* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions concerned with verifying things. The original code for callout
SMTP command to send. If we tried TLS but it failed, try again without
if permitted */
- if ( (yield = smtp_setup_conn(&sx, FALSE)) == DEFER
+ yield = smtp_setup_conn(&sx, FALSE);
+#ifdef SUPPORT_TLS
+ if ( yield == DEFER
&& addr->basic_errno == ERRNO_TLSFAILURE
&& ob->tls_tempfail_tryclear
&& verify_check_given_host(&ob->hosts_require_tls, host) != OK
addr->transport_return = PENDING_DEFER;
yield = smtp_setup_conn(&sx, TRUE);
}
+#endif
if (yield != OK)
{
errno = addr->basic_errno;
addr->address = string_sprintf("%s@%.1000s",
random_local_part, rcpt_domain);
done = FALSE;
+
+ /* If accepted, we aren't going to do any further tests below.
+ Otherwise, cache a real negative response, and get back to the right
+ state to send RCPT. Unless there's some problem such as a dropped
+ connection, we expect to succeed, because the commands succeeded above.
+ However, some servers drop the connection after responding to an
+ invalid recipient, so on (any) error we drop and remake the connection.
+ XXX We don't care about that for postmaster_full. Should we?
+
+ XXX could we add another flag to the context, and have the common
+ code emit the RSET too? Even pipelined after the RCPT...
+ Then the main-verify call could use it if there's to be a subsequent
+ postmaster-verify.
+ The sync_responses() would need to be taught about it and we'd
+ need another return code filtering out to here.
+ */
+
+ /* Remember when we last did a random test */
+ new_domain_record.random_stamp = time(NULL);
+
if (smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0)
switch(addr->transport_return)
{
new_domain_record.random_result = ccache_reject;
/* Between each check, issue RSET, because some servers accept only
- one recipient after MAIL FROM:<>. */
+ one recipient after MAIL FROM:<>.
+ XXX We don't care about that for postmaster_full. Should we? */
if ((done =
smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0 &&
(void) event_raise(addr->transport->event_action,
US"tcp:close", NULL);
#endif
+ addr->address = main_address;
+ addr->transport_return = PENDING_DEFER;
+ sx.first_addr = sx.sync_addr = addr;
+ sx.ok = FALSE;
+ sx.send_rset = TRUE;
+ sx.completed_addr = FALSE;
goto tls_retry_connection;
}
- /* If accepted, we aren't going to do any further tests below.
- Otherwise, cache a real negative response, and get back to the right
- state to send RCPT. Unless there's some problem such as a dropped
- connection, we expect to succeed, because the commands succeeded above.
- However, some servers drop the connection after responding to an
- invalid recipient, so on (any) error we drop and remake the connection.
-
- XXX could we add another flag to the context, and have the common
- code emit the RSET too? Even pipelined after the RCPT...
- Then the main-verify call could use it if there's to be a subsequent
- postmaster-verify.
- The sync_responses() would need to be taught about it and we'd
- need another return code filtering out to here.
-
- Remember when we last did a random test
- */
-
- new_domain_record.random_stamp = time(NULL);
-
/* Re-setup for main verify, or for the error message when failing */
addr->address = main_address;
addr->transport_return = PENDING_DEFER;