mlmmj.c: In function ‘bouncemail’:
mlmmj.c:450:21: warning: unused variable ‘st’ [-Wunused-variable]
450 | struct stat st;
| ^~
In file included from mlmmj.c:23:
mlmmj.c: In function ‘atfu_find_in_list_body’:
/tmp/mlmmj-devel.git/include/vec.h:93:15: warning: value computed is not used [-Wunused-value]
93 | (v)->d[--(v)->len]
| ~~~~~~^~~~~~~~~~~~
mlmmj.c:3611:9: note: in expansion of macro ‘vec_pop’
3611 | vec_pop(&bla);
| ^~~~~~~
ArchLinux: clang version 22.1.5
mlmmj-process.c:829:19: warning: variable 'txt' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
829 | } else if (modonlypost) {
| ^~~~~~~~~~~
mlmmj-process.c:833:18: note: uninitialized use occurs here
833 | MY_ASSERT(txt);
| ^~~
mlmmj-process.c:829:15: note: remove the 'if' if its condition is always true
829 | } else if (modonlypost) {
| ^~~~~~~~~~~~~~~~
mlmmj-process.c:287:11: note: initialize the variable 'txt' to silence this warning
287 | text *txt;
| ^
| = NULL
Add MIME type detection/rejection to mlmmj-receive
When control/mimedeny exists, parse MIME headers and body to detect
unwanted MIME types in both top-level and multipart sub-parts. Adds
an X-ThisMailContainsUnwantedMimeParts header (Y/N) without stripping
any content.
New functions: read_headers(), write_headers(),
update_unwanted_mime_header(), parse_body(), process_mail().
If control/mimedeny is absent, behavior is unchanged (dumpfd2fd).
Fixes from contrib/receivestrip/:
- use-after-free in header reading (free after vec_push)
- boundary detection missing "--" prefix in MIME body
add optional YYYY/MM archive partitioning via control/archivepartition
Large mailing lists accumulate thousands of files in a single archive/
directory, degrading filesystem performance. When control/archivepartition
exists, new archives are written to archive/YYYY/MM/N and mlmmj-maintd
automatically migrates existing flat archives based on file mtime.
Reading always tries flat layout first then falls back to scanning
subdirectories, so archives work regardless of layout.
generate RFC 2919/2369 List-* and Precedence headers natively
Mailing list messages without List-Id/Precedence headers cause vacation
autoreplies to trigger bounces leading to unsubscriptions, prevent mail
clients like Delta Chat from detecting list messages, and hurt
deliverability with major providers.
Generate List-Id, List-Post, List-Help, List-Subscribe, List-Unsubscribe,
and Precedence headers by default in do_all_the_voodoo_here(). List-Owner
is included only when control/owner exists. All headers can be disabled
via control/nolistheaders.
mlmmj-make-ml: use full email address for default owner
The default owner "postmaster" lacks a domain part, causing
mlmmj-send to reject it with "No @ in address". Use the FQDN
already collected earlier in the script to build a proper
postmaster@FQDN default.
send_mail: add X-Forwarded-To and X-Signed-Recipient headers
Add per-recipient headers to improve deliverability and support DARA
(draft ARC replay-resistant authentication):
- X-Forwarded-To: helps Gmail recognize legitimate forwarding
- X-Signed-Recipient: used in ARC signatures to prove the message
was intended for a specific recipient
Both are enabled independently via control files (xforwardedto and dara).
Like addtohdr, these are incompatible with VERP since they require
per-recipient header injection.
Wulf Coulmann [Fri, 6 Mar 2026 08:40:23 +0000 (09:40 +0100)]
Update exim4 configuration hints
- add debug output to router and transport
- lookup changes according exim4 >= 4.94 taind behaver (Errors like "Tainted filename for search")
- add router condition for setups with more than one domain (you need uniq local_parts over all your lists, but we do not want to match the transport on local_part@wrong.domain)
hint
- VERP config is not changed/updated, may not work
mlmmj-process: clean up queue file on second do_all_the_voodoo_here failure
The owner-forwarding path re-opens donemailname with O_TRUNC and calls
do_all_the_voodoo_here a second time. If this call fails, the truncated
queue file is left behind. Add unlink(donemailname) and free(donemailname)
to match the cleanup already done at the first call site.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use close_text() instead of free() when cleaning up txt in error paths.
The txt parameter is a fully initialized text structure from open_text(),
so it needs proper cleanup via close_text() to free all internal resources.
Also add missing close_text() call when prepstdreply_to() fails.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
do_all_the_voodoo_here: fix memory leaks and NULL dereference
Fix two pre-existing issues:
1. Memory leak: unfolded variable from tll_pop_front() was never freed
in the header processing loop. Add free(unfolded) at loop end and
before continue statements.
2. NULL dereference: posteraddr can be NULL if From: header is missing
or malformed. Pass empty string to process_headers_fd() when NULL
to avoid undefined behavior in xasprintf().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
do_all_the_voodoo_here: fix FILE* leaks in error paths
Four error paths return without closing the FILE* f:
- process_headers_fd() failure in MIME header case
- process_headers_fd() failure in !hdrsadded case
- dprintf() failure when writing header terminator
- dumpfd2fd() failure when dumping mail body
Add fclose(f) before each return -1.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
listcontrol: fix resource leaks in CTRL_GET error path
When send_single_mail() fails, the code returns without freeing
bounceaddr, archivefilename, or closing mail.fp. Also add cleanup on
the success path which is missing the same resources.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
fix missing fdopen() NULL checks across multiple files
If fdopen() fails (e.g., due to memory pressure), passing NULL to
subsequent stdio operations (getline, fclose, scan_headers, etc.)
causes undefined behavior, typically segmentation faults.
Add NULL checks after fdopen() calls in multiple files:
subscriberfuncs.c:
- find_subscriber(): return false on fdopen failure
- autosubscribe_sender(): return early on fdopen failure
mlmmj-send.c:
- send_mail_many_fd(): return -1 on fdopen failure
- main(): exit with failure on fdopen failure
mlmmj-process.c:
- is_moderator(): exit with failure on fdopen failure
listcontrol.c:
- listcontrol(): return -1 on fdopen failure, freeing resources
prepstdreply.c:
- init_file_lines_fd(): return NULL on fdopen failure
- get_msgid_line(): return id on fdopen failure (graceful degradation)
- open_text_fd(): return NULL on fdopen failure
do_all_the_voodoo_here.c:
- do_all_the_voodoo_here(): return -1 on fdopen or dup failure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The dsnparseaddr() function has three resource leaks:
1. The file handle 'f' is never closed after parsing the DSN mail
2. The 'boundary' string is allocated but never freed
3. The 'emails' list is populated but never freed on exit
Free all three resources before all return paths.
Fixes: a1f1fbc8 ("mlmmj-bounce: make sure mlmmj-bounce is never called directly") Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
mlmmj: fix multiple resource leaks in send_probe()
The send_probe() function has several resource leaks:
1. bfd (bounce directory file descriptor) is opened but never closed
2. fd (probe file descriptor) is opened but never closed on success
3. mail.fp is not closed on send_single_mail() failure path
4. queuefilename is allocated by prepstdreply() but never freed
5. myaddr and from are not freed on send_single_mail() failure path
Clean up all resources properly on both success and failure
paths.
Fixes: 958d3143 ("probes: fix a regression causing the probes not to sent the bounce numbers") Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
projects / thirdparty / mlmmj.git / log
