them. Also, the tls_ variables are now always visible. */
typedef struct {
- int active; /* fd/socket when in a TLS session */
+ client_conn_ctx active; /* fd/socket when in a TLS session, and ptr to TLS context */
int bits; /* bits used in TLS session */
BOOL certificate_verified; /* Client certificate verified */
#ifdef SUPPORT_DANE
extern uschar *tls_ocsp_file; /* OCSP stapling proof file */
# endif
extern uschar *tls_privatekey; /* Private key file */
+# ifdef EXPERIMENTAL_REQUIRETLS
+extern uschar tls_requiretls; /* REQUIRETLS active for this message */
+extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */
+extern const pcre *regex_REQUIRETLS; /* for recognising the command */
+# endif
extern BOOL tls_remember_esmtp; /* For YAEB */
extern uschar *tls_require_ciphers; /* So some can be avoided */
extern uschar *tls_try_verify_hosts; /* Optional client verification */
extern uschar *authenticated_id; /* ID that was authenticated */
extern uschar *authenticated_sender; /* From AUTH on MAIL */
extern BOOL authentication_failed; /* TRUE if AUTH was tried and failed */
+extern BOOL authentication_local; /* TRUE if non-smtp (implicit authentication) */
extern uschar *auth_advertise_hosts; /* Only advertise to these */
extern auth_info auths_available[]; /* Vector of available auth mechanisms */
extern auth_instance *auths; /* Chain of instantiated auths */
unsigned delivery:1; /* When to attempt */
unsigned defer_pass:1; /* Pass 4xx to caller rather than spooling */
unsigned is_tls:1; /* Conn has TLS active */
- int fd; /* Open connection */
+ client_conn_ctx cctx; /* Open connection */
int nrcpt; /* Count of addresses */
uschar * transport; /* Name of transport */
uschar * interface; /* (address of) */
extern BOOL disable_logging; /* Disables log writing when TRUE */
#ifndef DISABLE_DKIM
-extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
+extern unsigned dkim_collect_input; /* Runtime count of dkim signtures; tracks wether SMTP input is fed to DKIM validation */
extern uschar *dkim_cur_signer; /* Expansion variable, holds the current "signer" domain or identity during a acl_smtp_dkim run */
extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
extern int dkim_key_length; /* Expansion variable, length of signing key in bits */
+extern void *dkim_signatures; /* Actually a (pdkim_signature *) but most files do not need to know */
extern uschar *dkim_signers; /* Expansion variable, holds colon-separated list of domains and identities that have signed a message */
extern uschar *dkim_signing_domain; /* Expansion variable, domain used for signing a message. */
extern uschar *dkim_signing_selector; /* Expansion variable, selector used for signing a message. */
#endif
#ifdef EXPERIMENTAL_DMARC
extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */
-extern uschar *dmarc_ar_header; /* Expansion variable, suggested header for dmarc auth results */
extern uschar *dmarc_domain_policy; /* Expansion for declared policy of used domain */
extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */
extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
extern int dns_csa_search_limit; /* How deep to search for CSA SRV records */
extern BOOL dns_csa_use_reverse; /* Check CSA in reverse DNS? (non-standard) */
+extern int dns_cname_loops; /* Follow CNAMEs returned by resolver to this depth */
extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */
#ifdef SUPPORT_DANE
extern int dns_dane_ok; /* Ok to use DANE when checking TLS authenticity */
extern uschar *spf_header_comment; /* spf header comment */
extern uschar *spf_received; /* Received-SPF: header */
extern uschar *spf_result; /* spf result in string form */
+extern BOOL spf_result_guessed; /* spf result is of best-guess operation */
extern uschar *spf_smtp_comment; /* spf comment to include in SMTP reply */
#endif
extern BOOL split_spool_directory; /* TRUE to use multiple subdirs */
+extern FILE *spool_data_file; /* handle for -D file */
extern uschar *spool_directory; /* Name of spool directory */
extern BOOL spool_file_wireformat; /* current -D file has CRLF rather than NL */
extern BOOL spool_wireformat; /* can write wireformat -D files */