mail/exim/files/extra-patch-Local-sa-exim.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

--- Local/sa-exim.c.orig	2020-02-19 03:04:43 UTC
+++ Local/sa-exim.c
@@ -29,10 +29,7 @@ http://lists.merlins.org/lists/listinfo/sa-exim
 #include "sa-exim.h"
 
 /* Exim includes */
-#include "local_scan.h"
-extern FILE   *smtp_out;               /* Exim's incoming SMTP output file */
-extern int     body_linecount;         /* Line count in body */
-extern uschar *primary_hostname;
+#include <local_scan.h>
 
 #ifdef DLOPEN_LOCAL_SCAN
 
@@ -409,6 +406,11 @@ int parsemlheader(char *buffer, FILE *readfh, char *he
 	    if (buffer[strlen(buffer)-1] == '\n')
 	    {
 		buffer[strlen(buffer)-1]=0;
+		/* and any carriage return */
+		if (buffer[strlen(buffer)-1] == '\r')
+		{
+		    buffer[strlen(buffer)-1]=0;
+		}
 	    }
 	    if (SAEximDebug > 5)
 	    {
@@ -515,6 +517,7 @@ int local_scan(volatile int fd, uschar **return_text)
     int pid;
     int writefd[2];
     int readfd[2];
+    char *spamc_argv[10];
     int i;
     /* These are the only values that we want working after the longjmp 
      * The automatic ones can be clobbered, but we don't really care */
@@ -550,8 +553,9 @@ int local_scan(volatile int fd, uschar **return_text)
     static char *SAspamcpath=SPAMC_LOCATION;
     static char *SAsafemesgidchars=SAFEMESGIDCHARS
     static char *SAspamcSockPath=NULL;
-    static char *SAspamcPort="783";
-    static char *SAspamcHost="127.0.0.1";
+    static char *SAspamcPort=NULL;
+    static char *SAspamcHost=NULL;
+    static char *SAspamcUser=NULL;
     static char *SAEximRunCond="0";
     static char *SAEximRejCond="1";
     static int SAmaxbody=250*1024;
@@ -602,6 +606,10 @@ int local_scan(volatile int fd, uschar **return_text)
     /* Do not put a %s in there, or you'll segfault */
     static char *SAmsgerror="Temporary local error while processing message, please contact postmaster";
 
+    /* This needs to be retrieved through expand_string in order
+       not to violate the API. */
+    uschar *primary_hostname=expand_string("$primary_hostname");
+
     /* New values we read from spamassassin */
     char *xspamstatus=NULL;
     char *xspamflag=NULL;
@@ -712,6 +720,7 @@ int local_scan(volatile int fd, uschar **return_text)
 	    M_CHECKFORSTR(SAspamcSockPath);
 	    M_CHECKFORSTR(SAspamcPort);
 	    M_CHECKFORSTR(SAspamcHost);
+	    M_CHECKFORSTR(SAspamcUser);
 	    M_CHECKFORSTR(SAEximRunCond);
 	    M_CHECKFORSTR(SAEximRejCond);
 	    M_CHECKFORVAR(SAmaxbody, "%d");
@@ -914,6 +923,22 @@ int local_scan(volatile int fd, uschar **return_text)
 	ret=dup2(readfd[1],2);
 	CHECKERR(ret,"dup2 stderr",__LINE__);
 
+	i = 0;
+	spamc_argv[i++] = "spamc";
+	if (SAspamcUser && SAspamcUser[0])
+	{
+	    expand=expand_string(SAspamcUser);
+	    if (expand == NULL)
+	    {
+		log_write(0, LOG_MAIN | LOG_PANIC, "SA: SAspamcUser expansion failure on %s, will run as Exim user instead.", SAspamcUser);
+	    }
+	    else if (expand[0] != '\0')
+	    {
+		spamc_argv[i++] = "-u";
+		spamc_argv[i++] = expand;
+	    }
+	}
+
 	/* 
          * I could implement the spamc protocol and talk to spamd directly
          * instead of forking spamc, but considering the overhead spent
@@ -924,17 +949,30 @@ int local_scan(volatile int fd, uschar **return_text)
 	/* Ok, we cheat, spamc cares about how big the whole message is and
          * we only know about the body size, so I'll  give an extra 16K
          * to account for any headers that can accompany the message */
+
+	spamc_argv[i++] = "-s";
+	spamc_argv[i++] = string_sprintf("%d", SAmaxbody+16384);
+
 	if(SAspamcSockPath)
 	{
-	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-U", SAspamcSockPath, NULL);
-	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
+    	    spamc_argv[i++] = "-U";
+	    spamc_argv[i++] = SAspamcSockPath;
 	}
 	else
 	{
-	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-d", SAspamcHost, "-p", SAspamcPort, NULL);
-	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
+	    if (SAspamcHost) {
+		spamc_argv[i++] = "-d";
+		spamc_argv[i++] = SAspamcHost;
+	    }
+	    if (SAspamcPort) {
+		spamc_argv[i++] = "-p";
+		spamc_argv[i++] = SAspamcPort;
+	    }
 	}
-	
+	spamc_argv[i++] = NULL;
+
+	ret=execv(SAspamcpath, spamc_argv);
+	CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
     }
 
     if (SAEximDebug > 8)
@@ -1045,6 +1083,11 @@ int local_scan(volatile int fd, uschar **return_text)
 	if (buffer[strlen(buffer)-1] == '\n')
 	{
 	    buffer[strlen(buffer)-1]=0;
+	    /* and any carriage return */
+	    if (buffer[strlen(buffer)-1] == '\r')
+	    {
+		buffer[strlen(buffer)-1]=0;
+	    }
 	}
 restart:
 	if (SAEximDebug > 5)
@@ -1218,7 +1261,7 @@ restart:
 	    }
 
 	    stret=write(fd, buffer, strlen(buffer));
-	    CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);
+	    CHECKERR(stret,string_sprintf("%s", "SA body write to msg"),__LINE__);
 	    if (SAEximDebug > 8)
 	    {
 		log_write(0, LOG_MAIN, "SA: Debug9: Wrote to msg; line %d (wrote %d)", line, ret);
@@ -1229,18 +1272,20 @@ restart:
 	    }
 	}
 
+	
 	if (SAEximDebug > 1)
 	{
 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount before SA: %d", body_linecount);
 	}
 
 	/* update global variable $body_linecount to reflect the new body size*/
-	body_linecount = (line - 1);
+	if (body_linecount > 0) body_linecount = (line - 1); // Not updating if zero, indicating spool_wireformat
 
 	if (SAEximDebug > 1)
 	{
 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount after SA: %d", body_linecount);
 	}
+
     }
 
     fclose((FILE *)readfh);
@@ -1331,6 +1376,9 @@ restart:
 	
 	if (dorej && doteergrube)
 	{
+	    char *teergrubewaitstr;
+	    teergrubewaitstr=string_sprintf(SAmsgteergrubewait, spamstatus);
+
 	    /* By default, we'll only save temp bounces by message ID so
 	     * that when the same message is submitted several times, we
 	     * overwrite the same file on disk and not create a brand new
@@ -1353,20 +1401,8 @@ restart:
 
 	    for (i=0;i<SAteergrubetime/10;i++)
 	    {
-		char *str;
-		
-		/* Unfortunately, we can't use exim's smtp_printf because it
-		 * doesn't return an error code if the write gets an EPIPE.
-		 * So, we write ourselves, but this won't work if you have a
-		 * TLS connection opened (that said, if you are teergrubing
-		 * a TLS connection, it's probably a relay host, not a
-		 * spammer, and in this case you should not teergrube a
-		 * friendly relay, so basically we should be ok).
-		 * If you do teergrube an SSL connection with the current
-		 * code, you will break it, but that's acceptable */
-		str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus);
-		fprintf(smtp_out, str);
-		ret=fflush(smtp_out);
+		smtp_printf("451-%s\r\n", FALSE, teergrubewaitstr);
+		ret=smtp_fflush();
 		if (ret != 0)
 		{
 		    log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender for %d secs until it closed the connection: %s (scanned in %d/%d secs | Message-Id: %s). %s", i*10, spamstatus, scantime, fulltime, safemesgid, mailinfo);