1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
8 /* A number of functions for driving outgoing SMTP calls. */
12 #include "transports/smtp.h"
16 /*************************************************
17 * Find an outgoing interface *
18 *************************************************/
20 /* This function is called from the smtp transport and also from the callout
21 code in verify.c. Its job is to expand a string to get a list of interfaces,
22 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
25 istring string interface setting, may be NULL, meaning "any", in
26 which case the function does nothing
27 host_af AF_INET or AF_INET6 for the outgoing IP address
28 addr the mail address being handled (for setting errors)
29 interface point this to the interface
30 msg to add to any error message
32 Returns: TRUE on success, FALSE on failure, with error message
33 set in addr and transport_return set to PANIC
37 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
38 uschar **interface, uschar *msg)
40 const uschar * expint;
44 if (!istring) return TRUE;
46 if (!(expint = expand_string(istring)))
48 if (f.expand_string_forcedfail) return TRUE;
49 addr->transport_return = PANIC;
50 addr->message = string_sprintf("failed to expand \"interface\" "
51 "option for %s: %s", msg, expand_string_message);
55 if (is_tainted(expint))
57 log_write(0, LOG_MAIN|LOG_PANIC,
58 "attempt to use tainted value '%s' from '%s' for interface",
60 addr->transport_return = PANIC;
61 addr->message = string_sprintf("failed to expand \"interface\" "
62 "option for %s: configuration error", msg);
66 Uskip_whitespace(&expint);
67 if (!*expint) return TRUE;
69 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
72 if (string_is_ip_address(iface, NULL) == 0)
74 addr->transport_return = PANIC;
75 addr->message = string_sprintf("\"%s\" is not a valid IP "
76 "address for the \"interface\" option for %s",
81 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
85 if (iface) *interface = string_copy(iface);
91 /*************************************************
92 * Find an outgoing port *
93 *************************************************/
95 /* This function is called from the smtp transport and also from the callout
96 code in verify.c. Its job is to find a port number. Note that getservbyname()
97 produces the number in network byte order.
100 rstring raw (unexpanded) string representation of the port
101 addr the mail address being handled (for setting errors)
102 port stick the port in here
103 msg for adding to error message
105 Returns: TRUE on success, FALSE on failure, with error message set
106 in addr, and transport_return set to PANIC
110 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
112 uschar *pstring = expand_string(rstring);
116 addr->transport_return = PANIC;
117 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
118 "for %s: %s", rstring, msg, expand_string_message);
122 if (isdigit(*pstring))
125 *port = Ustrtol(pstring, &end, 0);
126 if (end != pstring + Ustrlen(pstring))
128 addr->transport_return = PANIC;
129 addr->message = string_sprintf("invalid port number for %s: %s", msg,
137 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
140 addr->transport_return = PANIC;
141 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
145 *port = ntohs(smtp_service->s_port);
156 tfo_out_check(int sock)
159 struct tcp_info tinfo;
161 socklen_t len = sizeof(val);
163 /* The observability as of 12.1 is not useful as a client, only telling us that
164 a TFO option was used on SYN. It could have been a TFO-R, or ignored by the
168 if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA)
169 if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {}
171 switch (tcp_out_fastopen)
173 case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break;
174 case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
175 default: break; /* compiler quietening */
178 # else /* Linux & Apple */
179 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
180 struct tcp_info tinfo;
181 socklen_t len = sizeof(tinfo);
183 switch (tcp_out_fastopen)
185 /* This is a somewhat dubious detection method; totally undocumented so likely
186 to fail in future kernels. There seems to be no documented way. What we really
187 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
188 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
189 SYN, as distinct from a TFO request. This gets a false-positive when the server
190 key is rotated; we send the old one (which this test sees) but the server returns
191 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
192 To force that rotation case:
193 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
194 The kernel seems to be counting unack'd packets. */
196 case TFO_ATTEMPTED_NODATA:
197 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
198 && tinfo.tcpi_state == TCP_SYN_SENT
199 && tinfo.tcpi_unacked > 1
202 DEBUG(D_transport|D_v)
203 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
204 tcp_out_fastopen = TFO_USED_NODATA;
208 /* When called after waiting for received data we should be able
209 to tell if data we sent was accepted. */
211 case TFO_ATTEMPTED_DATA:
212 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
213 && tinfo.tcpi_state == TCP_ESTABLISHED
215 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
217 DEBUG(D_transport|D_v) debug_printf("TFO: data was acked\n");
218 tcp_out_fastopen = TFO_USED_DATA;
222 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
223 tcp_out_fastopen = TFO_NOT_USED;
227 default: break; /* compiler quietening */
230 # endif /* Linux & Apple */
235 /* Arguments as for smtp_connect(), plus
236 early_data if non-NULL, idenmpotent data to be sent -
237 preferably in the TCP SYN segment
239 Returns: connected socket number, or -1 with errno set
243 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
244 transport_instance * tb, int timeout, const blob * early_data)
246 smtp_transport_options_block * ob =
247 (smtp_transport_options_block *)tb->options_block;
248 const uschar * dscp = ob->dscp;
254 const blob * fastopen_blob = NULL;
257 #ifndef DISABLE_EVENT
258 deliver_host_address = host->address;
259 deliver_host_port = port;
260 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
263 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
265 /* Set TCP_NODELAY; Exim does its own buffering. */
267 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
268 HDEBUG(D_transport|D_acl|D_v)
269 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
271 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
272 bomb out, just log it and continue in default traffic class. */
274 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
276 HDEBUG(D_transport|D_acl|D_v)
277 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
278 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
279 HDEBUG(D_transport|D_acl|D_v)
280 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
281 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
282 option for both; ignore failures here */
283 if (host_af == AF_INET6 &&
284 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
285 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
288 /* Bind to a specific interface if requested. Caller must ensure the interface
289 is the same type (IPv4 or IPv6) as the outgoing address. */
291 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
294 HDEBUG(D_transport|D_acl|D_v)
295 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
299 /* Connect to the remote host, and add keepalive to the socket before returning
300 it, if requested. If the build supports TFO, request it - and if the caller
301 requested some early-data then include that in the TFO request. If there is
302 early-data but no TFO support, send it after connecting. */
307 if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
308 fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
311 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
313 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
315 HDEBUG(D_transport|D_acl|D_v)
316 debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
319 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
321 if (send(sock, early_data->data, early_data->len, 0) < 0)
326 /* Either bind() or connect() failed */
330 HDEBUG(D_transport|D_acl|D_v)
332 debug_printf_indent(" failed: %s", CUstrerror(save_errno));
333 if (save_errno == ETIMEDOUT)
334 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
342 /* Both bind() and connect() succeeded, and any early-data */
346 union sockaddr_46 interface_sock;
347 EXIM_SOCKLEN_T size = sizeof(interface_sock);
349 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
350 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
351 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
354 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
355 "getsockname() failed: %s", strerror(errno));
360 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
373 smtp_port_for_connect(host_item * host, int port)
375 if (host->port != PORT_NONE)
377 HDEBUG(D_transport|D_acl|D_v)
378 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
382 else host->port = port; /* Set the port actually used */
386 /*************************************************
387 * Connect to remote host *
388 *************************************************/
390 /* Create a socket, and connect it to a remote host. IPv6 addresses are
391 detected by checking for a colon in the address. AF_INET6 is defined even on
392 non-IPv6 systems, to enable the code to be less messy. However, on such systems
393 host->address will always be an IPv4 address.
396 sc details for making connection: host, af, interface, transport
397 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
399 Returns: connected socket number, or -1 with errno set
403 smtp_connect(smtp_connect_args * sc, const blob * early_data)
405 int port = sc->host->port;
406 smtp_transport_options_block * ob = sc->ob;
408 callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
410 HDEBUG(D_transport|D_acl|D_v)
413 if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
415 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
417 debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
420 /* Create and connect the socket */
425 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
426 sc->tblock, ob->connect_timeout);
430 if (early_data && early_data->data && early_data->len)
431 if (send(sock, early_data->data, early_data->len, 0) < 0)
433 int save_errno = errno;
434 HDEBUG(D_transport|D_acl|D_v)
436 debug_printf_indent("failed: %s", CUstrerror(save_errno));
437 if (save_errno == ETIMEDOUT)
438 debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
450 return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
451 sc->tblock, ob->connect_timeout, early_data);
455 /*************************************************
456 * Flush outgoing command buffer *
457 *************************************************/
459 /* This function is called only from smtp_write_command() below. It flushes
460 the buffer of outgoing commands. There is more than one in the buffer only when
464 outblock the SMTP output block
465 mode further data expected, or plain
467 Returns: TRUE if OK, FALSE on error, with errno set
471 flush_buffer(smtp_outblock * outblock, int mode)
474 int n = outblock->ptr - outblock->buffer;
475 BOOL more = mode == SCMD_MORE;
477 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
478 more ? " (more expected)" : "");
481 if (outblock->cctx->tls_ctx)
482 rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
487 if (outblock->conn_args)
489 blob early_data = { .data = outblock->buffer, .len = n };
491 /* We ignore the more-flag if we're doing a connect with early-data, which
492 means we won't get BDAT+data. A pity, but wise due to the idempotency
493 requirement: TFO with data can, in rare cases, replay the data to the
496 if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
499 outblock->conn_args = NULL;
504 rc = send(outblock->cctx->sock, outblock->buffer, n,
516 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
520 outblock->ptr = outblock->buffer;
521 outblock->cmd_count = 0;
527 /*************************************************
528 * Write SMTP command *
529 *************************************************/
531 /* The formatted command is left in big_buffer so that it can be reflected in
535 sx SMTP connection, contains buffer for pipelining, and socket
536 mode buffer, write-with-more-likely, write
537 format a format, starting with one of
538 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
539 If NULL, flush pipeline buffer only.
540 ... data for the format
542 Returns: 0 if command added to pipelining buffer, with nothing transmitted
543 +n if n commands transmitted (may still have buffered the new one)
544 -1 on error, with errno set
548 smtp_write_command(void * sx, int mode, const char *format, ...)
550 smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
555 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
558 /* Use taint-unchecked routines for writing into big_buffer, trusting that
559 we'll never expand the results. Actually, the error-message use - leaving
560 the results in big_buffer for potential later use - is uncomfortably distant.
561 XXX Would be better to assume all smtp commands are short, use normal pool
562 alloc rather than big_buffer, and another global for the data-for-error. */
564 va_start(ap, format);
565 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
566 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
569 string_from_gstring(&gs);
571 if (gs.ptr > outblock->buffersize)
572 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
575 if (gs.ptr > outblock->buffersize - (outblock->ptr - outblock->buffer))
577 rc = outblock->cmd_count; /* flush resets */
578 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
581 Ustrncpy(outblock->ptr, gs.s, gs.ptr);
582 outblock->ptr += gs.ptr;
583 outblock->cmd_count++;
584 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
586 /* We want to hide the actual data sent in AUTH transactions from reflections
587 and logs. While authenticating, a flag is set in the outblock to enable this.
588 The AUTH command itself gets any data flattened. Other lines are flattened
591 if (outblock->authenticating)
593 uschar *p = big_buffer;
594 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
597 while (isspace(*p)) p++;
598 while (!isspace(*p)) p++;
599 while (isspace(*p)) p++;
601 while (*p != 0) *p++ = '*';
604 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
607 if (mode != SCMD_BUFFER)
609 rc += outblock->cmd_count; /* flush resets */
610 if (!flush_buffer(outblock, mode)) return -1;
618 /*************************************************
619 * Read one line of SMTP response *
620 *************************************************/
622 /* This function reads one line of SMTP response from the server host. This may
623 not be a complete response - it could be just part of a multiline response. We
624 have to use a buffer for incoming packets, because when pipelining or using
625 LMTP, there may well be more than one response in a single packet. This
626 function is called only from the one that follows.
629 inblock the SMTP input block (contains holding buffer, socket, etc.)
630 buffer where to put the line
631 size space available for the line
632 timelimit deadline for reading the lime, seconds past epoch
634 Returns: length of a line that has been put in the buffer
635 -1 otherwise, with errno set
639 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
642 uschar *ptr = inblock->ptr;
643 uschar *ptrend = inblock->ptrend;
644 client_conn_ctx * cctx = inblock->cctx;
646 /* Loop for reading multiple packets or reading another packet after emptying
647 a previously-read one. */
653 /* If there is data in the input buffer left over from last time, copy
654 characters from it until the end of a line, at which point we can return,
655 having removed any whitespace (which will include CR) at the end of the line.
656 The rules for SMTP say that lines end in CRLF, but there are have been cases
657 of hosts using just LF, and other MTAs are reported to handle this, so we
658 just look for LF. If we run out of characters before the end of a line,
659 carry on to read the next incoming packet. */
666 while (p > buffer && isspace(p[-1])) p--;
674 *p = 0; /* Leave malformed line for error message */
675 errno = ERRNO_SMTPFORMAT;
680 /* Need to read a new input packet. */
682 if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
684 DEBUG(D_deliver|D_transport|D_acl|D_v)
685 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
690 /* Another block of data has been successfully read. Set up the pointers
691 and let the loop continue. */
693 ptrend = inblock->ptrend = inblock->buffer + rc;
694 ptr = inblock->buffer;
695 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
698 /* Get here if there has been some kind of recv() error; errno is set, but we
699 ensure that the result buffer is empty before returning. */
709 /*************************************************
710 * Read SMTP response *
711 *************************************************/
713 /* This function reads an SMTP response with a timeout, and returns the
714 response in the given buffer, as a string. A multiline response will contain
715 newline characters between the lines. The function also analyzes the first
716 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
717 also returned after a reading error. In this case buffer[0] will be zero, and
718 the error code will be in errno.
721 sx the SMTP connection (contains input block with holding buffer,
723 buffer where to put the response
724 size the size of the buffer
725 okdigit the expected first digit of the response
726 timeout the timeout to use, in seconds
728 Returns: TRUE if a valid, non-error response was received; else FALSE
730 /*XXX could move to smtp transport; no other users */
733 smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
736 smtp_context * sx = sx0;
737 uschar * ptr = buffer;
739 time_t timelimit = time(NULL) + timeout;
741 errno = 0; /* Ensure errno starts out zero */
743 #ifndef DISABLE_PIPE_CONNECT
744 if (sx->pending_BANNER || sx->pending_EHLO)
747 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
749 DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
751 if (rc == DEFER) errno = ERRNO_TLSFAILURE;
757 /* This is a loop to read and concatenate the lines that make up a multi-line
762 if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
765 HDEBUG(D_transport|D_acl|D_v)
766 debug_printf_indent(" %s %s\n", ptr == buffer ? "SMTP<<" : " ", ptr);
768 /* Check the format of the response: it must start with three digits; if
769 these are followed by a space or end of line, the response is complete. If
770 they are followed by '-' this is a multi-line response and we must look for
771 another line until the final line is reached. The only use made of multi-line
772 responses is to pass them back as error messages. We therefore just
773 concatenate them all within the buffer, which should be large enough to
774 accept any reasonable number of lines. */
780 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
782 errno = ERRNO_SMTPFORMAT; /* format error */
786 /* If the line we have just read is a terminal line, line, we are done.
787 Otherwise more data has to be read. */
789 if (ptr[3] != '-') break;
791 /* Move the reading pointer upwards in the buffer and insert \n between the
792 components of a multiline response. Space is left for this by read_response_
801 tfo_out_check(sx->cctx.sock);
804 /* Return a value that depends on the SMTP return code. On some systems a
805 non-zero value of errno has been seen at this point, so ensure it is zero,
806 because the caller of this function looks at errno when FALSE is returned, to
807 distinguish between an unexpected return code and other errors such as
808 timeouts, lost connections, etc. */
811 return buffer[0] == okdigit;
814 /* End of smtp_out.c */
git://git.exim.org / exim.git / blob