1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2022 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
12 #if defined(SUPPORT_DANE) && defined(DISABLE_TLS)
13 # error TLS is required for DANE
17 /* Options specific to the smtp transport. This transport also supports LMTP
18 over TCP/IP. The options must be in alphabetic order (note that "_" comes
19 before the lower case letters). Some live in the transport_instance block so as
20 to be publicly visible; these are flagged with opt_public. */
22 #define LOFF(field) OPT_OFF(smtp_transport_options_block, field)
24 optionlist smtp_transport_options[] = {
25 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
26 OPT_OFF(transport_instance, expand_multi_domain) },
27 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
28 LOFF(expand_retry_include_ip_address) },
30 { "address_retry_include_sender", opt_bool,
31 LOFF(address_retry_include_sender) },
32 { "allow_localhost", opt_bool, LOFF(allow_localhost) },
33 #ifdef EXPERIMENTAL_ARC
34 { "arc_sign", opt_stringptr, LOFF(arc_sign) },
36 { "authenticated_sender", opt_stringptr, LOFF(authenticated_sender) },
37 { "authenticated_sender_force", opt_bool, LOFF(authenticated_sender_force) },
38 { "command_timeout", opt_time, LOFF(command_timeout) },
39 { "connect_timeout", opt_time, LOFF(connect_timeout) },
40 { "connection_max_messages", opt_int | opt_public,
41 OPT_OFF(transport_instance, connection_max_messages) },
43 { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
45 { "data_timeout", opt_time, LOFF(data_timeout) },
46 { "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },
48 { "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },
49 { "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },
50 { "dkim_hash", opt_stringptr, LOFF(dkim.dkim_hash) },
51 { "dkim_identity", opt_stringptr, LOFF(dkim.dkim_identity) },
52 { "dkim_private_key", opt_stringptr, LOFF(dkim.dkim_private_key) },
53 { "dkim_selector", opt_stringptr, LOFF(dkim.dkim_selector) },
54 { "dkim_sign_headers", opt_stringptr, LOFF(dkim.dkim_sign_headers) },
55 { "dkim_strict", opt_stringptr, LOFF(dkim.dkim_strict) },
56 { "dkim_timestamps", opt_stringptr, LOFF(dkim.dkim_timestamps) },
58 { "dns_qualify_single", opt_bool, LOFF(dns_qualify_single) },
59 { "dns_search_parents", opt_bool, LOFF(dns_search_parents) },
60 { "dnssec_request_domains", opt_stringptr, LOFF(dnssec.request) },
61 { "dnssec_require_domains", opt_stringptr, LOFF(dnssec.require) },
62 { "dscp", opt_stringptr, LOFF(dscp) },
63 { "fallback_hosts", opt_stringptr, LOFF(fallback_hosts) },
64 { "final_timeout", opt_time, LOFF(final_timeout) },
65 { "gethostbyname", opt_bool, LOFF(gethostbyname) },
66 { "helo_data", opt_stringptr, LOFF(helo_data) },
67 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
68 { "host_name_extract", opt_stringptr, LOFF(host_name_extract) },
70 { "hosts", opt_stringptr, LOFF(hosts) },
71 { "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
72 { "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
74 { "hosts_avoid_tls", opt_stringptr, LOFF(hosts_avoid_tls) },
76 { "hosts_max_try", opt_int, LOFF(hosts_max_try) },
77 { "hosts_max_try_hardlimit", opt_int, LOFF(hosts_max_try_hardlimit) },
79 { "hosts_nopass_tls", opt_stringptr, LOFF(hosts_nopass_tls) },
80 { "hosts_noproxy_tls", opt_stringptr, LOFF(hosts_noproxy_tls) },
82 { "hosts_override", opt_bool, LOFF(hosts_override) },
83 #ifndef DISABLE_PIPE_CONNECT
84 { "hosts_pipe_connect", opt_stringptr, LOFF(hosts_pipe_connect) },
86 { "hosts_randomize", opt_bool, LOFF(hosts_randomize) },
87 #if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
88 { "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },
90 { "hosts_require_alpn", opt_stringptr, LOFF(hosts_require_alpn) },
91 { "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },
94 { "hosts_require_dane", opt_stringptr, LOFF(hosts_require_dane) },
97 { "hosts_require_ocsp", opt_stringptr, LOFF(hosts_require_ocsp) },
99 { "hosts_require_tls", opt_stringptr, LOFF(hosts_require_tls) },
101 { "hosts_try_auth", opt_stringptr, LOFF(hosts_try_auth) },
102 { "hosts_try_chunking", opt_stringptr, LOFF(hosts_try_chunking) },
104 { "hosts_try_dane", opt_stringptr, LOFF(hosts_try_dane) },
106 { "hosts_try_fastopen", opt_stringptr, LOFF(hosts_try_fastopen) },
108 { "hosts_try_prdr", opt_stringptr, LOFF(hosts_try_prdr) },
111 { "hosts_verify_avoid_tls", opt_stringptr, LOFF(hosts_verify_avoid_tls) },
113 { "interface", opt_stringptr, LOFF(interface) },
114 { "keepalive", opt_bool, LOFF(keepalive) },
115 { "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },
116 { "max_rcpt", opt_int | opt_public,
117 OPT_OFF(transport_instance, max_addresses) },
118 { "message_linelength_limit", opt_int, LOFF(message_linelength_limit) },
119 { "multi_domain", opt_expand_bool | opt_public,
120 OPT_OFF(transport_instance, multi_domain) },
121 { "port", opt_stringptr, LOFF(port) },
122 { "protocol", opt_stringptr, LOFF(protocol) },
123 { "retry_include_ip_address", opt_expand_bool, LOFF(retry_include_ip_address) },
124 { "serialize_hosts", opt_stringptr, LOFF(serialize_hosts) },
125 { "size_addition", opt_int, LOFF(size_addition) },
127 { "socks_proxy", opt_stringptr, LOFF(socks_proxy) },
130 { "tls_alpn", opt_stringptr, LOFF(tls_alpn) },
131 { "tls_certificate", opt_stringptr, LOFF(tls_certificate) },
132 { "tls_crl", opt_stringptr, LOFF(tls_crl) },
133 { "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },
134 { "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },
135 { "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },
136 # ifndef DISABLE_TLS_RESUME
137 { "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },
139 { "tls_sni", opt_stringptr, LOFF(tls_sni) },
140 { "tls_tempfail_tryclear", opt_bool, LOFF(tls_tempfail_tryclear) },
141 { "tls_try_verify_hosts", opt_stringptr, LOFF(tls_try_verify_hosts) },
142 { "tls_verify_cert_hostnames", opt_stringptr, LOFF(tls_verify_cert_hostnames)},
143 { "tls_verify_certificates", opt_stringptr, LOFF(tls_verify_certificates) },
144 { "tls_verify_hosts", opt_stringptr, LOFF(tls_verify_hosts) },
147 { "utf8_downconvert", opt_stringptr, LOFF(utf8_downconvert) },
151 /* Size of the options list. An extern variable has to be used so that its
152 address can appear in the tables drtables.c. */
154 int smtp_transport_options_count = nelem(smtp_transport_options);
160 smtp_transport_options_block smtp_transport_option_defaults = {0};
161 void smtp_transport_init(transport_instance *tblock) {}
162 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
163 void smtp_transport_closedown(transport_instance *tblock) {}
165 #else /*!MACRO_PREDEF*/
168 /* Default private options block for the smtp transport. */
170 smtp_transport_options_block smtp_transport_option_defaults = {
171 /* All non-mentioned elements 0/NULL/FALSE */
172 .helo_data = US"$primary_hostname",
173 .protocol = US"smtp",
174 .hosts_try_chunking = US"*",
176 .hosts_try_dane = US"*",
178 .hosts_try_fastopen = US"*",
180 .hosts_try_prdr = US"*",
183 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
185 .command_timeout = 5*60,
186 .connect_timeout = 5*60,
187 .data_timeout = 5*60,
188 .final_timeout = 10*60,
189 .size_addition = 1024,
191 .hosts_max_try_hardlimit = 50,
192 .message_linelength_limit = 998,
193 .address_retry_include_sender = TRUE,
194 .dns_qualify_single = TRUE,
195 .dnssec = { .request= US"*", .require=NULL },
196 .delay_after_cutoff = TRUE,
198 .retry_include_ip_address = TRUE,
200 .tls_verify_certificates = US"system",
201 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
202 .tls_tempfail_tryclear = TRUE,
203 .tls_try_verify_hosts = US"*",
204 .tls_verify_cert_hostnames = US"*",
205 # ifndef DISABLE_TLS_RESUME
206 .host_name_extract = US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
210 .utf8_downconvert = US"-1",
214 { .dkim_hash = US"sha256", },
218 /* some DSN flags for use later */
220 static int rf_list[] = {rf_notify_never, rf_notify_success,
221 rf_notify_failure, rf_notify_delay };
223 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
229 static uschar *smtp_command; /* Points to last cmd for error messages */
230 static uschar *mail_command; /* Points to MAIL cmd for error messages */
231 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
232 static BOOL update_waiting; /* TRUE to update the "wait" database */
234 /*XXX move to smtp_context */
235 static BOOL pipelining_active; /* current transaction is in pipe mode */
238 static unsigned ehlo_response(uschar * buf, unsigned checks);
241 /******************************************************************************/
244 smtp_deliver_init(void)
248 const pcre2_code ** re;
249 const uschar * string;
252 { ®ex_AUTH, AUTHS_REGEX },
253 { ®ex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)" },
254 { ®ex_DSN, US"\\n250[\\s\\-]DSN(\\s|\\n|$)" },
255 { ®ex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)" },
256 { ®ex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)" },
257 { ®ex_SIZE, US"\\n250[\\s\\-]SIZE(\\s|\\n|$)" },
260 { ®ex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)" },
263 { ®ex_PRDR, US"\\n250[\\s\\-]PRDR(\\s|\\n|$)" },
266 { ®ex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)" },
268 #ifndef DISABLE_PIPE_CONNECT
269 { ®ex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)" },
271 #ifdef EXPERIMENTAL_ESMTP_LIMITS
272 { ®ex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" },
276 for (struct list * l = list; l < list + nelem(list); l++)
278 *l->re = regex_must_compile(l->string, MCS_NOFLAGS, TRUE);
282 /*************************************************
283 * Setup entry point *
284 *************************************************/
286 /* This function is called when the transport is about to be used,
287 but before running it in a sub-process. It is used for two things:
289 (1) To set the fallback host list in addresses, when delivering.
290 (2) To pass back the interface, port, protocol, and other options, for use
291 during callout verification.
294 tblock pointer to the transport instance block
295 addrlist list of addresses about to be transported
296 tf if not NULL, pointer to block in which to return options
297 uid the uid that will be set (not used)
298 gid the gid that will be set (not used)
299 errmsg place for error message (not used)
301 Returns: OK always (FAIL, DEFER not used)
305 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
306 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
308 smtp_transport_options_block *ob = SOB tblock->options_block;
310 /* Pass back options if required. This interface is getting very messy. */
314 tf->interface = ob->interface;
316 tf->protocol = ob->protocol;
317 tf->hosts = ob->hosts;
318 tf->hosts_override = ob->hosts_override;
319 tf->hosts_randomize = ob->hosts_randomize;
320 tf->gethostbyname = ob->gethostbyname;
321 tf->qualify_single = ob->dns_qualify_single;
322 tf->search_parents = ob->dns_search_parents;
323 tf->helo_data = ob->helo_data;
326 /* Set the fallback host list for all the addresses that don't have fallback
327 host lists, provided that the local host wasn't present in the original host
330 if (!testflag(addrlist, af_local_host_removed))
331 for (; addrlist; addrlist = addrlist->next)
332 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
339 /*************************************************
340 * Initialization entry point *
341 *************************************************/
343 /* Called for each instance, after its options have been read, to
344 enable consistency checks to be done, or anything else that needs
347 Argument: pointer to the transport instance block
352 smtp_transport_init(transport_instance *tblock)
354 smtp_transport_options_block *ob = SOB tblock->options_block;
355 int old_pool = store_pool;
357 /* Retry_use_local_part defaults FALSE if unset */
359 if (tblock->retry_use_local_part == TRUE_UNSET)
360 tblock->retry_use_local_part = FALSE;
362 /* Set the default port according to the protocol */
365 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
367 : strcmpic(ob->protocol, US"smtps") == 0
368 ? US"smtps" : US"smtp";
370 /* Set up the setup entry point, to be called before subprocesses for this
373 tblock->setup = smtp_transport_setup;
375 /* Complain if any of the timeouts are zero. */
377 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
378 ob->final_timeout <= 0)
379 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
380 "command, data, or final timeout value is zero for %s transport",
383 /* If hosts_override is set and there are local hosts, set the global
384 flag that stops verify from showing router hosts. */
386 if (ob->hosts_override && ob->hosts) tblock->overrides_hosts = TRUE;
388 /* If there are any fallback hosts listed, build a chain of host items
389 for them, but do not do any lookups at this time. */
391 store_pool = POOL_PERM;
392 host_build_hostlist(&ob->fallback_hostlist, ob->fallback_hosts, FALSE);
393 store_pool = old_pool;
400 /*************************************************
401 * Set delivery info into all active addresses *
402 *************************************************/
404 /* Only addresses whose status is >= PENDING are relevant. A lesser
405 status means that an address is not currently being processed.
408 addrlist points to a chain of addresses
409 errno_value to put in each address's errno field
410 msg to put in each address's message field
411 rc to put in each address's transport_return field
412 pass_message if TRUE, set the "pass message" flag in the address
413 host if set, mark addrs as having used this host
414 smtp_greeting from peer
415 helo_response from peer
416 start points to timestamp of delivery start
418 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
419 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
420 this particular type of timeout.
426 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
427 BOOL pass_message, host_item * host,
428 #ifdef EXPERIMENTAL_DSN_INFO
429 const uschar * smtp_greeting, const uschar * helo_response,
431 struct timeval * start
435 struct timeval deliver_time;
437 if (errno_value == ERRNO_CONNECTTIMEOUT)
439 errno_value = ETIMEDOUT;
440 orvalue = RTEF_CTOUT;
442 timesince(&deliver_time, start);
444 for (address_item * addr = addrlist; addr; addr = addr->next)
445 if (addr->transport_return >= PENDING)
447 addr->basic_errno = errno_value;
448 addr->more_errno |= orvalue;
449 addr->delivery_time = deliver_time;
453 if (pass_message) setflag(addr, af_pass_message);
455 addr->transport_return = rc;
458 addr->host_used = host;
459 #ifdef EXPERIMENTAL_DSN_INFO
461 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
462 addr->smtp_greeting = smtp_greeting;
465 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
466 addr->helo_response = helo_response;
473 set_errno_nohost(address_item * addrlist, int errno_value, uschar * msg, int rc,
474 BOOL pass_message, struct timeval * start)
476 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL,
477 #ifdef EXPERIMENTAL_DSN_INFO
484 /*************************************************
485 * Check an SMTP response *
486 *************************************************/
488 /* This function is given an errno code and the SMTP response buffer
489 to analyse, together with the host identification for generating messages. It
490 sets an appropriate message and puts the first digit of the response code into
491 the yield variable. If no response was actually read, a suitable digit is
495 host the current host, to get its name for messages
496 errno_value pointer to the errno value
497 more_errno from the top address for use with ERRNO_FILTER_FAIL
498 buffer the SMTP response buffer
499 yield where to put a one-digit SMTP response code
500 message where to put an error message
501 pass_message set TRUE if message is an SMTP response
503 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
507 check_response(host_item *host, int *errno_value, int more_errno,
508 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
510 uschar * pl = pipelining_active ? US"pipelined " : US"";
513 *yield = '4'; /* Default setting is to give a temporary error */
517 case ETIMEDOUT: /* Handle response timeout */
518 *message = US string_sprintf("SMTP timeout after %s%s",
520 if (transport_count > 0)
521 *message = US string_sprintf("%s (%d bytes written)", *message,
525 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
526 s = string_printing(buffer);
527 while (isspace(*s)) s++;
529 ? string_sprintf("Malformed SMTP reply (an empty line) "
530 "in response to %s%s", pl, smtp_command)
531 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
532 pl, smtp_command, s);
535 case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
537 *message = US"bad first read from TLS conn";
540 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
541 can't send QUIT as we mustn't end the DATA. */
542 *message = string_sprintf("transport filter process failed (%d)%s",
544 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
547 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
548 can't send QUIT as we mustn't end the DATA. */
550 string_sprintf("failed to expand headers_add or headers_remove: %s",
551 expand_string_message);
554 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
555 *message = US"failed to write a data block";
559 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
560 *message = US"utf8 support required but not offered for forwarding";
561 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
566 /* Handle error responses from the remote mailer. */
570 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
571 "%s", pl, smtp_command, s = string_printing(buffer));
572 *pass_message = TRUE;
577 /* No data was read. If there is no errno, this must be the EOF (i.e.
578 connection closed) case, which causes deferral. An explicit connection reset
579 error has the same effect. Otherwise, put the host's identity in the message,
580 leaving the errno value to be interpreted as well. In all cases, we have to
581 assume the connection is now dead. */
583 if (*errno_value == 0 || *errno_value == ECONNRESET)
585 *errno_value = ERRNO_SMTPCLOSED;
586 *message = US string_sprintf("Remote host closed connection "
587 "in response to %s%s", pl, smtp_command);
590 *message = US string_sprintf("%s [%s]", host->name, host->address);
597 /*************************************************
598 * Write error message to logs *
599 *************************************************/
601 /* This writes to the main log and to the message log.
604 host the current host
605 detail the current message (addr_item->message)
606 basic_errno the errno (addr_item->basic_errno)
612 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
614 gstring * message = LOGGING(outgoing_port)
615 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
616 host->port == PORT_NONE ? 25 : host->port)
617 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
621 message = string_fmt_append(message, ": %s", suffix);
623 message = string_fmt_append(message, ": %s", strerror(basic_errno));
626 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
628 log_write(0, LOG_MAIN, "%s", string_from_gstring(message));
629 deliver_msglog("%s %s\n", tod_stamp(tod_log), message->s);
633 msglog_line(host_item * host, uschar * message)
635 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
636 host->name, host->address, message);
641 #ifndef DISABLE_EVENT
642 /*************************************************
643 * Post-defer action *
644 *************************************************/
646 /* This expands an arbitrary per-transport string.
647 It might, for example, be used to write to the database log.
650 addr the address item containing error information
651 host the current host
658 deferred_event_raise(address_item * addr, host_item * host, uschar * evstr)
660 uschar * action = addr->transport->event_action;
661 const uschar * save_domain;
667 save_domain = deliver_domain;
668 save_local = deliver_localpart;
670 /*XXX would ip & port already be set up? */
671 deliver_host_address = string_copy(host->address);
672 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
673 event_defer_errno = addr->basic_errno;
675 router_name = addr->router->name;
676 transport_name = addr->transport->name;
677 deliver_domain = addr->domain;
678 deliver_localpart = addr->local_part;
680 (void) event_raise(action, evstr,
682 ? addr->basic_errno > 0
683 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
684 : string_copy(addr->message)
685 : addr->basic_errno > 0
686 ? string_copy(US strerror(addr->basic_errno))
690 deliver_localpart = save_local;
691 deliver_domain = save_domain;
692 router_name = transport_name = NULL;
696 /*************************************************
697 * Reap SMTP specific responses *
698 *************************************************/
700 smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
703 uschar flushbuffer[4096];
707 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
708 '2', ob->command_timeout)
709 && (errno != 0 || flushbuffer[0] == 0))
716 /* Return boolean success */
719 smtp_reap_banner(smtp_context * sx)
722 #if defined(__linux__) && defined(TCP_QUICKACK)
723 { /* Hack to get QUICKACK disabled; has to be right after 3whs, and has to on->off */
724 int sock = sx->cctx.sock;
725 struct pollfd p = {.fd = sock, .events = POLLOUT};
726 if (poll(&p, 1, 1000) >= 0) /* retval test solely for compiler quitening */
728 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &on, sizeof(on));
729 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
733 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
734 '2', (SOB sx->conn_args.ob)->command_timeout);
735 #ifdef EXPERIMENTAL_DSN_INFO
736 sx->smtp_greeting = string_copy(sx->buffer);
738 return good_response;
742 smtp_reap_ehlo(smtp_context * sx)
744 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
745 (SOB sx->conn_args.ob)->command_timeout))
747 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
749 #ifdef EXPERIMENTAL_DSN_INFO
750 sx->helo_response = string_copy(sx->buffer);
756 #ifdef EXPERIMENTAL_DSN_INFO
757 sx->helo_response = string_copy(sx->buffer);
759 #ifndef DISABLE_EVENT
760 (void) event_raise(sx->conn_args.tblock->event_action,
761 US"smtp:ehlo", sx->buffer, NULL);
767 /* Grab a string differentiating server behind a loadbalancer, for TLS
768 resumption when such servers do not share a session-cache */
771 ehlo_response_lbserver(smtp_context * sx, smtp_transport_options_block * ob)
773 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
775 uschar * save_item = iterate_item;
777 if (sx->conn_args.have_lbserver)
779 iterate_item = sx->buffer;
780 s = expand_cstring(ob->host_name_extract);
781 iterate_item = save_item;
782 sx->conn_args.host_lbserver = s && !*s ? NULL : s;
783 sx->conn_args.have_lbserver = TRUE;
789 /******************************************************************************/
791 #ifdef EXPERIMENTAL_ESMTP_LIMITS
792 /* If TLS, or TLS not offered, called with the EHLO response in the buffer.
793 Check it for a LIMITS keyword and parse values into the smtp context structure.
795 We don't bother with peers that we won't talk TLS to, even though they can,
796 just ignore their LIMITS advice (if any) and treat them as if they do not.
797 This saves us dealing with a duplicate set of values. */
800 ehlo_response_limits_read(smtp_context * sx)
804 /* matches up to just after the first space after the keyword */
806 if (regex_match(regex_LIMITS, sx->buffer, -1, &match))
807 for (const uschar * s = sx->buffer + Ustrlen(match); *s; )
809 while (isspace(*s)) s++;
810 if (*s == '\n') break;
812 if (strncmpic(s, US"MAILMAX=", 8) == 0)
814 sx->peer_limit_mail = atoi(CS (s += 8));
815 while (isdigit(*s)) s++;
817 else if (strncmpic(s, US"RCPTMAX=", 8) == 0)
819 sx->peer_limit_rcpt = atoi(CS (s += 8));
820 while (isdigit(*s)) s++;
822 else if (strncmpic(s, US"RCPTDOMAINMAX=", 14) == 0)
824 sx->peer_limit_rcptdom = atoi(CS (s += 14));
825 while (isdigit(*s)) s++;
828 while (*s && !isspace(*s)) s++;
832 /* Apply given values to the current connection */
834 ehlo_limits_apply(smtp_context * sx,
835 unsigned limit_mail, unsigned limit_rcpt, unsigned limit_rcptdom)
837 if (limit_mail && limit_mail < sx->max_mail) sx->max_mail = limit_mail;
838 if (limit_rcpt && limit_rcpt < sx->max_rcpt) sx->max_rcpt = limit_rcpt;
841 DEBUG(D_transport) debug_printf("will treat as !multi_domain\n");
842 sx->single_rcpt_domain = TRUE;
846 /* Apply values from EHLO-resp to the current connection */
848 ehlo_response_limits_apply(smtp_context * sx)
850 ehlo_limits_apply(sx, sx->peer_limit_mail, sx->peer_limit_rcpt,
851 sx->peer_limit_rcptdom);
854 /* Apply values read from cache to the current connection */
856 ehlo_cache_limits_apply(smtp_context * sx)
858 # ifndef DISABLE_PIPE_CONNECT
859 ehlo_limits_apply(sx, sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
860 sx->ehlo_resp.limit_rcptdom);
863 #endif /*EXPERIMENTAL_ESMTP_LIMITS*/
865 /******************************************************************************/
867 #ifndef DISABLE_PIPE_CONNECT
869 ehlo_cache_key(const smtp_context * sx)
871 host_item * host = sx->conn_args.host;
872 return Ustrchr(host->address, ':')
873 ? string_sprintf("[%s]:%d.EHLO", host->address,
874 host->port == PORT_NONE ? sx->port : host->port)
875 : string_sprintf("%s:%d.EHLO", host->address,
876 host->port == PORT_NONE ? sx->port : host->port);
879 /* Cache EHLO-response info for use by early-pipe.
881 - During a normal flow on EHLO response (either cleartext or under TLS),
882 when we are willing to do PIPECONNECT and it is offered
883 - During an early-pipe flow on receiving the actual EHLO response and noting
884 disparity versus the cached info used, when PIPECONNECT is still being offered
886 We assume that suitable values have been set in the sx.ehlo_resp structure for
887 features and auths; we handle the copy of limits. */
890 write_ehlo_cache_entry(smtp_context * sx)
892 open_db dbblock, * dbm_file;
894 # ifdef EXPERIMENTAL_ESMTP_LIMITS
895 sx->ehlo_resp.limit_mail = sx->peer_limit_mail;
896 sx->ehlo_resp.limit_rcpt = sx->peer_limit_rcpt;
897 sx->ehlo_resp.limit_rcptdom = sx->peer_limit_rcptdom;
900 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
902 uschar * ehlo_resp_key = ehlo_cache_key(sx);
903 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
906 # ifdef EXPERIMENTAL_ESMTP_LIMITS
907 if (sx->ehlo_resp.limit_mail || sx->ehlo_resp.limit_rcpt || sx->ehlo_resp.limit_rcptdom)
908 debug_printf("writing clr %04x/%04x cry %04x/%04x lim %05d/%05d/%05d\n",
909 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
910 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths,
911 sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
912 sx->ehlo_resp.limit_rcptdom);
915 debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
916 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
917 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
919 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
920 dbfn_close(dbm_file);
925 invalidate_ehlo_cache_entry(smtp_context * sx)
927 open_db dbblock, * dbm_file;
929 if ( sx->early_pipe_active
930 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
932 uschar * ehlo_resp_key = ehlo_cache_key(sx);
933 dbfn_delete(dbm_file, ehlo_resp_key);
934 dbfn_close(dbm_file);
939 read_ehlo_cache_entry(smtp_context * sx)
944 if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE, TRUE)))
945 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
948 uschar * ehlo_resp_key = ehlo_cache_key(sx);
949 dbdata_ehlo_resp * er;
951 if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
952 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
953 else if (time(NULL) - er->time_stamp > retry_data_expire)
955 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
956 dbfn_close(dbm_file);
957 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
958 dbfn_delete(dbm_file, ehlo_resp_key);
963 # ifdef EXPERIMENTAL_ESMTP_LIMITS
964 if (er->data.limit_mail || er->data.limit_rcpt || er->data.limit_rcptdom)
965 debug_printf("EHLO response bits from cache:"
966 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x lim %05d/%05d/%05d\n",
967 er->data.cleartext_features, er->data.cleartext_auths,
968 er->data.crypted_features, er->data.crypted_auths,
969 er->data.limit_mail, er->data.limit_rcpt, er->data.limit_rcptdom);
972 debug_printf("EHLO response bits from cache:"
973 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x\n",
974 er->data.cleartext_features, er->data.cleartext_auths,
975 er->data.crypted_features, er->data.crypted_auths);
977 sx->ehlo_resp = er->data;
978 # ifdef EXPERIMENTAL_ESMTP_LIMITS
979 ehlo_cache_limits_apply(sx);
981 dbfn_close(dbm_file);
984 dbfn_close(dbm_file);
991 /* Return an auths bitmap for the set of AUTH methods offered by the server
992 which match our authenticators. */
994 static unsigned short
995 study_ehlo_auths(smtp_context * sx)
1000 unsigned short authbits = 0;
1002 if (!sx->esmtp) return 0;
1003 if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, MCS_NOFLAGS, TRUE);
1004 if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
1005 expand_nmax = -1; /* reset */
1006 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1008 for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
1010 const uschar * list = names;
1012 for (int sep = ' '; s = string_nextinlist(&list, &sep, NULL, 0); )
1013 if (strcmpic(au->public_name, s) == 0)
1014 { authbits |= BIT(authnum); break; }
1018 debug_printf("server offers %s AUTH, methods '%s', bitmap 0x%04x\n",
1019 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
1021 if (tls_out.active.sock >= 0)
1022 sx->ehlo_resp.crypted_auths = authbits;
1024 sx->ehlo_resp.cleartext_auths = authbits;
1031 /* Wait for and check responses for early-pipelining.
1033 Called from the lower-level smtp_read_response() function
1034 used for general code that assume synchronisation, if context
1035 flags indicate outstanding early-pipelining commands. Also
1036 called fom sync_responses() which handles pipelined commands.
1039 sx smtp connection context
1040 countp number of outstanding responses, adjusted on return
1044 DEFER error on first read of TLS'd conn
1045 FAIL SMTP error in response
1048 smtp_reap_early_pipe(smtp_context * sx, int * countp)
1050 BOOL pending_BANNER = sx->pending_BANNER;
1051 BOOL pending_EHLO = sx->pending_EHLO;
1054 sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
1055 sx->pending_EHLO = FALSE;
1059 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
1061 if (!smtp_reap_banner(sx))
1063 DEBUG(D_transport) debug_printf("bad banner\n");
1064 if (tls_out.active.sock >= 0) rc = DEFER;
1067 /*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
1068 ehlo_response_lbserver(sx, sx->conn_args.ob);
1073 unsigned peer_offered;
1074 unsigned short authbits = 0, * ap;
1076 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
1078 if (!smtp_reap_ehlo(sx))
1080 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
1081 if (tls_out.active.sock >= 0) rc = DEFER;
1085 /* Compare the actual EHLO response extensions and AUTH methods to the cached
1086 value we assumed; on difference, dump or rewrite the cache and arrange for a
1089 ap = tls_out.active.sock < 0
1090 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
1092 peer_offered = ehlo_response(sx->buffer,
1093 (tls_out.active.sock < 0 ? OPTION_TLS : 0)
1094 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
1095 | OPTION_UTF8 | OPTION_EARLY_PIPE
1097 # ifdef EXPERIMENTAL_ESMTP_LIMITS
1098 if (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1099 ehlo_response_limits_read(sx);
1101 if ( peer_offered != sx->peer_offered
1102 || (authbits = study_ehlo_auths(sx)) != *ap)
1105 debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1106 tls_out.active.sock < 0 ? "cleartext" : "crypted",
1107 sx->peer_offered, *ap, peer_offered, authbits);
1108 if (peer_offered & OPTION_EARLY_PIPE)
1110 *(tls_out.active.sock < 0
1111 ? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) =
1114 write_ehlo_cache_entry(sx);
1117 invalidate_ehlo_cache_entry(sx);
1119 return OK; /* just carry on */
1121 # ifdef EXPERIMENTAL_ESMTP_LIMITS
1122 /* If we are handling LIMITS, compare the actual EHLO LIMITS values with the
1123 cached values and invalidate cache if different. OK to carry on with
1124 connect since values are advisory. */
1126 if ( (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1127 && ( sx->peer_limit_mail != sx->ehlo_resp.limit_mail
1128 || sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt
1129 || sx->peer_limit_rcptdom != sx->ehlo_resp.limit_rcptdom
1134 debug_printf("EHLO LIMITS changed:");
1135 if (sx->peer_limit_mail != sx->ehlo_resp.limit_mail)
1136 debug_printf(" MAILMAX %u -> %u\n", sx->ehlo_resp.limit_mail, sx->peer_limit_mail);
1137 else if (sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt)
1138 debug_printf(" RCPTMAX %u -> %u\n", sx->ehlo_resp.limit_rcpt, sx->peer_limit_rcpt);
1140 debug_printf(" RCPTDOMAINMAX %u -> %u\n", sx->ehlo_resp.limit_rcptdom, sx->peer_limit_rcptdom);
1142 invalidate_ehlo_cache_entry(sx);
1150 invalidate_ehlo_cache_entry(sx);
1151 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
1154 #endif /*!DISABLE_PIPE_CONNECT*/
1157 /*************************************************
1158 * Synchronize SMTP responses *
1159 *************************************************/
1161 /* This function is called from smtp_deliver() to receive SMTP responses from
1162 the server, and match them up with the commands to which they relate. When
1163 PIPELINING is not in use, this function is called after every command, and is
1164 therefore somewhat over-engineered, but it is simpler to use a single scheme
1165 that works both with and without PIPELINING instead of having two separate sets
1168 The set of commands that are buffered up with pipelining may start with MAIL
1169 and may end with DATA; in between are RCPT commands that correspond to the
1170 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1171 etc.) are never buffered.
1173 Errors after MAIL or DATA abort the whole process leaving the response in the
1174 buffer. After MAIL, pending responses are flushed, and the original command is
1175 re-instated in big_buffer for error messages. For RCPT commands, the remote is
1176 permitted to reject some recipient addresses while accepting others. However
1177 certain errors clearly abort the whole process. Set the value in
1178 transport_return to PENDING_OK if the address is accepted. If there is a
1179 subsequent general error, it will get reset accordingly. If not, it will get
1180 converted to OK at the end.
1183 sx smtp connection context
1184 count the number of responses to read
1185 pending_DATA 0 if last command sent was not DATA
1186 +1 if previously had a good recipient
1187 -1 if not previously had a good recipient
1189 Returns: 3 if at least one address had 2xx and one had 5xx
1190 2 if at least one address had 5xx but none had 2xx
1191 1 if at least one host had a 2xx response, but none had 5xx
1192 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1193 -1 timeout while reading RCPT response
1194 -2 I/O or other non-response error for RCPT
1195 -3 DATA or MAIL failed - errno and buffer set
1196 -4 banner or EHLO failed (early-pipelining)
1197 -5 banner or EHLO failed (early-pipelining, TLS)
1201 sync_responses(smtp_context * sx, int count, int pending_DATA)
1203 address_item * addr = sx->sync_addr;
1204 smtp_transport_options_block * ob = sx->conn_args.ob;
1207 #ifndef DISABLE_PIPE_CONNECT
1209 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
1210 return rc == FAIL ? -4 : -5;
1213 /* Handle the response for a MAIL command. On error, reinstate the original
1214 command in big_buffer for error message use, and flush any further pending
1215 responses before returning, except after I/O errors and timeouts. */
1217 if (sx->pending_MAIL)
1219 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
1221 sx->pending_MAIL = sx->RCPT_452 = FALSE;
1222 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1223 '2', ob->command_timeout))
1225 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
1226 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
1227 if (errno == ERRNO_TLSFAILURE)
1229 if (errno == 0 && sx->buffer[0] != 0)
1232 if (sx->buffer[0] == '4')
1234 save_errno = ERRNO_MAIL4XX;
1235 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1237 count = smtp_discard_responses(sx, ob, count);
1241 if (pending_DATA) count--; /* Number of RCPT responses to come */
1242 while (count-- > 0) /* Mark any pending addrs with the host used */
1244 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
1245 addr->host_used = sx->conn_args.host;
1252 if (pending_DATA) count--; /* Number of RCPT responses to come */
1254 /* Read and handle the required number of RCPT responses, matching each one up
1255 with an address by scanning for the next address whose status is PENDING_DEFER.
1260 while (addr->transport_return != PENDING_DEFER)
1261 if (!(addr = addr->next))
1264 /* The address was accepted */
1265 addr->host_used = sx->conn_args.host;
1267 DEBUG(D_transport) debug_printf("%s expect rcpt for %s\n", __FUNCTION__, addr->address);
1268 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1269 '2', ob->command_timeout))
1272 addr->transport_return = PENDING_OK;
1274 /* If af_dr_retry_exists is set, there was a routing delay on this address;
1275 ensure that any address-specific retry record is expunged. We do this both
1276 for the basic key and for the version that also includes the sender. */
1278 if (testflag(addr, af_dr_retry_exists))
1280 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1282 retry_add_item(addr, altkey, rf_delete);
1283 retry_add_item(addr, addr->address_retry_key, rf_delete);
1287 /* Error on first TLS read */
1289 else if (errno == ERRNO_TLSFAILURE)
1292 /* Timeout while reading the response */
1294 else if (errno == ETIMEDOUT)
1296 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
1297 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1298 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE, &sx->delivery_start);
1299 retry_add_item(addr, addr->address_retry_key, 0);
1300 update_waiting = FALSE;
1304 /* Handle other errors in obtaining an SMTP response by returning -1. This
1305 will cause all the addresses to be deferred. Restore the SMTP command in
1306 big_buffer for which we are checking the response, so the error message
1309 else if (errno != 0 || sx->buffer[0] == 0)
1311 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }, * g = &gs;
1313 /* Use taint-unchecked routines for writing into big_buffer, trusting
1314 that we'll never expand it. */
1316 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "RCPT TO:<%s>",
1317 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1318 string_from_gstring(g);
1322 /* Handle SMTP permanent and temporary response codes. */
1327 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
1328 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
1329 string_printing(sx->buffer));
1330 setflag(addr, af_pass_message);
1332 msglog_line(sx->conn_args.host, addr->message);
1334 /* The response was 5xx */
1336 if (sx->buffer[0] == '5')
1338 addr->transport_return = FAIL;
1342 /* The response was 4xx */
1346 addr->transport_return = DEFER;
1347 addr->basic_errno = ERRNO_RCPT4XX;
1348 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1352 #ifndef DISABLE_EVENT
1353 event_defer_errno = addr->more_errno;
1354 msg_event_raise(US"msg:rcpt:host:defer", addr);
1356 /* If a 452 and we've had at least one 2xx or 5xx, set next_addr to the
1357 start point for another MAIL command. */
1359 if (addr->more_errno >> 8 == 52 && yield & 3)
1361 if (!sx->RCPT_452) /* initialised at MAIL-ack above */
1364 debug_printf("%s: seen first 452 too-many-rcpts\n", __FUNCTION__);
1365 sx->RCPT_452 = TRUE;
1366 sx->next_addr = addr;
1368 addr->transport_return = PENDING_DEFER;
1369 addr->basic_errno = 0;
1373 /* Log temporary errors if there are more hosts to be tried.
1374 If not, log this last one in the == line. */
1376 if (sx->conn_args.host->next)
1377 if (LOGGING(outgoing_port))
1378 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1379 sx->conn_args.host->address,
1380 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1382 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1383 sx->conn_args.host->address, addr->message);
1385 #ifndef DISABLE_EVENT
1387 msg_event_raise(US"msg:rcpt:defer", addr);
1390 /* Do not put this message on the list of those waiting for specific
1391 hosts, as otherwise it is likely to be tried too often. */
1393 update_waiting = FALSE;
1395 /* Add a retry item for the address so that it doesn't get tried again
1396 too soon. If address_retry_include_sender is true, add the sender address
1397 to the retry key. */
1399 retry_add_item(addr,
1400 ob->address_retry_include_sender
1401 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1402 : addr->address_retry_key,
1408 if (count && !(addr = addr->next))
1410 } /* Loop for next RCPT response */
1412 /* Update where to start at for the next block of responses, unless we
1413 have already handled all the addresses. */
1415 if (addr) sx->sync_addr = addr->next;
1417 /* Handle a response to DATA. If we have not had any good recipients, either
1418 previously or in this block, the response is ignored. */
1420 if (pending_DATA != 0)
1422 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
1423 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1424 '3', ob->command_timeout))
1430 if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
1433 if (pending_DATA > 0 || (yield & 1) != 0)
1435 if (errno == 0 && sx->buffer[0] == '4')
1437 errno = ERRNO_DATA4XX;
1438 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1442 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
1443 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1444 "is in use and there were no good recipients\n", msg);
1448 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1449 present) received 3xx. If any RCPTs were handled and yielded anything other
1450 than 4xx, yield will be set non-zero. */
1459 /* Try an authenticator's client entry */
1462 try_authenticator(smtp_context * sx, auth_instance * au)
1464 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1465 host_item * host = sx->conn_args.host; /* host to deliver to */
1468 /* Set up globals for error messages */
1470 authenticator_name = au->name;
1471 driver_srcfile = au->srcfile;
1472 driver_srcline = au->srcline;
1474 sx->outblock.authenticating = TRUE;
1475 rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1476 sx->buffer, sizeof(sx->buffer));
1477 sx->outblock.authenticating = FALSE;
1478 driver_srcfile = authenticator_name = NULL; driver_srcline = 0;
1479 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1481 /* A temporary authentication failure must hold up delivery to
1482 this host. After a permanent authentication failure, we carry on
1483 to try other authentication methods. If all fail hard, try to
1484 deliver the message unauthenticated unless require_auth was set. */
1489 f.smtp_authenticated = TRUE; /* stops the outer loop */
1490 client_authenticator = au->name;
1491 if (au->set_client_id)
1492 client_authenticated_id = expand_string(au->set_client_id);
1495 /* Failure after writing a command */
1500 /* Failure after reading a response */
1503 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1504 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1505 au->name, host->name, host->address, sx->buffer);
1508 /* Failure by some other means. In effect, the authenticator
1509 decided it wasn't prepared to handle this case. Typically this
1510 is the result of "fail" in an expansion string. Do we need to
1511 log anything here? Feb 2006: a message is now put in the buffer
1512 if logging is required. */
1515 if (*sx->buffer != 0)
1516 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1517 "authentication H=%s [%s] %s", au->name, host->name,
1518 host->address, sx->buffer);
1521 /* Internal problem, message in buffer. */
1524 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1525 DEFER, FALSE, &sx->delivery_start);
1534 /* Do the client side of smtp-level authentication.
1537 sx smtp connection context
1539 sx->buffer should have the EHLO response from server (gets overwritten)
1542 OK Success, or failed (but not required): global "smtp_authenticated" set
1543 DEFER Failed authentication (and was required)
1544 ERROR Internal problem
1546 FAIL_SEND Failed communications - transmit
1551 smtp_auth(smtp_context * sx)
1553 host_item * host = sx->conn_args.host; /* host to deliver to */
1554 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1555 int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1556 #ifndef DISABLE_PIPE_CONNECT
1557 unsigned short authbits = tls_out.active.sock >= 0
1558 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1560 uschar * fail_reason = US"server did not advertise AUTH support";
1562 f.smtp_authenticated = FALSE;
1563 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1566 regex_AUTH = regex_must_compile(AUTHS_REGEX, MCS_NOFLAGS, TRUE);
1568 /* Is the server offering AUTH? */
1572 #ifndef DISABLE_PIPE_CONNECT
1573 sx->early_pipe_active ? authbits
1576 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1579 uschar * names = NULL;
1580 expand_nmax = -1; /* reset */
1582 #ifndef DISABLE_PIPE_CONNECT
1583 if (!sx->early_pipe_active)
1585 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1587 /* Must not do this check until after we have saved the result of the
1588 regex match above as the check could be another RE. */
1590 if ( require_auth == OK
1591 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
1593 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1594 fail_reason = US"no common mechanisms were found";
1596 #ifndef DISABLE_PIPE_CONNECT
1597 if (sx->early_pipe_active)
1599 /* Scan our authenticators (which support use by a client and were offered
1600 by the server (checked at cache-write time)), not suppressed by
1601 client_condition. If one is found, attempt to authenticate by calling its
1602 client function. We are limited to supporting up to 16 authenticator
1603 public-names by the number of bits in a short. */
1609 for (bitnum = 0, au = auths;
1610 !f.smtp_authenticated && au && bitnum < 16;
1611 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1613 if ( au->client_condition
1614 && !expand_check_condition(au->client_condition, au->name,
1615 US"client authenticator"))
1617 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1618 au->name, "client_condition is false");
1622 /* Found data for a listed mechanism. Call its client entry. Set
1623 a flag in the outblock so that data is overwritten after sending so
1624 that reflections don't show it. */
1626 fail_reason = US"authentication attempt(s) failed";
1628 if ((rc = try_authenticator(sx, au)) != OK)
1635 /* Scan the configured authenticators looking for one which is configured
1636 for use as a client, which is not suppressed by client_condition, and
1637 whose name matches an authentication mechanism supported by the server.
1638 If one is found, attempt to authenticate by calling its client function.
1641 for (auth_instance * au = auths; !f.smtp_authenticated && au; au = au->next)
1646 || ( au->client_condition
1647 && !expand_check_condition(au->client_condition, au->name,
1648 US"client authenticator")))
1650 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1652 (au->client)? "client_condition is false" :
1653 "not configured as a client");
1657 /* Loop to scan supported server mechanisms */
1661 int len = Ustrlen(au->public_name);
1664 while (isspace(*p)) p++;
1666 if (strncmpic(au->public_name, p, len) != 0 ||
1667 (p[len] != 0 && !isspace(p[len])))
1669 while (*p != 0 && !isspace(*p)) p++;
1673 /* Found data for a listed mechanism. Call its client entry. Set
1674 a flag in the outblock so that data is overwritten after sending so
1675 that reflections don't show it. */
1677 fail_reason = US"authentication attempt(s) failed";
1679 if ((rc = try_authenticator(sx, au)) != OK)
1682 break; /* If not authenticated, try next authenticator */
1683 } /* Loop for scanning supported server mechanisms */
1684 } /* Loop for further authenticators */
1688 /* If we haven't authenticated, but are required to, give up. */
1690 if (require_auth == OK && !f.smtp_authenticated)
1692 #ifndef DISABLE_PIPE_CONNECT
1693 invalidate_ehlo_cache_entry(sx);
1695 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1696 string_sprintf("authentication required but %s", fail_reason), DEFER,
1697 FALSE, &sx->delivery_start);
1705 /* Construct AUTH appendix string for MAIL TO */
1708 sx context for smtp connection
1709 p point in sx->buffer to build string
1710 addrlist chain of potential addresses to deliver
1712 Globals f.smtp_authenticated
1713 client_authenticated_sender
1714 Return True on error, otherwise buffer has (possibly empty) terminated string
1718 smtp_mail_auth_str(smtp_context * sx, uschar * p, address_item * addrlist)
1720 smtp_transport_options_block * ob = sx->conn_args.ob;
1721 uschar * local_authenticated_sender = authenticated_sender;
1724 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n",
1725 authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1728 if (ob->authenticated_sender)
1730 uschar * new = expand_string(ob->authenticated_sender);
1733 if (!f.expand_string_forcedfail)
1735 uschar *message = string_sprintf("failed to expand "
1736 "authenticated_sender: %s", expand_string_message);
1737 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
1742 local_authenticated_sender = new;
1745 /* Add the authenticated sender address if present */
1747 if ( (f.smtp_authenticated || ob->authenticated_sender_force)
1748 && local_authenticated_sender)
1750 string_format_nt(p, sizeof(sx->buffer) - (p-sx->buffer), " AUTH=%s",
1751 auth_xtextencode(local_authenticated_sender,
1752 Ustrlen(local_authenticated_sender)));
1753 client_authenticated_sender = string_copy(local_authenticated_sender);
1763 typedef struct smtp_compare_s
1765 uschar * current_sender_address;
1766 struct transport_instance * tblock;
1770 /* Create a unique string that identifies this message, it is based on
1771 sender_address, helo_data and tls_certificate if enabled.
1775 smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1777 address_item * addr1;
1778 uschar * if1 = US"";
1779 uschar * helo1 = US"";
1781 uschar * tlsc1 = US"";
1783 uschar * save_sender_address = sender_address;
1784 uschar * local_identity = NULL;
1785 smtp_transport_options_block * ob = SOB tblock->options_block;
1787 sender_address = sender;
1789 addr1 = deliver_make_addr (sender, TRUE);
1790 deliver_set_expansions(addr1);
1793 if1 = expand_string(ob->interface);
1796 helo1 = expand_string(ob->helo_data);
1799 if (ob->tls_certificate)
1800 tlsc1 = expand_string(ob->tls_certificate);
1801 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1803 local_identity = string_sprintf ("%s^%s", if1, helo1);
1806 deliver_set_expansions(NULL);
1807 sender_address = save_sender_address;
1809 return local_identity;
1814 /* This routine is a callback that is called from transport_check_waiting.
1815 This function will evaluate the incoming message versus the previous
1816 message. If the incoming message is using a different local identity then
1817 we will veto this new message. */
1820 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1822 uschar * message_local_identity,
1823 * current_local_identity,
1824 * new_sender_address;
1826 current_local_identity =
1827 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1829 if (!(new_sender_address = spool_sender_from_msgid(message_id)))
1833 message_local_identity =
1834 smtp_local_identity(new_sender_address, s_compare->tblock);
1836 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1842 ehlo_response(uschar * buf, unsigned checks)
1844 PCRE2_SIZE bsize = Ustrlen(buf);
1845 pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
1847 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1850 if ( checks & OPTION_TLS
1851 && pcre2_match(regex_STARTTLS,
1852 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1854 checks &= ~OPTION_TLS;
1856 if ( checks & OPTION_IGNQ
1857 && pcre2_match(regex_IGNOREQUOTA,
1858 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1859 checks &= ~OPTION_IGNQ;
1861 if ( checks & OPTION_CHUNKING
1862 && pcre2_match(regex_CHUNKING,
1863 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1864 checks &= ~OPTION_CHUNKING;
1866 #ifndef DISABLE_PRDR
1867 if ( checks & OPTION_PRDR
1868 && pcre2_match(regex_PRDR,
1869 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1871 checks &= ~OPTION_PRDR;
1874 if ( checks & OPTION_UTF8
1875 && pcre2_match(regex_UTF8,
1876 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1878 checks &= ~OPTION_UTF8;
1880 if ( checks & OPTION_DSN
1881 && pcre2_match(regex_DSN,
1882 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1883 checks &= ~OPTION_DSN;
1885 if ( checks & OPTION_PIPE
1886 && pcre2_match(regex_PIPELINING,
1887 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1888 checks &= ~OPTION_PIPE;
1890 if ( checks & OPTION_SIZE
1891 && pcre2_match(regex_SIZE,
1892 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1893 checks &= ~OPTION_SIZE;
1895 #ifndef DISABLE_PIPE_CONNECT
1896 if ( checks & OPTION_EARLY_PIPE
1897 && pcre2_match(regex_EARLY_PIPE,
1898 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_gen_mtc_ctx) < 0)
1900 checks &= ~OPTION_EARLY_PIPE;
1902 /* pcre2_match_data_free(md); gen ctx needs no free */
1903 /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1909 /* Callback for emitting a BDAT data chunk header.
1911 If given a nonzero size, first flush any buffered SMTP commands
1912 then emit the command.
1914 Reap previous SMTP command responses if requested, and always reap
1915 the response from a previous BDAT command.
1918 tctx transport context
1919 chunk_size value for SMTP BDAT command
1921 tc_chunk_last add LAST option to SMTP BDAT command
1922 tc_reap_prev reap response to previous SMTP commands
1926 DEFER TLS error on first read (EHLO-resp); errno set
1930 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1933 smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
1934 smtp_context * sx = tctx->smtp_context;
1938 /* Write SMTP chunk header command. If not reaping responses, note that
1939 there may be more writes (like, the chunk data) done soon. */
1943 #ifndef DISABLE_PIPE_CONNECT
1944 BOOL new_conn = !!(sx->outblock.conn_args);
1946 if((cmd_count = smtp_write_command(sx,
1947 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1948 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1949 ) < 0) return ERROR;
1950 if (flags & tc_chunk_last)
1951 data_command = string_copy(big_buffer); /* Save for later error message */
1952 #ifndef DISABLE_PIPE_CONNECT
1953 /* That command write could have been the one that made the connection.
1954 Copy the fd from the client conn ctx (smtp transport specific) to the
1955 generic transport ctx. */
1958 tctx->u.fd = sx->outblock.cctx->sock;
1962 prev_cmd_count = cmd_count += sx->cmd_count;
1964 /* Reap responses for any previous, but not one we just emitted */
1968 if (sx->pending_BDAT)
1971 if (flags & tc_reap_prev && prev_cmd_count > 0)
1973 DEBUG(D_transport) debug_printf("look for %d responses"
1974 " for previous pipelined cmds\n", prev_cmd_count);
1976 switch(sync_responses(sx, prev_cmd_count, 0))
1978 case 1: /* 2xx (only) => OK */
1979 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1980 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
1981 case 0: break; /* No 2xx or 5xx, but no probs */
1983 case -5: errno = ERRNO_TLSFAILURE;
1985 #ifndef DISABLE_PIPE_CONNECT
1986 case -4: /* non-2xx for pipelined banner or EHLO */
1988 case -1: /* Timeout on RCPT */
1989 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1992 if (!sx->pending_BDAT)
1993 pipelining_active = FALSE;
1996 /* Reap response for an outstanding BDAT */
1998 if (sx->pending_BDAT)
2000 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
2002 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
2003 ob->command_timeout))
2005 if (errno == 0 && sx->buffer[0] == '4')
2007 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
2008 sx->addrlist->more_errno |=
2009 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
2014 sx->pending_BDAT = FALSE;
2015 pipelining_active = FALSE;
2017 else if (chunk_size > 0)
2018 sx->pending_BDAT = TRUE;
2021 sx->cmd_count = cmd_count;
2029 check_force_dane_conn(smtp_context * sx, smtp_transport_options_block * ob)
2032 if( sx->dane_required
2033 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
2035 switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2037 case OK: sx->conn_args.dane = TRUE;
2038 ob->tls_tempfail_tryclear = FALSE; /* force TLS */
2039 ob->tls_sni = sx->conn_args.host->name; /* force SNI */
2041 case FAIL_FORCED: break;
2042 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2043 string_sprintf("DANE error: tlsa lookup %s",
2045 rc, FALSE, &sx->delivery_start);
2046 # ifndef DISABLE_EVENT
2047 (void) event_raise(sx->conn_args.tblock->event_action,
2048 US"dane:fail", sx->dane_required
2049 ? US"dane-required" : US"dnssec-invalid",
2059 /*************************************************
2060 * Make connection for given message *
2061 *************************************************/
2065 sx connection context
2066 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
2067 a second attempt after TLS initialization fails
2069 Returns: OK - the connection was made and the delivery attempted;
2070 fd is set in the conn context, tls_out set up.
2071 DEFER - the connection could not be made, or something failed
2072 while setting up the SMTP session, or there was a
2073 non-message-specific error, such as a timeout.
2074 ERROR - helo_data or add_headers or authenticated_sender is
2075 specified for this transport, and the string failed
2079 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
2081 smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
2082 BOOL pass_message = FALSE;
2083 uschar * message = NULL;
2086 uschar * tls_errstr;
2089 /* Many lines of clearing individual elements of *sx that used to
2090 be here have been replaced by a full memset to zero (de41aff051).
2091 There are two callers, this file and verify.c . Now we only set
2092 up nonzero elements. */
2094 sx->conn_args.ob = ob;
2096 sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
2097 sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
2098 sx->send_rset = TRUE;
2099 sx->send_quit = TRUE;
2100 sx->setting_up = TRUE;
2102 sx->dsn_all_lasthop = TRUE;
2105 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
2108 if ((sx->max_mail = sx->conn_args.tblock->connection_max_messages) == 0) sx->max_mail = 999999;
2109 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
2110 sx->igquotstr = US"";
2111 if (!sx->helo_data) sx->helo_data = ob->helo_data;
2113 smtp_command = US"initial connection";
2115 /* Set up the buffer for reading SMTP response packets. */
2117 sx->inblock.buffer = sx->inbuffer;
2118 sx->inblock.buffersize = sizeof(sx->inbuffer);
2119 sx->inblock.ptr = sx->inbuffer;
2120 sx->inblock.ptrend = sx->inbuffer;
2122 /* Set up the buffer for holding SMTP commands while pipelining */
2124 sx->outblock.buffer = sx->outbuffer;
2125 sx->outblock.buffersize = sizeof(sx->outbuffer);
2126 sx->outblock.ptr = sx->outbuffer;
2128 /* Reset the parameters of a TLS session. */
2131 tls_out.cipher = NULL; /* the one we may use for this transport */
2132 tls_out.ourcert = NULL;
2133 tls_out.peercert = NULL;
2134 tls_out.peerdn = NULL;
2138 tls_out.ocsp = OCSP_NOT_REQ;
2139 #ifndef DISABLE_TLS_RESUME
2140 tls_out.resumption = 0;
2144 /* Flip the legacy TLS-related variables over to the outbound set in case
2145 they're used in the context of the transport. Don't bother resetting
2146 afterward (when being used by a transport) as we're in a subprocess.
2147 For verify, unflipped once the callout is dealt with */
2149 tls_modify_variables(&tls_out);
2154 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
2155 DEFER, FALSE, &sx->delivery_start);
2160 /* If we have a proxied TLS connection, check usability for this message */
2162 if (continue_hostname && continue_proxy_cipher)
2165 const uschar * sni = US"";
2167 # ifdef SUPPORT_DANE
2168 /* Check if the message will be DANE-verified; if so force TLS and its SNI */
2170 tls_out.dane_verified = FALSE;
2171 smtp_port_for_connect(sx->conn_args.host, sx->port);
2172 if ( sx->conn_args.host->dnssec == DS_YES
2173 && (rc = check_force_dane_conn(sx, ob)) != OK
2178 /* If the SNI or the DANE status required for the new message differs from the
2179 existing conn drop the connection to force a new one. */
2181 if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni)))
2182 log_write(0, LOG_MAIN|LOG_PANIC,
2183 "<%s>: failed to expand transport's tls_sni value: %s",
2184 sx->addrlist->address, expand_string_message);
2186 # ifdef SUPPORT_DANE
2187 if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
2188 && continue_proxy_dane == sx->conn_args.dane)
2190 tls_out.sni = US sni;
2191 if ((tls_out.dane_verified = continue_proxy_dane))
2192 sx->conn_args.host->dnssec = DS_YES;
2195 if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
2196 tls_out.sni = US sni;
2201 debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");
2203 smtp_debug_cmd(US"QUIT", 0);
2204 write(0, "QUIT\r\n", 6);
2206 continue_hostname = continue_proxy_cipher = NULL;
2207 f.continue_more = FALSE;
2208 continue_sequence = 1; /* Unfortunately, this process cannot affect success log
2209 which is done by delivery proc. Would have to pass this
2210 back through reporting pipe. */
2213 #endif /*!DISABLE_TLS*/
2215 /* Make a connection to the host if this isn't a continued delivery, and handle
2216 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2217 specially so they can be identified for retries. */
2219 if (!continue_hostname)
2222 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2224 /* Arrange to report to calling process this is a new connection */
2226 clearflag(sx->first_addr, af_cont_conn);
2227 setflag(sx->first_addr, af_new_conn);
2229 /* Get the actual port the connection will use, into sx->conn_args.host */
2231 smtp_port_for_connect(sx->conn_args.host, sx->port);
2234 /* Do TLSA lookup for DANE */
2236 tls_out.dane_verified = FALSE;
2237 tls_out.tlsa_usage = 0;
2239 if (sx->conn_args.host->dnssec == DS_YES)
2242 if ((rc = check_force_dane_conn(sx, ob)) != OK)
2245 else if (sx->dane_required)
2247 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2248 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
2249 FAIL, FALSE, &sx->delivery_start);
2250 # ifndef DISABLE_EVENT
2251 (void) event_raise(sx->conn_args.tblock->event_action,
2252 US"dane:fail", US"dane-required", NULL);
2259 /* Make the TCP connection */
2261 sx->cctx.tls_ctx = NULL;
2262 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2263 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2264 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom =
2266 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2267 #ifndef DISABLE_CLIENT_CMD_LOG
2268 client_cmd_log = NULL;
2271 #ifndef DISABLE_PIPE_CONNECT
2272 if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,
2273 sx->conn_args.host) == OK)
2275 /* We don't find out the local ip address until the connect, so if
2276 the helo string might use it avoid doing early-pipelining. */
2279 || sx->conn_args.interface
2280 || !Ustrstr(sx->helo_data, "$sending_ip_address")
2281 || Ustrstr(sx->helo_data, "def:sending_ip_address")
2284 sx->early_pipe_ok = TRUE;
2285 if ( read_ehlo_cache_entry(sx)
2286 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2289 debug_printf("Using cached cleartext PIPECONNECT\n");
2290 sx->early_pipe_active = TRUE;
2291 sx->peer_offered = sx->ehlo_resp.cleartext_features;
2294 else DEBUG(D_transport)
2295 debug_printf("helo needs $sending_ip_address; avoid early-pipelining\n");
2298 if (sx->early_pipe_active)
2300 sx->outblock.conn_args = &sx->conn_args;
2301 (void) smtp_boundsock(&sx->conn_args);
2306 blob lazy_conn = {.data = NULL};
2307 /* For TLS-connect, a TFO lazy-connect is useful since the Client Hello
2308 can go on the TCP SYN. */
2310 if ((sx->cctx.sock = smtp_connect(&sx->conn_args,
2311 sx->smtps ? &lazy_conn : NULL)) < 0)
2313 set_errno_nohost(sx->addrlist,
2314 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2315 sx->verify ? US strerror(errno) : NULL,
2316 DEFER, FALSE, &sx->delivery_start);
2317 sx->send_quit = FALSE;
2321 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2325 /* Expand the greeting message while waiting for the initial response. (Makes
2326 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2327 delayed till here so that $sending_ip_address and $sending_port are set.
2328 Those will be known even for a TFO lazy-connect, having been set by the bind().
2329 For early-pipe, we are ok if binding to a local interface; otherwise (if
2330 $sending_ip_address is seen in helo_data) we disabled early-pipe above. */
2333 if (!(sx->helo_data = expand_string(sx->helo_data)))
2335 log_write(0, LOG_MAIN|LOG_PANIC,
2336 "<%s>: failed to expand transport's helo_data value for callout: %s",
2337 sx->addrlist->address, expand_string_message);
2342 expand_string_message = NULL;
2343 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2344 &expand_string_message)),
2345 expand_string_message)
2347 log_write(0, LOG_MAIN|LOG_PANIC,
2348 "<%s>: failed to expand transport's helo_data value for callout: %s",
2349 sx->addrlist->address, expand_string_message);
2351 sx->helo_data = NULL;
2355 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2356 is nevertheless a reasonably clean way of programming this kind of logic,
2357 where you want to escape on any error. */
2361 #ifndef DISABLE_PIPE_CONNECT
2362 if (sx->early_pipe_active)
2364 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2365 sx->outblock.cmd_count = 1;
2370 if (!smtp_reap_banner(sx))
2371 goto RESPONSE_FAILED;
2374 #ifndef DISABLE_EVENT
2377 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2378 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2379 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer, NULL);
2382 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
2383 string_sprintf("deferred by smtp:connect event expansion: %s", s),
2384 DEFER, FALSE, &sx->delivery_start);
2391 /* Now check if the helo_data expansion went well, and sign off cleanly if
2396 message = string_sprintf("failed to expand helo_data: %s",
2397 expand_string_message);
2398 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2404 /** Debugging without sending a message
2405 sx->addrlist->transport_return = DEFER;
2409 /* Errors that occur after this point follow an SMTP command, which is
2410 left in big_buffer by smtp_write_command() for use in error messages. */
2412 smtp_command = big_buffer;
2414 /* Tell the remote who we are...
2416 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2417 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2418 greeting is of this form. The assumption was that the far end supports it
2419 properly... but experience shows that there are some that give 5xx responses,
2420 even though the banner includes "ESMTP" (there's a bloody-minded one that
2421 says "ESMTP not spoken here"). Cope with that case.
2423 September 2000: Time has passed, and it seems reasonable now to always send
2424 EHLO at the start. It is also convenient to make the change while installing
2427 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2428 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2429 would be no way to send out the mails, so there is now a host list
2430 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2431 PIPELINING problem as well. Maybe it can also be useful to cure other
2432 problems with broken servers.
2434 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2435 Then somebody tried it with a Microsoft mailer... It seems that all other
2436 mailers use upper case for some reason (the RFC is quite clear about case
2437 independence) so, for peace of mind, I gave in. */
2439 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
2441 /* Alas; be careful, since this goto is not an error-out, so conceivably
2442 we might set data between here and the target which we assume to exist
2443 and be usable. I can see this coming back to bite us. */
2447 smtp_peer_options |= OPTION_TLS;
2448 suppress_tls = FALSE;
2449 ob->tls_tempfail_tryclear = FALSE;
2450 smtp_command = US"SSL-on-connect";
2457 if (smtp_write_command(sx,
2458 #ifndef DISABLE_PIPE_CONNECT
2459 sx->early_pipe_active ? SCMD_BUFFER :
2462 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
2464 sx->esmtp_sent = TRUE;
2466 #ifndef DISABLE_PIPE_CONNECT
2467 if (sx->early_pipe_active)
2469 sx->pending_EHLO = TRUE;
2471 /* If we have too many authenticators to handle and might need to AUTH
2472 for this transport, pipeline no further as we will need the
2473 list of auth methods offered. Reap the banner and EHLO. */
2475 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2476 && f.smtp_in_early_pipe_no_auth)
2478 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2479 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2481 if (sync_responses(sx, 2, 0) != 0)
2484 debug_printf("failed reaping pipelined cmd responses\n");
2485 goto RESPONSE_FAILED;
2487 sx->early_pipe_active = FALSE;
2492 if (!smtp_reap_ehlo(sx))
2493 goto RESPONSE_FAILED;
2497 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2499 #ifndef DISABLE_PIPE_CONNECT
2500 if (!sx->early_pipe_active)
2505 int n = sizeof(sx->buffer);
2506 uschar * rsp = sx->buffer;
2508 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer) + 1) < sizeof(sx->buffer)/2)
2509 { rsp = sx->buffer + n; n = sizeof(sx->buffer) - n; }
2511 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2513 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
2514 #ifdef EXPERIMENTAL_DSN_INFO
2515 sx->helo_response = string_copy(rsp);
2519 /* Handle special logging for a closed connection after HELO
2520 when had previously sent EHLO */
2522 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2524 errno = ERRNO_SMTPCLOSED;
2525 goto EHLOHELO_FAILED;
2527 memmove(sx->buffer, rsp, Ustrlen(rsp));
2528 goto RESPONSE_FAILED;
2532 if (sx->esmtp || sx->lmtp)
2534 #ifndef DISABLE_PIPE_CONNECT
2535 if (!sx->early_pipe_active)
2538 sx->peer_offered = ehlo_response(sx->buffer,
2539 OPTION_TLS /* others checked later */
2540 #ifndef DISABLE_PIPE_CONNECT
2541 | (sx->early_pipe_ok
2543 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2552 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2553 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2555 ehlo_response_limits_read(sx);
2556 ehlo_response_limits_apply(sx);
2559 #ifndef DISABLE_PIPE_CONNECT
2560 if (sx->early_pipe_ok)
2562 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2564 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2565 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2567 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2568 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2569 write_ehlo_cache_entry(sx);
2573 ehlo_response_lbserver(sx, ob);
2576 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2579 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
2584 /* For continuing deliveries down the same channel, having re-exec'd the socket
2585 is the standard input; for a socket held open from verify it is recorded
2586 in the cutthrough context block. Either way we don't need to redo EHLO here
2587 (but may need to do so for TLS - see below).
2588 Set up the pointer to where subsequent commands will be left, for
2589 error messages. Note that smtp_peer_options will have been
2590 set from the command line if they were set in the process that passed the
2593 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
2594 as the continue goes via transport_pass_socket() and doublefork and exec.
2595 It does not wait. Unclear how we keep separate host's responses
2596 separate - we could match up by host ip+port as a bodge. */
2600 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
2602 sx->cctx = cutthrough.cctx;
2603 sx->conn_args.host->port = sx->port = cutthrough.host.port;
2607 sx->cctx.sock = 0; /* stdin */
2608 sx->cctx.tls_ctx = NULL;
2609 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
2611 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2612 smtp_command = big_buffer;
2613 sx->peer_offered = smtp_peer_options;
2614 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2615 /* Limits passed by cmdline over exec. */
2616 ehlo_limits_apply(sx,
2617 sx->peer_limit_mail = continue_limit_mail,
2618 sx->peer_limit_rcpt = continue_limit_rcpt,
2619 sx->peer_limit_rcptdom = continue_limit_rcptdom);
2621 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2623 /* For a continued connection with TLS being proxied for us, or a
2624 held-open verify connection with TLS, nothing more to do. */
2626 if ( continue_proxy_cipher
2627 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2628 && cutthrough.is_tls)
2631 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2632 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2633 continue_proxy_cipher ? "proxied" : "verify conn with");
2636 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
2639 /* If TLS is available on this connection, whether continued or not, attempt to
2640 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2641 send another EHLO - the server may give a different answer in secure mode. We
2642 use a separate buffer for reading the response to STARTTLS so that if it is
2643 negative, the original EHLO data is available for subsequent analysis, should
2644 the client not be required to use TLS. If the response is bad, copy the buffer
2645 for error analysis. */
2648 if ( smtp_peer_options & OPTION_TLS
2650 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
2652 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
2655 uschar buffer2[4096];
2657 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
2660 #ifndef DISABLE_PIPE_CONNECT
2661 /* If doing early-pipelining reap the banner and EHLO-response but leave
2662 the response for the STARTTLS we just sent alone. On fail, assume wrong
2663 cached capability and retry with the pipelining disabled. */
2665 if (sx->early_pipe_active)
2667 if (sync_responses(sx, 2, 0) != 0)
2670 debug_printf("failed reaping pipelined cmd responses\n");
2671 close(sx->cctx.sock);
2673 sx->early_pipe_active = FALSE;
2674 goto PIPE_CONNECT_RETRY;
2679 /* If there is an I/O error, transmission of this message is deferred. If
2680 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2681 false, we also defer. However, if there is a temporary rejection of STARTTLS
2682 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2683 STARTTLS, we carry on. This means we will try to send the message in clear,
2684 unless the host is in hosts_require_tls (tested below). */
2686 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
2690 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
2693 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
2694 sx->buffer[sizeof(sx->buffer)-1] = '\0';
2695 goto RESPONSE_FAILED;
2699 /* STARTTLS accepted: try to negotiate a TLS session. */
2704 sx->conn_args.sending_ip_address = sending_ip_address;
2705 if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
2707 /* TLS negotiation failed; give an error. From outside, this function may
2708 be called again to try in clear on a new connection, if the options permit
2709 it for this host. */
2711 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
2713 # ifdef SUPPORT_DANE
2714 if (sx->conn_args.dane)
2716 log_write(0, LOG_MAIN,
2717 "DANE attempt failed; TLS connection to %s [%s]: %s",
2718 sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
2719 # ifndef DISABLE_EVENT
2720 (void) event_raise(sx->conn_args.tblock->event_action,
2721 US"dane:fail", US"validation-failure", NULL); /* could do with better detail */
2726 errno = ERRNO_TLSFAILURE;
2727 message = string_sprintf("TLS session: %s", tls_errstr);
2728 sx->send_quit = FALSE;
2731 sx->send_tlsclose = TRUE;
2733 /* TLS session is set up. Check the inblock fill level. If there is
2734 content then as we have not yet done a tls read it must have arrived before
2735 the TLS handshake, in-clear. That violates the sync requirement of the
2736 STARTTLS RFC, so fail. */
2738 if (sx->inblock.ptr != sx->inblock.ptrend)
2742 int i = sx->inblock.ptrend - sx->inblock.ptr;
2743 debug_printf("unused data in input buffer after ack for STARTTLS:\n"
2745 i > 100 ? 100 : i, sx->inblock.ptr, i > 100 ? "..." : "");
2747 tls_errstr = US"synch error before connect";
2748 goto TLS_CONN_FAILED;
2751 smtp_peer_options_wrap = smtp_peer_options;
2752 for (address_item * addr = sx->addrlist; addr; addr = addr->next)
2753 if (addr->transport_return == PENDING_DEFER)
2755 addr->cipher = tls_out.cipher;
2756 addr->ourcert = tls_out.ourcert;
2757 addr->peercert = tls_out.peercert;
2758 addr->peerdn = tls_out.peerdn;
2759 addr->ocsp = tls_out.ocsp;
2760 addr->tlsver = tls_out.ver;
2765 /* if smtps, we'll have smtp_command set to something else; always safe to
2767 smtp_command = big_buffer;
2769 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2770 helo_data is null, we are dealing with a connection that was passed from
2771 another process, and so we won't have expanded helo_data above. We have to
2772 expand it here. $sending_ip_address and $sending_port are set up right at the
2773 start of the Exim process (in exim.c). */
2775 if (tls_out.active.sock >= 0)
2777 uschar * greeting_cmd;
2779 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
2781 uschar *message = string_sprintf("failed to expand helo_data: %s",
2782 expand_string_message);
2783 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2788 #ifndef DISABLE_PIPE_CONNECT
2789 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2790 We're unlikely to get the group sent and delivered before the server sends its
2791 banner, but it's still worth sending as a group.
2792 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2795 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2797 sx->peer_offered = sx->ehlo_resp.crypted_features;
2798 if ((sx->early_pipe_active =
2799 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2800 DEBUG(D_transport) debug_printf("Using cached crypted PIPECONNECT\n");
2803 #ifdef EXPERIMMENTAL_ESMTP_LIMITS
2804 /* As we are about to send another EHLO, forget any LIMITS received so far. */
2805 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom = 0;
2806 if ((sx->max_mail = sx->conn_args.tblock->connection_max_message) == 0) sx->max_mail = 999999;
2807 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
2808 sx->single_rcpt_domain = FALSE;
2811 /* For SMTPS we need to wait for the initial OK response. */
2813 #ifndef DISABLE_PIPE_CONNECT
2814 if (sx->early_pipe_active)
2816 sx->pending_BANNER = TRUE;
2817 sx->outblock.cmd_count = 1;
2821 if (!smtp_reap_banner(sx))
2822 goto RESPONSE_FAILED;
2825 greeting_cmd = US"LHLO";
2827 greeting_cmd = US"EHLO";
2830 greeting_cmd = US"HELO";
2832 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2835 if (smtp_write_command(sx,
2836 #ifndef DISABLE_PIPE_CONNECT
2837 sx->early_pipe_active ? SCMD_BUFFER :
2840 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
2843 #ifndef DISABLE_PIPE_CONNECT
2844 if (sx->early_pipe_active)
2845 sx->pending_EHLO = TRUE;
2849 if (!smtp_reap_ehlo(sx))
2852 /* The GnuTLS layer in Exim only spots a server-rejection of a client
2853 cert late, under TLS1.3 - which means here; the first time we try to
2854 receive crypted data. Treat it as if it was a connect-time failure.
2855 See also the early-pipe equivalent... which will be hard; every call
2856 to sync_responses will need to check the result.
2857 It would be nicer to have GnuTLS check the cert during the handshake.
2858 Can it do that, with all the flexibility we need? */
2860 tls_errstr = US"error on first read";
2861 goto TLS_CONN_FAILED;
2864 goto RESPONSE_FAILED;
2866 smtp_peer_options = 0;
2870 /* If the host is required to use a secure channel, ensure that we
2874 # ifdef SUPPORT_DANE
2875 || sx->conn_args.dane
2877 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
2880 errno = ERRNO_TLSREQUIRED;
2881 message = string_sprintf("a TLS session is required, but %s",
2882 smtp_peer_options & OPTION_TLS
2883 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2884 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2885 if (sx->conn_args.dane)
2886 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2887 smtp_peer_options & OPTION_TLS
2888 ? US"validation-failure" /* could do with better detail */
2889 : US"starttls-not-supported",
2894 #endif /*DISABLE_TLS*/
2896 /* If TLS is active, we have just started it up and re-done the EHLO command,
2897 so its response needs to be analyzed. If TLS is not active and this is a
2898 continued session down a previously-used socket, we haven't just done EHLO, so
2901 if ( !continue_hostname
2903 || tls_out.active.sock >= 0
2907 if (sx->esmtp || sx->lmtp)
2909 #ifndef DISABLE_PIPE_CONNECT
2910 if (!sx->early_pipe_active)
2913 sx->peer_offered = ehlo_response(sx->buffer,
2915 #ifndef DISABLE_PIPE_CONNECT
2916 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2917 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2918 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
2919 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2923 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2926 # ifdef SUPPORT_I18N
2927 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2928 /*XXX if we hand peercaps on to continued-conn processes,
2929 must not depend on this addr */
2933 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
2936 #ifndef DISABLE_PIPE_CONNECT
2937 if (tls_out.active.sock >= 0)
2938 sx->ehlo_resp.crypted_features = sx->peer_offered;
2941 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2942 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2944 ehlo_response_limits_read(sx);
2945 ehlo_response_limits_apply(sx);
2950 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2951 lmtp_ignore_quota option was set. */
2953 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
2955 /* If the response to EHLO specified support for the SIZE parameter, note
2956 this, provided size_addition is non-negative. */
2958 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
2960 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2961 the current host, esmtp will be false, so PIPELINING can never be used. If
2962 the current host matches hosts_avoid_pipelining, don't do it. */
2964 if ( sx->peer_offered & OPTION_PIPE
2965 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
2966 smtp_peer_options |= OPTION_PIPE;
2968 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2969 smtp_peer_options & OPTION_PIPE ? "" : "not ");
2971 if ( sx->peer_offered & OPTION_CHUNKING
2972 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) == OK)
2973 smtp_peer_options |= OPTION_CHUNKING;
2975 if (smtp_peer_options & OPTION_CHUNKING)
2976 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
2978 #ifndef DISABLE_PRDR
2979 if ( sx->peer_offered & OPTION_PRDR
2980 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) == OK)
2981 smtp_peer_options |= OPTION_PRDR;
2983 if (smtp_peer_options & OPTION_PRDR)
2984 DEBUG(D_transport) debug_printf("PRDR usable\n");
2987 /* Note if the server supports DSN */
2988 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2989 DEBUG(D_transport) debug_printf("%susing DSN\n",
2990 sx->peer_offered & OPTION_DSN ? "" : "not ");
2992 #ifndef DISABLE_PIPE_CONNECT
2993 if ( sx->early_pipe_ok
2994 && !sx->early_pipe_active
2995 && tls_out.active.sock >= 0
2996 && smtp_peer_options & OPTION_PIPE
2997 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
2998 & OPTION_EARLY_PIPE)
3000 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
3001 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
3002 write_ehlo_cache_entry(sx);
3006 /* Note if the response to EHLO specifies support for the AUTH extension.
3007 If it has, check that this host is one we want to authenticate to, and do
3008 the business. The host name and address must be available when the
3009 authenticator's client driver is running. */
3011 switch (yield = smtp_auth(sx))
3013 default: goto SEND_QUIT;
3015 case FAIL_SEND: goto SEND_FAILED;
3016 case FAIL: goto RESPONSE_FAILED;
3020 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
3022 /* The setting up of the SMTP call is now complete. Any subsequent errors are
3023 message-specific. */
3025 sx->setting_up = FALSE;
3028 if (sx->addrlist->prop.utf8_msg)
3032 /* If the transport sets a downconversion mode it overrides any set by ACL
3035 if ((s = ob->utf8_downconvert))
3037 if (!(s = expand_string(s)))
3039 message = string_sprintf("failed to expand utf8_downconvert: %s",
3040 expand_string_message);
3041 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
3047 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
3048 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3050 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
3051 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3053 case '-': if (s[1] == '1')
3055 sx->addrlist->prop.utf8_downcvt = FALSE;
3056 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
3062 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
3063 && !sx->addrlist->prop.utf8_downcvt_maybe;
3064 DEBUG(D_transport) if (!sx->utf8_needed)
3065 debug_printf("utf8: %s downconvert\n",
3066 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
3069 /* If this is an international message we need the host to speak SMTPUTF8 */
3070 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
3072 errno = ERRNO_UTF8_FWD;
3073 goto RESPONSE_FAILED;
3075 #endif /*SUPPORT_I18N*/
3084 if (errno == ECONNREFUSED) /* first-read error on a TFO conn */
3086 /* There is a testing facility for simulating a connection timeout, as I
3087 can't think of any other way of doing this. It converts a connection
3088 refused into a timeout if the timeout is set to 999999. This is done for
3089 a 3whs connection in ip_connect(), but a TFO connection does not error
3090 there - instead it gets ECONNREFUSED on the first data read. Tracking
3091 that a TFO really was done is too hard, or we would set a
3092 sx->pending_conn_done bit and test that in smtp_reap_banner() and
3093 smtp_reap_ehlo(). That would let us also add the conn-timeout to the
3096 if (f.running_in_test_harness && ob->connect_timeout == 999999)
3098 set_errno_nohost(sx->addrlist,
3099 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
3100 sx->verify ? US strerror(errno) : NULL,
3101 DEFER, FALSE, &sx->delivery_start);
3102 sx->send_quit = FALSE;
3106 /* really an error on an SMTP read */
3108 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
3109 sx->buffer, &code, &message, &pass_message);
3115 message = US string_sprintf("smtp send to %s [%s] failed: %s",
3116 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
3117 sx->send_quit = FALSE;
3123 message = string_sprintf("Remote host closed connection in response to %s"
3124 " (EHLO response was: %s)", smtp_command, sx->buffer);
3125 sx->send_quit = FALSE;
3129 /* This label is jumped to directly when a TLS negotiation has failed,
3130 or was not done for a host for which it is required. Values will be set
3131 in message and errno, and setting_up will always be true. Treat as
3132 a temporary error. */
3136 code = '4', yield = DEFER;
3140 /* The failure happened while setting up the call; see if the failure was
3141 a 5xx response (this will either be on connection, or following HELO - a 5xx
3142 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
3143 fail all addresses, as this host is never going to accept them. For other
3144 errors during setting up (timeouts or whatever), defer all addresses, and
3145 yield DEFER, so that the host is not tried again for a while.
3147 XXX This peeking for another host feels like a layering violation. We want
3148 to note the host as unusable, but down here we shouldn't know if this was
3149 the last host to try for the addr(list). Perhaps the upper layer should be
3150 the one to do set_errno() ? The problem is that currently the addr is where
3151 errno etc. are stashed, but until we run out of hosts to try the errors are
3152 host-specific. Maybe we should enhance the host_item definition? */
3155 sx->ok = FALSE; /* For when reached by GOTO */
3156 set_errno(sx->addrlist, errno, message,
3157 sx->conn_args.host->next
3161 || errno == ERRNO_UTF8_FWD
3165 errno == ECONNREFUSED ? NULL : sx->conn_args.host,
3166 #ifdef EXPERIMENTAL_DSN_INFO
3167 sx->smtp_greeting, sx->helo_response,
3169 &sx->delivery_start);
3176 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
3179 if (sx->cctx.tls_ctx)
3181 if (sx->send_tlsclose)
3183 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
3184 sx->send_tlsclose = FALSE;
3186 sx->cctx.tls_ctx = NULL;
3190 /* Close the socket, and return the appropriate value, first setting
3191 works because the NULL setting is passed back to the calling process, and
3192 remote_max_parallel is forced to 1 when delivering over an existing connection,
3195 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
3198 shutdown(sx->cctx.sock, SHUT_WR);
3199 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
3200 for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
3201 i--; /* drain socket */
3202 sx->send_quit = FALSE;
3204 (void)close(sx->cctx.sock);
3207 #ifndef DISABLE_EVENT
3208 (void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL, NULL);
3211 smtp_debug_cmd_report();
3212 continue_transport = NULL;
3213 continue_hostname = NULL;
3220 /* Create the string of options that will be appended to the MAIL FROM:
3221 in the connection context buffer */
3224 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
3226 uschar * p = sx->buffer;
3227 address_item * addr;
3232 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
3233 send it, adding something to the message size to allow for imprecision
3234 and things that get added en route. Exim keeps the number of lines
3235 in a message, so we can give an accurate value for the original message, but we
3236 need some additional to handle added headers. (Double "." characters don't get
3237 included in the count.) */
3239 if ( message_size > 0
3240 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
3242 /*XXX problem here under spool_files_wireformat?
3243 Or just forget about lines? Or inflate by a fixed proportion? */
3245 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
3249 #ifndef DISABLE_PRDR
3250 /* If it supports Per-Recipient Data Responses, and we have more than one recipient,
3253 sx->prdr_active = FALSE;
3254 if (smtp_peer_options & OPTION_PRDR)
3255 for (address_item * addr = addrlist; addr; addr = addr->next)
3256 if (addr->transport_return == PENDING_DEFER)
3258 for (addr = addr->next; addr; addr = addr->next)
3259 if (addr->transport_return == PENDING_DEFER)
3260 { /* at least two recipients to send */
3261 sx->prdr_active = TRUE;
3262 sprintf(CS p, " PRDR"); p += 5;
3270 /* If it supports internationalised messages, and this meesage need that,
3273 if ( sx->peer_offered & OPTION_UTF8
3274 && addrlist->prop.utf8_msg
3275 && !addrlist->prop.utf8_downcvt
3277 Ustrcpy(p, US" SMTPUTF8"), p += 9;
3280 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3281 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3282 addr && address_count < sx->max_rcpt; /*XXX maybe also || sx->single_rcpt_domain ? */
3283 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3286 if (!(addr->dsn_flags & rf_dsnlasthop))
3288 sx->dsn_all_lasthop = FALSE;
3293 /* Add any DSN flags to the mail command */
3295 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
3297 if (dsn_ret == dsn_ret_hdrs)
3298 { Ustrcpy(p, US" RET=HDRS"); p += 9; }
3299 else if (dsn_ret == dsn_ret_full)
3300 { Ustrcpy(p, US" RET=FULL"); p += 9; }
3304 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3309 /* If an authenticated_sender override has been specified for this transport
3310 instance, expand it. If the expansion is forced to fail, and there was already
3311 an authenticated_sender for this message, the original value will be used.
3312 Other expansion failures are serious. An empty result is ignored, but there is
3313 otherwise no check - this feature is expected to be used with LMTP and other
3314 cases where non-standard addresses (e.g. without domains) might be required. */
3316 return smtp_mail_auth_str(sx, p, addrlist) ? ERROR : OK;
3321 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3323 uschar * p = sx->buffer;
3326 /* Add any DSN flags to the rcpt command */
3328 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
3330 if (addr->dsn_flags & rf_dsnflags)
3334 Ustrcpy(p, US" NOTIFY=");
3336 for (int i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
3338 if (!first) *p++ = ',';
3340 Ustrcpy(p, rf_names[i]);
3345 if (addr->dsn_orcpt)
3347 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3358 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3359 -1 MAIL response error
3360 -2 any non-MAIL read i/o error
3361 -3 non-MAIL response timeout
3362 -4 internal error; channel still usable
3367 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3369 address_item * addr;
3370 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3371 address_item * restart_addr = NULL;
3373 int address_count, pipe_limit;
3376 if (build_mailcmd_options(sx, sx->first_addr) != OK)
3382 /* From here until we send the DATA command, we can make use of PIPELINING
3383 if the server host supports it. The code has to be able to check the responses
3384 at any point, for when the buffer fills up, so we write it totally generally.
3385 When PIPELINING is off, each command written reports that it has flushed the
3388 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3391 uschar * s = sx->from_addr;
3393 uschar * errstr = NULL;
3395 /* If we must downconvert, do the from-address here. Remember we had to
3396 for the to-addresses (done below), and also (ugly) for re-doing when building
3397 the delivery log line. */
3399 if ( sx->addrlist->prop.utf8_msg
3400 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
3403 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3405 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE, &sx->delivery_start);
3409 setflag(sx->addrlist, af_utf8_downcvt);
3413 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
3414 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3417 mail_command = string_copy(big_buffer); /* Save for later error message */
3421 case -1: /* Transmission error */
3424 case +1: /* Cmd was sent */
3425 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
3426 (SOB sx->conn_args.ob)->command_timeout))
3428 if (errno == 0 && sx->buffer[0] == '4')
3430 errno = ERRNO_MAIL4XX;
3431 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3435 sx->pending_MAIL = FALSE;
3438 /* otherwise zero: command queued for pipeline */
3441 /* Pass over all the relevant recipient addresses for this host, which are the
3442 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3443 several before we have to read the responses for those seen so far. This
3444 checking is done by a subroutine because it also needs to be done at the end.
3445 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3446 the next one if not all are sent.
3448 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3449 last address because we want to abort if any recipients have any kind of
3450 problem, temporary or permanent. We know that all recipient addresses will have
3451 the PENDING_DEFER status, because only one attempt is ever made, and we know
3452 that max_rcpt will be large, so all addresses will be done at once.
3454 For verify we flush the pipeline after any (the only) rcpt address. */
3456 for (addr = sx->first_addr, address_count = 0, pipe_limit = 100;
3457 addr && address_count < sx->max_rcpt;
3458 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3464 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3465 if ( sx->single_rcpt_domain /* restriction on domains */
3466 && address_count > 0 /* not first being sent */
3467 && Ustrcmp(addr->domain, sx->first_addr->domain) != 0 /* dom diff from first */
3470 DEBUG(D_transport) debug_printf("skipping different domain %s\n", addr->domain);
3472 /* Ensure the smtp-response reaper does not think the address had a RCPT
3473 command sent for it. Reset to PENDING_DEFER in smtp_deliver(), where we
3474 goto SEND_MESSAGE. */
3476 addr->transport_return = SKIP;
3477 if (!restart_addr) restart_addr = addr; /* note restart point */
3478 continue; /* skip this one */
3482 addr->dsn_aware = sx->peer_offered & OPTION_DSN
3483 ? dsn_support_yes : dsn_support_no;
3486 if (pipe_limit-- <= 0)
3487 { no_flush = FALSE; pipe_limit = 100; }
3489 no_flush = pipelining_active && !sx->verify
3490 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
3492 build_rcptcmd_options(sx, addr);
3494 /* Now send the RCPT command, and process outstanding responses when
3495 necessary. After a timeout on RCPT, we just end the function, leaving the
3496 yield as OK, because this error can often mean that there is a problem with
3497 just one address, so we don't want to delay the host. */
3499 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
3502 if ( testflag(sx->addrlist, af_utf8_downcvt)
3503 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3506 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3507 errno = ERRNO_EXPANDFAIL;
3508 return -5; /*XXX too harsh? */
3512 cmds_sent = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
3513 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
3515 if (cmds_sent < 0) return -5;
3518 switch(sync_responses(sx, cmds_sent, 0))
3520 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3521 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3524 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3525 if (!sx->lmtp) /* can't tell about progress yet */
3526 sx->completed_addr = TRUE;
3527 case 0: /* No 2xx or 5xx, but no probs */
3528 /* If any RCPT got a 452 response then next_addr has been updated
3529 for restarting with a new MAIL on the same connection. Send no more
3530 RCPTs for this MAIL. */
3534 DEBUG(D_transport) debug_printf("seen 452 too-many-rcpts\n");
3535 sx->RCPT_452 = FALSE;
3536 /* sx->next_addr has been reset for fast_retry */
3541 case -1: return -3; /* Timeout on RCPT */
3542 case -2: return -2; /* non-MAIL read i/o error */
3543 default: return -1; /* any MAIL error */
3545 #ifndef DISABLE_PIPE_CONNECT
3546 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
3547 case -5: return -1; /* TLS first-read error */
3551 } /* Loop for next address */
3553 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3554 sx->next_addr = restart_addr ? restart_addr : addr;
3556 sx->next_addr = addr;
3563 /*****************************************************
3564 * Proxy TLS connection for another transport process *
3565 ******************************************************/
3567 Close the unused end of the pipe, fork once more, then use the given buffer
3568 as a staging area, and select on both the given fd and the TLS'd client-fd for
3569 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3570 Do blocking full-size writes, and reads under a timeout. Once both input
3571 channels are closed, exit the process.
3575 buf space to use for buffering
3576 bufsiz size of buffer
3577 pfd pipe filedescriptor array; [0] is comms to proxied process
3578 timeout per-read timeout, seconds
3579 host hostname of remote
3585 smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3586 int timeout, const uschar * host)
3588 struct pollfd p[2] = {{.fd = tls_out.active.sock, .events = POLLIN},
3589 {.fd = pfd[0], .events = POLLIN}};
3591 BOOL send_tls_shutdown = TRUE;
3594 if ((rc = exim_fork(US"tls-proxy")))
3595 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3597 set_process_info("proxying TLS connection for continued transport to %s\n", host);
3601 time_t time_left = timeout;
3602 time_t time_start = time(NULL);
3607 rc = poll(p, 2, time_left * 1000);
3609 if (rc < 0 && errno == EINTR)
3610 if ((time_left -= time(NULL) - time_start) > 0) continue;
3614 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
3618 /* For errors where not readable, bomb out */
3620 if (p[0].revents & POLLERR || p[1].revents & POLLERR)
3622 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
3623 p[0].revents & POLLERR ? "tls" : "proxy");
3624 if (!(p[0].revents & POLLIN || p[1].events & POLLIN))
3626 DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n");
3629 while (rc < 0 || !(p[0].revents & POLLIN || p[1].revents & POLLIN));
3631 /* handle inbound data */
3632 if (p[0].revents & POLLIN)
3633 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0) /* Expect -1 for EOF; */
3634 { /* that reaps the TLS Close Notify record */
3636 shutdown(pfd[0], SHUT_WR);
3640 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3641 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
3643 /* Handle outbound data. We cannot combine payload and the TLS-close
3644 due to the limitations of the (pipe) channel feeding us. Maybe use a unix-domain
3646 if (p[1].revents & POLLIN)
3647 if ((rc = read(pfd[0], buf, bsize)) <= 0)
3651 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
3652 (void) setsockopt(tls_out.active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
3654 tls_shutdown_wr(ct_ctx);
3655 send_tls_shutdown = FALSE;
3656 shutdown(tls_out.active.sock, SHUT_WR);
3659 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3660 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
3663 while (p[0].fd >= 0 || p[1].fd >= 0);
3666 if (send_tls_shutdown) tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
3668 testharness_pause_ms(100); /* let logging complete */
3669 exim_exit(EXIT_SUCCESS);
3674 /*************************************************
3675 * Deliver address list to given host *
3676 *************************************************/
3678 /* If continue_hostname is not null, we get here only when continuing to
3679 deliver down an existing channel. The channel was passed as the standard
3680 input. TLS is never active on a passed channel; the previous process either
3681 closes it down before passing the connection on, or inserts a TLS-proxy
3682 process and passes on a cleartext conection.
3684 Otherwise, we have to make a connection to the remote host, and do the
3685 initial protocol exchange.
3687 When running as an MUA wrapper, if the sender or any recipient is rejected,
3688 temporarily or permanently, we force failure for all recipients.
3691 addrlist chain of potential addresses to deliver; only those whose
3692 transport_return field is set to PENDING_DEFER are currently
3693 being processed; others should be skipped - they have either
3694 been delivered to an earlier host or IP address, or been
3695 failed by one of them.
3696 host host to deliver to
3697 host_af AF_INET or AF_INET6
3698 defport default TCP/IP port to use if host does not specify, in host
3700 interface interface to bind to, or NULL
3701 tblock transport instance block
3702 message_defer set TRUE if yield is OK, but all addresses were deferred
3703 because of a non-recipient, non-host failure, that is, a
3704 4xx response to MAIL FROM, DATA, or ".". This is a defer
3705 that is specific to the message.
3706 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
3707 a second attempt after TLS initialization fails
3709 Returns: OK - the connection was made and the delivery attempted;
3710 the result for each address is in its data block.
3711 DEFER - the connection could not be made, or something failed
3712 while setting up the SMTP session, or there was a
3713 non-message-specific error, such as a timeout.
3714 ERROR - a filter command is specified for this transport,
3715 and there was a problem setting it up; OR helo_data
3716 or add_headers or authenticated_sender is specified
3717 for this transport, and the string failed to expand
3719 For all non-OK returns the first addr of the list carries the
3720 time taken for the attempt.
3724 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
3725 uschar *interface, transport_instance *tblock,
3726 BOOL *message_defer, BOOL suppress_tls)
3728 smtp_transport_options_block * ob = SOB tblock->options_block;
3733 uschar *message = NULL;
3734 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
3735 smtp_context * sx = store_get(sizeof(*sx), GET_TAINTED); /* tainted, for the data buffers */
3736 BOOL pass_message = FALSE;
3737 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3738 BOOL mail_limit = FALSE;
3743 BOOL tcw_done = FALSE, tcw = FALSE;
3745 *message_defer = FALSE;
3747 memset(sx, 0, sizeof(*sx));
3748 sx->addrlist = addrlist;
3749 sx->conn_args.host = host;
3750 sx->conn_args.host_af = host_af;
3752 sx->conn_args.interface = interface;
3753 sx->helo_data = NULL;
3754 sx->conn_args.tblock = tblock;
3755 sx->conn_args.sock = -1;
3756 gettimeofday(&sx->delivery_start, NULL);
3757 sx->sync_addr = sx->first_addr = addrlist;
3764 /* Get the channel set up ready for a message, MAIL FROM being the next
3765 SMTP command to send. */
3767 if ((rc = smtp_setup_conn(sx, suppress_tls)) != OK)
3769 timesince(&addrlist->delivery_time, &sx->delivery_start);
3775 /* If the connection used DANE, ignore for now any addresses with incompatible
3776 domains. The SNI has to be the domain. Arrange a whole new TCP conn later,
3777 just in case only TLS isn't enough. */
3779 if (sx->conn_args.dane)
3781 const uschar * dane_domain = sx->first_addr->domain;
3783 for (address_item * a = sx->first_addr->next; a; a = a->next)
3784 if ( a->transport_return == PENDING_DEFER
3785 && Ustrcmp(dane_domain, a->domain) != 0)
3787 DEBUG(D_transport) debug_printf("DANE: holding %s for later\n", a->domain);
3789 a->transport_return = DANE;
3794 /* If there is a filter command specified for this transport, we can now
3795 set it up. This cannot be done until the identity of the host is known. */
3797 if (tblock->filter_command)
3799 transport_filter_timeout = tblock->filter_timeout;
3801 /* On failure, copy the error to all addresses, abandon the SMTP call, and
3804 if (!transport_set_up_command(&transport_filter_argv,
3805 tblock->filter_command, TRUE, DEFER, addrlist, FALSE,
3806 string_sprintf("%.50s transport filter", tblock->name), NULL))
3808 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3809 FALSE, &sx->delivery_start);
3814 if ( transport_filter_argv
3815 && *transport_filter_argv
3816 && **transport_filter_argv
3817 && smtp_peer_options & OPTION_CHUNKING
3818 #ifndef DISABLE_DKIM
3819 /* When dkim signing, chunking is handled even with a transport-filter */
3820 && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)
3821 && !ob->dkim.force_bodyhash
3825 smtp_peer_options &= ~OPTION_CHUNKING;
3826 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3830 /* For messages that have more than the maximum number of envelope recipients,
3831 we want to send several transactions down the same SMTP connection. (See
3832 comments in deliver.c as to how this reconciles, heuristically, with
3833 remote_max_parallel.) This optimization was added to Exim after the following
3834 code was already working. The simplest way to put it in without disturbing the
3835 code was to use a goto to jump back to this point when there is another
3836 transaction to handle. */
3839 sx->from_addr = return_path;
3840 sx->sync_addr = sx->first_addr;
3842 sx->send_rset = TRUE;
3843 sx->completed_addr = FALSE;
3846 /* If we are a continued-connection-after-verify the MAIL and RCPT
3847 commands were already sent; do not re-send but do mark the addrs as
3848 having been accepted up to RCPT stage. A traditional cont-conn
3849 always has a sequence number greater than one. */
3851 if (continue_hostname && continue_sequence == 1)
3853 /* sx->pending_MAIL = FALSE; */
3855 /* sx->next_addr = NULL; */
3857 for (address_item * addr = addrlist; addr; addr = addr->next)
3858 addr->transport_return = PENDING_OK;
3862 /* Initiate a message transfer. */
3864 switch(smtp_write_mail_and_rcpt_cmds(sx, &yield))
3867 case -1: case -2: goto RESPONSE_FAILED;
3868 case -3: goto END_OFF;
3869 case -4: goto SEND_QUIT;
3870 default: goto SEND_FAILED;
3873 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3874 permanently or temporarily. We should have flushed and synced after the last
3882 for (a = sx->first_addr, cnt = 0; a && cnt < sx->max_rcpt; a = a->next, cnt++)
3883 if (a->transport_return != PENDING_OK)
3885 /*XXX could we find a better errno than 0 here? */
3886 set_errno_nohost(addrlist, 0, a->message, FAIL,
3887 testflag(a, af_pass_message), &sx->delivery_start);
3894 /* If ok is TRUE, we know we have got at least one good recipient, and must now
3895 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3896 have a good recipient buffered up if we are pipelining. We don't want to waste
3897 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
3898 are pipelining. The responses are all handled by sync_responses().
3899 If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3902 if ( !(smtp_peer_options & OPTION_CHUNKING)
3903 && (sx->ok || (pipelining_active && !mua_wrapper)))
3905 int count = smtp_write_command(sx, SCMD_FLUSH, "DATA\r\n");
3907 if (count < 0) goto SEND_FAILED;
3908 switch(sync_responses(sx, count, sx->ok ? +1 : -1))
3910 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3911 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3914 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3915 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
3916 case 0: break; /* No 2xx or 5xx, but no probs */
3918 case -1: goto END_OFF; /* Timeout on RCPT */
3920 #ifndef DISABLE_PIPE_CONNECT
3921 case -5: /* TLS first-read error */
3922 case -4: HDEBUG(D_transport)
3923 debug_printf("failed reaping pipelined cmd responses\n");
3925 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3927 pipelining_active = FALSE;
3928 data_command = string_copy(big_buffer); /* Save for later error message */
3931 /* If there were no good recipients (but otherwise there have been no
3932 problems), just set ok TRUE, since we have handled address-specific errors
3933 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3934 for handling the SMTP dot-handling protocol, flagging to apply to headers as
3935 well as body. Set the appropriate timeout value to be used for each chunk.
3936 (Haven't been able to make it work using select() for writing yet.) */
3939 && (!(smtp_peer_options & OPTION_CHUNKING) || !pipelining_active))
3941 /* Save the first address of the next batch. */
3942 sx->first_addr = sx->next_addr;
3948 transport_ctx tctx = {
3949 .u = {.fd = sx->cctx.sock}, /*XXX will this need TLS info? */
3952 .check_string = US".",
3953 .escape_string = US"..", /* Escaping strings */
3955 topt_use_crlf | topt_escape_headers
3956 | (tblock->body_only ? topt_no_headers : 0)
3957 | (tblock->headers_only ? topt_no_body : 0)
3958 | (tblock->return_path_add ? topt_add_return_path : 0)
3959 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3960 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3963 /* If using CHUNKING we need a callback from the generic transport
3964 support to us, for the sending of BDAT smtp commands and the reaping
3965 of responses. The callback needs a whole bunch of state so set up
3966 a transport-context structure to be passed around. */
3968 if (smtp_peer_options & OPTION_CHUNKING)
3970 tctx.check_string = tctx.escape_string = NULL;
3971 tctx.options |= topt_use_bdat;
3972 tctx.chunk_cb = smtp_chunk_cmd_callback;
3973 sx->pending_BDAT = FALSE;
3974 sx->good_RCPT = sx->ok;
3976 tctx.smtp_context = sx;
3979 tctx.options |= topt_end_dot;
3981 /* Save the first address of the next batch. */
3982 sx->first_addr = sx->next_addr;
3984 /* Responses from CHUNKING commands go in buffer. Otherwise,
3985 there has not been a response. */
3989 sigalrm_seen = FALSE;
3990 transport_write_timeout = ob->data_timeout;
3991 smtp_command = US"sending data block"; /* For error messages */
3992 DEBUG(D_transport|D_v)
3993 if (smtp_peer_options & OPTION_CHUNKING)
3994 debug_printf(" will write message using CHUNKING\n");
3996 debug_printf(" SMTP>> (writing message)\n");
3997 transport_count = 0;
3999 #ifndef DISABLE_DKIM
4001 # ifdef MEASURE_TIMING
4003 gettimeofday(&t0, NULL);
4005 dkim_exim_sign_init();
4006 # ifdef EXPERIMENTAL_ARC
4008 uschar * s = ob->arc_sign;
4011 if (!(ob->dkim.arc_signspec = s = expand_string(s)))
4013 if (!f.expand_string_forcedfail)
4015 message = US"failed to expand arc_sign";
4022 /* Ask dkim code to hash the body for ARC */
4023 (void) arc_ams_setup_sign_bodyhash();
4024 ob->dkim.force_bodyhash = TRUE;
4029 # ifdef MEASURE_TIMING
4030 report_time_since(&t0, US"dkim_exim_sign_init (delta)");
4035 /* See if we can pipeline QUIT. Reasons not to are
4036 - pipelining not active
4037 - not ok to send quit
4038 - errors in amtp transation responses
4039 - more addrs to send for this message or this host
4040 - this message was being retried
4041 - more messages for this host
4042 If we can, we want the message-write to not flush (the tail end of) its data out. */
4044 if ( sx->pipelining_used
4045 && (sx->ok && sx->completed_addr || smtp_peer_options & OPTION_CHUNKING)
4047 && !(sx->first_addr || f.continue_more)
4048 && f.deliver_firsttime
4051 smtp_compare_t t_compare =
4052 {.tblock = tblock, .current_sender_address = sender_address};
4057 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4058 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4062 transport_check_waiting(tblock->name, host->name,
4063 tblock->connection_max_messages, new_message_id,
4064 (oicf)smtp_are_same_identities, (void*)&t_compare);
4067 HDEBUG(D_transport) debug_printf("will pipeline QUIT\n");
4068 tctx.options |= topt_no_flush;
4072 #ifndef DISABLE_DKIM
4073 sx->ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
4075 sx->ok = transport_write_message(&tctx, 0);
4078 /* transport_write_message() uses write() because it is called from other
4079 places to write to non-sockets. This means that under some OS (e.g. Solaris)
4080 it can exit with "Broken pipe" as its error. This really means that the
4081 socket got closed at the far end. */
4083 transport_write_timeout = 0; /* for subsequent transports */
4085 /* Failure can either be some kind of I/O disaster (including timeout),
4086 or the failure of a transport filter or the expansion of added headers.
4087 Or, when CHUNKING, it can be a protocol-detected failure. */
4090 if (message) goto SEND_FAILED;
4091 else goto RESPONSE_FAILED;
4093 /* We used to send the terminating "." explicitly here, but because of
4094 buffering effects at both ends of TCP/IP connections, you don't gain
4095 anything by keeping it separate, so it might as well go in the final
4096 data buffer for efficiency. This is now done by setting the topt_end_dot
4099 smtp_command = US"end of data";
4101 /* If we can pipeline a QUIT with the data them send it now. If a new message
4102 for this host appeared in the queue while data was being sent, we will not see
4103 it and it will have to wait for a queue run. If there was one but another
4104 thread took it, we might attempt to send it - but locking of spoolfiles will
4105 detect that. Use _MORE to get QUIT in FIN segment. */
4107 if (tcw_done && !tcw)
4109 /*XXX jgh 2021/03/10 google et. al screwup. G, at least, sends TCP FIN in response to TLS
4110 close-notify. Under TLS 1.3, violating RFC.
4111 However, TLS 1.2 does not have half-close semantics. */
4113 if ( sx->cctx.tls_ctx
4114 #if 0 && !defined(DISABLE_TLS)
4115 && Ustrcmp(tls_out.ver, "TLS1.3") != 0
4117 || !f.deliver_firsttime
4119 { /* Send QUIT now and not later */
4120 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
4121 sx->send_quit = FALSE;
4124 { /* add QUIT to the output buffer */
4125 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4126 sx->send_quit = FALSE; /* avoid sending it later */
4129 if (sx->cctx.tls_ctx && sx->send_tlsclose) /* need to send TLS Close Notify */
4131 # ifdef EXIM_TCP_CORK /* Use _CORK to get Close Notify in FIN segment */
4132 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4134 tls_shutdown_wr(sx->cctx.tls_ctx);
4135 sx->send_tlsclose = FALSE; /* avoid later repeat */
4138 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4139 shutdown(sx->cctx.sock, SHUT_WR); /* flush output buffer, with TCP FIN */
4143 if (smtp_peer_options & OPTION_CHUNKING && sx->cmd_count > 1)
4145 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
4146 switch(sync_responses(sx, sx->cmd_count-1, 0))
4148 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
4149 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
4152 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
4153 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
4154 case 0: break; /* No 2xx or 5xx, but no probs */
4156 case -1: goto END_OFF; /* Timeout on RCPT */
4158 #ifndef DISABLE_PIPE_CONNECT
4159 case -5: /* TLS first-read error */
4160 case -4: HDEBUG(D_transport)
4161 debug_printf("failed reaping pipelined cmd responses\n");
4163 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
4167 #ifndef DISABLE_PRDR
4168 /* For PRDR we optionally get a partial-responses warning followed by the
4169 individual responses, before going on with the overall response. If we don't
4170 get the warning then deal with per non-PRDR. */
4174 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '3', ob->final_timeout);
4175 if (!sx->ok && errno == 0) switch(sx->buffer[0])
4177 case '2': sx->prdr_active = FALSE;
4180 case '4': errno = ERRNO_DATA4XX;
4181 addrlist->more_errno |=
4182 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4189 /* For non-PRDR SMTP, we now read a single response that applies to the
4190 whole message. If it is OK, then all the addresses have been delivered. */
4194 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4196 if (!sx->ok && errno == 0 && sx->buffer[0] == '4')
4198 errno = ERRNO_DATA4XX;
4199 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4203 /* For LMTP, we get back a response for every RCPT command that we sent;
4204 some may be accepted and some rejected. For those that get a response, their
4205 status is fixed; any that are accepted have been handed over, even if later
4206 responses crash - at least, that's how I read RFC 2033.
4208 If all went well, mark the recipient addresses as completed, record which
4209 host/IPaddress they were delivered to, and cut out RSET when sending another
4210 message down the same channel. Write the completed addresses to the journal
4211 now so that they are recorded in case there is a crash of hardware or
4212 software before the spool gets updated. Also record the final SMTP
4213 confirmation if needed (for SMTP only). */
4218 struct timeval delivery_time;
4220 uschar * conf = NULL;
4222 timesince(&delivery_time, &sx->delivery_start);
4223 sx->send_rset = FALSE;
4224 pipelining_active = FALSE;
4226 /* Set up confirmation if needed - applies only to SMTP */
4229 #ifdef DISABLE_EVENT
4230 LOGGING(smtp_confirmation) &&
4235 const uschar * s = string_printing(sx->buffer);
4236 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4237 conf = s == sx->buffer ? US string_copy(s) : US s;
4240 /* Process all transported addresses - for LMTP or PRDR, read a status for
4241 each one. We used to drop out at first_addr, until someone returned a 452
4242 followed by a 250... and we screwed up the accepted addresses. */
4244 for (address_item * addr = addrlist; addr; addr = addr->next)
4246 if (addr->transport_return != PENDING_OK) continue;
4248 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
4249 remaining addresses. Otherwise, it's a return code for just the one
4250 address. For temporary errors, add a retry item for the address so that
4251 it doesn't get tried again too soon. */
4253 #ifndef DISABLE_PRDR
4254 if (sx->lmtp || sx->prdr_active)
4259 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4262 if (errno != 0 || sx->buffer[0] == 0) goto RESPONSE_FAILED;
4263 addr->message = string_sprintf(
4264 #ifndef DISABLE_PRDR
4265 "%s error after %s: %s", sx->prdr_active ? "PRDR":"LMTP",
4267 "LMTP error after %s: %s",
4269 data_command, string_printing(sx->buffer));
4270 setflag(addr, af_pass_message); /* Allow message to go to user */
4271 if (sx->buffer[0] == '5')
4272 addr->transport_return = FAIL;
4275 errno = ERRNO_DATA4XX;
4276 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4277 addr->transport_return = DEFER;
4278 #ifndef DISABLE_PRDR
4279 if (!sx->prdr_active)
4281 retry_add_item(addr, addr->address_retry_key, 0);
4285 sx->completed_addr = TRUE; /* NOW we can set this flag */
4286 if (LOGGING(smtp_confirmation))
4288 const uschar *s = string_printing(sx->buffer);
4289 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4290 conf = (s == sx->buffer) ? US string_copy(s) : US s;
4294 /* SMTP, or success return from LMTP for this address. Pass back the
4295 actual host that was used. */
4297 addr->transport_return = OK;
4298 addr->host_used = host;
4299 addr->delivery_time = delivery_time;
4300 addr->special_action = flag;
4301 addr->message = conf;
4303 if (tcp_out_fastopen)
4305 setflag(addr, af_tcp_fastopen_conn);
4306 if (tcp_out_fastopen >= TFO_USED_NODATA) setflag(addr, af_tcp_fastopen);
4307 if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data);
4309 if (sx->pipelining_used) setflag(addr, af_pipelining);
4310 #ifndef DISABLE_PIPE_CONNECT
4311 if (sx->early_pipe_active) setflag(addr, af_early_pipe);
4313 #ifndef DISABLE_PRDR
4314 if (sx->prdr_active) setflag(addr, af_prdr_used);
4316 if (smtp_peer_options & OPTION_CHUNKING) setflag(addr, af_chunking_used);
4319 #ifndef DISABLE_PRDR
4320 if (!sx->prdr_active)
4323 /* Update the journal. For homonymic addresses, use the base address plus
4324 the transport name. See lots of comments in deliver.c about the reasons
4325 for the complications when homonyms are involved. Just carry on after
4326 write error, as it may prove possible to update the spool file later. */
4328 if (testflag(addr, af_homonym))
4329 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4331 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4333 DEBUG(D_deliver) debug_printf("S:journalling %s", sx->buffer);
4334 len = Ustrlen(CS sx->buffer);
4335 if (write(journal_fd, sx->buffer, len) != len)
4336 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4337 "%s: %s", sx->buffer, strerror(errno));
4341 #ifndef DISABLE_PRDR
4342 if (sx->prdr_active)
4344 const uschar * overall_message;
4346 /* PRDR - get the final, overall response. For any non-success
4347 upgrade all the address statuses. */
4349 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4353 if(errno == 0 && sx->buffer[0] == '4')
4355 errno = ERRNO_DATA4XX;
4356 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4358 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4359 if (sx->buffer[0] == '5' || addr->transport_return == OK)
4360 addr->transport_return = PENDING_OK; /* allow set_errno action */
4361 goto RESPONSE_FAILED;
4364 /* Append the overall response to the individual PRDR response for logging
4365 and update the journal, or setup retry. */
4367 overall_message = string_printing(sx->buffer);
4368 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4369 if (addr->transport_return == OK)
4370 addr->message = string_sprintf("%s\\n%s", addr->message, overall_message);
4372 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4373 if (addr->transport_return == OK)
4375 if (testflag(addr, af_homonym))
4376 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4378 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4380 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx->buffer);
4381 len = Ustrlen(CS sx->buffer);
4382 if (write(journal_fd, sx->buffer, len) != len)
4383 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4384 "%s: %s", sx->buffer, strerror(errno));
4386 else if (addr->transport_return == DEFER)
4387 /*XXX magic value -2 ? maybe host+message ? */
4388 retry_add_item(addr, addr->address_retry_key, -2);
4392 /* Ensure the journal file is pushed out to disk. */
4394 if (EXIMfsync(journal_fd) < 0)
4395 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
4401 /* Handle general (not specific to one address) failures here. The value of ok
4402 is used to skip over this code on the falling through case. A timeout causes a
4403 deferral. Other errors may defer or fail according to the response code, and
4404 may set up a special errno value, e.g. after connection chopped, which is
4405 assumed if errno == 0 and there is no text in the buffer. If control reaches
4406 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
4407 the problem is not related to this specific message. */
4412 uschar * set_message;
4418 /* Clear send_quit flag if needed. Do not set. */
4419 sx->send_quit &= check_response(host, &save_errno, addrlist->more_errno,
4420 sx->buffer, &code, &message, &pass_message);
4428 message = string_sprintf("smtp send to %s [%s] failed: %s",
4429 host->name, host->address, message ? message : US strerror(save_errno));
4430 sx->send_quit = FALSE;
4438 sx->ok = FALSE; /* For when reached by GOTO */
4439 set_message = message;
4441 /* We want to handle timeouts after MAIL or "." and loss of connection after
4442 "." specially. They can indicate a problem with the sender address or with
4443 the contents of the message rather than a real error on the connection. These
4444 cases are treated in the same way as a 4xx response. This next bit of code
4445 does the classification. */
4452 message_error = TRUE;
4456 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
4457 Ustrncmp(smtp_command,"end ",4) == 0;
4460 case ERRNO_SMTPCLOSED:
4461 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
4464 #ifndef DISABLE_DKIM
4466 /* DKIM signing failure: avoid thinking we pipelined quit,
4467 just abandon the message and close the socket. */
4469 message_error = FALSE;
4470 # ifndef DISABLE_TLS
4471 if (sx->cctx.tls_ctx)
4473 tls_close(sx->cctx.tls_ctx,
4474 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4475 sx->cctx.tls_ctx = NULL;
4481 message_error = FALSE;
4485 /* Handle the cases that are treated as message errors. These are:
4487 (a) negative response or timeout after MAIL
4488 (b) negative response after DATA
4489 (c) negative response or timeout or dropped connection after "."
4490 (d) utf8 support required and not offered
4492 It won't be a negative response or timeout after RCPT, as that is dealt
4493 with separately above. The action in all cases is to set an appropriate
4494 error code for all the addresses, but to leave yield set to OK because the
4495 host itself has not failed. Of course, it might in practice have failed
4496 when we've had a timeout, but if so, we'll discover that at the next
4497 delivery attempt. For a temporary error, set the message_defer flag, and
4498 write to the logs for information if this is not the last host. The error
4499 for the last host will be logged as part of the address's log line. */
4503 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
4505 /* If there's an errno, the message contains just the identity of
4510 else /* Anything other than 5 is treated as temporary */
4514 message = US string_sprintf("%s: %s", message, strerror(save_errno));
4516 write_logs(host, message, sx->first_addr ? sx->first_addr->basic_errno : 0);
4518 *message_defer = TRUE;
4521 DEBUG(D_transport) if (sx->cctx.sock >= 0)
4524 if (ioctl(sx->cctx.sock, TIOCOUTQ, &n) == 0)
4525 debug_printf("%d bytes remain in socket output buffer\n", n);
4529 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
4530 ".", or some other transportation error. We defer all addresses and yield
4531 DEFER, except for the case of failed add_headers expansion, or a transport
4532 filter failure, when the yield should be ERROR, to stop it trying other
4537 #ifndef DISABLE_PIPE_CONNECT
4538 /* If we were early-pipelinng and the actual EHLO response did not match
4539 the cached value we assumed, we could have detected it and passed a
4540 custom errno through to here. It would be nice to RSET and retry right
4541 away, but to reliably do that we eould need an extra synch point before
4542 we committed to data and that would discard half the gained roundrips.
4543 Or we could summarily drop the TCP connection. but that is also ugly.
4544 Instead, we ignore the possibility (having freshened the cache) and rely
4545 on the server telling us with a nonmessage error if we have tried to
4546 do something it no longer supports. */
4549 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
4550 save_errno == ERRNO_FILTER_FAIL) ? ERROR : DEFER;
4554 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host,
4555 #ifdef EXPERIMENTAL_DSN_INFO
4556 sx->smtp_greeting, sx->helo_response,
4558 &sx->delivery_start);
4561 /* If all has gone well, send_quit will be set TRUE, implying we can end the
4562 SMTP session tidily. However, if there were too many addresses to send in one
4563 message (indicated by first_addr being non-NULL) we want to carry on with the
4564 rest of them. Also, it is desirable to send more than one message down the SMTP
4565 connection if there are several waiting, provided we haven't already sent so
4566 many as to hit the configured limit. The function transport_check_waiting looks
4567 for a waiting message and returns its id. Then transport_pass_socket tries to
4568 set up a continued delivery by passing the socket on to another process. The
4569 variable send_rset is FALSE if a message has just been successfully transferred.
4571 If we are already sending down a continued channel, there may be further
4572 addresses not yet delivered that are aimed at the same host, but which have not
4573 been passed in this run of the transport. In this case, continue_more will be
4574 true, and all we should do is send RSET if necessary, and return, leaving the
4577 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
4578 do not want to continue with other messages down the same channel, because that
4579 can lead to looping between two or more messages, all with the same,
4580 temporarily failing address(es). [The retry information isn't updated yet, so
4581 new processes keep on trying.] We probably also don't want to try more of this
4582 message's addresses either.
4584 If we have started a TLS session, we have to end it before passing the
4585 connection to a new process. However, not all servers can handle this (Exim
4586 can), so we do not pass such a connection on if the host matches
4587 hosts_nopass_tls. */
4590 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
4591 "yield=%d first_address is %sNULL\n", sx->ok, sx->send_quit,
4592 sx->send_rset, f.continue_more, yield, sx->first_addr ? "not " : "");
4594 if (sx->completed_addr && sx->ok && sx->send_quit)
4595 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4596 if (mail_limit = continue_sequence >= sx->max_mail)
4599 debug_printf("reached limit %u for MAILs per conn\n", sx->max_mail);
4604 smtp_compare_t t_compare =
4605 {.tblock = tblock, .current_sender_address = sender_address};
4607 if ( sx->first_addr /* more addrs for this message */
4608 || f.continue_more /* more addrs for continued-host */
4609 || tcw_done && tcw /* more messages for host */
4612 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4613 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4617 transport_check_waiting(tblock->name, host->name,
4618 sx->max_mail, new_message_id,
4619 (oicf)smtp_are_same_identities, (void*)&t_compare)
4626 if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))
4628 msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name,
4629 host->address, strerror(errno));
4630 sx->send_quit = FALSE;
4632 else if (! (sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4633 '2', ob->command_timeout)))
4636 sx->send_quit = check_response(host, &errno, 0, sx->buffer, &code, &msg,
4640 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
4641 host->name, host->address, msg);
4645 /* Either RSET was not needed, or it succeeded */
4652 int socket_fd = sx->cctx.sock;
4654 if (sx->first_addr) /* More addresses still to be sent */
4655 { /* for this message */
4656 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4657 /* Any that we marked as skipped, reset to do now */
4658 for (address_item * a = sx->first_addr; a; a = a->next)
4659 if (a->transport_return == SKIP)
4660 a->transport_return = PENDING_DEFER;
4662 continue_sequence++; /* for consistency */
4663 clearflag(sx->first_addr, af_new_conn);
4664 setflag(sx->first_addr, af_cont_conn); /* Causes * in logging */
4665 pipelining_active = sx->pipelining_used; /* was cleared at DATA */
4669 /* Unless caller said it already has more messages listed for this host,
4670 pass the connection on to a new Exim process (below, the call to
4671 transport_pass_socket). If the caller has more ready, just return with
4672 the connection still open. */
4675 if (tls_out.active.sock >= 0)
4676 if ( f.continue_more
4677 || verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)
4679 /* Before passing the socket on, or returning to caller with it still
4680 open, we must shut down TLS. Not all MTAs allow for the continuation
4681 of the SMTP session when TLS is shut down. We test for this by sending
4682 a new EHLO. If we don't get a good response, we don't attempt to pass
4685 tls_close(sx->cctx.tls_ctx,
4686 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4687 sx->send_tlsclose = FALSE;
4688 sx->cctx.tls_ctx = NULL;
4689 tls_out.active.sock = -1;
4690 smtp_peer_options = smtp_peer_options_wrap;
4692 && smtp_write_command(sx, SCMD_FLUSH, "EHLO %s\r\n", sx->helo_data)
4694 && smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4695 '2', ob->command_timeout);
4697 if (sx->ok && f.continue_more)
4698 goto TIDYUP; /* More addresses for another run */
4702 /* Set up a pipe for proxying TLS for the new transport process */
4704 smtp_peer_options |= OPTION_TLS;
4705 if ((sx->ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
4708 set_errno(sx->first_addr, errno, US"internal allocation problem",
4710 # ifdef EXPERIMENTAL_DSN_INFO
4711 sx->smtp_greeting, sx->helo_response,
4713 &sx->delivery_start);
4717 if (f.continue_more)
4718 goto TIDYUP; /* More addresses for another run */
4720 /* If the socket is successfully passed, we mustn't send QUIT (or
4721 indeed anything!) from here. */
4723 /*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
4724 propagate it from the initial
4726 if (sx->ok && transport_pass_socket(tblock->name, host->name,
4727 host->address, new_message_id, socket_fd
4728 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4729 , sx->peer_limit_mail, sx->peer_limit_rcpt, sx->peer_limit_rcptdom
4733 sx->send_quit = FALSE;
4735 /* We have passed the client socket to a fresh transport process.
4736 If TLS is still active, we need to proxy it for the transport we
4737 just passed the baton to. Fork a child to to do it, and return to
4738 get logging done asap. Which way to place the work makes assumptions
4739 about post-fork prioritisation which may not hold on all platforms. */
4741 if (tls_out.active.sock >= 0)
4743 int pid = exim_fork(US"tls-proxy-interproc");
4744 if (pid == 0) /* child; fork again to disconnect totally */
4746 /* does not return */
4747 smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
4748 ob->command_timeout, host->name);
4751 if (pid > 0) /* parent */
4754 /* tidy the inter-proc to disconn the proxy proc */
4755 waitpid(pid, NULL, 0);
4756 tls_close(sx->cctx.tls_ctx, TLS_NO_SHUTDOWN);
4757 sx->cctx.tls_ctx = NULL;
4758 (void)close(sx->cctx.sock);
4760 continue_transport = NULL;
4761 continue_hostname = NULL;
4764 log_write(0, LOG_PANIC_DIE, "fork failed");
4770 /* If RSET failed and there are addresses left, they get deferred. */
4772 set_errno(sx->first_addr, errno, msg, DEFER, FALSE, host,
4773 #ifdef EXPERIMENTAL_DSN_INFO
4774 sx->smtp_greeting, sx->helo_response,
4776 &sx->delivery_start);
4780 /* End off tidily with QUIT unless the connection has died or the socket has
4781 been passed to another process. */
4785 { /* Use _MORE to get QUIT in FIN segment */
4786 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4788 if (sx->cctx.tls_ctx && sx->send_tlsclose)
4790 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
4791 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4793 tls_shutdown_wr(sx->cctx.tls_ctx);
4794 sx->send_tlsclose = FALSE;
4801 /* Close the socket, and return the appropriate value, first setting
4802 works because the NULL setting is passed back to the calling process, and
4803 remote_max_parallel is forced to 1 when delivering over an existing connection,
4805 If all went well and continue_more is set, we shouldn't actually get here if
4806 there are further addresses, as the return above will be taken. However,
4807 writing RSET might have failed, or there may be other addresses whose hosts are
4808 specified in the transports, and therefore not visible at top level, in which
4809 case continue_more won't get set. */
4813 /* This flushes data queued in the socket, being the QUIT and any TLS Close,
4814 sending them along with the client FIN flag. Us (we hope) sending FIN first
4815 means we (client) take the TIME_WAIT state, so the server (which likely has a
4816 higher connection rate) does not have to. */
4818 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4819 shutdown(sx->cctx.sock, SHUT_WR);
4822 if (sx->send_quit || tcw_done && !tcw)
4824 /* Wait for (we hope) ack of our QUIT, and a server FIN. Discard any data
4825 received, then discard the socket. Any packet received after then, or receive
4826 data still in the socket, will get a RST - hence the pause/drain. */
4828 /* Reap the response to QUIT, timing out after one second */
4829 (void) smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
4831 if (sx->cctx.tls_ctx)
4835 /* Reap the TLS Close Notify from the server, timing out after one second */
4836 sigalrm_seen = FALSE;
4839 n = tls_read(sx->cctx.tls_ctx, sx->inbuffer, sizeof(sx->inbuffer));
4840 while (!sigalrm_seen && n > 0);
4843 if (sx->send_tlsclose)
4845 # ifdef EXIM_TCP_CORK
4846 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4848 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
4851 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WONLY);
4852 sx->cctx.tls_ctx = NULL;
4856 /* Drain any trailing data from the socket before close, to avoid sending a RST */
4858 if ( poll_one_fd(sx->cctx.sock, POLLIN, 20) != 0 /* 20ms */
4859 && fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
4860 for (int i = 16, n; /* drain socket */
4861 (n = read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer))) > 0 && i > 0;
4862 i--) HDEBUG(D_transport|D_acl|D_v)
4865 debug_printf_indent(" SMTP(drain %d bytes)<< %.*s\n", n, m, sx->inbuffer);
4866 for (m = 0; m < n; m++)
4867 debug_printf("0x%02x\n", sx->inbuffer[m]);
4870 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
4871 (void)close(sx->cctx.sock);
4873 continue_transport = NULL;
4874 continue_hostname = NULL;
4875 smtp_debug_cmd_report();
4877 #ifndef DISABLE_EVENT
4878 (void) event_raise(tblock->event_action, US"tcp:close", NULL, NULL);
4884 sx->first_addr = NULL;
4885 for (address_item * a = sx->addrlist->next; a; a = a->next)
4886 if (a->transport_return == DANE)
4888 a->transport_return = PENDING_DEFER;
4889 if (!sx->first_addr)
4891 /* Remember the new start-point in the addrlist, for smtp_setup_conn()
4892 to get the domain string for SNI */
4895 clearflag(a, af_cont_conn);
4896 setflag(a, af_new_conn); /* clear * from logging */
4897 DEBUG(D_transport) debug_printf("DANE: go-around for %s\n", a->domain);
4900 continue_sequence = 1; /* for consistency */
4905 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4906 if (mail_limit && sx->first_addr)
4908 /* Reset the sequence count since we closed the connection. This is flagged
4909 on the pipe back to the delivery process so that a non-continued-conn delivery
4912 continue_sequence = 1; /* for consistency */
4913 clearflag(sx->first_addr, af_cont_conn);
4914 setflag(sx->first_addr, af_new_conn); /* clear * from logging */
4923 if (dane_held) for (address_item * a = sx->addrlist->next; a; a = a->next)
4924 if (a->transport_return == DANE)
4925 a->transport_return = PENDING_DEFER;
4933 /*************************************************
4934 * Closedown entry point *
4935 *************************************************/
4937 /* This function is called when exim is passed an open smtp channel
4938 from another incarnation, but the message which it has been asked
4939 to deliver no longer exists. The channel is on stdin.
4941 We might do fancy things like looking for another message to send down
4942 the channel, but if the one we sought has gone, it has probably been
4943 delivered by some other process that itself will seek further messages,
4944 so just close down our connection.
4946 Argument: pointer to the transport instance block
4951 smtp_transport_closedown(transport_instance *tblock)
4953 smtp_transport_options_block * ob = SOB tblock->options_block;
4954 client_conn_ctx cctx;
4957 uschar inbuffer[4096];
4958 uschar outbuffer[16];
4960 /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
4961 cctx.sock = fileno(stdin);
4962 cctx.tls_ctx = cctx.sock == tls_out.active.sock ? tls_out.active.tls_ctx : NULL;
4964 sx.inblock.cctx = &cctx;
4965 sx.inblock.buffer = inbuffer;
4966 sx.inblock.buffersize = sizeof(inbuffer);
4967 sx.inblock.ptr = inbuffer;
4968 sx.inblock.ptrend = inbuffer;
4970 sx.outblock.cctx = &cctx;
4971 sx.outblock.buffersize = sizeof(outbuffer);
4972 sx.outblock.buffer = outbuffer;
4973 sx.outblock.ptr = outbuffer;
4974 sx.outblock.cmd_count = 0;
4975 sx.outblock.authenticating = FALSE;
4977 (void)smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
4978 (void)smtp_read_response(&sx, buffer, sizeof(buffer), '2', ob->command_timeout);
4979 (void)close(cctx.sock);
4984 /*************************************************
4985 * Prepare addresses for delivery *
4986 *************************************************/
4988 /* This function is called to flush out error settings from previous delivery
4989 attempts to other hosts. It also records whether we got here via an MX record
4990 or not in the more_errno field of the address. We are interested only in
4991 addresses that are still marked DEFER - others may have got delivered to a
4992 previously considered IP address. Set their status to PENDING_DEFER to indicate
4993 which ones are relevant this time.
4996 addrlist the list of addresses
4997 host the host we are delivering to
4999 Returns: the first address for this delivery
5002 static address_item *
5003 prepare_addresses(address_item *addrlist, host_item *host)
5005 address_item *first_addr = NULL;
5006 for (address_item * addr = addrlist; addr; addr = addr->next)
5007 if (addr->transport_return == DEFER)
5009 if (!first_addr) first_addr = addr;
5010 addr->transport_return = PENDING_DEFER;
5011 addr->basic_errno = 0;
5012 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
5013 addr->message = NULL;
5015 addr->cipher = NULL;
5016 addr->ourcert = NULL;
5017 addr->peercert = NULL;
5018 addr->peerdn = NULL;
5019 addr->ocsp = OCSP_NOT_REQ;
5020 addr->tlsver = NULL;
5022 #ifdef EXPERIMENTAL_DSN_INFO
5023 addr->smtp_greeting = NULL;
5024 addr->helo_response = NULL;
5032 /*************************************************
5033 * Main entry point *
5034 *************************************************/
5036 /* See local README for interface details. As this is a remote transport, it is
5037 given a chain of addresses to be delivered in one connection, if possible. It
5038 always returns TRUE, indicating that each address has its own independent
5039 status set, except if there is a setting up problem, in which case it returns
5043 smtp_transport_entry(
5044 transport_instance *tblock, /* data for this instantiation */
5045 address_item *addrlist) /* addresses we are working on */
5048 int hosts_defer = 0;
5050 int hosts_looked_up = 0;
5051 int hosts_retry = 0;
5052 int hosts_serial = 0;
5053 int hosts_total = 0;
5054 int total_hosts_tried = 0;
5055 BOOL expired = TRUE;
5056 uschar *expanded_hosts = NULL;
5058 uschar *tid = string_sprintf("%s transport", tblock->name);
5059 smtp_transport_options_block *ob = SOB tblock->options_block;
5060 host_item *hostlist = addrlist->host_list;
5061 host_item *host = NULL;
5065 debug_printf("%s transport entered\n", tblock->name);
5066 for (address_item * addr = addrlist; addr; addr = addr->next)
5067 debug_printf(" %s\n", addr->address);
5070 debug_printf("hostlist:\n");
5071 for (host_item * host = hostlist; host; host = host->next)
5072 debug_printf(" '%s' IP %s port %d\n", host->name, host->address, host->port);
5074 if (continue_hostname)
5075 debug_printf("already connected to %s [%s] (on fd %d)\n",
5076 continue_hostname, continue_host_address,
5077 cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
5080 /* Check the restrictions on line length */
5082 if (max_received_linelength > ob->message_linelength_limit)
5085 gettimeofday(&now, NULL);
5087 for (address_item * addr = addrlist; addr; addr = addr->next)
5088 if (addr->transport_return == DEFER)
5089 addr->transport_return = PENDING_DEFER;
5091 set_errno_nohost(addrlist, ERRNO_SMTPFORMAT,
5092 US"message has lines too long for transport", FAIL, TRUE, &now);
5096 /* Set the flag requesting that these hosts be added to the waiting
5097 database if the delivery fails temporarily or if we are running with
5098 queue_smtp or a 2-stage queue run. This gets unset for certain
5099 kinds of error, typically those that are specific to the message. */
5101 update_waiting = TRUE;
5103 /* If a host list is not defined for the addresses - they must all have the
5104 same one in order to be passed to a single transport - or if the transport has
5105 a host list with hosts_override set, use the host list supplied with the
5106 transport. It is an error for this not to exist. */
5108 if (!hostlist || (ob->hosts_override && ob->hosts))
5112 addrlist->message = string_sprintf("%s transport called with no hosts set",
5114 addrlist->transport_return = PANIC;
5115 return FALSE; /* Only top address has status */
5118 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
5121 /* If the transport's host list contains no '$' characters, and we are not
5122 randomizing, it is fixed and therefore a chain of hosts can be built once
5123 and for all, and remembered for subsequent use by other calls to this
5124 transport. If, on the other hand, the host list does contain '$', or we are
5125 randomizing its order, we have to rebuild it each time. In the fixed case,
5126 as the hosts string will never be used again, it doesn't matter that we
5127 replace all the : characters with zeros. */
5131 uschar *s = ob->hosts;
5133 if (Ustrchr(s, '$'))
5135 if (!(expanded_hosts = expand_string(s)))
5137 addrlist->message = string_sprintf("failed to expand list of hosts "
5138 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
5139 addrlist->transport_return = f.search_find_defer ? DEFER : PANIC;
5140 return FALSE; /* Only top address has status */
5142 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
5143 "\"%s\"\n", s, expanded_hosts);
5147 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
5151 log_write(0, LOG_MAIN|LOG_PANIC,
5152 "attempt to use tainted host list '%s' from '%s' in transport %s",
5153 s, ob->hosts, tblock->name);
5154 /* Avoid leaking info to an attacker */
5155 addrlist->message = US"internal configuration error";
5156 addrlist->transport_return = PANIC;
5160 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
5162 /* Check that the expansion yielded something useful. */
5166 string_sprintf("%s transport has empty hosts setting", tblock->name);
5167 addrlist->transport_return = PANIC;
5168 return FALSE; /* Only top address has status */
5171 /* If there was no expansion of hosts, save the host list for
5174 if (!expanded_hosts) ob->hostlist = hostlist;
5177 /* This is not the first time this transport has been run in this delivery;
5178 the host list was built previously. */
5181 hostlist = ob->hostlist;
5184 /* The host list was supplied with the address. If hosts_randomize is set, we
5185 must sort it into a random order if it did not come from MX records and has not
5186 already been randomized (but don't bother if continuing down an existing
5189 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname)
5191 host_item *newlist = NULL;
5194 host_item *h = hostlist;
5195 hostlist = hostlist->next;
5197 h->sort_key = random_number(100);
5204 else if (h->sort_key < newlist->sort_key)
5211 host_item *hh = newlist;
5214 if (h->sort_key < hh->next->sort_key) break;
5222 hostlist = addrlist->host_list = newlist;
5225 /* Sort out the default port. */
5227 if (!smtp_get_port(ob->port, addrlist, &defport, tid)) return FALSE;
5229 /* For each host-plus-IP-address on the list:
5231 . If this is a continued delivery and the host isn't the one with the
5232 current connection, skip.
5234 . If the status is unusable (i.e. previously failed or retry checked), skip.
5236 . If no IP address set, get the address, either by turning the name into
5237 an address, calling gethostbyname if gethostbyname is on, or by calling
5238 the DNS. The DNS may yield multiple addresses, in which case insert the
5239 extra ones into the list.
5241 . Get the retry data if not previously obtained for this address and set the
5242 field which remembers the state of this address. Skip if the retry time is
5243 not reached. If not, remember whether retry data was found. The retry string
5244 contains both the name and the IP address.
5246 . Scan the list of addresses and mark those whose status is DEFER as
5247 PENDING_DEFER. These are the only ones that will be processed in this cycle
5250 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
5251 Some addresses may be successfully delivered, others may fail, and yet
5252 others may get temporary errors and so get marked DEFER.
5254 . The return from the delivery attempt is OK if a connection was made and a
5255 valid SMTP dialogue was completed. Otherwise it is DEFER.
5257 . If OK, add a "remove" retry item for this host/IPaddress, if any.
5259 . If fail to connect, or other defer state, add a retry item.
5261 . If there are any addresses whose status is still DEFER, carry on to the
5262 next host/IPaddress, unless we have tried the number of hosts given
5263 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
5264 there is some fancy logic for hosts_max_try that means its limit can be
5265 overstepped in some circumstances.
5267 If we get to the end of the list, all hosts have deferred at least one address,
5268 or not reached their retry times. If delay_after_cutoff is unset, it requests a
5269 delivery attempt to those hosts whose last try was before the arrival time of
5270 the current message. To cope with this, we have to go round the loop a second
5271 time. After that, set the status and error data for any addresses that haven't
5272 had it set already. */
5274 for (int cutoff_retry = 0;
5275 expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2);
5278 host_item *nexthost = NULL;
5279 int unexpired_hosts_tried = 0;
5280 BOOL continue_host_tried = FALSE;
5282 retry_non_continued:
5283 for (host = hostlist;
5285 && unexpired_hosts_tried < ob->hosts_max_try
5286 && total_hosts_tried < ob->hosts_max_try_hardlimit;
5291 BOOL host_is_expired = FALSE;
5292 BOOL message_defer = FALSE;
5293 BOOL some_deferred = FALSE;
5294 address_item *first_addr = NULL;
5295 uschar *interface = NULL;
5296 uschar *retry_host_key = NULL;
5297 uschar *retry_message_key = NULL;
5298 uschar *serialize_key = NULL;
5300 /* Default next host is next host. :-) But this can vary if the
5301 hosts_max_try limit is hit (see below). It may also be reset if a host
5302 address is looked up here (in case the host was multihomed). */
5304 nexthost = host->next;
5306 /* If the address hasn't yet been obtained from the host name, look it up
5307 now, unless the host is already marked as unusable. If it is marked as
5308 unusable, it means that the router was unable to find its IP address (in
5309 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
5310 the lookup failed last time. We don't get this far if *all* MX records
5311 point to non-existent hosts; that is treated as a hard error.
5313 We can just skip this host entirely. When the hosts came from the router,
5314 the address will timeout based on the other host(s); when the address is
5315 looked up below, there is an explicit retry record added.
5317 Note that we mustn't skip unusable hosts if the address is not unset; they
5318 may be needed as expired hosts on the 2nd time round the cutoff loop. */
5322 int new_port, flags;
5324 if (host->status >= hstatus_unusable)
5326 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
5331 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
5333 /* The host name is permitted to have an attached port. Find it, and
5334 strip it from the name. Just remember it for now. */
5336 new_port = host_item_get_port(host);
5338 /* Count hosts looked up */
5342 /* Find by name if so configured, or if it's an IP address. We don't
5343 just copy the IP address, because we need the test-for-local to happen. */
5345 flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
5346 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
5347 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
5349 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
5350 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
5352 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
5353 &ob->dnssec, /* domains for request/require */
5356 /* Update the host (and any additional blocks, resulting from
5357 multihoming) with a host-specific port, if any. */
5359 for (host_item * hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
5361 /* Failure to find the host at this time (usually DNS temporary failure)
5362 is really a kind of routing failure rather than a transport failure.
5363 Therefore we add a retry item of the routing kind, not to stop us trying
5364 to look this name up here again, but to ensure the address gets timed
5365 out if the failures go on long enough. A complete failure at this point
5366 commonly points to a configuration error, but the best action is still
5367 to carry on for the next host. */
5369 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
5371 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
5373 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
5374 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
5375 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
5376 host->status = hstatus_unusable;
5378 for (address_item * addr = addrlist; addr; addr = addr->next)
5380 if (addr->transport_return != DEFER) continue;
5381 addr->basic_errno = ERRNO_UNKNOWNHOST;
5382 addr->message = string_sprintf(
5383 rc == HOST_FIND_SECURITY
5384 ? "lookup of IP address for %s was insecure"
5385 : "failed to lookup IP address for %s",
5391 /* If the host is actually the local host, we may have a problem, or
5392 there may be some cunning configuration going on. In the problem case,
5393 log things and give up. The default transport status is already DEFER. */
5395 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
5397 for (address_item * addr = addrlist; addr; addr = addr->next)
5399 addr->basic_errno = ERRNO_HOST_IS_LOCAL;
5400 addr->message = string_sprintf("%s transport found host %s to be "
5401 "local", tblock->name, host->name);
5405 } /* End of block for IP address lookup */
5407 /* If this is a continued delivery, we are interested only in the host
5408 which matches the name of the existing open channel. The check is put
5409 here after the local host lookup, in case the name gets expanded as a
5410 result of the lookup. Set expired FALSE, to save the outer loop executing
5413 if (continue_hostname)
5414 if ( Ustrcmp(continue_hostname, host->name) != 0
5415 || Ustrcmp(continue_host_address, host->address) != 0
5419 continue; /* With next host */
5422 continue_host_tried = TRUE;
5424 /* Reset the default next host in case a multihomed host whose addresses
5425 are not looked up till just above added to the host list. */
5427 nexthost = host->next;
5429 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
5430 domain is in queue_smtp_domains, we don't actually want to attempt any
5431 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
5432 there is a lookup defer in queue_smtp_domains, proceed as if the domain
5433 were not in it. We don't want to hold up all SMTP deliveries! Except when
5434 doing a two-stage queue run, don't do this if forcing. */
5436 if ( (!f.deliver_force || f.queue_2stage)
5438 || match_isinlist(addrlist->domain,
5439 CUSS &queue_smtp_domains, 0,
5440 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
5443 DEBUG(D_transport) debug_printf("first-pass routing only\n");
5445 for (address_item * addr = addrlist; addr; addr = addr->next)
5446 if (addr->transport_return == DEFER)
5447 addr->message = US"first-pass only routing due to -odqs, "
5448 "queue_smtp_domains or control=queue";
5449 continue; /* With next host */
5452 /* Count hosts being considered - purely for an intelligent comment
5453 if none are usable. */
5457 /* Set $host and $host address now in case they are needed for the
5458 interface expansion or the serialize_hosts check; they remain set if an
5459 actual delivery happens. */
5461 deliver_host = host->name;
5462 deliver_host_address = host->address;
5463 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
5464 : host->dnssec == DS_NO ? US"no"
5467 /* Set up a string for adding to the retry key if the port number is not
5468 the standard SMTP port. A host may have its own port setting that overrides
5471 pistring = string_sprintf(":%d", host->port == PORT_NONE
5472 ? defport : host->port);
5473 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
5475 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
5476 string is set, even if constant (as different transports can have different
5477 constant settings), we must add it to the key that is used for retries,
5478 because connections to the same host from a different interface should be
5479 treated separately. */
5481 host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET;
5483 uschar * s = ob->interface;
5486 if (!smtp_get_interface(s, host_af, addrlist, &interface, tid))
5488 pistring = string_sprintf("%s/%s", pistring, interface);
5492 /* The first time round the outer loop, check the status of the host by
5493 inspecting the retry data. The second time round, we are interested only
5494 in expired hosts that haven't been tried since this message arrived. */
5496 if (cutoff_retry == 0)
5499 /* Ensure the status of the address is set by checking retry data if
5500 necessary. There may be host-specific retry data (applicable to all
5501 messages) and also data for retries of a specific message at this host.
5502 If either of these retry records are actually read, the keys used are
5503 returned to save recomputing them later. */
5505 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5506 US"retry_include_ip_address", ob->retry_include_ip_address,
5507 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5508 continue; /* with next host */
5510 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
5511 incl_ip, &retry_host_key, &retry_message_key);
5513 DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
5514 host->address ? host->address : US"", pistring,
5515 host->status == hstatus_usable ? "usable"
5516 : host->status == hstatus_unusable ? "unusable"
5517 : host->status == hstatus_unusable_expired ? "unusable (expired)" : "?");
5519 /* Skip this address if not usable at this time, noting if it wasn't
5520 actually expired, both locally and in the address. */
5522 switch (host->status)
5524 case hstatus_unusable:
5526 setflag(addrlist, af_retry_skipped);
5529 case hstatus_unusable_expired:
5532 case hwhy_retry: hosts_retry++; break;
5533 case hwhy_failed: hosts_fail++; break;
5535 case hwhy_deferred: hosts_defer++; break;
5538 /* If there was a retry message key, implying that previously there
5539 was a message-specific defer, we don't want to update the list of
5540 messages waiting for these hosts. */
5542 if (retry_message_key) update_waiting = FALSE;
5543 continue; /* With the next host or IP address */
5547 /* Second time round the loop: if the address is set but expired, and
5548 the message is newer than the last try, let it through. */
5553 || host->status != hstatus_unusable_expired
5554 || host->last_try > received_time.tv_sec)
5556 DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n",
5557 host->name, host->address, pistring);
5558 host_is_expired = TRUE;
5561 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
5562 it remains TRUE only if all hosts are expired and none are actually tried.
5567 /* If this host is listed as one to which access must be serialized,
5568 see if another Exim process has a connection to it, and if so, skip
5569 this host. If not, update the database to record our connection to it
5570 and remember this for later deletion. Do not do any of this if we are
5571 sending the message down a pre-existing connection. */
5573 if ( !continue_hostname
5574 && verify_check_given_host(CUSS &ob->serialize_hosts, host) == OK)
5576 serialize_key = string_sprintf("host-serialize-%s", host->name);
5577 if (!enq_start(serialize_key, 1))
5580 debug_printf("skipping host %s because another Exim process "
5581 "is connected to it\n", host->name);
5587 /* OK, we have an IP address that is not waiting for its retry time to
5588 arrive (it might be expired) OR (second time round the loop) we have an
5589 expired host that hasn't been tried since the message arrived. Have a go
5590 at delivering the message to it. First prepare the addresses by flushing
5591 out the result of previous attempts, and finding the first address that
5592 is still to be delivered. */
5594 first_addr = prepare_addresses(addrlist, host);
5596 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
5597 message_id, host->name, host->address, addrlist->address,
5598 addrlist->next ? ", ..." : "");
5600 set_process_info("delivering %s to %s [%s]%s (%s%s)",
5601 message_id, host->name, host->address, pistring, addrlist->address,
5602 addrlist->next ? ", ..." : "");
5604 /* This is not for real; don't do the delivery. If there are
5605 any remaining hosts, list them. */
5610 gettimeofday(&now, NULL);
5611 set_errno_nohost(addrlist, 0, NULL, OK, FALSE, &now);
5612 for (address_item * addr = addrlist; addr; addr = addr->next)
5614 addr->host_used = host;
5615 addr->special_action = '*';
5616 addr->message = US"delivery bypassed by -N option";
5620 debug_printf("*** delivery by %s transport bypassed by -N option\n"
5621 "*** host and remaining hosts:\n", tblock->name);
5622 for (host_item * host2 = host; host2; host2 = host2->next)
5623 debug_printf(" %s [%s]\n", host2->name,
5624 host2->address ? host2->address : US"unset");
5629 /* This is for real. If the host is expired, we don't count it for
5630 hosts_max_retry. This ensures that all hosts must expire before an address
5631 is timed out, unless hosts_max_try_hardlimit (which protects against
5632 lunatic DNS configurations) is reached.
5634 If the host is not expired and we are about to hit the hosts_max_retry
5635 limit, check to see if there is a subsequent hosts with a different MX
5636 value. If so, make that the next host, and don't count this one. This is a
5637 heuristic to make sure that different MXs do get tried. With a normal kind
5638 of retry rule, they would get tried anyway when the earlier hosts were
5639 delayed, but if the domain has a "retry every time" type of rule - as is
5640 often used for the the very large ISPs, that won't happen. */
5645 /* Make a copy of the host if it is local to this invocation
5646 of the transport. */
5650 thost = store_get(sizeof(host_item), GET_UNTAINTED);
5652 thost->name = string_copy(host->name);
5653 thost->address = string_copy(host->address);
5658 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
5661 debug_printf("hosts_max_try limit reached with this host\n");
5662 for (host_item * h = host; h; h = h->next) if (h->mx != host->mx)
5665 unexpired_hosts_tried--;
5666 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
5667 "and will be tried\n");
5672 /* Attempt the delivery. */
5674 total_hosts_tried++;
5675 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5676 &message_defer, FALSE);
5679 OK => connection made, each address contains its result;
5680 message_defer is set for message-specific defers (when all
5681 recipients are marked defer)
5682 DEFER => there was a non-message-specific delivery problem;
5683 ERROR => there was a problem setting up the arguments for a filter,
5684 or there was a problem with expanding added headers
5687 /* If the result is not OK, there was a non-message-specific problem.
5688 If the result is DEFER, we need to write to the logs saying what happened
5689 for this particular host, except in the case of authentication and TLS
5690 failures, where the log has already been written. If all hosts defer a
5691 general message is written at the end. */
5693 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
5694 && first_addr->basic_errno != ERRNO_TLSFAILURE)
5695 write_logs(host, first_addr->message, first_addr->basic_errno);
5697 #ifndef DISABLE_EVENT
5699 deferred_event_raise(first_addr, host, US"msg:host:defer");
5702 /* If STARTTLS was accepted, but there was a failure in setting up the
5703 TLS session (usually a certificate screwup), and the host is not in
5704 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
5705 TLS forcibly turned off. We have to start from scratch with a new SMTP
5706 connection. That's why the retry is done from here, not from within
5707 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
5708 session, so the in-clear transmission after those errors, if permitted,
5709 happens inside smtp_deliver().] */
5713 && first_addr->basic_errno == ERRNO_TLSFAILURE
5714 && ob->tls_tempfail_tryclear
5715 && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK
5718 log_write(0, LOG_MAIN,
5719 "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
5720 first_addr->message, host->name, host->address);
5721 first_addr = prepare_addresses(addrlist, host);
5722 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5723 &message_defer, TRUE);
5724 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
5725 write_logs(host, first_addr->message, first_addr->basic_errno);
5726 # ifndef DISABLE_EVENT
5728 deferred_event_raise(first_addr, host, US"msg:host:defer");
5731 #endif /*DISABLE_TLS*/
5733 #ifndef DISABLE_EVENT
5734 /* If the last host gave a defer raise a per-message event */
5737 && unexpired_hosts_tried < ob->hosts_max_try
5738 && total_hosts_tried < ob->hosts_max_try_hardlimit
5740 && (message_defer || rc == DEFER)
5742 deferred_event_raise(first_addr, host, US"msg:defer");
5746 /* Delivery attempt finished */
5748 set_process_info("delivering %s: just tried %s [%s]%s for %s%s: result %s",
5749 message_id, host->name, host->address, pistring, addrlist->address,
5750 addrlist->next ? " (& others)" : "", rc_to_string(rc));
5752 /* Release serialization if set up */
5754 if (serialize_key) enq_end(serialize_key);
5756 /* If the result is DEFER, or if a host retry record is known to exist, we
5757 need to add an item to the retry chain for updating the retry database
5758 at the end of delivery. We only need to add the item to the top address,
5759 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
5760 for any other delivery attempts using the same address. (It is copied into
5761 the unusable tree at the outer level, so even if different address blocks
5762 contain the same address, it still won't get tried again.) */
5764 if (rc == DEFER || retry_host_key)
5766 int delete_flag = rc != DEFER ? rf_delete : 0;
5767 if (!retry_host_key)
5770 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5771 US"retry_include_ip_address", ob->retry_include_ip_address,
5772 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5773 incl_ip = TRUE; /* error; use most-specific retry record */
5775 retry_host_key = incl_ip
5776 ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring)
5777 : string_sprintf("T:%S%s", host->name, pistring);
5780 /* If a delivery of another message over an existing SMTP connection
5781 yields DEFER, we do NOT set up retry data for the host. This covers the
5782 case when there are delays in routing the addresses in the second message
5783 that are so long that the server times out. This is alleviated by not
5784 routing addresses that previously had routing defers when handling an
5785 existing connection, but even so, this case may occur (e.g. if a
5786 previously happily routed address starts giving routing defers). If the
5787 host is genuinely down, another non-continued message delivery will
5788 notice it soon enough. */
5790 if (delete_flag != 0 || !continue_hostname)
5791 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
5793 /* We may have tried an expired host, if its retry time has come; ensure
5794 the status reflects the expiry for the benefit of any other addresses. */
5798 host->status = host_is_expired
5799 ? hstatus_unusable_expired : hstatus_unusable;
5800 host->why = hwhy_deferred;
5804 /* If message_defer is set (host was OK, but every recipient got deferred
5805 because of some message-specific problem), or if that had happened
5806 previously so that a message retry key exists, add an appropriate item
5807 to the retry chain. Note that if there was a message defer but now there is
5808 a host defer, the message defer record gets deleted. That seems perfectly
5809 reasonable. Also, stop the message from being remembered as waiting
5810 for specific hosts. */
5812 if (message_defer || retry_message_key)
5814 int delete_flag = message_defer ? 0 : rf_delete;
5815 if (!retry_message_key)
5818 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5819 US"retry_include_ip_address", ob->retry_include_ip_address,
5820 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5821 incl_ip = TRUE; /* error; use most-specific retry record */
5823 retry_message_key = incl_ip
5824 ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
5826 : string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
5828 retry_add_item(addrlist, retry_message_key,
5829 rf_message | rf_host | delete_flag);
5830 update_waiting = FALSE;
5833 /* Any return other than DEFER (that is, OK or ERROR) means that the
5834 addresses have got their final statuses filled in for this host. In the OK
5835 case, see if any of them are deferred. */
5838 for (address_item * addr = addrlist; addr; addr = addr->next)
5839 if (addr->transport_return == DEFER)
5841 some_deferred = TRUE;
5845 /* If no addresses deferred or the result was ERROR, return. We do this for
5846 ERROR because a failing filter set-up or add_headers expansion is likely to
5847 fail for any host we try. */
5849 if (rc == ERROR || (rc == OK && !some_deferred))
5851 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
5852 return TRUE; /* Each address has its status */
5855 /* If the result was DEFER or some individual addresses deferred, let
5856 the loop run to try other hosts with the deferred addresses, except for the
5857 case when we were trying to deliver down an existing channel and failed.
5858 Don't try any other hosts in this case. */
5860 if (continue_hostname) break;
5862 /* If the whole delivery, or some individual addresses, were deferred and
5863 there are more hosts that could be tried, do not count this host towards
5864 the hosts_max_try limit if the age of the message is greater than the
5865 maximum retry time for this host. This means we may try try all hosts,
5866 ignoring the limit, when messages have been around for some time. This is
5867 important because if we don't try all hosts, the address will never time
5868 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
5870 if ((rc == DEFER || some_deferred) && nexthost)
5873 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
5875 if (retry && retry->rules)
5877 retry_rule *last_rule;
5878 for (last_rule = retry->rules;
5880 last_rule = last_rule->next);
5881 timedout = time(NULL) - received_time.tv_sec > last_rule->timeout;
5883 else timedout = TRUE; /* No rule => timed out */
5887 unexpired_hosts_tried--;
5888 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
5889 "hosts_max_try (message older than host's retry time)\n");
5895 if (unexpired_hosts_tried >= ob->hosts_max_try)
5896 debug_printf("reached transport hosts_max_try limit %d\n",
5898 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5899 debug_printf("reached transport hosts_max_try_hardlimit limit %d\n",
5900 ob->hosts_max_try_hardlimit);
5903 testharness_pause_ms(500); /* let server debug out */
5904 } /* End of loop for trying multiple hosts. */
5906 /* If we failed to find a matching host in the list, for an already-open
5907 connection, just close it and start over with the list. This can happen
5908 for routing that changes from run to run, or big multi-IP sites with
5911 if (continue_hostname && !continue_host_tried)
5913 int fd = cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0;
5915 DEBUG(D_transport) debug_printf("no hosts match already-open connection\n");
5917 /* A TLS conn could be open for a cutthrough, but not for a plain continued-
5919 /*XXX doublecheck that! */
5921 if (cutthrough.cctx.sock >= 0 && cutthrough.is_tls)
5923 (void) tls_write(cutthrough.cctx.tls_ctx, US"QUIT\r\n", 6, FALSE);
5924 tls_close(cutthrough.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
5925 cutthrough.cctx.tls_ctx = NULL;
5926 cutthrough.is_tls = FALSE;
5930 (void) write(fd, US"QUIT\r\n", 6);
5933 cutthrough.cctx.sock = -1;
5934 continue_hostname = NULL;
5935 goto retry_non_continued;
5938 /* This is the end of the loop that repeats iff expired is TRUE and
5939 ob->delay_after_cutoff is FALSE. The second time round we will
5940 try those hosts that haven't been tried since the message arrived. */
5944 debug_printf("all IP addresses skipped or deferred at least one address\n");
5945 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
5946 debug_printf("retrying IP addresses not tried since message arrived\n");
5951 /* Get here if all IP addresses are skipped or defer at least one address. In
5952 MUA wrapper mode, this will happen only for connection or other non-message-
5953 specific failures. Force the delivery status for all addresses to FAIL. */
5957 for (address_item * addr = addrlist; addr; addr = addr->next)
5958 addr->transport_return = FAIL;
5962 /* In the normal, non-wrapper case, add a standard message to each deferred
5963 address if there hasn't been an error, that is, if it hasn't actually been
5964 tried this time. The variable "expired" will be FALSE if any deliveries were
5965 actually tried, or if there was at least one host that was not expired. That
5966 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
5967 a delivery has been tried, an error code will be set, and the failing of the
5968 message is handled by the retry code later.
5970 If queue_smtp is set, or this transport was called to send a subsequent message
5971 down an existing TCP/IP connection, and something caused the host not to be
5972 found, we end up here, but can detect these cases and handle them specially. */
5974 for (address_item * addr = addrlist; addr; addr = addr->next)
5976 /* If host is not NULL, it means that we stopped processing the host list
5977 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
5978 means we need to behave as if some hosts were skipped because their retry
5979 time had not come. Specifically, this prevents the address from timing out.
5980 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
5981 hosts were tried. */
5984 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5987 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
5988 "hosts were tried\n");
5993 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
5994 setflag(addr, af_retry_skipped);
5997 if (f.queue_smtp) /* no deliveries attempted */
5999 addr->transport_return = DEFER;
6000 addr->basic_errno = 0;
6001 addr->message = US"SMTP delivery explicitly queued";
6004 else if ( addr->transport_return == DEFER
6005 && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0)
6009 addr->basic_errno = ERRNO_HRETRY;
6010 if (continue_hostname)
6011 addr->message = US"no host found for existing SMTP connection";
6014 setflag(addr, af_pass_message); /* This is not a security risk */
6015 addr->message = string_sprintf(
6016 "all hosts%s have been failing for a long time %s",
6017 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"",
6018 ob->delay_after_cutoff
6019 ? US"(and retry time not reached)"
6020 : US"and were last tried after this message arrived");
6022 /* If we are already using fallback hosts, or there are no fallback hosts
6023 defined, convert the result to FAIL to cause a bounce. */
6025 if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts)
6026 addr->transport_return = FAIL;
6031 if (hosts_retry == hosts_total)
6032 s = "retry time not reached for any host%s";
6033 else if (hosts_fail == hosts_total)
6034 s = "all host address lookups%s failed permanently";
6035 else if (hosts_defer == hosts_total)
6036 s = "all host address lookups%s failed temporarily";
6037 else if (hosts_serial == hosts_total)
6038 s = "connection limit reached for all hosts%s";
6039 else if (hosts_fail+hosts_defer == hosts_total)
6040 s = "all host address lookups%s failed";
6042 s = "some host address lookups failed and retry time "
6043 "not reached for other hosts or connection limit reached%s";
6045 addr->message = string_sprintf(s,
6046 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"");
6051 /* Update the database which keeps information about which messages are waiting
6052 for which hosts to become available. For some message-specific errors, the
6053 update_waiting flag is turned off because we don't want follow-on deliveries in
6054 those cases. If this transport instance is explicitly limited to one message
6055 per connection then follow-on deliveries are not possible and there's no need
6056 to create/update the per-transport wait-<transport_name> database. */
6058 if (update_waiting && tblock->connection_max_messages != 1)
6059 transport_update_waiting(hostlist, tblock->name);
6063 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
6065 return TRUE; /* Each address has its status */
6068 #endif /*!MACRO_PREDEF*/
6071 /* End of transport/smtp.c */
git://git.exim.org / exim.git / blob