1 /* $Cambridge: exim/src/src/host.c,v 1.16 2005/10/03 09:51:04 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2005 */
8 /* See the file NOTICE for conditions of use and distribution. */
10 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
11 directly via the DNS. When IPv6 is supported, getipnodebyname() and
12 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
13 if the newer functions are available. This module also contains various other
14 functions concerned with hosts and addresses, and a random number function,
15 used for randomizing hosts with equal MXs but available for use in other parts
22 /* Static variable for preserving the list of interface addresses in case it is
23 used more than once. */
25 static ip_address_item *local_interface_data = NULL;
28 #ifdef USE_INET_NTOA_FIX
29 /*************************************************
30 * Replacement for broken inet_ntoa() *
31 *************************************************/
33 /* On IRIX systems, gcc uses a different structure passing convention to the
34 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
35 255.255.255.255. To get round this, we provide a private version of the
36 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
37 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
41 as seen in comp.sys.sgi.admin
43 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
44 should now be set for them as well.
46 Arguments: sa an in_addr structure
47 Returns: pointer to static text string
51 inet_ntoa(struct in_addr sa)
53 static uschar addr[20];
54 sprintf(addr, "%d.%d.%d.%d",
65 /*************************************************
66 * Random number generator *
67 *************************************************/
69 /* This is a simple pseudo-random number generator. It does not have to be
70 very good for the uses to which it is put. When running the regression tests,
71 start with a fixed seed.
74 limit: one more than the largest number required
76 Returns: a pseudo-random number in the range 0 to limit-1
80 random_number(int limit)
84 if (running_in_test_harness) random_seed = 42; else
86 int p = (int)getpid();
87 random_seed = (int)time(NULL) ^ ((p << 16) | p);
90 random_seed = 1103515245 * random_seed + 12345;
91 return (unsigned int)(random_seed >> 16) % limit;
96 /*************************************************
97 * Sort addresses when testing *
98 *************************************************/
100 /* This function is called only when running in the test harness. It sorts a
101 number of multihomed host IP addresses into the order, so as to get
102 repeatability. This doesn't have to be efficient. But don't interchange IPv4
106 This sorting is not necessary for the new test harness, because it
107 doesn't call the real DNS resolver, and its output is repeatable. However,
108 until the old test harness is discarded, we need to retain this capability.
109 The new harness is being developed towards the end of 2005. It will be some
110 time before it can do everything that the old one can do.
113 host -> the first host item
114 last -> the last host item
120 sort_addresses(host_item *host, host_item *last)
127 for (h = host; h != last; h = h->next)
129 if ((Ustrchr(h->address, ':') == NULL) !=
130 (Ustrchr(h->next->address, ':') == NULL))
132 if (Ustrcmp(h->address, h->next->address) > 0)
134 uschar *temp = h->address;
135 h->address = h->next->address;
136 h->next->address = temp;
145 /*************************************************
146 * Replace gethostbyname() when testing *
147 *************************************************/
149 /* This function is called instead of gethostbyname(), gethostbyname2(), or
150 getipnodebyname() when running in the test harness. It recognizes the name
151 "manyhome.test.ex" and generates a humungous number of IP addresses. It also
152 recognizes an unqualified "localhost" and forces it to the appropriate loopback
153 address. IP addresses are treated as literals. For other names, it uses the DNS
154 to find the host name. In the new test harness, this means it will access only
155 the fake DNS resolver. In the old harness it will call the real resolver and
156 access the test zone.
159 name the host name or a textual IP address
160 af AF_INET or AF_INET6
161 error_num where to put an error code:
162 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
164 Returns: a hostent structure or NULL for an error
167 static struct hostent *
168 host_fake_gethostbyname(uschar *name, int af, int *error_num)
171 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
173 int alen = sizeof(struct in_addr);
177 uschar *lname = name;
180 struct hostent *yield;
186 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
187 (af == AF_INET)? "IPv4" : "IPv6");
189 /* Handle the name that needs a vast number of IP addresses */
191 if (Ustrcmp(name, "manyhome.test.ex") == 0 && af == AF_INET)
194 yield = store_get(sizeof(struct hostent));
195 alist = store_get(2049 * sizeof(char *));
196 adds = store_get(2048 * alen);
197 yield->h_name = CS name;
198 yield->h_aliases = NULL;
199 yield->h_addrtype = af;
200 yield->h_length = alen;
201 yield->h_addr_list = CSS alist;
202 for (i = 104; i <= 111; i++)
204 for (j = 0; j <= 255; j++)
217 /* Handle unqualified "localhost" */
219 if (Ustrcmp(name, "localhost") == 0)
220 lname = (af == AF_INET)? US"127.0.0.1" : US"::1";
222 /* Handle a literal IP address */
224 ipa = string_is_ip_address(lname, NULL);
227 if ((ipa == 4 && af == AF_INET) ||
228 (ipa == 6 && af == AF_INET6))
232 yield = store_get(sizeof(struct hostent));
233 alist = store_get(2 * sizeof(char *));
234 adds = store_get(alen);
235 yield->h_name = CS name;
236 yield->h_aliases = NULL;
237 yield->h_addrtype = af;
238 yield->h_length = alen;
239 yield->h_addr_list = CSS alist;
241 n = host_aton(lname, x);
242 for (i = 0; i < n; i++)
245 *adds++ = (y >> 24) & 255;
246 *adds++ = (y >> 16) & 255;
247 *adds++ = (y >> 8) & 255;
253 /* Wrong kind of literal address */
257 *error_num = HOST_NOT_FOUND;
262 /* Handle a host name */
266 int type = (af == AF_INET)? T_A:T_AAAA;
267 int rc = dns_lookup(&dnsa, lname, type, NULL);
272 case DNS_SUCCEED: break;
273 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; return NULL;
274 case DNS_NODATA: *error_num = NO_DATA; return NULL;
275 case DNS_AGAIN: *error_num = TRY_AGAIN; return NULL;
277 case DNS_FAIL: *error_num = NO_RECOVERY; return NULL;
280 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
282 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
284 if (rr->type == type) count++;
287 yield = store_get(sizeof(struct hostent));
288 alist = store_get((count + 1) * sizeof(char **));
289 adds = store_get(count *alen);
291 yield->h_name = CS name;
292 yield->h_aliases = NULL;
293 yield->h_addrtype = af;
294 yield->h_length = alen;
295 yield->h_addr_list = CSS alist;
297 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
299 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
304 if (rr->type != type) continue;
305 da = dns_address_from_rr(&dnsa, rr);
307 n = host_aton(da->address, x);
308 for (i = 0; i < n; i++)
311 *adds++ = (y >> 24) & 255;
312 *adds++ = (y >> 16) & 255;
313 *adds++ = (y >> 8) & 255;
325 /*************************************************
326 * Build chain of host items from list *
327 *************************************************/
329 /* This function builds a chain of host items from a textual list of host
330 names. It does not do any lookups. If randomize is true, the chain is build in
331 a randomized order. There may be multiple groups of independently randomized
332 hosts; they are delimited by a host name consisting of just "+".
335 anchor anchor for the chain
337 randomize TRUE for randomizing
343 host_build_hostlist(host_item **anchor, uschar *list, BOOL randomize)
346 int fake_mx = MX_NONE; /* This value is actually -1 */
350 if (list == NULL) return;
351 if (randomize) fake_mx--; /* Start at -2 for randomizing */
355 while ((name = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
359 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
360 { /* ignore if not randomizing */
361 if (randomize) fake_mx--;
365 h = store_get(sizeof(host_item));
366 h->name = string_copy(name);
370 h->sort_key = randomize? (-fake_mx)*1000 + random_number(1000) : 0;
371 h->status = hstatus_unknown;
372 h->why = hwhy_unknown;
382 host_item *hh = *anchor;
383 if (h->sort_key < hh->sort_key)
390 while (hh->next != NULL && h->sort_key >= (hh->next)->sort_key)
403 /*************************************************
404 * Extract port from address string *
405 *************************************************/
407 /* In the spool file, and in the -oMa and -oMi options, a host plus port is
408 given as an IP address followed by a dot and a port number. This function
411 An alternative format for the -oMa and -oMi options is [ip address]:port which
412 is what Exim 4 uses for output, because it seems to becoming commonly used,
413 whereas the dot form confuses some programs/people. So we recognize that form
417 address points to the string; if there is a port, the '.' in the string
418 is overwritten with zero to terminate the address; if the string
419 is in the [xxx]:ppp format, the address is shifted left and the
422 Returns: 0 if there is no port, else the port number. If there's a syntax
423 error, leave the incoming address alone, and return 0.
427 host_address_extract_port(uschar *address)
432 /* Handle the "bracketed with colon on the end" format */
436 uschar *rb = address + 1;
437 while (*rb != 0 && *rb != ']') rb++;
438 if (*rb++ == 0) return 0; /* Missing ]; leave invalid address */
441 port = Ustrtol(rb + 1, &endptr, 10);
442 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
444 else if (*rb != 0) return 0; /* Bad syntax; leave invalid address */
445 memmove(address, address + 1, rb - address - 2);
449 /* Handle the "dot on the end" format */
453 int skip = -3; /* Skip 3 dots in IPv4 addresses */
455 while (*(++address) != 0)
458 if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */
459 else if (ch == '.' && skip++ >= 0) break;
461 if (*address == 0) return 0;
462 port = Ustrtol(address + 1, &endptr, 10);
463 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
471 /*************************************************
472 * Get port from a host item's name *
473 *************************************************/
475 /* This function is called when finding the IP address for a host that is in a
476 list of hosts explicitly configured, such as in the manualroute router, or in a
477 fallback hosts list. We see if there is a port specification at the end of the
478 host name, and if so, remove it. A minimum length of 3 is required for the
479 original name; nothing shorter is recognized as having a port.
481 We test for a name ending with a sequence of digits; if preceded by colon we
482 have a port if the character before the colon is ] and the name starts with [
483 or if there are no other colons in the name (i.e. it's not an IPv6 address).
485 Arguments: pointer to the host item
486 Returns: a port number or PORT_NONE
490 host_item_get_port(host_item *h)
494 int len = Ustrlen(h->name);
496 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
498 /* Extract potential port number */
503 while (p > h->name + 1 && isdigit(*p))
505 port += (*p-- - '0') * x;
509 /* The smallest value of p at this point is h->name + 1. */
511 if (*p != ':') return PORT_NONE;
513 if (p[-1] == ']' && h->name[0] == '[')
514 h->name = string_copyn(h->name + 1, p - h->name - 2);
515 else if (Ustrchr(h->name, ':') == p)
516 h->name = string_copyn(h->name, p - h->name);
517 else return PORT_NONE;
519 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
525 #ifndef STAND_ALONE /* Omit when standalone testing */
527 /*************************************************
528 * Build sender_fullhost and sender_rcvhost *
529 *************************************************/
531 /* This function is called when sender_host_name and/or sender_helo_name
532 have been set. Or might have been set - for a local message read off the spool
533 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
536 (a) No sender_host_name or sender_helo_name: "[ip address]"
537 (b) Just sender_host_name: "host_name [ip address]"
538 (c) Just sender_helo_name: "(helo_name) [ip address]"
539 (d) The two are identical: "host_name [ip address]"
540 (e) The two are different: "host_name (helo_name) [ip address]"
542 If log_incoming_port is set, the sending host's port number is added to the IP
545 This function also builds sender_rcvhost for use in Received: lines, whose
546 syntax is a bit different. This value also includes the RFC 1413 identity.
547 There wouldn't be two different variables if I had got all this right in the
550 Because this data may survive over more than one incoming SMTP message, it has
551 to be in permanent store.
558 host_build_sender_fullhost(void)
561 int old_pool = store_pool;
563 if (sender_host_address == NULL) return;
565 store_pool = POOL_PERM;
567 /* Set up address, with or without the port. After discussion, it seems that
568 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
569 use this directly as the first item for Received: because it ain't an RFC 2822
572 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
573 if ((log_extra_selector & LX_incoming_port) == 0 || sender_host_port <= 0)
574 *(Ustrrchr(address, ':')) = 0;
576 /* Host name is not verified */
578 if (sender_host_name == NULL)
580 uschar *portptr = Ustrstr(address, "]:");
583 int adlen; /* Sun compiler doesn't like ++ in initializers */
585 adlen = (portptr == NULL)? Ustrlen(address) : (++portptr - address);
586 sender_fullhost = (sender_helo_name == NULL)? address :
587 string_sprintf("(%s) %s", sender_helo_name, address);
589 sender_rcvhost = string_cat(NULL, &size, &ptr, address, adlen);
591 if (sender_ident != NULL || sender_helo_name != NULL || portptr != NULL)
594 sender_rcvhost = string_cat(sender_rcvhost, &size, &ptr, US" (", 2);
598 sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2, US"port=",
601 if (sender_helo_name != NULL)
602 sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2,
603 (firstptr == ptr)? US"helo=" : US" helo=", sender_helo_name);
605 if (sender_ident != NULL)
606 sender_rcvhost = string_append(sender_rcvhost, &size, &ptr, 2,
607 (firstptr == ptr)? US"ident=" : US" ident=", sender_ident);
609 sender_rcvhost = string_cat(sender_rcvhost, &size, &ptr, US")", 1);
612 sender_rcvhost[ptr] = 0; /* string_cat() always leaves room */
614 /* Release store, because string_cat allocated a minimum of 100 bytes that
615 are rarely completely used. */
617 store_reset(sender_rcvhost + ptr + 1);
620 /* Host name is known and verified. */
625 BOOL no_helo = FALSE;
627 /* Comparing a HELO name to a host name is easy */
629 if (sender_helo_name == NULL ||
630 strcmpic(sender_host_name, sender_helo_name) == 0)
633 /* If HELO/EHLO was followed by an IP literal, it's much more messy because
634 of two features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal
635 and doesn't require this, for historical reasons). Secondly, an IPv6 address
636 may not be given in canonical form, so we have to canonicize it before
637 comparing. As it happens, the code works for both IPv4 and IPv6. */
639 else if (sender_helo_name[0] == '[' &&
640 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
645 if (strncmpic(sender_helo_name+1, US"IPv6:",5) == 0) offset += 5;
646 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
648 if (string_is_ip_address(helo_ip, NULL) != 0)
652 size = host_aton(helo_ip, x);
653 helo_ip = store_get(48); /* large enough for full IPv6 */
654 (void)host_nmtoa(size, x, -1, helo_ip, ':');
655 if (strcmpic(helo_ip, sender_host_address) == 0) no_helo = TRUE;
661 sender_fullhost = string_sprintf("%s %s", sender_host_name, address);
662 sender_rcvhost = (sender_ident == NULL)?
663 string_sprintf("%s (%s)", sender_host_name, address) :
664 string_sprintf("%s (%s ident=%s)", sender_host_name, address,
669 sender_fullhost = string_sprintf("%s (%s) %s", sender_host_name,
670 sender_helo_name, address);
671 sender_rcvhost = (sender_ident == NULL)?
672 string_sprintf("%s (%s helo=%s)", sender_host_name,
673 address, sender_helo_name) :
674 string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
675 address, sender_helo_name, sender_ident);
679 store_pool = old_pool;
681 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
682 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
687 /*************************************************
688 * Build host+ident message *
689 *************************************************/
691 /* Used when logging rejections and various ACL and SMTP incidents. The text
692 return depends on whether sender_fullhost and sender_ident are set or not:
694 no ident, no host => U=unknown
695 no ident, host set => H=sender_fullhost
696 ident set, no host => U=ident
697 ident set, host set => H=sender_fullhost U=ident
700 useflag TRUE if first item to be flagged (H= or U=); if there are two
701 items, the second is always flagged
703 Returns: pointer to a string in big_buffer
707 host_and_ident(BOOL useflag)
709 if (sender_fullhost == NULL)
711 (void)string_format(big_buffer, big_buffer_size, "%s%s", useflag? "U=" : "",
712 (sender_ident == NULL)? US"unknown" : sender_ident);
716 uschar *flag = useflag? US"H=" : US"";
717 uschar *iface = US"";
718 if ((log_extra_selector & LX_incoming_interface) != 0 &&
719 interface_address != NULL)
720 iface = string_sprintf(" I=[%s]:%d", interface_address, interface_port);
721 if (sender_ident == NULL)
722 (void)string_format(big_buffer, big_buffer_size, "%s%s%s",
723 flag, sender_fullhost, iface);
725 (void)string_format(big_buffer, big_buffer_size, "%s%s%s U=%s",
726 flag, sender_fullhost, iface, sender_ident);
731 #endif /* STAND_ALONE */
736 /*************************************************
737 * Build list of local interfaces *
738 *************************************************/
740 /* This function interprets the contents of the local_interfaces or
741 extra_local_interfaces options, and creates an ip_address_item block for each
742 item on the list. There is no special interpretation of any IP addresses; in
743 particular, 0.0.0.0 and ::0 are returned without modification. If any address
744 includes a port, it is set in the block. Otherwise the port value is set to
749 name the name of the option being expanded
751 Returns: a chain of ip_address_items, each containing to a textual
752 version of an IP address, and a port number (host order) or
753 zero if no port was given with the address
757 host_build_ifacelist(uschar *list, uschar *name)
762 ip_address_item *yield = NULL;
763 ip_address_item *last = NULL;
764 ip_address_item *next;
766 while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
768 int port = host_address_extract_port(s); /* Leaves just the IP address */
769 if (string_is_ip_address(s, NULL) == 0)
770 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
773 /* This use of strcpy() is OK because we have checked that s is a valid IP
774 address above. The field in the ip_address_item is large enough to hold an
777 next = store_get(sizeof(ip_address_item));
779 Ustrcpy(next->address, s);
781 next->v6_include_v4 = FALSE;
783 if (yield == NULL) yield = last = next; else
797 /*************************************************
798 * Find addresses on local interfaces *
799 *************************************************/
801 /* This function finds the addresses of local IP interfaces. These are used
802 when testing for routing to the local host. As the function may be called more
803 than once, the list is preserved in permanent store, pointed to by a static
804 variable, to save doing the work more than once per process.
806 The generic list of interfaces is obtained by calling host_build_ifacelist()
807 for local_interfaces and extra_local_interfaces. This list scanned to remove
808 duplicates (which may exist with different ports - not relevant here). If
809 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
810 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
811 obtained from os_find_running_interfaces().
814 Returns: a chain of ip_address_items, each containing to a textual
815 version of an IP address; the port numbers are not relevant
819 /* First, a local subfunction to add an interface to a list in permanent store,
820 but only if there isn't a previous copy of that address on the list. */
822 static ip_address_item *
823 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
825 ip_address_item *ipa2;
826 for (ipa2 = list; ipa2 != NULL; ipa2 = ipa2->next)
827 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
828 ipa2 = store_get_perm(sizeof(ip_address_item));
835 /* This is the globally visible function */
838 host_find_interfaces(void)
840 ip_address_item *running_interfaces = NULL;
842 if (local_interface_data == NULL)
844 void *reset_item = store_get(0);
845 ip_address_item *dlist = host_build_ifacelist(local_interfaces,
846 US"local_interfaces");
847 ip_address_item *xlist = host_build_ifacelist(extra_local_interfaces,
848 US"extra_local_interfaces");
849 ip_address_item *ipa;
851 if (dlist == NULL) dlist = xlist; else
853 for (ipa = dlist; ipa->next != NULL; ipa = ipa->next);
857 for (ipa = dlist; ipa != NULL; ipa = ipa->next)
859 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
860 Ustrcmp(ipa->address, "::0") == 0)
862 ip_address_item *ipa2;
863 BOOL ipv6 = ipa->address[0] == ':';
864 if (running_interfaces == NULL)
865 running_interfaces = os_find_running_interfaces();
866 for (ipa2 = running_interfaces; ipa2 != NULL; ipa2 = ipa2->next)
868 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
869 local_interface_data = add_unique_interface(local_interface_data,
875 local_interface_data = add_unique_interface(local_interface_data, ipa);
878 debug_printf("Configured local interface: address=%s", ipa->address);
879 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
884 store_reset(reset_item);
887 return local_interface_data;
894 /*************************************************
895 * Convert network IP address to text *
896 *************************************************/
898 /* Given an IPv4 or IPv6 address in binary, convert it to a text
899 string and return the result in a piece of new store. The address can
900 either be given directly, or passed over in a sockaddr structure. Note
901 that this isn't the converse of host_aton() because of byte ordering
902 differences. See host_nmtoa() below.
905 type if < 0 then arg points to a sockaddr, else
906 either AF_INET or AF_INET6
907 arg points to a sockaddr if type is < 0, or
908 points to an IPv4 address (32 bits), or
909 points to an IPv6 address (128 bits),
910 in both cases, in network byte order
911 buffer if NULL, the result is returned in gotten store;
912 else points to a buffer to hold the answer
913 portptr points to where to put the port number, if non NULL; only
916 Returns: pointer to character string
920 host_ntoa(int type, const void *arg, uschar *buffer, int *portptr)
924 /* The new world. It is annoying that we have to fish out the address from
925 different places in the block, depending on what kind of address it is. It
926 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
927 function inet_ntoa() returns just uschar *, and some picky compilers insist
928 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
931 uschar addr_buffer[46];
934 int family = ((struct sockaddr *)arg)->sa_family;
935 if (family == AF_INET6)
937 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
938 yield = (uschar *)inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
939 sizeof(addr_buffer));
940 if (portptr != NULL) *portptr = ntohs(sk->sin6_port);
944 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
945 yield = (uschar *)inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
946 sizeof(addr_buffer));
947 if (portptr != NULL) *portptr = ntohs(sk->sin_port);
952 yield = (uschar *)inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
955 /* If the result is a mapped IPv4 address, show it in V4 format. */
957 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
959 #else /* HAVE_IPV6 */
965 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
966 if (portptr != NULL) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
969 yield = US inet_ntoa(*((struct in_addr *)arg));
972 /* If there is no buffer, put the string into some new store. */
974 if (buffer == NULL) return string_copy(yield);
976 /* Callers of this function with a non-NULL buffer must ensure that it is
977 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
978 makes this use of strcpy() OK. */
980 Ustrcpy(buffer, yield);
987 /*************************************************
988 * Convert address text to binary *
989 *************************************************/
991 /* Given the textual form of an IP address, convert it to binary in an
992 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
993 The result has the first byte in the most significant byte of the first int. In
994 other words, the result is not in network byte order, but in host byte order.
995 As a result, this is not the converse of host_ntoa(), which expects network
996 byte order. See host_nmtoa() below.
999 address points to the textual address, checked for syntax
1000 bin points to an array of 4 ints
1002 Returns: the number of ints used
1006 host_aton(uschar *address, int *bin)
1011 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
1012 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
1013 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
1016 if (Ustrchr(address, ':') != NULL)
1018 uschar *p = address;
1019 uschar *component[8];
1020 BOOL ipv4_ends = FALSE;
1026 /* If the address starts with a colon, it will start with two colons.
1027 Just lose the first one, which will leave a null first component. */
1031 /* Split the address into components separated by colons. The input address
1032 is supposed to be checked for syntax. There was a case where this was
1033 overlooked; to guard against that happening again, check here and crash if
1034 there are too many components. */
1036 while (*p != 0 && *p != '%')
1038 int len = Ustrcspn(p, ":%");
1039 if (len == 0) nulloffset = ci;
1040 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1041 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
1043 component[ci++] = p;
1048 /* If the final component contains a dot, it is a trailing v4 address.
1049 As the syntax is known to be checked, just set up for a trailing
1050 v4 address and restrict the v6 part to 6 components. */
1052 if (Ustrchr(component[ci-1], '.') != NULL)
1054 address = component[--ci];
1060 /* If there are fewer than 6 or 8 components, we have to insert some
1061 more empty ones in the middle. */
1065 int insert_count = v6count - ci;
1066 for (i = v6count-1; i > nulloffset + insert_count; i--)
1067 component[i] = component[i - insert_count];
1068 while (i > nulloffset) component[i--] = US"";
1071 /* Now turn the components into binary in pairs and bung them
1072 into the vector of ints. */
1074 for (i = 0; i < v6count; i += 2)
1075 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
1076 Ustrtol(component[i+1], NULL, 16);
1078 /* If there was no terminating v4 component, we are done. */
1080 if (!ipv4_ends) return 4;
1083 /* Handle IPv4 address */
1085 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
1086 bin[v4offset] = (x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
1091 /*************************************************
1092 * Apply mask to an IP address *
1093 *************************************************/
1095 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1099 count the number of ints
1100 binary points to the ints to be masked
1101 mask the count of ms bits to leave, or -1 if no masking
1107 host_mask(int count, int *binary, int mask)
1110 if (mask < 0) mask = 99999;
1111 for (i = 0; i < count; i++)
1114 if (mask == 0) wordmask = 0;
1117 wordmask = (-1) << (32 - mask);
1125 binary[i] &= wordmask;
1132 /*************************************************
1133 * Convert masked IP address in ints to text *
1134 *************************************************/
1136 /* We can't use host_ntoa() because it assumes the binary values are in network
1137 byte order, and these are the result of host_aton(), which puts them in ints in
1138 host byte order. Also, we really want IPv6 addresses to be in a canonical
1139 format, so we output them with no abbreviation. In a number of cases we can't
1140 use the normal colon separator in them because it terminates keys in lsearch
1141 files, so we want to use dot instead. There's an argument that specifies what
1142 to use for IPv6 addresses.
1145 count 1 or 4 (number of ints)
1146 binary points to the ints
1147 mask mask value; if < 0 don't add to result
1148 buffer big enough to hold the result
1149 sep component separator character for IPv6 addresses
1151 Returns: the number of characters placed in buffer, not counting
1156 host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
1159 uschar *tt = buffer;
1164 for (i = 24; i >= 0; i -= 8)
1166 sprintf(CS tt, "%d.", (j >> i) & 255);
1172 for (i = 0; i < 4; i++)
1175 sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1180 tt--; /* lose final separator */
1186 sprintf(CS tt, "/%d", mask);
1195 /*************************************************
1196 * Check port for tls_on_connect *
1197 *************************************************/
1199 /* This function checks whether a given incoming port is configured for tls-
1200 on-connect. It is called from the daemon and from inetd handling. If the global
1201 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1202 check the tls_on_connect_ports option for a list of ports.
1204 Argument: a port number
1205 Returns: TRUE or FALSE
1209 host_is_tls_on_connect_port(int port)
1213 uschar *list = tls_on_connect_ports;
1216 if (tls_on_connect) return TRUE;
1218 while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
1221 int lport = Ustrtol(s, &end, 10);
1222 if (*end != 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "tls_on_connect_ports "
1223 "contains \"%s\", which is not a port number: exim abandoned", s);
1224 if (lport == port) return TRUE;
1232 /*************************************************
1233 * Check whether host is in a network *
1234 *************************************************/
1236 /* This function checks whether a given IP address matches a pattern that
1237 represents either a single host, or a network (using CIDR notation). The caller
1238 of this function must check the syntax of the arguments before calling it.
1241 host string representation of the ip-address to check
1242 net string representation of the network, with optional CIDR mask
1243 maskoffset offset to the / that introduces the mask in the key
1244 zero if there is no mask
1247 TRUE the host is inside the network
1248 FALSE the host is NOT inside the network
1252 host_is_in_net(uschar *host, uschar *net, int maskoffset)
1258 int size = host_aton(net, address);
1261 /* No mask => all bits to be checked */
1263 if (maskoffset == 0) mlen = 99999; /* Big number */
1264 else mlen = Uatoi(net + maskoffset + 1);
1266 /* Convert the incoming address to binary. */
1268 insize = host_aton(host, incoming);
1270 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1271 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1272 ::ffff:<v4address>, to IPv4 format. */
1274 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1275 incoming[2] == 0xffff)
1278 incoming[0] = incoming[3];
1281 /* No match if the sizes don't agree. */
1283 if (insize != size) return FALSE;
1285 /* Else do the masked comparison. */
1287 for (i = 0; i < size; i++)
1290 if (mlen == 0) mask = 0;
1293 mask = (-1) << (32 - mlen);
1301 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1309 /*************************************************
1310 * Scan host list for local hosts *
1311 *************************************************/
1313 /* Scan through a chain of addresses and check whether any of them is the
1314 address of an interface on the local machine. If so, remove that address and
1315 any previous ones with the same MX value, and all subsequent ones (which will
1316 have greater or equal MX values) from the chain. Note: marking them as unusable
1317 is NOT the right thing to do because it causes the hosts not to be used for
1318 other domains, for which they may well be correct.
1320 The hosts may be part of a longer chain; we only process those between the
1321 initial pointer and the "last" pointer.
1323 There is also a list of "pseudo-local" host names which are checked against the
1324 host names. Any match causes that host item to be treated the same as one which
1325 matches a local IP address.
1327 If the very first host is a local host, then all MX records had a precedence
1328 greater than or equal to that of the local host. Either there's a problem in
1329 the DNS, or an apparently remote name turned out to be an abbreviation for the
1330 local host. Give a specific return code, and let the caller decide what to do.
1331 Otherwise, give a success code if at least one host address has been found.
1334 host pointer to the first host in the chain
1335 lastptr pointer to pointer to the last host in the chain (may be updated)
1336 removed if not NULL, set TRUE if some local addresses were removed
1340 HOST_FOUND if there is at least one host with an IP address on the chain
1341 and an MX value less than any MX value associated with the
1343 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1344 the host addresses were obtained from A records or
1345 gethostbyname(), the MX values are set to -1.
1346 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1350 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1352 int yield = HOST_FIND_FAILED;
1353 host_item *last = *lastptr;
1354 host_item *prev = NULL;
1357 if (removed != NULL) *removed = FALSE;
1359 if (local_interface_data == NULL) local_interface_data = host_find_interfaces();
1361 for (h = host; h != last->next; h = h->next)
1364 if (hosts_treat_as_local != NULL)
1367 uschar *save = deliver_domain;
1368 deliver_domain = h->name; /* set $domain */
1369 rc = match_isinlist(string_copylc(h->name), &hosts_treat_as_local, 0,
1370 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1371 deliver_domain = save;
1372 if (rc == OK) goto FOUND_LOCAL;
1376 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1377 for 127.0.0.1 and refers to the local host. We therefore force it always to
1378 be treated as local. */
1380 if (h->address != NULL)
1382 ip_address_item *ip;
1383 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1384 for (ip = local_interface_data; ip != NULL; ip = ip->next)
1385 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1386 yield = HOST_FOUND; /* At least one remote address has been found */
1389 /* Update prev to point to the last host item before any that have
1390 the same MX value as the one we have just considered. */
1392 if (h->next == NULL || h->next->mx != h->mx) prev = h;
1395 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1397 /* A host whose IP address matches a local IP address, or whose name matches
1398 something in hosts_treat_as_local has been found. */
1404 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1405 "local host has lowest MX\n" :
1406 "local host found for non-MX address\n");
1407 return HOST_FOUND_LOCAL;
1410 HDEBUG(D_host_lookup)
1412 debug_printf("local host in host list - removed hosts:\n");
1413 for (h = prev->next; h != last->next; h = h->next)
1414 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1417 if (removed != NULL) *removed = TRUE;
1418 prev->next = last->next;
1426 /*************************************************
1427 * Remove duplicate IPs in host list *
1428 *************************************************/
1430 /* You would think that administrators could set up their DNS records so that
1431 one ended up with a list of unique IP addresses after looking up A or MX
1432 records, but apparently duplication is common. So we scan such lists and
1433 remove the later duplicates. Note that we may get lists in which some host
1434 addresses are not set.
1437 host pointer to the first host in the chain
1438 lastptr pointer to pointer to the last host in the chain (may be updated)
1444 host_remove_duplicates(host_item *host, host_item **lastptr)
1446 while (host != *lastptr)
1448 if (host->address != NULL)
1450 host_item *h = host;
1451 while (h != *lastptr)
1453 if (h->next->address != NULL &&
1454 Ustrcmp(h->next->address, host->address) == 0)
1456 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1457 "removed\n", host->address, h->next->mx);
1458 if (h->next == *lastptr) *lastptr = h;
1459 h->next = h->next->next;
1464 /* If the last item was removed, host may have become == *lastptr */
1465 if (host != *lastptr) host = host->next;
1472 /*************************************************
1473 * Find sender host name by gethostbyaddr() *
1474 *************************************************/
1476 /* This used to be the only way it was done, but it turns out that not all
1477 systems give aliases for calls to gethostbyaddr() - or one of the modern
1478 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1479 but they can still exist. This function is now used only when a DNS lookup of
1480 the IP address fails, in order to give access to /etc/hosts.
1483 Returns: OK, DEFER, FAIL
1487 host_name_lookup_byaddr(void)
1491 struct hostent *hosts;
1492 struct in_addr addr;
1494 /* Lookup on IPv6 system */
1497 if (Ustrchr(sender_host_address, ':') != NULL)
1499 struct in6_addr addr6;
1500 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1501 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1502 "IPv6 address", sender_host_address);
1503 #if HAVE_GETIPNODEBYADDR
1504 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1506 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1511 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1512 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1513 "IPv4 address", sender_host_address);
1514 #if HAVE_GETIPNODEBYADDR
1515 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1517 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1521 /* Do lookup on IPv4 system */
1524 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1525 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1528 /* Failed to look up the host. */
1532 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1534 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1537 /* It seems there are some records in the DNS that yield an empty name. We
1538 treat this as non-existent. In some operating systems, this is returned as an
1539 empty string; in others as a single dot. */
1541 if (hosts->h_name[0] == 0 || hosts->h_name[0] == '.')
1543 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1544 "treated as non-existent host name\n");
1548 /* Copy and lowercase the name, which is in static storage in many systems.
1549 Put it in permanent memory. */
1551 s = (uschar *)hosts->h_name;
1552 len = Ustrlen(s) + 1;
1553 t = sender_host_name = store_get_perm(len);
1554 while (*s != 0) *t++ = tolower(*s++);
1557 /* If the host has aliases, build a copy of the alias list */
1559 if (hosts->h_aliases != NULL)
1562 uschar **aliases, **ptr;
1563 for (aliases = USS hosts->h_aliases; *aliases != NULL; aliases++) count++;
1564 ptr = sender_host_aliases = store_get_perm(count * sizeof(uschar *));
1565 for (aliases = USS hosts->h_aliases; *aliases != NULL; aliases++)
1567 uschar *s = *aliases;
1568 int len = Ustrlen(s) + 1;
1569 uschar *t = *ptr++ = store_get_perm(len);
1570 while (*s != 0) *t++ = tolower(*s++);
1581 /*************************************************
1582 * Find host name for incoming call *
1583 *************************************************/
1585 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1586 up a list of alias names, pointed to by sender_host_alias. The list is
1587 NULL-terminated. The incoming address is in sender_host_address, either in
1588 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1590 This function does a thorough check that the names it finds point back to the
1591 incoming IP address. Any that do not are discarded. Note that this is relied on
1592 by the ACL reverse_host_lookup check.
1594 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1595 this it not universally true. Also, for release 4.30, this function was changed
1596 to do a direct DNS lookup first, by default[1], because it turns out that that
1597 is the only guaranteed way to find all the aliases on some systems. My
1598 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1601 [1] The actual order is controlled by the host_lookup_order option.
1604 Returns: OK on success, the answer being placed in the global variable
1605 sender_host_name, with any aliases in a list hung off
1607 FAIL if no host name can be found
1608 DEFER if a temporary error was encountered
1610 The variable host_lookup_msg is set to an empty string on sucess, or to a
1611 reason for the failure otherwise, in a form suitable for tagging onto an error
1612 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1613 was a defer, host_lookup_deferred is set TRUE.
1615 Any dynamically constructed string for host_lookup_msg must be in permanent
1616 store, because it might be used for several incoming messages on the same SMTP
1620 host_name_lookup(void)
1624 uschar *hname, *save_hostname;
1628 uschar *list = host_lookup_order;
1633 host_lookup_deferred = host_lookup_failed = FALSE;
1635 HDEBUG(D_host_lookup)
1636 debug_printf("looking up host name for %s\n", sender_host_address);
1638 /* For testing the case when a lookup does not complete, we have a special
1639 reserved IP address. */
1641 if (running_in_test_harness &&
1642 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1644 HDEBUG(D_host_lookup)
1645 debug_printf("Test harness: host name lookup returns DEFER\n");
1646 host_lookup_deferred = TRUE;
1650 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1651 the order specified by the host_lookup_order option. */
1653 while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
1656 if (strcmpic(ordername, US"bydns") == 0)
1658 dns_init(FALSE, FALSE);
1659 dns_build_reverse(sender_host_address, buffer);
1660 rc = dns_lookup(&dnsa, buffer, T_PTR, NULL);
1662 /* The first record we come across is used for the name; others are
1663 considered to be aliases. We have to scan twice, in order to find out the
1664 number of aliases. However, if all the names are empty, we will behave as
1665 if failure. (PTR records that yield empty names have been encountered in
1668 if (rc == DNS_SUCCEED)
1670 uschar **aptr = NULL;
1673 int old_pool = store_pool;
1675 store_pool = POOL_PERM; /* Save names in permanent storage */
1677 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
1679 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
1681 if (rr->type == T_PTR) count++;
1684 /* Get store for the list of aliases. For compatibility with
1685 gethostbyaddr, we make an empty list if there are none. */
1687 aptr = sender_host_aliases = store_get(count * sizeof(uschar *));
1689 /* Re-scan and extract the names */
1691 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
1693 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
1696 if (rr->type != T_PTR) continue;
1697 s = store_get(ssize);
1699 /* If an overlong response was received, the data will have been
1700 truncated and dn_expand may fail. */
1702 if (dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen,
1703 (uschar *)(rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1705 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1706 sender_host_address);
1710 store_reset(s + Ustrlen(s) + 1);
1713 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1714 "empty name: treated as non-existent host name\n");
1717 if (sender_host_name == NULL) sender_host_name = s;
1719 while (*s != 0) { *s = tolower(*s); s++; }
1722 *aptr = NULL; /* End of alias list */
1723 store_pool = old_pool; /* Reset store pool */
1725 /* If we've found a names, break out of the "order" loop */
1727 if (sender_host_name != NULL) break;
1730 /* If the DNS lookup deferred, we must also defer. */
1732 if (rc == DNS_AGAIN)
1734 HDEBUG(D_host_lookup)
1735 debug_printf("IP address PTR lookup gave temporary error\n");
1736 host_lookup_deferred = TRUE;
1741 /* Do a lookup using gethostbyaddr() - or equivalent */
1743 else if (strcmpic(ordername, US"byaddr") == 0)
1745 HDEBUG(D_host_lookup)
1746 debug_printf("IP address lookup using gethostbyaddr()\n");
1747 rc = host_name_lookup_byaddr();
1750 host_lookup_deferred = TRUE;
1751 return rc; /* Can't carry on */
1753 if (rc == OK) break; /* Found a name */
1755 } /* Loop for bydns/byaddr scanning */
1757 /* If we have failed to find a name, return FAIL and log when required.
1758 NB host_lookup_msg must be in permanent store. */
1760 if (sender_host_name == NULL)
1762 if (host_checking || !log_testing_mode)
1763 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1764 "address %s", sender_host_address);
1765 host_lookup_msg = US" (failed to find host name from IP address)";
1766 host_lookup_failed = TRUE;
1770 /* We have a host name. If we are running in the test harness, we want the host
1771 name and its alias to appear always the same way round. There are only ever two
1772 names in these tests. If one of them contains "alias", make sure it is second;
1773 otherwise put them in alphabetical order. */
1775 if (running_in_test_harness && *sender_host_aliases != NULL &&
1777 Ustrstr(sender_host_name, "alias") != NULL ||
1779 Ustrstr(*sender_host_aliases, "alias") == NULL &&
1780 Ustrcmp(sender_host_name, *sender_host_aliases) > 0
1784 uschar *temp = sender_host_name;
1785 sender_host_name = *sender_host_aliases;
1786 *sender_host_aliases = temp;
1789 /* Debug output what was found, after test harness swapping, for consistency */
1791 HDEBUG(D_host_lookup)
1793 uschar **aliases = sender_host_aliases;
1794 debug_printf("IP address lookup yielded %s\n", sender_host_name);
1795 while (*aliases != NULL) debug_printf(" alias %s\n", *aliases++);
1798 /* We need to verify that a forward lookup on the name we found does indeed
1799 correspond to the address. This is for security: in principle a malefactor who
1800 happened to own a reverse zone could set it to point to any names at all.
1802 This code was present in versions of Exim before 3.20. At that point I took it
1803 out because I thought that gethostbyaddr() did the check anyway. It turns out
1804 that this isn't always the case, so it's coming back in at 4.01. This version
1805 is actually better, because it also checks aliases.
1807 The code was made more robust at release 4.21. Prior to that, it accepted all
1808 the names if any of them had the correct IP address. Now the code checks all
1809 the names, and accepts only those that have the correct IP address. */
1811 save_hostname = sender_host_name; /* Save for error messages */
1812 aliases = sender_host_aliases;
1813 for (hname = sender_host_name; hname != NULL; hname = *aliases++)
1823 /* When called with the 5th argument FALSE, host_find_byname() won't return
1824 HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in
1825 IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */
1827 if ((rc = host_find_byname(&h, NULL, NULL, FALSE)) == HOST_FOUND)
1830 uschar *address_ipv4 = (Ustrncmp(sender_host_address, "::ffff:", 7) == 0)?
1831 sender_host_address + 7 : sender_host_address;
1832 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1833 for (hh = &h; hh != NULL; hh = hh->next)
1835 if ((Ustrcmp(hh->address, (Ustrchr(hh->address, ':') == NULL)?
1836 address_ipv4 : sender_host_address)) == 0)
1838 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1844 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1847 if (!ok) HDEBUG(D_host_lookup)
1848 debug_printf("no IP address for %s matched %s\n", hname,
1849 sender_host_address);
1851 else if (rc == HOST_FIND_AGAIN)
1853 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1854 host_lookup_deferred = TRUE;
1859 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1862 /* If this name is no good, and it's the sender name, set it null pro tem;
1863 if it's an alias, just remove it from the list. */
1867 if (hname == sender_host_name) sender_host_name = NULL; else
1869 uschar **a; /* Don't amalgamate - some */
1870 a = --aliases; /* compilers grumble */
1871 while (*a != NULL) { *a = a[1]; a++; }
1876 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1877 it with the first alias, if there is one. */
1879 if (sender_host_name == NULL && *sender_host_aliases != NULL)
1880 sender_host_name = *sender_host_aliases++;
1882 /* If we now have a main name, all is well. */
1884 if (sender_host_name != NULL) return OK;
1886 /* We have failed to find an address that matches. */
1888 HDEBUG(D_host_lookup)
1889 debug_printf("%s does not match any IP address for %s\n",
1890 sender_host_address, save_hostname);
1892 /* This message must be in permanent store */
1894 old_pool = store_pool;
1895 store_pool = POOL_PERM;
1896 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1897 sender_host_address, save_hostname);
1898 store_pool = old_pool;
1899 host_lookup_failed = TRUE;
1906 /*************************************************
1907 * Find IP address(es) for host by name *
1908 *************************************************/
1910 /* The input is a host_item structure with the name filled in and the address
1911 field set to NULL. We use gethostbyname(). Of course, gethostbyname() may use
1912 the DNS, but it doesn't do MX processing. If more than one address is given,
1913 chain on additional host items, with other relevant fields copied.
1915 The second argument provides a host list (usually an IP list) of hosts to
1916 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1917 addresses in unreasonable places.
1919 The lookup may result in a change of name. For compatibility with the dns
1920 lookup, return this via fully_qualified_name as well as updating the host item.
1921 The lookup may also yield more than one IP address, in which case chain on
1922 subsequent host_item structures.
1925 host a host item with the name and MX filled in;
1926 the address is to be filled in;
1927 multiple IP addresses cause other host items to be
1929 ignore_target_hosts a list of hosts to ignore
1930 fully_qualified_name if not NULL, set to point to host name for
1931 compatibility with host_find_bydns
1932 local_host_check TRUE if a check for the local host is wanted
1934 Returns: HOST_FIND_FAILED Failed to find the host or domain
1935 HOST_FIND_AGAIN Try again later
1936 HOST_FOUND Host found - data filled in
1937 HOST_FOUND_LOCAL Host found and is the local host
1941 host_find_byname(host_item *host, uschar *ignore_target_hosts,
1942 uschar **fully_qualified_name, BOOL local_host_check)
1944 int i, yield, times;
1946 host_item *last = NULL;
1947 BOOL temp_error = FALSE;
1952 /* If we are in the test harness, a name ending in .test.again.dns always
1953 forces a temporary error response. */
1955 if (running_in_test_harness)
1957 uschar *endname = host->name + Ustrlen(host->name);
1958 if (Ustrcmp(endname - 14, "test.again.dns") == 0)
1959 return HOST_FIND_AGAIN;
1962 /* In an IPv6 world, we need to scan for both kinds of address, so go round the
1963 loop twice. Note that we have ensured that AF_INET6 is defined even in an IPv4
1964 world, which makes for slightly tidier code. However, if dns_ipv4_lookup
1965 matches the domain, we also just do IPv4 lookups here (except when testing
1970 if (dns_ipv4_lookup != NULL &&
1971 match_isinlist(host->name, &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN,
1973 { af = AF_INET; times = 1; }
1975 #endif /* STAND_ALONE */
1977 { af = AF_INET6; times = 2; }
1979 /* No IPv6 support */
1981 #else /* HAVE_IPV6 */
1983 #endif /* HAVE_IPV6 */
1985 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1986 interface to this function can be similar to host_find_bydns. */
1988 host_find_failed_syntax = FALSE;
1990 /* Loop to look up both kinds of address in an IPv6 world */
1992 for (i = 1; i <= times;
1994 af = AF_INET, /* If 2 passes, IPv4 on the second */
2000 struct hostent *hostdata;
2003 if (running_in_test_harness)
2004 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
2007 #if HAVE_GETIPNODEBYNAME
2008 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
2010 hostdata = gethostbyname2(CS host->name, af);
2011 error_num = h_errno;
2015 #else /* not HAVE_IPV6 */
2016 if (running_in_test_harness)
2017 hostdata = host_fake_gethostbyname(host->name, AF_INET, &error_num);
2020 hostdata = gethostbyname(CS host->name);
2021 error_num = h_errno;
2023 #endif /* HAVE_IPV6 */
2025 if (hostdata == NULL)
2030 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
2031 case TRY_AGAIN: error = US"TRY_AGAIN"; break;
2032 case NO_RECOVERY: error = US"NO_RECOVERY"; break;
2033 case NO_DATA: error = US"NO_DATA"; break;
2034 #if NO_DATA != NO_ADDRESS
2035 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
2037 default: error = US"?"; break;
2040 DEBUG(D_host_lookup) debug_printf("%s returned %d (%s)\n",
2042 #if HAVE_GETIPNODEBYNAME
2043 (af == AF_INET6)? "getipnodebyname(af=inet6)" : "getipnodebyname(af=inet)",
2045 (af == AF_INET6)? "gethostbyname2(af=inet6)" : "gethostbyname2(af=inet)",
2052 if (error_num == TRY_AGAIN || error_num == NO_RECOVERY) temp_error = TRUE;
2055 if ((hostdata->h_addr_list)[0] == NULL) continue;
2057 /* Replace the name with the fully qualified one if necessary, and fill in
2058 the fully_qualified_name pointer. */
2060 if (hostdata->h_name[0] != 0 &&
2061 Ustrcmp(host->name, hostdata->h_name) != 0)
2062 host->name = string_copy_dnsdomain((uschar *)hostdata->h_name);
2063 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2065 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2066 by their different lengths. Scan the list, ignoring any that are to be
2067 ignored, and build a chain from the rest. */
2069 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2071 for (addrlist = USS hostdata->h_addr_list; *addrlist != NULL; addrlist++)
2073 uschar *text_address =
2074 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2077 if (ignore_target_hosts != NULL &&
2078 verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2079 text_address, NULL) == OK)
2081 DEBUG(D_host_lookup)
2082 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2087 /* If this is the first address, last == NULL and we put the data in the
2092 host->address = text_address;
2093 host->port = PORT_NONE;
2094 host->status = hstatus_unknown;
2095 host->why = hwhy_unknown;
2099 /* Else add further host item blocks for any other addresses, keeping
2104 host_item *next = store_get(sizeof(host_item));
2105 next->name = host->name;
2106 next->mx = host->mx;
2107 next->address = text_address;
2108 next->port = PORT_NONE;
2109 next->status = hstatus_unknown;
2110 next->why = hwhy_unknown;
2112 next->next = last->next;
2119 /* If no hosts were found, the address field in the original host block will be
2120 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2121 so we pass that back. */
2123 if (host->address == NULL)
2127 (message_id[0] == 0 && smtp_in != NULL)?
2128 string_sprintf("no IP address found for host %s (during %s)", host->name,
2129 smtp_get_connection_info()) :
2131 string_sprintf("no IP address found for host %s", host->name);
2133 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2134 if (temp_error) return HOST_FIND_AGAIN;
2135 if (host_checking || !log_testing_mode)
2136 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2137 return HOST_FIND_FAILED;
2140 /* Remove any duplicate IP addresses, then check to see if this is the local
2141 host if required. */
2143 host_remove_duplicates(host, &last);
2144 yield = local_host_check?
2145 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2147 /* When running in the test harness, sort into the order of addresses so as to
2148 get repeatability. */
2150 if (running_in_test_harness) sort_addresses(host, last);
2152 HDEBUG(D_host_lookup)
2155 if (fully_qualified_name != NULL)
2156 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2157 debug_printf("%s looked up these IP addresses:\n",
2159 #if HAVE_GETIPNODEBYNAME
2168 for (h = host; h != last->next; h = h->next)
2169 debug_printf(" name=%s address=%s\n", h->name,
2170 (h->address == NULL)? US"<null>" : h->address);
2173 /* Return the found status. */
2180 /*************************************************
2181 * Fill in a host address from the DNS *
2182 *************************************************/
2184 /* Given a host item, with its name and mx fields set, and its address field
2185 set to NULL, fill in its IP address from the DNS. If it is multi-homed, create
2186 additional host items for the additional addresses, copying all the other
2187 fields, and randomizing the order.
2189 On IPv6 systems, A6 records are sought first (but only if support for A6 is
2190 configured - they may never become mainstream), then AAAA records are sought,
2191 and finally A records are sought as well.
2193 The host name may be changed if the DNS returns a different name - e.g. fully
2194 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2195 ensures that it points to the fully qualified name. However, this is the fully
2196 qualified version of the original name; if a CNAME is involved, the actual
2197 canonical host name may be different again, and so we get it directly from the
2198 relevant RR. Note that we do NOT change the mx field of the host item in this
2199 function as it may be called to set the addresses of hosts taken from MX
2203 host points to the host item we're filling in
2204 lastptr points to pointer to last host item in a chain of
2205 host items (may be updated if host is last and gets
2206 extended because multihomed)
2207 ignore_target_hosts list of hosts to ignore
2208 allow_ip if TRUE, recognize an IP address and return it
2209 fully_qualified_name if not NULL, return fully qualified name here if
2210 the contents are different (i.e. it must be preset
2213 Returns: HOST_FIND_FAILED couldn't find A record
2214 HOST_FIND_AGAIN try again later
2215 HOST_FOUND found AAAA and/or A record(s)
2216 HOST_IGNORED found, but all IPs ignored
2220 set_address_from_dns(host_item *host, host_item **lastptr,
2221 uschar *ignore_target_hosts, BOOL allow_ip, uschar **fully_qualified_name)
2224 host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
2225 BOOL v6_find_again = FALSE;
2228 /* If allow_ip is set, a name which is an IP address returns that value
2229 as its address. This is used for MX records when allow_mx_to_ip is set, for
2230 those sites that feel they have to flaunt the RFC rules. */
2232 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2235 if (ignore_target_hosts != NULL &&
2236 verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2237 host->name, NULL) == OK)
2238 return HOST_IGNORED;
2241 host->address = host->name;
2242 host->port = PORT_NONE;
2246 /* On an IPv6 system, go round the loop up to three times, looking for A6 and
2247 AAAA records the first two times. However, unless doing standalone testing, we
2248 force an IPv4 lookup if the domain matches dns_ipv4_lookup is set. Since A6
2249 records look like being abandoned, support them only if explicitly configured
2250 to do so. On an IPv4 system, go round the loop once only, looking only for A
2255 if (dns_ipv4_lookup != NULL &&
2256 match_isinlist(host->name, &dns_ipv4_lookup, 0, NULL, NULL, MCL_DOMAIN,
2258 i = 0; /* look up A records only */
2260 #endif /* STAND_ALONE */
2263 i = 2; /* look up A6 and AAAA and A records */
2265 i = 1; /* look up AAAA and A records */
2266 #endif /* SUPPORT_A6 */
2268 /* The IPv4 world */
2270 #else /* HAVE_IPV6 */
2271 i = 0; /* look up A records only */
2272 #endif /* HAVE_IPV6 */
2276 static int types[] = { T_A, T_AAAA, T_A6 };
2277 int type = types[i];
2278 int randoffset = (i == 0)? 500 : 0; /* Ensures v6 sorts before v4 */
2282 int rc = dns_lookup(&dnsa, host->name, type, fully_qualified_name);
2284 /* We want to return HOST_FIND_AGAIN if one of the A, A6, or AAAA lookups
2285 fails or times out, but not if another one succeeds. (In the early
2286 IPv6 days there are name servers that always fail on AAAA, but are happy
2287 to give out an A record. We want to proceed with that A record.) */
2289 if (rc != DNS_SUCCEED)
2291 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2293 if (host->address != NULL) return HOST_FOUND; /* A6 or AAAA was found */
2294 if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2295 return HOST_FIND_AGAIN;
2296 return HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2299 /* Tried for an A6 or AAAA record: remember if this was a temporary
2300 error, and look for the next record type. */
2302 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2306 /* Lookup succeeded: fill in the given host item with the first non-ignored
2307 address found; create additional items for any others. A single A6 record
2308 may generate more than one address. */
2310 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2312 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2314 if (rr->type == type)
2316 /* dns_address *da = dns_address_from_rr(&dnsa, rr); */
2319 da = dns_address_from_rr(&dnsa, rr);
2321 DEBUG(D_host_lookup)
2324 debug_printf("no addresses extracted from A6 RR for %s\n",
2328 /* This loop runs only once for A and AAAA records, but may run
2329 several times for an A6 record that generated multiple addresses. */
2331 for (; da != NULL; da = da->next)
2334 if (ignore_target_hosts != NULL &&
2335 verify_check_this_host(&ignore_target_hosts, NULL,
2336 host->name, da->address, NULL) == OK)
2338 DEBUG(D_host_lookup)
2339 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2344 /* If this is the first address, stick it in the given host block,
2345 and change the name if the returned RR has a different name. */
2347 if (thishostlast == NULL)
2349 if (strcmpic(host->name, rr->name) != 0)
2350 host->name = string_copy_dnsdomain(rr->name);
2351 host->address = da->address;
2352 host->port = PORT_NONE;
2353 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2354 host->status = hstatus_unknown;
2355 host->why = hwhy_unknown;
2356 thishostlast = host;
2359 /* Not the first address. Check for, and ignore, duplicates. Then
2360 insert in the chain at a random point. */
2367 /* End of our local chain is specified by "thishostlast". */
2369 for (next = host;; next = next->next)
2371 if (Ustrcmp(CS da->address, next->address) == 0) break;
2372 if (next == thishostlast) { next = NULL; break; }
2374 if (next != NULL) continue; /* With loop for next address */
2376 /* Not a duplicate */
2378 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2379 next = store_get(sizeof(host_item));
2381 /* New address goes first: insert the new block after the first one
2382 (so as not to disturb the original pointer) but put the new address
2383 in the original block. */
2385 if (new_sort_key < host->sort_key)
2389 host->address = da->address;
2390 host->port = PORT_NONE;
2391 host->sort_key = new_sort_key;
2392 if (thishostlast == host) thishostlast = next; /* Local last */
2393 if (*lastptr == host) *lastptr = next; /* Global last */
2396 /* Otherwise scan down the addresses for this host to find the
2397 one to insert after. */
2401 host_item *h = host;
2402 while (h != thishostlast)
2404 if (new_sort_key < h->next->sort_key) break;
2409 next->address = da->address;
2410 next->port = PORT_NONE;
2411 next->sort_key = new_sort_key;
2412 if (h == thishostlast) thishostlast = next; /* Local last */
2413 if (h == *lastptr) *lastptr = next; /* Global last */
2421 /* Control gets here only if the third lookup (the A record) succeeded.
2422 However, the address may not be filled in if it was ignored. */
2424 return (host->address == NULL)? HOST_IGNORED : HOST_FOUND;
2430 /*************************************************
2431 * Find IP addresses and names for host via DNS *
2432 *************************************************/
2434 /* The input is a host_item structure with the name filled in and the address
2435 field set to NULL. This may be in a chain of other host items. The lookup may
2436 result in more than one IP address, in which case we must created new host
2437 blocks for the additional addresses, and insert them into the chain. The
2438 original name may not be fully qualified. Use the fully_qualified_name argument
2439 to return the official name, as returned by the resolver.
2442 host point to initial host item
2443 ignore_target_hosts a list of hosts to ignore
2444 whichrrs flags indicating which RRs to look for:
2445 HOST_FIND_BY_SRV => look for SRV
2446 HOST_FIND_BY_MX => look for MX
2447 HOST_FIND_BY_A => look for A or AAAA
2448 also flags indicating how the lookup is done
2449 HOST_FIND_QUALIFY_SINGLE ) passed to the
2450 HOST_FIND_SEARCH_PARENTS ) resolver
2451 srv_service when SRV used, the service name
2452 srv_fail_domains DNS errors for these domains => assume nonexist
2453 mx_fail_domains DNS errors for these domains => assume nonexist
2454 fully_qualified_name if not NULL, return fully-qualified name
2455 removed set TRUE if local host was removed from the list
2457 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2458 if there was a syntax error,
2459 host_find_failed_syntax is set.
2460 HOST_FIND_AGAIN Could not resolve at this time
2461 HOST_FOUND Host found
2462 HOST_FOUND_LOCAL The lowest MX record points to this
2463 machine, if MX records were found, or
2464 an A record that was found contains
2465 an address of the local host
2469 host_find_bydns(host_item *host, uschar *ignore_target_hosts, int whichrrs,
2470 uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
2471 uschar **fully_qualified_name, BOOL *removed)
2473 host_item *h, *last;
2481 /* Set the default fully qualified name to the incoming name, initialize the
2482 resolver if necessary, set up the relevant options, and initialize the flag
2483 that gets set for DNS syntax check errors. */
2485 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2486 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2487 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0);
2488 host_find_failed_syntax = FALSE;
2490 /* First, if requested, look for SRV records. The service name is given; we
2491 assume TCP progocol. DNS domain names are constrained to a maximum of 256
2492 characters, so the code below should be safe. */
2494 if ((whichrrs & HOST_FIND_BY_SRV) != 0)
2497 uschar *temp_fully_qualified_name = buffer;
2500 (void)sprintf(CS buffer, "_%s._tcp.%n%.256s", srv_service, &prefix_length,
2504 /* Search for SRV records. If the fully qualified name is different to
2505 the input name, pass back the new original domain, without the prepended
2508 rc = dns_lookup(&dnsa, buffer, ind_type, &temp_fully_qualified_name);
2509 if (temp_fully_qualified_name != buffer && fully_qualified_name != NULL)
2510 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2512 /* On DNS failures, we give the "try again" error unless the domain is
2513 listed as one for which we continue. */
2515 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2518 if (match_isinlist(host->name, &srv_fail_domains, 0, NULL, NULL, MCL_DOMAIN,
2521 return HOST_FIND_AGAIN;
2522 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2523 "(domain in srv_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2527 /* If we did not find any SRV records, search the DNS for MX records, if
2528 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2529 domain, and there's no point in going on to look for address records with the
2530 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2531 records. On DNS failures, we give the "try again" error unless the domain is
2532 listed as one for which we continue. */
2534 if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0)
2537 rc = dns_lookup(&dnsa, host->name, ind_type, fully_qualified_name);
2538 if (rc == DNS_NOMATCH) return HOST_FIND_FAILED;
2539 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2542 if (match_isinlist(host->name, &mx_fail_domains, 0, NULL, NULL, MCL_DOMAIN,
2545 return HOST_FIND_AGAIN;
2546 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2547 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2551 /* If we haven't found anything yet, and we are requested to do so, try for an
2552 A or AAAA record. If we find it (or them) check to see that it isn't the local
2555 if (rc != DNS_SUCCEED)
2557 if ((whichrrs & HOST_FIND_BY_A) == 0)
2559 DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n");
2560 return HOST_FIND_FAILED;
2563 last = host; /* End of local chainlet */
2565 host->port = PORT_NONE;
2566 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2567 fully_qualified_name);
2569 /* If one or more address records have been found, check that none of them
2570 are local. Since we know the host items all have their IP addresses
2571 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2572 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2573 because set_address_from_dns() removes them. */
2575 if (rc == HOST_FOUND)
2576 rc = host_scan_for_local_hosts(host, &last, removed);
2578 if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
2580 /* When running in the test harness, sort into the order of addresses so as
2581 to get repeatability. */
2583 if (running_in_test_harness) sort_addresses(host, last);
2585 DEBUG(D_host_lookup)
2588 if (host->address != NULL)
2590 if (fully_qualified_name != NULL)
2591 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2592 for (h = host; h != last->next; h = h->next)
2593 debug_printf("%s %s mx=%d sort=%d %s\n", h->name,
2594 (h->address == NULL)? US"<null>" : h->address, h->mx, h->sort_key,
2595 (h->status >= hstatus_unusable)? US"*" : US"");
2602 /* We have found one or more MX or SRV records. Sort them according to
2603 precedence. Put the data for the first one into the existing host block, and
2604 insert new host_item blocks into the chain for the remainder. For equal
2605 precedences one is supposed to randomize the order. To make this happen, the
2606 sorting is actually done on the MX value * 1000 + a random number. This is put
2607 into a host field called sort_key.
2609 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2610 IPv6 address in preference. At this stage, we don't know what kind of address
2611 the host has. We choose a random number < 500; if later we find an A record
2612 first, we add 500 to the random number. Then for any other address records, we
2613 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2616 At this point we remove any duplicates that point to the same host, retaining
2617 only the one with the lowest precedence. We cannot yet check for precedence
2618 greater than that of the local host, because that test cannot be properly done
2619 until the addresses have been found - an MX record may point to a name for this
2620 host which is not the primary hostname. */
2622 last = NULL; /* Indicates that not even the first item is filled yet */
2624 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2626 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2629 int weight = 0; /* For SRV records */
2630 int port = PORT_NONE; /* For SRV records */
2631 uschar *s; /* MUST be unsigned for GETSHORT */
2634 if (rr->type != ind_type) continue;
2636 GETSHORT(precedence, s); /* Pointer s is advanced */
2638 /* For MX records, we use a random "weight" which causes multiple records of
2639 the same precedence to sort randomly. */
2641 if (ind_type == T_MX)
2643 weight = random_number(500);
2646 /* SRV records are specified with a port and a weight. The weight is used
2647 in a special algorithm. However, to start with, we just use it to order the
2648 records of equal priority (precedence). */
2652 GETSHORT(weight, s);
2656 /* Get the name of the host pointed to. */
2658 (void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, s,
2659 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2661 /* Check that we haven't already got this host on the chain; if we have,
2662 keep only the lower precedence. This situation shouldn't occur, but you
2663 never know what junk might get into the DNS (and this case has been seen on
2664 more than one occasion). */
2666 if (last != NULL) /* This is not the first record */
2668 host_item *prev = NULL;
2670 for (h = host; h != last->next; prev = h, h = h->next)
2672 if (strcmpic(h->name, data) == 0)
2674 DEBUG(D_host_lookup)
2675 debug_printf("discarded duplicate host %s (MX=%d)\n", data,
2676 (precedence > h->mx)? precedence : h->mx);
2677 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2678 if (h == host) /* Override first item */
2681 host->sort_key = precedence * 1000 + weight;
2685 /* Unwanted host item is not the first in the chain, so we can get
2686 get rid of it by cutting it out. */
2688 prev->next = h->next;
2689 if (h == last) last = prev;
2695 /* If this is the first MX or SRV record, put the data into the existing host
2696 block. Otherwise, add a new block in the correct place; if it has to be
2697 before the first block, copy the first block's data to a new second block. */
2701 host->name = string_copy_dnsdomain(data);
2702 host->address = NULL;
2704 host->mx = precedence;
2705 host->sort_key = precedence * 1000 + weight;
2706 host->status = hstatus_unknown;
2707 host->why = hwhy_unknown;
2711 /* Make a new host item and seek the correct insertion place */
2715 int sort_key = precedence * 1000 + weight;
2716 host_item *next = store_get(sizeof(host_item));
2717 next->name = string_copy_dnsdomain(data);
2718 next->address = NULL;
2720 next->mx = precedence;
2721 next->sort_key = sort_key;
2722 next->status = hstatus_unknown;
2723 next->why = hwhy_unknown;
2726 /* Handle the case when we have to insert before the first item. */
2728 if (sort_key < host->sort_key)
2735 if (last == host) last = next;
2738 /* Else scan down the items we have inserted as part of this exercise;
2739 don't go further. */
2743 for (h = host; h != last; h = h->next)
2745 if (sort_key < h->next->sort_key)
2747 next->next = h->next;
2753 /* Join on after the last host item that's part of this
2754 processing if we haven't stopped sooner. */
2758 next->next = last->next;
2765 NEXT_MX_RR: continue;
2768 /* If the list of hosts was obtained from SRV records, there are two things to
2769 do. First, if there is only one host, and it's name is ".", it means there is
2770 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2771 priority according to their weights, using an algorithm that is defined in RFC
2772 2782. The hosts are currently sorted by priority and weight. For each priority
2773 group we have to pick off one host and put it first, and then repeat for any
2774 remaining in the same priority group. */
2776 if (ind_type == T_SRV)
2780 if (host == last && host->name[0] == 0)
2782 DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n");
2783 return HOST_FIND_FAILED;
2786 DEBUG(D_host_lookup)
2788 debug_printf("original ordering of hosts from SRV records:\n");
2789 for (h = host; h != last->next; h = h->next)
2790 debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2793 for (pptr = &host, h = host; h != last; pptr = &(h->next), h = h->next)
2798 /* Find the last following host that has the same precedence. At the same
2799 time, compute the sum of the weights and the running totals. These can be
2800 stored in the sort_key field. */
2802 for (hh = h; hh != last; hh = hh->next)
2804 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2807 if (hh->mx != hh->next->mx) break;
2810 /* If there's more than one host at this precedence (priority), we need to
2811 pick one to go first. */
2817 int randomizer = random_number(sum + 1);
2819 for (ppptr = pptr, hhh = h;
2821 ppptr = &(hhh->next), hhh = hhh->next)
2823 if (hhh->sort_key >= randomizer) break;
2826 /* hhh now points to the host that should go first; ppptr points to the
2827 place that points to it. Unfortunately, if the start of the minilist is
2828 the start of the entire list, we can't just swap the items over, because
2829 we must not change the value of host, since it is passed in from outside.
2830 One day, this could perhaps be changed.
2832 The special case is fudged by putting the new item *second* in the chain,
2833 and then transferring the data between the first and second items. We
2834 can't just swap the first and the chosen item, because that would mean
2835 that an item with zero weight might no longer be first. */
2839 *ppptr = hhh->next; /* Cuts it out of the chain */
2843 host_item temp = *h;
2846 hhh->next = temp.next;
2852 hhh->next = h; /* The rest of the chain follows it */
2853 *pptr = hhh; /* It takes the place of h */
2854 h = hhh; /* It's now the start of this minilist */
2859 /* A host has been chosen to be first at this priority and h now points
2860 to this host. There may be others at the same priority, or others at a
2861 different priority. Before we leave this host, we need to put back a sort
2862 key of the traditional MX kind, in case this host is multihomed, because
2863 the sort key is used for ordering the multiple IP addresses. We do not need
2864 to ensure that these new sort keys actually reflect the order of the hosts,
2867 h->sort_key = h->mx * 1000 + random_number(500);
2868 } /* Move on to the next host */
2871 /* Now we have to ensure addresses exist for all the hosts. We have ensured
2872 above that the names in the host items are all unique. The addresses may have
2873 been returned in the additional data section of the DNS query. Because it is
2874 more expensive to scan the returned DNS records (because you have to expand the
2875 names) we do a single scan over them, and multiple scans of the chain of host
2876 items (which is typically only 3 or 4 long anyway.) Add extra host items for
2877 multi-homed hosts. */
2879 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ADDITIONAL);
2881 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2884 int status = hstatus_unknown;
2885 int why = hwhy_unknown;
2890 && rr->type != T_AAAA
2897 /* Find the first host that matches this record's name. If there isn't
2898 one, move on to the next RR. */
2900 for (h = host; h != last->next; h = h->next)
2901 { if (strcmpic(h->name, rr->name) == 0) break; }
2902 if (h == last->next) continue;
2904 /* For IPv4 addresses, add 500 to the random part of the sort key, to ensure
2905 they sort after IPv6 addresses. */
2907 randoffset = (rr->type == T_A)? 500 : 0;
2909 /* Get the list of textual addresses for this RR. There may be more than one
2910 if it is an A6 RR. Then loop to handle multiple addresses from an A6 record.
2911 If there are none, nothing will get done - the record is ignored. */
2913 for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
2915 /* Set status for an ignorable host. */
2918 if (ignore_target_hosts != NULL &&
2919 verify_check_this_host(&ignore_target_hosts, NULL, h->name,
2920 da->address, NULL) == OK)
2922 DEBUG(D_host_lookup)
2923 debug_printf("ignored host %s [%s]\n", h->name, da->address);
2924 status = hstatus_unusable;
2929 /* If the address is already set for this host, it may be that
2930 we just have a duplicate DNS record. Alternatively, this may be
2931 a multi-homed host. Search all items with the same host name
2932 (they will all be together) and if this address is found, skip
2935 if (h->address != NULL)
2938 host_item *thishostlast;
2943 if (hh->address != NULL && Ustrcmp(CS da->address, hh->address) == 0)
2944 goto DNS_NEXT_RR; /* Need goto to escape from inner loop */
2948 while (hh != last->next && strcmpic(hh->name, rr->name) == 0);
2950 /* We have a multi-homed host, since we have a new address for
2951 an existing name. Create a copy of the current item, and give it
2952 the new address. RRs can be in arbitrary order, but one is supposed
2953 to randomize the addresses of multi-homed hosts, so compute a new
2954 sorting key and do that. [Latest SMTP RFC says not to randomize multi-
2955 homed hosts, but to rely on the resolver. I'm not happy about that -
2956 caching in the resolver will not rotate as often as the name server
2959 new_sort_key = h->mx * 1000 + random_number(500) + randoffset;
2960 hh = store_get(sizeof(host_item));
2962 /* New address goes first: insert the new block after the first one
2963 (so as not to disturb the original pointer) but put the new address
2964 in the original block. */
2966 if (new_sort_key < h->sort_key)
2968 *hh = *h; /* Note: copies the port */
2970 h->address = da->address;
2971 h->sort_key = new_sort_key;
2976 /* Otherwise scan down the addresses for this host to find the
2977 one to insert after. */
2981 while (h != thishostlast)
2983 if (new_sort_key < h->next->sort_key) break;
2986 *hh = *h; /* Note: copies the port */
2988 hh->address = da->address;
2989 hh->sort_key = new_sort_key;
2990 hh->status = status;
2994 if (h == last) last = hh; /* Inserted after last */
2997 /* The existing item doesn't have its address set yet, so just set it.
2998 Ensure that an IPv4 address gets its sort key incremented in case an IPv6
2999 address is found later. */
3003 h->address = da->address; /* Port should be set already */
3006 h->sort_key += randoffset;
3008 } /* Loop for addresses extracted from one RR */
3010 /* Carry on to the next RR. It would be nice to be able to be able to stop
3011 when every host on the list has an address, but we can't be sure there won't
3012 be an additional address for a multi-homed host further down the list, so
3013 we have to continue to the end. */
3015 DNS_NEXT_RR: continue;
3018 /* Set the default yield to failure */
3020 yield = HOST_FIND_FAILED;
3022 /* If we haven't found all the addresses in the additional section, we
3023 need to search for A or AAAA records explicitly. The names shouldn't point to
3024 CNAMES, but we use the general lookup function that handles them, just
3025 in case. If any lookup gives a soft error, change the default yield.
3027 For these DNS lookups, we must disable qualify_single and search_parents;
3028 otherwise invalid host names obtained from MX or SRV records can cause trouble
3029 if they happen to match something local. */
3031 dns_init(FALSE, FALSE);
3033 for (h = host; h != last->next; h = h->next)
3035 if (h->address != NULL || h->status == hstatus_unusable) continue;
3036 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip, NULL);
3037 if (rc != HOST_FOUND)
3039 h->status = hstatus_unusable;
3040 if (rc == HOST_FIND_AGAIN)
3043 h->why = hwhy_deferred;
3046 h->why = (rc == HOST_IGNORED)? hwhy_ignored : hwhy_failed;
3050 /* Scan the list for any hosts that are marked unusable because they have
3051 been explicitly ignored, and remove them from the list, as if they did not
3052 exist. If we end up with just a single, ignored host, flatten its fields as if
3053 nothing was found. */
3055 if (ignore_target_hosts != NULL)
3057 host_item *prev = NULL;
3058 for (h = host; h != last->next; h = h->next)
3061 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3063 else if (prev == NULL) /* First host is ignored */
3065 if (h != last) /* First is not last */
3067 if (h->next == last) last = h; /* Overwrite it with next */
3068 *h = *(h->next); /* and reprocess it. */
3069 goto REDO; /* C should have redo, like Perl */
3072 else /* Ignored host is not first - */
3074 prev->next = h->next;
3075 if (h == last) last = prev;
3079 if (host->why == hwhy_ignored) host->address = NULL;
3082 /* There is still one complication in the case of IPv6. Although the code above
3083 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3084 hosts, it doesn't do this for addresses that apply to different hosts with the
3085 same MX precedence, because the sorting on MX precedence happens first. So we
3086 have to make another pass to check for this case. We ensure that, within a
3087 single MX preference value, IPv6 addresses come first. This can separate the
3088 addresses of a multihomed host, but that should not matter. */
3093 for (h = host; h != last; h = h->next)
3096 host_item *next = h->next;
3097 if (h->mx != next->mx || /* If next is different MX value */
3098 (h->sort_key % 1000) < 500 || /* OR this one is IPv6 */
3099 (next->sort_key % 1000) >= 500) /* OR next is IPv4 */
3100 continue; /* move on to next */
3102 temp.next = next->next;
3110 /* When running in the test harness, we want the hosts always to be in the same
3111 order so that the debugging output is the same and can be compared. Having a
3112 fixed set of "random" numbers doesn't actually achieve this, because the RRs
3113 come back from the resolver in a random order, so the non-random random numbers
3114 get used in a different order. We therefore have to sort the hosts that have
3115 the same MX values. We chose do to this by their name and then by IP address.
3116 The fact that the sort is slow matters not - this is testing only! */
3118 if (running_in_test_harness)
3124 for (h = host; h != last; h = h->next)
3126 int c = Ustrcmp(h->name, h->next->name);
3127 if (c == 0) c = Ustrcmp(h->address, h->next->address);
3128 if (h->mx == h->next->mx && c > 0)
3130 host_item *next = h->next;
3131 host_item temp = *h;
3132 temp.next = next->next;
3143 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3144 whose IP addresses are on the local host. If any are found, all hosts with the
3145 same or higher MX values are removed. However, if the local host has the lowest
3146 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3147 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3148 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3149 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3150 be HOST_FIND_FAILED. */
3152 host_remove_duplicates(host, &last);
3153 rc = host_scan_for_local_hosts(host, &last, removed);
3154 if (rc != HOST_FIND_FAILED) yield = rc;
3156 DEBUG(D_host_lookup)
3158 if (fully_qualified_name != NULL)
3159 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
3160 debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
3161 (yield == HOST_FOUND)? "HOST_FOUND" :
3162 (yield == HOST_FOUND_LOCAL)? "HOST_FOUND_LOCAL" :
3163 (yield == HOST_FIND_AGAIN)? "HOST_FIND_AGAIN" :
3164 (yield == HOST_FIND_FAILED)? "HOST_FIND_FAILED" : "?",
3166 for (h = host; h != last->next; h = h->next)
3168 debug_printf(" %s %s MX=%d ", h->name,
3169 (h->address == NULL)? US"<null>" : h->address, h->mx);
3170 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3171 if (h->status >= hstatus_unusable) debug_printf("*");
3182 /*************************************************
3183 **************************************************
3184 * Stand-alone test program *
3185 **************************************************
3186 *************************************************/
3190 int main(int argc, char **cargv)
3193 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A;
3194 BOOL byname = FALSE;
3195 BOOL qualify_single = TRUE;
3196 BOOL search_parents = FALSE;
3197 uschar **argv = USS cargv;
3200 primary_hostname = US"";
3201 store_pool = POOL_MAIN;
3202 debug_selector = D_host_lookup|D_interface;
3203 debug_file = stdout;
3204 debug_fd = fileno(debug_file);
3206 printf("Exim stand-alone host functions test\n");
3208 host_find_interfaces();
3209 debug_selector = D_host_lookup | D_dns;
3211 if (argc > 1) primary_hostname = argv[1];
3213 /* So that debug level changes can be done first */
3215 dns_init(qualify_single, search_parents);
3217 printf("Testing host lookup\n");
3219 while (Ufgets(buffer, 256, stdin) != NULL)
3222 int len = Ustrlen(buffer);
3223 uschar *fully_qualified_name;
3225 while (len > 0 && isspace(buffer[len-1])) len--;
3228 if (Ustrcmp(buffer, "q") == 0) break;
3230 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3231 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3232 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A;
3233 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3234 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3235 else if (Ustrcmp(buffer, "srv+a") == 0)
3236 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A;
3237 else if (Ustrcmp(buffer, "srv+mx") == 0)
3238 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3239 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3240 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A;
3241 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3242 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3243 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3244 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3245 else if (Ustrcmp(buffer, "test_harness") == 0)
3246 running_in_test_harness = !running_in_test_harness;
3247 else if (Ustrcmp(buffer, "res_debug") == 0)
3249 _res.options ^= RES_DEBUG;
3251 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3253 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3254 _res.retrans = dns_retrans;
3256 else if (Ustrncmp(buffer, "retry", 5) == 0)
3258 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3259 _res.retry = dns_retry;
3263 int flags = whichrrs;
3269 h.status = hstatus_unknown;
3270 h.why = hwhy_unknown;
3273 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3274 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3277 host_find_byname(&h, NULL, &fully_qualified_name, TRUE)
3279 host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3280 &fully_qualified_name, NULL);
3282 if (rc == HOST_FIND_FAILED) printf("Failed\n");
3283 else if (rc == HOST_FIND_AGAIN) printf("Again\n");
3284 else if (rc == HOST_FOUND_LOCAL) printf("Local\n");
3290 printf("Testing host_aton\n");
3292 while (Ufgets(buffer, 256, stdin) != NULL)
3296 int len = Ustrlen(buffer);
3298 while (len > 0 && isspace(buffer[len-1])) len--;
3301 if (Ustrcmp(buffer, "q") == 0) break;
3303 len = host_aton(buffer, x);
3304 printf("length = %d ", len);
3305 for (i = 0; i < len; i++)
3307 printf("%04x ", (x[i] >> 16) & 0xffff);
3308 printf("%04x ", x[i] & 0xffff);
3315 printf("Testing host_name_lookup\n");
3317 while (Ufgets(buffer, 256, stdin) != NULL)
3319 int len = Ustrlen(buffer);
3320 while (len > 0 && isspace(buffer[len-1])) len--;
3322 if (Ustrcmp(buffer, "q") == 0) break;
3323 sender_host_address = buffer;
3324 sender_host_name = NULL;
3325 sender_host_aliases = NULL;
3326 host_lookup_msg = US"";
3327 host_lookup_failed = FALSE;
3328 if (host_name_lookup() == FAIL) /* Debug causes printing */
3329 printf("Lookup failed:%s\n", host_lookup_msg);
3337 #endif /* STAND_ALONE */
git://git.exim.org / users / heiko / exim.git / blob