* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
*message = US string_sprintf("Remote host closed connection "
"in response to %s%s", pl, smtp_command);
}
-else *message = US string_sprintf("%s [%s]", host->name, host->address);
+else
+ *message = US string_sprintf("%s [%s]", host->name, host->address);
return FALSE;
}
if (errno == 0 && sx->buffer[0] == '4')
{
errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
- sx->first_addr->more_errno |=
+ sx->addrlist->more_errno |=
((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
}
return ERROR;
dns_answer tlsa_dnsa;
#endif
BOOL pass_message = FALSE;
-
uschar * message = NULL;
-int save_errno;
int yield = OK;
int rc;
if (sx->inblock.sock < 0)
{
uschar * msg = NULL;
- int save_errno = errno;
if (sx->verify)
{
- msg = strerror(errno);
+ msg = US strerror(errno);
HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
}
set_errno_nohost(sx->addrlist,
- save_errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : save_errno,
+ errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
sx->verify ? string_sprintf("could not connect: %s", msg)
: NULL,
DEFER, FALSE);
if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
{
- sx->send_quit = FALSE;
- save_errno = ERRNO_SMTPCLOSED;
- message = string_sprintf("Remote host closed connection "
- "in response to %s (EHLO response was: %s)",
- smtp_command, sx->buffer);
- goto FAILED;
+ errno = ERRNO_SMTPCLOSED;
+ goto EHLOHELO_FAILED;
}
Ustrncpy(sx->buffer, rsp, sizeof(sx->buffer)/2);
goto RESPONSE_FAILED;
)
{
Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
+ sx->buffer[sizeof(sx->buffer)-1] = '\0';
goto RESPONSE_FAILED;
}
}
TLS_NEGOTIATE:
{
address_item * addr;
- int rc = tls_client_start(sx->inblock.sock, sx->host, sx->addrlist, sx->tblock
+ uschar * errstr;
+ int rc = tls_client_start(sx->inblock.sock, sx->host, sx->addrlist, sx->tblock,
# ifdef EXPERIMENTAL_DANE
- , sx->dane ? &tlsa_dnsa : NULL
+ sx->dane ? &tlsa_dnsa : NULL,
# endif
- );
+ &errstr);
/* TLS negotiation failed; give an error. From outside, this function may
be called again to try in clear on a new connection, if the options permit
{
# ifdef EXPERIMENTAL_DANE
if (sx->dane) log_write(0, LOG_MAIN,
- "DANE attempt failed; no TLS connection to %s [%s]",
- sx->host->name, sx->host->address);
+ "DANE attempt failed; TLS connection to %s [%s]: %s",
+ sx->host->name, sx->host->address, errstr);
# endif
- save_errno = ERRNO_TLSFAILURE;
- message = US"failure while setting up TLS session";
+ errno = ERRNO_TLSFAILURE;
+ message = string_sprintf("TLS session: %s", errstr);
sx->send_quit = FALSE;
goto TLS_FAILED;
}
|| verify_check_given_host(&sx->ob->hosts_require_tls, sx->host) == OK
)
{
- save_errno = ERRNO_TLSREQUIRED;
+ errno = ERRNO_TLSREQUIRED;
message = string_sprintf("a TLS session is required, but %s",
smtp_peer_options & PEER_OFFERED_TLS
? "an attempt to start TLS failed" : "the server did not offer TLS support");
{
int code;
- uschar * set_message;
RESPONSE_FAILED:
- {
- save_errno = errno;
message = NULL;
- sx->send_quit = check_response(sx->host, &save_errno, sx->addrlist->more_errno,
+ sx->send_quit = check_response(sx->host, &errno, sx->addrlist->more_errno,
sx->buffer, &code, &message, &pass_message);
goto FAILED;
- }
SEND_FAILED:
- {
- save_errno = errno;
code = '4';
message = US string_sprintf("send() to %s [%s] failed: %s",
- sx->host->name, sx->host->address, strerror(save_errno));
+ sx->host->name, sx->host->address, strerror(errno));
sx->send_quit = FALSE;
goto FAILED;
- }
/* This label is jumped to directly when a TLS negotiation has failed,
or was not done for a host for which it is required. Values will be set
- in message and save_errno, and setting_up will always be true. Treat as
+ in message and errno, and setting_up will always be true. Treat as
a temporary error. */
+ EHLOHELO_FAILED:
+ code = '4';
+ message = string_sprintf("Remote host closed connection in response to %s"
+ " (EHLO response was: %s)", smtp_command, sx->buffer);
+ sx->send_quit = FALSE;
+ goto FAILED;
+
#ifdef SUPPORT_TLS
TLS_FAILED:
- code = '4';
+ code = '4';
+ goto FAILED;
#endif
/* The failure happened while setting up the call; see if the failure was
whatever), defer all addresses, and yield DEFER, so that the host is not
tried again for a while. */
- FAILED:
+FAILED:
sx->ok = FALSE; /* For when reached by GOTO */
- set_message = message;
yield = code == '5'
#ifdef SUPPORT_I18N
#endif
? FAIL : DEFER;
- set_errno(sx->addrlist, save_errno, set_message, yield, pass_message, sx->host
+ set_errno(sx->addrlist, errno, message, yield, pass_message, sx->host
#ifdef EXPERIMENTAL_DSN_INFO
, sx->smtp_greeting, sx->helo_response
#endif
specified in the transports, and therefore not visible at top level, in which
case continue_more won't get set. */
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
if (sx->send_quit)
{
shutdown(sx->outblock.sock, SHUT_WR);
transport_count = 0;
#ifndef DISABLE_DKIM
- sx.ok = dkim_transport_write_message(sx.inblock.sock, &tctx, &sx.ob->dkim);
+ sx.ok = dkim_transport_write_message(sx.inblock.sock, &tctx, &sx.ob->dkim,
+ CUSS &message);
#else
sx.ok = transport_write_message(sx.inblock.sock, &tctx, 0);
#endif
Or, when CHUNKING, it can be a protocol-detected failure. */
if (!sx.ok)
- goto RESPONSE_FAILED;
+ if (message) goto SEND_FAILED;
+ else goto RESPONSE_FAILED;
/* We used to send the terminating "." explicitly here, but because of
buffering effects at both ends of TCP/IP connections, you don't gain
{
save_errno = errno;
code = '4';
- message = US string_sprintf("send() to %s [%s] failed: %s",
- host->name, host->address, strerror(save_errno));
+ message = string_sprintf("send() to %s [%s] failed: %s",
+ host->name, host->address, message ? message : strerror(save_errno));
sx.send_quit = FALSE;
goto FAILED;
}
if (! (sx.ok = smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0))
{
msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
- host->address, strerror(save_errno));
+ host->address, strerror(errno));
sx.send_quit = FALSE;
}
else if (! (sx.ok = smtp_read_response(&sx.inblock, sx.buffer,
specified in the transports, and therefore not visible at top level, in which
case continue_more won't get set. */
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
if (sx.send_quit)
{
shutdown(sx.outblock.sock, SHUT_WR);
commonly points to a configuration error, but the best action is still
to carry on for the next host. */
- if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
+ if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
{
retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
expired = FALSE;
{
if (addr->transport_return != DEFER) continue;
addr->basic_errno = ERRNO_UNKNOWNHOST;
- addr->message =
- string_sprintf("failed to lookup IP address for %s", host->name);
+ addr->message = string_sprintf(
+ rc == HOST_FIND_SECURITY
+ ? "lookup of IP address for %s was insecure"
+ : "failed to lookup IP address for %s",
+ host->name);
}
continue;
}
{
case hwhy_retry: hosts_retry++; break;
case hwhy_failed: hosts_fail++; break;
+ case hwhy_insecure:
case hwhy_deferred: hosts_defer++; break;
}
&& verify_check_given_host(&ob->hosts_require_tls, host) != OK
)
{
- log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
- "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
+ log_write(0, LOG_MAIN,
+ "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
+ first_addr->message, host->name, host->address);
first_addr = prepare_addresses(addrlist, host);
rc = smtp_deliver(addrlist, thost, host_af, port, interface, tblock,
&message_defer, TRUE);
git://git.exim.org / exim.git / blobdiff