* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */
HELO_CMD, EHLO_CMD, DATA_CMD, /* These are listed in the pipelining */
VRFY_CMD, EXPN_CMD, NOOP_CMD, /* RFC as requiring synchronization */
- ETRN_CMD, /* This by analogy with TURN from the RFC */
+ ATRN_CMD, ETRN_CMD, /* This by analogy with TURN from the RFC */
STARTTLS_CMD, /* Required by the STARTTLS RFC */
TLS_AUTH_CMD, /* auto-command at start of SSL */
#ifdef EXPERIMENTAL_XCLIENT
/* These commands need not be synchronized when pipelining */
MAIL_CMD, RCPT_CMD, RSET_CMD,
+#ifndef DISABLE_WELLKNOWN
+ WELLKNOWN_CMD,
+#endif
/* This is a dummy to identify the non-sync commands when not pipelining */
/* These are specials that don't correspond to actual commands */
EOF_CMD, OTHER_CMD, BADARG_CMD, BADCHAR_CMD, BADSYN_CMD,
- TOO_MANY_NONMAIL_CMD };
+ TOO_MANY_NONMAIL_CMD
+};
/* This is a convenience macro for adding the identity of an SMTP command
{ "bdat", sizeof("bdat")-1, BDAT_CMD, TRUE, TRUE },
{ "quit", sizeof("quit")-1, QUIT_CMD, FALSE, TRUE },
{ "noop", sizeof("noop")-1, NOOP_CMD, TRUE, FALSE },
+ { "atrn", sizeof("atrn")-1, ATRN_CMD, TRUE, FALSE },
{ "etrn", sizeof("etrn")-1, ETRN_CMD, TRUE, FALSE },
{ "vrfy", sizeof("vrfy")-1, VRFY_CMD, TRUE, FALSE },
{ "expn", sizeof("expn")-1, EXPN_CMD, TRUE, FALSE },
- { "help", sizeof("help")-1, HELP_CMD, TRUE, FALSE }
+ { "help", sizeof("help")-1, HELP_CMD, TRUE, FALSE },
+#ifndef DISABLE_WELLKNOWN
+ { "wellknown", sizeof("wellknown")-1, WELLKNOWN_CMD, TRUE, FALSE },
+#endif
};
/* This list of names is used for performing the smtp_no_mail logging action. */
[SCH_RSET] = US"RSET",
[SCH_STARTTLS] = US"STARTTLS",
[SCH_VRFY] = US"VRFY",
+#ifndef DISABLE_WELLKNOWN
+ [SCH_WELLKNOWN] = US"WELLKNOWN",
+#endif
#ifdef EXPERIMENTAL_XCLIENT
[SCH_XCLIENT] = US"XCLIENT",
#endif
+#ifndef DISABLE_DKIM
+/* Feed received message data to the dkim module */
+/*XXX maybe a global dkim_info? */
+void
+smtp_verify_feed(const uschar * s, unsigned n)
+{
+static misc_module_info * dkim_mi = NULL;
+typedef void (*fn_t)(const uschar *, int);
+
+if (!dkim_mi && !(dkim_mi = misc_mod_findonly(US"dkim")))
+ return;
+
+(((fn_t *) dkim_mi->functions)[DKIM_VERIFY_FEED]) (s, n);
+}
+#endif
+
+
/* Refill the buffer, and notify DKIM verification code.
Return false for error or EOF.
*/
return FALSE;
}
#ifndef DISABLE_DKIM
-dkim_exim_verify_feed(smtp_inbuffer, rc);
+smtp_verify_feed(smtp_inbuffer, rc);
#endif
smtp_inend = smtp_inbuffer + rc;
smtp_inptr = smtp_inbuffer;
if (n > lim)
n = lim;
if (n > 0)
- dkim_exim_verify_feed(smtp_inptr, n);
+ smtp_verify_feed(smtp_inptr, n);
#endif
}
uschar * user_msg = NULL;
uschar * log_msg;
-for(;;)
- {
#ifndef DISABLE_DKIM
- unsigned dkim_save;
+misc_module_info * dkim_info = misc_mod_findonly(US"dkim");
+typedef void (*dkim_pause_t)(BOOL);
+dkim_pause_t dkim_pause;
+
+dkim_pause = dkim_info
+ ? ((dkim_pause_t *) dkim_info->functions)[DKIM_VERIFY_PAUSE] : NULL;
#endif
+for(;;)
+ {
+
if (chunking_data_left > 0)
return lwr_receive_getc(chunking_data_left--);
bdat_pop_receive_functions();
#ifndef DISABLE_DKIM
- dkim_save = dkim_collect_input;
- dkim_collect_input = 0;
+ if (dkim_pause) dkim_pause(TRUE);
#endif
/* Unless PIPELINING was offered, there should be no next command
if (chunking_state == CHUNKING_LAST)
{
#ifndef DISABLE_DKIM
- dkim_collect_input = dkim_save;
- dkim_exim_verify_feed(NULL, 0); /* notify EOD */
- dkim_collect_input = 0;
+ smtp_verify_feed(NULL, 0); /* notify EOD */
#endif
return EOD;
}
- smtp_printf("250 %u byte chunk received\r\n", FALSE, chunking_datasize);
+ smtp_printf("250 %u byte chunk received\r\n", SP_NO_MORE, chunking_datasize);
chunking_state = CHUNKING_OFFERED;
DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
case NOOP_CMD:
HAD(SCH_NOOP);
- smtp_printf("250 OK\r\n", FALSE);
+ smtp_printf("250 OK\r\n", SP_NO_MORE);
goto next_cmd;
case BDAT_CMD:
bdat_push_receive_functions();
#ifndef DISABLE_DKIM
- dkim_collect_input = dkim_save;
+ if (dkim_pause) dkim_pause(FALSE);
#endif
break; /* to top of main loop */
}
follow the sender address. */
smtp_cmd_argument = smtp_cmd_buffer + p->len;
- while (isspace(*smtp_cmd_argument)) smtp_cmd_argument++;
+ Uskip_whitespace(&smtp_cmd_argument);
Ustrcpy(smtp_data_buffer, smtp_cmd_argument);
smtp_cmd_data = smtp_data_buffer;
{
if (!smtp_in || smtp_batched_input) return;
receive_swallow_smtp();
-smtp_printf("421 %s\r\n", FALSE, message);
+smtp_printf("421 %s\r\n", SP_NO_MORE, message);
for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case QUIT_CMD:
f.smtp_in_quit = TRUE;
- smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
+ smtp_printf("221 %s closing connection\r\n", SP_NO_MORE, smtp_active_hostname);
mac_smtp_fflush();
return;
case RSET_CMD:
- smtp_printf("250 Reset OK\r\n", FALSE);
+ smtp_printf("250 Reset OK\r\n", SP_NO_MORE);
break;
default:
- smtp_printf("421 %s\r\n", FALSE, message);
+ smtp_printf("421 %s\r\n", SP_NO_MORE, message);
break;
}
}
{
const uschar * hostname = sender_fullhost
? sender_fullhost : sender_host_address;
+gstring * g = string_catn(NULL, US"SMTP connection", 15);
+
+if (LOGGING(connection_id))
+ g = string_fmt_append(g, " Ci=%s", connection_id);
+g = string_catn(g, US" from ", 6);
if (host_checking)
- return string_sprintf("SMTP connection from %s", hostname);
+ g = string_cat(g, hostname);
+
+else if (f.sender_host_unknown || f.sender_host_notsocket)
+ g = string_cat(g, sender_ident ? sender_ident : US"NULL");
-if (f.sender_host_unknown || f.sender_host_notsocket)
- return string_sprintf("SMTP connection from %s", sender_ident);
+else if (f.is_inetd)
+ g = string_append(g, 2, hostname, US" (via inetd)");
-if (f.is_inetd)
- return string_sprintf("SMTP connection from %s (via inetd)", hostname);
+else if (LOGGING(incoming_interface) && interface_address)
+ g = string_fmt_append(g, "%s I=[%s]:%d", hostname, interface_address, interface_port);
-if (LOGGING(incoming_interface) && interface_address)
- return string_sprintf("SMTP connection from %s I=[%s]:%d", hostname,
- interface_address, interface_port);
+else
+ g = string_cat(g, hostname);
-return string_sprintf("SMTP connection from %s", hostname);
+gstring_release_unused(g);
+return string_from_gstring(g);
}
bmi_verdicts = NULL;
#endif
dnslist_domain = dnslist_matched = NULL;
-#ifdef SUPPORT_SPF
-spf_header_comment = spf_received = spf_result = spf_smtp_comment = NULL;
-spf_result_guessed = FALSE;
-#endif
-#ifndef DISABLE_DKIM
-dkim_cur_signer = dkim_signers =
-dkim_signing_domain = dkim_signing_selector = dkim_signatures = NULL;
-dkim_cur_signer = dkim_signers = dkim_signing_domain = dkim_signing_selector = NULL;
-f.dkim_disable_verify = FALSE;
-dkim_collect_input = 0;
-dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL;
-dkim_key_length = 0;
-#endif
-#ifdef SUPPORT_DMARC
-f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE;
-dmarc_domain_policy = dmarc_status = dmarc_status_text =
-dmarc_used_domain = NULL;
-#endif
-#ifdef EXPERIMENTAL_ARC
-arc_state = arc_state_reason = NULL;
-arc_received_instance = 0;
-#endif
+
dsn_ret = 0;
dsn_envid = NULL;
deliver_host = deliver_host_address = NULL; /* Can be set by ACL */
store_free(this);
}
+misc_mod_smtp_reset();
message_tidyup();
store_reset(reset_point);
/* Check maximum number allowed */
- if (recipients_max > 0 && recipients_count + 1 > recipients_max)
+ if ( recipients_max_expanded > 0
+ && recipients_count + 1 > recipients_max_expanded)
/* The function moan_smtp_batch() does not return. */
moan_smtp_batch(smtp_cmd_buffer, "%s too many recipients",
- recipients_max_reject? "552": "452");
+ recipients_max_reject ? "552": "452");
/* Apply SMTP rewrite, then extract address. Don't allow "<>" as a
recipient address */
break;
- /* The VRFY, EXPN, HELP, ETRN, and NOOP commands are ignored. */
+ /* The VRFY, EXPN, HELP, ETRN, ATRN and NOOP commands are ignored. */
- case VRFY_CMD:
- case EXPN_CMD:
- case HELP_CMD:
- case NOOP_CMD:
- case ETRN_CMD:
+ case VRFY_CMD: case EXPN_CMD: case HELP_CMD: case NOOP_CMD:
+ case ETRN_CMD: case ATRN_CMD:
+#ifndef DISABLE_WELLKNOWN
+ case WELLKNOWN_CMD:
+#endif
bsmtp_transaction_linecount = receive_linecount;
break;
static void
log_connect_tls_drop(const uschar * what, const uschar * log_msg)
{
-gstring * g = s_tlslog(NULL);
-uschar * tls = string_from_gstring(g);
-
-log_write(L_connection_reject,
- log_reject_target, "%s%s%s dropped by %s%s%s",
- LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"",
- host_and_ident(TRUE),
- tls ? tls : US"",
- what,
- log_msg ? US": " : US"", log_msg);
+if (log_reject_target)
+ {
+#ifdef DISABLE_TLS
+ uschar * tls = NULL;
+#else
+ gstring * g = s_tlslog(NULL);
+ uschar * tls = string_from_gstring(g);
+#endif
+ log_write(L_connection_reject,
+ log_reject_target, "%s%s%s dropped by %s%s%s",
+ LOGGING(dnssec) && sender_host_dnssec ? US" DS" : US"",
+ host_and_ident(TRUE),
+ tls ? tls : US"",
+ what,
+ log_msg ? US": " : US"", log_msg);
+ }
}
/* Set up the message size limit; this may be host-specific */
+GET_OPTION("message_size_limit");
thismessage_size_limit = expand_string_integer(message_size_limit, TRUE);
if (expand_string_message)
{
{
log_write(0, LOG_MAIN, "getsockopt() failed from %s: %s",
host_and_ident(FALSE), strerror(errno));
- smtp_printf("451 SMTP service not available\r\n", FALSE);
+ smtp_printf("451 SMTP service not available\r\n", SP_NO_MORE);
return FALSE;
}
}
log_write(0, LOG_MAIN|LOG_REJECT,
"connection from %s refused (IP options)", host_and_ident(FALSE));
- smtp_printf("554 SMTP service not available\r\n", FALSE);
+ smtp_printf("554 SMTP service not available\r\n", SP_NO_MORE);
return FALSE;
}
#ifndef DISABLE_TLS
if (!tls_in.on_connect)
#endif
- smtp_printf("554 SMTP service not available\r\n", FALSE);
+ smtp_printf("554 SMTP service not available\r\n", SP_NO_MORE);
return FALSE;
}
log_write(L_connection_reject,
LOG_MAIN|LOG_REJECT, "refused connection from %s "
"(tcp wrappers)", host_and_ident(FALSE));
- smtp_printf("554 SMTP service not available\r\n", FALSE);
+ smtp_printf("554 SMTP service not available\r\n", SP_NO_MORE);
}
else
{
log_write(L_connection_reject,
LOG_MAIN|LOG_REJECT, "temporarily refused connection from %s "
"(tcp wrappers errno=%d)", host_and_ident(FALSE), save_errno);
- smtp_printf("451 Temporary local problem - please try later\r\n", FALSE);
+ smtp_printf("451 Temporary local problem - please try later\r\n", SP_NO_MORE);
}
return FALSE;
}
host_and_ident(FALSE), smtp_accept_count - 1, smtp_accept_max,
smtp_accept_reserve, (rc == DEFER)? " (lookup deferred)" : "");
smtp_printf("421 %s: Too many concurrent SMTP connections; "
- "please try again later\r\n", FALSE, smtp_active_hostname);
+ "please try again later\r\n", SP_NO_MORE, smtp_active_hostname);
return FALSE;
}
reserved_host = TRUE;
LOG_MAIN, "temporarily refused connection from %s: not in "
"reserve list and load average = %.2f", host_and_ident(FALSE),
(double)load_average/1000.0);
- smtp_printf("421 %s: Too much load; please try again later\r\n", FALSE,
+ smtp_printf("421 %s: Too much load; please try again later\r\n", SP_NO_MORE,
smtp_active_hostname);
return FALSE;
}
fl.helo_accept_junk = verify_check_host(&helo_accept_junk_hosts) == OK;
}
+/* Expand recipients_max, if needed */
+ {
+ uschar * rme = expand_string(recipients_max);
+ recipients_max_expanded = atoi(CCS rme);
+ }
/* For batch SMTP input we are now done. */
if (smtp_batched_input) return TRUE;
-#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS) || defined(EXPERIMETAL_XCLIENT)
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS) || defined(EXPERIMENTAL_XCLIENT)
proxy_session = FALSE;
#endif
/* Run the connect ACL if it exists */
user_msg = NULL;
+GET_OPTION("acl_smtp_connect");
if (acl_smtp_connect)
{
int rc;
esclen = codelen - 4;
}
}
-else if (!(s = expand_string(smtp_banner)))
+else
{
- log_write(0, f.expand_string_forcedfail ? LOG_MAIN : LOG_MAIN|LOG_PANIC_DIE,
- "Expansion of \"%s\" (smtp_banner) failed: %s",
- smtp_banner, expand_string_message);
- /* for force-fail */
-#ifndef DISABLE_TLS
- if (tls_in.on_connect) tls_close(NULL, TLS_SHUTDOWN_WAIT);
-#endif
- return FALSE;
+ GET_OPTION("smtp_banner");
+ if (!(s = expand_string(smtp_banner)))
+ {
+ log_write(0, f.expand_string_forcedfail ? LOG_MAIN : LOG_MAIN|LOG_PANIC_DIE,
+ "Expansion of \"%s\" (smtp_banner) failed: %s",
+ smtp_banner, expand_string_message);
+ /* for force-fail */
+ #ifndef DISABLE_TLS
+ if (tls_in.on_connect) tls_close(NULL, TLS_SHUTDOWN_WAIT);
+ #endif
+ return FALSE;
+ }
}
/* Remove any terminating newlines; might as well remove trailing space too */
"synchronization error (input sent without waiting for greeting): "
"rejected connection from %s input=\"%s\"", host_and_ident(TRUE),
string_printing(string_copyn(smtp_inptr, n)));
- smtp_printf("554 SMTP synchronization error\r\n", FALSE);
+ smtp_printf("554 SMTP synchronization error\r\n", SP_NO_MORE);
return FALSE;
}
/* Now output the banner */
/*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */
-smtp_printf("%s",
+smtp_printf("%Y",
#ifndef DISABLE_PIPE_CONNECT
fl.pipe_connect_acceptable && pipeline_connect_sends(),
#else
- FALSE,
+ SP_NO_MORE,
#endif
- string_from_gstring(ss));
+ ss);
/* Attempt to see if we sent the banner before the last ACK of the 3-way
handshake arrived. If so we must have managed a TFO. */
{
int yield = -1;
+#ifndef DISABLE_EVENT
+event_raise(event_action,
+ L_smtp_syntax_error ? US"smtp:fail:syntax" : US"smtp:fail:protocol",
+ errmess, NULL);
+#endif
+
log_write(type, LOG_MAIN, "SMTP %s error in \"%s\" %s %s",
type == L_smtp_syntax_error ? "syntax" : "protocol",
string_printing(smtp_cmd_buffer), host_and_ident(TRUE), errmess);
{
yield = 1;
log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
- "syntax or protocol errors (last command was \"%s\", %s)",
+ "syntax or protocol errors (last command was \"%s\", %Y)",
host_and_ident(FALSE), string_printing(smtp_cmd_buffer),
- string_from_gstring(s_connhad_log(NULL))
+ s_connhad_log(NULL)
);
}
if (code > 0)
{
- smtp_printf("%d%c%s%s%s\r\n", FALSE, code, yield == 1 ? '-' : ' ',
+ smtp_printf("%d%c%s%s%s\r\n", SP_NO_MORE, code, yield == 1 ? '-' : ' ',
data ? data : US"", data ? US": " : US"", errmess);
if (yield == 1)
- smtp_printf("%d Too many syntax or protocol errors\r\n", FALSE, code);
+ smtp_printf("%d Too many syntax or protocol errors\r\n", SP_NO_MORE, code);
}
return yield;
*/
void
-smtp_respond(uschar* code, int codelen, BOOL final, uschar *msg)
+smtp_respond(uschar * code, int codelen, BOOL final, uschar * msg)
{
int esclen = 0;
uschar *esc = US"";
We only handle pipelining these responses as far as nonfinal/final groups,
not the whole MAIL/RCPT/DATA response set. */
-for (;;)
- {
- uschar *nl = Ustrchr(msg, '\n');
- if (!nl)
+for (uschar * nl;;)
+ if (!(nl = Ustrchr(msg, '\n')))
{
smtp_printf("%.3s%c%.*s%s\r\n", !final, code, final ? ' ':'-', esclen, esc, msg);
return;
}
else
{
- smtp_printf("%.3s-%.*s%.*s\r\n", TRUE, code, esclen, esc, (int)(nl - msg), msg);
+ smtp_printf("%.3s-%.*s%.*s\r\n", SP_MORE, code, esclen, esc, (int)(nl - msg), msg);
msg = nl + 1;
Uskip_whitespace(&msg);
}
- }
}
*/
int
-smtp_handle_acl_fail(int where, int rc, uschar *user_msg, uschar *log_msg)
+smtp_handle_acl_fail(int where, int rc, uschar * user_msg, uschar * log_msg)
{
BOOL drop = rc == FAIL_DROP;
int codelen = 3;
smtp_message_code(&smtp_code, &codelen, &user_msg, &log_msg,
where != ACL_WHERE_VRFY);
-/* We used to have sender_address here; however, there was a bug that was not
+/* Get info for logging.
+We used to have sender_address here; however, there was a bug that was not
updating sender_address after a rewrite during a verify. When this bug was
fixed, sender_address at this point became the rewritten address. I'm not sure
this is what should be logged, so I've changed to logging the unrewritten
if (where == ACL_WHERE_AUTH) /* avoid logging auth creds */
{
- uschar * s;
- for (s = smtp_cmd_data; *s && !isspace(*s); ) s++;
- lim = s - smtp_cmd_data; /* atop after method */
+ uschar * s = smtp_cmd_data;
+ Uskip_nonwhite(&s);
+ lim = s - smtp_cmd_data; /* stop after method */
}
what = string_sprintf("%s %.*s", acl_wherenames[where], lim, place);
}
string_sprintf(": %s", sender_verified_failed->message));
if (rc == FAIL && sender_verified_failed->user_message)
- smtp_respond(smtp_code, codelen, FALSE, string_sprintf(
+ smtp_respond(smtp_code, codelen, SR_NOT_FINAL, string_sprintf(
testflag(sender_verified_failed, af_verify_pmfail)?
"Postmaster verification failed while checking <%s>\n%s\n"
"Several RFCs state that you are required to have a postmaster\n"
rc was FAIL_DROP we drop the connection and yield 2. */
if (rc == FAIL)
- smtp_respond(smtp_code, codelen, TRUE,
+ smtp_respond(smtp_code, codelen, SR_FINAL,
user_msg ? user_msg : US"Administrative prohibition");
/* Send temporary failure response to the command. Don't give any details,
&& sender_verified_failed
&& sender_verified_failed->message
)
- smtp_respond(smtp_code, codelen, FALSE, sender_verified_failed->message);
+ smtp_respond(smtp_code, codelen, SR_NOT_FINAL, sender_verified_failed->message);
- smtp_respond(smtp_code, codelen, TRUE, user_msg);
+ smtp_respond(smtp_code, codelen, SR_FINAL, user_msg);
}
else
- smtp_respond(smtp_code, codelen, TRUE,
+ smtp_respond(smtp_code, codelen, SR_FINAL,
US"Temporary local problem - please try later");
/* Log the incident to the logs that are specified by log_reject_target
the connection is not forcibly to be dropped, return 0. Otherwise, log why it
is closing if required and return 2. */
-if (log_reject_target != 0)
+if (log_reject_target)
{
#ifndef DISABLE_TLS
gstring * g = s_tlslog(NULL);
/* Call the not-QUIT ACL, if there is one, unless no reason is given. */
+GET_OPTION("acl_smtp_notquit");
if (acl_smtp_notquit && reason)
{
smtp_notquit_reason = reason;
if (code && defaultrespond)
{
if (user_msg)
- smtp_respond(code, 3, TRUE, user_msg);
+ smtp_respond(code, 3, SR_FINAL, user_msg);
else
{
gstring * g;
va_start(ap, defaultrespond);
g = string_vformat(NULL, SVFMT_EXTEND|SVFMT_REBUFFER, CS defaultrespond, ap);
va_end(ap);
- smtp_printf("%s %s\r\n", FALSE, code, string_from_gstring(g));
+ smtp_printf("%s %Y\r\n", SP_NO_MORE, code, g);
}
mac_smtp_fflush();
}
*/
static void
-smtp_user_msg(uschar *code, uschar *user_msg)
+smtp_user_msg(uschar * code, uschar * user_msg)
{
int len = 3;
smtp_message_code(&code, &len, &user_msg, NULL, TRUE);
-smtp_respond(code, len, TRUE, user_msg);
+smtp_respond(code, len, SR_FINAL, user_msg);
}
/* Set up globals for error messages */
-authenticator_name = au->name;
-driver_srcfile = au->srcfile;
-driver_srcline = au->srcline;
+authenticator_name = au->drinst.name;
+driver_srcfile = au->drinst.srcfile;
+driver_srcline = au->drinst.srcline;
/* Run the checking code, passing the remainder of the command line as
data. Initials the $auth<n> variables as empty. Initialize $0 empty and set
expand_nmax = 0;
expand_nlength[0] = 0; /* $0 contains nothing */
-rc = (au->info->servercode)(au, smtp_cmd_data);
+ {
+ auth_info * ai = au->drinst.info;
+ rc = (ai->servercode)(au, smtp_cmd_data);
+ }
if (au->set_id) set_id = expand_string(au->set_id);
expand_nmax = -1; /* Reset numeric variables */
for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth<n> */
if (!au->set_id || set_id) /* Complete success */
{
if (set_id) authenticated_id = string_copy_perm(set_id, TRUE);
- sender_host_authenticated = au->name;
+ sender_host_authenticated = au->drinst.name;
sender_host_auth_pubname = au->public_name;
authentication_failed = FALSE;
authenticated_fail_id = NULL; /* Impossible to already be set? */
*recipient = US rewrite_address_qualify(*recipient, TRUE);
return rd;
}
-smtp_printf("501 %s: recipient address must contain a domain\r\n", FALSE,
+smtp_printf("501 %s: recipient address must contain a domain\r\n", SP_NO_MORE,
smtp_cmd_data);
log_write(L_smtp_syntax_error,
LOG_MAIN|LOG_REJECT, "unqualified %s rejected: <%s> %s%s",
HAD(SCH_QUIT);
f.smtp_in_quit = TRUE;
incomplete_transaction_log(US"QUIT");
+GET_OPTION("acl_smtp_quit");
if ( acl_smtp_quit
&& acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, user_msgp, log_msgp)
== ERROR)
#endif
if (*user_msgp)
- smtp_respond(US"221", 3, TRUE, *user_msgp);
+ smtp_respond(US"221", 3, SR_FINAL, *user_msgp);
else
- smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
+ smtp_printf("221 %s closing connection\r\n", SP_NO_MORE, smtp_active_hostname);
#ifdef SERVERSIDE_CLOSE_NOWAIT
# ifndef DISABLE_TLS
{
HAD(SCH_RSET);
incomplete_transaction_log(US"RSET");
-smtp_printf("250 Reset OK\r\n", FALSE);
+smtp_printf("250 Reset OK\r\n", SP_NO_MORE);
cmd_list[CL_RSET].is_mail_cmd = FALSE;
if (chunking_state > CHUNKING_OFFERED)
chunking_state = CHUNKING_OFFERED;
}
+#ifndef DISABLE_WELLKNOWN
+static int
+smtp_wellknown_handler(void)
+{
+if (verify_check_host(&wellknown_advertise_hosts) != FAIL)
+ {
+ GET_OPTION("acl_smtp_wellknown");
+ if (acl_smtp_wellknown)
+ {
+ uschar * user_msg = NULL, * log_msg;
+ int rc;
+
+ if ((rc = acl_check(ACL_WHERE_WELLKNOWN, NULL, acl_smtp_wellknown,
+ &user_msg, &log_msg)) != OK)
+ return smtp_handle_acl_fail(ACL_WHERE_WELLKNOWN, rc, user_msg, log_msg);
+ else if (!wellknown_response)
+ return smtp_handle_acl_fail(ACL_WHERE_WELLKNOWN, ERROR, user_msg, log_msg);
+ smtp_user_msg(US"250", wellknown_response);
+ return 0;
+ }
+ }
+
+smtp_printf("554 not permitted\r\n", SP_NO_MORE);
+log_write(0, LOG_MAIN|LOG_REJECT, "rejected \"%s\" from %s",
+ smtp_cmd_buffer, sender_helo_name, host_and_ident(FALSE));
+return 0;
+}
+#endif
+
+
static int
expand_mailmax(const uschar * s)
{
void (*oldsignal)(int);
pid_t pid;
int start, end, sender_domain, recipient_domain;
- int rc;
- int c;
- uschar *orcpt = NULL;
+ int rc, c;
+ uschar * orcpt = NULL;
int dsn_flags;
gstring * g;
{
cmd_list[CL_TLAU].is_mail_cmd = FALSE;
- for (auth_instance * au = auths; au; au = au->next)
- if (strcmpic(US"tls", au->driver_name) == 0)
+ for (auth_instance * au = auths; au; au = au->drinst.next)
+ if (strcmpic(US"tls", au->drinst.driver_name) == 0)
{
+ GET_OPTION("acl_smtp_auth");
if ( acl_smtp_auth
&& (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
&user_msg, &log_msg)) != OK
#ifndef DISABLE_EVENT
{
uschar * save_name = sender_host_authenticated, * logmsg;
- sender_host_authenticated = au->name;
+ sender_host_authenticated = au->drinst.name;
if ((logmsg = event_raise(event_action, US"auth:fail", s, NULL)))
log_write(0, LOG_MAIN, "%s", logmsg);
sender_host_authenticated = save_name;
/* Check the ACL */
+ GET_OPTION("acl_smtp_auth");
if ( acl_smtp_auth
&& (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
&user_msg, &log_msg)) != OK
if (*smtp_cmd_data)
{
- *smtp_cmd_data++ = 0;
- while (isspace(*smtp_cmd_data)) smtp_cmd_data++;
+ *smtp_cmd_data++ = '\0';
+ Uskip_whitespace(&smtp_cmd_data);
}
/* Search for an authentication mechanism which is configured for use
auth_instance * au;
uschar * smtp_resp, * errmsg;
- for (au = auths; au; au = au->next)
+ for (au = auths; au; au = au->drinst.next)
if (strcmpic(s, au->public_name) == 0 && au->server &&
(au->advertised || f.allow_auth_unadvertised))
break;
{
int rc = smtp_in_auth(au, &smtp_resp, &errmsg);
- smtp_printf("%s\r\n", FALSE, smtp_resp);
+ smtp_printf("%s\r\n", SP_NO_MORE, smtp_resp);
if (rc != OK)
{
uschar * logmsg = NULL;
#ifndef DISABLE_EVENT
{uschar * save_name = sender_host_authenticated;
- sender_host_authenticated = au->name;
+ sender_host_authenticated = au->drinst.name;
logmsg = event_raise(event_action, US"auth:fail", smtp_resp, NULL);
sender_host_authenticated = save_name;
}
log_write(0, LOG_MAIN|LOG_REJECT, "%s", logmsg);
else
log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s",
- au->name, host_and_ident(FALSE), errmsg);
+ au->drinst.name, host_and_ident(FALSE), errmsg);
}
}
else
if (!check_helo(smtp_cmd_data))
{
- smtp_printf("501 Syntactically invalid %s argument(s)\r\n", FALSE, hello);
+ smtp_printf("501 Syntactically invalid %s argument(s)\r\n", SP_NO_MORE, hello);
log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically "
"invalid argument(s): %s", hello, host_and_ident(FALSE),
if (++synprot_error_count > smtp_max_synprot_errors)
{
log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
- "syntax or protocol errors (last command was \"%s\", %s)",
+ "syntax or protocol errors (last command was \"%s\", %Y)",
host_and_ident(FALSE), string_printing(smtp_cmd_buffer),
- string_from_gstring(s_connhad_log(NULL))
+ s_connhad_log(NULL)
);
done = 1;
}
if (!f.sender_host_unknown)
{
BOOL old_helo_verified = f.helo_verified;
- uschar *p = smtp_cmd_data;
+ uschar * p = smtp_cmd_data;
- while (*p != 0 && !isspace(*p)) { *p = tolower(*p); p++; }
- *p = 0;
+ while (*p && !isspace(*p)) { *p = tolower(*p); p++; }
+ *p = '\0';
/* Force a reverse lookup if HELO quoted something in helo_lookup_domains
because otherwise the log can be confusing. */
{
if (fl.helo_verify_required)
{
- smtp_printf("%d %s argument does not match calling host\r\n", FALSE,
+ smtp_printf("%d %s argument does not match calling host\r\n", SP_NO_MORE,
tempfail? 451 : 550, hello);
log_write(0, LOG_MAIN|LOG_REJECT, "%srejected \"%s %s\" from %s",
tempfail? "temporarily " : "",
}
}
-#ifdef SUPPORT_SPF
- /* set up SPF context */
- spf_conn_init(sender_helo_name, sender_host_address);
-#endif
+ /* For any misc-module having a connection-init routine, call it. */
+
+ if (misc_mod_conn_init(sender_helo_name, sender_host_address) != OK)
+ {
+ DEBUG(D_receive) debug_printf("A module conn-init routine failed\n");
+ done = 1;
+ break;
+ }
/* Apply an ACL check if one is defined; afterwards, recheck
synchronization in case the client started sending in a delay. */
+ GET_OPTION("acl_smtp_helo");
if (acl_smtp_helo)
if ((rc = acl_check(ACL_WHERE_HELO, NULL, acl_smtp_helo,
&user_msg, &log_msg)) != OK)
g = string_catn(g, US"-SIZE\r\n", 7);
}
-#ifdef EXPERIMENTAL_ESMTP_LIMITS
- if ( (smtp_mailcmd_max > 0 || recipients_max)
+#ifndef DISABLE_ESMTP_LIMITS
+ if ( (smtp_mailcmd_max > 0 || recipients_max_expanded > 0)
&& verify_check_host(&limits_advertise_hosts) == OK)
{
g = string_fmt_append(g, "%.3s-LIMITS", smtp_code);
if (smtp_mailcmd_max > 0)
g = string_fmt_append(g, " MAILMAX=%d", smtp_mailcmd_max);
- if (recipients_max)
- g = string_fmt_append(g, " RCPTMAX=%d", recipients_max);
+ if (recipients_max_expanded > 0)
+ g = string_fmt_append(g, " RCPTMAX=%d", recipients_max_expanded);
g = string_catn(g, US"\r\n", 2);
}
#endif
fl.dsn_advertised = TRUE;
}
- /* Advertise ETRN/VRFY/EXPN if there's are ACL checking whether a host is
- permitted to issue them; a check is made when any host actually tries. */
+ /* Advertise ATRN/ETRN/VRFY/EXPN if there's are ACL checking whether a
+ host is permitted to issue them; a check is made when any host actually
+ tries. */
+ GET_OPTION("acl_smtp_atrn");
+ if (acl_smtp_atrn)
+ {
+ const uschar * s = expand_cstring(acl_smtp_atrn);
+ if (s && *s)
+ {
+ g = string_catn(g, smtp_code, 3);
+ g = string_catn(g, US"-ATRN\r\n", 7);
+ }
+ }
+ GET_OPTION("acl_smtp_etrn");
if (acl_smtp_etrn)
{
g = string_catn(g, smtp_code, 3);
g = string_catn(g, US"-ETRN\r\n", 7);
}
+ GET_OPTION("acl_smtp_vrfy");
if (acl_smtp_vrfy)
{
g = string_catn(g, smtp_code, 3);
g = string_catn(g, US"-VRFY\r\n", 7);
}
+ GET_OPTION("acl_smtp_expn");
if (acl_smtp_expn)
{
g = string_catn(g, smtp_code, 3);
)
{
BOOL first = TRUE;
- for (auth_instance * au = auths; au; au = au->next)
+ for (auth_instance * au = auths; au; au = au->drinst.next)
{
au->advertised = FALSE;
if (au->server)
{
DEBUG(D_auth+D_expand) debug_printf_indent(
"Evaluating advertise_condition for %s %s athenticator\n",
- au->name, au->public_name);
+ au->drinst.name, au->public_name);
if ( !au->advertise_condition
- || expand_check_condition(au->advertise_condition, au->name,
- US"authenticator")
+ || expand_check_condition(au->advertise_condition,
+ au->drinst.name, US"authenticator")
)
{
int saveptr;
chunking_state = CHUNKING_OFFERED;
}
+#ifndef DISABLE_TLS
/* Advertise TLS (Transport Level Security) aka SSL (Secure Socket Layer)
if it has been included in the binary, and the host matches
tls_advertise_hosts. We must *not* advertise if we are already in a
secure connection. */
-#ifndef DISABLE_TLS
if (tls_in.active.sock < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
{
fl.smtputf8_advertised = TRUE;
}
#endif
+#ifndef DISABLE_WELLKNOWN
+ if (verify_check_host(&wellknown_advertise_hosts) != FAIL)
+ {
+ g = string_catn(g, smtp_code, 3);
+ g = string_catn(g, US"-WELLKNOWN\r\n", 12);
+ }
+#endif
/* Finish off the multiline reply with one that is always available. */
toomany = FALSE;
break; /* HELO/EHLO */
+#ifndef DISABLE_WELLKNOWN
+ case WELLKNOWN_CMD:
+ HAD(SCH_WELLKNOWN);
+ smtp_mailcmd_count++;
+ smtp_wellknown_handler();
+ break;
+#endif
+
#ifdef EXPERIMENTAL_XCLIENT
case XCLIENT_CMD:
{
done = synprot_error(L_smtp_syntax_error, resp, NULL, errmsg);
else
{
- smtp_printf("%d %s\r\n", FALSE, resp, errmsg);
+ smtp_printf("%d %s\r\n", SP_NO_MORE, resp, errmsg);
log_write(0, LOG_MAIN|LOG_REJECT, "rejected XCLIENT from %s: %s",
host_and_ident(FALSE), errmsg);
}
We require that we do; the following HELO/EHLO handling will set
sender_helo_name as normal. */
- smtp_printf("%s XCLIENT success\r\n", FALSE, smtp_code);
+ smtp_printf("%s XCLIENT success\r\n", SP_NO_MORE, smtp_code);
}
break; /* XCLIENT */
}
if ( fl.helo_verify_required
|| verify_check_host(&hosts_require_helo) == OK)
{
- smtp_printf("503 HELO or EHLO required\r\n", FALSE);
log_write(0, LOG_MAIN|LOG_REJECT, "rejected MAIL from %s: no "
"HELO/EHLO given", host_and_ident(FALSE));
+ done = synprot_error(L_smtp_protocol_error, 503, NULL,
+ US"HELO or EHLO required");
break;
}
else if (smtp_mailcmd_max < 0)
if (smtp_mailcmd_max > 0 && smtp_mailcmd_count > smtp_mailcmd_max)
{
- smtp_printf("421 too many messages in this connection\r\n", FALSE);
+ smtp_printf("421 too many messages in this connection\r\n", SP_NO_MORE);
log_write(0, LOG_MAIN|LOG_REJECT, "rejected MAIL command %s: too many "
"messages in one connection", host_and_ident(TRUE));
break;
int rc;
uschar *ignore_msg;
- if (auth_xtextdecode(value, &authenticated_sender) < 0)
+ if (xtextdecode(value, &authenticated_sender) < 0)
{
/* Put back terminator overrides for error message */
value[-1] = '=';
US"invalid data for AUTH");
goto COMMAND_LOOP;
}
+ GET_OPTION("acl_smtp_mailauth");
if (!acl_smtp_mailauth)
{
ignore_msg = US"client not authenticated";
if (authenticated_by == NULL ||
authenticated_by->mail_auth_condition == NULL ||
expand_check_condition(authenticated_by->mail_auth_condition,
- authenticated_by->name, US"authenticator"))
+ authenticated_by->drinst.name, US"authenticator"))
break; /* Accept the AUTH */
ignore_msg = US"server_mail_auth_condition failed";
if (thismessage_size_limit > 0 && message_size > thismessage_size_limit)
{
- smtp_printf("552 Message size exceeds maximum permitted\r\n", FALSE);
+ smtp_printf("552 Message size exceeds maximum permitted\r\n", SP_NO_MORE);
log_write(L_size_reject,
LOG_MAIN|LOG_REJECT, "rejected MAIL FROM:<%s> %s: "
"message too big: size%s=%d max=%d",
smtp_check_spool_space && message_size >= 0
? message_size + 5000 : 0))
{
- smtp_printf("452 Space shortage, please try later\r\n", FALSE);
+ smtp_printf("452 Space shortage, please try later\r\n", SP_NO_MORE);
sender_address = NULL;
break;
}
}
else
{
- smtp_printf("501 %s: sender address must contain a domain\r\n", FALSE,
+ smtp_printf("501 %s: sender address must contain a domain\r\n", SP_NO_MORE,
smtp_cmd_data);
log_write(L_smtp_syntax_error,
LOG_MAIN|LOG_REJECT,
when pipelining is not advertised, do another sync check in case the ACL
delayed and the client started sending in the meantime. */
+ GET_OPTION("acl_smtp_mail");
if (acl_smtp_mail)
{
rc = acl_check(ACL_WHERE_MAIL, NULL, acl_smtp_mail, &user_msg, &log_msg);
{
if (f.smtp_in_pipelining_advertised && last_was_rej_mail)
{
- smtp_printf("503 sender not yet given\r\n", FALSE);
+ smtp_printf("503 sender not yet given\r\n", SP_NO_MORE);
was_rej_mail = TRUE;
}
else
/* Check maximum allowed */
- if (rcpt_count+1 < 0 || rcpt_count > recipients_max && recipients_max > 0)
+ if ( rcpt_count+1 < 0
+ || rcpt_count > recipients_max_expanded && recipients_max_expanded > 0)
{
if (recipients_max_reject)
{
rcpt_fail_count++;
- smtp_printf("552 too many recipients\r\n", FALSE);
+ smtp_printf("552 too many recipients\r\n", SP_NO_MORE);
if (!toomany)
log_write(0, LOG_MAIN|LOG_REJECT, "too many recipients: message "
"rejected: sender=<%s> %s", sender_address, host_and_ident(TRUE));
else
{
rcpt_defer_count++;
- smtp_printf("452 too many recipients\r\n", FALSE);
+ smtp_printf("452 too many recipients\r\n", SP_NO_MORE);
if (!toomany)
log_write(0, LOG_MAIN|LOG_REJECT, "too many recipients: excess "
"temporarily rejected: sender=<%s> %s", sender_address,
if (f.recipients_discarded)
rc = DISCARD;
else
+ {
+ GET_OPTION("acl_smtp_rcpt");
if ( (rc = acl_check(ACL_WHERE_RCPT, recipient, acl_smtp_rcpt, &user_msg,
&log_msg)) == OK
&& !f.smtp_in_pipelining_advertised && !check_sync())
goto SYNC_FAILURE;
+ }
/* The ACL was happy */
if (user_msg)
smtp_user_msg(US"250", user_msg);
else
- smtp_printf("250 Accepted\r\n", FALSE);
+ smtp_printf("250 Accepted\r\n", SP_NO_MORE);
rcpt_fail_count++;
discarded = TRUE;
log_write(0, LOG_MAIN|LOG_REJECT, "%s F=<%s> RCPT %s: "
{
uschar *code = US"503";
int len = Ustrlen(rcpt_smtp_response);
- smtp_respond(code, 3, FALSE, US"All RCPT commands were rejected with "
+ smtp_respond(code, 3, SR_NOT_FINAL, US"All RCPT commands were rejected with "
"this error:");
/* Responses from smtp_printf() will have \r\n on the end */
if (len > 2 && rcpt_smtp_response[len-2] == '\r')
rcpt_smtp_response[len-2] = 0;
- smtp_respond(code, 3, FALSE, rcpt_smtp_response);
+ smtp_respond(code, 3, SR_NOT_FINAL, rcpt_smtp_response);
}
if (f.smtp_in_pipelining_advertised && last_was_rcpt)
- smtp_printf("503 Valid RCPT command must precede %s\r\n", FALSE,
+ smtp_printf("503 Valid RCPT command must precede %s\r\n", SP_NO_MORE,
smtp_names[smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)]]);
else
done = synprot_error(L_smtp_protocol_error, 503, NULL,
{
sender_address = NULL; /* This will allow a new MAIL without RSET */
sender_address_unrewritten = NULL;
- smtp_printf("554 Too many recipients\r\n", FALSE);
+ smtp_printf("554 Too many recipients\r\n", SP_NO_MORE);
if (chunking_state > CHUNKING_OFFERED)
{
}
if (chunking_state > CHUNKING_OFFERED)
- rc = OK; /* No predata ACL or go-ahead output for BDAT */
+ rc = OK; /* There is no predata ACL or go-ahead output for BDAT */
else
{
- /* If there is an ACL, re-check the synchronization afterwards, since the
- ACL may have delayed. To handle cutthrough delivery enforce a dummy call
- to get the DATA command sent. */
+ /* If there is a predata-ACL, re-check the synchronization afterwards,
+ since the ACL may have delayed. To handle cutthrough delivery enforce a
+ dummy call to get the DATA command sent. */
+ GET_OPTION("acl_smtp_predata");
if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
rc = OK;
else
smtp_user_msg(US"354", user_msg);
else
smtp_printf(
- "354 Enter message, ending with \".\" on a line by itself\r\n", FALSE);
+ "354 Enter message, ending with \".\" on a line by itself\r\n", SP_NO_MORE);
}
if (f.bdat_readers_wanted)
if (!(address = parse_extract_address(smtp_cmd_data, &errmess,
&start, &end, &recipient_domain, FALSE)))
{
- smtp_printf("501 %s\r\n", FALSE, errmess);
+ smtp_printf("501 %s\r\n", SP_NO_MORE, errmess);
break;
}
US"verify")))
break;
+ GET_OPTION("acl_smtp_vrfy");
if ((rc = acl_check(ACL_WHERE_VRFY, address, acl_smtp_vrfy,
&user_msg, &log_msg)) != OK)
done = smtp_handle_acl_fail(ACL_WHERE_VRFY, rc, user_msg, log_msg);
break;
}
- smtp_printf("%s\r\n", FALSE, s);
+ smtp_printf("%s\r\n", SP_NO_MORE, s);
}
break;
}
case EXPN_CMD:
HAD(SCH_EXPN);
+ GET_OPTION("acl_smtp_expn");
rc = acl_check(ACL_WHERE_EXPN, NULL, acl_smtp_expn, &user_msg, &log_msg);
if (rc != OK)
done = smtp_handle_acl_fail(ACL_WHERE_EXPN, rc, user_msg, log_msg);
/* Apply an ACL check if one is defined */
+ GET_OPTION("acl_smtp_starttls");
if ( acl_smtp_starttls
&& (rc = acl_check(ACL_WHERE_STARTTLS, NULL, acl_smtp_starttls,
&user_msg, &log_msg)) != OK
if (rc == DEFER)
{
- smtp_printf("454 TLS currently unavailable\r\n", FALSE);
+ smtp_printf("454 TLS currently unavailable\r\n", SP_NO_MORE);
break;
}
case QUIT_CMD:
f.smtp_in_quit = TRUE;
user_msg = NULL;
+ GET_OPTION("acl_smtp_quit");
if ( acl_smtp_quit
&& ((rc = acl_check(ACL_WHERE_QUIT, NULL, acl_smtp_quit, &user_msg,
&log_msg)) == ERROR))
log_write(0, LOG_MAIN|LOG_PANIC, "ACL for QUIT returned ERROR: %s",
log_msg);
if (user_msg)
- smtp_respond(US"221", 3, TRUE, user_msg);
+ smtp_respond(US"221", 3, SR_FINAL, user_msg);
else
- smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
+ smtp_printf("221 %s closing connection\r\n", SP_NO_MORE, smtp_active_hostname);
log_close_event(US"by QUIT");
done = 2;
break;
default:
- smtp_printf("554 Security failure\r\n", FALSE);
+ smtp_printf("554 Security failure\r\n", SP_NO_MORE);
break;
}
tls_close(NULL, TLS_SHUTDOWN_NOWAIT);
case NOOP_CMD:
HAD(SCH_NOOP);
- smtp_printf("250 OK\r\n", FALSE);
+ smtp_printf("250 OK\r\n", SP_NO_MORE);
break;
case HELP_CMD:
HAD(SCH_HELP);
- smtp_printf("214-Commands supported:\r\n214", TRUE);
- smtp_printf(" AUTH", TRUE);
+ smtp_printf("214-Commands supported:\r\n214", SP_MORE);
+ smtp_printf(" AUTH", SP_MORE);
#ifndef DISABLE_TLS
if (tls_in.active.sock < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
- smtp_printf(" STARTTLS", TRUE);
+ smtp_printf(" STARTTLS", SP_MORE);
+#endif
+ smtp_printf(" HELO EHLO MAIL RCPT DATA BDAT", SP_MORE);
+ smtp_printf(" NOOP QUIT RSET HELP", SP_MORE);
+ if (acl_smtp_atrn) smtp_printf(" ATRN", SP_MORE);
+ if (acl_smtp_etrn) smtp_printf(" ETRN", SP_MORE);
+ if (acl_smtp_expn) smtp_printf(" EXPN", SP_MORE);
+ if (acl_smtp_vrfy) smtp_printf(" VRFY", SP_MORE);
+#ifndef DISABLE_WELLKNOWN
+ if (verify_check_host(&wellknown_advertise_hosts) != FAIL)
+ smtp_printf(" WELLKNOWN", SP_MORE);
#endif
- smtp_printf(" HELO EHLO MAIL RCPT DATA BDAT", TRUE);
- smtp_printf(" NOOP QUIT RSET HELP", TRUE);
- if (acl_smtp_etrn) smtp_printf(" ETRN", TRUE);
- if (acl_smtp_expn) smtp_printf(" EXPN", TRUE);
- if (acl_smtp_vrfy) smtp_printf(" VRFY", TRUE);
#ifdef EXPERIMENTAL_XCLIENT
if (proxy_session || verify_check_host(&hosts_xclient) != FAIL)
- smtp_printf(" XCLIENT", TRUE);
+ smtp_printf(" XCLIENT", SP_MORE);
#endif
- smtp_printf("\r\n", FALSE);
+ smtp_printf("\r\n", SP_NO_MORE);
break;
break;
+ case ATRN_CMD:
+ {
+ uschar * exp_acl = NULL;
+ const uschar * list;
+ int sep = 0;
+ gstring * g = NULL;
+ qrunner q = {0};
+
+ HAD(SCH_ATRN);
+ /*XXX could we used a cached value for "advertised"? */
+ GET_OPTION("acl_smtp_atrn");
+ if (acl_smtp_atrn
+ && (exp_acl = expand_string(acl_smtp_atrn)) && !*exp_acl)
+ exp_acl = NULL;
+ if (!exp_acl || !authenticated_id || sender_address)
+ {
+ done = synprot_error(L_smtp_protocol_error,
+ !exp_acl ? 502 : !authenticated_id ? 530 : 503,
+ NULL,
+ !exp_acl ? US"ATRN command used when not advertised"
+ : !authenticated_id ? US"ATRN is not permitted without authentication"
+ : US"ATRN is not permitted inside a transaction"
+ );
+ break;
+ }
+
+ log_write(L_etrn, LOG_MAIN, "ATRN '%s' received from %s",
+ smtp_cmd_argument, host_and_ident(FALSE));
+
+ if ( (rc = acl_check(ACL_WHERE_ATRN, NULL, exp_acl, &user_msg, &log_msg))
+ != OK)
+ {
+ done = smtp_handle_acl_fail(ACL_WHERE_ATRN, rc, user_msg, log_msg);
+ break;
+ }
+
+ /* want to do a qrun for the given domain(s), using the already open channel.
+ TODO: alternate named queue
+ TODO: docs
+
+ /* ACK the command, record the connection details
+ and turn the line around */
+
+ smtp_printf("250 ODMR server turning line around\r\n", SP_NO_MORE);
+ atrn_host = string_sprintf("[%s]:%d",
+ sender_host_address, sender_host_port);
+
+#ifndef DISABLE_TLS
+ if (tls_in.active.sock >= 0)
+ tls_turnaround(0, sender_host_address, sender_host_port);
+#endif
+ fflush(smtp_out);
+ force_fd(fileno(smtp_in), 0);
+ smtp_in = smtp_out = NULL;
+
+ /* Set up a onetime queue run, filtering for messages with the
+ given domains. Later filtering will leave out addresses for other domains
+ on these messages. */
+
+ continue_transport = US"ATRN-client";
+ continue_hostname = continue_host_address = sender_host_address;
+
+ q.next_tick = time(NULL);
+ q.run_max = 1;
+ q.queue_2stage = TRUE;
+
+ /* Convert the domainlist to a regex, as the existing queue-selection
+ facilities support that but not a list */
+
+ list = atrn_domains;
+ for (const uschar * ele; ele = string_nextinlist(&list, &sep, NULL, 0); )
+ g = string_append_listele(g, '|', ele);
+ deliver_selectstring = string_sprintf("@(%Y)", g);
+ f.deliver_selectstring_regex = TRUE;
+
+ single_queue_run(&q , NULL, NULL);
+ exim_exit(EXIT_SUCCESS);
+ }
+
case ETRN_CMD:
HAD(SCH_ETRN);
if (sender_address)
log_write(L_etrn, LOG_MAIN, "ETRN %s received from %s", smtp_cmd_argument,
host_and_ident(FALSE));
+ GET_OPTION("acl_smtp_etrn");
if ((rc = acl_check(ACL_WHERE_ETRN, NULL, acl_smtp_etrn,
&user_msg, &log_msg)) != OK)
{
since that is strictly the only kind of ETRN that can be implemented
according to the RFC. */
+ GET_OPTION("smtp_etrn_command");
if (smtp_etrn_command)
{
uschar *error;
BOOL rc;
etrn_command = smtp_etrn_command;
deliver_domain = smtp_cmd_data;
- rc = transport_set_up_command(&argv, smtp_etrn_command, TRUE, 0, NULL,
- FALSE, US"ETRN processing", &error);
+ rc = transport_set_up_command(&argv, smtp_etrn_command, TSUC_EXPAND_ARGS, 0, NULL,
+ US"ETRN processing", &error);
deliver_domain = NULL;
if (!rc)
{
log_write(0, LOG_MAIN|LOG_PANIC, "failed to set up ETRN command: %s",
error);
- smtp_printf("458 Internal failure\r\n", FALSE);
+ smtp_printf("458 Internal failure\r\n", SP_NO_MORE);
break;
}
}
debug_printf("ETRN command is: %s\n", etrn_command);
debug_printf("ETRN command execution skipped\n");
}
- if (user_msg == NULL) smtp_printf("250 OK\r\n", FALSE);
+ if (user_msg == NULL) smtp_printf("250 OK\r\n", SP_NO_MORE);
else smtp_user_msg(US"250", user_msg);
break;
}
if (smtp_etrn_serialize && !enq_start(etrn_serialize_key, 1))
{
- smtp_printf("458 Already processing %s\r\n", FALSE, smtp_cmd_data);
+ smtp_printf("458 Already processing %s\r\n", SP_NO_MORE, smtp_cmd_data);
break;
}
{
log_write(0, LOG_MAIN|LOG_PANIC, "fork of process for ETRN failed: %s",
strerror(errno));
- smtp_printf("458 Unable to fork process\r\n", FALSE);
+ smtp_printf("458 Unable to fork process\r\n", SP_NO_MORE);
if (smtp_etrn_serialize) enq_end(etrn_serialize_key);
}
else
if (!user_msg)
- smtp_printf("250 OK\r\n", FALSE);
+ smtp_printf("250 OK\r\n", SP_NO_MORE);
else
smtp_user_msg(US"250", user_msg);
done = synprot_error(L_smtp_syntax_error, 0, NULL, /* Just logs */
US"NUL character(s) present (shown as '?')");
smtp_printf("501 NUL characters are not allowed in SMTP commands\r\n",
- FALSE);
+ SP_NO_MORE);
break;
case BADSYN_CMD:
SYNC_FAILURE:
- if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE)
- smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1;
- c = smtp_inend - smtp_inptr;
- if (c > 150) c = 150; /* limit logged amount */
- smtp_inptr[c] = 0;
- incomplete_transaction_log(US"sync failure");
- log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error "
- "(next input sent too soon: pipelining was%s advertised): "
- "rejected \"%s\" %s next input=\"%s\"",
- f.smtp_in_pipelining_advertised ? "" : " not",
- smtp_cmd_buffer, host_and_ident(TRUE),
- string_printing(smtp_inptr));
- smtp_notquit_exit(US"synchronization-error", US"554",
- US"SMTP synchronization error");
- done = 1; /* Pretend eof - drops connection */
- break;
+ {
+ unsigned nchars = 150;
+ uschar * buf = receive_getbuf(&nchars); /* destructive read */
+ buf[nchars] = '\0';
+ incomplete_transaction_log(US"sync failure");
+ log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error "
+ "(next input sent too soon: pipelining was%s advertised): "
+ "rejected \"%s\" %s next input=\"%s\" (%u bytes)",
+ f.smtp_in_pipelining_advertised ? "" : " not",
+ smtp_cmd_buffer, host_and_ident(TRUE),
+ string_printing(buf), nchars);
+ smtp_notquit_exit(US"synchronization-error", US"554",
+ US"SMTP synchronization error");
+ done = 1; /* Pretend eof - drops connection */
+ break;
+ }
case TOO_MANY_NONMAIL_CMD:
s = smtp_cmd_buffer;
- while (*s != 0 && !isspace(*s)) s++;
+ Uskip_nonwhite(&s);
incomplete_transaction_log(US"too many non-mail commands");
log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
"nonmail commands (last was \"%.*s\")", host_and_ident(FALSE),
#ifdef SUPPORT_PROXY
case PROXY_FAIL_IGNORE_CMD:
- smtp_printf("503 Command refused, required Proxy negotiation failed\r\n", FALSE);
+ smtp_printf("503 Command refused, required Proxy negotiation failed\r\n", SP_NO_MORE);
break;
#endif
git://git.exim.org / exim.git / blobdiff