1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* A number of functions for driving outgoing SMTP calls. */
13 #include "transports/smtp.h"
17 /*************************************************
18 * Find an outgoing interface *
19 *************************************************/
21 /* This function is called from the smtp transport and also from the callout
22 code in verify.c. Its job is to expand a string to get a list of interfaces,
23 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
26 istring string interface setting, may be NULL, meaning "any", in
27 which case the function does nothing
28 host_af AF_INET or AF_INET6 for the outgoing IP address
29 addr the mail address being handled (for setting errors)
30 interface point this to the interface
31 msg to add to any error message
33 Returns: TRUE on success, FALSE on failure, with error message
34 set in addr and transport_return set to PANIC
38 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
39 uschar **interface, uschar *msg)
41 const uschar * expint;
45 if (!istring) return TRUE;
47 if (!(expint = expand_string(istring)))
49 if (f.expand_string_forcedfail) return TRUE;
50 addr->transport_return = PANIC;
51 addr->message = string_sprintf("failed to expand \"interface\" "
52 "option for %s: %s", msg, expand_string_message);
56 if (is_tainted(expint))
58 log_write(0, LOG_MAIN|LOG_PANIC,
59 "attempt to use tainted value '%s' from '%s' for interface",
61 addr->transport_return = PANIC;
62 addr->message = string_sprintf("failed to expand \"interface\" "
63 "option for %s: configuration error", msg);
67 Uskip_whitespace(&expint);
68 if (!*expint) return TRUE;
70 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
73 if (string_is_ip_address(iface, NULL) == 0)
75 addr->transport_return = PANIC;
76 addr->message = string_sprintf("\"%s\" is not a valid IP "
77 "address for the \"interface\" option for %s",
82 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
86 if (iface) *interface = string_copy(iface);
92 /*************************************************
93 * Find an outgoing port *
94 *************************************************/
96 /* This function is called from the smtp transport and also from the callout
97 code in verify.c. Its job is to find a port number. Note that getservbyname()
98 produces the number in network byte order.
101 rstring raw (unexpanded) string representation of the port
102 addr the mail address being handled (for setting errors)
103 port stick the port in here
104 msg for adding to error message
106 Returns: TRUE on success, FALSE on failure, with error message set
107 in addr, and transport_return set to PANIC
111 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
113 uschar *pstring = expand_string(rstring);
117 addr->transport_return = PANIC;
118 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
119 "for %s: %s", rstring, msg, expand_string_message);
123 if (isdigit(*pstring))
126 *port = Ustrtol(pstring, &end, 0);
127 if (end != pstring + Ustrlen(pstring))
129 addr->transport_return = PANIC;
130 addr->message = string_sprintf("invalid port number for %s: %s", msg,
138 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
141 addr->transport_return = PANIC;
142 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
146 *port = ntohs(smtp_service->s_port);
157 tfo_out_check(int sock)
160 struct tcp_info tinfo;
162 socklen_t len = sizeof(val);
164 /* The observability as of 12.1 is not useful as a client, only telling us that
165 a TFO option was used on SYN. It could have been a TFO-R, or ignored by the
169 if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA)
170 if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {}
172 switch (tcp_out_fastopen)
174 case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break;
175 case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
176 default: break; /* compiler quietening */
179 # else /* Linux & Apple */
180 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
181 struct tcp_info tinfo;
182 socklen_t len = sizeof(tinfo);
184 switch (tcp_out_fastopen)
186 /* This is a somewhat dubious detection method; totally undocumented so likely
187 to fail in future kernels. There seems to be no documented way. What we really
188 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
189 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
190 SYN, as distinct from a TFO request. This gets a false-positive when the server
191 key is rotated; we send the old one (which this test sees) but the server returns
192 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
193 To force that rotation case:
194 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
195 The kernel seems to be counting unack'd packets. */
197 case TFO_ATTEMPTED_NODATA:
198 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
199 && tinfo.tcpi_state == TCP_SYN_SENT
200 && tinfo.tcpi_unacked > 1
203 DEBUG(D_transport|D_v)
204 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
205 tcp_out_fastopen = TFO_USED_NODATA;
209 /* When called after waiting for received data we should be able
210 to tell if data we sent was accepted. */
212 case TFO_ATTEMPTED_DATA:
213 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
214 && tinfo.tcpi_state == TCP_ESTABLISHED
216 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
218 DEBUG(D_transport|D_v) debug_printf("TFO: data was acked\n");
219 tcp_out_fastopen = TFO_USED_DATA;
223 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
224 tcp_out_fastopen = TFO_NOT_USED;
228 default: break; /* compiler quietening */
231 # endif /* Linux & Apple */
236 /* Arguments as for smtp_connect(), plus
237 early_data if non-NULL, idenmpotent data to be sent -
238 preferably in the TCP SYN segment
240 Returns: connected socket number, or -1 with errno set
244 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
245 transport_instance * tb, int timeout, const blob * early_data)
247 smtp_transport_options_block * ob =
248 (smtp_transport_options_block *)tb->options_block;
249 const uschar * dscp = ob->dscp;
255 const blob * fastopen_blob = NULL;
258 #ifndef DISABLE_EVENT
259 deliver_host_address = host->address;
260 deliver_host_port = port;
261 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
264 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
266 /* Set TCP_NODELAY; Exim does its own buffering. */
268 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
269 HDEBUG(D_transport|D_acl|D_v)
270 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
272 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
273 bomb out, just log it and continue in default traffic class. */
275 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
277 HDEBUG(D_transport|D_acl|D_v)
278 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
279 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
280 HDEBUG(D_transport|D_acl|D_v)
281 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
282 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
283 option for both; ignore failures here */
284 if (host_af == AF_INET6 &&
285 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
286 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
289 /* Bind to a specific interface if requested. Caller must ensure the interface
290 is the same type (IPv4 or IPv6) as the outgoing address. */
292 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
295 HDEBUG(D_transport|D_acl|D_v)
296 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
300 /* Connect to the remote host, and add keepalive to the socket before returning
301 it, if requested. If the build supports TFO, request it - and if the caller
302 requested some early-data then include that in the TFO request. If there is
303 early-data but no TFO support, send it after connecting. */
308 if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
309 fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
312 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
314 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
316 HDEBUG(D_transport|D_acl|D_v)
317 debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
320 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
322 if (send(sock, early_data->data, early_data->len, 0) < 0)
327 /* Either bind() or connect() failed */
331 HDEBUG(D_transport|D_acl|D_v)
333 debug_printf_indent(" failed: %s", CUstrerror(save_errno));
334 if (save_errno == ETIMEDOUT)
335 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
343 /* Both bind() and connect() succeeded, and any early-data */
347 union sockaddr_46 interface_sock;
348 EXIM_SOCKLEN_T size = sizeof(interface_sock);
350 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
351 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
352 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
355 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
356 "getsockname() failed: %s", strerror(errno));
361 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
374 smtp_port_for_connect(host_item * host, int port)
376 if (host->port != PORT_NONE)
378 HDEBUG(D_transport|D_acl|D_v)
379 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
383 else host->port = port; /* Set the port actually used */
387 /*************************************************
388 * Connect to remote host *
389 *************************************************/
391 /* Create a socket, and connect it to a remote host. IPv6 addresses are
392 detected by checking for a colon in the address. AF_INET6 is defined even on
393 non-IPv6 systems, to enable the code to be less messy. However, on such systems
394 host->address will always be an IPv4 address.
397 sc details for making connection: host, af, interface, transport
398 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
400 Returns: connected socket number, or -1 with errno set
404 smtp_connect(smtp_connect_args * sc, const blob * early_data)
406 int port = sc->host->port;
407 smtp_transport_options_block * ob = sc->ob;
409 callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
411 HDEBUG(D_transport|D_acl|D_v)
414 if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
416 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
418 debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
421 /* Create and connect the socket */
426 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
427 sc->tblock, ob->connect_timeout);
431 if (early_data && early_data->data && early_data->len)
432 if (send(sock, early_data->data, early_data->len, 0) < 0)
434 int save_errno = errno;
435 HDEBUG(D_transport|D_acl|D_v)
437 debug_printf_indent("failed: %s", CUstrerror(save_errno));
438 if (save_errno == ETIMEDOUT)
439 debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
451 return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
452 sc->tblock, ob->connect_timeout, early_data);
456 /*************************************************
457 * Flush outgoing command buffer *
458 *************************************************/
460 /* This function is called only from smtp_write_command() below. It flushes
461 the buffer of outgoing commands. There is more than one in the buffer only when
465 outblock the SMTP output block
466 mode further data expected, or plain
468 Returns: TRUE if OK, FALSE on error, with errno set
472 flush_buffer(smtp_outblock * outblock, int mode)
475 int n = outblock->ptr - outblock->buffer;
476 BOOL more = mode == SCMD_MORE;
478 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
479 more ? " (more expected)" : "");
482 if (outblock->cctx->tls_ctx)
483 rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
488 if (outblock->conn_args)
490 blob early_data = { .data = outblock->buffer, .len = n };
492 /* We ignore the more-flag if we're doing a connect with early-data, which
493 means we won't get BDAT+data. A pity, but wise due to the idempotency
494 requirement: TFO with data can, in rare cases, replay the data to the
497 if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
500 outblock->conn_args = NULL;
505 rc = send(outblock->cctx->sock, outblock->buffer, n,
513 #if defined(__linux__)
514 /* This is a workaround for a current linux kernel bug: as of
515 5.6.8-200.fc31.x86_64 small (<MSS) writes get delayed by about 200ms,
516 This is despite NODELAY being active.
517 https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
520 setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
527 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
531 outblock->ptr = outblock->buffer;
532 outblock->cmd_count = 0;
538 /*************************************************
539 * Write SMTP command *
540 *************************************************/
542 /* The formatted command is left in big_buffer so that it can be reflected in
546 sx SMTP connection, contains buffer for pipelining, and socket
547 mode buffer, write-with-more-likely, write
548 format a format, starting with one of
549 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
550 If NULL, flush pipeline buffer only.
551 ... data for the format
553 Returns: 0 if command added to pipelining buffer, with nothing transmitted
554 +n if n commands transmitted (may still have buffered the new one)
555 -1 on error, with errno set
559 smtp_write_command(void * sx, int mode, const char *format, ...)
561 smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
566 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
569 /* Use taint-unchecked routines for writing into big_buffer, trusting that
570 we'll never expand the results. Actually, the error-message use - leaving
571 the results in big_buffer for potential later use - is uncomfortably distant.
572 XXX Would be better to assume all smtp commands are short, use normal pool
573 alloc rather than big_buffer, and another global for the data-for-error. */
575 va_start(ap, format);
576 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
577 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
580 string_from_gstring(&gs);
582 if (gs.ptr > outblock->buffersize)
583 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
586 if (gs.ptr > outblock->buffersize - (outblock->ptr - outblock->buffer))
588 rc = outblock->cmd_count; /* flush resets */
589 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
592 Ustrncpy(outblock->ptr, gs.s, gs.ptr);
593 outblock->ptr += gs.ptr;
594 outblock->cmd_count++;
595 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
597 /* We want to hide the actual data sent in AUTH transactions from reflections
598 and logs. While authenticating, a flag is set in the outblock to enable this.
599 The AUTH command itself gets any data flattened. Other lines are flattened
602 if (outblock->authenticating)
604 uschar *p = big_buffer;
605 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
608 while (isspace(*p)) p++;
609 while (!isspace(*p)) p++;
610 while (isspace(*p)) p++;
612 while (*p != 0) *p++ = '*';
615 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
618 if (mode != SCMD_BUFFER)
620 rc += outblock->cmd_count; /* flush resets */
621 if (!flush_buffer(outblock, mode)) return -1;
629 /*************************************************
630 * Read one line of SMTP response *
631 *************************************************/
633 /* This function reads one line of SMTP response from the server host. This may
634 not be a complete response - it could be just part of a multiline response. We
635 have to use a buffer for incoming packets, because when pipelining or using
636 LMTP, there may well be more than one response in a single packet. This
637 function is called only from the one that follows.
640 inblock the SMTP input block (contains holding buffer, socket, etc.)
641 buffer where to put the line
642 size space available for the line
643 timelimit deadline for reading the lime, seconds past epoch
645 Returns: length of a line that has been put in the buffer
646 -1 otherwise, with errno set
650 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
653 uschar *ptr = inblock->ptr;
654 uschar *ptrend = inblock->ptrend;
655 client_conn_ctx * cctx = inblock->cctx;
657 /* Loop for reading multiple packets or reading another packet after emptying
658 a previously-read one. */
664 /* If there is data in the input buffer left over from last time, copy
665 characters from it until the end of a line, at which point we can return,
666 having removed any whitespace (which will include CR) at the end of the line.
667 The rules for SMTP say that lines end in CRLF, but there are have been cases
668 of hosts using just LF, and other MTAs are reported to handle this, so we
669 just look for LF. If we run out of characters before the end of a line,
670 carry on to read the next incoming packet. */
677 while (p > buffer && isspace(p[-1])) p--;
685 *p = 0; /* Leave malformed line for error message */
686 errno = ERRNO_SMTPFORMAT;
691 /* Need to read a new input packet. */
693 if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
695 DEBUG(D_deliver|D_transport|D_acl|D_v)
696 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
701 /* Another block of data has been successfully read. Set up the pointers
702 and let the loop continue. */
704 ptrend = inblock->ptrend = inblock->buffer + rc;
705 ptr = inblock->buffer;
706 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
709 /* Get here if there has been some kind of recv() error; errno is set, but we
710 ensure that the result buffer is empty before returning. */
720 /*************************************************
721 * Read SMTP response *
722 *************************************************/
724 /* This function reads an SMTP response with a timeout, and returns the
725 response in the given buffer, as a string. A multiline response will contain
726 newline characters between the lines. The function also analyzes the first
727 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
728 also returned after a reading error. In this case buffer[0] will be zero, and
729 the error code will be in errno.
732 sx the SMTP connection (contains input block with holding buffer,
734 buffer where to put the response
735 size the size of the buffer
736 okdigit the expected first digit of the response
737 timeout the timeout to use, in seconds
739 Returns: TRUE if a valid, non-error response was received; else FALSE
741 /*XXX could move to smtp transport; no other users */
744 smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
747 smtp_context * sx = sx0;
748 uschar * ptr = buffer;
750 time_t timelimit = time(NULL) + timeout;
752 errno = 0; /* Ensure errno starts out zero */
754 #ifndef DISABLE_PIPE_CONNECT
755 if (sx->pending_BANNER || sx->pending_EHLO)
758 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
760 DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
762 if (rc == DEFER) errno = ERRNO_TLSFAILURE;
768 /* This is a loop to read and concatenate the lines that make up a multi-line
773 if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
776 HDEBUG(D_transport|D_acl|D_v)
777 debug_printf_indent(" %s %s\n", ptr == buffer ? "SMTP<<" : " ", ptr);
779 /* Check the format of the response: it must start with three digits; if
780 these are followed by a space or end of line, the response is complete. If
781 they are followed by '-' this is a multi-line response and we must look for
782 another line until the final line is reached. The only use made of multi-line
783 responses is to pass them back as error messages. We therefore just
784 concatenate them all within the buffer, which should be large enough to
785 accept any reasonable number of lines. */
791 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
793 errno = ERRNO_SMTPFORMAT; /* format error */
797 /* If the line we have just read is a terminal line, line, we are done.
798 Otherwise more data has to be read. */
800 if (ptr[3] != '-') break;
802 /* Move the reading pointer upwards in the buffer and insert \n between the
803 components of a multiline response. Space is left for this by read_response_
812 tfo_out_check(sx->cctx.sock);
815 /* Return a value that depends on the SMTP return code. On some systems a
816 non-zero value of errno has been seen at this point, so ensure it is zero,
817 because the caller of this function looks at errno when FALSE is returned, to
818 distinguish between an unexpected return code and other errors such as
819 timeouts, lost connections, etc. */
822 return buffer[0] == okdigit;
825 /* End of smtp_out.c */