1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* A number of functions for driving outgoing SMTP calls. */
13 #include "transports/smtp.h"
17 /*************************************************
18 * Find an outgoing interface *
19 *************************************************/
21 /* This function is called from the smtp transport and also from the callout
22 code in verify.c. Its job is to expand a string to get a list of interfaces,
23 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
26 istring string interface setting, may be NULL, meaning "any", in
27 which case the function does nothing
28 host_af AF_INET or AF_INET6 for the outgoing IP address
29 addr the mail address being handled (for setting errors)
30 interface point this to the interface
31 msg to add to any error message
33 Returns: TRUE on success, FALSE on failure, with error message
34 set in addr and transport_return set to PANIC
38 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
39 uschar **interface, uschar *msg)
41 const uschar * expint;
45 if (!istring) return TRUE;
47 if (!(expint = expand_string(istring)))
49 if (f.expand_string_forcedfail) return TRUE;
50 addr->transport_return = PANIC;
51 addr->message = string_sprintf("failed to expand \"interface\" "
52 "option for %s: %s", msg, expand_string_message);
56 if (is_tainted2(expint, LOG_MAIN|LOG_PANIC, "Tainted value '%s' from '%s' for interface", expint, istring))
58 addr->transport_return = PANIC;
59 addr->message = string_sprintf("failed to expand \"interface\" "
60 "option for %s: configuration error", msg);
64 Uskip_whitespace(&expint);
65 if (!*expint) return TRUE;
67 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
70 if (string_is_ip_address(iface, NULL) == 0)
72 addr->transport_return = PANIC;
73 addr->message = string_sprintf("\"%s\" is not a valid IP "
74 "address for the \"interface\" option for %s",
79 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
83 if (iface) *interface = string_copy(iface);
89 /*************************************************
90 * Find an outgoing port *
91 *************************************************/
93 /* This function is called from the smtp transport and also from the callout
94 code in verify.c. Its job is to find a port number. Note that getservbyname()
95 produces the number in network byte order.
98 rstring raw (unexpanded) string representation of the port
99 addr the mail address being handled (for setting errors)
100 port stick the port in here
101 msg for adding to error message
103 Returns: TRUE on success, FALSE on failure, with error message set
104 in addr, and transport_return set to PANIC
108 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
110 uschar *pstring = expand_string(rstring);
114 addr->transport_return = PANIC;
115 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
116 "for %s: %s", rstring, msg, expand_string_message);
120 if (isdigit(*pstring))
123 *port = Ustrtol(pstring, &end, 0);
124 if (end != pstring + Ustrlen(pstring))
126 addr->transport_return = PANIC;
127 addr->message = string_sprintf("invalid port number for %s: %s", msg,
135 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
138 addr->transport_return = PANIC;
139 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
143 *port = ntohs(smtp_service->s_port);
154 tfo_out_check(int sock)
157 struct tcp_info tinfo;
159 socklen_t len = sizeof(val);
161 /* The observability as of 12.1 is not useful as a client, only telling us that
162 a TFO option was used on SYN. It could have been a TFO-R, or ignored by the
166 if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA)
167 if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {}
169 switch (tcp_out_fastopen)
171 case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break;
172 case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
173 default: break; /* compiler quietening */
176 # else /* Linux & Apple */
177 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
178 struct tcp_info tinfo;
179 socklen_t len = sizeof(tinfo);
181 switch (tcp_out_fastopen)
183 /* This is a somewhat dubious detection method; totally undocumented so likely
184 to fail in future kernels. There seems to be no documented way. What we really
185 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
186 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
187 SYN, as distinct from a TFO request. This gets a false-positive when the server
188 key is rotated; we send the old one (which this test sees) but the server returns
189 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
190 To force that rotation case:
191 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
192 The kernel seems to be counting unack'd packets. */
194 case TFO_ATTEMPTED_NODATA:
195 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
196 && tinfo.tcpi_state == TCP_SYN_SENT
197 && tinfo.tcpi_unacked > 1
200 DEBUG(D_transport|D_v)
201 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
202 tcp_out_fastopen = TFO_USED_NODATA;
206 /* When called after waiting for received data we should be able
207 to tell if data we sent was accepted. */
209 case TFO_ATTEMPTED_DATA:
210 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
211 && tinfo.tcpi_state == TCP_ESTABLISHED
213 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
215 DEBUG(D_transport|D_v) debug_printf("TFO: data was acked\n");
216 tcp_out_fastopen = TFO_USED_DATA;
220 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
221 tcp_out_fastopen = TFO_NOT_USED;
225 default: break; /* compiler quietening */
228 # endif /* Linux & Apple */
233 /* Arguments as for smtp_connect(), plus
234 early_data if non-NULL, idenmpotent data to be sent -
235 preferably in the TCP SYN segment
237 Returns: connected socket number, or -1 with errno set
241 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
242 transport_instance * tb, int timeout, const blob * early_data)
244 smtp_transport_options_block * ob =
245 (smtp_transport_options_block *)tb->options_block;
246 const uschar * dscp = ob->dscp;
252 const blob * fastopen_blob = NULL;
255 #ifndef DISABLE_EVENT
256 deliver_host_address = host->address;
257 deliver_host_port = port;
258 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
261 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
263 /* Set TCP_NODELAY; Exim does its own buffering. */
265 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
266 HDEBUG(D_transport|D_acl|D_v)
267 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
269 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
270 bomb out, just log it and continue in default traffic class. */
272 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
274 HDEBUG(D_transport|D_acl|D_v)
275 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
276 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
277 HDEBUG(D_transport|D_acl|D_v)
278 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
279 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
280 option for both; ignore failures here */
281 if (host_af == AF_INET6 &&
282 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
283 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
286 /* Bind to a specific interface if requested. Caller must ensure the interface
287 is the same type (IPv4 or IPv6) as the outgoing address. */
289 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
292 HDEBUG(D_transport|D_acl|D_v)
293 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
297 /* Connect to the remote host, and add keepalive to the socket before returning
298 it, if requested. If the build supports TFO, request it - and if the caller
299 requested some early-data then include that in the TFO request. If there is
300 early-data but no TFO support, send it after connecting. */
305 if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
306 fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
309 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
311 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
313 HDEBUG(D_transport|D_acl|D_v)
314 debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
317 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
319 if (send(sock, early_data->data, early_data->len, 0) < 0)
324 /* Either bind() or connect() failed */
328 HDEBUG(D_transport|D_acl|D_v)
330 debug_printf_indent(" failed: %s", CUstrerror(save_errno));
331 if (save_errno == ETIMEDOUT)
332 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
340 /* Both bind() and connect() succeeded, and any early-data */
344 union sockaddr_46 interface_sock;
345 EXIM_SOCKLEN_T size = sizeof(interface_sock);
347 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
348 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
349 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
352 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
353 "getsockname() failed: %s", strerror(errno));
358 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
371 smtp_port_for_connect(host_item * host, int port)
373 if (host->port != PORT_NONE)
375 HDEBUG(D_transport|D_acl|D_v) if (port != host->port)
376 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
380 else host->port = port; /* Set the port actually used */
384 /*************************************************
385 * Connect to remote host *
386 *************************************************/
388 /* Create a socket, and connect it to a remote host. IPv6 addresses are
389 detected by checking for a colon in the address. AF_INET6 is defined even on
390 non-IPv6 systems, to enable the code to be less messy. However, on such systems
391 host->address will always be an IPv4 address.
394 sc details for making connection: host, af, interface, transport
395 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
397 Returns: connected socket number, or -1 with errno set
401 smtp_connect(smtp_connect_args * sc, const blob * early_data)
403 int port = sc->host->port;
404 smtp_transport_options_block * ob = sc->ob;
406 callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
408 HDEBUG(D_transport|D_acl|D_v)
411 if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
413 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
415 debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
418 /* Create and connect the socket */
423 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
424 sc->tblock, ob->connect_timeout);
428 if (early_data && early_data->data && early_data->len)
429 if (send(sock, early_data->data, early_data->len, 0) < 0)
431 int save_errno = errno;
432 HDEBUG(D_transport|D_acl|D_v)
434 debug_printf_indent("failed: %s", CUstrerror(save_errno));
435 if (save_errno == ETIMEDOUT)
436 debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
448 return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
449 sc->tblock, ob->connect_timeout, early_data);
453 /*************************************************
454 * Flush outgoing command buffer *
455 *************************************************/
457 /* This function is called only from smtp_write_command() below. It flushes
458 the buffer of outgoing commands. There is more than one in the buffer only when
462 outblock the SMTP output block
463 mode further data expected, or plain
465 Returns: TRUE if OK, FALSE on error, with errno set
469 flush_buffer(smtp_outblock * outblock, int mode)
472 int n = outblock->ptr - outblock->buffer;
473 BOOL more = mode == SCMD_MORE;
475 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
476 more ? " (more expected)" : "");
479 if (outblock->cctx->tls_ctx)
480 rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
485 if (outblock->conn_args)
487 blob early_data = { .data = outblock->buffer, .len = n };
489 /* We ignore the more-flag if we're doing a connect with early-data, which
490 means we won't get BDAT+data. A pity, but wise due to the idempotency
491 requirement: TFO with data can, in rare cases, replay the data to the
494 if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
497 outblock->conn_args = NULL;
502 rc = send(outblock->cctx->sock, outblock->buffer, n,
510 #if defined(__linux__)
511 /* This is a workaround for a current linux kernel bug: as of
512 5.6.8-200.fc31.x86_64 small (<MSS) writes get delayed by about 200ms,
513 This is despite NODELAY being active.
514 https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
517 setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
524 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
528 outblock->ptr = outblock->buffer;
529 outblock->cmd_count = 0;
535 /*************************************************
536 * Write SMTP command *
537 *************************************************/
539 /* The formatted command is left in big_buffer so that it can be reflected in
543 sx SMTP connection, contains buffer for pipelining, and socket
544 mode buffer, write-with-more-likely, write
545 format a format, starting with one of
546 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
547 If NULL, flush pipeline buffer only.
548 ... data for the format
550 Returns: 0 if command added to pipelining buffer, with nothing transmitted
551 +n if n commands transmitted (may still have buffered the new one)
552 -1 on error, with errno set
556 smtp_write_command(void * sx, int mode, const char *format, ...)
558 smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
563 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
566 /* Use taint-unchecked routines for writing into big_buffer, trusting that
567 we'll never expand the results. Actually, the error-message use - leaving
568 the results in big_buffer for potential later use - is uncomfortably distant.
569 XXX Would be better to assume all smtp commands are short, use normal pool
570 alloc rather than big_buffer, and another global for the data-for-error. */
572 va_start(ap, format);
573 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
574 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
577 string_from_gstring(&gs);
579 if (gs.ptr > outblock->buffersize)
580 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
583 if (gs.ptr > outblock->buffersize - (outblock->ptr - outblock->buffer))
585 rc = outblock->cmd_count; /* flush resets */
586 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
589 Ustrncpy(outblock->ptr, gs.s, gs.ptr);
590 outblock->ptr += gs.ptr;
591 outblock->cmd_count++;
592 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
594 /* We want to hide the actual data sent in AUTH transactions from reflections
595 and logs. While authenticating, a flag is set in the outblock to enable this.
596 The AUTH command itself gets any data flattened. Other lines are flattened
599 if (outblock->authenticating)
601 uschar *p = big_buffer;
602 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
605 while (isspace(*p)) p++;
606 while (!isspace(*p)) p++;
607 while (isspace(*p)) p++;
609 while (*p != 0) *p++ = '*';
612 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
615 if (mode != SCMD_BUFFER)
617 rc += outblock->cmd_count; /* flush resets */
618 if (!flush_buffer(outblock, mode)) return -1;
626 /*************************************************
627 * Read one line of SMTP response *
628 *************************************************/
630 /* This function reads one line of SMTP response from the server host. This may
631 not be a complete response - it could be just part of a multiline response. We
632 have to use a buffer for incoming packets, because when pipelining or using
633 LMTP, there may well be more than one response in a single packet. This
634 function is called only from the one that follows.
637 inblock the SMTP input block (contains holding buffer, socket, etc.)
638 buffer where to put the line
639 size space available for the line
640 timelimit deadline for reading the lime, seconds past epoch
642 Returns: length of a line that has been put in the buffer
643 -1 otherwise, with errno set
647 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
650 uschar *ptr = inblock->ptr;
651 uschar *ptrend = inblock->ptrend;
652 client_conn_ctx * cctx = inblock->cctx;
654 /* Loop for reading multiple packets or reading another packet after emptying
655 a previously-read one. */
661 /* If there is data in the input buffer left over from last time, copy
662 characters from it until the end of a line, at which point we can return,
663 having removed any whitespace (which will include CR) at the end of the line.
664 The rules for SMTP say that lines end in CRLF, but there are have been cases
665 of hosts using just LF, and other MTAs are reported to handle this, so we
666 just look for LF. If we run out of characters before the end of a line,
667 carry on to read the next incoming packet. */
674 while (p > buffer && isspace(p[-1])) p--;
682 *p = 0; /* Leave malformed line for error message */
683 errno = ERRNO_SMTPFORMAT;
688 /* Need to read a new input packet. */
690 if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
692 DEBUG(D_deliver|D_transport|D_acl|D_v)
693 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
698 /* Another block of data has been successfully read. Set up the pointers
699 and let the loop continue. */
701 ptrend = inblock->ptrend = inblock->buffer + rc;
702 ptr = inblock->buffer;
703 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
706 /* Get here if there has been some kind of recv() error; errno is set, but we
707 ensure that the result buffer is empty before returning. */
717 /*************************************************
718 * Read SMTP response *
719 *************************************************/
721 /* This function reads an SMTP response with a timeout, and returns the
722 response in the given buffer, as a string. A multiline response will contain
723 newline characters between the lines. The function also analyzes the first
724 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
725 also returned after a reading error. In this case buffer[0] will be zero, and
726 the error code will be in errno.
729 sx the SMTP connection (contains input block with holding buffer,
731 buffer where to put the response
732 size the size of the buffer
733 okdigit the expected first digit of the response
734 timeout the timeout to use, in seconds
736 Returns: TRUE if a valid, non-error response was received; else FALSE
738 /*XXX could move to smtp transport; no other users */
741 smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
744 smtp_context * sx = sx0;
745 uschar * ptr = buffer;
747 time_t timelimit = time(NULL) + timeout;
749 errno = 0; /* Ensure errno starts out zero */
751 #ifndef DISABLE_PIPE_CONNECT
752 if (sx->pending_BANNER || sx->pending_EHLO)
755 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
757 DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
759 if (rc == DEFER) errno = ERRNO_TLSFAILURE;
765 /* This is a loop to read and concatenate the lines that make up a multi-line
770 if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
773 HDEBUG(D_transport|D_acl|D_v)
774 debug_printf_indent(" %s %s\n", ptr == buffer ? "SMTP<<" : " ", ptr);
776 /* Check the format of the response: it must start with three digits; if
777 these are followed by a space or end of line, the response is complete. If
778 they are followed by '-' this is a multi-line response and we must look for
779 another line until the final line is reached. The only use made of multi-line
780 responses is to pass them back as error messages. We therefore just
781 concatenate them all within the buffer, which should be large enough to
782 accept any reasonable number of lines. */
788 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
790 errno = ERRNO_SMTPFORMAT; /* format error */
794 /* If the line we have just read is a terminal line, line, we are done.
795 Otherwise more data has to be read. */
797 if (ptr[3] != '-') break;
799 /* Move the reading pointer upwards in the buffer and insert \n between the
800 components of a multiline response. Space is left for this by read_response_
809 tfo_out_check(sx->cctx.sock);
812 /* Return a value that depends on the SMTP return code. On some systems a
813 non-zero value of errno has been seen at this point, so ensure it is zero,
814 because the caller of this function looks at errno when FALSE is returned, to
815 distinguish between an unexpected return code and other errors such as
816 timeouts, lost connections, etc. */
819 return buffer[0] == okdigit;
822 /* End of smtp_out.c */