X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/328c5688dbe0f4c14418f22350ccd99b3fe8ac71..5903c6ff59527362e869fedb565c56935ce8dd68:/src/src/verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 6a50af506..a9ec730d1 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -68,9 +68,7 @@ int length, expire;
 time_t now;
 dbdata_callout_cache *cache_record;
 
-cache_record = dbfn_read_with_length(dbm_file, key, &length);
-
-if (cache_record == NULL)
+if (!(cache_record = dbfn_read_with_length(dbm_file, key, &length)))
   {
   HDEBUG(D_verify) debug_printf("callout cache: no %s record found for %s\n", type, key);
   return NULL;
@@ -785,19 +783,26 @@ tls_retry_connection:
       postmaster-verify.
       The sync_responses() would need to be taught about it and we'd
       need another return code filtering out to here.
+
+      Avoid using a SIZE option on the MAIL for all randon-rcpt checks.
       */
 
+      sx.avoid_option = OPTION_SIZE;
+
       /* Remember when we last did a random test */
       new_domain_record.random_stamp = time(NULL);
 
       if (smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0)
 	switch(addr->transport_return)
 	  {
-	  case PENDING_OK:
+	  case PENDING_OK:	/* random was accepted, unfortunately */
 	    new_domain_record.random_result = ccache_accept;
-	    break;
-	  case FAIL:
+	    yield = OK;		/* Only usable verify result we can return */
+	    done = TRUE;
+	    goto no_conn;
+	  case FAIL:		/* rejected: the preferred result */
 	    new_domain_record.random_result = ccache_reject;
+	    sx.avoid_option = 0;
 
 	    /* Between each check, issue RSET, because some servers accept only
 	    one recipient after MAIL FROM:<>.
@@ -829,6 +834,8 @@ tls_retry_connection:
 	    sx.send_rset = TRUE;
 	    sx.completed_addr = FALSE;
 	    goto tls_retry_connection;
+	  case DEFER:		/* 4xx response to random */
+	    break;		/* Just to be clear. ccache_unknown, !done. */
 	  }
 
       /* Re-setup for main verify, or for the error message when failing */
@@ -842,12 +849,14 @@ tls_retry_connection:
     else
       done = TRUE;
 
-    /* Main verify. If the host is accepting all local parts, as determined
-    by the "random" check, we don't need to waste time doing any further
-    checking. */
+    /* Main verify.  For rcpt-verify use SIZE if we know it and we're not cacheing;
+    for sndr-verify never use it. */
 
     if (done)
       {
+      if (!(options & vopt_is_recipient  &&  options & vopt_callout_no_cache))
+	sx.avoid_option = OPTION_SIZE;
+
       done = FALSE;
       switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
 	{
@@ -856,12 +865,12 @@ tls_retry_connection:
 		    case PENDING_OK:  done = TRUE;
 				      new_address_record.result = ccache_accept;
 				      break;
-		    case FAIL:	      done = TRUE;
+		    case FAIL:	    done = TRUE;
 				      yield = FAIL;
 				      *failure_ptr = US"recipient";
 				      new_address_record.result = ccache_reject;
 				      break;
-		    default:	      break;
+		    default:	    break;
 		    }
 		  break;
 
@@ -914,6 +923,7 @@ tls_retry_connection:
 	sx.ok = FALSE;
 	sx.send_rset = TRUE;
 	sx.completed_addr = FALSE;
+	sx.avoid_option = OPTION_SIZE;
 
 	if(  smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0
 	  && addr->transport_return == PENDING_OK
@@ -983,7 +993,7 @@ no_conn:
 	if (*sx.buffer == 0) Ustrcpy(sx.buffer, US"connection dropped");
 
 	/*XXX test here is ugly; seem to have a split of responsibility for
-	building this message.  Need to reationalise.  Where is it done
+	building this message.  Need to rationalise.  Where is it done
 	before here, and when not?
 	Not == 5xx resp to MAIL on main-verify
 	*/
@@ -1177,7 +1187,7 @@ if(cutthrough.fd < 0)
 
 if(
 #ifdef SUPPORT_TLS
-   (tls_out.active == cutthrough.fd) ? tls_write(FALSE, ctblock.buffer, n) :
+   tls_out.active == cutthrough.fd ? tls_write(FALSE, ctblock.buffer, n, FALSE) :
 #endif
    send(cutthrough.fd, ctblock.buffer, n, 0) > 0
   )
@@ -1517,7 +1527,7 @@ va_list ap;
 
 va_start(ap, format);
 if (smtp_out && (f == smtp_out))
-  smtp_vprintf(format, ap);
+  smtp_vprintf(format, FALSE, ap);
 else
   vfprintf(f, format, ap);
 va_end(ap);
@@ -1779,16 +1789,16 @@ while (addr_new)
       transport. */
 
       transport_feedback tf = {
-        NULL,                       /* interface (=> any) */
-        US"smtp",                   /* port */
-        US"smtp",                   /* protocol */
-        NULL,                       /* hosts */
-        US"$smtp_active_hostname",  /* helo_data */
-        FALSE,                      /* hosts_override */
-        FALSE,                      /* hosts_randomize */
-        FALSE,                      /* gethostbyname */
-        TRUE,                       /* qualify_single */
-        FALSE                       /* search_parents */
+        .interface =		NULL,                       /* interface (=> any) */
+        .port =			US"smtp",
+        .protocol =		US"smtp",
+        .hosts =		NULL,
+        .helo_data =		US"$smtp_active_hostname",
+        .hosts_override =	FALSE,
+        .hosts_randomize =	FALSE,
+        .gethostbyname =	FALSE,
+        .qualify_single =	TRUE,
+        .search_parents =	FALSE
         };
 
       /* If verification yielded a remote transport, we want to use that