1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "dnssec_request_domains", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
60 { "dnssec_require_domains", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
62 { "dscp", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dscp) },
64 { "fallback_hosts", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
66 { "final_timeout", opt_time,
67 (void *)offsetof(smtp_transport_options_block, final_timeout) },
68 { "gethostbyname", opt_bool,
69 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
71 /* These are no longer honoured, as of Exim 4.80; for now, we silently
72 ignore; 4.83 will warn, and a later-still release will remove
73 these options, so that using them becomes an error. */
74 { "gnutls_require_kx", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
76 { "gnutls_require_mac", opt_stringptr,
77 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
78 { "gnutls_require_protocols", opt_stringptr,
79 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
81 { "helo_data", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, helo_data) },
83 { "hosts", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts) },
85 { "hosts_avoid_esmtp", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
87 { "hosts_avoid_pipelining", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
90 { "hosts_avoid_tls", opt_stringptr,
91 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
93 { "hosts_max_try", opt_int,
94 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
95 { "hosts_max_try_hardlimit", opt_int,
96 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
98 { "hosts_nopass_tls", opt_stringptr,
99 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
101 { "hosts_override", opt_bool,
102 (void *)offsetof(smtp_transport_options_block, hosts_override) },
103 { "hosts_randomize", opt_bool,
104 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
105 #if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
106 { "hosts_request_ocsp", opt_stringptr,
107 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
109 { "hosts_require_auth", opt_stringptr,
110 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
112 # ifndef DISABLE_OCSP
113 { "hosts_require_ocsp", opt_stringptr,
114 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
116 { "hosts_require_tls", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
119 { "hosts_try_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
121 #ifdef EXPERIMENTAL_DANE
122 { "hosts_try_dane", opt_stringptr,
123 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
126 { "hosts_try_prdr", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
130 { "hosts_verify_avoid_tls", opt_stringptr,
131 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
133 { "interface", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, interface) },
135 { "keepalive", opt_bool,
136 (void *)offsetof(smtp_transport_options_block, keepalive) },
137 { "lmtp_ignore_quota", opt_bool,
138 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
139 { "max_rcpt", opt_int | opt_public,
140 (void *)offsetof(transport_instance, max_addresses) },
141 { "multi_domain", opt_bool | opt_public,
142 (void *)offsetof(transport_instance, multi_domain) },
143 { "port", opt_stringptr,
144 (void *)offsetof(smtp_transport_options_block, port) },
145 { "protocol", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, protocol) },
147 { "retry_include_ip_address", opt_bool,
148 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
149 { "serialize_hosts", opt_stringptr,
150 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
151 { "size_addition", opt_int,
152 (void *)offsetof(smtp_transport_options_block, size_addition) }
154 ,{ "tls_certificate", opt_stringptr,
155 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
156 { "tls_crl", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_crl) },
158 { "tls_dh_min_bits", opt_int,
159 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
160 { "tls_privatekey", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
162 { "tls_require_ciphers", opt_stringptr,
163 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
164 { "tls_sni", opt_stringptr,
165 (void *)offsetof(smtp_transport_options_block, tls_sni) },
166 { "tls_tempfail_tryclear", opt_bool,
167 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
168 { "tls_try_verify_hosts", opt_stringptr,
169 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
170 #ifdef EXPERIMENTAL_CERTNAMES
171 { "tls_verify_cert_hostnames", opt_stringptr,
172 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
174 { "tls_verify_certificates", opt_stringptr,
175 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
176 { "tls_verify_hosts", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
179 #ifdef EXPERIMENTAL_TPDA
180 ,{ "tpda_host_defer_action", opt_stringptr,
181 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
185 /* Size of the options list. An extern variable has to be used so that its
186 address can appear in the tables drtables.c. */
188 int smtp_transport_options_count =
189 sizeof(smtp_transport_options)/sizeof(optionlist);
191 /* Default private options block for the smtp transport. */
193 smtp_transport_options_block smtp_transport_option_defaults = {
195 NULL, /* fallback_hosts */
197 NULL, /* fallback_hostlist */
198 NULL, /* authenticated_sender */
199 US"$primary_hostname", /* helo_data */
200 NULL, /* interface */
202 US"smtp", /* protocol */
204 NULL, /* serialize_hosts */
205 NULL, /* hosts_try_auth */
206 NULL, /* hosts_require_auth */
207 #ifdef EXPERIMENTAL_DANE
208 NULL, /* hosts_try_dane */
211 NULL, /* hosts_try_prdr */
214 US"*", /* hosts_request_ocsp */
215 NULL, /* hosts_require_ocsp */
217 NULL, /* hosts_require_tls */
218 NULL, /* hosts_avoid_tls */
219 US"*", /* hosts_verify_avoid_tls */
220 NULL, /* hosts_avoid_pipelining */
221 NULL, /* hosts_avoid_esmtp */
222 NULL, /* hosts_nopass_tls */
223 5*60, /* command_timeout */
224 5*60, /* connect_timeout; shorter system default overrides */
225 5*60, /* data timeout */
226 10*60, /* final timeout */
227 1024, /* size_addition */
228 5, /* hosts_max_try */
229 50, /* hosts_max_try_hardlimit */
230 TRUE, /* address_retry_include_sender */
231 FALSE, /* allow_localhost */
232 FALSE, /* authenticated_sender_force */
233 FALSE, /* gethostbyname */
234 TRUE, /* dns_qualify_single */
235 FALSE, /* dns_search_parents */
236 NULL, /* dnssec_request_domains */
237 NULL, /* dnssec_require_domains */
238 TRUE, /* delay_after_cutoff */
239 FALSE, /* hosts_override */
240 FALSE, /* hosts_randomize */
241 TRUE, /* keepalive */
242 FALSE, /* lmtp_ignore_quota */
243 TRUE /* retry_include_ip_address */
245 ,NULL, /* tls_certificate */
247 NULL, /* tls_privatekey */
248 NULL, /* tls_require_ciphers */
249 NULL, /* gnutls_require_kx */
250 NULL, /* gnutls_require_mac */
251 NULL, /* gnutls_require_proto */
253 NULL, /* tls_verify_certificates */
254 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
255 /* tls_dh_min_bits */
256 TRUE, /* tls_tempfail_tryclear */
257 NULL, /* tls_verify_hosts */
258 NULL /* tls_try_verify_hosts */
259 # ifdef EXPERIMENTAL_CERTNAMES
260 ,NULL /* tls_verify_cert_hostnames */
264 ,NULL, /* dkim_canon */
265 NULL, /* dkim_domain */
266 NULL, /* dkim_private_key */
267 NULL, /* dkim_selector */
268 NULL, /* dkim_sign_headers */
269 NULL /* dkim_strict */
271 #ifdef EXPERIMENTAL_TPDA
272 ,NULL /* tpda_host_defer_action */
276 #ifdef EXPERIMENTAL_DSN
277 /* some DSN flags for use later */
279 static int rf_list[] = {rf_notify_never, rf_notify_success,
280 rf_notify_failure, rf_notify_delay };
282 static uschar *rf_names[] = { "NEVER", "SUCCESS", "FAILURE", "DELAY" };
289 static uschar *smtp_command; /* Points to last cmd for error messages */
290 static uschar *mail_command; /* Points to MAIL cmd for error messages */
291 static BOOL update_waiting; /* TRUE to update the "wait" database */
294 /*************************************************
295 * Setup entry point *
296 *************************************************/
298 /* This function is called when the transport is about to be used,
299 but before running it in a sub-process. It is used for two things:
301 (1) To set the fallback host list in addresses, when delivering.
302 (2) To pass back the interface, port, protocol, and other options, for use
303 during callout verification.
306 tblock pointer to the transport instance block
307 addrlist list of addresses about to be transported
308 tf if not NULL, pointer to block in which to return options
309 uid the uid that will be set (not used)
310 gid the gid that will be set (not used)
311 errmsg place for error message (not used)
313 Returns: OK always (FAIL, DEFER not used)
317 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
318 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
320 smtp_transport_options_block *ob =
321 (smtp_transport_options_block *)(tblock->options_block);
323 errmsg = errmsg; /* Keep picky compilers happy */
327 /* Pass back options if required. This interface is getting very messy. */
331 tf->interface = ob->interface;
333 tf->protocol = ob->protocol;
334 tf->hosts = ob->hosts;
335 tf->hosts_override = ob->hosts_override;
336 tf->hosts_randomize = ob->hosts_randomize;
337 tf->gethostbyname = ob->gethostbyname;
338 tf->qualify_single = ob->dns_qualify_single;
339 tf->search_parents = ob->dns_search_parents;
340 tf->helo_data = ob->helo_data;
343 /* Set the fallback host list for all the addresses that don't have fallback
344 host lists, provided that the local host wasn't present in the original host
347 if (!testflag(addrlist, af_local_host_removed))
349 for (; addrlist != NULL; addrlist = addrlist->next)
350 if (addrlist->fallback_hosts == NULL)
351 addrlist->fallback_hosts = ob->fallback_hostlist;
359 /*************************************************
360 * Initialization entry point *
361 *************************************************/
363 /* Called for each instance, after its options have been read, to
364 enable consistency checks to be done, or anything else that needs
367 Argument: pointer to the transport instance block
372 smtp_transport_init(transport_instance *tblock)
374 smtp_transport_options_block *ob =
375 (smtp_transport_options_block *)(tblock->options_block);
377 /* Retry_use_local_part defaults FALSE if unset */
379 if (tblock->retry_use_local_part == TRUE_UNSET)
380 tblock->retry_use_local_part = FALSE;
382 /* Set the default port according to the protocol */
384 if (ob->port == NULL)
385 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
386 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
388 /* Set up the setup entry point, to be called before subprocesses for this
391 tblock->setup = smtp_transport_setup;
393 /* Complain if any of the timeouts are zero. */
395 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
396 ob->final_timeout <= 0)
397 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
398 "command, data, or final timeout value is zero for %s transport",
401 /* If hosts_override is set and there are local hosts, set the global
402 flag that stops verify from showing router hosts. */
404 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
406 /* If there are any fallback hosts listed, build a chain of host items
407 for them, but do not do any lookups at this time. */
409 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
412 if ( ob->gnutls_require_kx
413 || ob->gnutls_require_mac
414 || ob->gnutls_require_proto)
415 log_write(0, LOG_MAIN, "WARNING: smtp transport options"
416 " gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols"
425 /*************************************************
426 * Set delivery info into all active addresses *
427 *************************************************/
429 /* Only addresses whose status is >= PENDING are relevant. A lesser
430 status means that an address is not currently being processed.
433 addrlist points to a chain of addresses
434 errno_value to put in each address's errno field
435 msg to put in each address's message field
436 rc to put in each address's transport_return field
437 pass_message if TRUE, set the "pass message" flag in the address
439 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
440 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
441 this particular type of timeout.
447 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
452 if (errno_value == ERRNO_CONNECTTIMEOUT)
454 errno_value = ETIMEDOUT;
455 orvalue = RTEF_CTOUT;
457 for (addr = addrlist; addr != NULL; addr = addr->next)
459 if (addr->transport_return < PENDING) continue;
460 addr->basic_errno = errno_value;
461 addr->more_errno |= orvalue;
465 if (pass_message) setflag(addr, af_pass_message);
467 addr->transport_return = rc;
473 /*************************************************
474 * Check an SMTP response *
475 *************************************************/
477 /* This function is given an errno code and the SMTP response buffer
478 to analyse, together with the host identification for generating messages. It
479 sets an appropriate message and puts the first digit of the response code into
480 the yield variable. If no response was actually read, a suitable digit is
484 host the current host, to get its name for messages
485 errno_value pointer to the errno value
486 more_errno from the top address for use with ERRNO_FILTER_FAIL
487 buffer the SMTP response buffer
488 yield where to put a one-digit SMTP response code
489 message where to put an errror message
490 pass_message set TRUE if message is an SMTP response
492 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
495 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
496 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
500 if (smtp_use_pipelining &&
501 (Ustrcmp(smtp_command, "MAIL") == 0 ||
502 Ustrcmp(smtp_command, "RCPT") == 0 ||
503 Ustrcmp(smtp_command, "DATA") == 0))
506 *yield = '4'; /* Default setting is to give a temporary error */
508 /* Handle response timeout */
510 if (*errno_value == ETIMEDOUT)
512 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
513 "after %s%s", host->name, host->address, pl, smtp_command);
514 if (transport_count > 0)
515 *message = US string_sprintf("%s (%d bytes written)", *message,
520 /* Handle malformed SMTP response */
522 if (*errno_value == ERRNO_SMTPFORMAT)
524 uschar *malfresp = string_printing(buffer);
525 while (isspace(*malfresp)) malfresp++;
527 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
528 "%s [%s] in response to %s%s", host->name, host->address, pl,
531 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
532 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
536 /* Handle a failed filter process error; can't send QUIT as we mustn't
539 if (*errno_value == ERRNO_FILTER_FAIL)
541 *message = US string_sprintf("transport filter process failed (%d)%s",
543 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
547 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
550 if (*errno_value == ERRNO_CHHEADER_FAIL)
553 US string_sprintf("failed to expand headers_add or headers_remove: %s",
554 expand_string_message);
558 /* Handle failure to write a complete data block */
560 if (*errno_value == ERRNO_WRITEINCOMPLETE)
562 *message = US string_sprintf("failed to write a data block");
566 /* Handle error responses from the remote mailer. */
570 uschar *s = string_printing(buffer);
571 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
572 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
573 *pass_message = TRUE;
578 /* No data was read. If there is no errno, this must be the EOF (i.e.
579 connection closed) case, which causes deferral. An explicit connection reset
580 error has the same effect. Otherwise, put the host's identity in the message,
581 leaving the errno value to be interpreted as well. In all cases, we have to
582 assume the connection is now dead. */
584 if (*errno_value == 0 || *errno_value == ECONNRESET)
586 *errno_value = ERRNO_SMTPCLOSED;
587 *message = US string_sprintf("Remote host %s [%s] closed connection "
588 "in response to %s%s", host->name, host->address, pl, smtp_command);
590 else *message = US string_sprintf("%s [%s]", host->name, host->address);
597 /*************************************************
598 * Write error message to logs *
599 *************************************************/
601 /* This writes to the main log and to the message log.
604 addr the address item containing error information
605 host the current host
611 write_logs(address_item *addr, host_item *host)
613 if (addr->message != NULL)
615 uschar *message = addr->message;
616 if (addr->basic_errno > 0)
617 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
618 log_write(0, LOG_MAIN, "%s", message);
619 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
624 ((log_extra_selector & LX_outgoing_port) != 0)?
625 string_sprintf("%s [%s]:%d", host->name, host->address,
626 (host->port == PORT_NONE)? 25 : host->port)
628 string_sprintf("%s [%s]", host->name, host->address);
629 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
630 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
631 strerror(addr->basic_errno));
637 #ifdef EXPERIMENTAL_TPDA
638 /*************************************************
639 * Post-defer action *
640 *************************************************/
642 /* This expands an arbitrary per-transport string.
643 It might, for example, be used to write to the database log.
646 ob transport options block
647 addr the address item containing error information
648 host the current host
654 tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
656 uschar *action = ob->tpda_host_defer_action;
660 tpda_delivery_ip = string_copy(host->address);
661 tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
662 tpda_delivery_fqdn = string_copy(host->name);
663 tpda_delivery_local_part = string_copy(addr->local_part);
664 tpda_delivery_domain = string_copy(addr->domain);
665 tpda_defer_errno = addr->basic_errno;
667 tpda_defer_errstr = addr->message
668 ? addr->basic_errno > 0
669 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
670 : string_copy(addr->message)
671 : addr->basic_errno > 0
672 ? string_copy(US strerror(addr->basic_errno))
676 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
677 action, tpda_delivery_ip);
679 router_name = addr->router->name;
680 transport_name = addr->transport->name;
681 if (!expand_string(action) && *expand_string_message)
682 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
683 transport_name, expand_string_message);
684 router_name = transport_name = NULL;
690 /*************************************************
691 * Synchronize SMTP responses *
692 *************************************************/
694 /* This function is called from smtp_deliver() to receive SMTP responses from
695 the server, and match them up with the commands to which they relate. When
696 PIPELINING is not in use, this function is called after every command, and is
697 therefore somewhat over-engineered, but it is simpler to use a single scheme
698 that works both with and without PIPELINING instead of having two separate sets
701 The set of commands that are buffered up with pipelining may start with MAIL
702 and may end with DATA; in between are RCPT commands that correspond to the
703 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
704 etc.) are never buffered.
706 Errors after MAIL or DATA abort the whole process leaving the response in the
707 buffer. After MAIL, pending responses are flushed, and the original command is
708 re-instated in big_buffer for error messages. For RCPT commands, the remote is
709 permitted to reject some recipient addresses while accepting others. However
710 certain errors clearly abort the whole process. Set the value in
711 transport_return to PENDING_OK if the address is accepted. If there is a
712 subsequent general error, it will get reset accordingly. If not, it will get
713 converted to OK at the end.
716 addrlist the complete address list
717 include_affixes TRUE if affixes include in RCPT
718 sync_addr ptr to the ptr of the one to start scanning at (updated)
719 host the host we are connected to
720 count the number of responses to read
722 include_sender true if 4xx retry is to include the sender it its key
723 pending_MAIL true if the first response is for MAIL
724 pending_DATA 0 if last command sent was not DATA
725 +1 if previously had a good recipient
726 -1 if not previously had a good recipient
727 inblock incoming SMTP block
728 timeout timeout value
729 buffer buffer for reading response
730 buffsize size of buffer
732 Returns: 3 if at least one address had 2xx and one had 5xx
733 2 if at least one address had 5xx but none had 2xx
734 1 if at least one host had a 2xx response, but none had 5xx
735 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
736 -1 timeout while reading RCPT response
737 -2 I/O or other non-response error for RCPT
738 -3 DATA or MAIL failed - errno and buffer set
742 sync_responses(address_item *addrlist, BOOL include_affixes,
743 address_item **sync_addr, host_item *host, int count,
744 BOOL address_retry_include_sender, BOOL pending_MAIL,
745 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
748 address_item *addr = *sync_addr;
751 /* Handle the response for a MAIL command. On error, reinstate the original
752 command in big_buffer for error message use, and flush any further pending
753 responses before returning, except after I/O errors and timeouts. */
758 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
760 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
761 if (errno == 0 && buffer[0] != 0)
763 uschar flushbuffer[4096];
765 if (buffer[0] == '4')
767 save_errno = ERRNO_MAIL4XX;
768 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
772 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
774 && (errno != 0 || flushbuffer[0] == 0))
783 if (pending_DATA) count--; /* Number of RCPT responses to come */
785 /* Read and handle the required number of RCPT responses, matching each one up
786 with an address by scanning for the next address whose status is PENDING_DEFER.
791 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
793 /* The address was accepted */
795 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
798 addr->transport_return = PENDING_OK;
800 /* If af_dr_retry_exists is set, there was a routing delay on this address;
801 ensure that any address-specific retry record is expunged. We do this both
802 for the basic key and for the version that also includes the sender. */
804 if (testflag(addr, af_dr_retry_exists))
806 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
808 retry_add_item(addr, altkey, rf_delete);
809 retry_add_item(addr, addr->address_retry_key, rf_delete);
813 /* Timeout while reading the response */
815 else if (errno == ETIMEDOUT)
817 int save_errno = errno;
818 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
819 "after RCPT TO:<%s>", host->name, host->address,
820 transport_rcpt_address(addr, include_affixes));
821 set_errno(addrlist, save_errno, message, DEFER, FALSE);
822 retry_add_item(addr, addr->address_retry_key, 0);
823 update_waiting = FALSE;
827 /* Handle other errors in obtaining an SMTP response by returning -1. This
828 will cause all the addresses to be deferred. Restore the SMTP command in
829 big_buffer for which we are checking the response, so the error message
832 else if (errno != 0 || buffer[0] == 0)
834 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
835 transport_rcpt_address(addr, include_affixes));
839 /* Handle SMTP permanent and temporary response codes. */
844 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
845 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
846 host->name, host->address, string_printing(buffer));
847 setflag(addr, af_pass_message);
848 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
850 /* The response was 5xx */
852 if (buffer[0] == '5')
854 addr->transport_return = FAIL;
858 /* The response was 4xx */
862 addr->transport_return = DEFER;
863 addr->basic_errno = ERRNO_RCPT4XX;
864 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
866 /* Log temporary errors if there are more hosts to be tried. */
868 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
870 /* Do not put this message on the list of those waiting for specific
871 hosts, as otherwise it is likely to be tried too often. */
873 update_waiting = FALSE;
875 /* Add a retry item for the address so that it doesn't get tried again
876 too soon. If address_retry_include_sender is true, add the sender address
879 if (address_retry_include_sender)
881 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
883 retry_add_item(addr, altkey, 0);
885 else retry_add_item(addr, addr->address_retry_key, 0);
888 } /* Loop for next RCPT response */
890 /* Update where to start at for the next block of responses, unless we
891 have already handled all the addresses. */
893 if (addr != NULL) *sync_addr = addr->next;
895 /* Handle a response to DATA. If we have not had any good recipients, either
896 previously or in this block, the response is ignored. */
898 if (pending_DATA != 0 &&
899 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
904 if (pending_DATA > 0 || (yield & 1) != 0)
906 if (errno == 0 && buffer[0] == '4')
908 errno = ERRNO_DATA4XX;
909 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
913 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
914 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
915 "is in use and there were no good recipients\n", msg);
918 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
919 present) received 3xx. If any RCPTs were handled and yielded anything other
920 than 4xx, yield will be set non-zero. */
927 /* Do the client side of smtp-level authentication */
930 buffer EHLO response from server (gets overwritten)
931 addrlist chain of potential addresses to deliver
932 host host to deliver to
934 ibp, obp comms channel control blocks
937 OK Success, or failed (but not required): global "smtp_authenticated" set
938 DEFER Failed authentication (and was required)
939 ERROR Internal problem
941 FAIL_SEND Failed communications - transmit
946 smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
947 smtp_transport_options_block *ob, BOOL is_esmtp,
948 smtp_inblock *ibp, smtp_outblock *obp)
951 uschar *fail_reason = US"server did not advertise AUTH support";
953 smtp_authenticated = FALSE;
954 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
955 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
956 host->name, host->address, NULL);
958 if (is_esmtp && !regex_AUTH) regex_AUTH =
959 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
962 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
964 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
965 expand_nmax = -1; /* reset */
967 /* Must not do this check until after we have saved the result of the
968 regex match above. */
970 if (require_auth == OK ||
971 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
972 host->address, NULL) == OK)
975 fail_reason = US"no common mechanisms were found";
977 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
979 /* Scan the configured authenticators looking for one which is configured
980 for use as a client, which is not suppressed by client_condition, and
981 whose name matches an authentication mechanism supported by the server.
982 If one is found, attempt to authenticate by calling its client function.
985 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
989 (au->client_condition != NULL &&
990 !expand_check_condition(au->client_condition, au->name,
991 US"client authenticator")))
993 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
995 (au->client)? "client_condition is false" :
996 "not configured as a client");
1000 /* Loop to scan supported server mechanisms */
1005 int len = Ustrlen(au->public_name);
1006 while (isspace(*p)) p++;
1008 if (strncmpic(au->public_name, p, len) != 0 ||
1009 (p[len] != 0 && !isspace(p[len])))
1011 while (*p != 0 && !isspace(*p)) p++;
1015 /* Found data for a listed mechanism. Call its client entry. Set
1016 a flag in the outblock so that data is overwritten after sending so
1017 that reflections don't show it. */
1019 fail_reason = US"authentication attempt(s) failed";
1020 obp->authenticating = TRUE;
1021 rc = (au->info->clientcode)(au, ibp, obp,
1022 ob->command_timeout, buffer, bufsize);
1023 obp->authenticating = FALSE;
1024 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1027 /* A temporary authentication failure must hold up delivery to
1028 this host. After a permanent authentication failure, we carry on
1029 to try other authentication methods. If all fail hard, try to
1030 deliver the message unauthenticated unless require_auth was set. */
1035 smtp_authenticated = TRUE; /* stops the outer loop */
1036 client_authenticator = au->name;
1037 if (au->set_client_id != NULL)
1038 client_authenticated_id = expand_string(au->set_client_id);
1041 /* Failure after writing a command */
1046 /* Failure after reading a response */
1049 if (errno != 0 || buffer[0] != '5') return FAIL;
1050 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1051 au->name, host->name, host->address, buffer);
1054 /* Failure by some other means. In effect, the authenticator
1055 decided it wasn't prepared to handle this case. Typically this
1056 is the result of "fail" in an expansion string. Do we need to
1057 log anything here? Feb 2006: a message is now put in the buffer
1058 if logging is required. */
1062 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1063 "authentication H=%s [%s] %s", au->name, host->name,
1064 host->address, buffer);
1067 /* Internal problem, message in buffer. */
1070 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1074 break; /* If not authenticated, try next authenticator */
1075 } /* Loop for scanning supported server mechanisms */
1076 } /* Loop for further authenticators */
1080 /* If we haven't authenticated, but are required to, give up. */
1082 if (require_auth == OK && !smtp_authenticated)
1084 set_errno(addrlist, ERRNO_AUTHFAIL,
1085 string_sprintf("authentication required but %s", fail_reason), DEFER,
1094 /* Construct AUTH appendix string for MAIL TO */
1097 buffer to build string
1098 addrlist chain of potential addresses to deliver
1099 ob transport options
1101 Globals smtp_authenticated
1102 client_authenticated_sender
1103 Return True on error, otherwise buffer has (possibly empty) terminated string
1107 smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1108 smtp_transport_options_block *ob)
1110 uschar *local_authenticated_sender = authenticated_sender;
1113 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1116 if (ob->authenticated_sender != NULL)
1118 uschar *new = expand_string(ob->authenticated_sender);
1121 if (!expand_string_forcedfail)
1123 uschar *message = string_sprintf("failed to expand "
1124 "authenticated_sender: %s", expand_string_message);
1125 set_errno(addrlist, 0, message, DEFER, FALSE);
1129 else if (new[0] != 0) local_authenticated_sender = new;
1132 /* Add the authenticated sender address if present */
1134 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1135 local_authenticated_sender != NULL)
1137 string_format(buffer, bufsize, " AUTH=%s",
1138 auth_xtextencode(local_authenticated_sender,
1139 Ustrlen(local_authenticated_sender)));
1140 client_authenticated_sender = string_copy(local_authenticated_sender);
1150 /*************************************************
1151 * Deliver address list to given host *
1152 *************************************************/
1154 /* If continue_hostname is not null, we get here only when continuing to
1155 deliver down an existing channel. The channel was passed as the standard
1156 input. TLS is never active on a passed channel; the previous process always
1157 closes it down before passing the connection on.
1159 Otherwise, we have to make a connection to the remote host, and do the
1160 initial protocol exchange.
1162 When running as an MUA wrapper, if the sender or any recipient is rejected,
1163 temporarily or permanently, we force failure for all recipients.
1166 addrlist chain of potential addresses to deliver; only those whose
1167 transport_return field is set to PENDING_DEFER are currently
1168 being processed; others should be skipped - they have either
1169 been delivered to an earlier host or IP address, or been
1170 failed by one of them.
1171 host host to deliver to
1172 host_af AF_INET or AF_INET6
1173 port default TCP/IP port to use, in host byte order
1174 interface interface to bind to, or NULL
1175 tblock transport instance block
1176 copy_host TRUE if host set in addr->host_used must be copied, because
1177 it is specific to this call of the transport
1178 message_defer set TRUE if yield is OK, but all addresses were deferred
1179 because of a non-recipient, non-host failure, that is, a
1180 4xx response to MAIL FROM, DATA, or ".". This is a defer
1181 that is specific to the message.
1182 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1183 a second attempt after TLS initialization fails
1185 Returns: OK - the connection was made and the delivery attempted;
1186 the result for each address is in its data block.
1187 DEFER - the connection could not be made, or something failed
1188 while setting up the SMTP session, or there was a
1189 non-message-specific error, such as a timeout.
1190 ERROR - a filter command is specified for this transport,
1191 and there was a problem setting it up; OR helo_data
1192 or add_headers or authenticated_sender is specified
1193 for this transport, and the string failed to expand
1197 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1198 uschar *interface, transport_instance *tblock, BOOL copy_host,
1199 BOOL *message_defer, BOOL suppress_tls)
1202 address_item *sync_addr;
1203 address_item *first_addr = addrlist;
1208 time_t start_delivery_time = time(NULL);
1209 smtp_transport_options_block *ob =
1210 (smtp_transport_options_block *)(tblock->options_block);
1211 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1212 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
1214 BOOL send_rset = TRUE;
1215 BOOL send_quit = TRUE;
1216 BOOL setting_up = TRUE;
1217 BOOL completed_address = FALSE;
1220 BOOL pass_message = FALSE;
1221 #ifndef DISABLE_PRDR
1222 BOOL prdr_offered = FALSE;
1225 #ifdef EXPERIMENTAL_DSN
1226 BOOL dsn_all_lasthop = TRUE;
1228 smtp_inblock inblock;
1229 smtp_outblock outblock;
1230 int max_rcpt = tblock->max_addresses;
1231 uschar *igquotstr = US"";
1232 uschar *helo_data = NULL;
1233 uschar *message = NULL;
1234 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1236 uschar buffer[4096];
1237 uschar inbuffer[4096];
1238 uschar outbuffer[4096];
1240 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1242 *message_defer = FALSE;
1243 smtp_command = US"initial connection";
1244 if (max_rcpt == 0) max_rcpt = 999999;
1246 /* Set up the buffer for reading SMTP response packets. */
1248 inblock.buffer = inbuffer;
1249 inblock.buffersize = sizeof(inbuffer);
1250 inblock.ptr = inbuffer;
1251 inblock.ptrend = inbuffer;
1253 /* Set up the buffer for holding SMTP commands while pipelining */
1255 outblock.buffer = outbuffer;
1256 outblock.buffersize = sizeof(outbuffer);
1257 outblock.ptr = outbuffer;
1258 outblock.cmd_count = 0;
1259 outblock.authenticating = FALSE;
1261 /* Reset the parameters of a TLS session. */
1264 tls_out.cipher = NULL; /* the one we may use for this transport */
1265 tls_out.ourcert = NULL;
1266 tls_out.peercert = NULL;
1267 tls_out.peerdn = NULL;
1268 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1271 tls_out.ocsp = OCSP_NOT_REQ;
1273 /* Flip the legacy TLS-related variables over to the outbound set in case
1274 they're used in the context of the transport. Don't bother resetting
1275 afterward as we're in a subprocess. */
1277 tls_modify_variables(&tls_out);
1282 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1287 /* Make a connection to the host if this isn't a continued delivery, and handle
1288 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1289 specially so they can be identified for retries. */
1291 if (continue_hostname == NULL)
1293 inblock.sock = outblock.sock =
1294 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
1295 ob->keepalive, ob->dscp); /* This puts port into host->port */
1297 if (inblock.sock < 0)
1299 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
1300 NULL, DEFER, FALSE);
1304 /* Expand the greeting message while waiting for the initial response. (Makes
1305 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1306 delayed till here so that $sending_interface and $sending_port are set. */
1308 helo_data = expand_string(ob->helo_data);
1310 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1311 is nevertheless a reasonably clean way of programming this kind of logic,
1312 where you want to escape on any error. */
1316 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1317 ob->command_timeout)) goto RESPONSE_FAILED;
1319 /* Now check if the helo_data expansion went well, and sign off cleanly if
1322 if (helo_data == NULL)
1324 uschar *message = string_sprintf("failed to expand helo_data: %s",
1325 expand_string_message);
1326 set_errno(addrlist, 0, message, DEFER, FALSE);
1332 /** Debugging without sending a message
1333 addrlist->transport_return = DEFER;
1337 /* Errors that occur after this point follow an SMTP command, which is
1338 left in big_buffer by smtp_write_command() for use in error messages. */
1340 smtp_command = big_buffer;
1342 /* Tell the remote who we are...
1344 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1345 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1346 greeting is of this form. The assumption was that the far end supports it
1347 properly... but experience shows that there are some that give 5xx responses,
1348 even though the banner includes "ESMTP" (there's a bloody-minded one that
1349 says "ESMTP not spoken here"). Cope with that case.
1351 September 2000: Time has passed, and it seems reasonable now to always send
1352 EHLO at the start. It is also convenient to make the change while installing
1355 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1356 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1357 would be no way to send out the mails, so there is now a host list
1358 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1359 PIPELINING problem as well. Maybe it can also be useful to cure other
1360 problems with broken servers.
1362 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1363 Then somebody tried it with a Microsoft mailer... It seems that all other
1364 mailers use upper case for some reason (the RFC is quite clear about case
1365 independence) so, for peace of mind, I gave in. */
1367 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1368 host->name, host->address, NULL) != OK;
1370 /* Alas; be careful, since this goto is not an error-out, so conceivably
1371 we might set data between here and the target which we assume to exist
1372 and be usable. I can see this coming back to bite us. */
1377 suppress_tls = FALSE;
1378 ob->tls_tempfail_tryclear = FALSE;
1379 smtp_command = US"SSL-on-connect";
1386 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1387 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1389 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1390 ob->command_timeout))
1392 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1399 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1404 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1406 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1407 ob->command_timeout)) goto RESPONSE_FAILED;
1410 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1411 lmtp_ignore_quota option was set. */
1413 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1414 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1415 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1417 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1420 tls_offered = esmtp &&
1421 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1422 PCRE_EOPT, NULL, 0) >= 0;
1425 #ifndef DISABLE_PRDR
1426 prdr_offered = esmtp &&
1427 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1428 PCRE_EOPT, NULL, 0) >= 0) &&
1429 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1430 host->address, NULL) == OK);
1433 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1437 /* For continuing deliveries down the same channel, the socket is the standard
1438 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1439 below). Set up the pointer to where subsequent commands will be left, for
1440 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1441 set from the command line if they were set in the process that passed the
1446 inblock.sock = outblock.sock = fileno(stdin);
1447 smtp_command = big_buffer;
1448 host->port = port; /* Record the port that was used */
1451 /* If TLS is available on this connection, whether continued or not, attempt to
1452 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1453 send another EHLO - the server may give a different answer in secure mode. We
1454 use a separate buffer for reading the response to STARTTLS so that if it is
1455 negative, the original EHLO data is available for subsequent analysis, should
1456 the client not be required to use TLS. If the response is bad, copy the buffer
1457 for error analysis. */
1460 if (tls_offered && !suppress_tls &&
1461 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1462 host->address, NULL) != OK)
1464 uschar buffer2[4096];
1465 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1468 /* If there is an I/O error, transmission of this message is deferred. If
1469 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1470 false, we also defer. However, if there is a temporary rejection of STARTTLS
1471 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1472 STARTTLS, we carry on. This means we will try to send the message in clear,
1473 unless the host is in hosts_require_tls (tested below). */
1475 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1476 ob->command_timeout))
1478 if (errno != 0 || buffer2[0] == 0 ||
1479 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1481 Ustrncpy(buffer, buffer2, sizeof(buffer));
1482 goto RESPONSE_FAILED;
1486 /* STARTTLS accepted: try to negotiate a TLS session. */
1491 int rc = tls_client_start(inblock.sock, host, addrlist, ob);
1493 /* TLS negotiation failed; give an error. From outside, this function may
1494 be called again to try in clear on a new connection, if the options permit
1495 it for this host. */
1499 save_errno = ERRNO_TLSFAILURE;
1500 message = US"failure while setting up TLS session";
1505 /* TLS session is set up */
1507 for (addr = addrlist; addr != NULL; addr = addr->next)
1509 if (addr->transport_return == PENDING_DEFER)
1511 addr->cipher = tls_out.cipher;
1512 addr->ourcert = tls_out.ourcert;
1513 addr->peercert = tls_out.peercert;
1514 addr->peerdn = tls_out.peerdn;
1515 addr->ocsp = tls_out.ocsp;
1521 /* if smtps, we'll have smtp_command set to something else; always safe to
1523 smtp_command = big_buffer;
1525 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1526 helo_data is null, we are dealing with a connection that was passed from
1527 another process, and so we won't have expanded helo_data above. We have to
1528 expand it here. $sending_ip_address and $sending_port are set up right at the
1529 start of the Exim process (in exim.c). */
1531 if (tls_out.active >= 0)
1534 if (helo_data == NULL)
1536 helo_data = expand_string(ob->helo_data);
1537 if (helo_data == NULL)
1539 uschar *message = string_sprintf("failed to expand helo_data: %s",
1540 expand_string_message);
1541 set_errno(addrlist, 0, message, DEFER, FALSE);
1547 /* For SMTPS we need to wait for the initial OK response. */
1550 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1551 ob->command_timeout)) goto RESPONSE_FAILED;
1555 greeting_cmd = "EHLO";
1558 greeting_cmd = "HELO";
1560 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1563 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1564 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1566 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1567 ob->command_timeout))
1568 goto RESPONSE_FAILED;
1571 /* If the host is required to use a secure channel, ensure that we
1574 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1575 host->address, NULL) == OK)
1577 save_errno = ERRNO_TLSREQUIRED;
1578 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1579 host->name, host->address,
1580 tls_offered? "an attempt to start TLS failed" :
1581 "the server did not offer TLS support");
1586 /* If TLS is active, we have just started it up and re-done the EHLO command,
1587 so its response needs to be analyzed. If TLS is not active and this is a
1588 continued session down a previously-used socket, we haven't just done EHLO, so
1591 if (continue_hostname == NULL
1593 || tls_out.active >= 0
1597 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1598 lmtp_ignore_quota option was set. */
1600 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1601 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1602 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1604 /* If the response to EHLO specified support for the SIZE parameter, note
1605 this, provided size_addition is non-negative. */
1607 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1608 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1609 PCRE_EOPT, NULL, 0) >= 0;
1611 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1612 the current host, esmtp will be false, so PIPELINING can never be used. If
1613 the current host matches hosts_avoid_pipelining, don't do it. */
1615 smtp_use_pipelining = esmtp &&
1616 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1617 host->address, NULL) != OK &&
1618 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1619 PCRE_EOPT, NULL, 0) >= 0;
1621 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1622 smtp_use_pipelining? "" : "not ");
1624 #ifndef DISABLE_PRDR
1625 prdr_offered = esmtp &&
1626 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1627 PCRE_EOPT, NULL, 0) >= 0 &&
1628 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1629 host->address, NULL) == OK;
1632 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1635 #ifdef EXPERIMENTAL_DSN
1636 /* Note if the server supports DSN */
1637 smtp_use_dsn = esmtp && pcre_exec(regex_DSN, NULL, CS buffer, (int)Ustrlen(CS buffer), 0,
1638 PCRE_EOPT, NULL, 0) >= 0;
1639 DEBUG(D_transport) debug_printf("use_dsn=%d\n", smtp_use_dsn);
1642 /* Note if the response to EHLO specifies support for the AUTH extension.
1643 If it has, check that this host is one we want to authenticate to, and do
1644 the business. The host name and address must be available when the
1645 authenticator's client driver is running. */
1647 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1648 ob, esmtp, &inblock, &outblock))
1650 default: goto SEND_QUIT;
1652 case FAIL_SEND: goto SEND_FAILED;
1653 case FAIL: goto RESPONSE_FAILED;
1657 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1658 message-specific. */
1662 /* If there is a filter command specified for this transport, we can now
1663 set it up. This cannot be done until the identify of the host is known. */
1665 if (tblock->filter_command != NULL)
1669 sprintf(CS buffer, "%.50s transport", tblock->name);
1670 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1671 TRUE, DEFER, addrlist, buffer, NULL);
1672 transport_filter_timeout = tblock->filter_timeout;
1674 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1679 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1687 /* For messages that have more than the maximum number of envelope recipients,
1688 we want to send several transactions down the same SMTP connection. (See
1689 comments in deliver.c as to how this reconciles, heuristically, with
1690 remote_max_parallel.) This optimization was added to Exim after the following
1691 code was already working. The simplest way to put it in without disturbing the
1692 code was to use a goto to jump back to this point when there is another
1693 transaction to handle. */
1696 sync_addr = first_addr;
1700 completed_address = FALSE;
1703 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1704 qualification, send it, adding something to the message size to allow for
1705 imprecision and things that get added en route. Exim keeps the number of lines
1706 in a message, so we can give an accurate value for the original message, but we
1707 need some additional to handle added headers. (Double "." characters don't get
1708 included in the count.) */
1715 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1719 #ifndef DISABLE_PRDR
1720 prdr_active = FALSE;
1723 for (addr = first_addr; addr; addr = addr->next)
1724 if (addr->transport_return == PENDING_DEFER)
1726 for (addr = addr->next; addr; addr = addr->next)
1727 if (addr->transport_return == PENDING_DEFER)
1728 { /* at least two recipients to send */
1730 sprintf(CS p, " PRDR"); p += 5;
1731 goto prdr_is_active;
1739 #ifdef EXPERIMENTAL_DSN
1740 /* check if all addresses have lasthop flag */
1741 /* do not send RET and ENVID if true */
1742 dsn_all_lasthop = TRUE;
1743 for (addr = first_addr;
1744 address_count < max_rcpt && addr != NULL;
1746 if ((addr->dsn_flags & rf_dsnlasthop) != 1)
1747 dsn_all_lasthop = FALSE;
1749 /* Add any DSN flags to the mail command */
1751 if ((smtp_use_dsn) && (dsn_all_lasthop == FALSE))
1753 if (dsn_ret == dsn_ret_hdrs)
1755 strcpy(p, " RET=HDRS");
1758 else if (dsn_ret == dsn_ret_full)
1760 strcpy(p, " RET=FULL");
1763 if (dsn_envid != NULL)
1765 string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
1771 /* If an authenticated_sender override has been specified for this transport
1772 instance, expand it. If the expansion is forced to fail, and there was already
1773 an authenticated_sender for this message, the original value will be used.
1774 Other expansion failures are serious. An empty result is ignored, but there is
1775 otherwise no check - this feature is expected to be used with LMTP and other
1776 cases where non-standard addresses (e.g. without domains) might be required. */
1778 if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1781 /* From here until we send the DATA command, we can make use of PIPELINING
1782 if the server host supports it. The code has to be able to check the responses
1783 at any point, for when the buffer fills up, so we write it totally generally.
1784 When PIPELINING is off, each command written reports that it has flushed the
1787 pending_MAIL = TRUE; /* The block starts with MAIL */
1789 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1790 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1791 mail_command = string_copy(big_buffer); /* Save for later error message */
1795 case -1: /* Transmission error */
1798 case +1: /* Block was sent */
1799 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1800 ob->command_timeout))
1802 if (errno == 0 && buffer[0] == '4')
1804 errno = ERRNO_MAIL4XX;
1805 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1807 goto RESPONSE_FAILED;
1809 pending_MAIL = FALSE;
1813 /* Pass over all the relevant recipient addresses for this host, which are the
1814 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1815 several before we have to read the responses for those seen so far. This
1816 checking is done by a subroutine because it also needs to be done at the end.
1817 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1818 the next one if not all are sent.
1820 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1821 last address because we want to abort if any recipients have any kind of
1822 problem, temporary or permanent. We know that all recipient addresses will have
1823 the PENDING_DEFER status, because only one attempt is ever made, and we know
1824 that max_rcpt will be large, so all addresses will be done at once. */
1826 for (addr = first_addr;
1827 address_count < max_rcpt && addr != NULL;
1833 #ifdef EXPERIMENTAL_DSN
1835 addr->dsn_aware = dsn_support_yes;
1837 addr->dsn_aware = dsn_support_no;
1840 if (addr->transport_return != PENDING_DEFER) continue;
1843 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1845 #ifdef EXPERIMENTAL_DSN
1846 /* Add any DSN flags to the rcpt command and add to the sent string */
1851 if ((smtp_use_dsn) && ((addr->dsn_flags & rf_dsnlasthop) != 1))
1853 if ((addr->dsn_flags & rf_dsnflags) != 0)
1857 strcpy(p, " NOTIFY=");
1859 for (i = 0; i < 4; i++)
1861 if ((addr->dsn_flags & rf_list[i]) != 0)
1863 if (!first) *p++ = ',';
1865 strcpy(p, rf_names[i]);
1871 if (addr->dsn_orcpt != NULL) {
1872 string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
1880 /* Now send the RCPT command, and process outstanding responses when
1881 necessary. After a timeout on RCPT, we just end the function, leaving the
1882 yield as OK, because this error can often mean that there is a problem with
1883 just one address, so we don't want to delay the host. */
1885 #ifdef EXPERIMENTAL_DSN
1886 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
1887 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr, buffer);
1889 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1890 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1893 if (count < 0) goto SEND_FAILED;
1896 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1897 &sync_addr, host, count, ob->address_retry_include_sender,
1898 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1901 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1902 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1905 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1906 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1907 case 0: /* No 2xx or 5xx, but no probs */
1910 case -1: goto END_OFF; /* Timeout on RCPT */
1911 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1913 pending_MAIL = FALSE; /* Dealt with MAIL */
1915 } /* Loop for next address */
1917 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1918 permanently or temporarily. We should have flushed and synced after the last
1923 address_item *badaddr;
1924 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1926 if (badaddr->transport_return != PENDING_OK) break;
1928 if (badaddr != NULL)
1930 set_errno(addrlist, 0, badaddr->message, FAIL,
1931 testflag(badaddr, af_pass_message));
1936 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1937 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1938 have a good recipient buffered up if we are pipelining. We don't want to waste
1939 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1940 are pipelining. The responses are all handled by sync_responses(). */
1942 if (ok || (smtp_use_pipelining && !mua_wrapper))
1944 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1945 if (count < 0) goto SEND_FAILED;
1946 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1947 host, count, ob->address_retry_include_sender, pending_MAIL,
1948 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1950 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1951 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1954 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1955 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1956 case 0: break; /* No 2xx or 5xx, but no probs */
1958 case -1: goto END_OFF; /* Timeout on RCPT */
1959 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1963 /* Save the first address of the next batch. */
1967 /* If there were no good recipients (but otherwise there have been no
1968 problems), just set ok TRUE, since we have handled address-specific errors
1969 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1970 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1971 well as body. Set the appropriate timeout value to be used for each chunk.
1972 (Haven't been able to make it work using select() for writing yet.) */
1974 if (!ok) ok = TRUE; else
1976 sigalrm_seen = FALSE;
1977 transport_write_timeout = ob->data_timeout;
1978 smtp_command = US"sending data block"; /* For error messages */
1979 DEBUG(D_transport|D_v)
1980 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1981 transport_count = 0;
1982 #ifndef DISABLE_DKIM
1983 ok = dkim_transport_write_message(addrlist, inblock.sock,
1984 topt_use_crlf | topt_end_dot | topt_escape_headers |
1985 (tblock->body_only? topt_no_headers : 0) |
1986 (tblock->headers_only? topt_no_body : 0) |
1987 (tblock->return_path_add? topt_add_return_path : 0) |
1988 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1989 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1990 0, /* No size limit */
1991 tblock->add_headers, tblock->remove_headers,
1992 US".", US"..", /* Escaping strings */
1993 tblock->rewrite_rules, tblock->rewrite_existflags,
1994 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1995 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1998 ok = transport_write_message(addrlist, inblock.sock,
1999 topt_use_crlf | topt_end_dot | topt_escape_headers |
2000 (tblock->body_only? topt_no_headers : 0) |
2001 (tblock->headers_only? topt_no_body : 0) |
2002 (tblock->return_path_add? topt_add_return_path : 0) |
2003 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
2004 (tblock->envelope_to_add? topt_add_envelope_to : 0),
2005 0, /* No size limit */
2006 tblock->add_headers, tblock->remove_headers,
2007 US".", US"..", /* Escaping strings */
2008 tblock->rewrite_rules, tblock->rewrite_existflags);
2011 /* transport_write_message() uses write() because it is called from other
2012 places to write to non-sockets. This means that under some OS (e.g. Solaris)
2013 it can exit with "Broken pipe" as its error. This really means that the
2014 socket got closed at the far end. */
2016 transport_write_timeout = 0; /* for subsequent transports */
2018 /* Failure can either be some kind of I/O disaster (including timeout),
2019 or the failure of a transport filter or the expansion of added headers. */
2023 buffer[0] = 0; /* There hasn't been a response */
2024 goto RESPONSE_FAILED;
2027 /* We used to send the terminating "." explicitly here, but because of
2028 buffering effects at both ends of TCP/IP connections, you don't gain
2029 anything by keeping it separate, so it might as well go in the final
2030 data buffer for efficiency. This is now done by setting the topt_end_dot
2033 smtp_command = US"end of data";
2035 #ifndef DISABLE_PRDR
2036 /* For PRDR we optionally get a partial-responses warning
2037 * followed by the individual responses, before going on with
2038 * the overall response. If we don't get the warning then deal
2039 * with per non-PRDR. */
2042 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
2044 if (!ok && errno == 0)
2047 case '2': prdr_active = FALSE;
2050 case '4': errno = ERRNO_DATA4XX;
2051 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2058 /* For non-PRDR SMTP, we now read a single response that applies to the
2059 whole message. If it is OK, then all the addresses have been delivered. */
2063 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2065 if (!ok && errno == 0 && buffer[0] == '4')
2067 errno = ERRNO_DATA4XX;
2068 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2072 /* For LMTP, we get back a response for every RCPT command that we sent;
2073 some may be accepted and some rejected. For those that get a response, their
2074 status is fixed; any that are accepted have been handed over, even if later
2075 responses crash - at least, that's how I read RFC 2033.
2077 If all went well, mark the recipient addresses as completed, record which
2078 host/IPaddress they were delivered to, and cut out RSET when sending another
2079 message down the same channel. Write the completed addresses to the journal
2080 now so that they are recorded in case there is a crash of hardware or
2081 software before the spool gets updated. Also record the final SMTP
2082 confirmation if needed (for SMTP only). */
2087 int delivery_time = (int)(time(NULL) - start_delivery_time);
2090 uschar *conf = NULL;
2093 /* Make a copy of the host if it is local to this invocation
2094 of the transport. */
2098 thost = store_get(sizeof(host_item));
2100 thost->name = string_copy(host->name);
2101 thost->address = string_copy(host->address);
2105 /* Set up confirmation if needed - applies only to SMTP */
2108 #ifndef EXPERIMENTAL_TPDA
2109 (log_extra_selector & LX_smtp_confirmation) != 0 &&
2114 uschar *s = string_printing(buffer);
2115 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2118 /* Process all transported addresses - for LMTP or PRDR, read a status for
2121 for (addr = addrlist; addr != first_addr; addr = addr->next)
2123 if (addr->transport_return != PENDING_OK) continue;
2125 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2126 remaining addresses. Otherwise, it's a return code for just the one
2127 address. For temporary errors, add a retry item for the address so that
2128 it doesn't get tried again too soon. */
2130 #ifndef DISABLE_PRDR
2131 if (lmtp || prdr_active)
2136 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2139 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
2140 addr->message = string_sprintf(
2141 #ifndef DISABLE_PRDR
2142 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2144 "LMTP error after %s: %s",
2146 big_buffer, string_printing(buffer));
2147 setflag(addr, af_pass_message); /* Allow message to go to user */
2148 if (buffer[0] == '5')
2149 addr->transport_return = FAIL;
2152 errno = ERRNO_DATA4XX;
2153 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2154 addr->transport_return = DEFER;
2155 #ifndef DISABLE_PRDR
2158 retry_add_item(addr, addr->address_retry_key, 0);
2162 completed_address = TRUE; /* NOW we can set this flag */
2163 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2165 uschar *s = string_printing(buffer);
2166 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2170 /* SMTP, or success return from LMTP for this address. Pass back the
2171 actual host that was used. */
2173 addr->transport_return = OK;
2174 addr->more_errno = delivery_time;
2175 addr->host_used = thost;
2176 addr->special_action = flag;
2177 addr->message = conf;
2178 #ifndef DISABLE_PRDR
2179 if (prdr_active) addr->flags |= af_prdr_used;
2183 #ifndef DISABLE_PRDR
2187 /* Update the journal. For homonymic addresses, use the base address plus
2188 the transport name. See lots of comments in deliver.c about the reasons
2189 for the complications when homonyms are involved. Just carry on after
2190 write error, as it may prove possible to update the spool file later. */
2192 if (testflag(addr, af_homonym))
2193 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2195 sprintf(CS buffer, "%.500s\n", addr->unique);
2197 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2198 len = Ustrlen(CS buffer);
2199 if (write(journal_fd, buffer, len) != len)
2200 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2201 "%s: %s", buffer, strerror(errno));
2205 #ifndef DISABLE_PRDR
2208 /* PRDR - get the final, overall response. For any non-success
2209 upgrade all the address statuses. */
2210 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2214 if(errno == 0 && buffer[0] == '4')
2216 errno = ERRNO_DATA4XX;
2217 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2219 for (addr = addrlist; addr != first_addr; addr = addr->next)
2220 if (buffer[0] == '5' || addr->transport_return == OK)
2221 addr->transport_return = PENDING_OK; /* allow set_errno action */
2222 goto RESPONSE_FAILED;
2225 /* Update the journal, or setup retry. */
2226 for (addr = addrlist; addr != first_addr; addr = addr->next)
2227 if (addr->transport_return == OK)
2229 if (testflag(addr, af_homonym))
2230 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2232 sprintf(CS buffer, "%.500s\n", addr->unique);
2234 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2235 len = Ustrlen(CS buffer);
2236 if (write(journal_fd, buffer, len) != len)
2237 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2238 "%s: %s", buffer, strerror(errno));
2240 else if (addr->transport_return == DEFER)
2241 retry_add_item(addr, addr->address_retry_key, -2);
2245 /* Ensure the journal file is pushed out to disk. */
2247 if (EXIMfsync(journal_fd) < 0)
2248 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2254 /* Handle general (not specific to one address) failures here. The value of ok
2255 is used to skip over this code on the falling through case. A timeout causes a
2256 deferral. Other errors may defer or fail according to the response code, and
2257 may set up a special errno value, e.g. after connection chopped, which is
2258 assumed if errno == 0 and there is no text in the buffer. If control reaches
2259 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2260 the problem is not related to this specific message. */
2269 send_quit = check_response(host, &save_errno, addrlist->more_errno,
2270 buffer, &code, &message, &pass_message);
2276 message = US string_sprintf("send() to %s [%s] failed: %s",
2277 host->name, host->address, strerror(save_errno));
2281 /* This label is jumped to directly when a TLS negotiation has failed,
2282 or was not done for a host for which it is required. Values will be set
2283 in message and save_errno, and setting_up will always be true. Treat as
2284 a temporary error. */
2291 /* If the failure happened while setting up the call, see if the failure was
2292 a 5xx response (this will either be on connection, or following HELO - a 5xx
2293 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2294 never going to accept them. For other errors during setting up (timeouts or
2295 whatever), defer all addresses, and yield DEFER, so that the host is not
2296 tried again for a while. */
2299 ok = FALSE; /* For when reached by GOTO */
2305 set_errno(addrlist, save_errno, message, FAIL, pass_message);
2309 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2314 /* We want to handle timeouts after MAIL or "." and loss of connection after
2315 "." specially. They can indicate a problem with the sender address or with
2316 the contents of the message rather than a real error on the connection. These
2317 cases are treated in the same way as a 4xx response. This next bit of code
2318 does the classification. */
2329 message_error = TRUE;
2333 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2334 Ustrncmp(smtp_command,"end ",4) == 0;
2337 case ERRNO_SMTPCLOSED:
2338 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2342 message_error = FALSE;
2346 /* Handle the cases that are treated as message errors. These are:
2348 (a) negative response or timeout after MAIL
2349 (b) negative response after DATA
2350 (c) negative response or timeout or dropped connection after "."
2352 It won't be a negative response or timeout after RCPT, as that is dealt
2353 with separately above. The action in all cases is to set an appropriate
2354 error code for all the addresses, but to leave yield set to OK because the
2355 host itself has not failed. Of course, it might in practice have failed
2356 when we've had a timeout, but if so, we'll discover that at the next
2357 delivery attempt. For a temporary error, set the message_defer flag, and
2358 write to the logs for information if this is not the last host. The error
2359 for the last host will be logged as part of the address's log line. */
2363 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2364 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2367 /* If there's an errno, the message contains just the identity of
2370 if (code != '5') /* Anything other than 5 is treated as temporary */
2373 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2374 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2375 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2376 *message_defer = TRUE;
2380 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2381 ".", or some other transportation error. We defer all addresses and yield
2382 DEFER, except for the case of failed add_headers expansion, or a transport
2383 filter failure, when the yield should be ERROR, to stop it trying other
2388 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2389 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2390 set_errno(addrlist, save_errno, message, DEFER, pass_message);
2396 /* If all has gone well, send_quit will be set TRUE, implying we can end the
2397 SMTP session tidily. However, if there were too many addresses to send in one
2398 message (indicated by first_addr being non-NULL) we want to carry on with the
2399 rest of them. Also, it is desirable to send more than one message down the SMTP
2400 connection if there are several waiting, provided we haven't already sent so
2401 many as to hit the configured limit. The function transport_check_waiting looks
2402 for a waiting message and returns its id. Then transport_pass_socket tries to
2403 set up a continued delivery by passing the socket on to another process. The
2404 variable send_rset is FALSE if a message has just been successfully transfered.
2406 If we are already sending down a continued channel, there may be further
2407 addresses not yet delivered that are aimed at the same host, but which have not
2408 been passed in this run of the transport. In this case, continue_more will be
2409 true, and all we should do is send RSET if necessary, and return, leaving the
2412 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2413 do not want to continue with other messages down the same channel, because that
2414 can lead to looping between two or more messages, all with the same,
2415 temporarily failing address(es). [The retry information isn't updated yet, so
2416 new processes keep on trying.] We probably also don't want to try more of this
2417 message's addresses either.
2419 If we have started a TLS session, we have to end it before passing the
2420 connection to a new process. However, not all servers can handle this (Exim
2421 can), so we do not pass such a connection on if the host matches
2422 hosts_nopass_tls. */
2425 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2426 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2427 continue_more, yield, (first_addr == NULL)? "":"not ");
2429 if (completed_address && ok && send_quit)
2432 if (first_addr != NULL || continue_more ||
2434 (tls_out.active < 0 ||
2435 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2436 host->address, NULL) != OK)
2438 transport_check_waiting(tblock->name, host->name,
2439 tblock->connection_max_messages, new_message_id, &more)
2447 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2449 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2450 host->address, strerror(save_errno));
2453 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2454 ob->command_timeout)))
2457 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2461 DEBUG(D_transport) debug_printf("%s\n", msg);
2466 /* Either RSET was not needed, or it succeeded */
2470 if (first_addr != NULL) /* More addresses still to be sent */
2471 { /* in this run of the transport */
2472 continue_sequence++; /* Causes * in logging */
2475 if (continue_more) return yield; /* More addresses for another run */
2477 /* Pass the socket to a new Exim process. Before doing so, we must shut
2478 down TLS. Not all MTAs allow for the continuation of the SMTP session
2479 when TLS is shut down. We test for this by sending a new EHLO. If we
2480 don't get a good response, we don't attempt to pass the socket on. */
2483 if (tls_out.active >= 0)
2485 tls_close(FALSE, TRUE);
2489 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2490 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2491 ob->command_timeout);
2495 /* If the socket is successfully passed, we musn't send QUIT (or
2496 indeed anything!) from here. */
2498 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2499 new_message_id, inblock.sock))
2505 /* If RSET failed and there are addresses left, they get deferred. */
2507 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2511 /* End off tidily with QUIT unless the connection has died or the socket has
2512 been passed to another process. There has been discussion on the net about what
2513 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2514 to wait for a response, but on the other hand, there isn't anything one can do
2515 with an error response, other than log it. Exim used to do that. However,
2516 further discussion suggested that it is positively advantageous not to wait for
2517 the response, but to close the session immediately. This is supposed to move
2518 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2519 load from the server. (Hosts that are both servers and clients may not see much
2520 difference, of course.) Further discussion indicated that this was safe to do
2521 on Unix systems which have decent implementations of TCP/IP that leave the
2522 connection around for a while (TIME_WAIT) after the application has gone away.
2523 This enables the response sent by the server to be properly ACKed rather than
2524 timed out, as can happen on broken TCP/IP implementations on other OS.
2526 This change is being made on 31-Jul-98. After over a year of trouble-free
2527 operation, the old commented-out code was removed on 17-Sep-99. */
2530 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2535 tls_close(FALSE, TRUE);
2538 /* Close the socket, and return the appropriate value, first setting
2539 works because the NULL setting is passed back to the calling process, and
2540 remote_max_parallel is forced to 1 when delivering over an existing connection,
2542 If all went well and continue_more is set, we shouldn't actually get here if
2543 there are further addresses, as the return above will be taken. However,
2544 writing RSET might have failed, or there may be other addresses whose hosts are
2545 specified in the transports, and therefore not visible at top level, in which
2546 case continue_more won't get set. */
2548 (void)close(inblock.sock);
2549 continue_transport = NULL;
2550 continue_hostname = NULL;
2557 /*************************************************
2558 * Closedown entry point *
2559 *************************************************/
2561 /* This function is called when exim is passed an open smtp channel
2562 from another incarnation, but the message which it has been asked
2563 to deliver no longer exists. The channel is on stdin.
2565 We might do fancy things like looking for another message to send down
2566 the channel, but if the one we sought has gone, it has probably been
2567 delivered by some other process that itself will seek further messages,
2568 so just close down our connection.
2570 Argument: pointer to the transport instance block
2575 smtp_transport_closedown(transport_instance *tblock)
2577 smtp_transport_options_block *ob =
2578 (smtp_transport_options_block *)(tblock->options_block);
2579 smtp_inblock inblock;
2580 smtp_outblock outblock;
2582 uschar inbuffer[4096];
2583 uschar outbuffer[16];
2585 inblock.sock = fileno(stdin);
2586 inblock.buffer = inbuffer;
2587 inblock.buffersize = sizeof(inbuffer);
2588 inblock.ptr = inbuffer;
2589 inblock.ptrend = inbuffer;
2591 outblock.sock = inblock.sock;
2592 outblock.buffersize = sizeof(outbuffer);
2593 outblock.buffer = outbuffer;
2594 outblock.ptr = outbuffer;
2595 outblock.cmd_count = 0;
2596 outblock.authenticating = FALSE;
2598 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2599 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2600 ob->command_timeout);
2601 (void)close(inblock.sock);
2606 /*************************************************
2607 * Prepare addresses for delivery *
2608 *************************************************/
2610 /* This function is called to flush out error settings from previous delivery
2611 attempts to other hosts. It also records whether we got here via an MX record
2612 or not in the more_errno field of the address. We are interested only in
2613 addresses that are still marked DEFER - others may have got delivered to a
2614 previously considered IP address. Set their status to PENDING_DEFER to indicate
2615 which ones are relevant this time.
2618 addrlist the list of addresses
2619 host the host we are delivering to
2621 Returns: the first address for this delivery
2624 static address_item *
2625 prepare_addresses(address_item *addrlist, host_item *host)
2627 address_item *first_addr = NULL;
2629 for (addr = addrlist; addr != NULL; addr = addr->next)
2631 if (addr->transport_return != DEFER) continue;
2632 if (first_addr == NULL) first_addr = addr;
2633 addr->transport_return = PENDING_DEFER;
2634 addr->basic_errno = 0;
2635 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2636 addr->message = NULL;
2638 addr->cipher = NULL;
2639 addr->ourcert = NULL;
2640 addr->peercert = NULL;
2641 addr->peerdn = NULL;
2642 addr->ocsp = OCSP_NOT_REQ;
2650 /*************************************************
2651 * Main entry point *
2652 *************************************************/
2654 /* See local README for interface details. As this is a remote transport, it is
2655 given a chain of addresses to be delivered in one connection, if possible. It
2656 always returns TRUE, indicating that each address has its own independent
2657 status set, except if there is a setting up problem, in which case it returns
2661 smtp_transport_entry(
2662 transport_instance *tblock, /* data for this instantiation */
2663 address_item *addrlist) /* addresses we are working on */
2667 int hosts_defer = 0;
2669 int hosts_looked_up = 0;
2670 int hosts_retry = 0;
2671 int hosts_serial = 0;
2672 int hosts_total = 0;
2673 int total_hosts_tried = 0;
2675 BOOL expired = TRUE;
2676 BOOL continuing = continue_hostname != NULL;
2677 uschar *expanded_hosts = NULL;
2679 uschar *tid = string_sprintf("%s transport", tblock->name);
2680 smtp_transport_options_block *ob =
2681 (smtp_transport_options_block *)(tblock->options_block);
2682 host_item *hostlist = addrlist->host_list;
2683 host_item *host = NULL;
2687 debug_printf("%s transport entered\n", tblock->name);
2688 for (addr = addrlist; addr != NULL; addr = addr->next)
2689 debug_printf(" %s\n", addr->address);
2690 if (continuing) debug_printf("already connected to %s [%s]\n",
2691 continue_hostname, continue_host_address);
2694 /* Set the flag requesting that these hosts be added to the waiting
2695 database if the delivery fails temporarily or if we are running with
2696 queue_smtp or a 2-stage queue run. This gets unset for certain
2697 kinds of error, typically those that are specific to the message. */
2699 update_waiting = TRUE;
2701 /* If a host list is not defined for the addresses - they must all have the
2702 same one in order to be passed to a single transport - or if the transport has
2703 a host list with hosts_override set, use the host list supplied with the
2704 transport. It is an error for this not to exist. */
2706 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2708 if (ob->hosts == NULL)
2710 addrlist->message = string_sprintf("%s transport called with no hosts set",
2712 addrlist->transport_return = PANIC;
2713 return FALSE; /* Only top address has status */
2716 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2719 /* If the transport's host list contains no '$' characters, and we are not
2720 randomizing, it is fixed and therefore a chain of hosts can be built once
2721 and for all, and remembered for subsequent use by other calls to this
2722 transport. If, on the other hand, the host list does contain '$', or we are
2723 randomizing its order, we have to rebuild it each time. In the fixed case,
2724 as the hosts string will never be used again, it doesn't matter that we
2725 replace all the : characters with zeros. */
2727 if (ob->hostlist == NULL)
2729 uschar *s = ob->hosts;
2731 if (Ustrchr(s, '$') != NULL)
2733 expanded_hosts = expand_string(s);
2734 if (expanded_hosts == NULL)
2736 addrlist->message = string_sprintf("failed to expand list of hosts "
2737 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2738 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2739 return FALSE; /* Only top address has status */
2741 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2742 "\"%s\"\n", s, expanded_hosts);
2746 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2748 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2750 /* Check that the expansion yielded something useful. */
2751 if (hostlist == NULL)
2754 string_sprintf("%s transport has empty hosts setting", tblock->name);
2755 addrlist->transport_return = PANIC;
2756 return FALSE; /* Only top address has status */
2759 /* If there was no expansion of hosts, save the host list for
2762 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2765 /* This is not the first time this transport has been run in this delivery;
2766 the host list was built previously. */
2768 else hostlist = ob->hostlist;
2771 /* The host list was supplied with the address. If hosts_randomize is set, we
2772 must sort it into a random order if it did not come from MX records and has not
2773 already been randomized (but don't bother if continuing down an existing
2776 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2778 host_item *newlist = NULL;
2779 while (hostlist != NULL)
2781 host_item *h = hostlist;
2782 hostlist = hostlist->next;
2784 h->sort_key = random_number(100);
2786 if (newlist == NULL)
2791 else if (h->sort_key < newlist->sort_key)
2798 host_item *hh = newlist;
2799 while (hh->next != NULL)
2801 if (h->sort_key < hh->next->sort_key) break;
2809 hostlist = addrlist->host_list = newlist;
2813 /* Sort out the default port. */
2815 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2818 /* For each host-plus-IP-address on the list:
2820 . If this is a continued delivery and the host isn't the one with the
2821 current connection, skip.
2823 . If the status is unusable (i.e. previously failed or retry checked), skip.
2825 . If no IP address set, get the address, either by turning the name into
2826 an address, calling gethostbyname if gethostbyname is on, or by calling
2827 the DNS. The DNS may yield multiple addresses, in which case insert the
2828 extra ones into the list.
2830 . Get the retry data if not previously obtained for this address and set the
2831 field which remembers the state of this address. Skip if the retry time is
2832 not reached. If not, remember whether retry data was found. The retry string
2833 contains both the name and the IP address.
2835 . Scan the list of addresses and mark those whose status is DEFER as
2836 PENDING_DEFER. These are the only ones that will be processed in this cycle
2839 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2840 Some addresses may be successfully delivered, others may fail, and yet
2841 others may get temporary errors and so get marked DEFER.
2843 . The return from the delivery attempt is OK if a connection was made and a
2844 valid SMTP dialogue was completed. Otherwise it is DEFER.
2846 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2848 . If fail to connect, or other defer state, add a retry item.
2850 . If there are any addresses whose status is still DEFER, carry on to the
2851 next host/IPaddress, unless we have tried the number of hosts given
2852 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2853 there is some fancy logic for hosts_max_try that means its limit can be
2854 overstepped in some circumstances.
2856 If we get to the end of the list, all hosts have deferred at least one address,
2857 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2858 delivery attempt to those hosts whose last try was before the arrival time of
2859 the current message. To cope with this, we have to go round the loop a second
2860 time. After that, set the status and error data for any addresses that haven't
2861 had it set already. */
2863 for (cutoff_retry = 0; expired &&
2864 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2867 host_item *nexthost = NULL;
2868 int unexpired_hosts_tried = 0;
2870 for (host = hostlist;
2872 unexpired_hosts_tried < ob->hosts_max_try &&
2873 total_hosts_tried < ob->hosts_max_try_hardlimit;
2879 BOOL serialized = FALSE;
2880 BOOL host_is_expired = FALSE;
2881 BOOL message_defer = FALSE;
2882 BOOL ifchanges = FALSE;
2883 BOOL some_deferred = FALSE;
2884 address_item *first_addr = NULL;
2885 uschar *interface = NULL;
2886 uschar *retry_host_key = NULL;
2887 uschar *retry_message_key = NULL;
2888 uschar *serialize_key = NULL;
2890 /* Default next host is next host. :-) But this can vary if the
2891 hosts_max_try limit is hit (see below). It may also be reset if a host
2892 address is looked up here (in case the host was multihomed). */
2894 nexthost = host->next;
2896 /* If the address hasn't yet been obtained from the host name, look it up
2897 now, unless the host is already marked as unusable. If it is marked as
2898 unusable, it means that the router was unable to find its IP address (in
2899 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2900 the lookup failed last time. We don't get this far if *all* MX records
2901 point to non-existent hosts; that is treated as a hard error.
2903 We can just skip this host entirely. When the hosts came from the router,
2904 the address will timeout based on the other host(s); when the address is
2905 looked up below, there is an explicit retry record added.
2907 Note that we mustn't skip unusable hosts if the address is not unset; they
2908 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2910 if (host->address == NULL)
2912 int new_port, flags;
2914 uschar *canonical_name;
2916 if (host->status >= hstatus_unusable)
2918 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2923 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2925 /* The host name is permitted to have an attached port. Find it, and
2926 strip it from the name. Just remember it for now. */
2928 new_port = host_item_get_port(host);
2930 /* Count hosts looked up */
2934 /* Find by name if so configured, or if it's an IP address. We don't
2935 just copy the IP address, because we need the test-for-local to happen. */
2937 flags = HOST_FIND_BY_A;
2938 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2939 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2941 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2942 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2944 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2945 ob->dnssec_request_domains, ob->dnssec_require_domains,
2946 &canonical_name, NULL);
2948 /* Update the host (and any additional blocks, resulting from
2949 multihoming) with a host-specific port, if any. */
2951 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2953 /* Failure to find the host at this time (usually DNS temporary failure)
2954 is really a kind of routing failure rather than a transport failure.
2955 Therefore we add a retry item of the routing kind, not to stop us trying
2956 to look this name up here again, but to ensure the address gets timed
2957 out if the failures go on long enough. A complete failure at this point
2958 commonly points to a configuration error, but the best action is still
2959 to carry on for the next host. */
2961 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2963 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2965 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2966 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2967 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2968 host->status = hstatus_unusable;
2970 for (addr = addrlist; addr != NULL; addr = addr->next)
2972 if (addr->transport_return != DEFER) continue;
2973 addr->basic_errno = ERRNO_UNKNOWNHOST;
2975 string_sprintf("failed to lookup IP address for %s", host->name);
2980 /* If the host is actually the local host, we may have a problem, or
2981 there may be some cunning configuration going on. In the problem case,
2982 log things and give up. The default transport status is already DEFER. */
2984 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2986 for (addr = addrlist; addr != NULL; addr = addr->next)
2988 addr->basic_errno = 0;
2989 addr->message = string_sprintf("%s transport found host %s to be "
2990 "local", tblock->name, host->name);
2994 } /* End of block for IP address lookup */
2996 /* If this is a continued delivery, we are interested only in the host
2997 which matches the name of the existing open channel. The check is put
2998 here after the local host lookup, in case the name gets expanded as a
2999 result of the lookup. Set expired FALSE, to save the outer loop executing
3002 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
3003 Ustrcmp(continue_host_address, host->address) != 0))
3006 continue; /* With next host */
3009 /* Reset the default next host in case a multihomed host whose addresses
3010 are not looked up till just above added to the host list. */
3012 nexthost = host->next;
3014 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
3015 domain is in queue_smtp_domains, we don't actually want to attempt any
3016 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
3017 there is a lookup defer in queue_smtp_domains, proceed as if the domain
3018 were not in it. We don't want to hold up all SMTP deliveries! Except when
3019 doing a two-stage queue run, don't do this if forcing. */
3021 if ((!deliver_force || queue_2stage) && (queue_smtp ||
3022 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
3023 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
3026 for (addr = addrlist; addr != NULL; addr = addr->next)
3028 if (addr->transport_return != DEFER) continue;
3029 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
3031 continue; /* With next host */
3034 /* Count hosts being considered - purely for an intelligent comment
3035 if none are usable. */
3039 /* Set $host and $host address now in case they are needed for the
3040 interface expansion or the serialize_hosts check; they remain set if an
3041 actual delivery happens. */
3043 deliver_host = host->name;
3044 deliver_host_address = host->address;
3045 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
3046 : host->dnssec == DS_NO ? US"no"
3049 /* Set up a string for adding to the retry key if the port number is not
3050 the standard SMTP port. A host may have its own port setting that overrides
3053 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
3055 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
3057 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
3058 string changes upon expansion, we must add it to the key that is used for
3059 retries, because connections to the same host from a different interface
3060 should be treated separately. */
3062 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
3063 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
3066 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
3068 /* The first time round the outer loop, check the status of the host by
3069 inspecting the retry data. The second time round, we are interested only
3070 in expired hosts that haven't been tried since this message arrived. */
3072 if (cutoff_retry == 0)
3074 /* Ensure the status of the address is set by checking retry data if
3075 necessary. There maybe host-specific retry data (applicable to all
3076 messages) and also data for retries of a specific message at this host.
3077 If either of these retry records are actually read, the keys used are
3078 returned to save recomputing them later. */
3080 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
3081 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
3083 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
3084 (host->address == NULL)? US"" : host->address, pistring,
3085 (host->status == hstatus_usable)? "usable" :
3086 (host->status == hstatus_unusable)? "unusable" :
3087 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
3089 /* Skip this address if not usable at this time, noting if it wasn't
3090 actually expired, both locally and in the address. */
3092 switch (host->status)
3094 case hstatus_unusable:
3096 setflag(addrlist, af_retry_skipped);
3099 case hstatus_unusable_expired:
3102 case hwhy_retry: hosts_retry++; break;
3103 case hwhy_failed: hosts_fail++; break;
3104 case hwhy_deferred: hosts_defer++; break;
3107 /* If there was a retry message key, implying that previously there
3108 was a message-specific defer, we don't want to update the list of
3109 messages waiting for these hosts. */
3111 if (retry_message_key != NULL) update_waiting = FALSE;
3112 continue; /* With the next host or IP address */
3116 /* Second time round the loop: if the address is set but expired, and
3117 the message is newer than the last try, let it through. */
3121 if (host->address == NULL ||
3122 host->status != hstatus_unusable_expired ||
3123 host->last_try > received_time)
3126 debug_printf("trying expired host %s [%s]%s\n",
3127 host->name, host->address, pistring);
3128 host_is_expired = TRUE;
3131 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
3132 it remains TRUE only if all hosts are expired and none are actually tried.
3137 /* If this host is listed as one to which access must be serialized,
3138 see if another Exim process has a connection to it, and if so, skip
3139 this host. If not, update the database to record our connection to it
3140 and remember this for later deletion. Do not do any of this if we are
3141 sending the message down a pre-existing connection. */
3144 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3145 host->address, NULL) == OK)
3147 serialize_key = string_sprintf("host-serialize-%s", host->name);
3148 if (!enq_start(serialize_key))
3151 debug_printf("skipping host %s because another Exim process "
3152 "is connected to it\n", host->name);
3159 /* OK, we have an IP address that is not waiting for its retry time to
3160 arrive (it might be expired) OR (second time round the loop) we have an
3161 expired host that hasn't been tried since the message arrived. Have a go
3162 at delivering the message to it. First prepare the addresses by flushing
3163 out the result of previous attempts, and finding the first address that
3164 is still to be delivered. */
3166 first_addr = prepare_addresses(addrlist, host);
3168 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3169 message_id, host->name, host->address, addrlist->address,
3170 (addrlist->next == NULL)? "" : ", ...");
3172 set_process_info("delivering %s to %s [%s] (%s%s)",
3173 message_id, host->name, host->address, addrlist->address,
3174 (addrlist->next == NULL)? "" : ", ...");
3176 /* This is not for real; don't do the delivery. If there are
3177 any remaining hosts, list them. */
3182 set_errno(addrlist, 0, NULL, OK, FALSE);
3183 for (addr = addrlist; addr != NULL; addr = addr->next)
3185 addr->host_used = host;
3186 addr->special_action = '*';
3187 addr->message = US"delivery bypassed by -N option";
3191 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3192 "*** host and remaining hosts:\n", tblock->name);
3193 for (host2 = host; host2 != NULL; host2 = host2->next)
3194 debug_printf(" %s [%s]\n", host2->name,
3195 (host2->address == NULL)? US"unset" : host2->address);
3200 /* This is for real. If the host is expired, we don't count it for
3201 hosts_max_retry. This ensures that all hosts must expire before an address
3202 is timed out, unless hosts_max_try_hardlimit (which protects against
3203 lunatic DNS configurations) is reached.
3205 If the host is not expired and we are about to hit the hosts_max_retry
3206 limit, check to see if there is a subsequent hosts with a different MX
3207 value. If so, make that the next host, and don't count this one. This is a
3208 heuristic to make sure that different MXs do get tried. With a normal kind
3209 of retry rule, they would get tried anyway when the earlier hosts were
3210 delayed, but if the domain has a "retry every time" type of rule - as is
3211 often used for the the very large ISPs, that won't happen. */
3215 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3219 debug_printf("hosts_max_try limit reached with this host\n");
3220 for (h = host; h != NULL; h = h->next)
3221 if (h->mx != host->mx) break;
3225 unexpired_hosts_tried--;
3226 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3227 "and will be tried\n");
3231 /* Attempt the delivery. */
3233 total_hosts_tried++;
3234 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3235 expanded_hosts != NULL, &message_defer, FALSE);
3238 OK => connection made, each address contains its result;
3239 message_defer is set for message-specific defers (when all
3240 recipients are marked defer)
3241 DEFER => there was a non-message-specific delivery problem;
3242 ERROR => there was a problem setting up the arguments for a filter,
3243 or there was a problem with expanding added headers
3246 /* If the result is not OK, there was a non-message-specific problem.
3247 If the result is DEFER, we need to write to the logs saying what happened
3248 for this particular host, except in the case of authentication and TLS
3249 failures, where the log has already been written. If all hosts defer a
3250 general message is written at the end. */
3252 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3253 first_addr->basic_errno != ERRNO_TLSFAILURE)
3254 write_logs(first_addr, host);
3256 #ifdef EXPERIMENTAL_TPDA
3258 tpda_deferred(ob, first_addr, host);
3261 /* If STARTTLS was accepted, but there was a failure in setting up the
3262 TLS session (usually a certificate screwup), and the host is not in
3263 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3264 TLS forcibly turned off. We have to start from scratch with a new SMTP
3265 connection. That's why the retry is done from here, not from within
3266 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3267 session, so the in-clear transmission after those errors, if permitted,
3268 happens inside smtp_deliver().] */
3271 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3272 ob->tls_tempfail_tryclear &&
3273 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3274 host->address, NULL) != OK)
3276 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3277 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3278 first_addr = prepare_addresses(addrlist, host);
3279 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3280 expanded_hosts != NULL, &message_defer, TRUE);
3281 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3282 write_logs(first_addr, host);
3283 #ifdef EXPERIMENTAL_TPDA
3285 tpda_deferred(ob, first_addr, host);
3291 /* Delivery attempt finished */
3293 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3296 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3297 message_id, host->name, host->address, addrlist->address,
3298 (addrlist->next == NULL)? "" : " (& others)", rs);
3300 /* Release serialization if set up */
3302 if (serialized) enq_end(serialize_key);
3304 /* If the result is DEFER, or if a host retry record is known to exist, we
3305 need to add an item to the retry chain for updating the retry database
3306 at the end of delivery. We only need to add the item to the top address,
3307 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3308 for any other delivery attempts using the same address. (It is copied into
3309 the unusable tree at the outer level, so even if different address blocks
3310 contain the same address, it still won't get tried again.) */
3312 if (rc == DEFER || retry_host_key != NULL)
3314 int delete_flag = (rc != DEFER)? rf_delete : 0;
3315 if (retry_host_key == NULL)
3317 retry_host_key = ob->retry_include_ip_address?
3318 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3319 string_sprintf("T:%S%s", host->name, pistring);
3322 /* If a delivery of another message over an existing SMTP connection
3323 yields DEFER, we do NOT set up retry data for the host. This covers the
3324 case when there are delays in routing the addresses in the second message
3325 that are so long that the server times out. This is alleviated by not
3326 routing addresses that previously had routing defers when handling an
3327 existing connection, but even so, this case may occur (e.g. if a
3328 previously happily routed address starts giving routing defers). If the
3329 host is genuinely down, another non-continued message delivery will
3330 notice it soon enough. */
3332 if (delete_flag != 0 || !continuing)
3333 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3335 /* We may have tried an expired host, if its retry time has come; ensure
3336 the status reflects the expiry for the benefit of any other addresses. */
3340 host->status = (host_is_expired)?
3341 hstatus_unusable_expired : hstatus_unusable;
3342 host->why = hwhy_deferred;
3346 /* If message_defer is set (host was OK, but every recipient got deferred
3347 because of some message-specific problem), or if that had happened
3348 previously so that a message retry key exists, add an appropriate item
3349 to the retry chain. Note that if there was a message defer but now there is
3350 a host defer, the message defer record gets deleted. That seems perfectly
3351 reasonable. Also, stop the message from being remembered as waiting
3352 for specific hosts. */
3354 if (message_defer || retry_message_key != NULL)
3356 int delete_flag = message_defer? 0 : rf_delete;
3357 if (retry_message_key == NULL)
3359 retry_message_key = ob->retry_include_ip_address?
3360 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3362 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3364 retry_add_item(addrlist, retry_message_key,
3365 rf_message | rf_host | delete_flag);
3366 update_waiting = FALSE;
3369 /* Any return other than DEFER (that is, OK or ERROR) means that the
3370 addresses have got their final statuses filled in for this host. In the OK
3371 case, see if any of them are deferred. */
3375 for (addr = addrlist; addr != NULL; addr = addr->next)
3377 if (addr->transport_return == DEFER)
3379 some_deferred = TRUE;
3385 /* If no addresses deferred or the result was ERROR, return. We do this for
3386 ERROR because a failing filter set-up or add_headers expansion is likely to
3387 fail for any host we try. */
3389 if (rc == ERROR || (rc == OK && !some_deferred))
3391 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3392 return TRUE; /* Each address has its status */
3395 /* If the result was DEFER or some individual addresses deferred, let
3396 the loop run to try other hosts with the deferred addresses, except for the
3397 case when we were trying to deliver down an existing channel and failed.
3398 Don't try any other hosts in this case. */
3400 if (continuing) break;
3402 /* If the whole delivery, or some individual addresses, were deferred and
3403 there are more hosts that could be tried, do not count this host towards
3404 the hosts_max_try limit if the age of the message is greater than the
3405 maximum retry time for this host. This means we may try try all hosts,
3406 ignoring the limit, when messages have been around for some time. This is
3407 important because if we don't try all hosts, the address will never time
3408 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
3410 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3413 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3415 if (retry != NULL && retry->rules != NULL)
3417 retry_rule *last_rule;
3418 for (last_rule = retry->rules;
3419 last_rule->next != NULL;
3420 last_rule = last_rule->next);
3421 timedout = time(NULL) - received_time > last_rule->timeout;
3423 else timedout = TRUE; /* No rule => timed out */
3427 unexpired_hosts_tried--;
3428 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3429 "hosts_max_try (message older than host's retry time)\n");
3432 } /* End of loop for trying multiple hosts. */
3434 /* This is the end of the loop that repeats iff expired is TRUE and
3435 ob->delay_after_cutoff is FALSE. The second time round we will
3436 try those hosts that haven't been tried since the message arrived. */
3440 debug_printf("all IP addresses skipped or deferred at least one address\n");
3441 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3442 debug_printf("retrying IP addresses not tried since message arrived\n");
3447 /* Get here if all IP addresses are skipped or defer at least one address. In
3448 MUA wrapper mode, this will happen only for connection or other non-message-
3449 specific failures. Force the delivery status for all addresses to FAIL. */
3453 for (addr = addrlist; addr != NULL; addr = addr->next)
3454 addr->transport_return = FAIL;
3458 /* In the normal, non-wrapper case, add a standard message to each deferred
3459 address if there hasn't been an error, that is, if it hasn't actually been
3460 tried this time. The variable "expired" will be FALSE if any deliveries were
3461 actually tried, or if there was at least one host that was not expired. That
3462 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3463 a delivery has been tried, an error code will be set, and the failing of the
3464 message is handled by the retry code later.
3466 If queue_smtp is set, or this transport was called to send a subsequent message
3467 down an existing TCP/IP connection, and something caused the host not to be
3468 found, we end up here, but can detect these cases and handle them specially. */
3470 for (addr = addrlist; addr != NULL; addr = addr->next)
3472 /* If host is not NULL, it means that we stopped processing the host list
3473 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3474 means we need to behave as if some hosts were skipped because their retry
3475 time had not come. Specifically, this prevents the address from timing out.
3476 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3477 hosts were tried. */
3481 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3484 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3485 "hosts were tried\n");
3490 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3491 setflag(addr, af_retry_skipped);
3495 if (queue_smtp) /* no deliveries attempted */
3497 addr->transport_return = DEFER;
3498 addr->basic_errno = 0;
3499 addr->message = US"SMTP delivery explicitly queued";
3502 else if (addr->transport_return == DEFER &&
3503 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3504 addr->message == NULL)
3506 addr->basic_errno = ERRNO_HRETRY;
3507 if (continue_hostname != NULL)
3509 addr->message = US"no host found for existing SMTP connection";
3513 setflag(addr, af_pass_message); /* This is not a security risk */
3514 addr->message = (ob->delay_after_cutoff)?
3515 US"retry time not reached for any host after a long failure period" :
3516 US"all hosts have been failing for a long time and were last tried "
3517 "after this message arrived";
3519 /* If we are already using fallback hosts, or there are no fallback hosts
3520 defined, convert the result to FAIL to cause a bounce. */
3522 if (addr->host_list == addr->fallback_hosts ||
3523 addr->fallback_hosts == NULL)
3524 addr->transport_return = FAIL;
3528 if (hosts_retry == hosts_total)
3529 addr->message = US"retry time not reached for any host";
3530 else if (hosts_fail == hosts_total)
3531 addr->message = US"all host address lookups failed permanently";
3532 else if (hosts_defer == hosts_total)
3533 addr->message = US"all host address lookups failed temporarily";
3534 else if (hosts_serial == hosts_total)
3535 addr->message = US"connection limit reached for all hosts";
3536 else if (hosts_fail+hosts_defer == hosts_total)
3537 addr->message = US"all host address lookups failed";
3538 else addr->message = US"some host address lookups failed and retry time "
3539 "not reached for other hosts or connection limit reached";
3544 /* Update the database which keeps information about which messages are waiting
3545 for which hosts to become available. For some message-specific errors, the
3546 update_waiting flag is turned off because we don't want follow-on deliveries in
3547 those cases. If this transport instance is explicitly limited to one message
3548 per connection then follow-on deliveries are not possible and there's no need
3549 to create/update the per-transport wait-<transport_name> database. */
3551 if (update_waiting && tblock->connection_max_messages != 1)
3552 transport_update_waiting(hostlist, tblock->name);
3556 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3558 return TRUE; /* Each address has its status */
3563 /* End of transport/smtp.c */