1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* A number of functions for driving outgoing SMTP calls. */
13 #include "transports/smtp.h"
17 /*************************************************
18 * Find an outgoing interface *
19 *************************************************/
21 /* This function is called from the smtp transport and also from the callout
22 code in verify.c. Its job is to expand a string to get a list of interfaces,
23 and choose a suitable one (IPv4 or IPv6) for the outgoing address.
26 istring string interface setting, may be NULL, meaning "any", in
27 which case the function does nothing
28 host_af AF_INET or AF_INET6 for the outgoing IP address
29 addr the mail address being handled (for setting errors)
30 interface point this to the interface
31 msg to add to any error message
33 Returns: TRUE on success, FALSE on failure, with error message
34 set in addr and transport_return set to PANIC
38 smtp_get_interface(uschar *istring, int host_af, address_item *addr,
39 uschar **interface, uschar *msg)
41 const uschar * expint;
45 if (!istring) return TRUE;
47 if (!(expint = expand_string(istring)))
49 if (f.expand_string_forcedfail) return TRUE;
50 addr->transport_return = PANIC;
51 addr->message = string_sprintf("failed to expand \"interface\" "
52 "option for %s: %s", msg, expand_string_message);
56 if (is_tainted(expint))
58 log_write(0, LOG_MAIN|LOG_PANIC,
59 "attempt to use tainted value '%s' from '%s' for interface",
61 addr->transport_return = PANIC;
62 addr->message = string_sprintf("failed to expand \"interface\" "
63 "option for %s: configuration error", msg);
67 Uskip_whitespace(&expint);
68 if (!*expint) return TRUE;
70 /* we just tested to ensure no taint, so big_buffer is ok */
71 while ((iface = string_nextinlist(&expint, &sep, big_buffer,
74 if (string_is_ip_address(iface, NULL) == 0)
76 addr->transport_return = PANIC;
77 addr->message = string_sprintf("\"%s\" is not a valid IP "
78 "address for the \"interface\" option for %s",
83 if (((Ustrchr(iface, ':') == NULL)? AF_INET:AF_INET6) == host_af)
87 if (iface) *interface = string_copy(iface);
93 /*************************************************
94 * Find an outgoing port *
95 *************************************************/
97 /* This function is called from the smtp transport and also from the callout
98 code in verify.c. Its job is to find a port number. Note that getservbyname()
99 produces the number in network byte order.
102 rstring raw (unexpanded) string representation of the port
103 addr the mail address being handled (for setting errors)
104 port stick the port in here
105 msg for adding to error message
107 Returns: TRUE on success, FALSE on failure, with error message set
108 in addr, and transport_return set to PANIC
112 smtp_get_port(uschar *rstring, address_item *addr, int *port, uschar *msg)
114 uschar *pstring = expand_string(rstring);
118 addr->transport_return = PANIC;
119 addr->message = string_sprintf("failed to expand \"%s\" (\"port\" option) "
120 "for %s: %s", rstring, msg, expand_string_message);
124 if (isdigit(*pstring))
127 *port = Ustrtol(pstring, &end, 0);
128 if (end != pstring + Ustrlen(pstring))
130 addr->transport_return = PANIC;
131 addr->message = string_sprintf("invalid port number for %s: %s", msg,
139 struct servent *smtp_service = getservbyname(CS pstring, "tcp");
142 addr->transport_return = PANIC;
143 addr->message = string_sprintf("TCP port \"%s\" is not defined for %s",
147 *port = ntohs(smtp_service->s_port);
158 tfo_out_check(int sock)
161 struct tcp_info tinfo;
163 socklen_t len = sizeof(val);
165 /* The observability as of 12.1 is not useful as a client, only telling us that
166 a TFO option was used on SYN. It could have been a TFO-R, or ignored by the
170 if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA)
171 if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {}
173 switch (tcp_out_fastopen)
175 case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break;
176 case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break;
177 default: break; /* compiler quietening */
180 # else /* Linux & Apple */
181 # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED)
182 struct tcp_info tinfo;
183 socklen_t len = sizeof(tinfo);
185 switch (tcp_out_fastopen)
187 /* This is a somewhat dubious detection method; totally undocumented so likely
188 to fail in future kernels. There seems to be no documented way. What we really
189 want to know is if the server sent smtp-banner data before our ACK of his SYN,ACK
190 hit him. What this (possibly?) detects is whether we sent a TFO cookie with our
191 SYN, as distinct from a TFO request. This gets a false-positive when the server
192 key is rotated; we send the old one (which this test sees) but the server returns
193 the new one and does not send its SMTP banner before we ACK his SYN,ACK.
194 To force that rotation case:
195 '# echo -n "00000000-00000000-00000000-0000000" >/proc/sys/net/ipv4/tcp_fastopen_key'
196 The kernel seems to be counting unack'd packets. */
198 case TFO_ATTEMPTED_NODATA:
199 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
200 && tinfo.tcpi_state == TCP_SYN_SENT
201 && tinfo.tcpi_unacked > 1
204 DEBUG(D_transport|D_v)
205 debug_printf("TCP_FASTOPEN tcpi_unacked %d\n", tinfo.tcpi_unacked);
206 tcp_out_fastopen = TFO_USED_NODATA;
210 /* When called after waiting for received data we should be able
211 to tell if data we sent was accepted. */
213 case TFO_ATTEMPTED_DATA:
214 if ( getsockopt(sock, IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0
215 && tinfo.tcpi_state == TCP_ESTABLISHED
217 if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA)
219 DEBUG(D_transport|D_v) debug_printf("TFO: data was acked\n");
220 tcp_out_fastopen = TFO_USED_DATA;
224 DEBUG(D_transport|D_v) debug_printf("TFO: had to retransmit\n");
225 tcp_out_fastopen = TFO_NOT_USED;
229 default: break; /* compiler quietening */
232 # endif /* Linux & Apple */
237 /* Arguments as for smtp_connect(), plus
238 early_data if non-NULL, idenmpotent data to be sent -
239 preferably in the TCP SYN segment
241 Returns: connected socket number, or -1 with errno set
245 smtp_sock_connect(host_item * host, int host_af, int port, uschar * interface,
246 transport_instance * tb, int timeout, const blob * early_data)
248 smtp_transport_options_block * ob =
249 (smtp_transport_options_block *)tb->options_block;
250 const uschar * dscp = ob->dscp;
256 const blob * fastopen_blob = NULL;
259 #ifndef DISABLE_EVENT
260 deliver_host_address = host->address;
261 deliver_host_port = port;
262 if (event_raise(tb->event_action, US"tcp:connect", NULL)) return -1;
265 if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1;
267 /* Set TCP_NODELAY; Exim does its own buffering. */
269 if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
270 HDEBUG(D_transport|D_acl|D_v)
271 debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
273 /* Set DSCP value, if we can. For now, if we fail to set the value, we don't
274 bomb out, just log it and continue in default traffic class. */
276 if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
278 HDEBUG(D_transport|D_acl|D_v)
279 debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
280 if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
281 HDEBUG(D_transport|D_acl|D_v)
282 debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
283 /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
284 option for both; ignore failures here */
285 if (host_af == AF_INET6 &&
286 dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
287 (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
290 /* Bind to a specific interface if requested. Caller must ensure the interface
291 is the same type (IPv4 or IPv6) as the outgoing address. */
293 if (interface && ip_bind(sock, host_af, interface, 0) < 0)
296 HDEBUG(D_transport|D_acl|D_v)
297 debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
301 /* Connect to the remote host, and add keepalive to the socket before returning
302 it, if requested. If the build supports TFO, request it - and if the caller
303 requested some early-data then include that in the TFO request. If there is
304 early-data but no TFO support, send it after connecting. */
309 if (verify_check_given_host(CUSS &ob->hosts_try_fastopen, host) == OK)
310 fastopen_blob = early_data ? early_data : &tcp_fastopen_nodata;
313 if (ip_connect(sock, host_af, host->address, port, timeout, fastopen_blob) < 0)
315 else if (early_data && !fastopen_blob && early_data->data && early_data->len)
317 HDEBUG(D_transport|D_acl|D_v)
318 debug_printf("sending %ld nonTFO early-data\n", (long)early_data->len);
321 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
323 if (send(sock, early_data->data, early_data->len, 0) < 0)
328 /* Either bind() or connect() failed */
332 HDEBUG(D_transport|D_acl|D_v)
334 debug_printf_indent(" failed: %s", CUstrerror(save_errno));
335 if (save_errno == ETIMEDOUT)
336 debug_printf(" (timeout=%s)", readconf_printtime(timeout));
344 /* Both bind() and connect() succeeded, and any early-data */
348 union sockaddr_46 interface_sock;
349 EXIM_SOCKLEN_T size = sizeof(interface_sock);
351 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" connected\n");
352 if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
353 sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
356 log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC),
357 "getsockname() failed: %s", strerror(errno));
362 if (ob->keepalive) ip_keepalive(sock, host->address, TRUE);
375 smtp_port_for_connect(host_item * host, int port)
377 if (host->port != PORT_NONE)
379 HDEBUG(D_transport|D_acl|D_v) if (port != host->port)
380 debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
384 else host->port = port; /* Set the port actually used */
388 /*************************************************
389 * Connect to remote host *
390 *************************************************/
392 /* Create a socket, and connect it to a remote host. IPv6 addresses are
393 detected by checking for a colon in the address. AF_INET6 is defined even on
394 non-IPv6 systems, to enable the code to be less messy. However, on such systems
395 host->address will always be an IPv4 address.
398 sc details for making connection: host, af, interface, transport
399 early_data if non-NULL, data to be sent - preferably in the TCP SYN segment
401 Returns: connected socket number, or -1 with errno set
405 smtp_connect(smtp_connect_args * sc, const blob * early_data)
407 int port = sc->host->port;
408 smtp_transport_options_block * ob = sc->ob;
410 callout_address = string_sprintf("[%s]:%d", sc->host->address, port);
412 HDEBUG(D_transport|D_acl|D_v)
415 if (sc->interface) s = string_sprintf(" from %s ", sc->interface);
417 if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
419 debug_printf_indent("Connecting to %s %s%s... ", sc->host->name, callout_address, s);
422 /* Create and connect the socket */
427 int sock = socks_sock_connect(sc->host, sc->host_af, port, sc->interface,
428 sc->tblock, ob->connect_timeout);
432 if (early_data && early_data->data && early_data->len)
433 if (send(sock, early_data->data, early_data->len, 0) < 0)
435 int save_errno = errno;
436 HDEBUG(D_transport|D_acl|D_v)
438 debug_printf_indent("failed: %s", CUstrerror(save_errno));
439 if (save_errno == ETIMEDOUT)
440 debug_printf(" (timeout=%s)", readconf_printtime(ob->connect_timeout));
452 return smtp_sock_connect(sc->host, sc->host_af, port, sc->interface,
453 sc->tblock, ob->connect_timeout, early_data);
457 /*************************************************
458 * Flush outgoing command buffer *
459 *************************************************/
461 /* This function is called only from smtp_write_command() below. It flushes
462 the buffer of outgoing commands. There is more than one in the buffer only when
466 outblock the SMTP output block
467 mode further data expected, or plain
469 Returns: TRUE if OK, FALSE on error, with errno set
473 flush_buffer(smtp_outblock * outblock, int mode)
476 int n = outblock->ptr - outblock->buffer;
477 BOOL more = mode == SCMD_MORE;
479 HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n,
480 more ? " (more expected)" : "");
483 if (outblock->cctx->tls_ctx)
484 rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more);
489 if (outblock->conn_args)
491 blob early_data = { .data = outblock->buffer, .len = n };
493 /* We ignore the more-flag if we're doing a connect with early-data, which
494 means we won't get BDAT+data. A pity, but wise due to the idempotency
495 requirement: TFO with data can, in rare cases, replay the data to the
498 if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data))
501 outblock->conn_args = NULL;
506 rc = send(outblock->cctx->sock, outblock->buffer, n,
514 #if defined(__linux__)
515 /* This is a workaround for a current linux kernel bug: as of
516 5.6.8-200.fc31.x86_64 small (<MSS) writes get delayed by about 200ms,
517 This is despite NODELAY being active.
518 https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */
521 setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off));
528 HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
532 outblock->ptr = outblock->buffer;
533 outblock->cmd_count = 0;
539 /*************************************************
540 * Write SMTP command *
541 *************************************************/
543 /* The formatted command is left in big_buffer so that it can be reflected in
547 sx SMTP connection, contains buffer for pipelining, and socket
548 mode buffer, write-with-more-likely, write
549 format a format, starting with one of
550 of HELO, MAIL FROM, RCPT TO, DATA, ".", or QUIT.
551 If NULL, flush pipeline buffer only.
552 ... data for the format
554 Returns: 0 if command added to pipelining buffer, with nothing transmitted
555 +n if n commands transmitted (may still have buffered the new one)
556 -1 on error, with errno set
560 smtp_write_command(void * sx, int mode, const char *format, ...)
562 smtp_outblock * outblock = &((smtp_context *)sx)->outblock;
567 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer };
570 /* Use taint-unchecked routines for writing into big_buffer, trusting that
571 we'll never expand the results. Actually, the error-message use - leaving
572 the results in big_buffer for potential later use - is uncomfortably distant.
573 XXX Would be better to assume all smtp commands are short, use normal pool
574 alloc rather than big_buffer, and another global for the data-for-error. */
576 va_start(ap, format);
577 if (!string_vformat(&gs, SVFMT_TAINT_NOCHK, CS format, ap))
578 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
581 string_from_gstring(&gs);
583 if (gs.ptr > outblock->buffersize)
584 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "overlong write_command in outgoing "
587 if (gs.ptr > outblock->buffersize - (outblock->ptr - outblock->buffer))
589 rc = outblock->cmd_count; /* flush resets */
590 if (!flush_buffer(outblock, SCMD_FLUSH)) return -1;
593 Ustrncpy(outblock->ptr, gs.s, gs.ptr);
594 outblock->ptr += gs.ptr;
595 outblock->cmd_count++;
596 gs.ptr -= 2; string_from_gstring(&gs); /* remove \r\n for error message */
598 /* We want to hide the actual data sent in AUTH transactions from reflections
599 and logs. While authenticating, a flag is set in the outblock to enable this.
600 The AUTH command itself gets any data flattened. Other lines are flattened
603 if (outblock->authenticating)
605 uschar *p = big_buffer;
606 if (Ustrncmp(big_buffer, "AUTH ", 5) == 0)
609 while (isspace(*p)) p++;
610 while (!isspace(*p)) p++;
611 while (isspace(*p)) p++;
613 while (*p) *p++ = '*';
616 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
619 if (mode != SCMD_BUFFER)
621 rc += outblock->cmd_count; /* flush resets */
622 if (!flush_buffer(outblock, mode)) return -1;
630 /*************************************************
631 * Read one line of SMTP response *
632 *************************************************/
634 /* This function reads one line of SMTP response from the server host. This may
635 not be a complete response - it could be just part of a multiline response. We
636 have to use a buffer for incoming packets, because when pipelining or using
637 LMTP, there may well be more than one response in a single packet. This
638 function is called only from the one that follows.
641 inblock the SMTP input block (contains holding buffer, socket, etc.)
642 buffer where to put the line
643 size space available for the line
644 timelimit deadline for reading the lime, seconds past epoch
646 Returns: length of a line that has been put in the buffer
647 -1 otherwise, with errno set
651 read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
654 uschar *ptr = inblock->ptr;
655 uschar *ptrend = inblock->ptrend;
656 client_conn_ctx * cctx = inblock->cctx;
658 /* Loop for reading multiple packets or reading another packet after emptying
659 a previously-read one. */
665 /* If there is data in the input buffer left over from last time, copy
666 characters from it until the end of a line, at which point we can return,
667 having removed any whitespace (which will include CR) at the end of the line.
668 The rules for SMTP say that lines end in CRLF, but there are have been cases
669 of hosts using just LF, and other MTAs are reported to handle this, so we
670 just look for LF. If we run out of characters before the end of a line,
671 carry on to read the next incoming packet. */
678 while (p > buffer && isspace(p[-1])) p--;
686 *p = 0; /* Leave malformed line for error message */
687 errno = ERRNO_SMTPFORMAT;
692 /* Need to read a new input packet. */
694 if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
696 DEBUG(D_deliver|D_transport|D_acl|D_v)
697 debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
702 /* Another block of data has been successfully read. Set up the pointers
703 and let the loop continue. */
705 ptrend = inblock->ptrend = inblock->buffer + rc;
706 ptr = inblock->buffer;
707 DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
710 /* Get here if there has been some kind of recv() error; errno is set, but we
711 ensure that the result buffer is empty before returning. */
721 /*************************************************
722 * Read SMTP response *
723 *************************************************/
725 /* This function reads an SMTP response with a timeout, and returns the
726 response in the given buffer, as a string. A multiline response will contain
727 newline characters between the lines. The function also analyzes the first
728 digit of the reply code and returns FALSE if it is not acceptable. FALSE is
729 also returned after a reading error. In this case buffer[0] will be zero, and
730 the error code will be in errno.
733 sx the SMTP connection (contains input block with holding buffer,
735 buffer where to put the response
736 size the size of the buffer
737 okdigit the expected first digit of the response
738 timeout the timeout to use, in seconds
740 Returns: TRUE if a valid, non-error response was received; else FALSE
742 /*XXX could move to smtp transport; no other users */
745 smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
748 smtp_context * sx = sx0;
749 uschar * ptr = buffer;
751 time_t timelimit = time(NULL) + timeout;
753 errno = 0; /* Ensure errno starts out zero */
755 #ifndef DISABLE_PIPE_CONNECT
756 if (sx->pending_BANNER || sx->pending_EHLO)
759 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
761 DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
763 if (rc == DEFER) errno = ERRNO_TLSFAILURE;
769 /* This is a loop to read and concatenate the lines that make up a multi-line
774 if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
777 HDEBUG(D_transport|D_acl|D_v)
778 debug_printf_indent(" %s %s\n", ptr == buffer ? "SMTP<<" : " ", ptr);
780 /* Check the format of the response: it must start with three digits; if
781 these are followed by a space or end of line, the response is complete. If
782 they are followed by '-' this is a multi-line response and we must look for
783 another line until the final line is reached. The only use made of multi-line
784 responses is to pass them back as error messages. We therefore just
785 concatenate them all within the buffer, which should be large enough to
786 accept any reasonable number of lines. */
792 (ptr[3] != '-' && ptr[3] != ' ' && ptr[3] != 0))
794 errno = ERRNO_SMTPFORMAT; /* format error */
798 /* If the line we have just read is a terminal line, line, we are done.
799 Otherwise more data has to be read. */
801 if (ptr[3] != '-') break;
803 /* Move the reading pointer upwards in the buffer and insert \n between the
804 components of a multiline response. Space is left for this by read_response_
813 tfo_out_check(sx->cctx.sock);
816 /* Return a value that depends on the SMTP return code. On some systems a
817 non-zero value of errno has been seen at this point, so ensure it is zero,
818 because the caller of this function looks at errno when FALSE is returned, to
819 distinguish between an unexpected return code and other errors such as
820 timeouts, lost connections, etc. */
823 return buffer[0] == okdigit;
826 /* End of smtp_out.c */