1/*++ 2/* NAME 3/* discard 8 4/* SUMMARY 5/* Postfix discard mail delivery agent 6/* SYNOPSIS 7/* \fBdiscard\fR [generic Postfix daemon options] 8/* DESCRIPTION 9/* The Postfix \fBdiscard\fR(8) delivery agent processes 10/* delivery requests from 11/* the queue manager. Each request specifies a queue file, a sender 12/* address, a next-hop destination that is treated as the reason for 13/* discarding the mail, and recipient information. 14/* The reason may be prefixed with an RFC 3463-compatible detail code. 15/* This program expects to be run from the \fBmaster\fR(8) process 16/* manager. 17/* 18/* The \fBdiscard\fR(8) delivery agent pretends to deliver all recipients 19/* in the delivery request, logs the "next-hop" destination 20/* as the reason for discarding the mail, updates the 21/* queue file, and either marks recipients as finished or informs the 22/* queue manager that delivery should be tried again at a later time. 23/* 24/* Delivery status reports are sent to the \fBtrace\fR(8) 25/* daemon as appropriate. 26/* SECURITY 27/* .ad 28/* .fi 29/* The \fBdiscard\fR(8) mailer is not security-sensitive. It does not talk 30/* to the network, and can be run chrooted at fixed low privilege. 31/* STANDARDS 32/* RFC 3463 (Enhanced Status Codes) 33/* DIAGNOSTICS 34/* Problems and transactions are logged to \fBsyslogd\fR(8). 35/* 36/* Depending on the setting of the \fBnotify_classes\fR parameter, 37/* the postmaster is notified of bounces and of other trouble. 38/* CONFIGURATION PARAMETERS 39/* .ad 40/* .fi 41/* Changes to \fBmain.cf\fR are picked up automatically as \fBdiscard\fR(8) 42/* processes run for only a limited amount of time. Use the command 43/* "\fBpostfix reload\fR" to speed up a change. 44/* 45/* The text below provides only a parameter summary. See 46/* \fBpostconf\fR(5) for more details including examples. 47/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 48/* The default location of the Postfix main.cf and master.cf 49/* configuration files. 50/* .IP "\fBdaemon_timeout (18000s)\fR" 51/* How much time a Postfix daemon process may take to handle a 52/* request before it is terminated by a built-in watchdog timer. 53/* .IP "\fBdelay_logging_resolution_limit (2)\fR" 54/* The maximal number of digits after the decimal point when logging 55/* sub-second delay values. 56/* .IP "\fBdouble_bounce_sender (double-bounce)\fR" 57/* The sender address of postmaster notifications that are generated 58/* by the mail system. 59/* .IP "\fBipc_timeout (3600s)\fR" 60/* The time limit for sending or receiving information over an internal 61/* communication channel. 62/* .IP "\fBmax_idle (100s)\fR" 63/* The maximum amount of time that an idle Postfix daemon process waits 64/* for an incoming connection before terminating voluntarily. 65/* .IP "\fBmax_use (100)\fR" 66/* The maximal number of incoming connections that a Postfix daemon 67/* process will service before terminating voluntarily. 68/* .IP "\fBprocess_id (read-only)\fR" 69/* The process ID of a Postfix command or daemon process. 70/* .IP "\fBprocess_name (read-only)\fR" 71/* The process name of a Postfix command or daemon process. 72/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" 73/* The location of the Postfix top-level queue directory. 74/* .IP "\fBsyslog_facility (mail)\fR" 75/* The syslog facility of Postfix logging. 76/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 77/* The mail system name that is prepended to the process name in syslog 78/* records, so that "smtpd" becomes, for example, "postfix/smtpd". 79/* SEE ALSO 80/* qmgr(8), queue manager 81/* bounce(8), delivery status reports 82/* error(8), Postfix error delivery agent 83/* postconf(5), configuration parameters 84/* master(5), generic daemon options 85/* master(8), process manager 86/* syslogd(8), system logging 87/* LICENSE 88/* .ad 89/* .fi 90/* The Secure Mailer license must be distributed with this software. 91/* HISTORY 92/* This service was introduced with Postfix version 2.2. 93/* AUTHOR(S) 94/* Victor Duchovni 95/* Morgan Stanley 96/* 97/* Based on code by: 98/* Wietse Venema 99/* IBM T.J. Watson Research 100/* P.O. Box 704 101/* Yorktown Heights, NY 10598, USA 102/*--*/ 103 104/* System library. */ 105 106#include <sys_defs.h> 107#include <unistd.h> 108#include <stdlib.h> 109 110/* Utility library. */ 111 112#include <msg.h> 113#include <vstream.h> 114 115/* Global library. */ 116 117#include <deliver_request.h> 118#include <mail_queue.h> 119#include <bounce.h> 120#include <deliver_completed.h> 121#include <flush_clnt.h> 122#include <sent.h> 123#include <dsn_util.h> 124#include <mail_version.h> 125 126/* Single server skeleton. */ 127 128#include <mail_server.h> 129 130/* deliver_message - deliver message with extreme prejudice */ 131 132static int deliver_message(DELIVER_REQUEST *request) 133{ 134 const char *myname = "deliver_message"; 135 VSTREAM *src; 136 int result = 0; 137 int status; 138 RECIPIENT *rcpt; 139 int nrcpt; 140 DSN_SPLIT dp; 141 DSN dsn; 142 143 if (msg_verbose) 144 msg_info("deliver_message: from %s", request->sender); 145 146 /* 147 * Sanity checks. 148 */ 149 if (request->nexthop[0] == 0) 150 msg_fatal("empty nexthop hostname"); 151 if (request->rcpt_list.len <= 0) 152 msg_fatal("recipient count: %d", request->rcpt_list.len); 153 154 /* 155 * Open the queue file. Opening the file can fail for a variety of 156 * reasons, such as the system running out of resources. Instead of 157 * throwing away mail, we're raising a fatal error which forces the mail 158 * system to back off, and retry later. 159 */ 160 src = mail_queue_open(request->queue_name, request->queue_id, 161 O_RDWR, 0); 162 if (src == 0) 163 msg_fatal("%s: open %s %s: %m", myname, 164 request->queue_name, request->queue_id); 165 if (msg_verbose) 166 msg_info("%s: file %s", myname, VSTREAM_PATH(src)); 167 168 /* 169 * Discard all recipients. 170 */ 171#define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS(request->flags) 172 173 dsn_split(&dp, "2.0.0", request->nexthop); 174 (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text); 175 for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) { 176 rcpt = request->rcpt_list.info + nrcpt; 177 status = sent(BOUNCE_FLAGS(request), request->queue_id, 178 &request->msg_stats, rcpt, "none", &dsn); 179 if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS)) 180 deliver_completed(src, rcpt->offset); 181 result |= status; 182 } 183 184 /* 185 * Clean up. 186 */ 187 if (vstream_fclose(src)) 188 msg_warn("close %s %s: %m", request->queue_name, request->queue_id); 189 190 return (result); 191} 192 193/* discard_service - perform service for client */ 194 195static void discard_service(VSTREAM *client_stream, char *unused_service, char **argv) 196{ 197 DELIVER_REQUEST *request; 198 int status; 199 200 /* 201 * Sanity check. This service takes no command-line arguments. 202 */ 203 if (argv[0]) 204 msg_fatal("unexpected command-line argument: %s", argv[0]); 205 206 /* 207 * This routine runs whenever a client connects to the UNIX-domain socket 208 * dedicated to the discard mailer. What we see below is a little 209 * protocol to (1) tell the queue manager that we are ready, (2) read a 210 * request from the queue manager, and (3) report the completion status 211 * of that request. All connection-management stuff is handled by the 212 * common code in single_server.c. 213 */ 214 if ((request = deliver_request_read(client_stream)) != 0) { 215 status = deliver_message(request); 216 deliver_request_done(client_stream, request, status); 217 } 218} 219 220/* pre_init - pre-jail initialization */ 221 222static void pre_init(char *unused_name, char **unused_argv) 223{ 224 flush_init(); 225} 226 227MAIL_VERSION_STAMP_DECLARE; 228 229/* main - pass control to the single-threaded skeleton */ 230 231int main(int argc, char **argv) 232{ 233 234 /* 235 * Fingerprint executables and core dumps. 236 */ 237 MAIL_VERSION_STAMP_ALLOCATE; 238 239 single_server_main(argc, argv, discard_service, 240 MAIL_SERVER_PRE_INIT, pre_init, 241 0); 242} 243