Logging: TLSA lookups should honor slow_lookup_log

[exim.git] / src / src / transports / smtp.c

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index fd550efff32b7f073a4e8f162d88de7f1a56a69b..9f86033231d093f5a750f6bf0d05eb8836a38570 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -281,7 +281,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .gethostbyname =             FALSE,
   .dns_qualify_single =                TRUE,
   .dns_search_parents =                FALSE,
-  .dnssec = { .request=NULL, .require=NULL },
+  .dnssec = { .request= US"*", .require=NULL },
   .delay_after_cutoff =                TRUE,
   .hosts_override =            FALSE,
   .hosts_randomize =           FALSE,
@@ -1613,77 +1613,6 @@ return FALSE;
 
 
 
-#ifdef SUPPORT_DANE
-/* Lookup TLSA record for host/port.
-Return:  OK            success with dnssec; DANE mode
-         DEFER         Do not use this host now, may retry later
-        FAIL_FORCED    No TLSA record; DANE not usable
-        FAIL           Do not use this connection
-*/
-
-int
-tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
-{
-/* move this out to host.c given the similarity to dns_lookup() ? */
-uschar buffer[300];
-const uschar * fullname = buffer;
-int rc;
-BOOL sec;
-
-/* TLSA lookup string */
-(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
-
-rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
-sec = dns_is_secure(dnsa);
-DEBUG(D_transport)
-  debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
-
-switch (rc)
-  {
-  case DNS_AGAIN:
-    return DEFER; /* just defer this TLS'd conn */
-
-  case DNS_SUCCEED:
-    if (sec)
-      {
-      DEBUG(D_transport)
-       {
-       dns_scan dnss;
-       for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
-            rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
-         if (rr->type == T_TLSA && rr->size > 3)
-           {
-           uint16_t payload_length = rr->size - 3;
-           uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
-
-           sp += sprintf(CS sp, "%d ", *p++); /* usage */
-           sp += sprintf(CS sp, "%d ", *p++); /* selector */
-           sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
-           while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
-             sp += sprintf(CS sp, "%02x", *p++);
-
-           debug_printf(" %s\n", s);
-           }
-       }
-      return OK;
-      }
-    log_write(0, LOG_MAIN,
-      "DANE error: TLSA lookup for %s not DNSSEC", host->name);
-    /*FALLTRHOUGH*/
-
-  case DNS_NODATA:     /* no TLSA RR for this lookup */
-  case DNS_NOMATCH:    /* no records at all for this lookup */
-    return dane_required ? FAIL : FAIL_FORCED;
-
-  default:
-  case DNS_FAIL:
-    return dane_required ? FAIL : DEFER;
-  }
-}
-#endif
-
-
-
 typedef struct smtp_compare_s
 {
     uschar                          *current_sender_address;
@@ -3642,7 +3571,8 @@ for handling the SMTP dot-handling protocol, flagging to apply to headers as
 well as body. Set the appropriate timeout value to be used for each chunk.
 (Haven't been able to make it work using select() for writing yet.) */
 
-if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
+if (  !sx.ok
+   && (!(sx.peer_offered & OPTION_CHUNKING) || !pipelining_active))
   {
   /* Save the first address of the next batch. */
   sx.first_addr = sx.next_addr;
@@ -4285,7 +4215,7 @@ if (sx.completed_addr && sx.ok && sx.send_quit)
          /* Set up a pipe for proxying TLS for the new transport process */
 
          smtp_peer_options |= OPTION_TLS;
-         if (sx.ok = (socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
+         if ((sx.ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
            socket_fd = pfd[1];
          else
            set_errno(sx.first_addr, errno, US"internal allocation problem",