X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/651946cbf8e3849687332049730e5fa23d42b4b7..6acb441b40bbcded2e85819c71a068db713e7ca6:/src/src/transports/smtp.c

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index dcff355e1..301d84c2e 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -43,7 +43,7 @@ optionlist smtp_transport_options[] = {
   { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
 # endif
   { "data_timeout",         opt_time,	   LOFF(data_timeout) },
-  { "delay_after_cutoff", opt_bool,	   LOFF(delay_after_cutoff) },
+  { "delay_after_cutoff",   opt_bool,	   LOFF(delay_after_cutoff) },
 #ifndef DISABLE_DKIM
   { "dkim_canon", opt_stringptr,	   LOFF(dkim.dkim_canon) },
   { "dkim_domain", opt_stringptr,	   LOFF(dkim.dkim_domain) },
@@ -163,23 +163,12 @@ void smtp_transport_closedown(transport_instance *tblock) {}
 /* Default private options block for the smtp transport. */
 
 smtp_transport_options_block smtp_transport_option_defaults = {
-  .hosts =			NULL,
-  .fallback_hosts =		NULL,
-  .hostlist =			NULL,
-  .fallback_hostlist =		NULL,
+  /* All non-mentioned elements 0/NULL/FALSE */
   .helo_data =			US"$primary_hostname",
-  .interface =			NULL,
-  .port =			NULL,
   .protocol =			US"smtp",
-  .dscp =			NULL,
-  .serialize_hosts =		NULL,
-  .hosts_try_auth =		NULL,
-  .hosts_require_auth =		NULL,
   .hosts_try_chunking =		US"*",
 #ifdef SUPPORT_DANE
   .hosts_try_dane =		US"*",
-  .hosts_require_dane =		NULL,
-  .dane_require_tls_ciphers =	NULL,
 #endif
   .hosts_try_fastopen =		US"*",
 #ifndef DISABLE_PRDR
@@ -187,19 +176,6 @@ smtp_transport_options_block smtp_transport_option_defaults = {
 #endif
 #ifndef DISABLE_OCSP
   .hosts_request_ocsp =		US"*",               /* hosts_request_ocsp (except under DANE; tls_client_start()) */
-  .hosts_require_ocsp =		NULL,
-#endif
-  .hosts_require_tls =		NULL,
-  .hosts_avoid_tls =		NULL,
-  .hosts_verify_avoid_tls =	NULL,
-  .hosts_avoid_pipelining =	NULL,
-#ifndef DISABLE_PIPE_CONNECT
-  .hosts_pipe_connect =		NULL,
-#endif
-  .hosts_avoid_esmtp =		NULL,
-#ifndef DISABLE_TLS
-  .hosts_nopass_tls =		NULL,
-  .hosts_noproxy_tls =		NULL,
 #endif
   .command_timeout =		5*60,
   .connect_timeout =		5*60,
@@ -210,35 +186,17 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .hosts_max_try_hardlimit =	50,
   .message_linelength_limit =	998,
   .address_retry_include_sender = TRUE,
-  .allow_localhost =		FALSE,
-  .authenticated_sender_force =	FALSE,
-  .gethostbyname =		FALSE,
   .dns_qualify_single =		TRUE,
-  .dns_search_parents =		FALSE,
   .dnssec = { .request= US"*", .require=NULL },
   .delay_after_cutoff =		TRUE,
-  .hosts_override =		FALSE,
-  .hosts_randomize =		FALSE,
   .keepalive =			TRUE,
-  .lmtp_ignore_quota =		FALSE,
-  .expand_retry_include_ip_address =	NULL,
   .retry_include_ip_address =	TRUE,
-#ifdef SUPPORT_SOCKS
-  .socks_proxy =		NULL,
-#endif
 #ifndef DISABLE_TLS
-  .tls_certificate =		NULL,
-  .tls_crl =			NULL,
-  .tls_privatekey =		NULL,
-  .tls_require_ciphers =	NULL,
-  .tls_sni =			NULL,
+# if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
   .tls_verify_certificates =	US"system",
+# endif
   .tls_dh_min_bits =		EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
   .tls_tempfail_tryclear =	TRUE,
-# ifndef DISABLE_TLS_RESUME
-  .tls_resumption_hosts =	NULL,
-# endif
-  .tls_verify_hosts =		NULL,
   .tls_try_verify_hosts =	US"*",
   .tls_verify_cert_hostnames =	US"*",
 #endif
@@ -247,24 +205,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
 #endif
 #ifndef DISABLE_DKIM
  .dkim =
-   {.dkim_domain =		NULL,
-    .dkim_identity =		NULL,
-    .dkim_private_key =		NULL,
-    .dkim_selector =		NULL,
-    .dkim_canon =		NULL,
-    .dkim_sign_headers =	NULL,
-    .dkim_strict =		NULL,
-    .dkim_hash =		US"sha256",
-    .dkim_timestamps =		NULL,
-    .dot_stuffed =		FALSE,
-    .force_bodyhash =		FALSE,
-# ifdef EXPERIMENTAL_ARC
-    .arc_signspec =		NULL,
-# endif
-    },
-# ifdef EXPERIMENTAL_ARC
-  .arc_sign =			NULL,
-# endif
+   { .dkim_hash =		US"sha256", },
 #endif
 };
 
@@ -864,7 +805,7 @@ else
   uschar * ehlo_resp_key = ehlo_cache_key(sx);
   dbdata_ehlo_resp * er;
 
-  if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
+  if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
     { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
   else if (time(NULL) - er->time_stamp > retry_data_expire)
     {
@@ -1987,7 +1928,7 @@ if (sx->smtps)
 	    DEFER, FALSE, &sx->delivery_start);
   return ERROR;
   }
-#endif
+#else
 
 /* If we have a proxied TLS connection, check usability for this message */
 
@@ -1996,7 +1937,7 @@ if (continue_hostname && continue_proxy_cipher)
   int rc;
   const uschar * sni = US"";
 
-#ifdef SUPPORT_DANE
+# ifdef SUPPORT_DANE
   /* Check if the message will be DANE-verified; if so force its SNI */
 
   tls_out.dane_verified = FALSE;
@@ -2016,14 +1957,14 @@ if (continue_hostname && continue_proxy_cipher)
 			      string_sprintf("DANE error: tlsa lookup %s",
 				rc_to_string(rc)),
 			      rc, FALSE, &sx->delivery_start);
-# ifndef DISABLE_EVENT
+#  ifndef DISABLE_EVENT
 			    (void) event_raise(sx->conn_args.tblock->event_action,
 			      US"dane:fail", sx->dane_required
 				?  US"dane-required" : US"dnssec-invalid");
-# endif
+#  endif
 			    return rc;
       }
-#endif
+# endif
 
   /* If the SNI or the DANE status required for the new message differs from the
   existing conn drop the connection to force a new one. */
@@ -2033,7 +1974,7 @@ if (continue_hostname && continue_proxy_cipher)
       "<%s>: failed to expand transport's tls_sni value: %s",
       sx->addrlist->address, expand_string_message);
 
-#ifdef SUPPORT_DANE
+# ifdef SUPPORT_DANE
   if (  (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
      && continue_proxy_dane == sx->conn_args.dane)
     {
@@ -2041,10 +1982,10 @@ if (continue_hostname && continue_proxy_cipher)
     if ((tls_out.dane_verified = continue_proxy_dane))
       sx->conn_args.host->dnssec = DS_YES;
     }
-#else
+# else
   if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
     tls_out.sni = US sni;
-#endif
+# endif
   else
     {
     DEBUG(D_transport)
@@ -2060,7 +2001,7 @@ if (continue_hostname && continue_proxy_cipher)
 				back through reporting pipe. */
     }
   }
-
+#endif	/*!DISABLE_TLS*/
 
 /* Make a connection to the host if this isn't a continued delivery, and handle
 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
@@ -4193,8 +4134,15 @@ if (!sx->ok)
 
         *message_defer = TRUE;
         }
+#ifdef TIOCOUTQ
+      DEBUG(D_transport) if (sx->cctx.sock >= 0)
+	{
+	int n;
+	if (ioctl(sx->cctx.sock, TIOCOUTQ, &n) == 0)
+	  debug_printf("%d bytes remain in socket output buffer\n", n);
+	}
+#endif
       }
-
     /* Otherwise, we have an I/O error or a timeout other than after MAIL or
     ".", or some other transportation error. We defer all addresses and yield
     DEFER, except for the case of failed add_headers expansion, or a transport
@@ -4445,10 +4393,13 @@ This change is being made on 31-Jul-98. After over a year of trouble-free
 operation, the old commented-out code was removed on 17-Sep-99. */
 
 SEND_QUIT:
-#ifdef TCP_CORK
-(void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_CORK, US &on, sizeof(on));
+if (sx->send_quit)
+  {
+#ifdef EXIM_TCP_CORK
+  (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
 #endif
-if (sx->send_quit) (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
+  (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
+  }
 
 END_OFF: