X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=aa7988cef4be4a8234b7339914fe20b3183500df;hb=e3555426308395ef260b0dae4548593ac114aed5;hp=865a01d07f4e836ecedf793d62ae1fc78b1b1fec;hpb=ff5929e3b91747e2ecb600711d17a7d0e21749ad;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/verify.c b/src/src/verify.c
index 865a01d07..aa7988cef 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -42,6 +42,7 @@ static tree_node *dnsbl_cache = NULL;
 static uschar cutthrough_response(char, uschar **);
 
 
+
 /*************************************************
 *          Retrieve a callout cache record       *
 *************************************************/
@@ -617,6 +618,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 		  addr->transport);
     if (inblock.sock < 0)
       {
+      HDEBUG(D_verify) debug_printf("connect: %s\n", strerror(errno));
       addr->message = string_sprintf("could not connect to %s [%s]: %s",
           host->name, host->address, strerror(errno));
       transport_name = NULL;
@@ -682,6 +684,9 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
     if (!smtps || (smtps && tls_out.active >= 0))
 #endif
       {
+#ifdef TCP_QUICKACK
+      (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+#endif
       if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)))
         goto RESPONSE_FAILED;
 
@@ -755,7 +760,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 	: 0;
       }
 
-    size_str = peer_offered & PEER_OFFERED_SIZE
+    size_str = options & vopt_is_recipient && peer_offered & PEER_OFFERED_SIZE
       ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US"";
 
 #ifdef SUPPORT_TLS
@@ -808,7 +813,6 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 	int oldtimeout = ob->command_timeout;
 	int rc;
 
-	tls_negotiate:
 	ob->command_timeout = callout;
         rc = tls_client_start(inblock.sock, host, addr, addr->transport
 # ifdef EXPERIMENTAL_DANE
@@ -821,24 +825,22 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 	connection, if the options permit it for this host. */
         if (rc != OK)
           {
-	  if (rc == DEFER)
-	    {
-	    (void)close(inblock.sock);
+	  HDEBUG(D_transport|D_acl|D_v) debug_printf("  SMTP(close)>>\n");
+	  (void)close(inblock.sock);
 # ifndef DISABLE_EVENT
-	    (void) event_raise(addr->transport->event_action,
-				    US"tcp:close", NULL);
+	  (void) event_raise(addr->transport->event_action,
+				  US"tcp:close", NULL);
 # endif
-	    if (  ob->tls_tempfail_tryclear
-	       && !smtps
-	       && verify_check_given_host(&ob->hosts_require_tls, host) != OK
-	       )
-	      {
-	      log_write(0, LOG_MAIN, "TLS session failure:"
-		" delivering unencrypted to %s [%s] (not in hosts_require_tls)",
-		host->name, host->address);
-	      suppress_tls = TRUE;
-	      goto tls_retry_connection;
-	      }
+	  if (  ob->tls_tempfail_tryclear
+	     && !smtps
+	     && verify_check_given_host(&ob->hosts_require_tls, host) != OK
+	     )
+	    {
+	    log_write(0, LOG_MAIN, "TLS session failure:"
+	      " callout unencrypted to %s [%s] (not in hosts_require_tls)",
+	      host->name, host->address);
+	    suppress_tls = TRUE;
+	    goto tls_retry_connection;
 	    }
 
 	  /*save_errno = ERRNO_TLSFAILURE;*/
@@ -1094,6 +1096,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 #ifdef SUPPORT_TLS
 	    tls_close(FALSE, TRUE);
 #endif
+	    HDEBUG(D_transport|D_acl|D_v) debug_printf("  SMTP(close)>>\n");
 	    (void)close(inblock.sock);
 #ifndef DISABLE_EVENT
 	    (void) event_raise(addr->transport->event_action,
@@ -1306,6 +1309,7 @@ can do it there for the non-rcpt-verify case.  For this we keep an addresscount.
 #ifdef SUPPORT_TLS
       tls_close(FALSE, TRUE);
 #endif
+      HDEBUG(D_transport|D_acl|D_v) debug_printf("  SMTP(close)>>\n");
       (void)close(inblock.sock);
 #ifndef DISABLE_EVENT
       (void) event_raise(addr->transport->event_action, US"tcp:close", NULL);
@@ -1627,6 +1631,7 @@ if(cutthrough.fd >= 0)
   #ifdef SUPPORT_TLS
   tls_close(FALSE, TRUE);
   #endif
+  HDEBUG(D_transport|D_acl|D_v) debug_printf("  SMTP(close)>>\n");
   (void)close(cutthrough.fd);
   cutthrough.fd = -1;
   HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why);
@@ -2903,9 +2908,8 @@ DEBUG(D_ident) debug_printf("doing ident callback\n");
 to the incoming interface address. If the sender host address is an IPv6
 address, the incoming interface address will also be IPv6. */
 
-host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
-sock = ip_socket(SOCK_STREAM, host_af);
-if (sock < 0) return;
+host_af = Ustrchr(sender_host_address, ':') == NULL ? AF_INET : AF_INET6;
+if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return;
 
 if (ip_bind(sock, host_af, interface_address, 0) < 0)
   {
@@ -2914,19 +2918,15 @@ if (ip_bind(sock, host_af, interface_address, 0) < 0)
   goto END_OFF;
   }
 
-if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
-     < 0)
+if (ip_connect(sock, host_af, sender_host_address, port,
+		rfc1413_query_timeout, TRUE) < 0)
   {
   if (errno == ETIMEDOUT && LOGGING(ident_timeout))
-    {
     log_write(0, LOG_MAIN, "ident connection to %s timed out",
       sender_host_address);
-    }
   else
-    {
     DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
       sender_host_address, strerror(errno));
-    }
   goto END_OFF;
   }