1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2022 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions for finding hosts, either by gethostbyname(), gethostbyaddr(), or
10 directly via the DNS. When IPv6 is supported, getipnodebyname() and
11 getipnodebyaddr() may be used instead of gethostbyname() and gethostbyaddr(),
12 if the newer functions are available. This module also contains various other
13 functions concerned with hosts and addresses, and a random number function,
14 used for randomizing hosts with equal MXs but available for use in other parts
21 /* Static variable for preserving the list of interface addresses in case it is
22 used more than once. */
24 static ip_address_item *local_interface_data = NULL;
27 #ifdef USE_INET_NTOA_FIX
28 /*************************************************
29 * Replacement for broken inet_ntoa() *
30 *************************************************/
32 /* On IRIX systems, gcc uses a different structure passing convention to the
33 native libraries. This causes inet_ntoa() to always yield 0.0.0.0 or
34 255.255.255.255. To get round this, we provide a private version of the
35 function here. It is used only if USE_INET_NTOA_FIX is set, which should happen
36 only when gcc is in use on an IRIX system. Code send to me by J.T. Breitner,
40 as seen in comp.sys.sgi.admin
42 August 2005: Apparently this is also needed for AIX systems; USE_INET_NTOA_FIX
43 should now be set for them as well.
45 Arguments: sa an in_addr structure
46 Returns: pointer to static text string
50 inet_ntoa(struct in_addr sa)
52 static uschar addr[20];
53 sprintf(addr, "%d.%d.%d.%d",
64 /*************************************************
65 * Random number generator *
66 *************************************************/
68 /* This is a simple pseudo-random number generator. It does not have to be
69 very good for the uses to which it is put. When running the regression tests,
70 start with a fixed seed.
72 If you need better, see vaguely_random_number() which is potentially stronger,
73 if a crypto library is available, but might end up just calling this instead.
76 limit: one more than the largest number required
78 Returns: a pseudo-random number in the range 0 to limit-1
82 random_number(int limit)
88 if (f.running_in_test_harness) random_seed = 42; else
90 int p = (int)getpid();
91 random_seed = (int)time(NULL) ^ ((p << 16) | p);
94 random_seed = 1103515245 * random_seed + 12345;
95 return (unsigned int)(random_seed >> 16) % limit;
98 /*************************************************
99 * Wrappers for logging lookup times *
100 *************************************************/
102 /* When the 'slow_lookup_log' variable is enabled, these wrappers will
103 write to the log file all (potential) dns lookups that take more than
104 slow_lookup_log milliseconds
108 log_long_lookup(const uschar * type, const uschar * data, unsigned long msec)
110 log_write(0, LOG_MAIN, "Long %s lookup for '%s': %lu msec",
115 /* returns the current system epoch time in milliseconds. */
119 struct timeval tmp_time;
120 unsigned long seconds, microseconds;
122 gettimeofday(&tmp_time, NULL);
123 seconds = (unsigned long) tmp_time.tv_sec;
124 microseconds = (unsigned long) tmp_time.tv_usec;
125 return seconds*1000 + microseconds/1000;
130 dns_lookup_timerwrap(dns_answer *dnsa, const uschar *name, int type,
131 const uschar **fully_qualified_name)
134 unsigned long time_msec;
136 if (!slow_lookup_log)
137 return dns_lookup(dnsa, name, type, fully_qualified_name);
139 time_msec = get_time_in_ms();
140 retval = dns_lookup(dnsa, name, type, fully_qualified_name);
141 if ((time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
142 log_long_lookup(dns_text_type(type), name, time_msec);
147 /*************************************************
148 * Replace gethostbyname() when testing *
149 *************************************************/
151 /* This function is called instead of gethostbyname(), gethostbyname2(), or
152 getipnodebyname() when running in the test harness. . It also
153 recognizes an unqualified "localhost" and forces it to the appropriate loopback
154 address. IP addresses are treated as literals. For other names, it uses the DNS
155 to find the host name. In the test harness, this means it will access only the
159 name the host name or a textual IP address
160 af AF_INET or AF_INET6
161 error_num where to put an error code:
162 HOST_NOT_FOUND/TRY_AGAIN/NO_RECOVERY/NO_DATA
164 Returns: a hostent structure or NULL for an error
167 static struct hostent *
168 host_fake_gethostbyname(const uschar *name, int af, int *error_num)
171 int alen = (af == AF_INET)? sizeof(struct in_addr):sizeof(struct in6_addr);
173 int alen = sizeof(struct in_addr);
177 const uschar *lname = name;
180 struct hostent *yield;
181 dns_answer * dnsa = store_get_dns_answer();
185 debug_printf("using host_fake_gethostbyname for %s (%s)\n", name,
186 af == AF_INET ? "IPv4" : "IPv6");
188 /* Handle unqualified "localhost" */
190 if (Ustrcmp(name, "localhost") == 0)
191 lname = af == AF_INET ? US"127.0.0.1" : US"::1";
193 /* Handle a literal IP address */
195 if ((ipa = string_is_ip_address(lname, NULL)) != 0)
196 if ( ipa == 4 && af == AF_INET
197 || ipa == 6 && af == AF_INET6)
200 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
201 alist = store_get(2 * sizeof(char *), GET_UNTAINTED);
202 adds = store_get(alen, GET_UNTAINTED);
203 yield->h_name = CS name;
204 yield->h_aliases = NULL;
205 yield->h_addrtype = af;
206 yield->h_length = alen;
207 yield->h_addr_list = CSS alist;
209 for (int n = host_aton(lname, x), i = 0; i < n; i++)
212 *adds++ = (y >> 24) & 255;
213 *adds++ = (y >> 16) & 255;
214 *adds++ = (y >> 8) & 255;
220 /* Wrong kind of literal address */
224 *error_num = HOST_NOT_FOUND;
229 /* Handle a host name */
233 int type = af == AF_INET ? T_A:T_AAAA;
234 int rc = dns_lookup_timerwrap(dnsa, lname, type, NULL);
237 lookup_dnssec_authenticated = NULL;
241 case DNS_SUCCEED: break;
242 case DNS_NOMATCH: *error_num = HOST_NOT_FOUND; yield = NULL; goto out;
243 case DNS_NODATA: *error_num = NO_DATA; yield = NULL; goto out;
244 case DNS_AGAIN: *error_num = TRY_AGAIN; yield = NULL; goto out;
246 case DNS_FAIL: *error_num = NO_RECOVERY; yield = NULL; goto out;
249 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
251 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
254 yield = store_get(sizeof(struct hostent), GET_UNTAINTED);
255 alist = store_get((count + 1) * sizeof(char *), GET_UNTAINTED);
256 adds = store_get(count *alen, GET_UNTAINTED);
258 yield->h_name = CS name;
259 yield->h_aliases = NULL;
260 yield->h_addrtype = af;
261 yield->h_length = alen;
262 yield->h_addr_list = CSS alist;
264 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
266 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
270 if (!(da = dns_address_from_rr(dnsa, rr))) break;
272 for (int n = host_aton(da->address, x), i = 0; i < n; i++)
275 *adds++ = (y >> 24) & 255;
276 *adds++ = (y >> 16) & 255;
277 *adds++ = (y >> 8) & 255;
286 store_free_dns_answer(dnsa);
292 /*************************************************
293 * Build chain of host items from list *
294 *************************************************/
296 /* This function builds a chain of host items from a textual list of host
297 names. It does not do any lookups. If randomize is true, the chain is build in
298 a randomized order. There may be multiple groups of independently randomized
299 hosts; they are delimited by a host name consisting of just "+".
302 anchor anchor for the chain
304 randomize TRUE for randomizing
310 host_build_hostlist(host_item **anchor, const uschar *list, BOOL randomize)
313 int fake_mx = MX_NONE; /* This value is actually -1 */
317 if (randomize) fake_mx--; /* Start at -2 for randomizing */
321 while ((name = string_nextinlist(&list, &sep, NULL, 0)))
325 if (name[0] == '+' && name[1] == 0) /* "+" delimits a randomized group */
326 { /* ignore if not randomizing */
327 if (randomize) fake_mx--;
331 h = store_get(sizeof(host_item), GET_UNTAINTED);
336 h->sort_key = randomize ? (-fake_mx)*1000 + random_number(1000) : 0;
337 h->status = hstatus_unknown;
338 h->why = hwhy_unknown;
348 host_item *hh = *anchor;
349 if (h->sort_key < hh->sort_key)
356 while (hh->next && h->sort_key >= hh->next->sort_key)
369 /*************************************************
370 * Extract port from address string *
371 *************************************************/
373 /* In the spool file, and in the -oMa and -oMi options, a host plus port is
374 given as an IP address followed by a dot and a port number. This function
377 An alternative format for the -oMa and -oMi options is [ip address]:port which
378 is what Exim 4 uses for output, because it seems to becoming commonly used,
379 whereas the dot form confuses some programs/people. So we recognize that form
383 address points to the string; if there is a port, the '.' in the string
384 is overwritten with zero to terminate the address; if the string
385 is in the [xxx]:ppp format, the address is shifted left and the
388 Returns: 0 if there is no port, else the port number. If there's a syntax
389 error, leave the incoming address alone, and return 0.
393 host_address_extract_port(uschar *address)
398 /* Handle the "bracketed with colon on the end" format */
402 uschar *rb = address + 1;
403 while (*rb != 0 && *rb != ']') rb++;
404 if (*rb++ == 0) return 0; /* Missing ]; leave invalid address */
407 port = Ustrtol(rb + 1, &endptr, 10);
408 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
410 else if (*rb != 0) return 0; /* Bad syntax; leave invalid address */
411 memmove(address, address + 1, rb - address - 2);
415 /* Handle the "dot on the end" format */
419 int skip = -3; /* Skip 3 dots in IPv4 addresses */
421 while (*(++address) != 0)
424 if (ch == ':') skip = 0; /* Skip 0 dots in IPv6 addresses */
425 else if (ch == '.' && skip++ >= 0) break;
427 if (*address == 0) return 0;
428 port = Ustrtol(address + 1, &endptr, 10);
429 if (*endptr != 0) return 0; /* Invalid port; leave invalid address */
437 /*************************************************
438 * Get port from a host item's name *
439 *************************************************/
441 /* This function is called when finding the IP address for a host that is in a
442 list of hosts explicitly configured, such as in the manualroute router, or in a
443 fallback hosts list. We see if there is a port specification at the end of the
444 host name, and if so, remove it. A minimum length of 3 is required for the
445 original name; nothing shorter is recognized as having a port.
447 We test for a name ending with a sequence of digits; if preceded by colon we
448 have a port if the character before the colon is ] and the name starts with [
449 or if there are no other colons in the name (i.e. it's not an IPv6 address).
451 Arguments: pointer to the host item
452 Returns: a port number or PORT_NONE
456 host_item_get_port(host_item *h)
460 int len = Ustrlen(h->name);
462 if (len < 3 || (p = h->name + len - 1, !isdigit(*p))) return PORT_NONE;
464 /* Extract potential port number */
469 while (p > h->name + 1 && isdigit(*p))
471 port += (*p-- - '0') * x;
475 /* The smallest value of p at this point is h->name + 1. */
477 if (*p != ':') return PORT_NONE;
479 if (p[-1] == ']' && h->name[0] == '[')
480 h->name = string_copyn(h->name + 1, p - h->name - 2);
481 else if (Ustrchr(h->name, ':') == p)
482 h->name = string_copyn(h->name, p - h->name);
483 else return PORT_NONE;
485 DEBUG(D_route|D_host_lookup) debug_printf("host=%s port=%d\n", h->name, port);
491 #ifndef STAND_ALONE /* Omit when standalone testing */
493 /*************************************************
494 * Build sender_fullhost and sender_rcvhost *
495 *************************************************/
497 /* This function is called when sender_host_name and/or sender_helo_name
498 have been set. Or might have been set - for a local message read off the spool
499 they won't be. In that case, do nothing. Otherwise, set up the fullhost string
502 (a) No sender_host_name or sender_helo_name: "[ip address]"
503 (b) Just sender_host_name: "host_name [ip address]"
504 (c) Just sender_helo_name: "(helo_name) [ip address]" unless helo is IP
505 in which case: "[ip address}"
506 (d) The two are identical: "host_name [ip address]" includes helo = IP
507 (e) The two are different: "host_name (helo_name) [ip address]"
509 If log_incoming_port is set, the sending host's port number is added to the IP
512 This function also builds sender_rcvhost for use in Received: lines, whose
513 syntax is a bit different. This value also includes the RFC 1413 identity.
514 There wouldn't be two different variables if I had got all this right in the
517 Because this data may survive over more than one incoming SMTP message, it has
518 to be in permanent store. However, STARTTLS has to be forgotten and redone
519 on a multi-message conn, so this will be called once per message then. Hence
520 we use malloc, so we can free.
527 host_build_sender_fullhost(void)
529 BOOL show_helo = TRUE;
530 uschar * address, * fullhost, * rcvhost;
534 if (!sender_host_address) return;
536 reset_point = store_mark();
538 /* Set up address, with or without the port. After discussion, it seems that
539 the only format that doesn't cause trouble is [aaaa]:pppp. However, we can't
540 use this directly as the first item for Received: because it ain't an RFC 2822
543 address = string_sprintf("[%s]:%d", sender_host_address, sender_host_port);
544 if (!LOGGING(incoming_port) || sender_host_port <= 0)
545 *(Ustrrchr(address, ':')) = 0;
547 /* If there's no EHLO/HELO data, we can't show it. */
549 if (!sender_helo_name) show_helo = FALSE;
551 /* If HELO/EHLO was followed by an IP literal, it's messy because of two
552 features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
553 doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
554 be given in canonical form, so we have to canonicalize them before comparing. As
555 it happens, the code works for both IPv4 and IPv6. */
557 else if (sender_helo_name[0] == '[' &&
558 sender_helo_name[(len=Ustrlen(sender_helo_name))-1] == ']')
563 if (strncmpic(sender_helo_name + 1, US"IPv6:", 5) == 0) offset += 5;
564 if (strncmpic(sender_helo_name + 1, US"IPv4:", 5) == 0) offset += 5;
566 helo_ip = string_copyn(sender_helo_name + offset, len - offset - 1);
568 if (string_is_ip_address(helo_ip, NULL) != 0)
572 uschar ipx[48], ipy[48]; /* large enough for full IPv6 */
574 sizex = host_aton(helo_ip, x);
575 sizey = host_aton(sender_host_address, y);
577 (void)host_nmtoa(sizex, x, -1, ipx, ':');
578 (void)host_nmtoa(sizey, y, -1, ipy, ':');
580 if (strcmpic(ipx, ipy) == 0) show_helo = FALSE;
584 /* Host name is not verified */
586 if (!sender_host_name)
588 uschar *portptr = Ustrstr(address, "]:");
590 int adlen; /* Sun compiler doesn't like ++ in initializers */
592 adlen = portptr ? (++portptr - address) : Ustrlen(address);
593 fullhost = sender_helo_name
594 ? string_sprintf("(%s) %s", sender_helo_name, address)
597 g = string_catn(NULL, address, adlen);
599 if (sender_ident || show_helo || portptr)
602 g = string_catn(g, US" (", 2);
606 g = string_append(g, 2, US"port=", portptr + 1);
609 g = string_append(g, 2,
610 firstptr == g->ptr ? US"helo=" : US" helo=", sender_helo_name);
613 g = string_append(g, 2,
614 firstptr == g->ptr ? US"ident=" : US" ident=", sender_ident);
616 g = string_catn(g, US")", 1);
619 rcvhost = string_from_gstring(g);
622 /* Host name is known and verified. Unless we've already found that the HELO
623 data matches the IP address, compare it with the name. */
627 if (show_helo && strcmpic(sender_host_name, sender_helo_name) == 0)
632 fullhost = string_sprintf("%s (%s) %s", sender_host_name,
633 sender_helo_name, address);
634 rcvhost = sender_ident
635 ? string_sprintf("%s\n\t(%s helo=%s ident=%s)", sender_host_name,
636 address, sender_helo_name, sender_ident)
637 : string_sprintf("%s (%s helo=%s)", sender_host_name,
638 address, sender_helo_name);
642 fullhost = string_sprintf("%s %s", sender_host_name, address);
643 rcvhost = sender_ident
644 ? string_sprintf("%s (%s ident=%s)", sender_host_name, address,
646 : string_sprintf("%s (%s)", sender_host_name, address);
650 sender_fullhost = string_copy_perm(fullhost, TRUE);
651 sender_rcvhost = string_copy_perm(rcvhost, TRUE);
653 store_reset(reset_point);
655 DEBUG(D_host_lookup) debug_printf("sender_fullhost = %s\n", sender_fullhost);
656 DEBUG(D_host_lookup) debug_printf("sender_rcvhost = %s\n", sender_rcvhost);
661 /*************************************************
662 * Build host+ident message *
663 *************************************************/
665 /* Used when logging rejections and various ACL and SMTP incidents. The text
666 return depends on whether sender_fullhost and sender_ident are set or not:
668 no ident, no host => U=unknown
669 no ident, host set => H=sender_fullhost
670 ident set, no host => U=ident
671 ident set, host set => H=sender_fullhost U=ident
673 Use taint-unchecked routines on the assumption we'll never expand the results.
676 useflag TRUE if first item to be flagged (H= or U=); if there are two
677 items, the second is always flagged
679 Returns: pointer to a string in big_buffer
683 host_and_ident(BOOL useflag)
685 if (!sender_fullhost)
686 string_format_nt(big_buffer, big_buffer_size, "%s%s", useflag ? "U=" : "",
687 sender_ident ? sender_ident : US"unknown");
690 uschar * flag = useflag ? US"H=" : US"";
691 uschar * iface = US"";
692 if (LOGGING(incoming_interface) && interface_address)
693 iface = string_sprintf(" I=[%s]:%d", interface_address, interface_port);
695 string_format_nt(big_buffer, big_buffer_size, "%s%s%s U=%s",
696 flag, sender_fullhost, iface, sender_ident);
698 string_format_nt(big_buffer, big_buffer_size, "%s%s%s",
699 flag, sender_fullhost, iface);
704 #endif /* STAND_ALONE */
709 /*************************************************
710 * Build list of local interfaces *
711 *************************************************/
713 /* This function interprets the contents of the local_interfaces or
714 extra_local_interfaces options, and creates an ip_address_item block for each
715 item on the list. There is no special interpretation of any IP addresses; in
716 particular, 0.0.0.0 and ::0 are returned without modification. If any address
717 includes a port, it is set in the block. Otherwise the port value is set to
722 name the name of the option being expanded
724 Returns: a chain of ip_address_items, each containing to a textual
725 version of an IP address, and a port number (host order) or
726 zero if no port was given with the address
730 host_build_ifacelist(const uschar *list, uschar *name)
734 ip_address_item * yield = NULL, * last = NULL, * next;
736 while ((s = string_nextinlist(&list, &sep, NULL, 0)))
739 int port = host_address_extract_port(s); /* Leaves just the IP address */
741 if (!(ipv = string_is_ip_address(s, NULL)))
742 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Malformed IP address \"%s\" in %s",
745 /* Skip IPv6 addresses if IPv6 is disabled. */
747 if (disable_ipv6 && ipv == 6) continue;
749 /* This use of strcpy() is OK because we have checked that s is a valid IP
750 address above. The field in the ip_address_item is large enough to hold an
753 next = store_get(sizeof(ip_address_item), list);
755 Ustrcpy(next->address, s);
757 next->v6_include_v4 = FALSE;
776 /*************************************************
777 * Find addresses on local interfaces *
778 *************************************************/
780 /* This function finds the addresses of local IP interfaces. These are used
781 when testing for routing to the local host. As the function may be called more
782 than once, the list is preserved in permanent store, pointed to by a static
783 variable, to save doing the work more than once per process.
785 The generic list of interfaces is obtained by calling host_build_ifacelist()
786 for local_interfaces and extra_local_interfaces. This list scanned to remove
787 duplicates (which may exist with different ports - not relevant here). If
788 either of the wildcard IP addresses (0.0.0.0 and ::0) are encountered, they are
789 replaced by the appropriate (IPv4 or IPv6) list of actual local interfaces,
790 obtained from os_find_running_interfaces().
793 Returns: a chain of ip_address_items, each containing to a textual
794 version of an IP address; the port numbers are not relevant
798 /* First, a local subfunction to add an interface to a list in permanent store,
799 but only if there isn't a previous copy of that address on the list. */
801 static ip_address_item *
802 add_unique_interface(ip_address_item *list, ip_address_item *ipa)
804 ip_address_item *ipa2;
805 for (ipa2 = list; ipa2; ipa2 = ipa2->next)
806 if (Ustrcmp(ipa2->address, ipa->address) == 0) return list;
807 ipa2 = store_get_perm(sizeof(ip_address_item), FALSE);
814 /* This is the globally visible function */
817 host_find_interfaces(void)
819 ip_address_item *running_interfaces = NULL;
821 if (!local_interface_data)
823 void *reset_item = store_mark();
824 ip_address_item *dlist = host_build_ifacelist(CUS local_interfaces,
825 US"local_interfaces");
826 ip_address_item *xlist = host_build_ifacelist(CUS extra_local_interfaces,
827 US"extra_local_interfaces");
828 ip_address_item *ipa;
830 if (!dlist) dlist = xlist;
833 for (ipa = dlist; ipa->next; ipa = ipa->next) ;
837 for (ipa = dlist; ipa; ipa = ipa->next)
839 if (Ustrcmp(ipa->address, "0.0.0.0") == 0 ||
840 Ustrcmp(ipa->address, "::0") == 0)
842 BOOL ipv6 = ipa->address[0] == ':';
843 if (!running_interfaces)
844 running_interfaces = os_find_running_interfaces();
845 for (ip_address_item * ipa2 = running_interfaces; ipa2; ipa2 = ipa2->next)
846 if ((Ustrchr(ipa2->address, ':') != NULL) == ipv6)
847 local_interface_data = add_unique_interface(local_interface_data,
852 local_interface_data = add_unique_interface(local_interface_data, ipa);
855 debug_printf("Configured local interface: address=%s", ipa->address);
856 if (ipa->port != 0) debug_printf(" port=%d", ipa->port);
861 store_reset(reset_item);
864 return local_interface_data;
871 /*************************************************
872 * Convert network IP address to text *
873 *************************************************/
875 /* Given an IPv4 or IPv6 address in binary, convert it to a text
876 string and return the result in a piece of new store. The address can
877 either be given directly, or passed over in a sockaddr structure. Note
878 that this isn't the converse of host_aton() because of byte ordering
879 differences. See host_nmtoa() below.
882 type if < 0 then arg points to a sockaddr, else
883 either AF_INET or AF_INET6
884 arg points to a sockaddr if type is < 0, or
885 points to an IPv4 address (32 bits), or
886 points to an IPv6 address (128 bits),
887 in both cases, in network byte order
888 buffer if NULL, the result is returned in gotten store;
889 else points to a buffer to hold the answer
890 portptr points to where to put the port number, if non NULL; only
893 Returns: pointer to character string
897 host_ntoa(int type, const void *arg, uschar *buffer, int *portptr)
901 /* The new world. It is annoying that we have to fish out the address from
902 different places in the block, depending on what kind of address it is. It
903 is also a pain that inet_ntop() returns a const uschar *, whereas the IPv4
904 function inet_ntoa() returns just uschar *, and some picky compilers insist
905 on warning if one assigns a const uschar * to a uschar *. Hence the casts. */
908 uschar addr_buffer[46];
911 int family = ((struct sockaddr *)arg)->sa_family;
912 if (family == AF_INET6)
914 struct sockaddr_in6 *sk = (struct sockaddr_in6 *)arg;
915 yield = US inet_ntop(family, &(sk->sin6_addr), CS addr_buffer,
916 sizeof(addr_buffer));
917 if (portptr) *portptr = ntohs(sk->sin6_port);
921 struct sockaddr_in *sk = (struct sockaddr_in *)arg;
922 yield = US inet_ntop(family, &(sk->sin_addr), CS addr_buffer,
923 sizeof(addr_buffer));
924 if (portptr) *portptr = ntohs(sk->sin_port);
929 yield = US inet_ntop(type, arg, CS addr_buffer, sizeof(addr_buffer));
932 /* If the result is a mapped IPv4 address, show it in V4 format. */
934 if (Ustrncmp(yield, "::ffff:", 7) == 0) yield += 7;
936 #else /* HAVE_IPV6 */
942 yield = US inet_ntoa(((struct sockaddr_in *)arg)->sin_addr);
943 if (portptr) *portptr = ntohs(((struct sockaddr_in *)arg)->sin_port);
946 yield = US inet_ntoa(*((struct in_addr *)arg));
949 /* If there is no buffer, put the string into some new store. */
951 if (!buffer) buffer = store_get(46, GET_UNTAINTED);
953 /* Callers of this function with a non-NULL buffer must ensure that it is
954 large enough to hold an IPv6 address, namely, at least 46 bytes. That's what
955 makes this use of strcpy() OK.
956 If the library returned apparently an apparently tainted string, clean it;
957 we trust IP addresses. */
959 string_format_nt(buffer, 46, "%s", yield);
966 /*************************************************
967 * Convert address text to binary *
968 *************************************************/
970 /* Given the textual form of an IP address, convert it to binary in an
971 array of ints. IPv4 addresses occupy one int; IPv6 addresses occupy 4 ints.
972 The result has the first byte in the most significant byte of the first int. In
973 other words, the result is not in network byte order, but in host byte order.
974 As a result, this is not the converse of host_ntoa(), which expects network
975 byte order. See host_nmtoa() below.
978 address points to the textual address, checked for syntax
979 bin points to an array of 4 ints
981 Returns: the number of ints used
985 host_aton(const uschar *address, int *bin)
990 /* Handle IPv6 address, which may end with an IPv4 address. It may also end
991 with a "scope", introduced by a percent sign. This code is NOT enclosed in #if
992 HAVE_IPV6 in order that IPv6 addresses are recognized even if IPv6 is not
995 if (Ustrchr(address, ':') != NULL)
997 const uschar *p = address;
998 const uschar *component[8];
999 BOOL ipv4_ends = FALSE;
1005 /* If the address starts with a colon, it will start with two colons.
1006 Just lose the first one, which will leave a null first component. */
1010 /* Split the address into components separated by colons. The input address
1011 is supposed to be checked for syntax. There was a case where this was
1012 overlooked; to guard against that happening again, check here and crash if
1013 there are too many components. */
1015 while (*p != 0 && *p != '%')
1017 int len = Ustrcspn(p, ":%");
1018 if (len == 0) nulloffset = ci;
1019 if (ci > 7) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1020 "Internal error: invalid IPv6 address \"%s\" passed to host_aton()",
1022 component[ci++] = p;
1027 /* If the final component contains a dot, it is a trailing v4 address.
1028 As the syntax is known to be checked, just set up for a trailing
1029 v4 address and restrict the v6 part to 6 components. */
1031 if (Ustrchr(component[ci-1], '.') != NULL)
1033 address = component[--ci];
1039 /* If there are fewer than 6 or 8 components, we have to insert some
1040 more empty ones in the middle. */
1044 int insert_count = v6count - ci;
1045 for (i = v6count-1; i > nulloffset + insert_count; i--)
1046 component[i] = component[i - insert_count];
1047 while (i > nulloffset) component[i--] = US"";
1050 /* Now turn the components into binary in pairs and bung them
1051 into the vector of ints. */
1053 for (i = 0; i < v6count; i += 2)
1054 bin[i/2] = (Ustrtol(component[i], NULL, 16) << 16) +
1055 Ustrtol(component[i+1], NULL, 16);
1057 /* If there was no terminating v4 component, we are done. */
1059 if (!ipv4_ends) return 4;
1062 /* Handle IPv4 address */
1064 (void)sscanf(CS address, "%d.%d.%d.%d", x, x+1, x+2, x+3);
1065 bin[v4offset] = ((uint)x[0] << 24) + (x[1] << 16) + (x[2] << 8) + x[3];
1070 /*************************************************
1071 * Apply mask to an IP address *
1072 *************************************************/
1074 /* Mask an address held in 1 or 4 ints, with the ms bit in the ms bit of the
1078 count the number of ints
1079 binary points to the ints to be masked
1080 mask the count of ms bits to leave, or -1 if no masking
1086 host_mask(int count, int *binary, int mask)
1088 if (mask < 0) mask = 99999;
1089 for (int i = 0; i < count; i++)
1092 if (mask == 0) wordmask = 0;
1095 wordmask = (uint)(-1) << (32 - mask);
1103 binary[i] &= wordmask;
1110 /*************************************************
1111 * Convert masked IP address in ints to text *
1112 *************************************************/
1114 /* We can't use host_ntoa() because it assumes the binary values are in network
1115 byte order, and these are the result of host_aton(), which puts them in ints in
1116 host byte order. Also, we really want IPv6 addresses to be in a canonical
1117 format, so we output them with no abbreviation. In a number of cases we can't
1118 use the normal colon separator in them because it terminates keys in lsearch
1119 files, so we want to use dot instead. There's an argument that specifies what
1120 to use for IPv6 addresses.
1123 count 1 or 4 (number of ints)
1124 binary points to the ints
1125 mask mask value; if < 0 don't add to result
1126 buffer big enough to hold the result
1127 sep component separator character for IPv6 addresses
1129 Returns: the number of characters placed in buffer, not counting
1134 host_nmtoa(int count, int *binary, int mask, uschar *buffer, int sep)
1137 uschar *tt = buffer;
1142 for (int i = 24; i >= 0; i -= 8)
1143 tt += sprintf(CS tt, "%d.", (j >> i) & 255);
1146 for (int i = 0; i < 4; i++)
1149 tt += sprintf(CS tt, "%04x%c%04x%c", (j >> 16) & 0xffff, sep, j & 0xffff, sep);
1152 tt--; /* lose final separator */
1157 tt += sprintf(CS tt, "/%d", mask);
1163 /* Like host_nmtoa() but: ipv6-only, canonical output, no mask
1166 binary points to the ints
1167 buffer big enough to hold the result
1169 Returns: the number of characters placed in buffer, not counting
1174 ipv6_nmtoa(int * binary, uschar * buffer)
1177 uschar * c = buffer;
1178 uschar * d = NULL; /* shut insufficiently "clever" compiler up */
1180 for (i = 0; i < 4; i++)
1181 { /* expand to text */
1183 c += sprintf(CS c, "%x:%x:", (j >> 16) & 0xffff, j & 0xffff);
1186 for (c = buffer, k = -1, i = 0; i < 8; i++)
1187 { /* find longest 0-group sequence */
1188 if (*c == '0') /* must be "0:" */
1192 while (c[2] == '0') i++, c += 2;
1195 k = i-j; /* length of sequence */
1196 d = s; /* start of sequence */
1199 while (*++c != ':') ;
1203 *--c = '\0'; /* drop trailing colon */
1205 /* debug_printf("%s: D k %d <%s> <%s>\n", __FUNCTION__, k, buffer, buffer + 2*(k+1)); */
1209 if (d == buffer) c--; /* need extra colon */
1210 *d++ = ':'; /* 1st 0 */
1211 while ((*d++ = *c++)) ;
1221 /*************************************************
1222 * Check port for tls_on_connect *
1223 *************************************************/
1225 /* This function checks whether a given incoming port is configured for tls-
1226 on-connect. It is called from the daemon and from inetd handling. If the global
1227 option tls_on_connect is already set, all ports operate this way. Otherwise, we
1228 check the tls_on_connect_ports option for a list of ports.
1230 Argument: a port number
1231 Returns: TRUE or FALSE
1235 host_is_tls_on_connect_port(int port)
1238 const uschar * list = tls_in.on_connect_ports;
1240 if (tls_in.on_connect) return TRUE;
1242 for (uschar * s, * end; s = string_nextinlist(&list, &sep, NULL, 0); )
1243 if (Ustrtol(s, &end, 10) == port)
1251 /*************************************************
1252 * Check whether host is in a network *
1253 *************************************************/
1255 /* This function checks whether a given IP address matches a pattern that
1256 represents either a single host, or a network (using CIDR notation). The caller
1257 of this function must check the syntax of the arguments before calling it.
1260 host string representation of the ip-address to check
1261 net string representation of the network, with optional CIDR mask
1262 maskoffset offset to the / that introduces the mask in the key
1263 zero if there is no mask
1266 TRUE the host is inside the network
1267 FALSE the host is NOT inside the network
1271 host_is_in_net(const uschar *host, const uschar *net, int maskoffset)
1276 int size = host_aton(net, address);
1279 /* No mask => all bits to be checked */
1281 if (maskoffset == 0) mlen = 99999; /* Big number */
1282 else mlen = Uatoi(net + maskoffset + 1);
1284 /* Convert the incoming address to binary. */
1286 insize = host_aton(host, incoming);
1288 /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
1289 connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
1290 ::ffff:<v4address>, to IPv4 format. */
1292 if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
1293 incoming[2] == 0xffff)
1296 incoming[0] = incoming[3];
1299 /* No match if the sizes don't agree. */
1301 if (insize != size) return FALSE;
1303 /* Else do the masked comparison. */
1305 for (int i = 0; i < size; i++)
1308 if (mlen == 0) mask = 0;
1311 mask = (uint)(-1) << (32 - mlen);
1319 if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
1327 /*************************************************
1328 * Scan host list for local hosts *
1329 *************************************************/
1331 /* Scan through a chain of addresses and check whether any of them is the
1332 address of an interface on the local machine. If so, remove that address and
1333 any previous ones with the same MX value, and all subsequent ones (which will
1334 have greater or equal MX values) from the chain. Note: marking them as unusable
1335 is NOT the right thing to do because it causes the hosts not to be used for
1336 other domains, for which they may well be correct.
1338 The hosts may be part of a longer chain; we only process those between the
1339 initial pointer and the "last" pointer.
1341 There is also a list of "pseudo-local" host names which are checked against the
1342 host names. Any match causes that host item to be treated the same as one which
1343 matches a local IP address.
1345 If the very first host is a local host, then all MX records had a precedence
1346 greater than or equal to that of the local host. Either there's a problem in
1347 the DNS, or an apparently remote name turned out to be an abbreviation for the
1348 local host. Give a specific return code, and let the caller decide what to do.
1349 Otherwise, give a success code if at least one host address has been found.
1352 host pointer to the first host in the chain
1353 lastptr pointer to pointer to the last host in the chain (may be updated)
1354 removed if not NULL, set TRUE if some local addresses were removed
1358 HOST_FOUND if there is at least one host with an IP address on the chain
1359 and an MX value less than any MX value associated with the
1361 HOST_FOUND_LOCAL if a local host is among the lowest-numbered MX hosts; when
1362 the host addresses were obtained from A records or
1363 gethostbyname(), the MX values are set to -1.
1364 HOST_FIND_FAILED if no valid hosts with set IP addresses were found
1368 host_scan_for_local_hosts(host_item *host, host_item **lastptr, BOOL *removed)
1370 int yield = HOST_FIND_FAILED;
1371 host_item *last = *lastptr;
1372 host_item *prev = NULL;
1375 if (removed != NULL) *removed = FALSE;
1377 if (local_interface_data == NULL) local_interface_data = host_find_interfaces();
1379 for (h = host; h != last->next; h = h->next)
1382 if (hosts_treat_as_local != NULL)
1385 const uschar *save = deliver_domain;
1386 deliver_domain = h->name; /* set $domain */
1387 rc = match_isinlist(string_copylc(h->name), CUSS &hosts_treat_as_local, 0,
1388 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
1389 deliver_domain = save;
1390 if (rc == OK) goto FOUND_LOCAL;
1394 /* It seems that on many operating systems, 0.0.0.0 is treated as a synonym
1395 for 127.0.0.1 and refers to the local host. We therefore force it always to
1396 be treated as local. */
1398 if (h->address != NULL)
1400 if (Ustrcmp(h->address, "0.0.0.0") == 0) goto FOUND_LOCAL;
1401 for (ip_address_item * ip = local_interface_data; ip; ip = ip->next)
1402 if (Ustrcmp(h->address, ip->address) == 0) goto FOUND_LOCAL;
1403 yield = HOST_FOUND; /* At least one remote address has been found */
1406 /* Update prev to point to the last host item before any that have
1407 the same MX value as the one we have just considered. */
1409 if (h->next == NULL || h->next->mx != h->mx) prev = h;
1412 return yield; /* No local hosts found: return HOST_FOUND or HOST_FIND_FAILED */
1414 /* A host whose IP address matches a local IP address, or whose name matches
1415 something in hosts_treat_as_local has been found. */
1421 HDEBUG(D_host_lookup) debug_printf((h->mx >= 0)?
1422 "local host has lowest MX\n" :
1423 "local host found for non-MX address\n");
1424 return HOST_FOUND_LOCAL;
1427 HDEBUG(D_host_lookup)
1429 debug_printf("local host in host list - removed hosts:\n");
1430 for (h = prev->next; h != last->next; h = h->next)
1431 debug_printf(" %s %s %d\n", h->name, h->address, h->mx);
1434 if (removed != NULL) *removed = TRUE;
1435 prev->next = last->next;
1443 /*************************************************
1444 * Remove duplicate IPs in host list *
1445 *************************************************/
1447 /* You would think that administrators could set up their DNS records so that
1448 one ended up with a list of unique IP addresses after looking up A or MX
1449 records, but apparently duplication is common. So we scan such lists and
1450 remove the later duplicates. Note that we may get lists in which some host
1451 addresses are not set.
1454 host pointer to the first host in the chain
1455 lastptr pointer to pointer to the last host in the chain (may be updated)
1461 host_remove_duplicates(host_item *host, host_item **lastptr)
1463 while (host != *lastptr)
1465 if (host->address != NULL)
1467 host_item *h = host;
1468 while (h != *lastptr)
1470 if (h->next->address != NULL &&
1471 Ustrcmp(h->next->address, host->address) == 0)
1473 DEBUG(D_host_lookup) debug_printf("duplicate IP address %s (MX=%d) "
1474 "removed\n", host->address, h->next->mx);
1475 if (h->next == *lastptr) *lastptr = h;
1476 h->next = h->next->next;
1481 /* If the last item was removed, host may have become == *lastptr */
1482 if (host != *lastptr) host = host->next;
1489 /*************************************************
1490 * Find sender host name by gethostbyaddr() *
1491 *************************************************/
1493 /* This used to be the only way it was done, but it turns out that not all
1494 systems give aliases for calls to gethostbyaddr() - or one of the modern
1495 equivalents like getipnodebyaddr(). Fortunately, multiple PTR records are rare,
1496 but they can still exist. This function is now used only when a DNS lookup of
1497 the IP address fails, in order to give access to /etc/hosts.
1500 Returns: OK, DEFER, FAIL
1504 host_name_lookup_byaddr(void)
1506 struct hostent * hosts;
1507 struct in_addr addr;
1508 unsigned long time_msec = 0; /* init to quieten dumb static analysis */
1510 if (slow_lookup_log) time_msec = get_time_in_ms();
1512 /* Lookup on IPv6 system */
1515 if (Ustrchr(sender_host_address, ':') != NULL)
1517 struct in6_addr addr6;
1518 if (inet_pton(AF_INET6, CS sender_host_address, &addr6) != 1)
1519 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1520 "IPv6 address", sender_host_address);
1521 #if HAVE_GETIPNODEBYADDR
1522 hosts = getipnodebyaddr(CS &addr6, sizeof(addr6), AF_INET6, &h_errno);
1524 hosts = gethostbyaddr(CS &addr6, sizeof(addr6), AF_INET6);
1529 if (inet_pton(AF_INET, CS sender_host_address, &addr) != 1)
1530 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an "
1531 "IPv4 address", sender_host_address);
1532 #if HAVE_GETIPNODEBYADDR
1533 hosts = getipnodebyaddr(CS &addr, sizeof(addr), AF_INET, &h_errno);
1535 hosts = gethostbyaddr(CS &addr, sizeof(addr), AF_INET);
1539 /* Do lookup on IPv4 system */
1542 addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
1543 hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
1546 if ( slow_lookup_log
1547 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log
1549 log_long_lookup(US"gethostbyaddr", sender_host_address, time_msec);
1551 /* Failed to look up the host. */
1555 HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
1557 return (h_errno == TRY_AGAIN || h_errno == NO_RECOVERY) ? DEFER : FAIL;
1560 /* It seems there are some records in the DNS that yield an empty name. We
1561 treat this as non-existent. In some operating systems, this is returned as an
1562 empty string; in others as a single dot. */
1564 if (!hosts->h_name || !hosts->h_name[0] || hosts->h_name[0] == '.')
1566 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an empty name: "
1567 "treated as non-existent host name\n");
1571 /* Copy and lowercase the name, which is in static storage in many systems.
1572 Put it in permanent memory. */
1575 int old_pool = store_pool;
1576 store_pool = POOL_TAINT_PERM; /* names are tainted */
1578 sender_host_name = string_copylc(US hosts->h_name);
1580 /* If the host has aliases, build a copy of the alias list */
1582 if (hosts->h_aliases)
1584 int count = 1; /* need 1 more for terminating NULL */
1587 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++) count++;
1588 store_pool = POOL_PERM;
1589 ptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1590 store_pool = POOL_TAINT_PERM;
1592 for (uschar ** aliases = USS hosts->h_aliases; *aliases; aliases++)
1593 *ptr++ = string_copylc(*aliases);
1596 store_pool = old_pool;
1604 /*************************************************
1605 * Find host name for incoming call *
1606 *************************************************/
1608 /* Put the name in permanent store, pointed to by sender_host_name. We also set
1609 up a list of alias names, pointed to by sender_host_alias. The list is
1610 NULL-terminated. The incoming address is in sender_host_address, either in
1611 dotted-quad form for IPv4 or in colon-separated form for IPv6.
1613 This function does a thorough check that the names it finds point back to the
1614 incoming IP address. Any that do not are discarded. Note that this is relied on
1615 by the ACL reverse_host_lookup check.
1617 On some systems, get{host,ipnode}byaddr() appears to do this internally, but
1618 this it not universally true. Also, for release 4.30, this function was changed
1619 to do a direct DNS lookup first, by default[1], because it turns out that that
1620 is the only guaranteed way to find all the aliases on some systems. My
1621 experiments indicate that Solaris gethostbyaddr() gives the aliases for but
1624 [1] The actual order is controlled by the host_lookup_order option.
1627 Returns: OK on success, the answer being placed in the global variable
1628 sender_host_name, with any aliases in a list hung off
1630 FAIL if no host name can be found
1631 DEFER if a temporary error was encountered
1633 The variable host_lookup_msg is set to an empty string on success, or to a
1634 reason for the failure otherwise, in a form suitable for tagging onto an error
1635 message, and also host_lookup_failed is set TRUE if the lookup failed. If there
1636 was a defer, host_lookup_deferred is set TRUE.
1638 Any dynamically constructed string for host_lookup_msg must be in permanent
1639 store, because it might be used for several incoming messages on the same SMTP
1643 host_name_lookup(void)
1647 uschar *save_hostname;
1650 const uschar *list = host_lookup_order;
1651 dns_answer * dnsa = store_get_dns_answer();
1654 sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
1656 HDEBUG(D_host_lookup)
1657 debug_printf("looking up host name for %s\n", sender_host_address);
1659 /* For testing the case when a lookup does not complete, we have a special
1660 reserved IP address. */
1662 if (f.running_in_test_harness &&
1663 Ustrcmp(sender_host_address, "99.99.99.99") == 0)
1665 HDEBUG(D_host_lookup)
1666 debug_printf("Test harness: host name lookup returns DEFER\n");
1667 host_lookup_deferred = TRUE;
1671 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
1672 the order specified by the host_lookup_order option. */
1674 while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
1676 if (strcmpic(ordername, US"bydns") == 0)
1678 uschar * name = dns_build_reverse(sender_host_address);
1680 dns_init(FALSE, FALSE, FALSE); /* dnssec ctrl by dns_dnssec_ok glbl */
1681 rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL);
1683 /* The first record we come across is used for the name; others are
1684 considered to be aliases. We have to scan twice, in order to find out the
1685 number of aliases. However, if all the names are empty, we will behave as
1686 if failure. (PTR records that yield empty names have been encountered in
1689 if (rc == DNS_SUCCEED)
1691 uschar **aptr = NULL;
1693 int count = 1; /* need 1 more for terminating NULL */
1694 int old_pool = store_pool;
1696 sender_host_dnssec = dns_is_secure(dnsa);
1698 debug_printf("Reverse DNS security status: %s\n",
1699 sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
1701 store_pool = POOL_PERM; /* Save names in permanent storage */
1703 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1705 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1708 /* Get store for the list of aliases. For compatibility with
1709 gethostbyaddr, we make an empty list if there are none. */
1711 aptr = sender_host_aliases = store_get(count * sizeof(uschar *), GET_UNTAINTED);
1713 /* Re-scan and extract the names */
1715 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
1717 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR)
1719 uschar * s = store_get(ssize, GET_TAINTED); /* names are tainted */
1721 /* If an overlong response was received, the data will have been
1722 truncated and dn_expand may fail. */
1724 if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
1725 US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0)
1727 log_write(0, LOG_MAIN, "host name alias list truncated for %s",
1728 sender_host_address);
1732 store_release_above(s + Ustrlen(s) + 1);
1735 HDEBUG(D_host_lookup) debug_printf("IP address lookup yielded an "
1736 "empty name: treated as non-existent host name\n");
1739 if (!sender_host_name) sender_host_name = s;
1741 while (*s) { *s = tolower(*s); s++; }
1744 *aptr = NULL; /* End of alias list */
1745 store_pool = old_pool; /* Reset store pool */
1747 /* If we've found a name, break out of the "order" loop */
1749 if (sender_host_name) break;
1752 /* If the DNS lookup deferred, we must also defer. */
1754 if (rc == DNS_AGAIN)
1756 HDEBUG(D_host_lookup)
1757 debug_printf("IP address PTR lookup gave temporary error\n");
1758 host_lookup_deferred = TRUE;
1763 /* Do a lookup using gethostbyaddr() - or equivalent */
1765 else if (strcmpic(ordername, US"byaddr") == 0)
1767 HDEBUG(D_host_lookup)
1768 debug_printf("IP address lookup using gethostbyaddr()\n");
1769 rc = host_name_lookup_byaddr();
1772 host_lookup_deferred = TRUE;
1773 return rc; /* Can't carry on */
1775 if (rc == OK) break; /* Found a name */
1777 } /* Loop for bydns/byaddr scanning */
1779 /* If we have failed to find a name, return FAIL and log when required.
1780 NB host_lookup_msg must be in permanent store. */
1782 if (!sender_host_name)
1784 if (host_checking || !f.log_testing_mode)
1785 log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
1786 "address %s", sender_host_address);
1787 host_lookup_msg = US" (failed to find host name from IP address)";
1788 host_lookup_failed = TRUE;
1792 HDEBUG(D_host_lookup)
1794 uschar **aliases = sender_host_aliases;
1795 debug_printf("IP address lookup yielded \"%s\"\n", sender_host_name);
1796 while (*aliases) debug_printf(" alias \"%s\"\n", *aliases++);
1799 /* We need to verify that a forward lookup on the name we found does indeed
1800 correspond to the address. This is for security: in principle a malefactor who
1801 happened to own a reverse zone could set it to point to any names at all.
1803 This code was present in versions of Exim before 3.20. At that point I took it
1804 out because I thought that gethostbyaddr() did the check anyway. It turns out
1805 that this isn't always the case, so it's coming back in at 4.01. This version
1806 is actually better, because it also checks aliases.
1808 The code was made more robust at release 4.21. Prior to that, it accepted all
1809 the names if any of them had the correct IP address. Now the code checks all
1810 the names, and accepts only those that have the correct IP address. */
1812 save_hostname = sender_host_name; /* Save for error messages */
1813 aliases = sender_host_aliases;
1814 for (uschar * hname = sender_host_name; hname; hname = *aliases++)
1818 host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL };
1820 { .request = sender_host_dnssec ? US"*" : NULL, .require = NULL };
1822 if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA,
1823 NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
1824 || rc == HOST_FOUND_LOCAL
1827 HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
1829 /* If the forward lookup was not secure we cancel the is-secure variable */
1831 DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
1832 h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
1833 if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
1835 for (host_item * hh = &h; hh; hh = hh->next)
1836 if (host_is_in_net(hh->address, sender_host_address, 0))
1838 HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
1843 HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
1845 if (!ok) HDEBUG(D_host_lookup)
1846 debug_printf("no IP address for %s matched %s\n", hname,
1847 sender_host_address);
1849 else if (rc == HOST_FIND_AGAIN)
1851 HDEBUG(D_host_lookup) debug_printf("temporary error for host name lookup\n");
1852 host_lookup_deferred = TRUE;
1853 sender_host_name = NULL;
1857 HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
1859 /* If this name is no good, and it's the sender name, set it null pro tem;
1860 if it's an alias, just remove it from the list. */
1864 if (hname == sender_host_name) sender_host_name = NULL; else
1866 uschar **a; /* Don't amalgamate - some */
1867 a = --aliases; /* compilers grumble */
1868 while (*a != NULL) { *a = a[1]; a++; }
1873 /* If sender_host_name == NULL, it means we didn't like the name. Replace
1874 it with the first alias, if there is one. */
1876 if (sender_host_name == NULL && *sender_host_aliases != NULL)
1877 sender_host_name = *sender_host_aliases++;
1879 /* If we now have a main name, all is well. */
1881 if (sender_host_name != NULL) return OK;
1883 /* We have failed to find an address that matches. */
1885 HDEBUG(D_host_lookup)
1886 debug_printf("%s does not match any IP address for %s\n",
1887 sender_host_address, save_hostname);
1889 /* This message must be in permanent store */
1891 old_pool = store_pool;
1892 store_pool = POOL_PERM;
1893 host_lookup_msg = string_sprintf(" (%s does not match any IP address for %s)",
1894 sender_host_address, save_hostname);
1895 store_pool = old_pool;
1896 host_lookup_failed = TRUE;
1903 /*************************************************
1904 * Find IP address(es) for host by name *
1905 *************************************************/
1907 /* The input is a host_item structure with the name filled in and the address
1908 field set to NULL. We use gethostbyname() or getipnodebyname() or
1909 gethostbyname2(), as appropriate. Of course, these functions may use the DNS,
1910 but they do not do MX processing. It appears, however, that in some systems the
1911 current setting of resolver options is used when one of these functions calls
1912 the resolver. For this reason, we call dns_init() at the start, with arguments
1913 influenced by bits in "flags", just as we do for host_find_bydns().
1915 The second argument provides a host list (usually an IP list) of hosts to
1916 ignore. This makes it possible to ignore IPv6 link-local addresses or loopback
1917 addresses in unreasonable places.
1919 The lookup may result in a change of name. For compatibility with the dns
1920 lookup, return this via fully_qualified_name as well as updating the host item.
1921 The lookup may also yield more than one IP address, in which case chain on
1922 subsequent host_item structures.
1925 host a host item with the name and MX filled in;
1926 the address is to be filled in;
1927 multiple IP addresses cause other host items to be
1929 ignore_target_hosts a list of hosts to ignore
1930 flags HOST_FIND_QUALIFY_SINGLE ) passed to
1931 HOST_FIND_SEARCH_PARENTS ) dns_init()
1932 fully_qualified_name if not NULL, set to point to host name for
1933 compatibility with host_find_bydns
1934 local_host_check TRUE if a check for the local host is wanted
1936 Returns: HOST_FIND_FAILED Failed to find the host or domain
1937 HOST_FIND_AGAIN Try again later
1938 HOST_FOUND Host found - data filled in
1939 HOST_FOUND_LOCAL Host found and is the local host
1943 host_find_byname(host_item *host, const uschar *ignore_target_hosts, int flags,
1944 const uschar **fully_qualified_name, BOOL local_host_check)
1947 host_item *last = NULL;
1948 BOOL temp_error = FALSE;
1952 /* Copy the host name at this point to the value which is used for
1953 TLS certificate name checking, before anything modifies it. */
1955 host->certname = host->name;
1958 /* Make sure DNS options are set as required. This appears to be necessary in
1959 some circumstances when the get..byname() function actually calls the DNS. */
1961 dns_init((flags & HOST_FIND_QUALIFY_SINGLE) != 0,
1962 (flags & HOST_FIND_SEARCH_PARENTS) != 0,
1963 FALSE); /* Cannot retrieve dnssec status so do not request */
1965 /* In an IPv6 world, unless IPv6 has been disabled, we need to scan for both
1966 kinds of address, so go round the loop twice. Note that we have ensured that
1967 AF_INET6 is defined even in an IPv4 world, which makes for slightly tidier
1968 code. However, if dns_ipv4_lookup matches the domain, we also just do IPv4
1969 lookups here (except when testing standalone). */
1977 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
1978 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
1981 { af = AF_INET; times = 1; }
1983 { af = AF_INET6; times = 2; }
1985 /* No IPv6 support */
1987 #else /* HAVE_IPV6 */
1988 af = AF_INET; times = 1;
1989 #endif /* HAVE_IPV6 */
1991 /* Initialize the flag that gets set for DNS syntax check errors, so that the
1992 interface to this function can be similar to host_find_bydns. */
1994 f.host_find_failed_syntax = FALSE;
1996 /* Loop to look up both kinds of address in an IPv6 world */
1998 for (int i = 1; i <= times;
2000 af = AF_INET, /* If 2 passes, IPv4 on the second */
2006 struct hostent *hostdata;
2007 unsigned long time_msec = 0; /* compiler quietening */
2010 printf("Looking up: %s\n", host->name);
2013 if (slow_lookup_log) time_msec = get_time_in_ms();
2016 if (f.running_in_test_harness)
2017 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
2020 #if HAVE_GETIPNODEBYNAME
2021 hostdata = getipnodebyname(CS host->name, af, 0, &error_num);
2023 hostdata = gethostbyname2(CS host->name, af);
2024 error_num = h_errno;
2028 #else /* not HAVE_IPV6 */
2029 if (f.running_in_test_harness)
2030 hostdata = host_fake_gethostbyname(host->name, af, &error_num);
2033 hostdata = gethostbyname(CS host->name);
2034 error_num = h_errno;
2036 #endif /* HAVE_IPV6 */
2038 if ( slow_lookup_log
2039 && (time_msec = get_time_in_ms() - time_msec) > slow_lookup_log)
2040 log_long_lookup(US"gethostbyname", host->name, time_msec);
2047 case HOST_NOT_FOUND: error = US"HOST_NOT_FOUND"; break;
2048 case TRY_AGAIN: error = US"TRY_AGAIN"; temp_error = TRUE; break;
2049 case NO_RECOVERY: error = US"NO_RECOVERY"; temp_error = TRUE; break;
2050 case NO_DATA: error = US"NO_DATA"; break;
2051 #if NO_DATA != NO_ADDRESS
2052 case NO_ADDRESS: error = US"NO_ADDRESS"; break;
2054 default: error = US"?"; break;
2057 DEBUG(D_host_lookup) debug_printf("%s(af=%s) returned %d (%s)\n",
2058 f.running_in_test_harness ? "host_fake_gethostbyname" :
2060 # if HAVE_GETIPNODEBYNAME
2068 af == AF_INET ? "inet" : "inet6", error_num, error);
2072 if (!(hostdata->h_addr_list)[0]) continue;
2074 /* Replace the name with the fully qualified one if necessary, and fill in
2075 the fully_qualified_name pointer. */
2077 if (hostdata->h_name[0] && Ustrcmp(host->name, hostdata->h_name) != 0)
2078 host->name = string_copy_dnsdomain(US hostdata->h_name);
2079 if (fully_qualified_name) *fully_qualified_name = host->name;
2081 /* Get the list of addresses. IPv4 and IPv6 addresses can be distinguished
2082 by their different lengths. Scan the list, ignoring any that are to be
2083 ignored, and build a chain from the rest. */
2085 ipv4_addr = hostdata->h_length == sizeof(struct in_addr);
2087 for (uschar ** addrlist = USS hostdata->h_addr_list; *addrlist; addrlist++)
2089 uschar *text_address =
2090 host_ntoa(ipv4_addr? AF_INET:AF_INET6, *addrlist, NULL, NULL);
2093 if ( ignore_target_hosts
2094 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2095 text_address, NULL) == OK)
2097 DEBUG(D_host_lookup)
2098 debug_printf("ignored host %s [%s]\n", host->name, text_address);
2103 /* If this is the first address, last is NULL and we put the data in the
2108 host->address = text_address;
2109 host->port = PORT_NONE;
2110 host->status = hstatus_unknown;
2111 host->why = hwhy_unknown;
2112 host->dnssec = DS_UNK;
2116 /* Else add further host item blocks for any other addresses, keeping
2121 host_item *next = store_get(sizeof(host_item), GET_UNTAINTED);
2122 next->name = host->name;
2124 next->certname = host->certname;
2126 next->mx = host->mx;
2127 next->address = text_address;
2128 next->port = PORT_NONE;
2129 next->status = hstatus_unknown;
2130 next->why = hwhy_unknown;
2131 next->dnssec = DS_UNK;
2133 next->next = last->next;
2140 /* If no hosts were found, the address field in the original host block will be
2141 NULL. If temp_error is set, at least one of the lookups gave a temporary error,
2142 so we pass that back. */
2148 !message_id[0] && smtp_in
2149 ? string_sprintf("no IP address found for host %s (during %s)", host->name,
2150 smtp_get_connection_info()) :
2152 string_sprintf("no IP address found for host %s", host->name);
2154 HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
2155 if (temp_error) goto RETURN_AGAIN;
2156 if (host_checking || !f.log_testing_mode)
2157 log_write(L_host_lookup_failed, LOG_MAIN, "%s", msg);
2158 return HOST_FIND_FAILED;
2161 /* Remove any duplicate IP addresses, then check to see if this is the local
2162 host if required. */
2164 host_remove_duplicates(host, &last);
2165 yield = local_host_check?
2166 host_scan_for_local_hosts(host, &last, NULL) : HOST_FOUND;
2168 HDEBUG(D_host_lookup)
2170 if (fully_qualified_name)
2171 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2172 debug_printf("%s looked up these IP addresses:\n",
2174 #if HAVE_GETIPNODEBYNAME
2183 for (const host_item * h = host; h != last->next; h = h->next)
2184 debug_printf(" name=%s address=%s\n", h->name,
2185 h->address ? h->address : US"<null>");
2188 /* Return the found status. */
2192 /* Handle the case when there is a temporary error. If the name matches
2193 dns_again_means_nonexist, return permanent rather than temporary failure. */
2199 const uschar *save = deliver_domain;
2200 deliver_domain = host->name; /* set $domain */
2201 rc = match_isinlist(host->name, CUSS &dns_again_means_nonexist, 0,
2202 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
2203 deliver_domain = save;
2206 DEBUG(D_host_lookup) debug_printf("%s is in dns_again_means_nonexist: "
2207 "returning HOST_FIND_FAILED\n", host->name);
2208 return HOST_FIND_FAILED;
2211 return HOST_FIND_AGAIN;
2217 /*************************************************
2218 * Fill in a host address from the DNS *
2219 *************************************************/
2221 /* Given a host item, with its name, port and mx fields set, and its address
2222 field set to NULL, fill in its IP address from the DNS. If it is multi-homed,
2223 create additional host items for the additional addresses, copying all the
2224 other fields, and randomizing the order.
2226 On IPv6 systems, AAAA records are sought first, then A records.
2228 The host name may be changed if the DNS returns a different name - e.g. fully
2229 qualified or changed via CNAME. If fully_qualified_name is not NULL, dns_lookup
2230 ensures that it points to the fully qualified name. However, this is the fully
2231 qualified version of the original name; if a CNAME is involved, the actual
2232 canonical host name may be different again, and so we get it directly from the
2233 relevant RR. Note that we do NOT change the mx field of the host item in this
2234 function as it may be called to set the addresses of hosts taken from MX
2238 host points to the host item we're filling in
2239 lastptr points to pointer to last host item in a chain of
2240 host items (may be updated if host is last and gets
2241 extended because multihomed)
2242 ignore_target_hosts list of hosts to ignore
2243 allow_ip if TRUE, recognize an IP address and return it
2244 fully_qualified_name if not NULL, return fully qualified name here if
2245 the contents are different (i.e. it must be preset
2247 dnssec_request if TRUE request the AD bit
2248 dnssec_require if TRUE require the AD bit
2249 whichrrs select ipv4, ipv6 results
2251 Returns: HOST_FIND_FAILED couldn't find A record
2252 HOST_FIND_AGAIN try again later
2253 HOST_FIND_SECURITY dnssec required but not acheived
2254 HOST_FOUND found AAAA and/or A record(s)
2255 HOST_IGNORED found, but all IPs ignored
2259 set_address_from_dns(host_item *host, host_item **lastptr,
2260 const uschar *ignore_target_hosts, BOOL allow_ip,
2261 const uschar **fully_qualified_name,
2262 BOOL dnssec_request, BOOL dnssec_require, int whichrrs)
2264 host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
2265 BOOL v6_find_again = FALSE;
2266 BOOL dnssec_fail = FALSE;
2271 /* Copy the host name at this point to the value which is used for
2272 TLS certificate name checking, before any CNAME-following modifies it. */
2274 host->certname = host->name;
2277 /* If allow_ip is set, a name which is an IP address returns that value
2278 as its address. This is used for MX records when allow_mx_to_ip is set, for
2279 those sites that feel they have to flaunt the RFC rules. */
2281 if (allow_ip && string_is_ip_address(host->name, NULL) != 0)
2284 if ( ignore_target_hosts
2285 && verify_check_this_host(&ignore_target_hosts, NULL, host->name,
2286 host->name, NULL) == OK)
2287 return HOST_IGNORED;
2290 host->address = host->name;
2294 dnsa = store_get_dns_answer();
2296 /* On an IPv6 system, unless IPv6 is disabled, go round the loop up to twice,
2297 looking for AAAA records the first time. However, unless doing standalone
2298 testing, we force an IPv4 lookup if the domain matches dns_ipv4_lookup global.
2299 On an IPv4 system, go round the loop once only, looking only for A records. */
2304 || !(whichrrs & HOST_FIND_BY_AAAA)
2306 && match_isinlist(host->name, CUSS &dns_ipv4_lookup, 0,
2307 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK
2309 i = 0; /* look up A records only */
2311 #endif /* STAND_ALONE */
2313 i = 1; /* look up AAAA and A records */
2315 /* The IPv4 world */
2317 #else /* HAVE_IPV6 */
2318 i = 0; /* look up A records only */
2319 #endif /* HAVE_IPV6 */
2323 static int types[] = { T_A, T_AAAA };
2324 int type = types[i];
2325 int randoffset = i == (whichrrs & HOST_FIND_IPV4_FIRST ? 1 : 0)
2326 ? 500 : 0; /* Ensures v6/4 sort order */
2329 int rc = dns_lookup_timerwrap(dnsa, host->name, type, fully_qualified_name);
2330 lookup_dnssec_authenticated = !dnssec_request ? NULL
2331 : dns_is_secure(dnsa) ? US"yes" : US"no";
2334 if ( (dnssec_request || dnssec_require)
2335 && !dns_is_secure(dnsa)
2338 debug_printf("DNS lookup of %.256s (A/AAAA) requested AD, but got AA\n", host->name);
2340 /* We want to return HOST_FIND_AGAIN if one of the A or AAAA lookups
2341 fails or times out, but not if another one succeeds. (In the early
2342 IPv6 days there are name servers that always fail on AAAA, but are happy
2343 to give out an A record. We want to proceed with that A record.) */
2345 if (rc != DNS_SUCCEED)
2347 if (i == 0) /* Just tried for an A record, i.e. end of loop */
2349 if (host->address != NULL)
2350 i = HOST_FOUND; /* AAAA was found */
2351 else if (rc == DNS_AGAIN || rc == DNS_FAIL || v6_find_again)
2352 i = HOST_FIND_AGAIN;
2354 i = HOST_FIND_FAILED; /* DNS_NOMATCH or DNS_NODATA */
2358 /* Tried for an AAAA record: remember if this was a temporary
2359 error, and look for the next record type. */
2361 if (rc != DNS_NOMATCH && rc != DNS_NODATA) v6_find_again = TRUE;
2367 if (dns_is_secure(dnsa))
2369 DEBUG(D_host_lookup) debug_printf("%s A DNSSEC\n", host->name);
2370 if (host->dnssec == DS_UNK) /* set in host_find_bydns() */
2371 host->dnssec = DS_YES;
2378 DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
2379 i>0 ? "AAAA" : "A", host->name);
2382 if (host->dnssec == DS_YES) /* set in host_find_bydns() */
2384 DEBUG(D_host_lookup) debug_printf("%s A cancel DNSSEC\n", host->name);
2385 host->dnssec = DS_NO;
2386 lookup_dnssec_authenticated = US"no";
2391 /* Lookup succeeded: fill in the given host item with the first non-ignored
2392 address found; create additional items for any others. A single A6 record
2393 may generate more than one address. The lookup had a chance to update the
2394 fqdn; we do not want any later times round the loop to do so. */
2396 fully_qualified_name = NULL;
2398 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2400 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == type)
2402 dns_address * da = dns_address_from_rr(dnsa, rr);
2404 DEBUG(D_host_lookup)
2405 if (!da) debug_printf("no addresses extracted from A6 RR for %s\n",
2408 /* This loop runs only once for A and AAAA records, but may run
2409 several times for an A6 record that generated multiple addresses. */
2411 for (; da; da = da->next)
2414 if (ignore_target_hosts != NULL &&
2415 verify_check_this_host(&ignore_target_hosts, NULL,
2416 host->name, da->address, NULL) == OK)
2418 DEBUG(D_host_lookup)
2419 debug_printf("ignored host %s [%s]\n", host->name, da->address);
2424 /* If this is the first address, stick it in the given host block,
2425 and change the name if the returned RR has a different name. */
2427 if (thishostlast == NULL)
2429 if (strcmpic(host->name, rr->name) != 0)
2430 host->name = string_copy_dnsdomain(rr->name);
2431 host->address = da->address;
2432 host->sort_key = host->mx * 1000 + random_number(500) + randoffset;
2433 host->status = hstatus_unknown;
2434 host->why = hwhy_unknown;
2435 thishostlast = host;
2438 /* Not the first address. Check for, and ignore, duplicates. Then
2439 insert in the chain at a random point. */
2446 /* End of our local chain is specified by "thishostlast". */
2448 for (next = host;; next = next->next)
2450 if (Ustrcmp(CS da->address, next->address) == 0) break;
2451 if (next == thishostlast) { next = NULL; break; }
2453 if (next != NULL) continue; /* With loop for next address */
2455 /* Not a duplicate */
2457 new_sort_key = host->mx * 1000 + random_number(500) + randoffset;
2458 next = store_get(sizeof(host_item), GET_UNTAINTED);
2460 /* New address goes first: insert the new block after the first one
2461 (so as not to disturb the original pointer) but put the new address
2462 in the original block. */
2464 if (new_sort_key < host->sort_key)
2466 *next = *host; /* Copies port */
2468 host->address = da->address;
2469 host->sort_key = new_sort_key;
2470 if (thishostlast == host) thishostlast = next; /* Local last */
2471 if (*lastptr == host) *lastptr = next; /* Global last */
2474 /* Otherwise scan down the addresses for this host to find the
2475 one to insert after. */
2479 host_item *h = host;
2480 while (h != thishostlast)
2482 if (new_sort_key < h->next->sort_key) break;
2485 *next = *h; /* Copies port */
2487 next->address = da->address;
2488 next->sort_key = new_sort_key;
2489 if (h == thishostlast) thishostlast = next; /* Local last */
2490 if (h == *lastptr) *lastptr = next; /* Global last */
2497 /* Control gets here only if the second lookup (the A record) succeeded.
2498 However, the address may not be filled in if it was ignored. */
2503 ? HOST_FIND_SECURITY
2507 store_free_dns_answer(dnsa);
2514 /*************************************************
2515 * Find IP addresses and host names via DNS *
2516 *************************************************/
2518 /* The input is a host_item structure with the name field filled in and the
2519 address field set to NULL. This may be in a chain of other host items. The
2520 lookup may result in more than one IP address, in which case we must created
2521 new host blocks for the additional addresses, and insert them into the chain.
2522 The original name may not be fully qualified. Use the fully_qualified_name
2523 argument to return the official name, as returned by the resolver.
2526 host point to initial host item
2527 ignore_target_hosts a list of hosts to ignore
2528 whichrrs flags indicating which RRs to look for:
2529 HOST_FIND_BY_SRV => look for SRV
2530 HOST_FIND_BY_MX => look for MX
2531 HOST_FIND_BY_A => look for A
2532 HOST_FIND_BY_AAAA => look for AAAA
2533 also flags indicating how the lookup is done
2534 HOST_FIND_QUALIFY_SINGLE ) passed to the
2535 HOST_FIND_SEARCH_PARENTS ) resolver
2536 HOST_FIND_IPV4_FIRST => reverse usual result ordering
2537 HOST_FIND_IPV4_ONLY => MX results elide ipv6
2538 srv_service when SRV used, the service name
2539 srv_fail_domains DNS errors for these domains => assume nonexist
2540 mx_fail_domains DNS errors for these domains => assume nonexist
2541 dnssec_d.request => make dnssec request: domainlist
2542 dnssec_d.require => ditto and nonexist failures
2543 fully_qualified_name if not NULL, return fully-qualified name
2544 removed set TRUE if local host was removed from the list
2546 Returns: HOST_FIND_FAILED Failed to find the host or domain;
2547 if there was a syntax error,
2548 host_find_failed_syntax is set.
2549 HOST_FIND_AGAIN Could not resolve at this time
2550 HOST_FIND_SECURITY dnsssec required but not acheived
2551 HOST_FOUND Host found
2552 HOST_FOUND_LOCAL The lowest MX record points to this
2553 machine, if MX records were found, or
2554 an A record that was found contains
2555 an address of the local host
2559 host_find_bydns(host_item *host, const uschar *ignore_target_hosts, int whichrrs,
2560 uschar *srv_service, uschar *srv_fail_domains, uschar *mx_fail_domains,
2561 const dnssec_domains *dnssec_d,
2562 const uschar **fully_qualified_name, BOOL *removed)
2564 host_item *h, *last;
2568 dns_answer * dnsa = store_get_dns_answer();
2570 BOOL dnssec_require = dnssec_d
2571 && match_isinlist(host->name, CUSS &dnssec_d->require,
2572 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK;
2573 BOOL dnssec_request = dnssec_require
2575 && match_isinlist(host->name, CUSS &dnssec_d->request,
2576 0, &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK);
2577 dnssec_status_t dnssec;
2579 /* Set the default fully qualified name to the incoming name, initialize the
2580 resolver if necessary, set up the relevant options, and initialize the flag
2581 that gets set for DNS syntax check errors. */
2583 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
2584 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
2585 (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
2587 f.host_find_failed_syntax = FALSE;
2589 /* First, if requested, look for SRV records. The service name is given; we
2590 assume TCP protocol. DNS domain names are constrained to a maximum of 256
2591 characters, so the code below should be safe. */
2593 if (whichrrs & HOST_FIND_BY_SRV)
2596 uschar * temp_fully_qualified_name;
2599 g = string_fmt_append(NULL, "_%s._tcp.%n%.256s",
2600 srv_service, &prefix_length, host->name);
2601 temp_fully_qualified_name = string_from_gstring(g);
2604 /* Search for SRV records. If the fully qualified name is different to
2605 the input name, pass back the new original domain, without the prepended
2609 lookup_dnssec_authenticated = NULL;
2610 rc = dns_lookup_timerwrap(dnsa, temp_fully_qualified_name, ind_type,
2611 CUSS &temp_fully_qualified_name);
2614 if ((dnssec_request || dnssec_require)
2615 && !dns_is_secure(dnsa)
2617 debug_printf("DNS lookup of %.256s (SRV) requested AD, but got AA\n", host->name);
2621 if (dns_is_secure(dnsa))
2622 { dnssec = DS_YES; lookup_dnssec_authenticated = US"yes"; }
2624 { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; }
2627 if (temp_fully_qualified_name != g->s && fully_qualified_name != NULL)
2628 *fully_qualified_name = temp_fully_qualified_name + prefix_length;
2630 /* On DNS failures, we give the "try again" error unless the domain is
2631 listed as one for which we continue. */
2633 if (rc == DNS_SUCCEED && dnssec_require && !dns_is_secure(dnsa))
2635 log_write(L_host_lookup_failed, LOG_MAIN,
2636 "dnssec fail on SRV for %.256s", host->name);
2639 if (rc == DNS_FAIL || rc == DNS_AGAIN)
2642 if (match_isinlist(host->name, CUSS &srv_fail_domains, 0,
2643 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2645 { yield = HOST_FIND_AGAIN; goto out; }
2646 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2647 "(domain in srv_fail_domains)\n", rc == DNS_FAIL ? "FAIL":"AGAIN");
2651 /* If we did not find any SRV records, search the DNS for MX records, if
2652 requested to do so. If the result is DNS_NOMATCH, it means there is no such
2653 domain, and there's no point in going on to look for address records with the
2654 same domain. The result will be DNS_NODATA if the domain exists but has no MX
2655 records. On DNS failures, we give the "try again" error unless the domain is
2656 listed as one for which we continue. */
2658 if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
2662 lookup_dnssec_authenticated = NULL;
2663 rc = dns_lookup_timerwrap(dnsa, host->name, ind_type, fully_qualified_name);
2666 if ( (dnssec_request || dnssec_require)
2667 && !dns_is_secure(dnsa)
2669 debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
2672 if (dns_is_secure(dnsa))
2674 DEBUG(D_host_lookup) debug_printf("%s (MX resp) DNSSEC\n", host->name);
2675 dnssec = DS_YES; lookup_dnssec_authenticated = US"yes";
2679 dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
2685 yield = HOST_FIND_FAILED; goto out;
2688 if (!dnssec_require || dns_is_secure(dnsa))
2690 DEBUG(D_host_lookup)
2691 debug_printf("dnssec fail on MX for %.256s", host->name);
2693 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2694 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2695 { yield = HOST_FIND_SECURITY; goto out; }
2703 if (match_isinlist(host->name, CUSS &mx_fail_domains, 0,
2704 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) != OK)
2706 { yield = HOST_FIND_AGAIN; goto out; }
2707 DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
2708 "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
2713 /* If we haven't found anything yet, and we are requested to do so, try for an
2714 A or AAAA record. If we find it (or them) check to see that it isn't the local
2717 if (rc != DNS_SUCCEED)
2719 if (!(whichrrs & (HOST_FIND_BY_A | HOST_FIND_BY_AAAA)))
2721 DEBUG(D_host_lookup) debug_printf("Address records are not being sought\n");
2722 yield = HOST_FIND_FAILED;
2726 last = host; /* End of local chainlet */
2728 host->port = PORT_NONE;
2729 host->dnssec = DS_UNK;
2730 lookup_dnssec_authenticated = NULL;
2731 rc = set_address_from_dns(host, &last, ignore_target_hosts, FALSE,
2732 fully_qualified_name, dnssec_request, dnssec_require, whichrrs);
2734 /* If one or more address records have been found, check that none of them
2735 are local. Since we know the host items all have their IP addresses
2736 inserted, host_scan_for_local_hosts() can only return HOST_FOUND or
2737 HOST_FOUND_LOCAL. We do not need to scan for duplicate IP addresses here,
2738 because set_address_from_dns() removes them. */
2740 if (rc == HOST_FOUND)
2741 rc = host_scan_for_local_hosts(host, &last, removed);
2743 if (rc == HOST_IGNORED) rc = HOST_FIND_FAILED; /* No special action */
2745 DEBUG(D_host_lookup)
2748 if (fully_qualified_name)
2749 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
2750 for (host_item * h = host; h != last->next; h = h->next)
2751 debug_printf("%s %s mx=%d sort=%d %s\n", h->name,
2752 h->address ? h->address : US"<null>", h->mx, h->sort_key,
2753 h->status >= hstatus_unusable ? US"*" : US"");
2760 /* We have found one or more MX or SRV records. Sort them according to
2761 precedence. Put the data for the first one into the existing host block, and
2762 insert new host_item blocks into the chain for the remainder. For equal
2763 precedences one is supposed to randomize the order. To make this happen, the
2764 sorting is actually done on the MX value * 1000 + a random number. This is put
2765 into a host field called sort_key.
2767 In the case of hosts with both IPv6 and IPv4 addresses, we want to choose the
2768 IPv6 address in preference. At this stage, we don't know what kind of address
2769 the host has. We choose a random number < 500; if later we find an A record
2770 first, we add 500 to the random number. Then for any other address records, we
2771 use random numbers in the range 0-499 for AAAA records and 500-999 for A
2774 At this point we remove any duplicates that point to the same host, retaining
2775 only the one with the lowest precedence. We cannot yet check for precedence
2776 greater than that of the local host, because that test cannot be properly done
2777 until the addresses have been found - an MX record may point to a name for this
2778 host which is not the primary hostname. */
2780 last = NULL; /* Indicates that not even the first item is filled yet */
2782 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
2784 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == ind_type)
2786 int precedence, weight;
2787 int port = PORT_NONE;
2788 const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
2791 GETSHORT(precedence, s); /* Pointer s is advanced */
2793 /* For MX records, we use a random "weight" which causes multiple records of
2794 the same precedence to sort randomly. */
2796 if (ind_type == T_MX)
2797 weight = random_number(500);
2800 /* SRV records are specified with a port and a weight. The weight is used
2801 in a special algorithm. However, to start with, we just use it to order the
2802 records of equal priority (precedence). */
2803 GETSHORT(weight, s);
2807 /* Get the name of the host pointed to. */
2809 (void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, s,
2810 (DN_EXPAND_ARG4_TYPE)data, sizeof(data));
2812 /* Check that we haven't already got this host on the chain; if we have,
2813 keep only the lower precedence. This situation shouldn't occur, but you
2814 never know what junk might get into the DNS (and this case has been seen on
2815 more than one occasion). */
2817 if (last) /* This is not the first record */
2819 host_item *prev = NULL;
2821 for (h = host; h != last->next; prev = h, h = h->next)
2822 if (strcmpic(h->name, data) == 0)
2824 DEBUG(D_host_lookup)
2825 debug_printf("discarded duplicate host %s (MX=%d)\n", data,
2826 precedence > h->mx ? precedence : h->mx);
2827 if (precedence >= h->mx) goto NEXT_MX_RR; /* Skip greater precedence */
2828 if (h == host) /* Override first item */
2831 host->sort_key = precedence * 1000 + weight;
2835 /* Unwanted host item is not the first in the chain, so we can get
2836 get rid of it by cutting it out. */
2838 prev->next = h->next;
2839 if (h == last) last = prev;
2844 /* If this is the first MX or SRV record, put the data into the existing host
2845 block. Otherwise, add a new block in the correct place; if it has to be
2846 before the first block, copy the first block's data to a new second block. */
2850 host->name = string_copy_dnsdomain(data);
2851 host->address = NULL;
2853 host->mx = precedence;
2854 host->sort_key = precedence * 1000 + weight;
2855 host->status = hstatus_unknown;
2856 host->why = hwhy_unknown;
2857 host->dnssec = dnssec;
2862 /* Make a new host item and seek the correct insertion place */
2864 int sort_key = precedence * 1000 + weight;
2865 host_item * next = store_get(sizeof(host_item), GET_UNTAINTED);
2866 next->name = string_copy_dnsdomain(data);
2867 next->address = NULL;
2869 next->mx = precedence;
2870 next->sort_key = sort_key;
2871 next->status = hstatus_unknown;
2872 next->why = hwhy_unknown;
2873 next->dnssec = dnssec;
2876 /* Handle the case when we have to insert before the first item. */
2878 if (sort_key < host->sort_key)
2885 if (last == host) last = next;
2889 /* Else scan down the items we have inserted as part of this exercise;
2890 don't go further. */
2892 for (h = host; h != last; h = h->next)
2893 if (sort_key < h->next->sort_key)
2895 next->next = h->next;
2900 /* Join on after the last host item that's part of this
2901 processing if we haven't stopped sooner. */
2905 next->next = last->next;
2912 NEXT_MX_RR: continue;
2915 if (!last) /* No rr of correct type; give up */
2917 yield = HOST_FIND_FAILED;
2921 /* If the list of hosts was obtained from SRV records, there are two things to
2922 do. First, if there is only one host, and it's name is ".", it means there is
2923 no SMTP service at this domain. Otherwise, we have to sort the hosts of equal
2924 priority according to their weights, using an algorithm that is defined in RFC
2925 2782. The hosts are currently sorted by priority and weight. For each priority
2926 group we have to pick off one host and put it first, and then repeat for any
2927 remaining in the same priority group. */
2929 if (ind_type == T_SRV)
2933 if (host == last && host->name[0] == 0)
2935 DEBUG(D_host_lookup) debug_printf("the single SRV record is \".\"\n");
2936 yield = HOST_FIND_FAILED;
2940 DEBUG(D_host_lookup)
2942 debug_printf("original ordering of hosts from SRV records:\n");
2943 for (h = host; h != last->next; h = h->next)
2944 debug_printf(" %s P=%d W=%d\n", h->name, h->mx, h->sort_key % 1000);
2947 for (pptr = &host, h = host; h != last; pptr = &h->next, h = h->next)
2952 /* Find the last following host that has the same precedence. At the same
2953 time, compute the sum of the weights and the running totals. These can be
2954 stored in the sort_key field. */
2956 for (hh = h; hh != last; hh = hh->next)
2958 int weight = hh->sort_key % 1000; /* was precedence * 1000 + weight */
2961 if (hh->mx != hh->next->mx) break;
2964 /* If there's more than one host at this precedence (priority), we need to
2965 pick one to go first. */
2971 int randomizer = random_number(sum + 1);
2973 for (ppptr = pptr, hhh = h;
2975 ppptr = &hhh->next, hhh = hhh->next)
2976 if (hhh->sort_key >= randomizer)
2979 /* hhh now points to the host that should go first; ppptr points to the
2980 place that points to it. Unfortunately, if the start of the minilist is
2981 the start of the entire list, we can't just swap the items over, because
2982 we must not change the value of host, since it is passed in from outside.
2983 One day, this could perhaps be changed.
2985 The special case is fudged by putting the new item *second* in the chain,
2986 and then transferring the data between the first and second items. We
2987 can't just swap the first and the chosen item, because that would mean
2988 that an item with zero weight might no longer be first. */
2992 *ppptr = hhh->next; /* Cuts it out of the chain */
2996 host_item temp = *h;
2999 hhh->next = temp.next;
3004 hhh->next = h; /* The rest of the chain follows it */
3005 *pptr = hhh; /* It takes the place of h */
3006 h = hhh; /* It's now the start of this minilist */
3011 /* A host has been chosen to be first at this priority and h now points
3012 to this host. There may be others at the same priority, or others at a
3013 different priority. Before we leave this host, we need to put back a sort
3014 key of the traditional MX kind, in case this host is multihomed, because
3015 the sort key is used for ordering the multiple IP addresses. We do not need
3016 to ensure that these new sort keys actually reflect the order of the hosts,
3019 h->sort_key = h->mx * 1000 + random_number(500);
3020 } /* Move on to the next host */
3023 /* Now we have to find IP addresses for all the hosts. We have ensured above
3024 that the names in all the host items are unique. Before release 4.61 we used to
3025 process records from the additional section in the DNS packet that returned the
3026 MX or SRV records. However, a DNS name server is free to drop any resource
3027 records from the additional section. In theory, this has always been a
3028 potential problem, but it is exacerbated by the advent of IPv6. If a host had
3029 several IPv4 addresses and some were not in the additional section, at least
3030 Exim would try the others. However, if a host had both IPv4 and IPv6 addresses
3031 and all the IPv4 (say) addresses were absent, Exim would try only for a IPv6
3032 connection, and never try an IPv4 address. When there was only IPv4
3033 connectivity, this was a disaster that did in practice occur.
3035 So, from release 4.61 onwards, we always search for A and AAAA records
3036 explicitly. The names shouldn't point to CNAMES, but we use the general lookup
3037 function that handles them, just in case. If any lookup gives a soft error,
3038 change the default yield.
3040 For these DNS lookups, we must disable qualify_single and search_parents;
3041 otherwise invalid host names obtained from MX or SRV records can cause trouble
3042 if they happen to match something local. */
3044 yield = HOST_FIND_FAILED; /* Default yield */
3045 dns_init(FALSE, FALSE, /* Disable qualify_single and search_parents */
3046 dnssec_request || dnssec_require);
3048 for (h = host; h != last->next; h = h->next)
3050 if (h->address) continue; /* Inserted by a multihomed host */
3052 rc = set_address_from_dns(h, &last, ignore_target_hosts, allow_mx_to_ip,
3053 NULL, dnssec_request, dnssec_require,
3054 whichrrs & HOST_FIND_IPV4_ONLY
3055 ? HOST_FIND_BY_A : HOST_FIND_BY_A | HOST_FIND_BY_AAAA);
3056 if (rc != HOST_FOUND)
3058 h->status = hstatus_unusable;
3061 case HOST_FIND_AGAIN: yield = rc; h->why = hwhy_deferred; break;
3062 case HOST_FIND_SECURITY: yield = rc; h->why = hwhy_insecure; break;
3063 case HOST_IGNORED: h->why = hwhy_ignored; break;
3064 default: h->why = hwhy_failed; break;
3069 /* Scan the list for any hosts that are marked unusable because they have
3070 been explicitly ignored, and remove them from the list, as if they did not
3071 exist. If we end up with just a single, ignored host, flatten its fields as if
3072 nothing was found. */
3074 if (ignore_target_hosts)
3076 host_item *prev = NULL;
3077 for (h = host; h != last->next; h = h->next)
3080 if (h->why != hwhy_ignored) /* Non ignored host, just continue */
3082 else if (prev == NULL) /* First host is ignored */
3084 if (h != last) /* First is not last */
3086 if (h->next == last) last = h; /* Overwrite it with next */
3087 *h = *(h->next); /* and reprocess it. */
3088 goto REDO; /* C should have redo, like Perl */
3091 else /* Ignored host is not first - */
3093 prev->next = h->next;
3094 if (h == last) last = prev;
3098 if (host->why == hwhy_ignored) host->address = NULL;
3101 /* There is still one complication in the case of IPv6. Although the code above
3102 arranges that IPv6 addresses take precedence over IPv4 addresses for multihomed
3103 hosts, it doesn't do this for addresses that apply to different hosts with the
3104 same MX precedence, because the sorting on MX precedence happens first. So we
3105 have to make another pass to check for this case. We ensure that, within a
3106 single MX preference value, IPv6 addresses come first. This can separate the
3107 addresses of a multihomed host, but that should not matter. */
3110 if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
3113 host_item *next = h->next;
3115 if ( h->mx != next->mx /* If next is different MX */
3116 || !h->address /* OR this one is unset */
3118 continue; /* move on to next */
3120 if ( whichrrs & HOST_FIND_IPV4_FIRST
3121 ? !Ustrchr(h->address, ':') /* OR this one is IPv4 */
3123 && Ustrchr(next->address, ':') /* OR next is IPv6 */
3125 : Ustrchr(h->address, ':') /* OR this one is IPv6 */
3127 && !Ustrchr(next->address, ':') /* OR next is IPv4 */
3129 continue; /* move on to next */
3131 temp = *h; /* otherwise, swap */
3132 temp.next = next->next;
3139 /* Remove any duplicate IP addresses and then scan the list of hosts for any
3140 whose IP addresses are on the local host. If any are found, all hosts with the
3141 same or higher MX values are removed. However, if the local host has the lowest
3142 numbered MX, then HOST_FOUND_LOCAL is returned. Otherwise, if at least one host
3143 with an IP address is on the list, HOST_FOUND is returned. Otherwise,
3144 HOST_FIND_FAILED is returned, but in this case do not update the yield, as it
3145 might have been set to HOST_FIND_AGAIN just above here. If not, it will already
3146 be HOST_FIND_FAILED. */
3148 host_remove_duplicates(host, &last);
3149 rc = host_scan_for_local_hosts(host, &last, removed);
3150 if (rc != HOST_FIND_FAILED) yield = rc;
3152 DEBUG(D_host_lookup)
3154 if (fully_qualified_name)
3155 debug_printf("fully qualified name = %s\n", *fully_qualified_name);
3156 debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
3157 yield == HOST_FOUND ? "HOST_FOUND" :
3158 yield == HOST_FOUND_LOCAL ? "HOST_FOUND_LOCAL" :
3159 yield == HOST_FIND_SECURITY ? "HOST_FIND_SECURITY" :
3160 yield == HOST_FIND_AGAIN ? "HOST_FIND_AGAIN" :
3161 yield == HOST_FIND_FAILED ? "HOST_FIND_FAILED" : "?",
3163 for (h = host; h != last->next; h = h->next)
3165 debug_printf(" %s %s MX=%d %s", h->name,
3166 !h->address ? US"<null>" : h->address, h->mx,
3167 h->dnssec == DS_YES ? US"DNSSEC " : US"");
3168 if (h->port != PORT_NONE) debug_printf("port=%d ", h->port);
3169 if (h->status >= hstatus_unusable) debug_printf("*");
3176 dns_init(FALSE, FALSE, FALSE); /* clear the dnssec bit for getaddrbyname */
3177 store_free_dns_answer(dnsa);
3185 /* Lookup TLSA record for host/port.
3186 Return: OK success with dnssec; DANE mode
3187 DEFER Do not use this host now, may retry later
3188 FAIL_FORCED No TLSA record; DANE not usable
3189 FAIL Do not use this connection
3193 tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
3196 const uschar * fullname = buffer;
3200 /* TLSA lookup string */
3201 (void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
3203 rc = dns_lookup_timerwrap(dnsa, buffer, T_TLSA, &fullname);
3204 sec = dns_is_secure(dnsa);
3206 debug_printf("TLSA lookup ret %s %sDNSSEC\n", dns_rc_names[rc], sec ? "" : "not ");
3211 return DEFER; /* just defer this TLS'd conn */
3219 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
3220 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
3221 if (rr->type == T_TLSA && rr->size > 3)
3223 uint16_t payload_length = rr->size - 3;
3224 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
3226 sp += sprintf(CS sp, "%d ", *p++); /* usage */
3227 sp += sprintf(CS sp, "%d ", *p++); /* selector */
3228 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
3229 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
3230 sp += sprintf(CS sp, "%02x", *p++);
3232 debug_printf(" %s\n", s);
3237 log_write(0, LOG_MAIN,
3238 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
3241 case DNS_NODATA: /* no TLSA RR for this lookup */
3242 case DNS_NOMATCH: /* no records at all for this lookup */
3243 return dane_required ? FAIL : FAIL_FORCED;
3247 return dane_required ? FAIL : DEFER;
3250 #endif /*SUPPORT_DANE*/
3254 /*************************************************
3255 **************************************************
3256 * Stand-alone test program *
3257 **************************************************
3258 *************************************************/
3262 int main(int argc, char **cargv)
3265 int whichrrs = HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3266 BOOL byname = FALSE;
3267 BOOL qualify_single = TRUE;
3268 BOOL search_parents = FALSE;
3269 BOOL request_dnssec = FALSE;
3270 BOOL require_dnssec = FALSE;
3271 uschar **argv = USS cargv;
3274 disable_ipv6 = FALSE;
3275 primary_hostname = US"";
3277 store_pool = POOL_MAIN;
3278 debug_selector = D_host_lookup|D_interface;
3279 debug_file = stdout;
3280 debug_fd = fileno(debug_file);
3282 printf("Exim stand-alone host functions test\n");
3284 host_find_interfaces();
3285 debug_selector = D_host_lookup | D_dns;
3287 if (argc > 1) primary_hostname = argv[1];
3289 /* So that debug level changes can be done first */
3291 dns_init(qualify_single, search_parents, FALSE);
3293 printf("Testing host lookup\n");
3295 while (Ufgets(buffer, 256, stdin) != NULL)
3298 int len = Ustrlen(buffer);
3299 uschar *fully_qualified_name;
3301 while (len > 0 && isspace(buffer[len-1])) len--;
3304 if (Ustrcmp(buffer, "q") == 0) break;
3306 if (Ustrcmp(buffer, "byname") == 0) byname = TRUE;
3307 else if (Ustrcmp(buffer, "no_byname") == 0) byname = FALSE;
3308 else if (Ustrcmp(buffer, "a_only") == 0) whichrrs = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3309 else if (Ustrcmp(buffer, "mx_only") == 0) whichrrs = HOST_FIND_BY_MX;
3310 else if (Ustrcmp(buffer, "srv_only") == 0) whichrrs = HOST_FIND_BY_SRV;
3311 else if (Ustrcmp(buffer, "srv+a") == 0)
3312 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3313 else if (Ustrcmp(buffer, "srv+mx") == 0)
3314 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX;
3315 else if (Ustrcmp(buffer, "srv+mx+a") == 0)
3316 whichrrs = HOST_FIND_BY_SRV | HOST_FIND_BY_MX | HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
3317 else if (Ustrcmp(buffer, "qualify_single") == 0) qualify_single = TRUE;
3318 else if (Ustrcmp(buffer, "no_qualify_single") == 0) qualify_single = FALSE;
3319 else if (Ustrcmp(buffer, "search_parents") == 0) search_parents = TRUE;
3320 else if (Ustrcmp(buffer, "no_search_parents") == 0) search_parents = FALSE;
3321 else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
3322 else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
3323 else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
3324 else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
3325 else if (Ustrcmp(buffer, "test_harness") == 0)
3326 f.running_in_test_harness = !f.running_in_test_harness;
3327 else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
3328 else if (Ustrcmp(buffer, "res_debug") == 0)
3330 _res.options ^= RES_DEBUG;
3332 else if (Ustrncmp(buffer, "retrans", 7) == 0)
3334 (void)sscanf(CS(buffer+8), "%d", &dns_retrans);
3335 _res.retrans = dns_retrans;
3337 else if (Ustrncmp(buffer, "retry", 5) == 0)
3339 (void)sscanf(CS(buffer+6), "%d", &dns_retry);
3340 _res.retry = dns_retry;
3344 int flags = whichrrs;
3351 h.status = hstatus_unknown;
3352 h.why = hwhy_unknown;
3355 if (qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
3356 if (search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
3358 d.request = request_dnssec ? &h.name : NULL;
3359 d.require = require_dnssec ? &h.name : NULL;
3362 ? host_find_byname(&h, NULL, flags, &fully_qualified_name, TRUE)
3363 : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
3364 &d, &fully_qualified_name, NULL);
3368 case HOST_FIND_FAILED: printf("Failed\n"); break;
3369 case HOST_FIND_AGAIN: printf("Again\n"); break;
3370 case HOST_FIND_SECURITY: printf("Security\n"); break;
3371 case HOST_FOUND_LOCAL: printf("Local\n"); break;
3378 printf("Testing host_aton\n");
3380 while (Ufgets(buffer, 256, stdin) != NULL)
3383 int len = Ustrlen(buffer);
3385 while (len > 0 && isspace(buffer[len-1])) len--;
3388 if (Ustrcmp(buffer, "q") == 0) break;
3390 len = host_aton(buffer, x);
3391 printf("length = %d ", len);
3392 for (int i = 0; i < len; i++)
3394 printf("%04x ", (x[i] >> 16) & 0xffff);
3395 printf("%04x ", x[i] & 0xffff);
3402 printf("Testing host_name_lookup\n");
3404 while (Ufgets(buffer, 256, stdin) != NULL)
3406 int len = Ustrlen(buffer);
3407 while (len > 0 && isspace(buffer[len-1])) len--;
3409 if (Ustrcmp(buffer, "q") == 0) break;
3410 sender_host_address = buffer;
3411 sender_host_name = NULL;
3412 sender_host_aliases = NULL;
3413 host_lookup_msg = US"";
3414 host_lookup_failed = FALSE;
3415 if (host_name_lookup() == FAIL) /* Debug causes printing */
3416 printf("Lookup failed:%s\n", host_lookup_msg);
3424 #endif /* STAND_ALONE */