1/*++
2/* NAME
3/*	error 8
4/* SUMMARY
5/*	Postfix error/retry mail delivery agent
6/* SYNOPSIS
7/*	\fBerror\fR [generic Postfix daemon options]
8/* DESCRIPTION
9/*	The Postfix \fBerror\fR(8) delivery agent processes delivery
10/*	requests from
11/*	the queue manager. Each request specifies a queue file, a sender
12/*	address, the reason for non-delivery (specified as the
13/*	next-hop destination), and recipient information.
14/*	The reason may be prefixed with an RFC 3463-compatible detail code;
15/*	if none is specified a default 4.0.0 or 5.0.0 code is used instead.
16/*	This program expects to be run from the \fBmaster\fR(8) process
17/*	manager.
18/*
19/*	Depending on the service name in master.cf, \fBerror\fR
20/*	or \fBretry\fR, the server bounces or defers all recipients
21/*	in the delivery request using the "next-hop" information
22/*	as the reason for non-delivery. The \fBretry\fR service name is
23/*	supported as of Postfix 2.4.
24/*
25/*	Delivery status reports are sent to the \fBbounce\fR(8),
26/*	\fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate.
27/* SECURITY
28/* .ad
29/* .fi
30/*	The \fBerror\fR(8) mailer is not security-sensitive. It does not talk
31/*	to the network, and can be run chrooted at fixed low privilege.
32/* STANDARDS
33/*	RFC 3463 (Enhanced Status Codes)
34/* DIAGNOSTICS
35/*	Problems and transactions are logged to \fBsyslogd\fR(8).
36/*
37/*	Depending on the setting of the \fBnotify_classes\fR parameter,
38/*	the postmaster is notified of bounces and of other trouble.
39/* CONFIGURATION PARAMETERS
40/* .ad
41/* .fi
42/*	Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8)
43/*      processes run for only a limited amount of time. Use the command
44/*      "\fBpostfix reload\fR" to speed up a change.
45/*
46/*	The text below provides only a parameter summary. See
47/*	\fBpostconf\fR(5) for more details including examples.
48/* .IP "\fB2bounce_notice_recipient (postmaster)\fR"
49/*	The recipient of undeliverable mail that cannot be returned to
50/*	the sender.
51/* .IP "\fBbounce_notice_recipient (postmaster)\fR"
52/*	The recipient of postmaster notifications with the message headers
53/*	of mail that Postfix did not deliver and of SMTP conversation
54/*	transcripts of mail that Postfix did not receive.
55/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
56/*	The default location of the Postfix main.cf and master.cf
57/*	configuration files.
58/* .IP "\fBdaemon_timeout (18000s)\fR"
59/*	How much time a Postfix daemon process may take to handle a
60/*	request before it is terminated by a built-in watchdog timer.
61/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
62/*	The maximal number of digits after the decimal point when logging
63/*	sub-second delay values.
64/* .IP "\fBdouble_bounce_sender (double-bounce)\fR"
65/*	The sender address of postmaster notifications that are generated
66/*	by the mail system.
67/* .IP "\fBipc_timeout (3600s)\fR"
68/*	The time limit for sending or receiving information over an internal
69/*	communication channel.
70/* .IP "\fBmax_idle (100s)\fR"
71/*	The maximum amount of time that an idle Postfix daemon process waits
72/*	for an incoming connection before terminating voluntarily.
73/* .IP "\fBmax_use (100)\fR"
74/*	The maximal number of incoming connections that a Postfix daemon
75/*	process will service before terminating voluntarily.
76/* .IP "\fBnotify_classes (resource, software)\fR"
77/*	The list of error classes that are reported to the postmaster.
78/* .IP "\fBprocess_id (read-only)\fR"
79/*	The process ID of a Postfix command or daemon process.
80/* .IP "\fBprocess_name (read-only)\fR"
81/*	The process name of a Postfix command or daemon process.
82/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
83/*	The location of the Postfix top-level queue directory.
84/* .IP "\fBsyslog_facility (mail)\fR"
85/*	The syslog facility of Postfix logging.
86/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
87/*	The mail system name that is prepended to the process name in syslog
88/*	records, so that "smtpd" becomes, for example, "postfix/smtpd".
89/* SEE ALSO
90/*	qmgr(8), queue manager
91/*	bounce(8), delivery status reports
92/*	discard(8), Postfix discard delivery agent
93/*	postconf(5), configuration parameters
94/*	master(5), generic daemon options
95/*	master(8), process manager
96/*	syslogd(8), system logging
97/* LICENSE
98/* .ad
99/* .fi
100/*	The Secure Mailer license must be distributed with this software.
101/* AUTHOR(S)
102/*	Wietse Venema
103/*	IBM T.J. Watson Research
104/*	P.O. Box 704
105/*	Yorktown Heights, NY 10598, USA
106/*--*/
107
108/* System library. */
109
110#include <sys_defs.h>
111#include <unistd.h>
112#include <stdlib.h>
113
114/* Utility library. */
115
116#include <msg.h>
117#include <vstream.h>
118
119/* Global library. */
120
121#include <deliver_request.h>
122#include <mail_queue.h>
123#include <bounce.h>
124#include <defer.h>
125#include <deliver_completed.h>
126#include <flush_clnt.h>
127#include <dsn_util.h>
128#include <sys_exits.h>
129#include <mail_proto.h>
130#include <mail_version.h>
131
132/* Single server skeleton. */
133
134#include <mail_server.h>
135
136/* deliver_message - deliver message with extreme prejudice */
137
138static int deliver_message(DELIVER_REQUEST *request, const char *def_dsn,
139	         int (*append) (int, const char *, MSG_STATS *, RECIPIENT *,
140				        const char *, DSN *))
141{
142    const char *myname = "deliver_message";
143    VSTREAM *src;
144    int     result = 0;
145    int     status;
146    RECIPIENT *rcpt;
147    int     nrcpt;
148    DSN_SPLIT dp;
149    DSN     dsn;
150
151    if (msg_verbose)
152	msg_info("deliver_message: from %s", request->sender);
153
154    /*
155     * Sanity checks.
156     */
157    if (request->nexthop[0] == 0)
158	msg_fatal("empty nexthop hostname");
159    if (request->rcpt_list.len <= 0)
160	msg_fatal("recipient count: %d", request->rcpt_list.len);
161
162    /*
163     * Open the queue file. Opening the file can fail for a variety of
164     * reasons, such as the system running out of resources. Instead of
165     * throwing away mail, we're raising a fatal error which forces the mail
166     * system to back off, and retry later.
167     */
168    src = mail_queue_open(request->queue_name, request->queue_id,
169			  O_RDWR, 0);
170    if (src == 0)
171	msg_fatal("%s: open %s %s: %m", myname,
172		  request->queue_name, request->queue_id);
173    if (msg_verbose)
174	msg_info("%s: file %s", myname, VSTREAM_PATH(src));
175
176    /*
177     * Bounce/defer/whatever all recipients.
178     */
179#define BOUNCE_FLAGS(request) DEL_REQ_TRACE_FLAGS(request->flags)
180
181    dsn_split(&dp, def_dsn, request->nexthop);
182    (void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
183    for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
184	rcpt = request->rcpt_list.info + nrcpt;
185	status = append(BOUNCE_FLAGS(request), request->queue_id,
186			&request->msg_stats, rcpt, "none", &dsn);
187	if (status == 0)
188	    deliver_completed(src, rcpt->offset);
189	result |= status;
190    }
191
192    /*
193     * Clean up.
194     */
195    if (vstream_fclose(src))
196	msg_warn("close %s %s: %m", request->queue_name, request->queue_id);
197
198    return (result);
199}
200
201/* error_service - perform service for client */
202
203static void error_service(VSTREAM *client_stream, char *service, char **argv)
204{
205    DELIVER_REQUEST *request;
206    int     status;
207
208    /*
209     * Sanity check. This service takes no command-line arguments.
210     */
211    if (argv[0])
212	msg_fatal("unexpected command-line argument: %s", argv[0]);
213
214    /*
215     * This routine runs whenever a client connects to the UNIX-domain socket
216     * dedicated to the error mailer. What we see below is a little protocol
217     * to (1) tell the queue manager that we are ready, (2) read a request
218     * from the queue manager, and (3) report the completion status of that
219     * request. All connection-management stuff is handled by the common code
220     * in single_server.c.
221     */
222    if ((request = deliver_request_read(client_stream)) != 0) {
223	if (strcmp(service, MAIL_SERVICE_ERROR) == 0)
224	    status = deliver_message(request, "5.0.0", bounce_append);
225	else if (strcmp(service, MAIL_SERVICE_RETRY) == 0)
226	    status = deliver_message(request, "4.0.0", defer_append);
227	else
228	    msg_fatal("bad error service name: %s", service);
229	deliver_request_done(client_stream, request, status);
230    }
231}
232
233/* pre_init - pre-jail initialization */
234
235static void pre_init(char *unused_name, char **unused_argv)
236{
237    flush_init();
238}
239
240MAIL_VERSION_STAMP_DECLARE;
241
242/* main - pass control to the single-threaded skeleton */
243
244int     main(int argc, char **argv)
245{
246
247    /*
248     * Fingerprint executables and core dumps.
249     */
250    MAIL_VERSION_STAMP_ALLOCATE;
251
252    single_server_main(argc, argv, error_service,
253		       MAIL_SERVER_PRE_INIT, pre_init,
254		       0);
255}
256