/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
#include "../exim.h"
#include "smtp.h"
sx->buffer, sizeof(sx->buffer));
sx->outblock.authenticating = FALSE;
driver_srcfile = authenticator_name = NULL; driver_srcline = 0;
-DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
+DEBUG(D_transport) debug_printf("%s authenticator yielded %s\n", au->name, rc_names[rc]);
/* A temporary authentication failure must hold up delivery to
this host. After a permanent authentication failure, we carry on
/* Failure after reading a response */
case FAIL:
+ {
+ uschar * logmsg = NULL;
+
if (errno != 0 || sx->buffer[0] != '5') return FAIL;
- log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
- au->name, host->name, host->address, sx->buffer);
+#ifndef DISABLE_EVENT
+ {
+ uschar * save_name = sender_host_authenticated;
+ sender_host_authenticated = au->name;
+ if ((logmsg = event_raise(sx->conn_args.tblock->event_action, US"auth:fail",
+ sx->buffer, NULL)))
+ log_write(0, LOG_MAIN, "%s", logmsg);
+ sender_host_authenticated = save_name;
+ }
+#endif
+ if (!logmsg)
+ log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
+ au->name, host->name, host->address, sx->buffer);
break;
+ }
/* Failure by some other means. In effect, the authenticator
decided it wasn't prepared to handle this case. Typically this
open, we must shut down TLS. Not all MTAs allow for the continuation
of the SMTP session when TLS is shut down. We test for this by sending
a new EHLO. If we don't get a good response, we don't attempt to pass
- the socket on. */
+ the socket on.
+ NB: TLS close is *required* per RFC 9266 when tls-exporter info has
+ been used, which we do under TLSv1.3 for the gsasl SCRAM*PLUS methods.
+ But we were always doing it anyway. */
tls_close(sx->cctx.tls_ctx,
sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
uschar *retry_message_key = NULL;
uschar *serialize_key = NULL;
+ /* Deal slightly better with a possible Linux kernel bug that results
+ in intermittent TFO-conn fails deep into the TCP flow. Bug 2907 tracks.
+ Hack: Clear TFO option for any further hosts on this tpt run. */
+
+ if (total_hosts_tried > 0)
+ {
+ DEBUG(D_transport|D_acl|D_v)
+ debug_printf("Clearing TFO as not first host for message\n");
+ ob->hosts_try_fastopen = US"";
+ }
+
/* Default next host is next host. :-) But this can vary if the
hosts_max_try limit is hit (see below). It may also be reset if a host
address is looked up here (in case the host was multihomed). */