*/
static void
-incomplete_transaction_log(uschar *what)
+incomplete_transaction_log(uschar * what)
{
if (!sender_address /* No transaction in progress */
|| !LOGGING(smtp_incomplete_transaction))
+static void
+log_close_event(const uschar * reason)
+{
+log_write(L_smtp_connection, LOG_MAIN, "%s D=%s closed %s",
+ smtp_get_connection_info(), string_timesince(&smtp_connection_start), reason);
+}
+
void
smtp_command_timeout_exit(void)
{
log_write(L_lost_incoming_connection,
- LOG_MAIN, "SMTP command timeout on%s connection from %s",
- tls_in.active.sock >= 0 ? " TLS" : "", host_and_ident(FALSE));
+ LOG_MAIN, "SMTP command timeout on%s connection from %s D=%s",
+ tls_in.active.sock >= 0 ? " TLS" : "", host_and_ident(FALSE),
+ string_timesince(&smtp_connection_start));
if (smtp_batched_input)
moan_smtp_batch(NULL, "421 SMTP command timeout"); /* Does not return */
smtp_notquit_exit(US"command-timeout", US"421",
void
smtp_command_sigterm_exit(void)
{
-log_write(0, LOG_MAIN, "%s closed after SIGTERM", smtp_get_connection_info());
+log_close_event(US"after SIGTERM");
if (smtp_batched_input)
moan_smtp_batch(NULL, "421 SIGTERM received"); /* Does not return */
smtp_notquit_exit(US"signal-exit", US"421",
void
smtp_data_timeout_exit(void)
{
-log_write(L_lost_incoming_connection,
- LOG_MAIN, "SMTP data timeout (message abandoned) on connection from %s F=<%s>",
- sender_fullhost ? sender_fullhost : US"local process", sender_address);
+log_write(L_lost_incoming_connection, LOG_MAIN,
+ "SMTP data timeout (message abandoned) on connection from %s F=<%s> D=%s",
+ sender_fullhost ? sender_fullhost : US"local process", sender_address,
+ string_timesince(&smtp_connection_start));
receive_bomb_out(US"data-timeout", US"SMTP incoming data timeout");
/* Does not return */
}
void
smtp_data_sigint_exit(void)
{
-log_write(0, LOG_MAIN, "%s closed after %s",
- smtp_get_connection_info(), had_data_sigint == SIGTERM ? "SIGTERM":"SIGINT");
+log_close_event(had_data_sigint == SIGTERM ? US"SIGTERM":US"SIGINT");
receive_bomb_out(US"signal-exit",
US"Service not available - SIGTERM or SIGINT received");
/* Does not return */
return -1;
}
+
+static void
+proxy_debug(uschar * buf, unsigned start, unsigned end)
+{
+debug_printf("PROXY<<");
+while (start < end) debug_printf(" %02x", buf[start++]);
+debug_printf("\n");
+}
+
+
/*************************************************
* Setup host for proxy protocol *
*************************************************/
we have to do a minimum of 3 read calls, not 1. Eww.
*/
-#define PROXY_INITIAL_READ 14
-#define PROXY_V2_HEADER_SIZE 16
-#if PROXY_INITIAL_READ > PROXY_V2_HEADER_SIZE
-# error Code bug in sizes of data to read for proxy usage
-#endif
+# define PROXY_INITIAL_READ 14
+# define PROXY_V2_HEADER_SIZE 16
+# if PROXY_INITIAL_READ > PROXY_V2_HEADER_SIZE
+# error Code bug in sizes of data to read for proxy usage
+# endif
int get_ok = 0;
int size, ret;
"safe". Can't take it all because TLS-on-connect clients follow
immediately with TLS handshake. */
ret = read(fd, &hdr, PROXY_INITIAL_READ);
- }
- while (ret == -1 && errno == EINTR && !had_command_timeout);
+ } while (ret == -1 && errno == EINTR && !had_command_timeout);
if (ret == -1)
goto proxyfail;
+DEBUG(D_receive) proxy_debug(US &hdr, 0, ret);
/* For v2, handle reading the length, and then the rest. */
if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0))
int retmore;
uint8_t ver;
+ DEBUG(D_receive) debug_printf("v2\n");
+
/* First get the length fields. */
do
{
} while (retmore == -1 && errno == EINTR && !had_command_timeout);
if (retmore == -1)
goto proxyfail;
+ DEBUG(D_receive) proxy_debug(US &hdr, ret, ret + retmore);
+
ret += retmore;
ver = (hdr.v2.ver_cmd & 0xf0) >> 4;
} while (retmore == -1 && errno == EINTR && !had_command_timeout);
if (retmore == -1)
goto proxyfail;
+ DEBUG(D_receive) proxy_debug(US &hdr, ret, ret + retmore);
ret += retmore;
DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size);
} while (ret < size);
ALARM(0);
return;
}
-#endif
+#endif /*SUPPORT_PROXY*/
/*************************************************
* Read one command line *
if (!drop) return 0;
-log_write(L_smtp_connection, LOG_MAIN, "%s closed by DROP in ACL",
- smtp_get_connection_info());
+log_close_event(US"by DROP in ACL");
/* Run the not-quit ACL, but without any custom messages. This should not be a
problem, because we get here only if some other ACL has issued "drop", and
in that case, *its* custom messages will have been used above. */
smtp_notquit_exit(US"acl-drop", NULL, NULL);
+
+/* An overenthusiastic fail2ban/iptables implimentation has been seen to result
+in the TCP conn staying open, and retrying, despite this process exiting. A
+malicious client could possibly do the same, tying up server netowrking
+resources. Close the socket explicitly to try to avoid that (there's a note in
+the Linux socket(7) manpage, SO_LINGER para, to the effect that exim() without
+close() results in the socket always lingering). */
+
+(void) poll_one_fd(fileno(smtp_in), POLLIN, 200);
+DEBUG(D_any) debug_printf_indent("SMTP(close)>>\n");
+(void) fclose(smtp_in);
+(void) fclose(smtp_out);
+
return 2;
}
tls_close(NULL, TLS_SHUTDOWN_NOWAIT);
# endif
-log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT",
- smtp_get_connection_info());
+log_close_event(US"by QUIT");
#else
# ifndef DISABLE_TLS
tls_close(NULL, TLS_SHUTDOWN_WAIT);
# endif
-log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT",
- smtp_get_connection_info());
+log_close_event(US"by QUIT");
/* Pause, hoping client will FIN first so that they get the TIME_WAIT.
The socket should become readble (though with no data) */
while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
- log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF",
- smtp_get_connection_info());
+ log_close_event(US"by EOF");
smtp_notquit_exit(US"tls-failed", NULL, NULL);
done = 2;
break;
smtp_respond(US"221", 3, TRUE, user_msg);
else
smtp_printf("221 %s closing connection\r\n", FALSE, smtp_active_hostname);
- log_write(L_smtp_connection, LOG_MAIN, "%s closed by QUIT",
- smtp_get_connection_info());
+ log_close_event(US"by QUIT");
done = 2;
break;