1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2020 - 2022 */
6 /* Copyright (c) University of Cambridge 1995 - 2018 */
7 /* See the file NOTICE for conditions of use and distribution. */
12 #if defined(SUPPORT_DANE) && defined(DISABLE_TLS)
13 # error TLS is required for DANE
17 /* Options specific to the smtp transport. This transport also supports LMTP
18 over TCP/IP. The options must be in alphabetic order (note that "_" comes
19 before the lower case letters). Some live in the transport_instance block so as
20 to be publicly visible; these are flagged with opt_public. */
22 #define LOFF(field) OPT_OFF(smtp_transport_options_block, field)
24 optionlist smtp_transport_options[] = {
25 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
26 OPT_OFF(transport_instance, expand_multi_domain) },
27 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
28 LOFF(expand_retry_include_ip_address) },
30 { "address_retry_include_sender", opt_bool,
31 LOFF(address_retry_include_sender) },
32 { "allow_localhost", opt_bool, LOFF(allow_localhost) },
33 #ifdef EXPERIMENTAL_ARC
34 { "arc_sign", opt_stringptr, LOFF(arc_sign) },
36 { "authenticated_sender", opt_stringptr, LOFF(authenticated_sender) },
37 { "authenticated_sender_force", opt_bool, LOFF(authenticated_sender_force) },
38 { "command_timeout", opt_time, LOFF(command_timeout) },
39 { "connect_timeout", opt_time, LOFF(connect_timeout) },
40 { "connection_max_messages", opt_int | opt_public,
41 OPT_OFF(transport_instance, connection_max_messages) },
43 { "dane_require_tls_ciphers", opt_stringptr, LOFF(dane_require_tls_ciphers) },
45 { "data_timeout", opt_time, LOFF(data_timeout) },
46 { "delay_after_cutoff", opt_bool, LOFF(delay_after_cutoff) },
48 { "dkim_canon", opt_stringptr, LOFF(dkim.dkim_canon) },
49 { "dkim_domain", opt_stringptr, LOFF(dkim.dkim_domain) },
50 { "dkim_hash", opt_stringptr, LOFF(dkim.dkim_hash) },
51 { "dkim_identity", opt_stringptr, LOFF(dkim.dkim_identity) },
52 { "dkim_private_key", opt_stringptr, LOFF(dkim.dkim_private_key) },
53 { "dkim_selector", opt_stringptr, LOFF(dkim.dkim_selector) },
54 { "dkim_sign_headers", opt_stringptr, LOFF(dkim.dkim_sign_headers) },
55 { "dkim_strict", opt_stringptr, LOFF(dkim.dkim_strict) },
56 { "dkim_timestamps", opt_stringptr, LOFF(dkim.dkim_timestamps) },
58 { "dns_qualify_single", opt_bool, LOFF(dns_qualify_single) },
59 { "dns_search_parents", opt_bool, LOFF(dns_search_parents) },
60 { "dnssec_request_domains", opt_stringptr, LOFF(dnssec.request) },
61 { "dnssec_require_domains", opt_stringptr, LOFF(dnssec.require) },
62 { "dscp", opt_stringptr, LOFF(dscp) },
63 { "fallback_hosts", opt_stringptr, LOFF(fallback_hosts) },
64 { "final_timeout", opt_time, LOFF(final_timeout) },
65 { "gethostbyname", opt_bool, LOFF(gethostbyname) },
66 { "helo_data", opt_stringptr, LOFF(helo_data) },
67 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
68 { "host_name_extract", opt_stringptr, LOFF(host_name_extract) },
70 { "hosts", opt_stringptr, LOFF(hosts) },
71 { "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
72 { "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
74 { "hosts_avoid_tls", opt_stringptr, LOFF(hosts_avoid_tls) },
76 { "hosts_max_try", opt_int, LOFF(hosts_max_try) },
77 { "hosts_max_try_hardlimit", opt_int, LOFF(hosts_max_try_hardlimit) },
79 { "hosts_nopass_tls", opt_stringptr, LOFF(hosts_nopass_tls) },
80 { "hosts_noproxy_tls", opt_stringptr, LOFF(hosts_noproxy_tls) },
82 { "hosts_override", opt_bool, LOFF(hosts_override) },
83 #ifndef DISABLE_PIPE_CONNECT
84 { "hosts_pipe_connect", opt_stringptr, LOFF(hosts_pipe_connect) },
86 { "hosts_randomize", opt_bool, LOFF(hosts_randomize) },
87 #if !defined(DISABLE_TLS) && !defined(DISABLE_OCSP)
88 { "hosts_request_ocsp", opt_stringptr, LOFF(hosts_request_ocsp) },
90 { "hosts_require_alpn", opt_stringptr, LOFF(hosts_require_alpn) },
91 { "hosts_require_auth", opt_stringptr, LOFF(hosts_require_auth) },
94 { "hosts_require_dane", opt_stringptr, LOFF(hosts_require_dane) },
97 { "hosts_require_ocsp", opt_stringptr, LOFF(hosts_require_ocsp) },
99 { "hosts_require_tls", opt_stringptr, LOFF(hosts_require_tls) },
101 { "hosts_try_auth", opt_stringptr, LOFF(hosts_try_auth) },
102 { "hosts_try_chunking", opt_stringptr, LOFF(hosts_try_chunking) },
104 { "hosts_try_dane", opt_stringptr, LOFF(hosts_try_dane) },
106 { "hosts_try_fastopen", opt_stringptr, LOFF(hosts_try_fastopen) },
108 { "hosts_try_prdr", opt_stringptr, LOFF(hosts_try_prdr) },
111 { "hosts_verify_avoid_tls", opt_stringptr, LOFF(hosts_verify_avoid_tls) },
113 { "interface", opt_stringptr, LOFF(interface) },
114 { "keepalive", opt_bool, LOFF(keepalive) },
115 { "lmtp_ignore_quota", opt_bool, LOFF(lmtp_ignore_quota) },
116 { "max_rcpt", opt_int | opt_public,
117 OPT_OFF(transport_instance, max_addresses) },
118 { "message_linelength_limit", opt_int, LOFF(message_linelength_limit) },
119 { "multi_domain", opt_expand_bool | opt_public,
120 OPT_OFF(transport_instance, multi_domain) },
121 { "port", opt_stringptr, LOFF(port) },
122 { "protocol", opt_stringptr, LOFF(protocol) },
123 { "retry_include_ip_address", opt_expand_bool, LOFF(retry_include_ip_address) },
124 { "serialize_hosts", opt_stringptr, LOFF(serialize_hosts) },
125 { "size_addition", opt_int, LOFF(size_addition) },
127 { "socks_proxy", opt_stringptr, LOFF(socks_proxy) },
130 { "tls_alpn", opt_stringptr, LOFF(tls_alpn) },
131 { "tls_certificate", opt_stringptr, LOFF(tls_certificate) },
132 { "tls_crl", opt_stringptr, LOFF(tls_crl) },
133 { "tls_dh_min_bits", opt_int, LOFF(tls_dh_min_bits) },
134 { "tls_privatekey", opt_stringptr, LOFF(tls_privatekey) },
135 { "tls_require_ciphers", opt_stringptr, LOFF(tls_require_ciphers) },
136 # ifndef DISABLE_TLS_RESUME
137 { "tls_resumption_hosts", opt_stringptr, LOFF(tls_resumption_hosts) },
139 { "tls_sni", opt_stringptr, LOFF(tls_sni) },
140 { "tls_tempfail_tryclear", opt_bool, LOFF(tls_tempfail_tryclear) },
141 { "tls_try_verify_hosts", opt_stringptr, LOFF(tls_try_verify_hosts) },
142 { "tls_verify_cert_hostnames", opt_stringptr, LOFF(tls_verify_cert_hostnames)},
143 { "tls_verify_certificates", opt_stringptr, LOFF(tls_verify_certificates) },
144 { "tls_verify_hosts", opt_stringptr, LOFF(tls_verify_hosts) },
147 { "utf8_downconvert", opt_stringptr, LOFF(utf8_downconvert) },
151 /* Size of the options list. An extern variable has to be used so that its
152 address can appear in the tables drtables.c. */
154 int smtp_transport_options_count = nelem(smtp_transport_options);
160 smtp_transport_options_block smtp_transport_option_defaults = {0};
161 void smtp_transport_init(transport_instance *tblock) {}
162 BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
163 void smtp_transport_closedown(transport_instance *tblock) {}
165 #else /*!MACRO_PREDEF*/
168 /* Default private options block for the smtp transport. */
170 smtp_transport_options_block smtp_transport_option_defaults = {
171 /* All non-mentioned elements 0/NULL/FALSE */
172 .helo_data = US"$primary_hostname",
173 .protocol = US"smtp",
174 .hosts_try_chunking = US"*",
176 .hosts_try_dane = US"*",
178 .hosts_try_fastopen = US"*",
180 .hosts_try_prdr = US"*",
183 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
185 .command_timeout = 5*60,
186 .connect_timeout = 5*60,
187 .data_timeout = 5*60,
188 .final_timeout = 10*60,
189 .size_addition = 1024,
191 .hosts_max_try_hardlimit = 50,
192 .message_linelength_limit = 998,
193 .address_retry_include_sender = TRUE,
194 .dns_qualify_single = TRUE,
195 .dnssec = { .request= US"*", .require=NULL },
196 .delay_after_cutoff = TRUE,
198 .retry_include_ip_address = TRUE,
200 .tls_verify_certificates = US"system",
201 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
202 .tls_tempfail_tryclear = TRUE,
203 .tls_try_verify_hosts = US"*",
204 .tls_verify_cert_hostnames = US"*",
205 # ifndef DISABLE_TLS_RESUME
206 .host_name_extract = US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
210 .utf8_downconvert = US"-1",
214 { .dkim_hash = US"sha256", },
218 /* some DSN flags for use later */
220 static int rf_list[] = {rf_notify_never, rf_notify_success,
221 rf_notify_failure, rf_notify_delay };
223 static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
229 static uschar *smtp_command; /* Points to last cmd for error messages */
230 static uschar *mail_command; /* Points to MAIL cmd for error messages */
231 static uschar *data_command = US""; /* Points to DATA cmd for error messages */
232 static BOOL update_waiting; /* TRUE to update the "wait" database */
234 /*XXX move to smtp_context */
235 static BOOL pipelining_active; /* current transaction is in pipe mode */
238 static unsigned ehlo_response(uschar * buf, unsigned checks);
241 /******************************************************************************/
244 smtp_deliver_init(void)
248 const pcre2_code ** re;
249 const uschar * string;
252 { ®ex_AUTH, AUTHS_REGEX },
253 { ®ex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)" },
254 { ®ex_DSN, US"\\n250[\\s\\-]DSN(\\s|\\n|$)" },
255 { ®ex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)" },
256 { ®ex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)" },
257 { ®ex_SIZE, US"\\n250[\\s\\-]SIZE(\\s|\\n|$)" },
260 { ®ex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)" },
263 { ®ex_PRDR, US"\\n250[\\s\\-]PRDR(\\s|\\n|$)" },
266 { ®ex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)" },
268 #ifndef DISABLE_PIPE_CONNECT
269 { ®ex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)" },
271 #ifdef EXPERIMENTAL_ESMTP_LIMITS
272 { ®ex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" },
276 for (struct list * l = list; l < list + nelem(list); l++)
278 *l->re = regex_must_compile(l->string, FALSE, TRUE);
282 /*************************************************
283 * Setup entry point *
284 *************************************************/
286 /* This function is called when the transport is about to be used,
287 but before running it in a sub-process. It is used for two things:
289 (1) To set the fallback host list in addresses, when delivering.
290 (2) To pass back the interface, port, protocol, and other options, for use
291 during callout verification.
294 tblock pointer to the transport instance block
295 addrlist list of addresses about to be transported
296 tf if not NULL, pointer to block in which to return options
297 uid the uid that will be set (not used)
298 gid the gid that will be set (not used)
299 errmsg place for error message (not used)
301 Returns: OK always (FAIL, DEFER not used)
305 smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
306 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
308 smtp_transport_options_block *ob = SOB tblock->options_block;
310 /* Pass back options if required. This interface is getting very messy. */
314 tf->interface = ob->interface;
316 tf->protocol = ob->protocol;
317 tf->hosts = ob->hosts;
318 tf->hosts_override = ob->hosts_override;
319 tf->hosts_randomize = ob->hosts_randomize;
320 tf->gethostbyname = ob->gethostbyname;
321 tf->qualify_single = ob->dns_qualify_single;
322 tf->search_parents = ob->dns_search_parents;
323 tf->helo_data = ob->helo_data;
326 /* Set the fallback host list for all the addresses that don't have fallback
327 host lists, provided that the local host wasn't present in the original host
330 if (!testflag(addrlist, af_local_host_removed))
331 for (; addrlist; addrlist = addrlist->next)
332 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
339 /*************************************************
340 * Initialization entry point *
341 *************************************************/
343 /* Called for each instance, after its options have been read, to
344 enable consistency checks to be done, or anything else that needs
347 Argument: pointer to the transport instance block
352 smtp_transport_init(transport_instance *tblock)
354 smtp_transport_options_block *ob = SOB tblock->options_block;
355 int old_pool = store_pool;
357 /* Retry_use_local_part defaults FALSE if unset */
359 if (tblock->retry_use_local_part == TRUE_UNSET)
360 tblock->retry_use_local_part = FALSE;
362 /* Set the default port according to the protocol */
365 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
367 : strcmpic(ob->protocol, US"smtps") == 0
368 ? US"smtps" : US"smtp";
370 /* Set up the setup entry point, to be called before subprocesses for this
373 tblock->setup = smtp_transport_setup;
375 /* Complain if any of the timeouts are zero. */
377 if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
378 ob->final_timeout <= 0)
379 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
380 "command, data, or final timeout value is zero for %s transport",
383 /* If hosts_override is set and there are local hosts, set the global
384 flag that stops verify from showing router hosts. */
386 if (ob->hosts_override && ob->hosts) tblock->overrides_hosts = TRUE;
388 /* If there are any fallback hosts listed, build a chain of host items
389 for them, but do not do any lookups at this time. */
391 store_pool = POOL_PERM;
392 host_build_hostlist(&ob->fallback_hostlist, ob->fallback_hosts, FALSE);
393 store_pool = old_pool;
400 /*************************************************
401 * Set delivery info into all active addresses *
402 *************************************************/
404 /* Only addresses whose status is >= PENDING are relevant. A lesser
405 status means that an address is not currently being processed.
408 addrlist points to a chain of addresses
409 errno_value to put in each address's errno field
410 msg to put in each address's message field
411 rc to put in each address's transport_return field
412 pass_message if TRUE, set the "pass message" flag in the address
413 host if set, mark addrs as having used this host
414 smtp_greeting from peer
415 helo_response from peer
416 start points to timestamp of delivery start
418 If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
419 the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
420 this particular type of timeout.
426 set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
427 BOOL pass_message, host_item * host,
428 #ifdef EXPERIMENTAL_DSN_INFO
429 const uschar * smtp_greeting, const uschar * helo_response,
431 struct timeval * start
435 struct timeval deliver_time;
437 if (errno_value == ERRNO_CONNECTTIMEOUT)
439 errno_value = ETIMEDOUT;
440 orvalue = RTEF_CTOUT;
442 timesince(&deliver_time, start);
444 for (address_item * addr = addrlist; addr; addr = addr->next)
445 if (addr->transport_return >= PENDING)
447 addr->basic_errno = errno_value;
448 addr->more_errno |= orvalue;
449 addr->delivery_time = deliver_time;
453 if (pass_message) setflag(addr, af_pass_message);
455 addr->transport_return = rc;
458 addr->host_used = host;
459 #ifdef EXPERIMENTAL_DSN_INFO
461 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
462 addr->smtp_greeting = smtp_greeting;
465 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
466 addr->helo_response = helo_response;
473 set_errno_nohost(address_item * addrlist, int errno_value, uschar * msg, int rc,
474 BOOL pass_message, struct timeval * start)
476 set_errno(addrlist, errno_value, msg, rc, pass_message, NULL,
477 #ifdef EXPERIMENTAL_DSN_INFO
484 /*************************************************
485 * Check an SMTP response *
486 *************************************************/
488 /* This function is given an errno code and the SMTP response buffer
489 to analyse, together with the host identification for generating messages. It
490 sets an appropriate message and puts the first digit of the response code into
491 the yield variable. If no response was actually read, a suitable digit is
495 host the current host, to get its name for messages
496 errno_value pointer to the errno value
497 more_errno from the top address for use with ERRNO_FILTER_FAIL
498 buffer the SMTP response buffer
499 yield where to put a one-digit SMTP response code
500 message where to put an error message
501 pass_message set TRUE if message is an SMTP response
503 Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
507 check_response(host_item *host, int *errno_value, int more_errno,
508 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
510 uschar * pl = pipelining_active ? US"pipelined " : US"";
513 *yield = '4'; /* Default setting is to give a temporary error */
517 case ETIMEDOUT: /* Handle response timeout */
518 *message = US string_sprintf("SMTP timeout after %s%s",
520 if (transport_count > 0)
521 *message = US string_sprintf("%s (%d bytes written)", *message,
525 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
526 s = string_printing(buffer);
527 while (isspace(*s)) s++;
529 ? string_sprintf("Malformed SMTP reply (an empty line) "
530 "in response to %s%s", pl, smtp_command)
531 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
532 pl, smtp_command, s);
535 case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
537 *message = US"bad first read from TLS conn";
540 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
541 can't send QUIT as we mustn't end the DATA. */
542 *message = string_sprintf("transport filter process failed (%d)%s",
544 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
547 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
548 can't send QUIT as we mustn't end the DATA. */
550 string_sprintf("failed to expand headers_add or headers_remove: %s",
551 expand_string_message);
554 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
555 *message = US"failed to write a data block";
559 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
560 *message = US"utf8 support required but not offered for forwarding";
561 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
566 /* Handle error responses from the remote mailer. */
570 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
571 "%s", pl, smtp_command, s = string_printing(buffer));
572 *pass_message = TRUE;
577 /* No data was read. If there is no errno, this must be the EOF (i.e.
578 connection closed) case, which causes deferral. An explicit connection reset
579 error has the same effect. Otherwise, put the host's identity in the message,
580 leaving the errno value to be interpreted as well. In all cases, we have to
581 assume the connection is now dead. */
583 if (*errno_value == 0 || *errno_value == ECONNRESET)
585 *errno_value = ERRNO_SMTPCLOSED;
586 *message = US string_sprintf("Remote host closed connection "
587 "in response to %s%s", pl, smtp_command);
590 *message = US string_sprintf("%s [%s]", host->name, host->address);
597 /*************************************************
598 * Write error message to logs *
599 *************************************************/
601 /* This writes to the main log and to the message log.
604 host the current host
605 detail the current message (addr_item->message)
606 basic_errno the errno (addr_item->basic_errno)
612 write_logs(const host_item *host, const uschar *suffix, int basic_errno)
614 gstring * message = LOGGING(outgoing_port)
615 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
616 host->port == PORT_NONE ? 25 : host->port)
617 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
621 message = string_fmt_append(message, ": %s", suffix);
623 message = string_fmt_append(message, ": %s", strerror(basic_errno));
626 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
628 log_write(0, LOG_MAIN, "%s", string_from_gstring(message));
629 deliver_msglog("%s %s\n", tod_stamp(tod_log), message->s);
633 msglog_line(host_item * host, uschar * message)
635 deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
636 host->name, host->address, message);
641 #ifndef DISABLE_EVENT
642 /*************************************************
643 * Post-defer action *
644 *************************************************/
646 /* This expands an arbitrary per-transport string.
647 It might, for example, be used to write to the database log.
650 addr the address item containing error information
651 host the current host
658 deferred_event_raise(address_item * addr, host_item * host, uschar * evstr)
660 uschar * action = addr->transport->event_action;
661 const uschar * save_domain;
667 save_domain = deliver_domain;
668 save_local = deliver_localpart;
670 /*XXX would ip & port already be set up? */
671 deliver_host_address = string_copy(host->address);
672 deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
673 event_defer_errno = addr->basic_errno;
675 router_name = addr->router->name;
676 transport_name = addr->transport->name;
677 deliver_domain = addr->domain;
678 deliver_localpart = addr->local_part;
680 (void) event_raise(action, evstr,
682 ? addr->basic_errno > 0
683 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
684 : string_copy(addr->message)
685 : addr->basic_errno > 0
686 ? string_copy(US strerror(addr->basic_errno))
690 deliver_localpart = save_local;
691 deliver_domain = save_domain;
692 router_name = transport_name = NULL;
696 /*************************************************
697 * Reap SMTP specific responses *
698 *************************************************/
700 smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
703 uschar flushbuffer[4096];
707 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
708 '2', ob->command_timeout)
709 && (errno != 0 || flushbuffer[0] == 0))
716 /* Return boolean success */
719 smtp_reap_banner(smtp_context * sx)
722 #if defined(__linux__) && defined(TCP_QUICKACK)
723 { /* Hack to get QUICKACK disabled; has to be right after 3whs, and has to on->off */
724 int sock = sx->cctx.sock;
725 struct pollfd p = {.fd = sock, .events = POLLOUT};
726 if (poll(&p, 1, 1000) >= 0) /* retval test solely for compiler quitening */
728 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &on, sizeof(on));
729 (void) setsockopt(sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
733 good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
734 '2', (SOB sx->conn_args.ob)->command_timeout);
735 #ifdef EXPERIMENTAL_DSN_INFO
736 sx->smtp_greeting = string_copy(sx->buffer);
738 return good_response;
742 smtp_reap_ehlo(smtp_context * sx)
744 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
745 (SOB sx->conn_args.ob)->command_timeout))
747 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
749 #ifdef EXPERIMENTAL_DSN_INFO
750 sx->helo_response = string_copy(sx->buffer);
756 #ifdef EXPERIMENTAL_DSN_INFO
757 sx->helo_response = string_copy(sx->buffer);
759 #ifndef DISABLE_EVENT
760 (void) event_raise(sx->conn_args.tblock->event_action,
761 US"smtp:ehlo", sx->buffer, NULL);
767 /******************************************************************************/
769 #ifdef EXPERIMENTAL_ESMTP_LIMITS
770 /* If TLS, or TLS not offered, called with the EHLO response in the buffer.
771 Check it for a LIMITS keyword and parse values into the smtp context structure.
773 We don't bother with peers that we won't talk TLS to, even though they can,
774 just ignore their LIMITS advice (if any) and treat them as if they do not.
775 This saves us dealing with a duplicate set of values. */
778 ehlo_response_limits_read(smtp_context * sx)
782 /* matches up to just after the first space after the keyword */
784 if (regex_match(regex_LIMITS, sx->buffer, -1, &match))
785 for (const uschar * s = sx->buffer + Ustrlen(match); *s; )
787 while (isspace(*s)) s++;
788 if (*s == '\n') break;
790 if (strncmpic(s, US"MAILMAX=", 8) == 0)
792 sx->peer_limit_mail = atoi(CS (s += 8));
793 while (isdigit(*s)) s++;
795 else if (strncmpic(s, US"RCPTMAX=", 8) == 0)
797 sx->peer_limit_rcpt = atoi(CS (s += 8));
798 while (isdigit(*s)) s++;
800 else if (strncmpic(s, US"RCPTDOMAINMAX=", 14) == 0)
802 sx->peer_limit_rcptdom = atoi(CS (s += 14));
803 while (isdigit(*s)) s++;
806 while (*s && !isspace(*s)) s++;
810 /* Apply given values to the current connection */
812 ehlo_limits_apply(smtp_context * sx,
813 unsigned limit_mail, unsigned limit_rcpt, unsigned limit_rcptdom)
815 if (limit_mail && limit_mail < sx->max_mail) sx->max_mail = limit_mail;
816 if (limit_rcpt && limit_rcpt < sx->max_rcpt) sx->max_rcpt = limit_rcpt;
819 DEBUG(D_transport) debug_printf("will treat as !multi_domain\n");
820 sx->single_rcpt_domain = TRUE;
824 /* Apply values from EHLO-resp to the current connection */
826 ehlo_response_limits_apply(smtp_context * sx)
828 ehlo_limits_apply(sx, sx->peer_limit_mail, sx->peer_limit_rcpt,
829 sx->peer_limit_rcptdom);
832 /* Apply values read from cache to the current connection */
834 ehlo_cache_limits_apply(smtp_context * sx)
836 ehlo_limits_apply(sx, sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
837 sx->ehlo_resp.limit_rcptdom);
841 /******************************************************************************/
843 #ifndef DISABLE_PIPE_CONNECT
845 ehlo_cache_key(const smtp_context * sx)
847 host_item * host = sx->conn_args.host;
848 return Ustrchr(host->address, ':')
849 ? string_sprintf("[%s]:%d.EHLO", host->address,
850 host->port == PORT_NONE ? sx->port : host->port)
851 : string_sprintf("%s:%d.EHLO", host->address,
852 host->port == PORT_NONE ? sx->port : host->port);
855 /* Cache EHLO-response info for use by early-pipe.
857 - During a normal flow on EHLO response (either cleartext or under TLS),
858 when we are willing to do PIPECONNECT and it is offered
859 - During an early-pipe flow on receiving the actual EHLO response and noting
860 disparity versus the cached info used, when PIPECONNECT is still being offered
862 We assume that suitable values have been set in the sx.ehlo_resp structure for
863 features and auths; we handle the copy of limits. */
866 write_ehlo_cache_entry(smtp_context * sx)
868 open_db dbblock, * dbm_file;
870 #ifdef EXPERIMENTAL_ESMTP_LIMITS
871 sx->ehlo_resp.limit_mail = sx->peer_limit_mail;
872 sx->ehlo_resp.limit_rcpt = sx->peer_limit_rcpt;
873 sx->ehlo_resp.limit_rcptdom = sx->peer_limit_rcptdom;
876 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
878 uschar * ehlo_resp_key = ehlo_cache_key(sx);
879 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
882 #ifdef EXPERIMENTAL_ESMTP_LIMITS
883 if (sx->ehlo_resp.limit_mail || sx->ehlo_resp.limit_rcpt || sx->ehlo_resp.limit_rcptdom)
884 debug_printf("writing clr %04x/%04x cry %04x/%04x lim %05d/%05d/%05d\n",
885 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
886 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths,
887 sx->ehlo_resp.limit_mail, sx->ehlo_resp.limit_rcpt,
888 sx->ehlo_resp.limit_rcptdom);
891 debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
892 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
893 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
895 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
896 dbfn_close(dbm_file);
901 invalidate_ehlo_cache_entry(smtp_context * sx)
903 open_db dbblock, * dbm_file;
905 if ( sx->early_pipe_active
906 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
908 uschar * ehlo_resp_key = ehlo_cache_key(sx);
909 dbfn_delete(dbm_file, ehlo_resp_key);
910 dbfn_close(dbm_file);
915 read_ehlo_cache_entry(smtp_context * sx)
920 if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE, TRUE)))
921 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
924 uschar * ehlo_resp_key = ehlo_cache_key(sx);
925 dbdata_ehlo_resp * er;
927 if (!(er = dbfn_read_enforce_length(dbm_file, ehlo_resp_key, sizeof(dbdata_ehlo_resp))))
928 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
929 else if (time(NULL) - er->time_stamp > retry_data_expire)
931 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
932 dbfn_close(dbm_file);
933 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE, TRUE)))
934 dbfn_delete(dbm_file, ehlo_resp_key);
939 #ifdef EXPERIMENTAL_ESMTP_LIMITS
940 if (er->data.limit_mail || er->data.limit_rcpt || er->data.limit_rcptdom)
941 debug_printf("EHLO response bits from cache:"
942 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x lim %05d/%05d/%05d\n",
943 er->data.cleartext_features, er->data.cleartext_auths,
944 er->data.crypted_features, er->data.crypted_auths,
945 er->data.limit_mail, er->data.limit_rcpt, er->data.limit_rcptdom);
948 debug_printf("EHLO response bits from cache:"
949 " cleartext 0x%04x/0x%04x crypted 0x%04x/0x%04x\n",
950 er->data.cleartext_features, er->data.cleartext_auths,
951 er->data.crypted_features, er->data.crypted_auths);
953 sx->ehlo_resp = er->data;
954 #ifdef EXPERIMENTAL_ESMTP_LIMITS
955 ehlo_cache_limits_apply(sx);
957 dbfn_close(dbm_file);
960 dbfn_close(dbm_file);
967 /* Return an auths bitmap for the set of AUTH methods offered by the server
968 which match our authenticators. */
970 static unsigned short
971 study_ehlo_auths(smtp_context * sx)
976 unsigned short authbits = 0;
978 if (!sx->esmtp) return 0;
979 if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
980 if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
981 expand_nmax = -1; /* reset */
982 names = string_copyn(expand_nstring[1], expand_nlength[1]);
984 for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
986 const uschar * list = names;
988 for (int sep = ' '; s = string_nextinlist(&list, &sep, NULL, 0); )
989 if (strcmpic(au->public_name, s) == 0)
990 { authbits |= BIT(authnum); break; }
994 debug_printf("server offers %s AUTH, methods '%s', bitmap 0x%04x\n",
995 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
997 if (tls_out.active.sock >= 0)
998 sx->ehlo_resp.crypted_auths = authbits;
1000 sx->ehlo_resp.cleartext_auths = authbits;
1007 /* Grab a string differentiating server behind a loadbalancer, for TLS
1008 resumption when such servers do not share a session-cache */
1011 ehlo_response_lbserver(smtp_context * sx, smtp_transport_options_block * ob)
1013 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
1015 uschar * save_item = iterate_item;
1017 if (sx->conn_args.have_lbserver)
1019 iterate_item = sx->buffer;
1020 s = expand_cstring(ob->host_name_extract);
1021 iterate_item = save_item;
1022 sx->conn_args.host_lbserver = s && !*s ? NULL : s;
1023 sx->conn_args.have_lbserver = TRUE;
1029 /* Wait for and check responses for early-pipelining.
1031 Called from the lower-level smtp_read_response() function
1032 used for general code that assume synchronisation, if context
1033 flags indicate outstanding early-pipelining commands. Also
1034 called fom sync_responses() which handles pipelined commands.
1037 sx smtp connection context
1038 countp number of outstanding responses, adjusted on return
1042 DEFER error on first read of TLS'd conn
1043 FAIL SMTP error in response
1046 smtp_reap_early_pipe(smtp_context * sx, int * countp)
1048 BOOL pending_BANNER = sx->pending_BANNER;
1049 BOOL pending_EHLO = sx->pending_EHLO;
1052 sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
1053 sx->pending_EHLO = FALSE;
1057 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
1059 if (!smtp_reap_banner(sx))
1061 DEBUG(D_transport) debug_printf("bad banner\n");
1062 if (tls_out.active.sock >= 0) rc = DEFER;
1065 /*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
1066 ehlo_response_lbserver(sx, sx->conn_args.ob);
1071 unsigned peer_offered;
1072 unsigned short authbits = 0, * ap;
1074 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
1076 if (!smtp_reap_ehlo(sx))
1078 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
1079 if (tls_out.active.sock >= 0) rc = DEFER;
1083 /* Compare the actual EHLO response extensions and AUTH methods to the cached
1084 value we assumed; on difference, dump or rewrite the cache and arrange for a
1087 ap = tls_out.active.sock < 0
1088 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
1090 peer_offered = ehlo_response(sx->buffer,
1091 (tls_out.active.sock < 0 ? OPTION_TLS : 0)
1092 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
1093 | OPTION_UTF8 | OPTION_EARLY_PIPE
1095 #ifdef EXPERIMENTAL_ESMTP_LIMITS
1096 if (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1097 ehlo_response_limits_read(sx);
1099 if ( peer_offered != sx->peer_offered
1100 || (authbits = study_ehlo_auths(sx)) != *ap)
1103 debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1104 tls_out.active.sock < 0 ? "cleartext" : "crypted",
1105 sx->peer_offered, *ap, peer_offered, authbits);
1106 if (peer_offered & OPTION_EARLY_PIPE)
1108 *(tls_out.active.sock < 0
1109 ? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) =
1112 write_ehlo_cache_entry(sx);
1115 invalidate_ehlo_cache_entry(sx);
1117 return OK; /* just carry on */
1119 #ifdef EXPERIMENTAL_ESMTP_LIMITS
1120 /* If we are handling LIMITS, compare the actual EHLO LIMITS values with the
1121 cached values and invalidate cache if different. OK to carry on with
1122 connect since values are advisory. */
1124 if ( (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
1125 && ( sx->peer_limit_mail != sx->ehlo_resp.limit_mail
1126 || sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt
1127 || sx->peer_limit_rcptdom != sx->ehlo_resp.limit_rcptdom
1132 debug_printf("EHLO LIMITS changed:");
1133 if (sx->peer_limit_mail != sx->ehlo_resp.limit_mail)
1134 debug_printf(" MAILMAX %u -> %u\n", sx->ehlo_resp.limit_mail, sx->peer_limit_mail);
1135 else if (sx->peer_limit_rcpt != sx->ehlo_resp.limit_rcpt)
1136 debug_printf(" RCPTMAX %u -> %u\n", sx->ehlo_resp.limit_rcpt, sx->peer_limit_rcpt);
1138 debug_printf(" RCPTDOMAINMAX %u -> %u\n", sx->ehlo_resp.limit_rcptdom, sx->peer_limit_rcptdom);
1140 invalidate_ehlo_cache_entry(sx);
1148 invalidate_ehlo_cache_entry(sx);
1149 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
1152 #endif /*!DISABLE_PIPE_CONNECT*/
1155 /*************************************************
1156 * Synchronize SMTP responses *
1157 *************************************************/
1159 /* This function is called from smtp_deliver() to receive SMTP responses from
1160 the server, and match them up with the commands to which they relate. When
1161 PIPELINING is not in use, this function is called after every command, and is
1162 therefore somewhat over-engineered, but it is simpler to use a single scheme
1163 that works both with and without PIPELINING instead of having two separate sets
1166 The set of commands that are buffered up with pipelining may start with MAIL
1167 and may end with DATA; in between are RCPT commands that correspond to the
1168 addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1169 etc.) are never buffered.
1171 Errors after MAIL or DATA abort the whole process leaving the response in the
1172 buffer. After MAIL, pending responses are flushed, and the original command is
1173 re-instated in big_buffer for error messages. For RCPT commands, the remote is
1174 permitted to reject some recipient addresses while accepting others. However
1175 certain errors clearly abort the whole process. Set the value in
1176 transport_return to PENDING_OK if the address is accepted. If there is a
1177 subsequent general error, it will get reset accordingly. If not, it will get
1178 converted to OK at the end.
1181 sx smtp connection context
1182 count the number of responses to read
1183 pending_DATA 0 if last command sent was not DATA
1184 +1 if previously had a good recipient
1185 -1 if not previously had a good recipient
1187 Returns: 3 if at least one address had 2xx and one had 5xx
1188 2 if at least one address had 5xx but none had 2xx
1189 1 if at least one host had a 2xx response, but none had 5xx
1190 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1191 -1 timeout while reading RCPT response
1192 -2 I/O or other non-response error for RCPT
1193 -3 DATA or MAIL failed - errno and buffer set
1194 -4 banner or EHLO failed (early-pipelining)
1195 -5 banner or EHLO failed (early-pipelining, TLS)
1199 sync_responses(smtp_context * sx, int count, int pending_DATA)
1201 address_item * addr = sx->sync_addr;
1202 smtp_transport_options_block * ob = sx->conn_args.ob;
1205 #ifndef DISABLE_PIPE_CONNECT
1207 if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
1208 return rc == FAIL ? -4 : -5;
1211 /* Handle the response for a MAIL command. On error, reinstate the original
1212 command in big_buffer for error message use, and flush any further pending
1213 responses before returning, except after I/O errors and timeouts. */
1215 if (sx->pending_MAIL)
1217 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
1219 sx->pending_MAIL = sx->RCPT_452 = FALSE;
1220 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1221 '2', ob->command_timeout))
1223 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
1224 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
1225 if (errno == ERRNO_TLSFAILURE)
1227 if (errno == 0 && sx->buffer[0] != 0)
1230 if (sx->buffer[0] == '4')
1232 save_errno = ERRNO_MAIL4XX;
1233 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1235 count = smtp_discard_responses(sx, ob, count);
1239 if (pending_DATA) count--; /* Number of RCPT responses to come */
1240 while (count-- > 0) /* Mark any pending addrs with the host used */
1242 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
1243 addr->host_used = sx->conn_args.host;
1250 if (pending_DATA) count--; /* Number of RCPT responses to come */
1252 /* Read and handle the required number of RCPT responses, matching each one up
1253 with an address by scanning for the next address whose status is PENDING_DEFER.
1258 while (addr->transport_return != PENDING_DEFER)
1259 if (!(addr = addr->next))
1262 /* The address was accepted */
1263 addr->host_used = sx->conn_args.host;
1265 DEBUG(D_transport) debug_printf("%s expect rcpt for %s\n", __FUNCTION__, addr->address);
1266 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1267 '2', ob->command_timeout))
1270 addr->transport_return = PENDING_OK;
1272 /* If af_dr_retry_exists is set, there was a routing delay on this address;
1273 ensure that any address-specific retry record is expunged. We do this both
1274 for the basic key and for the version that also includes the sender. */
1276 if (testflag(addr, af_dr_retry_exists))
1278 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1280 retry_add_item(addr, altkey, rf_delete);
1281 retry_add_item(addr, addr->address_retry_key, rf_delete);
1285 /* Error on first TLS read */
1287 else if (errno == ERRNO_TLSFAILURE)
1290 /* Timeout while reading the response */
1292 else if (errno == ETIMEDOUT)
1294 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
1295 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1296 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE, &sx->delivery_start);
1297 retry_add_item(addr, addr->address_retry_key, 0);
1298 update_waiting = FALSE;
1302 /* Handle other errors in obtaining an SMTP response by returning -1. This
1303 will cause all the addresses to be deferred. Restore the SMTP command in
1304 big_buffer for which we are checking the response, so the error message
1307 else if (errno != 0 || sx->buffer[0] == 0)
1309 gstring gs = { .size = big_buffer_size, .ptr = 0, .s = big_buffer }, * g = &gs;
1311 /* Use taint-unchecked routines for writing into big_buffer, trusting
1312 that we'll never expand it. */
1314 g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "RCPT TO:<%s>",
1315 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
1316 string_from_gstring(g);
1320 /* Handle SMTP permanent and temporary response codes. */
1325 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
1326 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
1327 string_printing(sx->buffer));
1328 setflag(addr, af_pass_message);
1330 msglog_line(sx->conn_args.host, addr->message);
1332 /* The response was 5xx */
1334 if (sx->buffer[0] == '5')
1336 addr->transport_return = FAIL;
1340 /* The response was 4xx */
1344 addr->transport_return = DEFER;
1345 addr->basic_errno = ERRNO_RCPT4XX;
1346 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1350 #ifndef DISABLE_EVENT
1351 event_defer_errno = addr->more_errno;
1352 msg_event_raise(US"msg:rcpt:host:defer", addr);
1354 /* If a 452 and we've had at least one 2xx or 5xx, set next_addr to the
1355 start point for another MAIL command. */
1357 if (addr->more_errno >> 8 == 52 && yield & 3)
1359 if (!sx->RCPT_452) /* initialised at MAIL-ack above */
1362 debug_printf("%s: seen first 452 too-many-rcpts\n", __FUNCTION__);
1363 sx->RCPT_452 = TRUE;
1364 sx->next_addr = addr;
1366 addr->transport_return = PENDING_DEFER;
1367 addr->basic_errno = 0;
1371 /* Log temporary errors if there are more hosts to be tried.
1372 If not, log this last one in the == line. */
1374 if (sx->conn_args.host->next)
1375 if (LOGGING(outgoing_port))
1376 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1377 sx->conn_args.host->address,
1378 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1380 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1381 sx->conn_args.host->address, addr->message);
1383 #ifndef DISABLE_EVENT
1385 msg_event_raise(US"msg:rcpt:defer", addr);
1388 /* Do not put this message on the list of those waiting for specific
1389 hosts, as otherwise it is likely to be tried too often. */
1391 update_waiting = FALSE;
1393 /* Add a retry item for the address so that it doesn't get tried again
1394 too soon. If address_retry_include_sender is true, add the sender address
1395 to the retry key. */
1397 retry_add_item(addr,
1398 ob->address_retry_include_sender
1399 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1400 : addr->address_retry_key,
1406 if (count && !(addr = addr->next))
1408 } /* Loop for next RCPT response */
1410 /* Update where to start at for the next block of responses, unless we
1411 have already handled all the addresses. */
1413 if (addr) sx->sync_addr = addr->next;
1415 /* Handle a response to DATA. If we have not had any good recipients, either
1416 previously or in this block, the response is ignored. */
1418 if (pending_DATA != 0)
1420 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
1421 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
1422 '3', ob->command_timeout))
1428 if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
1431 if (pending_DATA > 0 || (yield & 1) != 0)
1433 if (errno == 0 && sx->buffer[0] == '4')
1435 errno = ERRNO_DATA4XX;
1436 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1440 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
1441 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1442 "is in use and there were no good recipients\n", msg);
1446 /* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1447 present) received 3xx. If any RCPTs were handled and yielded anything other
1448 than 4xx, yield will be set non-zero. */
1457 /* Try an authenticator's client entry */
1460 try_authenticator(smtp_context * sx, auth_instance * au)
1462 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1463 host_item * host = sx->conn_args.host; /* host to deliver to */
1466 /* Set up globals for error messages */
1468 authenticator_name = au->name;
1469 driver_srcfile = au->srcfile;
1470 driver_srcline = au->srcline;
1472 sx->outblock.authenticating = TRUE;
1473 rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1474 sx->buffer, sizeof(sx->buffer));
1475 sx->outblock.authenticating = FALSE;
1476 driver_srcfile = authenticator_name = NULL; driver_srcline = 0;
1477 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1479 /* A temporary authentication failure must hold up delivery to
1480 this host. After a permanent authentication failure, we carry on
1481 to try other authentication methods. If all fail hard, try to
1482 deliver the message unauthenticated unless require_auth was set. */
1487 f.smtp_authenticated = TRUE; /* stops the outer loop */
1488 client_authenticator = au->name;
1489 if (au->set_client_id)
1490 client_authenticated_id = expand_string(au->set_client_id);
1493 /* Failure after writing a command */
1498 /* Failure after reading a response */
1501 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1502 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1503 au->name, host->name, host->address, sx->buffer);
1506 /* Failure by some other means. In effect, the authenticator
1507 decided it wasn't prepared to handle this case. Typically this
1508 is the result of "fail" in an expansion string. Do we need to
1509 log anything here? Feb 2006: a message is now put in the buffer
1510 if logging is required. */
1513 if (*sx->buffer != 0)
1514 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1515 "authentication H=%s [%s] %s", au->name, host->name,
1516 host->address, sx->buffer);
1519 /* Internal problem, message in buffer. */
1522 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1523 DEFER, FALSE, &sx->delivery_start);
1532 /* Do the client side of smtp-level authentication.
1535 sx smtp connection context
1537 sx->buffer should have the EHLO response from server (gets overwritten)
1540 OK Success, or failed (but not required): global "smtp_authenticated" set
1541 DEFER Failed authentication (and was required)
1542 ERROR Internal problem
1544 FAIL_SEND Failed communications - transmit
1549 smtp_auth(smtp_context * sx)
1551 host_item * host = sx->conn_args.host; /* host to deliver to */
1552 smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1553 int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1554 #ifndef DISABLE_PIPE_CONNECT
1555 unsigned short authbits = tls_out.active.sock >= 0
1556 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1558 uschar * fail_reason = US"server did not advertise AUTH support";
1560 f.smtp_authenticated = FALSE;
1561 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
1564 regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
1566 /* Is the server offering AUTH? */
1570 #ifndef DISABLE_PIPE_CONNECT
1571 sx->early_pipe_active ? authbits
1574 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1577 uschar * names = NULL;
1578 expand_nmax = -1; /* reset */
1580 #ifndef DISABLE_PIPE_CONNECT
1581 if (!sx->early_pipe_active)
1583 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1585 /* Must not do this check until after we have saved the result of the
1586 regex match above as the check could be another RE. */
1588 if ( require_auth == OK
1589 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
1591 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
1592 fail_reason = US"no common mechanisms were found";
1594 #ifndef DISABLE_PIPE_CONNECT
1595 if (sx->early_pipe_active)
1597 /* Scan our authenticators (which support use by a client and were offered
1598 by the server (checked at cache-write time)), not suppressed by
1599 client_condition. If one is found, attempt to authenticate by calling its
1600 client function. We are limited to supporting up to 16 authenticator
1601 public-names by the number of bits in a short. */
1607 for (bitnum = 0, au = auths;
1608 !f.smtp_authenticated && au && bitnum < 16;
1609 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1611 if ( au->client_condition
1612 && !expand_check_condition(au->client_condition, au->name,
1613 US"client authenticator"))
1615 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1616 au->name, "client_condition is false");
1620 /* Found data for a listed mechanism. Call its client entry. Set
1621 a flag in the outblock so that data is overwritten after sending so
1622 that reflections don't show it. */
1624 fail_reason = US"authentication attempt(s) failed";
1626 if ((rc = try_authenticator(sx, au)) != OK)
1633 /* Scan the configured authenticators looking for one which is configured
1634 for use as a client, which is not suppressed by client_condition, and
1635 whose name matches an authentication mechanism supported by the server.
1636 If one is found, attempt to authenticate by calling its client function.
1639 for (auth_instance * au = auths; !f.smtp_authenticated && au; au = au->next)
1644 || ( au->client_condition
1645 && !expand_check_condition(au->client_condition, au->name,
1646 US"client authenticator")))
1648 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1650 (au->client)? "client_condition is false" :
1651 "not configured as a client");
1655 /* Loop to scan supported server mechanisms */
1659 int len = Ustrlen(au->public_name);
1662 while (isspace(*p)) p++;
1664 if (strncmpic(au->public_name, p, len) != 0 ||
1665 (p[len] != 0 && !isspace(p[len])))
1667 while (*p != 0 && !isspace(*p)) p++;
1671 /* Found data for a listed mechanism. Call its client entry. Set
1672 a flag in the outblock so that data is overwritten after sending so
1673 that reflections don't show it. */
1675 fail_reason = US"authentication attempt(s) failed";
1677 if ((rc = try_authenticator(sx, au)) != OK)
1680 break; /* If not authenticated, try next authenticator */
1681 } /* Loop for scanning supported server mechanisms */
1682 } /* Loop for further authenticators */
1686 /* If we haven't authenticated, but are required to, give up. */
1688 if (require_auth == OK && !f.smtp_authenticated)
1690 #ifndef DISABLE_PIPE_CONNECT
1691 invalidate_ehlo_cache_entry(sx);
1693 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
1694 string_sprintf("authentication required but %s", fail_reason), DEFER,
1695 FALSE, &sx->delivery_start);
1703 /* Construct AUTH appendix string for MAIL TO */
1706 sx context for smtp connection
1707 p point in sx->buffer to build string
1708 addrlist chain of potential addresses to deliver
1710 Globals f.smtp_authenticated
1711 client_authenticated_sender
1712 Return True on error, otherwise buffer has (possibly empty) terminated string
1716 smtp_mail_auth_str(smtp_context * sx, uschar * p, address_item * addrlist)
1718 smtp_transport_options_block * ob = sx->conn_args.ob;
1719 uschar * local_authenticated_sender = authenticated_sender;
1722 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n",
1723 authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
1726 if (ob->authenticated_sender)
1728 uschar * new = expand_string(ob->authenticated_sender);
1731 if (!f.expand_string_forcedfail)
1733 uschar *message = string_sprintf("failed to expand "
1734 "authenticated_sender: %s", expand_string_message);
1735 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
1740 local_authenticated_sender = new;
1743 /* Add the authenticated sender address if present */
1745 if ( (f.smtp_authenticated || ob->authenticated_sender_force)
1746 && local_authenticated_sender)
1748 string_format_nt(p, sizeof(sx->buffer) - (p-sx->buffer), " AUTH=%s",
1749 auth_xtextencode(local_authenticated_sender,
1750 Ustrlen(local_authenticated_sender)));
1751 client_authenticated_sender = string_copy(local_authenticated_sender);
1761 typedef struct smtp_compare_s
1763 uschar * current_sender_address;
1764 struct transport_instance * tblock;
1768 /* Create a unique string that identifies this message, it is based on
1769 sender_address, helo_data and tls_certificate if enabled.
1773 smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1775 address_item * addr1;
1776 uschar * if1 = US"";
1777 uschar * helo1 = US"";
1779 uschar * tlsc1 = US"";
1781 uschar * save_sender_address = sender_address;
1782 uschar * local_identity = NULL;
1783 smtp_transport_options_block * ob = SOB tblock->options_block;
1785 sender_address = sender;
1787 addr1 = deliver_make_addr (sender, TRUE);
1788 deliver_set_expansions(addr1);
1791 if1 = expand_string(ob->interface);
1794 helo1 = expand_string(ob->helo_data);
1797 if (ob->tls_certificate)
1798 tlsc1 = expand_string(ob->tls_certificate);
1799 local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1801 local_identity = string_sprintf ("%s^%s", if1, helo1);
1804 deliver_set_expansions(NULL);
1805 sender_address = save_sender_address;
1807 return local_identity;
1812 /* This routine is a callback that is called from transport_check_waiting.
1813 This function will evaluate the incoming message versus the previous
1814 message. If the incoming message is using a different local identity then
1815 we will veto this new message. */
1818 smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1820 uschar * message_local_identity,
1821 * current_local_identity,
1822 * new_sender_address;
1824 current_local_identity =
1825 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
1827 if (!(new_sender_address = spool_sender_from_msgid(message_id)))
1831 message_local_identity =
1832 smtp_local_identity(new_sender_address, s_compare->tblock);
1834 return Ustrcmp(current_local_identity, message_local_identity) == 0;
1840 ehlo_response(uschar * buf, unsigned checks)
1842 PCRE2_SIZE bsize = Ustrlen(buf);
1843 pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
1845 /* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
1848 if ( checks & OPTION_TLS
1849 && pcre2_match(regex_STARTTLS,
1850 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1852 checks &= ~OPTION_TLS;
1854 if ( checks & OPTION_IGNQ
1855 && pcre2_match(regex_IGNOREQUOTA,
1856 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1857 checks &= ~OPTION_IGNQ;
1859 if ( checks & OPTION_CHUNKING
1860 && pcre2_match(regex_CHUNKING,
1861 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1862 checks &= ~OPTION_CHUNKING;
1864 #ifndef DISABLE_PRDR
1865 if ( checks & OPTION_PRDR
1866 && pcre2_match(regex_PRDR,
1867 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1869 checks &= ~OPTION_PRDR;
1872 if ( checks & OPTION_UTF8
1873 && pcre2_match(regex_UTF8,
1874 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1876 checks &= ~OPTION_UTF8;
1878 if ( checks & OPTION_DSN
1879 && pcre2_match(regex_DSN,
1880 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1881 checks &= ~OPTION_DSN;
1883 if ( checks & OPTION_PIPE
1884 && pcre2_match(regex_PIPELINING,
1885 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1886 checks &= ~OPTION_PIPE;
1888 if ( checks & OPTION_SIZE
1889 && pcre2_match(regex_SIZE,
1890 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1891 checks &= ~OPTION_SIZE;
1893 #ifndef DISABLE_PIPE_CONNECT
1894 if ( checks & OPTION_EARLY_PIPE
1895 && pcre2_match(regex_EARLY_PIPE,
1896 (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
1898 checks &= ~OPTION_EARLY_PIPE;
1900 pcre2_match_data_free(md);
1901 /* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
1907 /* Callback for emitting a BDAT data chunk header.
1909 If given a nonzero size, first flush any buffered SMTP commands
1910 then emit the command.
1912 Reap previous SMTP command responses if requested, and always reap
1913 the response from a previous BDAT command.
1916 tctx transport context
1917 chunk_size value for SMTP BDAT command
1919 tc_chunk_last add LAST option to SMTP BDAT command
1920 tc_reap_prev reap response to previous SMTP commands
1924 DEFER TLS error on first read (EHLO-resp); errno set
1928 smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1931 smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
1932 smtp_context * sx = tctx->smtp_context;
1936 /* Write SMTP chunk header command. If not reaping responses, note that
1937 there may be more writes (like, the chunk data) done soon. */
1941 #ifndef DISABLE_PIPE_CONNECT
1942 BOOL new_conn = !!(sx->outblock.conn_args);
1944 if((cmd_count = smtp_write_command(sx,
1945 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1946 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
1947 ) < 0) return ERROR;
1948 if (flags & tc_chunk_last)
1949 data_command = string_copy(big_buffer); /* Save for later error message */
1950 #ifndef DISABLE_PIPE_CONNECT
1951 /* That command write could have been the one that made the connection.
1952 Copy the fd from the client conn ctx (smtp transport specific) to the
1953 generic transport ctx. */
1956 tctx->u.fd = sx->outblock.cctx->sock;
1960 prev_cmd_count = cmd_count += sx->cmd_count;
1962 /* Reap responses for any previous, but not one we just emitted */
1966 if (sx->pending_BDAT)
1969 if (flags & tc_reap_prev && prev_cmd_count > 0)
1971 DEBUG(D_transport) debug_printf("look for %d responses"
1972 " for previous pipelined cmds\n", prev_cmd_count);
1974 switch(sync_responses(sx, prev_cmd_count, 0))
1976 case 1: /* 2xx (only) => OK */
1977 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1978 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
1979 case 0: break; /* No 2xx or 5xx, but no probs */
1981 case -5: errno = ERRNO_TLSFAILURE;
1983 #ifndef DISABLE_PIPE_CONNECT
1984 case -4: /* non-2xx for pipelined banner or EHLO */
1986 case -1: /* Timeout on RCPT */
1987 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1990 if (!sx->pending_BDAT)
1991 pipelining_active = FALSE;
1994 /* Reap response for an outstanding BDAT */
1996 if (sx->pending_BDAT)
1998 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
2000 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
2001 ob->command_timeout))
2003 if (errno == 0 && sx->buffer[0] == '4')
2005 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
2006 sx->addrlist->more_errno |=
2007 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
2012 sx->pending_BDAT = FALSE;
2013 pipelining_active = FALSE;
2015 else if (chunk_size > 0)
2016 sx->pending_BDAT = TRUE;
2019 sx->cmd_count = cmd_count;
2027 check_force_dane_conn(smtp_context * sx, smtp_transport_options_block * ob)
2030 if( sx->dane_required
2031 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
2033 switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
2035 case OK: sx->conn_args.dane = TRUE;
2036 ob->tls_tempfail_tryclear = FALSE; /* force TLS */
2037 ob->tls_sni = sx->conn_args.host->name; /* force SNI */
2039 case FAIL_FORCED: break;
2040 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2041 string_sprintf("DANE error: tlsa lookup %s",
2043 rc, FALSE, &sx->delivery_start);
2044 # ifndef DISABLE_EVENT
2045 (void) event_raise(sx->conn_args.tblock->event_action,
2046 US"dane:fail", sx->dane_required
2047 ? US"dane-required" : US"dnssec-invalid",
2057 /*************************************************
2058 * Make connection for given message *
2059 *************************************************/
2063 sx connection context
2064 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
2065 a second attempt after TLS initialization fails
2067 Returns: OK - the connection was made and the delivery attempted;
2068 fd is set in the conn context, tls_out set up.
2069 DEFER - the connection could not be made, or something failed
2070 while setting up the SMTP session, or there was a
2071 non-message-specific error, such as a timeout.
2072 ERROR - helo_data or add_headers or authenticated_sender is
2073 specified for this transport, and the string failed
2077 smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
2079 smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
2080 BOOL pass_message = FALSE;
2081 uschar * message = NULL;
2084 uschar * tls_errstr;
2087 /* Many lines of clearing individual elements of *sx that used to
2088 be here have been replaced by a full memset to zero (de41aff051).
2089 There are two callers, this file and verify.c . Now we only set
2090 up nonzero elements. */
2092 sx->conn_args.ob = ob;
2094 sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
2095 sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
2096 sx->send_rset = TRUE;
2097 sx->send_quit = TRUE;
2098 sx->setting_up = TRUE;
2100 sx->dsn_all_lasthop = TRUE;
2103 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
2106 if ((sx->max_mail = sx->conn_args.tblock->connection_max_messages) == 0) sx->max_mail = 999999;
2107 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
2108 sx->igquotstr = US"";
2109 if (!sx->helo_data) sx->helo_data = ob->helo_data;
2111 smtp_command = US"initial connection";
2113 /* Set up the buffer for reading SMTP response packets. */
2115 sx->inblock.buffer = sx->inbuffer;
2116 sx->inblock.buffersize = sizeof(sx->inbuffer);
2117 sx->inblock.ptr = sx->inbuffer;
2118 sx->inblock.ptrend = sx->inbuffer;
2120 /* Set up the buffer for holding SMTP commands while pipelining */
2122 sx->outblock.buffer = sx->outbuffer;
2123 sx->outblock.buffersize = sizeof(sx->outbuffer);
2124 sx->outblock.ptr = sx->outbuffer;
2126 /* Reset the parameters of a TLS session. */
2129 tls_out.cipher = NULL; /* the one we may use for this transport */
2130 tls_out.ourcert = NULL;
2131 tls_out.peercert = NULL;
2132 tls_out.peerdn = NULL;
2136 tls_out.ocsp = OCSP_NOT_REQ;
2137 #ifndef DISABLE_TLS_RESUME
2138 tls_out.resumption = 0;
2142 /* Flip the legacy TLS-related variables over to the outbound set in case
2143 they're used in the context of the transport. Don't bother resetting
2144 afterward (when being used by a transport) as we're in a subprocess.
2145 For verify, unflipped once the callout is dealt with */
2147 tls_modify_variables(&tls_out);
2152 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
2153 DEFER, FALSE, &sx->delivery_start);
2158 /* If we have a proxied TLS connection, check usability for this message */
2160 if (continue_hostname && continue_proxy_cipher)
2163 const uschar * sni = US"";
2165 # ifdef SUPPORT_DANE
2166 /* Check if the message will be DANE-verified; if so force TLS and its SNI */
2168 tls_out.dane_verified = FALSE;
2169 smtp_port_for_connect(sx->conn_args.host, sx->port);
2170 if ( sx->conn_args.host->dnssec == DS_YES
2171 && (rc = check_force_dane_conn(sx, ob)) != OK
2176 /* If the SNI or the DANE status required for the new message differs from the
2177 existing conn drop the connection to force a new one. */
2179 if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni)))
2180 log_write(0, LOG_MAIN|LOG_PANIC,
2181 "<%s>: failed to expand transport's tls_sni value: %s",
2182 sx->addrlist->address, expand_string_message);
2184 # ifdef SUPPORT_DANE
2185 if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
2186 && continue_proxy_dane == sx->conn_args.dane)
2188 tls_out.sni = US sni;
2189 if ((tls_out.dane_verified = continue_proxy_dane))
2190 sx->conn_args.host->dnssec = DS_YES;
2193 if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
2194 tls_out.sni = US sni;
2199 debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");
2201 smtp_debug_cmd(US"QUIT", 0);
2202 write(0, "QUIT\r\n", 6);
2204 continue_hostname = continue_proxy_cipher = NULL;
2205 f.continue_more = FALSE;
2206 continue_sequence = 1; /* Unfortunately, this process cannot affect success log
2207 which is done by delivery proc. Would have to pass this
2208 back through reporting pipe. */
2211 #endif /*!DISABLE_TLS*/
2213 /* Make a connection to the host if this isn't a continued delivery, and handle
2214 the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2215 specially so they can be identified for retries. */
2217 if (!continue_hostname)
2220 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
2222 /* Arrange to report to calling process this is a new connection */
2224 clearflag(sx->first_addr, af_cont_conn);
2225 setflag(sx->first_addr, af_new_conn);
2227 /* Get the actual port the connection will use, into sx->conn_args.host */
2229 smtp_port_for_connect(sx->conn_args.host, sx->port);
2232 /* Do TLSA lookup for DANE */
2234 tls_out.dane_verified = FALSE;
2235 tls_out.tlsa_usage = 0;
2237 if (sx->conn_args.host->dnssec == DS_YES)
2240 if ((rc = check_force_dane_conn(sx, ob)) != OK)
2243 else if (sx->dane_required)
2245 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2246 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
2247 FAIL, FALSE, &sx->delivery_start);
2248 # ifndef DISABLE_EVENT
2249 (void) event_raise(sx->conn_args.tblock->event_action,
2250 US"dane:fail", US"dane-required", NULL);
2257 /* Make the TCP connection */
2259 sx->cctx.tls_ctx = NULL;
2260 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2261 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2262 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom =
2264 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
2265 #ifndef DISABLE_CLIENT_CMD_LOG
2266 client_cmd_log = NULL;
2269 #ifndef DISABLE_PIPE_CONNECT
2270 if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect,
2271 sx->conn_args.host) == OK)
2273 /* We don't find out the local ip address until the connect, so if
2274 the helo string might use it avoid doing early-pipelining. */
2277 || sx->conn_args.interface
2278 || !Ustrstr(sx->helo_data, "$sending_ip_address")
2279 || Ustrstr(sx->helo_data, "def:sending_ip_address")
2282 sx->early_pipe_ok = TRUE;
2283 if ( read_ehlo_cache_entry(sx)
2284 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
2287 debug_printf("Using cached cleartext PIPECONNECT\n");
2288 sx->early_pipe_active = TRUE;
2289 sx->peer_offered = sx->ehlo_resp.cleartext_features;
2292 else DEBUG(D_transport)
2293 debug_printf("helo needs $sending_ip_address; avoid early-pipelining\n");
2296 if (sx->early_pipe_active)
2298 sx->outblock.conn_args = &sx->conn_args;
2299 (void) smtp_boundsock(&sx->conn_args);
2304 blob lazy_conn = {.data = NULL};
2305 /* For TLS-connect, a TFO lazy-connect is useful since the Client Hello
2306 can go on the TCP SYN. */
2308 if ((sx->cctx.sock = smtp_connect(&sx->conn_args,
2309 sx->smtps ? &lazy_conn : NULL)) < 0)
2311 set_errno_nohost(sx->addrlist,
2312 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2313 sx->verify ? US strerror(errno) : NULL,
2314 DEFER, FALSE, &sx->delivery_start);
2315 sx->send_quit = FALSE;
2319 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2323 /* Expand the greeting message while waiting for the initial response. (Makes
2324 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2325 delayed till here so that $sending_ip_address and $sending_port are set.
2326 Those will be known even for a TFO lazy-connect, having been set by the bind().
2327 For early-pipe, we are ok if binding to a local interface; otherwise (if
2328 $sending_ip_address is seen in helo_data) we disabled early-pipe above. */
2331 if (!(sx->helo_data = expand_string(sx->helo_data)))
2333 log_write(0, LOG_MAIN|LOG_PANIC,
2334 "<%s>: failed to expand transport's helo_data value for callout: %s",
2335 sx->addrlist->address, expand_string_message);
2340 expand_string_message = NULL;
2341 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2342 &expand_string_message)),
2343 expand_string_message)
2345 log_write(0, LOG_MAIN|LOG_PANIC,
2346 "<%s>: failed to expand transport's helo_data value for callout: %s",
2347 sx->addrlist->address, expand_string_message);
2349 sx->helo_data = NULL;
2353 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2354 is nevertheless a reasonably clean way of programming this kind of logic,
2355 where you want to escape on any error. */
2359 #ifndef DISABLE_PIPE_CONNECT
2360 if (sx->early_pipe_active)
2362 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2363 sx->outblock.cmd_count = 1;
2368 if (!smtp_reap_banner(sx))
2369 goto RESPONSE_FAILED;
2372 #ifndef DISABLE_EVENT
2375 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2376 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2377 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer, NULL);
2380 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
2381 string_sprintf("deferred by smtp:connect event expansion: %s", s),
2382 DEFER, FALSE, &sx->delivery_start);
2389 /* Now check if the helo_data expansion went well, and sign off cleanly if
2394 message = string_sprintf("failed to expand helo_data: %s",
2395 expand_string_message);
2396 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2402 /** Debugging without sending a message
2403 sx->addrlist->transport_return = DEFER;
2407 /* Errors that occur after this point follow an SMTP command, which is
2408 left in big_buffer by smtp_write_command() for use in error messages. */
2410 smtp_command = big_buffer;
2412 /* Tell the remote who we are...
2414 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2415 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2416 greeting is of this form. The assumption was that the far end supports it
2417 properly... but experience shows that there are some that give 5xx responses,
2418 even though the banner includes "ESMTP" (there's a bloody-minded one that
2419 says "ESMTP not spoken here"). Cope with that case.
2421 September 2000: Time has passed, and it seems reasonable now to always send
2422 EHLO at the start. It is also convenient to make the change while installing
2425 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2426 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2427 would be no way to send out the mails, so there is now a host list
2428 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2429 PIPELINING problem as well. Maybe it can also be useful to cure other
2430 problems with broken servers.
2432 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2433 Then somebody tried it with a Microsoft mailer... It seems that all other
2434 mailers use upper case for some reason (the RFC is quite clear about case
2435 independence) so, for peace of mind, I gave in. */
2437 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
2439 /* Alas; be careful, since this goto is not an error-out, so conceivably
2440 we might set data between here and the target which we assume to exist
2441 and be usable. I can see this coming back to bite us. */
2445 smtp_peer_options |= OPTION_TLS;
2446 suppress_tls = FALSE;
2447 ob->tls_tempfail_tryclear = FALSE;
2448 smtp_command = US"SSL-on-connect";
2455 if (smtp_write_command(sx,
2456 #ifndef DISABLE_PIPE_CONNECT
2457 sx->early_pipe_active ? SCMD_BUFFER :
2460 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
2462 sx->esmtp_sent = TRUE;
2464 #ifndef DISABLE_PIPE_CONNECT
2465 if (sx->early_pipe_active)
2467 sx->pending_EHLO = TRUE;
2469 /* If we have too many authenticators to handle and might need to AUTH
2470 for this transport, pipeline no further as we will need the
2471 list of auth methods offered. Reap the banner and EHLO. */
2473 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2474 && f.smtp_in_early_pipe_no_auth)
2476 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2477 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2479 if (sync_responses(sx, 2, 0) != 0)
2482 debug_printf("failed reaping pipelined cmd responses\n");
2483 goto RESPONSE_FAILED;
2485 sx->early_pipe_active = FALSE;
2490 if (!smtp_reap_ehlo(sx))
2491 goto RESPONSE_FAILED;
2495 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2497 #ifndef DISABLE_PIPE_CONNECT
2498 if (!sx->early_pipe_active)
2503 int n = sizeof(sx->buffer);
2504 uschar * rsp = sx->buffer;
2506 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer) + 1) < sizeof(sx->buffer)/2)
2507 { rsp = sx->buffer + n; n = sizeof(sx->buffer) - n; }
2509 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2511 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
2512 #ifdef EXPERIMENTAL_DSN_INFO
2513 sx->helo_response = string_copy(rsp);
2517 /* Handle special logging for a closed connection after HELO
2518 when had previously sent EHLO */
2520 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2522 errno = ERRNO_SMTPCLOSED;
2523 goto EHLOHELO_FAILED;
2525 memmove(sx->buffer, rsp, Ustrlen(rsp));
2526 goto RESPONSE_FAILED;
2530 if (sx->esmtp || sx->lmtp)
2532 #ifndef DISABLE_PIPE_CONNECT
2533 if (!sx->early_pipe_active)
2536 sx->peer_offered = ehlo_response(sx->buffer,
2537 OPTION_TLS /* others checked later */
2538 #ifndef DISABLE_PIPE_CONNECT
2539 | (sx->early_pipe_ok
2541 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2550 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2551 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2553 ehlo_response_limits_read(sx);
2554 ehlo_response_limits_apply(sx);
2557 #ifndef DISABLE_PIPE_CONNECT
2558 if (sx->early_pipe_ok)
2560 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2562 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2563 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2565 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2566 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2567 write_ehlo_cache_entry(sx);
2571 ehlo_response_lbserver(sx, ob);
2574 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2577 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
2582 /* For continuing deliveries down the same channel, having re-exec'd the socket
2583 is the standard input; for a socket held open from verify it is recorded
2584 in the cutthrough context block. Either way we don't need to redo EHLO here
2585 (but may need to do so for TLS - see below).
2586 Set up the pointer to where subsequent commands will be left, for
2587 error messages. Note that smtp_peer_options will have been
2588 set from the command line if they were set in the process that passed the
2591 /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
2592 as the continue goes via transport_pass_socket() and doublefork and exec.
2593 It does not wait. Unclear how we keep separate host's responses
2594 separate - we could match up by host ip+port as a bodge. */
2598 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
2600 sx->cctx = cutthrough.cctx;
2601 sx->conn_args.host->port = sx->port = cutthrough.host.port;
2605 sx->cctx.sock = 0; /* stdin */
2606 sx->cctx.tls_ctx = NULL;
2607 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
2609 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
2610 smtp_command = big_buffer;
2611 sx->peer_offered = smtp_peer_options;
2612 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2613 /* Limits passed by cmdline over exec. */
2614 ehlo_limits_apply(sx,
2615 sx->peer_limit_mail = continue_limit_mail,
2616 sx->peer_limit_rcpt = continue_limit_rcpt,
2617 sx->peer_limit_rcptdom = continue_limit_rcptdom);
2619 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
2621 /* For a continued connection with TLS being proxied for us, or a
2622 held-open verify connection with TLS, nothing more to do. */
2624 if ( continue_proxy_cipher
2625 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2626 && cutthrough.is_tls)
2629 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
2630 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2631 continue_proxy_cipher ? "proxied" : "verify conn with");
2634 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
2637 /* If TLS is available on this connection, whether continued or not, attempt to
2638 start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2639 send another EHLO - the server may give a different answer in secure mode. We
2640 use a separate buffer for reading the response to STARTTLS so that if it is
2641 negative, the original EHLO data is available for subsequent analysis, should
2642 the client not be required to use TLS. If the response is bad, copy the buffer
2643 for error analysis. */
2646 if ( smtp_peer_options & OPTION_TLS
2648 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
2650 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
2653 uschar buffer2[4096];
2655 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
2658 #ifndef DISABLE_PIPE_CONNECT
2659 /* If doing early-pipelining reap the banner and EHLO-response but leave
2660 the response for the STARTTLS we just sent alone. On fail, assume wrong
2661 cached capability and retry with the pipelining disabled. */
2663 if (sx->early_pipe_active)
2665 if (sync_responses(sx, 2, 0) != 0)
2668 debug_printf("failed reaping pipelined cmd responses\n");
2669 close(sx->cctx.sock);
2671 sx->early_pipe_active = FALSE;
2672 goto PIPE_CONNECT_RETRY;
2677 /* If there is an I/O error, transmission of this message is deferred. If
2678 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2679 false, we also defer. However, if there is a temporary rejection of STARTTLS
2680 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2681 STARTTLS, we carry on. This means we will try to send the message in clear,
2682 unless the host is in hosts_require_tls (tested below). */
2684 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
2688 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
2691 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
2692 sx->buffer[sizeof(sx->buffer)-1] = '\0';
2693 goto RESPONSE_FAILED;
2697 /* STARTTLS accepted: try to negotiate a TLS session. */
2702 sx->conn_args.sending_ip_address = sending_ip_address;
2703 if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
2705 /* TLS negotiation failed; give an error. From outside, this function may
2706 be called again to try in clear on a new connection, if the options permit
2707 it for this host. */
2709 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
2711 # ifdef SUPPORT_DANE
2712 if (sx->conn_args.dane)
2714 log_write(0, LOG_MAIN,
2715 "DANE attempt failed; TLS connection to %s [%s]: %s",
2716 sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
2717 # ifndef DISABLE_EVENT
2718 (void) event_raise(sx->conn_args.tblock->event_action,
2719 US"dane:fail", US"validation-failure", NULL); /* could do with better detail */
2724 errno = ERRNO_TLSFAILURE;
2725 message = string_sprintf("TLS session: %s", tls_errstr);
2726 sx->send_quit = FALSE;
2729 sx->send_tlsclose = TRUE;
2731 /* TLS session is set up. Check the inblock fill level. If there is
2732 content then as we have not yet done a tls read it must have arrived before
2733 the TLS handshake, in-clear. That violates the sync requirement of the
2734 STARTTLS RFC, so fail. */
2736 if (sx->inblock.ptr != sx->inblock.ptrend)
2740 int i = sx->inblock.ptrend - sx->inblock.ptr;
2741 debug_printf("unused data in input buffer after ack for STARTTLS:\n"
2743 i > 100 ? 100 : i, sx->inblock.ptr, i > 100 ? "..." : "");
2745 tls_errstr = US"synch error before connect";
2746 goto TLS_CONN_FAILED;
2749 smtp_peer_options_wrap = smtp_peer_options;
2750 for (address_item * addr = sx->addrlist; addr; addr = addr->next)
2751 if (addr->transport_return == PENDING_DEFER)
2753 addr->cipher = tls_out.cipher;
2754 addr->ourcert = tls_out.ourcert;
2755 addr->peercert = tls_out.peercert;
2756 addr->peerdn = tls_out.peerdn;
2757 addr->ocsp = tls_out.ocsp;
2758 addr->tlsver = tls_out.ver;
2763 /* if smtps, we'll have smtp_command set to something else; always safe to
2765 smtp_command = big_buffer;
2767 /* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2768 helo_data is null, we are dealing with a connection that was passed from
2769 another process, and so we won't have expanded helo_data above. We have to
2770 expand it here. $sending_ip_address and $sending_port are set up right at the
2771 start of the Exim process (in exim.c). */
2773 if (tls_out.active.sock >= 0)
2775 uschar * greeting_cmd;
2777 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
2779 uschar *message = string_sprintf("failed to expand helo_data: %s",
2780 expand_string_message);
2781 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
2786 #ifndef DISABLE_PIPE_CONNECT
2787 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2788 We're unlikely to get the group sent and delivered before the server sends its
2789 banner, but it's still worth sending as a group.
2790 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2793 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2795 sx->peer_offered = sx->ehlo_resp.crypted_features;
2796 if ((sx->early_pipe_active =
2797 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2798 DEBUG(D_transport) debug_printf("Using cached crypted PIPECONNECT\n");
2801 #ifdef EXPERIMMENTAL_ESMTP_LIMITS
2802 /* As we are about to send another EHLO, forget any LIMITS received so far. */
2803 sx->peer_limit_mail = sx->peer_limit_rcpt = sx->peer_limit_rcptdom = 0;
2804 if ((sx->max_mail = sx->conn_args.tblock->connection_max_message) == 0) sx->max_mail = 999999;
2805 if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
2806 sx->single_rcpt_domain = FALSE;
2809 /* For SMTPS we need to wait for the initial OK response. */
2811 #ifndef DISABLE_PIPE_CONNECT
2812 if (sx->early_pipe_active)
2814 sx->pending_BANNER = TRUE;
2815 sx->outblock.cmd_count = 1;
2819 if (!smtp_reap_banner(sx))
2820 goto RESPONSE_FAILED;
2823 greeting_cmd = US"LHLO";
2825 greeting_cmd = US"EHLO";
2828 greeting_cmd = US"HELO";
2830 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
2833 if (smtp_write_command(sx,
2834 #ifndef DISABLE_PIPE_CONNECT
2835 sx->early_pipe_active ? SCMD_BUFFER :
2838 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
2841 #ifndef DISABLE_PIPE_CONNECT
2842 if (sx->early_pipe_active)
2843 sx->pending_EHLO = TRUE;
2847 if (!smtp_reap_ehlo(sx))
2850 /* The GnuTLS layer in Exim only spots a server-rejection of a client
2851 cert late, under TLS1.3 - which means here; the first time we try to
2852 receive crypted data. Treat it as if it was a connect-time failure.
2853 See also the early-pipe equivalent... which will be hard; every call
2854 to sync_responses will need to check the result.
2855 It would be nicer to have GnuTLS check the cert during the handshake.
2856 Can it do that, with all the flexibility we need? */
2858 tls_errstr = US"error on first read";
2859 goto TLS_CONN_FAILED;
2862 goto RESPONSE_FAILED;
2864 smtp_peer_options = 0;
2868 /* If the host is required to use a secure channel, ensure that we
2872 # ifdef SUPPORT_DANE
2873 || sx->conn_args.dane
2875 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
2878 errno = ERRNO_TLSREQUIRED;
2879 message = string_sprintf("a TLS session is required, but %s",
2880 smtp_peer_options & OPTION_TLS
2881 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
2882 # if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
2883 if (sx->conn_args.dane)
2884 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
2885 smtp_peer_options & OPTION_TLS
2886 ? US"validation-failure" /* could do with better detail */
2887 : US"starttls-not-supported",
2892 #endif /*DISABLE_TLS*/
2894 /* If TLS is active, we have just started it up and re-done the EHLO command,
2895 so its response needs to be analyzed. If TLS is not active and this is a
2896 continued session down a previously-used socket, we haven't just done EHLO, so
2899 if ( !continue_hostname
2901 || tls_out.active.sock >= 0
2905 if (sx->esmtp || sx->lmtp)
2907 #ifndef DISABLE_PIPE_CONNECT
2908 if (!sx->early_pipe_active)
2911 sx->peer_offered = ehlo_response(sx->buffer,
2913 #ifndef DISABLE_PIPE_CONNECT
2914 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2915 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2916 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
2917 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2921 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2924 # ifdef SUPPORT_I18N
2925 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
2926 /*XXX if we hand peercaps on to continued-conn processes,
2927 must not depend on this addr */
2931 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
2934 #ifndef DISABLE_PIPE_CONNECT
2935 if (tls_out.active.sock >= 0)
2936 sx->ehlo_resp.crypted_features = sx->peer_offered;
2939 #ifdef EXPERIMENTAL_ESMTP_LIMITS
2940 if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
2942 ehlo_response_limits_read(sx);
2943 ehlo_response_limits_apply(sx);
2948 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2949 lmtp_ignore_quota option was set. */
2951 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
2953 /* If the response to EHLO specified support for the SIZE parameter, note
2954 this, provided size_addition is non-negative. */
2956 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
2958 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2959 the current host, esmtp will be false, so PIPELINING can never be used. If
2960 the current host matches hosts_avoid_pipelining, don't do it. */
2962 if ( sx->peer_offered & OPTION_PIPE
2963 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
2964 smtp_peer_options |= OPTION_PIPE;
2966 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
2967 smtp_peer_options & OPTION_PIPE ? "" : "not ");
2969 if ( sx->peer_offered & OPTION_CHUNKING
2970 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) == OK)
2971 smtp_peer_options |= OPTION_CHUNKING;
2973 if (smtp_peer_options & OPTION_CHUNKING)
2974 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
2976 #ifndef DISABLE_PRDR
2977 if ( sx->peer_offered & OPTION_PRDR
2978 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) == OK)
2979 smtp_peer_options |= OPTION_PRDR;
2981 if (smtp_peer_options & OPTION_PRDR)
2982 DEBUG(D_transport) debug_printf("PRDR usable\n");
2985 /* Note if the server supports DSN */
2986 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2987 DEBUG(D_transport) debug_printf("%susing DSN\n",
2988 sx->peer_offered & OPTION_DSN ? "" : "not ");
2990 #ifndef DISABLE_PIPE_CONNECT
2991 if ( sx->early_pipe_ok
2992 && !sx->early_pipe_active
2993 && tls_out.active.sock >= 0
2994 && smtp_peer_options & OPTION_PIPE
2995 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
2996 & OPTION_EARLY_PIPE)
2998 DEBUG(D_transport) debug_printf("PIPECONNECT usable in future for this IP\n");
2999 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
3000 write_ehlo_cache_entry(sx);
3004 /* Note if the response to EHLO specifies support for the AUTH extension.
3005 If it has, check that this host is one we want to authenticate to, and do
3006 the business. The host name and address must be available when the
3007 authenticator's client driver is running. */
3009 switch (yield = smtp_auth(sx))
3011 default: goto SEND_QUIT;
3013 case FAIL_SEND: goto SEND_FAILED;
3014 case FAIL: goto RESPONSE_FAILED;
3018 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
3020 /* The setting up of the SMTP call is now complete. Any subsequent errors are
3021 message-specific. */
3023 sx->setting_up = FALSE;
3026 if (sx->addrlist->prop.utf8_msg)
3030 /* If the transport sets a downconversion mode it overrides any set by ACL
3033 if ((s = ob->utf8_downconvert))
3035 if (!(s = expand_string(s)))
3037 message = string_sprintf("failed to expand utf8_downconvert: %s",
3038 expand_string_message);
3039 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE, &sx->delivery_start);
3045 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
3046 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3048 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
3049 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
3051 case '-': if (s[1] == '1')
3053 sx->addrlist->prop.utf8_downcvt = FALSE;
3054 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
3060 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
3061 && !sx->addrlist->prop.utf8_downcvt_maybe;
3062 DEBUG(D_transport) if (!sx->utf8_needed)
3063 debug_printf("utf8: %s downconvert\n",
3064 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
3067 /* If this is an international message we need the host to speak SMTPUTF8 */
3068 if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
3070 errno = ERRNO_UTF8_FWD;
3071 goto RESPONSE_FAILED;
3073 #endif /*SUPPORT_I18N*/
3082 if (errno == ECONNREFUSED) /* first-read error on a TFO conn */
3084 /* There is a testing facility for simulating a connection timeout, as I
3085 can't think of any other way of doing this. It converts a connection
3086 refused into a timeout if the timeout is set to 999999. This is done for
3087 a 3whs connection in ip_connect(), but a TFO connection does not error
3088 there - instead it gets ECONNREFUSED on the first data read. Tracking
3089 that a TFO really was done is too hard, or we would set a
3090 sx->pending_conn_done bit and test that in smtp_reap_banner() and
3091 smtp_reap_ehlo(). That would let us also add the conn-timeout to the
3094 if (f.running_in_test_harness && ob->connect_timeout == 999999)
3096 set_errno_nohost(sx->addrlist,
3097 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
3098 sx->verify ? US strerror(errno) : NULL,
3099 DEFER, FALSE, &sx->delivery_start);
3100 sx->send_quit = FALSE;
3104 /* really an error on an SMTP read */
3106 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
3107 sx->buffer, &code, &message, &pass_message);
3113 message = US string_sprintf("smtp send to %s [%s] failed: %s",
3114 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
3115 sx->send_quit = FALSE;
3121 message = string_sprintf("Remote host closed connection in response to %s"
3122 " (EHLO response was: %s)", smtp_command, sx->buffer);
3123 sx->send_quit = FALSE;
3127 /* This label is jumped to directly when a TLS negotiation has failed,
3128 or was not done for a host for which it is required. Values will be set
3129 in message and errno, and setting_up will always be true. Treat as
3130 a temporary error. */
3134 code = '4', yield = DEFER;
3138 /* The failure happened while setting up the call; see if the failure was
3139 a 5xx response (this will either be on connection, or following HELO - a 5xx
3140 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
3141 fail all addresses, as this host is never going to accept them. For other
3142 errors during setting up (timeouts or whatever), defer all addresses, and
3143 yield DEFER, so that the host is not tried again for a while.
3145 XXX This peeking for another host feels like a layering violation. We want
3146 to note the host as unusable, but down here we shouldn't know if this was
3147 the last host to try for the addr(list). Perhaps the upper layer should be
3148 the one to do set_errno() ? The problem is that currently the addr is where
3149 errno etc. are stashed, but until we run out of hosts to try the errors are
3150 host-specific. Maybe we should enhance the host_item definition? */
3153 sx->ok = FALSE; /* For when reached by GOTO */
3154 set_errno(sx->addrlist, errno, message,
3155 sx->conn_args.host->next
3159 || errno == ERRNO_UTF8_FWD
3163 errno == ECONNREFUSED ? NULL : sx->conn_args.host,
3164 #ifdef EXPERIMENTAL_DSN_INFO
3165 sx->smtp_greeting, sx->helo_response,
3167 &sx->delivery_start);
3174 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
3177 if (sx->cctx.tls_ctx)
3179 if (sx->send_tlsclose)
3181 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
3182 sx->send_tlsclose = FALSE;
3184 sx->cctx.tls_ctx = NULL;
3188 /* Close the socket, and return the appropriate value, first setting
3189 works because the NULL setting is passed back to the calling process, and
3190 remote_max_parallel is forced to 1 when delivering over an existing connection,
3193 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
3196 shutdown(sx->cctx.sock, SHUT_WR);
3197 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
3198 for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
3199 i--; /* drain socket */
3200 sx->send_quit = FALSE;
3202 (void)close(sx->cctx.sock);
3205 #ifndef DISABLE_EVENT
3206 (void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL, NULL);
3209 smtp_debug_cmd_report();
3210 continue_transport = NULL;
3211 continue_hostname = NULL;
3218 /* Create the string of options that will be appended to the MAIL FROM:
3219 in the connection context buffer */
3222 build_mailcmd_options(smtp_context * sx, address_item * addrlist)
3224 uschar * p = sx->buffer;
3225 address_item * addr;
3230 /* If we know the receiving MTA supports the SIZE qualification, and we know it,
3231 send it, adding something to the message size to allow for imprecision
3232 and things that get added en route. Exim keeps the number of lines
3233 in a message, so we can give an accurate value for the original message, but we
3234 need some additional to handle added headers. (Double "." characters don't get
3235 included in the count.) */
3237 if ( message_size > 0
3238 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
3240 /*XXX problem here under spool_files_wireformat?
3241 Or just forget about lines? Or inflate by a fixed proportion? */
3243 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
3247 #ifndef DISABLE_PRDR
3248 /* If it supports Per-Recipient Data Responses, and we have more than one recipient,
3251 sx->prdr_active = FALSE;
3252 if (smtp_peer_options & OPTION_PRDR)
3253 for (address_item * addr = addrlist; addr; addr = addr->next)
3254 if (addr->transport_return == PENDING_DEFER)
3256 for (addr = addr->next; addr; addr = addr->next)
3257 if (addr->transport_return == PENDING_DEFER)
3258 { /* at least two recipients to send */
3259 sx->prdr_active = TRUE;
3260 sprintf(CS p, " PRDR"); p += 5;
3268 /* If it supports internationalised messages, and this meesage need that,
3271 if ( sx->peer_offered & OPTION_UTF8
3272 && addrlist->prop.utf8_msg
3273 && !addrlist->prop.utf8_downcvt
3275 Ustrcpy(p, US" SMTPUTF8"), p += 9;
3278 /* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3279 for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3280 addr && address_count < sx->max_rcpt; /*XXX maybe also || sx->single_rcpt_domain ? */
3281 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3284 if (!(addr->dsn_flags & rf_dsnlasthop))
3286 sx->dsn_all_lasthop = FALSE;
3291 /* Add any DSN flags to the mail command */
3293 if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
3295 if (dsn_ret == dsn_ret_hdrs)
3296 { Ustrcpy(p, US" RET=HDRS"); p += 9; }
3297 else if (dsn_ret == dsn_ret_full)
3298 { Ustrcpy(p, US" RET=FULL"); p += 9; }
3302 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3307 /* If an authenticated_sender override has been specified for this transport
3308 instance, expand it. If the expansion is forced to fail, and there was already
3309 an authenticated_sender for this message, the original value will be used.
3310 Other expansion failures are serious. An empty result is ignored, but there is
3311 otherwise no check - this feature is expected to be used with LMTP and other
3312 cases where non-standard addresses (e.g. without domains) might be required. */
3314 return smtp_mail_auth_str(sx, p, addrlist) ? ERROR : OK;
3319 build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3321 uschar * p = sx->buffer;
3324 /* Add any DSN flags to the rcpt command */
3326 if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
3328 if (addr->dsn_flags & rf_dsnflags)
3332 Ustrcpy(p, US" NOTIFY=");
3334 for (int i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
3336 if (!first) *p++ = ',';
3338 Ustrcpy(p, rf_names[i]);
3343 if (addr->dsn_orcpt)
3345 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3356 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3357 -1 MAIL response error
3358 -2 any non-MAIL read i/o error
3359 -3 non-MAIL response timeout
3360 -4 internal error; channel still usable
3365 smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3367 address_item * addr;
3368 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3369 address_item * restart_addr = NULL;
3371 int address_count, pipe_limit;
3374 if (build_mailcmd_options(sx, sx->first_addr) != OK)
3380 /* From here until we send the DATA command, we can make use of PIPELINING
3381 if the server host supports it. The code has to be able to check the responses
3382 at any point, for when the buffer fills up, so we write it totally generally.
3383 When PIPELINING is off, each command written reports that it has flushed the
3386 sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3389 uschar * s = sx->from_addr;
3391 uschar * errstr = NULL;
3393 /* If we must downconvert, do the from-address here. Remember we had to
3394 for the to-addresses (done below), and also (ugly) for re-doing when building
3395 the delivery log line. */
3397 if ( sx->addrlist->prop.utf8_msg
3398 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
3401 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3403 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE, &sx->delivery_start);
3407 setflag(sx->addrlist, af_utf8_downcvt);
3411 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
3412 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3415 mail_command = string_copy(big_buffer); /* Save for later error message */
3419 case -1: /* Transmission error */
3422 case +1: /* Cmd was sent */
3423 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
3424 (SOB sx->conn_args.ob)->command_timeout))
3426 if (errno == 0 && sx->buffer[0] == '4')
3428 errno = ERRNO_MAIL4XX;
3429 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3433 sx->pending_MAIL = FALSE;
3436 /* otherwise zero: command queued for pipeline */
3439 /* Pass over all the relevant recipient addresses for this host, which are the
3440 ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3441 several before we have to read the responses for those seen so far. This
3442 checking is done by a subroutine because it also needs to be done at the end.
3443 Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3444 the next one if not all are sent.
3446 In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3447 last address because we want to abort if any recipients have any kind of
3448 problem, temporary or permanent. We know that all recipient addresses will have
3449 the PENDING_DEFER status, because only one attempt is ever made, and we know
3450 that max_rcpt will be large, so all addresses will be done at once.
3452 For verify we flush the pipeline after any (the only) rcpt address. */
3454 for (addr = sx->first_addr, address_count = 0, pipe_limit = 100;
3455 addr && address_count < sx->max_rcpt;
3456 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3462 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3463 if ( sx->single_rcpt_domain /* restriction on domains */
3464 && address_count > 0 /* not first being sent */
3465 && Ustrcmp(addr->domain, sx->first_addr->domain) != 0 /* dom diff from first */
3468 DEBUG(D_transport) debug_printf("skipping different domain %s\n", addr->domain);
3470 /* Ensure the smtp-response reaper does not think the address had a RCPT
3471 command sent for it. Reset to PENDING_DEFER in smtp_deliver(), where we
3472 goto SEND_MESSAGE. */
3474 addr->transport_return = SKIP;
3475 if (!restart_addr) restart_addr = addr; /* note restart point */
3476 continue; /* skip this one */
3480 addr->dsn_aware = sx->peer_offered & OPTION_DSN
3481 ? dsn_support_yes : dsn_support_no;
3484 if (pipe_limit-- <= 0)
3485 { no_flush = FALSE; pipe_limit = 100; }
3487 no_flush = pipelining_active && !sx->verify
3488 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
3490 build_rcptcmd_options(sx, addr);
3492 /* Now send the RCPT command, and process outstanding responses when
3493 necessary. After a timeout on RCPT, we just end the function, leaving the
3494 yield as OK, because this error can often mean that there is a problem with
3495 just one address, so we don't want to delay the host. */
3497 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
3500 if ( testflag(sx->addrlist, af_utf8_downcvt)
3501 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3504 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3505 errno = ERRNO_EXPANDFAIL;
3506 return -5; /*XXX too harsh? */
3510 cmds_sent = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
3511 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
3513 if (cmds_sent < 0) return -5;
3516 switch(sync_responses(sx, cmds_sent, 0))
3518 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3519 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3522 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3523 if (!sx->lmtp) /* can't tell about progress yet */
3524 sx->completed_addr = TRUE;
3525 case 0: /* No 2xx or 5xx, but no probs */
3526 /* If any RCPT got a 452 response then next_addr has been updated
3527 for restarting with a new MAIL on the same connection. Send no more
3528 RCPTs for this MAIL. */
3532 DEBUG(D_transport) debug_printf("seen 452 too-many-rcpts\n");
3533 sx->RCPT_452 = FALSE;
3534 /* sx->next_addr has been reset for fast_retry */
3539 case -1: return -3; /* Timeout on RCPT */
3540 case -2: return -2; /* non-MAIL read i/o error */
3541 default: return -1; /* any MAIL error */
3543 #ifndef DISABLE_PIPE_CONNECT
3544 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
3545 case -5: return -1; /* TLS first-read error */
3549 } /* Loop for next address */
3551 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3552 sx->next_addr = restart_addr ? restart_addr : addr;
3554 sx->next_addr = addr;
3561 /*****************************************************
3562 * Proxy TLS connection for another transport process *
3563 ******************************************************/
3565 Close the unused end of the pipe, fork once more, then use the given buffer
3566 as a staging area, and select on both the given fd and the TLS'd client-fd for
3567 data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3568 Do blocking full-size writes, and reads under a timeout. Once both input
3569 channels are closed, exit the process.
3573 buf space to use for buffering
3574 bufsiz size of buffer
3575 pfd pipe filedescriptor array; [0] is comms to proxied process
3576 timeout per-read timeout, seconds
3577 host hostname of remote
3583 smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3584 int timeout, const uschar * host)
3586 struct pollfd p[2] = {{.fd = tls_out.active.sock, .events = POLLIN},
3587 {.fd = pfd[0], .events = POLLIN}};
3589 BOOL send_tls_shutdown = TRUE;
3592 if ((rc = exim_fork(US"tls-proxy")))
3593 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3595 set_process_info("proxying TLS connection for continued transport to %s\n", host);
3599 time_t time_left = timeout;
3600 time_t time_start = time(NULL);
3605 rc = poll(p, 2, time_left * 1000);
3607 if (rc < 0 && errno == EINTR)
3608 if ((time_left -= time(NULL) - time_start) > 0) continue;
3612 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
3616 /* For errors where not readable, bomb out */
3618 if (p[0].revents & POLLERR || p[1].revents & POLLERR)
3620 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
3621 p[0].revents & POLLERR ? "tls" : "proxy");
3622 if (!(p[0].revents & POLLIN || p[1].events & POLLIN))
3624 DEBUG(D_transport) debug_printf("- but also readable; no exit yet\n");
3627 while (rc < 0 || !(p[0].revents & POLLIN || p[1].revents & POLLIN));
3629 /* handle inbound data */
3630 if (p[0].revents & POLLIN)
3631 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0) /* Expect -1 for EOF; */
3632 { /* that reaps the TLS Close Notify record */
3634 shutdown(pfd[0], SHUT_WR);
3638 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3639 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
3641 /* Handle outbound data. We cannot combine payload and the TLS-close
3642 due to the limitations of the (pipe) channel feeding us. Maybe use a unix-domain
3644 if (p[1].revents & POLLIN)
3645 if ((rc = read(pfd[0], buf, bsize)) <= 0)
3649 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
3650 (void) setsockopt(tls_out.active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
3652 tls_shutdown_wr(ct_ctx);
3653 send_tls_shutdown = FALSE;
3654 shutdown(tls_out.active.sock, SHUT_WR);
3657 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
3658 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
3661 while (p[0].fd >= 0 || p[1].fd >= 0);
3664 if (send_tls_shutdown) tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
3666 testharness_pause_ms(100); /* let logging complete */
3667 exim_exit(EXIT_SUCCESS);
3672 /*************************************************
3673 * Deliver address list to given host *
3674 *************************************************/
3676 /* If continue_hostname is not null, we get here only when continuing to
3677 deliver down an existing channel. The channel was passed as the standard
3678 input. TLS is never active on a passed channel; the previous process either
3679 closes it down before passing the connection on, or inserts a TLS-proxy
3680 process and passes on a cleartext conection.
3682 Otherwise, we have to make a connection to the remote host, and do the
3683 initial protocol exchange.
3685 When running as an MUA wrapper, if the sender or any recipient is rejected,
3686 temporarily or permanently, we force failure for all recipients.
3689 addrlist chain of potential addresses to deliver; only those whose
3690 transport_return field is set to PENDING_DEFER are currently
3691 being processed; others should be skipped - they have either
3692 been delivered to an earlier host or IP address, or been
3693 failed by one of them.
3694 host host to deliver to
3695 host_af AF_INET or AF_INET6
3696 defport default TCP/IP port to use if host does not specify, in host
3698 interface interface to bind to, or NULL
3699 tblock transport instance block
3700 message_defer set TRUE if yield is OK, but all addresses were deferred
3701 because of a non-recipient, non-host failure, that is, a
3702 4xx response to MAIL FROM, DATA, or ".". This is a defer
3703 that is specific to the message.
3704 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
3705 a second attempt after TLS initialization fails
3707 Returns: OK - the connection was made and the delivery attempted;
3708 the result for each address is in its data block.
3709 DEFER - the connection could not be made, or something failed
3710 while setting up the SMTP session, or there was a
3711 non-message-specific error, such as a timeout.
3712 ERROR - a filter command is specified for this transport,
3713 and there was a problem setting it up; OR helo_data
3714 or add_headers or authenticated_sender is specified
3715 for this transport, and the string failed to expand
3717 For all non-OK returns the first addr of the list carries the
3718 time taken for the attempt.
3722 smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
3723 uschar *interface, transport_instance *tblock,
3724 BOOL *message_defer, BOOL suppress_tls)
3726 smtp_transport_options_block * ob = SOB tblock->options_block;
3731 uschar *message = NULL;
3732 uschar new_message_id[MESSAGE_ID_LENGTH + 1];
3733 smtp_context * sx = store_get(sizeof(*sx), GET_TAINTED); /* tainted, for the data buffers */
3734 BOOL pass_message = FALSE;
3735 #ifdef EXPERIMENTAL_ESMTP_LIMITS
3736 BOOL mail_limit = FALSE;
3741 BOOL tcw_done = FALSE, tcw = FALSE;
3743 *message_defer = FALSE;
3745 memset(sx, 0, sizeof(*sx));
3746 sx->addrlist = addrlist;
3747 sx->conn_args.host = host;
3748 sx->conn_args.host_af = host_af;
3750 sx->conn_args.interface = interface;
3751 sx->helo_data = NULL;
3752 sx->conn_args.tblock = tblock;
3753 sx->conn_args.sock = -1;
3754 gettimeofday(&sx->delivery_start, NULL);
3755 sx->sync_addr = sx->first_addr = addrlist;
3762 /* Get the channel set up ready for a message, MAIL FROM being the next
3763 SMTP command to send. */
3765 if ((rc = smtp_setup_conn(sx, suppress_tls)) != OK)
3767 timesince(&addrlist->delivery_time, &sx->delivery_start);
3773 /* If the connection used DANE, ignore for now any addresses with incompatible
3774 domains. The SNI has to be the domain. Arrange a whole new TCP conn later,
3775 just in case only TLS isn't enough. */
3777 if (sx->conn_args.dane)
3779 const uschar * dane_domain = sx->first_addr->domain;
3781 for (address_item * a = sx->first_addr->next; a; a = a->next)
3782 if ( a->transport_return == PENDING_DEFER
3783 && Ustrcmp(dane_domain, a->domain) != 0)
3785 DEBUG(D_transport) debug_printf("DANE: holding %s for later\n", a->domain);
3787 a->transport_return = DANE;
3792 /* If there is a filter command specified for this transport, we can now
3793 set it up. This cannot be done until the identity of the host is known. */
3795 if (tblock->filter_command)
3797 transport_filter_timeout = tblock->filter_timeout;
3799 /* On failure, copy the error to all addresses, abandon the SMTP call, and
3802 if (!transport_set_up_command(&transport_filter_argv,
3803 tblock->filter_command, TRUE, DEFER, addrlist, FALSE,
3804 string_sprintf("%.50s transport filter", tblock->name), NULL))
3806 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3807 FALSE, &sx->delivery_start);
3812 if ( transport_filter_argv
3813 && *transport_filter_argv
3814 && **transport_filter_argv
3815 && smtp_peer_options & OPTION_CHUNKING
3816 #ifndef DISABLE_DKIM
3817 /* When dkim signing, chunking is handled even with a transport-filter */
3818 && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector)
3819 && !ob->dkim.force_bodyhash
3823 smtp_peer_options &= ~OPTION_CHUNKING;
3824 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3828 /* For messages that have more than the maximum number of envelope recipients,
3829 we want to send several transactions down the same SMTP connection. (See
3830 comments in deliver.c as to how this reconciles, heuristically, with
3831 remote_max_parallel.) This optimization was added to Exim after the following
3832 code was already working. The simplest way to put it in without disturbing the
3833 code was to use a goto to jump back to this point when there is another
3834 transaction to handle. */
3837 sx->from_addr = return_path;
3838 sx->sync_addr = sx->first_addr;
3840 sx->send_rset = TRUE;
3841 sx->completed_addr = FALSE;
3844 /* If we are a continued-connection-after-verify the MAIL and RCPT
3845 commands were already sent; do not re-send but do mark the addrs as
3846 having been accepted up to RCPT stage. A traditional cont-conn
3847 always has a sequence number greater than one. */
3849 if (continue_hostname && continue_sequence == 1)
3851 /* sx->pending_MAIL = FALSE; */
3853 /* sx->next_addr = NULL; */
3855 for (address_item * addr = addrlist; addr; addr = addr->next)
3856 addr->transport_return = PENDING_OK;
3860 /* Initiate a message transfer. */
3862 switch(smtp_write_mail_and_rcpt_cmds(sx, &yield))
3865 case -1: case -2: goto RESPONSE_FAILED;
3866 case -3: goto END_OFF;
3867 case -4: goto SEND_QUIT;
3868 default: goto SEND_FAILED;
3871 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3872 permanently or temporarily. We should have flushed and synced after the last
3880 for (a = sx->first_addr, cnt = 0; a && cnt < sx->max_rcpt; a = a->next, cnt++)
3881 if (a->transport_return != PENDING_OK)
3883 /*XXX could we find a better errno than 0 here? */
3884 set_errno_nohost(addrlist, 0, a->message, FAIL,
3885 testflag(a, af_pass_message), &sx->delivery_start);
3892 /* If ok is TRUE, we know we have got at least one good recipient, and must now
3893 send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3894 have a good recipient buffered up if we are pipelining. We don't want to waste
3895 time sending DATA needlessly, so we only send it if either ok is TRUE or if we
3896 are pipelining. The responses are all handled by sync_responses().
3897 If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3900 if ( !(smtp_peer_options & OPTION_CHUNKING)
3901 && (sx->ok || (pipelining_active && !mua_wrapper)))
3903 int count = smtp_write_command(sx, SCMD_FLUSH, "DATA\r\n");
3905 if (count < 0) goto SEND_FAILED;
3906 switch(sync_responses(sx, count, sx->ok ? +1 : -1))
3908 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3909 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
3912 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3913 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
3914 case 0: break; /* No 2xx or 5xx, but no probs */
3916 case -1: goto END_OFF; /* Timeout on RCPT */
3918 #ifndef DISABLE_PIPE_CONNECT
3919 case -5: /* TLS first-read error */
3920 case -4: HDEBUG(D_transport)
3921 debug_printf("failed reaping pipelined cmd responses\n");
3923 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3925 pipelining_active = FALSE;
3926 data_command = string_copy(big_buffer); /* Save for later error message */
3929 /* If there were no good recipients (but otherwise there have been no
3930 problems), just set ok TRUE, since we have handled address-specific errors
3931 already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3932 for handling the SMTP dot-handling protocol, flagging to apply to headers as
3933 well as body. Set the appropriate timeout value to be used for each chunk.
3934 (Haven't been able to make it work using select() for writing yet.) */
3937 && (!(smtp_peer_options & OPTION_CHUNKING) || !pipelining_active))
3939 /* Save the first address of the next batch. */
3940 sx->first_addr = sx->next_addr;
3946 transport_ctx tctx = {
3947 .u = {.fd = sx->cctx.sock}, /*XXX will this need TLS info? */
3950 .check_string = US".",
3951 .escape_string = US"..", /* Escaping strings */
3953 topt_use_crlf | topt_escape_headers
3954 | (tblock->body_only ? topt_no_headers : 0)
3955 | (tblock->headers_only ? topt_no_body : 0)
3956 | (tblock->return_path_add ? topt_add_return_path : 0)
3957 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3958 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3961 /* If using CHUNKING we need a callback from the generic transport
3962 support to us, for the sending of BDAT smtp commands and the reaping
3963 of responses. The callback needs a whole bunch of state so set up
3964 a transport-context structure to be passed around. */
3966 if (smtp_peer_options & OPTION_CHUNKING)
3968 tctx.check_string = tctx.escape_string = NULL;
3969 tctx.options |= topt_use_bdat;
3970 tctx.chunk_cb = smtp_chunk_cmd_callback;
3971 sx->pending_BDAT = FALSE;
3972 sx->good_RCPT = sx->ok;
3974 tctx.smtp_context = sx;
3977 tctx.options |= topt_end_dot;
3979 /* Save the first address of the next batch. */
3980 sx->first_addr = sx->next_addr;
3982 /* Responses from CHUNKING commands go in buffer. Otherwise,
3983 there has not been a response. */
3987 sigalrm_seen = FALSE;
3988 transport_write_timeout = ob->data_timeout;
3989 smtp_command = US"sending data block"; /* For error messages */
3990 DEBUG(D_transport|D_v)
3991 if (smtp_peer_options & OPTION_CHUNKING)
3992 debug_printf(" will write message using CHUNKING\n");
3994 debug_printf(" SMTP>> (writing message)\n");
3995 transport_count = 0;
3997 #ifndef DISABLE_DKIM
3999 # ifdef MEASURE_TIMING
4001 gettimeofday(&t0, NULL);
4003 dkim_exim_sign_init();
4004 # ifdef EXPERIMENTAL_ARC
4006 uschar * s = ob->arc_sign;
4009 if (!(ob->dkim.arc_signspec = s = expand_string(s)))
4011 if (!f.expand_string_forcedfail)
4013 message = US"failed to expand arc_sign";
4020 /* Ask dkim code to hash the body for ARC */
4021 (void) arc_ams_setup_sign_bodyhash();
4022 ob->dkim.force_bodyhash = TRUE;
4027 # ifdef MEASURE_TIMING
4028 report_time_since(&t0, US"dkim_exim_sign_init (delta)");
4033 /* See if we can pipeline QUIT. Reasons not to are
4034 - pipelining not active
4035 - not ok to send quit
4036 - errors in amtp transation responses
4037 - more addrs to send for this message or this host
4038 - this message was being retried
4039 - more messages for this host
4040 If we can, we want the message-write to not flush (the tail end of) its data out. */
4042 if ( sx->pipelining_used
4043 && (sx->ok && sx->completed_addr || smtp_peer_options & OPTION_CHUNKING)
4045 && !(sx->first_addr || f.continue_more)
4046 && f.deliver_firsttime
4049 smtp_compare_t t_compare =
4050 {.tblock = tblock, .current_sender_address = sender_address};
4055 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4056 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4060 transport_check_waiting(tblock->name, host->name,
4061 tblock->connection_max_messages, new_message_id,
4062 (oicf)smtp_are_same_identities, (void*)&t_compare);
4065 HDEBUG(D_transport) debug_printf("will pipeline QUIT\n");
4066 tctx.options |= topt_no_flush;
4070 #ifndef DISABLE_DKIM
4071 sx->ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
4073 sx->ok = transport_write_message(&tctx, 0);
4076 /* transport_write_message() uses write() because it is called from other
4077 places to write to non-sockets. This means that under some OS (e.g. Solaris)
4078 it can exit with "Broken pipe" as its error. This really means that the
4079 socket got closed at the far end. */
4081 transport_write_timeout = 0; /* for subsequent transports */
4083 /* Failure can either be some kind of I/O disaster (including timeout),
4084 or the failure of a transport filter or the expansion of added headers.
4085 Or, when CHUNKING, it can be a protocol-detected failure. */
4088 if (message) goto SEND_FAILED;
4089 else goto RESPONSE_FAILED;
4091 /* We used to send the terminating "." explicitly here, but because of
4092 buffering effects at both ends of TCP/IP connections, you don't gain
4093 anything by keeping it separate, so it might as well go in the final
4094 data buffer for efficiency. This is now done by setting the topt_end_dot
4097 smtp_command = US"end of data";
4099 /* If we can pipeline a QUIT with the data them send it now. If a new message
4100 for this host appeared in the queue while data was being sent, we will not see
4101 it and it will have to wait for a queue run. If there was one but another
4102 thread took it, we might attempt to send it - but locking of spoolfiles will
4103 detect that. Use _MORE to get QUIT in FIN segment. */
4105 if (tcw_done && !tcw)
4107 /*XXX jgh 2021/03/10 google et. al screwup. G, at least, sends TCP FIN in response to TLS
4108 close-notify. Under TLS 1.3, violating RFC.
4109 However, TLS 1.2 does not have half-close semantics. */
4111 if ( sx->cctx.tls_ctx
4112 #if 0 && !defined(DISABLE_TLS)
4113 && Ustrcmp(tls_out.ver, "TLS1.3") != 0
4115 || !f.deliver_firsttime
4117 { /* Send QUIT now and not later */
4118 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
4119 sx->send_quit = FALSE;
4122 { /* add QUIT to the output buffer */
4123 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4124 sx->send_quit = FALSE; /* avoid sending it later */
4127 if (sx->cctx.tls_ctx && sx->send_tlsclose) /* need to send TLS Close Notify */
4129 # ifdef EXIM_TCP_CORK /* Use _CORK to get Close Notify in FIN segment */
4130 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4132 tls_shutdown_wr(sx->cctx.tls_ctx);
4133 sx->send_tlsclose = FALSE; /* avoid later repeat */
4136 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4137 shutdown(sx->cctx.sock, SHUT_WR); /* flush output buffer, with TCP FIN */
4141 if (smtp_peer_options & OPTION_CHUNKING && sx->cmd_count > 1)
4143 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
4144 switch(sync_responses(sx, sx->cmd_count-1, 0))
4146 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
4147 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
4150 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
4151 if (!sx->lmtp) sx->completed_addr = TRUE; /* can't tell about progress yet */
4152 case 0: break; /* No 2xx or 5xx, but no probs */
4154 case -1: goto END_OFF; /* Timeout on RCPT */
4156 #ifndef DISABLE_PIPE_CONNECT
4157 case -5: /* TLS first-read error */
4158 case -4: HDEBUG(D_transport)
4159 debug_printf("failed reaping pipelined cmd responses\n");
4161 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
4165 #ifndef DISABLE_PRDR
4166 /* For PRDR we optionally get a partial-responses warning followed by the
4167 individual responses, before going on with the overall response. If we don't
4168 get the warning then deal with per non-PRDR. */
4172 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '3', ob->final_timeout);
4173 if (!sx->ok && errno == 0) switch(sx->buffer[0])
4175 case '2': sx->prdr_active = FALSE;
4178 case '4': errno = ERRNO_DATA4XX;
4179 addrlist->more_errno |=
4180 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4187 /* For non-PRDR SMTP, we now read a single response that applies to the
4188 whole message. If it is OK, then all the addresses have been delivered. */
4192 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4194 if (!sx->ok && errno == 0 && sx->buffer[0] == '4')
4196 errno = ERRNO_DATA4XX;
4197 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4201 /* For LMTP, we get back a response for every RCPT command that we sent;
4202 some may be accepted and some rejected. For those that get a response, their
4203 status is fixed; any that are accepted have been handed over, even if later
4204 responses crash - at least, that's how I read RFC 2033.
4206 If all went well, mark the recipient addresses as completed, record which
4207 host/IPaddress they were delivered to, and cut out RSET when sending another
4208 message down the same channel. Write the completed addresses to the journal
4209 now so that they are recorded in case there is a crash of hardware or
4210 software before the spool gets updated. Also record the final SMTP
4211 confirmation if needed (for SMTP only). */
4216 struct timeval delivery_time;
4218 uschar * conf = NULL;
4220 timesince(&delivery_time, &sx->delivery_start);
4221 sx->send_rset = FALSE;
4222 pipelining_active = FALSE;
4224 /* Set up confirmation if needed - applies only to SMTP */
4227 #ifdef DISABLE_EVENT
4228 LOGGING(smtp_confirmation) &&
4233 const uschar * s = string_printing(sx->buffer);
4234 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4235 conf = s == sx->buffer ? US string_copy(s) : US s;
4238 /* Process all transported addresses - for LMTP or PRDR, read a status for
4239 each one. We used to drop out at first_addr, until someone returned a 452
4240 followed by a 250... and we screwed up the accepted addresses. */
4242 for (address_item * addr = addrlist; addr; addr = addr->next)
4244 if (addr->transport_return != PENDING_OK) continue;
4246 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
4247 remaining addresses. Otherwise, it's a return code for just the one
4248 address. For temporary errors, add a retry item for the address so that
4249 it doesn't get tried again too soon. */
4251 #ifndef DISABLE_PRDR
4252 if (sx->lmtp || sx->prdr_active)
4257 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4260 if (errno != 0 || sx->buffer[0] == 0) goto RESPONSE_FAILED;
4261 addr->message = string_sprintf(
4262 #ifndef DISABLE_PRDR
4263 "%s error after %s: %s", sx->prdr_active ? "PRDR":"LMTP",
4265 "LMTP error after %s: %s",
4267 data_command, string_printing(sx->buffer));
4268 setflag(addr, af_pass_message); /* Allow message to go to user */
4269 if (sx->buffer[0] == '5')
4270 addr->transport_return = FAIL;
4273 errno = ERRNO_DATA4XX;
4274 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4275 addr->transport_return = DEFER;
4276 #ifndef DISABLE_PRDR
4277 if (!sx->prdr_active)
4279 retry_add_item(addr, addr->address_retry_key, 0);
4283 sx->completed_addr = TRUE; /* NOW we can set this flag */
4284 if (LOGGING(smtp_confirmation))
4286 const uschar *s = string_printing(sx->buffer);
4287 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
4288 conf = (s == sx->buffer) ? US string_copy(s) : US s;
4292 /* SMTP, or success return from LMTP for this address. Pass back the
4293 actual host that was used. */
4295 addr->transport_return = OK;
4296 addr->host_used = host;
4297 addr->delivery_time = delivery_time;
4298 addr->special_action = flag;
4299 addr->message = conf;
4301 if (tcp_out_fastopen)
4303 setflag(addr, af_tcp_fastopen_conn);
4304 if (tcp_out_fastopen >= TFO_USED_NODATA) setflag(addr, af_tcp_fastopen);
4305 if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data);
4307 if (sx->pipelining_used) setflag(addr, af_pipelining);
4308 #ifndef DISABLE_PIPE_CONNECT
4309 if (sx->early_pipe_active) setflag(addr, af_early_pipe);
4311 #ifndef DISABLE_PRDR
4312 if (sx->prdr_active) setflag(addr, af_prdr_used);
4314 if (smtp_peer_options & OPTION_CHUNKING) setflag(addr, af_chunking_used);
4317 #ifndef DISABLE_PRDR
4318 if (!sx->prdr_active)
4321 /* Update the journal. For homonymic addresses, use the base address plus
4322 the transport name. See lots of comments in deliver.c about the reasons
4323 for the complications when homonyms are involved. Just carry on after
4324 write error, as it may prove possible to update the spool file later. */
4326 if (testflag(addr, af_homonym))
4327 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4329 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4331 DEBUG(D_deliver) debug_printf("S:journalling %s", sx->buffer);
4332 len = Ustrlen(CS sx->buffer);
4333 if (write(journal_fd, sx->buffer, len) != len)
4334 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4335 "%s: %s", sx->buffer, strerror(errno));
4339 #ifndef DISABLE_PRDR
4340 if (sx->prdr_active)
4342 const uschar * overall_message;
4344 /* PRDR - get the final, overall response. For any non-success
4345 upgrade all the address statuses. */
4347 sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
4351 if(errno == 0 && sx->buffer[0] == '4')
4353 errno = ERRNO_DATA4XX;
4354 addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
4356 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4357 if (sx->buffer[0] == '5' || addr->transport_return == OK)
4358 addr->transport_return = PENDING_OK; /* allow set_errno action */
4359 goto RESPONSE_FAILED;
4362 /* Append the overall response to the individual PRDR response for logging
4363 and update the journal, or setup retry. */
4365 overall_message = string_printing(sx->buffer);
4366 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4367 if (addr->transport_return == OK)
4368 addr->message = string_sprintf("%s\\n%s", addr->message, overall_message);
4370 for (address_item * addr = addrlist; addr != sx->first_addr; addr = addr->next)
4371 if (addr->transport_return == OK)
4373 if (testflag(addr, af_homonym))
4374 sprintf(CS sx->buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
4376 sprintf(CS sx->buffer, "%.500s\n", addr->unique);
4378 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx->buffer);
4379 len = Ustrlen(CS sx->buffer);
4380 if (write(journal_fd, sx->buffer, len) != len)
4381 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
4382 "%s: %s", sx->buffer, strerror(errno));
4384 else if (addr->transport_return == DEFER)
4385 /*XXX magic value -2 ? maybe host+message ? */
4386 retry_add_item(addr, addr->address_retry_key, -2);
4390 /* Ensure the journal file is pushed out to disk. */
4392 if (EXIMfsync(journal_fd) < 0)
4393 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
4399 /* Handle general (not specific to one address) failures here. The value of ok
4400 is used to skip over this code on the falling through case. A timeout causes a
4401 deferral. Other errors may defer or fail according to the response code, and
4402 may set up a special errno value, e.g. after connection chopped, which is
4403 assumed if errno == 0 and there is no text in the buffer. If control reaches
4404 here during the setting up phase (i.e. before MAIL FROM) then always defer, as
4405 the problem is not related to this specific message. */
4410 uschar * set_message;
4416 /* Clear send_quit flag if needed. Do not set. */
4417 sx->send_quit &= check_response(host, &save_errno, addrlist->more_errno,
4418 sx->buffer, &code, &message, &pass_message);
4426 message = string_sprintf("smtp send to %s [%s] failed: %s",
4427 host->name, host->address, message ? message : US strerror(save_errno));
4428 sx->send_quit = FALSE;
4436 sx->ok = FALSE; /* For when reached by GOTO */
4437 set_message = message;
4439 /* We want to handle timeouts after MAIL or "." and loss of connection after
4440 "." specially. They can indicate a problem with the sender address or with
4441 the contents of the message rather than a real error on the connection. These
4442 cases are treated in the same way as a 4xx response. This next bit of code
4443 does the classification. */
4450 message_error = TRUE;
4454 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
4455 Ustrncmp(smtp_command,"end ",4) == 0;
4458 case ERRNO_SMTPCLOSED:
4459 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
4462 #ifndef DISABLE_DKIM
4464 /* DKIM signing failure: avoid thinking we pipelined quit,
4465 just abandon the message and close the socket. */
4467 message_error = FALSE;
4468 # ifndef DISABLE_TLS
4469 if (sx->cctx.tls_ctx)
4471 tls_close(sx->cctx.tls_ctx,
4472 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4473 sx->cctx.tls_ctx = NULL;
4479 message_error = FALSE;
4483 /* Handle the cases that are treated as message errors. These are:
4485 (a) negative response or timeout after MAIL
4486 (b) negative response after DATA
4487 (c) negative response or timeout or dropped connection after "."
4488 (d) utf8 support required and not offered
4490 It won't be a negative response or timeout after RCPT, as that is dealt
4491 with separately above. The action in all cases is to set an appropriate
4492 error code for all the addresses, but to leave yield set to OK because the
4493 host itself has not failed. Of course, it might in practice have failed
4494 when we've had a timeout, but if so, we'll discover that at the next
4495 delivery attempt. For a temporary error, set the message_defer flag, and
4496 write to the logs for information if this is not the last host. The error
4497 for the last host will be logged as part of the address's log line. */
4501 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
4503 /* If there's an errno, the message contains just the identity of
4508 else /* Anything other than 5 is treated as temporary */
4512 message = US string_sprintf("%s: %s", message, strerror(save_errno));
4514 write_logs(host, message, sx->first_addr ? sx->first_addr->basic_errno : 0);
4516 *message_defer = TRUE;
4519 DEBUG(D_transport) if (sx->cctx.sock >= 0)
4522 if (ioctl(sx->cctx.sock, TIOCOUTQ, &n) == 0)
4523 debug_printf("%d bytes remain in socket output buffer\n", n);
4527 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
4528 ".", or some other transportation error. We defer all addresses and yield
4529 DEFER, except for the case of failed add_headers expansion, or a transport
4530 filter failure, when the yield should be ERROR, to stop it trying other
4535 #ifndef DISABLE_PIPE_CONNECT
4536 /* If we were early-pipelinng and the actual EHLO response did not match
4537 the cached value we assumed, we could have detected it and passed a
4538 custom errno through to here. It would be nice to RSET and retry right
4539 away, but to reliably do that we eould need an extra synch point before
4540 we committed to data and that would discard half the gained roundrips.
4541 Or we could summarily drop the TCP connection. but that is also ugly.
4542 Instead, we ignore the possibility (having freshened the cache) and rely
4543 on the server telling us with a nonmessage error if we have tried to
4544 do something it no longer supports. */
4547 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
4548 save_errno == ERRNO_FILTER_FAIL) ? ERROR : DEFER;
4552 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host,
4553 #ifdef EXPERIMENTAL_DSN_INFO
4554 sx->smtp_greeting, sx->helo_response,
4556 &sx->delivery_start);
4559 /* If all has gone well, send_quit will be set TRUE, implying we can end the
4560 SMTP session tidily. However, if there were too many addresses to send in one
4561 message (indicated by first_addr being non-NULL) we want to carry on with the
4562 rest of them. Also, it is desirable to send more than one message down the SMTP
4563 connection if there are several waiting, provided we haven't already sent so
4564 many as to hit the configured limit. The function transport_check_waiting looks
4565 for a waiting message and returns its id. Then transport_pass_socket tries to
4566 set up a continued delivery by passing the socket on to another process. The
4567 variable send_rset is FALSE if a message has just been successfully transferred.
4569 If we are already sending down a continued channel, there may be further
4570 addresses not yet delivered that are aimed at the same host, but which have not
4571 been passed in this run of the transport. In this case, continue_more will be
4572 true, and all we should do is send RSET if necessary, and return, leaving the
4575 However, if no address was disposed of, i.e. all addresses got 4xx errors, we
4576 do not want to continue with other messages down the same channel, because that
4577 can lead to looping between two or more messages, all with the same,
4578 temporarily failing address(es). [The retry information isn't updated yet, so
4579 new processes keep on trying.] We probably also don't want to try more of this
4580 message's addresses either.
4582 If we have started a TLS session, we have to end it before passing the
4583 connection to a new process. However, not all servers can handle this (Exim
4584 can), so we do not pass such a connection on if the host matches
4585 hosts_nopass_tls. */
4588 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
4589 "yield=%d first_address is %sNULL\n", sx->ok, sx->send_quit,
4590 sx->send_rset, f.continue_more, yield, sx->first_addr ? "not " : "");
4592 if (sx->completed_addr && sx->ok && sx->send_quit)
4593 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4594 if (mail_limit = continue_sequence >= sx->max_mail)
4597 debug_printf("reached limit %u for MAILs per conn\n", sx->max_mail);
4602 smtp_compare_t t_compare =
4603 {.tblock = tblock, .current_sender_address = sender_address};
4605 if ( sx->first_addr /* more addrs for this message */
4606 || f.continue_more /* more addrs for continued-host */
4607 || tcw_done && tcw /* more messages for host */
4610 ( tls_out.active.sock < 0 && !continue_proxy_cipher
4611 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
4615 transport_check_waiting(tblock->name, host->name,
4616 sx->max_mail, new_message_id,
4617 (oicf)smtp_are_same_identities, (void*)&t_compare)
4624 if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))
4626 msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name,
4627 host->address, strerror(errno));
4628 sx->send_quit = FALSE;
4630 else if (! (sx->ok = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4631 '2', ob->command_timeout)))
4634 sx->send_quit = check_response(host, &errno, 0, sx->buffer, &code, &msg,
4638 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
4639 host->name, host->address, msg);
4643 /* Either RSET was not needed, or it succeeded */
4650 int socket_fd = sx->cctx.sock;
4652 if (sx->first_addr) /* More addresses still to be sent */
4653 { /* for this message */
4654 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4655 /* Any that we marked as skipped, reset to do now */
4656 for (address_item * a = sx->first_addr; a; a = a->next)
4657 if (a->transport_return == SKIP)
4658 a->transport_return = PENDING_DEFER;
4660 continue_sequence++; /* for consistency */
4661 clearflag(sx->first_addr, af_new_conn);
4662 setflag(sx->first_addr, af_cont_conn); /* Causes * in logging */
4663 pipelining_active = sx->pipelining_used; /* was cleared at DATA */
4667 /* Unless caller said it already has more messages listed for this host,
4668 pass the connection on to a new Exim process (below, the call to
4669 transport_pass_socket). If the caller has more ready, just return with
4670 the connection still open. */
4673 if (tls_out.active.sock >= 0)
4674 if ( f.continue_more
4675 || verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)
4677 /* Before passing the socket on, or returning to caller with it still
4678 open, we must shut down TLS. Not all MTAs allow for the continuation
4679 of the SMTP session when TLS is shut down. We test for this by sending
4680 a new EHLO. If we don't get a good response, we don't attempt to pass
4683 tls_close(sx->cctx.tls_ctx,
4684 sx->send_tlsclose ? TLS_SHUTDOWN_WAIT : TLS_SHUTDOWN_WONLY);
4685 sx->send_tlsclose = FALSE;
4686 sx->cctx.tls_ctx = NULL;
4687 tls_out.active.sock = -1;
4688 smtp_peer_options = smtp_peer_options_wrap;
4690 && smtp_write_command(sx, SCMD_FLUSH, "EHLO %s\r\n", sx->helo_data)
4692 && smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
4693 '2', ob->command_timeout);
4695 if (sx->ok && f.continue_more)
4696 goto TIDYUP; /* More addresses for another run */
4700 /* Set up a pipe for proxying TLS for the new transport process */
4702 smtp_peer_options |= OPTION_TLS;
4703 if ((sx->ok = socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
4706 set_errno(sx->first_addr, errno, US"internal allocation problem",
4708 # ifdef EXPERIMENTAL_DSN_INFO
4709 sx->smtp_greeting, sx->helo_response,
4711 &sx->delivery_start);
4715 if (f.continue_more)
4716 goto TIDYUP; /* More addresses for another run */
4718 /* If the socket is successfully passed, we mustn't send QUIT (or
4719 indeed anything!) from here. */
4721 /*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
4722 propagate it from the initial
4724 if (sx->ok && transport_pass_socket(tblock->name, host->name,
4725 host->address, new_message_id, socket_fd
4726 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4727 , sx->peer_limit_mail, sx->peer_limit_rcpt, sx->peer_limit_rcptdom
4731 sx->send_quit = FALSE;
4733 /* We have passed the client socket to a fresh transport process.
4734 If TLS is still active, we need to proxy it for the transport we
4735 just passed the baton to. Fork a child to to do it, and return to
4736 get logging done asap. Which way to place the work makes assumptions
4737 about post-fork prioritisation which may not hold on all platforms. */
4739 if (tls_out.active.sock >= 0)
4741 int pid = exim_fork(US"tls-proxy-interproc");
4742 if (pid == 0) /* child; fork again to disconnect totally */
4744 /* does not return */
4745 smtp_proxy_tls(sx->cctx.tls_ctx, sx->buffer, sizeof(sx->buffer), pfd,
4746 ob->command_timeout, host->name);
4749 if (pid > 0) /* parent */
4752 /* tidy the inter-proc to disconn the proxy proc */
4753 waitpid(pid, NULL, 0);
4754 tls_close(sx->cctx.tls_ctx, TLS_NO_SHUTDOWN);
4755 sx->cctx.tls_ctx = NULL;
4756 (void)close(sx->cctx.sock);
4758 continue_transport = NULL;
4759 continue_hostname = NULL;
4762 log_write(0, LOG_PANIC_DIE, "fork failed");
4768 /* If RSET failed and there are addresses left, they get deferred. */
4770 set_errno(sx->first_addr, errno, msg, DEFER, FALSE, host,
4771 #ifdef EXPERIMENTAL_DSN_INFO
4772 sx->smtp_greeting, sx->helo_response,
4774 &sx->delivery_start);
4778 /* End off tidily with QUIT unless the connection has died or the socket has
4779 been passed to another process. */
4783 { /* Use _MORE to get QUIT in FIN segment */
4784 (void)smtp_write_command(sx, SCMD_MORE, "QUIT\r\n");
4786 if (sx->cctx.tls_ctx && sx->send_tlsclose)
4788 # ifdef EXIM_TCP_CORK /* Use _CORK to get TLS Close Notify in FIN segment */
4789 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4791 tls_shutdown_wr(sx->cctx.tls_ctx);
4792 sx->send_tlsclose = FALSE;
4799 /* Close the socket, and return the appropriate value, first setting
4800 works because the NULL setting is passed back to the calling process, and
4801 remote_max_parallel is forced to 1 when delivering over an existing connection,
4803 If all went well and continue_more is set, we shouldn't actually get here if
4804 there are further addresses, as the return above will be taken. However,
4805 writing RSET might have failed, or there may be other addresses whose hosts are
4806 specified in the transports, and therefore not visible at top level, in which
4807 case continue_more won't get set. */
4811 /* This flushes data queued in the socket, being the QUIT and any TLS Close,
4812 sending them along with the client FIN flag. Us (we hope) sending FIN first
4813 means we (client) take the TIME_WAIT state, so the server (which likely has a
4814 higher connection rate) does not have to. */
4816 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(shutdown)>>\n");
4817 shutdown(sx->cctx.sock, SHUT_WR);
4820 if (sx->send_quit || tcw_done && !tcw)
4822 /* Wait for (we hope) ack of our QUIT, and a server FIN. Discard any data
4823 received, then discard the socket. Any packet received after then, or receive
4824 data still in the socket, will get a RST - hence the pause/drain. */
4826 /* Reap the response to QUIT, timing out after one second */
4827 (void) smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
4829 if (sx->cctx.tls_ctx)
4833 /* Reap the TLS Close Notify from the server, timing out after one second */
4834 sigalrm_seen = FALSE;
4837 n = tls_read(sx->cctx.tls_ctx, sx->inbuffer, sizeof(sx->inbuffer));
4838 while (!sigalrm_seen && n > 0);
4841 if (sx->send_tlsclose)
4843 # ifdef EXIM_TCP_CORK
4844 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &on, sizeof(on));
4846 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
4849 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WONLY);
4850 sx->cctx.tls_ctx = NULL;
4854 /* Drain any trailing data from the socket before close, to avoid sending a RST */
4856 if ( poll_one_fd(sx->cctx.sock, POLLIN, 20) != 0 /* 20ms */
4857 && fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
4858 for (int i = 16, n; /* drain socket */
4859 (n = read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer))) > 0 && i > 0;
4860 i--) HDEBUG(D_transport|D_acl|D_v)
4863 debug_printf_indent(" SMTP(drain %d bytes)<< %.*s\n", n, m, sx->inbuffer);
4864 for (m = 0; m < n; m++)
4865 debug_printf("0x%02x\n", sx->inbuffer[m]);
4868 HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
4869 (void)close(sx->cctx.sock);
4871 continue_transport = NULL;
4872 continue_hostname = NULL;
4873 smtp_debug_cmd_report();
4875 #ifndef DISABLE_EVENT
4876 (void) event_raise(tblock->event_action, US"tcp:close", NULL, NULL);
4882 sx->first_addr = NULL;
4883 for (address_item * a = sx->addrlist->next; a; a = a->next)
4884 if (a->transport_return == DANE)
4886 a->transport_return = PENDING_DEFER;
4887 if (!sx->first_addr)
4889 /* Remember the new start-point in the addrlist, for smtp_setup_conn()
4890 to get the domain string for SNI */
4893 clearflag(a, af_cont_conn);
4894 setflag(a, af_new_conn); /* clear * from logging */
4895 DEBUG(D_transport) debug_printf("DANE: go-around for %s\n", a->domain);
4898 continue_sequence = 1; /* for consistency */
4903 #ifdef EXPERIMENTAL_ESMTP_LIMITS
4904 if (mail_limit && sx->first_addr)
4906 /* Reset the sequence count since we closed the connection. This is flagged
4907 on the pipe back to the delivery process so that a non-continued-conn delivery
4910 continue_sequence = 1; /* for consistency */
4911 clearflag(sx->first_addr, af_cont_conn);
4912 setflag(sx->first_addr, af_new_conn); /* clear * from logging */
4921 if (dane_held) for (address_item * a = sx->addrlist->next; a; a = a->next)
4922 if (a->transport_return == DANE)
4923 a->transport_return = PENDING_DEFER;
4931 /*************************************************
4932 * Closedown entry point *
4933 *************************************************/
4935 /* This function is called when exim is passed an open smtp channel
4936 from another incarnation, but the message which it has been asked
4937 to deliver no longer exists. The channel is on stdin.
4939 We might do fancy things like looking for another message to send down
4940 the channel, but if the one we sought has gone, it has probably been
4941 delivered by some other process that itself will seek further messages,
4942 so just close down our connection.
4944 Argument: pointer to the transport instance block
4949 smtp_transport_closedown(transport_instance *tblock)
4951 smtp_transport_options_block * ob = SOB tblock->options_block;
4952 client_conn_ctx cctx;
4955 uschar inbuffer[4096];
4956 uschar outbuffer[16];
4958 /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
4959 cctx.sock = fileno(stdin);
4960 cctx.tls_ctx = cctx.sock == tls_out.active.sock ? tls_out.active.tls_ctx : NULL;
4962 sx.inblock.cctx = &cctx;
4963 sx.inblock.buffer = inbuffer;
4964 sx.inblock.buffersize = sizeof(inbuffer);
4965 sx.inblock.ptr = inbuffer;
4966 sx.inblock.ptrend = inbuffer;
4968 sx.outblock.cctx = &cctx;
4969 sx.outblock.buffersize = sizeof(outbuffer);
4970 sx.outblock.buffer = outbuffer;
4971 sx.outblock.ptr = outbuffer;
4972 sx.outblock.cmd_count = 0;
4973 sx.outblock.authenticating = FALSE;
4975 (void)smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
4976 (void)smtp_read_response(&sx, buffer, sizeof(buffer), '2', ob->command_timeout);
4977 (void)close(cctx.sock);
4982 /*************************************************
4983 * Prepare addresses for delivery *
4984 *************************************************/
4986 /* This function is called to flush out error settings from previous delivery
4987 attempts to other hosts. It also records whether we got here via an MX record
4988 or not in the more_errno field of the address. We are interested only in
4989 addresses that are still marked DEFER - others may have got delivered to a
4990 previously considered IP address. Set their status to PENDING_DEFER to indicate
4991 which ones are relevant this time.
4994 addrlist the list of addresses
4995 host the host we are delivering to
4997 Returns: the first address for this delivery
5000 static address_item *
5001 prepare_addresses(address_item *addrlist, host_item *host)
5003 address_item *first_addr = NULL;
5004 for (address_item * addr = addrlist; addr; addr = addr->next)
5005 if (addr->transport_return == DEFER)
5007 if (!first_addr) first_addr = addr;
5008 addr->transport_return = PENDING_DEFER;
5009 addr->basic_errno = 0;
5010 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
5011 addr->message = NULL;
5013 addr->cipher = NULL;
5014 addr->ourcert = NULL;
5015 addr->peercert = NULL;
5016 addr->peerdn = NULL;
5017 addr->ocsp = OCSP_NOT_REQ;
5018 addr->tlsver = NULL;
5020 #ifdef EXPERIMENTAL_DSN_INFO
5021 addr->smtp_greeting = NULL;
5022 addr->helo_response = NULL;
5030 /*************************************************
5031 * Main entry point *
5032 *************************************************/
5034 /* See local README for interface details. As this is a remote transport, it is
5035 given a chain of addresses to be delivered in one connection, if possible. It
5036 always returns TRUE, indicating that each address has its own independent
5037 status set, except if there is a setting up problem, in which case it returns
5041 smtp_transport_entry(
5042 transport_instance *tblock, /* data for this instantiation */
5043 address_item *addrlist) /* addresses we are working on */
5046 int hosts_defer = 0;
5048 int hosts_looked_up = 0;
5049 int hosts_retry = 0;
5050 int hosts_serial = 0;
5051 int hosts_total = 0;
5052 int total_hosts_tried = 0;
5053 BOOL expired = TRUE;
5054 uschar *expanded_hosts = NULL;
5056 uschar *tid = string_sprintf("%s transport", tblock->name);
5057 smtp_transport_options_block *ob = SOB tblock->options_block;
5058 host_item *hostlist = addrlist->host_list;
5059 host_item *host = NULL;
5063 debug_printf("%s transport entered\n", tblock->name);
5064 for (address_item * addr = addrlist; addr; addr = addr->next)
5065 debug_printf(" %s\n", addr->address);
5068 debug_printf("hostlist:\n");
5069 for (host_item * host = hostlist; host; host = host->next)
5070 debug_printf(" '%s' IP %s port %d\n", host->name, host->address, host->port);
5072 if (continue_hostname)
5073 debug_printf("already connected to %s [%s] (on fd %d)\n",
5074 continue_hostname, continue_host_address,
5075 cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
5078 /* Check the restrictions on line length */
5080 if (max_received_linelength > ob->message_linelength_limit)
5083 gettimeofday(&now, NULL);
5085 for (address_item * addr = addrlist; addr; addr = addr->next)
5086 if (addr->transport_return == DEFER)
5087 addr->transport_return = PENDING_DEFER;
5089 set_errno_nohost(addrlist, ERRNO_SMTPFORMAT,
5090 US"message has lines too long for transport", FAIL, TRUE, &now);
5094 /* Set the flag requesting that these hosts be added to the waiting
5095 database if the delivery fails temporarily or if we are running with
5096 queue_smtp or a 2-stage queue run. This gets unset for certain
5097 kinds of error, typically those that are specific to the message. */
5099 update_waiting = TRUE;
5101 /* If a host list is not defined for the addresses - they must all have the
5102 same one in order to be passed to a single transport - or if the transport has
5103 a host list with hosts_override set, use the host list supplied with the
5104 transport. It is an error for this not to exist. */
5106 if (!hostlist || (ob->hosts_override && ob->hosts))
5110 addrlist->message = string_sprintf("%s transport called with no hosts set",
5112 addrlist->transport_return = PANIC;
5113 return FALSE; /* Only top address has status */
5116 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
5119 /* If the transport's host list contains no '$' characters, and we are not
5120 randomizing, it is fixed and therefore a chain of hosts can be built once
5121 and for all, and remembered for subsequent use by other calls to this
5122 transport. If, on the other hand, the host list does contain '$', or we are
5123 randomizing its order, we have to rebuild it each time. In the fixed case,
5124 as the hosts string will never be used again, it doesn't matter that we
5125 replace all the : characters with zeros. */
5129 uschar *s = ob->hosts;
5131 if (Ustrchr(s, '$'))
5133 if (!(expanded_hosts = expand_string(s)))
5135 addrlist->message = string_sprintf("failed to expand list of hosts "
5136 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
5137 addrlist->transport_return = f.search_find_defer ? DEFER : PANIC;
5138 return FALSE; /* Only top address has status */
5140 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
5141 "\"%s\"\n", s, expanded_hosts);
5145 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
5149 log_write(0, LOG_MAIN|LOG_PANIC,
5150 "attempt to use tainted host list '%s' from '%s' in transport %s",
5151 s, ob->hosts, tblock->name);
5152 /* Avoid leaking info to an attacker */
5153 addrlist->message = US"internal configuration error";
5154 addrlist->transport_return = PANIC;
5158 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
5160 /* Check that the expansion yielded something useful. */
5164 string_sprintf("%s transport has empty hosts setting", tblock->name);
5165 addrlist->transport_return = PANIC;
5166 return FALSE; /* Only top address has status */
5169 /* If there was no expansion of hosts, save the host list for
5172 if (!expanded_hosts) ob->hostlist = hostlist;
5175 /* This is not the first time this transport has been run in this delivery;
5176 the host list was built previously. */
5179 hostlist = ob->hostlist;
5182 /* The host list was supplied with the address. If hosts_randomize is set, we
5183 must sort it into a random order if it did not come from MX records and has not
5184 already been randomized (but don't bother if continuing down an existing
5187 else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname)
5189 host_item *newlist = NULL;
5192 host_item *h = hostlist;
5193 hostlist = hostlist->next;
5195 h->sort_key = random_number(100);
5202 else if (h->sort_key < newlist->sort_key)
5209 host_item *hh = newlist;
5212 if (h->sort_key < hh->next->sort_key) break;
5220 hostlist = addrlist->host_list = newlist;
5223 /* Sort out the default port. */
5225 if (!smtp_get_port(ob->port, addrlist, &defport, tid)) return FALSE;
5227 /* For each host-plus-IP-address on the list:
5229 . If this is a continued delivery and the host isn't the one with the
5230 current connection, skip.
5232 . If the status is unusable (i.e. previously failed or retry checked), skip.
5234 . If no IP address set, get the address, either by turning the name into
5235 an address, calling gethostbyname if gethostbyname is on, or by calling
5236 the DNS. The DNS may yield multiple addresses, in which case insert the
5237 extra ones into the list.
5239 . Get the retry data if not previously obtained for this address and set the
5240 field which remembers the state of this address. Skip if the retry time is
5241 not reached. If not, remember whether retry data was found. The retry string
5242 contains both the name and the IP address.
5244 . Scan the list of addresses and mark those whose status is DEFER as
5245 PENDING_DEFER. These are the only ones that will be processed in this cycle
5248 . Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
5249 Some addresses may be successfully delivered, others may fail, and yet
5250 others may get temporary errors and so get marked DEFER.
5252 . The return from the delivery attempt is OK if a connection was made and a
5253 valid SMTP dialogue was completed. Otherwise it is DEFER.
5255 . If OK, add a "remove" retry item for this host/IPaddress, if any.
5257 . If fail to connect, or other defer state, add a retry item.
5259 . If there are any addresses whose status is still DEFER, carry on to the
5260 next host/IPaddress, unless we have tried the number of hosts given
5261 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
5262 there is some fancy logic for hosts_max_try that means its limit can be
5263 overstepped in some circumstances.
5265 If we get to the end of the list, all hosts have deferred at least one address,
5266 or not reached their retry times. If delay_after_cutoff is unset, it requests a
5267 delivery attempt to those hosts whose last try was before the arrival time of
5268 the current message. To cope with this, we have to go round the loop a second
5269 time. After that, set the status and error data for any addresses that haven't
5270 had it set already. */
5272 for (int cutoff_retry = 0;
5273 expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2);
5276 host_item *nexthost = NULL;
5277 int unexpired_hosts_tried = 0;
5278 BOOL continue_host_tried = FALSE;
5280 retry_non_continued:
5281 for (host = hostlist;
5283 && unexpired_hosts_tried < ob->hosts_max_try
5284 && total_hosts_tried < ob->hosts_max_try_hardlimit;
5289 BOOL host_is_expired = FALSE;
5290 BOOL message_defer = FALSE;
5291 BOOL some_deferred = FALSE;
5292 address_item *first_addr = NULL;
5293 uschar *interface = NULL;
5294 uschar *retry_host_key = NULL;
5295 uschar *retry_message_key = NULL;
5296 uschar *serialize_key = NULL;
5298 /* Default next host is next host. :-) But this can vary if the
5299 hosts_max_try limit is hit (see below). It may also be reset if a host
5300 address is looked up here (in case the host was multihomed). */
5302 nexthost = host->next;
5304 /* If the address hasn't yet been obtained from the host name, look it up
5305 now, unless the host is already marked as unusable. If it is marked as
5306 unusable, it means that the router was unable to find its IP address (in
5307 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
5308 the lookup failed last time. We don't get this far if *all* MX records
5309 point to non-existent hosts; that is treated as a hard error.
5311 We can just skip this host entirely. When the hosts came from the router,
5312 the address will timeout based on the other host(s); when the address is
5313 looked up below, there is an explicit retry record added.
5315 Note that we mustn't skip unusable hosts if the address is not unset; they
5316 may be needed as expired hosts on the 2nd time round the cutoff loop. */
5320 int new_port, flags;
5322 if (host->status >= hstatus_unusable)
5324 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
5329 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
5331 /* The host name is permitted to have an attached port. Find it, and
5332 strip it from the name. Just remember it for now. */
5334 new_port = host_item_get_port(host);
5336 /* Count hosts looked up */
5340 /* Find by name if so configured, or if it's an IP address. We don't
5341 just copy the IP address, because we need the test-for-local to happen. */
5343 flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
5344 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
5345 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
5347 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
5348 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
5350 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
5351 &ob->dnssec, /* domains for request/require */
5354 /* Update the host (and any additional blocks, resulting from
5355 multihoming) with a host-specific port, if any. */
5357 for (host_item * hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
5359 /* Failure to find the host at this time (usually DNS temporary failure)
5360 is really a kind of routing failure rather than a transport failure.
5361 Therefore we add a retry item of the routing kind, not to stop us trying
5362 to look this name up here again, but to ensure the address gets timed
5363 out if the failures go on long enough. A complete failure at this point
5364 commonly points to a configuration error, but the best action is still
5365 to carry on for the next host. */
5367 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
5369 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
5371 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
5372 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
5373 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
5374 host->status = hstatus_unusable;
5376 for (address_item * addr = addrlist; addr; addr = addr->next)
5378 if (addr->transport_return != DEFER) continue;
5379 addr->basic_errno = ERRNO_UNKNOWNHOST;
5380 addr->message = string_sprintf(
5381 rc == HOST_FIND_SECURITY
5382 ? "lookup of IP address for %s was insecure"
5383 : "failed to lookup IP address for %s",
5389 /* If the host is actually the local host, we may have a problem, or
5390 there may be some cunning configuration going on. In the problem case,
5391 log things and give up. The default transport status is already DEFER. */
5393 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
5395 for (address_item * addr = addrlist; addr; addr = addr->next)
5397 addr->basic_errno = ERRNO_HOST_IS_LOCAL;
5398 addr->message = string_sprintf("%s transport found host %s to be "
5399 "local", tblock->name, host->name);
5403 } /* End of block for IP address lookup */
5405 /* If this is a continued delivery, we are interested only in the host
5406 which matches the name of the existing open channel. The check is put
5407 here after the local host lookup, in case the name gets expanded as a
5408 result of the lookup. Set expired FALSE, to save the outer loop executing
5411 if (continue_hostname)
5412 if ( Ustrcmp(continue_hostname, host->name) != 0
5413 || Ustrcmp(continue_host_address, host->address) != 0
5417 continue; /* With next host */
5420 continue_host_tried = TRUE;
5422 /* Reset the default next host in case a multihomed host whose addresses
5423 are not looked up till just above added to the host list. */
5425 nexthost = host->next;
5427 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
5428 domain is in queue_smtp_domains, we don't actually want to attempt any
5429 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
5430 there is a lookup defer in queue_smtp_domains, proceed as if the domain
5431 were not in it. We don't want to hold up all SMTP deliveries! Except when
5432 doing a two-stage queue run, don't do this if forcing. */
5434 if ( (!f.deliver_force || f.queue_2stage)
5436 || match_isinlist(addrlist->domain,
5437 CUSS &queue_smtp_domains, 0,
5438 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK)
5441 DEBUG(D_transport) debug_printf("first-pass routing only\n");
5443 for (address_item * addr = addrlist; addr; addr = addr->next)
5444 if (addr->transport_return == DEFER)
5445 addr->message = US"first-pass only routing due to -odqs, "
5446 "queue_smtp_domains or control=queue";
5447 continue; /* With next host */
5450 /* Count hosts being considered - purely for an intelligent comment
5451 if none are usable. */
5455 /* Set $host and $host address now in case they are needed for the
5456 interface expansion or the serialize_hosts check; they remain set if an
5457 actual delivery happens. */
5459 deliver_host = host->name;
5460 deliver_host_address = host->address;
5461 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
5462 : host->dnssec == DS_NO ? US"no"
5465 /* Set up a string for adding to the retry key if the port number is not
5466 the standard SMTP port. A host may have its own port setting that overrides
5469 pistring = string_sprintf(":%d", host->port == PORT_NONE
5470 ? defport : host->port);
5471 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
5473 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
5474 string is set, even if constant (as different transports can have different
5475 constant settings), we must add it to the key that is used for retries,
5476 because connections to the same host from a different interface should be
5477 treated separately. */
5479 host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET;
5481 uschar * s = ob->interface;
5484 if (!smtp_get_interface(s, host_af, addrlist, &interface, tid))
5486 pistring = string_sprintf("%s/%s", pistring, interface);
5490 /* The first time round the outer loop, check the status of the host by
5491 inspecting the retry data. The second time round, we are interested only
5492 in expired hosts that haven't been tried since this message arrived. */
5494 if (cutoff_retry == 0)
5497 /* Ensure the status of the address is set by checking retry data if
5498 necessary. There may be host-specific retry data (applicable to all
5499 messages) and also data for retries of a specific message at this host.
5500 If either of these retry records are actually read, the keys used are
5501 returned to save recomputing them later. */
5503 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5504 US"retry_include_ip_address", ob->retry_include_ip_address,
5505 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5506 continue; /* with next host */
5508 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
5509 incl_ip, &retry_host_key, &retry_message_key);
5511 DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
5512 host->address ? host->address : US"", pistring,
5513 host->status == hstatus_usable ? "usable"
5514 : host->status == hstatus_unusable ? "unusable"
5515 : host->status == hstatus_unusable_expired ? "unusable (expired)" : "?");
5517 /* Skip this address if not usable at this time, noting if it wasn't
5518 actually expired, both locally and in the address. */
5520 switch (host->status)
5522 case hstatus_unusable:
5524 setflag(addrlist, af_retry_skipped);
5527 case hstatus_unusable_expired:
5530 case hwhy_retry: hosts_retry++; break;
5531 case hwhy_failed: hosts_fail++; break;
5533 case hwhy_deferred: hosts_defer++; break;
5536 /* If there was a retry message key, implying that previously there
5537 was a message-specific defer, we don't want to update the list of
5538 messages waiting for these hosts. */
5540 if (retry_message_key) update_waiting = FALSE;
5541 continue; /* With the next host or IP address */
5545 /* Second time round the loop: if the address is set but expired, and
5546 the message is newer than the last try, let it through. */
5551 || host->status != hstatus_unusable_expired
5552 || host->last_try > received_time.tv_sec)
5554 DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n",
5555 host->name, host->address, pistring);
5556 host_is_expired = TRUE;
5559 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
5560 it remains TRUE only if all hosts are expired and none are actually tried.
5565 /* If this host is listed as one to which access must be serialized,
5566 see if another Exim process has a connection to it, and if so, skip
5567 this host. If not, update the database to record our connection to it
5568 and remember this for later deletion. Do not do any of this if we are
5569 sending the message down a pre-existing connection. */
5571 if ( !continue_hostname
5572 && verify_check_given_host(CUSS &ob->serialize_hosts, host) == OK)
5574 serialize_key = string_sprintf("host-serialize-%s", host->name);
5575 if (!enq_start(serialize_key, 1))
5578 debug_printf("skipping host %s because another Exim process "
5579 "is connected to it\n", host->name);
5585 /* OK, we have an IP address that is not waiting for its retry time to
5586 arrive (it might be expired) OR (second time round the loop) we have an
5587 expired host that hasn't been tried since the message arrived. Have a go
5588 at delivering the message to it. First prepare the addresses by flushing
5589 out the result of previous attempts, and finding the first address that
5590 is still to be delivered. */
5592 first_addr = prepare_addresses(addrlist, host);
5594 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
5595 message_id, host->name, host->address, addrlist->address,
5596 addrlist->next ? ", ..." : "");
5598 set_process_info("delivering %s to %s [%s]%s (%s%s)",
5599 message_id, host->name, host->address, pistring, addrlist->address,
5600 addrlist->next ? ", ..." : "");
5602 /* This is not for real; don't do the delivery. If there are
5603 any remaining hosts, list them. */
5608 gettimeofday(&now, NULL);
5609 set_errno_nohost(addrlist, 0, NULL, OK, FALSE, &now);
5610 for (address_item * addr = addrlist; addr; addr = addr->next)
5612 addr->host_used = host;
5613 addr->special_action = '*';
5614 addr->message = US"delivery bypassed by -N option";
5618 debug_printf("*** delivery by %s transport bypassed by -N option\n"
5619 "*** host and remaining hosts:\n", tblock->name);
5620 for (host_item * host2 = host; host2; host2 = host2->next)
5621 debug_printf(" %s [%s]\n", host2->name,
5622 host2->address ? host2->address : US"unset");
5627 /* This is for real. If the host is expired, we don't count it for
5628 hosts_max_retry. This ensures that all hosts must expire before an address
5629 is timed out, unless hosts_max_try_hardlimit (which protects against
5630 lunatic DNS configurations) is reached.
5632 If the host is not expired and we are about to hit the hosts_max_retry
5633 limit, check to see if there is a subsequent hosts with a different MX
5634 value. If so, make that the next host, and don't count this one. This is a
5635 heuristic to make sure that different MXs do get tried. With a normal kind
5636 of retry rule, they would get tried anyway when the earlier hosts were
5637 delayed, but if the domain has a "retry every time" type of rule - as is
5638 often used for the the very large ISPs, that won't happen. */
5643 /* Make a copy of the host if it is local to this invocation
5644 of the transport. */
5648 thost = store_get(sizeof(host_item), GET_UNTAINTED);
5650 thost->name = string_copy(host->name);
5651 thost->address = string_copy(host->address);
5656 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
5659 debug_printf("hosts_max_try limit reached with this host\n");
5660 for (host_item * h = host; h; h = h->next) if (h->mx != host->mx)
5663 unexpired_hosts_tried--;
5664 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
5665 "and will be tried\n");
5670 /* Attempt the delivery. */
5672 total_hosts_tried++;
5673 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5674 &message_defer, FALSE);
5677 OK => connection made, each address contains its result;
5678 message_defer is set for message-specific defers (when all
5679 recipients are marked defer)
5680 DEFER => there was a non-message-specific delivery problem;
5681 ERROR => there was a problem setting up the arguments for a filter,
5682 or there was a problem with expanding added headers
5685 /* If the result is not OK, there was a non-message-specific problem.
5686 If the result is DEFER, we need to write to the logs saying what happened
5687 for this particular host, except in the case of authentication and TLS
5688 failures, where the log has already been written. If all hosts defer a
5689 general message is written at the end. */
5691 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
5692 && first_addr->basic_errno != ERRNO_TLSFAILURE)
5693 write_logs(host, first_addr->message, first_addr->basic_errno);
5695 #ifndef DISABLE_EVENT
5697 deferred_event_raise(first_addr, host, US"msg:host:defer");
5700 /* If STARTTLS was accepted, but there was a failure in setting up the
5701 TLS session (usually a certificate screwup), and the host is not in
5702 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
5703 TLS forcibly turned off. We have to start from scratch with a new SMTP
5704 connection. That's why the retry is done from here, not from within
5705 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
5706 session, so the in-clear transmission after those errors, if permitted,
5707 happens inside smtp_deliver().] */
5711 && first_addr->basic_errno == ERRNO_TLSFAILURE
5712 && ob->tls_tempfail_tryclear
5713 && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK
5716 log_write(0, LOG_MAIN,
5717 "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
5718 first_addr->message, host->name, host->address);
5719 first_addr = prepare_addresses(addrlist, host);
5720 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
5721 &message_defer, TRUE);
5722 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
5723 write_logs(host, first_addr->message, first_addr->basic_errno);
5724 # ifndef DISABLE_EVENT
5726 deferred_event_raise(first_addr, host, US"msg:host:defer");
5729 #endif /*DISABLE_TLS*/
5731 #ifndef DISABLE_EVENT
5732 /* If the last host gave a defer raise a per-message event */
5735 && unexpired_hosts_tried < ob->hosts_max_try
5736 && total_hosts_tried < ob->hosts_max_try_hardlimit
5738 && (message_defer || rc == DEFER)
5740 deferred_event_raise(first_addr, host, US"msg:defer");
5744 /* Delivery attempt finished */
5746 set_process_info("delivering %s: just tried %s [%s]%s for %s%s: result %s",
5747 message_id, host->name, host->address, pistring, addrlist->address,
5748 addrlist->next ? " (& others)" : "", rc_to_string(rc));
5750 /* Release serialization if set up */
5752 if (serialize_key) enq_end(serialize_key);
5754 /* If the result is DEFER, or if a host retry record is known to exist, we
5755 need to add an item to the retry chain for updating the retry database
5756 at the end of delivery. We only need to add the item to the top address,
5757 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
5758 for any other delivery attempts using the same address. (It is copied into
5759 the unusable tree at the outer level, so even if different address blocks
5760 contain the same address, it still won't get tried again.) */
5762 if (rc == DEFER || retry_host_key)
5764 int delete_flag = rc != DEFER ? rf_delete : 0;
5765 if (!retry_host_key)
5768 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5769 US"retry_include_ip_address", ob->retry_include_ip_address,
5770 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5771 incl_ip = TRUE; /* error; use most-specific retry record */
5773 retry_host_key = incl_ip
5774 ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring)
5775 : string_sprintf("T:%S%s", host->name, pistring);
5778 /* If a delivery of another message over an existing SMTP connection
5779 yields DEFER, we do NOT set up retry data for the host. This covers the
5780 case when there are delays in routing the addresses in the second message
5781 that are so long that the server times out. This is alleviated by not
5782 routing addresses that previously had routing defers when handling an
5783 existing connection, but even so, this case may occur (e.g. if a
5784 previously happily routed address starts giving routing defers). If the
5785 host is genuinely down, another non-continued message delivery will
5786 notice it soon enough. */
5788 if (delete_flag != 0 || !continue_hostname)
5789 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
5791 /* We may have tried an expired host, if its retry time has come; ensure
5792 the status reflects the expiry for the benefit of any other addresses. */
5796 host->status = host_is_expired
5797 ? hstatus_unusable_expired : hstatus_unusable;
5798 host->why = hwhy_deferred;
5802 /* If message_defer is set (host was OK, but every recipient got deferred
5803 because of some message-specific problem), or if that had happened
5804 previously so that a message retry key exists, add an appropriate item
5805 to the retry chain. Note that if there was a message defer but now there is
5806 a host defer, the message defer record gets deleted. That seems perfectly
5807 reasonable. Also, stop the message from being remembered as waiting
5808 for specific hosts. */
5810 if (message_defer || retry_message_key)
5812 int delete_flag = message_defer ? 0 : rf_delete;
5813 if (!retry_message_key)
5816 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5817 US"retry_include_ip_address", ob->retry_include_ip_address,
5818 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5819 incl_ip = TRUE; /* error; use most-specific retry record */
5821 retry_message_key = incl_ip
5822 ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
5824 : string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
5826 retry_add_item(addrlist, retry_message_key,
5827 rf_message | rf_host | delete_flag);
5828 update_waiting = FALSE;
5831 /* Any return other than DEFER (that is, OK or ERROR) means that the
5832 addresses have got their final statuses filled in for this host. In the OK
5833 case, see if any of them are deferred. */
5836 for (address_item * addr = addrlist; addr; addr = addr->next)
5837 if (addr->transport_return == DEFER)
5839 some_deferred = TRUE;
5843 /* If no addresses deferred or the result was ERROR, return. We do this for
5844 ERROR because a failing filter set-up or add_headers expansion is likely to
5845 fail for any host we try. */
5847 if (rc == ERROR || (rc == OK && !some_deferred))
5849 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
5850 return TRUE; /* Each address has its status */
5853 /* If the result was DEFER or some individual addresses deferred, let
5854 the loop run to try other hosts with the deferred addresses, except for the
5855 case when we were trying to deliver down an existing channel and failed.
5856 Don't try any other hosts in this case. */
5858 if (continue_hostname) break;
5860 /* If the whole delivery, or some individual addresses, were deferred and
5861 there are more hosts that could be tried, do not count this host towards
5862 the hosts_max_try limit if the age of the message is greater than the
5863 maximum retry time for this host. This means we may try try all hosts,
5864 ignoring the limit, when messages have been around for some time. This is
5865 important because if we don't try all hosts, the address will never time
5866 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
5868 if ((rc == DEFER || some_deferred) && nexthost)
5871 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
5873 if (retry && retry->rules)
5875 retry_rule *last_rule;
5876 for (last_rule = retry->rules;
5878 last_rule = last_rule->next);
5879 timedout = time(NULL) - received_time.tv_sec > last_rule->timeout;
5881 else timedout = TRUE; /* No rule => timed out */
5885 unexpired_hosts_tried--;
5886 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
5887 "hosts_max_try (message older than host's retry time)\n");
5893 if (unexpired_hosts_tried >= ob->hosts_max_try)
5894 debug_printf("reached transport hosts_max_try limit %d\n",
5896 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5897 debug_printf("reached transport hosts_max_try_hardlimit limit %d\n",
5898 ob->hosts_max_try_hardlimit);
5901 testharness_pause_ms(500); /* let server debug out */
5902 } /* End of loop for trying multiple hosts. */
5904 /* If we failed to find a matching host in the list, for an already-open
5905 connection, just close it and start over with the list. This can happen
5906 for routing that changes from run to run, or big multi-IP sites with
5909 if (continue_hostname && !continue_host_tried)
5911 int fd = cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0;
5913 DEBUG(D_transport) debug_printf("no hosts match already-open connection\n");
5915 /* A TLS conn could be open for a cutthrough, but not for a plain continued-
5917 /*XXX doublecheck that! */
5919 if (cutthrough.cctx.sock >= 0 && cutthrough.is_tls)
5921 (void) tls_write(cutthrough.cctx.tls_ctx, US"QUIT\r\n", 6, FALSE);
5922 tls_close(cutthrough.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
5923 cutthrough.cctx.tls_ctx = NULL;
5924 cutthrough.is_tls = FALSE;
5928 (void) write(fd, US"QUIT\r\n", 6);
5931 cutthrough.cctx.sock = -1;
5932 continue_hostname = NULL;
5933 goto retry_non_continued;
5936 /* This is the end of the loop that repeats iff expired is TRUE and
5937 ob->delay_after_cutoff is FALSE. The second time round we will
5938 try those hosts that haven't been tried since the message arrived. */
5942 debug_printf("all IP addresses skipped or deferred at least one address\n");
5943 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
5944 debug_printf("retrying IP addresses not tried since message arrived\n");
5949 /* Get here if all IP addresses are skipped or defer at least one address. In
5950 MUA wrapper mode, this will happen only for connection or other non-message-
5951 specific failures. Force the delivery status for all addresses to FAIL. */
5955 for (address_item * addr = addrlist; addr; addr = addr->next)
5956 addr->transport_return = FAIL;
5960 /* In the normal, non-wrapper case, add a standard message to each deferred
5961 address if there hasn't been an error, that is, if it hasn't actually been
5962 tried this time. The variable "expired" will be FALSE if any deliveries were
5963 actually tried, or if there was at least one host that was not expired. That
5964 is, it is TRUE only if no deliveries were tried and all hosts were expired. If
5965 a delivery has been tried, an error code will be set, and the failing of the
5966 message is handled by the retry code later.
5968 If queue_smtp is set, or this transport was called to send a subsequent message
5969 down an existing TCP/IP connection, and something caused the host not to be
5970 found, we end up here, but can detect these cases and handle them specially. */
5972 for (address_item * addr = addrlist; addr; addr = addr->next)
5974 /* If host is not NULL, it means that we stopped processing the host list
5975 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
5976 means we need to behave as if some hosts were skipped because their retry
5977 time had not come. Specifically, this prevents the address from timing out.
5978 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
5979 hosts were tried. */
5982 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5985 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
5986 "hosts were tried\n");
5991 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
5992 setflag(addr, af_retry_skipped);
5995 if (f.queue_smtp) /* no deliveries attempted */
5997 addr->transport_return = DEFER;
5998 addr->basic_errno = 0;
5999 addr->message = US"SMTP delivery explicitly queued";
6002 else if ( addr->transport_return == DEFER
6003 && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0)
6007 addr->basic_errno = ERRNO_HRETRY;
6008 if (continue_hostname)
6009 addr->message = US"no host found for existing SMTP connection";
6012 setflag(addr, af_pass_message); /* This is not a security risk */
6013 addr->message = string_sprintf(
6014 "all hosts%s have been failing for a long time %s",
6015 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"",
6016 ob->delay_after_cutoff
6017 ? US"(and retry time not reached)"
6018 : US"and were last tried after this message arrived");
6020 /* If we are already using fallback hosts, or there are no fallback hosts
6021 defined, convert the result to FAIL to cause a bounce. */
6023 if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts)
6024 addr->transport_return = FAIL;
6029 if (hosts_retry == hosts_total)
6030 s = "retry time not reached for any host%s";
6031 else if (hosts_fail == hosts_total)
6032 s = "all host address lookups%s failed permanently";
6033 else if (hosts_defer == hosts_total)
6034 s = "all host address lookups%s failed temporarily";
6035 else if (hosts_serial == hosts_total)
6036 s = "connection limit reached for all hosts%s";
6037 else if (hosts_fail+hosts_defer == hosts_total)
6038 s = "all host address lookups%s failed";
6040 s = "some host address lookups failed and retry time "
6041 "not reached for other hosts or connection limit reached%s";
6043 addr->message = string_sprintf(s,
6044 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"");
6049 /* Update the database which keeps information about which messages are waiting
6050 for which hosts to become available. For some message-specific errors, the
6051 update_waiting flag is turned off because we don't want follow-on deliveries in
6052 those cases. If this transport instance is explicitly limited to one message
6053 per connection then follow-on deliveries are not possible and there's no need
6054 to create/update the per-transport wait-<transport_name> database. */
6056 if (update_waiting && tblock->connection_max_messages != 1)
6057 transport_update_waiting(hostlist, tblock->name);
6061 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
6063 return TRUE; /* Each address has its status */
6066 #endif /*!MACRO_PREDEF*/
6069 /* End of transport/smtp.c */