* RFC 2033 - Local Mail Transfer Protocol
* RFC 2034 - SMTP Service Extension for Returning Enhanced Error Codes
* RFC 2197 - SMTP Service Extension for Command Pipelining
+ * RFC 2476 - Message Submission
* RFC 2487 - SMTP Service Extension for Secure SMTP over TLS
* RFC 2554 - SMTP Service Extension for Authentication
* RFC 2821 - Simple Mail Transfer Protocol
#include <pwd.h>
#include <errno.h>
#include <sys/types.h>
+#include <syslog.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
#include "domain.h"
#include "clientsocket.h"
#include "locate_host.h"
+#include "citadel_dirs.h"
#ifdef HAVE_OPENSSL
#include "serv_crypto.h"
int delivery_mode;
int message_originated_locally;
int is_lmtp;
+ int is_unfiltered;
int is_msa;
};
enum { /* Command states for login authentication */
smtp_command,
smtp_user,
- smtp_password
+ smtp_password,
+ smtp_plain
};
enum { /* Delivery modes */
}
+/*
+ * We also have an unfiltered LMTP socket that bypasses spam filters.
+ */
+void lmtp_unfiltered_greeting(void) {
+ smtp_greeting();
+ SMTP->is_lmtp = 1;
+ SMTP->is_unfiltered = 1;
+}
+
+
/*
* Login greeting common to all auth methods
*/
char username[SIZ];
CtdlDecodeBase64(username, argbuf, SIZ);
- lprintf(CTDL_DEBUG, "Trying <%s>\n", username);
+ /* lprintf(CTDL_DEBUG, "Trying <%s>\n", username); */
if (CtdlLoginExistingUser(username) == login_ok) {
CtdlEncodeBase64(buf, "Password:", 9);
cprintf("334 %s\r\n", buf);
char password[SIZ];
CtdlDecodeBase64(password, argbuf, SIZ);
- lprintf(CTDL_DEBUG, "Trying <%s>\n", password);
+ /* lprintf(CTDL_DEBUG, "Trying <%s>\n", password); */
if (CtdlTryPassword(password) == pass_ok) {
smtp_auth_greeting();
}
/*
- *
+ * Back end for PLAIN auth method (either inline or multistate)
*/
-void smtp_auth(char *argbuf) {
- char username_prompt[64];
- char method[64];
- char encoded_authstring[1024];
+void smtp_try_plain(char *encoded_authstring) {
char decoded_authstring[1024];
char ident[256];
char user[256];
char pass[256];
+ CtdlDecodeBase64(decoded_authstring,
+ encoded_authstring,
+ strlen(encoded_authstring) );
+ safestrncpy(ident, decoded_authstring, sizeof ident);
+ safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
+ safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+
+ SMTP->command_state = smtp_command;
+ if (CtdlLoginExistingUser(user) == login_ok) {
+ if (CtdlTryPassword(pass) == pass_ok) {
+ smtp_auth_greeting();
+ return;
+ }
+ }
+ cprintf("504 5.7.4 Authentication failed.\r\n");
+}
+
+
+/*
+ * Attempt to perform authenticated SMTP
+ */
+void smtp_auth(char *argbuf) {
+ char username_prompt[64];
+ char method[64];
+ char encoded_authstring[1024];
+
if (CC->logged_in) {
cprintf("504 5.7.4 Already logged in.\r\n");
return;
}
if (!strncasecmp(method, "plain", 5) ) {
- extract_token(encoded_authstring, argbuf, 1, ' ', sizeof encoded_authstring);
- CtdlDecodeBase64(decoded_authstring,
- encoded_authstring,
- strlen(encoded_authstring) );
- safestrncpy(ident, decoded_authstring, sizeof ident);
- safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
- safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
-
- if (CtdlLoginExistingUser(user) == login_ok) {
- if (CtdlTryPassword(pass) == pass_ok) {
- smtp_auth_greeting();
- return;
- }
+ if (num_tokens(argbuf, ' ') < 2) {
+ cprintf("334 \r\n");
+ SMTP->command_state = smtp_plain;
+ return;
}
- cprintf("504 5.7.4 Authentication failed.\r\n");
+
+ extract_token(encoded_authstring, argbuf, 1, ' ', sizeof encoded_authstring);
+
+ smtp_try_plain(encoded_authstring);
+ return;
}
if (strncasecmp(method, "login", 5) ) {
*/
void smtp_rset(int do_response) {
int is_lmtp;
+ int is_unfiltered;
/*
* Our entire SMTP state is discarded when a RSET command is issued,
* we save it for later.
*/
is_lmtp = SMTP->is_lmtp;
+ is_unfiltered = SMTP->is_unfiltered;
memset(SMTP, 0, sizeof(struct citsmtp));
* Reinstate this little piece of information we saved (see above).
*/
SMTP->is_lmtp = is_lmtp;
+ SMTP->is_unfiltered = is_unfiltered;
if (do_response) {
cprintf("250 2.0.0 Zap!\r\n");
* to be the user's Internet e-mail address as Citadel knows it.
*/
if (CC->logged_in) {
- strcpy(SMTP->from, CC->cs_inet_email);
+ safestrncpy(SMTP->from, CC->cs_inet_email, sizeof SMTP->from);
cprintf("250 2.1.0 Sender ok <%s>\r\n", SMTP->from);
SMTP->message_originated_locally = 1;
return;
}
/* Otherwise, make sure outsiders aren't trying to forge mail from
- * this system.
+ * this system (unless, of course, c_allow_spoofing is enabled)
*/
- else {
+ else if (config.c_allow_spoofing == 0) {
process_rfc822_addr(SMTP->from, user, node, name);
if (CtdlHostAlias(node) != hostalias_nomatch) {
- cprintf("550 5.1.8 "
+ cprintf("550 5.7.1 "
"You must log in to send mail from %s\r\n",
node);
strcpy(SMTP->from, "");
}
valid = validate_recipients(recp);
- if (valid->num_error > 0) {
+ if (valid->num_error != 0) {
cprintf("599 5.1.1 Error: %s\r\n", valid->errormsg);
free(valid);
return;
void smtp_data(void) {
char *body;
struct CtdlMessage *msg;
- long msgnum;
+ long msgnum = (-1L);
char nowstamp[SIZ];
struct recptypes *valid;
int scan_errors;
* submission (such as virus checkers or spam filters), call them now
* and give them an opportunity to reject the message.
*/
- scan_errors = PerformMessageHooks(msg, EVT_SMTPSCAN);
+ if (SMTP->is_unfiltered) {
+ scan_errors = 0;
+ }
+ else {
+ scan_errors = PerformMessageHooks(msg, EVT_SMTPSCAN);
+ }
if (scan_errors > 0) { /* We don't want this message! */
cprintf("%s", result);
}
+ /* Write something to the syslog (which may or may not be where the
+ * rest of the Citadel logs are going; some sysadmins want LOG_MAIL).
+ */
+ if (enable_syslog) {
+ syslog((LOG_MAIL | LOG_INFO),
+ "%ld: from=<%s>, nrcpts=%d, relay=%s [%s], stat=%s",
+ msgnum,
+ SMTP->from,
+ SMTP->number_of_recipients,
+ CC->cs_host,
+ CC->cs_addr,
+ result
+ );
+ }
+
+ /* Clean up */
CtdlFreeMessage(msg);
free(valid);
smtp_data_clear(); /* clear out the buffers now */
time(&CC->lastcmd);
memset(cmdbuf, 0, sizeof cmdbuf); /* Clear it, just in case */
if (client_getln(cmdbuf, sizeof cmdbuf) < 1) {
- lprintf(CTDL_CRIT, "SMTP socket is broken. Ending session.\n");
+ lprintf(CTDL_CRIT, "Client disconnected: ending session.\n");
CC->kill_me = 1;
return;
}
smtp_get_pass(cmdbuf);
}
+ else if (SMTP->command_state == smtp_plain) {
+ smtp_try_plain(cmdbuf);
+ }
+
else if (!strncasecmp(cmdbuf, "AUTH", 4)) {
smtp_auth(&cmdbuf[5]);
}
int num_mxhosts;
int mx;
int i;
- char user[SIZ], node[SIZ], name[SIZ];
+ char user[1024], node[1024], name[1024];
char buf[1024];
char mailfrom[1024];
+ char mx_user[256];
+ char mx_pass[256];
+ char mx_host[256];
+ char mx_port[256];
int lp, rp;
char *msgtext;
char *ptr;
CC->redirect_buffer = malloc(SIZ);
CC->redirect_len = 0;
CC->redirect_alloc = SIZ;
- CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1);
+ CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL);
msgtext = CC->redirect_buffer;
msg_size = CC->redirect_len;
CC->redirect_buffer = NULL;
}
} while (scan_done == 0);
if (strlen(mailfrom)==0) strcpy(mailfrom, "someone@somewhere.org");
+ stripallbut(mailfrom, '<', '>');
/* Figure out what mail exchanger host we have to connect to */
num_mxhosts = getmx(mxhosts, node);
sock = (-1);
for (mx=0; (mx<num_mxhosts && sock < 0); ++mx) {
extract_token(buf, mxhosts, mx, '|', sizeof buf);
- lprintf(CTDL_DEBUG, "Trying <%s>\n", buf);
- sock = sock_connect(buf, "25", "tcp");
+ strcpy(mx_user, "");
+ strcpy(mx_pass, "");
+ if (num_tokens(buf, '@') > 1) {
+ extract_token(mx_user, buf, 0, '@', sizeof mx_user);
+ if (num_tokens(mx_user, ':') > 1) {
+ extract_token(mx_pass, mx_user, 1, ':', sizeof mx_pass);
+ remove_token(mx_user, 1, ':');
+ }
+ remove_token(buf, 0, '@');
+ }
+ extract_token(mx_host, buf, 0, ':', sizeof mx_host);
+ extract_token(mx_port, buf, 1, ':', sizeof mx_port);
+ if (!mx_port[0]) {
+ strcpy(mx_port, "25");
+ }
+ lprintf(CTDL_DEBUG, "FIXME user<%s> pass<%s> host<%s> port<%s>\n",
+ mx_user, mx_pass, mx_host, mx_port);
+ lprintf(CTDL_DEBUG, "Trying %s : %s ...\n", mx_host, mx_port);
+ sock = sock_connect(mx_host, mx_port, "tcp");
snprintf(dsn, SIZ, "Could not connect: %s", strerror(errno));
if (sock >= 0) lprintf(CTDL_DEBUG, "Connected!\n");
if (sock < 0) snprintf(dsn, SIZ, "%s", strerror(errno));
/* At this point we know we are talking to a real SMTP server */
- /* Do a HELO command */
- snprintf(buf, sizeof buf, "HELO %s\r\n", config.c_fqdn);
+ /* Do a EHLO command. If it fails, try the HELO command. */
+ snprintf(buf, sizeof buf, "EHLO %s\r\n", config.c_fqdn);
lprintf(CTDL_DEBUG, ">%s", buf);
sock_write(sock, buf, strlen(buf));
if (ml_sock_gets(sock, buf) < 0) {
goto bail;
}
lprintf(CTDL_DEBUG, "<%s\n", buf);
+ if (buf[0] != '2') {
+ snprintf(buf, sizeof buf, "HELO %s\r\n", config.c_fqdn);
+ lprintf(CTDL_DEBUG, ">%s", buf);
+ sock_write(sock, buf, strlen(buf));
+ if (ml_sock_gets(sock, buf) < 0) {
+ *status = 4;
+ strcpy(dsn, "Connection broken during SMTP HELO");
+ goto bail;
+ }
+ }
if (buf[0] != '2') {
if (buf[0] == '4') {
*status = 4;
}
}
- /* HELO succeeded, now try the MAIL From: command */
+ /* Do an AUTH command if necessary */
+ if (strlen(mx_user) > 0) {
+ sprintf(buf, "%s%c%s%c%s%c", mx_user, 0, mx_user, 0, mx_pass, 0);
+ CtdlEncodeBase64(mailfrom, buf, strlen(mx_user) + strlen(mx_user) + strlen(mx_pass) + 3);
+ snprintf(buf, sizeof buf, "AUTH PLAIN %s\r\n", mailfrom);
+ lprintf(CTDL_DEBUG, ">%s", buf);
+ sock_write(sock, buf, strlen(buf));
+ if (ml_sock_gets(sock, buf) < 0) {
+ *status = 4;
+ strcpy(dsn, "Connection broken during SMTP AUTH");
+ goto bail;
+ }
+ lprintf(CTDL_DEBUG, "<%s\n", buf);
+ if (buf[0] != '2') {
+ if (buf[0] == '4') {
+ *status = 4;
+ safestrncpy(dsn, &buf[4], 1023);
+ goto bail;
+ }
+ else {
+ *status = 5;
+ safestrncpy(dsn, &buf[4], 1023);
+ goto bail;
+ }
+ }
+ }
+
+ /* previous command succeeded, now try the MAIL From: command */
snprintf(buf, sizeof buf, "MAIL From: <%s>\r\n", mailfrom);
lprintf(CTDL_DEBUG, ">%s", buf);
sock_write(sock, buf, strlen(buf));
}
/* MAIL succeeded, now try the RCPT To: command */
- snprintf(buf, sizeof buf, "RCPT To: <%s>\r\n", addr);
+ snprintf(buf, sizeof buf, "RCPT To: <%s@%s>\r\n", user, node);
lprintf(CTDL_DEBUG, ">%s", buf);
sock_write(sock, buf, strlen(buf));
if (ml_sock_gets(sock, buf) < 0) {
bail: free(msgtext);
sock_close(sock);
+
+ /* Write something to the syslog (which may or may not be where the
+ * rest of the Citadel logs are going; some sysadmins want LOG_MAIL).
+ */
+ if (enable_syslog) {
+ syslog((LOG_MAIL | LOG_INFO),
+ "%ld: to=<%s>, relay=%s, stat=%s",
+ msgnum,
+ addr,
+ mx_host,
+ dsn
+ );
+ }
+
return;
}
bmsg->cm_fields['A'] = strdup("Citadel");
bmsg->cm_fields['O'] = strdup(MAILROOM);
bmsg->cm_fields['N'] = strdup(config.c_nodename);
+ bmsg->cm_fields['U'] = strdup("Delivery Status Notification (Failure)");
if (give_up) bmsg->cm_fields['M'] = strdup(
"A message you sent could not be delivered to some or all of its recipients\n"
* message and the message message.
*/
if (incomplete_deliveries_remaining <= 0) {
- CtdlDeleteMessages(SMTP_SPOOLOUT_ROOM, msgnum, "");
- CtdlDeleteMessages(SMTP_SPOOLOUT_ROOM, text_msgid, "");
+ long delmsgs[2];
+ delmsgs[0] = msgnum;
+ delmsgs[1] = text_msgid;
+ CtdlDeleteMessages(SMTP_SPOOLOUT_ROOM, delmsgs, 2, "", 0);
}
-
/*
* Uncompleted delivery instructions remain, so delete the old
* instructions and replace with the updated ones.
*/
if (incomplete_deliveries_remaining > 0) {
- CtdlDeleteMessages(SMTP_SPOOLOUT_ROOM, msgnum, "");
+ CtdlDeleteMessages(SMTP_SPOOLOUT_ROOM, &msgnum, 1, "", 0);
msg = malloc(sizeof(struct CtdlMessage));
memset(msg, 0, sizeof(struct CtdlMessage));
msg->cm_magic = CTDLMESSAGE_MAGIC;
char *serv_smtp_init(void)
{
+
CtdlRegisterServiceHook(config.c_smtp_port, /* SMTP MTA */
NULL,
smtp_greeting,
NULL);
CtdlRegisterServiceHook(0, /* local LMTP */
- "lmtp.socket",
- lmtp_greeting,
- smtp_command_loop,
- NULL);
+ file_lmtp_socket,
+ lmtp_greeting,
+ smtp_command_loop,
+ NULL);
+
+ CtdlRegisterServiceHook(0, /* local LMTP */
+ file_lmtp_unfiltered_socket,
+ lmtp_unfiltered_greeting,
+ smtp_command_loop,
+ NULL);
smtp_init_spoolout();
CtdlRegisterSessionHook(smtp_do_queue, EVT_TIMER);