1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
12 #define PENDING_DEFER (PENDING + DEFER)
13 #define PENDING_OK (PENDING + OK)
16 /* Options specific to the smtp transport. This transport also supports LMTP
17 over TCP/IP. The options must be in alphabetic order (note that "_" comes
18 before the lower case letters). Some live in the transport_instance block so as
19 to be publicly visible; these are flagged with opt_public. */
21 optionlist smtp_transport_options[] = {
22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
58 { "fallback_hosts", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
60 { "final_timeout", opt_time,
61 (void *)offsetof(smtp_transport_options_block, final_timeout) },
62 { "gethostbyname", opt_bool,
63 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
65 /* These are no longer honoured, as of Exim 4.80; for now, we silently
66 ignore; a later release will warn, and a later-still release will remove
67 these options, so that using them becomes an error. */
68 { "gnutls_require_kx", opt_stringptr,
69 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
70 { "gnutls_require_mac", opt_stringptr,
71 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
72 { "gnutls_require_protocols", opt_stringptr,
73 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
75 { "helo_data", opt_stringptr,
76 (void *)offsetof(smtp_transport_options_block, helo_data) },
77 { "hosts", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, hosts) },
79 { "hosts_avoid_esmtp", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
81 { "hosts_avoid_pipelining", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
84 { "hosts_avoid_tls", opt_stringptr,
85 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
87 { "hosts_max_try", opt_int,
88 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
89 { "hosts_max_try_hardlimit", opt_int,
90 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
92 { "hosts_nopass_tls", opt_stringptr,
93 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
95 { "hosts_override", opt_bool,
96 (void *)offsetof(smtp_transport_options_block, hosts_override) },
97 { "hosts_randomize", opt_bool,
98 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
99 { "hosts_require_auth", opt_stringptr,
100 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
102 { "hosts_require_tls", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
105 { "hosts_try_auth", opt_stringptr,
106 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
107 { "interface", opt_stringptr,
108 (void *)offsetof(smtp_transport_options_block, interface) },
109 { "keepalive", opt_bool,
110 (void *)offsetof(smtp_transport_options_block, keepalive) },
111 { "lmtp_ignore_quota", opt_bool,
112 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
113 { "max_rcpt", opt_int | opt_public,
114 (void *)offsetof(transport_instance, max_addresses) },
115 { "multi_domain", opt_bool | opt_public,
116 (void *)offsetof(transport_instance, multi_domain) },
117 { "port", opt_stringptr,
118 (void *)offsetof(smtp_transport_options_block, port) },
119 { "protocol", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, protocol) },
121 { "retry_include_ip_address", opt_bool,
122 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
123 { "serialize_hosts", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
125 { "size_addition", opt_int,
126 (void *)offsetof(smtp_transport_options_block, size_addition) }
128 ,{ "tls_certificate", opt_stringptr,
129 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
130 { "tls_crl", opt_stringptr,
131 (void *)offsetof(smtp_transport_options_block, tls_crl) },
132 { "tls_dh_min_bits", opt_int,
133 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
134 { "tls_privatekey", opt_stringptr,
135 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
136 { "tls_require_ciphers", opt_stringptr,
137 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
138 { "tls_sni", opt_stringptr,
139 (void *)offsetof(smtp_transport_options_block, tls_sni) },
140 { "tls_tempfail_tryclear", opt_bool,
141 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
142 { "tls_verify_certificates", opt_stringptr,
143 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) }
147 /* Size of the options list. An extern variable has to be used so that its
148 address can appear in the tables drtables.c. */
150 int smtp_transport_options_count =
151 sizeof(smtp_transport_options)/sizeof(optionlist);
153 /* Default private options block for the smtp transport. */
155 smtp_transport_options_block smtp_transport_option_defaults = {
157 NULL, /* fallback_hosts */
159 NULL, /* fallback_hostlist */
160 NULL, /* authenticated_sender */
161 US"$primary_hostname", /* helo_data */
162 NULL, /* interface */
164 US"smtp", /* protocol */
165 NULL, /* serialize_hosts */
166 NULL, /* hosts_try_auth */
167 NULL, /* hosts_require_auth */
168 NULL, /* hosts_require_tls */
169 NULL, /* hosts_avoid_tls */
170 NULL, /* hosts_avoid_pipelining */
171 NULL, /* hosts_avoid_esmtp */
172 NULL, /* hosts_nopass_tls */
173 5*60, /* command_timeout */
174 5*60, /* connect_timeout; shorter system default overrides */
175 5*60, /* data timeout */
176 10*60, /* final timeout */
177 1024, /* size_addition */
178 5, /* hosts_max_try */
179 50, /* hosts_max_try_hardlimit */
180 TRUE, /* address_retry_include_sender */
181 FALSE, /* allow_localhost */
182 FALSE, /* authenticated_sender_force */
183 FALSE, /* gethostbyname */
184 TRUE, /* dns_qualify_single */
185 FALSE, /* dns_search_parents */
186 TRUE, /* delay_after_cutoff */
187 FALSE, /* hosts_override */
188 FALSE, /* hosts_randomize */
189 TRUE, /* keepalive */
190 FALSE, /* lmtp_ignore_quota */
191 TRUE /* retry_include_ip_address */
193 ,NULL, /* tls_certificate */
195 NULL, /* tls_privatekey */
196 NULL, /* tls_require_ciphers */
197 NULL, /* gnutls_require_kx */
198 NULL, /* gnutls_require_mac */
199 NULL, /* gnutls_require_proto */
201 NULL, /* tls_verify_certificates */
202 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
203 /* tls_dh_min_bits */
204 TRUE /* tls_tempfail_tryclear */
207 ,NULL, /* dkim_canon */
208 NULL, /* dkim_domain */
209 NULL, /* dkim_private_key */
210 NULL, /* dkim_selector */
211 NULL, /* dkim_sign_headers */
212 NULL /* dkim_strict */
219 static uschar *smtp_command; /* Points to last cmd for error messages */
220 static uschar *mail_command; /* Points to MAIL cmd for error messages */
221 static BOOL update_waiting; /* TRUE to update the "wait" database */
224 /*************************************************
225 * Setup entry point *
226 *************************************************/
228 /* This function is called when the transport is about to be used,
229 but before running it in a sub-process. It is used for two things:
231 (1) To set the fallback host list in addresses, when delivering.
232 (2) To pass back the interface, port, protocol, and other options, for use
233 during callout verification.
236 tblock pointer to the transport instance block
237 addrlist list of addresses about to be transported
238 tf if not NULL, pointer to block in which to return options
239 uid the uid that will be set (not used)
240 gid the gid that will be set (not used)
241 errmsg place for error message (not used)
243 Returns: OK always (FAIL, DEFER not used)
247 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
248 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
250 smtp_transport_options_block *ob =
251 (smtp_transport_options_block *)(tblock->options_block);
253 errmsg = errmsg; /* Keep picky compilers happy */
257 /* Pass back options if required. This interface is getting very messy. */
261 tf->interface = ob->interface;
263 tf->protocol = ob->protocol;
264 tf->hosts = ob->hosts;
265 tf->hosts_override = ob->hosts_override;
266 tf->hosts_randomize = ob->hosts_randomize;
267 tf->gethostbyname = ob->gethostbyname;
268 tf->qualify_single = ob->dns_qualify_single;
269 tf->search_parents = ob->dns_search_parents;
270 tf->helo_data = ob->helo_data;
273 /* Set the fallback host list for all the addresses that don't have fallback
274 host lists, provided that the local host wasn't present in the original host
277 if (!testflag(addrlist, af_local_host_removed))
279 for (; addrlist != NULL; addrlist = addrlist->next)
280 if (addrlist->fallback_hosts == NULL)
281 addrlist->fallback_hosts = ob->fallback_hostlist;
289 /*************************************************
290 * Initialization entry point *
291 *************************************************/
293 /* Called for each instance, after its options have been read, to
294 enable consistency checks to be done, or anything else that needs
297 Argument: pointer to the transport instance block
302 smtp_transport_init(transport_instance *tblock)
304 smtp_transport_options_block *ob =
305 (smtp_transport_options_block *)(tblock->options_block);
307 /* Retry_use_local_part defaults FALSE if unset */
309 if (tblock->retry_use_local_part == TRUE_UNSET)
310 tblock->retry_use_local_part = FALSE;
312 /* Set the default port according to the protocol */
314 if (ob->port == NULL)
315 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
316 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
318 /* Set up the setup entry point, to be called before subprocesses for this
321 tblock->setup = smtp_transport_setup;
323 /* Complain if any of the timeouts are zero. */
325 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
326 ob->final_timeout <= 0)
327 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
328 "command, data, or final timeout value is zero for %s transport",
331 /* If hosts_override is set and there are local hosts, set the global
332 flag that stops verify from showing router hosts. */
334 if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
336 /* If there are any fallback hosts listed, build a chain of host items
337 for them, but do not do any lookups at this time. */
339 host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
346 /*************************************************
347 * Set delivery info into all active addresses *
348 *************************************************/
350 /* Only addresses whose status is >= PENDING are relevant. A lesser
351 status means that an address is not currently being processed.
354 addrlist points to a chain of addresses
355 errno_value to put in each address's errno field
356 msg to put in each address's message field
357 rc to put in each address's transport_return field
358 pass_message if TRUE, set the "pass message" flag in the address
360 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
361 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
362 this particular type of timeout.
368 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
373 if (errno_value == ERRNO_CONNECTTIMEOUT)
375 errno_value = ETIMEDOUT;
376 orvalue = RTEF_CTOUT;
378 for (addr = addrlist; addr != NULL; addr = addr->next)
380 if (addr->transport_return < PENDING) continue;
381 addr->basic_errno = errno_value;
382 addr->more_errno |= orvalue;
386 if (pass_message) setflag(addr, af_pass_message);
388 addr->transport_return = rc;
394 /*************************************************
395 * Check an SMTP response *
396 *************************************************/
398 /* This function is given an errno code and the SMTP response buffer
399 to analyse, together with the host identification for generating messages. It
400 sets an appropriate message and puts the first digit of the response code into
401 the yield variable. If no response was actually read, a suitable digit is
405 host the current host, to get its name for messages
406 errno_value pointer to the errno value
407 more_errno from the top address for use with ERRNO_FILTER_FAIL
408 buffer the SMTP response buffer
409 yield where to put a one-digit SMTP response code
410 message where to put an errror message
411 pass_message set TRUE if message is an SMTP response
413 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
416 static BOOL check_response(host_item *host, int *errno_value, int more_errno,
417 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
421 if (smtp_use_pipelining &&
422 (Ustrcmp(smtp_command, "MAIL") == 0 ||
423 Ustrcmp(smtp_command, "RCPT") == 0 ||
424 Ustrcmp(smtp_command, "DATA") == 0))
427 *yield = '4'; /* Default setting is to give a temporary error */
429 /* Handle response timeout */
431 if (*errno_value == ETIMEDOUT)
433 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
434 "after %s%s", host->name, host->address, pl, smtp_command);
435 if (transport_count > 0)
436 *message = US string_sprintf("%s (%d bytes written)", *message,
441 /* Handle malformed SMTP response */
443 if (*errno_value == ERRNO_SMTPFORMAT)
445 uschar *malfresp = string_printing(buffer);
446 while (isspace(*malfresp)) malfresp++;
448 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
449 "%s [%s] in response to %s%s", host->name, host->address, pl,
452 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
453 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
457 /* Handle a failed filter process error; can't send QUIT as we mustn't
460 if (*errno_value == ERRNO_FILTER_FAIL)
462 *message = US string_sprintf("transport filter process failed (%d)%s",
464 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
468 /* Handle a failed add_headers expansion; can't send QUIT as we mustn't
471 if (*errno_value == ERRNO_CHHEADER_FAIL)
474 US string_sprintf("failed to expand headers_add or headers_remove: %s",
475 expand_string_message);
479 /* Handle failure to write a complete data block */
481 if (*errno_value == ERRNO_WRITEINCOMPLETE)
483 *message = US string_sprintf("failed to write a data block");
487 /* Handle error responses from the remote mailer. */
491 uschar *s = string_printing(buffer);
492 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
493 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
494 *pass_message = TRUE;
499 /* No data was read. If there is no errno, this must be the EOF (i.e.
500 connection closed) case, which causes deferral. An explicit connection reset
501 error has the same effect. Otherwise, put the host's identity in the message,
502 leaving the errno value to be interpreted as well. In all cases, we have to
503 assume the connection is now dead. */
505 if (*errno_value == 0 || *errno_value == ECONNRESET)
507 *errno_value = ERRNO_SMTPCLOSED;
508 *message = US string_sprintf("Remote host %s [%s] closed connection "
509 "in response to %s%s", host->name, host->address, pl, smtp_command);
511 else *message = US string_sprintf("%s [%s]", host->name, host->address);
518 /*************************************************
519 * Write error message to logs *
520 *************************************************/
522 /* This writes to the main log and to the message log.
525 addr the address item containing error information
526 host the current host
532 write_logs(address_item *addr, host_item *host)
534 if (addr->message != NULL)
536 uschar *message = addr->message;
537 if (addr->basic_errno > 0)
538 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
539 log_write(0, LOG_MAIN, "%s", message);
540 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
545 ((log_extra_selector & LX_outgoing_port) != 0)?
546 string_sprintf("%s [%s]:%d", host->name, host->address,
547 (host->port == PORT_NONE)? 25 : host->port)
549 string_sprintf("%s [%s]", host->name, host->address);
550 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
551 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
552 strerror(addr->basic_errno));
558 /*************************************************
559 * Synchronize SMTP responses *
560 *************************************************/
562 /* This function is called from smtp_deliver() to receive SMTP responses from
563 the server, and match them up with the commands to which they relate. When
564 PIPELINING is not in use, this function is called after every command, and is
565 therefore somewhat over-engineered, but it is simpler to use a single scheme
566 that works both with and without PIPELINING instead of having two separate sets
569 The set of commands that are buffered up with pipelining may start with MAIL
570 and may end with DATA; in between are RCPT commands that correspond to the
571 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
572 etc.) are never buffered.
574 Errors after MAIL or DATA abort the whole process leaving the response in the
575 buffer. After MAIL, pending responses are flushed, and the original command is
576 re-instated in big_buffer for error messages. For RCPT commands, the remote is
577 permitted to reject some recipient addresses while accepting others. However
578 certain errors clearly abort the whole process. Set the value in
579 transport_return to PENDING_OK if the address is accepted. If there is a
580 subsequent general error, it will get reset accordingly. If not, it will get
581 converted to OK at the end.
584 addrlist the complete address list
585 include_affixes TRUE if affixes include in RCPT
586 sync_addr ptr to the ptr of the one to start scanning at (updated)
587 host the host we are connected to
588 count the number of responses to read
590 include_sender true if 4xx retry is to include the sender it its key
591 pending_MAIL true if the first response is for MAIL
592 pending_DATA 0 if last command sent was not DATA
593 +1 if previously had a good recipient
594 -1 if not previously had a good recipient
595 inblock incoming SMTP block
596 timeout timeout value
597 buffer buffer for reading response
598 buffsize size of buffer
600 Returns: 3 if at least one address had 2xx and one had 5xx
601 2 if at least one address had 5xx but none had 2xx
602 1 if at least one host had a 2xx response, but none had 5xx
603 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
604 -1 timeout while reading RCPT response
605 -2 I/O or other non-response error for RCPT
606 -3 DATA or MAIL failed - errno and buffer set
610 sync_responses(address_item *addrlist, BOOL include_affixes,
611 address_item **sync_addr, host_item *host, int count,
612 BOOL address_retry_include_sender, BOOL pending_MAIL,
613 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
616 address_item *addr = *sync_addr;
619 /* Handle the response for a MAIL command. On error, reinstate the original
620 command in big_buffer for error message use, and flush any further pending
621 responses before returning, except after I/O errors and timeouts. */
626 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
628 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
629 if (errno == 0 && buffer[0] != 0)
631 uschar flushbuffer[4096];
633 if (buffer[0] == '4')
635 save_errno = ERRNO_MAIL4XX;
636 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
640 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
642 && (errno != 0 || flushbuffer[0] == 0))
651 if (pending_DATA) count--; /* Number of RCPT responses to come */
653 /* Read and handle the required number of RCPT responses, matching each one up
654 with an address by scanning for the next address whose status is PENDING_DEFER.
659 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
661 /* The address was accepted */
663 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
666 addr->transport_return = PENDING_OK;
668 /* If af_dr_retry_exists is set, there was a routing delay on this address;
669 ensure that any address-specific retry record is expunged. We do this both
670 for the basic key and for the version that also includes the sender. */
672 if (testflag(addr, af_dr_retry_exists))
674 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
676 retry_add_item(addr, altkey, rf_delete);
677 retry_add_item(addr, addr->address_retry_key, rf_delete);
681 /* Timeout while reading the response */
683 else if (errno == ETIMEDOUT)
685 int save_errno = errno;
686 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
687 "after RCPT TO:<%s>", host->name, host->address,
688 transport_rcpt_address(addr, include_affixes));
689 set_errno(addrlist, save_errno, message, DEFER, FALSE);
690 retry_add_item(addr, addr->address_retry_key, 0);
691 update_waiting = FALSE;
695 /* Handle other errors in obtaining an SMTP response by returning -1. This
696 will cause all the addresses to be deferred. Restore the SMTP command in
697 big_buffer for which we are checking the response, so the error message
700 else if (errno != 0 || buffer[0] == 0)
702 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
703 transport_rcpt_address(addr, include_affixes));
707 /* Handle SMTP permanent and temporary response codes. */
712 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
713 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
714 host->name, host->address, string_printing(buffer));
715 setflag(addr, af_pass_message);
716 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
718 /* The response was 5xx */
720 if (buffer[0] == '5')
722 addr->transport_return = FAIL;
726 /* The response was 4xx */
730 addr->transport_return = DEFER;
731 addr->basic_errno = ERRNO_RCPT4XX;
732 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
734 /* Log temporary errors if there are more hosts to be tried. */
736 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
738 /* Do not put this message on the list of those waiting for specific
739 hosts, as otherwise it is likely to be tried too often. */
741 update_waiting = FALSE;
743 /* Add a retry item for the address so that it doesn't get tried again
744 too soon. If address_retry_include_sender is true, add the sender address
747 if (address_retry_include_sender)
749 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
751 retry_add_item(addr, altkey, 0);
753 else retry_add_item(addr, addr->address_retry_key, 0);
756 } /* Loop for next RCPT response */
758 /* Update where to start at for the next block of responses, unless we
759 have already handled all the addresses. */
761 if (addr != NULL) *sync_addr = addr->next;
763 /* Handle a response to DATA. If we have not had any good recipients, either
764 previously or in this block, the response is ignored. */
766 if (pending_DATA != 0 &&
767 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
772 if (pending_DATA > 0 || (yield & 1) != 0)
774 if (errno == 0 && buffer[0] == '4')
776 errno = ERRNO_DATA4XX;
777 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
781 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
782 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
783 "is in use and there were no good recipients\n", msg);
786 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
787 present) received 3xx. If any RCPTs were handled and yielded anything other
788 than 4xx, yield will be set non-zero. */
795 /*************************************************
796 * Deliver address list to given host *
797 *************************************************/
799 /* If continue_hostname is not null, we get here only when continuing to
800 deliver down an existing channel. The channel was passed as the standard
801 input. TLS is never active on a passed channel; the previous process always
802 closes it down before passing the connection on.
804 Otherwise, we have to make a connection to the remote host, and do the
805 initial protocol exchange.
807 When running as an MUA wrapper, if the sender or any recipient is rejected,
808 temporarily or permanently, we force failure for all recipients.
811 addrlist chain of potential addresses to deliver; only those whose
812 transport_return field is set to PENDING_DEFER are currently
813 being processed; others should be skipped - they have either
814 been delivered to an earlier host or IP address, or been
815 failed by one of them.
816 host host to deliver to
817 host_af AF_INET or AF_INET6
818 port default TCP/IP port to use, in host byte order
819 interface interface to bind to, or NULL
820 tblock transport instance block
821 copy_host TRUE if host set in addr->host_used must be copied, because
822 it is specific to this call of the transport
823 message_defer set TRUE if yield is OK, but all addresses were deferred
824 because of a non-recipient, non-host failure, that is, a
825 4xx response to MAIL FROM, DATA, or ".". This is a defer
826 that is specific to the message.
827 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
828 a second attempt after TLS initialization fails
830 Returns: OK - the connection was made and the delivery attempted;
831 the result for each address is in its data block.
832 DEFER - the connection could not be made, or something failed
833 while setting up the SMTP session, or there was a
834 non-message-specific error, such as a timeout.
835 ERROR - a filter command is specified for this transport,
836 and there was a problem setting it up; OR helo_data
837 or add_headers or authenticated_sender is specified
838 for this transport, and the string failed to expand
842 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
843 uschar *interface, transport_instance *tblock, BOOL copy_host,
844 BOOL *message_defer, BOOL suppress_tls)
847 address_item *sync_addr;
848 address_item *first_addr = addrlist;
853 time_t start_delivery_time = time(NULL);
854 smtp_transport_options_block *ob =
855 (smtp_transport_options_block *)(tblock->options_block);
856 BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
857 BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
859 BOOL send_rset = TRUE;
860 BOOL send_quit = TRUE;
861 BOOL setting_up = TRUE;
862 BOOL completed_address = FALSE;
865 BOOL pass_message = FALSE;
866 smtp_inblock inblock;
867 smtp_outblock outblock;
868 int max_rcpt = tblock->max_addresses;
869 uschar *igquotstr = US"";
870 uschar *local_authenticated_sender = authenticated_sender;
871 uschar *helo_data = NULL;
872 uschar *message = NULL;
873 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
876 uschar inbuffer[4096];
877 uschar outbuffer[1024];
879 suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
881 *message_defer = FALSE;
882 smtp_command = US"initial connection";
883 if (max_rcpt == 0) max_rcpt = 999999;
885 /* Set up the buffer for reading SMTP response packets. */
887 inblock.buffer = inbuffer;
888 inblock.buffersize = sizeof(inbuffer);
889 inblock.ptr = inbuffer;
890 inblock.ptrend = inbuffer;
892 /* Set up the buffer for holding SMTP commands while pipelining */
894 outblock.buffer = outbuffer;
895 outblock.buffersize = sizeof(outbuffer);
896 outblock.ptr = outbuffer;
897 outblock.cmd_count = 0;
898 outblock.authenticating = FALSE;
900 /* Reset the parameters of a TLS session. */
905 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
909 /* If an authenticated_sender override has been specified for this transport
910 instance, expand it. If the expansion is forced to fail, and there was already
911 an authenticated_sender for this message, the original value will be used.
912 Other expansion failures are serious. An empty result is ignored, but there is
913 otherwise no check - this feature is expected to be used with LMTP and other
914 cases where non-standard addresses (e.g. without domains) might be required. */
916 if (ob->authenticated_sender != NULL)
918 uschar *new = expand_string(ob->authenticated_sender);
921 if (!expand_string_forcedfail)
923 uschar *message = string_sprintf("failed to expand "
924 "authenticated_sender: %s", expand_string_message);
925 set_errno(addrlist, 0, message, DEFER, FALSE);
929 else if (new[0] != 0) local_authenticated_sender = new;
935 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
940 /* Make a connection to the host if this isn't a continued delivery, and handle
941 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
942 specially so they can be identified for retries. */
944 if (continue_hostname == NULL)
946 inblock.sock = outblock.sock =
947 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
948 ob->keepalive); /* This puts port into host->port */
950 if (inblock.sock < 0)
952 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
957 /* Expand the greeting message while waiting for the initial response. (Makes
958 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
959 delayed till here so that $sending_interface and $sending_port are set. */
961 helo_data = expand_string(ob->helo_data);
963 /* The first thing is to wait for an initial OK response. The dreaded "goto"
964 is nevertheless a reasonably clean way of programming this kind of logic,
965 where you want to escape on any error. */
969 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
970 ob->command_timeout)) goto RESPONSE_FAILED;
972 /* Now check if the helo_data expansion went well, and sign off cleanly if
975 if (helo_data == NULL)
977 uschar *message = string_sprintf("failed to expand helo_data: %s",
978 expand_string_message);
979 set_errno(addrlist, 0, message, DEFER, FALSE);
985 /** Debugging without sending a message
986 addrlist->transport_return = DEFER;
990 /* Errors that occur after this point follow an SMTP command, which is
991 left in big_buffer by smtp_write_command() for use in error messages. */
993 smtp_command = big_buffer;
995 /* Tell the remote who we are...
997 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
998 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
999 greeting is of this form. The assumption was that the far end supports it
1000 properly... but experience shows that there are some that give 5xx responses,
1001 even though the banner includes "ESMTP" (there's a bloody-minded one that
1002 says "ESMTP not spoken here"). Cope with that case.
1004 September 2000: Time has passed, and it seems reasonable now to always send
1005 EHLO at the start. It is also convenient to make the change while installing
1008 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1009 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1010 would be no way to send out the mails, so there is now a host list
1011 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1012 PIPELINING problem as well. Maybe it can also be useful to cure other
1013 problems with broken servers.
1015 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1016 Then somebody tried it with a Microsoft mailer... It seems that all other
1017 mailers use upper case for some reason (the RFC is quite clear about case
1018 independence) so, for peace of mind, I gave in. */
1020 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1021 host->name, host->address, NULL) != OK;
1023 /* Alas; be careful, since this goto is not an error-out, so conceivably
1024 we might set data between here and the target which we assume to exist
1025 and be usable. I can see this coming back to bite us. */
1030 suppress_tls = FALSE;
1031 ob->tls_tempfail_tryclear = FALSE;
1032 smtp_command = US"SSL-on-connect";
1039 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1040 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1042 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1043 ob->command_timeout))
1045 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1052 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1057 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1059 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1060 ob->command_timeout)) goto RESPONSE_FAILED;
1063 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1064 lmtp_ignore_quota option was set. */
1066 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1067 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1068 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1070 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1073 tls_offered = esmtp &&
1074 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1075 PCRE_EOPT, NULL, 0) >= 0;
1079 /* For continuing deliveries down the same channel, the socket is the standard
1080 input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1081 below). Set up the pointer to where subsequent commands will be left, for
1082 error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1083 set from the command line if they were set in the process that passed the
1088 inblock.sock = outblock.sock = fileno(stdin);
1089 smtp_command = big_buffer;
1090 host->port = port; /* Record the port that was used */
1093 /* If TLS is available on this connection, whether continued or not, attempt to
1094 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1095 send another EHLO - the server may give a different answer in secure mode. We
1096 use a separate buffer for reading the response to STARTTLS so that if it is
1097 negative, the original EHLO data is available for subsequent analysis, should
1098 the client not be required to use TLS. If the response is bad, copy the buffer
1099 for error analysis. */
1102 if (tls_offered && !suppress_tls &&
1103 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1104 host->address, NULL) != OK)
1106 uschar buffer2[4096];
1107 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1110 /* If there is an I/O error, transmission of this message is deferred. If
1111 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1112 false, we also defer. However, if there is a temporary rejection of STARTTLS
1113 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1114 STARTTLS, we carry on. This means we will try to send the message in clear,
1115 unless the host is in hosts_require_tls (tested below). */
1117 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1118 ob->command_timeout))
1120 if (errno != 0 || buffer2[0] == 0 ||
1121 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
1123 Ustrncpy(buffer, buffer2, sizeof(buffer));
1124 goto RESPONSE_FAILED;
1128 /* STARTTLS accepted: try to negotiate a TLS session. */
1133 int rc = tls_client_start(inblock.sock,
1136 NULL, /* No DH param */
1137 ob->tls_certificate,
1140 ob->tls_verify_certificates,
1142 ob->tls_require_ciphers,
1143 ob->tls_dh_min_bits,
1144 ob->command_timeout);
1146 /* TLS negotiation failed; give an error. From outside, this function may
1147 be called again to try in clear on a new connection, if the options permit
1148 it for this host. */
1152 save_errno = ERRNO_TLSFAILURE;
1153 message = US"failure while setting up TLS session";
1158 /* TLS session is set up */
1160 for (addr = addrlist; addr != NULL; addr = addr->next)
1162 if (addr->transport_return == PENDING_DEFER)
1164 addr->cipher = tls_cipher;
1165 addr->peerdn = tls_peerdn;
1171 /* if smtps, we'll have smtp_command set to something else; always safe to
1173 smtp_command = big_buffer;
1175 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1176 helo_data is null, we are dealing with a connection that was passed from
1177 another process, and so we won't have expanded helo_data above. We have to
1178 expand it here. $sending_ip_address and $sending_port are set up right at the
1179 start of the Exim process (in exim.c). */
1181 if (tls_active >= 0)
1184 if (helo_data == NULL)
1186 helo_data = expand_string(ob->helo_data);
1187 if (helo_data == NULL)
1189 uschar *message = string_sprintf("failed to expand helo_data: %s",
1190 expand_string_message);
1191 set_errno(addrlist, 0, message, DEFER, FALSE);
1197 /* For SMTPS we need to wait for the initial OK response. */
1200 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1201 ob->command_timeout)) goto RESPONSE_FAILED;
1205 greeting_cmd = "EHLO";
1208 greeting_cmd = "HELO";
1210 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1213 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1214 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
1216 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1217 ob->command_timeout))
1218 goto RESPONSE_FAILED;
1221 /* If the host is required to use a secure channel, ensure that we
1224 else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1225 host->address, NULL) == OK)
1227 save_errno = ERRNO_TLSREQUIRED;
1228 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1229 host->name, host->address,
1230 tls_offered? "an attempt to start TLS failed" :
1231 "the server did not offer TLS support");
1236 /* If TLS is active, we have just started it up and re-done the EHLO command,
1237 so its response needs to be analyzed. If TLS is not active and this is a
1238 continued session down a previously-used socket, we haven't just done EHLO, so
1241 if (continue_hostname == NULL
1248 uschar *fail_reason = US"server did not advertise AUTH support";
1250 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1251 lmtp_ignore_quota option was set. */
1253 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1254 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1255 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1257 /* If the response to EHLO specified support for the SIZE parameter, note
1258 this, provided size_addition is non-negative. */
1260 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1261 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1262 PCRE_EOPT, NULL, 0) >= 0;
1264 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
1265 the current host, esmtp will be false, so PIPELINING can never be used. If
1266 the current host matches hosts_avoid_pipelining, don't do it. */
1268 smtp_use_pipelining = esmtp &&
1269 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1270 host->address, NULL) != OK &&
1271 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1272 PCRE_EOPT, NULL, 0) >= 0;
1274 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1275 smtp_use_pipelining? "" : "not ");
1277 /* Note if the response to EHLO specifies support for the AUTH extension.
1278 If it has, check that this host is one we want to authenticate to, and do
1279 the business. The host name and address must be available when the
1280 authenticator's client driver is running. */
1282 smtp_authenticated = FALSE;
1283 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
1284 host->name, host->address, NULL);
1286 if (esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
1288 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
1289 expand_nmax = -1; /* reset */
1291 /* Must not do this check until after we have saved the result of the
1292 regex match above. */
1294 if (require_auth == OK ||
1295 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
1296 host->address, NULL) == OK)
1299 fail_reason = US"no common mechanisms were found";
1301 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1303 /* Scan the configured authenticators looking for one which is configured
1304 for use as a client, which is not suppressed by client_condition, and
1305 whose name matches an authentication mechanism supported by the server.
1306 If one is found, attempt to authenticate by calling its client function.
1309 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
1313 (au->client_condition != NULL &&
1314 !expand_check_condition(au->client_condition, au->name,
1315 US"client authenticator")))
1317 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1319 (au->client)? "client_condition is false" :
1320 "not configured as a client");
1324 /* Loop to scan supported server mechanisms */
1329 int len = Ustrlen(au->public_name);
1330 while (isspace(*p)) p++;
1332 if (strncmpic(au->public_name, p, len) != 0 ||
1333 (p[len] != 0 && !isspace(p[len])))
1335 while (*p != 0 && !isspace(*p)) p++;
1339 /* Found data for a listed mechanism. Call its client entry. Set
1340 a flag in the outblock so that data is overwritten after sending so
1341 that reflections don't show it. */
1343 fail_reason = US"authentication attempt(s) failed";
1344 outblock.authenticating = TRUE;
1345 rc = (au->info->clientcode)(au, &inblock, &outblock,
1346 ob->command_timeout, buffer, sizeof(buffer));
1347 outblock.authenticating = FALSE;
1348 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
1351 /* A temporary authentication failure must hold up delivery to
1352 this host. After a permanent authentication failure, we carry on
1353 to try other authentication methods. If all fail hard, try to
1354 deliver the message unauthenticated unless require_auth was set. */
1359 smtp_authenticated = TRUE; /* stops the outer loop */
1362 /* Failure after writing a command */
1367 /* Failure after reading a response */
1370 if (errno != 0 || buffer[0] != '5') goto RESPONSE_FAILED;
1371 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1372 au->name, host->name, host->address, buffer);
1375 /* Failure by some other means. In effect, the authenticator
1376 decided it wasn't prepared to handle this case. Typically this
1377 is the result of "fail" in an expansion string. Do we need to
1378 log anything here? Feb 2006: a message is now put in the buffer
1379 if logging is required. */
1383 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1384 "authentication H=%s [%s] %s", au->name, host->name,
1385 host->address, buffer);
1388 /* Internal problem, message in buffer. */
1392 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1396 break; /* If not authenticated, try next authenticator */
1397 } /* Loop for scanning supported server mechanisms */
1398 } /* Loop for further authenticators */
1402 /* If we haven't authenticated, but are required to, give up. */
1404 if (require_auth == OK && !smtp_authenticated)
1407 set_errno(addrlist, ERRNO_AUTHFAIL,
1408 string_sprintf("authentication required but %s", fail_reason), DEFER,
1414 /* The setting up of the SMTP call is now complete. Any subsequent errors are
1415 message-specific. */
1419 /* If there is a filter command specified for this transport, we can now
1420 set it up. This cannot be done until the identify of the host is known. */
1422 if (tblock->filter_command != NULL)
1426 sprintf(CS buffer, "%.50s transport", tblock->name);
1427 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1428 TRUE, DEFER, addrlist, buffer, NULL);
1429 transport_filter_timeout = tblock->filter_timeout;
1431 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1436 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1444 /* For messages that have more than the maximum number of envelope recipients,
1445 we want to send several transactions down the same SMTP connection. (See
1446 comments in deliver.c as to how this reconciles, heuristically, with
1447 remote_max_parallel.) This optimization was added to Exim after the following
1448 code was already working. The simplest way to put it in without disturbing the
1449 code was to use a goto to jump back to this point when there is another
1450 transaction to handle. */
1453 sync_addr = first_addr;
1457 completed_address = FALSE;
1460 /* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1461 qualification, send it, adding something to the message size to allow for
1462 imprecision and things that get added en route. Exim keeps the number of lines
1463 in a message, so we can give an accurate value for the original message, but we
1464 need some additional to handle added headers. (Double "." characters don't get
1465 included in the count.) */
1472 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1476 /* Add the authenticated sender address if present */
1478 if ((smtp_authenticated || ob->authenticated_sender_force) &&
1479 local_authenticated_sender != NULL)
1481 string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s",
1482 auth_xtextencode(local_authenticated_sender,
1483 Ustrlen(local_authenticated_sender)));
1486 /* From here until we send the DATA command, we can make use of PIPELINING
1487 if the server host supports it. The code has to be able to check the responses
1488 at any point, for when the buffer fills up, so we write it totally generally.
1489 When PIPELINING is off, each command written reports that it has flushed the
1492 pending_MAIL = TRUE; /* The block starts with MAIL */
1494 rc = smtp_write_command(&outblock, smtp_use_pipelining,
1495 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1496 mail_command = string_copy(big_buffer); /* Save for later error message */
1500 case -1: /* Transmission error */
1503 case +1: /* Block was sent */
1504 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1505 ob->command_timeout))
1507 if (errno == 0 && buffer[0] == '4')
1509 errno = ERRNO_MAIL4XX;
1510 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1512 goto RESPONSE_FAILED;
1514 pending_MAIL = FALSE;
1518 /* Pass over all the relevant recipient addresses for this host, which are the
1519 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1520 several before we have to read the responses for those seen so far. This
1521 checking is done by a subroutine because it also needs to be done at the end.
1522 Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1523 the next one if not all are sent.
1525 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1526 last address because we want to abort if any recipients have any kind of
1527 problem, temporary or permanent. We know that all recipient addresses will have
1528 the PENDING_DEFER status, because only one attempt is ever made, and we know
1529 that max_rcpt will be large, so all addresses will be done at once. */
1531 for (addr = first_addr;
1532 address_count < max_rcpt && addr != NULL;
1538 if (addr->transport_return != PENDING_DEFER) continue;
1541 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1543 /* Now send the RCPT command, and process outstanding responses when
1544 necessary. After a timeout on RCPT, we just end the function, leaving the
1545 yield as OK, because this error can often mean that there is a problem with
1546 just one address, so we don't want to delay the host. */
1548 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1549 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
1550 if (count < 0) goto SEND_FAILED;
1553 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
1554 &sync_addr, host, count, ob->address_retry_include_sender,
1555 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1558 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1559 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1562 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1563 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1564 case 0: /* No 2xx or 5xx, but no probs */
1567 case -1: goto END_OFF; /* Timeout on RCPT */
1568 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1570 pending_MAIL = FALSE; /* Dealt with MAIL */
1572 } /* Loop for next address */
1574 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1575 permanently or temporarily. We should have flushed and synced after the last
1580 address_item *badaddr;
1581 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1583 if (badaddr->transport_return != PENDING_OK) break;
1585 if (badaddr != NULL)
1587 set_errno(addrlist, 0, badaddr->message, FAIL,
1588 testflag(badaddr, af_pass_message));
1593 /* If ok is TRUE, we know we have got at least one good recipient, and must now
1594 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1595 have a good recipient buffered up if we are pipelining. We don't want to waste
1596 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1597 are pipelining. The responses are all handled by sync_responses(). */
1599 if (ok || (smtp_use_pipelining && !mua_wrapper))
1601 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1602 if (count < 0) goto SEND_FAILED;
1603 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
1604 host, count, ob->address_retry_include_sender, pending_MAIL,
1605 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
1607 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1608 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1611 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1612 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1613 case 0: break; /* No 2xx or 5xx, but no probs */
1615 case -1: goto END_OFF; /* Timeout on RCPT */
1616 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1620 /* Save the first address of the next batch. */
1624 /* If there were no good recipients (but otherwise there have been no
1625 problems), just set ok TRUE, since we have handled address-specific errors
1626 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1627 for handling the SMTP dot-handling protocol, flagging to apply to headers as
1628 well as body. Set the appropriate timeout value to be used for each chunk.
1629 (Haven't been able to make it work using select() for writing yet.) */
1631 if (!ok) ok = TRUE; else
1633 sigalrm_seen = FALSE;
1634 transport_write_timeout = ob->data_timeout;
1635 smtp_command = US"sending data block"; /* For error messages */
1636 DEBUG(D_transport|D_v)
1637 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1638 transport_count = 0;
1639 #ifndef DISABLE_DKIM
1640 ok = dkim_transport_write_message(addrlist, inblock.sock,
1641 topt_use_crlf | topt_end_dot | topt_escape_headers |
1642 (tblock->body_only? topt_no_headers : 0) |
1643 (tblock->headers_only? topt_no_body : 0) |
1644 (tblock->return_path_add? topt_add_return_path : 0) |
1645 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1646 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1647 0, /* No size limit */
1648 tblock->add_headers, tblock->remove_headers,
1649 US".", US"..", /* Escaping strings */
1650 tblock->rewrite_rules, tblock->rewrite_existflags,
1651 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
1652 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
1655 ok = transport_write_message(addrlist, inblock.sock,
1656 topt_use_crlf | topt_end_dot | topt_escape_headers |
1657 (tblock->body_only? topt_no_headers : 0) |
1658 (tblock->headers_only? topt_no_body : 0) |
1659 (tblock->return_path_add? topt_add_return_path : 0) |
1660 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1661 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1662 0, /* No size limit */
1663 tblock->add_headers, tblock->remove_headers,
1664 US".", US"..", /* Escaping strings */
1665 tblock->rewrite_rules, tblock->rewrite_existflags);
1668 /* transport_write_message() uses write() because it is called from other
1669 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1670 it can exit with "Broken pipe" as its error. This really means that the
1671 socket got closed at the far end. */
1673 transport_write_timeout = 0; /* for subsequent transports */
1675 /* Failure can either be some kind of I/O disaster (including timeout),
1676 or the failure of a transport filter or the expansion of added headers. */
1680 buffer[0] = 0; /* There hasn't been a response */
1681 goto RESPONSE_FAILED;
1684 /* We used to send the terminating "." explicitly here, but because of
1685 buffering effects at both ends of TCP/IP connections, you don't gain
1686 anything by keeping it separate, so it might as well go in the final
1687 data buffer for efficiency. This is now done by setting the topt_end_dot
1690 smtp_command = US"end of data";
1692 /* For SMTP, we now read a single response that applies to the whole message.
1693 If it is OK, then all the addresses have been delivered. */
1697 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1699 if (!ok && errno == 0 && buffer[0] == '4')
1701 errno = ERRNO_DATA4XX;
1702 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1706 /* For LMTP, we get back a response for every RCPT command that we sent;
1707 some may be accepted and some rejected. For those that get a response, their
1708 status is fixed; any that are accepted have been handed over, even if later
1709 responses crash - at least, that's how I read RFC 2033.
1711 If all went well, mark the recipient addresses as completed, record which
1712 host/IPaddress they were delivered to, and cut out RSET when sending another
1713 message down the same channel. Write the completed addresses to the journal
1714 now so that they are recorded in case there is a crash of hardware or
1715 software before the spool gets updated. Also record the final SMTP
1716 confirmation if needed (for SMTP only). */
1721 int delivery_time = (int)(time(NULL) - start_delivery_time);
1724 uschar *conf = NULL;
1727 /* Make a copy of the host if it is local to this invocation
1728 of the transport. */
1732 thost = store_get(sizeof(host_item));
1734 thost->name = string_copy(host->name);
1735 thost->address = string_copy(host->address);
1739 /* Set up confirmation if needed - applies only to SMTP */
1741 if ((log_extra_selector & LX_smtp_confirmation) != 0 && !lmtp)
1743 uschar *s = string_printing(buffer);
1744 conf = (s == buffer)? (uschar *)string_copy(s) : s;
1747 /* Process all transported addresses - for LMTP, read a status for
1750 for (addr = addrlist; addr != first_addr; addr = addr->next)
1752 if (addr->transport_return != PENDING_OK) continue;
1754 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
1755 remaining addresses. Otherwise, it's a return code for just the one
1756 address. For temporary errors, add a retry item for the address so that
1757 it doesn't get tried again too soon. */
1761 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1764 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
1765 addr->message = string_sprintf("LMTP error after %s: %s",
1766 big_buffer, string_printing(buffer));
1767 setflag(addr, af_pass_message); /* Allow message to go to user */
1768 if (buffer[0] == '5')
1769 addr->transport_return = FAIL;
1772 errno = ERRNO_DATA4XX;
1773 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1774 addr->transport_return = DEFER;
1775 retry_add_item(addr, addr->address_retry_key, 0);
1779 completed_address = TRUE; /* NOW we can set this flag */
1780 if ((log_extra_selector & LX_smtp_confirmation) != 0)
1782 uschar *s = string_printing(buffer);
1783 conf = (s == buffer)? (uschar *)string_copy(s) : s;
1787 /* SMTP, or success return from LMTP for this address. Pass back the
1788 actual host that was used. */
1790 addr->transport_return = OK;
1791 addr->more_errno = delivery_time;
1792 addr->host_used = thost;
1793 addr->special_action = flag;
1794 addr->message = conf;
1797 /* Update the journal. For homonymic addresses, use the base address plus
1798 the transport name. See lots of comments in deliver.c about the reasons
1799 for the complications when homonyms are involved. Just carry on after
1800 write error, as it may prove possible to update the spool file later. */
1802 if (testflag(addr, af_homonym))
1803 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
1805 sprintf(CS buffer, "%.500s\n", addr->unique);
1807 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
1808 len = Ustrlen(CS buffer);
1809 if (write(journal_fd, buffer, len) != len)
1810 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
1811 "%s: %s", buffer, strerror(errno));
1814 /* Ensure the journal file is pushed out to disk. */
1816 if (EXIMfsync(journal_fd) < 0)
1817 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
1823 /* Handle general (not specific to one address) failures here. The value of ok
1824 is used to skip over this code on the falling through case. A timeout causes a
1825 deferral. Other errors may defer or fail according to the response code, and
1826 may set up a special errno value, e.g. after connection chopped, which is
1827 assumed if errno == 0 and there is no text in the buffer. If control reaches
1828 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
1829 the problem is not related to this specific message. */
1838 send_quit = check_response(host, &save_errno, addrlist->more_errno,
1839 buffer, &code, &message, &pass_message);
1845 message = US string_sprintf("send() to %s [%s] failed: %s",
1846 host->name, host->address, strerror(save_errno));
1850 /* This label is jumped to directly when a TLS negotiation has failed,
1851 or was not done for a host for which it is required. Values will be set
1852 in message and save_errno, and setting_up will always be true. Treat as
1853 a temporary error. */
1860 /* If the failure happened while setting up the call, see if the failure was
1861 a 5xx response (this will either be on connection, or following HELO - a 5xx
1862 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
1863 never going to accept them. For other errors during setting up (timeouts or
1864 whatever), defer all addresses, and yield DEFER, so that the host is not
1865 tried again for a while. */
1868 ok = FALSE; /* For when reached by GOTO */
1874 set_errno(addrlist, save_errno, message, FAIL, pass_message);
1878 set_errno(addrlist, save_errno, message, DEFER, pass_message);
1883 /* We want to handle timeouts after MAIL or "." and loss of connection after
1884 "." specially. They can indicate a problem with the sender address or with
1885 the contents of the message rather than a real error on the connection. These
1886 cases are treated in the same way as a 4xx response. This next bit of code
1887 does the classification. */
1898 message_error = TRUE;
1902 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
1903 Ustrncmp(smtp_command,"end ",4) == 0;
1906 case ERRNO_SMTPCLOSED:
1907 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
1911 message_error = FALSE;
1915 /* Handle the cases that are treated as message errors. These are:
1917 (a) negative response or timeout after MAIL
1918 (b) negative response after DATA
1919 (c) negative response or timeout or dropped connection after "."
1921 It won't be a negative response or timeout after RCPT, as that is dealt
1922 with separately above. The action in all cases is to set an appropriate
1923 error code for all the addresses, but to leave yield set to OK because the
1924 host itself has not failed. Of course, it might in practice have failed
1925 when we've had a timeout, but if so, we'll discover that at the next
1926 delivery attempt. For a temporary error, set the message_defer flag, and
1927 write to the logs for information if this is not the last host. The error
1928 for the last host will be logged as part of the address's log line. */
1932 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
1933 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
1936 /* If there's an errno, the message contains just the identity of
1939 if (code != '5') /* Anything other than 5 is treated as temporary */
1942 message = US string_sprintf("%s: %s", message, strerror(save_errno));
1943 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
1944 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
1945 *message_defer = TRUE;
1949 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
1950 ".", or some other transportation error. We defer all addresses and yield
1951 DEFER, except for the case of failed add_headers expansion, or a transport
1952 filter failure, when the yield should be ERROR, to stop it trying other
1957 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
1958 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
1959 set_errno(addrlist, save_errno, message, DEFER, pass_message);
1965 /* If all has gone well, send_quit will be set TRUE, implying we can end the
1966 SMTP session tidily. However, if there were too many addresses to send in one
1967 message (indicated by first_addr being non-NULL) we want to carry on with the
1968 rest of them. Also, it is desirable to send more than one message down the SMTP
1969 connection if there are several waiting, provided we haven't already sent so
1970 many as to hit the configured limit. The function transport_check_waiting looks
1971 for a waiting message and returns its id. Then transport_pass_socket tries to
1972 set up a continued delivery by passing the socket on to another process. The
1973 variable send_rset is FALSE if a message has just been successfully transfered.
1975 If we are already sending down a continued channel, there may be further
1976 addresses not yet delivered that are aimed at the same host, but which have not
1977 been passed in this run of the transport. In this case, continue_more will be
1978 true, and all we should do is send RSET if necessary, and return, leaving the
1981 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
1982 do not want to continue with other messages down the same channel, because that
1983 can lead to looping between two or more messages, all with the same,
1984 temporarily failing address(es). [The retry information isn't updated yet, so
1985 new processes keep on trying.] We probably also don't want to try more of this
1986 message's addresses either.
1988 If we have started a TLS session, we have to end it before passing the
1989 connection to a new process. However, not all servers can handle this (Exim
1990 can), so we do not pass such a connection on if the host matches
1991 hosts_nopass_tls. */
1994 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
1995 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
1996 continue_more, yield, (first_addr == NULL)? "":"not ");
1998 if (completed_address && ok && send_quit)
2001 if (first_addr != NULL || continue_more ||
2004 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2005 host->address, NULL) != OK)
2007 transport_check_waiting(tblock->name, host->name,
2008 tblock->connection_max_messages, new_message_id, &more)
2016 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2018 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2019 host->address, strerror(save_errno));
2022 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2023 ob->command_timeout)))
2026 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2030 DEBUG(D_transport) debug_printf("%s\n", msg);
2035 /* Either RSET was not needed, or it succeeded */
2039 if (first_addr != NULL) /* More addresses still to be sent */
2040 { /* in this run of the transport */
2041 continue_sequence++; /* Causes * in logging */
2044 if (continue_more) return yield; /* More addresses for another run */
2046 /* Pass the socket to a new Exim process. Before doing so, we must shut
2047 down TLS. Not all MTAs allow for the continuation of the SMTP session
2048 when TLS is shut down. We test for this by sending a new EHLO. If we
2049 don't get a good response, we don't attempt to pass the socket on. */
2052 if (tls_active >= 0)
2058 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2059 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2060 ob->command_timeout);
2064 /* If the socket is successfully passed, we musn't send QUIT (or
2065 indeed anything!) from here. */
2067 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2068 new_message_id, inblock.sock))
2074 /* If RSET failed and there are addresses left, they get deferred. */
2076 else set_errno(first_addr, errno, msg, DEFER, FALSE);
2080 /* End off tidily with QUIT unless the connection has died or the socket has
2081 been passed to another process. There has been discussion on the net about what
2082 to do after sending QUIT. The wording of the RFC suggests that it is necessary
2083 to wait for a response, but on the other hand, there isn't anything one can do
2084 with an error response, other than log it. Exim used to do that. However,
2085 further discussion suggested that it is positively advantageous not to wait for
2086 the response, but to close the session immediately. This is supposed to move
2087 the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2088 load from the server. (Hosts that are both servers and clients may not see much
2089 difference, of course.) Further discussion indicated that this was safe to do
2090 on Unix systems which have decent implementations of TCP/IP that leave the
2091 connection around for a while (TIME_WAIT) after the application has gone away.
2092 This enables the response sent by the server to be properly ACKed rather than
2093 timed out, as can happen on broken TCP/IP implementations on other OS.
2095 This change is being made on 31-Jul-98. After over a year of trouble-free
2096 operation, the old commented-out code was removed on 17-Sep-99. */
2099 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2107 /* Close the socket, and return the appropriate value, first setting
2108 continue_transport and continue_hostname NULL to prevent any other addresses
2109 that may include the host from trying to re-use a continuation socket. This
2110 works because the NULL setting is passed back to the calling process, and
2111 remote_max_parallel is forced to 1 when delivering over an existing connection,
2113 If all went well and continue_more is set, we shouldn't actually get here if
2114 there are further addresses, as the return above will be taken. However,
2115 writing RSET might have failed, or there may be other addresses whose hosts are
2116 specified in the transports, and therefore not visible at top level, in which
2117 case continue_more won't get set. */
2119 (void)close(inblock.sock);
2120 continue_transport = NULL;
2121 continue_hostname = NULL;
2128 /*************************************************
2129 * Closedown entry point *
2130 *************************************************/
2132 /* This function is called when exim is passed an open smtp channel
2133 from another incarnation, but the message which it has been asked
2134 to deliver no longer exists. The channel is on stdin.
2136 We might do fancy things like looking for another message to send down
2137 the channel, but if the one we sought has gone, it has probably been
2138 delivered by some other process that itself will seek further messages,
2139 so just close down our connection.
2141 Argument: pointer to the transport instance block
2146 smtp_transport_closedown(transport_instance *tblock)
2148 smtp_transport_options_block *ob =
2149 (smtp_transport_options_block *)(tblock->options_block);
2150 smtp_inblock inblock;
2151 smtp_outblock outblock;
2153 uschar inbuffer[4096];
2154 uschar outbuffer[16];
2156 inblock.sock = fileno(stdin);
2157 inblock.buffer = inbuffer;
2158 inblock.buffersize = sizeof(inbuffer);
2159 inblock.ptr = inbuffer;
2160 inblock.ptrend = inbuffer;
2162 outblock.sock = inblock.sock;
2163 outblock.buffersize = sizeof(outbuffer);
2164 outblock.buffer = outbuffer;
2165 outblock.ptr = outbuffer;
2166 outblock.cmd_count = 0;
2167 outblock.authenticating = FALSE;
2169 (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2170 (void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2171 ob->command_timeout);
2172 (void)close(inblock.sock);
2177 /*************************************************
2178 * Prepare addresses for delivery *
2179 *************************************************/
2181 /* This function is called to flush out error settings from previous delivery
2182 attempts to other hosts. It also records whether we got here via an MX record
2183 or not in the more_errno field of the address. We are interested only in
2184 addresses that are still marked DEFER - others may have got delivered to a
2185 previously considered IP address. Set their status to PENDING_DEFER to indicate
2186 which ones are relevant this time.
2189 addrlist the list of addresses
2190 host the host we are delivering to
2192 Returns: the first address for this delivery
2195 static address_item *
2196 prepare_addresses(address_item *addrlist, host_item *host)
2198 address_item *first_addr = NULL;
2200 for (addr = addrlist; addr != NULL; addr = addr->next)
2202 if (addr->transport_return != DEFER) continue;
2203 if (first_addr == NULL) first_addr = addr;
2204 addr->transport_return = PENDING_DEFER;
2205 addr->basic_errno = 0;
2206 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2207 addr->message = NULL;
2209 addr->cipher = NULL;
2210 addr->peerdn = NULL;
2218 /*************************************************
2219 * Main entry point *
2220 *************************************************/
2222 /* See local README for interface details. As this is a remote transport, it is
2223 given a chain of addresses to be delivered in one connection, if possible. It
2224 always returns TRUE, indicating that each address has its own independent
2225 status set, except if there is a setting up problem, in which case it returns
2229 smtp_transport_entry(
2230 transport_instance *tblock, /* data for this instantiation */
2231 address_item *addrlist) /* addresses we are working on */
2235 int hosts_defer = 0;
2237 int hosts_looked_up = 0;
2238 int hosts_retry = 0;
2239 int hosts_serial = 0;
2240 int hosts_total = 0;
2241 int total_hosts_tried = 0;
2243 BOOL expired = TRUE;
2244 BOOL continuing = continue_hostname != NULL;
2245 uschar *expanded_hosts = NULL;
2247 uschar *tid = string_sprintf("%s transport", tblock->name);
2248 smtp_transport_options_block *ob =
2249 (smtp_transport_options_block *)(tblock->options_block);
2250 host_item *hostlist = addrlist->host_list;
2251 host_item *host = NULL;
2255 debug_printf("%s transport entered\n", tblock->name);
2256 for (addr = addrlist; addr != NULL; addr = addr->next)
2257 debug_printf(" %s\n", addr->address);
2258 if (continuing) debug_printf("already connected to %s [%s]\n",
2259 continue_hostname, continue_host_address);
2262 /* Set the flag requesting that these hosts be added to the waiting
2263 database if the delivery fails temporarily or if we are running with
2264 queue_smtp or a 2-stage queue run. This gets unset for certain
2265 kinds of error, typically those that are specific to the message. */
2267 update_waiting = TRUE;
2269 /* If a host list is not defined for the addresses - they must all have the
2270 same one in order to be passed to a single transport - or if the transport has
2271 a host list with hosts_override set, use the host list supplied with the
2272 transport. It is an error for this not to exist. */
2274 if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2276 if (ob->hosts == NULL)
2278 addrlist->message = string_sprintf("%s transport called with no hosts set",
2280 addrlist->transport_return = PANIC;
2281 return FALSE; /* Only top address has status */
2284 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2287 /* If the transport's host list contains no '$' characters, and we are not
2288 randomizing, it is fixed and therefore a chain of hosts can be built once
2289 and for all, and remembered for subsequent use by other calls to this
2290 transport. If, on the other hand, the host list does contain '$', or we are
2291 randomizing its order, we have to rebuild it each time. In the fixed case,
2292 as the hosts string will never be used again, it doesn't matter that we
2293 replace all the : characters with zeros. */
2295 if (ob->hostlist == NULL)
2297 uschar *s = ob->hosts;
2299 if (Ustrchr(s, '$') != NULL)
2301 expanded_hosts = expand_string(s);
2302 if (expanded_hosts == NULL)
2304 addrlist->message = string_sprintf("failed to expand list of hosts "
2305 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2306 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2307 return FALSE; /* Only top address has status */
2309 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2310 "\"%s\"\n", s, expanded_hosts);
2314 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2316 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2318 /* Check that the expansion yielded something useful. */
2319 if (hostlist == NULL)
2322 string_sprintf("%s transport has empty hosts setting", tblock->name);
2323 addrlist->transport_return = PANIC;
2324 return FALSE; /* Only top address has status */
2327 /* If there was no expansion of hosts, save the host list for
2330 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2333 /* This is not the first time this transport has been run in this delivery;
2334 the host list was built previously. */
2336 else hostlist = ob->hostlist;
2339 /* The host list was supplied with the address. If hosts_randomize is set, we
2340 must sort it into a random order if it did not come from MX records and has not
2341 already been randomized (but don't bother if continuing down an existing
2344 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2346 host_item *newlist = NULL;
2347 while (hostlist != NULL)
2349 host_item *h = hostlist;
2350 hostlist = hostlist->next;
2352 h->sort_key = random_number(100);
2354 if (newlist == NULL)
2359 else if (h->sort_key < newlist->sort_key)
2366 host_item *hh = newlist;
2367 while (hh->next != NULL)
2369 if (h->sort_key < hh->next->sort_key) break;
2377 hostlist = addrlist->host_list = newlist;
2381 /* Sort out the default port. */
2383 if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
2386 /* For each host-plus-IP-address on the list:
2388 . If this is a continued delivery and the host isn't the one with the
2389 current connection, skip.
2391 . If the status is unusable (i.e. previously failed or retry checked), skip.
2393 . If no IP address set, get the address, either by turning the name into
2394 an address, calling gethostbyname if gethostbyname is on, or by calling
2395 the DNS. The DNS may yield multiple addresses, in which case insert the
2396 extra ones into the list.
2398 . Get the retry data if not previously obtained for this address and set the
2399 field which remembers the state of this address. Skip if the retry time is
2400 not reached. If not, remember whether retry data was found. The retry string
2401 contains both the name and the IP address.
2403 . Scan the list of addresses and mark those whose status is DEFER as
2404 PENDING_DEFER. These are the only ones that will be processed in this cycle
2407 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2408 Some addresses may be successfully delivered, others may fail, and yet
2409 others may get temporary errors and so get marked DEFER.
2411 . The return from the delivery attempt is OK if a connection was made and a
2412 valid SMTP dialogue was completed. Otherwise it is DEFER.
2414 . If OK, add a "remove" retry item for this host/IPaddress, if any.
2416 . If fail to connect, or other defer state, add a retry item.
2418 . If there are any addresses whose status is still DEFER, carry on to the
2419 next host/IPaddress, unless we have tried the number of hosts given
2420 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
2421 there is some fancy logic for hosts_max_try that means its limit can be
2422 overstepped in some circumstances.
2424 If we get to the end of the list, all hosts have deferred at least one address,
2425 or not reached their retry times. If delay_after_cutoff is unset, it requests a
2426 delivery attempt to those hosts whose last try was before the arrival time of
2427 the current message. To cope with this, we have to go round the loop a second
2428 time. After that, set the status and error data for any addresses that haven't
2429 had it set already. */
2431 for (cutoff_retry = 0; expired &&
2432 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2435 host_item *nexthost = NULL;
2436 int unexpired_hosts_tried = 0;
2438 for (host = hostlist;
2440 unexpired_hosts_tried < ob->hosts_max_try &&
2441 total_hosts_tried < ob->hosts_max_try_hardlimit;
2447 BOOL serialized = FALSE;
2448 BOOL host_is_expired = FALSE;
2449 BOOL message_defer = FALSE;
2450 BOOL ifchanges = FALSE;
2451 BOOL some_deferred = FALSE;
2452 address_item *first_addr = NULL;
2453 uschar *interface = NULL;
2454 uschar *retry_host_key = NULL;
2455 uschar *retry_message_key = NULL;
2456 uschar *serialize_key = NULL;
2458 /* Default next host is next host. :-) But this can vary if the
2459 hosts_max_try limit is hit (see below). It may also be reset if a host
2460 address is looked up here (in case the host was multihomed). */
2462 nexthost = host->next;
2464 /* If the address hasn't yet been obtained from the host name, look it up
2465 now, unless the host is already marked as unusable. If it is marked as
2466 unusable, it means that the router was unable to find its IP address (in
2467 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2468 the lookup failed last time. We don't get this far if *all* MX records
2469 point to non-existent hosts; that is treated as a hard error.
2471 We can just skip this host entirely. When the hosts came from the router,
2472 the address will timeout based on the other host(s); when the address is
2473 looked up below, there is an explicit retry record added.
2475 Note that we mustn't skip unusable hosts if the address is not unset; they
2476 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2478 if (host->address == NULL)
2480 int new_port, flags;
2482 uschar *canonical_name;
2484 if (host->status >= hstatus_unusable)
2486 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2491 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2493 /* The host name is permitted to have an attached port. Find it, and
2494 strip it from the name. Just remember it for now. */
2496 new_port = host_item_get_port(host);
2498 /* Count hosts looked up */
2502 /* Find by name if so configured, or if it's an IP address. We don't
2503 just copy the IP address, because we need the test-for-local to happen. */
2505 flags = HOST_FIND_BY_A;
2506 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2507 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2509 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
2510 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
2512 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
2513 &canonical_name, NULL);
2515 /* Update the host (and any additional blocks, resulting from
2516 multihoming) with a host-specific port, if any. */
2518 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2520 /* Failure to find the host at this time (usually DNS temporary failure)
2521 is really a kind of routing failure rather than a transport failure.
2522 Therefore we add a retry item of the routing kind, not to stop us trying
2523 to look this name up here again, but to ensure the address gets timed
2524 out if the failures go on long enough. A complete failure at this point
2525 commonly points to a configuration error, but the best action is still
2526 to carry on for the next host. */
2528 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2530 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2532 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2533 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2534 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2535 host->status = hstatus_unusable;
2537 for (addr = addrlist; addr != NULL; addr = addr->next)
2539 if (addr->transport_return != DEFER) continue;
2540 addr->basic_errno = ERRNO_UNKNOWNHOST;
2542 string_sprintf("failed to lookup IP address for %s", host->name);
2547 /* If the host is actually the local host, we may have a problem, or
2548 there may be some cunning configuration going on. In the problem case,
2549 log things and give up. The default transport status is already DEFER. */
2551 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2553 for (addr = addrlist; addr != NULL; addr = addr->next)
2555 addr->basic_errno = 0;
2556 addr->message = string_sprintf("%s transport found host %s to be "
2557 "local", tblock->name, host->name);
2561 } /* End of block for IP address lookup */
2563 /* If this is a continued delivery, we are interested only in the host
2564 which matches the name of the existing open channel. The check is put
2565 here after the local host lookup, in case the name gets expanded as a
2566 result of the lookup. Set expired FALSE, to save the outer loop executing
2569 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2570 Ustrcmp(continue_host_address, host->address) != 0))
2573 continue; /* With next host */
2576 /* Reset the default next host in case a multihomed host whose addresses
2577 are not looked up till just above added to the host list. */
2579 nexthost = host->next;
2581 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2582 domain is in queue_smtp_domains, we don't actually want to attempt any
2583 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
2584 there is a lookup defer in queue_smtp_domains, proceed as if the domain
2585 were not in it. We don't want to hold up all SMTP deliveries! Except when
2586 doing a two-stage queue run, don't do this if forcing. */
2588 if ((!deliver_force || queue_2stage) && (queue_smtp ||
2589 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
2590 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
2593 for (addr = addrlist; addr != NULL; addr = addr->next)
2595 if (addr->transport_return != DEFER) continue;
2596 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
2598 continue; /* With next host */
2601 /* Count hosts being considered - purely for an intelligent comment
2602 if none are usable. */
2606 /* Set $host and $host address now in case they are needed for the
2607 interface expansion or the serialize_hosts check; they remain set if an
2608 actual delivery happens. */
2610 deliver_host = host->name;
2611 deliver_host_address = host->address;
2613 /* Set up a string for adding to the retry key if the port number is not
2614 the standard SMTP port. A host may have its own port setting that overrides
2617 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
2619 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
2621 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
2622 string changes upon expansion, we must add it to the key that is used for
2623 retries, because connections to the same host from a different interface
2624 should be treated separately. */
2626 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
2627 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
2630 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
2632 /* The first time round the outer loop, check the status of the host by
2633 inspecting the retry data. The second time round, we are interested only
2634 in expired hosts that haven't been tried since this message arrived. */
2636 if (cutoff_retry == 0)
2638 /* Ensure the status of the address is set by checking retry data if
2639 necessary. There maybe host-specific retry data (applicable to all
2640 messages) and also data for retries of a specific message at this host.
2641 If either of these retry records are actually read, the keys used are
2642 returned to save recomputing them later. */
2644 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
2645 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
2647 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
2648 (host->address == NULL)? US"" : host->address, pistring,
2649 (host->status == hstatus_usable)? "usable" :
2650 (host->status == hstatus_unusable)? "unusable" :
2651 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
2653 /* Skip this address if not usable at this time, noting if it wasn't
2654 actually expired, both locally and in the address. */
2656 switch (host->status)
2658 case hstatus_unusable:
2660 setflag(addrlist, af_retry_skipped);
2663 case hstatus_unusable_expired:
2666 case hwhy_retry: hosts_retry++; break;
2667 case hwhy_failed: hosts_fail++; break;
2668 case hwhy_deferred: hosts_defer++; break;
2671 /* If there was a retry message key, implying that previously there
2672 was a message-specific defer, we don't want to update the list of
2673 messages waiting for these hosts. */
2675 if (retry_message_key != NULL) update_waiting = FALSE;
2676 continue; /* With the next host or IP address */
2680 /* Second time round the loop: if the address is set but expired, and
2681 the message is newer than the last try, let it through. */
2685 if (host->address == NULL ||
2686 host->status != hstatus_unusable_expired ||
2687 host->last_try > received_time)
2690 debug_printf("trying expired host %s [%s]%s\n",
2691 host->name, host->address, pistring);
2692 host_is_expired = TRUE;
2695 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
2696 it remains TRUE only if all hosts are expired and none are actually tried.
2701 /* If this host is listed as one to which access must be serialized,
2702 see if another Exim process has a connection to it, and if so, skip
2703 this host. If not, update the database to record our connection to it
2704 and remember this for later deletion. Do not do any of this if we are
2705 sending the message down a pre-existing connection. */
2708 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
2709 host->address, NULL) == OK)
2711 serialize_key = string_sprintf("host-serialize-%s", host->name);
2712 if (!enq_start(serialize_key))
2715 debug_printf("skipping host %s because another Exim process "
2716 "is connected to it\n", host->name);
2723 /* OK, we have an IP address that is not waiting for its retry time to
2724 arrive (it might be expired) OR (second time round the loop) we have an
2725 expired host that hasn't been tried since the message arrived. Have a go
2726 at delivering the message to it. First prepare the addresses by flushing
2727 out the result of previous attempts, and finding the first address that
2728 is still to be delivered. */
2730 first_addr = prepare_addresses(addrlist, host);
2732 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
2733 message_id, host->name, host->address, addrlist->address,
2734 (addrlist->next == NULL)? "" : ", ...");
2736 set_process_info("delivering %s to %s [%s] (%s%s)",
2737 message_id, host->name, host->address, addrlist->address,
2738 (addrlist->next == NULL)? "" : ", ...");
2740 /* This is not for real; don't do the delivery. If there are
2741 any remaining hosts, list them. */
2746 set_errno(addrlist, 0, NULL, OK, FALSE);
2747 for (addr = addrlist; addr != NULL; addr = addr->next)
2749 addr->host_used = host;
2750 addr->special_action = '*';
2751 addr->message = US"delivery bypassed by -N option";
2755 debug_printf("*** delivery by %s transport bypassed by -N option\n"
2756 "*** host and remaining hosts:\n", tblock->name);
2757 for (host2 = host; host2 != NULL; host2 = host2->next)
2758 debug_printf(" %s [%s]\n", host2->name,
2759 (host2->address == NULL)? US"unset" : host2->address);
2764 /* This is for real. If the host is expired, we don't count it for
2765 hosts_max_retry. This ensures that all hosts must expire before an address
2766 is timed out, unless hosts_max_try_hardlimit (which protects against
2767 lunatic DNS configurations) is reached.
2769 If the host is not expired and we are about to hit the hosts_max_retry
2770 limit, check to see if there is a subsequent hosts with a different MX
2771 value. If so, make that the next host, and don't count this one. This is a
2772 heuristic to make sure that different MXs do get tried. With a normal kind
2773 of retry rule, they would get tried anyway when the earlier hosts were
2774 delayed, but if the domain has a "retry every time" type of rule - as is
2775 often used for the the very large ISPs, that won't happen. */
2779 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
2783 debug_printf("hosts_max_try limit reached with this host\n");
2784 for (h = host; h != NULL; h = h->next)
2785 if (h->mx != host->mx) break;
2789 unexpired_hosts_tried--;
2790 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
2791 "and will be tried\n");
2795 /* Attempt the delivery. */
2797 total_hosts_tried++;
2798 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
2799 expanded_hosts != NULL, &message_defer, FALSE);
2802 OK => connection made, each address contains its result;
2803 message_defer is set for message-specific defers (when all
2804 recipients are marked defer)
2805 DEFER => there was a non-message-specific delivery problem;
2806 ERROR => there was a problem setting up the arguments for a filter,
2807 or there was a problem with expanding added headers
2810 /* If the result is not OK, there was a non-message-specific problem.
2811 If the result is DEFER, we need to write to the logs saying what happened
2812 for this particular host, except in the case of authentication and TLS
2813 failures, where the log has already been written. If all hosts defer a
2814 general message is written at the end. */
2816 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
2817 first_addr->basic_errno != ERRNO_TLSFAILURE)
2818 write_logs(first_addr, host);
2820 /* If STARTTLS was accepted, but there was a failure in setting up the
2821 TLS session (usually a certificate screwup), and the host is not in
2822 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
2823 TLS forcibly turned off. We have to start from scratch with a new SMTP
2824 connection. That's why the retry is done from here, not from within
2825 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
2826 session, so the in-clear transmission after those errors, if permitted,
2827 happens inside smtp_deliver().] */
2830 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
2831 ob->tls_tempfail_tryclear &&
2832 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
2833 host->address, NULL) != OK)
2835 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
2836 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
2837 first_addr = prepare_addresses(addrlist, host);
2838 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
2839 expanded_hosts != NULL, &message_defer, TRUE);
2840 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
2841 write_logs(first_addr, host);
2846 /* Delivery attempt finished */
2848 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
2851 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
2852 message_id, host->name, host->address, addrlist->address,
2853 (addrlist->next == NULL)? "" : " (& others)", rs);
2855 /* Release serialization if set up */
2857 if (serialized) enq_end(serialize_key);
2859 /* If the result is DEFER, or if a host retry record is known to exist, we
2860 need to add an item to the retry chain for updating the retry database
2861 at the end of delivery. We only need to add the item to the top address,
2862 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
2863 for any other delivery attempts using the same address. (It is copied into
2864 the unusable tree at the outer level, so even if different address blocks
2865 contain the same address, it still won't get tried again.) */
2867 if (rc == DEFER || retry_host_key != NULL)
2869 int delete_flag = (rc != DEFER)? rf_delete : 0;
2870 if (retry_host_key == NULL)
2872 retry_host_key = ob->retry_include_ip_address?
2873 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
2874 string_sprintf("T:%S%s", host->name, pistring);
2877 /* If a delivery of another message over an existing SMTP connection
2878 yields DEFER, we do NOT set up retry data for the host. This covers the
2879 case when there are delays in routing the addresses in the second message
2880 that are so long that the server times out. This is alleviated by not
2881 routing addresses that previously had routing defers when handling an
2882 existing connection, but even so, this case may occur (e.g. if a
2883 previously happily routed address starts giving routing defers). If the
2884 host is genuinely down, another non-continued message delivery will
2885 notice it soon enough. */
2887 if (delete_flag != 0 || !continuing)
2888 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
2890 /* We may have tried an expired host, if its retry time has come; ensure
2891 the status reflects the expiry for the benefit of any other addresses. */
2895 host->status = (host_is_expired)?
2896 hstatus_unusable_expired : hstatus_unusable;
2897 host->why = hwhy_deferred;
2901 /* If message_defer is set (host was OK, but every recipient got deferred
2902 because of some message-specific problem), or if that had happened
2903 previously so that a message retry key exists, add an appropriate item
2904 to the retry chain. Note that if there was a message defer but now there is
2905 a host defer, the message defer record gets deleted. That seems perfectly
2906 reasonable. Also, stop the message from being remembered as waiting
2907 for specific hosts. */
2909 if (message_defer || retry_message_key != NULL)
2911 int delete_flag = message_defer? 0 : rf_delete;
2912 if (retry_message_key == NULL)
2914 retry_message_key = ob->retry_include_ip_address?
2915 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
2917 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
2919 retry_add_item(addrlist, retry_message_key,
2920 rf_message | rf_host | delete_flag);
2921 update_waiting = FALSE;
2924 /* Any return other than DEFER (that is, OK or ERROR) means that the
2925 addresses have got their final statuses filled in for this host. In the OK
2926 case, see if any of them are deferred. */
2930 for (addr = addrlist; addr != NULL; addr = addr->next)
2932 if (addr->transport_return == DEFER)
2934 some_deferred = TRUE;
2940 /* If no addresses deferred or the result was ERROR, return. We do this for
2941 ERROR because a failing filter set-up or add_headers expansion is likely to
2942 fail for any host we try. */
2944 if (rc == ERROR || (rc == OK && !some_deferred))
2946 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
2947 return TRUE; /* Each address has its status */
2950 /* If the result was DEFER or some individual addresses deferred, let
2951 the loop run to try other hosts with the deferred addresses, except for the
2952 case when we were trying to deliver down an existing channel and failed.
2953 Don't try any other hosts in this case. */
2955 if (continuing) break;
2957 /* If the whole delivery, or some individual addresses, were deferred and
2958 there are more hosts that could be tried, do not count this host towards
2959 the hosts_max_try limit if the age of the message is greater than the
2960 maximum retry time for this host. This means we may try try all hosts,
2961 ignoring the limit, when messages have been around for some time. This is
2962 important because if we don't try all hosts, the address will never time
2963 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
2965 if ((rc == DEFER || some_deferred) && nexthost != NULL)
2968 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
2970 if (retry != NULL && retry->rules != NULL)
2972 retry_rule *last_rule;
2973 for (last_rule = retry->rules;
2974 last_rule->next != NULL;
2975 last_rule = last_rule->next);
2976 timedout = time(NULL) - received_time > last_rule->timeout;
2978 else timedout = TRUE; /* No rule => timed out */
2982 unexpired_hosts_tried--;
2983 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
2984 "hosts_max_try (message older than host's retry time)\n");
2987 } /* End of loop for trying multiple hosts. */
2989 /* This is the end of the loop that repeats iff expired is TRUE and
2990 ob->delay_after_cutoff is FALSE. The second time round we will
2991 try those hosts that haven't been tried since the message arrived. */
2995 debug_printf("all IP addresses skipped or deferred at least one address\n");
2996 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
2997 debug_printf("retrying IP addresses not tried since message arrived\n");
3002 /* Get here if all IP addresses are skipped or defer at least one address. In
3003 MUA wrapper mode, this will happen only for connection or other non-message-
3004 specific failures. Force the delivery status for all addresses to FAIL. */
3008 for (addr = addrlist; addr != NULL; addr = addr->next)
3009 addr->transport_return = FAIL;
3013 /* In the normal, non-wrapper case, add a standard message to each deferred
3014 address if there hasn't been an error, that is, if it hasn't actually been
3015 tried this time. The variable "expired" will be FALSE if any deliveries were
3016 actually tried, or if there was at least one host that was not expired. That
3017 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3018 a delivery has been tried, an error code will be set, and the failing of the
3019 message is handled by the retry code later.
3021 If queue_smtp is set, or this transport was called to send a subsequent message
3022 down an existing TCP/IP connection, and something caused the host not to be
3023 found, we end up here, but can detect these cases and handle them specially. */
3025 for (addr = addrlist; addr != NULL; addr = addr->next)
3027 /* If host is not NULL, it means that we stopped processing the host list
3028 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3029 means we need to behave as if some hosts were skipped because their retry
3030 time had not come. Specifically, this prevents the address from timing out.
3031 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
3032 hosts were tried. */
3036 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3039 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3040 "hosts were tried\n");
3045 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3046 setflag(addr, af_retry_skipped);
3050 if (queue_smtp) /* no deliveries attempted */
3052 addr->transport_return = DEFER;
3053 addr->basic_errno = 0;
3054 addr->message = US"SMTP delivery explicitly queued";
3057 else if (addr->transport_return == DEFER &&
3058 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3059 addr->message == NULL)
3061 addr->basic_errno = ERRNO_HRETRY;
3062 if (continue_hostname != NULL)
3064 addr->message = US"no host found for existing SMTP connection";
3068 setflag(addr, af_pass_message); /* This is not a security risk */
3069 addr->message = (ob->delay_after_cutoff)?
3070 US"retry time not reached for any host after a long failure period" :
3071 US"all hosts have been failing for a long time and were last tried "
3072 "after this message arrived";
3074 /* If we are already using fallback hosts, or there are no fallback hosts
3075 defined, convert the result to FAIL to cause a bounce. */
3077 if (addr->host_list == addr->fallback_hosts ||
3078 addr->fallback_hosts == NULL)
3079 addr->transport_return = FAIL;
3083 if (hosts_retry == hosts_total)
3084 addr->message = US"retry time not reached for any host";
3085 else if (hosts_fail == hosts_total)
3086 addr->message = US"all host address lookups failed permanently";
3087 else if (hosts_defer == hosts_total)
3088 addr->message = US"all host address lookups failed temporarily";
3089 else if (hosts_serial == hosts_total)
3090 addr->message = US"connection limit reached for all hosts";
3091 else if (hosts_fail+hosts_defer == hosts_total)
3092 addr->message = US"all host address lookups failed";
3093 else addr->message = US"some host address lookups failed and retry time "
3094 "not reached for other hosts or connection limit reached";
3099 /* Update the database which keeps information about which messages are waiting
3100 for which hosts to become available. For some message-specific errors, the
3101 update_waiting flag is turned off because we don't want follow-on deliveries in
3104 if (update_waiting) transport_update_waiting(hostlist, tblock->name);
3108 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3110 return TRUE; /* Each address has its status */
3113 /* End of transport/smtp.c */