X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/83da1223921fe30362e8374951360dcc8f21c4e7..f7572e5a358cd3d9581140b87e590d58b6c278f0:/src/src/transports/smtp.c diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 887b1ff82..3c09c9181 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/transports/smtp.c,v 1.31 2007/01/18 15:35:43 ph10 Exp $ */ +/* $Cambridge: exim/src/src/transports/smtp.c,v 1.38 2007/09/28 12:21:57 tom Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -52,6 +52,20 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, dk_selector) }, { "dk_strict", opt_stringptr, (void *)offsetof(smtp_transport_options_block, dk_strict) }, +#endif +#ifdef EXPERIMENTAL_DKIM + { "dkim_canon", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_canon) }, + { "dkim_domain", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_domain) }, + { "dkim_private_key", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_private_key) }, + { "dkim_selector", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_selector) }, + { "dkim_sign_headers", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) }, + { "dkim_strict", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dkim_strict) }, #endif { "dns_qualify_single", opt_bool, (void *)offsetof(smtp_transport_options_block, dns_qualify_single) }, @@ -77,6 +91,8 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, hosts) }, { "hosts_avoid_esmtp", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) }, + { "hosts_avoid_pipelining", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) }, #ifdef SUPPORT_TLS { "hosts_avoid_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) }, @@ -160,6 +176,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* hosts_require_auth */ NULL, /* hosts_require_tls */ NULL, /* hosts_avoid_tls */ + NULL, /* hosts_avoid_pipelining */ NULL, /* hosts_avoid_esmtp */ NULL, /* hosts_nopass_tls */ 5*60, /* command_timeout */ @@ -200,6 +217,14 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* dk_selector */ NULL /* dk_strict */ #endif + #ifdef EXPERIMENTAL_DKIM + ,NULL, /* dkim_canon */ + NULL, /* dkim_domain */ + NULL, /* dkim_private_key */ + NULL, /* dkim_selector */ + NULL, /* dkim_sign_headers */ + NULL /* dkim_strict */ + #endif }; @@ -654,10 +679,16 @@ while (count-- > 0) addr->transport_return = PENDING_OK; /* If af_dr_retry_exists is set, there was a routing delay on this address; - ensure that any address-specific retry record is expunged. */ + ensure that any address-specific retry record is expunged. We do this both + for the basic key and for the version that also includes the sender. */ if (testflag(addr, af_dr_retry_exists)) + { + uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, + sender_address); + retry_add_item(addr, altkey, rf_delete); retry_add_item(addr, addr->address_retry_key, rf_delete); + } } /* Timeout while reading the response */ @@ -780,7 +811,8 @@ return yield; /* If continue_hostname is not null, we get here only when continuing to deliver down an existing channel. The channel was passed as the standard -input. +input. TLS is never active on a passed channel; the previous process always +closes it down before passing the connection on. Otherwise, we have to make a connection to the remote host, and do the initial protocol exchange. @@ -848,7 +880,7 @@ smtp_outblock outblock; int max_rcpt = tblock->max_addresses; uschar *igquotstr = US""; uschar *local_authenticated_sender = authenticated_sender; -uschar *helo_data; +uschar *helo_data = NULL; uschar *message = NULL; uschar new_message_id[MESSAGE_ID_LENGTH + 1]; uschar *p; @@ -877,16 +909,10 @@ outblock.ptr = outbuffer; outblock.cmd_count = 0; outblock.authenticating = FALSE; -/* Expand the greeting message */ +/* Reset the parameters of a TLS session. */ -helo_data = expand_string(ob->helo_data); -if (helo_data == NULL) - { - uschar *message = string_sprintf("failed to expand helo_data: %s", - expand_string_message); - set_errno(addrlist, 0, message, DEFER, FALSE); - return ERROR; - } +tls_cipher = NULL; +tls_peerdn = NULL; /* If an authenticated_sender override has been specified for this transport instance, expand it. If the expansion is forced to fail, and there was already @@ -919,7 +945,8 @@ if (continue_hostname == NULL) { inblock.sock = outblock.sock = smtp_connect(host, host_af, port, interface, ob->connect_timeout, - ob->keepalive); + ob->keepalive); /* This puts port into host->port */ + if (inblock.sock < 0) { set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno, @@ -927,6 +954,12 @@ if (continue_hostname == NULL) return DEFER; } + /* Expand the greeting message while waiting for the initial response. (Makes + sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is + delayed till here so that $sending_interface and $sending_port are set. */ + + helo_data = expand_string(ob->helo_data); + /* The first thing is to wait for an initial OK response. The dreaded "goto" is nevertheless a reasonably clean way of programming this kind of logic, where you want to escape on any error. */ @@ -934,6 +967,18 @@ if (continue_hostname == NULL) if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->command_timeout)) goto RESPONSE_FAILED; + /* Now check if the helo_data expansion went well, and sign off cleanly if it + didn't. */ + + if (helo_data == NULL) + { + uschar *message = string_sprintf("failed to expand helo_data: %s", + expand_string_message); + set_errno(addrlist, 0, message, DEFER, FALSE); + yield = DEFER; + goto SEND_QUIT; + } + /** Debugging without sending a message addrlist->transport_return = DEFER; goto SEND_QUIT; @@ -1025,6 +1070,7 @@ else { inblock.sock = outblock.sock = fileno(stdin); smtp_command = big_buffer; + host->port = port; /* Record the port that was used */ } /* If TLS is available on this connection, whether continued or not, attempt to @@ -1103,10 +1149,27 @@ if (tls_offered && !suppress_tls && } } -/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. */ +/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If +helo_data is null, we are dealing with a connection that was passed from +another process, and so we won't have expanded helo_data above. We have to +expand it here. $sending_ip_address and $sending_port are set up right at the +start of the Exim process (in exim.c). */ if (tls_active >= 0) { + if (helo_data == NULL) + { + helo_data = expand_string(ob->helo_data); + if (helo_data == NULL) + { + uschar *message = string_sprintf("failed to expand helo_data: %s", + expand_string_message); + set_errno(addrlist, 0, message, DEFER, FALSE); + yield = DEFER; + goto SEND_QUIT; + } + } + if (smtp_write_command(&outblock, FALSE, "%s %s\r\n", lmtp? "LHLO" : "EHLO", helo_data) < 0) goto SEND_FAILED; @@ -1159,9 +1222,12 @@ if (continue_hostname == NULL PCRE_EOPT, NULL, 0) >= 0; /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched - the current host, esmtp will be false, so PIPELINING can never be used. */ + the current host, esmtp will be false, so PIPELINING can never be used. If + the current host matches hosts_avoid_pipelining, don't do it. */ smtp_use_pipelining = esmtp && + verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name, + host->address, NULL) != OK && pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0, PCRE_EOPT, NULL, 0) >= 0; @@ -1195,14 +1261,25 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); /* Scan the configured authenticators looking for one which is configured - for use as a client and whose name matches an authentication mechanism - supported by the server. If one is found, attempt to authenticate by - calling its client function. */ + for use as a client, which is not suppressed by client_condition, and + whose name matches an authentication mechanism supported by the server. + If one is found, attempt to authenticate by calling its client function. + */ for (au = auths; !smtp_authenticated && au != NULL; au = au->next) { uschar *p = names; - if (!au->client) continue; + if (!au->client || + (au->client_condition != NULL && + !expand_check_condition(au->client_condition, au->name, + US"client authenticator"))) + { + DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n", + au->name, + (au->client)? "client_condition is false" : + "not configured as a client"); + continue; + } /* Loop to scan supported server mechanisms */ @@ -1534,6 +1611,23 @@ if (!ok) ok = TRUE; else ob->dk_private_key, ob->dk_domain, ob->dk_selector, ob->dk_canon, ob->dk_headers, ob->dk_strict); else +#endif +#ifdef EXPERIMENTAL_DKIM + if ( (ob->dkim_private_key != NULL) && (ob->dkim_domain != NULL) && (ob->dkim_selector != NULL) ) + ok = dkim_transport_write_message(addrlist, inblock.sock, + topt_use_crlf | topt_end_dot | topt_escape_headers | + (tblock->body_only? topt_no_headers : 0) | + (tblock->headers_only? topt_no_body : 0) | + (tblock->return_path_add? topt_add_return_path : 0) | + (tblock->delivery_date_add? topt_add_delivery_date : 0) | + (tblock->envelope_to_add? topt_add_envelope_to : 0), + 0, /* No size limit */ + tblock->add_headers, tblock->remove_headers, + US".", US"..", /* Escaping strings */ + tblock->rewrite_rules, tblock->rewrite_existflags, + ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector, + ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers); + else #endif ok = transport_write_message(addrlist, inblock.sock, topt_use_crlf | topt_end_dot | topt_escape_headers | @@ -1690,7 +1784,7 @@ if (!ok) ok = TRUE; else /* Ensure the journal file is pushed out to disk. */ - if (fsync(journal_fd) < 0) + if (EXIMfsync(journal_fd) < 0) log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s", strerror(errno)); }