X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=0959b00512832edfad2f109fa2cad2b87591ac24;hb=91bde4a0253d38118dc227e184b793d476a013ce;hp=11f1e10eb2f027d3de99c954d825ee7ca9cacd44;hpb=ae5afa61184b6c9b39f58804032b32b42e3ba44e;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/verify.c b/src/src/verify.c index 11f1e10eb..0959b0051 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -39,7 +39,8 @@ static tree_node *dnsbl_cache = NULL; #define MT_NOT 1 #define MT_ALL 2 -static uschar cutthrough_response(char, uschar **); +static uschar cutthrough_response(char, uschar **, int); + /************************************************* @@ -461,7 +462,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. transport_rcpt_address(addr, (addr->transport == NULL)? FALSE : addr->transport->rcpt_include_affixes)) >= 0 && - cutthrough_response('2', &resp) == '2'; + cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2'; /* This would go horribly wrong if a callout fail was ignored by ACL. We punt by abandoning cutthrough on a reject, like the @@ -683,6 +684,9 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. if (!smtps || (smtps && tls_out.active >= 0)) #endif { +#ifdef TCP_QUICKACK + (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); +#endif if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) goto RESPONSE_FAILED; @@ -756,7 +760,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. : 0; } - size_str = peer_offered & PEER_OFFERED_SIZE + size_str = options & vopt_is_recipient && peer_offered & PEER_OFFERED_SIZE ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US""; #ifdef SUPPORT_TLS @@ -936,11 +940,10 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. } else if ( addr->prop.utf8_msg && (addr->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8)) - && (setflag(addr, af_utf8_downcvt), - from_address = string_address_utf8_to_alabel(from_address, - &addr->message), - addr->message - ) ) + && !(setflag(addr, af_utf8_downcvt), + from_address = string_address_utf8_to_alabel(from_address, + &addr->message) + ) ) { errno = ERRNO_EXPANDFAIL; setflag(addr, af_verify_nsfail); @@ -1117,16 +1120,14 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. #ifdef SUPPORT_I18N /*XXX should the conversion be moved into transport_rcpt_address() ? */ - uschar * dummy_errstr = NULL; if ( testflag(addr, af_utf8_downcvt) - && (rcpt = string_address_utf8_to_alabel(rcpt, &dummy_errstr), - dummy_errstr - ) ) - { - errno = ERRNO_EXPANDFAIL; - *failure_ptr = US"recipient"; - done = FALSE; - } + && !(rcpt = string_address_utf8_to_alabel(rcpt, NULL)) + ) + { + errno = ERRNO_EXPANDFAIL; + *failure_ptr = US"recipient"; + done = FALSE; + } else #endif @@ -1300,8 +1301,14 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. if (options & vopt_callout_recipsender) cancel_cutthrough_connection("not usable for cutthrough"); if (send_quit) + { (void) smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + /* Wait a short time for response, and discard it */ + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', 1); + } + #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif @@ -1519,7 +1526,7 @@ return cutthrough_puts(US"\r\n", 2); /* Get and check response from cutthrough target */ static uschar -cutthrough_response(char expect, uschar ** copy) +cutthrough_response(char expect, uschar ** copy, int timeout) { smtp_inblock inblock; uschar inbuffer[4096]; @@ -1531,7 +1538,7 @@ inblock.ptr = inbuffer; inblock.ptrend = inbuffer; inblock.sock = cutthrough.fd; /* this relies on (inblock.sock == tls_out.active) */ -if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, CUTTHROUGH_DATA_TIMEOUT)) +if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, timeout)) cancel_cutthrough_connection("target timeout on read"); if(copy != NULL) @@ -1560,7 +1567,7 @@ cutthrough_puts(US"DATA\r\n", 6); cutthrough_flush_send(); /* Assume nothing buffered. If it was it gets ignored. */ -return cutthrough_response('3', NULL) == '3'; +return cutthrough_response('3', NULL, CUTTHROUGH_DATA_TIMEOUT) == '3'; } @@ -1622,7 +1629,9 @@ if(cutthrough.fd >= 0) HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n"); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); - /* No wait for response */ + + /* Wait a short time for response, and discard it */ + cutthrough_response('2', NULL, 1); #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); @@ -1664,7 +1673,7 @@ if( !cutthrough_puts(US".", 1) ) return cutthrough.addr.message; -res = cutthrough_response('2', &cutthrough.addr.message); +res = cutthrough_response('2', &cutthrough.addr.message, CUTTHROUGH_DATA_TIMEOUT); for (addr = &cutthrough.addr; addr; addr = addr->next) { addr->message = cutthrough.addr.message; @@ -2904,9 +2913,8 @@ DEBUG(D_ident) debug_printf("doing ident callback\n"); to the incoming interface address. If the sender host address is an IPv6 address, the incoming interface address will also be IPv6. */ -host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6; -sock = ip_socket(SOCK_STREAM, host_af); -if (sock < 0) return; +host_af = Ustrchr(sender_host_address, ':') == NULL ? AF_INET : AF_INET6; +if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return; if (ip_bind(sock, host_af, interface_address, 0) < 0) { @@ -2915,19 +2923,15 @@ if (ip_bind(sock, host_af, interface_address, 0) < 0) goto END_OFF; } -if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout) - < 0) +if (ip_connect(sock, host_af, sender_host_address, port, + rfc1413_query_timeout, TRUE) < 0) { if (errno == ETIMEDOUT && LOGGING(ident_timeout)) - { log_write(0, LOG_MAIN, "ident connection to %s timed out", sender_host_address); - } else - { DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n", sender_host_address, strerror(errno)); - } goto END_OFF; }