X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/651946cbf8e3849687332049730e5fa23d42b4b7..744170d4d3602fb5e1ade465d8da86b479b92f33:/src/src/transports/smtp.c

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index dcff355e1..a31982223 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -163,23 +163,12 @@ void smtp_transport_closedown(transport_instance *tblock) {}
 /* Default private options block for the smtp transport. */
 
 smtp_transport_options_block smtp_transport_option_defaults = {
-  .hosts =			NULL,
-  .fallback_hosts =		NULL,
-  .hostlist =			NULL,
-  .fallback_hostlist =		NULL,
+  /* All non-mentioned elements 0/NULL/FALSE */
   .helo_data =			US"$primary_hostname",
-  .interface =			NULL,
-  .port =			NULL,
   .protocol =			US"smtp",
-  .dscp =			NULL,
-  .serialize_hosts =		NULL,
-  .hosts_try_auth =		NULL,
-  .hosts_require_auth =		NULL,
   .hosts_try_chunking =		US"*",
 #ifdef SUPPORT_DANE
   .hosts_try_dane =		US"*",
-  .hosts_require_dane =		NULL,
-  .dane_require_tls_ciphers =	NULL,
 #endif
   .hosts_try_fastopen =		US"*",
 #ifndef DISABLE_PRDR
@@ -187,19 +176,6 @@ smtp_transport_options_block smtp_transport_option_defaults = {
 #endif
 #ifndef DISABLE_OCSP
   .hosts_request_ocsp =		US"*",               /* hosts_request_ocsp (except under DANE; tls_client_start()) */
-  .hosts_require_ocsp =		NULL,
-#endif
-  .hosts_require_tls =		NULL,
-  .hosts_avoid_tls =		NULL,
-  .hosts_verify_avoid_tls =	NULL,
-  .hosts_avoid_pipelining =	NULL,
-#ifndef DISABLE_PIPE_CONNECT
-  .hosts_pipe_connect =		NULL,
-#endif
-  .hosts_avoid_esmtp =		NULL,
-#ifndef DISABLE_TLS
-  .hosts_nopass_tls =		NULL,
-  .hosts_noproxy_tls =		NULL,
 #endif
   .command_timeout =		5*60,
   .connect_timeout =		5*60,
@@ -210,35 +186,17 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .hosts_max_try_hardlimit =	50,
   .message_linelength_limit =	998,
   .address_retry_include_sender = TRUE,
-  .allow_localhost =		FALSE,
-  .authenticated_sender_force =	FALSE,
-  .gethostbyname =		FALSE,
   .dns_qualify_single =		TRUE,
-  .dns_search_parents =		FALSE,
   .dnssec = { .request= US"*", .require=NULL },
   .delay_after_cutoff =		TRUE,
-  .hosts_override =		FALSE,
-  .hosts_randomize =		FALSE,
   .keepalive =			TRUE,
-  .lmtp_ignore_quota =		FALSE,
-  .expand_retry_include_ip_address =	NULL,
   .retry_include_ip_address =	TRUE,
-#ifdef SUPPORT_SOCKS
-  .socks_proxy =		NULL,
-#endif
 #ifndef DISABLE_TLS
-  .tls_certificate =		NULL,
-  .tls_crl =			NULL,
-  .tls_privatekey =		NULL,
-  .tls_require_ciphers =	NULL,
-  .tls_sni =			NULL,
+# if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
   .tls_verify_certificates =	US"system",
+# endif
   .tls_dh_min_bits =		EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
   .tls_tempfail_tryclear =	TRUE,
-# ifndef DISABLE_TLS_RESUME
-  .tls_resumption_hosts =	NULL,
-# endif
-  .tls_verify_hosts =		NULL,
   .tls_try_verify_hosts =	US"*",
   .tls_verify_cert_hostnames =	US"*",
 #endif
@@ -247,24 +205,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
 #endif
 #ifndef DISABLE_DKIM
  .dkim =
-   {.dkim_domain =		NULL,
-    .dkim_identity =		NULL,
-    .dkim_private_key =		NULL,
-    .dkim_selector =		NULL,
-    .dkim_canon =		NULL,
-    .dkim_sign_headers =	NULL,
-    .dkim_strict =		NULL,
-    .dkim_hash =		US"sha256",
-    .dkim_timestamps =		NULL,
-    .dot_stuffed =		FALSE,
-    .force_bodyhash =		FALSE,
-# ifdef EXPERIMENTAL_ARC
-    .arc_signspec =		NULL,
-# endif
-    },
-# ifdef EXPERIMENTAL_ARC
-  .arc_sign =			NULL,
-# endif
+   { .dkim_hash =		US"sha256", },
 #endif
 };
 
@@ -1987,7 +1928,7 @@ if (sx->smtps)
 	    DEFER, FALSE, &sx->delivery_start);
   return ERROR;
   }
-#endif
+#else
 
 /* If we have a proxied TLS connection, check usability for this message */
 
@@ -1996,7 +1937,7 @@ if (continue_hostname && continue_proxy_cipher)
   int rc;
   const uschar * sni = US"";
 
-#ifdef SUPPORT_DANE
+# ifdef SUPPORT_DANE
   /* Check if the message will be DANE-verified; if so force its SNI */
 
   tls_out.dane_verified = FALSE;
@@ -2016,14 +1957,14 @@ if (continue_hostname && continue_proxy_cipher)
 			      string_sprintf("DANE error: tlsa lookup %s",
 				rc_to_string(rc)),
 			      rc, FALSE, &sx->delivery_start);
-# ifndef DISABLE_EVENT
+#  ifndef DISABLE_EVENT
 			    (void) event_raise(sx->conn_args.tblock->event_action,
 			      US"dane:fail", sx->dane_required
 				?  US"dane-required" : US"dnssec-invalid");
-# endif
+#  endif
 			    return rc;
       }
-#endif
+# endif
 
   /* If the SNI or the DANE status required for the new message differs from the
   existing conn drop the connection to force a new one. */
@@ -2033,7 +1974,7 @@ if (continue_hostname && continue_proxy_cipher)
       "<%s>: failed to expand transport's tls_sni value: %s",
       sx->addrlist->address, expand_string_message);
 
-#ifdef SUPPORT_DANE
+# ifdef SUPPORT_DANE
   if (  (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
      && continue_proxy_dane == sx->conn_args.dane)
     {
@@ -2041,10 +1982,10 @@ if (continue_hostname && continue_proxy_cipher)
     if ((tls_out.dane_verified = continue_proxy_dane))
       sx->conn_args.host->dnssec = DS_YES;
     }
-#else
+# else
   if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
     tls_out.sni = US sni;
-#endif
+# endif
   else
     {
     DEBUG(D_transport)
@@ -2060,7 +2001,7 @@ if (continue_hostname && continue_proxy_cipher)
 				back through reporting pipe. */
     }
   }
-
+#endif	/*!DISABLE_TLS*/
 
 /* Make a connection to the host if this isn't a continued delivery, and handle
 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled