1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "dscp", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dscp) },
60 { "fallback_hosts", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
62 { "final_timeout", opt_time,
63 (void *)offsetof(smtp_transport_options_block, final_timeout) },
64 { "gethostbyname", opt_bool,
65 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
67 /* These are no longer honoured, as of Exim 4.80; for now, we silently
68 ignore; a later release will warn, and a later-still release will remove
69 these options, so that using them becomes an error. */
70 { "gnutls_require_kx", opt_stringptr,
71 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
72 { "gnutls_require_mac", opt_stringptr,
73 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
74 { "gnutls_require_protocols", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
77 { "helo_data", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, helo_data) },
79 { "hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, hosts) },
81 { "hosts_avoid_esmtp", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
83 { "hosts_avoid_pipelining", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
86 { "hosts_avoid_tls", opt_stringptr,
87 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
89 { "hosts_max_try", opt_int,
90 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
91 { "hosts_max_try_hardlimit", opt_int,
92 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
94 { "hosts_nopass_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
97 { "hosts_override", opt_bool,
98 (void *)offsetof(smtp_transport_options_block, hosts_override) },
99 { "hosts_randomize", opt_bool,
100 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
101 { "hosts_require_auth", opt_stringptr,
102 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
104 # if defined EXPERIMENTAL_OCSP
105 { "hosts_require_ocsp", opt_stringptr,
106 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
108 { "hosts_require_tls", opt_stringptr,
109 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
111 { "hosts_try_auth", opt_stringptr,
112 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
113 #ifdef EXPERIMENTAL_PRDR
114 { "hosts_try_prdr", opt_stringptr,
115 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
118 { "hosts_verify_avoid_tls", opt_stringptr,
119 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
121 { "interface", opt_stringptr,
122 (void *)offsetof(smtp_transport_options_block, interface) },
123 { "keepalive", opt_bool,
124 (void *)offsetof(smtp_transport_options_block, keepalive) },
125 { "lmtp_ignore_quota", opt_bool,
126 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
127 { "max_rcpt", opt_int | opt_public,
128 (void *)offsetof(transport_instance, max_addresses) },
129 { "multi_domain", opt_bool | opt_public,
130 (void *)offsetof(transport_instance, multi_domain) },
131 { "port", opt_stringptr,
132 (void *)offsetof(smtp_transport_options_block, port) },
133 { "protocol", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, protocol) },
135 { "retry_include_ip_address", opt_bool,
136 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
137 { "serialize_hosts", opt_stringptr,
138 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
139 { "size_addition", opt_int,
140 (void *)offsetof(smtp_transport_options_block, size_addition) }
142 ,{ "tls_certificate", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
144 { "tls_crl", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, tls_crl) },
146 { "tls_dh_min_bits", opt_int,
147 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
148 { "tls_privatekey", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
150 { "tls_require_ciphers", opt_stringptr,
151 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
152 { "tls_sni", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_sni) },
154 { "tls_tempfail_tryclear", opt_bool,
155 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
156 { "tls_verify_certificates", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
159 #ifdef EXPERIMENTAL_TPDA
160 ,{ "tpda_host_defer_action", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
165 /* Size of the options list. An extern variable has to be used so that its
166 address can appear in the tables drtables.c. */
168 int smtp_transport_options_count =
169 sizeof(smtp_transport_options)/sizeof(optionlist);
171 /* Default private options block for the smtp transport. */
173 smtp_transport_options_block smtp_transport_option_defaults = {
175 NULL, /* fallback_hosts */
177 NULL, /* fallback_hostlist */
178 NULL, /* authenticated_sender */
179 US"$primary_hostname", /* helo_data */
180 NULL, /* interface */
182 US"smtp", /* protocol */
184 NULL, /* serialize_hosts */
185 NULL, /* hosts_try_auth */
186 NULL, /* hosts_require_auth */
187 #ifdef EXPERIMENTAL_PRDR
188 NULL, /* hosts_try_prdr */
190 #ifdef EXPERIMENTAL_OCSP
191 NULL, /* hosts_require_ocsp */
193 NULL, /* hosts_require_tls */
194 NULL, /* hosts_avoid_tls */
195 US"*", /* hosts_verify_avoid_tls */
196 NULL, /* hosts_avoid_pipelining */
197 NULL, /* hosts_avoid_esmtp */
198 NULL, /* hosts_nopass_tls */
199 5*60, /* command_timeout */
200 5*60, /* connect_timeout; shorter system default overrides */
201 5*60, /* data timeout */
202 10*60, /* final timeout */
203 1024, /* size_addition */
204 5, /* hosts_max_try */
205 50, /* hosts_max_try_hardlimit */
206 TRUE, /* address_retry_include_sender */
207 FALSE, /* allow_localhost */
208 FALSE, /* authenticated_sender_force */
209 FALSE, /* gethostbyname */
210 TRUE, /* dns_qualify_single */
211 FALSE, /* dns_search_parents */
212 TRUE, /* delay_after_cutoff */
213 FALSE, /* hosts_override */
214 FALSE, /* hosts_randomize */
215 TRUE, /* keepalive */
216 FALSE, /* lmtp_ignore_quota */
217 TRUE /* retry_include_ip_address */
219 ,NULL, /* tls_certificate */
221 NULL, /* tls_privatekey */
222 NULL, /* tls_require_ciphers */
223 NULL, /* gnutls_require_kx */
224 NULL, /* gnutls_require_mac */
225 NULL, /* gnutls_require_proto */
227 NULL, /* tls_verify_certificates */
228 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
229 /* tls_dh_min_bits */
230 TRUE /* tls_tempfail_tryclear */
233 ,NULL, /* dkim_canon */
234 NULL, /* dkim_domain */
235 NULL, /* dkim_private_key */
236 NULL, /* dkim_selector */
237 NULL, /* dkim_sign_headers */
238 NULL /* dkim_strict */
240 #ifdef EXPERIMENTAL_TPDA
241 ,NULL /* tpda_host_defer_action */
248 static uschar *smtp_command; /* Points to last cmd for error messages */
249 static uschar *mail_command; /* Points to MAIL cmd for error messages */
250 static BOOL update_waiting; /* TRUE to update the "wait" database */
253 /*************************************************
254 * Setup entry point *
255 *************************************************/
257 /* This function is called when the transport is about to be used,
258 but before running it in a sub-process. It is used for two things:
260 (1) To set the fallback host list in addresses, when delivering.
261 (2) To pass back the interface, port, protocol, and other options, for use
262 during callout verification.
265 tblock pointer to the transport instance block
266 addrlist list of addresses about to be transported
267 tf if not NULL, pointer to block in which to return options
268 uid the uid that will be set (not used)
269 gid the gid that will be set (not used)
270 errmsg place for error message (not used)
272 Returns: OK always (FAIL, DEFER not used)
276 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
277 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
279 smtp_transport_options_block *ob =
280 (smtp_transport_options_block *)(tblock->options_block);
282 errmsg = errmsg; /* Keep picky compilers happy */
286 /* Pass back options if required. This interface is getting very messy. */
290 tf->interface = ob->interface;
292 tf->protocol = ob->protocol;
293 tf->hosts = ob->hosts;
294 tf->hosts_override = ob->hosts_override;
295 tf->hosts_randomize = ob->hosts_randomize;
296 tf->gethostbyname = ob->gethostbyname;
297 tf->qualify_single = ob->dns_qualify_single;
298 tf->search_parents = ob->dns_search_parents;
299 tf->helo_data = ob->helo_data;
302 /* Set the fallback host list for all the addresses that don't have fallback
303 host lists, provided that the local host wasn't present in the original host
306 if (!testflag(addrlist, af_local_host_removed))
308 for (; addrlist != NULL; addrlist = addrlist->next)
309 if (addrlist->fallback_hosts == NULL)
310 addrlist->fallback_hosts = ob->fallback_hostlist;
318 /*************************************************
319 * Initialization entry point *
320 *************************************************/
322 /* Called for each instance, after its options have been read, to
323 enable consistency checks to be done, or anything else that needs
326 Argument: pointer to the transport instance block
331 smtp_transport_init(transport_instance *tblock)
333 smtp_transport_options_block *ob =
334 (smtp_transport_options_block *)(tblock->options_block);
336 /* Retry_use_local_part defaults FALSE if unset */
338 if (tblock->retry_use_local_part == TRUE_UNSET)
339 tblock->retry_use_local_part = FALSE;
341 /* Set the default port according to the protocol */
343 if (ob->port == NULL)
344 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
345 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
347 /* Set up the setup entry point, to be called before subprocesses for this
350 tblock->setup = smtp_transport_setup;
352 /* Complain if any of the timeouts are zero. */
354 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
355 ob->final_timeout <= 0)
356 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
357 "command, data, or final timeout value is zero for %s transport",
360 /* If hosts_override is set and there are local hosts, set the global
361 flag that stops verify from showing router hosts. */
363 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
365 /* If there are any fallback hosts listed, build a chain of host items
366 for them, but do not do any lookups at this time. */
368 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
375 /*************************************************
376 * Set delivery info into all active addresses *
377 *************************************************/
379 /* Only addresses whose status is >= PENDING are relevant. A lesser
380 status means that an address is not currently being processed.
383 addrlist points to a chain of addresses
384 errno_value to put in each address's errno field
385 msg to put in each address's message field
386 rc to put in each address's transport_return field
387 pass_message if TRUE, set the "pass message" flag in the address
389 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
390 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
391 this particular type of timeout.
397 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
402 if (errno_value == ERRNO_CONNECTTIMEOUT)
404 errno_value = ETIMEDOUT;
405 orvalue = RTEF_CTOUT;
407 for (addr = addrlist; addr != NULL; addr = addr->next)
409 if (addr->transport_return < PENDING) continue;
410 addr->basic_errno = errno_value;
411 addr->more_errno |= orvalue;
415 if (pass_message) setflag(addr, af_pass_message);
417 addr->transport_return = rc;
423 /*************************************************
424 * Check an SMTP response *
425 *************************************************/
427 /* This function is given an errno code and the SMTP response buffer
428 to analyse, together with the host identification for generating messages. It
429 sets an appropriate message and puts the first digit of the response code into
430 the yield variable. If no response was actually read, a suitable digit is
434 host the current host, to get its name for messages
435 errno_value pointer to the errno value
436 more_errno from the top address for use with ERRNO_FILTER_FAIL
437 buffer the SMTP response buffer
438 yield where to put a one-digit SMTP response code
439 message where to put an errror message
440 pass_message set TRUE if message is an SMTP response
442 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
445 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
446 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
450 if (smtp_use_pipelining &&
451 (Ustrcmp(smtp_command, "MAIL") == 0 ||
452 Ustrcmp(smtp_command, "RCPT") == 0 ||
453 Ustrcmp(smtp_command, "DATA") == 0))
456 *yield = '4'; /* Default setting is to give a temporary error */
458 /* Handle response timeout */
460 if (*errno_value == ETIMEDOUT)
462 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
463 "after %s%s", host->name, host->address, pl, smtp_command);
464 if (transport_count > 0)
465 *message = US string_sprintf("%s (%d bytes written)", *message,
470 /* Handle malformed SMTP response */
472 if (*errno_value == ERRNO_SMTPFORMAT)
474 uschar *malfresp = string_printing(buffer);
475 while (isspace(*malfresp)) malfresp++;
477 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
478 "%s [%s] in response to %s%s", host->name, host->address, pl,
481 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
482 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
486 /* Handle a failed filter process error; can't send QUIT as we mustn't
489 if (*errno_value == ERRNO_FILTER_FAIL)
491 *message = US string_sprintf("transport filter process failed (%d)%s",
493 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
497 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
500 if (*errno_value == ERRNO_CHHEADER_FAIL)
503 US string_sprintf("failed to expand headers_add or headers_remove: %s",
504 expand_string_message);
508 /* Handle failure to write a complete data block */
510 if (*errno_value == ERRNO_WRITEINCOMPLETE)
512 *message = US string_sprintf("failed to write a data block");
516 /* Handle error responses from the remote mailer. */
520 uschar *s = string_printing(buffer);
521 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
522 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
523 *pass_message = TRUE;
528 /* No data was read. If there is no errno, this must be the EOF (i.e.
529 connection closed) case, which causes deferral. An explicit connection reset
530 error has the same effect. Otherwise, put the host's identity in the message,
531 leaving the errno value to be interpreted as well. In all cases, we have to
532 assume the connection is now dead. */
534 if (*errno_value == 0 || *errno_value == ECONNRESET)
536 *errno_value = ERRNO_SMTPCLOSED;
537 *message = US string_sprintf("Remote host %s [%s] closed connection "
538 "in response to %s%s", host->name, host->address, pl, smtp_command);
540 else *message = US string_sprintf("%s [%s]", host->name, host->address);
547 /*************************************************
548 * Write error message to logs *
549 *************************************************/
551 /* This writes to the main log and to the message log.
554 addr the address item containing error information
555 host the current host
561 write_logs(address_item *addr, host_item *host)
563 if (addr->message != NULL)
565 uschar *message = addr->message;
566 if (addr->basic_errno > 0)
567 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
568 log_write(0, LOG_MAIN, "%s", message);
569 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
574 ((log_extra_selector & LX_outgoing_port) != 0)?
575 string_sprintf("%s [%s]:%d", host->name, host->address,
576 (host->port == PORT_NONE)? 25 : host->port)
578 string_sprintf("%s [%s]", host->name, host->address);
579 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
580 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
581 strerror(addr->basic_errno));
587 #ifdef EXPERIMENTAL_TPDA
588 /*************************************************
589 * Post-defer action *
590 *************************************************/
592 /* This expands an arbitrary per-transport string.
593 It might, for example, be used to write to the database log.
596 ob transport options block
597 addr the address item containing error information
598 host the current host
604 tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
606 uschar *action = ob->tpda_host_defer_action;
610 tpda_delivery_ip = string_copy(host->address);
611 tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
612 tpda_delivery_fqdn = string_copy(host->name);
613 tpda_delivery_local_part = string_copy(addr->local_part);
614 tpda_delivery_domain = string_copy(addr->domain);
615 tpda_defer_errno = addr->basic_errno;
617 tpda_defer_errstr = addr->message
618 ? addr->basic_errno > 0
619 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
620 : string_copy(addr->message)
621 : addr->basic_errno > 0
622 ? string_copy(strerror(addr->basic_errno))
626 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
627 action, tpda_delivery_ip);
629 router_name = addr->router->name;
630 transport_name = addr->transport->name;
631 if (!expand_string(action) && *expand_string_message)
632 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
633 transport_name, expand_string_message);
634 router_name = transport_name = NULL;
640 /*************************************************
641 * Synchronize SMTP responses *
642 *************************************************/
644 /* This function is called from smtp_deliver() to receive SMTP responses from
645 the server, and match them up with the commands to which they relate. When
646 PIPELINING is not in use, this function is called after every command, and is
647 therefore somewhat over-engineered, but it is simpler to use a single scheme
648 that works both with and without PIPELINING instead of having two separate sets
651 The set of commands that are buffered up with pipelining may start with MAIL
652 and may end with DATA; in between are RCPT commands that correspond to the
653 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
654 etc.) are never buffered.
656 Errors after MAIL or DATA abort the whole process leaving the response in the
657 buffer. After MAIL, pending responses are flushed, and the original command is
658 re-instated in big_buffer for error messages. For RCPT commands, the remote is
659 permitted to reject some recipient addresses while accepting others. However
660 certain errors clearly abort the whole process. Set the value in
661 transport_return to PENDING_OK if the address is accepted. If there is a
662 subsequent general error, it will get reset accordingly. If not, it will get
663 converted to OK at the end.
666 addrlist the complete address list
667 include_affixes TRUE if affixes include in RCPT
668 sync_addr ptr to the ptr of the one to start scanning at (updated)
669 host the host we are connected to
670 count the number of responses to read
672 include_sender true if 4xx retry is to include the sender it its key
673 pending_MAIL true if the first response is for MAIL
674 pending_DATA 0 if last command sent was not DATA
675 +1 if previously had a good recipient
676 -1 if not previously had a good recipient
677 inblock incoming SMTP block
678 timeout timeout value
679 buffer buffer for reading response
680 buffsize size of buffer
682 Returns: 3 if at least one address had 2xx and one had 5xx
683 2 if at least one address had 5xx but none had 2xx
684 1 if at least one host had a 2xx response, but none had 5xx
685 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
686 -1 timeout while reading RCPT response
687 -2 I/O or other non-response error for RCPT
688 -3 DATA or MAIL failed - errno and buffer set
692 sync_responses(address_item *addrlist, BOOL include_affixes,
693 address_item **sync_addr, host_item *host, int count,
694 BOOL address_retry_include_sender, BOOL pending_MAIL,
695 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
698 address_item *addr = *sync_addr;
701 /* Handle the response for a MAIL command. On error, reinstate the original
702 command in big_buffer for error message use, and flush any further pending
703 responses before returning, except after I/O errors and timeouts. */
708 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
710 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
711 if (errno == 0 && buffer[0] != 0)
713 uschar flushbuffer[4096];
715 if (buffer[0] == '4')
717 save_errno = ERRNO_MAIL4XX;
718 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
722 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
724 && (errno != 0 || flushbuffer[0] == 0))
733 if (pending_DATA) count--; /* Number of RCPT responses to come */
735 /* Read and handle the required number of RCPT responses, matching each one up
736 with an address by scanning for the next address whose status is PENDING_DEFER.
741 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
743 /* The address was accepted */
745 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
748 addr->transport_return = PENDING_OK;
750 /* If af_dr_retry_exists is set, there was a routing delay on this address;
751 ensure that any address-specific retry record is expunged. We do this both
752 for the basic key and for the version that also includes the sender. */
754 if (testflag(addr, af_dr_retry_exists))
756 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
758 retry_add_item(addr, altkey, rf_delete);
759 retry_add_item(addr, addr->address_retry_key, rf_delete);
763 /* Timeout while reading the response */
765 else if (errno == ETIMEDOUT)
767 int save_errno = errno;
768 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
769 "after RCPT TO:<%s>", host->name, host->address,
770 transport_rcpt_address(addr, include_affixes));
771 set_errno(addrlist, save_errno, message, DEFER, FALSE);
772 retry_add_item(addr, addr->address_retry_key, 0);
773 update_waiting = FALSE;
777 /* Handle other errors in obtaining an SMTP response by returning -1. This
778 will cause all the addresses to be deferred. Restore the SMTP command in
779 big_buffer for which we are checking the response, so the error message
782 else if (errno != 0 || buffer[0] == 0)
784 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
785 transport_rcpt_address(addr, include_affixes));
789 /* Handle SMTP permanent and temporary response codes. */
794 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
795 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
796 host->name, host->address, string_printing(buffer));
797 setflag(addr, af_pass_message);
798 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
800 /* The response was 5xx */
802 if (buffer[0] == '5')
804 addr->transport_return = FAIL;
808 /* The response was 4xx */
812 addr->transport_return = DEFER;
813 addr->basic_errno = ERRNO_RCPT4XX;
814 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
816 /* Log temporary errors if there are more hosts to be tried. */
818 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
820 /* Do not put this message on the list of those waiting for specific
821 hosts, as otherwise it is likely to be tried too often. */
823 update_waiting = FALSE;
825 /* Add a retry item for the address so that it doesn't get tried again
826 too soon. If address_retry_include_sender is true, add the sender address
829 if (address_retry_include_sender)
831 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
833 retry_add_item(addr, altkey, 0);
835 else retry_add_item(addr, addr->address_retry_key, 0);
838 } /* Loop for next RCPT response */
840 /* Update where to start at for the next block of responses, unless we
841 have already handled all the addresses. */
843 if (addr != NULL) *sync_addr = addr->next;
845 /* Handle a response to DATA. If we have not had any good recipients, either
846 previously or in this block, the response is ignored. */
848 if (pending_DATA != 0 &&
849 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
854 if (pending_DATA > 0 || (yield & 1) != 0)
856 if (errno == 0 && buffer[0] == '4')
858 errno = ERRNO_DATA4XX;
859 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
863 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
864 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
865 "is in use and there were no good recipients\n", msg);
868 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
869 present) received 3xx. If any RCPTs were handled and yielded anything other
870 than 4xx, yield will be set non-zero. */
877 /* Do the client side of smtp-level authentication */
880 buffer EHLO response from server (gets overwritten)
881 addrlist chain of potential addresses to deliver
882 host host to deliver to
884 ibp, obp comms channel control blocks
887 OK Success, or failed (but not required): global "smtp_authenticated" set
888 DEFER Failed authentication (and was required)
889 ERROR Internal problem
891 FAIL_SEND Failed communications - transmit
896 smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
897 smtp_transport_options_block *ob, BOOL is_esmtp,
898 smtp_inblock *ibp, smtp_outblock *obp)
901 uschar *fail_reason = US"server did not advertise AUTH support";
903 smtp_authenticated = FALSE;
904 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
905 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
906 host->name, host->address, NULL);
908 if (is_esmtp && !regex_AUTH) regex_AUTH =
909 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
912 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
914 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
915 expand_nmax = -1; /* reset */
917 /* Must not do this check until after we have saved the result of the
918 regex match above. */
920 if (require_auth == OK ||
921 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
922 host->address, NULL) == OK)
925 fail_reason = US"no common mechanisms were found";
927 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
929 /* Scan the configured authenticators looking for one which is configured
930 for use as a client, which is not suppressed by client_condition, and
931 whose name matches an authentication mechanism supported by the server.
932 If one is found, attempt to authenticate by calling its client function.
935 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
939 (au->client_condition != NULL &&
940 !expand_check_condition(au->client_condition, au->name,
941 US"client authenticator")))
943 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
945 (au->client)? "client_condition is false" :
946 "not configured as a client");
950 /* Loop to scan supported server mechanisms */
955 int len = Ustrlen(au->public_name);
956 while (isspace(*p)) p++;
958 if (strncmpic(au->public_name, p, len) != 0 ||
959 (p[len] != 0 && !isspace(p[len])))
961 while (*p != 0 && !isspace(*p)) p++;
965 /* Found data for a listed mechanism. Call its client entry. Set
966 a flag in the outblock so that data is overwritten after sending so
967 that reflections don't show it. */
969 fail_reason = US"authentication attempt(s) failed";
970 obp->authenticating = TRUE;
971 rc = (au->info->clientcode)(au, ibp, obp,
972 ob->command_timeout, buffer, bufsize);
973 obp->authenticating = FALSE;
974 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
977 /* A temporary authentication failure must hold up delivery to
978 this host. After a permanent authentication failure, we carry on
979 to try other authentication methods. If all fail hard, try to
980 deliver the message unauthenticated unless require_auth was set. */
985 smtp_authenticated = TRUE; /* stops the outer loop */
986 client_authenticator = au->name;
987 if (au->set_client_id != NULL)
988 client_authenticated_id = expand_string(au->set_client_id);
991 /* Failure after writing a command */
996 /* Failure after reading a response */
999 if (errno != 0 || buffer[0] != '5') return FAIL;
1000 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1001 au->name, host->name, host->address, buffer);
1004 /* Failure by some other means. In effect, the authenticator
1005 decided it wasn't prepared to handle this case. Typically this
1006 is the result of "fail" in an expansion string. Do we need to
1007 log anything here? Feb 2006: a message is now put in the buffer
1008 if logging is required. */
1012 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1013 "authentication H=%s [%s] %s", au->name, host->name,
1014 host->address, buffer);
1017 /* Internal problem, message in buffer. */
1020 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1024 break; /* If not authenticated, try next authenticator */
1025 } /* Loop for scanning supported server mechanisms */
1026 } /* Loop for further authenticators */
1030 /* If we haven't authenticated, but are required to, give up. */
1032 if (require_auth == OK && !smtp_authenticated)
1034 set_errno(addrlist, ERRNO_AUTHFAIL,
1035 string_sprintf("authentication required but %s", fail_reason), DEFER,
1044 /* Construct AUTH appendix string for MAIL TO */
1047 buffer to build string
1048 addrlist chain of potential addresses to deliver
1049 ob transport options
1051 Globals smtp_authenticated
1052 client_authenticated_sender
1053 Return True on error, otherwise buffer has (possibly empty) terminated string
1057 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1058 smtp_transport_options_block *ob)
1060 uschar *local_authenticated_sender = authenticated_sender;
1063 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1066 if (ob->authenticated_sender != NULL)
1068 uschar *new = expand_string(ob->authenticated_sender);
1071 if (!expand_string_forcedfail)
1073 uschar *message = string_sprintf("failed to expand "
1074 "authenticated_sender: %s", expand_string_message);
1075 set_errno(addrlist, 0, message, DEFER, FALSE);
1079 else if (new[0] != 0) local_authenticated_sender = new;
1082 /* Add the authenticated sender address if present */
1084 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1085 local_authenticated_sender != NULL)
1087 string_format(buffer, bufsize, " AUTH=%s",
1088 auth_xtextencode(local_authenticated_sender,
1089 Ustrlen(local_authenticated_sender)));
1090 client_authenticated_sender = string_copy(local_authenticated_sender);
1100 /*************************************************
1101 * Deliver address list to given host *
1102 *************************************************/
1104 /* If continue_hostname is not null, we get here only when continuing to
1105 deliver down an existing channel. The channel was passed as the standard
1106 input. TLS is never active on a passed channel; the previous process always
1107 closes it down before passing the connection on.
1109 Otherwise, we have to make a connection to the remote host, and do the
1110 initial protocol exchange.
1112 When running as an MUA wrapper, if the sender or any recipient is rejected,
1113 temporarily or permanently, we force failure for all recipients.
1116 addrlist chain of potential addresses to deliver; only those whose
1117 transport_return field is set to PENDING_DEFER are currently
1118 being processed; others should be skipped - they have either
1119 been delivered to an earlier host or IP address, or been
1120 failed by one of them.
1121 host host to deliver to
1122 host_af AF_INET or AF_INET6
1123 port default TCP/IP port to use, in host byte order
1124 interface interface to bind to, or NULL
1125 tblock transport instance block
1126 copy_host TRUE if host set in addr->host_used must be copied, because
1127 it is specific to this call of the transport
1128 message_defer set TRUE if yield is OK, but all addresses were deferred
1129 because of a non-recipient, non-host failure, that is, a
1130 4xx response to MAIL FROM, DATA, or ".". This is a defer
1131 that is specific to the message.
1132 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1133 a second attempt after TLS initialization fails
1135 Returns: OK - the connection was made and the delivery attempted;
1136 the result for each address is in its data block.
1137 DEFER - the connection could not be made, or something failed
1138 while setting up the SMTP session, or there was a
1139 non-message-specific error, such as a timeout.
1140 ERROR - a filter command is specified for this transport,
1141 and there was a problem setting it up; OR helo_data
1142 or add_headers or authenticated_sender is specified
1143 for this transport, and the string failed to expand
1147 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1148 uschar *interface, transport_instance *tblock, BOOL copy_host,
1149 BOOL *message_defer, BOOL suppress_tls)
1152 address_item *sync_addr;
1153 address_item *first_addr = addrlist;
1158 time_t start_delivery_time = time(NULL);
1159 smtp_transport_options_block *ob =
1160 (smtp_transport_options_block *)(tblock->options_block);
1161 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1162 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
1164 BOOL send_rset = TRUE;
1165 BOOL send_quit = TRUE;
1166 BOOL setting_up = TRUE;
1167 BOOL completed_address = FALSE;
1170 BOOL pass_message = FALSE;
1171 #ifdef EXPERIMENTAL_PRDR
1172 BOOL prdr_offered = FALSE;
1175 smtp_inblock inblock;
1176 smtp_outblock outblock;
1177 int max_rcpt = tblock->max_addresses;
1178 uschar *igquotstr = US"";
1179 uschar *helo_data = NULL;
1180 uschar *message = NULL;
1181 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1183 uschar buffer[4096];
1184 uschar inbuffer[4096];
1185 uschar outbuffer[1024];
1187 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1189 *message_defer = FALSE;
1190 smtp_command = US"initial connection";
1191 if (max_rcpt == 0) max_rcpt = 999999;
1193 /* Set up the buffer for reading SMTP response packets. */
1195 inblock.buffer = inbuffer;
1196 inblock.buffersize = sizeof(inbuffer);
1197 inblock.ptr = inbuffer;
1198 inblock.ptrend = inbuffer;
1200 /* Set up the buffer for holding SMTP commands while pipelining */
1202 outblock.buffer = outbuffer;
1203 outblock.buffersize = sizeof(outbuffer);
1204 outblock.ptr = outbuffer;
1205 outblock.cmd_count = 0;
1206 outblock.authenticating = FALSE;
1208 /* Reset the parameters of a TLS session. */
1211 tls_in.cipher = NULL; /* for back-compatible behaviour */
1212 tls_in.peerdn = NULL;
1213 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1218 tls_out.cipher = NULL; /* the one we may use for this transport */
1219 tls_out.peerdn = NULL;
1220 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1227 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1232 /* Make a connection to the host if this isn't a continued delivery, and handle
1233 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1234 specially so they can be identified for retries. */
1236 if (continue_hostname == NULL)
1238 inblock.sock = outblock.sock =
1239 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
1240 ob->keepalive, ob->dscp); /* This puts port into host->port */
1242 if (inblock.sock < 0)
1244 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
1245 NULL, DEFER, FALSE);
1249 /* Expand the greeting message while waiting for the initial response. (Makes
1250 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1251 delayed till here so that $sending_interface and $sending_port are set. */
1253 helo_data = expand_string(ob->helo_data);
1255 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1256 is nevertheless a reasonably clean way of programming this kind of logic,
1257 where you want to escape on any error. */
1261 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1262 ob->command_timeout)) goto RESPONSE_FAILED;
1264 /* Now check if the helo_data expansion went well, and sign off cleanly if
1267 if (helo_data == NULL)
1269 uschar *message = string_sprintf("failed to expand helo_data: %s",
1270 expand_string_message);
1271 set_errno(addrlist, 0, message, DEFER, FALSE);
1277 /** Debugging without sending a message
1278 addrlist->transport_return = DEFER;
1282 /* Errors that occur after this point follow an SMTP command, which is
1283 left in big_buffer by smtp_write_command() for use in error messages. */
1285 smtp_command = big_buffer;
1287 /* Tell the remote who we are...
1289 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1290 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1291 greeting is of this form. The assumption was that the far end supports it
1292 properly... but experience shows that there are some that give 5xx responses,
1293 even though the banner includes "ESMTP" (there's a bloody-minded one that
1294 says "ESMTP not spoken here"). Cope with that case.
1296 September 2000: Time has passed, and it seems reasonable now to always send
1297 EHLO at the start. It is also convenient to make the change while installing
1300 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1301 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1302 would be no way to send out the mails, so there is now a host list
1303 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1304 PIPELINING problem as well. Maybe it can also be useful to cure other
1305 problems with broken servers.
1307 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1308 Then somebody tried it with a Microsoft mailer... It seems that all other
1309 mailers use upper case for some reason (the RFC is quite clear about case
1310 independence) so, for peace of mind, I gave in. */
1312 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1313 host->name, host->address, NULL) != OK;
1315 /* Alas; be careful, since this goto is not an error-out, so conceivably
1316 we might set data between here and the target which we assume to exist
1317 and be usable. I can see this coming back to bite us. */
1322 suppress_tls = FALSE;
1323 ob->tls_tempfail_tryclear = FALSE;
1324 smtp_command = US"SSL-on-connect";
1331 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1332 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1334 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1335 ob->command_timeout))
1337 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1344 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1349 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1351 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1352 ob->command_timeout)) goto RESPONSE_FAILED;
1355 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1356 lmtp_ignore_quota option was set. */
1358 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1359 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1360 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1362 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1365 tls_offered = esmtp &&
1366 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1367 PCRE_EOPT, NULL, 0) >= 0;
1370 #ifdef EXPERIMENTAL_PRDR
1371 prdr_offered = esmtp &&
1372 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1373 PCRE_EOPT, NULL, 0) >= 0) &&
1374 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1375 host->address, NULL) == OK);
1378 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1382 /* For continuing deliveries down the same channel, the socket is the standard
1383 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1384 below). Set up the pointer to where subsequent commands will be left, for
1385 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1386 set from the command line if they were set in the process that passed the
1391 inblock.sock = outblock.sock = fileno(stdin);
1392 smtp_command = big_buffer;
1393 host->port = port; /* Record the port that was used */
1396 /* If TLS is available on this connection, whether continued or not, attempt to
1397 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1398 send another EHLO - the server may give a different answer in secure mode. We
1399 use a separate buffer for reading the response to STARTTLS so that if it is
1400 negative, the original EHLO data is available for subsequent analysis, should
1401 the client not be required to use TLS. If the response is bad, copy the buffer
1402 for error analysis. */
1405 if (tls_offered && !suppress_tls &&
1406 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1407 host->address, NULL) != OK)
1409 uschar buffer2[4096];
1410 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1413 /* If there is an I/O error, transmission of this message is deferred. If
1414 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1415 false, we also defer. However, if there is a temporary rejection of STARTTLS
1416 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1417 STARTTLS, we carry on. This means we will try to send the message in clear,
1418 unless the host is in hosts_require_tls (tested below). */
1420 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1421 ob->command_timeout))
1423 if (errno != 0 || buffer2[0] == 0 ||
1424 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1426 Ustrncpy(buffer, buffer2, sizeof(buffer));
1427 goto RESPONSE_FAILED;
1431 /* STARTTLS accepted: try to negotiate a TLS session. */
1436 int rc = tls_client_start(inblock.sock,
1439 ob->tls_certificate,
1442 ob->tls_verify_certificates,
1444 ob->tls_require_ciphers,
1445 #ifdef EXPERIMENTAL_OCSP
1446 ob->hosts_require_ocsp,
1448 ob->tls_dh_min_bits,
1449 ob->command_timeout);
1451 /* TLS negotiation failed; give an error. From outside, this function may
1452 be called again to try in clear on a new connection, if the options permit
1453 it for this host. */
1457 save_errno = ERRNO_TLSFAILURE;
1458 message = US"failure while setting up TLS session";
1463 /* TLS session is set up */
1465 for (addr = addrlist; addr != NULL; addr = addr->next)
1467 if (addr->transport_return == PENDING_DEFER)
1469 addr->cipher = tls_out.cipher;
1470 addr->peerdn = tls_out.peerdn;
1476 /* if smtps, we'll have smtp_command set to something else; always safe to
1478 smtp_command = big_buffer;
1480 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1481 helo_data is null, we are dealing with a connection that was passed from
1482 another process, and so we won't have expanded helo_data above. We have to
1483 expand it here. $sending_ip_address and $sending_port are set up right at the
1484 start of the Exim process (in exim.c). */
1486 if (tls_out.active >= 0)
1489 if (helo_data == NULL)
1491 helo_data = expand_string(ob->helo_data);
1492 if (helo_data == NULL)
1494 uschar *message = string_sprintf("failed to expand helo_data: %s",
1495 expand_string_message);
1496 set_errno(addrlist, 0, message, DEFER, FALSE);
1502 /* For SMTPS we need to wait for the initial OK response. */
1505 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1506 ob->command_timeout)) goto RESPONSE_FAILED;
1510 greeting_cmd = "EHLO";
1513 greeting_cmd = "HELO";
1515 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1518 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1519 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1521 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1522 ob->command_timeout))
1523 goto RESPONSE_FAILED;
1526 /* If the host is required to use a secure channel, ensure that we
1529 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1530 host->address, NULL) == OK)
1532 save_errno = ERRNO_TLSREQUIRED;
1533 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1534 host->name, host->address,
1535 tls_offered? "an attempt to start TLS failed" :
1536 "the server did not offer TLS support");
1541 /* If TLS is active, we have just started it up and re-done the EHLO command,
1542 so its response needs to be analyzed. If TLS is not active and this is a
1543 continued session down a previously-used socket, we haven't just done EHLO, so
1546 if (continue_hostname == NULL
1548 || tls_out.active >= 0
1552 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1553 lmtp_ignore_quota option was set. */
1555 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1556 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1557 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1559 /* If the response to EHLO specified support for the SIZE parameter, note
1560 this, provided size_addition is non-negative. */
1562 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1563 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1564 PCRE_EOPT, NULL, 0) >= 0;
1566 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1567 the current host, esmtp will be false, so PIPELINING can never be used. If
1568 the current host matches hosts_avoid_pipelining, don't do it. */
1570 smtp_use_pipelining = esmtp &&
1571 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1572 host->address, NULL) != OK &&
1573 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1574 PCRE_EOPT, NULL, 0) >= 0;
1576 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1577 smtp_use_pipelining? "" : "not ");
1579 #ifdef EXPERIMENTAL_PRDR
1580 prdr_offered = esmtp &&
1581 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1582 PCRE_EOPT, NULL, 0) >= 0 &&
1583 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1584 host->address, NULL) == OK;
1587 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1590 /* Note if the response to EHLO specifies support for the AUTH extension.
1591 If it has, check that this host is one we want to authenticate to, and do
1592 the business. The host name and address must be available when the
1593 authenticator's client driver is running. */
1595 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1596 ob, esmtp, &inblock, &outblock))
1598 default: goto SEND_QUIT;
1600 case FAIL_SEND: goto SEND_FAILED;
1601 case FAIL: goto RESPONSE_FAILED;
1605 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1606 message-specific. */
1610 /* If there is a filter command specified for this transport, we can now
1611 set it up. This cannot be done until the identify of the host is known. */
1613 if (tblock->filter_command != NULL)
1617 sprintf(CS buffer, "%.50s transport", tblock->name);
1618 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1619 TRUE, DEFER, addrlist, buffer, NULL);
1620 transport_filter_timeout = tblock->filter_timeout;
1622 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1627 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1635 /* For messages that have more than the maximum number of envelope recipients,
1636 we want to send several transactions down the same SMTP connection. (See
1637 comments in deliver.c as to how this reconciles, heuristically, with
1638 remote_max_parallel.) This optimization was added to Exim after the following
1639 code was already working. The simplest way to put it in without disturbing the
1640 code was to use a goto to jump back to this point when there is another
1641 transaction to handle. */
1644 sync_addr = first_addr;
1648 completed_address = FALSE;
1651 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1652 qualification, send it, adding something to the message size to allow for
1653 imprecision and things that get added en route. Exim keeps the number of lines
1654 in a message, so we can give an accurate value for the original message, but we
1655 need some additional to handle added headers. (Double "." characters don't get
1656 included in the count.) */
1663 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1667 #ifdef EXPERIMENTAL_PRDR
1668 prdr_active = FALSE;
1671 for (addr = first_addr; addr; addr = addr->next)
1672 if (addr->transport_return == PENDING_DEFER)
1674 for (addr = addr->next; addr; addr = addr->next)
1675 if (addr->transport_return == PENDING_DEFER)
1676 { /* at least two recipients to send */
1678 sprintf(CS p, " PRDR"); p += 5;
1679 goto prdr_is_active;
1687 /* If an authenticated_sender override has been specified for this transport
1688 instance, expand it. If the expansion is forced to fail, and there was already
1689 an authenticated_sender for this message, the original value will be used.
1690 Other expansion failures are serious. An empty result is ignored, but there is
1691 otherwise no check - this feature is expected to be used with LMTP and other
1692 cases where non-standard addresses (e.g. without domains) might be required. */
1694 if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1697 /* From here until we send the DATA command, we can make use of PIPELINING
1698 if the server host supports it. The code has to be able to check the responses
1699 at any point, for when the buffer fills up, so we write it totally generally.
1700 When PIPELINING is off, each command written reports that it has flushed the
1703 pending_MAIL = TRUE; /* The block starts with MAIL */
1705 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1706 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1707 mail_command = string_copy(big_buffer); /* Save for later error message */
1711 case -1: /* Transmission error */
1714 case +1: /* Block was sent */
1715 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1716 ob->command_timeout))
1718 if (errno == 0 && buffer[0] == '4')
1720 errno = ERRNO_MAIL4XX;
1721 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1723 goto RESPONSE_FAILED;
1725 pending_MAIL = FALSE;
1729 /* Pass over all the relevant recipient addresses for this host, which are the
1730 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1731 several before we have to read the responses for those seen so far. This
1732 checking is done by a subroutine because it also needs to be done at the end.
1733 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1734 the next one if not all are sent.
1736 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1737 last address because we want to abort if any recipients have any kind of
1738 problem, temporary or permanent. We know that all recipient addresses will have
1739 the PENDING_DEFER status, because only one attempt is ever made, and we know
1740 that max_rcpt will be large, so all addresses will be done at once. */
1742 for (addr = first_addr;
1743 address_count < max_rcpt && addr != NULL;
1749 if (addr->transport_return != PENDING_DEFER) continue;
1752 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1754 /* Now send the RCPT command, and process outstanding responses when
1755 necessary. After a timeout on RCPT, we just end the function, leaving the
1756 yield as OK, because this error can often mean that there is a problem with
1757 just one address, so we don't want to delay the host. */
1759 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1760 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1761 if (count < 0) goto SEND_FAILED;
1764 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1765 &sync_addr, host, count, ob->address_retry_include_sender,
1766 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1769 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1770 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1773 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1774 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1775 case 0: /* No 2xx or 5xx, but no probs */
1778 case -1: goto END_OFF; /* Timeout on RCPT */
1779 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1781 pending_MAIL = FALSE; /* Dealt with MAIL */
1783 } /* Loop for next address */
1785 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1786 permanently or temporarily. We should have flushed and synced after the last
1791 address_item *badaddr;
1792 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1794 if (badaddr->transport_return != PENDING_OK) break;
1796 if (badaddr != NULL)
1798 set_errno(addrlist, 0, badaddr->message, FAIL,
1799 testflag(badaddr, af_pass_message));
1804 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1805 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1806 have a good recipient buffered up if we are pipelining. We don't want to waste
1807 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1808 are pipelining. The responses are all handled by sync_responses(). */
1810 if (ok || (smtp_use_pipelining && !mua_wrapper))
1812 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1813 if (count < 0) goto SEND_FAILED;
1814 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1815 host, count, ob->address_retry_include_sender, pending_MAIL,
1816 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1818 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1819 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1822 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1823 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1824 case 0: break; /* No 2xx or 5xx, but no probs */
1826 case -1: goto END_OFF; /* Timeout on RCPT */
1827 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1831 /* Save the first address of the next batch. */
1835 /* If there were no good recipients (but otherwise there have been no
1836 problems), just set ok TRUE, since we have handled address-specific errors
1837 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1838 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1839 well as body. Set the appropriate timeout value to be used for each chunk.
1840 (Haven't been able to make it work using select() for writing yet.) */
1842 if (!ok) ok = TRUE; else
1844 sigalrm_seen = FALSE;
1845 transport_write_timeout = ob->data_timeout;
1846 smtp_command = US"sending data block"; /* For error messages */
1847 DEBUG(D_transport|D_v)
1848 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1849 transport_count = 0;
1850 #ifndef DISABLE_DKIM
1851 ok = dkim_transport_write_message(addrlist, inblock.sock,
1852 topt_use_crlf | topt_end_dot | topt_escape_headers |
1853 (tblock->body_only? topt_no_headers : 0) |
1854 (tblock->headers_only? topt_no_body : 0) |
1855 (tblock->return_path_add? topt_add_return_path : 0) |
1856 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1857 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1858 0, /* No size limit */
1859 tblock->add_headers, tblock->remove_headers,
1860 US".", US"..", /* Escaping strings */
1861 tblock->rewrite_rules, tblock->rewrite_existflags,
1862 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1863 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1866 ok = transport_write_message(addrlist, inblock.sock,
1867 topt_use_crlf | topt_end_dot | topt_escape_headers |
1868 (tblock->body_only? topt_no_headers : 0) |
1869 (tblock->headers_only? topt_no_body : 0) |
1870 (tblock->return_path_add? topt_add_return_path : 0) |
1871 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1872 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1873 0, /* No size limit */
1874 tblock->add_headers, tblock->remove_headers,
1875 US".", US"..", /* Escaping strings */
1876 tblock->rewrite_rules, tblock->rewrite_existflags);
1879 /* transport_write_message() uses write() because it is called from other
1880 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1881 it can exit with "Broken pipe" as its error. This really means that the
1882 socket got closed at the far end. */
1884 transport_write_timeout = 0; /* for subsequent transports */
1886 /* Failure can either be some kind of I/O disaster (including timeout),
1887 or the failure of a transport filter or the expansion of added headers. */
1891 buffer[0] = 0; /* There hasn't been a response */
1892 goto RESPONSE_FAILED;
1895 /* We used to send the terminating "." explicitly here, but because of
1896 buffering effects at both ends of TCP/IP connections, you don't gain
1897 anything by keeping it separate, so it might as well go in the final
1898 data buffer for efficiency. This is now done by setting the topt_end_dot
1901 smtp_command = US"end of data";
1903 #ifdef EXPERIMENTAL_PRDR
1904 /* For PRDR we optionally get a partial-responses warning
1905 * followed by the individual responses, before going on with
1906 * the overall response. If we don't get the warning then deal
1907 * with per non-PRDR. */
1910 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
1912 if (!ok && errno == 0)
1915 case '2': prdr_active = FALSE;
1918 case '4': errno = ERRNO_DATA4XX;
1919 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1926 /* For non-PRDR SMTP, we now read a single response that applies to the
1927 whole message. If it is OK, then all the addresses have been delivered. */
1931 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1933 if (!ok && errno == 0 && buffer[0] == '4')
1935 errno = ERRNO_DATA4XX;
1936 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1940 /* For LMTP, we get back a response for every RCPT command that we sent;
1941 some may be accepted and some rejected. For those that get a response, their
1942 status is fixed; any that are accepted have been handed over, even if later
1943 responses crash - at least, that's how I read RFC 2033.
1945 If all went well, mark the recipient addresses as completed, record which
1946 host/IPaddress they were delivered to, and cut out RSET when sending another
1947 message down the same channel. Write the completed addresses to the journal
1948 now so that they are recorded in case there is a crash of hardware or
1949 software before the spool gets updated. Also record the final SMTP
1950 confirmation if needed (for SMTP only). */
1955 int delivery_time = (int)(time(NULL) - start_delivery_time);
1958 uschar *conf = NULL;
1961 /* Make a copy of the host if it is local to this invocation
1962 of the transport. */
1966 thost = store_get(sizeof(host_item));
1968 thost->name = string_copy(host->name);
1969 thost->address = string_copy(host->address);
1973 /* Set up confirmation if needed - applies only to SMTP */
1976 #ifndef EXPERIMENTAL_TPDA
1977 (log_extra_selector & LX_smtp_confirmation) != 0 &&
1982 uschar *s = string_printing(buffer);
1983 conf = (s == buffer)? (uschar *)string_copy(s) : s;
1986 /* Process all transported addresses - for LMTP or PRDR, read a status for
1989 for (addr = addrlist; addr != first_addr; addr = addr->next)
1991 if (addr->transport_return != PENDING_OK) continue;
1993 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
1994 remaining addresses. Otherwise, it's a return code for just the one
1995 address. For temporary errors, add a retry item for the address so that
1996 it doesn't get tried again too soon. */
1998 #ifdef EXPERIMENTAL_PRDR
1999 if (lmtp || prdr_active)
2004 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2007 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
2008 addr->message = string_sprintf(
2009 #ifdef EXPERIMENTAL_PRDR
2010 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2012 "LMTP error after %s: %s",
2014 big_buffer, string_printing(buffer));
2015 setflag(addr, af_pass_message); /* Allow message to go to user */
2016 if (buffer[0] == '5')
2017 addr->transport_return = FAIL;
2020 errno = ERRNO_DATA4XX;
2021 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2022 addr->transport_return = DEFER;
2023 #ifdef EXPERIMENTAL_PRDR
2026 retry_add_item(addr, addr->address_retry_key, 0);
2030 completed_address = TRUE; /* NOW we can set this flag */
2031 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2033 uschar *s = string_printing(buffer);
2034 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2038 /* SMTP, or success return from LMTP for this address. Pass back the
2039 actual host that was used. */
2041 addr->transport_return = OK;
2042 addr->more_errno = delivery_time;
2043 addr->host_used = thost;
2044 addr->special_action = flag;
2045 addr->message = conf;
2046 #ifdef EXPERIMENTAL_PRDR
2047 if (prdr_active) addr->flags |= af_prdr_used;
2051 #ifdef EXPERIMENTAL_PRDR
2055 /* Update the journal. For homonymic addresses, use the base address plus
2056 the transport name. See lots of comments in deliver.c about the reasons
2057 for the complications when homonyms are involved. Just carry on after
2058 write error, as it may prove possible to update the spool file later. */
2060 if (testflag(addr, af_homonym))
2061 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2063 sprintf(CS buffer, "%.500s\n", addr->unique);
2065 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2066 len = Ustrlen(CS buffer);
2067 if (write(journal_fd, buffer, len) != len)
2068 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2069 "%s: %s", buffer, strerror(errno));
2073 #ifdef EXPERIMENTAL_PRDR
2076 /* PRDR - get the final, overall response. For any non-success
2077 upgrade all the address statuses. */
2078 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2082 if(errno == 0 && buffer[0] == '4')
2084 errno = ERRNO_DATA4XX;
2085 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2087 for (addr = addrlist; addr != first_addr; addr = addr->next)
2088 if (buffer[0] == '5' || addr->transport_return == OK)
2089 addr->transport_return = PENDING_OK; /* allow set_errno action */
2090 goto RESPONSE_FAILED;
2093 /* Update the journal, or setup retry. */
2094 for (addr = addrlist; addr != first_addr; addr = addr->next)
2095 if (addr->transport_return == OK)
2097 if (testflag(addr, af_homonym))
2098 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2100 sprintf(CS buffer, "%.500s\n", addr->unique);
2102 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2103 len = Ustrlen(CS buffer);
2104 if (write(journal_fd, buffer, len) != len)
2105 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2106 "%s: %s", buffer, strerror(errno));
2108 else if (addr->transport_return == DEFER)
2109 retry_add_item(addr, addr->address_retry_key, -2);
2113 /* Ensure the journal file is pushed out to disk. */
2115 if (EXIMfsync(journal_fd) < 0)
2116 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2122 /* Handle general (not specific to one address) failures here. The value of ok
2123 is used to skip over this code on the falling through case. A timeout causes a
2124 deferral. Other errors may defer or fail according to the response code, and
2125 may set up a special errno value, e.g. after connection chopped, which is
2126 assumed if errno == 0 and there is no text in the buffer. If control reaches
2127 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2128 the problem is not related to this specific message. */
2137 send_quit = check_response(host, &save_errno, addrlist->more_errno,
2138 buffer, &code, &message, &pass_message);
2144 message = US string_sprintf("send() to %s [%s] failed: %s",
2145 host->name, host->address, strerror(save_errno));
2149 /* This label is jumped to directly when a TLS negotiation has failed,
2150 or was not done for a host for which it is required. Values will be set
2151 in message and save_errno, and setting_up will always be true. Treat as
2152 a temporary error. */
2159 /* If the failure happened while setting up the call, see if the failure was
2160 a 5xx response (this will either be on connection, or following HELO - a 5xx
2161 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2162 never going to accept them. For other errors during setting up (timeouts or
2163 whatever), defer all addresses, and yield DEFER, so that the host is not
2164 tried again for a while. */
2167 ok = FALSE; /* For when reached by GOTO */
2173 set_errno(addrlist, save_errno, message, FAIL, pass_message);
2177 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2182 /* We want to handle timeouts after MAIL or "." and loss of connection after
2183 "." specially. They can indicate a problem with the sender address or with
2184 the contents of the message rather than a real error on the connection. These
2185 cases are treated in the same way as a 4xx response. This next bit of code
2186 does the classification. */
2197 message_error = TRUE;
2201 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2202 Ustrncmp(smtp_command,"end ",4) == 0;
2205 case ERRNO_SMTPCLOSED:
2206 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2210 message_error = FALSE;
2214 /* Handle the cases that are treated as message errors. These are:
2216 (a) negative response or timeout after MAIL
2217 (b) negative response after DATA
2218 (c) negative response or timeout or dropped connection after "."
2220 It won't be a negative response or timeout after RCPT, as that is dealt
2221 with separately above. The action in all cases is to set an appropriate
2222 error code for all the addresses, but to leave yield set to OK because the
2223 host itself has not failed. Of course, it might in practice have failed
2224 when we've had a timeout, but if so, we'll discover that at the next
2225 delivery attempt. For a temporary error, set the message_defer flag, and
2226 write to the logs for information if this is not the last host. The error
2227 for the last host will be logged as part of the address's log line. */
2231 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2232 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2235 /* If there's an errno, the message contains just the identity of
2238 if (code != '5') /* Anything other than 5 is treated as temporary */
2241 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2242 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2243 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2244 *message_defer = TRUE;
2248 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2249 ".", or some other transportation error. We defer all addresses and yield
2250 DEFER, except for the case of failed add_headers expansion, or a transport
2251 filter failure, when the yield should be ERROR, to stop it trying other
2256 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2257 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2258 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2264 /* If all has gone well, send_quit will be set TRUE, implying we can end the
2265 SMTP session tidily. However, if there were too many addresses to send in one
2266 message (indicated by first_addr being non-NULL) we want to carry on with the
2267 rest of them. Also, it is desirable to send more than one message down the SMTP
2268 connection if there are several waiting, provided we haven't already sent so
2269 many as to hit the configured limit. The function transport_check_waiting looks
2270 for a waiting message and returns its id. Then transport_pass_socket tries to
2271 set up a continued delivery by passing the socket on to another process. The
2272 variable send_rset is FALSE if a message has just been successfully transfered.
2274 If we are already sending down a continued channel, there may be further
2275 addresses not yet delivered that are aimed at the same host, but which have not
2276 been passed in this run of the transport. In this case, continue_more will be
2277 true, and all we should do is send RSET if necessary, and return, leaving the
2280 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2281 do not want to continue with other messages down the same channel, because that
2282 can lead to looping between two or more messages, all with the same,
2283 temporarily failing address(es). [The retry information isn't updated yet, so
2284 new processes keep on trying.] We probably also don't want to try more of this
2285 message's addresses either.
2287 If we have started a TLS session, we have to end it before passing the
2288 connection to a new process. However, not all servers can handle this (Exim
2289 can), so we do not pass such a connection on if the host matches
2290 hosts_nopass_tls. */
2293 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2294 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2295 continue_more, yield, (first_addr == NULL)? "":"not ");
2297 if (completed_address && ok && send_quit)
2300 if (first_addr != NULL || continue_more ||
2302 (tls_out.active < 0 ||
2303 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2304 host->address, NULL) != OK)
2306 transport_check_waiting(tblock->name, host->name,
2307 tblock->connection_max_messages, new_message_id, &more)
2315 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2317 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2318 host->address, strerror(save_errno));
2321 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2322 ob->command_timeout)))
2325 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2329 DEBUG(D_transport) debug_printf("%s\n", msg);
2334 /* Either RSET was not needed, or it succeeded */
2338 if (first_addr != NULL) /* More addresses still to be sent */
2339 { /* in this run of the transport */
2340 continue_sequence++; /* Causes * in logging */
2343 if (continue_more) return yield; /* More addresses for another run */
2345 /* Pass the socket to a new Exim process. Before doing so, we must shut
2346 down TLS. Not all MTAs allow for the continuation of the SMTP session
2347 when TLS is shut down. We test for this by sending a new EHLO. If we
2348 don't get a good response, we don't attempt to pass the socket on. */
2351 if (tls_out.active >= 0)
2353 tls_close(FALSE, TRUE);
2357 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2358 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2359 ob->command_timeout);
2363 /* If the socket is successfully passed, we musn't send QUIT (or
2364 indeed anything!) from here. */
2366 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2367 new_message_id, inblock.sock))
2373 /* If RSET failed and there are addresses left, they get deferred. */
2375 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2379 /* End off tidily with QUIT unless the connection has died or the socket has
2380 been passed to another process. There has been discussion on the net about what
2381 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2382 to wait for a response, but on the other hand, there isn't anything one can do
2383 with an error response, other than log it. Exim used to do that. However,
2384 further discussion suggested that it is positively advantageous not to wait for
2385 the response, but to close the session immediately. This is supposed to move
2386 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2387 load from the server. (Hosts that are both servers and clients may not see much
2388 difference, of course.) Further discussion indicated that this was safe to do
2389 on Unix systems which have decent implementations of TCP/IP that leave the
2390 connection around for a while (TIME_WAIT) after the application has gone away.
2391 This enables the response sent by the server to be properly ACKed rather than
2392 timed out, as can happen on broken TCP/IP implementations on other OS.
2394 This change is being made on 31-Jul-98. After over a year of trouble-free
2395 operation, the old commented-out code was removed on 17-Sep-99. */
2398 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2403 tls_close(FALSE, TRUE);
2406 /* Close the socket, and return the appropriate value, first setting
2407 continue_transport and continue_hostname NULL to prevent any other addresses
2408 that may include the host from trying to re-use a continuation socket. This
2409 works because the NULL setting is passed back to the calling process, and
2410 remote_max_parallel is forced to 1 when delivering over an existing connection,
2412 If all went well and continue_more is set, we shouldn't actually get here if
2413 there are further addresses, as the return above will be taken. However,
2414 writing RSET might have failed, or there may be other addresses whose hosts are
2415 specified in the transports, and therefore not visible at top level, in which
2416 case continue_more won't get set. */
2418 (void)close(inblock.sock);
2419 continue_transport = NULL;
2420 continue_hostname = NULL;
2427 /*************************************************
2428 * Closedown entry point *
2429 *************************************************/
2431 /* This function is called when exim is passed an open smtp channel
2432 from another incarnation, but the message which it has been asked
2433 to deliver no longer exists. The channel is on stdin.
2435 We might do fancy things like looking for another message to send down
2436 the channel, but if the one we sought has gone, it has probably been
2437 delivered by some other process that itself will seek further messages,
2438 so just close down our connection.
2440 Argument: pointer to the transport instance block
2445 smtp_transport_closedown(transport_instance *tblock)
2447 smtp_transport_options_block *ob =
2448 (smtp_transport_options_block *)(tblock->options_block);
2449 smtp_inblock inblock;
2450 smtp_outblock outblock;
2452 uschar inbuffer[4096];
2453 uschar outbuffer[16];
2455 inblock.sock = fileno(stdin);
2456 inblock.buffer = inbuffer;
2457 inblock.buffersize = sizeof(inbuffer);
2458 inblock.ptr = inbuffer;
2459 inblock.ptrend = inbuffer;
2461 outblock.sock = inblock.sock;
2462 outblock.buffersize = sizeof(outbuffer);
2463 outblock.buffer = outbuffer;
2464 outblock.ptr = outbuffer;
2465 outblock.cmd_count = 0;
2466 outblock.authenticating = FALSE;
2468 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2469 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2470 ob->command_timeout);
2471 (void)close(inblock.sock);
2476 /*************************************************
2477 * Prepare addresses for delivery *
2478 *************************************************/
2480 /* This function is called to flush out error settings from previous delivery
2481 attempts to other hosts. It also records whether we got here via an MX record
2482 or not in the more_errno field of the address. We are interested only in
2483 addresses that are still marked DEFER - others may have got delivered to a
2484 previously considered IP address. Set their status to PENDING_DEFER to indicate
2485 which ones are relevant this time.
2488 addrlist the list of addresses
2489 host the host we are delivering to
2491 Returns: the first address for this delivery
2494 static address_item *
2495 prepare_addresses(address_item *addrlist, host_item *host)
2497 address_item *first_addr = NULL;
2499 for (addr = addrlist; addr != NULL; addr = addr->next)
2501 if (addr->transport_return != DEFER) continue;
2502 if (first_addr == NULL) first_addr = addr;
2503 addr->transport_return = PENDING_DEFER;
2504 addr->basic_errno = 0;
2505 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2506 addr->message = NULL;
2508 addr->cipher = NULL;
2509 addr->peerdn = NULL;
2517 /*************************************************
2518 * Main entry point *
2519 *************************************************/
2521 /* See local README for interface details. As this is a remote transport, it is
2522 given a chain of addresses to be delivered in one connection, if possible. It
2523 always returns TRUE, indicating that each address has its own independent
2524 status set, except if there is a setting up problem, in which case it returns
2528 smtp_transport_entry(
2529 transport_instance *tblock, /* data for this instantiation */
2530 address_item *addrlist) /* addresses we are working on */
2534 int hosts_defer = 0;
2536 int hosts_looked_up = 0;
2537 int hosts_retry = 0;
2538 int hosts_serial = 0;
2539 int hosts_total = 0;
2540 int total_hosts_tried = 0;
2542 BOOL expired = TRUE;
2543 BOOL continuing = continue_hostname != NULL;
2544 uschar *expanded_hosts = NULL;
2546 uschar *tid = string_sprintf("%s transport", tblock->name);
2547 smtp_transport_options_block *ob =
2548 (smtp_transport_options_block *)(tblock->options_block);
2549 host_item *hostlist = addrlist->host_list;
2550 host_item *host = NULL;
2554 debug_printf("%s transport entered\n", tblock->name);
2555 for (addr = addrlist; addr != NULL; addr = addr->next)
2556 debug_printf(" %s\n", addr->address);
2557 if (continuing) debug_printf("already connected to %s [%s]\n",
2558 continue_hostname, continue_host_address);
2561 /* Set the flag requesting that these hosts be added to the waiting
2562 database if the delivery fails temporarily or if we are running with
2563 queue_smtp or a 2-stage queue run. This gets unset for certain
2564 kinds of error, typically those that are specific to the message. */
2566 update_waiting = TRUE;
2568 /* If a host list is not defined for the addresses - they must all have the
2569 same one in order to be passed to a single transport - or if the transport has
2570 a host list with hosts_override set, use the host list supplied with the
2571 transport. It is an error for this not to exist. */
2573 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2575 if (ob->hosts == NULL)
2577 addrlist->message = string_sprintf("%s transport called with no hosts set",
2579 addrlist->transport_return = PANIC;
2580 return FALSE; /* Only top address has status */
2583 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2586 /* If the transport's host list contains no '$' characters, and we are not
2587 randomizing, it is fixed and therefore a chain of hosts can be built once
2588 and for all, and remembered for subsequent use by other calls to this
2589 transport. If, on the other hand, the host list does contain '$', or we are
2590 randomizing its order, we have to rebuild it each time. In the fixed case,
2591 as the hosts string will never be used again, it doesn't matter that we
2592 replace all the : characters with zeros. */
2594 if (ob->hostlist == NULL)
2596 uschar *s = ob->hosts;
2598 if (Ustrchr(s, '$') != NULL)
2600 expanded_hosts = expand_string(s);
2601 if (expanded_hosts == NULL)
2603 addrlist->message = string_sprintf("failed to expand list of hosts "
2604 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2605 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2606 return FALSE; /* Only top address has status */
2608 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2609 "\"%s\"\n", s, expanded_hosts);
2613 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2615 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2617 /* Check that the expansion yielded something useful. */
2618 if (hostlist == NULL)
2621 string_sprintf("%s transport has empty hosts setting", tblock->name);
2622 addrlist->transport_return = PANIC;
2623 return FALSE; /* Only top address has status */
2626 /* If there was no expansion of hosts, save the host list for
2629 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2632 /* This is not the first time this transport has been run in this delivery;
2633 the host list was built previously. */
2635 else hostlist = ob->hostlist;
2638 /* The host list was supplied with the address. If hosts_randomize is set, we
2639 must sort it into a random order if it did not come from MX records and has not
2640 already been randomized (but don't bother if continuing down an existing
2643 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2645 host_item *newlist = NULL;
2646 while (hostlist != NULL)
2648 host_item *h = hostlist;
2649 hostlist = hostlist->next;
2651 h->sort_key = random_number(100);
2653 if (newlist == NULL)
2658 else if (h->sort_key < newlist->sort_key)
2665 host_item *hh = newlist;
2666 while (hh->next != NULL)
2668 if (h->sort_key < hh->next->sort_key) break;
2676 hostlist = addrlist->host_list = newlist;
2680 /* Sort out the default port. */
2682 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2685 /* For each host-plus-IP-address on the list:
2687 . If this is a continued delivery and the host isn't the one with the
2688 current connection, skip.
2690 . If the status is unusable (i.e. previously failed or retry checked), skip.
2692 . If no IP address set, get the address, either by turning the name into
2693 an address, calling gethostbyname if gethostbyname is on, or by calling
2694 the DNS. The DNS may yield multiple addresses, in which case insert the
2695 extra ones into the list.
2697 . Get the retry data if not previously obtained for this address and set the
2698 field which remembers the state of this address. Skip if the retry time is
2699 not reached. If not, remember whether retry data was found. The retry string
2700 contains both the name and the IP address.
2702 . Scan the list of addresses and mark those whose status is DEFER as
2703 PENDING_DEFER. These are the only ones that will be processed in this cycle
2706 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2707 Some addresses may be successfully delivered, others may fail, and yet
2708 others may get temporary errors and so get marked DEFER.
2710 . The return from the delivery attempt is OK if a connection was made and a
2711 valid SMTP dialogue was completed. Otherwise it is DEFER.
2713 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2715 . If fail to connect, or other defer state, add a retry item.
2717 . If there are any addresses whose status is still DEFER, carry on to the
2718 next host/IPaddress, unless we have tried the number of hosts given
2719 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2720 there is some fancy logic for hosts_max_try that means its limit can be
2721 overstepped in some circumstances.
2723 If we get to the end of the list, all hosts have deferred at least one address,
2724 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2725 delivery attempt to those hosts whose last try was before the arrival time of
2726 the current message. To cope with this, we have to go round the loop a second
2727 time. After that, set the status and error data for any addresses that haven't
2728 had it set already. */
2730 for (cutoff_retry = 0; expired &&
2731 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2734 host_item *nexthost = NULL;
2735 int unexpired_hosts_tried = 0;
2737 for (host = hostlist;
2739 unexpired_hosts_tried < ob->hosts_max_try &&
2740 total_hosts_tried < ob->hosts_max_try_hardlimit;
2746 BOOL serialized = FALSE;
2747 BOOL host_is_expired = FALSE;
2748 BOOL message_defer = FALSE;
2749 BOOL ifchanges = FALSE;
2750 BOOL some_deferred = FALSE;
2751 address_item *first_addr = NULL;
2752 uschar *interface = NULL;
2753 uschar *retry_host_key = NULL;
2754 uschar *retry_message_key = NULL;
2755 uschar *serialize_key = NULL;
2757 /* Default next host is next host. :-) But this can vary if the
2758 hosts_max_try limit is hit (see below). It may also be reset if a host
2759 address is looked up here (in case the host was multihomed). */
2761 nexthost = host->next;
2763 /* If the address hasn't yet been obtained from the host name, look it up
2764 now, unless the host is already marked as unusable. If it is marked as
2765 unusable, it means that the router was unable to find its IP address (in
2766 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2767 the lookup failed last time. We don't get this far if *all* MX records
2768 point to non-existent hosts; that is treated as a hard error.
2770 We can just skip this host entirely. When the hosts came from the router,
2771 the address will timeout based on the other host(s); when the address is
2772 looked up below, there is an explicit retry record added.
2774 Note that we mustn't skip unusable hosts if the address is not unset; they
2775 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2777 if (host->address == NULL)
2779 int new_port, flags;
2781 uschar *canonical_name;
2783 if (host->status >= hstatus_unusable)
2785 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2790 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2792 /* The host name is permitted to have an attached port. Find it, and
2793 strip it from the name. Just remember it for now. */
2795 new_port = host_item_get_port(host);
2797 /* Count hosts looked up */
2801 /* Find by name if so configured, or if it's an IP address. We don't
2802 just copy the IP address, because we need the test-for-local to happen. */
2804 flags = HOST_FIND_BY_A;
2805 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2806 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2808 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2809 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2811 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2812 &canonical_name, NULL);
2814 /* Update the host (and any additional blocks, resulting from
2815 multihoming) with a host-specific port, if any. */
2817 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2819 /* Failure to find the host at this time (usually DNS temporary failure)
2820 is really a kind of routing failure rather than a transport failure.
2821 Therefore we add a retry item of the routing kind, not to stop us trying
2822 to look this name up here again, but to ensure the address gets timed
2823 out if the failures go on long enough. A complete failure at this point
2824 commonly points to a configuration error, but the best action is still
2825 to carry on for the next host. */
2827 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2829 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2831 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2832 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2833 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2834 host->status = hstatus_unusable;
2836 for (addr = addrlist; addr != NULL; addr = addr->next)
2838 if (addr->transport_return != DEFER) continue;
2839 addr->basic_errno = ERRNO_UNKNOWNHOST;
2841 string_sprintf("failed to lookup IP address for %s", host->name);
2846 /* If the host is actually the local host, we may have a problem, or
2847 there may be some cunning configuration going on. In the problem case,
2848 log things and give up. The default transport status is already DEFER. */
2850 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2852 for (addr = addrlist; addr != NULL; addr = addr->next)
2854 addr->basic_errno = 0;
2855 addr->message = string_sprintf("%s transport found host %s to be "
2856 "local", tblock->name, host->name);
2860 } /* End of block for IP address lookup */
2862 /* If this is a continued delivery, we are interested only in the host
2863 which matches the name of the existing open channel. The check is put
2864 here after the local host lookup, in case the name gets expanded as a
2865 result of the lookup. Set expired FALSE, to save the outer loop executing
2868 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2869 Ustrcmp(continue_host_address, host->address) != 0))
2872 continue; /* With next host */
2875 /* Reset the default next host in case a multihomed host whose addresses
2876 are not looked up till just above added to the host list. */
2878 nexthost = host->next;
2880 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2881 domain is in queue_smtp_domains, we don't actually want to attempt any
2882 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
2883 there is a lookup defer in queue_smtp_domains, proceed as if the domain
2884 were not in it. We don't want to hold up all SMTP deliveries! Except when
2885 doing a two-stage queue run, don't do this if forcing. */
2887 if ((!deliver_force || queue_2stage) && (queue_smtp ||
2888 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
2889 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
2892 for (addr = addrlist; addr != NULL; addr = addr->next)
2894 if (addr->transport_return != DEFER) continue;
2895 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
2897 continue; /* With next host */
2900 /* Count hosts being considered - purely for an intelligent comment
2901 if none are usable. */
2905 /* Set $host and $host address now in case they are needed for the
2906 interface expansion or the serialize_hosts check; they remain set if an
2907 actual delivery happens. */
2909 deliver_host = host->name;
2910 deliver_host_address = host->address;
2912 /* Set up a string for adding to the retry key if the port number is not
2913 the standard SMTP port. A host may have its own port setting that overrides
2916 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
2918 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
2920 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
2921 string changes upon expansion, we must add it to the key that is used for
2922 retries, because connections to the same host from a different interface
2923 should be treated separately. */
2925 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
2926 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
2929 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
2931 /* The first time round the outer loop, check the status of the host by
2932 inspecting the retry data. The second time round, we are interested only
2933 in expired hosts that haven't been tried since this message arrived. */
2935 if (cutoff_retry == 0)
2937 /* Ensure the status of the address is set by checking retry data if
2938 necessary. There maybe host-specific retry data (applicable to all
2939 messages) and also data for retries of a specific message at this host.
2940 If either of these retry records are actually read, the keys used are
2941 returned to save recomputing them later. */
2943 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
2944 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
2946 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
2947 (host->address == NULL)? US"" : host->address, pistring,
2948 (host->status == hstatus_usable)? "usable" :
2949 (host->status == hstatus_unusable)? "unusable" :
2950 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
2952 /* Skip this address if not usable at this time, noting if it wasn't
2953 actually expired, both locally and in the address. */
2955 switch (host->status)
2957 case hstatus_unusable:
2959 setflag(addrlist, af_retry_skipped);
2962 case hstatus_unusable_expired:
2965 case hwhy_retry: hosts_retry++; break;
2966 case hwhy_failed: hosts_fail++; break;
2967 case hwhy_deferred: hosts_defer++; break;
2970 /* If there was a retry message key, implying that previously there
2971 was a message-specific defer, we don't want to update the list of
2972 messages waiting for these hosts. */
2974 if (retry_message_key != NULL) update_waiting = FALSE;
2975 continue; /* With the next host or IP address */
2979 /* Second time round the loop: if the address is set but expired, and
2980 the message is newer than the last try, let it through. */
2984 if (host->address == NULL ||
2985 host->status != hstatus_unusable_expired ||
2986 host->last_try > received_time)
2989 debug_printf("trying expired host %s [%s]%s\n",
2990 host->name, host->address, pistring);
2991 host_is_expired = TRUE;
2994 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
2995 it remains TRUE only if all hosts are expired and none are actually tried.
3000 /* If this host is listed as one to which access must be serialized,
3001 see if another Exim process has a connection to it, and if so, skip
3002 this host. If not, update the database to record our connection to it
3003 and remember this for later deletion. Do not do any of this if we are
3004 sending the message down a pre-existing connection. */
3007 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3008 host->address, NULL) == OK)
3010 serialize_key = string_sprintf("host-serialize-%s", host->name);
3011 if (!enq_start(serialize_key))
3014 debug_printf("skipping host %s because another Exim process "
3015 "is connected to it\n", host->name);
3022 /* OK, we have an IP address that is not waiting for its retry time to
3023 arrive (it might be expired) OR (second time round the loop) we have an
3024 expired host that hasn't been tried since the message arrived. Have a go
3025 at delivering the message to it. First prepare the addresses by flushing
3026 out the result of previous attempts, and finding the first address that
3027 is still to be delivered. */
3029 first_addr = prepare_addresses(addrlist, host);
3031 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3032 message_id, host->name, host->address, addrlist->address,
3033 (addrlist->next == NULL)? "" : ", ...");
3035 set_process_info("delivering %s to %s [%s] (%s%s)",
3036 message_id, host->name, host->address, addrlist->address,
3037 (addrlist->next == NULL)? "" : ", ...");
3039 /* This is not for real; don't do the delivery. If there are
3040 any remaining hosts, list them. */
3045 set_errno(addrlist, 0, NULL, OK, FALSE);
3046 for (addr = addrlist; addr != NULL; addr = addr->next)
3048 addr->host_used = host;
3049 addr->special_action = '*';
3050 addr->message = US"delivery bypassed by -N option";
3054 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3055 "*** host and remaining hosts:\n", tblock->name);
3056 for (host2 = host; host2 != NULL; host2 = host2->next)
3057 debug_printf(" %s [%s]\n", host2->name,
3058 (host2->address == NULL)? US"unset" : host2->address);
3063 /* This is for real. If the host is expired, we don't count it for
3064 hosts_max_retry. This ensures that all hosts must expire before an address
3065 is timed out, unless hosts_max_try_hardlimit (which protects against
3066 lunatic DNS configurations) is reached.
3068 If the host is not expired and we are about to hit the hosts_max_retry
3069 limit, check to see if there is a subsequent hosts with a different MX
3070 value. If so, make that the next host, and don't count this one. This is a
3071 heuristic to make sure that different MXs do get tried. With a normal kind
3072 of retry rule, they would get tried anyway when the earlier hosts were
3073 delayed, but if the domain has a "retry every time" type of rule - as is
3074 often used for the the very large ISPs, that won't happen. */
3078 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3082 debug_printf("hosts_max_try limit reached with this host\n");
3083 for (h = host; h != NULL; h = h->next)
3084 if (h->mx != host->mx) break;
3088 unexpired_hosts_tried--;
3089 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3090 "and will be tried\n");
3094 /* Attempt the delivery. */
3096 total_hosts_tried++;
3097 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3098 expanded_hosts != NULL, &message_defer, FALSE);
3101 OK => connection made, each address contains its result;
3102 message_defer is set for message-specific defers (when all
3103 recipients are marked defer)
3104 DEFER => there was a non-message-specific delivery problem;
3105 ERROR => there was a problem setting up the arguments for a filter,
3106 or there was a problem with expanding added headers
3109 /* If the result is not OK, there was a non-message-specific problem.
3110 If the result is DEFER, we need to write to the logs saying what happened
3111 for this particular host, except in the case of authentication and TLS
3112 failures, where the log has already been written. If all hosts defer a
3113 general message is written at the end. */
3115 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3116 first_addr->basic_errno != ERRNO_TLSFAILURE)
3117 write_logs(first_addr, host);
3119 #ifdef EXPERIMENTAL_TPDA
3121 tpda_deferred(ob, first_addr, host);
3124 /* If STARTTLS was accepted, but there was a failure in setting up the
3125 TLS session (usually a certificate screwup), and the host is not in
3126 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3127 TLS forcibly turned off. We have to start from scratch with a new SMTP
3128 connection. That's why the retry is done from here, not from within
3129 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3130 session, so the in-clear transmission after those errors, if permitted,
3131 happens inside smtp_deliver().] */
3134 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3135 ob->tls_tempfail_tryclear &&
3136 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3137 host->address, NULL) != OK)
3139 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3140 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3141 first_addr = prepare_addresses(addrlist, host);
3142 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3143 expanded_hosts != NULL, &message_defer, TRUE);
3144 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3145 write_logs(first_addr, host);
3146 #ifdef EXPERIMENTAL_TPDA
3148 tpda_deferred(ob, first_addr, host);
3154 /* Delivery attempt finished */
3156 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3159 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3160 message_id, host->name, host->address, addrlist->address,
3161 (addrlist->next == NULL)? "" : " (& others)", rs);
3163 /* Release serialization if set up */
3165 if (serialized) enq_end(serialize_key);
3167 /* If the result is DEFER, or if a host retry record is known to exist, we
3168 need to add an item to the retry chain for updating the retry database
3169 at the end of delivery. We only need to add the item to the top address,
3170 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3171 for any other delivery attempts using the same address. (It is copied into
3172 the unusable tree at the outer level, so even if different address blocks
3173 contain the same address, it still won't get tried again.) */
3175 if (rc == DEFER || retry_host_key != NULL)
3177 int delete_flag = (rc != DEFER)? rf_delete : 0;
3178 if (retry_host_key == NULL)
3180 retry_host_key = ob->retry_include_ip_address?
3181 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3182 string_sprintf("T:%S%s", host->name, pistring);
3185 /* If a delivery of another message over an existing SMTP connection
3186 yields DEFER, we do NOT set up retry data for the host. This covers the
3187 case when there are delays in routing the addresses in the second message
3188 that are so long that the server times out. This is alleviated by not
3189 routing addresses that previously had routing defers when handling an
3190 existing connection, but even so, this case may occur (e.g. if a
3191 previously happily routed address starts giving routing defers). If the
3192 host is genuinely down, another non-continued message delivery will
3193 notice it soon enough. */
3195 if (delete_flag != 0 || !continuing)
3196 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3198 /* We may have tried an expired host, if its retry time has come; ensure
3199 the status reflects the expiry for the benefit of any other addresses. */
3203 host->status = (host_is_expired)?
3204 hstatus_unusable_expired : hstatus_unusable;
3205 host->why = hwhy_deferred;
3209 /* If message_defer is set (host was OK, but every recipient got deferred
3210 because of some message-specific problem), or if that had happened
3211 previously so that a message retry key exists, add an appropriate item
3212 to the retry chain. Note that if there was a message defer but now there is
3213 a host defer, the message defer record gets deleted. That seems perfectly
3214 reasonable. Also, stop the message from being remembered as waiting
3215 for specific hosts. */
3217 if (message_defer || retry_message_key != NULL)
3219 int delete_flag = message_defer? 0 : rf_delete;
3220 if (retry_message_key == NULL)
3222 retry_message_key = ob->retry_include_ip_address?
3223 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3225 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3227 retry_add_item(addrlist, retry_message_key,
3228 rf_message | rf_host | delete_flag);
3229 update_waiting = FALSE;
3232 /* Any return other than DEFER (that is, OK or ERROR) means that the
3233 addresses have got their final statuses filled in for this host. In the OK
3234 case, see if any of them are deferred. */
3238 for (addr = addrlist; addr != NULL; addr = addr->next)
3240 if (addr->transport_return == DEFER)
3242 some_deferred = TRUE;
3248 /* If no addresses deferred or the result was ERROR, return. We do this for
3249 ERROR because a failing filter set-up or add_headers expansion is likely to
3250 fail for any host we try. */
3252 if (rc == ERROR || (rc == OK && !some_deferred))
3254 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3255 return TRUE; /* Each address has its status */
3258 /* If the result was DEFER or some individual addresses deferred, let
3259 the loop run to try other hosts with the deferred addresses, except for the
3260 case when we were trying to deliver down an existing channel and failed.
3261 Don't try any other hosts in this case. */
3263 if (continuing) break;
3265 /* If the whole delivery, or some individual addresses, were deferred and
3266 there are more hosts that could be tried, do not count this host towards
3267 the hosts_max_try limit if the age of the message is greater than the
3268 maximum retry time for this host. This means we may try try all hosts,
3269 ignoring the limit, when messages have been around for some time. This is
3270 important because if we don't try all hosts, the address will never time
3271 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
3273 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3276 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3278 if (retry != NULL && retry->rules != NULL)
3280 retry_rule *last_rule;
3281 for (last_rule = retry->rules;
3282 last_rule->next != NULL;
3283 last_rule = last_rule->next);
3284 timedout = time(NULL) - received_time > last_rule->timeout;
3286 else timedout = TRUE; /* No rule => timed out */
3290 unexpired_hosts_tried--;
3291 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3292 "hosts_max_try (message older than host's retry time)\n");
3295 } /* End of loop for trying multiple hosts. */
3297 /* This is the end of the loop that repeats iff expired is TRUE and
3298 ob->delay_after_cutoff is FALSE. The second time round we will
3299 try those hosts that haven't been tried since the message arrived. */
3303 debug_printf("all IP addresses skipped or deferred at least one address\n");
3304 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3305 debug_printf("retrying IP addresses not tried since message arrived\n");
3310 /* Get here if all IP addresses are skipped or defer at least one address. In
3311 MUA wrapper mode, this will happen only for connection or other non-message-
3312 specific failures. Force the delivery status for all addresses to FAIL. */
3316 for (addr = addrlist; addr != NULL; addr = addr->next)
3317 addr->transport_return = FAIL;
3321 /* In the normal, non-wrapper case, add a standard message to each deferred
3322 address if there hasn't been an error, that is, if it hasn't actually been
3323 tried this time. The variable "expired" will be FALSE if any deliveries were
3324 actually tried, or if there was at least one host that was not expired. That
3325 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3326 a delivery has been tried, an error code will be set, and the failing of the
3327 message is handled by the retry code later.
3329 If queue_smtp is set, or this transport was called to send a subsequent message
3330 down an existing TCP/IP connection, and something caused the host not to be
3331 found, we end up here, but can detect these cases and handle them specially. */
3333 for (addr = addrlist; addr != NULL; addr = addr->next)
3335 /* If host is not NULL, it means that we stopped processing the host list
3336 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3337 means we need to behave as if some hosts were skipped because their retry
3338 time had not come. Specifically, this prevents the address from timing out.
3339 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3340 hosts were tried. */
3344 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3347 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3348 "hosts were tried\n");
3353 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3354 setflag(addr, af_retry_skipped);
3358 if (queue_smtp) /* no deliveries attempted */
3360 addr->transport_return = DEFER;
3361 addr->basic_errno = 0;
3362 addr->message = US"SMTP delivery explicitly queued";
3365 else if (addr->transport_return == DEFER &&
3366 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3367 addr->message == NULL)
3369 addr->basic_errno = ERRNO_HRETRY;
3370 if (continue_hostname != NULL)
3372 addr->message = US"no host found for existing SMTP connection";
3376 setflag(addr, af_pass_message); /* This is not a security risk */
3377 addr->message = (ob->delay_after_cutoff)?
3378 US"retry time not reached for any host after a long failure period" :
3379 US"all hosts have been failing for a long time and were last tried "
3380 "after this message arrived";
3382 /* If we are already using fallback hosts, or there are no fallback hosts
3383 defined, convert the result to FAIL to cause a bounce. */
3385 if (addr->host_list == addr->fallback_hosts ||
3386 addr->fallback_hosts == NULL)
3387 addr->transport_return = FAIL;
3391 if (hosts_retry == hosts_total)
3392 addr->message = US"retry time not reached for any host";
3393 else if (hosts_fail == hosts_total)
3394 addr->message = US"all host address lookups failed permanently";
3395 else if (hosts_defer == hosts_total)
3396 addr->message = US"all host address lookups failed temporarily";
3397 else if (hosts_serial == hosts_total)
3398 addr->message = US"connection limit reached for all hosts";
3399 else if (hosts_fail+hosts_defer == hosts_total)
3400 addr->message = US"all host address lookups failed";
3401 else addr->message = US"some host address lookups failed and retry time "
3402 "not reached for other hosts or connection limit reached";
3407 /* Update the database which keeps information about which messages are waiting
3408 for which hosts to become available. For some message-specific errors, the
3409 update_waiting flag is turned off because we don't want follow-on deliveries in
3410 those cases. If this transport instance is explicitly limited to one message
3411 per connection then follow-on deliveries are not possible and there's no need
3412 to create/update the per-transport wait-<transport_name> database. */
3414 if (update_waiting && tblock->connection_max_messages != 1)
3415 transport_update_waiting(hostlist, tblock->name);
3419 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3421 return TRUE; /* Each address has its status */
3424 /* End of transport/smtp.c */
git://git.exim.org / exim.git / blob