1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2023 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
13 #if defined(SUPPORT_DANE) && defined(DISABLE_TLS)
14 # error TLS is required for DANE
18 /* Options specific to the smtp transport. This transport also supports LMTP
19 over TCP/IP. The options must be in alphabetic order (note that "_" comes
20 before the lower case letters). Some live in the transport_instance block so as
21 to be publicly visible; these are flagged with opt_public. */
23 #define LOFF(field) OPT_OFF(smtp_transport_options_block, field)
25 optionlist smtp_transport_options[] = {
26 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
27 OPT_OFF(transport_instance, expand_multi_domain) },
28 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
29 LOFF(expand_retry_include_ip_address) },
31 { "address_retry_include_sender", opt_bool,
32 LOFF(address_retry_include_sender) },
33 { "allow_localhost", opt_bool, LOFF(allow_localhost) },
34 #ifdef EXPERIMENTAL_ARC
35 { "arc_sign", opt_stringptr, LOFF(arc_sign) },
37 { "authenticated_sender", opt_stringptr, LOFF(authenticated_sender) },
38 { "authenticated_sender_force", opt_bool, LOFF(authenticated_sender_force) },
39 { "command_timeout", opt_time, LOFF(command_timeout) },
40 { "connect_timeout", opt_time, LOFF(connect_timeout) },
41 { "connection_max_messages", opt_int | opt_public,
42 OPT_OFF(transport_instance, connection_max_messages) },
44 { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
46 { "data_timeout", opt_time, LOFF(data_timeout) },
47 { "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },
49 { "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },
50 { "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },
51 { "dkim_hash", opt_stringptr, LOFF(dkim.dkim_hash) },
52 { "dkim_identity", opt_stringptr, LOFF(dkim.dkim_identity) },
53 { "dkim_private_key", opt_stringptr, LOFF(dkim.dkim_private_key) },
54 { "dkim_selector", opt_stringptr, LOFF(dkim.dkim_selector) },
55 { "dkim_sign_headers", opt_stringptr, LOFF(dkim.dkim_sign_headers) },
56 { "dkim_strict", opt_stringptr, LOFF(dkim.dkim_strict) },
57 { "dkim_timestamps", opt_stringptr, LOFF(dkim.dkim_timestamps) },
59 { "dns_qualify_single", opt_bool, LOFF(dns_qualify_single) },
60 { "dns_search_parents", opt_bool, LOFF(dns_search_parents) },
61 { "dnssec_request_domains", opt_stringptr, LOFF(dnssec.request) },
62 { "dnssec_require_domains", opt_stringptr, LOFF(dnssec.require) },
63 { "dscp", opt_stringptr, LOFF(dscp) },
64 { "fallback_hosts", opt_stringptr, LOFF(fallback_hosts) },
65 { "final_timeout", opt_time, LOFF(final_timeout) },
66 { "gethostbyname", opt_bool, LOFF(gethostbyname) },
67 { "helo_data", opt_stringptr, LOFF(helo_data) },
68 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
69 { "host_name_extract", opt_stringptr, LOFF(host_name_extract) },
71 { "hosts", opt_stringptr, LOFF(hosts) },
72 { "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
73 { "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
75 { "hosts_avoid_tls", opt_stringptr, LOFF(hosts_avoid_tls) },
77 { "hosts_max_try", opt_int, LOFF(hosts_max_try) },
78 { "hosts_max_try_hardlimit", opt_int, LOFF(hosts_max_try_hardlimit) },
80 { "hosts_nopass_tls", opt_stringptr, LOFF(hosts_nopass_tls) },
81 { "hosts_noproxy_tls", opt_stringptr, LOFF(hosts_noproxy_tls) },
83 { "hosts_override", opt_bool, LOFF(hosts_override) },
84 #ifndef DISABLE_PIPE_CONNECT
85 { "hosts_pipe_connect", opt_stringptr, LOFF(hosts_pipe_connect) },
87 { "hosts_randomize", opt_bool, LOFF(hosts_randomize) },
88 #if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
89 { "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },
91 { "hosts_require_alpn", opt_stringptr, LOFF(hosts_require_alpn) },
92 { "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },
95 { "hosts_require_dane", opt_stringptr, LOFF(hosts_require_dane) },
98 { "hosts_require_ocsp", opt_stringptr, LOFF(hosts_require_ocsp) },
100 { "hosts_require_tls", opt_stringptr, LOFF(hosts_require_tls) },
102 { "hosts_try_auth", opt_stringptr, LOFF(hosts_try_auth) },
103 { "hosts_try_chunking", opt_stringptr, LOFF(hosts_try_chunking) },
105 { "hosts_try_dane", opt_stringptr, LOFF(hosts_try_dane) },
107 { "hosts_try_fastopen", opt_stringptr, LOFF(hosts_try_fastopen) },
109 { "hosts_try_prdr", opt_stringptr, LOFF(hosts_try_prdr) },
112 { "hosts_verify_avoid_tls", opt_stringptr, LOFF(hosts_verify_avoid_tls) },
114 { "interface", opt_stringptr, LOFF(interface) },
115 { "keepalive", opt_bool, LOFF(keepalive) },
116 { "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },
117 { "max_rcpt", opt_stringptr | opt_public,
118 OPT_OFF(transport_instance, max_addresses) },
119 { "message_linelength_limit", opt_int, LOFF(message_linelength_limit) },
120 { "multi_domain", opt_expand_bool | opt_public,
121 OPT_OFF(transport_instance, multi_domain) },
122 { "port", opt_stringptr, LOFF(port) },
123 { "protocol", opt_stringptr, LOFF(protocol) },
124 { "retry_include_ip_address", opt_expand_bool, LOFF(retry_include_ip_address) },
125 { "serialize_hosts", opt_stringptr, LOFF(serialize_hosts) },
126 { "size_addition", opt_int, LOFF(size_addition) },
128 { "socks_proxy", opt_stringptr, LOFF(socks_proxy) },
131 { "tls_alpn", opt_stringptr, LOFF(tls_alpn) },
132 { "tls_certificate", opt_stringptr, LOFF(tls_certificate) },
133 { "tls_crl", opt_stringptr, LOFF(tls_crl) },
134 { "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },
135 { "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },
136 { "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },
137 # ifndef DISABLE_TLS_RESUME
138 { "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },
140 { "tls_sni", opt_stringptr, LOFF(tls_sni) },
141 { "tls_tempfail_tryclear", opt_bool, LOFF(tls_tempfail_tryclear) },
142 { "tls_try_verify_hosts", opt_stringptr, LOFF(tls_try_verify_hosts) },
143 { "tls_verify_cert_hostnames", opt_stringptr, LOFF(tls_verify_cert_hostnames)},
144 { "tls_verify_certificates", opt_stringptr, LOFF(tls_verify_certificates) },
145 { "tls_verify_hosts", opt_stringptr, LOFF(tls_verify_hosts) },
148 { "utf8_downconvert", opt_stringptr, LOFF(utf8_downconvert) },
152 /* Size of the options list. An extern variable has to be used so that its
153 address can appear in the tables drtables.c. */
155 int smtp_transport_options_count = nelem(smtp_transport_options);
161 smtp_transport_options_block smtp_transport_option_defaults = {0};
162 void smtp_transport_init(transport_instance *tblock) {}
163 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
164 void smtp_transport_closedown(transport_instance *tblock) {}
166 #else /*!MACRO_PREDEF*/
169 /* Default private options block for the smtp transport. */
171 smtp_transport_options_block smtp_transport_option_defaults = {
172 /* All non-mentioned elements 0/NULL/FALSE */
173 .helo_data = US"$primary_hostname",
174 .protocol = US"smtp",
175 .hosts_try_chunking = US"*",
177 .hosts_try_dane = US"*",
179 .hosts_try_fastopen = US"*",
181 .hosts_try_prdr = US"*",
184 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
186 .command_timeout = 5*60,
187 .connect_timeout = 5*60,
188 .data_timeout = 5*60,
189 .final_timeout = 10*60,
190 .size_addition = 1024,
192 .hosts_max_try_hardlimit = 50,
193 .message_linelength_limit = 998,
194 .address_retry_include_sender = TRUE,
195 .dns_qualify_single = TRUE,
196 .dnssec = { .request= US"*", .require=NULL },
197 .delay_after_cutoff = TRUE,
199 .retry_include_ip_address = TRUE,
201 .tls_verify_certificates = US"system",
202 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
203 .tls_tempfail_tryclear = TRUE,
204 .tls_try_verify_hosts = US"*",
205 .tls_verify_cert_hostnames = US"*",
208 .utf8_downconvert = US"-1",
212 { .dkim_hash = US"sha256", },
216 /* some DSN flags for use later */
218 static int rf_list[] = {rf_notify_never, rf_notify_success,
219 rf_notify_failure, rf_notify_delay };
221 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
227 static uschar *smtp_command; /* Points to last cmd for error messages */
228 static uschar *mail_command; /* Points to MAIL cmd for error messages */
229 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
230 static BOOL update_waiting; /* TRUE to update the "wait" database */
232 /*XXX move to smtp_context */
233 static BOOL pipelining_active; /* current transaction is in pipe mode */
236 static unsigned ehlo_response(uschar * buf, unsigned checks);
239 /******************************************************************************/
242 smtp_deliver_init(void)
246 const pcre2_code ** re;
247 const uschar * string;
250 { ®ex_AUTH, AUTHS_REGEX },
251 { ®ex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)" },
252 { ®ex_DSN, US"\\n250[\\s\\-]DSN(\\s|\\n|$)" },
253 { ®ex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)" },
254 { ®ex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)" },
255 { ®ex_SIZE, US"\\n250[\\s\\-]SIZE(\\s|\\n|$)" },
258 { ®ex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)" },
261 { ®ex_PRDR, US"\\n250[\\s\\-]PRDR(\\s|\\n|$)" },
264 { ®ex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)" },
266 #ifndef DISABLE_PIPE_CONNECT
267 { ®ex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)" },
269 #ifdef EXPERIMENTAL_ESMTP_LIMITS
270 { ®ex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" },
274 for (struct list * l = list; l < list + nelem(list); l++)
276 *l->re = regex_must_compile(l->string, MCS_NOFLAGS, TRUE);
280 /*************************************************
281 * Setup entry point *
282 *************************************************/
284 /* This function is called when the transport is about to be used,
285 but before running it in a sub-process. It is used for two things:
287 (1) To set the fallback host list in addresses, when delivering.
288 (2) To pass back the interface, port, protocol, and other options, for use
289 during callout verification.
292 tblock pointer to the transport instance block
293 addrlist list of addresses about to be transported
294 tf if not NULL, pointer to block in which to return options
295 uid the uid that will be set (not used)
296 gid the gid that will be set (not used)
297 errmsg place for error message (not used)
299 Returns: OK always (FAIL, DEFER not used)
303 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
304 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
306 smtp_transport_options_block *ob = SOB tblock->options_block;
308 /* Pass back options if required. This interface is getting very messy. */
312 tf->interface = ob->interface;
314 tf->protocol = ob->protocol;
315 tf->hosts = ob->hosts;
316 tf->hosts_override = ob->hosts_override;
317 tf->hosts_randomize = ob->hosts_randomize;
318 tf->gethostbyname = ob->gethostbyname;
319 tf->qualify_single = ob->dns_qualify_single;
320 tf->search_parents = ob->dns_search_parents;
321 tf->helo_data = ob->helo_data;
324 /* Set the fallback host list for all the addresses that don't have fallback
325 host lists, provided that the local host wasn't present in the original host
328 if (!testflag(addrlist, af_local_host_removed))
329 for (; addrlist; addrlist = addrlist->next)
330 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
337 /*************************************************
338 * Initialization entry point *
339 *************************************************/
341 /* Called for each instance, after its options have been read, to
342 enable consistency checks to be done, or anything else that needs
345 Argument: pointer to the transport instance block
350 smtp_transport_init(transport_instance *tblock)
352 smtp_transport_options_block * ob = SOB tblock->options_block;
353 int old_pool = store_pool;
355 /* Retry_use_local_part defaults FALSE if unset */
357 if (tblock->retry_use_local_part == TRUE_UNSET)
358 tblock->retry_use_local_part = FALSE;
360 /* Set the default port according to the protocol */
363 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
365 : strcmpic(ob->protocol, US"smtps") == 0
366 ? US"smtps" : US"smtp";
368 /* Set up the setup entry point, to be called before subprocesses for this
371 tblock->setup = smtp_transport_setup;
373 /* Complain if any of the timeouts are zero. */
375 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
376 ob->final_timeout <= 0)
377 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
378 "command, data, or final timeout value is zero for %s transport",
381 /* If hosts_override is set and there are local hosts, set the global
382 flag that stops verify from showing router hosts. */
384 if (ob->hosts_override && ob->hosts) tblock->overrides_hosts = TRUE;
386 /* If there are any fallback hosts listed, build a chain of host items
387 for them, but do not do any lookups at this time. */
389 store_pool = POOL_PERM;
390 host_build_hostlist(&ob->fallback_hostlist, ob->fallback_hosts, FALSE);
391 store_pool = old_pool;
398 /*************************************************
399 * Set delivery info into all active addresses *
400 *************************************************/
402 /* Only addresses whose status is >= PENDING are relevant. A lesser
403 status means that an address is not currently being processed.
406 addrlist points to a chain of addresses
407 errno_value to put in each address's errno field
408 msg to put in each address's message field
409 rc to put in each address's transport_return field
410 pass_message if TRUE, set the "pass message" flag in the address
411 host if set, mark addrs as having used this host
412 smtp_greeting from peer
413 helo_response from peer
414 start points to timestamp of delivery start
416 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
417 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
418 this particular type of timeout.
424 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
425 BOOL pass_message, host_item * host,
426 #ifdef EXPERIMENTAL_DSN_INFO
427 const uschar * smtp_greeting, const uschar * helo_response,
429 struct timeval * start
433 struct timeval deliver_time;
435 if (errno_value == ERRNO_CONNECTTIMEOUT)
437 errno_value = ETIMEDOUT;
438 orvalue = RTEF_CTOUT;
440 timesince(&deliver_time, start);
442 for (address_item * addr = addrlist; addr; addr = addr->next)
443 if (addr->transport_return >= PENDING)
445 addr->basic_errno = errno_value;
446 addr->more_errno |= orvalue;
447 addr->delivery_time = deliver_time;
451 if (pass_message) setflag(addr, af_pass_message);
453 addr->transport_return = rc;
456 addr->host_used = host;
457 #ifdef EXPERIMENTAL_DSN_INFO
459 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
460 addr->smtp_greeting = smtp_greeting;
463 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
464 addr->helo_response = helo_response;
471 set_errno_nohost(address_item * addrlist, int errno_value, uschar * msg, int rc,
472 BOOL pass_message, struct timeval * start)
474 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL,
475 #ifdef EXPERIMENTAL_DSN_INFO
482 /*************************************************
483 * Check an SMTP response *
484 *************************************************/
486 /* This function is given an errno code and the SMTP response buffer
487 to analyse, together with the host identification for generating messages. It
488 sets an appropriate message and puts the first digit of the response code into
489 the yield variable. If no response was actually read, a suitable digit is
493 host the current host, to get its name for messages
494 errno_value pointer to the errno value
495 more_errno from the top address for use with ERRNO_FILTER_FAIL
496 buffer the SMTP response buffer
497 yield where to put a one-digit SMTP response code
498 message where to put an error message
499 pass_message set TRUE if message is an SMTP response
501 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
505 check_response(host_item *host, int *errno_value, int more_errno,
506 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
508 uschar * pl = pipelining_active ? US"pipelined " : US"";
511 *yield = '4'; /* Default setting is to give a temporary error */
515 case ETIMEDOUT: /* Handle response timeout */
516 *message = US string_sprintf("SMTP timeout after %s%s",
518 if (transport_count > 0)
519 *message = US string_sprintf("%s (%d bytes written)", *message,
523 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
524 s = string_printing(buffer);
525 while (isspace(*s)) s++;
527 ? string_sprintf("Malformed SMTP reply (an empty line) "
528 "in response to %s%s", pl, smtp_command)
529 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
530 pl, smtp_command, s);
533 case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
535 *message = US"bad first read from TLS conn";
538 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
539 can't send QUIT as we mustn't end the DATA. */
540 *message = string_sprintf("transport filter process failed (%d)%s",
542 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
545 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
546 can't send QUIT as we mustn't end the DATA. */
548 string_sprintf("failed to expand headers_add or headers_remove: %s",
549 expand_string_message);
552 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
553 *message = US"failed to write a data block";
557 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
558 *message = US"utf8 support required but not offered for forwarding";
559 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
564 /* Handle error responses from the remote mailer. */
568 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
569 "%s", pl, smtp_command, s = string_printing(buffer));
570 *pass_message = TRUE;
575 /* No data was read. If there is no errno, this must be the EOF (i.e.
576 connection closed) case, which causes deferral. An explicit connection reset
577 error has the same effect. Otherwise, put the host's identity in the message,
578 leaving the errno value to be interpreted as well. In all cases, we have to
579 assume the connection is now dead. */
581 if (*errno_value == 0 || *errno_value == ECONNRESET)
583 *errno_value = ERRNO_SMTPCLOSED;
584 *message = US string_sprintf("Remote host closed connection "
585 "in response to %s%s", pl, smtp_command);
588 *message = US string_sprintf("%s [%s]", host->name, host->address);
595 /*************************************************
596 * Write error message to logs *
597 *************************************************/
599 /* This writes to the main log and to the message log.
602 host the current host
603 detail the current message (addr_item->message)
604 basic_errno the errno (addr_item->basic_errno)
610 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
612 gstring * message = LOGGING(outgoing_port)
613 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
614 host->port == PORT_NONE ? 25 : host->port)
615 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
619 message = string_fmt_append(message, ": %s", suffix);
621 message = string_fmt_append(message, ": %s", strerror(basic_errno));
624 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
626 log_write(0, LOG_MAIN, "%Y", message);
627 deliver_msglog("%s %.*s\n", tod_stamp(tod_log), message->ptr, message->s);
631 msglog_line(host_item * host, uschar * message)
633 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
634 host->name, host->address, message);
639 #ifndef DISABLE_EVENT
640 /*************************************************
641 * Post-defer action *
642 *************************************************/
644 /* This expands an arbitrary per-transport string.
645 It might, for example, be used to write to the database log.
648 addr the address item containing error information
649 host the current host
656 deferred_event_raise(address_item * addr, host_item * host, uschar * evstr)
658 uschar * action = addr->transport->event_action;
659 const uschar * save_domain, * save_local;
664 save_domain = deliver_domain;
665 save_local = deliver_localpart;
667 /*XXX would ip & port already be set up? */
668 deliver_host_address = string_copy(host->address);
669 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
670 event_defer_errno = addr->basic_errno;
672 router_name = addr->router->name;
673 transport_name = addr->transport->name;
674 deliver_domain = addr->domain;
675 deliver_localpart = addr->local_part;
677 (void) event_raise(action, evstr,
679 ? addr->basic_errno > 0
680 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
681 : string_copy(addr->message)
682 : addr->basic_errno > 0
683 ? string_copy(US strerror(addr->basic_errno))
687 deliver_localpart = save_local;
688 deliver_domain = save_domain;
689 router_name = transport_name = NULL;
693 /*************************************************
694 * Reap SMTP specific responses *
695 *************************************************/
697 smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
700 uschar flushbuffer[4096];
704 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
705 '2', ob->command_timeout)
706 && (errno != 0 || flushbuffer[0] == 0))
713 /* Return boolean success */
716 smtp_reap_banner(smtp_context * sx)
719 #if defined(__linux__) && defined(TCP_QUICKACK)
720 { /* Hack to get QUICKACK disabled; has to be right after 3whs, and has to on->off */
721 int sock = sx->cctx.sock;
722 struct pollfd p = {.fd = sock, .events = POLLOUT};
723 if (poll(&p, 1, 1000) >= 0) /* retval test solely for compiler quitening */
725 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &on, sizeof(on));
726 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
730 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
731 '2', (SOB sx->conn_args.ob)->command_timeout);
732 #ifdef EXPERIMENTAL_DSN_INFO
733 sx->smtp_greeting = string_copy(sx->buffer);
735 return good_response;
739 smtp_reap_ehlo(smtp_context * sx)
741 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
742 (SOB sx->conn_args.ob)->command_timeout))
744 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
746 #ifdef EXPERIMENTAL_DSN_INFO
747 sx->helo_response = string_copy(sx->buffer);
753 #ifdef EXPERIMENTAL_DSN_INFO
754 sx->helo_response = string_copy(sx->buffer);
756 #ifndef DISABLE_EVENT
757 (void) event_raise(sx->conn_args.tblock->event_action,
758 US"smtp:ehlo", sx->buffer, NULL);
764 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
766 /* Grab a string differentiating server behind a loadbalancer, for TLS
767 resumption when such servers do not share a session-cache */
770 ehlo_response_lbserver(smtp_context * sx, const uschar * name_extract)
773 uschar * save_item = iterate_item;
775 if (sx->conn_args.have_lbserver)
777 iterate_item = sx->buffer;
778 s = expand_cstring(name_extract);
779 iterate_item = save_item;
780 sx->conn_args.host_lbserver = s && !*s ? NULL : s;
781 sx->conn_args.have_lbserver = TRUE;
787 /******************************************************************************/
789 #ifdef EXPERIMENTAL_ESMTP_LIMITS
790 /* If TLS, or TLS not offered, called with the EHLO response in the buffer.
791 Check it for a LIMITS keyword and parse values into the smtp context structure.
793 We don't bother with peers that we won't talk TLS to, even though they can,
794 just ignore their LIMITS advice (if any) and treat them as if they do not.
795 This saves us dealing with a duplicate set of values. */
798 ehlo_response_limits_read(smtp_context * sx)
802 /* matches up to just after the first space after the keyword */
804 if (regex_match(regex_LIMITS, sx->buffer, -1, &match))
805 for (const uschar * s = sx->buffer + Ustrlen(match); *s; )
807 while (isspace(*s)) s++;
808 if (*s == '\n') break;
810 if (strncmpic(s, US"MAILMAX=", 8) == 0)
812 sx->peer_limit_mail = atoi(CS (s += 8));
813 while (isdigit(*s)) s++;
815 else if (strncmpic(s, US"RCPTMAX=", 8) == 0)
817 sx->peer_limit_rcpt = atoi(CS (s += 8));
818 while (isdigit(*s)) s++;
820 else if (strncmpic(s, US"RCPTDOMAINMAX=", 14) == 0)
822 sx->peer_limit_rcptdom = atoi(CS (s += 14));
823 while (isdigit(*s)) s++;
826 while (*s && !isspace(*s)) s++;
830 /* Apply given values to the current connection */
832 ehlo_limits_apply(smtp_context * sx,
833 unsigned limit_mail, unsigned limit_rcpt, unsigned limit_rcptdom)
835 if (limit_mail && limit_mail < sx->max_mail) sx->max_mail = limit_mail;
836 if (limit_rcpt && limit_rcpt < sx->max_rcpt) sx->max_rcpt = limit_rcpt;
839 DEBUG(D_transport) debug_printf("will treat as !multi_domain\n");
840 sx->single_rcpt_domain = TRUE;
844 /* Apply values from EHLO-resp to the current connection */
846 ehlo_response_limits_apply(smtp_context * sx)
848 ehlo_limits_apply(sx, sx->peer_limit_mail, sx->peer_limit_rcpt,
849 sx->peer_limit_rcptdom);
852 /* Apply values read from cache to the current connection */
854 ehlo_cache_limits_apply(smtp_context * sx)
856 # ifndef DISABLE_PIPE_CONNECT
857 ehlo_limits_apply(sx, sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
858 sx->ehlo_resp.limit_rcptdom);
861 #endif /*EXPERIMENTAL_ESMTP_LIMITS*/
863 /******************************************************************************/
865 #ifndef DISABLE_PIPE_CONNECT
867 ehlo_cache_key(const smtp_context * sx)
869 host_item * host = sx->conn_args.host;
870 return Ustrchr(host->address, ':')
871 ? string_sprintf("[%s]:%d.EHLO", host->address,
872 host->port == PORT_NONE ? sx->port : host->port)
873 : string_sprintf("%s:%d.EHLO", host->address,
874 host->port == PORT_NONE ? sx->port : host->port);
877 /* Cache EHLO-response info for use by early-pipe.
879 - During a normal flow on EHLO response (either cleartext or under TLS),
880 when we are willing to do PIPECONNECT and it is offered
881 - During an early-pipe flow on receiving the actual EHLO response and noting
882 disparity versus the cached info used, when PIPECONNECT is still being offered
884 We assume that suitable values have been set in the sx.ehlo_resp structure for
885 features and auths; we handle the copy of limits. */
888 write_ehlo_cache_entry(smtp_context * sx)
890 open_db dbblock, * dbm_file;
892 # ifdef EXPERIMENTAL_ESMTP_LIMITS
893 sx->ehlo_resp.limit_mail = sx->peer_limit_mail;
894 sx->ehlo_resp.limit_rcpt = sx->peer_limit_rcpt;
895 sx->ehlo_resp.limit_rcptdom = sx->peer_limit_rcptdom;
898 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
900 uschar * ehlo_resp_key = ehlo_cache_key(sx);
901 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
904 # ifdef EXPERIMENTAL_ESMTP_LIMITS
905 if (sx->ehlo_resp.limit_mail || sx->ehlo_resp.limit_rcpt || sx->ehlo_resp.limit_rcptdom)
906 debug_printf("writing clr %04x/%04x cry %04x/%04x lim %05d/%05d/%05d\n",
907 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
908 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths,
909 sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
910 sx->ehlo_resp.limit_rcptdom);
913 debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
914 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
915 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
917 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
918 dbfn_close(dbm_file);
923 invalidate_ehlo_cache_entry(smtp_context * sx)
925 open_db dbblock, * dbm_file;
927 if ( sx->early_pipe_active
928 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
930 uschar * ehlo_resp_key = ehlo_cache_key(sx);
933 dbdata_ehlo_resp * er;
935 if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
936 debug_printf("no ehlo-resp record!\n");
938 debug_printf("ehlo-resp record is %d seconds old\n", time(NULL) - er->time_stamp);
941 dbfn_delete(dbm_file, ehlo_resp_key);
942 dbfn_close(dbm_file);
947 read_ehlo_cache_entry(smtp_context * sx)
952 if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE, TRUE)))
953 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
956 uschar * ehlo_resp_key = ehlo_cache_key(sx);
957 dbdata_ehlo_resp * er;
959 if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
960 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
961 else if (time(NULL) - er->time_stamp > retry_data_expire)
963 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
964 dbfn_close(dbm_file);
965 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
966 dbfn_delete(dbm_file, ehlo_resp_key);
971 # ifdef EXPERIMENTAL_ESMTP_LIMITS
972 if (er->data.limit_mail || er->data.limit_rcpt || er->data.limit_rcptdom)
973 debug_printf("EHLO response bits from cache:"
974 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x lim %05d/%05d/%05d\n",
975 er->data.cleartext_features, er->data.cleartext_auths,
976 er->data.crypted_features, er->data.crypted_auths,
977 er->data.limit_mail, er->data.limit_rcpt, er->data.limit_rcptdom);
980 debug_printf("EHLO response bits from cache:"
981 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x\n",
982 er->data.cleartext_features, er->data.cleartext_auths,
983 er->data.crypted_features, er->data.crypted_auths);
985 sx->ehlo_resp = er->data;
986 # ifdef EXPERIMENTAL_ESMTP_LIMITS
987 ehlo_cache_limits_apply(sx);
989 dbfn_close(dbm_file);
992 dbfn_close(dbm_file);
999 /* Return an auths bitmap for the set of AUTH methods offered by the server
1000 which match our client-side authenticators. */
1002 static unsigned short
1003 study_ehlo_auths(smtp_context * sx)
1008 unsigned short authbits = 0;
1010 if (!sx->esmtp) return 0;
1011 if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, MCS_NOFLAGS, TRUE);
1012 if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
1013 expand_nmax = -1; /* reset */
1014 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1016 for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
1018 const uschar * list = names;
1020 for (int sep = ' '; s = string_nextinlist(&list, &sep, NULL, 0); )
1021 if (strcmpic(au->public_name, s) == 0)
1022 { authbits |= BIT(authnum); break; }
1026 debug_printf("server offers %s AUTH, methods '%s', usable-bitmap 0x%04x\n",
1027 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
1029 if (tls_out.active.sock >= 0)
1030 sx->ehlo_resp.crypted_auths = authbits;
1032 sx->ehlo_resp.cleartext_auths = authbits;
1039 /* Wait for and check responses for early-pipelining.
1041 Called from the lower-level smtp_read_response() function
1042 used for general code that assume synchronisation, if context
1043 flags indicate outstanding early-pipelining commands. Also
1044 called fom sync_responses() which handles pipelined commands.
1047 sx smtp connection context
1048 countp number of outstanding responses, adjusted on return
1052 DEFER error on first read of TLS'd conn
1053 FAIL SMTP error in response
1056 smtp_reap_early_pipe(smtp_context * sx, int * countp)
1058 BOOL pending_BANNER = sx->pending_BANNER;
1059 BOOL pending_EHLO = sx->pending_EHLO;
1062 sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
1063 sx->pending_EHLO = FALSE;
1069 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
1071 if (!smtp_reap_banner(sx))
1073 DEBUG(D_transport) debug_printf("bad banner\n");
1074 if (tls_out.active.sock >= 0) rc = DEFER;
1077 /*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
1079 # ifndef DISABLE_TLS_RESUME
1080 s = ((smtp_transport_options_block *)sx->conn_args.ob)->host_name_extract;
1081 if (!s) s = HNE_DEFAULT;
1082 ehlo_response_lbserver(sx, s);
1088 unsigned peer_offered;
1089 unsigned short authbits = 0, * ap;
1091 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
1093 if (!smtp_reap_ehlo(sx))
1095 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
1096 if (tls_out.active.sock >= 0) rc = DEFER;
1100 /* Compare the actual EHLO response extensions and AUTH methods to the cached
1101 value we assumed; on difference, dump or rewrite the cache and arrange for a
1104 ap = tls_out.active.sock < 0
1105 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
1107 peer_offered = ehlo_response(sx->buffer,
1108 (tls_out.active.sock < 0 ? OPTION_TLS : 0)
1109 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
1110 | OPTION_UTF8 | OPTION_EARLY_PIPE
1112 # ifdef EXPERIMENTAL_ESMTP_LIMITS
1113 if (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1114 ehlo_response_limits_read(sx);
1116 if ( peer_offered != sx->peer_offered
1117 || (authbits = study_ehlo_auths(sx)) != *ap)
1120 debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1121 tls_out.active.sock < 0 ? "cleartext" : "crypted",
1122 sx->peer_offered, *ap, peer_offered, authbits);
1123 if (peer_offered & OPTION_EARLY_PIPE)
1125 *(tls_out.active.sock < 0
1126 ? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) =
1129 write_ehlo_cache_entry(sx);
1133 invalidate_ehlo_cache_entry(sx);
1134 sx->early_pipe_active = FALSE; /* cancel further early-pipe on this conn */
1137 return OK; /* just carry on */
1139 # ifdef EXPERIMENTAL_ESMTP_LIMITS
1140 /* If we are handling LIMITS, compare the actual EHLO LIMITS values with the
1141 cached values and invalidate cache if different. OK to carry on with
1142 connect since values are advisory. */
1144 if ( (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1145 && ( sx->peer_limit_mail != sx->ehlo_resp.limit_mail
1146 || sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt
1147 || sx->peer_limit_rcptdom != sx->ehlo_resp.limit_rcptdom
1152 debug_printf("EHLO LIMITS changed:");
1153 if (sx->peer_limit_mail != sx->ehlo_resp.limit_mail)
1154 debug_printf(" MAILMAX %u -> %u\n", sx->ehlo_resp.limit_mail, sx->peer_limit_mail);
1155 else if (sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt)
1156 debug_printf(" RCPTMAX %u -> %u\n", sx->ehlo_resp.limit_rcpt, sx->peer_limit_rcpt);
1158 debug_printf(" RCPTDOMAINMAX %u -> %u\n", sx->ehlo_resp.limit_rcptdom, sx->peer_limit_rcptdom);
1160 invalidate_ehlo_cache_entry(sx);
1168 invalidate_ehlo_cache_entry(sx);
1169 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
1172 #endif /*!DISABLE_PIPE_CONNECT*/
1175 /*************************************************
1176 * Synchronize SMTP responses *
1177 *************************************************/
1179 /* This function is called from smtp_deliver() to receive SMTP responses from
1180 the server, and match them up with the commands to which they relate. When
1181 PIPELINING is not in use, this function is called after every command, and is
1182 therefore somewhat over-engineered, but it is simpler to use a single scheme
1183 that works both with and without PIPELINING instead of having two separate sets
1186 The set of commands that are buffered up with pipelining may start with MAIL
1187 and may end with DATA; in between are RCPT commands that correspond to the
1188 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1189 etc.) are never buffered.
1191 Errors after MAIL or DATA abort the whole process leaving the response in the
1192 buffer. After MAIL, pending responses are flushed, and the original command is
1193 re-instated in big_buffer for error messages. For RCPT commands, the remote is
1194 permitted to reject some recipient addresses while accepting others. However
1195 certain errors clearly abort the whole process. Set the value in
1196 transport_return to PENDING_OK if the address is accepted. If there is a
1197 subsequent general error, it will get reset accordingly. If not, it will get
1198 converted to OK at the end.
1201 sx smtp connection context
1202 count the number of responses to read
1203 pending_DATA 0 if last command sent was not DATA
1204 +1 if previously had a good recipient
1205 -1 if not previously had a good recipient
1207 Returns: 3 if at least one address had 2xx and one had 5xx
1208 2 if at least one address had 5xx but none had 2xx
1209 1 if at least one host had a 2xx response, but none had 5xx
1210 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1211 -1 timeout while reading RCPT response
1212 -2 I/O or other non-response error for RCPT
1213 -3 DATA or MAIL failed - errno and buffer set
1214 -4 banner or EHLO failed (early-pipelining)
1215 -5 banner or EHLO failed (early-pipelining, TLS)
1219 sync_responses(smtp_context * sx, int count, int pending_DATA)
1221 address_item * addr = sx->sync_addr;
1222 smtp_transport_options_block * ob = sx->conn_args.ob;
1225 #ifndef DISABLE_PIPE_CONNECT
1227 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
1228 return rc == FAIL ? -4 : -5;
1231 /* Handle the response for a MAIL command. On error, reinstate the original
1232 command in big_buffer for error message use, and flush any further pending
1233 responses before returning, except after I/O errors and timeouts. */
1235 if (sx->pending_MAIL)
1237 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
1239 sx->pending_MAIL = sx->RCPT_452 = FALSE;
1240 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1241 '2', ob->command_timeout))
1243 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
1244 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
1245 if (errno == ERRNO_TLSFAILURE)
1247 if (errno == 0 && sx->buffer[0] != 0)
1250 if (sx->buffer[0] == '4')
1252 save_errno = ERRNO_MAIL4XX;
1253 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1255 count = smtp_discard_responses(sx, ob, count);
1259 if (pending_DATA) count--; /* Number of RCPT responses to come */
1260 while (count-- > 0) /* Mark any pending addrs with the host used */
1262 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
1263 addr->host_used = sx->conn_args.host;
1270 if (pending_DATA) count--; /* Number of RCPT responses to come */
1272 /* Read and handle the required number of RCPT responses, matching each one up
1273 with an address by scanning for the next address whose status is PENDING_DEFER.
1278 while (addr->transport_return != PENDING_DEFER)
1279 if (!(addr = addr->next))
1282 /* The address was accepted */
1283 addr->host_used = sx->conn_args.host;
1285 DEBUG(D_transport) debug_printf("%s expect rcpt for %s\n", __FUNCTION__, addr->address);
1286 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1287 '2', ob->command_timeout))
1290 addr->transport_return = PENDING_OK;
1292 /* If af_dr_retry_exists is set, there was a routing delay on this address;
1293 ensure that any address-specific retry record is expunged. We do this both
1294 for the basic key and for the version that also includes the sender. */
1296 if (testflag(addr, af_dr_retry_exists))
1298 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1300 retry_add_item(addr, altkey, rf_delete);
1301 retry_add_item(addr, addr->address_retry_key, rf_delete);
1305 /* Error on first TLS read */
1307 else if (errno == ERRNO_TLSFAILURE)
1310 /* Timeout while reading the response */
1312 else if (errno == ETIMEDOUT)
1314 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
1315 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1316 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE, &sx->delivery_start);
1317 retry_add_item(addr, addr->address_retry_key, 0);
1318 update_waiting = FALSE;
1322 /* Handle other errors in obtaining an SMTP response by returning -1. This
1323 will cause all the addresses to be deferred. Restore the SMTP command in
1324 big_buffer for which we are checking the response, so the error message
1327 else if (errno != 0 || sx->buffer[0] == 0)
1329 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }, * g = &gs;
1331 /* Use taint-unchecked routines for writing into big_buffer, trusting
1332 that we'll never expand it. */
1334 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "RCPT TO:<%s>",
1335 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1336 string_from_gstring(g);
1340 /* Handle SMTP permanent and temporary response codes. */
1345 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
1346 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
1347 string_printing(sx->buffer));
1348 setflag(addr, af_pass_message);
1350 msglog_line(sx->conn_args.host, addr->message);
1352 /* The response was 5xx */
1354 if (sx->buffer[0] == '5')
1356 addr->transport_return = FAIL;
1360 /* The response was 4xx */
1364 addr->transport_return = DEFER;
1365 addr->basic_errno = ERRNO_RCPT4XX;
1366 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1370 #ifndef DISABLE_EVENT
1371 event_defer_errno = addr->more_errno;
1372 msg_event_raise(US"msg:rcpt:host:defer", addr);
1374 /* If a 452 and we've had at least one 2xx or 5xx, set next_addr to the
1375 start point for another MAIL command. */
1377 if (addr->more_errno >> 8 == 52 && yield & 3)
1379 if (!sx->RCPT_452) /* initialised at MAIL-ack above */
1382 debug_printf("%s: seen first 452 too-many-rcpts\n", __FUNCTION__);
1383 sx->RCPT_452 = TRUE;
1384 sx->next_addr = addr;
1386 addr->transport_return = PENDING_DEFER;
1387 addr->basic_errno = 0;
1391 /* Log temporary errors if there are more hosts to be tried.
1392 If not, log this last one in the == line. */
1394 if (sx->conn_args.host->next)
1395 if (LOGGING(outgoing_port))
1396 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1397 sx->conn_args.host->address,
1398 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1400 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1401 sx->conn_args.host->address, addr->message);
1403 #ifndef DISABLE_EVENT
1405 msg_event_raise(US"msg:rcpt:defer", addr);
1408 /* Do not put this message on the list of those waiting for specific
1409 hosts, as otherwise it is likely to be tried too often. */
1411 update_waiting = FALSE;
1413 /* Add a retry item for the address so that it doesn't get tried again
1414 too soon. If address_retry_include_sender is true, add the sender address
1415 to the retry key. */
1417 retry_add_item(addr,
1418 ob->address_retry_include_sender
1419 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1420 : addr->address_retry_key,
1426 if (count && !(addr = addr->next))
1428 } /* Loop for next RCPT response */
1430 /* Update where to start at for the next block of responses, unless we
1431 have already handled all the addresses. */
1433 if (addr) sx->sync_addr = addr->next;
1435 /* Handle a response to DATA. If we have not had any good recipients, either
1436 previously or in this block, the response is ignored. */
1438 if (pending_DATA != 0)
1440 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
1441 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1442 '3', ob->command_timeout))
1448 if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
1451 if (pending_DATA > 0 || (yield & 1) != 0)
1453 if (errno == 0 && sx->buffer[0] == '4')
1455 errno = ERRNO_DATA4XX;
1456 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1460 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
1461 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1462 "is in use and there were no good recipients\n", msg);
1466 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1467 present) received 3xx. If any RCPTs were handled and yielded anything other
1468 than 4xx, yield will be set non-zero. */
1477 /* Try an authenticator's client entry */
1480 try_authenticator(smtp_context * sx, auth_instance * au)
1482 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1483 host_item * host = sx->conn_args.host; /* host to deliver to */
1486 /* Set up globals for error messages */
1488 authenticator_name = au->name;
1489 driver_srcfile = au->srcfile;
1490 driver_srcline = au->srcline;
1492 sx->outblock.authenticating = TRUE;
1493 rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1494 sx->buffer, sizeof(sx->buffer));
1495 sx->outblock.authenticating = FALSE;
1496 driver_srcfile = authenticator_name = NULL; driver_srcline = 0;
1497 DEBUG(D_transport) debug_printf("%s authenticator yielded %s\n", au->name, rc_names[rc]);
1499 /* A temporary authentication failure must hold up delivery to
1500 this host. After a permanent authentication failure, we carry on
1501 to try other authentication methods. If all fail hard, try to
1502 deliver the message unauthenticated unless require_auth was set. */
1507 f.smtp_authenticated = TRUE; /* stops the outer loop */
1508 client_authenticator = au->name;
1509 if (au->set_client_id)
1510 client_authenticated_id = expand_string(au->set_client_id);
1513 /* Failure after writing a command */
1518 /* Failure after reading a response */
1522 uschar * logmsg = NULL;
1524 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1525 #ifndef DISABLE_EVENT
1527 uschar * save_name = sender_host_authenticated;
1528 sender_host_authenticated = au->name;
1529 if ((logmsg = event_raise(sx->conn_args.tblock->event_action, US"auth:fail",
1531 log_write(0, LOG_MAIN, "%s", logmsg);
1532 sender_host_authenticated = save_name;
1536 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1537 au->name, host->name, host->address, sx->buffer);
1541 /* Failure by some other means. In effect, the authenticator
1542 decided it wasn't prepared to handle this case. Typically this
1543 is the result of "fail" in an expansion string. Do we need to
1544 log anything here? Feb 2006: a message is now put in the buffer
1545 if logging is required. */
1548 if (*sx->buffer != 0)
1549 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1550 "authentication H=%s [%s] %s", au->name, host->name,
1551 host->address, sx->buffer);
1554 /* Internal problem, message in buffer. */
1557 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1558 DEFER, FALSE, &sx->delivery_start);
1567 /* Do the client side of smtp-level authentication.
1570 sx smtp connection context
1572 sx->buffer should have the EHLO response from server (gets overwritten)
1575 OK Success, or failed (but not required): global "smtp_authenticated" set
1576 DEFER Failed authentication (and was required)
1577 ERROR Internal problem
1579 FAIL_SEND Failed communications - transmit
1584 smtp_auth(smtp_context * sx)
1586 host_item * host = sx->conn_args.host; /* host to deliver to */
1587 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1588 int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1589 #ifndef DISABLE_PIPE_CONNECT
1590 unsigned short authbits = tls_out.active.sock >= 0
1591 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1593 uschar * fail_reason = US"server did not advertise AUTH support";
1595 f.smtp_authenticated = FALSE;
1596 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1599 regex_AUTH = regex_must_compile(AUTHS_REGEX, MCS_NOFLAGS, TRUE);
1601 /* Is the server offering AUTH? */
1605 #ifndef DISABLE_PIPE_CONNECT
1606 sx->early_pipe_active ? authbits
1609 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1612 uschar * names = NULL;
1613 expand_nmax = -1; /* reset */
1615 #ifndef DISABLE_PIPE_CONNECT
1616 if (!sx->early_pipe_active)
1618 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1620 /* Must not do this check until after we have saved the result of the
1621 regex match above as the check could be another RE. */
1623 if ( require_auth == OK
1624 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
1626 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1627 fail_reason = US"no common mechanisms were found";
1629 #ifndef DISABLE_PIPE_CONNECT
1630 if (sx->early_pipe_active)
1632 /* Scan our authenticators (which support use by a client and were offered
1633 by the server (checked at cache-write time)), not suppressed by
1634 client_condition. If one is found, attempt to authenticate by calling its
1635 client function. We are limited to supporting up to 16 authenticator
1636 public-names by the number of bits in a short. */
1642 for (bitnum = 0, au = auths;
1643 !f.smtp_authenticated && au && bitnum < 16;
1644 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1646 if ( au->client_condition
1647 && !expand_check_condition(au->client_condition, au->name,
1648 US"client authenticator"))
1650 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1651 au->name, "client_condition is false");
1655 /* Found data for a listed mechanism. Call its client entry. Set
1656 a flag in the outblock so that data is overwritten after sending so
1657 that reflections don't show it. */
1659 fail_reason = US"authentication attempt(s) failed";
1661 if ((rc = try_authenticator(sx, au)) != OK)
1668 /* Scan the configured authenticators looking for one which is configured
1669 for use as a client, which is not suppressed by client_condition, and
1670 whose name matches an authentication mechanism supported by the server.
1671 If one is found, attempt to authenticate by calling its client function.
1674 for (auth_instance * au = auths; !f.smtp_authenticated && au; au = au->next)
1679 || ( au->client_condition
1680 && !expand_check_condition(au->client_condition, au->name,
1681 US"client authenticator")))
1683 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1685 (au->client)? "client_condition is false" :
1686 "not configured as a client");
1690 /* Loop to scan supported server mechanisms */
1694 int len = Ustrlen(au->public_name);
1697 while (isspace(*p)) p++;
1699 if (strncmpic(au->public_name, p, len) != 0 ||
1700 (p[len] != 0 && !isspace(p[len])))
1702 while (*p != 0 && !isspace(*p)) p++;
1706 /* Found data for a listed mechanism. Call its client entry. Set
1707 a flag in the outblock so that data is overwritten after sending so
1708 that reflections don't show it. */
1710 fail_reason = US"authentication attempt(s) failed";
1712 if ((rc = try_authenticator(sx, au)) != OK)
1715 break; /* If not authenticated, try next authenticator */
1716 } /* Loop for scanning supported server mechanisms */
1717 } /* Loop for further authenticators */
1721 /* If we haven't authenticated, but are required to, give up. */
1723 if (require_auth == OK && !f.smtp_authenticated)
1725 #ifndef DISABLE_PIPE_CONNECT
1726 invalidate_ehlo_cache_entry(sx);
1728 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1729 string_sprintf("authentication required but %s", fail_reason), DEFER,
1730 FALSE, &sx->delivery_start);
1738 /* Construct AUTH appendix string for MAIL TO */
1741 sx context for smtp connection
1742 p point in sx->buffer to build string
1743 addrlist chain of potential addresses to deliver
1745 Globals f.smtp_authenticated
1746 client_authenticated_sender
1747 Return True on error, otherwise buffer has (possibly empty) terminated string
1751 smtp_mail_auth_str(smtp_context * sx, uschar * p, address_item * addrlist)
1753 smtp_transport_options_block * ob = sx->conn_args.ob;
1754 uschar * local_authenticated_sender = authenticated_sender;
1757 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n",
1758 authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1761 if (ob->authenticated_sender)
1763 uschar * new = expand_string(ob->authenticated_sender);
1766 if (!f.expand_string_forcedfail)
1768 uschar *message = string_sprintf("failed to expand "
1769 "authenticated_sender: %s", expand_string_message);
1770 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
1775 local_authenticated_sender = new;
1778 /* Add the authenticated sender address if present */
1780 if ( (f.smtp_authenticated || ob->authenticated_sender_force)
1781 && local_authenticated_sender)
1783 string_format_nt(p, sizeof(sx->buffer) - (p-sx->buffer), " AUTH=%s",
1784 auth_xtextencode(local_authenticated_sender,
1785 Ustrlen(local_authenticated_sender)));
1786 client_authenticated_sender = string_copy(local_authenticated_sender);
1796 typedef struct smtp_compare_s
1798 const uschar * current_sender_address;
1799 struct transport_instance * tblock;
1803 /* Create a unique string that identifies this message, it is based on
1804 sender_address, helo_data and tls_certificate if enabled.
1808 smtp_local_identity(const uschar * sender, struct transport_instance * tblock)
1810 address_item * addr1;
1811 uschar * if1 = US"";
1812 uschar * helo1 = US"";
1814 uschar * tlsc1 = US"";
1816 const uschar * save_sender_address = sender_address;
1817 uschar * local_identity = NULL;
1818 smtp_transport_options_block * ob = SOB tblock->options_block;
1820 sender_address = sender;
1822 addr1 = deliver_make_addr (sender, TRUE);
1823 deliver_set_expansions(addr1);
1826 if1 = expand_string(ob->interface);
1829 helo1 = expand_string(ob->helo_data);
1832 if (ob->tls_certificate)
1833 tlsc1 = expand_string(ob->tls_certificate);
1834 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1836 local_identity = string_sprintf ("%s^%s", if1, helo1);
1839 deliver_set_expansions(NULL);
1840 sender_address = save_sender_address;
1842 return local_identity;
1847 /* This routine is a callback that is called from transport_check_waiting.
1848 This function will evaluate the incoming message versus the previous
1849 message. If the incoming message is using a different local identity then
1850 we will veto this new message. */
1853 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1855 uschar * message_local_identity,
1856 * current_local_identity,
1857 * new_sender_address;
1859 current_local_identity =
1860 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1862 if (!(new_sender_address = spool_sender_from_msgid(message_id)))
1866 message_local_identity =
1867 smtp_local_identity(new_sender_address, s_compare->tblock);
1869 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1875 ehlo_response(uschar * buf, unsigned checks)
1877 PCRE2_SIZE bsize = Ustrlen(buf);
1878 pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
1880 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1883 if ( checks & OPTION_TLS
1884 && pcre2_match(regex_STARTTLS,
1885 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1887 checks &= ~OPTION_TLS;
1889 if ( checks & OPTION_IGNQ
1890 && pcre2_match(regex_IGNOREQUOTA,
1891 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1892 checks &= ~OPTION_IGNQ;
1894 if ( checks & OPTION_CHUNKING
1895 && pcre2_match(regex_CHUNKING,
1896 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1897 checks &= ~OPTION_CHUNKING;
1899 #ifndef DISABLE_PRDR
1900 if ( checks & OPTION_PRDR
1901 && pcre2_match(regex_PRDR,
1902 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1904 checks &= ~OPTION_PRDR;
1907 if ( checks & OPTION_UTF8
1908 && pcre2_match(regex_UTF8,
1909 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1911 checks &= ~OPTION_UTF8;
1913 if ( checks & OPTION_DSN
1914 && pcre2_match(regex_DSN,
1915 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1916 checks &= ~OPTION_DSN;
1918 if ( checks & OPTION_PIPE
1919 && pcre2_match(regex_PIPELINING,
1920 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1921 checks &= ~OPTION_PIPE;
1923 if ( checks & OPTION_SIZE
1924 && pcre2_match(regex_SIZE,
1925 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1926 checks &= ~OPTION_SIZE;
1928 #ifndef DISABLE_PIPE_CONNECT
1929 if ( checks & OPTION_EARLY_PIPE
1930 && pcre2_match(regex_EARLY_PIPE,
1931 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1933 checks &= ~OPTION_EARLY_PIPE;
1935 /* pcre2_match_data_free(md); gen ctx needs no free */
1936 /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1942 /* Callback for emitting a BDAT data chunk header.
1944 If given a nonzero size, first flush any buffered SMTP commands
1945 then emit the command.
1947 Reap previous SMTP command responses if requested, and always reap
1948 the response from a previous BDAT command.
1951 tctx transport context
1952 chunk_size value for SMTP BDAT command
1954 tc_chunk_last add LAST option to SMTP BDAT command
1955 tc_reap_prev reap response to previous SMTP commands
1959 DEFER TLS error on first read (EHLO-resp); errno set
1963 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1966 smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
1967 smtp_context * sx = tctx->smtp_context;
1971 /* Write SMTP chunk header command. If not reaping responses, note that
1972 there may be more writes (like, the chunk data) done soon. */
1976 #ifndef DISABLE_PIPE_CONNECT
1977 BOOL new_conn = !!(sx->outblock.conn_args);
1979 if((cmd_count = smtp_write_command(sx,
1980 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1981 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1982 ) < 0) return ERROR;
1983 if (flags & tc_chunk_last)
1984 data_command = string_copy(big_buffer); /* Save for later error message */
1985 #ifndef DISABLE_PIPE_CONNECT
1986 /* That command write could have been the one that made the connection.
1987 Copy the fd from the client conn ctx (smtp transport specific) to the
1988 generic transport ctx. */
1991 tctx->u.fd = sx->outblock.cctx->sock;
1995 prev_cmd_count = cmd_count += sx->cmd_count;
1997 /* Reap responses for any previous, but not one we just emitted */
2001 if (sx->pending_BDAT)
2004 if (flags & tc_reap_prev && prev_cmd_count > 0)
2006 DEBUG(D_transport) debug_printf("look for %d responses"
2007 " for previous pipelined cmds\n", prev_cmd_count);
2009 switch(sync_responses(sx, prev_cmd_count, 0))
2011 case 1: /* 2xx (only) => OK */
2012 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
2013 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
2014 case 0: break; /* No 2xx or 5xx, but no probs */
2016 case -5: errno = ERRNO_TLSFAILURE;
2018 #ifndef DISABLE_PIPE_CONNECT
2019 case -4: /* non-2xx for pipelined banner or EHLO */
2021 case -1: /* Timeout on RCPT */
2022 default: return ERROR; /* I/O error, or any MAIL/DATA error */
2025 if (!sx->pending_BDAT)
2026 pipelining_active = FALSE;
2029 /* Reap response for an outstanding BDAT */
2031 if (sx->pending_BDAT)
2033 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
2035 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
2036 ob->command_timeout))
2038 if (errno == 0 && sx->buffer[0] == '4')
2040 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
2041 sx->addrlist->more_errno |=
2042 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
2047 sx->pending_BDAT = FALSE;
2048 pipelining_active = FALSE;
2050 else if (chunk_size > 0)
2051 sx->pending_BDAT = TRUE;
2054 sx->cmd_count = cmd_count;
2062 check_force_dane_conn(smtp_context * sx, smtp_transport_options_block * ob)
2065 if( sx->dane_required
2066 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
2068 switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2070 case OK: sx->conn_args.dane = TRUE;
2071 ob->tls_tempfail_tryclear = FALSE; /* force TLS */
2072 ob->tls_sni = sx->conn_args.host->name; /* force SNI */
2074 case FAIL_FORCED: break;
2075 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2076 string_sprintf("DANE error: tlsa lookup %s",
2078 rc, FALSE, &sx->delivery_start);
2079 # ifndef DISABLE_EVENT
2080 (void) event_raise(sx->conn_args.tblock->event_action,
2081 US"dane:fail", sx->dane_required
2082 ? US"dane-required" : US"dnssec-invalid",
2092 /*************************************************
2093 * Make connection for given message *
2094 *************************************************/
2098 sx connection context
2099 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
2100 a second attempt after TLS initialization fails
2102 Returns: OK - the connection was made and the delivery attempted;
2103 fd is set in the conn context, tls_out set up.
2104 DEFER - the connection could not be made, or something failed
2105 while setting up the SMTP session, or there was a
2106 non-message-specific error, such as a timeout.
2107 ERROR - helo_data or add_headers or authenticated_sender is
2108 specified for this transport, and the string failed
2112 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
2114 smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
2115 BOOL pass_message = FALSE;
2116 uschar * message = NULL;
2119 uschar * tls_errstr;
2122 /* Many lines of clearing individual elements of *sx that used to
2123 be here have been replaced by a full memset to zero (de41aff051).
2124 There are two callers, this file and verify.c . Now we only set
2125 up nonzero elements. */
2127 sx->conn_args.ob = ob;
2129 sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
2130 sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
2131 sx->send_rset = TRUE;
2132 sx->send_quit = TRUE;
2133 sx->setting_up = TRUE;
2135 sx->dsn_all_lasthop = TRUE;
2138 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
2141 if ((sx->max_mail = sx->conn_args.tblock->connection_max_messages) == 0)
2142 sx->max_mail = UNLIMITED_ADDRS;
2143 sx->max_rcpt = expand_max_rcpt(sx->conn_args.tblock->max_addresses);
2144 sx->igquotstr = US"";
2145 if (!sx->helo_data) sx->helo_data = ob->helo_data;
2147 smtp_command = US"initial connection";
2149 /* Set up the buffer for reading SMTP response packets. */
2151 sx->inblock.buffer = sx->inbuffer;
2152 sx->inblock.buffersize = sizeof(sx->inbuffer);
2153 sx->inblock.ptr = sx->inbuffer;
2154 sx->inblock.ptrend = sx->inbuffer;
2156 /* Set up the buffer for holding SMTP commands while pipelining */
2158 sx->outblock.buffer = sx->outbuffer;
2159 sx->outblock.buffersize = sizeof(sx->outbuffer);
2160 sx->outblock.ptr = sx->outbuffer;
2162 /* Reset the parameters of a TLS session. */
2165 tls_out.cipher = NULL; /* the one we may use for this transport */
2166 tls_out.ourcert = NULL;
2167 tls_out.peercert = NULL;
2168 tls_out.peerdn = NULL;
2172 tls_out.ocsp = OCSP_NOT_REQ;
2173 #ifndef DISABLE_TLS_RESUME
2174 tls_out.resumption = 0;
2178 /* Flip the legacy TLS-related variables over to the outbound set in case
2179 they're used in the context of the transport. Don't bother resetting
2180 afterward (when being used by a transport) as we're in a subprocess.
2181 For verify, unflipped once the callout is dealt with */
2183 tls_modify_variables(&tls_out);
2188 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
2189 DEFER, FALSE, &sx->delivery_start);
2194 /* If we have a proxied TLS connection, check usability for this message */
2196 if (continue_hostname && continue_proxy_cipher)
2199 const uschar * sni = US"";
2201 # ifdef SUPPORT_DANE
2202 /* Check if the message will be DANE-verified; if so force TLS and its SNI */
2204 tls_out.dane_verified = FALSE;
2205 smtp_port_for_connect(sx->conn_args.host, sx->port);
2206 if ( sx->conn_args.host->dnssec == DS_YES
2207 && (rc = check_force_dane_conn(sx, ob)) != OK
2212 /* If the SNI or the DANE status required for the new message differs from the
2213 existing conn drop the connection to force a new one. */
2215 if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni)))
2216 log_write(0, LOG_MAIN|LOG_PANIC,
2217 "<%s>: failed to expand transport's tls_sni value: %s",
2218 sx->addrlist->address, expand_string_message);
2220 # ifdef SUPPORT_DANE
2221 if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
2222 && continue_proxy_dane == sx->conn_args.dane)
2224 tls_out.sni = US sni;
2225 if ((tls_out.dane_verified = continue_proxy_dane))
2226 sx->conn_args.host->dnssec = DS_YES;
2229 if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
2230 tls_out.sni = US sni;
2235 debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");
2237 smtp_debug_cmd(US"QUIT", 0);
2238 write(0, "QUIT\r\n", 6);
2240 continue_hostname = continue_proxy_cipher = NULL;
2241 f.continue_more = FALSE;
2242 continue_sequence = 1; /* Unfortunately, this process cannot affect success log
2243 which is done by delivery proc. Would have to pass this
2244 back through reporting pipe. */
2247 #endif /*!DISABLE_TLS*/
2249 /* Make a connection to the host if this isn't a continued delivery, and handle
2250 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2251 specially so they can be identified for retries. */
2253 if (!continue_hostname)
2256 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2258 /* Arrange to report to calling process this is a new connection */
2260 clearflag(sx->first_addr, af_cont_conn);
2261 setflag(sx->first_addr, af_new_conn);
2263 /* Get the actual port the connection will use, into sx->conn_args.host */
2265 smtp_port_for_connect(sx->conn_args.host, sx->port);
2268 /* Do TLSA lookup for DANE */
2270 tls_out.dane_verified = FALSE;
2271 tls_out.tlsa_usage = 0;
2273 if (sx->conn_args.host->dnssec == DS_YES)
2276 if ((rc = check_force_dane_conn(sx, ob)) != OK)
2279 else if (sx->dane_required)
2281 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2282 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
2283 FAIL, FALSE, &sx->delivery_start);
2284 # ifndef DISABLE_EVENT
2285 (void) event_raise(sx->conn_args.tblock->event_action,
2286 US"dane:fail", US"dane-required", NULL);
2293 /* Make the TCP connection */
2295 sx->cctx.tls_ctx = NULL;
2296 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2297 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2298 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom =
2300 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2301 #ifndef DISABLE_CLIENT_CMD_LOG
2302 client_cmd_log = NULL;
2305 #ifndef DISABLE_PIPE_CONNECT
2306 if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,
2307 sx->conn_args.host) == OK)
2309 /* We don't find out the local ip address until the connect, so if
2310 the helo string might use it avoid doing early-pipelining. */
2313 || sx->conn_args.interface
2314 || !Ustrstr(sx->helo_data, "$sending_ip_address")
2315 || Ustrstr(sx->helo_data, "def:sending_ip_address")
2318 sx->early_pipe_ok = TRUE;
2319 if ( read_ehlo_cache_entry(sx)
2320 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2323 debug_printf("Using cached cleartext PIPECONNECT\n");
2324 sx->early_pipe_active = TRUE;
2325 sx->peer_offered = sx->ehlo_resp.cleartext_features;
2328 else DEBUG(D_transport)
2329 debug_printf("helo needs $sending_ip_address; avoid early-pipelining\n");
2332 if (sx->early_pipe_active)
2334 sx->outblock.conn_args = &sx->conn_args;
2335 (void) smtp_boundsock(&sx->conn_args);
2340 blob lazy_conn = {.data = NULL};
2341 /* For TLS-connect, a TFO lazy-connect is useful since the Client Hello
2342 can go on the TCP SYN. */
2344 if ((sx->cctx.sock = smtp_connect(&sx->conn_args,
2345 sx->smtps ? &lazy_conn : NULL)) < 0)
2347 set_errno_nohost(sx->addrlist,
2348 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2349 sx->verify ? US strerror(errno) : NULL,
2350 DEFER, FALSE, &sx->delivery_start);
2351 sx->send_quit = FALSE;
2355 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2359 /* Expand the greeting message while waiting for the initial response. (Makes
2360 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2361 delayed till here so that $sending_ip_address and $sending_port are set.
2362 Those will be known even for a TFO lazy-connect, having been set by the bind().
2363 For early-pipe, we are ok if binding to a local interface; otherwise (if
2364 $sending_ip_address is seen in helo_data) we disabled early-pipe above. */
2367 if (!(sx->helo_data = expand_string(sx->helo_data)))
2369 log_write(0, LOG_MAIN|LOG_PANIC,
2370 "<%s>: failed to expand transport's helo_data value for callout: %s",
2371 sx->addrlist->address, expand_string_message);
2376 expand_string_message = NULL;
2377 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2378 &expand_string_message)),
2379 expand_string_message)
2381 log_write(0, LOG_MAIN|LOG_PANIC,
2382 "<%s>: failed to expand transport's helo_data value for callout: %s",
2383 sx->addrlist->address, expand_string_message);
2385 sx->helo_data = NULL;
2389 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2390 is nevertheless a reasonably clean way of programming this kind of logic,
2391 where you want to escape on any error. */
2395 #ifndef DISABLE_PIPE_CONNECT
2396 if (sx->early_pipe_active)
2398 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2399 sx->outblock.cmd_count = 1;
2404 if (!smtp_reap_banner(sx))
2405 goto RESPONSE_FAILED;
2408 #ifndef DISABLE_EVENT
2411 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2412 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2413 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer, NULL);
2416 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
2417 string_sprintf("deferred by smtp:connect event expansion: %s", s),
2418 DEFER, FALSE, &sx->delivery_start);
2425 /* Now check if the helo_data expansion went well, and sign off cleanly if
2430 message = string_sprintf("failed to expand helo_data: %s",
2431 expand_string_message);
2432 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2438 /** Debugging without sending a message
2439 sx->addrlist->transport_return = DEFER;
2443 /* Errors that occur after this point follow an SMTP command, which is
2444 left in big_buffer by smtp_write_command() for use in error messages. */
2446 smtp_command = big_buffer;
2448 /* Tell the remote who we are...
2450 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2451 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2452 greeting is of this form. The assumption was that the far end supports it
2453 properly... but experience shows that there are some that give 5xx responses,
2454 even though the banner includes "ESMTP" (there's a bloody-minded one that
2455 says "ESMTP not spoken here"). Cope with that case.
2457 September 2000: Time has passed, and it seems reasonable now to always send
2458 EHLO at the start. It is also convenient to make the change while installing
2461 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2462 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2463 would be no way to send out the mails, so there is now a host list
2464 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2465 PIPELINING problem as well. Maybe it can also be useful to cure other
2466 problems with broken servers.
2468 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2469 Then somebody tried it with a Microsoft mailer... It seems that all other
2470 mailers use upper case for some reason (the RFC is quite clear about case
2471 independence) so, for peace of mind, I gave in. */
2473 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
2475 /* Alas; be careful, since this goto is not an error-out, so conceivably
2476 we might set data between here and the target which we assume to exist
2477 and be usable. I can see this coming back to bite us. */
2483 smtp_peer_options |= OPTION_TLS;
2484 suppress_tls = FALSE;
2485 ob->tls_tempfail_tryclear = FALSE;
2486 smtp_command = US"SSL-on-connect";
2488 # ifndef DISABLE_TLS_RESUME
2489 /* Having no EHLO response yet, cannot peek there for a servername to detect
2490 an LB. Call this anyway, so that a dummy host_name_extract option value can
2491 force resumption attempts. */
2493 if (!(s = ob->host_name_extract)) s = US"never-LB";
2494 ehlo_response_lbserver(sx, s);
2502 if (smtp_write_command(sx,
2503 #ifndef DISABLE_PIPE_CONNECT
2504 sx->early_pipe_active ? SCMD_BUFFER :
2507 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
2509 sx->esmtp_sent = TRUE;
2511 #ifndef DISABLE_PIPE_CONNECT
2512 if (sx->early_pipe_active)
2514 sx->pending_EHLO = TRUE;
2516 /* If we have too many authenticators to handle and might need to AUTH
2517 for this transport, pipeline no further as we will need the
2518 list of auth methods offered. Reap the banner and EHLO. */
2520 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2521 && f.smtp_in_early_pipe_no_auth)
2523 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2524 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2526 if (sync_responses(sx, 2, 0) != 0)
2529 debug_printf("failed reaping pipelined cmd responses\n");
2530 goto RESPONSE_FAILED;
2532 sx->early_pipe_active = FALSE;
2537 if (!smtp_reap_ehlo(sx))
2538 goto RESPONSE_FAILED;
2542 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2544 #ifndef DISABLE_PIPE_CONNECT
2545 if (!sx->early_pipe_active)
2550 int n = sizeof(sx->buffer);
2551 uschar * rsp = sx->buffer;
2553 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer) + 1) < sizeof(sx->buffer)/2)
2554 { rsp = sx->buffer + n; n = sizeof(sx->buffer) - n; }
2556 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2558 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
2559 #ifdef EXPERIMENTAL_DSN_INFO
2560 sx->helo_response = string_copy(rsp);
2564 /* Handle special logging for a closed connection after HELO
2565 when had previously sent EHLO */
2567 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2569 errno = ERRNO_SMTPCLOSED;
2570 goto EHLOHELO_FAILED;
2572 memmove(sx->buffer, rsp, Ustrlen(rsp));
2573 goto RESPONSE_FAILED;
2577 if (sx->esmtp || sx->lmtp)
2579 #ifndef DISABLE_PIPE_CONNECT
2580 if (!sx->early_pipe_active)
2585 sx->peer_offered = ehlo_response(sx->buffer,
2586 OPTION_TLS /* others checked later */
2587 #ifndef DISABLE_PIPE_CONNECT
2588 | (sx->early_pipe_ok
2590 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2599 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2600 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2602 ehlo_response_limits_read(sx);
2603 ehlo_response_limits_apply(sx);
2606 #ifndef DISABLE_PIPE_CONNECT
2607 if (sx->early_pipe_ok)
2609 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2611 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2612 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2614 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2615 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2616 write_ehlo_cache_entry(sx);
2620 #ifndef DISABLE_TLS_RESUME
2621 if (!(s = ob->host_name_extract)) s = HNE_DEFAULT;
2622 ehlo_response_lbserver(sx, s);
2626 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2629 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
2634 /* For continuing deliveries down the same channel, having re-exec'd the socket
2635 is the standard input; for a socket held open from verify it is recorded
2636 in the cutthrough context block. Either way we don't need to redo EHLO here
2637 (but may need to do so for TLS - see below).
2638 Set up the pointer to where subsequent commands will be left, for
2639 error messages. Note that smtp_peer_options will have been
2640 set from the command line if they were set in the process that passed the
2643 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
2644 as the continue goes via transport_pass_socket() and doublefork and exec.
2645 It does not wait. Unclear how we keep separate host's responses
2646 separate - we could match up by host ip+port as a bodge. */
2650 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
2652 sx->cctx = cutthrough.cctx;
2653 sx->conn_args.host->port = sx->port = cutthrough.host.port;
2657 sx->cctx.sock = 0; /* stdin */
2658 sx->cctx.tls_ctx = NULL;
2659 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
2661 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2662 smtp_command = big_buffer;
2663 sx->peer_offered = smtp_peer_options;
2664 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2665 /* Limits passed by cmdline over exec. */
2666 ehlo_limits_apply(sx,
2667 sx->peer_limit_mail = continue_limit_mail,
2668 sx->peer_limit_rcpt = continue_limit_rcpt,
2669 sx->peer_limit_rcptdom = continue_limit_rcptdom);
2671 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2673 /* For a continued connection with TLS being proxied for us, or a
2674 held-open verify connection with TLS, nothing more to do. */
2676 if ( continue_proxy_cipher
2677 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2678 && cutthrough.is_tls)
2681 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2682 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2683 continue_proxy_cipher ? "proxied" : "verify conn with");
2686 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
2689 /* If TLS is available on this connection, whether continued or not, attempt to
2690 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2691 send another EHLO - the server may give a different answer in secure mode. We
2692 use a separate buffer for reading the response to STARTTLS so that if it is
2693 negative, the original EHLO data is available for subsequent analysis, should
2694 the client not be required to use TLS. If the response is bad, copy the buffer
2695 for error analysis. */
2698 if ( smtp_peer_options & OPTION_TLS
2700 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
2702 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
2705 uschar buffer2[4096];
2707 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
2710 #ifndef DISABLE_PIPE_CONNECT
2711 /* If doing early-pipelining reap the banner and EHLO-response but leave
2712 the response for the STARTTLS we just sent alone. On fail, assume wrong
2713 cached capability and retry with the pipelining disabled. */
2715 if (sx->early_pipe_active)
2717 if (sync_responses(sx, 2, 0) != 0)
2720 debug_printf("failed reaping pipelined cmd responses\n");
2721 close(sx->cctx.sock);
2723 sx->early_pipe_active = FALSE;
2724 goto PIPE_CONNECT_RETRY;
2729 /* If there is an I/O error, transmission of this message is deferred. If
2730 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2731 false, we also defer. However, if there is a temporary rejection of STARTTLS
2732 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2733 STARTTLS, we carry on. This means we will try to send the message in clear,
2734 unless the host is in hosts_require_tls (tested below). */
2736 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
2740 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
2743 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
2744 sx->buffer[sizeof(sx->buffer)-1] = '\0';
2745 goto RESPONSE_FAILED;
2749 /* STARTTLS accepted: try to negotiate a TLS session. */
2754 sx->conn_args.sending_ip_address = sending_ip_address;
2755 if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
2757 /* TLS negotiation failed; give an error. From outside, this function may
2758 be called again to try in clear on a new connection, if the options permit
2759 it for this host. */
2761 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
2763 # ifdef SUPPORT_DANE
2764 if (sx->conn_args.dane)
2766 log_write(0, LOG_MAIN,
2767 "DANE attempt failed; TLS connection to %s [%s]: %s",
2768 sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
2769 # ifndef DISABLE_EVENT
2770 (void) event_raise(sx->conn_args.tblock->event_action,
2771 US"dane:fail", US"validation-failure", NULL); /* could do with better detail */
2776 errno = ERRNO_TLSFAILURE;
2777 message = string_sprintf("TLS session: %s", tls_errstr);
2778 sx->send_quit = FALSE;
2781 sx->send_tlsclose = TRUE;
2783 /* TLS session is set up. Check the inblock fill level. If there is
2784 content then as we have not yet done a tls read it must have arrived before
2785 the TLS handshake, in-clear. That violates the sync requirement of the
2786 STARTTLS RFC, so fail. */
2788 if (sx->inblock.ptr != sx->inblock.ptrend)
2792 int i = sx->inblock.ptrend - sx->inblock.ptr;
2793 debug_printf("unused data in input buffer after ack for STARTTLS:\n"
2795 i > 100 ? 100 : i, sx->inblock.ptr, i > 100 ? "..." : "");
2797 tls_errstr = US"synch error before connect";
2798 goto TLS_CONN_FAILED;
2801 smtp_peer_options_wrap = smtp_peer_options;
2802 for (address_item * addr = sx->addrlist; addr; addr = addr->next)
2803 if (addr->transport_return == PENDING_DEFER)
2805 addr->cipher = tls_out.cipher;
2806 addr->ourcert = tls_out.ourcert;
2807 addr->peercert = tls_out.peercert;
2808 addr->peerdn = tls_out.peerdn;
2809 addr->ocsp = tls_out.ocsp;
2810 addr->tlsver = tls_out.ver;
2815 /* if smtps, we'll have smtp_command set to something else; always safe to
2817 smtp_command = big_buffer;
2819 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2820 helo_data is null, we are dealing with a connection that was passed from
2821 another process, and so we won't have expanded helo_data above. We have to
2822 expand it here. $sending_ip_address and $sending_port are set up right at the
2823 start of the Exim process (in exim.c). */
2825 if (tls_out.active.sock >= 0)
2827 uschar * greeting_cmd;
2829 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
2831 uschar *message = string_sprintf("failed to expand helo_data: %s",
2832 expand_string_message);
2833 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2838 #ifndef DISABLE_PIPE_CONNECT
2839 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2840 We're unlikely to get the group sent and delivered before the server sends its
2841 banner, but it's still worth sending as a group.
2842 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2845 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2847 sx->peer_offered = sx->ehlo_resp.crypted_features;
2848 if ((sx->early_pipe_active =
2849 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2850 DEBUG(D_transport) debug_printf("Using cached crypted PIPECONNECT\n");
2853 #ifdef EXPERIMMENTAL_ESMTP_LIMITS
2854 /* As we are about to send another EHLO, forget any LIMITS received so far. */
2855 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom = 0;
2856 if ((sx->max_mail = sx->conn_args.tblock->connection_max_message) == 0)
2857 sx->max_mail = UNLIMITED_ADDRS;
2858 sx->max_rcpt = expand_max_rcpt(sx->conn_args.tblock->max_addresses);
2859 sx->single_rcpt_domain = FALSE;
2862 /* For SMTPS we need to wait for the initial OK response. */
2864 #ifndef DISABLE_PIPE_CONNECT
2865 if (sx->early_pipe_active)
2867 sx->pending_BANNER = TRUE;
2868 sx->outblock.cmd_count = 1;
2872 if (!smtp_reap_banner(sx))
2873 goto RESPONSE_FAILED;
2876 greeting_cmd = US"LHLO";
2878 greeting_cmd = US"EHLO";
2881 greeting_cmd = US"HELO";
2883 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2886 if (smtp_write_command(sx,
2887 #ifndef DISABLE_PIPE_CONNECT
2888 sx->early_pipe_active ? SCMD_BUFFER :
2891 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
2894 #ifndef DISABLE_PIPE_CONNECT
2895 if (sx->early_pipe_active)
2896 sx->pending_EHLO = TRUE;
2900 if (!smtp_reap_ehlo(sx))
2903 /* The GnuTLS layer in Exim only spots a server-rejection of a client
2904 cert late, under TLS1.3 - which means here; the first time we try to
2905 receive crypted data. Treat it as if it was a connect-time failure.
2906 See also the early-pipe equivalent... which will be hard; every call
2907 to sync_responses will need to check the result.
2908 It would be nicer to have GnuTLS check the cert during the handshake.
2909 Can it do that, with all the flexibility we need? */
2911 tls_errstr = US"error on first read";
2912 goto TLS_CONN_FAILED;
2915 goto RESPONSE_FAILED;
2917 smtp_peer_options = 0;
2921 /* If the host is required to use a secure channel, ensure that we
2925 # ifdef SUPPORT_DANE
2926 || sx->conn_args.dane
2928 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
2931 errno = ERRNO_TLSREQUIRED;
2932 message = string_sprintf("a TLS session is required, but %s",
2933 smtp_peer_options & OPTION_TLS
2934 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2935 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2936 if (sx->conn_args.dane)
2937 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2938 smtp_peer_options & OPTION_TLS
2939 ? US"validation-failure" /* could do with better detail */
2940 : US"starttls-not-supported",
2945 #endif /*DISABLE_TLS*/
2947 /* If TLS is active, we have just started it up and re-done the EHLO command,
2948 so its response needs to be analyzed. If TLS is not active and this is a
2949 continued session down a previously-used socket, we haven't just done EHLO, so
2952 if ( !continue_hostname
2954 || tls_out.active.sock >= 0
2958 if (sx->esmtp || sx->lmtp)
2960 #ifndef DISABLE_PIPE_CONNECT
2961 if (!sx->early_pipe_active)
2964 sx->peer_offered = ehlo_response(sx->buffer,
2966 #ifndef DISABLE_PIPE_CONNECT
2967 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2968 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2969 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
2970 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2974 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2977 # ifdef SUPPORT_I18N
2978 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2979 /*XXX if we hand peercaps on to continued-conn processes,
2980 must not depend on this addr */
2984 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
2987 #ifndef DISABLE_PIPE_CONNECT
2988 if (tls_out.active.sock >= 0)
2989 sx->ehlo_resp.crypted_features = sx->peer_offered;
2992 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2993 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2995 ehlo_response_limits_read(sx);
2996 ehlo_response_limits_apply(sx);
3001 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
3002 lmtp_ignore_quota option was set. */
3004 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
3006 /* If the response to EHLO specified support for the SIZE parameter, note
3007 this, provided size_addition is non-negative. */
3009 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
3011 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
3012 the current host, esmtp will be false, so PIPELINING can never be used. If
3013 the current host matches hosts_avoid_pipelining, don't do it. */
3015 if ( sx->peer_offered & OPTION_PIPE
3016 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
3017 smtp_peer_options |= OPTION_PIPE;
3019 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
3020 smtp_peer_options & OPTION_PIPE ? "" : "not ");
3022 if ( sx->peer_offered & OPTION_CHUNKING
3023 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) == OK)
3024 smtp_peer_options |= OPTION_CHUNKING;
3026 if (smtp_peer_options & OPTION_CHUNKING)
3027 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
3029 #ifndef DISABLE_PRDR
3030 if ( sx->peer_offered & OPTION_PRDR
3031 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) == OK)
3032 smtp_peer_options |= OPTION_PRDR;
3034 if (smtp_peer_options & OPTION_PRDR)
3035 DEBUG(D_transport) debug_printf("PRDR usable\n");
3038 /* Note if the server supports DSN */
3039 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
3040 DEBUG(D_transport) debug_printf("%susing DSN\n",
3041 sx->peer_offered & OPTION_DSN ? "" : "not ");
3043 #ifndef DISABLE_PIPE_CONNECT
3044 if ( sx->early_pipe_ok
3045 && !sx->early_pipe_active
3046 && tls_out.active.sock >= 0
3047 && smtp_peer_options & OPTION_PIPE
3048 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
3049 & OPTION_EARLY_PIPE)
3051 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
3052 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
3053 write_ehlo_cache_entry(sx);
3057 /* Note if the response to EHLO specifies support for the AUTH extension.
3058 If it has, check that this host is one we want to authenticate to, and do
3059 the business. The host name and address must be available when the
3060 authenticator's client driver is running. */
3062 switch (yield = smtp_auth(sx))
3064 default: goto SEND_QUIT;
3066 case FAIL_SEND: goto SEND_FAILED;
3067 case FAIL: goto RESPONSE_FAILED;
3071 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
3073 /* The setting up of the SMTP call is now complete. Any subsequent errors are
3074 message-specific. */
3076 sx->setting_up = FALSE;
3079 if (sx->addrlist->prop.utf8_msg)
3083 /* If the transport sets a downconversion mode it overrides any set by ACL
3086 if ((s = ob->utf8_downconvert))
3088 if (!(s = expand_string(s)))
3090 message = string_sprintf("failed to expand utf8_downconvert: %s",
3091 expand_string_message);
3092 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
3098 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
3099 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3101 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
3102 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3104 case '-': if (s[1] == '1')
3106 sx->addrlist->prop.utf8_downcvt = FALSE;
3107 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
3113 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
3114 && !sx->addrlist->prop.utf8_downcvt_maybe;
3115 DEBUG(D_transport) if (!sx->utf8_needed)
3116 debug_printf("utf8: %s downconvert\n",
3117 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
3120 /* If this is an international message we need the host to speak SMTPUTF8 */
3121 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
3123 errno = ERRNO_UTF8_FWD;
3124 goto RESPONSE_FAILED;
3126 #endif /*SUPPORT_I18N*/
3135 if (errno == ECONNREFUSED) /* first-read error on a TFO conn */
3137 /* There is a testing facility for simulating a connection timeout, as I
3138 can't think of any other way of doing this. It converts a connection
3139 refused into a timeout if the timeout is set to 999999. This is done for
3140 a 3whs connection in ip_connect(), but a TFO connection does not error
3141 there - instead it gets ECONNREFUSED on the first data read. Tracking
3142 that a TFO really was done is too hard, or we would set a
3143 sx->pending_conn_done bit and test that in smtp_reap_banner() and
3144 smtp_reap_ehlo(). That would let us also add the conn-timeout to the
3147 if (f.running_in_test_harness && ob->connect_timeout == 999999)
3149 set_errno_nohost(sx->addrlist,
3150 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
3151 sx->verify ? US strerror(errno) : NULL,
3152 DEFER, FALSE, &sx->delivery_start);
3153 sx->send_quit = FALSE;
3157 /* really an error on an SMTP read */
3159 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
3160 sx->buffer, &code, &message, &pass_message);
3166 message = US string_sprintf("smtp send to %s [%s] failed: %s",
3167 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
3168 sx->send_quit = FALSE;
3174 message = string_sprintf("Remote host closed connection in response to %s"
3175 " (EHLO response was: %s)", smtp_command, sx->buffer);
3176 sx->send_quit = FALSE;
3180 /* This label is jumped to directly when a TLS negotiation has failed,
3181 or was not done for a host for which it is required. Values will be set
3182 in message and errno, and setting_up will always be true. Treat as
3183 a temporary error. */
3187 code = '4', yield = DEFER;
3191 /* The failure happened while setting up the call; see if the failure was
3192 a 5xx response (this will either be on connection, or following HELO - a 5xx
3193 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
3194 fail all addresses, as this host is never going to accept them. For other
3195 errors during setting up (timeouts or whatever), defer all addresses, and
3196 yield DEFER, so that the host is not tried again for a while.
3198 XXX This peeking for another host feels like a layering violation. We want
3199 to note the host as unusable, but down here we shouldn't know if this was
3200 the last host to try for the addr(list). Perhaps the upper layer should be
3201 the one to do set_errno() ? The problem is that currently the addr is where
3202 errno etc. are stashed, but until we run out of hosts to try the errors are
3203 host-specific. Maybe we should enhance the host_item definition? */
3206 sx->ok = FALSE; /* For when reached by GOTO */
3207 set_errno(sx->addrlist, errno, message,
3208 sx->conn_args.host->next
3212 || errno == ERRNO_UTF8_FWD
3216 errno == ECONNREFUSED ? NULL : sx->conn_args.host,
3217 #ifdef EXPERIMENTAL_DSN_INFO
3218 sx->smtp_greeting, sx->helo_response,
3220 &sx->delivery_start);
3227 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
3230 if (sx->cctx.tls_ctx)
3232 if (sx->send_tlsclose)
3234 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
3235 sx->send_tlsclose = FALSE;
3237 sx->cctx.tls_ctx = NULL;
3241 /* Close the socket, and return the appropriate value, first setting
3242 works because the NULL setting is passed back to the calling process, and
3243 remote_max_parallel is forced to 1 when delivering over an existing connection,
3246 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
3249 shutdown(sx->cctx.sock, SHUT_WR);
3250 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
3251 for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
3252 i--; /* drain socket */
3253 sx->send_quit = FALSE;
3255 (void)close(sx->cctx.sock);
3258 #ifndef DISABLE_EVENT
3259 (void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL, NULL);
3262 smtp_debug_cmd_report();
3263 continue_transport = NULL;
3264 continue_hostname = NULL;
3271 /* Create the string of options that will be appended to the MAIL FROM:
3272 in the connection context buffer */
3275 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
3277 uschar * p = sx->buffer;
3278 address_item * addr;
3283 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
3284 send it, adding something to the message size to allow for imprecision
3285 and things that get added en route. Exim keeps the number of lines
3286 in a message, so we can give an accurate value for the original message, but we
3287 need some additional to handle added headers. (Double "." characters don't get
3288 included in the count.) */
3290 if ( message_size > 0
3291 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
3293 /*XXX problem here under spool_files_wireformat?
3294 Or just forget about lines? Or inflate by a fixed proportion? */
3296 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
3300 #ifndef DISABLE_PRDR
3301 /* If it supports Per-Recipient Data Responses, and we have more than one recipient,
3304 sx->prdr_active = FALSE;
3305 if (smtp_peer_options & OPTION_PRDR)
3306 for (address_item * addr = addrlist; addr; addr = addr->next)
3307 if (addr->transport_return == PENDING_DEFER)
3309 for (addr = addr->next; addr; addr = addr->next)
3310 if (addr->transport_return == PENDING_DEFER)
3311 { /* at least two recipients to send */
3312 sx->prdr_active = TRUE;
3313 sprintf(CS p, " PRDR"); p += 5;
3321 /* If it supports internationalised messages, and this meesage need that,
3324 if ( sx->peer_offered & OPTION_UTF8
3325 && addrlist->prop.utf8_msg
3326 && !addrlist->prop.utf8_downcvt
3328 Ustrcpy(p, US" SMTPUTF8"), p += 9;
3331 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3332 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3333 addr && address_count < sx->max_rcpt; /*XXX maybe also || sx->single_rcpt_domain ? */
3334 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3337 if (!(addr->dsn_flags & rf_dsnlasthop))
3339 sx->dsn_all_lasthop = FALSE;
3344 /* Add any DSN flags to the mail command */
3346 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
3348 if (dsn_ret == dsn_ret_hdrs)
3349 { Ustrcpy(p, US" RET=HDRS"); p += 9; }
3350 else if (dsn_ret == dsn_ret_full)
3351 { Ustrcpy(p, US" RET=FULL"); p += 9; }
3355 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3360 /* If an authenticated_sender override has been specified for this transport
3361 instance, expand it. If the expansion is forced to fail, and there was already
3362 an authenticated_sender for this message, the original value will be used.
3363 Other expansion failures are serious. An empty result is ignored, but there is
3364 otherwise no check - this feature is expected to be used with LMTP and other
3365 cases where non-standard addresses (e.g. without domains) might be required. */
3367 return smtp_mail_auth_str(sx, p, addrlist) ? ERROR : OK;
3372 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3374 uschar * p = sx->buffer;
3377 /* Add any DSN flags to the rcpt command */
3379 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
3381 if (addr->dsn_flags & rf_dsnflags)
3385 Ustrcpy(p, US" NOTIFY=");
3387 for (int i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
3389 if (!first) *p++ = ',';
3391 Ustrcpy(p, rf_names[i]);
3396 if (addr->dsn_orcpt)
3398 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3409 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3410 -1 MAIL response error
3411 -2 any non-MAIL read i/o error
3412 -3 non-MAIL response timeout
3413 -4 internal error; channel still usable
3418 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3420 address_item * addr;
3421 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3422 address_item * restart_addr = NULL;
3424 int address_count, pipe_limit;
3427 if (build_mailcmd_options(sx, sx->first_addr) != OK)
3433 /* From here until we send the DATA command, we can make use of PIPELINING
3434 if the server host supports it. The code has to be able to check the responses
3435 at any point, for when the buffer fills up, so we write it totally generally.
3436 When PIPELINING is off, each command written reports that it has flushed the
3439 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3442 const uschar * s = sx->from_addr;
3444 uschar * errstr = NULL;
3446 /* If we must downconvert, do the from-address here. Remember we had to
3447 for the to-addresses (done below), and also (ugly) for re-doing when building
3448 the delivery log line. */
3450 if ( sx->addrlist->prop.utf8_msg
3451 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
3454 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3456 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE, &sx->delivery_start);
3460 setflag(sx->addrlist, af_utf8_downcvt);
3464 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
3465 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3468 mail_command = string_copy(big_buffer); /* Save for later error message */
3472 case -1: /* Transmission error */
3475 case +1: /* Cmd was sent */
3476 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
3477 (SOB sx->conn_args.ob)->command_timeout))
3479 if (errno == 0 && sx->buffer[0] == '4')
3481 errno = ERRNO_MAIL4XX;
3482 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3486 sx->pending_MAIL = FALSE;
3489 /* otherwise zero: command queued for pipeline */
3492 /* Pass over all the relevant recipient addresses for this host, which are the
3493 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3494 several before we have to read the responses for those seen so far. This
3495 checking is done by a subroutine because it also needs to be done at the end.
3496 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3497 the next one if not all are sent.
3499 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3500 last address because we want to abort if any recipients have any kind of
3501 problem, temporary or permanent. We know that all recipient addresses will have
3502 the PENDING_DEFER status, because only one attempt is ever made, and we know
3503 that max_rcpt will be large, so all addresses will be done at once.
3505 For verify we flush the pipeline after any (the only) rcpt address. */
3507 for (addr = sx->first_addr, address_count = 0, pipe_limit = 100;
3508 addr && address_count < sx->max_rcpt;
3509 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3513 const uschar * rcpt_addr;
3515 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3516 if ( sx->single_rcpt_domain /* restriction on domains */
3517 && address_count > 0 /* not first being sent */
3518 && Ustrcmp(addr->domain, sx->first_addr->domain) != 0 /* dom diff from first */
3521 DEBUG(D_transport) debug_printf("skipping different domain %s\n", addr->domain);
3523 /* Ensure the smtp-response reaper does not think the address had a RCPT
3524 command sent for it. Reset to PENDING_DEFER in smtp_deliver(), where we
3525 goto SEND_MESSAGE. */
3527 addr->transport_return = SKIP;
3528 if (!restart_addr) restart_addr = addr; /* note restart point */
3529 continue; /* skip this one */
3533 addr->dsn_aware = sx->peer_offered & OPTION_DSN
3534 ? dsn_support_yes : dsn_support_no;
3537 if (pipe_limit-- <= 0)
3538 { no_flush = FALSE; pipe_limit = 100; }
3540 no_flush = pipelining_active && !sx->verify
3541 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
3543 build_rcptcmd_options(sx, addr);
3545 /* Now send the RCPT command, and process outstanding responses when
3546 necessary. After a timeout on RCPT, we just end the function, leaving the
3547 yield as OK, because this error can often mean that there is a problem with
3548 just one address, so we don't want to delay the host. */
3550 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
3553 if ( testflag(sx->addrlist, af_utf8_downcvt)
3554 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3557 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3558 errno = ERRNO_EXPANDFAIL;
3559 return -5; /*XXX too harsh? */
3563 cmds_sent = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
3564 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
3566 if (cmds_sent < 0) return -5;
3569 switch(sync_responses(sx, cmds_sent, 0))
3571 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3572 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3575 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3576 if (!sx->lmtp) /* can't tell about progress yet */
3577 sx->completed_addr = TRUE;
3578 case 0: /* No 2xx or 5xx, but no probs */
3579 /* If any RCPT got a 452 response then next_addr has been updated
3580 for restarting with a new MAIL on the same connection. Send no more
3581 RCPTs for this MAIL. */
3585 DEBUG(D_transport) debug_printf("seen 452 too-many-rcpts\n");
3586 sx->RCPT_452 = FALSE;
3587 /* sx->next_addr has been reset for fast_retry */
3592 case -1: return -3; /* Timeout on RCPT */
3593 case -2: return -2; /* non-MAIL read i/o error */
3594 default: return -1; /* any MAIL error */
3596 #ifndef DISABLE_PIPE_CONNECT
3597 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
3598 case -5: return -1; /* TLS first-read error */
3602 } /* Loop for next address */
3604 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3605 sx->next_addr = restart_addr ? restart_addr : addr;
3607 sx->next_addr = addr;
3614 /*****************************************************
3615 * Proxy TLS connection for another transport process *
3616 ******************************************************/
3618 Close the unused end of the pipe, fork once more, then use the given buffer
3619 as a staging area, and select on both the given fd and the TLS'd client-fd for
3620 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3621 Do blocking full-size writes, and reads under a timeout. Once both input
3622 channels are closed, exit the process.
3626 buf space to use for buffering
3627 bufsiz size of buffer
3628 pfd pipe filedescriptor array; [0] is comms to proxied process
3629 timeout per-read timeout, seconds
3630 host hostname of remote
3636 smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3637 int timeout, const uschar * host)
3639 struct pollfd p[2] = {{.fd = tls_out.active.sock, .events = POLLIN},
3640 {.fd = pfd[0], .events = POLLIN}};
3642 BOOL send_tls_shutdown = TRUE;
3645 if ((rc = exim_fork(US"tls-proxy")))
3646 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3648 set_process_info("proxying TLS connection for continued transport to %s\n", host);
3652 time_t time_left = timeout;
3653 time_t time_start = time(NULL);
3658 rc = poll(p, 2, time_left * 1000);
3660 if (rc < 0 && errno == EINTR)
3661 if ((time_left -= time(NULL) - time_start) > 0) continue;
3665 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
3669 /* For errors where not readable, bomb out */
3671 if (p[0].revents & POLLERR || p[1].revents & POLLERR)
3673 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
3674 p[0].revents & POLLERR ? "tls" : "proxy");
3675 if (!(p[0].revents & POLLIN || p[1].events & POLLIN))
3677 DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n");
3680 while (rc < 0 || !(p[0].revents & POLLIN || p[1].revents & POLLIN));
3682 /* handle inbound data */
3683 if (p[0].revents & POLLIN)
3684 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0) /* Expect -1 for EOF; */
3685 { /* that reaps the TLS Close Notify record */
3687 shutdown(pfd[0], SHUT_WR);
3691 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3692 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
3694 /* Handle outbound data. We cannot combine payload and the TLS-close
3695 due to the limitations of the (pipe) channel feeding us. Maybe use a unix-domain
3697 if (p[1].revents & POLLIN)
3698 if ((rc = read(pfd[0], buf, bsize)) <= 0)
3702 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
3703 (void) setsockopt(tls_out.active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
3705 tls_shutdown_wr(ct_ctx);
3706 send_tls_shutdown = FALSE;
3707 shutdown(tls_out.active.sock, SHUT_WR);
3710 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3711 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
3714 while (p[0].fd >= 0 || p[1].fd >= 0);
3717 if (send_tls_shutdown) tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
3719 testharness_pause_ms(100); /* let logging complete */
3720 exim_exit(EXIT_SUCCESS);
3725 /*************************************************
3726 * Deliver address list to given host *
3727 *************************************************/
3729 /* If continue_hostname is not null, we get here only when continuing to
3730 deliver down an existing channel. The channel was passed as the standard
3731 input. TLS is never active on a passed channel; the previous process either
3732 closes it down before passing the connection on, or inserts a TLS-proxy
3733 process and passes on a cleartext conection.
3735 Otherwise, we have to make a connection to the remote host, and do the
3736 initial protocol exchange.
3738 When running as an MUA wrapper, if the sender or any recipient is rejected,
3739 temporarily or permanently, we force failure for all recipients.
3742 addrlist chain of potential addresses to deliver; only those whose
3743 transport_return field is set to PENDING_DEFER are currently
3744 being processed; others should be skipped - they have either
3745 been delivered to an earlier host or IP address, or been
3746 failed by one of them.
3747 host host to deliver to
3748 host_af AF_INET or AF_INET6
3749 defport default TCP/IP port to use if host does not specify, in host
3751 interface interface to bind to, or NULL
3752 tblock transport instance block
3753 message_defer set TRUE if yield is OK, but all addresses were deferred
3754 because of a non-recipient, non-host failure, that is, a
3755 4xx response to MAIL FROM, DATA, or ".". This is a defer
3756 that is specific to the message.
3757 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
3758 a second attempt after TLS initialization fails
3760 Returns: OK - the connection was made and the delivery attempted;
3761 the result for each address is in its data block.
3762 DEFER - the connection could not be made, or something failed
3763 while setting up the SMTP session, or there was a
3764 non-message-specific error, such as a timeout.
3765 ERROR - a filter command is specified for this transport,
3766 and there was a problem setting it up; OR helo_data
3767 or add_headers or authenticated_sender is specified
3768 for this transport, and the string failed to expand
3770 For all non-OK returns the first addr of the list carries the
3771 time taken for the attempt.
3775 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
3776 uschar *interface, transport_instance *tblock,
3777 BOOL *message_defer, BOOL suppress_tls)
3779 smtp_transport_options_block * ob = SOB tblock->options_block;
3784 uschar *message = NULL;
3785 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
3786 smtp_context * sx = store_get(sizeof(*sx), GET_TAINTED); /* tainted, for the data buffers */
3787 BOOL pass_message = FALSE;
3788 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3789 BOOL mail_limit = FALSE;
3794 BOOL tcw_done = FALSE, tcw = FALSE;
3796 *message_defer = FALSE;
3798 memset(sx, 0, sizeof(*sx));
3799 sx->addrlist = addrlist;
3800 sx->conn_args.host = host;
3801 sx->conn_args.host_af = host_af;
3803 sx->conn_args.interface = interface;
3804 sx->helo_data = NULL;
3805 sx->conn_args.tblock = tblock;
3806 sx->conn_args.sock = -1;
3807 gettimeofday(&sx->delivery_start, NULL);
3808 sx->sync_addr = sx->first_addr = addrlist;
3815 /* Get the channel set up ready for a message, MAIL FROM being the next
3816 SMTP command to send. */
3818 if ((rc = smtp_setup_conn(sx, suppress_tls)) != OK)
3820 timesince(&addrlist->delivery_time, &sx->delivery_start);
3826 /* If the connection used DANE, ignore for now any addresses with incompatible
3827 domains. The SNI has to be the domain. Arrange a whole new TCP conn later,
3828 just in case only TLS isn't enough. */
3830 if (sx->conn_args.dane)
3832 const uschar * dane_domain = sx->first_addr->domain;
3834 for (address_item * a = sx->first_addr->next; a; a = a->next)
3835 if ( a->transport_return == PENDING_DEFER
3836 && Ustrcmp(dane_domain, a->domain) != 0)
3838 DEBUG(D_transport) debug_printf("DANE: holding %s for later\n", a->domain);
3840 a->transport_return = DANE;
3845 /* If there is a filter command specified for this transport, we can now
3846 set it up. This cannot be done until the identity of the host is known. */
3848 if (tblock->filter_command)
3850 transport_filter_timeout = tblock->filter_timeout;
3852 /* On failure, copy the error to all addresses, abandon the SMTP call, and
3855 if (!transport_set_up_command(&transport_filter_argv,
3856 tblock->filter_command, TSUC_EXPAND_ARGS, DEFER, addrlist,
3857 string_sprintf("%.50s transport filter", tblock->name), NULL))
3859 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3860 FALSE, &sx->delivery_start);
3865 if ( transport_filter_argv
3866 && *transport_filter_argv
3867 && **transport_filter_argv
3868 && smtp_peer_options & OPTION_CHUNKING
3869 #ifndef DISABLE_DKIM
3870 /* When dkim signing, chunking is handled even with a transport-filter */
3871 && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)
3872 && !ob->dkim.force_bodyhash
3876 smtp_peer_options &= ~OPTION_CHUNKING;
3877 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3881 /* For messages that have more than the maximum number of envelope recipients,
3882 we want to send several transactions down the same SMTP connection. (See
3883 comments in deliver.c as to how this reconciles, heuristically, with
3884 remote_max_parallel.) This optimization was added to Exim after the following
3885 code was already working. The simplest way to put it in without disturbing the
3886 code was to use a goto to jump back to this point when there is another
3887 transaction to handle. */
3890 sx->from_addr = return_path;
3891 sx->sync_addr = sx->first_addr;
3893 sx->send_rset = TRUE;
3894 sx->completed_addr = FALSE;
3897 /* If we are a continued-connection-after-verify the MAIL and RCPT
3898 commands were already sent; do not re-send but do mark the addrs as
3899 having been accepted up to RCPT stage. A traditional cont-conn
3900 always has a sequence number greater than one. */
3902 if (continue_hostname && continue_sequence == 1)
3904 /* sx->pending_MAIL = FALSE; */
3906 /* sx->next_addr = NULL; */
3908 for (address_item * addr = addrlist; addr; addr = addr->next)
3909 addr->transport_return = PENDING_OK;
3913 /* Initiate a message transfer. */
3915 switch(smtp_write_mail_and_rcpt_cmds(sx, &yield))
3918 case -1: case -2: goto RESPONSE_FAILED;
3919 case -3: goto END_OFF;
3920 case -4: goto SEND_QUIT;
3921 default: goto SEND_FAILED;
3924 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3925 permanently or temporarily. We should have flushed and synced after the last
3933 for (a = sx->first_addr, cnt = 0; a && cnt < sx->max_rcpt; a = a->next, cnt++)
3934 if (a->transport_return != PENDING_OK)
3936 /*XXX could we find a better errno than 0 here? */
3937 set_errno_nohost(addrlist, 0, a->message, FAIL,
3938 testflag(a, af_pass_message), &sx->delivery_start);
3945 /* If ok is TRUE, we know we have got at least one good recipient, and must now
3946 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3947 have a good recipient buffered up if we are pipelining. We don't want to waste
3948 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
3949 are pipelining. The responses are all handled by sync_responses().
3950 If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3953 if ( !(smtp_peer_options & OPTION_CHUNKING)
3954 && (sx->ok || (pipelining_active && !mua_wrapper)))
3956 int count = smtp_write_command(sx, SCMD_FLUSH, "DATA\r\n");
3958 if (count < 0) goto SEND_FAILED;
3959 switch(sync_responses(sx, count, sx->ok ? +1 : -1))
3961 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3962 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3965 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3966 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
3967 case 0: break; /* No 2xx or 5xx, but no probs */
3969 case -1: goto END_OFF; /* Timeout on RCPT */
3971 #ifndef DISABLE_PIPE_CONNECT
3972 case -5: /* TLS first-read error */
3973 case -4: HDEBUG(D_transport)
3974 debug_printf("failed reaping pipelined cmd responses\n");
3976 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3978 pipelining_active = FALSE;
3979 data_command = string_copy(big_buffer); /* Save for later error message */
3982 /* If there were no good recipients (but otherwise there have been no
3983 problems), just set ok TRUE, since we have handled address-specific errors
3984 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3985 for handling the SMTP dot-handling protocol, flagging to apply to headers as
3986 well as body. Set the appropriate timeout value to be used for each chunk.
3987 (Haven't been able to make it work using select() for writing yet.) */
3990 && (!(smtp_peer_options & OPTION_CHUNKING) || !pipelining_active))
3992 /* Save the first address of the next batch. */
3993 sx->first_addr = sx->next_addr;
3999 transport_ctx tctx = {
4000 .u = {.fd = sx->cctx.sock}, /*XXX will this need TLS info? */
4003 .check_string = US".",
4004 .escape_string = US"..", /* Escaping strings */
4006 topt_use_crlf | topt_escape_headers
4007 | (tblock->body_only ? topt_no_headers : 0)
4008 | (tblock->headers_only ? topt_no_body : 0)
4009 | (tblock->return_path_add ? topt_add_return_path : 0)
4010 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
4011 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
4014 /* If using CHUNKING we need a callback from the generic transport
4015 support to us, for the sending of BDAT smtp commands and the reaping
4016 of responses. The callback needs a whole bunch of state so set up
4017 a transport-context structure to be passed around. */
4019 if (smtp_peer_options & OPTION_CHUNKING)
4021 tctx.check_string = tctx.escape_string = NULL;
4022 tctx.options |= topt_use_bdat;
4023 tctx.chunk_cb = smtp_chunk_cmd_callback;
4024 sx->pending_BDAT = FALSE;
4025 sx->good_RCPT = sx->ok;
4027 tctx.smtp_context = sx;
4030 tctx.options |= topt_end_dot;
4032 /* Save the first address of the next batch. */
4033 sx->first_addr = sx->next_addr;
4035 /* Responses from CHUNKING commands go in buffer. Otherwise,
4036 there has not been a response. */
4040 sigalrm_seen = FALSE;
4041 transport_write_timeout = ob->data_timeout;
4042 smtp_command = US"sending data block"; /* For error messages */
4043 DEBUG(D_transport|D_v)
4044 if (smtp_peer_options & OPTION_CHUNKING)
4045 debug_printf(" will write message using CHUNKING\n");
4047 debug_printf(" SMTP>> (writing message)\n");
4048 transport_count = 0;
4050 #ifndef DISABLE_DKIM
4052 # ifdef MEASURE_TIMING
4054 gettimeofday(&t0, NULL);
4056 dkim_exim_sign_init();
4057 # ifdef EXPERIMENTAL_ARC
4059 uschar * s = ob->arc_sign;
4062 if (!(ob->dkim.arc_signspec = s = expand_string(s)))
4064 if (!f.expand_string_forcedfail)
4066 message = US"failed to expand arc_sign";
4073 /* Ask dkim code to hash the body for ARC */
4074 (void) arc_ams_setup_sign_bodyhash();
4075 ob->dkim.force_bodyhash = TRUE;
4080 # ifdef MEASURE_TIMING
4081 report_time_since(&t0, US"dkim_exim_sign_init (delta)");
4086 /* See if we can pipeline QUIT. Reasons not to are
4087 - pipelining not active
4088 - not ok to send quit
4089 - errors in amtp transation responses
4090 - more addrs to send for this message or this host
4091 - this message was being retried
4092 - more messages for this host
4093 If we can, we want the message-write to not flush (the tail end of) its data out. */
4095 if ( sx->pipelining_used
4096 && (sx->ok && sx->completed_addr || smtp_peer_options & OPTION_CHUNKING)
4098 && !(sx->first_addr || f.continue_more)
4099 && f.deliver_firsttime
4102 smtp_compare_t t_compare =
4103 {.tblock = tblock, .current_sender_address = sender_address};
4108 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4109 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4113 transport_check_waiting(tblock->name, host->name,
4114 tblock->connection_max_messages, new_message_id,
4115 (oicf)smtp_are_same_identities, (void*)&t_compare);
4118 HDEBUG(D_transport) debug_printf("will pipeline QUIT\n");
4119 tctx.options |= topt_no_flush;
4123 #ifndef DISABLE_DKIM
4124 sx->ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
4126 sx->ok = transport_write_message(&tctx, 0);
4129 /* transport_write_message() uses write() because it is called from other
4130 places to write to non-sockets. This means that under some OS (e.g. Solaris)
4131 it can exit with "Broken pipe" as its error. This really means that the
4132 socket got closed at the far end. */
4134 transport_write_timeout = 0; /* for subsequent transports */
4136 /* Failure can either be some kind of I/O disaster (including timeout),
4137 or the failure of a transport filter or the expansion of added headers.
4138 Or, when CHUNKING, it can be a protocol-detected failure. */
4141 if (message) goto SEND_FAILED;
4142 else goto RESPONSE_FAILED;
4144 /* We used to send the terminating "." explicitly here, but because of
4145 buffering effects at both ends of TCP/IP connections, you don't gain
4146 anything by keeping it separate, so it might as well go in the final
4147 data buffer for efficiency. This is now done by setting the topt_end_dot
4150 smtp_command = US"end of data";
4152 /* If we can pipeline a QUIT with the data them send it now. If a new message
4153 for this host appeared in the queue while data was being sent, we will not see
4154 it and it will have to wait for a queue run. If there was one but another
4155 thread took it, we might attempt to send it - but locking of spoolfiles will
4156 detect that. Use _MORE to get QUIT in FIN segment. */
4158 if (tcw_done && !tcw)
4160 /*XXX jgh 2021/03/10 google et. al screwup. G, at least, sends TCP FIN in response to TLS
4161 close-notify. Under TLS 1.3, violating RFC.
4162 However, TLS 1.2 does not have half-close semantics. */
4164 if ( sx->cctx.tls_ctx
4165 #if 0 && !defined(DISABLE_TLS)
4166 && Ustrcmp(tls_out.ver, "TLS1.3") != 0
4168 || !f.deliver_firsttime
4170 { /* Send QUIT now and not later */
4171 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
4172 sx->send_quit = FALSE;
4175 { /* add QUIT to the output buffer */
4176 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4177 sx->send_quit = FALSE; /* avoid sending it later */
4180 if (sx->cctx.tls_ctx && sx->send_tlsclose) /* need to send TLS Close Notify */
4182 # ifdef EXIM_TCP_CORK /* Use _CORK to get Close Notify in FIN segment */
4183 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4185 tls_shutdown_wr(sx->cctx.tls_ctx);
4186 sx->send_tlsclose = FALSE; /* avoid later repeat */
4189 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4190 shutdown(sx->cctx.sock, SHUT_WR); /* flush output buffer, with TCP FIN */
4194 if (smtp_peer_options & OPTION_CHUNKING && sx->cmd_count > 1)
4196 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
4197 switch(sync_responses(sx, sx->cmd_count-1, 0))
4199 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
4200 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
4203 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
4204 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
4205 case 0: break; /* No 2xx or 5xx, but no probs */
4207 case -1: goto END_OFF; /* Timeout on RCPT */
4209 #ifndef DISABLE_PIPE_CONNECT
4210 case -5: /* TLS first-read error */
4211 case -4: HDEBUG(D_transport)
4212 debug_printf("failed reaping pipelined cmd responses\n");
4214 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
4218 #ifndef DISABLE_PRDR
4219 /* For PRDR we optionally get a partial-responses warning followed by the
4220 individual responses, before going on with the overall response. If we don't
4221 get the warning then deal with per non-PRDR. */
4225 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '3', ob->final_timeout);
4226 if (!sx->ok && errno == 0) switch(sx->buffer[0])
4228 case '2': sx->prdr_active = FALSE;
4231 case '4': errno = ERRNO_DATA4XX;
4232 addrlist->more_errno |=
4233 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4240 /* For non-PRDR SMTP, we now read a single response that applies to the
4241 whole message. If it is OK, then all the addresses have been delivered. */
4245 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4247 if (!sx->ok && errno == 0 && sx->buffer[0] == '4')
4249 errno = ERRNO_DATA4XX;
4250 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4254 /* For LMTP, we get back a response for every RCPT command that we sent;
4255 some may be accepted and some rejected. For those that get a response, their
4256 status is fixed; any that are accepted have been handed over, even if later
4257 responses crash - at least, that's how I read RFC 2033.
4259 If all went well, mark the recipient addresses as completed, record which
4260 host/IPaddress they were delivered to, and cut out RSET when sending another
4261 message down the same channel. Write the completed addresses to the journal
4262 now so that they are recorded in case there is a crash of hardware or
4263 software before the spool gets updated. Also record the final SMTP
4264 confirmation if needed (for SMTP only). */
4269 struct timeval delivery_time;
4271 uschar * conf = NULL;
4273 timesince(&delivery_time, &sx->delivery_start);
4274 sx->send_rset = FALSE;
4275 pipelining_active = FALSE;
4277 /* Set up confirmation if needed - applies only to SMTP */
4280 #ifdef DISABLE_EVENT
4281 LOGGING(smtp_confirmation) &&
4286 const uschar * s = string_printing(sx->buffer);
4287 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4288 conf = s == sx->buffer ? US string_copy(s) : US s;
4291 /* Process all transported addresses - for LMTP or PRDR, read a status for
4292 each one. We used to drop out at first_addr, until someone returned a 452
4293 followed by a 250... and we screwed up the accepted addresses. */
4295 for (address_item * addr = addrlist; addr; addr = addr->next)
4297 if (addr->transport_return != PENDING_OK) continue;
4299 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
4300 remaining addresses. Otherwise, it's a return code for just the one
4301 address. For temporary errors, add a retry item for the address so that
4302 it doesn't get tried again too soon. */
4304 #ifndef DISABLE_PRDR
4305 if (sx->lmtp || sx->prdr_active)
4310 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4313 if (errno != 0 || sx->buffer[0] == 0) goto RESPONSE_FAILED;
4314 addr->message = string_sprintf(
4315 #ifndef DISABLE_PRDR
4316 "%s error after %s: %s", sx->prdr_active ? "PRDR":"LMTP",
4318 "LMTP error after %s: %s",
4320 data_command, string_printing(sx->buffer));
4321 setflag(addr, af_pass_message); /* Allow message to go to user */
4322 if (sx->buffer[0] == '5')
4323 addr->transport_return = FAIL;
4326 errno = ERRNO_DATA4XX;
4327 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4328 addr->transport_return = DEFER;
4329 #ifndef DISABLE_PRDR
4330 if (!sx->prdr_active)
4332 retry_add_item(addr, addr->address_retry_key, 0);
4336 sx->completed_addr = TRUE; /* NOW we can set this flag */
4337 if (LOGGING(smtp_confirmation))
4339 const uschar *s = string_printing(sx->buffer);
4340 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4341 conf = (s == sx->buffer) ? US string_copy(s) : US s;
4345 /* SMTP, or success return from LMTP for this address. Pass back the
4346 actual host that was used. */
4348 addr->transport_return = OK;
4349 addr->host_used = host;
4350 addr->delivery_time = delivery_time;
4351 addr->special_action = flag;
4352 addr->message = conf;
4354 if (tcp_out_fastopen)
4356 setflag(addr, af_tcp_fastopen_conn);
4357 if (tcp_out_fastopen >= TFO_USED_NODATA) setflag(addr, af_tcp_fastopen);
4358 if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data);
4360 if (sx->pipelining_used) setflag(addr, af_pipelining);
4361 #ifndef DISABLE_PIPE_CONNECT
4362 if (sx->early_pipe_active) setflag(addr, af_early_pipe);
4364 #ifndef DISABLE_PRDR
4365 if (sx->prdr_active) setflag(addr, af_prdr_used);
4367 if (smtp_peer_options & OPTION_CHUNKING) setflag(addr, af_chunking_used);
4370 #ifndef DISABLE_PRDR
4371 if (!sx->prdr_active)
4374 /* Update the journal. For homonymic addresses, use the base address plus
4375 the transport name. See lots of comments in deliver.c about the reasons
4376 for the complications when homonyms are involved. Just carry on after
4377 write error, as it may prove possible to update the spool file later. */
4379 if (testflag(addr, af_homonym))
4380 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4382 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4384 DEBUG(D_deliver) debug_printf("S:journalling %s", sx->buffer);
4385 len = Ustrlen(CS sx->buffer);
4386 if (write(journal_fd, sx->buffer, len) != len)
4387 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4388 "%s: %s", sx->buffer, strerror(errno));
4392 #ifndef DISABLE_PRDR
4393 if (sx->prdr_active)
4395 const uschar * overall_message;
4397 /* PRDR - get the final, overall response. For any non-success
4398 upgrade all the address statuses. */
4400 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4404 if(errno == 0 && sx->buffer[0] == '4')
4406 errno = ERRNO_DATA4XX;
4407 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4409 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4410 if (sx->buffer[0] == '5' || addr->transport_return == OK)
4411 addr->transport_return = PENDING_OK; /* allow set_errno action */
4412 goto RESPONSE_FAILED;
4415 /* Append the overall response to the individual PRDR response for logging
4416 and update the journal, or setup retry. */
4418 overall_message = string_printing(sx->buffer);
4419 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4420 if (addr->transport_return == OK)
4421 addr->message = string_sprintf("%s\\n%s", addr->message, overall_message);
4423 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4424 if (addr->transport_return == OK)
4426 if (testflag(addr, af_homonym))
4427 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4429 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4431 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx->buffer);
4432 len = Ustrlen(CS sx->buffer);
4433 if (write(journal_fd, sx->buffer, len) != len)
4434 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4435 "%s: %s", sx->buffer, strerror(errno));
4437 else if (addr->transport_return == DEFER)
4438 /*XXX magic value -2 ? maybe host+message ? */
4439 retry_add_item(addr, addr->address_retry_key, -2);
4443 /* Ensure the journal file is pushed out to disk. */
4445 if (EXIMfsync(journal_fd) < 0)
4446 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
4452 /* Handle general (not specific to one address) failures here. The value of ok
4453 is used to skip over this code on the falling through case. A timeout causes a
4454 deferral. Other errors may defer or fail according to the response code, and
4455 may set up a special errno value, e.g. after connection chopped, which is
4456 assumed if errno == 0 and there is no text in the buffer. If control reaches
4457 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
4458 the problem is not related to this specific message. */
4463 uschar * set_message;
4469 /* Clear send_quit flag if needed. Do not set. */
4470 sx->send_quit &= check_response(host, &save_errno, addrlist->more_errno,
4471 sx->buffer, &code, &message, &pass_message);
4479 message = string_sprintf("smtp send to %s [%s] failed: %s",
4480 host->name, host->address, message ? message : US strerror(save_errno));
4481 sx->send_quit = FALSE;
4489 sx->ok = FALSE; /* For when reached by GOTO */
4490 set_message = message;
4492 /* We want to handle timeouts after MAIL or "." and loss of connection after
4493 "." specially. They can indicate a problem with the sender address or with
4494 the contents of the message rather than a real error on the connection. These
4495 cases are treated in the same way as a 4xx response. This next bit of code
4496 does the classification. */
4503 message_error = TRUE;
4507 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
4508 Ustrncmp(smtp_command,"end ",4) == 0;
4511 case ERRNO_SMTPCLOSED:
4512 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
4515 #ifndef DISABLE_DKIM
4517 /* DKIM signing failure: avoid thinking we pipelined quit,
4518 just abandon the message and close the socket. */
4520 message_error = FALSE;
4521 # ifndef DISABLE_TLS
4522 if (sx->cctx.tls_ctx)
4524 tls_close(sx->cctx.tls_ctx,
4525 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4526 sx->cctx.tls_ctx = NULL;
4532 message_error = FALSE;
4536 /* Handle the cases that are treated as message errors. These are:
4538 (a) negative response or timeout after MAIL
4539 (b) negative response after DATA
4540 (c) negative response or timeout or dropped connection after "."
4541 (d) utf8 support required and not offered
4543 It won't be a negative response or timeout after RCPT, as that is dealt
4544 with separately above. The action in all cases is to set an appropriate
4545 error code for all the addresses, but to leave yield set to OK because the
4546 host itself has not failed. Of course, it might in practice have failed
4547 when we've had a timeout, but if so, we'll discover that at the next
4548 delivery attempt. For a temporary error, set the message_defer flag, and
4549 write to the logs for information if this is not the last host. The error
4550 for the last host will be logged as part of the address's log line. */
4554 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
4556 /* If there's an errno, the message contains just the identity of
4561 else /* Anything other than 5 is treated as temporary */
4565 message = US string_sprintf("%s: %s", message, strerror(save_errno));
4567 write_logs(host, message, sx->first_addr ? sx->first_addr->basic_errno : 0);
4569 *message_defer = TRUE;
4572 DEBUG(D_transport) if (sx->cctx.sock >= 0)
4575 if (ioctl(sx->cctx.sock, TIOCOUTQ, &n) == 0)
4576 debug_printf("%d bytes remain in socket output buffer\n", n);
4580 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
4581 ".", or some other transportation error. We defer all addresses and yield
4582 DEFER, except for the case of failed add_headers expansion, or a transport
4583 filter failure, when the yield should be ERROR, to stop it trying other
4588 #ifndef DISABLE_PIPE_CONNECT
4589 /* If we were early-pipelinng and the actual EHLO response did not match
4590 the cached value we assumed, we could have detected it and passed a
4591 custom errno through to here. It would be nice to RSET and retry right
4592 away, but to reliably do that we eould need an extra synch point before
4593 we committed to data and that would discard half the gained roundrips.
4594 Or we could summarily drop the TCP connection. but that is also ugly.
4595 Instead, we ignore the possibility (having freshened the cache) and rely
4596 on the server telling us with a nonmessage error if we have tried to
4597 do something it no longer supports. */
4600 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
4601 save_errno == ERRNO_FILTER_FAIL) ? ERROR : DEFER;
4605 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host,
4606 #ifdef EXPERIMENTAL_DSN_INFO
4607 sx->smtp_greeting, sx->helo_response,
4609 &sx->delivery_start);
4612 /* If all has gone well, send_quit will be set TRUE, implying we can end the
4613 SMTP session tidily. However, if there were too many addresses to send in one
4614 message (indicated by first_addr being non-NULL) we want to carry on with the
4615 rest of them. Also, it is desirable to send more than one message down the SMTP
4616 connection if there are several waiting, provided we haven't already sent so
4617 many as to hit the configured limit. The function transport_check_waiting looks
4618 for a waiting message and returns its id. Then transport_pass_socket tries to
4619 set up a continued delivery by passing the socket on to another process. The
4620 variable send_rset is FALSE if a message has just been successfully transferred.
4622 If we are already sending down a continued channel, there may be further
4623 addresses not yet delivered that are aimed at the same host, but which have not
4624 been passed in this run of the transport. In this case, continue_more will be
4625 true, and all we should do is send RSET if necessary, and return, leaving the
4628 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
4629 do not want to continue with other messages down the same channel, because that
4630 can lead to looping between two or more messages, all with the same,
4631 temporarily failing address(es). [The retry information isn't updated yet, so
4632 new processes keep on trying.] We probably also don't want to try more of this
4633 message's addresses either.
4635 If we have started a TLS session, we have to end it before passing the
4636 connection to a new process. However, not all servers can handle this (Exim
4637 can), so we do not pass such a connection on if the host matches
4638 hosts_nopass_tls. */
4641 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
4642 "yield=%d first_address is %sNULL\n", sx->ok, sx->send_quit,
4643 sx->send_rset, f.continue_more, yield, sx->first_addr ? "not " : "");
4645 if (sx->completed_addr && sx->ok && sx->send_quit)
4646 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4647 if (mail_limit = continue_sequence >= sx->max_mail)
4650 debug_printf("reached limit %u for MAILs per conn\n", sx->max_mail);
4655 smtp_compare_t t_compare =
4656 {.tblock = tblock, .current_sender_address = sender_address};
4658 if ( sx->first_addr /* more addrs for this message */
4659 || f.continue_more /* more addrs for continued-host */
4660 || tcw_done && tcw /* more messages for host */
4663 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4664 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4668 transport_check_waiting(tblock->name, host->name,
4669 sx->max_mail, new_message_id,
4670 (oicf)smtp_are_same_identities, (void*)&t_compare)
4677 if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))
4679 msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name,
4680 host->address, strerror(errno));
4681 sx->send_quit = FALSE;
4683 else if (! (sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4684 '2', ob->command_timeout)))
4687 sx->send_quit = check_response(host, &errno, 0, sx->buffer, &code, &msg,
4691 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
4692 host->name, host->address, msg);
4696 /* Either RSET was not needed, or it succeeded */
4703 int socket_fd = sx->cctx.sock;
4705 if (sx->first_addr) /* More addresses still to be sent */
4706 { /* for this message */
4707 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4708 /* Any that we marked as skipped, reset to do now */
4709 for (address_item * a = sx->first_addr; a; a = a->next)
4710 if (a->transport_return == SKIP)
4711 a->transport_return = PENDING_DEFER;
4713 continue_sequence++; /* for consistency */
4714 clearflag(sx->first_addr, af_new_conn);
4715 setflag(sx->first_addr, af_cont_conn); /* Causes * in logging */
4716 pipelining_active = sx->pipelining_used; /* was cleared at DATA */
4720 /* Unless caller said it already has more messages listed for this host,
4721 pass the connection on to a new Exim process (below, the call to
4722 transport_pass_socket). If the caller has more ready, just return with
4723 the connection still open. */
4726 if (tls_out.active.sock >= 0)
4727 if ( f.continue_more
4728 || verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)
4730 /* Before passing the socket on, or returning to caller with it still
4731 open, we must shut down TLS. Not all MTAs allow for the continuation
4732 of the SMTP session when TLS is shut down. We test for this by sending
4733 a new EHLO. If we don't get a good response, we don't attempt to pass
4735 NB: TLS close is *required* per RFC 9266 when tls-exporter info has
4736 been used, which we do under TLSv1.3 for the gsasl SCRAM*PLUS methods.
4737 But we were always doing it anyway. */
4739 tls_close(sx->cctx.tls_ctx,
4740 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4741 sx->send_tlsclose = FALSE;
4742 sx->cctx.tls_ctx = NULL;
4743 tls_out.active.sock = -1;
4744 smtp_peer_options = smtp_peer_options_wrap;
4746 && smtp_write_command(sx, SCMD_FLUSH, "EHLO %s\r\n", sx->helo_data)
4748 && smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4749 '2', ob->command_timeout);
4751 if (sx->ok && f.continue_more)
4752 goto TIDYUP; /* More addresses for another run */
4756 /* Set up a pipe for proxying TLS for the new transport process */
4758 smtp_peer_options |= OPTION_TLS;
4759 if ((sx->ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
4762 set_errno(sx->first_addr, errno, US"internal allocation problem",
4764 # ifdef EXPERIMENTAL_DSN_INFO
4765 sx->smtp_greeting, sx->helo_response,
4767 &sx->delivery_start);
4771 if (f.continue_more)
4772 goto TIDYUP; /* More addresses for another run */
4774 /* If the socket is successfully passed, we mustn't send QUIT (or
4775 indeed anything!) from here. */
4777 /*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
4778 propagate it from the initial
4780 if (sx->ok && transport_pass_socket(tblock->name, host->name,
4781 host->address, new_message_id, socket_fd
4782 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4783 , sx->peer_limit_mail, sx->peer_limit_rcpt, sx->peer_limit_rcptdom
4787 sx->send_quit = FALSE;
4789 /* We have passed the client socket to a fresh transport process.
4790 If TLS is still active, we need to proxy it for the transport we
4791 just passed the baton to. Fork a child to to do it, and return to
4792 get logging done asap. Which way to place the work makes assumptions
4793 about post-fork prioritisation which may not hold on all platforms. */
4795 if (tls_out.active.sock >= 0)
4797 int pid = exim_fork(US"tls-proxy-interproc");
4798 if (pid == 0) /* child; fork again to disconnect totally */
4800 /* does not return */
4801 smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
4802 ob->command_timeout, host->name);
4805 if (pid > 0) /* parent */
4808 /* tidy the inter-proc to disconn the proxy proc */
4809 waitpid(pid, NULL, 0);
4810 tls_close(sx->cctx.tls_ctx, TLS_NO_SHUTDOWN);
4811 sx->cctx.tls_ctx = NULL;
4812 (void)close(sx->cctx.sock);
4814 continue_transport = NULL;
4815 continue_hostname = NULL;
4818 log_write(0, LOG_PANIC_DIE, "fork failed");
4824 /* If RSET failed and there are addresses left, they get deferred. */
4826 set_errno(sx->first_addr, errno, msg, DEFER, FALSE, host,
4827 #ifdef EXPERIMENTAL_DSN_INFO
4828 sx->smtp_greeting, sx->helo_response,
4830 &sx->delivery_start);
4834 /* End off tidily with QUIT unless the connection has died or the socket has
4835 been passed to another process. */
4839 { /* Use _MORE to get QUIT in FIN segment */
4840 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4842 if (sx->cctx.tls_ctx && sx->send_tlsclose)
4844 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
4845 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4847 tls_shutdown_wr(sx->cctx.tls_ctx);
4848 sx->send_tlsclose = FALSE;
4855 /* Close the socket, and return the appropriate value, first setting
4856 works because the NULL setting is passed back to the calling process, and
4857 remote_max_parallel is forced to 1 when delivering over an existing connection,
4859 If all went well and continue_more is set, we shouldn't actually get here if
4860 there are further addresses, as the return above will be taken. However,
4861 writing RSET might have failed, or there may be other addresses whose hosts are
4862 specified in the transports, and therefore not visible at top level, in which
4863 case continue_more won't get set. */
4867 /* This flushes data queued in the socket, being the QUIT and any TLS Close,
4868 sending them along with the client FIN flag. Us (we hope) sending FIN first
4869 means we (client) take the TIME_WAIT state, so the server (which likely has a
4870 higher connection rate) does not have to. */
4872 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4873 shutdown(sx->cctx.sock, SHUT_WR);
4876 if (sx->send_quit || tcw_done && !tcw)
4878 /* Wait for (we hope) ack of our QUIT, and a server FIN. Discard any data
4879 received, then discard the socket. Any packet received after then, or receive
4880 data still in the socket, will get a RST - hence the pause/drain. */
4882 /* Reap the response to QUIT, timing out after one second */
4883 (void) smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
4885 if (sx->cctx.tls_ctx)
4889 /* Reap the TLS Close Notify from the server, timing out after one second */
4890 sigalrm_seen = FALSE;
4893 n = tls_read(sx->cctx.tls_ctx, sx->inbuffer, sizeof(sx->inbuffer));
4894 while (!sigalrm_seen && n > 0);
4897 if (sx->send_tlsclose)
4899 # ifdef EXIM_TCP_CORK
4900 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4902 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
4905 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WONLY);
4906 sx->cctx.tls_ctx = NULL;
4910 /* Drain any trailing data from the socket before close, to avoid sending a RST */
4912 if ( poll_one_fd(sx->cctx.sock, POLLIN, 20) != 0 /* 20ms */
4913 && fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
4914 for (int i = 16, n; /* drain socket */
4915 (n = read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer))) > 0 && i > 0;
4916 i--) HDEBUG(D_transport|D_acl|D_v)
4919 debug_printf_indent(" SMTP(drain %d bytes)<< %.*s\n", n, m, sx->inbuffer);
4920 for (m = 0; m < n; m++)
4921 debug_printf("0x%02x\n", sx->inbuffer[m]);
4924 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
4925 (void)close(sx->cctx.sock);
4927 continue_transport = NULL;
4928 continue_hostname = NULL;
4929 smtp_debug_cmd_report();
4931 #ifndef DISABLE_EVENT
4932 (void) event_raise(tblock->event_action, US"tcp:close", NULL, NULL);
4938 sx->first_addr = NULL;
4939 for (address_item * a = sx->addrlist->next; a; a = a->next)
4940 if (a->transport_return == DANE)
4942 a->transport_return = PENDING_DEFER;
4943 if (!sx->first_addr)
4945 /* Remember the new start-point in the addrlist, for smtp_setup_conn()
4946 to get the domain string for SNI */
4949 clearflag(a, af_cont_conn);
4950 setflag(a, af_new_conn); /* clear * from logging */
4951 DEBUG(D_transport) debug_printf("DANE: go-around for %s\n", a->domain);
4954 continue_sequence = 1; /* for consistency */
4959 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4960 if (mail_limit && sx->first_addr)
4962 /* Reset the sequence count since we closed the connection. This is flagged
4963 on the pipe back to the delivery process so that a non-continued-conn delivery
4966 continue_sequence = 1; /* for consistency */
4967 clearflag(sx->first_addr, af_cont_conn);
4968 setflag(sx->first_addr, af_new_conn); /* clear * from logging */
4977 if (dane_held) for (address_item * a = sx->addrlist->next; a; a = a->next)
4978 if (a->transport_return == DANE)
4979 a->transport_return = PENDING_DEFER;
4987 /*************************************************
4988 * Closedown entry point *
4989 *************************************************/
4991 /* This function is called when exim is passed an open smtp channel
4992 from another incarnation, but the message which it has been asked
4993 to deliver no longer exists. The channel is on stdin.
4995 We might do fancy things like looking for another message to send down
4996 the channel, but if the one we sought has gone, it has probably been
4997 delivered by some other process that itself will seek further messages,
4998 so just close down our connection.
5000 Argument: pointer to the transport instance block
5005 smtp_transport_closedown(transport_instance *tblock)
5007 smtp_transport_options_block * ob = SOB tblock->options_block;
5008 client_conn_ctx cctx;
5009 smtp_context sx = {0};
5011 uschar inbuffer[4096];
5012 uschar outbuffer[16];
5014 /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
5015 cctx.sock = fileno(stdin);
5016 cctx.tls_ctx = cctx.sock == tls_out.active.sock ? tls_out.active.tls_ctx : NULL;
5018 sx.inblock.cctx = &cctx;
5019 sx.inblock.buffer = inbuffer;
5020 sx.inblock.buffersize = sizeof(inbuffer);
5021 sx.inblock.ptr = inbuffer;
5022 sx.inblock.ptrend = inbuffer;
5024 sx.outblock.cctx = &cctx;
5025 sx.outblock.buffersize = sizeof(outbuffer);
5026 sx.outblock.buffer = outbuffer;
5027 sx.outblock.ptr = outbuffer;
5028 sx.outblock.cmd_count = 0;
5029 sx.outblock.authenticating = FALSE;
5031 (void)smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
5032 (void)smtp_read_response(&sx, buffer, sizeof(buffer), '2', ob->command_timeout);
5033 (void)close(cctx.sock);
5038 /*************************************************
5039 * Prepare addresses for delivery *
5040 *************************************************/
5042 /* This function is called to flush out error settings from previous delivery
5043 attempts to other hosts. It also records whether we got here via an MX record
5044 or not in the more_errno field of the address. We are interested only in
5045 addresses that are still marked DEFER - others may have got delivered to a
5046 previously considered IP address. Set their status to PENDING_DEFER to indicate
5047 which ones are relevant this time.
5050 addrlist the list of addresses
5051 host the host we are delivering to
5053 Returns: the first address for this delivery
5056 static address_item *
5057 prepare_addresses(address_item *addrlist, host_item *host)
5059 address_item *first_addr = NULL;
5060 for (address_item * addr = addrlist; addr; addr = addr->next)
5061 if (addr->transport_return == DEFER)
5063 if (!first_addr) first_addr = addr;
5064 addr->transport_return = PENDING_DEFER;
5065 addr->basic_errno = 0;
5066 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
5067 addr->message = NULL;
5069 addr->cipher = NULL;
5070 addr->ourcert = NULL;
5071 addr->peercert = NULL;
5072 addr->peerdn = NULL;
5073 addr->ocsp = OCSP_NOT_REQ;
5074 addr->tlsver = NULL;
5076 #ifdef EXPERIMENTAL_DSN_INFO
5077 addr->smtp_greeting = NULL;
5078 addr->helo_response = NULL;
5086 /*************************************************
5087 * Main entry point *
5088 *************************************************/
5090 /* See local README for interface details. As this is a remote transport, it is
5091 given a chain of addresses to be delivered in one connection, if possible. It
5092 always returns TRUE, indicating that each address has its own independent
5093 status set, except if there is a setting up problem, in which case it returns
5097 smtp_transport_entry(
5098 transport_instance *tblock, /* data for this instantiation */
5099 address_item *addrlist) /* addresses we are working on */
5102 int hosts_defer = 0;
5104 int hosts_looked_up = 0;
5105 int hosts_retry = 0;
5106 int hosts_serial = 0;
5107 int hosts_total = 0;
5108 int total_hosts_tried = 0;
5109 BOOL expired = TRUE;
5110 uschar *expanded_hosts = NULL;
5112 uschar *tid = string_sprintf("%s transport", tblock->name);
5113 smtp_transport_options_block *ob = SOB tblock->options_block;
5114 host_item *hostlist = addrlist->host_list;
5115 host_item *host = NULL;
5119 debug_printf("%s transport entered\n", tblock->name);
5120 for (address_item * addr = addrlist; addr; addr = addr->next)
5121 debug_printf(" %s\n", addr->address);
5124 debug_printf("hostlist:\n");
5125 for (host_item * host = hostlist; host; host = host->next)
5126 debug_printf(" '%s' IP %s port %d\n", host->name, host->address, host->port);
5128 if (continue_hostname)
5129 debug_printf("already connected to %s [%s] (on fd %d)\n",
5130 continue_hostname, continue_host_address,
5131 cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
5134 /* Check the restrictions on line length */
5136 if (max_received_linelength > ob->message_linelength_limit)
5139 gettimeofday(&now, NULL);
5141 for (address_item * addr = addrlist; addr; addr = addr->next)
5142 if (addr->transport_return == DEFER)
5143 addr->transport_return = PENDING_DEFER;
5145 set_errno_nohost(addrlist, ERRNO_SMTPFORMAT,
5146 US"message has lines too long for transport", FAIL, TRUE, &now);
5150 /* Set the flag requesting that these hosts be added to the waiting
5151 database if the delivery fails temporarily or if we are running with
5152 queue_smtp or a 2-stage queue run. This gets unset for certain
5153 kinds of error, typically those that are specific to the message. */
5155 update_waiting = TRUE;
5157 /* If a host list is not defined for the addresses - they must all have the
5158 same one in order to be passed to a single transport - or if the transport has
5159 a host list with hosts_override set, use the host list supplied with the
5160 transport. It is an error for this not to exist. */
5162 if (!hostlist || (ob->hosts_override && ob->hosts))
5166 addrlist->message = string_sprintf("%s transport called with no hosts set",
5168 addrlist->transport_return = PANIC;
5169 return FALSE; /* Only top address has status */
5172 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
5175 /* If the transport's host list contains no '$' characters, and we are not
5176 randomizing, it is fixed and therefore a chain of hosts can be built once
5177 and for all, and remembered for subsequent use by other calls to this
5178 transport. If, on the other hand, the host list does contain '$', or we are
5179 randomizing its order, we have to rebuild it each time. In the fixed case,
5180 as the hosts string will never be used again, it doesn't matter that we
5181 replace all the : characters with zeros. */
5185 uschar *s = ob->hosts;
5187 if (Ustrchr(s, '$'))
5189 if (!(expanded_hosts = expand_string(s)))
5191 addrlist->message = string_sprintf("failed to expand list of hosts "
5192 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
5193 addrlist->transport_return = f.search_find_defer ? DEFER : PANIC;
5194 return FALSE; /* Only top address has status */
5196 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
5197 "\"%s\"\n", s, expanded_hosts);
5201 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
5205 log_write(0, LOG_MAIN|LOG_PANIC,
5206 "attempt to use tainted host list '%s' from '%s' in transport %s",
5207 s, ob->hosts, tblock->name);
5208 /* Avoid leaking info to an attacker */
5209 addrlist->message = US"internal configuration error";
5210 addrlist->transport_return = PANIC;
5214 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
5216 /* Check that the expansion yielded something useful. */
5220 string_sprintf("%s transport has empty hosts setting", tblock->name);
5221 addrlist->transport_return = PANIC;
5222 return FALSE; /* Only top address has status */
5225 /* If there was no expansion of hosts, save the host list for
5228 if (!expanded_hosts) ob->hostlist = hostlist;
5231 /* This is not the first time this transport has been run in this delivery;
5232 the host list was built previously. */
5235 hostlist = ob->hostlist;
5238 /* The host list was supplied with the address. If hosts_randomize is set, we
5239 must sort it into a random order if it did not come from MX records and has not
5240 already been randomized (but don't bother if continuing down an existing
5243 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname)
5245 host_item *newlist = NULL;
5248 host_item *h = hostlist;
5249 hostlist = hostlist->next;
5251 h->sort_key = random_number(100);
5258 else if (h->sort_key < newlist->sort_key)
5265 host_item *hh = newlist;
5268 if (h->sort_key < hh->next->sort_key) break;
5276 hostlist = addrlist->host_list = newlist;
5279 /* Sort out the default port. */
5281 if (!smtp_get_port(ob->port, addrlist, &defport, tid)) return FALSE;
5283 /* For each host-plus-IP-address on the list:
5285 . If this is a continued delivery and the host isn't the one with the
5286 current connection, skip.
5288 . If the status is unusable (i.e. previously failed or retry checked), skip.
5290 . If no IP address set, get the address, either by turning the name into
5291 an address, calling gethostbyname if gethostbyname is on, or by calling
5292 the DNS. The DNS may yield multiple addresses, in which case insert the
5293 extra ones into the list.
5295 . Get the retry data if not previously obtained for this address and set the
5296 field which remembers the state of this address. Skip if the retry time is
5297 not reached. If not, remember whether retry data was found. The retry string
5298 contains both the name and the IP address.
5300 . Scan the list of addresses and mark those whose status is DEFER as
5301 PENDING_DEFER. These are the only ones that will be processed in this cycle
5304 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
5305 Some addresses may be successfully delivered, others may fail, and yet
5306 others may get temporary errors and so get marked DEFER.
5308 . The return from the delivery attempt is OK if a connection was made and a
5309 valid SMTP dialogue was completed. Otherwise it is DEFER.
5311 . If OK, add a "remove" retry item for this host/IPaddress, if any.
5313 . If fail to connect, or other defer state, add a retry item.
5315 . If there are any addresses whose status is still DEFER, carry on to the
5316 next host/IPaddress, unless we have tried the number of hosts given
5317 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
5318 there is some fancy logic for hosts_max_try that means its limit can be
5319 overstepped in some circumstances.
5321 If we get to the end of the list, all hosts have deferred at least one address,
5322 or not reached their retry times. If delay_after_cutoff is unset, it requests a
5323 delivery attempt to those hosts whose last try was before the arrival time of
5324 the current message. To cope with this, we have to go round the loop a second
5325 time. After that, set the status and error data for any addresses that haven't
5326 had it set already. */
5328 for (int cutoff_retry = 0;
5329 expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2);
5332 host_item *nexthost = NULL;
5333 int unexpired_hosts_tried = 0;
5334 BOOL continue_host_tried = FALSE;
5336 retry_non_continued:
5337 for (host = hostlist;
5339 && unexpired_hosts_tried < ob->hosts_max_try
5340 && total_hosts_tried < ob->hosts_max_try_hardlimit;
5345 BOOL host_is_expired = FALSE;
5346 BOOL message_defer = FALSE;
5347 BOOL some_deferred = FALSE;
5348 address_item *first_addr = NULL;
5349 uschar *interface = NULL;
5350 uschar *retry_host_key = NULL;
5351 uschar *retry_message_key = NULL;
5352 uschar *serialize_key = NULL;
5354 /* Deal slightly better with a possible Linux kernel bug that results
5355 in intermittent TFO-conn fails deep into the TCP flow. Bug 2907 tracks.
5356 Hack: Clear TFO option for any further hosts on this tpt run. */
5358 if (total_hosts_tried > 0)
5360 DEBUG(D_transport|D_acl|D_v)
5361 debug_printf("Clearing TFO as not first host for message\n");
5362 ob->hosts_try_fastopen = US"";
5365 /* Default next host is next host. :-) But this can vary if the
5366 hosts_max_try limit is hit (see below). It may also be reset if a host
5367 address is looked up here (in case the host was multihomed). */
5369 nexthost = host->next;
5371 /* If the address hasn't yet been obtained from the host name, look it up
5372 now, unless the host is already marked as unusable. If it is marked as
5373 unusable, it means that the router was unable to find its IP address (in
5374 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
5375 the lookup failed last time. We don't get this far if *all* MX records
5376 point to non-existent hosts; that is treated as a hard error.
5378 We can just skip this host entirely. When the hosts came from the router,
5379 the address will timeout based on the other host(s); when the address is
5380 looked up below, there is an explicit retry record added.
5382 Note that we mustn't skip unusable hosts if the address is not unset; they
5383 may be needed as expired hosts on the 2nd time round the cutoff loop. */
5387 int new_port, flags;
5389 if (host->status >= hstatus_unusable)
5391 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
5396 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
5398 /* The host name is permitted to have an attached port. Find it, and
5399 strip it from the name. Just remember it for now. */
5401 new_port = host_item_get_port(host);
5403 /* Count hosts looked up */
5407 /* Find by name if so configured, or if it's an IP address. We don't
5408 just copy the IP address, because we need the test-for-local to happen. */
5410 flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
5411 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
5412 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
5414 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
5415 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
5417 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
5418 &ob->dnssec, /* domains for request/require */
5421 /* Update the host (and any additional blocks, resulting from
5422 multihoming) with a host-specific port, if any. */
5424 for (host_item * hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
5426 /* Failure to find the host at this time (usually DNS temporary failure)
5427 is really a kind of routing failure rather than a transport failure.
5428 Therefore we add a retry item of the routing kind, not to stop us trying
5429 to look this name up here again, but to ensure the address gets timed
5430 out if the failures go on long enough. A complete failure at this point
5431 commonly points to a configuration error, but the best action is still
5432 to carry on for the next host. */
5434 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
5436 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
5438 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
5439 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
5440 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
5441 host->status = hstatus_unusable;
5443 for (address_item * addr = addrlist; addr; addr = addr->next)
5445 if (addr->transport_return != DEFER) continue;
5446 addr->basic_errno = ERRNO_UNKNOWNHOST;
5447 addr->message = string_sprintf(
5448 rc == HOST_FIND_SECURITY
5449 ? "lookup of IP address for %s was insecure"
5450 : "failed to lookup IP address for %s",
5456 /* If the host is actually the local host, we may have a problem, or
5457 there may be some cunning configuration going on. In the problem case,
5458 log things and give up. The default transport status is already DEFER. */
5460 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
5462 for (address_item * addr = addrlist; addr; addr = addr->next)
5464 addr->basic_errno = ERRNO_HOST_IS_LOCAL;
5465 addr->message = string_sprintf("%s transport found host %s to be "
5466 "local", tblock->name, host->name);
5470 } /* End of block for IP address lookup */
5472 /* If this is a continued delivery, we are interested only in the host
5473 which matches the name of the existing open channel. The check is put
5474 here after the local host lookup, in case the name gets expanded as a
5475 result of the lookup. Set expired FALSE, to save the outer loop executing
5478 if (continue_hostname)
5479 if ( Ustrcmp(continue_hostname, host->name) != 0
5480 || Ustrcmp(continue_host_address, host->address) != 0
5484 continue; /* With next host */
5487 continue_host_tried = TRUE;
5489 /* Reset the default next host in case a multihomed host whose addresses
5490 are not looked up till just above added to the host list. */
5492 nexthost = host->next;
5494 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
5495 domain is in queue_smtp_domains, we don't actually want to attempt any
5496 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
5497 there is a lookup defer in queue_smtp_domains, proceed as if the domain
5498 were not in it. We don't want to hold up all SMTP deliveries! Except when
5499 doing a two-stage queue run, don't do this if forcing. */
5501 if ( (!f.deliver_force || f.queue_2stage)
5503 || match_isinlist(addrlist->domain,
5504 CUSS &queue_smtp_domains, 0,
5505 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
5508 DEBUG(D_transport) debug_printf("first-pass routing only\n");
5510 for (address_item * addr = addrlist; addr; addr = addr->next)
5511 if (addr->transport_return == DEFER)
5512 addr->message = US"first-pass only routing due to -odqs, "
5513 "queue_smtp_domains or control=queue";
5514 continue; /* With next host */
5517 /* Count hosts being considered - purely for an intelligent comment
5518 if none are usable. */
5522 /* Set $host and $host address now in case they are needed for the
5523 interface expansion or the serialize_hosts check; they remain set if an
5524 actual delivery happens. */
5526 deliver_host = host->name;
5527 deliver_host_address = host->address;
5528 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
5529 : host->dnssec == DS_NO ? US"no"
5532 /* Set up a string for adding to the retry key if the port number is not
5533 the standard SMTP port. A host may have its own port setting that overrides
5536 pistring = string_sprintf(":%d", host->port == PORT_NONE
5537 ? defport : host->port);
5538 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
5540 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
5541 string is set, even if constant (as different transports can have different
5542 constant settings), we must add it to the key that is used for retries,
5543 because connections to the same host from a different interface should be
5544 treated separately. */
5546 host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET;
5548 uschar * s = ob->interface;
5551 if (!smtp_get_interface(s, host_af, addrlist, &interface, tid))
5553 pistring = string_sprintf("%s/%s", pistring, interface);
5557 /* The first time round the outer loop, check the status of the host by
5558 inspecting the retry data. The second time round, we are interested only
5559 in expired hosts that haven't been tried since this message arrived. */
5561 if (cutoff_retry == 0)
5564 /* Ensure the status of the address is set by checking retry data if
5565 necessary. There may be host-specific retry data (applicable to all
5566 messages) and also data for retries of a specific message at this host.
5567 If either of these retry records are actually read, the keys used are
5568 returned to save recomputing them later. */
5570 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5571 US"retry_include_ip_address", ob->retry_include_ip_address,
5572 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5573 continue; /* with next host */
5575 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
5576 incl_ip, &retry_host_key, &retry_message_key);
5578 DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
5579 host->address ? host->address : US"", pistring,
5580 host->status == hstatus_usable ? "usable"
5581 : host->status == hstatus_unusable ? "unusable"
5582 : host->status == hstatus_unusable_expired ? "unusable (expired)" : "?");
5584 /* Skip this address if not usable at this time, noting if it wasn't
5585 actually expired, both locally and in the address. */
5587 switch (host->status)
5589 case hstatus_unusable:
5591 setflag(addrlist, af_retry_skipped);
5594 case hstatus_unusable_expired:
5597 case hwhy_retry: hosts_retry++; break;
5598 case hwhy_failed: hosts_fail++; break;
5600 case hwhy_deferred: hosts_defer++; break;
5603 /* If there was a retry message key, implying that previously there
5604 was a message-specific defer, we don't want to update the list of
5605 messages waiting for these hosts. */
5607 if (retry_message_key) update_waiting = FALSE;
5608 continue; /* With the next host or IP address */
5612 /* Second time round the loop: if the address is set but expired, and
5613 the message is newer than the last try, let it through. */
5618 || host->status != hstatus_unusable_expired
5619 || host->last_try > received_time.tv_sec)
5621 DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n",
5622 host->name, host->address, pistring);
5623 host_is_expired = TRUE;
5626 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
5627 it remains TRUE only if all hosts are expired and none are actually tried.
5632 /* If this host is listed as one to which access must be serialized,
5633 see if another Exim process has a connection to it, and if so, skip
5634 this host. If not, update the database to record our connection to it
5635 and remember this for later deletion. Do not do any of this if we are
5636 sending the message down a pre-existing connection. */
5638 if ( !continue_hostname
5639 && verify_check_given_host(CUSS &ob->serialize_hosts, host) == OK)
5641 serialize_key = string_sprintf("host-serialize-%s", host->name);
5642 if (!enq_start(serialize_key, 1))
5645 debug_printf("skipping host %s because another Exim process "
5646 "is connected to it\n", host->name);
5652 /* OK, we have an IP address that is not waiting for its retry time to
5653 arrive (it might be expired) OR (second time round the loop) we have an
5654 expired host that hasn't been tried since the message arrived. Have a go
5655 at delivering the message to it. First prepare the addresses by flushing
5656 out the result of previous attempts, and finding the first address that
5657 is still to be delivered. */
5659 first_addr = prepare_addresses(addrlist, host);
5661 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
5662 message_id, host->name, host->address, addrlist->address,
5663 addrlist->next ? ", ..." : "");
5665 set_process_info("delivering %s to %s [%s]%s (%s%s)",
5666 message_id, host->name, host->address, pistring, addrlist->address,
5667 addrlist->next ? ", ..." : "");
5669 /* This is not for real; don't do the delivery. If there are
5670 any remaining hosts, list them. */
5675 gettimeofday(&now, NULL);
5676 set_errno_nohost(addrlist, 0, NULL, OK, FALSE, &now);
5677 for (address_item * addr = addrlist; addr; addr = addr->next)
5679 addr->host_used = host;
5680 addr->special_action = '*';
5681 addr->message = US"delivery bypassed by -N option";
5685 debug_printf("*** delivery by %s transport bypassed by -N option\n"
5686 "*** host and remaining hosts:\n", tblock->name);
5687 for (host_item * host2 = host; host2; host2 = host2->next)
5688 debug_printf(" %s [%s]\n", host2->name,
5689 host2->address ? host2->address : US"unset");
5694 /* This is for real. If the host is expired, we don't count it for
5695 hosts_max_retry. This ensures that all hosts must expire before an address
5696 is timed out, unless hosts_max_try_hardlimit (which protects against
5697 lunatic DNS configurations) is reached.
5699 If the host is not expired and we are about to hit the hosts_max_retry
5700 limit, check to see if there is a subsequent hosts with a different MX
5701 value. If so, make that the next host, and don't count this one. This is a
5702 heuristic to make sure that different MXs do get tried. With a normal kind
5703 of retry rule, they would get tried anyway when the earlier hosts were
5704 delayed, but if the domain has a "retry every time" type of rule - as is
5705 often used for the the very large ISPs, that won't happen. */
5710 /* Make a copy of the host if it is local to this invocation
5711 of the transport. */
5715 thost = store_get(sizeof(host_item), GET_UNTAINTED);
5717 thost->name = string_copy(host->name);
5718 thost->address = string_copy(host->address);
5723 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
5726 debug_printf("hosts_max_try limit reached with this host\n");
5727 for (host_item * h = host; h; h = h->next) if (h->mx != host->mx)
5730 unexpired_hosts_tried--;
5731 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
5732 "and will be tried\n");
5737 /* Attempt the delivery. */
5739 total_hosts_tried++;
5740 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5741 &message_defer, FALSE);
5744 OK => connection made, each address contains its result;
5745 message_defer is set for message-specific defers (when all
5746 recipients are marked defer)
5747 DEFER => there was a non-message-specific delivery problem;
5748 ERROR => there was a problem setting up the arguments for a filter,
5749 or there was a problem with expanding added headers
5752 /* If the result is not OK, there was a non-message-specific problem.
5753 If the result is DEFER, we need to write to the logs saying what happened
5754 for this particular host, except in the case of authentication and TLS
5755 failures, where the log has already been written. If all hosts defer a
5756 general message is written at the end. */
5758 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
5759 && first_addr->basic_errno != ERRNO_TLSFAILURE)
5760 write_logs(host, first_addr->message, first_addr->basic_errno);
5762 #ifndef DISABLE_EVENT
5764 deferred_event_raise(first_addr, host, US"msg:host:defer");
5767 /* If STARTTLS was accepted, but there was a failure in setting up the
5768 TLS session (usually a certificate screwup), and the host is not in
5769 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
5770 TLS forcibly turned off. We have to start from scratch with a new SMTP
5771 connection. That's why the retry is done from here, not from within
5772 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
5773 session, so the in-clear transmission after those errors, if permitted,
5774 happens inside smtp_deliver().] */
5778 && first_addr->basic_errno == ERRNO_TLSFAILURE
5779 && ob->tls_tempfail_tryclear
5780 && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK
5783 log_write(0, LOG_MAIN,
5784 "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
5785 first_addr->message, host->name, host->address);
5786 first_addr = prepare_addresses(addrlist, host);
5787 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5788 &message_defer, TRUE);
5789 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
5790 write_logs(host, first_addr->message, first_addr->basic_errno);
5791 # ifndef DISABLE_EVENT
5793 deferred_event_raise(first_addr, host, US"msg:host:defer");
5796 #endif /*DISABLE_TLS*/
5798 #ifndef DISABLE_EVENT
5799 /* If the last host gave a defer raise a per-message event */
5802 && unexpired_hosts_tried < ob->hosts_max_try
5803 && total_hosts_tried < ob->hosts_max_try_hardlimit
5805 && (message_defer || rc == DEFER)
5807 deferred_event_raise(first_addr, host, US"msg:defer");
5811 /* Delivery attempt finished */
5813 set_process_info("delivering %s: just tried %s [%s]%s for %s%s: result %s",
5814 message_id, host->name, host->address, pistring, addrlist->address,
5815 addrlist->next ? " (& others)" : "", rc_to_string(rc));
5817 /* Release serialization if set up */
5819 if (serialize_key) enq_end(serialize_key);
5821 /* If the result is DEFER, or if a host retry record is known to exist, we
5822 need to add an item to the retry chain for updating the retry database
5823 at the end of delivery. We only need to add the item to the top address,
5824 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
5825 for any other delivery attempts using the same address. (It is copied into
5826 the unusable tree at the outer level, so even if different address blocks
5827 contain the same address, it still won't get tried again.) */
5829 if (rc == DEFER || retry_host_key)
5831 int delete_flag = rc != DEFER ? rf_delete : 0;
5832 if (!retry_host_key)
5835 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5836 US"retry_include_ip_address", ob->retry_include_ip_address,
5837 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5838 incl_ip = TRUE; /* error; use most-specific retry record */
5840 retry_host_key = incl_ip
5841 ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring)
5842 : string_sprintf("T:%S%s", host->name, pistring);
5845 /* If a delivery of another message over an existing SMTP connection
5846 yields DEFER, we do NOT set up retry data for the host. This covers the
5847 case when there are delays in routing the addresses in the second message
5848 that are so long that the server times out. This is alleviated by not
5849 routing addresses that previously had routing defers when handling an
5850 existing connection, but even so, this case may occur (e.g. if a
5851 previously happily routed address starts giving routing defers). If the
5852 host is genuinely down, another non-continued message delivery will
5853 notice it soon enough. */
5855 if (delete_flag != 0 || !continue_hostname)
5856 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
5858 /* We may have tried an expired host, if its retry time has come; ensure
5859 the status reflects the expiry for the benefit of any other addresses. */
5863 host->status = host_is_expired
5864 ? hstatus_unusable_expired : hstatus_unusable;
5865 host->why = hwhy_deferred;
5869 /* If message_defer is set (host was OK, but every recipient got deferred
5870 because of some message-specific problem), or if that had happened
5871 previously so that a message retry key exists, add an appropriate item
5872 to the retry chain. Note that if there was a message defer but now there is
5873 a host defer, the message defer record gets deleted. That seems perfectly
5874 reasonable. Also, stop the message from being remembered as waiting
5875 for specific hosts. */
5877 if (message_defer || retry_message_key)
5879 int delete_flag = message_defer ? 0 : rf_delete;
5880 if (!retry_message_key)
5883 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5884 US"retry_include_ip_address", ob->retry_include_ip_address,
5885 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5886 incl_ip = TRUE; /* error; use most-specific retry record */
5888 retry_message_key = incl_ip
5889 ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
5891 : string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
5893 retry_add_item(addrlist, retry_message_key,
5894 rf_message | rf_host | delete_flag);
5895 update_waiting = FALSE;
5898 /* Any return other than DEFER (that is, OK or ERROR) means that the
5899 addresses have got their final statuses filled in for this host. In the OK
5900 case, see if any of them are deferred. */
5903 for (address_item * addr = addrlist; addr; addr = addr->next)
5904 if (addr->transport_return == DEFER)
5906 some_deferred = TRUE;
5910 /* If no addresses deferred or the result was ERROR, return. We do this for
5911 ERROR because a failing filter set-up or add_headers expansion is likely to
5912 fail for any host we try. */
5914 if (rc == ERROR || (rc == OK && !some_deferred))
5916 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
5917 return TRUE; /* Each address has its status */
5920 /* If the result was DEFER or some individual addresses deferred, let
5921 the loop run to try other hosts with the deferred addresses, except for the
5922 case when we were trying to deliver down an existing channel and failed.
5923 Don't try any other hosts in this case. */
5925 if (continue_hostname) break;
5927 /* If the whole delivery, or some individual addresses, were deferred and
5928 there are more hosts that could be tried, do not count this host towards
5929 the hosts_max_try limit if the age of the message is greater than the
5930 maximum retry time for this host. This means we may try try all hosts,
5931 ignoring the limit, when messages have been around for some time. This is
5932 important because if we don't try all hosts, the address will never time
5933 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
5935 if ((rc == DEFER || some_deferred) && nexthost)
5938 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
5940 if (retry && retry->rules)
5942 retry_rule *last_rule;
5943 for (last_rule = retry->rules;
5945 last_rule = last_rule->next);
5946 timedout = time(NULL) - received_time.tv_sec > last_rule->timeout;
5948 else timedout = TRUE; /* No rule => timed out */
5952 unexpired_hosts_tried--;
5953 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
5954 "hosts_max_try (message older than host's retry time)\n");
5960 if (unexpired_hosts_tried >= ob->hosts_max_try)
5961 debug_printf("reached transport hosts_max_try limit %d\n",
5963 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5964 debug_printf("reached transport hosts_max_try_hardlimit limit %d\n",
5965 ob->hosts_max_try_hardlimit);
5968 testharness_pause_ms(500); /* let server debug out */
5969 } /* End of loop for trying multiple hosts. */
5971 /* If we failed to find a matching host in the list, for an already-open
5972 connection, just close it and start over with the list. This can happen
5973 for routing that changes from run to run, or big multi-IP sites with
5976 if (continue_hostname && !continue_host_tried)
5978 int fd = cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0;
5980 DEBUG(D_transport) debug_printf("no hosts match already-open connection\n");
5982 /* A TLS conn could be open for a cutthrough, but not for a plain continued-
5984 /*XXX doublecheck that! */
5986 if (cutthrough.cctx.sock >= 0 && cutthrough.is_tls)
5988 (void) tls_write(cutthrough.cctx.tls_ctx, US"QUIT\r\n", 6, FALSE);
5989 tls_close(cutthrough.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
5990 cutthrough.cctx.tls_ctx = NULL;
5991 cutthrough.is_tls = FALSE;
5995 (void) write(fd, US"QUIT\r\n", 6);
5998 cutthrough.cctx.sock = -1;
5999 continue_hostname = NULL;
6000 goto retry_non_continued;
6003 /* This is the end of the loop that repeats iff expired is TRUE and
6004 ob->delay_after_cutoff is FALSE. The second time round we will
6005 try those hosts that haven't been tried since the message arrived. */
6009 debug_printf("all IP addresses skipped or deferred at least one address\n");
6010 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
6011 debug_printf("retrying IP addresses not tried since message arrived\n");
6016 /* Get here if all IP addresses are skipped or defer at least one address. In
6017 MUA wrapper mode, this will happen only for connection or other non-message-
6018 specific failures. Force the delivery status for all addresses to FAIL. */
6022 for (address_item * addr = addrlist; addr; addr = addr->next)
6023 addr->transport_return = FAIL;
6027 /* In the normal, non-wrapper case, add a standard message to each deferred
6028 address if there hasn't been an error, that is, if it hasn't actually been
6029 tried this time. The variable "expired" will be FALSE if any deliveries were
6030 actually tried, or if there was at least one host that was not expired. That
6031 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
6032 a delivery has been tried, an error code will be set, and the failing of the
6033 message is handled by the retry code later.
6035 If queue_smtp is set, or this transport was called to send a subsequent message
6036 down an existing TCP/IP connection, and something caused the host not to be
6037 found, we end up here, but can detect these cases and handle them specially. */
6039 for (address_item * addr = addrlist; addr; addr = addr->next)
6041 /* If host is not NULL, it means that we stopped processing the host list
6042 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
6043 means we need to behave as if some hosts were skipped because their retry
6044 time had not come. Specifically, this prevents the address from timing out.
6045 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
6046 hosts were tried. */
6049 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
6052 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
6053 "hosts were tried\n");
6058 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
6059 setflag(addr, af_retry_skipped);
6062 if (f.queue_smtp) /* no deliveries attempted */
6064 addr->transport_return = DEFER;
6065 addr->basic_errno = 0;
6066 addr->message = US"SMTP delivery explicitly queued";
6069 else if ( addr->transport_return == DEFER
6070 && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0)
6074 addr->basic_errno = ERRNO_HRETRY;
6075 if (continue_hostname)
6076 addr->message = US"no host found for existing SMTP connection";
6079 setflag(addr, af_pass_message); /* This is not a security risk */
6080 addr->message = string_sprintf(
6081 "all hosts%s have been failing for a long time %s",
6082 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"",
6083 ob->delay_after_cutoff
6084 ? US"(and retry time not reached)"
6085 : US"and were last tried after this message arrived");
6087 /* If we are already using fallback hosts, or there are no fallback hosts
6088 defined, convert the result to FAIL to cause a bounce. */
6090 if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts)
6091 addr->transport_return = FAIL;
6096 if (hosts_retry == hosts_total)
6097 s = "retry time not reached for any host%s";
6098 else if (hosts_fail == hosts_total)
6099 s = "all host address lookups%s failed permanently";
6100 else if (hosts_defer == hosts_total)
6101 s = "all host address lookups%s failed temporarily";
6102 else if (hosts_serial == hosts_total)
6103 s = "connection limit reached for all hosts%s";
6104 else if (hosts_fail+hosts_defer == hosts_total)
6105 s = "all host address lookups%s failed";
6107 s = "some host address lookups failed and retry time "
6108 "not reached for other hosts or connection limit reached%s";
6110 addr->message = string_sprintf(s,
6111 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"");
6116 /* Update the database which keeps information about which messages are waiting
6117 for which hosts to become available. For some message-specific errors, the
6118 update_waiting flag is turned off because we don't want follow-on deliveries in
6119 those cases. If this transport instance is explicitly limited to one message
6120 per connection then follow-on deliveries are not possible and there's no need
6121 to create/update the per-transport wait-<transport_name> database. */
6123 if (update_waiting && tblock->connection_max_messages != 1)
6124 transport_update_waiting(hostlist, tblock->name);
6128 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
6130 return TRUE; /* Each address has its status */
6133 #endif /*!MACRO_PREDEF*/
6136 /* End of transport/smtp.c */