X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7d5055276a22a91de71104775ade236051cebefc..107077d7fd6736711bf5cd980221723401d37c51:/src/src/verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index afc18d553..d8ebf5925 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
-/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
+/* Copyright (c) University of Cambridge 1995 - 2023 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 
 /* Functions concerned with verifying things. The original code for callout
 caching was contributed by Kevin Fleming (but I hacked it around a bit). */
@@ -708,6 +709,30 @@ tls_retry_connection:
     if (yield != OK)
       {
       errno = addr->basic_errno;
+
+      /* For certain errors we want specifically to log the transport name,
+      for ease of fixing config errors. Slightly ugly doing it here, but we want
+      to not leak that also in the SMTP response. */
+      switch (errno)
+	{
+	case EPROTOTYPE:
+	case ENOPROTOOPT:
+	case EPROTONOSUPPORT:
+	case ESOCKTNOSUPPORT:
+	case EOPNOTSUPP:
+	case EPFNOSUPPORT:
+	case EAFNOSUPPORT:
+	case EADDRINUSE:
+	case EADDRNOTAVAIL:
+	case ENETDOWN:
+	case ENETUNREACH:
+	  log_write(0, LOG_MAIN|LOG_PANIC,
+	    "%s verify %s (making calloout connection): T=%s %s",
+	    options & vopt_is_recipient ? "sender" : "recipient",
+	    yield == FAIL ? "fail" : "defer",
+	    transport_name, strerror(errno));
+	}
+
       transport_name = NULL;
       deliver_host = deliver_host_address = NULL;
       deliver_domain = save_deliver_domain;
@@ -1055,6 +1080,8 @@ no_conn:
         HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
         }
 #ifndef DISABLE_DKIM
+      /* DKIM signing needs to add a header after seeing the whole body, so we cannot just copy
+      body bytes to the outbound as they are received, which is the intent of cutthrough. */
       if (ob->dkim.dkim_domain)
         {
         cutthrough.delivery= FALSE;
@@ -1326,7 +1353,13 @@ cutthrough_data_puts(US"\r\n", 2);
 }
 
 
-/* Get and check response from cutthrough target */
+/* Get and check response from cutthrough target.
+Used for
+- nonfirst RCPT
+- predata
+- data finaldot
+- cutthrough conn close
+*/
 static uschar
 cutthrough_response(client_conn_ctx * cctx, char expect, uschar ** copy, int timeout)
 {
@@ -1340,7 +1373,7 @@ sx.inblock.ptr = inbuffer;
 sx.inblock.ptrend = inbuffer;
 sx.inblock.cctx = cctx;
 if(!smtp_read_response(&sx, responsebuffer, sizeof(responsebuffer), expect, timeout))
-  cancel_cutthrough_connection(TRUE, US"target timeout on read");
+  cancel_cutthrough_connection(TRUE, US"unexpected response to smtp command");
 
 if(copy)
   {
@@ -2955,7 +2988,7 @@ dots). */
 for (t = ss; isdigit(*t) || *t == '.'; ) t++;
 if (!*t  || (*t == '/' && t != ss))
   {
-  *error = US"malformed IPv4 address or address mask";
+  *error = string_sprintf("malformed IPv4 address or address mask: %.*s", (int)(t - ss), ss);
   return ERROR;
   }