/* * session.c, SJ */ #include #include #include #include #include #include #include #include #include #include #include #include void handle_smtp_session(int new_sd, struct __data *data, struct __config *cfg){ int i, ret, pos, n, inj=ERR, state, prevlen=0; char *p, buf[MAXBUFSIZE], puf[MAXBUFSIZE], resp[MAXBUFSIZE], prevbuf[MAXBUFSIZE], last2buf[2*MAXBUFSIZE+1]; char rctptoemail[SMALLBUFSIZE], fromemail[SMALLBUFSIZE], virusinfo[SMALLBUFSIZE], reason[SMALLBUFSIZE]; char *arule = NULL; struct session_data sdata; struct _state sstate; int db_conn=0; int rc; struct __counters counters; struct timezone tz; struct timeval tv1, tv2; alarm(cfg->session_timeout); sig_catch(SIGALRM, killChild); state = SMTP_STATE_INIT; initSessionData(&sdata); bzero(&counters, sizeof(counters)); /* open database connection */ db_conn = 0; #ifdef NEED_MYSQL rc = 1; mysql_init(&(sdata.mysql)); mysql_options(&(sdata.mysql), MYSQL_OPT_CONNECT_TIMEOUT, (const char*)&cfg->mysql_connect_timeout); mysql_options(&(sdata.mysql), MYSQL_OPT_RECONNECT, (const char*)&rc); if(mysql_real_connect(&(sdata.mysql), cfg->mysqlhost, cfg->mysqluser, cfg->mysqlpwd, cfg->mysqldb, cfg->mysqlport, cfg->mysqlsocket, 0)) db_conn = 1; else syslog(LOG_PRIORITY, "%s", ERR_MYSQL_CONNECT); #endif if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: fork()", sdata.ttmpfile); gettimeofday(&tv1, &tz); #ifdef HAVE_LMTP snprintf(buf, MAXBUFSIZE-1, LMTP_RESP_220_BANNER, cfg->hostid); #else snprintf(buf, MAXBUFSIZE-1, SMTP_RESP_220_BANNER, cfg->hostid); #endif send(new_sd, buf, strlen(buf), 0); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: sent: %s", sdata.ttmpfile, buf); while((n = recvtimeout(new_sd, puf, MAXBUFSIZE, TIMEOUT)) > 0){ pos = 0; /* accept mail data */ if(state == SMTP_STATE_DATA){ /* join the last 2 buffer */ memset(last2buf, 0, 2*MAXBUFSIZE+1); memcpy(last2buf, prevbuf, MAXBUFSIZE); memcpy(last2buf+prevlen, puf, MAXBUFSIZE); /*if(sdata.hdr_len == 0){ sdata.hdr_len = searchStringInBuffer(last2buf, 2*MAXBUFSIZE+1, "\n\r\n", 3); if(sdata.hdr_len == 0) searchStringInBuffer(last2buf, 2*MAXBUFSIZE+1, "\n\n", 2); }*/ pos = searchStringInBuffer(last2buf, 2*MAXBUFSIZE+1, SMTP_CMD_PERIOD, 5); if(pos > 0){ /* fix position */ pos = pos - prevlen; if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: period found", sdata.ttmpfile); /* write data only to (and including) the trailing period (.) */ ret = write(sdata.fd, puf, pos); sdata.tot_len += ret; /* fix posistion! */ pos += strlen(SMTP_CMD_PERIOD); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: got: (.)", sdata.ttmpfile); state = SMTP_STATE_PERIOD; /* make sure we had a successful read */ rc = fsync(sdata.fd); close(sdata.fd); gettimeofday(&tv2, &tz); sdata.__acquire = tvdiff(tv2, tv1); if(rc){ syslog(LOG_PRIORITY, "failed writing data: %s", sdata.ttmpfile); #ifdef HAVE_LMTP for(i=0; iverbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: parsed message", sdata.ttmpfile); sdata.need_scan = 1; digest_file(sdata.ttmpfile, sdata.digest); make_body_digest(&sdata, cfg); #ifdef HAVE_ANTIVIRUS if(cfg->use_antivirus == 1){ gettimeofday(&tv1, &tz); sdata.rav = do_av_check(&sdata, rctptoemail, fromemail, &virusinfo[0], data, cfg); gettimeofday(&tv2, &tz); sdata.__av = tvdiff(tv2, tv1); } #endif #ifdef HAVE_LMTP for(i=0; iverbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: round %d in injection", sdata.ttmpfile, i); extractEmail(sdata.rcptto[i], rctptoemail); /* copy default config to enable policy support */ //memcpy(&my_cfg, cfg, sizeof(struct __config)); inj = ERR; if(db_conn == 1){ if(AVIR_VIRUS == sdata.rav){ syslog(LOG_PRIORITY, "%s: found virus: %s", sdata.ttmpfile, virusinfo); counters.c_virus++; inj = OK; } else if(strlen(sdata.bodydigest) < 10) { syslog(LOG_PRIORITY, "%s: invalid digest", sdata.ttmpfile); inj = ERR; } else { if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: processing message", sdata.ttmpfile); /* check message against archiving rules */ arule = check_againt_ruleset(data->rules, sstate.b_from, sstate.b_to, sstate.b_subject, sdata.tot_len); if(arule){ syslog(LOG_PRIORITY, "%s: discarding message by policy: *%s*", sdata.ttmpfile, arule); inj = OK; } else { inj = processMessage(&sdata, &sstate, cfg); } } } /* set the accept buffer */ snprintf(sdata.acceptbuf, SMALLBUFSIZE-1, "250 Ok %s <%s>\r\n", sdata.ttmpfile, rctptoemail); if(inj == ERR) snprintf(sdata.acceptbuf, SMALLBUFSIZE-1, "451 %s <%s>\r\n", sdata.ttmpfile, rctptoemail); send(new_sd, sdata.acceptbuf, strlen(sdata.acceptbuf), 0); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: sent: %s", sdata.ttmpfile, sdata.acceptbuf); counters.c_rcvd++; if(inj == ERR_EXISTS){ syslog(LOG_PRIORITY, "%s: discarding duplicate message", sdata.ttmpfile); counters.c_duplicate++; } snprintf(reason, SMALLBUFSIZE-1, "delay=%.2f, delays=%.2f/%.2f/%.2f/%.2f/%.2f/%.2f", (sdata.__acquire+sdata.__parsed+sdata.__av+sdata.__compress+sdata.__encrypt+sdata.__store)/1000000.0, sdata.__acquire/1000000.0, sdata.__parsed/1000000.0, sdata.__av/1000000.0, sdata.__compress/1000000.0, sdata.__encrypt/1000000.0, sdata.__store/1000000.0); syslog(LOG_PRIORITY, "%s: %s got mail size=%d, body digest=%s, %s", sdata.ttmpfile, rctptoemail, sdata.tot_len, sdata.bodydigest, reason); #ifdef HAVE_LMTP } /* for */ #endif unlink(sdata.ttmpfile); unlink(sdata.tmpframe); alarm(cfg->session_timeout); /* if we have nothing after the trailing (.), we can read the next command from the network */ if(puf[n-3] == '.' && puf[n-2] == '\r' && puf[n-1] == '\n') continue; /* if we left something in the puffer, we are ready to proceed to handle the additional commands, such as QUIT */ /* if we miss the trailing \r\n, ie. we need another read */ if(puf[n-2] != '\r' && puf[n-1] != '\n'){ memmove(puf, puf+pos, n-pos); memset(puf+n-pos, 0, MAXBUFSIZE-n+pos); i = recvtimeout(new_sd, buf, MAXBUFSIZE, TIMEOUT); strncat(puf, buf, MAXBUFSIZE-1-n+pos); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: partial read: %s", sdata.ttmpfile, puf); pos = 0; } } /* PERIOD found */ else { ret = write(sdata.fd, puf, n); sdata.tot_len += ret; memcpy(prevbuf, puf, n); prevlen = n; continue; } } /* SMTP DATA */ AFTER_PERIOD: /* handle smtp commands */ memset(resp, 0, MAXBUFSIZE); p = &puf[pos]; while((p = split_str(p, "\r\n", buf, MAXBUFSIZE-1))){ if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: got: %s", sdata.ttmpfile, buf); if(strncasecmp(buf, SMTP_CMD_EHLO, strlen(SMTP_CMD_EHLO)) == 0 || strncasecmp(buf, LMTP_CMD_LHLO, strlen(LMTP_CMD_LHLO)) == 0){ if(state == SMTP_STATE_INIT) state = SMTP_STATE_HELO; snprintf(buf, MAXBUFSIZE-1, SMTP_RESP_250_EXTENSIONS, cfg->hostid); strncat(resp, buf, MAXBUFSIZE-1); continue; /* FIXME: implement the ENHANCEDSTATUSCODE extensions */ } if(strncasecmp(buf, SMTP_CMD_HELO, strlen(SMTP_CMD_HELO)) == 0){ if(state == SMTP_STATE_INIT) state = SMTP_STATE_HELO; strncat(resp, SMTP_RESP_250_OK, MAXBUFSIZE-1); continue; } if(strncasecmp(buf, SMTP_CMD_MAIL_FROM, strlen(SMTP_CMD_MAIL_FROM)) == 0){ if(state != SMTP_STATE_HELO){ strncat(resp, SMTP_RESP_503_ERR, MAXBUFSIZE-1); } else { state = SMTP_STATE_MAIL_FROM; snprintf(sdata.mailfrom, SMALLBUFSIZE-1, "%s\r\n", buf); memset(fromemail, 0, SMALLBUFSIZE); extractEmail(sdata.mailfrom, fromemail); strncat(resp, SMTP_RESP_250_OK, strlen(SMTP_RESP_250_OK)); } continue; } if(strncasecmp(buf, SMTP_CMD_RCPT_TO, strlen(SMTP_CMD_RCPT_TO)) == 0){ if(state == SMTP_STATE_MAIL_FROM || state == SMTP_STATE_RCPT_TO){ if(strlen(buf) > SMALLBUFSIZE/2){ strncat(resp, SMTP_RESP_550_ERR_TOO_LONG_RCPT_TO, MAXBUFSIZE-1); continue; } if(sdata.num_of_rcpt_to < MAX_RCPT_TO-1){ snprintf(sdata.rcptto[sdata.num_of_rcpt_to], SMALLBUFSIZE-1, "%s\r\n", buf); } state = SMTP_STATE_RCPT_TO; /* check against blackhole addresses */ extractEmail(buf, rctptoemail); if(sdata.num_of_rcpt_to < MAX_RCPT_TO-1) sdata.num_of_rcpt_to++; strncat(resp, SMTP_RESP_250_OK, MAXBUFSIZE-1); } else { strncat(resp, SMTP_RESP_503_ERR, MAXBUFSIZE-1); } continue; } if(strncasecmp(buf, SMTP_CMD_DATA, strlen(SMTP_CMD_DATA)) == 0){ memset(last2buf, 0, 2*MAXBUFSIZE+1); memset(prevbuf, 0, MAXBUFSIZE); inj = ERR; prevlen = 0; if(state != SMTP_STATE_RCPT_TO){ strncat(resp, SMTP_RESP_503_ERR, MAXBUFSIZE-1); } else { sdata.fd = open(sdata.ttmpfile, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP); if(sdata.fd == -1){ syslog(LOG_PRIORITY, "%s: %s", ERR_OPEN_TMP_FILE, sdata.ttmpfile); strncat(resp, SMTP_RESP_451_ERR, MAXBUFSIZE-1); } else { state = SMTP_STATE_DATA; strncat(resp, SMTP_RESP_354_DATA_OK, MAXBUFSIZE-1); } } continue; } if(strncasecmp(buf, SMTP_CMD_QUIT, strlen(SMTP_CMD_QUIT)) == 0){ state = SMTP_STATE_FINISHED; snprintf(buf, MAXBUFSIZE-1, SMTP_RESP_221_GOODBYE, cfg->hostid); send(new_sd, buf, strlen(buf), 0); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: sent: %s", sdata.ttmpfile, buf); unlink(sdata.ttmpfile); unlink(sdata.tmpframe); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: removed", sdata.ttmpfile); goto QUITTING; } if(strncasecmp(buf, SMTP_CMD_NOOP, strlen(SMTP_CMD_NOOP)) == 0){ strncat(resp, SMTP_RESP_250_OK, MAXBUFSIZE-1); continue; } if(strncasecmp(buf, SMTP_CMD_RESET, strlen(SMTP_CMD_RESET)) == 0){ strncat(resp, SMTP_RESP_250_OK, MAXBUFSIZE-1); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: removed", sdata.ttmpfile); unlink(sdata.ttmpfile); unlink(sdata.tmpframe); initSessionData(&sdata); state = SMTP_STATE_HELO; continue; } /* by default send 502 command not implemented message */ syslog(LOG_PRIORITY, "%s: invalid command: *%s*", sdata.ttmpfile, buf); strncat(resp, SMTP_RESP_502_ERR, MAXBUFSIZE-1); } /* now we can send our buffered response */ if(strlen(resp) > 0){ send(new_sd, resp, strlen(resp), 0); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: sent: %s", sdata.ttmpfile, resp); memset(resp, 0, MAXBUFSIZE); } } /* while */ /* * if we are not in SMTP_STATE_QUIT and the message was not injected, * ie. we have timed out than send back 421 error message */ if(state < SMTP_STATE_QUIT && inj == ERR){ snprintf(buf, MAXBUFSIZE-1, SMTP_RESP_421_ERR, cfg->hostid); send(new_sd, buf, strlen(buf), 0); if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "%s: sent: %s", sdata.ttmpfile, buf); goto QUITTING; } QUITTING: updateCounters(&sdata, data, &counters, cfg); #ifdef NEED_MYSQL mysql_close(&(sdata.mysql)); #endif #ifdef HAVE_MEMCACHED memcached_shutdown(&(data->memc)); #endif if(cfg->verbosity >= _LOG_DEBUG) syslog(LOG_PRIORITY, "child has finished"); if(cfg->verbosity >= _LOG_INFO) syslog(LOG_PRIORITY, "processed %llu messages", counters.c_rcvd); } void killChild(){ syslog(LOG_PRIORITY, "child is killed by force"); exit(0); } void initSessionData(struct session_data *sdata){ int i; sdata->fd = -1; create_id(&(sdata->ttmpfile[0])); unlink(sdata->ttmpfile); snprintf(sdata->tmpframe, SMALLBUFSIZE-1, "%s.m", sdata->ttmpfile); unlink(sdata->tmpframe); memset(sdata->mailfrom, 0, SMALLBUFSIZE); snprintf(sdata->client_addr, SMALLBUFSIZE-1, "null"); memset(sdata->whitelist, 0, MAXBUFSIZE); memset(sdata->blacklist, 0, MAXBUFSIZE); sdata->hdr_len = 0; sdata->tot_len = 0; sdata->num_of_rcpt_to = 0; sdata->tre = '-'; sdata->rav = AVIR_OK; sdata->__acquire = sdata->__parsed = sdata->__av = sdata->__store = sdata->__compress = sdata->__encrypt = 0; for(i=0; ircptto[i], 0, SMALLBUFSIZE); time(&(sdata->now)); sdata->sent = sdata->now; }