1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "dnssec_request_domains", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
60 { "dnssec_require_domains", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
62 { "dscp", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dscp) },
64 { "fallback_hosts", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
66 { "final_timeout", opt_time,
67 (void *)offsetof(smtp_transport_options_block, final_timeout) },
68 { "gethostbyname", opt_bool,
69 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
71 /* These are no longer honoured, as of Exim 4.80; for now, we silently
72 ignore; a later release will warn, and a later-still release will remove
73 these options, so that using them becomes an error. */
74 { "gnutls_require_kx", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
76 { "gnutls_require_mac", opt_stringptr,
77 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
78 { "gnutls_require_protocols", opt_stringptr,
79 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
81 { "helo_data", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, helo_data) },
83 { "hosts", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts) },
85 { "hosts_avoid_esmtp", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
87 { "hosts_avoid_pipelining", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
90 { "hosts_avoid_tls", opt_stringptr,
91 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
93 { "hosts_max_try", opt_int,
94 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
95 { "hosts_max_try_hardlimit", opt_int,
96 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
98 { "hosts_nopass_tls", opt_stringptr,
99 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
101 { "hosts_override", opt_bool,
102 (void *)offsetof(smtp_transport_options_block, hosts_override) },
103 { "hosts_randomize", opt_bool,
104 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
105 #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_OCSP)
106 { "hosts_request_ocsp", opt_stringptr,
107 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
109 { "hosts_require_auth", opt_stringptr,
110 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
112 # if defined EXPERIMENTAL_OCSP
113 { "hosts_require_ocsp", opt_stringptr,
114 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
116 { "hosts_require_tls", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
119 { "hosts_try_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
122 { "hosts_try_prdr", opt_stringptr,
123 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
126 { "hosts_verify_avoid_tls", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
129 { "interface", opt_stringptr,
130 (void *)offsetof(smtp_transport_options_block, interface) },
131 { "keepalive", opt_bool,
132 (void *)offsetof(smtp_transport_options_block, keepalive) },
133 { "lmtp_ignore_quota", opt_bool,
134 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
135 { "max_rcpt", opt_int | opt_public,
136 (void *)offsetof(transport_instance, max_addresses) },
137 { "multi_domain", opt_bool | opt_public,
138 (void *)offsetof(transport_instance, multi_domain) },
139 { "port", opt_stringptr,
140 (void *)offsetof(smtp_transport_options_block, port) },
141 { "protocol", opt_stringptr,
142 (void *)offsetof(smtp_transport_options_block, protocol) },
143 { "retry_include_ip_address", opt_bool,
144 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
145 { "serialize_hosts", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
147 { "size_addition", opt_int,
148 (void *)offsetof(smtp_transport_options_block, size_addition) }
150 ,{ "tls_certificate", opt_stringptr,
151 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
152 { "tls_crl", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_crl) },
154 { "tls_dh_min_bits", opt_int,
155 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
156 { "tls_privatekey", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
158 { "tls_require_ciphers", opt_stringptr,
159 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
160 { "tls_sni", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tls_sni) },
162 { "tls_tempfail_tryclear", opt_bool,
163 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
164 { "tls_try_verify_hosts", opt_stringptr,
165 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
166 #ifdef EXPERIMENTAL_CERTNAMES
167 { "tls_verify_cert_hostnames", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
170 { "tls_verify_certificates", opt_stringptr,
171 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
172 { "tls_verify_hosts", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
175 #ifdef EXPERIMENTAL_TPDA
176 ,{ "tpda_host_defer_action", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
181 /* Size of the options list. An extern variable has to be used so that its
182 address can appear in the tables drtables.c. */
184 int smtp_transport_options_count =
185 sizeof(smtp_transport_options)/sizeof(optionlist);
187 /* Default private options block for the smtp transport. */
189 smtp_transport_options_block smtp_transport_option_defaults = {
191 NULL, /* fallback_hosts */
193 NULL, /* fallback_hostlist */
194 NULL, /* authenticated_sender */
195 US"$primary_hostname", /* helo_data */
196 NULL, /* interface */
198 US"smtp", /* protocol */
200 NULL, /* serialize_hosts */
201 NULL, /* hosts_try_auth */
202 NULL, /* hosts_require_auth */
204 NULL, /* hosts_try_prdr */
206 #ifdef EXPERIMENTAL_OCSP
207 US"*", /* hosts_request_ocsp */
208 NULL, /* hosts_require_ocsp */
210 NULL, /* hosts_require_tls */
211 NULL, /* hosts_avoid_tls */
212 US"*", /* hosts_verify_avoid_tls */
213 NULL, /* hosts_avoid_pipelining */
214 NULL, /* hosts_avoid_esmtp */
215 NULL, /* hosts_nopass_tls */
216 5*60, /* command_timeout */
217 5*60, /* connect_timeout; shorter system default overrides */
218 5*60, /* data timeout */
219 10*60, /* final timeout */
220 1024, /* size_addition */
221 5, /* hosts_max_try */
222 50, /* hosts_max_try_hardlimit */
223 TRUE, /* address_retry_include_sender */
224 FALSE, /* allow_localhost */
225 FALSE, /* authenticated_sender_force */
226 FALSE, /* gethostbyname */
227 TRUE, /* dns_qualify_single */
228 FALSE, /* dns_search_parents */
229 NULL, /* dnssec_request_domains */
230 NULL, /* dnssec_require_domains */
231 TRUE, /* delay_after_cutoff */
232 FALSE, /* hosts_override */
233 FALSE, /* hosts_randomize */
234 TRUE, /* keepalive */
235 FALSE, /* lmtp_ignore_quota */
236 TRUE /* retry_include_ip_address */
238 ,NULL, /* tls_certificate */
240 NULL, /* tls_privatekey */
241 NULL, /* tls_require_ciphers */
242 NULL, /* gnutls_require_kx */
243 NULL, /* gnutls_require_mac */
244 NULL, /* gnutls_require_proto */
246 NULL, /* tls_verify_certificates */
247 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
248 /* tls_dh_min_bits */
249 TRUE, /* tls_tempfail_tryclear */
250 NULL, /* tls_verify_hosts */
251 NULL /* tls_try_verify_hosts */
252 # ifdef EXPERIMENTAL_CERTNAMES
253 ,NULL /* tls_verify_cert_hostnames */
257 ,NULL, /* dkim_canon */
258 NULL, /* dkim_domain */
259 NULL, /* dkim_private_key */
260 NULL, /* dkim_selector */
261 NULL, /* dkim_sign_headers */
262 NULL /* dkim_strict */
264 #ifdef EXPERIMENTAL_TPDA
265 ,NULL /* tpda_host_defer_action */
269 #ifdef EXPERIMENTAL_DSN
270 /* some DSN flags for use later */
272 static int rf_list[] = {rf_notify_never, rf_notify_success,
273 rf_notify_failure, rf_notify_delay };
275 static uschar *rf_names[] = { "NEVER", "SUCCESS", "FAILURE", "DELAY" };
282 static uschar *smtp_command; /* Points to last cmd for error messages */
283 static uschar *mail_command; /* Points to MAIL cmd for error messages */
284 static BOOL update_waiting; /* TRUE to update the "wait" database */
287 /*************************************************
288 * Setup entry point *
289 *************************************************/
291 /* This function is called when the transport is about to be used,
292 but before running it in a sub-process. It is used for two things:
294 (1) To set the fallback host list in addresses, when delivering.
295 (2) To pass back the interface, port, protocol, and other options, for use
296 during callout verification.
299 tblock pointer to the transport instance block
300 addrlist list of addresses about to be transported
301 tf if not NULL, pointer to block in which to return options
302 uid the uid that will be set (not used)
303 gid the gid that will be set (not used)
304 errmsg place for error message (not used)
306 Returns: OK always (FAIL, DEFER not used)
310 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
311 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
313 smtp_transport_options_block *ob =
314 (smtp_transport_options_block *)(tblock->options_block);
316 errmsg = errmsg; /* Keep picky compilers happy */
320 /* Pass back options if required. This interface is getting very messy. */
324 tf->interface = ob->interface;
326 tf->protocol = ob->protocol;
327 tf->hosts = ob->hosts;
328 tf->hosts_override = ob->hosts_override;
329 tf->hosts_randomize = ob->hosts_randomize;
330 tf->gethostbyname = ob->gethostbyname;
331 tf->qualify_single = ob->dns_qualify_single;
332 tf->search_parents = ob->dns_search_parents;
333 tf->helo_data = ob->helo_data;
336 /* Set the fallback host list for all the addresses that don't have fallback
337 host lists, provided that the local host wasn't present in the original host
340 if (!testflag(addrlist, af_local_host_removed))
342 for (; addrlist != NULL; addrlist = addrlist->next)
343 if (addrlist->fallback_hosts == NULL)
344 addrlist->fallback_hosts = ob->fallback_hostlist;
352 /*************************************************
353 * Initialization entry point *
354 *************************************************/
356 /* Called for each instance, after its options have been read, to
357 enable consistency checks to be done, or anything else that needs
360 Argument: pointer to the transport instance block
365 smtp_transport_init(transport_instance *tblock)
367 smtp_transport_options_block *ob =
368 (smtp_transport_options_block *)(tblock->options_block);
370 /* Retry_use_local_part defaults FALSE if unset */
372 if (tblock->retry_use_local_part == TRUE_UNSET)
373 tblock->retry_use_local_part = FALSE;
375 /* Set the default port according to the protocol */
377 if (ob->port == NULL)
378 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
379 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
381 /* Set up the setup entry point, to be called before subprocesses for this
384 tblock->setup = smtp_transport_setup;
386 /* Complain if any of the timeouts are zero. */
388 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
389 ob->final_timeout <= 0)
390 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
391 "command, data, or final timeout value is zero for %s transport",
394 /* If hosts_override is set and there are local hosts, set the global
395 flag that stops verify from showing router hosts. */
397 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
399 /* If there are any fallback hosts listed, build a chain of host items
400 for them, but do not do any lookups at this time. */
402 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
409 /*************************************************
410 * Set delivery info into all active addresses *
411 *************************************************/
413 /* Only addresses whose status is >= PENDING are relevant. A lesser
414 status means that an address is not currently being processed.
417 addrlist points to a chain of addresses
418 errno_value to put in each address's errno field
419 msg to put in each address's message field
420 rc to put in each address's transport_return field
421 pass_message if TRUE, set the "pass message" flag in the address
423 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
424 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
425 this particular type of timeout.
431 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
436 if (errno_value == ERRNO_CONNECTTIMEOUT)
438 errno_value = ETIMEDOUT;
439 orvalue = RTEF_CTOUT;
441 for (addr = addrlist; addr != NULL; addr = addr->next)
443 if (addr->transport_return < PENDING) continue;
444 addr->basic_errno = errno_value;
445 addr->more_errno |= orvalue;
449 if (pass_message) setflag(addr, af_pass_message);
451 addr->transport_return = rc;
457 /*************************************************
458 * Check an SMTP response *
459 *************************************************/
461 /* This function is given an errno code and the SMTP response buffer
462 to analyse, together with the host identification for generating messages. It
463 sets an appropriate message and puts the first digit of the response code into
464 the yield variable. If no response was actually read, a suitable digit is
468 host the current host, to get its name for messages
469 errno_value pointer to the errno value
470 more_errno from the top address for use with ERRNO_FILTER_FAIL
471 buffer the SMTP response buffer
472 yield where to put a one-digit SMTP response code
473 message where to put an errror message
474 pass_message set TRUE if message is an SMTP response
476 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
479 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
480 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
484 if (smtp_use_pipelining &&
485 (Ustrcmp(smtp_command, "MAIL") == 0 ||
486 Ustrcmp(smtp_command, "RCPT") == 0 ||
487 Ustrcmp(smtp_command, "DATA") == 0))
490 *yield = '4'; /* Default setting is to give a temporary error */
492 /* Handle response timeout */
494 if (*errno_value == ETIMEDOUT)
496 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
497 "after %s%s", host->name, host->address, pl, smtp_command);
498 if (transport_count > 0)
499 *message = US string_sprintf("%s (%d bytes written)", *message,
504 /* Handle malformed SMTP response */
506 if (*errno_value == ERRNO_SMTPFORMAT)
508 uschar *malfresp = string_printing(buffer);
509 while (isspace(*malfresp)) malfresp++;
511 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
512 "%s [%s] in response to %s%s", host->name, host->address, pl,
515 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
516 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
520 /* Handle a failed filter process error; can't send QUIT as we mustn't
523 if (*errno_value == ERRNO_FILTER_FAIL)
525 *message = US string_sprintf("transport filter process failed (%d)%s",
527 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
531 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
534 if (*errno_value == ERRNO_CHHEADER_FAIL)
537 US string_sprintf("failed to expand headers_add or headers_remove: %s",
538 expand_string_message);
542 /* Handle failure to write a complete data block */
544 if (*errno_value == ERRNO_WRITEINCOMPLETE)
546 *message = US string_sprintf("failed to write a data block");
550 /* Handle error responses from the remote mailer. */
554 uschar *s = string_printing(buffer);
555 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
556 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
557 *pass_message = TRUE;
562 /* No data was read. If there is no errno, this must be the EOF (i.e.
563 connection closed) case, which causes deferral. An explicit connection reset
564 error has the same effect. Otherwise, put the host's identity in the message,
565 leaving the errno value to be interpreted as well. In all cases, we have to
566 assume the connection is now dead. */
568 if (*errno_value == 0 || *errno_value == ECONNRESET)
570 *errno_value = ERRNO_SMTPCLOSED;
571 *message = US string_sprintf("Remote host %s [%s] closed connection "
572 "in response to %s%s", host->name, host->address, pl, smtp_command);
574 else *message = US string_sprintf("%s [%s]", host->name, host->address);
581 /*************************************************
582 * Write error message to logs *
583 *************************************************/
585 /* This writes to the main log and to the message log.
588 addr the address item containing error information
589 host the current host
595 write_logs(address_item *addr, host_item *host)
597 if (addr->message != NULL)
599 uschar *message = addr->message;
600 if (addr->basic_errno > 0)
601 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
602 log_write(0, LOG_MAIN, "%s", message);
603 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
608 ((log_extra_selector & LX_outgoing_port) != 0)?
609 string_sprintf("%s [%s]:%d", host->name, host->address,
610 (host->port == PORT_NONE)? 25 : host->port)
612 string_sprintf("%s [%s]", host->name, host->address);
613 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
614 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
615 strerror(addr->basic_errno));
621 #ifdef EXPERIMENTAL_TPDA
622 /*************************************************
623 * Post-defer action *
624 *************************************************/
626 /* This expands an arbitrary per-transport string.
627 It might, for example, be used to write to the database log.
630 ob transport options block
631 addr the address item containing error information
632 host the current host
638 tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
640 uschar *action = ob->tpda_host_defer_action;
644 tpda_delivery_ip = string_copy(host->address);
645 tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
646 tpda_delivery_fqdn = string_copy(host->name);
647 tpda_delivery_local_part = string_copy(addr->local_part);
648 tpda_delivery_domain = string_copy(addr->domain);
649 tpda_defer_errno = addr->basic_errno;
651 tpda_defer_errstr = addr->message
652 ? addr->basic_errno > 0
653 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
654 : string_copy(addr->message)
655 : addr->basic_errno > 0
656 ? string_copy(US strerror(addr->basic_errno))
660 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
661 action, tpda_delivery_ip);
663 router_name = addr->router->name;
664 transport_name = addr->transport->name;
665 if (!expand_string(action) && *expand_string_message)
666 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
667 transport_name, expand_string_message);
668 router_name = transport_name = NULL;
674 /*************************************************
675 * Synchronize SMTP responses *
676 *************************************************/
678 /* This function is called from smtp_deliver() to receive SMTP responses from
679 the server, and match them up with the commands to which they relate. When
680 PIPELINING is not in use, this function is called after every command, and is
681 therefore somewhat over-engineered, but it is simpler to use a single scheme
682 that works both with and without PIPELINING instead of having two separate sets
685 The set of commands that are buffered up with pipelining may start with MAIL
686 and may end with DATA; in between are RCPT commands that correspond to the
687 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
688 etc.) are never buffered.
690 Errors after MAIL or DATA abort the whole process leaving the response in the
691 buffer. After MAIL, pending responses are flushed, and the original command is
692 re-instated in big_buffer for error messages. For RCPT commands, the remote is
693 permitted to reject some recipient addresses while accepting others. However
694 certain errors clearly abort the whole process. Set the value in
695 transport_return to PENDING_OK if the address is accepted. If there is a
696 subsequent general error, it will get reset accordingly. If not, it will get
697 converted to OK at the end.
700 addrlist the complete address list
701 include_affixes TRUE if affixes include in RCPT
702 sync_addr ptr to the ptr of the one to start scanning at (updated)
703 host the host we are connected to
704 count the number of responses to read
706 include_sender true if 4xx retry is to include the sender it its key
707 pending_MAIL true if the first response is for MAIL
708 pending_DATA 0 if last command sent was not DATA
709 +1 if previously had a good recipient
710 -1 if not previously had a good recipient
711 inblock incoming SMTP block
712 timeout timeout value
713 buffer buffer for reading response
714 buffsize size of buffer
716 Returns: 3 if at least one address had 2xx and one had 5xx
717 2 if at least one address had 5xx but none had 2xx
718 1 if at least one host had a 2xx response, but none had 5xx
719 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
720 -1 timeout while reading RCPT response
721 -2 I/O or other non-response error for RCPT
722 -3 DATA or MAIL failed - errno and buffer set
726 sync_responses(address_item *addrlist, BOOL include_affixes,
727 address_item **sync_addr, host_item *host, int count,
728 BOOL address_retry_include_sender, BOOL pending_MAIL,
729 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
732 address_item *addr = *sync_addr;
735 /* Handle the response for a MAIL command. On error, reinstate the original
736 command in big_buffer for error message use, and flush any further pending
737 responses before returning, except after I/O errors and timeouts. */
742 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
744 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
745 if (errno == 0 && buffer[0] != 0)
747 uschar flushbuffer[4096];
749 if (buffer[0] == '4')
751 save_errno = ERRNO_MAIL4XX;
752 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
756 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
758 && (errno != 0 || flushbuffer[0] == 0))
767 if (pending_DATA) count--; /* Number of RCPT responses to come */
769 /* Read and handle the required number of RCPT responses, matching each one up
770 with an address by scanning for the next address whose status is PENDING_DEFER.
775 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
777 /* The address was accepted */
779 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
782 addr->transport_return = PENDING_OK;
784 /* If af_dr_retry_exists is set, there was a routing delay on this address;
785 ensure that any address-specific retry record is expunged. We do this both
786 for the basic key and for the version that also includes the sender. */
788 if (testflag(addr, af_dr_retry_exists))
790 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
792 retry_add_item(addr, altkey, rf_delete);
793 retry_add_item(addr, addr->address_retry_key, rf_delete);
797 /* Timeout while reading the response */
799 else if (errno == ETIMEDOUT)
801 int save_errno = errno;
802 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
803 "after RCPT TO:<%s>", host->name, host->address,
804 transport_rcpt_address(addr, include_affixes));
805 set_errno(addrlist, save_errno, message, DEFER, FALSE);
806 retry_add_item(addr, addr->address_retry_key, 0);
807 update_waiting = FALSE;
811 /* Handle other errors in obtaining an SMTP response by returning -1. This
812 will cause all the addresses to be deferred. Restore the SMTP command in
813 big_buffer for which we are checking the response, so the error message
816 else if (errno != 0 || buffer[0] == 0)
818 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
819 transport_rcpt_address(addr, include_affixes));
823 /* Handle SMTP permanent and temporary response codes. */
828 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
829 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
830 host->name, host->address, string_printing(buffer));
831 setflag(addr, af_pass_message);
832 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
834 /* The response was 5xx */
836 if (buffer[0] == '5')
838 addr->transport_return = FAIL;
842 /* The response was 4xx */
846 addr->transport_return = DEFER;
847 addr->basic_errno = ERRNO_RCPT4XX;
848 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
850 /* Log temporary errors if there are more hosts to be tried. */
852 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
854 /* Do not put this message on the list of those waiting for specific
855 hosts, as otherwise it is likely to be tried too often. */
857 update_waiting = FALSE;
859 /* Add a retry item for the address so that it doesn't get tried again
860 too soon. If address_retry_include_sender is true, add the sender address
863 if (address_retry_include_sender)
865 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
867 retry_add_item(addr, altkey, 0);
869 else retry_add_item(addr, addr->address_retry_key, 0);
872 } /* Loop for next RCPT response */
874 /* Update where to start at for the next block of responses, unless we
875 have already handled all the addresses. */
877 if (addr != NULL) *sync_addr = addr->next;
879 /* Handle a response to DATA. If we have not had any good recipients, either
880 previously or in this block, the response is ignored. */
882 if (pending_DATA != 0 &&
883 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
888 if (pending_DATA > 0 || (yield & 1) != 0)
890 if (errno == 0 && buffer[0] == '4')
892 errno = ERRNO_DATA4XX;
893 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
897 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
898 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
899 "is in use and there were no good recipients\n", msg);
902 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
903 present) received 3xx. If any RCPTs were handled and yielded anything other
904 than 4xx, yield will be set non-zero. */
911 /* Do the client side of smtp-level authentication */
914 buffer EHLO response from server (gets overwritten)
915 addrlist chain of potential addresses to deliver
916 host host to deliver to
918 ibp, obp comms channel control blocks
921 OK Success, or failed (but not required): global "smtp_authenticated" set
922 DEFER Failed authentication (and was required)
923 ERROR Internal problem
925 FAIL_SEND Failed communications - transmit
930 smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
931 smtp_transport_options_block *ob, BOOL is_esmtp,
932 smtp_inblock *ibp, smtp_outblock *obp)
935 uschar *fail_reason = US"server did not advertise AUTH support";
937 smtp_authenticated = FALSE;
938 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
939 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
940 host->name, host->address, NULL);
942 if (is_esmtp && !regex_AUTH) regex_AUTH =
943 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
946 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
948 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
949 expand_nmax = -1; /* reset */
951 /* Must not do this check until after we have saved the result of the
952 regex match above. */
954 if (require_auth == OK ||
955 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
956 host->address, NULL) == OK)
959 fail_reason = US"no common mechanisms were found";
961 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
963 /* Scan the configured authenticators looking for one which is configured
964 for use as a client, which is not suppressed by client_condition, and
965 whose name matches an authentication mechanism supported by the server.
966 If one is found, attempt to authenticate by calling its client function.
969 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
973 (au->client_condition != NULL &&
974 !expand_check_condition(au->client_condition, au->name,
975 US"client authenticator")))
977 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
979 (au->client)? "client_condition is false" :
980 "not configured as a client");
984 /* Loop to scan supported server mechanisms */
989 int len = Ustrlen(au->public_name);
990 while (isspace(*p)) p++;
992 if (strncmpic(au->public_name, p, len) != 0 ||
993 (p[len] != 0 && !isspace(p[len])))
995 while (*p != 0 && !isspace(*p)) p++;
999 /* Found data for a listed mechanism. Call its client entry. Set
1000 a flag in the outblock so that data is overwritten after sending so
1001 that reflections don't show it. */
1003 fail_reason = US"authentication attempt(s) failed";
1004 obp->authenticating = TRUE;
1005 rc = (au->info->clientcode)(au, ibp, obp,
1006 ob->command_timeout, buffer, bufsize);
1007 obp->authenticating = FALSE;
1008 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1011 /* A temporary authentication failure must hold up delivery to
1012 this host. After a permanent authentication failure, we carry on
1013 to try other authentication methods. If all fail hard, try to
1014 deliver the message unauthenticated unless require_auth was set. */
1019 smtp_authenticated = TRUE; /* stops the outer loop */
1020 client_authenticator = au->name;
1021 if (au->set_client_id != NULL)
1022 client_authenticated_id = expand_string(au->set_client_id);
1025 /* Failure after writing a command */
1030 /* Failure after reading a response */
1033 if (errno != 0 || buffer[0] != '5') return FAIL;
1034 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1035 au->name, host->name, host->address, buffer);
1038 /* Failure by some other means. In effect, the authenticator
1039 decided it wasn't prepared to handle this case. Typically this
1040 is the result of "fail" in an expansion string. Do we need to
1041 log anything here? Feb 2006: a message is now put in the buffer
1042 if logging is required. */
1046 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1047 "authentication H=%s [%s] %s", au->name, host->name,
1048 host->address, buffer);
1051 /* Internal problem, message in buffer. */
1054 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1058 break; /* If not authenticated, try next authenticator */
1059 } /* Loop for scanning supported server mechanisms */
1060 } /* Loop for further authenticators */
1064 /* If we haven't authenticated, but are required to, give up. */
1066 if (require_auth == OK && !smtp_authenticated)
1068 set_errno(addrlist, ERRNO_AUTHFAIL,
1069 string_sprintf("authentication required but %s", fail_reason), DEFER,
1078 /* Construct AUTH appendix string for MAIL TO */
1081 buffer to build string
1082 addrlist chain of potential addresses to deliver
1083 ob transport options
1085 Globals smtp_authenticated
1086 client_authenticated_sender
1087 Return True on error, otherwise buffer has (possibly empty) terminated string
1091 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1092 smtp_transport_options_block *ob)
1094 uschar *local_authenticated_sender = authenticated_sender;
1097 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1100 if (ob->authenticated_sender != NULL)
1102 uschar *new = expand_string(ob->authenticated_sender);
1105 if (!expand_string_forcedfail)
1107 uschar *message = string_sprintf("failed to expand "
1108 "authenticated_sender: %s", expand_string_message);
1109 set_errno(addrlist, 0, message, DEFER, FALSE);
1113 else if (new[0] != 0) local_authenticated_sender = new;
1116 /* Add the authenticated sender address if present */
1118 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1119 local_authenticated_sender != NULL)
1121 string_format(buffer, bufsize, " AUTH=%s",
1122 auth_xtextencode(local_authenticated_sender,
1123 Ustrlen(local_authenticated_sender)));
1124 client_authenticated_sender = string_copy(local_authenticated_sender);
1134 /*************************************************
1135 * Deliver address list to given host *
1136 *************************************************/
1138 /* If continue_hostname is not null, we get here only when continuing to
1139 deliver down an existing channel. The channel was passed as the standard
1140 input. TLS is never active on a passed channel; the previous process always
1141 closes it down before passing the connection on.
1143 Otherwise, we have to make a connection to the remote host, and do the
1144 initial protocol exchange.
1146 When running as an MUA wrapper, if the sender or any recipient is rejected,
1147 temporarily or permanently, we force failure for all recipients.
1150 addrlist chain of potential addresses to deliver; only those whose
1151 transport_return field is set to PENDING_DEFER are currently
1152 being processed; others should be skipped - they have either
1153 been delivered to an earlier host or IP address, or been
1154 failed by one of them.
1155 host host to deliver to
1156 host_af AF_INET or AF_INET6
1157 port default TCP/IP port to use, in host byte order
1158 interface interface to bind to, or NULL
1159 tblock transport instance block
1160 copy_host TRUE if host set in addr->host_used must be copied, because
1161 it is specific to this call of the transport
1162 message_defer set TRUE if yield is OK, but all addresses were deferred
1163 because of a non-recipient, non-host failure, that is, a
1164 4xx response to MAIL FROM, DATA, or ".". This is a defer
1165 that is specific to the message.
1166 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1167 a second attempt after TLS initialization fails
1169 Returns: OK - the connection was made and the delivery attempted;
1170 the result for each address is in its data block.
1171 DEFER - the connection could not be made, or something failed
1172 while setting up the SMTP session, or there was a
1173 non-message-specific error, such as a timeout.
1174 ERROR - a filter command is specified for this transport,
1175 and there was a problem setting it up; OR helo_data
1176 or add_headers or authenticated_sender is specified
1177 for this transport, and the string failed to expand
1181 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1182 uschar *interface, transport_instance *tblock, BOOL copy_host,
1183 BOOL *message_defer, BOOL suppress_tls)
1186 address_item *sync_addr;
1187 address_item *first_addr = addrlist;
1192 time_t start_delivery_time = time(NULL);
1193 smtp_transport_options_block *ob =
1194 (smtp_transport_options_block *)(tblock->options_block);
1195 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1196 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
1198 BOOL send_rset = TRUE;
1199 BOOL send_quit = TRUE;
1200 BOOL setting_up = TRUE;
1201 BOOL completed_address = FALSE;
1204 BOOL pass_message = FALSE;
1205 #ifndef DISABLE_PRDR
1206 BOOL prdr_offered = FALSE;
1209 #ifdef EXPERIMENTAL_DSN
1210 BOOL dsn_all_lasthop = TRUE;
1212 smtp_inblock inblock;
1213 smtp_outblock outblock;
1214 int max_rcpt = tblock->max_addresses;
1215 uschar *igquotstr = US"";
1216 uschar *helo_data = NULL;
1217 uschar *message = NULL;
1218 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1220 uschar buffer[4096];
1221 uschar inbuffer[4096];
1222 uschar outbuffer[1024];
1224 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1226 *message_defer = FALSE;
1227 smtp_command = US"initial connection";
1228 if (max_rcpt == 0) max_rcpt = 999999;
1230 /* Set up the buffer for reading SMTP response packets. */
1232 inblock.buffer = inbuffer;
1233 inblock.buffersize = sizeof(inbuffer);
1234 inblock.ptr = inbuffer;
1235 inblock.ptrend = inbuffer;
1237 /* Set up the buffer for holding SMTP commands while pipelining */
1239 outblock.buffer = outbuffer;
1240 outblock.buffersize = sizeof(outbuffer);
1241 outblock.ptr = outbuffer;
1242 outblock.cmd_count = 0;
1243 outblock.authenticating = FALSE;
1245 /* Reset the parameters of a TLS session. */
1248 tls_out.cipher = NULL; /* the one we may use for this transport */
1249 tls_out.ourcert = NULL;
1250 tls_out.peercert = NULL;
1251 tls_out.peerdn = NULL;
1252 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1255 tls_out.ocsp = OCSP_NOT_REQ;
1257 /* Flip the legacy TLS-related variables over to the outbound set in case
1258 they're used in the context of the transport. Don't bother resetting
1259 afterward as we're in a subprocess. */
1261 tls_modify_variables(&tls_out);
1266 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1271 /* Make a connection to the host if this isn't a continued delivery, and handle
1272 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1273 specially so they can be identified for retries. */
1275 if (continue_hostname == NULL)
1277 inblock.sock = outblock.sock =
1278 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
1279 ob->keepalive, ob->dscp); /* This puts port into host->port */
1281 if (inblock.sock < 0)
1283 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
1284 NULL, DEFER, FALSE);
1288 /* Expand the greeting message while waiting for the initial response. (Makes
1289 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1290 delayed till here so that $sending_interface and $sending_port are set. */
1292 helo_data = expand_string(ob->helo_data);
1294 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1295 is nevertheless a reasonably clean way of programming this kind of logic,
1296 where you want to escape on any error. */
1300 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1301 ob->command_timeout)) goto RESPONSE_FAILED;
1303 /* Now check if the helo_data expansion went well, and sign off cleanly if
1306 if (helo_data == NULL)
1308 uschar *message = string_sprintf("failed to expand helo_data: %s",
1309 expand_string_message);
1310 set_errno(addrlist, 0, message, DEFER, FALSE);
1316 /** Debugging without sending a message
1317 addrlist->transport_return = DEFER;
1321 /* Errors that occur after this point follow an SMTP command, which is
1322 left in big_buffer by smtp_write_command() for use in error messages. */
1324 smtp_command = big_buffer;
1326 /* Tell the remote who we are...
1328 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1329 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1330 greeting is of this form. The assumption was that the far end supports it
1331 properly... but experience shows that there are some that give 5xx responses,
1332 even though the banner includes "ESMTP" (there's a bloody-minded one that
1333 says "ESMTP not spoken here"). Cope with that case.
1335 September 2000: Time has passed, and it seems reasonable now to always send
1336 EHLO at the start. It is also convenient to make the change while installing
1339 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1340 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1341 would be no way to send out the mails, so there is now a host list
1342 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1343 PIPELINING problem as well. Maybe it can also be useful to cure other
1344 problems with broken servers.
1346 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1347 Then somebody tried it with a Microsoft mailer... It seems that all other
1348 mailers use upper case for some reason (the RFC is quite clear about case
1349 independence) so, for peace of mind, I gave in. */
1351 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1352 host->name, host->address, NULL) != OK;
1354 /* Alas; be careful, since this goto is not an error-out, so conceivably
1355 we might set data between here and the target which we assume to exist
1356 and be usable. I can see this coming back to bite us. */
1361 suppress_tls = FALSE;
1362 ob->tls_tempfail_tryclear = FALSE;
1363 smtp_command = US"SSL-on-connect";
1370 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1371 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1373 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1374 ob->command_timeout))
1376 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1383 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1388 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1390 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1391 ob->command_timeout)) goto RESPONSE_FAILED;
1394 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1395 lmtp_ignore_quota option was set. */
1397 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1398 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1399 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1401 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1404 tls_offered = esmtp &&
1405 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1406 PCRE_EOPT, NULL, 0) >= 0;
1409 #ifndef DISABLE_PRDR
1410 prdr_offered = esmtp &&
1411 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1412 PCRE_EOPT, NULL, 0) >= 0) &&
1413 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1414 host->address, NULL) == OK);
1417 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1421 /* For continuing deliveries down the same channel, the socket is the standard
1422 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1423 below). Set up the pointer to where subsequent commands will be left, for
1424 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1425 set from the command line if they were set in the process that passed the
1430 inblock.sock = outblock.sock = fileno(stdin);
1431 smtp_command = big_buffer;
1432 host->port = port; /* Record the port that was used */
1435 /* If TLS is available on this connection, whether continued or not, attempt to
1436 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1437 send another EHLO - the server may give a different answer in secure mode. We
1438 use a separate buffer for reading the response to STARTTLS so that if it is
1439 negative, the original EHLO data is available for subsequent analysis, should
1440 the client not be required to use TLS. If the response is bad, copy the buffer
1441 for error analysis. */
1444 if (tls_offered && !suppress_tls &&
1445 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1446 host->address, NULL) != OK)
1448 uschar buffer2[4096];
1449 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1452 /* If there is an I/O error, transmission of this message is deferred. If
1453 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1454 false, we also defer. However, if there is a temporary rejection of STARTTLS
1455 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1456 STARTTLS, we carry on. This means we will try to send the message in clear,
1457 unless the host is in hosts_require_tls (tested below). */
1459 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1460 ob->command_timeout))
1462 if (errno != 0 || buffer2[0] == 0 ||
1463 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1465 Ustrncpy(buffer, buffer2, sizeof(buffer));
1466 goto RESPONSE_FAILED;
1470 /* STARTTLS accepted: try to negotiate a TLS session. */
1475 int rc = tls_client_start(inblock.sock, host, addrlist, ob);
1477 /* TLS negotiation failed; give an error. From outside, this function may
1478 be called again to try in clear on a new connection, if the options permit
1479 it for this host. */
1483 save_errno = ERRNO_TLSFAILURE;
1484 message = US"failure while setting up TLS session";
1489 /* TLS session is set up */
1491 for (addr = addrlist; addr != NULL; addr = addr->next)
1493 if (addr->transport_return == PENDING_DEFER)
1495 addr->cipher = tls_out.cipher;
1496 addr->ourcert = tls_out.ourcert;
1497 addr->peercert = tls_out.peercert;
1498 addr->peerdn = tls_out.peerdn;
1499 addr->ocsp = tls_out.ocsp;
1505 /* if smtps, we'll have smtp_command set to something else; always safe to
1507 smtp_command = big_buffer;
1509 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1510 helo_data is null, we are dealing with a connection that was passed from
1511 another process, and so we won't have expanded helo_data above. We have to
1512 expand it here. $sending_ip_address and $sending_port are set up right at the
1513 start of the Exim process (in exim.c). */
1515 if (tls_out.active >= 0)
1518 if (helo_data == NULL)
1520 helo_data = expand_string(ob->helo_data);
1521 if (helo_data == NULL)
1523 uschar *message = string_sprintf("failed to expand helo_data: %s",
1524 expand_string_message);
1525 set_errno(addrlist, 0, message, DEFER, FALSE);
1531 /* For SMTPS we need to wait for the initial OK response. */
1534 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1535 ob->command_timeout)) goto RESPONSE_FAILED;
1539 greeting_cmd = "EHLO";
1542 greeting_cmd = "HELO";
1544 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1547 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1548 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1550 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1551 ob->command_timeout))
1552 goto RESPONSE_FAILED;
1555 /* If the host is required to use a secure channel, ensure that we
1558 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1559 host->address, NULL) == OK)
1561 save_errno = ERRNO_TLSREQUIRED;
1562 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1563 host->name, host->address,
1564 tls_offered? "an attempt to start TLS failed" :
1565 "the server did not offer TLS support");
1570 /* If TLS is active, we have just started it up and re-done the EHLO command,
1571 so its response needs to be analyzed. If TLS is not active and this is a
1572 continued session down a previously-used socket, we haven't just done EHLO, so
1575 if (continue_hostname == NULL
1577 || tls_out.active >= 0
1581 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1582 lmtp_ignore_quota option was set. */
1584 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1585 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1586 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1588 /* If the response to EHLO specified support for the SIZE parameter, note
1589 this, provided size_addition is non-negative. */
1591 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1592 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1593 PCRE_EOPT, NULL, 0) >= 0;
1595 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1596 the current host, esmtp will be false, so PIPELINING can never be used. If
1597 the current host matches hosts_avoid_pipelining, don't do it. */
1599 smtp_use_pipelining = esmtp &&
1600 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1601 host->address, NULL) != OK &&
1602 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1603 PCRE_EOPT, NULL, 0) >= 0;
1605 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1606 smtp_use_pipelining? "" : "not ");
1608 #ifndef DISABLE_PRDR
1609 prdr_offered = esmtp &&
1610 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1611 PCRE_EOPT, NULL, 0) >= 0 &&
1612 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1613 host->address, NULL) == OK;
1616 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1619 #ifdef EXPERIMENTAL_DSN
1620 /* Note if the server supports DSN */
1621 smtp_use_dsn = esmtp && pcre_exec(regex_DSN, NULL, CS buffer, (int)Ustrlen(CS buffer), 0,
1622 PCRE_EOPT, NULL, 0) >= 0;
1623 DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn);
1626 /* Note if the response to EHLO specifies support for the AUTH extension.
1627 If it has, check that this host is one we want to authenticate to, and do
1628 the business. The host name and address must be available when the
1629 authenticator's client driver is running. */
1631 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1632 ob, esmtp, &inblock, &outblock))
1634 default: goto SEND_QUIT;
1636 case FAIL_SEND: goto SEND_FAILED;
1637 case FAIL: goto RESPONSE_FAILED;
1641 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1642 message-specific. */
1646 /* If there is a filter command specified for this transport, we can now
1647 set it up. This cannot be done until the identify of the host is known. */
1649 if (tblock->filter_command != NULL)
1653 sprintf(CS buffer, "%.50s transport", tblock->name);
1654 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1655 TRUE, DEFER, addrlist, buffer, NULL);
1656 transport_filter_timeout = tblock->filter_timeout;
1658 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1663 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1671 /* For messages that have more than the maximum number of envelope recipients,
1672 we want to send several transactions down the same SMTP connection. (See
1673 comments in deliver.c as to how this reconciles, heuristically, with
1674 remote_max_parallel.) This optimization was added to Exim after the following
1675 code was already working. The simplest way to put it in without disturbing the
1676 code was to use a goto to jump back to this point when there is another
1677 transaction to handle. */
1680 sync_addr = first_addr;
1684 completed_address = FALSE;
1687 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1688 qualification, send it, adding something to the message size to allow for
1689 imprecision and things that get added en route. Exim keeps the number of lines
1690 in a message, so we can give an accurate value for the original message, but we
1691 need some additional to handle added headers. (Double "." characters don't get
1692 included in the count.) */
1699 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1703 #ifndef DISABLE_PRDR
1704 prdr_active = FALSE;
1707 for (addr = first_addr; addr; addr = addr->next)
1708 if (addr->transport_return == PENDING_DEFER)
1710 for (addr = addr->next; addr; addr = addr->next)
1711 if (addr->transport_return == PENDING_DEFER)
1712 { /* at least two recipients to send */
1714 sprintf(CS p, " PRDR"); p += 5;
1715 goto prdr_is_active;
1723 #ifdef EXPERIMENTAL_DSN
1724 /* check if all addresses have lasthop flag */
1725 /* do not send RET and ENVID if true */
1726 dsn_all_lasthop = TRUE;
1727 for (addr = first_addr;
1728 address_count < max_rcpt && addr != NULL;
1730 if ((addr->dsn_flags & rf_dsnlasthop) != 1)
1731 dsn_all_lasthop = FALSE;
1733 /* Add any DSN flags to the mail command */
1735 if ((smtp_use_dsn) && (dsn_all_lasthop == FALSE))
1737 if (dsn_ret == dsn_ret_hdrs)
1739 strcpy(p, " RET=HDRS");
1742 else if (dsn_ret == dsn_ret_full)
1744 strcpy(p, " RET=FULL");
1747 if (dsn_envid != NULL)
1749 string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
1755 /* If an authenticated_sender override has been specified for this transport
1756 instance, expand it. If the expansion is forced to fail, and there was already
1757 an authenticated_sender for this message, the original value will be used.
1758 Other expansion failures are serious. An empty result is ignored, but there is
1759 otherwise no check - this feature is expected to be used with LMTP and other
1760 cases where non-standard addresses (e.g. without domains) might be required. */
1762 if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1765 /* From here until we send the DATA command, we can make use of PIPELINING
1766 if the server host supports it. The code has to be able to check the responses
1767 at any point, for when the buffer fills up, so we write it totally generally.
1768 When PIPELINING is off, each command written reports that it has flushed the
1771 pending_MAIL = TRUE; /* The block starts with MAIL */
1773 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1774 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1775 mail_command = string_copy(big_buffer); /* Save for later error message */
1779 case -1: /* Transmission error */
1782 case +1: /* Block was sent */
1783 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1784 ob->command_timeout))
1786 if (errno == 0 && buffer[0] == '4')
1788 errno = ERRNO_MAIL4XX;
1789 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1791 goto RESPONSE_FAILED;
1793 pending_MAIL = FALSE;
1797 /* Pass over all the relevant recipient addresses for this host, which are the
1798 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1799 several before we have to read the responses for those seen so far. This
1800 checking is done by a subroutine because it also needs to be done at the end.
1801 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1802 the next one if not all are sent.
1804 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1805 last address because we want to abort if any recipients have any kind of
1806 problem, temporary or permanent. We know that all recipient addresses will have
1807 the PENDING_DEFER status, because only one attempt is ever made, and we know
1808 that max_rcpt will be large, so all addresses will be done at once. */
1810 for (addr = first_addr;
1811 address_count < max_rcpt && addr != NULL;
1817 #ifdef EXPERIMENTAL_DSN
1819 addr->dsn_aware = dsn_support_yes;
1821 addr->dsn_aware = dsn_support_no;
1824 if (addr->transport_return != PENDING_DEFER) continue;
1827 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1829 #ifdef EXPERIMENTAL_DSN
1830 /* Add any DSN flags to the rcpt command and add to the sent string */
1835 if ((smtp_use_dsn) && ((addr->dsn_flags & rf_dsnlasthop) != 1))
1837 if ((addr->dsn_flags & rf_dsnflags) != 0)
1841 strcpy(p, " NOTIFY=");
1843 for (i = 0; i < 4; i++)
1845 if ((addr->dsn_flags & rf_list[i]) != 0)
1847 if (!first) *p++ = ',';
1849 strcpy(p, rf_names[i]);
1855 if (addr->dsn_orcpt != NULL) {
1856 string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
1864 /* Now send the RCPT command, and process outstanding responses when
1865 necessary. After a timeout on RCPT, we just end the function, leaving the
1866 yield as OK, because this error can often mean that there is a problem with
1867 just one address, so we don't want to delay the host. */
1869 #ifdef EXPERIMENTAL_DSN
1870 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
1871 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr, buffer);
1873 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1874 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1877 if (count < 0) goto SEND_FAILED;
1880 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1881 &sync_addr, host, count, ob->address_retry_include_sender,
1882 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1885 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1886 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1889 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1890 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1891 case 0: /* No 2xx or 5xx, but no probs */
1894 case -1: goto END_OFF; /* Timeout on RCPT */
1895 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1897 pending_MAIL = FALSE; /* Dealt with MAIL */
1899 } /* Loop for next address */
1901 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1902 permanently or temporarily. We should have flushed and synced after the last
1907 address_item *badaddr;
1908 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1910 if (badaddr->transport_return != PENDING_OK) break;
1912 if (badaddr != NULL)
1914 set_errno(addrlist, 0, badaddr->message, FAIL,
1915 testflag(badaddr, af_pass_message));
1920 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1921 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1922 have a good recipient buffered up if we are pipelining. We don't want to waste
1923 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1924 are pipelining. The responses are all handled by sync_responses(). */
1926 if (ok || (smtp_use_pipelining && !mua_wrapper))
1928 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1929 if (count < 0) goto SEND_FAILED;
1930 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1931 host, count, ob->address_retry_include_sender, pending_MAIL,
1932 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1934 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1935 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1938 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1939 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1940 case 0: break; /* No 2xx or 5xx, but no probs */
1942 case -1: goto END_OFF; /* Timeout on RCPT */
1943 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1947 /* Save the first address of the next batch. */
1951 /* If there were no good recipients (but otherwise there have been no
1952 problems), just set ok TRUE, since we have handled address-specific errors
1953 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1954 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1955 well as body. Set the appropriate timeout value to be used for each chunk.
1956 (Haven't been able to make it work using select() for writing yet.) */
1958 if (!ok) ok = TRUE; else
1960 sigalrm_seen = FALSE;
1961 transport_write_timeout = ob->data_timeout;
1962 smtp_command = US"sending data block"; /* For error messages */
1963 DEBUG(D_transport|D_v)
1964 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1965 transport_count = 0;
1966 #ifndef DISABLE_DKIM
1967 ok = dkim_transport_write_message(addrlist, inblock.sock,
1968 topt_use_crlf | topt_end_dot | topt_escape_headers |
1969 (tblock->body_only? topt_no_headers : 0) |
1970 (tblock->headers_only? topt_no_body : 0) |
1971 (tblock->return_path_add? topt_add_return_path : 0) |
1972 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1973 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1974 0, /* No size limit */
1975 tblock->add_headers, tblock->remove_headers,
1976 US".", US"..", /* Escaping strings */
1977 tblock->rewrite_rules, tblock->rewrite_existflags,
1978 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1979 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1982 ok = transport_write_message(addrlist, inblock.sock,
1983 topt_use_crlf | topt_end_dot | topt_escape_headers |
1984 (tblock->body_only? topt_no_headers : 0) |
1985 (tblock->headers_only? topt_no_body : 0) |
1986 (tblock->return_path_add? topt_add_return_path : 0) |
1987 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1988 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1989 0, /* No size limit */
1990 tblock->add_headers, tblock->remove_headers,
1991 US".", US"..", /* Escaping strings */
1992 tblock->rewrite_rules, tblock->rewrite_existflags);
1995 /* transport_write_message() uses write() because it is called from other
1996 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1997 it can exit with "Broken pipe" as its error. This really means that the
1998 socket got closed at the far end. */
2000 transport_write_timeout = 0; /* for subsequent transports */
2002 /* Failure can either be some kind of I/O disaster (including timeout),
2003 or the failure of a transport filter or the expansion of added headers. */
2007 buffer[0] = 0; /* There hasn't been a response */
2008 goto RESPONSE_FAILED;
2011 /* We used to send the terminating "." explicitly here, but because of
2012 buffering effects at both ends of TCP/IP connections, you don't gain
2013 anything by keeping it separate, so it might as well go in the final
2014 data buffer for efficiency. This is now done by setting the topt_end_dot
2017 smtp_command = US"end of data";
2019 #ifndef DISABLE_PRDR
2020 /* For PRDR we optionally get a partial-responses warning
2021 * followed by the individual responses, before going on with
2022 * the overall response. If we don't get the warning then deal
2023 * with per non-PRDR. */
2026 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
2028 if (!ok && errno == 0)
2031 case '2': prdr_active = FALSE;
2034 case '4': errno = ERRNO_DATA4XX;
2035 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2042 /* For non-PRDR SMTP, we now read a single response that applies to the
2043 whole message. If it is OK, then all the addresses have been delivered. */
2047 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2049 if (!ok && errno == 0 && buffer[0] == '4')
2051 errno = ERRNO_DATA4XX;
2052 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2056 /* For LMTP, we get back a response for every RCPT command that we sent;
2057 some may be accepted and some rejected. For those that get a response, their
2058 status is fixed; any that are accepted have been handed over, even if later
2059 responses crash - at least, that's how I read RFC 2033.
2061 If all went well, mark the recipient addresses as completed, record which
2062 host/IPaddress they were delivered to, and cut out RSET when sending another
2063 message down the same channel. Write the completed addresses to the journal
2064 now so that they are recorded in case there is a crash of hardware or
2065 software before the spool gets updated. Also record the final SMTP
2066 confirmation if needed (for SMTP only). */
2071 int delivery_time = (int)(time(NULL) - start_delivery_time);
2074 uschar *conf = NULL;
2077 /* Make a copy of the host if it is local to this invocation
2078 of the transport. */
2082 thost = store_get(sizeof(host_item));
2084 thost->name = string_copy(host->name);
2085 thost->address = string_copy(host->address);
2089 /* Set up confirmation if needed - applies only to SMTP */
2092 #ifndef EXPERIMENTAL_TPDA
2093 (log_extra_selector & LX_smtp_confirmation) != 0 &&
2098 uschar *s = string_printing(buffer);
2099 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2102 /* Process all transported addresses - for LMTP or PRDR, read a status for
2105 for (addr = addrlist; addr != first_addr; addr = addr->next)
2107 if (addr->transport_return != PENDING_OK) continue;
2109 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2110 remaining addresses. Otherwise, it's a return code for just the one
2111 address. For temporary errors, add a retry item for the address so that
2112 it doesn't get tried again too soon. */
2114 #ifndef DISABLE_PRDR
2115 if (lmtp || prdr_active)
2120 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2123 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
2124 addr->message = string_sprintf(
2125 #ifndef DISABLE_PRDR
2126 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2128 "LMTP error after %s: %s",
2130 big_buffer, string_printing(buffer));
2131 setflag(addr, af_pass_message); /* Allow message to go to user */
2132 if (buffer[0] == '5')
2133 addr->transport_return = FAIL;
2136 errno = ERRNO_DATA4XX;
2137 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2138 addr->transport_return = DEFER;
2139 #ifndef DISABLE_PRDR
2142 retry_add_item(addr, addr->address_retry_key, 0);
2146 completed_address = TRUE; /* NOW we can set this flag */
2147 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2149 uschar *s = string_printing(buffer);
2150 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2154 /* SMTP, or success return from LMTP for this address. Pass back the
2155 actual host that was used. */
2157 addr->transport_return = OK;
2158 addr->more_errno = delivery_time;
2159 addr->host_used = thost;
2160 addr->special_action = flag;
2161 addr->message = conf;
2162 #ifndef DISABLE_PRDR
2163 if (prdr_active) addr->flags |= af_prdr_used;
2167 #ifndef DISABLE_PRDR
2171 /* Update the journal. For homonymic addresses, use the base address plus
2172 the transport name. See lots of comments in deliver.c about the reasons
2173 for the complications when homonyms are involved. Just carry on after
2174 write error, as it may prove possible to update the spool file later. */
2176 if (testflag(addr, af_homonym))
2177 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2179 sprintf(CS buffer, "%.500s\n", addr->unique);
2181 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2182 len = Ustrlen(CS buffer);
2183 if (write(journal_fd, buffer, len) != len)
2184 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2185 "%s: %s", buffer, strerror(errno));
2189 #ifndef DISABLE_PRDR
2192 /* PRDR - get the final, overall response. For any non-success
2193 upgrade all the address statuses. */
2194 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2198 if(errno == 0 && buffer[0] == '4')
2200 errno = ERRNO_DATA4XX;
2201 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2203 for (addr = addrlist; addr != first_addr; addr = addr->next)
2204 if (buffer[0] == '5' || addr->transport_return == OK)
2205 addr->transport_return = PENDING_OK; /* allow set_errno action */
2206 goto RESPONSE_FAILED;
2209 /* Update the journal, or setup retry. */
2210 for (addr = addrlist; addr != first_addr; addr = addr->next)
2211 if (addr->transport_return == OK)
2213 if (testflag(addr, af_homonym))
2214 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2216 sprintf(CS buffer, "%.500s\n", addr->unique);
2218 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2219 len = Ustrlen(CS buffer);
2220 if (write(journal_fd, buffer, len) != len)
2221 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2222 "%s: %s", buffer, strerror(errno));
2224 else if (addr->transport_return == DEFER)
2225 retry_add_item(addr, addr->address_retry_key, -2);
2229 /* Ensure the journal file is pushed out to disk. */
2231 if (EXIMfsync(journal_fd) < 0)
2232 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2238 /* Handle general (not specific to one address) failures here. The value of ok
2239 is used to skip over this code on the falling through case. A timeout causes a
2240 deferral. Other errors may defer or fail according to the response code, and
2241 may set up a special errno value, e.g. after connection chopped, which is
2242 assumed if errno == 0 and there is no text in the buffer. If control reaches
2243 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2244 the problem is not related to this specific message. */
2253 send_quit = check_response(host, &save_errno, addrlist->more_errno,
2254 buffer, &code, &message, &pass_message);
2260 message = US string_sprintf("send() to %s [%s] failed: %s",
2261 host->name, host->address, strerror(save_errno));
2265 /* This label is jumped to directly when a TLS negotiation has failed,
2266 or was not done for a host for which it is required. Values will be set
2267 in message and save_errno, and setting_up will always be true. Treat as
2268 a temporary error. */
2275 /* If the failure happened while setting up the call, see if the failure was
2276 a 5xx response (this will either be on connection, or following HELO - a 5xx
2277 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2278 never going to accept them. For other errors during setting up (timeouts or
2279 whatever), defer all addresses, and yield DEFER, so that the host is not
2280 tried again for a while. */
2283 ok = FALSE; /* For when reached by GOTO */
2289 set_errno(addrlist, save_errno, message, FAIL, pass_message);
2293 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2298 /* We want to handle timeouts after MAIL or "." and loss of connection after
2299 "." specially. They can indicate a problem with the sender address or with
2300 the contents of the message rather than a real error on the connection. These
2301 cases are treated in the same way as a 4xx response. This next bit of code
2302 does the classification. */
2313 message_error = TRUE;
2317 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2318 Ustrncmp(smtp_command,"end ",4) == 0;
2321 case ERRNO_SMTPCLOSED:
2322 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2326 message_error = FALSE;
2330 /* Handle the cases that are treated as message errors. These are:
2332 (a) negative response or timeout after MAIL
2333 (b) negative response after DATA
2334 (c) negative response or timeout or dropped connection after "."
2336 It won't be a negative response or timeout after RCPT, as that is dealt
2337 with separately above. The action in all cases is to set an appropriate
2338 error code for all the addresses, but to leave yield set to OK because the
2339 host itself has not failed. Of course, it might in practice have failed
2340 when we've had a timeout, but if so, we'll discover that at the next
2341 delivery attempt. For a temporary error, set the message_defer flag, and
2342 write to the logs for information if this is not the last host. The error
2343 for the last host will be logged as part of the address's log line. */
2347 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2348 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2351 /* If there's an errno, the message contains just the identity of
2354 if (code != '5') /* Anything other than 5 is treated as temporary */
2357 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2358 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2359 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2360 *message_defer = TRUE;
2364 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2365 ".", or some other transportation error. We defer all addresses and yield
2366 DEFER, except for the case of failed add_headers expansion, or a transport
2367 filter failure, when the yield should be ERROR, to stop it trying other
2372 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2373 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2374 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2380 /* If all has gone well, send_quit will be set TRUE, implying we can end the
2381 SMTP session tidily. However, if there were too many addresses to send in one
2382 message (indicated by first_addr being non-NULL) we want to carry on with the
2383 rest of them. Also, it is desirable to send more than one message down the SMTP
2384 connection if there are several waiting, provided we haven't already sent so
2385 many as to hit the configured limit. The function transport_check_waiting looks
2386 for a waiting message and returns its id. Then transport_pass_socket tries to
2387 set up a continued delivery by passing the socket on to another process. The
2388 variable send_rset is FALSE if a message has just been successfully transfered.
2390 If we are already sending down a continued channel, there may be further
2391 addresses not yet delivered that are aimed at the same host, but which have not
2392 been passed in this run of the transport. In this case, continue_more will be
2393 true, and all we should do is send RSET if necessary, and return, leaving the
2396 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2397 do not want to continue with other messages down the same channel, because that
2398 can lead to looping between two or more messages, all with the same,
2399 temporarily failing address(es). [The retry information isn't updated yet, so
2400 new processes keep on trying.] We probably also don't want to try more of this
2401 message's addresses either.
2403 If we have started a TLS session, we have to end it before passing the
2404 connection to a new process. However, not all servers can handle this (Exim
2405 can), so we do not pass such a connection on if the host matches
2406 hosts_nopass_tls. */
2409 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2410 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2411 continue_more, yield, (first_addr == NULL)? "":"not ");
2413 if (completed_address && ok && send_quit)
2416 if (first_addr != NULL || continue_more ||
2418 (tls_out.active < 0 ||
2419 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2420 host->address, NULL) != OK)
2422 transport_check_waiting(tblock->name, host->name,
2423 tblock->connection_max_messages, new_message_id, &more)
2431 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2433 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2434 host->address, strerror(save_errno));
2437 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2438 ob->command_timeout)))
2441 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2445 DEBUG(D_transport) debug_printf("%s\n", msg);
2450 /* Either RSET was not needed, or it succeeded */
2454 if (first_addr != NULL) /* More addresses still to be sent */
2455 { /* in this run of the transport */
2456 continue_sequence++; /* Causes * in logging */
2459 if (continue_more) return yield; /* More addresses for another run */
2461 /* Pass the socket to a new Exim process. Before doing so, we must shut
2462 down TLS. Not all MTAs allow for the continuation of the SMTP session
2463 when TLS is shut down. We test for this by sending a new EHLO. If we
2464 don't get a good response, we don't attempt to pass the socket on. */
2467 if (tls_out.active >= 0)
2469 tls_close(FALSE, TRUE);
2473 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2474 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2475 ob->command_timeout);
2479 /* If the socket is successfully passed, we musn't send QUIT (or
2480 indeed anything!) from here. */
2482 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2483 new_message_id, inblock.sock))
2489 /* If RSET failed and there are addresses left, they get deferred. */
2491 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2495 /* End off tidily with QUIT unless the connection has died or the socket has
2496 been passed to another process. There has been discussion on the net about what
2497 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2498 to wait for a response, but on the other hand, there isn't anything one can do
2499 with an error response, other than log it. Exim used to do that. However,
2500 further discussion suggested that it is positively advantageous not to wait for
2501 the response, but to close the session immediately. This is supposed to move
2502 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2503 load from the server. (Hosts that are both servers and clients may not see much
2504 difference, of course.) Further discussion indicated that this was safe to do
2505 on Unix systems which have decent implementations of TCP/IP that leave the
2506 connection around for a while (TIME_WAIT) after the application has gone away.
2507 This enables the response sent by the server to be properly ACKed rather than
2508 timed out, as can happen on broken TCP/IP implementations on other OS.
2510 This change is being made on 31-Jul-98. After over a year of trouble-free
2511 operation, the old commented-out code was removed on 17-Sep-99. */
2514 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2519 tls_close(FALSE, TRUE);
2522 /* Close the socket, and return the appropriate value, first setting
2523 works because the NULL setting is passed back to the calling process, and
2524 remote_max_parallel is forced to 1 when delivering over an existing connection,
2526 If all went well and continue_more is set, we shouldn't actually get here if
2527 there are further addresses, as the return above will be taken. However,
2528 writing RSET might have failed, or there may be other addresses whose hosts are
2529 specified in the transports, and therefore not visible at top level, in which
2530 case continue_more won't get set. */
2532 (void)close(inblock.sock);
2533 continue_transport = NULL;
2534 continue_hostname = NULL;
2541 /*************************************************
2542 * Closedown entry point *
2543 *************************************************/
2545 /* This function is called when exim is passed an open smtp channel
2546 from another incarnation, but the message which it has been asked
2547 to deliver no longer exists. The channel is on stdin.
2549 We might do fancy things like looking for another message to send down
2550 the channel, but if the one we sought has gone, it has probably been
2551 delivered by some other process that itself will seek further messages,
2552 so just close down our connection.
2554 Argument: pointer to the transport instance block
2559 smtp_transport_closedown(transport_instance *tblock)
2561 smtp_transport_options_block *ob =
2562 (smtp_transport_options_block *)(tblock->options_block);
2563 smtp_inblock inblock;
2564 smtp_outblock outblock;
2566 uschar inbuffer[4096];
2567 uschar outbuffer[16];
2569 inblock.sock = fileno(stdin);
2570 inblock.buffer = inbuffer;
2571 inblock.buffersize = sizeof(inbuffer);
2572 inblock.ptr = inbuffer;
2573 inblock.ptrend = inbuffer;
2575 outblock.sock = inblock.sock;
2576 outblock.buffersize = sizeof(outbuffer);
2577 outblock.buffer = outbuffer;
2578 outblock.ptr = outbuffer;
2579 outblock.cmd_count = 0;
2580 outblock.authenticating = FALSE;
2582 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2583 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2584 ob->command_timeout);
2585 (void)close(inblock.sock);
2590 /*************************************************
2591 * Prepare addresses for delivery *
2592 *************************************************/
2594 /* This function is called to flush out error settings from previous delivery
2595 attempts to other hosts. It also records whether we got here via an MX record
2596 or not in the more_errno field of the address. We are interested only in
2597 addresses that are still marked DEFER - others may have got delivered to a
2598 previously considered IP address. Set their status to PENDING_DEFER to indicate
2599 which ones are relevant this time.
2602 addrlist the list of addresses
2603 host the host we are delivering to
2605 Returns: the first address for this delivery
2608 static address_item *
2609 prepare_addresses(address_item *addrlist, host_item *host)
2611 address_item *first_addr = NULL;
2613 for (addr = addrlist; addr != NULL; addr = addr->next)
2615 if (addr->transport_return != DEFER) continue;
2616 if (first_addr == NULL) first_addr = addr;
2617 addr->transport_return = PENDING_DEFER;
2618 addr->basic_errno = 0;
2619 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2620 addr->message = NULL;
2622 addr->cipher = NULL;
2623 addr->ourcert = NULL;
2624 addr->peercert = NULL;
2625 addr->peerdn = NULL;
2626 addr->ocsp = OCSP_NOT_REQ;
2634 /*************************************************
2635 * Main entry point *
2636 *************************************************/
2638 /* See local README for interface details. As this is a remote transport, it is
2639 given a chain of addresses to be delivered in one connection, if possible. It
2640 always returns TRUE, indicating that each address has its own independent
2641 status set, except if there is a setting up problem, in which case it returns
2645 smtp_transport_entry(
2646 transport_instance *tblock, /* data for this instantiation */
2647 address_item *addrlist) /* addresses we are working on */
2651 int hosts_defer = 0;
2653 int hosts_looked_up = 0;
2654 int hosts_retry = 0;
2655 int hosts_serial = 0;
2656 int hosts_total = 0;
2657 int total_hosts_tried = 0;
2659 BOOL expired = TRUE;
2660 BOOL continuing = continue_hostname != NULL;
2661 uschar *expanded_hosts = NULL;
2663 uschar *tid = string_sprintf("%s transport", tblock->name);
2664 smtp_transport_options_block *ob =
2665 (smtp_transport_options_block *)(tblock->options_block);
2666 host_item *hostlist = addrlist->host_list;
2667 host_item *host = NULL;
2671 debug_printf("%s transport entered\n", tblock->name);
2672 for (addr = addrlist; addr != NULL; addr = addr->next)
2673 debug_printf(" %s\n", addr->address);
2674 if (continuing) debug_printf("already connected to %s [%s]\n",
2675 continue_hostname, continue_host_address);
2678 /* Set the flag requesting that these hosts be added to the waiting
2679 database if the delivery fails temporarily or if we are running with
2680 queue_smtp or a 2-stage queue run. This gets unset for certain
2681 kinds of error, typically those that are specific to the message. */
2683 update_waiting = TRUE;
2685 /* If a host list is not defined for the addresses - they must all have the
2686 same one in order to be passed to a single transport - or if the transport has
2687 a host list with hosts_override set, use the host list supplied with the
2688 transport. It is an error for this not to exist. */
2690 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2692 if (ob->hosts == NULL)
2694 addrlist->message = string_sprintf("%s transport called with no hosts set",
2696 addrlist->transport_return = PANIC;
2697 return FALSE; /* Only top address has status */
2700 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2703 /* If the transport's host list contains no '$' characters, and we are not
2704 randomizing, it is fixed and therefore a chain of hosts can be built once
2705 and for all, and remembered for subsequent use by other calls to this
2706 transport. If, on the other hand, the host list does contain '$', or we are
2707 randomizing its order, we have to rebuild it each time. In the fixed case,
2708 as the hosts string will never be used again, it doesn't matter that we
2709 replace all the : characters with zeros. */
2711 if (ob->hostlist == NULL)
2713 uschar *s = ob->hosts;
2715 if (Ustrchr(s, '$') != NULL)
2717 expanded_hosts = expand_string(s);
2718 if (expanded_hosts == NULL)
2720 addrlist->message = string_sprintf("failed to expand list of hosts "
2721 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2722 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2723 return FALSE; /* Only top address has status */
2725 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2726 "\"%s\"\n", s, expanded_hosts);
2730 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2732 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2734 /* Check that the expansion yielded something useful. */
2735 if (hostlist == NULL)
2738 string_sprintf("%s transport has empty hosts setting", tblock->name);
2739 addrlist->transport_return = PANIC;
2740 return FALSE; /* Only top address has status */
2743 /* If there was no expansion of hosts, save the host list for
2746 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2749 /* This is not the first time this transport has been run in this delivery;
2750 the host list was built previously. */
2752 else hostlist = ob->hostlist;
2755 /* The host list was supplied with the address. If hosts_randomize is set, we
2756 must sort it into a random order if it did not come from MX records and has not
2757 already been randomized (but don't bother if continuing down an existing
2760 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2762 host_item *newlist = NULL;
2763 while (hostlist != NULL)
2765 host_item *h = hostlist;
2766 hostlist = hostlist->next;
2768 h->sort_key = random_number(100);
2770 if (newlist == NULL)
2775 else if (h->sort_key < newlist->sort_key)
2782 host_item *hh = newlist;
2783 while (hh->next != NULL)
2785 if (h->sort_key < hh->next->sort_key) break;
2793 hostlist = addrlist->host_list = newlist;
2797 /* Sort out the default port. */
2799 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2802 /* For each host-plus-IP-address on the list:
2804 . If this is a continued delivery and the host isn't the one with the
2805 current connection, skip.
2807 . If the status is unusable (i.e. previously failed or retry checked), skip.
2809 . If no IP address set, get the address, either by turning the name into
2810 an address, calling gethostbyname if gethostbyname is on, or by calling
2811 the DNS. The DNS may yield multiple addresses, in which case insert the
2812 extra ones into the list.
2814 . Get the retry data if not previously obtained for this address and set the
2815 field which remembers the state of this address. Skip if the retry time is
2816 not reached. If not, remember whether retry data was found. The retry string
2817 contains both the name and the IP address.
2819 . Scan the list of addresses and mark those whose status is DEFER as
2820 PENDING_DEFER. These are the only ones that will be processed in this cycle
2823 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2824 Some addresses may be successfully delivered, others may fail, and yet
2825 others may get temporary errors and so get marked DEFER.
2827 . The return from the delivery attempt is OK if a connection was made and a
2828 valid SMTP dialogue was completed. Otherwise it is DEFER.
2830 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2832 . If fail to connect, or other defer state, add a retry item.
2834 . If there are any addresses whose status is still DEFER, carry on to the
2835 next host/IPaddress, unless we have tried the number of hosts given
2836 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2837 there is some fancy logic for hosts_max_try that means its limit can be
2838 overstepped in some circumstances.
2840 If we get to the end of the list, all hosts have deferred at least one address,
2841 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2842 delivery attempt to those hosts whose last try was before the arrival time of
2843 the current message. To cope with this, we have to go round the loop a second
2844 time. After that, set the status and error data for any addresses that haven't
2845 had it set already. */
2847 for (cutoff_retry = 0; expired &&
2848 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2851 host_item *nexthost = NULL;
2852 int unexpired_hosts_tried = 0;
2854 for (host = hostlist;
2856 unexpired_hosts_tried < ob->hosts_max_try &&
2857 total_hosts_tried < ob->hosts_max_try_hardlimit;
2863 BOOL serialized = FALSE;
2864 BOOL host_is_expired = FALSE;
2865 BOOL message_defer = FALSE;
2866 BOOL ifchanges = FALSE;
2867 BOOL some_deferred = FALSE;
2868 address_item *first_addr = NULL;
2869 uschar *interface = NULL;
2870 uschar *retry_host_key = NULL;
2871 uschar *retry_message_key = NULL;
2872 uschar *serialize_key = NULL;
2874 /* Default next host is next host. :-) But this can vary if the
2875 hosts_max_try limit is hit (see below). It may also be reset if a host
2876 address is looked up here (in case the host was multihomed). */
2878 nexthost = host->next;
2880 /* If the address hasn't yet been obtained from the host name, look it up
2881 now, unless the host is already marked as unusable. If it is marked as
2882 unusable, it means that the router was unable to find its IP address (in
2883 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2884 the lookup failed last time. We don't get this far if *all* MX records
2885 point to non-existent hosts; that is treated as a hard error.
2887 We can just skip this host entirely. When the hosts came from the router,
2888 the address will timeout based on the other host(s); when the address is
2889 looked up below, there is an explicit retry record added.
2891 Note that we mustn't skip unusable hosts if the address is not unset; they
2892 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2894 if (host->address == NULL)
2896 int new_port, flags;
2898 uschar *canonical_name;
2900 if (host->status >= hstatus_unusable)
2902 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2907 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2909 /* The host name is permitted to have an attached port. Find it, and
2910 strip it from the name. Just remember it for now. */
2912 new_port = host_item_get_port(host);
2914 /* Count hosts looked up */
2918 /* Find by name if so configured, or if it's an IP address. We don't
2919 just copy the IP address, because we need the test-for-local to happen. */
2921 flags = HOST_FIND_BY_A;
2922 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2923 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2925 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2926 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2928 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2929 ob->dnssec_request_domains, ob->dnssec_require_domains,
2930 &canonical_name, NULL);
2932 /* Update the host (and any additional blocks, resulting from
2933 multihoming) with a host-specific port, if any. */
2935 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2937 /* Failure to find the host at this time (usually DNS temporary failure)
2938 is really a kind of routing failure rather than a transport failure.
2939 Therefore we add a retry item of the routing kind, not to stop us trying
2940 to look this name up here again, but to ensure the address gets timed
2941 out if the failures go on long enough. A complete failure at this point
2942 commonly points to a configuration error, but the best action is still
2943 to carry on for the next host. */
2945 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2947 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2949 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2950 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2951 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2952 host->status = hstatus_unusable;
2954 for (addr = addrlist; addr != NULL; addr = addr->next)
2956 if (addr->transport_return != DEFER) continue;
2957 addr->basic_errno = ERRNO_UNKNOWNHOST;
2959 string_sprintf("failed to lookup IP address for %s", host->name);
2964 /* If the host is actually the local host, we may have a problem, or
2965 there may be some cunning configuration going on. In the problem case,
2966 log things and give up. The default transport status is already DEFER. */
2968 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2970 for (addr = addrlist; addr != NULL; addr = addr->next)
2972 addr->basic_errno = 0;
2973 addr->message = string_sprintf("%s transport found host %s to be "
2974 "local", tblock->name, host->name);
2978 } /* End of block for IP address lookup */
2980 /* If this is a continued delivery, we are interested only in the host
2981 which matches the name of the existing open channel. The check is put
2982 here after the local host lookup, in case the name gets expanded as a
2983 result of the lookup. Set expired FALSE, to save the outer loop executing
2986 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2987 Ustrcmp(continue_host_address, host->address) != 0))
2990 continue; /* With next host */
2993 /* Reset the default next host in case a multihomed host whose addresses
2994 are not looked up till just above added to the host list. */
2996 nexthost = host->next;
2998 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2999 domain is in queue_smtp_domains, we don't actually want to attempt any
3000 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
3001 there is a lookup defer in queue_smtp_domains, proceed as if the domain
3002 were not in it. We don't want to hold up all SMTP deliveries! Except when
3003 doing a two-stage queue run, don't do this if forcing. */
3005 if ((!deliver_force || queue_2stage) && (queue_smtp ||
3006 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
3007 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
3010 for (addr = addrlist; addr != NULL; addr = addr->next)
3012 if (addr->transport_return != DEFER) continue;
3013 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
3015 continue; /* With next host */
3018 /* Count hosts being considered - purely for an intelligent comment
3019 if none are usable. */
3023 /* Set $host and $host address now in case they are needed for the
3024 interface expansion or the serialize_hosts check; they remain set if an
3025 actual delivery happens. */
3027 deliver_host = host->name;
3028 deliver_host_address = host->address;
3029 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
3030 : host->dnssec == DS_NO ? US"no"
3033 /* Set up a string for adding to the retry key if the port number is not
3034 the standard SMTP port. A host may have its own port setting that overrides
3037 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
3039 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
3041 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
3042 string changes upon expansion, we must add it to the key that is used for
3043 retries, because connections to the same host from a different interface
3044 should be treated separately. */
3046 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
3047 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
3050 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
3052 /* The first time round the outer loop, check the status of the host by
3053 inspecting the retry data. The second time round, we are interested only
3054 in expired hosts that haven't been tried since this message arrived. */
3056 if (cutoff_retry == 0)
3058 /* Ensure the status of the address is set by checking retry data if
3059 necessary. There maybe host-specific retry data (applicable to all
3060 messages) and also data for retries of a specific message at this host.
3061 If either of these retry records are actually read, the keys used are
3062 returned to save recomputing them later. */
3064 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
3065 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
3067 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
3068 (host->address == NULL)? US"" : host->address, pistring,
3069 (host->status == hstatus_usable)? "usable" :
3070 (host->status == hstatus_unusable)? "unusable" :
3071 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
3073 /* Skip this address if not usable at this time, noting if it wasn't
3074 actually expired, both locally and in the address. */
3076 switch (host->status)
3078 case hstatus_unusable:
3080 setflag(addrlist, af_retry_skipped);
3083 case hstatus_unusable_expired:
3086 case hwhy_retry: hosts_retry++; break;
3087 case hwhy_failed: hosts_fail++; break;
3088 case hwhy_deferred: hosts_defer++; break;
3091 /* If there was a retry message key, implying that previously there
3092 was a message-specific defer, we don't want to update the list of
3093 messages waiting for these hosts. */
3095 if (retry_message_key != NULL) update_waiting = FALSE;
3096 continue; /* With the next host or IP address */
3100 /* Second time round the loop: if the address is set but expired, and
3101 the message is newer than the last try, let it through. */
3105 if (host->address == NULL ||
3106 host->status != hstatus_unusable_expired ||
3107 host->last_try > received_time)
3110 debug_printf("trying expired host %s [%s]%s\n",
3111 host->name, host->address, pistring);
3112 host_is_expired = TRUE;
3115 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
3116 it remains TRUE only if all hosts are expired and none are actually tried.
3121 /* If this host is listed as one to which access must be serialized,
3122 see if another Exim process has a connection to it, and if so, skip
3123 this host. If not, update the database to record our connection to it
3124 and remember this for later deletion. Do not do any of this if we are
3125 sending the message down a pre-existing connection. */
3128 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3129 host->address, NULL) == OK)
3131 serialize_key = string_sprintf("host-serialize-%s", host->name);
3132 if (!enq_start(serialize_key))
3135 debug_printf("skipping host %s because another Exim process "
3136 "is connected to it\n", host->name);
3143 /* OK, we have an IP address that is not waiting for its retry time to
3144 arrive (it might be expired) OR (second time round the loop) we have an
3145 expired host that hasn't been tried since the message arrived. Have a go
3146 at delivering the message to it. First prepare the addresses by flushing
3147 out the result of previous attempts, and finding the first address that
3148 is still to be delivered. */
3150 first_addr = prepare_addresses(addrlist, host);
3152 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3153 message_id, host->name, host->address, addrlist->address,
3154 (addrlist->next == NULL)? "" : ", ...");
3156 set_process_info("delivering %s to %s [%s] (%s%s)",
3157 message_id, host->name, host->address, addrlist->address,
3158 (addrlist->next == NULL)? "" : ", ...");
3160 /* This is not for real; don't do the delivery. If there are
3161 any remaining hosts, list them. */
3166 set_errno(addrlist, 0, NULL, OK, FALSE);
3167 for (addr = addrlist; addr != NULL; addr = addr->next)
3169 addr->host_used = host;
3170 addr->special_action = '*';
3171 addr->message = US"delivery bypassed by -N option";
3175 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3176 "*** host and remaining hosts:\n", tblock->name);
3177 for (host2 = host; host2 != NULL; host2 = host2->next)
3178 debug_printf(" %s [%s]\n", host2->name,
3179 (host2->address == NULL)? US"unset" : host2->address);
3184 /* This is for real. If the host is expired, we don't count it for
3185 hosts_max_retry. This ensures that all hosts must expire before an address
3186 is timed out, unless hosts_max_try_hardlimit (which protects against
3187 lunatic DNS configurations) is reached.
3189 If the host is not expired and we are about to hit the hosts_max_retry
3190 limit, check to see if there is a subsequent hosts with a different MX
3191 value. If so, make that the next host, and don't count this one. This is a
3192 heuristic to make sure that different MXs do get tried. With a normal kind
3193 of retry rule, they would get tried anyway when the earlier hosts were
3194 delayed, but if the domain has a "retry every time" type of rule - as is
3195 often used for the the very large ISPs, that won't happen. */
3199 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3203 debug_printf("hosts_max_try limit reached with this host\n");
3204 for (h = host; h != NULL; h = h->next)
3205 if (h->mx != host->mx) break;
3209 unexpired_hosts_tried--;
3210 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3211 "and will be tried\n");
3215 /* Attempt the delivery. */
3217 total_hosts_tried++;
3218 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3219 expanded_hosts != NULL, &message_defer, FALSE);
3222 OK => connection made, each address contains its result;
3223 message_defer is set for message-specific defers (when all
3224 recipients are marked defer)
3225 DEFER => there was a non-message-specific delivery problem;
3226 ERROR => there was a problem setting up the arguments for a filter,
3227 or there was a problem with expanding added headers
3230 /* If the result is not OK, there was a non-message-specific problem.
3231 If the result is DEFER, we need to write to the logs saying what happened
3232 for this particular host, except in the case of authentication and TLS
3233 failures, where the log has already been written. If all hosts defer a
3234 general message is written at the end. */
3236 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3237 first_addr->basic_errno != ERRNO_TLSFAILURE)
3238 write_logs(first_addr, host);
3240 #ifdef EXPERIMENTAL_TPDA
3242 tpda_deferred(ob, first_addr, host);
3245 /* If STARTTLS was accepted, but there was a failure in setting up the
3246 TLS session (usually a certificate screwup), and the host is not in
3247 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3248 TLS forcibly turned off. We have to start from scratch with a new SMTP
3249 connection. That's why the retry is done from here, not from within
3250 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3251 session, so the in-clear transmission after those errors, if permitted,
3252 happens inside smtp_deliver().] */
3255 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3256 ob->tls_tempfail_tryclear &&
3257 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3258 host->address, NULL) != OK)
3260 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3261 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3262 first_addr = prepare_addresses(addrlist, host);
3263 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3264 expanded_hosts != NULL, &message_defer, TRUE);
3265 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3266 write_logs(first_addr, host);
3267 #ifdef EXPERIMENTAL_TPDA
3269 tpda_deferred(ob, first_addr, host);
3275 /* Delivery attempt finished */
3277 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3280 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3281 message_id, host->name, host->address, addrlist->address,
3282 (addrlist->next == NULL)? "" : " (& others)", rs);
3284 /* Release serialization if set up */
3286 if (serialized) enq_end(serialize_key);
3288 /* If the result is DEFER, or if a host retry record is known to exist, we
3289 need to add an item to the retry chain for updating the retry database
3290 at the end of delivery. We only need to add the item to the top address,
3291 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3292 for any other delivery attempts using the same address. (It is copied into
3293 the unusable tree at the outer level, so even if different address blocks
3294 contain the same address, it still won't get tried again.) */
3296 if (rc == DEFER || retry_host_key != NULL)
3298 int delete_flag = (rc != DEFER)? rf_delete : 0;
3299 if (retry_host_key == NULL)
3301 retry_host_key = ob->retry_include_ip_address?
3302 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3303 string_sprintf("T:%S%s", host->name, pistring);
3306 /* If a delivery of another message over an existing SMTP connection
3307 yields DEFER, we do NOT set up retry data for the host. This covers the
3308 case when there are delays in routing the addresses in the second message
3309 that are so long that the server times out. This is alleviated by not
3310 routing addresses that previously had routing defers when handling an
3311 existing connection, but even so, this case may occur (e.g. if a
3312 previously happily routed address starts giving routing defers). If the
3313 host is genuinely down, another non-continued message delivery will
3314 notice it soon enough. */
3316 if (delete_flag != 0 || !continuing)
3317 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3319 /* We may have tried an expired host, if its retry time has come; ensure
3320 the status reflects the expiry for the benefit of any other addresses. */
3324 host->status = (host_is_expired)?
3325 hstatus_unusable_expired : hstatus_unusable;
3326 host->why = hwhy_deferred;
3330 /* If message_defer is set (host was OK, but every recipient got deferred
3331 because of some message-specific problem), or if that had happened
3332 previously so that a message retry key exists, add an appropriate item
3333 to the retry chain. Note that if there was a message defer but now there is
3334 a host defer, the message defer record gets deleted. That seems perfectly
3335 reasonable. Also, stop the message from being remembered as waiting
3336 for specific hosts. */
3338 if (message_defer || retry_message_key != NULL)
3340 int delete_flag = message_defer? 0 : rf_delete;
3341 if (retry_message_key == NULL)
3343 retry_message_key = ob->retry_include_ip_address?
3344 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3346 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3348 retry_add_item(addrlist, retry_message_key,
3349 rf_message | rf_host | delete_flag);
3350 update_waiting = FALSE;
3353 /* Any return other than DEFER (that is, OK or ERROR) means that the
3354 addresses have got their final statuses filled in for this host. In the OK
3355 case, see if any of them are deferred. */
3359 for (addr = addrlist; addr != NULL; addr = addr->next)
3361 if (addr->transport_return == DEFER)
3363 some_deferred = TRUE;
3369 /* If no addresses deferred or the result was ERROR, return. We do this for
3370 ERROR because a failing filter set-up or add_headers expansion is likely to
3371 fail for any host we try. */
3373 if (rc == ERROR || (rc == OK && !some_deferred))
3375 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3376 return TRUE; /* Each address has its status */
3379 /* If the result was DEFER or some individual addresses deferred, let
3380 the loop run to try other hosts with the deferred addresses, except for the
3381 case when we were trying to deliver down an existing channel and failed.
3382 Don't try any other hosts in this case. */
3384 if (continuing) break;
3386 /* If the whole delivery, or some individual addresses, were deferred and
3387 there are more hosts that could be tried, do not count this host towards
3388 the hosts_max_try limit if the age of the message is greater than the
3389 maximum retry time for this host. This means we may try try all hosts,
3390 ignoring the limit, when messages have been around for some time. This is
3391 important because if we don't try all hosts, the address will never time
3392 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
3394 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3397 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3399 if (retry != NULL && retry->rules != NULL)
3401 retry_rule *last_rule;
3402 for (last_rule = retry->rules;
3403 last_rule->next != NULL;
3404 last_rule = last_rule->next);
3405 timedout = time(NULL) - received_time > last_rule->timeout;
3407 else timedout = TRUE; /* No rule => timed out */
3411 unexpired_hosts_tried--;
3412 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3413 "hosts_max_try (message older than host's retry time)\n");
3416 } /* End of loop for trying multiple hosts. */
3418 /* This is the end of the loop that repeats iff expired is TRUE and
3419 ob->delay_after_cutoff is FALSE. The second time round we will
3420 try those hosts that haven't been tried since the message arrived. */
3424 debug_printf("all IP addresses skipped or deferred at least one address\n");
3425 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3426 debug_printf("retrying IP addresses not tried since message arrived\n");
3431 /* Get here if all IP addresses are skipped or defer at least one address. In
3432 MUA wrapper mode, this will happen only for connection or other non-message-
3433 specific failures. Force the delivery status for all addresses to FAIL. */
3437 for (addr = addrlist; addr != NULL; addr = addr->next)
3438 addr->transport_return = FAIL;
3442 /* In the normal, non-wrapper case, add a standard message to each deferred
3443 address if there hasn't been an error, that is, if it hasn't actually been
3444 tried this time. The variable "expired" will be FALSE if any deliveries were
3445 actually tried, or if there was at least one host that was not expired. That
3446 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3447 a delivery has been tried, an error code will be set, and the failing of the
3448 message is handled by the retry code later.
3450 If queue_smtp is set, or this transport was called to send a subsequent message
3451 down an existing TCP/IP connection, and something caused the host not to be
3452 found, we end up here, but can detect these cases and handle them specially. */
3454 for (addr = addrlist; addr != NULL; addr = addr->next)
3456 /* If host is not NULL, it means that we stopped processing the host list
3457 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3458 means we need to behave as if some hosts were skipped because their retry
3459 time had not come. Specifically, this prevents the address from timing out.
3460 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3461 hosts were tried. */
3465 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3468 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3469 "hosts were tried\n");
3474 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3475 setflag(addr, af_retry_skipped);
3479 if (queue_smtp) /* no deliveries attempted */
3481 addr->transport_return = DEFER;
3482 addr->basic_errno = 0;
3483 addr->message = US"SMTP delivery explicitly queued";
3486 else if (addr->transport_return == DEFER &&
3487 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3488 addr->message == NULL)
3490 addr->basic_errno = ERRNO_HRETRY;
3491 if (continue_hostname != NULL)
3493 addr->message = US"no host found for existing SMTP connection";
3497 setflag(addr, af_pass_message); /* This is not a security risk */
3498 addr->message = (ob->delay_after_cutoff)?
3499 US"retry time not reached for any host after a long failure period" :
3500 US"all hosts have been failing for a long time and were last tried "
3501 "after this message arrived";
3503 /* If we are already using fallback hosts, or there are no fallback hosts
3504 defined, convert the result to FAIL to cause a bounce. */
3506 if (addr->host_list == addr->fallback_hosts ||
3507 addr->fallback_hosts == NULL)
3508 addr->transport_return = FAIL;
3512 if (hosts_retry == hosts_total)
3513 addr->message = US"retry time not reached for any host";
3514 else if (hosts_fail == hosts_total)
3515 addr->message = US"all host address lookups failed permanently";
3516 else if (hosts_defer == hosts_total)
3517 addr->message = US"all host address lookups failed temporarily";
3518 else if (hosts_serial == hosts_total)
3519 addr->message = US"connection limit reached for all hosts";
3520 else if (hosts_fail+hosts_defer == hosts_total)
3521 addr->message = US"all host address lookups failed";
3522 else addr->message = US"some host address lookups failed and retry time "
3523 "not reached for other hosts or connection limit reached";
3528 /* Update the database which keeps information about which messages are waiting
3529 for which hosts to become available. For some message-specific errors, the
3530 update_waiting flag is turned off because we don't want follow-on deliveries in
3531 those cases. If this transport instance is explicitly limited to one message
3532 per connection then follow-on deliveries are not possible and there's no need
3533 to create/update the per-transport wait-<transport_name> database. */
3535 if (update_waiting && tblock->connection_max_messages != 1)
3536 transport_update_waiting(hostlist, tblock->name);
3540 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3542 return TRUE; /* Each address has its status */
3547 /* End of transport/smtp.c */
git://git.exim.org / exim.git / blob