X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b4ed4da0f525ab98c05797e15df0045e49ae3618..58eb016e585187a87ade7602b2aecb2208605320:/src/src/smtp_in.c diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index b1a1eba3d..dc96a9aa1 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.50 2007/01/15 15:59:22 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.57 2007/04/13 15:13:47 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -120,12 +120,18 @@ static BOOL helo_seen; static BOOL helo_accept_junk; static BOOL count_nonmail; static BOOL pipelining_advertised; +static BOOL rcpt_smtp_response_same; +static BOOL rcpt_in_progress; static int nonmail_command_count; static int synprot_error_count; static int unknown_command_count; static int sync_cmd_limit; static int smtp_write_error = 0; +static uschar *rcpt_smtp_response; +static uschar *smtp_data_buffer; +static uschar *smtp_cmd_data; + /* We need to know the position of RSET, HELO, EHLO, AUTH, and STARTTLS. Their final fields of all except AUTH are forced TRUE at the start of a new message setup, to allow one of each between messages that is not counted as a nonmail @@ -327,6 +333,23 @@ return smtp_had_error; +/************************************************* +* Test for characters in the SMTP buffer * +*************************************************/ + +/* Used at the end of a message + +Arguments: none +Returns: TRUE/FALSE +*/ + +BOOL +smtp_buffered(void) +{ +return smtp_inptr < smtp_inend; +} + + /************************************************* * Write formatted string to SMTP channel * @@ -365,28 +388,41 @@ DEBUG(D_receive) } va_start(ap, format); +if (!string_vformat(big_buffer, big_buffer_size, format, ap)) + { + log_write(0, LOG_MAIN|LOG_PANIC, "string too large in smtp_printf()"); + smtp_closedown(US"Unexpected error"); + exim_exit(EXIT_FAILURE); + } +va_end(ap); + +/* If this is the first output for a (non-batch) RCPT command, see if all RCPTs +have had the same. Note: this code is also present in smtp_respond(). It would +be tidier to have it only in one place, but when it was added, it was easier to +do it that way, so as not to have to mess with the code for the RCPT command, +which sometimes uses smtp_printf() and sometimes smtp_respond(). */ -/* If in a TLS session we have to format the string, and then write it using a -TLS function. */ +if (rcpt_in_progress) + { + if (rcpt_smtp_response == NULL) + rcpt_smtp_response = string_copy(big_buffer); + else if (rcpt_smtp_response_same && + Ustrcmp(rcpt_smtp_response, big_buffer) != 0) + rcpt_smtp_response_same = FALSE; + rcpt_in_progress = FALSE; + } + +/* Now write the string */ #ifdef SUPPORT_TLS if (tls_active >= 0) { - if (!string_vformat(big_buffer, big_buffer_size, format, ap)) - { - log_write(0, LOG_MAIN|LOG_PANIC, "string too large in smtp_printf"); - smtp_closedown(US"Unexpected error"); - exim_exit(EXIT_FAILURE); - } if (tls_write(big_buffer, Ustrlen(big_buffer)) < 0) smtp_write_error = -1; } else #endif -/* Otherwise, just use the standard library function. */ - -if (vfprintf(smtp_out, format, ap) < 0) smtp_write_error = -1; -va_end(ap); +if (fprintf(smtp_out, "%s", big_buffer) < 0) smtp_write_error = -1; } @@ -466,6 +502,7 @@ exim_exit(EXIT_FAILURE); + /************************************************* * Read one command line * *************************************************/ @@ -552,11 +589,16 @@ for (p = cmd_list; p < cmd_list_end; p++) !sender_host_notsocket) /* Really is a socket */ return BADSYN_CMD; - /* Point after the command, but don't skip over leading spaces till after - the following test, so that if it fails, the command name can easily be - logged. */ + /* The variables $smtp_command and $smtp_command_argument point into the + unmodified input buffer. A copy of the latter is taken for actual + processing, so that it can be chopped up into separate parts if necessary, + for example, when processing a MAIL command options such as SIZE that can + follow the sender address. */ smtp_cmd_argument = smtp_cmd_buffer + p->len; + while (isspace(*smtp_cmd_argument)) smtp_cmd_argument++; + Ustrcpy(smtp_data_buffer, smtp_cmd_argument); + smtp_cmd_data = smtp_data_buffer; /* Count non-mail commands from those hosts that are controlled in this way. The default is all hosts. We don't waste effort checking the list @@ -574,11 +616,10 @@ for (p = cmd_list; p < cmd_list_end; p++) return TOO_MANY_NONMAIL_CMD; } - /* Get the data pointer over leading spaces and return; if there is data - for a command that does not expect it, give the error centrally here. */ + /* If there is data for a command that does not expect it, generate the + error here. */ - while (isspace(*smtp_cmd_argument)) smtp_cmd_argument++; - return (p->has_arg || *smtp_cmd_argument == 0)? p->cmd : BADARG_CMD; + return (p->has_arg || *smtp_cmd_data == 0)? p->cmd : BADARG_CMD; } } @@ -596,6 +637,60 @@ return OTHER_CMD; +/************************************************* +* Recheck synchronization * +*************************************************/ + +/* Synchronization checks can never be perfect because a packet may be on its +way but not arrived when the check is done. Such checks can in any case only be +done when TLS is not in use. Normally, the checks happen when commands are +read: Exim ensures that there is no more input in the input buffer. In normal +cases, the response to the command will be fast, and there is no further check. + +However, for some commands an ACL is run, and that can include delays. In those +cases, it is useful to do another check on the input just before sending the +response. This also applies at the start of a connection. This function does +that check by means of the select() function, as long as the facility is not +disabled or inappropriate. A failure of select() is ignored. + +When there is unwanted input, we read it so that it appears in the log of the +error. + +Arguments: none +Returns: TRUE if all is well; FALSE if there is input pending +*/ + +static BOOL +check_sync(void) +{ +int fd, rc; +fd_set fds; +struct timeval tzero; + +if (!smtp_enforce_sync || sender_host_address == NULL || + sender_host_notsocket || tls_active >= 0) + return TRUE; + +fd = fileno(smtp_in); +FD_ZERO(&fds); +FD_SET(fd, &fds); +tzero.tv_sec = 0; +tzero.tv_usec = 0; +rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); + +if (rc <= 0) return TRUE; /* Not ready to read */ +rc = smtp_getc(); +if (rc < 0) return TRUE; /* End of file or error */ + +smtp_ungetc(rc); +rc = smtp_inend - smtp_inptr; +if (rc > 150) rc = 150; +smtp_inptr[rc] = 0; +return FALSE; +} + + + /************************************************* * Forced closedown of call * *************************************************/ @@ -839,7 +934,7 @@ return yield; * Extract SMTP command option * *************************************************/ -/* This function picks the next option setting off the end of smtp_cmd_argument. It +/* This function picks the next option setting off the end of smtp_cmd_data. It is called for MAIL FROM and RCPT TO commands, to pick off the optional ESMTP things that can appear there. @@ -854,11 +949,11 @@ static BOOL extract_option(uschar **name, uschar **value) { uschar *n; -uschar *v = smtp_cmd_argument + Ustrlen(smtp_cmd_argument) -1; +uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1; while (isspace(*v)) v--; v[1] = 0; -while (v > smtp_cmd_argument && *v != '=' && !isspace(*v)) v--; +while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) v--; if (*v != '=') return FALSE; n = v; @@ -899,6 +994,9 @@ message_linecount = 0; message_size = -1; acl_added_headers = NULL; queue_only_policy = FALSE; +rcpt_smtp_response = NULL; +rcpt_smtp_response_same = TRUE; +rcpt_in_progress = FALSE; deliver_freeze = FALSE; /* Can be set by ACL */ freeze_tell = freeze_tell_config; /* Can be set by ACL */ fake_response = OK; /* Can be set by ACL */ @@ -1022,7 +1120,7 @@ while (done <= 0) case HELO_CMD: case EHLO_CMD: - check_helo(smtp_cmd_argument); + check_helo(smtp_cmd_data); /* Fall through */ case RSET_CMD: @@ -1042,7 +1140,7 @@ while (done <= 0) /* The function moan_smtp_batch() does not return. */ moan_smtp_batch(smtp_cmd_buffer, "503 Sender already given"); - if (smtp_cmd_argument[0] == 0) + if (smtp_cmd_data[0] == 0) /* The function moan_smtp_batch() does not return. */ moan_smtp_batch(smtp_cmd_buffer, "501 MAIL FROM must have an address operand"); @@ -1053,8 +1151,8 @@ while (done <= 0) /* Apply SMTP rewrite */ raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_argument, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE, - US"", global_rewrite_rules) : smtp_cmd_argument; + rewrite_one(smtp_cmd_data, rewrite_smtp|rewrite_smtp_sender, NULL, FALSE, + US"", global_rewrite_rules) : smtp_cmd_data; /* Extract the address; the TRUE flag allows <> as valid */ @@ -1097,7 +1195,7 @@ while (done <= 0) /* The function moan_smtp_batch() does not return. */ moan_smtp_batch(smtp_cmd_buffer, "503 No sender yet given"); - if (smtp_cmd_argument[0] == 0) + if (smtp_cmd_data[0] == 0) /* The function moan_smtp_batch() does not return. */ moan_smtp_batch(smtp_cmd_buffer, "501 RCPT TO must have an address operand"); @@ -1112,8 +1210,8 @@ while (done <= 0) recipient address */ recipient = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_argument, rewrite_smtp, NULL, FALSE, US"", - global_rewrite_rules) : smtp_cmd_argument; + rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", + global_rewrite_rules) : smtp_cmd_data; /* rfc821_domains = TRUE; << no longer needed */ recipient = parse_extract_address(recipient, &errmess, &start, &end, @@ -1244,6 +1342,7 @@ synprot_error_count = unknown_command_count = nonmail_command_count = 0; smtp_delay_mail = smtp_rlm_base; auth_advertised = FALSE; pipelining_advertised = FALSE; +pipelining_enable = TRUE; sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING; memset(sender_host_cache, 0, sizeof(sender_host_cache)); @@ -1263,12 +1362,13 @@ tls_advertised = FALSE; acl_var_c = NULL; -/* Allow for trailing 0 in the command buffer. */ +/* Allow for trailing 0 in the command and data buffers. */ -smtp_cmd_buffer = (uschar *)malloc(smtp_cmd_buffer_size + 1); +smtp_cmd_buffer = (uschar *)malloc(2*smtp_cmd_buffer_size + 2); if (smtp_cmd_buffer == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP command buffer"); +smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1; /* For batched input, the protocol setting can be overridden from the command line by a trusted caller. */ @@ -1295,6 +1395,7 @@ receive_getc = smtp_getc; receive_ungetc = smtp_ungetc; receive_feof = smtp_feof; receive_ferror = smtp_ferror; +receive_smtp_buffered = smtp_buffered; smtp_inptr = smtp_inend = smtp_inbuffer; smtp_had_eof = smtp_had_error = 0; @@ -1540,7 +1641,9 @@ if (!sender_host_unknown) smtps port for use with older style SSL MTAs. */ #ifdef SUPPORT_TLS - if (tls_on_connect && tls_server_start(tls_require_ciphers) != OK) + if (tls_on_connect && + tls_server_start(tls_require_ciphers, + gnutls_require_mac, gnutls_require_kx, gnutls_require_proto) != OK) return FALSE; #endif @@ -1592,18 +1695,18 @@ if (!sender_host_unknown) } #endif - /* Check for reserved slots. Note that the count value doesn't include - this process, as it gets upped in the parent process. */ + /* Check for reserved slots. The value of smtp_accept_count has already been + incremented to include this process. */ if (smtp_accept_max > 0 && - smtp_accept_count + 1 > smtp_accept_max - smtp_accept_reserve) + smtp_accept_count > smtp_accept_max - smtp_accept_reserve) { if ((rc = verify_check_host(&smtp_reserve_hosts)) != OK) { log_write(L_connection_reject, LOG_MAIN, "temporarily refused connection from %s: not in " "reserve list: connected=%d max=%d reserve=%d%s", - host_and_ident(FALSE), smtp_accept_count, smtp_accept_max, + host_and_ident(FALSE), smtp_accept_count - 1, smtp_accept_max, smtp_accept_reserve, (rc == DEFER)? " (lookup deferred)" : ""); smtp_printf("421 %s: Too many concurrent SMTP connections; " "please try again later\r\n", smtp_active_hostname); @@ -1749,30 +1852,14 @@ ss[ptr] = 0; /* string_cat leaves room for this */ /* Before we write the banner, check that there is no input pending, unless this synchronisation check is disabled. */ -if (smtp_enforce_sync && sender_host_address != NULL && !sender_host_notsocket) +if (!check_sync()) { - fd_set fds; - struct timeval tzero; - tzero.tv_sec = 0; - tzero.tv_usec = 0; - FD_ZERO(&fds); - FD_SET(fileno(smtp_in), &fds); - if (select(fileno(smtp_in) + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, - &tzero) > 0) - { - int rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size); - if (rc > 0) - { - if (rc > 150) rc = 150; - smtp_inbuffer[rc] = 0; - log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol " - "synchronization error (input sent without waiting for greeting): " - "rejected connection from %s input=\"%s\"", host_and_ident(TRUE), - string_printing(smtp_inbuffer)); - smtp_printf("554 SMTP synchronization error\r\n"); - return FALSE; - } - } + log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol " + "synchronization error (input sent without waiting for greeting): " + "rejected connection from %s input=\"%s\"", host_and_ident(TRUE), + string_printing(smtp_inptr)); + smtp_printf("554 SMTP synchronization error\r\n"); + return FALSE; } /* Now output the banner */ @@ -1904,6 +1991,24 @@ if (codelen > 4) esclen = codelen - 4; } +/* If this is the first output for a (non-batch) RCPT command, see if all RCPTs +have had the same. Note: this code is also present in smtp_printf(). It would +be tidier to have it only in one place, but when it was added, it was easier to +do it that way, so as not to have to mess with the code for the RCPT command, +which sometimes uses smtp_printf() and sometimes smtp_respond(). */ + +if (rcpt_in_progress) + { + if (rcpt_smtp_response == NULL) + rcpt_smtp_response = string_copy(msg); + else if (rcpt_smtp_response_same && + Ustrcmp(rcpt_smtp_response, msg) != 0) + rcpt_smtp_response_same = FALSE; + rcpt_in_progress = FALSE; + } + +/* Not output the message, splitting it up into multiple lines if necessary. */ + for (;;) { uschar *nl = Ustrchr(msg, '\n'); @@ -2038,9 +2143,9 @@ uschar *what = #endif (where == ACL_WHERE_PREDATA)? US"DATA" : (where == ACL_WHERE_DATA)? US"after DATA" : - (smtp_cmd_argument == NULL)? + (smtp_cmd_data == NULL)? string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]) : - string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_argument); + string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data); if (drop) rc = FAIL; @@ -2073,6 +2178,9 @@ unless the sender_verify_fail log selector has been turned off. */ if (sender_verified_failed != NULL && !testflag(sender_verified_failed, af_sverify_told)) { + BOOL save_rcpt_in_progress = rcpt_in_progress; + rcpt_in_progress = FALSE; /* So as not to treat these as the error */ + setflag(sender_verified_failed, af_sverify_told); if (rc != FAIL || (log_extra_selector & LX_sender_verify_fail) != 0) @@ -2102,6 +2210,8 @@ if (sender_verified_failed != NULL && "Verification failed for <%s>\n%s", sender_verified_failed->address, sender_verified_failed->user_message)); + + rcpt_in_progress = save_rcpt_in_progress; } /* Sort out text for logging */ @@ -2462,8 +2572,8 @@ while (done <= 0) /* Find the name of the requested authentication mechanism. */ - s = smtp_cmd_argument; - while ((c = *smtp_cmd_argument) != 0 && !isspace(c)) + s = smtp_cmd_data; + while ((c = *smtp_cmd_data) != 0 && !isspace(c)) { if (!isalnum(c) && c != '-' && c != '_') { @@ -2471,16 +2581,16 @@ while (done <= 0) US"invalid character in authentication mechanism name"); goto COMMAND_LOOP; } - smtp_cmd_argument++; + smtp_cmd_data++; } /* If not at the end of the line, we must be at white space. Terminate the name and move the pointer on to any data that may be present. */ - if (*smtp_cmd_argument != 0) + if (*smtp_cmd_data != 0) { - *smtp_cmd_argument++ = 0; - while (isspace(*smtp_cmd_argument)) smtp_cmd_argument++; + *smtp_cmd_data++ = 0; + while (isspace(*smtp_cmd_data)) smtp_cmd_data++; } /* Search for an authentication mechanism which is configured for use @@ -2516,7 +2626,7 @@ while (done <= 0) expand_nmax = 0; expand_nlength[0] = 0; /* $0 contains nothing */ - c = (au->info->servercode)(au, smtp_cmd_argument); + c = (au->info->servercode)(au, smtp_cmd_data); if (au->set_id != NULL) set_id = expand_string(au->set_id); expand_nmax = -1; /* Reset numeric variables */ for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth */ @@ -2635,7 +2745,7 @@ while (done <= 0) /* Reject the HELO if its argument was invalid or non-existent. A successful check causes the argument to be saved in malloc store. */ - if (!check_helo(smtp_cmd_argument)) + if (!check_helo(smtp_cmd_data)) { smtp_printf("501 Syntactically invalid %s argument(s)\r\n", hello); @@ -2665,7 +2775,7 @@ while (done <= 0) if (!sender_host_unknown) { BOOL old_helo_verified = helo_verified; - uschar *p = smtp_cmd_argument; + uschar *p = smtp_cmd_data; while (*p != 0 && !isspace(*p)) { *p = tolower(*p); p++; } *p = 0; @@ -2720,7 +2830,8 @@ while (done <= 0) spf_init(sender_helo_name, sender_host_address); #endif - /* Apply an ACL check if one is defined */ + /* Apply an ACL check if one is defined; afterwards, recheck + synchronization in case the client started sending in a delay. */ if (acl_smtp_helo != NULL) { @@ -2732,6 +2843,7 @@ while (done <= 0) host_build_sender_fullhost(); /* Rebuild */ break; } + else if (!check_sync()) goto SYNC_FAILURE; } /* Generate an OK reply. The default string includes the ident if present, @@ -2849,7 +2961,8 @@ while (done <= 0) /* Exim is quite happy with pipelining, so let the other end know that it is safe to use it, unless advertising is disabled. */ - if (verify_check_host(&pipelining_advertise_hosts) == OK) + if (pipelining_enable && + verify_check_host(&pipelining_advertise_hosts) == OK) { s = string_cat(s, &size, &ptr, smtp_code, 3); s = string_cat(s, &size, &ptr, US"-PIPELINING\r\n", 13); @@ -2982,7 +3095,7 @@ while (done <= 0) break; } - if (smtp_cmd_argument[0] == 0) + if (smtp_cmd_data[0] == 0) { done = synprot_error(L_smtp_protocol_error, 501, NULL, US"MAIL must have an address operand"); @@ -3141,8 +3254,8 @@ while (done <= 0) TRUE flag allows "<>" as a sender address. */ raw_sender = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_argument, rewrite_smtp, NULL, FALSE, US"", - global_rewrite_rules) : smtp_cmd_argument; + rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", + global_rewrite_rules) : smtp_cmd_data; /* rfc821_domains = TRUE; << no longer needed */ raw_sender = @@ -3152,7 +3265,7 @@ while (done <= 0) if (raw_sender == NULL) { - done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_argument, errmess); + done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_data, errmess); break; } @@ -3212,7 +3325,7 @@ while (done <= 0) else { smtp_printf("501 %s: sender address must contain a domain\r\n", - smtp_cmd_argument); + smtp_cmd_data); log_write(L_smtp_syntax_error, LOG_MAIN|LOG_REJECT, "unqualified sender rejected: <%s> %s%s", @@ -3224,10 +3337,16 @@ while (done <= 0) } } - /* Apply an ACL check if one is defined, before responding */ + /* Apply an ACL check if one is defined, before responding. Afterwards, + when pipelining is not advertised, do another sync check in case the ACL + delayed and the client started sending in the meantime. */ - rc = (acl_smtp_mail == NULL)? OK : - acl_check(ACL_WHERE_MAIL, NULL, acl_smtp_mail, &user_msg, &log_msg); + if (acl_smtp_mail == NULL) rc = OK; else + { + rc = acl_check(ACL_WHERE_MAIL, NULL, acl_smtp_mail, &user_msg, &log_msg); + if (rc == OK && !pipelining_advertised && !check_sync()) + goto SYNC_FAILURE; + } if (rc == OK || rc == DISCARD) { @@ -3245,17 +3364,15 @@ while (done <= 0) break; - /* The RCPT command requires an address as an operand. All we do - here is to parse it for syntactic correctness. There may be any number - of RCPT commands, specifying multiple senders. We build them all into - a data structure that is in argc/argv format. The start/end values - given by parse_extract_address are not used, as we keep only the - extracted address. */ + /* The RCPT command requires an address as an operand. There may be any + number of RCPT commands, specifying multiple recipients. We build them all + into a data structure. The start/end values given by parse_extract_address + are not used, as we keep only the extracted address. */ case RCPT_CMD: HAD(SCH_RCPT); rcpt_count++; - was_rcpt = TRUE; + was_rcpt = rcpt_in_progress = TRUE; /* There must be a sender address; if the sender was rejected and pipelining was advertised, we assume the client was pipelining, and do not @@ -3281,7 +3398,7 @@ while (done <= 0) /* Check for an operand */ - if (smtp_cmd_argument[0] == 0) + if (smtp_cmd_data[0] == 0) { done = synprot_error(L_smtp_syntax_error, 501, NULL, US"RCPT must have an address operand"); @@ -3293,8 +3410,8 @@ while (done <= 0) as a recipient address */ recipient = ((rewrite_existflags & rewrite_smtp) != 0)? - rewrite_one(smtp_cmd_argument, rewrite_smtp, NULL, FALSE, US"", - global_rewrite_rules) : smtp_cmd_argument; + rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"", + global_rewrite_rules) : smtp_cmd_data; /* rfc821_domains = TRUE; << no longer needed */ recipient = parse_extract_address(recipient, &errmess, &start, &end, @@ -3303,7 +3420,7 @@ while (done <= 0) if (recipient == NULL) { - done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_argument, errmess); + done = synprot_error(L_smtp_syntax_error, 501, smtp_cmd_data, errmess); rcpt_fail_count++; break; } @@ -3333,7 +3450,7 @@ while (done <= 0) { rcpt_fail_count++; smtp_printf("501 %s: recipient address must contain a domain\r\n", - smtp_cmd_argument); + smtp_cmd_data); log_write(L_smtp_syntax_error, LOG_MAIN|LOG_REJECT, "unqualified recipient rejected: " "<%s> %s%s", recipient, host_and_ident(TRUE), @@ -3383,10 +3500,17 @@ while (done <= 0) } /* If the MAIL ACL discarded all the recipients, we bypass ACL checking - for them. Otherwise, check the access control list for this recipient. */ + for them. Otherwise, check the access control list for this recipient. As + there may be a delay in this, re-check for a synchronization error + afterwards, unless pipelining was advertised. */ - rc = recipients_discarded? DISCARD : - acl_check(ACL_WHERE_RCPT, recipient, acl_smtp_rcpt, &user_msg, &log_msg); + if (recipients_discarded) rc = DISCARD; else + { + rc = acl_check(ACL_WHERE_RCPT, recipient, acl_smtp_rcpt, &user_msg, + &log_msg); + if (rc == OK && !pipelining_advertised && !check_sync()) + goto SYNC_FAILURE; + } /* The ACL was happy */ @@ -3438,14 +3562,29 @@ while (done <= 0) DATA command. The example in the pipelining RFC 2920 uses 554, but I use 503 here - because it is the same whether pipelining is in use or not. */ + because it is the same whether pipelining is in use or not. + + If all the RCPT commands that precede DATA provoked the same error message + (often indicating some kind of system error), it is helpful to include it + with the DATA rejection (an idea suggested by Tony Finch). */ case DATA_CMD: HAD(SCH_DATA); if (!discarded && recipients_count <= 0) { + if (rcpt_smtp_response_same && rcpt_smtp_response != NULL) + { + uschar *code = US"503"; + int len = Ustrlen(rcpt_smtp_response); + smtp_respond(code, 3, FALSE, US"All RCPT commands were rejected with " + "this error:"); + /* Responses from smtp_printf() will have \r\n on the end */ + if (len > 2 && rcpt_smtp_response[len-2] == '\r') + rcpt_smtp_response[len-2] = 0; + smtp_respond(code, 3, FALSE, rcpt_smtp_response); + } if (pipelining_advertised && last_was_rcpt) - smtp_printf("503 valid RCPT command must precede DATA\r\n"); + smtp_printf("503 Valid RCPT command must precede DATA\r\n"); else done = synprot_error(L_smtp_protocol_error, 503, NULL, US"valid RCPT command must precede DATA"); @@ -3460,12 +3599,16 @@ while (done <= 0) break; } + /* If there is an ACL, re-check the synchronization afterwards, since the + ACL may have delayed. */ + if (acl_smtp_predata == NULL) rc = OK; else { enable_dollar_recipients = TRUE; rc = acl_check(ACL_WHERE_PREDATA, NULL, acl_smtp_predata, &user_msg, &log_msg); enable_dollar_recipients = FALSE; + if (rc == OK && !check_sync()) goto SYNC_FAILURE; } if (rc == OK) @@ -3481,7 +3624,6 @@ while (done <= 0) else done = smtp_handle_acl_fail(ACL_WHERE_PREDATA, rc, user_msg, log_msg); - break; @@ -3496,7 +3638,7 @@ while (done <= 0) uschar *s = NULL; /* rfc821_domains = TRUE; << no longer needed */ - address = parse_extract_address(smtp_cmd_argument, &errmess, &start, &end, + address = parse_extract_address(smtp_cmd_data, &errmess, &start, &end, &recipient_domain, FALSE); /* rfc821_domains = FALSE; << no longer needed */ @@ -3542,7 +3684,7 @@ while (done <= 0) { BOOL save_log_testing_mode = log_testing_mode; address_test_mode = log_testing_mode = TRUE; - (void) verify_address(deliver_make_addr(smtp_cmd_argument, FALSE), + (void) verify_address(deliver_make_addr(smtp_cmd_data, FALSE), smtp_out, vopt_is_recipient | vopt_qualify | vopt_expn, -1, -1, -1, NULL, NULL, NULL); address_test_mode = FALSE; @@ -3593,7 +3735,8 @@ while (done <= 0) We must allow for an extra EHLO command and an extra AUTH command after STARTTLS that don't add to the nonmail command count. */ - if ((rc = tls_server_start(tls_require_ciphers)) == OK) + if ((rc = tls_server_start(tls_require_ciphers, gnutls_require_mac, + gnutls_require_kx, gnutls_require_proto)) == OK) { if (!tls_remember_esmtp) helo_seen = esmtp = auth_advertised = pipelining_advertised = FALSE; @@ -3777,7 +3920,7 @@ while (done <= 0) /* Compute the serialization key for this command. */ - etrn_serialize_key = string_sprintf("etrn-%s\n", smtp_cmd_argument); + etrn_serialize_key = string_sprintf("etrn-%s\n", smtp_cmd_data); /* If a command has been specified for running as a result of ETRN, we permit any argument to ETRN. If not, only the # standard form is permitted, @@ -3789,7 +3932,7 @@ while (done <= 0) uschar *error; BOOL rc; etrn_command = smtp_etrn_command; - deliver_domain = smtp_cmd_argument; + deliver_domain = smtp_cmd_data; rc = transport_set_up_command(&argv, smtp_etrn_command, TRUE, 0, NULL, US"ETRN processing", &error); deliver_domain = NULL; @@ -3806,7 +3949,7 @@ while (done <= 0) else { - if (*smtp_cmd_argument++ != '#') + if (*smtp_cmd_data++ != '#') { done = synprot_error(L_smtp_syntax_error, 501, NULL, US"argument must begin with #"); @@ -3814,7 +3957,7 @@ while (done <= 0) } etrn_command = US"exim -R"; argv = child_exec_exim(CEE_RETURN_ARGV, TRUE, NULL, TRUE, 2, US"-R", - smtp_cmd_argument); + smtp_cmd_data); } /* If we are host-testing, don't actually do anything. */ @@ -3837,7 +3980,7 @@ while (done <= 0) if (smtp_etrn_serialize && !enq_start(etrn_serialize_key)) { - smtp_printf("458 Already processing %s\r\n", smtp_cmd_argument); + smtp_printf("458 Already processing %s\r\n", smtp_cmd_data); break; } @@ -3929,6 +4072,7 @@ while (done <= 0) case BADSYN_CMD: + SYNC_FAILURE: if (smtp_inend >= smtp_inbuffer + in_buffer_size) smtp_inend = smtp_inbuffer + in_buffer_size - 1; c = smtp_inend - smtp_inptr; @@ -3947,10 +4091,12 @@ while (done <= 0) case TOO_MANY_NONMAIL_CMD: + s = smtp_cmd_buffer; + while (*s != 0 && !isspace(*s)) s++; incomplete_transaction_log(US"too many non-mail commands"); log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many " "nonmail commands (last was \"%.*s\")", host_and_ident(FALSE), - smtp_cmd_argument - smtp_cmd_buffer, smtp_cmd_buffer); + s - smtp_cmd_buffer, smtp_cmd_buffer); smtp_printf("554 Too many nonmail commands\r\n"); done = 1; /* Pretend eof - drops connection */ break;