Restrict lifetime of $router_name and $transport_name. Bug 308.

[exim.git] / src / src / deliver.c

diff --git a/src/src/deliver.c b/src/src/deliver.c
index c743fee338ee69b2539e0ecd7a147e1ec8475ed9..e2605ab2cf9453783bc1e50c3b26f5023d8f1126 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1871,6 +1871,9 @@ if ((pid = fork()) == 0)
     set_process_info("delivering %s to %s using %s", message_id,
      addr->local_part, addr->transport->name);
 
+    /* Setting this global in the subprocess means we need never clear it */
+    transport_name = addr->transport->name;
+
     /* If a transport filter has been specified, set up its argument list.
     Any errors will get put into the address, and FALSE yielded. */
 
@@ -2383,8 +2386,7 @@ while (addr_local != NULL)
                retry_record->expired;
 
           /* If we haven't reached the retry time, there is one more check
-          to do, which is for the ultimate address timeout. We also do this
-          check during routing so this one might be redundant... */
+          to do, which is for the ultimate address timeout. */
 
           if (!ok)
             ok = retry_ultimate_address_timeout(retry_key, addr2->domain,
@@ -3856,8 +3858,10 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
     int fd = pfd[pipe_write];
     host_item *h;
 
-    /* There are weird circumstances in which logging is disabled */
+    /* Setting this global in the subprocess means we need never clear it */
+    transport_name = tp->name;
 
+    /* There are weird circumstances in which logging is disabled */
     disable_logging = tp->disable_logging;
 
     /* Show pids on debug output if parallelism possible */
@@ -5622,8 +5626,16 @@ while (addr_new != NULL)           /* Loop until all addresses dealt with */
     not be remembered as one this message needs. However, there was a bug that
     used to cause this to  happen, so it is best to be on the safe side.
 
-    Even if we haven't reached the retry time in the hints, there is one
-    more check to do, which is for the ultimate address timeout. */
+    Even if we haven't reached the retry time in the hints, there is one more
+    check to do, which is for the ultimate address timeout. We only do this
+    check if there is an address retry record and there is not a domain retry
+    record; this implies that previous attempts to handle the address had the
+    retry_use_local_parts option turned on. We use this as an approximation
+    for the destination being like a local delivery, for example delivery over
+    LMTP to an IMAP message store. In this situation users are liable to bump
+    into their quota and thereby have intermittently successful deliveries,
+    which keep the retry record fresh, which can lead to us perpetually
+    deferring messages. */
 
     else if (((queue_running && !deliver_force) || continue_hostname != NULL)
             &&
@@ -5634,9 +5646,10 @@ while (addr_new != NULL)           /* Loop until all addresses dealt with */
             (address_retry_record != NULL &&
               now < address_retry_record->next_try))
             &&
-            !retry_ultimate_address_timeout(addr->address_retry_key,
-             addr->domain, address_retry_record, now)
-            )
+           (domain_retry_record != NULL ||
+            address_retry_record == NULL ||
+            !retry_ultimate_address_timeout(addr->address_retry_key,
+              addr->domain, address_retry_record, now)))
       {
       addr->message = US"retry time not reached";
       addr->basic_errno = ERRNO_RRETRY;