1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* A number of functions for driving outgoing SMTP calls. */
13 #include "transports/smtp.h"
17 /*************************************************
18 * Find an outgoing interface *
19 *************************************************/
21 /* This function is called from the smtp transport and also from the callout
22 code in verify.c. Its job is to expand a string to get a list of interfaces,
23 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
26 istring string interface setting, may be NULL, meaning "any", in
27 which case the function does nothing
28 host_af AF_INET or AF_INET6 for the outgoing IP address
29 addr the mail address being handled (for setting errors)
30 interface point this to the interface
31 msg to add to any error message
33 Returns: TRUE on success, FALSE on failure, with error message
34 set in addr and transport_return set to PANIC
38 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
39 uschar **interface, uschar *msg)
41 const uschar * expint;
45 if (!istring) return TRUE;
47 if (!(expint = expand_string(istring)))
49 if (f.expand_string_forcedfail) return TRUE;
50 addr->transport_return = PANIC;
51 addr->message = string_sprintf("failed to expand \"interface\" "
52 "option for %s: %s", msg, expand_string_message);
56 if (is_tainted(expint))
58 log_write(0, LOG_MAIN|LOG_PANIC,
59 "attempt to use tainted value '%s' from '%s' for interface",
61 addr->transport_return = PANIC;
62 addr->message = string_sprintf("failed to expand \"interface\" "
63 "option for %s: configuration error", msg);
67 Uskip_whitespace(&expint);
68 if (!*expint) return TRUE;
70 /* we just tested to ensure no taint, so big_buffer is ok */
71 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
74 if (string_is_ip_address(iface, NULL) == 0)
76 addr->transport_return = PANIC;
77 addr->message = string_sprintf("\"%s\" is not a valid IP "
78 "address for the \"interface\" option for %s",
83 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
87 if (iface) *interface = string_copy(iface);
93 /*************************************************
94 * Find an outgoing port *
95 *************************************************/
97 /* This function is called from the smtp transport and also from the callout
98 code in verify.c. Its job is to find a port number. Note that getservbyname()
99 produces the number in network byte order.
102 rstring raw (unexpanded) string representation of the port
103 addr the mail address being handled (for setting errors)
104 port stick the port in here
105 msg for adding to error message
107 Returns: TRUE on success, FALSE on failure, with error message set
108 in addr, and transport_return set to PANIC
112 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
114 uschar *pstring = expand_string(rstring);
118 addr->transport_return = PANIC;
119 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
120 "for %s: %s", rstring, msg, expand_string_message);
124 if (isdigit(*pstring))
127 *port = Ustrtol(pstring, &end, 0);
128 if (end != pstring + Ustrlen(pstring))
130 addr->transport_return = PANIC;
131 addr->message = string_sprintf("invalid port number for %s: %s", msg,
139 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
142 addr->transport_return = PANIC;
143 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
147 *port = ntohs(smtp_service->s_port);
158 tfo_out_check(int sock)
161 struct tcp_info tinfo;
162 socklen_t len = sizeof(tinfo);
164 /* A getsockopt TCP_FASTOPEN unfortunately returns "was-used" for a TFO/R as
165 well as a TFO/C. Use what we can of the Linux hack below; reliability issues ditto. */
166 switch (tcp_out_fastopen)
168 case TFO_ATTEMPTED_NODATA:
169 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
170 && tinfo.tcpi_state == TCPS_SYN_SENT
171 && tinfo.__tcpi_unacked > 0
174 DEBUG(D_transport|D_v)
175 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.__tcpi_unacked);
176 tcp_out_fastopen = TFO_USED_NODATA;
180 case TFO_ATTEMPTED_DATA:
181 case TFO_ATTEMPTED_DATA:
182 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) XXX no equvalent as of 12.2
186 switch (tcp_out_fastopen)
188 case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
189 default: break; /* compiler quietening */
192 # else /* Linux & Apple */
193 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
194 struct tcp_info tinfo;
195 socklen_t len = sizeof(tinfo);
197 switch (tcp_out_fastopen)
199 /* This is a somewhat dubious detection method; totally undocumented so likely
200 to fail in future kernels. There seems to be no documented way. What we really
201 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
202 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
203 SYN, as distinct from a TFO request. This gets a false-positive when the server
204 key is rotated; we send the old one (which this test sees) but the server returns
205 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
206 To force that rotation case:
207 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
208 The kernel seems to be counting unack'd packets. */
210 case TFO_ATTEMPTED_NODATA:
211 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
212 && tinfo.tcpi_state == TCP_SYN_SENT
213 && tinfo.tcpi_unacked > 1
216 DEBUG(D_transport|D_v)
217 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
218 tcp_out_fastopen = TFO_USED_NODATA;
222 /* When called after waiting for received data we should be able
223 to tell if data we sent was accepted. */
225 case TFO_ATTEMPTED_DATA:
226 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
227 && tinfo.tcpi_state == TCP_ESTABLISHED
229 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
231 DEBUG(D_transport|D_v) debug_printf("TFO: data was acked\n");
232 tcp_out_fastopen = TFO_USED_DATA;
236 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
237 tcp_out_fastopen = TFO_NOT_USED;
241 default: break; /* compiler quietening */
244 # endif /* Linux & Apple */
250 host host item containing name and address and port
251 host_af AF_INET or AF_INET6
253 interface outgoing interface address or NULL
255 timeout timeout value or 0
256 early_data if non-NULL, idempotent data to be sent -
257 preferably in the TCP SYN segment
258 Special case: non-NULL but with NULL blob.data - caller is
259 client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
262 Returns: connected socket number, or -1 with errno set
266 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
267 transport_instance * tb, int timeout, const blob * early_data)
269 smtp_transport_options_block * ob =
270 (smtp_transport_options_block *)tb->options_block;
271 const uschar * dscp = ob->dscp;
277 const blob * fastopen_blob = NULL;
280 #ifndef DISABLE_EVENT
281 deliver_host_address = host->address;
282 deliver_host_port = port;
283 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
286 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
288 /* Set TCP_NODELAY; Exim does its own buffering. */
290 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
291 HDEBUG(D_transport|D_acl|D_v)
292 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
294 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
295 bomb out, just log it and continue in default traffic class. */
297 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
299 HDEBUG(D_transport|D_acl|D_v)
300 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
301 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
302 HDEBUG(D_transport|D_acl|D_v)
303 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
304 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
305 option for both; ignore failures here */
306 if (host_af == AF_INET6 &&
307 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
308 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
311 /* Bind to a specific interface if requested. Caller must ensure the interface
312 is the same type (IPv4 or IPv6) as the outgoing address. */
314 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
317 HDEBUG(D_transport|D_acl|D_v)
318 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
322 /* Connect to the remote host, and add keepalive to the socket before returning
323 it, if requested. If the build supports TFO, request it - and if the caller
324 requested some early-data then include that in the TFO request. If there is
325 early-data but no TFO support, send it after connecting. */
330 /* See if TCP Fast Open usable. Default is a traditional 3WHS connect */
331 if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
334 fastopen_blob = &tcp_fastopen_nodata; /* TFO, with no data */
335 else if (early_data->data)
336 fastopen_blob = early_data; /* TFO, with data */
337 # ifdef TCP_FASTOPEN_CONNECT
339 { /* expecting client data */
340 debug_printf(" set up lazy-connect\n");
341 setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, US &on, sizeof(on));
342 /* fastopen_blob = NULL; lazy TFO, triggered by data write */
348 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
350 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
352 HDEBUG(D_transport|D_acl|D_v)
353 debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
355 if (send(sock, early_data->data, early_data->len, 0) < 0)
359 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
363 /* Either bind() or connect() failed */
367 HDEBUG(D_transport|D_acl|D_v)
369 debug_printf_indent(" failed: %s", CUstrerror(save_errno));
370 if (save_errno == ETIMEDOUT)
371 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
379 /* Both bind() and connect() succeeded, and any early-data */
383 union sockaddr_46 interface_sock;
384 EXIM_SOCKLEN_T size = sizeof(interface_sock);
386 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
387 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
388 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
391 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
392 "getsockname() failed: %s", strerror(errno));
397 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
410 smtp_port_for_connect(host_item * host, int port)
412 if (host->port != PORT_NONE)
414 HDEBUG(D_transport|D_acl|D_v) if (port != host->port)
415 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
419 else host->port = port; /* Set the port actually used */
423 /*************************************************
424 * Connect to remote host *
425 *************************************************/
427 /* Create a socket, and connect it to a remote host. IPv6 addresses are
428 detected by checking for a colon in the address. AF_INET6 is defined even on
429 non-IPv6 systems, to enable the code to be less messy. However, on such systems
430 host->address will always be an IPv4 address.
433 sc details for making connection: host, af, interface, transport
434 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
435 Special case: non-NULL but with NULL blob.data - caller is
436 client-data-first (eg. TLS-on-connect) and a lazy-TCP-connect is
439 Returns: connected socket number, or -1 with errno set
443 smtp_connect(smtp_connect_args * sc, const blob * early_data)
445 int port = sc->host->port;
446 smtp_transport_options_block * ob = sc->ob;
448 callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
450 HDEBUG(D_transport|D_acl|D_v)
453 if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
455 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
457 debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
460 /* Create and connect the socket */
465 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
466 sc->tblock, ob->connect_timeout);
470 if (early_data && early_data->data && early_data->len)
471 if (send(sock, early_data->data, early_data->len, 0) < 0)
473 int save_errno = errno;
474 HDEBUG(D_transport|D_acl|D_v)
476 debug_printf_indent("failed: %s", CUstrerror(save_errno));
477 if (save_errno == ETIMEDOUT)
478 debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
490 return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
491 sc->tblock, ob->connect_timeout, early_data);
495 /*************************************************
496 * Flush outgoing command buffer *
497 *************************************************/
499 /* This function is called only from smtp_write_command() below. It flushes
500 the buffer of outgoing commands. There is more than one in the buffer only when
504 outblock the SMTP output block
505 mode further data expected, or plain
507 Returns: TRUE if OK, FALSE on error, with errno set
511 flush_buffer(smtp_outblock * outblock, int mode)
514 int n = outblock->ptr - outblock->buffer;
515 BOOL more = mode == SCMD_MORE;
517 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
518 more ? " (more expected)" : "");
521 if (outblock->cctx->tls_ctx)
522 rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
527 if (outblock->conn_args)
529 blob early_data = { .data = outblock->buffer, .len = n };
531 /* We ignore the more-flag if we're doing a connect with early-data, which
532 means we won't get BDAT+data. A pity, but wise due to the idempotency
533 requirement: TFO with data can, in rare cases, replay the data to the
536 if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
539 outblock->conn_args = NULL;
544 rc = send(outblock->cctx->sock, outblock->buffer, n,
552 #if defined(__linux__)
553 /* This is a workaround for a current linux kernel bug: as of
554 5.6.8-200.fc31.x86_64 small (<MSS) writes get delayed by about 200ms,
555 This is despite NODELAY being active.
556 https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
559 setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
566 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
570 outblock->ptr = outblock->buffer;
571 outblock->cmd_count = 0;
577 /*************************************************
578 * Write SMTP command *
579 *************************************************/
581 /* The formatted command is left in big_buffer so that it can be reflected in
585 sx SMTP connection, contains buffer for pipelining, and socket
586 mode buffer, write-with-more-likely, write
587 format a format, starting with one of
588 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
589 If NULL, flush pipeline buffer only.
590 ... data for the format
592 Returns: 0 if command added to pipelining buffer, with nothing transmitted
593 +n if n commands transmitted (may still have buffered the new one)
594 -1 on error, with errno set
598 smtp_write_command(void * sx, int mode, const char *format, ...)
600 smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
605 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
608 /* Use taint-unchecked routines for writing into big_buffer, trusting that
609 we'll never expand the results. Actually, the error-message use - leaving
610 the results in big_buffer for potential later use - is uncomfortably distant.
611 XXX Would be better to assume all smtp commands are short, use normal pool
612 alloc rather than big_buffer, and another global for the data-for-error. */
614 va_start(ap, format);
615 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
616 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
619 string_from_gstring(&gs);
621 if (gs.ptr > outblock->buffersize)
622 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
625 if (gs.ptr > outblock->buffersize - (outblock->ptr - outblock->buffer))
627 rc = outblock->cmd_count; /* flush resets */
628 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
631 Ustrncpy(outblock->ptr, gs.s, gs.ptr);
632 outblock->ptr += gs.ptr;
633 outblock->cmd_count++;
634 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
636 /* We want to hide the actual data sent in AUTH transactions from reflections
637 and logs. While authenticating, a flag is set in the outblock to enable this.
638 The AUTH command itself gets any data flattened. Other lines are flattened
641 if (outblock->authenticating)
643 uschar *p = big_buffer;
644 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
647 while (isspace(*p)) p++;
648 while (!isspace(*p)) p++;
649 while (isspace(*p)) p++;
651 while (*p) *p++ = '*';
654 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
657 if (mode != SCMD_BUFFER)
659 rc += outblock->cmd_count; /* flush resets */
660 if (!flush_buffer(outblock, mode)) return -1;
668 /*************************************************
669 * Read one line of SMTP response *
670 *************************************************/
672 /* This function reads one line of SMTP response from the server host. This may
673 not be a complete response - it could be just part of a multiline response. We
674 have to use a buffer for incoming packets, because when pipelining or using
675 LMTP, there may well be more than one response in a single packet. This
676 function is called only from the one that follows.
679 inblock the SMTP input block (contains holding buffer, socket, etc.)
680 buffer where to put the line
681 size space available for the line
682 timelimit deadline for reading the lime, seconds past epoch
684 Returns: length of a line that has been put in the buffer
685 -1 otherwise, with errno set
689 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
692 uschar *ptr = inblock->ptr;
693 uschar *ptrend = inblock->ptrend;
694 client_conn_ctx * cctx = inblock->cctx;
696 /* Loop for reading multiple packets or reading another packet after emptying
697 a previously-read one. */
703 /* If there is data in the input buffer left over from last time, copy
704 characters from it until the end of a line, at which point we can return,
705 having removed any whitespace (which will include CR) at the end of the line.
706 The rules for SMTP say that lines end in CRLF, but there are have been cases
707 of hosts using just LF, and other MTAs are reported to handle this, so we
708 just look for LF. If we run out of characters before the end of a line,
709 carry on to read the next incoming packet. */
716 while (p > buffer && isspace(p[-1])) p--;
724 *p = 0; /* Leave malformed line for error message */
725 errno = ERRNO_SMTPFORMAT;
730 /* Need to read a new input packet. */
732 if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
734 DEBUG(D_deliver|D_transport|D_acl|D_v)
735 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
740 /* Another block of data has been successfully read. Set up the pointers
741 and let the loop continue. */
743 ptrend = inblock->ptrend = inblock->buffer + rc;
744 ptr = inblock->buffer;
745 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
748 /* Get here if there has been some kind of recv() error; errno is set, but we
749 ensure that the result buffer is empty before returning. */
759 /*************************************************
760 * Read SMTP response *
761 *************************************************/
763 /* This function reads an SMTP response with a timeout, and returns the
764 response in the given buffer, as a string. A multiline response will contain
765 newline characters between the lines. The function also analyzes the first
766 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
767 also returned after a reading error. In this case buffer[0] will be zero, and
768 the error code will be in errno.
771 sx the SMTP connection (contains input block with holding buffer,
773 buffer where to put the response
774 size the size of the buffer
775 okdigit the expected first digit of the response
776 timeout the timeout to use, in seconds
778 Returns: TRUE if a valid, non-error response was received; else FALSE
780 /*XXX could move to smtp transport; no other users */
783 smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
786 smtp_context * sx = sx0;
787 uschar * ptr = buffer;
789 time_t timelimit = time(NULL) + timeout;
791 errno = 0; /* Ensure errno starts out zero */
793 #ifndef DISABLE_PIPE_CONNECT
794 if (sx->pending_BANNER || sx->pending_EHLO)
797 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
799 DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
801 if (rc == DEFER) errno = ERRNO_TLSFAILURE;
807 /* This is a loop to read and concatenate the lines that make up a multi-line
812 if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
815 HDEBUG(D_transport|D_acl|D_v)
816 debug_printf_indent(" %s %s\n", ptr == buffer ? "SMTP<<" : " ", ptr);
818 /* Check the format of the response: it must start with three digits; if
819 these are followed by a space or end of line, the response is complete. If
820 they are followed by '-' this is a multi-line response and we must look for
821 another line until the final line is reached. The only use made of multi-line
822 responses is to pass them back as error messages. We therefore just
823 concatenate them all within the buffer, which should be large enough to
824 accept any reasonable number of lines. */
830 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
832 errno = ERRNO_SMTPFORMAT; /* format error */
836 /* If the line we have just read is a terminal line, line, we are done.
837 Otherwise more data has to be read. */
839 if (ptr[3] != '-') break;
841 /* Move the reading pointer upwards in the buffer and insert \n between the
842 components of a multiline response. Space is left for this by read_response_
851 tfo_out_check(sx->cctx.sock);
854 /* Return a value that depends on the SMTP return code. On some systems a
855 non-zero value of errno has been seen at this point, so ensure it is zero,
856 because the caller of this function looks at errno when FALSE is returned, to
857 distinguish between an unexpected return code and other errors such as
858 timeouts, lost connections, etc. */
861 return buffer[0] == okdigit;
864 /* End of smtp_out.c */