type, h->text);
2345 /* The headers are now complete in store. If we are running in filter
2346 testing mode, that is all this function does. Return TRUE if the message
2347 ended with a dot. */
2349 if (filter_test != NULL)
2351 process_info[process_info_len] = 0;
2352 return message_ended == END_DOT;
2355 /* Open a new spool file for the data portion of the message. We need
2356 to access it both via a file descriptor and a stream. Try to make the
2357 directory if it isn't there. Note re use of sprintf: spool_directory
2358 is checked on input to be < 200 characters long. */
2360 sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, message_subdir,
2362 data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
2365 if (errno == ENOENT)
2368 sprintf(CS temp, "input/%s", message_subdir);
2369 if (message_subdir[0] == 0) temp[5] = 0;
2370 (void)directory_make(spool_directory, temp, INPUT_DIRECTORY_MODE, TRUE);
2371 data_fd = Uopen(spool_name, O_RDWR|O_CREAT|O_EXCL, SPOOL_MODE);
2374 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed to create spool file %s: %s",
2375 spool_name, strerror(errno));
2378 /* Make sure the file's group is the Exim gid, and double-check the mode
2379 because the group setting doesn't always get set automatically. */
2381 fchown(data_fd, exim_uid, exim_gid);
2382 fchmod(data_fd, SPOOL_MODE);
2384 /* We now have data file open. Build a stream for it and lock it. We lock only
2385 the first line of the file (containing the message ID) because otherwise there
2386 are problems when Exim is run under Cygwin (I'm told). See comments in
2387 spool_in.c, where the same locking is done. */
2389 data_file = fdopen(data_fd, "w+");
2390 lock_data.l_type = F_WRLCK;
2391 lock_data.l_whence = SEEK_SET;
2392 lock_data.l_start = 0;
2393 lock_data.l_len = SPOOL_DATA_START_OFFSET;
2395 if (fcntl(data_fd, F_SETLK, &lock_data) < 0)
2396 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Cannot lock %s (%d): %s", spool_name,
2397 errno, strerror(errno));
2399 /* We have an open, locked data file. Write the message id to it to make it
2400 self-identifying. Then read the remainder of the input of this message and
2401 write it to the data file. If the variable next != NULL, it contains the first
2402 data line (which was read as a header but then turned out not to have the right
2403 format); write it (remembering that it might contain binary zeros). The result
2404 of fwrite() isn't inspected; instead we call ferror() below. */
2406 fprintf(data_file, "%s-D\n", message_id);
2409 uschar *s = next->text;
2410 int len = next->slen;
2411 fwrite(s, 1, len, data_file);
2412 body_linecount++; /* Assumes only 1 line */
2415 /* Note that we might already be at end of file, or the logical end of file
2416 (indicated by '.'), or might have encountered an error while writing the
2417 message id or "next" line. */
2419 if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT)
2423 message_ended = read_message_data_smtp(data_file);
2424 receive_linecount++; /* The terminating "." line */
2426 else message_ended = read_message_data(data_file);
2428 receive_linecount += body_linecount; /* For BSMTP errors mainly */
2430 /* Handle premature termination of SMTP */
2432 if (smtp_input && message_ended == END_EOF)
2434 Uunlink(spool_name); /* Lose data file when closed */
2435 message_id[0] = 0; /* Indicate no message accepted */
2436 smtp_reply = handle_lost_connection(US"");
2438 goto TIDYUP; /* Skip to end of function */
2441 /* Handle message that is too big. Don't use host_or_ident() in the log
2442 message; we want to see the ident value even for non-remote messages. */
2444 if (message_ended == END_SIZE)
2446 Uunlink(spool_name); /* Lose the data file when closed */
2447 if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
2449 log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
2450 "message too big: read=%d max=%d",
2452 (sender_fullhost == NULL)? "" : " H=",
2453 (sender_fullhost == NULL)? US"" : sender_fullhost,
2454 (sender_ident == NULL)? "" : " U=",
2455 (sender_ident == NULL)? US"" : sender_ident,
2457 thismessage_size_limit);
2461 smtp_reply = US"552 Message size exceeds maximum permitted";
2462 message_id[0] = 0; /* Indicate no message accepted */
2463 goto TIDYUP; /* Skip to end of function */
2467 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2468 give_local_error(ERRMESS_TOOBIG,
2469 string_sprintf("message too big (max=%d)", thismessage_size_limit),
2470 US"message rejected: ", error_rc, data_file, header_list);
2471 /* Does not return */
2476 /* Restore the standard SIGALRM handler for any subsequent processing. (For
2477 example, there may be some expansion in an ACL that uses a timer.) */
2479 os_non_restarting_signal(SIGALRM, sigalrm_handler);
2481 /* The message body has now been read into the data file. Call fflush() to
2482 empty the buffers in C, and then call fsync() to get the data written out onto
2483 the disk, as fflush() doesn't do this (or at least, it isn't documented as
2484 having to do this). If there was an I/O error on either input or output,
2485 attempt to send an error message, and unlink the spool file. For non-SMTP input
2486 we can then give up. Note that for SMTP input we must swallow the remainder of
2487 the input in cases of output errors, since the far end doesn't expect to see
2488 anything until the terminating dot line is sent. */
2490 if (fflush(data_file) == EOF || ferror(data_file) ||
2491 fsync(fileno(data_file)) < 0 || (receive_ferror)())
2493 uschar *msg_errno = US strerror(errno);
2494 BOOL input_error = (receive_ferror)() != 0;
2495 uschar *msg = string_sprintf("%s error (%s) while receiving message from %s",
2496 input_error? "Input read" : "Spool write",
2498 (sender_fullhost != NULL)? sender_fullhost : sender_ident);
2500 log_write(0, LOG_MAIN, "Message abandoned: %s", msg);
2501 Uunlink(spool_name); /* Lose the data file */
2506 smtp_reply = US"451 Error while reading input data";
2509 smtp_reply = US"451 Error while writing spool file";
2510 receive_swallow_smtp();
2512 message_id[0] = 0; /* Indicate no message accepted */
2513 goto TIDYUP; /* Skip to end of function */
2518 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2519 give_local_error(ERRMESS_IOERR, msg, US"", error_rc, data_file,
2521 /* Does not return */
2526 /* No I/O errors were encountered while writing the data file. */
2528 DEBUG(D_receive) debug_printf("Data file written for message %s\n", message_id);
2531 /* If there were any bad addresses extracted by -t, or there were no recipients
2532 left after -t, send a message to the sender of this message, or write it to
2533 stderr if the error handling option is set that way. Note that there may
2534 legitimately be no recipients for an SMTP message if they have all been removed
2537 We need to rewind the data file in order to read it. In the case of no
2538 recipients or stderr error writing, throw the data file away afterwards, and
2539 exit. (This can't be SMTP, which always ensures there's at least one
2540 syntactically good recipient address.) */
2542 if (extract_recip && (bad_addresses != NULL || recipients_count == 0))
2546 if (recipients_count == 0) debug_printf("*** No recipients\n");
2547 if (bad_addresses != NULL)
2549 error_block *eblock = bad_addresses;
2550 debug_printf("*** Bad address(es)\n");
2551 while (eblock != NULL)
2553 debug_printf(" %s: %s\n", eblock->text1, eblock->text2);
2554 eblock = eblock->next;
2559 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2561 /* If configured to send errors to the sender, but this fails, force
2562 a failure error code. We use a special one for no recipients so that it
2563 can be detected by the autoreply transport. Otherwise error_rc is set to
2564 errors_sender_rc, which is EXIT_FAILURE unless -oee was given, in which case
2565 it is EXIT_SUCCESS. */
2567 if (error_handling == ERRORS_SENDER)
2569 if (!moan_to_sender(
2570 (bad_addresses == NULL)?
2571 (extracted_ignored? ERRMESS_IGADDRESS : ERRMESS_NOADDRESS) :
2572 (recipients_list == NULL)? ERRMESS_BADNOADDRESS : ERRMESS_BADADDRESS,
2573 bad_addresses, header_list, data_file, FALSE))
2574 error_rc = (bad_addresses == NULL)? EXIT_NORECIPIENTS : EXIT_FAILURE;
2578 if (bad_addresses == NULL)
2580 if (extracted_ignored)
2581 fprintf(stderr, "exim: all -t recipients overridden by command line\n");
2583 fprintf(stderr, "exim: no recipients in message\n");
2587 fprintf(stderr, "exim: invalid address%s",
2588 (bad_addresses->next == NULL)? ":" : "es:\n");
2589 while (bad_addresses != NULL)
2591 fprintf(stderr, " %s: %s\n", bad_addresses->text1,
2592 bad_addresses->text2);
2593 bad_addresses = bad_addresses->next;
2598 if (recipients_count == 0 || error_handling == ERRORS_STDERR)
2600 Uunlink(spool_name);
2602 exim_exit(error_rc);
2606 /* Data file successfully written. Generate text for the Received: header by
2607 expanding the configured string, and adding a timestamp. By leaving this
2608 operation till now, we ensure that the timestamp is the time that message
2609 reception was completed. However, this is deliberately done before calling the
2610 data ACL and local_scan().
2612 This Received: header may therefore be inspected by the data ACL and by code in
2613 the local_scan() function. When they have run, we update the timestamp to be
2614 the final time of reception.
2616 If there is just one recipient, set up its value in the $received_for variable
2617 for use when we generate the Received: header.
2619 Note: the checking for too many Received: headers is handled by the delivery
2622 timestamp = expand_string(US"${tod_full}");
2623 if (recipients_count == 1) received_for = recipients_list[0].address;
2624 received = expand_string(received_header_text);
2625 received_for = NULL;
2627 if (received == NULL)
2629 Uunlink(spool_name); /* Lose the data file */
2630 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
2631 "(received_header_text) failed: %s", string_printing(received_header_text),
2632 expand_string_message);
2635 /* The first element on the header chain is reserved for the Received header,
2636 so all we have to do is fill in the text pointer, and set the type. However, if
2637 the result of the expansion is an empty string, we leave the header marked as
2638 "old" so as to refrain from adding a Received header. */
2640 if (received[0] == 0)
2642 received_header->text = string_sprintf("Received: ; %s\n", timestamp);
2643 received_header->type = htype_old;
2647 received_header->text = string_sprintf("%s; %s\n", received, timestamp);
2648 received_header->type = htype_received;
2651 received_header->slen = Ustrlen(received_header->text);
2653 DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
2654 received_header->type, received_header->text);
2656 /* Set the value of message_body_size for the DATA ACL and for local_scan() */
2658 message_body_size = (fstat(data_fd, &statbuf) == 0)?
2659 statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
2661 /* If an ACL from any RCPT commands set up any warning headers to add, do so
2662 now, before running the DATA ACL. */
2664 add_acl_headers(US"MAIL or RCPT");
2666 /* If an ACL is specified for checking things at this stage of reception of a
2667 message, run it, unless all the recipients were removed by "discard" in earlier
2668 ACLs. That is the only case in which recipients_count can be zero at this
2669 stage. Set deliver_datafile to point to the data file so that $message_body and
2670 $message_body_end can be extracted if needed. Allow $recipients in expansions.
2673 deliver_datafile = data_fd;
2675 if (recipients_count == 0)
2677 blackholed_by = recipients_discarded? US"MAIL ACL" : US"RCPT ACL";
2681 enable_dollar_recipients = TRUE;
2683 /* Handle interactive SMTP messages */
2685 if (smtp_input && !smtp_batched_input)
2687 if (acl_smtp_data != NULL && recipients_count > 0)
2689 uschar *user_msg, *log_msg;
2690 rc = acl_check(ACL_WHERE_DATA, NULL, acl_smtp_data, &user_msg, &log_msg);
2691 add_acl_headers(US"DATA");
2694 recipients_count = 0;
2695 blackholed_by = US"DATA ACL";
2699 Uunlink(spool_name);
2700 if (smtp_handle_acl_fail(ACL_WHERE_DATA, rc, user_msg, log_msg) != 0)
2701 smtp_yield = FALSE; /* No more messsages after dropped connection */
2702 smtp_reply = US""; /* Indicate reply already sent */
2703 message_id[0] = 0; /* Indicate no message accepted */
2704 goto TIDYUP; /* Skip to end of function */
2709 /* Handle non-SMTP and batch SMTP (i.e. non-interactive) messages. Note that
2710 we cannot take different actions for permanent and temporary rejections. */
2712 else if (acl_not_smtp != NULL)
2714 uschar *user_msg, *log_msg;
2715 rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
2718 recipients_count = 0;
2719 blackholed_by = US"non-SMTP ACL";
2723 Uunlink(spool_name);
2724 log_write(0, LOG_MAIN|LOG_REJECT, "F=<%s> rejected by non-SMTP ACL: %s",
2725 sender_address, log_msg);
2726 if (user_msg == NULL) user_msg = US"local configuration problem";
2727 if (smtp_batched_input)
2729 moan_smtp_batch(NULL, "%d %s", 550, user_msg);
2730 /* Does not return */
2734 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2735 give_local_error(ERRMESS_LOCAL_ACL, user_msg,
2736 US"message rejected by non-SMTP ACL: ", error_rc, data_file,
2738 /* Does not return */
2741 add_acl_headers(US"non-SMTP");
2744 if (deliver_freeze) frozen_by = US"ACL"; /* for later logging */
2745 if (queue_only_policy) queued_by = US"ACL";
2747 enable_dollar_recipients = FALSE;
2750 /* The final check on the message is to run the scan_local() function. The
2751 version supplied with Exim always accepts, but this is a hook for sysadmins to
2752 supply their own checking code. The local_scan() function is run even when all
2753 the recipients have been discarded. */
2755 lseek(data_fd, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2757 /* Arrange to catch crashes in local_scan(), so that the -D file gets
2758 deleted, and the incident gets logged. */
2760 os_non_restarting_signal(SIGSEGV, local_scan_crash_handler);
2761 os_non_restarting_signal(SIGFPE, local_scan_crash_handler);
2762 os_non_restarting_signal(SIGILL, local_scan_crash_handler);
2763 os_non_restarting_signal(SIGBUS, local_scan_crash_handler);
2765 DEBUG(D_receive) debug_printf("calling local_scan(); timeout=%d\n",
2766 local_scan_timeout);
2767 local_scan_data = NULL;
2769 os_non_restarting_signal(SIGALRM, local_scan_timeout_handler);
2770 if (local_scan_timeout > 0) alarm(local_scan_timeout);
2771 rc = local_scan(data_fd, &local_scan_data);
2773 os_non_restarting_signal(SIGALRM, sigalrm_handler);
2775 store_pool = POOL_MAIN; /* In case changed */
2776 DEBUG(D_receive) debug_printf("local_scan() returned %d %s\n", rc,
2779 os_non_restarting_signal(SIGSEGV, SIG_DFL);
2780 os_non_restarting_signal(SIGFPE, SIG_DFL);
2781 os_non_restarting_signal(SIGILL, SIG_DFL);
2782 os_non_restarting_signal(SIGBUS, SIG_DFL);
2784 /* The length check is paranoia against some runaway code, and also because
2785 (for a success return) lines in the spool file are read into big_buffer. */
2787 if (local_scan_data != NULL)
2789 int len = Ustrlen(local_scan_data);
2790 if (len > LOCAL_SCAN_MAX_RETURN) len = LOCAL_SCAN_MAX_RETURN;
2791 local_scan_data = string_copyn(local_scan_data, len);
2794 if (rc == LOCAL_SCAN_ACCEPT_FREEZE)
2796 if (!deliver_freeze) /* ACL might have already frozen */
2798 deliver_freeze = TRUE;
2799 deliver_frozen_at = time(NULL);
2800 frozen_by = US"local_scan()";
2802 rc = LOCAL_SCAN_ACCEPT;
2804 else if (rc == LOCAL_SCAN_ACCEPT_QUEUE)
2806 if (!queue_only_policy) /* ACL might have already queued */
2808 queue_only_policy = TRUE;
2809 queued_by = US"local_scan()";
2811 rc = LOCAL_SCAN_ACCEPT;
2814 /* Message accepted: remove newlines in local_scan_data because otherwise
2815 the spool file gets corrupted. Ensure that all recipients are qualified. */
2817 if (rc == LOCAL_SCAN_ACCEPT)
2819 if (local_scan_data != NULL)
2822 for (s = local_scan_data; *s != 0; s++) if (*s == '\n') *s = ' ';
2824 for (i = 0; i < recipients_count; i++)
2826 recipient_item *r = recipients_list + i;
2827 r->address = rewrite_address_qualify(r->address, TRUE);
2828 if (r->errors_to != NULL)
2829 r->errors_to = rewrite_address_qualify(r->errors_to, TRUE);
2831 if (recipients_count == 0 && blackholed_by == NULL)
2832 blackholed_by = US"local_scan";
2835 /* Message rejected: newlines permitted in local_scan_data to generate
2836 multiline SMTP responses. */
2840 uschar *istemp = US"";
2846 errmsg = local_scan_data;
2848 Uunlink(spool_name); /* Cancel this message */
2852 log_write(0, LOG_MAIN, "invalid return %d from local_scan(). Temporary "
2853 "rejection given", rc);
2856 case LOCAL_SCAN_REJECT_NOLOGHDR:
2857 log_extra_selector &= ~LX_rejected_header;
2860 case LOCAL_SCAN_REJECT:
2862 if (errmsg == NULL) errmsg = US"Administrative prohibition";
2865 case LOCAL_SCAN_TEMPREJECT_NOLOGHDR:
2866 log_extra_selector &= ~LX_rejected_header;
2869 case LOCAL_SCAN_TEMPREJECT:
2872 if (errmsg == NULL) errmsg = US"Temporary local problem";
2873 istemp = US"temporarily ";
2877 s = string_append(s, &size, &sptr, 2, US"F=",
2878 (sender_address[0] == 0)? US"<>" : sender_address);
2879 s = add_host_info_for_log(s, &size, &sptr);
2882 log_write(0, LOG_MAIN|LOG_REJECT, "%s %srejected by local_scan(): %.256s",
2883 s, istemp, string_printing(errmsg));
2887 if (!smtp_batched_input)
2889 smtp_respond(code, TRUE, errmsg);
2890 message_id[0] = 0; /* Indicate no message accepted */
2891 smtp_reply = US""; /* Indicate reply already sent */
2892 goto TIDYUP; /* Skip to end of function */
2896 moan_smtp_batch(NULL, "%d %s", code, errmsg);
2897 /* Does not return */
2902 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2903 give_local_error(ERRMESS_LOCAL_SCAN, errmsg,
2904 US"message rejected by local scan code: ", error_rc, data_file,
2906 /* Does not return */
2910 /* Reset signal handlers to ignore signals that previously would have caused
2911 the message to be abandoned. */
2913 signal(SIGTERM, SIG_IGN);
2914 signal(SIGINT, SIG_IGN);
2916 /* Ensure the first time flag is set in the newly-received message. */
2918 deliver_firsttime = TRUE;
2920 /* Update the timstamp in our Received: header to account for any time taken by
2921 an ACL or by local_scan(). The new time is the time that all reception
2922 processing is complete. */
2924 timestamp = expand_string(US"${tod_full}");
2925 tslen = Ustrlen(timestamp);
2927 memcpy(received_header->text + received_header->slen - tslen - 1,
2930 /* In MUA wrapper mode, ignore queueing actions set by ACL or local_scan() */
2934 deliver_freeze = FALSE;
2935 queue_only_policy = FALSE;
2938 /* Keep the data file open until we have written the header file, in order to
2939 hold onto the lock. In a -bh run, or if the message is to be blackholed, we
2940 don't write the header file, and we unlink the data file. If writing the header
2941 file fails, we have failed to accept this message. */
2943 if (host_checking || blackholed_by != NULL)
2946 Uunlink(spool_name);
2947 msg_size = 0; /* Compute size for log line */
2948 for (h = header_list; h != NULL; h = h->next)
2949 if (h->type != '*') msg_size += h->slen;
2952 /* Write the -H file */
2956 if ((msg_size = spool_write_header(message_id, SW_RECEIVING, &errmsg)) < 0)
2958 log_write(0, LOG_MAIN, "Message abandoned: %s", errmsg);
2959 Uunlink(spool_name); /* Lose the data file */
2963 smtp_reply = US"451 Error in writing spool file";
2964 message_id[0] = 0; /* Indicate no message accepted */
2969 fseek(data_file, (long int)SPOOL_DATA_START_OFFSET, SEEK_SET);
2970 give_local_error(ERRMESS_IOERR, errmsg, US"", error_rc, data_file,
2972 /* Does not return */
2978 /* The message has now been successfully received. */
2980 receive_messagecount++;
2982 /* In SMTP sessions we may receive several in one connection. After each one,
2983 we wait for the clock to tick at the level of message-id granularity. This is
2984 so that the combination of time+pid is unique, even on systems where the pid
2985 can be re-used within our time interval. We can't shorten the interval without
2986 re-designing the message-id. See comments above where the message id is
2987 created. This is Something For The Future. */
2989 message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
2990 exim_wait_tick(&message_id_tv, id_resolution);
2992 /* Add data size to written header size. We do not count the initial file name
2993 that is in the file, but we do add one extra for the notional blank line that
2994 precedes the data. This total differs from message_size in that it include the
2995 added Received: header and any other headers that got created locally. */
2998 fstat(data_fd, &statbuf);
3000 msg_size += statbuf.st_size - SPOOL_DATA_START_OFFSET + 1;
3002 /* Generate a "message received" log entry. We do this by building up a dynamic
3003 string as required. Since we commonly want to add two items at a time, use a
3004 macro to simplify the coding. We log the arrival of a new message while the
3005 file is still locked, just in case the machine is *really* fast, and delivers
3006 it first! Include any message id that is in the message - since the syntax of a
3007 message id is actually an addr-spec, we can use the parse routine to canonicize
3012 s = store_get(size);
3014 s = string_append(s, &size, &sptr, 2, US"<= ",
3015 (sender_address[0] == 0)? US"<>" : sender_address);
3016 if (message_reference != NULL)
3017 s = string_append(s, &size, &sptr, 2, US" R=", message_reference);
3019 s = add_host_info_for_log(s, &size, &sptr);
3022 if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
3023 s = string_append(s, &size, &sptr, 2, US" X=", tls_cipher);
3024 if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
3026 s = string_append(s, &size, &sptr, 2, US" CV=",
3027 tls_certificate_verified? "yes":"no");
3028 if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
3029 s = string_append(s, &size, &sptr, 3, US" DN=\"", tls_peerdn, US"\"");
3032 if (sender_host_authenticated != NULL)
3034 s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated);
3035 if (authenticated_id != NULL)
3036 s = string_append(s, &size, &sptr, 2, US":", authenticated_id);
3039 sprintf(CS big_buffer, "%d", msg_size);
3040 s = string_append(s, &size, &sptr, 2, US" S=", big_buffer);
3042 /* If an addr-spec in a message-id contains a quoted string, it can contain
3043 any characters except " \ and CR and so in particular it can contain NL!
3044 Therefore, make sure we use a printing-characters only version for the log.
3045 Also, allow for domain literals in the message id. */
3047 if (msgid_header != NULL)
3050 BOOL save_allow_domain_literals = allow_domain_literals;
3051 allow_domain_literals = TRUE;
3052 old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1,
3053 &errmsg, &start, &end, &domain, FALSE);
3054 allow_domain_literals = save_allow_domain_literals;
3056 s = string_append(s, &size, &sptr, 2, US" id=", string_printing(old_id));
3059 /* If subject logging is turned on, create suitable printing-character
3060 text. By expanding $h_subject: we make use of the MIME decoding. */
3062 if ((log_extra_selector & LX_subject) != 0 && subject_header != NULL)
3065 uschar *p = big_buffer;
3066 uschar *ss = expand_string(US"$h_subject:");
3068 /* Backslash-quote any double quotes or backslashes so as to make a
3069 a C-like string, and turn any non-printers into escape sequences. */
3072 if (*ss != 0) for (i = 0; i < 100 && ss[i] != 0; i++)
3074 if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\';
3079 s = string_append(s, &size, &sptr, 2, US" T=", string_printing(big_buffer));
3082 /* Terminate the string: string_cat() and string_append() leave room, but do
3083 not put the zero in. */
3087 /* While writing to the log, set a flag to cause a call to receive_bomb_out()
3088 if the log cannot be opened. */
3090 receive_call_bombout = TRUE;
3091 log_write(0, LOG_MAIN |
3092 (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
3093 (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
3095 receive_call_bombout = FALSE;
3097 /* Log any control actions taken by an ACL or local_scan(). */
3099 if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
3100 if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
3101 "no immediate delivery: queued by %s", queued_by);
3103 /* Create a message log file if message logs are being used and this message is
3104 not blackholed. Write the reception stuff to it. We used to leave message log
3105 creation until the first delivery, but this has proved confusing for somep
3108 if (message_logs && blackholed_by == NULL)
3112 sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, message_subdir,
3114 fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE);
3116 if (fd < 0 && errno == ENOENT)
3119 sprintf(CS temp, "msglog/%s", message_subdir);
3120 if (message_subdir[0] == 0) temp[6] = 0;
3121 (void)directory_make(spool_directory, temp, MSGLOG_DIRECTORY_MODE, TRUE);
3122 fd = Uopen(spool_name, O_WRONLY|O_APPEND|O_CREAT, SPOOL_MODE);
3127 log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't open message log %s: %s",
3128 spool_name, strerror(errno));
3133 FILE *message_log = fdopen(fd, "a");
3134 if (message_log == NULL)
3136 log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't fdopen message log %s: %s",
3137 spool_name, strerror(errno));
3142 uschar *now = tod_stamp(tod_log);
3143 fprintf(message_log, "%s Received from %s\n", now, s+3);
3144 if (deliver_freeze) fprintf(message_log, "%s frozen by %s\n", now,
3146 if (queue_only_policy) fprintf(message_log,
3147 "%s no immediate delivery: queued by %s\n", now, queued_by);
3148 fclose(message_log);
3153 store_reset(s); /* The store for the main log message can be reused */
3155 /* If the message is frozen, and freeze_tell is set, do the telling. */
3157 if (deliver_freeze && freeze_tell != NULL && freeze_tell[0] != 0)
3159 moan_tell_someone(freeze_tell, NULL, US"Message frozen on arrival",
3160 "Message %s was frozen on arrival by %s.\nThe sender is <%s>.\n",
3161 message_id, frozen_by, sender_address);
3165 /* Either a message has been successfully received and written to the two spool
3166 files, or an error in writing the spool has occurred for an SMTP message, or
3167 an SMTP message has been rejected because of a bad sender. (For a non-SMTP
3168 message we will have already given up because there's no point in carrying on!)
3169 In either event, we must now close (and thereby unlock) the data file. In the
3170 successful case, this leaves the message on the spool, ready for delivery. In
3171 the error case, the spool file will be deleted. Then tidy up store, interact
3172 with an SMTP call if necessary, and return.
3174 A fflush() was done earlier in the expectation that any write errors on the
3175 data file will be flushed(!) out thereby. Nevertheless, it is theoretically
3176 possible for fclose() to fail - but what to do? What has happened to the lock
3180 process_info[process_info_len] = 0; /* Remove message id */
3181 if (data_file != NULL) fclose(data_file); /* Frees the lock */
3183 /* Now reset signal handlers to their defaults */
3185 signal(SIGTERM, SIG_DFL);
3186 signal(SIGINT, SIG_DFL);
3188 /* Tell an SMTP caller the state of play, and arrange to return the SMTP return
3189 value, which defaults TRUE - meaning there may be more incoming messages from
3190 this connection. For non-SMTP callers (where there is only ever one message),
3191 the default is FALSE. */
3197 /* Handle interactive SMTP callers. After several kinds of error, smtp_reply
3198 is set to the response. However, after an ACL error or local_scan() error,
3199 the response has already been sent, and smtp_reply is an empty string to
3202 if (!smtp_batched_input)
3204 if (smtp_reply == NULL)
3206 smtp_printf("250 OK id=%s\r\n", message_id);
3209 "\n**** SMTP testing: that is not a real message id!\n\n");
3211 else if (smtp_reply[0] != 0) smtp_printf("%.1024s\r\n", smtp_reply);
3214 /* For batched SMTP, generate an error message on failure, and do
3215 nothing on success. The function moan_smtp_batch() does not return -
3216 it exits from the program with a non-zero return code. */
3218 else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
3222 /* If blackholing, we can immediately log this message's sad fate. The data
3223 file has already been unlinked, and the header file was never written to disk.
3224 We must now indicate that nothing was received, to prevent a delivery from
3227 if (blackholed_by != NULL)
3229 uschar *detail = (local_scan_data != NULL)?
3230 string_printing(local_scan_data) :
3231 string_sprintf("(%s discarded recipients)", blackholed_by);
3232 log_write(0, LOG_MAIN, "=> blackhole %s", detail);
3233 log_write(0, LOG_MAIN, "Completed");
3237 /* Reset headers so that logging of rejects for a subsequent message doesn't
3238 include them. It is also important to set header_last = NULL before exiting
3239 from this function, as this prevents certain rewrites that might happen during
3240 subsequent verifying (of another incoming message) from trying to add headers
3241 when they shouldn't. */
3243 header_list = header_last = NULL;
3245 return yield; /* TRUE if more messages (SMTP only) */
3248 /* End of receive.c */