X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fsmtp_in.c;h=b48e436e3c0d8ae3d89aa59c4b6c22b3da875b60;hb=b81207d2bfa92b2a666b01ce64c1b5e06a4a2098;hp=effc63672708336ce117e75eb5913f9d6ed0aaca;hpb=2ef7ed082481b2dccd3c2e0eae849b24bf0b172a;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index effc63672..b48e436e3 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -37,10 +37,10 @@ uschar *tcp_wrappers_name; /* Size of buffer for reading SMTP commands. We used to use 512, as defined by RFC 821. However, RFC 1869 specifies that this must be increased for SMTP commands that accept arguments, and this in particular applies to AUTH, where -the data can be quite long. More recently this value was 2048 in Exim; +the data can be quite long. More recently this value was 2048 in Exim; however, RFC 4954 (circa 2007) recommends 12288 bytes to handle AUTH. Clients -such as Thunderbird will send an AUTH with an initial-response for GSSAPI. -The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and +such as Thunderbird will send an AUTH with an initial-response for GSSAPI. +The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and we need room to handle large base64-encoded AUTHs for GSSAPI. */ @@ -96,7 +96,7 @@ enum { QUIT_CMD, HELP_CMD, -#ifdef EXPERIMENTAL_PROXY +#ifdef SUPPORT_PROXY PROXY_FAIL_IGNORE_CMD, #endif @@ -135,7 +135,7 @@ static BOOL rcpt_smtp_response_same; static BOOL rcpt_in_progress; static int nonmail_command_count; static BOOL smtp_exit_function_called = 0; -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N static BOOL smtputf8_advertised; #endif static int synprot_error_count; @@ -239,7 +239,7 @@ enum { ENV_MAIL_OPT_PRDR, #endif ENV_MAIL_OPT_RET, ENV_MAIL_OPT_ENVID, -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N ENV_MAIL_OPT_UTF8, #endif }; @@ -258,7 +258,7 @@ static env_mail_type_t env_mail_type_list[] = { #endif { US"RET", ENV_MAIL_OPT_RET, TRUE }, { US"ENVID", ENV_MAIL_OPT_ENVID, TRUE }, -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N { US"SMTPUTF8",ENV_MAIL_OPT_UTF8, FALSE }, /* rfc6531 */ #endif /* keep this the last entry */ @@ -583,7 +583,7 @@ exim_exit(EXIT_FAILURE); -#ifdef EXPERIMENTAL_PROXY +#ifdef SUPPORT_PROXY /************************************************* * Restore socket timeout to previous value * *************************************************/ @@ -620,7 +620,7 @@ int rc; /* Cannot configure local connection as a proxy inbound */ if (sender_host_address == NULL) return proxy_session; -rc = verify_check_this_host(&proxy_required_hosts, NULL, NULL, +rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL, sender_host_address, NULL); if (rc == OK) { @@ -761,10 +761,10 @@ if (ret >= 16 && DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); return ERRNO_PROXYFAIL; } - proxy_host_address = sender_host_address; + proxy_local_address = sender_host_address; sender_host_address = string_copy(US tmpip); tmpport = ntohs(hdr.v2.addr.ip4.src_port); - proxy_host_port = sender_host_port; + proxy_local_port = sender_host_port; sender_host_port = tmpport; /* Save dest ip/port */ tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.dst_addr; @@ -774,9 +774,9 @@ if (ret >= 16 && DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); return ERRNO_PROXYFAIL; } - proxy_target_address = string_copy(US tmpip); + proxy_external_address = string_copy(US tmpip); tmpport = ntohs(hdr.v2.addr.ip4.dst_port); - proxy_target_port = tmpport; + proxy_external_port = tmpport; goto done; case 0x21: /* TCPv6 address type */ iptype = US"IPv6"; @@ -787,10 +787,10 @@ if (ret >= 16 && DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); return ERRNO_PROXYFAIL; } - proxy_host_address = sender_host_address; + proxy_local_address = sender_host_address; sender_host_address = string_copy(US tmpip6); tmpport = ntohs(hdr.v2.addr.ip6.src_port); - proxy_host_port = sender_host_port; + proxy_local_port = sender_host_port; sender_host_port = tmpport; /* Save dest ip/port */ memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.dst_addr, 16); @@ -800,9 +800,9 @@ if (ret >= 16 && DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); return ERRNO_PROXYFAIL; } - proxy_target_address = string_copy(US tmpip6); + proxy_external_address = string_copy(US tmpip6); tmpport = ntohs(hdr.v2.addr.ip6.dst_port); - proxy_target_port = tmpport; + proxy_external_port = tmpport; goto done; default: DEBUG(D_receive) @@ -881,7 +881,7 @@ else if (ret >= 8 && debug_printf("Proxied src arg is not an %s address\n", iptype); goto proxyfail; } - proxy_host_address = sender_host_address; + proxy_local_address = sender_host_address; sender_host_address = p; p = sp + 1; if ((sp = Ustrchr(p, ' ')) == NULL) @@ -897,7 +897,7 @@ else if (ret >= 8 && debug_printf("Proxy dest arg is not an %s address\n", iptype); goto proxyfail; } - proxy_target_address = p; + proxy_external_address = p; p = sp + 1; if ((sp = Ustrchr(p, ' ')) == NULL) { @@ -912,7 +912,7 @@ else if (ret >= 8 && debug_printf("Proxied src port '%s' not an integer\n", p); goto proxyfail; } - proxy_host_port = sender_host_port; + proxy_local_port = sender_host_port; sender_host_port = tmp_port; p = sp + 1; if ((sp = Ustrchr(p, '\0')) == NULL) @@ -927,7 +927,7 @@ else if (ret >= 8 && debug_printf("Proxy dest port '%s' not an integer\n", p); goto proxyfail; } - proxy_target_port = tmp_port; + proxy_external_port = tmp_port; /* Already checked for /r /n above. Good V1 header received. */ goto done; } @@ -1025,7 +1025,7 @@ if required. */ for (p = cmd_list; p < cmd_list_end; p++) { - #ifdef EXPERIMENTAL_PROXY + #ifdef SUPPORT_PROXY /* Only allow QUIT command if Proxy Protocol parsing failed */ if (proxy_session && proxy_session_failed) { @@ -1082,7 +1082,7 @@ for (p = cmd_list; p < cmd_list_end; p++) } } -#ifdef EXPERIMENTAL_PROXY +#ifdef SUPPORT_PROXY /* Only allow QUIT command if Proxy Protocol parsing failed */ if (proxy_session && proxy_session_failed) return PROXY_FAIL_IGNORE_CMD; @@ -1234,8 +1234,7 @@ if (sender_host_unknown || sender_host_notsocket) if (is_inetd) return string_sprintf("SMTP connection from %s (via inetd)", hostname); -if ((log_extra_selector & LX_incoming_interface) != 0 && - interface_address != NULL) +if (LOGGING(incoming_interface) && interface_address != NULL) return string_sprintf("SMTP connection from %s I=[%s]:%d", hostname, interface_address, interface_port); @@ -1260,16 +1259,15 @@ s_tlslog(uschar * s, int * sizep, int * ptrp) int size = sizep ? *sizep : 0; int ptr = ptrp ? *ptrp : 0; - if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL) + if (LOGGING(tls_cipher) && tls_in.cipher != NULL) s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher); - if ((log_extra_selector & LX_tls_certificate_verified) != 0 && - tls_in.cipher != NULL) + if (LOGGING(tls_certificate_verified) && tls_in.cipher != NULL) s = string_append(s, &size, &ptr, 2, US" CV=", tls_in.certificate_verified? "yes":"no"); - if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL) + if (LOGGING(tls_peerdn) && tls_in.peerdn != NULL) s = string_append(s, &size, &ptr, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); - if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL) + if (LOGGING(tls_sni) && tls_in.sni != NULL) s = string_append(s, &size, &ptr, 3, US" SNI=\"", string_printing(tls_in.sni), US"\""); @@ -1301,7 +1299,7 @@ smtp_log_no_mail(void) int size, ptr, i; uschar *s, *sep; -if (smtp_mailcmd_count > 0 || (log_extra_selector & LX_smtp_no_mail) == 0) +if (smtp_mailcmd_count > 0 || !LOGGING(smtp_no_mail)) return; s = NULL; @@ -1546,7 +1544,7 @@ spf_received = NULL; spf_result = NULL; spf_smtp_comment = NULL; #endif -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N message_smtputf8 = FALSE; #endif body_linecount = body_zerocount = 0; @@ -1868,8 +1866,6 @@ pipelining_enable = TRUE; sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING; smtp_exit_function_called = FALSE; /* For avoiding loop in not-quit exit */ -memset(sender_host_cache, 0, sizeof(sender_host_cache)); - /* If receiving by -bs from a trusted user, or testing with -bh, we allow authentication settings from -oMaa to remain in force. */ @@ -1884,7 +1880,7 @@ tls_in.ocsp = OCSP_NOT_REQ; tls_advertised = FALSE; #endif dsn_advertised = FALSE; -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N smtputf8_advertised = FALSE; #endif @@ -2313,7 +2309,7 @@ if (!sender_host_unknown) if (smtp_batched_input) return TRUE; -#ifdef EXPERIMENTAL_PROXY +#ifdef SUPPORT_PROXY /* If valid Proxy Protocol source is connecting, set up session. * Failure will not allow any SMTP function other than QUIT. */ proxy_session = FALSE; @@ -2510,8 +2506,8 @@ static void incomplete_transaction_log(uschar *what) { if (sender_address == NULL || /* No transaction in progress */ - (log_write_selector & L_smtp_incomplete_transaction) == 0 /* Not logging */ - ) return; + !LOGGING(smtp_incomplete_transaction)) + return; /* Build list of recipients for logging */ @@ -2762,7 +2758,7 @@ if (sender_verified_failed != NULL && setflag(sender_verified_failed, af_sverify_told); - if (rc != FAIL || (log_extra_selector & LX_sender_verify_fail) != 0) + if (rc != FAIL || LOGGING(sender_verify_fail)) log_write(0, LOG_MAIN|LOG_REJECT, "%s sender verify %s for <%s>%s", host_and_ident(TRUE), ((sender_verified_failed->special_action & 255) == DEFER)? "defer":"fail", @@ -3324,12 +3320,10 @@ while (done <= 0) { smtp_cmd_data = NULL; - if ((c = smtp_in_auth(au, &s, &ss)) != OK) - log_write(0, LOG_MAIN|LOG_REJECT, "%s authenticator failed for %s: %s", - au->name, host_and_ident(FALSE), ss); - else + if (smtp_in_auth(au, &s, &ss) == OK) DEBUG(D_auth) debug_printf("tls auth succeeded\n"); - + else + DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); break; } } @@ -3581,7 +3575,7 @@ while (done <= 0) tls_advertised = FALSE; #endif dsn_advertised = FALSE; -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N smtputf8_advertised = FALSE; #endif @@ -3668,7 +3662,7 @@ while (done <= 0) } /* Advertise DSN support if configured to do so. */ - if (verify_check_host(&dsn_advertise_hosts) != FAIL) + if (verify_check_host(&dsn_advertise_hosts) != FAIL) { s = string_cat(s, &size, &ptr, smtp_code, 3); s = string_cat(s, &size, &ptr, US"-DSN\r\n", 6); @@ -3775,7 +3769,7 @@ while (done <= 0) } #endif -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N if ( accept_8bitmime && verify_check_host(&smtputf8_advertise_hosts) != FAIL) { @@ -4015,7 +4009,7 @@ while (done <= 0) rc = acl_check(ACL_WHERE_MAILAUTH, NULL, acl_smtp_mailauth, &user_msg, &log_msg); } - + switch (rc) { case OK: @@ -4024,23 +4018,23 @@ while (done <= 0) expand_check_condition(authenticated_by->mail_auth_condition, authenticated_by->name, US"authenticator")) break; /* Accept the AUTH */ - + ignore_msg = US"server_mail_auth_condition failed"; if (authenticated_id != NULL) ignore_msg = string_sprintf("%s: authenticated ID=\"%s\"", ignore_msg, authenticated_id); - + /* Fall through */ - + case FAIL: authenticated_sender = NULL; log_write(0, LOG_MAIN, "ignoring AUTH=%s from %s (%s)", value, host_and_ident(TRUE), ignore_msg); break; - + /* Should only get DEFER or ERROR here. Put back terminator overrides for error message */ - + default: value[-1] = '='; name[-1] = ' '; @@ -4058,7 +4052,7 @@ while (done <= 0) break; #endif -#ifdef EXPERIMENTAL_INTERNATIONAL +#ifdef SUPPORT_I18N case ENV_MAIL_OPT_UTF8: if (smtputf8_advertised) { @@ -4210,7 +4204,7 @@ while (done <= 0) US"", #endif US"\r\n"); - else + else { #ifndef DISABLE_PRDR if (prdr_requested) @@ -4468,7 +4462,7 @@ while (done <= 0) if (user_msg == NULL) smtp_printf("250 Accepted\r\n"); else smtp_user_msg(US"250", user_msg); receive_add_recipient(recipient, -1); - + /* Set the dsn flags in the recipients_list */ recipients_list[recipients_count-1].orcpt = orcpt; recipients_list[recipients_count-1].dsn_flags = flags; @@ -4983,7 +4977,7 @@ while (done <= 0) /* If ETRN queue runs are to be serialized, check the database to ensure one isn't already running. */ - if (smtp_etrn_serialize && !enq_start(etrn_serialize_key)) + if (smtp_etrn_serialize && !enq_start(etrn_serialize_key, 1)) { smtp_printf("458 Already processing %s\r\n", smtp_cmd_data); break; @@ -5107,11 +5101,11 @@ while (done <= 0) done = 1; /* Pretend eof - drops connection */ break; - #ifdef EXPERIMENTAL_PROXY +#ifdef SUPPORT_PROXY case PROXY_FAIL_IGNORE_CMD: smtp_printf("503 Command refused, required Proxy negotiation failed\r\n"); break; - #endif +#endif default: if (unknown_command_count++ >= smtp_max_unknown_commands)