1 /* $Cambridge: exim/src/src/route.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
10 /* Functions concerned with routing, and the list of generic router options. */
17 /* Generic options for routers, all of which live inside router_instance
18 data blocks and which therefore have the opt_public flag set. */
20 optionlist optionlist_routers[] = {
21 { "*expand_group", opt_stringptr | opt_hidden | opt_public,
22 (void *)(offsetof(router_instance, expand_gid)) },
23 { "*expand_more", opt_stringptr | opt_hidden | opt_public,
24 (void *)(offsetof(router_instance, expand_more)) },
25 { "*expand_unseen", opt_stringptr | opt_hidden | opt_public,
26 (void *)(offsetof(router_instance, expand_unseen)) },
27 { "*expand_user", opt_stringptr | opt_hidden | opt_public,
28 (void *)(offsetof(router_instance, expand_uid)) },
29 { "*set_group", opt_bool | opt_hidden | opt_public,
30 (void *)(offsetof(router_instance, gid_set)) },
31 { "*set_user", opt_bool | opt_hidden | opt_public,
32 (void *)(offsetof(router_instance, uid_set)) },
33 { "address_data", opt_stringptr|opt_public,
34 (void *)(offsetof(router_instance, address_data)) },
35 { "address_test", opt_bool|opt_public,
36 (void *)(offsetof(router_instance, address_test)) },
37 { "cannot_route_message", opt_stringptr | opt_public,
38 (void *)(offsetof(router_instance, cannot_route_message)) },
39 { "caseful_local_part", opt_bool | opt_public,
40 (void *)(offsetof(router_instance, caseful_local_part)) },
41 { "check_local_user", opt_bool | opt_public,
42 (void *)(offsetof(router_instance, check_local_user)) },
43 { "condition", opt_stringptr|opt_public,
44 (void *)offsetof(router_instance, condition) },
45 { "debug_print", opt_stringptr | opt_public,
46 (void *)offsetof(router_instance, debug_string) },
47 { "disable_logging", opt_bool | opt_public,
48 (void *)offsetof(router_instance, disable_logging) },
49 { "domains", opt_stringptr|opt_public,
50 (void *)offsetof(router_instance, domains) },
51 { "driver", opt_stringptr|opt_public,
52 (void *)offsetof(router_instance, driver_name) },
53 { "errors_to", opt_stringptr|opt_public,
54 (void *)(offsetof(router_instance, errors_to)) },
55 { "expn", opt_bool|opt_public,
56 (void *)offsetof(router_instance, expn) },
57 { "fail_verify", opt_bool_verify|opt_hidden|opt_public,
58 (void *)offsetof(router_instance, fail_verify_sender) },
59 { "fail_verify_recipient", opt_bool|opt_public,
60 (void *)offsetof(router_instance, fail_verify_recipient) },
61 { "fail_verify_sender", opt_bool|opt_public,
62 (void *)offsetof(router_instance, fail_verify_sender) },
63 { "fallback_hosts", opt_stringptr|opt_public,
64 (void *)offsetof(router_instance, fallback_hosts) },
65 { "group", opt_expand_gid | opt_public,
66 (void *)(offsetof(router_instance, gid)) },
67 { "headers_add", opt_stringptr|opt_public,
68 (void *)offsetof(router_instance, extra_headers) },
69 { "headers_remove", opt_stringptr|opt_public,
70 (void *)offsetof(router_instance, remove_headers) },
71 { "ignore_target_hosts",opt_stringptr|opt_public,
72 (void *)offsetof(router_instance, ignore_target_hosts) },
73 { "initgroups", opt_bool | opt_public,
74 (void *)(offsetof(router_instance, initgroups)) },
75 { "local_part_prefix", opt_stringptr|opt_public,
76 (void *)offsetof(router_instance, prefix) },
77 { "local_part_prefix_optional",opt_bool|opt_public,
78 (void *)offsetof(router_instance, prefix_optional) },
79 { "local_part_suffix", opt_stringptr|opt_public,
80 (void *)offsetof(router_instance, suffix) },
81 { "local_part_suffix_optional",opt_bool|opt_public,
82 (void *)offsetof(router_instance, suffix_optional) },
83 { "local_parts", opt_stringptr|opt_public,
84 (void *)offsetof(router_instance, local_parts) },
85 { "log_as_local", opt_bool|opt_public,
86 (void *)offsetof(router_instance, log_as_local) },
87 { "more", opt_expand_bool|opt_public,
88 (void *)offsetof(router_instance, more) },
89 { "pass_on_timeout", opt_bool|opt_public,
90 (void *)offsetof(router_instance, pass_on_timeout) },
91 { "pass_router", opt_stringptr|opt_public,
92 (void *)offsetof(router_instance, pass_router_name) },
93 { "redirect_router", opt_stringptr|opt_public,
94 (void *)offsetof(router_instance, redirect_router_name) },
95 { "require_files", opt_stringptr|opt_public,
96 (void *)offsetof(router_instance, require_files) },
97 { "retry_use_local_part", opt_bool|opt_public,
98 (void *)offsetof(router_instance, retry_use_local_part) },
99 { "router_home_directory", opt_stringptr|opt_public,
100 (void *)offsetof(router_instance, router_home_directory) },
101 { "self", opt_stringptr|opt_public,
102 (void *)(offsetof(router_instance, self)) },
103 { "senders", opt_stringptr|opt_public,
104 (void *)offsetof(router_instance, senders) },
105 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
106 { "translate_ip_address", opt_stringptr|opt_public,
107 (void *)offsetof(router_instance, translate_ip_address) },
109 { "transport", opt_stringptr|opt_public,
110 (void *)offsetof(router_instance, transport_name) },
111 { "transport_current_directory", opt_stringptr|opt_public,
112 (void *)offsetof(router_instance, current_directory) },
113 { "transport_home_directory", opt_stringptr|opt_public,
114 (void *)offsetof(router_instance, home_directory) },
115 { "unseen", opt_expand_bool|opt_public,
116 (void *)offsetof(router_instance, unseen) },
117 { "user", opt_expand_uid | opt_public,
118 (void *)(offsetof(router_instance, uid)) },
119 { "verify", opt_bool_verify|opt_hidden|opt_public,
120 (void *)offsetof(router_instance, verify_sender) },
121 { "verify_only", opt_bool|opt_public,
122 (void *)offsetof(router_instance, verify_only) },
123 { "verify_recipient", opt_bool|opt_public,
124 (void *)offsetof(router_instance, verify_recipient) },
125 { "verify_sender", opt_bool|opt_public,
126 (void *)offsetof(router_instance, verify_sender) }
129 int optionlist_routers_size = sizeof(optionlist_routers)/sizeof(optionlist);
133 /*************************************************
134 * Set router pointer from name *
135 *************************************************/
137 /* This function is used for the redirect_router and pass_router options and
138 called from route_init() below.
143 ptr where to put the pointer
144 after TRUE if router must follow this one
150 set_router(router_instance *r, uschar *name, router_instance **ptr, BOOL after)
152 BOOL afterthis = FALSE;
155 for (rr = routers; rr != NULL; rr = rr->next)
157 if (Ustrcmp(name, rr->name) == 0)
162 if (rr == r) afterthis = TRUE;
166 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
167 "new_router \"%s\" not found for \"%s\" router", name, r->name);
169 if (after && !afterthis)
170 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
171 "new_router \"%s\" does not follow \"%s\" router", name, r->name);
176 /*************************************************
177 * Initialize router list *
178 *************************************************/
180 /* Read the routers section of the configuration file, and set up a chain of
181 router instances according to its contents. Each router has generic options and
182 may also have its own private options. This function is only ever called when
183 routers == NULL. We use generic code in readconf to do the work. It will set
184 values from the configuration file, and then call the driver's initialization
192 readconf_driver_init(US"router",
193 (driver_instance **)(&routers), /* chain anchor */
194 (driver_info *)routers_available, /* available drivers */
195 sizeof(router_info), /* size of info blocks */
196 &router_defaults, /* default values for generic options */
197 sizeof(router_instance), /* size of instance block */
198 optionlist_routers, /* generic options */
199 optionlist_routers_size);
201 for (r = routers; r != NULL; r = r->next)
205 /* If log_as_local is unset, its overall default is FALSE. (The accept
206 router defaults it to TRUE.) */
208 if (r->log_as_local == TRUE_UNSET) r->log_as_local = FALSE;
210 /* Check for transport or no transport on certain routers */
212 if ((r->info->ri_flags & ri_yestransport) != 0 &&
213 r->transport_name == NULL &&
215 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
216 "a transport is required for this router", r->name);
218 if ((r->info->ri_flags & ri_notransport) != 0 &&
219 r->transport_name != NULL)
220 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "%s router:\n "
221 "a transport must not be defined for this router", r->name);
223 /* The "self" option needs to be decoded into a code value and possibly a
224 new domain string and a rewrite boolean. */
226 if (Ustrcmp(s, "freeze") == 0) r->self_code = self_freeze;
227 else if (Ustrcmp(s, "defer") == 0) r->self_code = self_defer;
228 else if (Ustrcmp(s, "send") == 0) r->self_code = self_send;
229 else if (Ustrcmp(s, "pass") == 0) r->self_code = self_pass;
230 else if (Ustrcmp(s, "fail") == 0) r->self_code = self_fail;
231 else if (Ustrncmp(s, "reroute:", 8) == 0)
234 while (isspace(*s)) s++;
235 if (Ustrncmp(s, "rewrite:", 8) == 0)
237 r->self_rewrite = TRUE;
239 while (isspace(*s)) s++;
242 r->self_code = self_reroute;
245 else log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s router:\n "
246 "%s is not valid for the self option", r->name, s);
248 /* If any router has check_local_user set, default retry_use_local_part
249 TRUE; otherwise its default is FALSE. */
251 if (r->retry_use_local_part == TRUE_UNSET)
252 r->retry_use_local_part = r->check_local_user;
254 /* Build a host list if fallback hosts is set. */
256 host_build_hostlist(&(r->fallback_hostlist), r->fallback_hosts, FALSE);
258 /* Check redirect_router and pass_router are valid */
260 if (r->redirect_router_name != NULL)
261 set_router(r, r->redirect_router_name, &(r->redirect_router), FALSE);
263 if (r->pass_router_name != NULL)
264 set_router(r, r->pass_router_name, &(r->pass_router), TRUE);
270 /*************************************************
271 * Tidy up after routing *
272 *************************************************/
274 /* Routers are entitled to keep hold of certain resources in their instance
275 blocks so as to save setting them up each time. An example is an open file.
276 Such routers must provide a tidyup entry point which is called when all routing
277 is finished, via this function. */
283 for (r = routers; r != NULL; r = r->next)
284 if (r->info->tidyup != NULL) (r->info->tidyup)(r);
289 /*************************************************
290 * Check local part for prefix *
291 *************************************************/
293 /* This function is handed a local part and a list of possible prefixes; if any
294 one matches, return the prefix length. A prefix beginning with '*' is a
298 local_part the local part to check
299 prefixes the list of prefixes
301 Returns: length of matching prefix or zero
305 route_check_prefix(uschar *local_part, uschar *prefixes)
309 uschar *listptr = prefixes;
312 while ((prefix = string_nextinlist(&listptr, &sep, prebuf, sizeof(prebuf)))
315 int plen = Ustrlen(prefix);
316 if (prefix[0] == '*')
320 for (p = local_part + Ustrlen(local_part) - (--plen);
321 p >= local_part; p--)
322 if (strncmpic(prefix, p, plen) == 0) return plen + p - local_part;
325 if (strncmpic(prefix, local_part, plen) == 0) return plen;
333 /*************************************************
334 * Check local part for suffix *
335 *************************************************/
337 /* This function is handed a local part and a list of possible suffixes;
338 if any one matches, return the suffix length. A suffix ending with '*'
342 local_part the local part to check
343 suffixes the list of suffixes
345 Returns: length of matching suffix or zero
349 route_check_suffix(uschar *local_part, uschar *suffixes)
352 int alen = Ustrlen(local_part);
354 uschar *listptr = suffixes;
357 while ((suffix = string_nextinlist(&listptr, &sep, sufbuf, sizeof(sufbuf)))
360 int slen = Ustrlen(suffix);
361 if (suffix[slen-1] == '*')
364 pend = local_part + alen - (--slen) + 1;
365 for (p = local_part; p < pend; p++)
366 if (strncmpic(suffix, p, slen) == 0) return alen - (p - local_part);
369 if (alen > slen && strncmpic(suffix, local_part + alen - slen, slen) == 0)
379 /*************************************************
380 * Check local part, domain, or sender *
381 *************************************************/
383 /* The checks in check_router_conditions() require similar code, so we use
384 this function to save repetition.
387 rname router name for error messages
388 type type of check, for error message
389 list domains, local_parts, or senders list
390 anchorptr -> tree for possibly cached items (domains)
391 cache_bits cached bits pointer
392 listtype MCL_DOMAIN for domain check
393 MCL_LOCALPART for local part check
394 MCL_ADDRESS for sender check
395 domloc current domain, current local part, or NULL for sender check
396 ldata where to put lookup data
397 caseless passed on to match_isinlist()
398 perror where to put an error message
400 Returns: OK item is in list
401 SKIP item is not in list, router is to be skipped
402 DEFER lookup or other defer
406 route_check_dls(uschar *rname, uschar *type, uschar *list, tree_node
407 **anchorptr, unsigned int *cache_bits, int listtype, uschar *domloc,
408 uschar **ldata, BOOL caseless, uschar **perror)
412 if (list == NULL) return OK; /* Empty list always succeeds */
414 DEBUG(D_route) debug_printf("checking %s\n", type);
416 /* The domain and local part use the same matching function, whereas sender
421 rc = match_isinlist(domloc, &list, 0, anchorptr, cache_bits, listtype,
426 uschar *address = (sender_address == NULL)? US"" : sender_address;
427 rc = match_address_list(address, TRUE, TRUE, &list, cache_bits, -1, 0,
437 *perror = string_sprintf("%s router skipped: %s mismatch", rname, type);
438 DEBUG(D_route) debug_printf("%s\n", *perror);
441 default: /* Paranoia, and keeps compilers happy */
443 *perror = string_sprintf("%s check lookup or other defer", type);
444 DEBUG(D_route) debug_printf("%s\n", *perror);
451 /*************************************************
452 * Check access by a given uid/gid *
453 *************************************************/
455 /* This function checks whether a given uid/gid has access to a given file or
456 directory. It is called only from check_files() below. This is hopefully a
457 cheapish check that does the job most of the time. Exim does *not* rely on this
458 test when actually accessing any file. The test is used when routing to make it
459 possible to take actions such as "if user x can access file y then run this
462 During routing, Exim is normally running as root, and so the test will work
463 except for NFS non-root mounts. When verifying during message reception, Exim
464 is running as "exim", so the test may not work. This is a limitation of the
467 Code in check_files() below detects the case when it cannot stat() the file (as
468 root), and in that situation it uses a setuid subprocess in which to run this
472 path the path to check
475 bits the bits required in the final component
478 FALSE errno=EACCES or ENOENT (or others from realpath or stat)
482 route_check_access(uschar *path, uid_t uid, gid_t gid, int bits)
486 uschar *rp = US realpath(CS path, CS big_buffer);
489 DEBUG(D_route) debug_printf("route_check_access(%s,%d,%d,%o)\n", path,
490 (int)uid, (int)gid, bits);
492 if (rp == NULL) return FALSE;
494 while ((slash = Ustrchr(sp, '/')) != NULL)
497 DEBUG(D_route) debug_printf("stat %s\n", rp);
498 if (Ustat(rp, &statbuf) < 0) return FALSE;
499 if ((statbuf.st_mode &
500 ((statbuf.st_uid == uid)? 0100 : (statbuf.st_gid == gid)? 0010 : 001)
510 /* Down to the final component */
512 DEBUG(D_route) debug_printf("stat %s\n", rp);
514 if (Ustat(rp, &statbuf) < 0) return FALSE;
516 if (statbuf.st_uid == uid) bits = bits << 6;
517 else if (statbuf.st_gid == gid) bits = bits << 3;
518 if ((statbuf.st_mode & bits) != bits)
524 DEBUG(D_route) debug_printf("route_check_access() succeeded\n");
530 /*************************************************
531 * Do file existence tests *
532 *************************************************/
534 /* This function is given a colon-separated list of file tests, each of which
535 is expanded before use. A test consists of a file name, optionally preceded by
536 ! (require non-existence) and/or + for handling permission denied (+ means
537 treat as non-existing).
539 An item that contains no slashes is interpreted as a username or id, with an
540 optional group id, for checking access to the file. This cannot be done
541 "perfectly", but it is good enough for a number of applications.
544 s a colon-separated list of file tests or NULL
545 perror a pointer to an anchor for an error text in the case of a DEFER
547 Returns: OK if s == NULL or all tests are as required
548 DEFER if the existence of at least one of the files is
549 unclear (an error other than non-existence occurred);
550 DEFER if an expansion failed
551 DEFER if a name is not absolute
552 DEFER if problems with user/group
557 check_files(uschar *s, uschar **perror)
559 int sep = 0; /* List has default separators */
560 uid_t uid = 0; /* For picky compilers */
561 gid_t gid = 0; /* For picky compilers */
562 BOOL ugid_set = FALSE;
563 uschar *check, *listptr;
566 if (s == NULL) return OK;
568 DEBUG(D_route) debug_printf("checking require_files\n");
571 while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))
578 uschar *ss = expand_string(check);
582 if (expand_string_forcedfail) continue;
583 *perror = string_sprintf("failed to expand \"%s\" for require_files: %s",
584 check, expand_string_message);
588 /* Empty items are just skipped */
590 if (*ss == 0) continue;
592 /* If there are no slashes in the string, we have a user name or uid, with
593 optional group/gid. */
595 if (Ustrchr(ss, '/') == NULL)
599 uschar *comma = Ustrchr(ss, ',');
601 /* If there's a comma, temporarily terminate the user name/number
602 at that point. Then set the uid. */
604 if (comma != NULL) *comma = 0;
605 ok = route_finduser(ss, &pw, &uid);
606 if (comma != NULL) *comma = ',';
610 *perror = string_sprintf("user \"%s\" for require_files not found", ss);
614 /* If there was no comma, the gid is that associated with the user. */
618 if (pw != NULL) gid = pw->pw_gid; else
620 *perror = string_sprintf("group missing after numerical uid %d for "
621 "require_files", (int)uid);
627 if (!route_findgroup(comma + 1, &gid))
629 *perror = string_sprintf("group \"%s\" for require_files not found\n",
635 /* Note that we have values set, and proceed to next item */
638 debug_printf("check subsequent files for access by %s\n", ss);
643 /* Path, possibly preceded by + and ! */
648 while (isspace((*(++ss))));
654 while (isspace((*(++ss))));
659 *perror = string_sprintf("require_files: \"%s\" is not absolute", ss);
663 /* Stat the file, either as root (while routing) or as exim (while verifying
664 during message reception). */
666 rc = Ustat(ss, &statbuf);
670 debug_printf("file check: %s\n", check);
671 if (ss != check) debug_printf("expanded file: %s\n", ss);
672 debug_printf("stat() yielded %d\n", rc);
675 /* If permission is denied, and we are running as root (i.e. routing for
676 delivery rather than verifying), and the requirement is to test for access by
677 a particular uid/gid, it must mean that the file is on a non-root-mounted NFS
678 system. In this case, we have to use a subprocess that runs as the relevant
679 uid in order to do the test. */
681 if (rc != 0 && errno == EACCES && ugid_set && getuid() == root_uid)
685 void (*oldsignal)(int);
687 DEBUG(D_route) debug_printf("root is denied access: forking to check "
690 /* Before forking, ensure that SIGCHLD is set to SIG_DFL before forking, so
691 that the child process can be waited for, just in case get here with it set
692 otherwise. Save the old state for resetting on the wait. */
694 oldsignal = signal(SIGCHLD, SIG_DFL);
697 /* If fork() fails, reinstate the original error and behave as if
698 this block of code were not present. This is the same behavious as happens
699 when Exim is not running as root at this point. */
704 debug_printf("require_files: fork failed: %s\n", strerror(errno));
709 /* In the child process, change uid and gid, and then do the check using
710 the route_check_access() function. This does more than just stat the file;
711 it tests permissions as well. Return 0 for OK and 1 for failure. */
715 exim_setugid(uid, gid, TRUE,
716 string_sprintf("require_files check, file=%s", ss));
717 if (route_check_access(ss, uid, gid, 4)) _exit(0);
718 DEBUG(D_route) debug_printf("route_check_access() failed\n");
722 /* In the parent, wait for the child to finish */
724 while (waitpid(pid, &status, 0) < 0)
726 if (errno != EINTR) /* unexpected error, interpret as failure */
733 signal(SIGCHLD, oldsignal); /* restore */
734 if ((status == 0) == invert) return SKIP;
735 continue; /* to test the next file */
738 /* Control reaches here if the initial stat() succeeds, or fails with an
739 error other than EACCES, or no uid/gid is set, or we are not running as root.
740 If we know the file exists and uid/gid are set, try to check read access for
741 that uid/gid as best we can. */
743 if (rc == 0 && ugid_set && !route_check_access(ss, uid, gid, 4))
745 DEBUG(D_route) debug_printf("route_check_access() failed\n");
749 /* Handle error returns from stat() or route_check_access(). The EACESS error
750 is handled specially. At present, we can force it to be treated as
751 non-existence. Write the code so that it will be easy to add forcing for
752 existence if required later. */
757 DEBUG(D_route) debug_printf("errno = %d\n", errno);
760 if (eacces_code == 1)
762 DEBUG(D_route) debug_printf("EACCES => ENOENT\n");
763 errno = ENOENT; /* Treat as non-existent */
768 *perror = string_sprintf("require_files: error for %s: %s", ss,
774 /* At this point, rc < 0 => non-existence; rc >= 0 => existence */
776 if ((rc >= 0) == invert) return SKIP;
781 /* Come here on any of the errors that return DEFER. */
784 DEBUG(D_route) debug_printf("%s\n", *perror);
792 /*************************************************
793 * Check for router skipping *
794 *************************************************/
796 /* This function performs various checks to see whether a router should be
797 skipped. The order in which they are performed is important.
800 r pointer to router instance block
801 addr address that is being handled
802 verify the verification type
803 pw ptr to ptr to passwd structure for local user
804 perror for lookup errors
806 Returns: OK if all the tests succeed
807 SKIP if router is to be skipped
808 DEFER for a lookup defer
809 FAIL for address to be failed
813 check_router_conditions(router_instance *r, address_item *addr, int verify,
814 struct passwd **pw, uschar **perror)
817 uschar *check_local_part;
819 /* Reset variables to hold a home directory and data from lookup of a domain or
820 local part, and ensure search_find_defer is unset, in case there aren't any
824 deliver_domain_data = NULL;
825 deliver_localpart_data = NULL;
827 local_user_gid = (gid_t)(-1);
828 local_user_uid = (uid_t)(-1);
829 search_find_defer = FALSE;
831 /* Skip this router if not verifying and it has verify_only set */
833 if ((verify == v_none || verify == v_expn) && r->verify_only)
835 DEBUG(D_route) debug_printf("%s router skipped: verify_only set\n", r->name);
839 /* Skip this router if testing an address (-bt) and address_test is not set */
841 if (address_test_mode && !r->address_test)
843 DEBUG(D_route) debug_printf("%s router skipped: address_test is unset\n",
848 /* Skip this router if verifying and it hasn't got the appropriate verify flag
851 if ((verify == v_sender && !r->verify_sender) ||
852 (verify == v_recipient && !r->verify_recipient))
854 DEBUG(D_route) debug_printf("%s router skipped: verify %d %d %d\n",
855 r->name, verify, r->verify_sender, r->verify_recipient);
859 /* Skip this router if processing EXPN and it doesn't have expn set */
861 if (verify == v_expn && !r->expn)
863 DEBUG(D_route) debug_printf("%s router skipped: no_expn set\n", r->name);
867 /* Skip this router if there's a domain mismatch. */
869 if ((rc = route_check_dls(r->name, US"domains", r->domains, &domainlist_anchor,
870 addr->domain_cache, TRUE, addr->domain, &deliver_domain_data, MCL_DOMAIN,
874 /* Skip this router if there's a local part mismatch. We want to pass over the
875 caseful local part, so that +caseful can restore it, even if this router is
876 handling local parts caselessly. However, we can't just pass cc_local_part,
877 because that doesn't have the prefix or suffix stripped. A bit of massaging is
880 if (addr->prefix == NULL && addr->suffix == NULL)
881 check_local_part = addr->cc_local_part;
884 check_local_part = string_copy(addr->cc_local_part);
885 if (addr->prefix != NULL)
886 check_local_part += Ustrlen(addr->prefix);
887 if (addr->suffix != NULL)
888 check_local_part[Ustrlen(check_local_part) - Ustrlen(addr->suffix)] = 0;
891 if ((rc = route_check_dls(r->name, US"local_parts", r->local_parts,
892 &localpartlist_anchor, addr->localpart_cache, MCL_LOCALPART,
893 check_local_part, &deliver_localpart_data, !r->caseful_local_part,
897 /* If the check_local_user option is set, check that the local_part is the
898 login of a local user. Note: the third argument to route_finduser() must be
899 NULL here, to prevent a numeric string being taken as a numeric uid. If the
900 user is found, set deliver_home to the home directory, and also set
901 local_user_{uid,gid}. */
903 if (r->check_local_user)
905 DEBUG(D_route) debug_printf("checking for local user\n");
906 if (!route_finduser(addr->local_part, pw, NULL))
908 DEBUG(D_route) debug_printf("%s router skipped: %s is not a local user\n",
909 r->name, addr->local_part);
912 deliver_home = string_copy(US (*pw)->pw_dir);
913 local_user_gid = (*pw)->pw_gid;
914 local_user_uid = (*pw)->pw_uid;
917 /* Set (or override in the case of check_local_user) the home directory if
918 router_home_directory is set. This is done here so that it overrides $home from
919 check_local_user before any subsequent expansions are done. Otherwise, $home
920 could mean different things for different options, which would be extremely
923 if (r->router_home_directory != NULL)
925 uschar *router_home = expand_string(r->router_home_directory);
926 if (router_home == NULL)
928 if (!expand_string_forcedfail)
930 *perror = string_sprintf("failed to expand \"%s\" for "
931 "router_home_directory: %s", r->router_home_directory,
932 expand_string_message);
938 setflag(addr, af_home_expanded); /* Note set from router_home_directory */
939 deliver_home = router_home;
943 /* Skip if the sender condition is not met. We leave this one till after the
944 local user check so that $home is set - enabling the possiblity of letting
945 individual recipients specify lists of acceptable/unacceptable senders. */
947 if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
948 sender_address_cache, MCL_ADDRESS, NULL, NULL, FALSE, perror)) != OK)
951 /* This is the point at which we print out the router's debugging string if it
952 is set. We wait till here so as to have $home available for local users (and
953 anyway, we don't want too much stuff for skipped routers). */
955 debug_print_string(r->debug_string);
957 /* Perform file existence tests. */
959 if ((rc = check_files(r->require_files, perror)) != OK)
961 DEBUG(D_route) debug_printf("%s router %s: file check\n", r->name,
962 (rc == SKIP)? "skipped" : "deferred");
966 /* Now the general condition test. */
968 if (r->condition != NULL)
970 DEBUG(D_route) debug_printf("checking \"condition\"\n");
971 if (!expand_check_condition(r->condition, r->name, US"router"))
973 if (search_find_defer)
975 *perror = US"condition check lookup defer";
976 DEBUG(D_route) debug_printf("%s\n", *perror);
980 debug_printf("%s router skipped: condition failure\n", r->name);
985 /* All the checks passed. */
993 /*************************************************
994 * Find a local user *
995 *************************************************/
997 /* Try several times (if configured) to find a local user, in case delays in
998 NIS or NFS whatever cause an incorrect refusal. It's a pity that getpwnam()
999 doesn't have some kind of indication as to why it has failed. If the string
1000 given consists entirely of digits, and the third argument is not NULL, assume
1001 the string is the numerical value of the uid. Otherwise it is looked up using
1002 getpwnam(). The uid is passed back via return_uid, if not NULL, and the
1003 pointer to a passwd structure, if found, is passed back via pw, if not NULL.
1005 Because this may be called several times in succession for the same user for
1006 different routers, cache the result of the previous getpwnam call so that it
1007 can be re-used. Note that we can't just copy the structure, as the store it
1008 points to can get trashed.
1011 s the login name or textual form of the numerical uid of the user
1012 pw if not NULL, return the result of getpwnam here, or set NULL
1013 if no call to getpwnam is made (s numeric, return_uid != NULL)
1014 return_uid if not NULL, return the uid via this address
1016 Returns: TRUE if s is numerical or was looked up successfully
1020 static struct passwd pwcopy;
1021 static struct passwd *lastpw = NULL;
1022 static uschar lastname[48] = { 0 };
1023 static uschar lastdir[128];
1024 static uschar lastgecos[128];
1025 static uschar lastshell[128];
1028 route_finduser(uschar *s, struct passwd **pw, uid_t *return_uid)
1030 if (Ustrcmp(lastname, s) != 0)
1034 if (return_uid != NULL && (isdigit(*s) || *s == '-') &&
1035 s[Ustrspn(s+1, "0123456789")+1] == 0)
1037 *return_uid = (uid_t)Uatoi(s);
1038 if (pw != NULL) *pw = NULL;
1042 (void)string_format(lastname, sizeof(lastname), "%s", s);
1044 /* Force failure if string length is greater than given maximum */
1046 if (max_username_length > 0 && Ustrlen(lastname) > max_username_length)
1048 DEBUG(D_uid) debug_printf("forced failure of finduser(): string "
1049 "length of %s is greater than %d\n", lastname, max_username_length);
1053 /* Try a few times if so configured; this handles delays in NIS etc. */
1057 if ((lastpw = getpwnam(CS s)) != NULL) break;
1058 if (++i > finduser_retries) break;
1064 pwcopy.pw_uid = lastpw->pw_uid;
1065 pwcopy.pw_gid = lastpw->pw_gid;
1066 (void)string_format(lastdir, sizeof(lastdir), "%s", lastpw->pw_dir);
1067 (void)string_format(lastgecos, sizeof(lastgecos), "%s", lastpw->pw_gecos);
1068 (void)string_format(lastshell, sizeof(lastshell), "%s", lastpw->pw_shell);
1069 pwcopy.pw_name = CS lastname;
1070 pwcopy.pw_dir = CS lastdir;
1071 pwcopy.pw_gecos = CS lastgecos;
1072 pwcopy.pw_shell = CS lastshell;
1078 DEBUG(D_uid) debug_printf("finduser used cached passwd data for %s\n", s);
1081 if (lastpw == NULL) return FALSE;
1083 if (return_uid != NULL) *return_uid = lastpw->pw_uid;
1084 if (pw != NULL) *pw = lastpw;
1092 /*************************************************
1093 * Find a local group *
1094 *************************************************/
1096 /* Try several times (if configured) to find a local group, in case delays in
1097 NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam()
1098 doesn't have some kind of indication as to why it has failed.
1101 s the group namd or textual form of the numerical gid
1102 return_gid return the gid via this address
1104 Returns: TRUE if the group was found; FALSE otherwise
1109 route_findgroup(uschar *s, gid_t *return_gid)
1114 if ((isdigit(*s) || *s == '-') && s[Ustrspn(s+1, "0123456789")+1] == 0)
1116 *return_gid = (gid_t)Uatoi(s);
1122 if ((gr = getgrnam(CS s)) != NULL)
1124 *return_gid = gr->gr_gid;
1127 if (++i > finduser_retries) break;
1137 /*************************************************
1138 * Find user by expanding string *
1139 *************************************************/
1141 /* Expands a string, and then looks up the result in the passwd file.
1144 string the string to be expanded, yielding a login name or a numerical
1145 uid value (to be passed to route_finduser())
1146 driver_name caller name for panic error message (only)
1147 driver_type caller type for panic error message (only)
1148 pw return passwd entry via this pointer
1149 uid return uid via this pointer
1150 errmsg where to point a message on failure
1152 Returns: TRUE if user found, FALSE otherwise
1156 route_find_expanded_user(uschar *string, uschar *driver_name,
1157 uschar *driver_type, struct passwd **pw, uid_t *uid, uschar **errmsg)
1159 uschar *user = expand_string(string);
1163 *errmsg = string_sprintf("Failed to expand user string \"%s\" for the "
1164 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1165 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1169 if (route_finduser(user, pw, uid)) return TRUE;
1171 *errmsg = string_sprintf("Failed to find user \"%s\" from expanded string "
1172 "\"%s\" for the %s %s", user, string, driver_name, driver_type);
1173 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1179 /*************************************************
1180 * Find group by expanding string *
1181 *************************************************/
1183 /* Expands a string and then looks up the result in the group file.
1186 string the string to be expanded, yielding a group name or a numerical
1187 gid value (to be passed to route_findgroup())
1188 driver_name caller name for panic error message (only)
1189 driver_type caller type for panic error message (only)
1190 gid return gid via this pointer
1191 errmsg return error message via this pointer
1193 Returns: TRUE if found group, FALSE otherwise
1197 route_find_expanded_group(uschar *string, uschar *driver_name, uschar *driver_type,
1198 gid_t *gid, uschar **errmsg)
1201 uschar *group = expand_string(string);
1205 *errmsg = string_sprintf("Failed to expand group string \"%s\" for the "
1206 "%s %s: %s", string, driver_name, driver_type, expand_string_message);
1207 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1211 if (!route_findgroup(group, gid))
1213 *errmsg = string_sprintf("Failed to find group \"%s\" from expanded string "
1214 "\"%s\" for the %s %s", group, string, driver_name, driver_type);
1215 log_write(0, LOG_MAIN|LOG_PANIC, "%s", *errmsg);
1224 /*************************************************
1225 * Sort out "more" or "unseen" *
1226 *************************************************/
1228 /* These values are usually fixed boolean values, but they are permitted to be
1232 addr address being routed
1233 rname the router name
1234 oname the option name
1235 bvalue the router's boolean value
1236 svalue the router's string value
1237 rvalue where to put the returned value
1239 Returns: OK value placed in rvalue
1240 DEFER expansion failed
1244 exp_bool(address_item *addr, uschar *rname, uschar *oname, BOOL bvalue,
1245 uschar *svalue, BOOL *rvalue)
1248 if (svalue == NULL) { *rvalue = bvalue; return OK; }
1250 expanded = expand_string(svalue);
1251 if (expanded == NULL)
1253 if (expand_string_forcedfail)
1255 DEBUG(D_route) debug_printf("expansion of \"%s\" forced failure\n", oname);
1259 addr->message = string_sprintf("failed to expand \"%s\" in %s router: %s",
1260 oname, rname, expand_string_message);
1261 DEBUG(D_route) debug_printf("%s\n", addr->message);
1265 DEBUG(D_route) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
1268 if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
1270 else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
1274 addr->message = string_sprintf("\"%s\" is not a valid value for the "
1275 "\"%s\" option in the %s router", expanded, oname, rname);
1285 /*************************************************
1286 * Handle an unseen routing *
1287 *************************************************/
1289 /* This function is called when an address is routed by a router with "unseen"
1290 set. It must make a clone of the address, for handling by subsequent drivers.
1291 The clone is set to start routing at the next router.
1293 The original address must be replaced by an invented "parent" which has the
1294 routed address plus the clone as its children. This is necessary in case the
1295 address is at the top level - we don't want to mark it complete until both
1296 deliveries have been done.
1298 A new unique field must be made, so that the record of the delivery isn't a
1299 record of the original address, and checking for already delivered has
1300 therefore to be done here. If the delivery has happened, then take the base
1301 address off whichever delivery queue it is on - it will always be the top item.
1305 addr address that was routed
1306 paddr_local chain of local-delivery addresses
1307 paddr_remote chain of remote-delivery addresses
1308 addr_new chain for newly created addresses
1314 route_unseen(uschar *name, address_item *addr, address_item **paddr_local,
1315 address_item **paddr_remote, address_item **addr_new)
1317 address_item *parent = deliver_make_addr(addr->address, TRUE);
1318 address_item *new = deliver_make_addr(addr->address, TRUE);
1320 /* The invented parent is a copy that replaces the original; note that
1321 this copies its parent pointer. It has two children, and its errors_address is
1322 from the original address' parent, if present, otherwise unset. */
1325 parent->child_count = 2;
1326 parent->p.errors_address =
1327 (addr->parent == NULL)? NULL : addr->parent->p.errors_address;
1329 /* The routed address gets a new parent. */
1331 addr->parent = parent;
1333 /* The clone has this parent too. Set its errors address from the parent. This
1334 was set from the original parent (or to NULL) - see above. We do NOT want to
1335 take the errors address from the unseen router. */
1337 new->parent = parent;
1338 new->p.errors_address = parent->p.errors_address;
1340 /* Copy the propagated flags and address_data from the original. */
1342 copyflag(new, addr, af_propagate);
1343 new->p.address_data = addr->p.address_data;
1346 /* As it has turned out, we haven't set headers_add or headers_remove for the
1347 * clone. Thinking about it, it isn't entirely clear whether they should be
1348 * copied from the original parent, like errors_address, or taken from the
1349 * unseen router, like address_data and the flags. Until somebody brings this
1350 * up, I propose to leave the code as it is.
1354 /* Set the cloned address to start at the next router, and put it onto the
1355 chain of new addresses. */
1357 new->start_router = addr->router->next;
1358 new->next = *addr_new;
1361 DEBUG(D_route) debug_printf("\"unseen\" set: replicated %s\n", addr->address);
1363 /* Make a new unique field, to distinguish from the normal one. */
1365 addr->unique = string_sprintf("%s/%s", addr->unique, name);
1367 /* If the address has been routed to a transport, see if it was previously
1368 delivered. If so, we take it off the relevant queue so that it isn't delivered
1369 again. Otherwise, it was an alias or something, and the addresses it generated
1370 are handled in the normal way. */
1372 if (addr->transport != NULL &&
1373 tree_search(tree_nonrecipients, addr->unique) != NULL)
1376 debug_printf("\"unseen\" delivery previously done - discarded\n");
1377 parent->child_count--;
1378 if (*paddr_remote == addr) *paddr_remote = addr->next;
1379 if (*paddr_local == addr) *paddr_local = addr->next;
1385 /*************************************************
1386 * Route one address *
1387 *************************************************/
1389 /* This function is passed in one address item, for processing by the routers.
1390 The verify flag is set if this is being called for verification rather than
1391 delivery. If the router doesn't have its "verify" flag set, it is skipped.
1394 addr address to route
1395 paddr_local chain of local-delivery addresses
1396 paddr_remote chain of remote-delivery addresses
1397 addr_new chain for newly created addresses
1398 addr_succeed chain for completed addresses
1399 verify v_none if not verifying
1400 v_sender if verifying a sender address
1401 v_recipient if verifying a recipient address
1402 v_expn if processing an EXPN address
1404 Returns: OK => address successfully routed
1405 DISCARD => address was discarded
1406 FAIL => address could not be routed
1407 DEFER => some temporary problem
1408 ERROR => some major internal or configuration failure
1412 route_address(address_item *addr, address_item **paddr_local,
1413 address_item **paddr_remote, address_item **addr_new,
1414 address_item **addr_succeed, int verify)
1418 router_instance *r, *nextr;
1419 uschar *old_domain = addr->domain;
1423 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1424 debug_printf("routing %s\n", addr->address);
1427 /* Loop through all router instances until a router succeeds, fails, defers, or
1428 encounters an error. If the address has start_router set, we begin from there
1429 instead of at the first router. */
1431 for (r = (addr->start_router == NULL)? routers : addr->start_router;
1432 r != NULL; r = nextr)
1435 struct passwd *pw = NULL;
1436 struct passwd pwcopy;
1437 address_item *parent;
1438 BOOL loop_detected = FALSE;
1443 DEBUG(D_route) debug_printf("--------> %s router <--------\n", r->name);
1445 /* Reset any search error message from the previous router. */
1447 search_error_message = NULL;
1449 /* There are some weird cases where logging is disabled */
1451 disable_logging = r->disable_logging;
1453 /* Record the last router to handle the address, and set the default
1459 /* Loop protection: If this address has an ancestor with the same address,
1460 and that ancestor was routed by this router, we skip this router. This
1461 prevents a variety of looping states when a new address is created by
1462 redirection or by the use of "unseen" on a router.
1464 If no_repeat_use is set on the router, we skip if _any_ ancestor was routed
1465 by this router, even if it was different to the current address.
1467 Just in case someone does put it into a loop (possible with redirection
1468 continally adding to an address, for example), put a long stop counter on
1469 the number of parents. */
1471 for (parent = addr->parent; parent != NULL; parent = parent->parent)
1473 if (parent->router == r)
1475 BOOL break_loop = !r->repeat_use;
1477 /* When repeat_use is set, first check the active addresses caselessly.
1478 If they match, we have to do a further caseful check of the local parts
1479 when caseful_local_part is set. This is assumed to be rare, which is why
1480 the code is written this way. */
1484 break_loop = strcmpic(parent->address, addr->address) == 0;
1485 if (break_loop && r->caseful_local_part)
1486 break_loop = Ustrncmp(parent->address, addr->address,
1487 Ustrrchr(addr->address, '@') - addr->address) == 0;
1492 DEBUG(D_route) debug_printf("%s router skipped: previously routed %s\n",
1493 r->name, parent->address);
1494 loop_detected = TRUE;
1499 /* Continue with parents, limiting the size of the dynasty. */
1501 if (loopcount++ > 100)
1503 log_write(0, LOG_MAIN|LOG_PANIC, "routing loop for %s", addr->address);
1509 if (loop_detected) continue;
1511 /* Default no affixes and select whether to use a caseful or caseless local
1512 part in this router. */
1514 addr->prefix = addr->suffix = NULL;
1515 addr->local_part = r->caseful_local_part?
1516 addr->cc_local_part : addr->lc_local_part;
1518 DEBUG(D_route) debug_printf("local_part=%s domain=%s\n", addr->local_part,
1521 /* Handle any configured prefix by replacing the local_part address,
1522 and setting the prefix. Skip the router if the prefix doesn't match,
1523 unless the prefix is optional. */
1525 if (r->prefix != NULL)
1527 int plen = route_check_prefix(addr->local_part, r->prefix);
1530 addr->prefix = string_copyn(addr->local_part, plen);
1531 addr->local_part += plen;
1532 DEBUG(D_route) debug_printf("stripped prefix %s\n", addr->prefix);
1534 else if (!r->prefix_optional)
1536 DEBUG(D_route) debug_printf("%s router skipped: prefix mismatch\n",
1542 /* Handle any configured suffix likewise. */
1544 if (r->suffix != NULL)
1546 int slen = route_check_suffix(addr->local_part, r->suffix);
1549 int lplen = Ustrlen(addr->local_part) - slen;
1550 addr->suffix = addr->local_part + lplen;
1551 addr->local_part = string_copyn(addr->local_part, lplen);
1552 DEBUG(D_route) debug_printf("stripped suffix %s\n", addr->suffix);
1554 else if (!r->suffix_optional)
1556 DEBUG(D_route) debug_printf("%s router skipped: suffix mismatch\n",
1562 /* Set the expansion variables now that we have the affixes and the case of
1563 the local part sorted. */
1565 deliver_set_expansions(addr);
1567 /* For convenience, the pre-router checks are in a separate function, which
1568 returns OK, SKIP, FAIL, or DEFER. */
1570 if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
1572 if (rc == SKIP) continue;
1573 addr->message = error;
1578 /* All pre-conditions have been met. Reset any search error message from
1579 pre-condition tests. These can arise in negated tests where the failure of
1580 the lookup leads to a TRUE pre-condition. */
1582 search_error_message = NULL;
1584 /* Finally, expand the address_data field in the router. Forced failure
1585 behaves as if the router declined. Any other failure is more serious. On
1586 success, the string is attached to the address for all subsequent processing.
1589 if (r->address_data != NULL)
1591 DEBUG(D_route) debug_printf("processing address_data\n");
1592 deliver_address_data = expand_string(r->address_data);
1593 if (deliver_address_data == NULL)
1595 if (expand_string_forcedfail)
1597 DEBUG(D_route) debug_printf("forced failure in expansion of \"%s\" "
1598 "(address_data): decline action taken\n", r->address_data);
1600 /* Expand "more" if necessary; DEFER => an expansion failed */
1602 yield = exp_bool(addr, r->name, US"more", r->more, r->expand_more,
1604 if (yield != OK) goto ROUTE_EXIT;
1609 debug_printf("\"more\"=false: skipping remaining routers\n");
1613 else continue; /* With next router */
1618 addr->message = string_sprintf("expansion of \"%s\" failed "
1619 "in %s router: %s", r->address_data, r->name, expand_string_message);
1624 addr->p.address_data = deliver_address_data;
1627 /* We are finally cleared for take-off with this router. Clear the the flag
1628 that records that a local host was removed from a routed host list. Make a
1629 copy of relevant fields in the password information from check_local_user,
1630 because it will be overwritten if check_local_user is invoked again while
1631 verifying an errors_address setting. */
1633 clearflag(addr, af_local_host_removed);
1637 pwcopy.pw_name = CS string_copy(US pw->pw_name);
1638 pwcopy.pw_uid = pw->pw_uid;
1639 pwcopy.pw_gid = pw->pw_gid;
1640 pwcopy.pw_gecos = CS string_copy(US pw->pw_gecos);
1641 pwcopy.pw_dir = CS string_copy(US pw->pw_dir);
1642 pwcopy.pw_shell = CS string_copy(US pw->pw_shell);
1646 /* Run the router, and handle the consequences. */
1648 HDEBUG(D_route) debug_printf("calling %s router\n", r->name);
1650 yield = (r->info->code)(r, addr, pw, verify != v_none, paddr_local,
1651 paddr_remote, addr_new, addr_succeed);
1655 HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
1659 /* If succeeded while verifying but fail_verify is set, convert into
1660 a failure, and take it off the local or remote delivery list. */
1662 if (((verify == v_sender && r->fail_verify_sender) ||
1663 (verify == v_recipient && r->fail_verify_recipient)) &&
1664 (yield == OK || yield == PASS))
1666 addr->message = string_sprintf("%s router forced verify failure", r->name);
1667 if (*paddr_remote == addr) *paddr_remote = addr->next;
1668 if (*paddr_local == addr) *paddr_local = addr->next;
1673 /* PASS and DECLINE are the only two cases where the loop continues. For all
1674 other returns, we break the loop and handle the result below. */
1676 if (yield != PASS && yield != DECLINE) break;
1680 debug_printf("%s router %s for %s\n", r->name,
1681 (yield == PASS)? "passed" : "declined", addr->address);
1682 if (Ustrcmp(old_domain, addr->domain) != 0)
1683 debug_printf("domain %s rewritten\n", old_domain);
1686 /* PASS always continues to another router; DECLINE does so if "more"
1687 is true. Initialization insists that pass_router is always a following
1688 router. Otherwise, break the loop as if at the end of the routers. */
1692 if (r->pass_router != NULL) nextr = r->pass_router;
1696 /* Expand "more" if necessary */
1698 yield = exp_bool(addr, r->name, US"more", r->more, r->expand_more, &more);
1699 if (yield != OK) goto ROUTE_EXIT;
1704 debug_printf("\"more\" is false: skipping remaining routers\n");
1709 } /* Loop for all routers */
1711 /* On exit from the routers loop, if r == NULL we have run out of routers,
1712 either genuinely, or as a result of no_more. Otherwise, the loop ended
1713 prematurely, either because a router succeeded, or because of some special
1714 router response. Note that FAIL errors and errors detected before actually
1715 running a router go direct to ROUTE_EXIT from code above. */
1719 HDEBUG(D_route) debug_printf("no more routers\n");
1720 if (addr->message == NULL)
1722 uschar *message = US"Unrouteable address";
1723 if (addr->router != NULL && addr->router->cannot_route_message != NULL)
1725 uschar *expmessage = expand_string(addr->router->cannot_route_message);
1726 if (expmessage == NULL)
1728 if (!expand_string_forcedfail)
1729 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
1730 "cannot_route_message in %s router: %s", addr->router->name,
1731 expand_string_message);
1733 else message = expmessage;
1735 addr->user_message = addr->message = message;
1737 addr->router = NULL; /* For logging */
1746 debug_printf("%s router: defer for %s\n", r->name, addr->address);
1747 debug_printf(" message: %s\n", (addr->message == NULL)?
1748 US"<none>" : addr->message);
1753 if (yield == DISCARD) goto ROUTE_EXIT;
1755 /* The yield must be either OK or REROUTED. */
1757 if (yield != OK && yield != REROUTED)
1758 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router returned unknown value %d",
1761 /* If the yield was REROUTED, the router put a child address on the new chain
1762 as a result of a domain change of some sort (widening, typically). */
1764 if (yield == REROUTED)
1766 HDEBUG(D_route) debug_printf("re-routed to %s\n", addr->address);
1771 /* The only remaining possibility is that the router succeeded. If the
1772 translate_ip_address options is set and host addresses were associated with the
1773 address, run them through the translation. This feature is for weird and
1774 wonderful situations (the amateur packet radio people need it) or very broken
1775 networking, so it is included in the binary only if requested. */
1777 #ifdef SUPPORT_TRANSLATE_IP_ADDRESS
1779 if (r->translate_ip_address != NULL)
1782 int old_pool = store_pool;
1784 for (h = addr->host_list; h != NULL; h = h->next)
1787 uschar *oldaddress, *oldname;
1789 if (h->address == NULL) continue;
1791 deliver_host_address = h->address;
1792 newaddress = expand_string(r->translate_ip_address);
1793 deliver_host_address = NULL;
1795 if (newaddress == NULL)
1797 if (expand_string_forcedfail) continue;
1798 addr->basic_errno = ERRNO_EXPANDFAIL;
1799 addr->message = string_sprintf("translate_ip_address expansion "
1800 "failed: %s", expand_string_message);
1805 DEBUG(D_route) debug_printf("%s [%s] translated to %s\n",
1806 h->name, h->address, newaddress);
1807 if (string_is_ip_address(newaddress, NULL))
1809 h->address = newaddress;
1814 oldaddress = h->address;
1815 h->name = newaddress;
1819 store_pool = POOL_PERM;
1820 rc = host_find_byname(h, NULL, NULL, TRUE);
1821 store_pool = old_pool;
1823 if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN)
1825 addr->basic_errno = ERRNO_UNKNOWNHOST;
1826 addr->message = string_sprintf("host %s not found when "
1827 "translating %s [%s]", h->name, oldname, oldaddress);
1833 #endif /* SUPPORT_TRANSLATE_IP_ADDRESS */
1835 /* See if this is an unseen routing; first expand the option if necessary.
1836 DEFER can be given if the expansion fails */
1838 yield = exp_bool(addr, r->name, US"unseen", r->unseen, r->expand_unseen,
1840 if (yield != OK) goto ROUTE_EXIT;
1844 /* Debugging output recording a successful routing */
1848 debug_printf("routed by %s router%s\n", r->name,
1849 unseen? " (unseen)" : "");
1856 debug_printf(" envelope to: %s\n", addr->address);
1857 debug_printf(" transport: %s\n", (addr->transport == NULL)?
1858 US"<none>" : addr->transport->name);
1860 if (addr->p.errors_address != NULL)
1861 debug_printf(" errors to %s\n", addr->p.errors_address);
1863 for (h = addr->host_list; h != NULL; h = h->next)
1865 debug_printf(" host %s", h->name);
1866 if (h->address != NULL) debug_printf(" [%s]", h->address);
1867 if (h->mx >= 0) debug_printf(" MX=%d", h->mx);
1868 else if (h->mx != MX_NONE) debug_printf(" rgroup=%d", h->mx);
1869 if (h->port != PORT_NONE) debug_printf(" port=%d", h->port);
1874 /* Clear any temporary error message set by a router that declined, and handle
1875 the "unseen" option (ignore if there are no further routers). */
1877 addr->message = NULL;
1878 if (unseen && r->next != NULL)
1879 route_unseen(r->name, addr, paddr_local, paddr_remote, addr_new);
1881 /* Unset the address expansions, and return the final result. */
1884 deliver_set_expansions(NULL);
1885 disable_logging = FALSE;
1889 /* End of route.c */