projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Testsuite: GnuTLS version variances
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
0756eb3c
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
0756eb3c
PH		 11
12/* Options specific to the smtp transport. This transport also supports LMTP
13over TCP/IP. The options must be in alphabetic order (note that "_" comes
14before the lower case letters). Some live in the transport_instance block so as
15to be publicly visible; these are flagged with opt_public. */
16
17optionlist smtp_transport_options[] = {
506900af
JH		 18 { "*expand_multi_domain", opt_stringptr | opt_hidden | opt_public,
19 (void *)offsetof(transport_instance, expand_multi_domain) },
9c695f6d
JH		 20 { "*expand_retry_include_ip_address", opt_stringptr | opt_hidden,
21 (void *)(offsetof(smtp_transport_options_block, expand_retry_include_ip_address)) },
22
48c7f9e2
PH		 23 { "address_retry_include_sender", opt_bool,
24 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH		 25 { "allow_localhost", opt_bool,
26 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
617d3932
JH		 27#ifdef EXPERIMENTAL_ARC
28 { "arc_sign", opt_stringptr,
29 (void *)offsetof(smtp_transport_options_block, arc_sign) },
30#endif
0756eb3c
PH		 31 { "authenticated_sender", opt_stringptr,
32 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH		 33 { "authenticated_sender_force", opt_bool,
34 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH		 35 { "command_timeout", opt_time,
36 (void *)offsetof(smtp_transport_options_block, command_timeout) },
37 { "connect_timeout", opt_time,
38 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
39 { "connection_max_messages", opt_int | opt_public,
40 (void *)offsetof(transport_instance, connection_max_messages) },
5ec37a55
PP		 41# ifdef SUPPORT_DANE
42 { "dane_require_tls_ciphers", opt_stringptr,
43 (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
44# endif
0756eb3c
PH		 45 { "data_timeout", opt_time,
46 (void *)offsetof(smtp_transport_options_block, data_timeout) },
47 { "delay_after_cutoff", opt_bool,
48 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 49#ifndef DISABLE_DKIM
f7572e5a 50 { "dkim_canon", opt_stringptr,
ff5aac2b 51 (void *)offsetof(smtp_transport_options_block, dkim.dkim_canon) },
f7572e5a 52 { "dkim_domain", opt_stringptr,
ff5aac2b 53 (void *)offsetof(smtp_transport_options_block, dkim.dkim_domain) },
d73e45df
JH		 54 { "dkim_hash", opt_stringptr,
55 (void *)offsetof(smtp_transport_options_block, dkim.dkim_hash) },
7c6ec81b
JH		 56 { "dkim_identity", opt_stringptr,
57 (void *)offsetof(smtp_transport_options_block, dkim.dkim_identity) },
f7572e5a 58 { "dkim_private_key", opt_stringptr,
ff5aac2b 59 (void *)offsetof(smtp_transport_options_block, dkim.dkim_private_key) },
f7572e5a 60 { "dkim_selector", opt_stringptr,
ff5aac2b 61 (void *)offsetof(smtp_transport_options_block, dkim.dkim_selector) },
f7572e5a 62 { "dkim_sign_headers", opt_stringptr,
ff5aac2b 63 (void *)offsetof(smtp_transport_options_block, dkim.dkim_sign_headers) },
f7572e5a 64 { "dkim_strict", opt_stringptr,
ff5aac2b 65 (void *)offsetof(smtp_transport_options_block, dkim.dkim_strict) },
2bc0f45e
JH		 66 { "dkim_timestamps", opt_stringptr,
67 (void *)offsetof(smtp_transport_options_block, dkim.dkim_timestamps) },
80a47a2c 68#endif
0756eb3c
PH		 69 { "dns_qualify_single", opt_bool,
70 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
71 { "dns_search_parents", opt_bool,
72 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
578897ea 73 { "dnssec_request_domains", opt_stringptr,
7cd171b7 74 (void *)offsetof(smtp_transport_options_block, dnssec.request) },
578897ea 75 { "dnssec_require_domains", opt_stringptr,
7cd171b7 76 (void *)offsetof(smtp_transport_options_block, dnssec.require) },
9e4f5962
PP		 77 { "dscp", opt_stringptr,
78 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH		 79 { "fallback_hosts", opt_stringptr,
80 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
81 { "final_timeout", opt_time,
82 (void *)offsetof(smtp_transport_options_block, final_timeout) },
83 { "gethostbyname", opt_bool,
84 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
85 { "helo_data", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, helo_data) },
87 { "hosts", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts) },
89 { "hosts_avoid_esmtp", opt_stringptr,
90 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH		 91 { "hosts_avoid_pipelining", opt_stringptr,
92 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 93#ifdef SUPPORT_TLS
0756eb3c
PH		 94 { "hosts_avoid_tls", opt_stringptr,
95 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 96#endif
0756eb3c
PH		 97 { "hosts_max_try", opt_int,
98 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH		 99 { "hosts_max_try_hardlimit", opt_int,
100 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 101#ifdef SUPPORT_TLS
0756eb3c
PH		 102 { "hosts_nopass_tls", opt_stringptr,
103 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
875512a3
JH		 104 { "hosts_noproxy_tls", opt_stringptr,
105 (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
80a47a2c 106#endif
0756eb3c
PH		 107 { "hosts_override", opt_bool,
108 (void *)offsetof(smtp_transport_options_block, hosts_override) },
ee8b8090
JH		 109#ifdef EXPERIMENTAL_PIPE_CONNECT
110 { "hosts_pipe_connect", opt_stringptr,
111 (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) },
112#endif
0756eb3c
PH		 113 { "hosts_randomize", opt_bool,
114 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
f2de3a33 115#if defined(SUPPORT_TLS) && !defined(DISABLE_OCSP)
44662487
JH		 116 { "hosts_request_ocsp", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
118#endif
0756eb3c
PH		 119 { "hosts_require_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 121#ifdef SUPPORT_TLS
c0635b6d 122# ifdef SUPPORT_DANE
7a31d643
JH		 123 { "hosts_require_dane", opt_stringptr,
124 (void *)offsetof(smtp_transport_options_block, hosts_require_dane) },
125# endif
f2de3a33 126# ifndef DISABLE_OCSP
f5d78688
JH		 127 { "hosts_require_ocsp", opt_stringptr,
128 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
129# endif
0756eb3c
PH		 130 { "hosts_require_tls", opt_stringptr,
131 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 132#endif
0756eb3c
PH		 133 { "hosts_try_auth", opt_stringptr,
134 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
f98442df
JH		 135 { "hosts_try_chunking", opt_stringptr,
136 (void *)offsetof(smtp_transport_options_block, hosts_try_chunking) },
c0635b6d 137#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
96e47838
TL		 138 { "hosts_try_dane", opt_stringptr,
139 (void *)offsetof(smtp_transport_options_block, hosts_try_dane) },
140#endif
fb05276a
JH		 141 { "hosts_try_fastopen", opt_stringptr,
142 (void *)offsetof(smtp_transport_options_block, hosts_try_fastopen) },
8ccd00b1 143#ifndef DISABLE_PRDR
fd98a5c6
JH		 144 { "hosts_try_prdr", opt_stringptr,
145 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
146#endif
99400968
JH		 147#ifdef SUPPORT_TLS
148 { "hosts_verify_avoid_tls", opt_stringptr,
149 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
150#endif
0756eb3c
PH		 151 { "interface", opt_stringptr,
152 (void *)offsetof(smtp_transport_options_block, interface) },
153 { "keepalive", opt_bool,
154 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH		 155 { "lmtp_ignore_quota", opt_bool,
156 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH		 157 { "max_rcpt", opt_int | opt_public,
158 (void *)offsetof(transport_instance, max_addresses) },
506900af 159 { "multi_domain", opt_expand_bool | opt_public,
0756eb3c
PH		 160 (void *)offsetof(transport_instance, multi_domain) },
161 { "port", opt_stringptr,
162 (void *)offsetof(smtp_transport_options_block, port) },
163 { "protocol", opt_stringptr,
164 (void *)offsetof(smtp_transport_options_block, protocol) },
9c695f6d 165 { "retry_include_ip_address", opt_expand_bool,
0756eb3c
PH		 166 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
167 { "serialize_hosts", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
169 { "size_addition", opt_int,
1ddf77d0 170 (void *)offsetof(smtp_transport_options_block, size_addition) },
f0989ec0 171#ifdef SUPPORT_SOCKS
1ddf77d0
JH		 172 { "socks_proxy", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, socks_proxy) },
7eb6c37c 174#endif
80a47a2c 175#ifdef SUPPORT_TLS
1ddf77d0 176 { "tls_certificate", opt_stringptr,
0756eb3c
PH		 177 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
178 { "tls_crl", opt_stringptr,
179 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP		 180 { "tls_dh_min_bits", opt_int,
181 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH		 182 { "tls_privatekey", opt_stringptr,
183 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 184 { "tls_require_ciphers", opt_stringptr,
0756eb3c 185 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP		 186 { "tls_sni", opt_stringptr,
187 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH		 188 { "tls_tempfail_tryclear", opt_bool,
189 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
a63be306
WB		 190 { "tls_try_verify_hosts", opt_stringptr,
191 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
e51c7be2
JH		 192 { "tls_verify_cert_hostnames", opt_stringptr,
193 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
0756eb3c 194 { "tls_verify_certificates", opt_stringptr,
a63be306
WB		 195 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
196 { "tls_verify_hosts", opt_stringptr,
71c15846
JH		 197 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) },
198#endif
199#ifdef SUPPORT_I18N
200 { "utf8_downconvert", opt_stringptr,
201 (void *)offsetof(smtp_transport_options_block, utf8_downconvert) },
80a47a2c 202#endif
0756eb3c
PH		 203};
204
205/* Size of the options list. An extern variable has to be used so that its
206address can appear in the tables drtables.c. */
207
71c15846 208int smtp_transport_options_count = nelem(smtp_transport_options);
0756eb3c 209
d185889f
JH		 210
211#ifdef MACRO_PREDEF
212
213/* Dummy values */
214smtp_transport_options_block smtp_transport_option_defaults = {0};
215void smtp_transport_init(transport_instance *tblock) {}
216BOOL smtp_transport_entry(transport_instance *tblock, address_item *addr) {return FALSE;}
217void smtp_transport_closedown(transport_instance *tblock) {}
218
219#else /*!MACRO_PREDEF*/
220
221
0756eb3c
PH		 222/* Default private options block for the smtp transport. */
223
224smtp_transport_options_block smtp_transport_option_defaults = {
838d897c 225 .hosts = NULL,
847cd15f 226 .fallback_hosts = NULL,
838d897c
JH		 227 .hostlist = NULL,
228 .fallback_hostlist = NULL,
838d897c
JH		 229 .helo_data = US"$primary_hostname",
230 .interface = NULL,
231 .port = NULL,
232 .protocol = US"smtp",
233 .dscp = NULL,
234 .serialize_hosts = NULL,
235 .hosts_try_auth = NULL,
236 .hosts_require_auth = NULL,
237 .hosts_try_chunking = US"*",
c0635b6d 238#ifdef SUPPORT_DANE
838d897c
JH		 239 .hosts_try_dane = NULL,
240 .hosts_require_dane = NULL,
5ec37a55 241 .dane_require_tls_ciphers = NULL,
96e47838 242#endif
838d897c 243 .hosts_try_fastopen = NULL,
8ccd00b1 244#ifndef DISABLE_PRDR
838d897c 245 .hosts_try_prdr = US"*",
f5d78688 246#endif
f2de3a33 247#ifndef DISABLE_OCSP
838d897c
JH		 248 .hosts_request_ocsp = US"*", /* hosts_request_ocsp (except under DANE; tls_client_start()) */
249 .hosts_require_ocsp = NULL,
fd98a5c6 250#endif
838d897c
JH		 251 .hosts_require_tls = NULL,
252 .hosts_avoid_tls = NULL,
253 .hosts_verify_avoid_tls = NULL,
254 .hosts_avoid_pipelining = NULL,
ee8b8090
JH		 255#ifdef EXPERIMENTAL_PIPE_CONNECT
256 .hosts_pipe_connect = NULL,
257#endif
838d897c 258 .hosts_avoid_esmtp = NULL,
57cc2785 259#ifdef SUPPORT_TLS
838d897c
JH		 260 .hosts_nopass_tls = NULL,
261 .hosts_noproxy_tls = US"*",
57cc2785 262#endif
838d897c
JH		 263 .command_timeout = 5*60,
264 .connect_timeout = 5*60,
265 .data_timeout = 5*60,
266 .final_timeout = 10*60,
267 .size_addition = 1024,
268 .hosts_max_try = 5,
269 .hosts_max_try_hardlimit = 50,
270 .address_retry_include_sender = TRUE,
271 .allow_localhost = FALSE,
272 .authenticated_sender_force = FALSE,
273 .gethostbyname = FALSE,
274 .dns_qualify_single = TRUE,
275 .dns_search_parents = FALSE,
276 .dnssec = { .request=NULL, .require=NULL },
277 .delay_after_cutoff = TRUE,
278 .hosts_override = FALSE,
279 .hosts_randomize = FALSE,
280 .keepalive = TRUE,
281 .lmtp_ignore_quota = FALSE,
282 .expand_retry_include_ip_address = NULL,
283 .retry_include_ip_address = TRUE,
f0989ec0 284#ifdef SUPPORT_SOCKS
838d897c 285 .socks_proxy = NULL,
b8bf753b 286#endif
80a47a2c 287#ifdef SUPPORT_TLS
838d897c
JH		 288 .tls_certificate = NULL,
289 .tls_crl = NULL,
290 .tls_privatekey = NULL,
291 .tls_require_ciphers = NULL,
292 .tls_sni = NULL,
293 .tls_verify_certificates = US"system",
294 .tls_dh_min_bits = EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
295 .tls_tempfail_tryclear = TRUE,
296 .tls_verify_hosts = NULL,
297 .tls_try_verify_hosts = US"*",
298 .tls_verify_cert_hostnames = US"*",
80a47a2c 299#endif
71c15846
JH		 300#ifdef SUPPORT_I18N
301 .utf8_downconvert = NULL,
302#endif
80a47a2c 303#ifndef DISABLE_DKIM
838d897c
JH		 304 .dkim =
305 {.dkim_domain = NULL,
7c6ec81b 306 .dkim_identity = NULL,
838d897c
JH		 307 .dkim_private_key = NULL,
308 .dkim_selector = NULL,
309 .dkim_canon = NULL,
7c6ec81b 310 .dkim_sign_headers = NULL,
838d897c 311 .dkim_strict = NULL,
d73e45df 312 .dkim_hash = US"sha256",
2bc0f45e 313 .dkim_timestamps = NULL,
617d3932
JH		 314 .dot_stuffed = FALSE,
315 .force_bodyhash = FALSE,
316# ifdef EXPERIMENTAL_ARC
317 .arc_signspec = NULL,
318# endif
319 },
320# ifdef EXPERIMENTAL_ARC
321 .arc_sign = NULL,
322# endif
80a47a2c 323#endif
0756eb3c
PH		 324};
325
6c1c3d1d
WB		 326/* some DSN flags for use later */
327
328static int rf_list[] = {rf_notify_never, rf_notify_success,
329 rf_notify_failure, rf_notify_delay };
330
45500060 331static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
6c1c3d1d
WB		 332
333
0756eb3c
PH		 334
335/* Local statics */
336
87cb4a16
JH		 337static uschar *smtp_command; /* Points to last cmd for error messages */
338static uschar *mail_command; /* Points to MAIL cmd for error messages */
339static uschar *data_command = US""; /* Points to DATA cmd for error messages */
340static BOOL update_waiting; /* TRUE to update the "wait" database */
875512a3
JH		 341
342/*XXX move to smtp_context */
87cb4a16 343static BOOL pipelining_active; /* current transaction is in pipe mode */
0756eb3c
PH		 344
345
ee8b8090
JH		 346static unsigned ehlo_response(uschar * buf, unsigned checks);
347
348
0756eb3c
PH		 349/*************************************************
350* Setup entry point *
351*************************************************/
352
353/* This function is called when the transport is about to be used,
354but before running it in a sub-process. It is used for two things:
355
356 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH		 357 (2) To pass back the interface, port, protocol, and other options, for use
358 during callout verification.
0756eb3c
PH		 359
360Arguments:
361 tblock pointer to the transport instance block
362 addrlist list of addresses about to be transported
363 tf if not NULL, pointer to block in which to return options
929ba01c
PH		 364 uid the uid that will be set (not used)
365 gid the gid that will be set (not used)
0756eb3c
PH		 366 errmsg place for error message (not used)
367
368Returns: OK always (FAIL, DEFER not used)
369*/
370
371static int
372smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 373 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c 374{
ee8b8090 375smtp_transport_options_block *ob = SOB tblock->options_block;
0756eb3c
PH		 376
377errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH		 378uid = uid;
379gid = gid;
0756eb3c
PH		 380
381/* Pass back options if required. This interface is getting very messy. */
382
02b41d71 383if (tf)
0756eb3c
PH		 384 {
385 tf->interface = ob->interface;
386 tf->port = ob->port;
387 tf->protocol = ob->protocol;
388 tf->hosts = ob->hosts;
389 tf->hosts_override = ob->hosts_override;
390 tf->hosts_randomize = ob->hosts_randomize;
391 tf->gethostbyname = ob->gethostbyname;
392 tf->qualify_single = ob->dns_qualify_single;
393 tf->search_parents = ob->dns_search_parents;
26da7e20 394 tf->helo_data = ob->helo_data;
0756eb3c
PH		 395 }
396
397/* Set the fallback host list for all the addresses that don't have fallback
398host lists, provided that the local host wasn't present in the original host
399list. */
400
401if (!testflag(addrlist, af_local_host_removed))
02b41d71
JH		 402 for (; addrlist; addrlist = addrlist->next)
403 if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
0756eb3c
PH		 404
405return OK;
406}
407
408
409
410/*************************************************
411* Initialization entry point *
412*************************************************/
413
414/* Called for each instance, after its options have been read, to
415enable consistency checks to be done, or anything else that needs
416to be set up.
417
418Argument: pointer to the transport instance block
419Returns: nothing
420*/
421
422void
423smtp_transport_init(transport_instance *tblock)
424{
ee8b8090 425smtp_transport_options_block *ob = SOB tblock->options_block;
0756eb3c
PH		 426
427/* Retry_use_local_part defaults FALSE if unset */
428
429if (tblock->retry_use_local_part == TRUE_UNSET)
430 tblock->retry_use_local_part = FALSE;
431
432/* Set the default port according to the protocol */
433
ee8b8090
JH		 434if (!ob->port)
435 ob->port = strcmpic(ob->protocol, US"lmtp") == 0
436 ? US"lmtp"
437 : strcmpic(ob->protocol, US"smtps") == 0
438 ? US"smtps" : US"smtp";
0756eb3c
PH		 439
440/* Set up the setup entry point, to be called before subprocesses for this
441transport. */
442
443tblock->setup = smtp_transport_setup;
444
445/* Complain if any of the timeouts are zero. */
446
447if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
448 ob->final_timeout <= 0)
449 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
450 "command, data, or final timeout value is zero for %s transport",
451 tblock->name);
452
453/* If hosts_override is set and there are local hosts, set the global
454flag that stops verify from showing router hosts. */
455
456if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
457
458/* If there are any fallback hosts listed, build a chain of host items
459for them, but do not do any lookups at this time. */
460
461host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
462}
463
464
465
466
467
468/*************************************************
469* Set delivery info into all active addresses *
470*************************************************/
471
472/* Only addresses whose status is >= PENDING are relevant. A lesser
473status means that an address is not currently being processed.
474
475Arguments:
447d236c
PH		 476 addrlist points to a chain of addresses
477 errno_value to put in each address's errno field
478 msg to put in each address's message field
479 rc to put in each address's transport_return field
480 pass_message if TRUE, set the "pass message" flag in the address
c562fd30 481 host if set, mark addrs as having used this host
895fbaf2
JH		 482 smtp_greeting from peer
483 helo_response from peer
0756eb3c
PH		 484
485If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
486the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
487this particular type of timeout.
488
489Returns: nothing
490*/
491
7cd1141b
PH		 492static void
493set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
895fbaf2
JH		 494 BOOL pass_message, host_item * host
495#ifdef EXPERIMENTAL_DSN_INFO
496 , const uschar * smtp_greeting, const uschar * helo_response
497#endif
498 )
0756eb3c 499{
0756eb3c
PH		 500int orvalue = 0;
501if (errno_value == ERRNO_CONNECTTIMEOUT)
502 {
503 errno_value = ETIMEDOUT;
504 orvalue = RTEF_CTOUT;
505 }
d7978c0f 506for (address_item * addr = addrlist; addr; addr = addr->next)
168dec3b 507 if (addr->transport_return >= PENDING)
447d236c 508 {
168dec3b
JH		 509 addr->basic_errno = errno_value;
510 addr->more_errno |= orvalue;
02b41d71 511 if (msg)
168dec3b
JH		 512 {
513 addr->message = msg;
514 if (pass_message) setflag(addr, af_pass_message);
515 }
516 addr->transport_return = rc;
517 if (host)
895fbaf2 518 {
168dec3b 519 addr->host_used = host;
895fbaf2
JH		 520#ifdef EXPERIMENTAL_DSN_INFO
521 if (smtp_greeting)
522 {uschar * s = Ustrchr(smtp_greeting, '\n'); if (s) *s = '\0';}
523 addr->smtp_greeting = smtp_greeting;
524
525 if (helo_response)
526 {uschar * s = Ustrchr(helo_response, '\n'); if (s) *s = '\0';}
527 addr->helo_response = helo_response;
528#endif
529 }
447d236c 530 }
0756eb3c
PH		 531}
532
895fbaf2
JH		 533static void
534set_errno_nohost(address_item *addrlist, int errno_value, uschar *msg, int rc,
535 BOOL pass_message)
536{
537set_errno(addrlist, errno_value, msg, rc, pass_message, NULL
538#ifdef EXPERIMENTAL_DSN_INFO
539 , NULL, NULL
540#endif
541 );
542}
0756eb3c
PH		 543
544
545/*************************************************
546* Check an SMTP response *
547*************************************************/
548
549/* This function is given an errno code and the SMTP response buffer
550to analyse, together with the host identification for generating messages. It
551sets an appropriate message and puts the first digit of the response code into
552the yield variable. If no response was actually read, a suitable digit is
553chosen.
554
555Arguments:
447d236c
PH		 556 host the current host, to get its name for messages
557 errno_value pointer to the errno value
558 more_errno from the top address for use with ERRNO_FILTER_FAIL
559 buffer the SMTP response buffer
560 yield where to put a one-digit SMTP response code
4c04137d 561 message where to put an error message
447d236c
PH		 562 pass_message set TRUE if message is an SMTP response
563
564Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH		 565*/
566
a7538db1
JH		 567static BOOL
568check_response(host_item *host, int *errno_value, int more_errno,
447d236c 569 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c 570{
0d9fa8c0 571uschar * pl = pipelining_active ? US"pipelined " : US"";
e9166683 572const uschar * s;
0756eb3c
PH		 573
574*yield = '4'; /* Default setting is to give a temporary error */
575
e9166683 576switch(*errno_value)
0756eb3c 577 {
e9166683
JH		 578 case ETIMEDOUT: /* Handle response timeout */
579 *message = US string_sprintf("SMTP timeout after %s%s",
580 pl, smtp_command);
581 if (transport_count > 0)
582 *message = US string_sprintf("%s (%d bytes written)", *message,
583 transport_count);
584 return FALSE;
585
586 case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
587 s = string_printing(buffer);
588 while (isspace(*s)) s++;
589 *message = *s == 0
590 ? string_sprintf("Malformed SMTP reply (an empty line) "
591 "in response to %s%s", pl, smtp_command)
592 : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
593 pl, smtp_command, s);
594 return FALSE;
595
fc243e94
JH		 596 case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
597 GnuTLS and TLS1.3 */
598 *message = US"bad first read from TLS conn";
599 return TRUE;
600
e9166683
JH		 601 case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
602 can't send QUIT as we mustn't end the DATA. */
603 *message = string_sprintf("transport filter process failed (%d)%s",
604 more_errno,
605 more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
606 return FALSE;
607
608 case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
609 can't send QUIT as we mustn't end the DATA. */
610 *message =
611 string_sprintf("failed to expand headers_add or headers_remove: %s",
612 expand_string_message);
613 return FALSE;
614
615 case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
616 *message = string_sprintf("failed to write a data block");
617 return FALSE;
0756eb3c 618
8c5d388a 619#ifdef SUPPORT_I18N
e9166683
JH		 620 case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
621 *message = US"utf8 support required but not offered for forwarding";
622 DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
623 return TRUE;
250b6871 624#endif
e9166683 625 }
250b6871 626
0756eb3c
PH		 627/* Handle error responses from the remote mailer. */
628
629if (buffer[0] != 0)
630 {
e9166683
JH		 631 *message = string_sprintf("SMTP error from remote mail server after %s%s: "
632 "%s", pl, smtp_command, s = string_printing(buffer));
447d236c 633 *pass_message = TRUE;
0756eb3c
PH		 634 *yield = buffer[0];
635 return TRUE;
636 }
637
638/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH		 639connection closed) case, which causes deferral. An explicit connection reset
640error has the same effect. Otherwise, put the host's identity in the message,
641leaving the errno value to be interpreted as well. In all cases, we have to
642assume the connection is now dead. */
0756eb3c 643
19b9dc85 644if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH		 645 {
646 *errno_value = ERRNO_SMTPCLOSED;
c562fd30 647 *message = US string_sprintf("Remote host closed connection "
02b41d71 648 "in response to %s%s", pl, smtp_command);
0756eb3c 649 }
de6273b4
JH		 650else
651 *message = US string_sprintf("%s [%s]", host->name, host->address);
0756eb3c
PH		 652
653return FALSE;
654}
655
656
657
658/*************************************************
659* Write error message to logs *
660*************************************************/
661
662/* This writes to the main log and to the message log.
663
664Arguments:
0756eb3c 665 host the current host
ec62d0a9
HSHR		 666 detail the current message (addr_item->message)
667 basic_errno the errno (addr_item->basic_errno)
0756eb3c
PH		 668
669Returns: nothing
670*/
671
672static void
ec62d0a9 673write_logs(const host_item *host, const uschar *suffix, int basic_errno)
0756eb3c 674{
52f12a7c
JH		 675gstring * message = LOGGING(outgoing_port)
676 ? string_fmt_append(NULL, "H=%s [%s]:%d", host->name, host->address,
584ddd64 677 host->port == PORT_NONE ? 25 : host->port)
52f12a7c 678 : string_fmt_append(NULL, "H=%s [%s]", host->name, host->address);
c562fd30 679
ec62d0a9 680if (suffix)
0756eb3c 681 {
52f12a7c 682 message = string_fmt_append(message, ": %s", suffix);
ec62d0a9 683 if (basic_errno > 0)
52f12a7c 684 message = string_fmt_append(message, ": %s", strerror(basic_errno));
0756eb3c
PH		 685 }
686else
52f12a7c 687 message = string_fmt_append(message, " %s", exim_errstr(basic_errno));
ec62d0a9 688
52f12a7c
JH		 689log_write(0, LOG_MAIN, "%s", string_from_gstring(message));
690deliver_msglog("%s %s\n", tod_stamp(tod_log), message->s);
0756eb3c
PH		 691}
692
c562fd30
JH		 693static void
694msglog_line(host_item * host, uschar * message)
695{
37f3dc43
JH		 696deliver_msglog("%s H=%s [%s] %s\n", tod_stamp(tod_log),
697 host->name, host->address, message);
c562fd30
JH		 698}
699
0756eb3c
PH		 700
701
0cbf2b82 702#ifndef DISABLE_EVENT
d68218c7
JH		 703/*************************************************
704* Post-defer action *
705*************************************************/
706
707/* This expands an arbitrary per-transport string.
708 It might, for example, be used to write to the database log.
709
710Arguments:
d68218c7
JH		 711 addr the address item containing error information
712 host the current host
713
714Returns: nothing
715*/
716
717static void
774ef2d7 718deferred_event_raise(address_item *addr, host_item *host)
d68218c7 719{
774ef2d7 720uschar * action = addr->transport->event_action;
55414b25 721const uschar * save_domain;
a7538db1
JH		 722uschar * save_local;
723
d68218c7 724if (!action)
a7538db1 725 return;
d68218c7 726
a7538db1
JH		 727save_domain = deliver_domain;
728save_local = deliver_localpart;
729
730/*XXX would ip & port already be set up? */
731deliver_host_address = string_copy(host->address);
774ef2d7
JH		 732deliver_host_port = host->port == PORT_NONE ? 25 : host->port;
733event_defer_errno = addr->basic_errno;
d68218c7
JH		 734
735router_name = addr->router->name;
736transport_name = addr->transport->name;
a7538db1
JH		 737deliver_domain = addr->domain;
738deliver_localpart = addr->local_part;
739
774ef2d7 740(void) event_raise(action, US"msg:host:defer",
a7538db1
JH		 741 addr->message
742 ? addr->basic_errno > 0
743 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
744 : string_copy(addr->message)
745 : addr->basic_errno > 0
746 ? string_copy(US strerror(addr->basic_errno))
747 : NULL);
748
749deliver_localpart = save_local;
750deliver_domain = save_domain;
d68218c7
JH		 751router_name = transport_name = NULL;
752}
753#endif
754
ee8b8090
JH		 755/*************************************************
756* Reap SMTP specific responses *
757*************************************************/
758static int
759smtp_discard_responses(smtp_context * sx, smtp_transport_options_block * ob,
760 int count)
761{
762uschar flushbuffer[4096];
763
764while (count-- > 0)
765 {
766 if (!smtp_read_response(sx, flushbuffer, sizeof(flushbuffer),
767 '2', ob->command_timeout)
768 && (errno != 0 || flushbuffer[0] == 0))
769 break;
770 }
771return count;
772}
773
774
775/* Return boolean success */
776
777static BOOL
778smtp_reap_banner(smtp_context * sx)
779{
780BOOL good_response = smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
781 '2', (SOB sx->conn_args.ob)->command_timeout);
782#ifdef EXPERIMENTAL_DSN_INFO
783sx->smtp_greeting = string_copy(sx->buffer);
784#endif
785return good_response;
786}
787
788static BOOL
789smtp_reap_ehlo(smtp_context * sx)
790{
791if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
792 (SOB sx->conn_args.ob)->command_timeout))
793 {
794 if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
795 {
796#ifdef EXPERIMENTAL_DSN_INFO
797 sx->helo_response = string_copy(sx->buffer);
798#endif
799 return FALSE;
800 }
801 sx->esmtp = FALSE;
802 }
803#ifdef EXPERIMENTAL_DSN_INFO
804sx->helo_response = string_copy(sx->buffer);
805#endif
806return TRUE;
807}
808
809
810
811#ifdef EXPERIMENTAL_PIPE_CONNECT
812static uschar *
813ehlo_cache_key(const smtp_context * sx)
814{
815host_item * host = sx->conn_args.host;
816return Ustrchr(host->address, ':')
817 ? string_sprintf("[%s]:%d.EHLO", host->address,
818 host->port == PORT_NONE ? sx->port : host->port)
819 : string_sprintf("%s:%d.EHLO", host->address,
820 host->port == PORT_NONE ? sx->port : host->port);
821}
822
823static void
824write_ehlo_cache_entry(const smtp_context * sx)
825{
826open_db dbblock, * dbm_file;
827
828if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
829 {
830 uschar * ehlo_resp_key = ehlo_cache_key(sx);
831 dbdata_ehlo_resp er = { .data = sx->ehlo_resp };
832
cb6bd80f
JH		 833 HDEBUG(D_transport) debug_printf("writing clr %04x/%04x cry %04x/%04x\n",
834 sx->ehlo_resp.cleartext_features, sx->ehlo_resp.cleartext_auths,
835 sx->ehlo_resp.crypted_features, sx->ehlo_resp.crypted_auths);
836
ee8b8090
JH		 837 dbfn_write(dbm_file, ehlo_resp_key, &er, (int)sizeof(er));
838 dbfn_close(dbm_file);
839 }
840}
841
842static void
843invalidate_ehlo_cache_entry(smtp_context * sx)
844{
845open_db dbblock, * dbm_file;
846
847if ( sx->early_pipe_active
848 && (dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
849 {
850 uschar * ehlo_resp_key = ehlo_cache_key(sx);
851 dbfn_delete(dbm_file, ehlo_resp_key);
852 dbfn_close(dbm_file);
853 }
854}
855
856static BOOL
857read_ehlo_cache_entry(smtp_context * sx)
858{
859open_db dbblock;
860open_db * dbm_file;
861
862if (!(dbm_file = dbfn_open(US"misc", O_RDONLY, &dbblock, FALSE)))
863 { DEBUG(D_transport) debug_printf("ehlo-cache: no misc DB\n"); }
864else
865 {
866 uschar * ehlo_resp_key = ehlo_cache_key(sx);
867 dbdata_ehlo_resp * er;
868
869 if (!(er = dbfn_read(dbm_file, ehlo_resp_key)))
870 { DEBUG(D_transport) debug_printf("no ehlo-resp record\n"); }
871 else if (time(NULL) - er->time_stamp > retry_data_expire)
872 {
873 DEBUG(D_transport) debug_printf("ehlo-resp record too old\n");
874 dbfn_close(dbm_file);
875 if ((dbm_file = dbfn_open(US"misc", O_RDWR, &dbblock, TRUE)))
876 dbfn_delete(dbm_file, ehlo_resp_key);
877 }
878 else
879 {
880 sx->ehlo_resp = er->data;
881 dbfn_close(dbm_file);
882 DEBUG(D_transport) debug_printf(
883 "EHLO response bits from cache: cleartext 0x%04x crypted 0x%04x\n",
884 er->data.cleartext_features, er->data.crypted_features);
885 return TRUE;
886 }
887 dbfn_close(dbm_file);
888 }
889return FALSE;
890}
891
892
893
894/* Return an auths bitmap for the set of AUTH methods offered by the server
895which match our authenticators. */
896
897static unsigned short
898study_ehlo_auths(smtp_context * sx)
899{
900uschar * names;
901auth_instance * au;
902uschar authnum;
903unsigned short authbits = 0;
904
905if (!sx->esmtp) return 0;
906if (!regex_AUTH) regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
907if (!regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)) return 0;
908expand_nmax = -1; /* reset */
909names = string_copyn(expand_nstring[1], expand_nlength[1]);
910
911for (au = auths, authnum = 0; au; au = au->next, authnum++) if (au->client)
912 {
913 const uschar * list = names;
914 int sep = ' ';
915 uschar name[32];
916
917 while (string_nextinlist(&list, &sep, name, sizeof(name)))
918 if (strcmpic(au->public_name, name) == 0)
919 { authbits |= BIT(authnum); break; }
920 }
921
922DEBUG(D_transport)
923 debug_printf("server offers %s AUTH, methods '%s', bitmap 0x%04x\n",
924 tls_out.active.sock >= 0 ? "crypted" : "plaintext", names, authbits);
925
926if (tls_out.active.sock >= 0)
927 sx->ehlo_resp.crypted_auths = authbits;
928else
929 sx->ehlo_resp.cleartext_auths = authbits;
930return authbits;
931}
932
933
934
935
936/* Wait for and check responses for early-pipelining.
937
938Called from the lower-level smtp_read_response() function
939used for general code that assume synchronisation, if context
940flags indicate outstanding early-pipelining commands. Also
941called fom sync_responses() which handles pipelined commands.
942
943Arguments:
944 sx smtp connection context
945 countp number of outstanding responses, adjusted on return
946
947Return:
948 OK all well
fc243e94 949 DEFER error on first read of TLS'd conn
ee8b8090
JH		 950 FAIL SMTP error in response
951*/
952int
953smtp_reap_early_pipe(smtp_context * sx, int * countp)
954{
955BOOL pending_BANNER = sx->pending_BANNER;
956BOOL pending_EHLO = sx->pending_EHLO;
fc243e94 957int rc = FAIL;
ee8b8090
JH		 958
959sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
960sx->pending_EHLO = FALSE;
961
962if (pending_BANNER)
963 {
964 DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
965 (*countp)--;
966 if (!smtp_reap_banner(sx))
967 {
968 DEBUG(D_transport) debug_printf("bad banner\n");
fc243e94 969 if (tls_out.active.sock >= 0) rc = DEFER;
ee8b8090
JH		 970 goto fail;
971 }
972 }
973
974if (pending_EHLO)
975 {
976 unsigned peer_offered;
977 unsigned short authbits = 0, * ap;
978
979 DEBUG(D_transport) debug_printf("%s expect ehlo\n", __FUNCTION__);
980 (*countp)--;
981 if (!smtp_reap_ehlo(sx))
982 {
983 DEBUG(D_transport) debug_printf("bad response for EHLO\n");
fc243e94 984 if (tls_out.active.sock >= 0) rc = DEFER;
ee8b8090
JH		 985 goto fail;
986 }
987
988 /* Compare the actual EHLO response to the cached value we assumed;
989 on difference, dump or rewrite the cache and arrange for a retry. */
990
991 ap = tls_out.active.sock < 0
992 ? &sx->ehlo_resp.cleartext_auths : &sx->ehlo_resp.crypted_auths;
993
994 peer_offered = ehlo_response(sx->buffer,
9883af72 995 (tls_out.active.sock < 0 ? OPTION_TLS : 0)
ee8b8090
JH		 996 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
997 | OPTION_UTF8 | OPTION_EARLY_PIPE
998 );
999 if ( peer_offered != sx->peer_offered
1000 || (authbits = study_ehlo_auths(sx)) != *ap)
1001 {
1002 HDEBUG(D_transport)
cb6bd80f
JH		 1003 debug_printf("EHLO %s extensions changed, 0x%04x/0x%04x -> 0x%04x/0x%04x\n",
1004 tls_out.active.sock < 0 ? "cleartext" : "crypted",
ee8b8090 1005 sx->peer_offered, *ap, peer_offered, authbits);
cb6bd80f
JH		 1006 *(tls_out.active.sock < 0
1007 ? &sx->ehlo_resp.cleartext_features : &sx->ehlo_resp.crypted_features) = peer_offered;
ee8b8090
JH		 1008 *ap = authbits;
1009 if (peer_offered & OPTION_EARLY_PIPE)
1010 write_ehlo_cache_entry(sx);
1011 else
1012 invalidate_ehlo_cache_entry(sx);
1013
1014 return OK; /* just carry on */
1015 }
1016 }
1017return OK;
1018
1019fail:
1020 invalidate_ehlo_cache_entry(sx);
1021 (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
fc243e94 1022 return rc;
ee8b8090
JH		 1023}
1024#endif
1025
1026
0756eb3c
PH		 1027/*************************************************
1028* Synchronize SMTP responses *
1029*************************************************/
1030
1031/* This function is called from smtp_deliver() to receive SMTP responses from
1032the server, and match them up with the commands to which they relate. When
1033PIPELINING is not in use, this function is called after every command, and is
1034therefore somewhat over-engineered, but it is simpler to use a single scheme
1035that works both with and without PIPELINING instead of having two separate sets
1036of code.
1037
1038The set of commands that are buffered up with pipelining may start with MAIL
1039and may end with DATA; in between are RCPT commands that correspond to the
1040addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
1041etc.) are never buffered.
1042
1043Errors after MAIL or DATA abort the whole process leaving the response in the
1044buffer. After MAIL, pending responses are flushed, and the original command is
1045re-instated in big_buffer for error messages. For RCPT commands, the remote is
1046permitted to reject some recipient addresses while accepting others. However
1047certain errors clearly abort the whole process. Set the value in
1048transport_return to PENDING_OK if the address is accepted. If there is a
1049subsequent general error, it will get reset accordingly. If not, it will get
1050converted to OK at the end.
1051
1052Arguments:
df5b41e3 1053 sx smtp connection context
48c7f9e2 1054 count the number of responses to read
48c7f9e2
PH		 1055 pending_DATA 0 if last command sent was not DATA
1056 +1 if previously had a good recipient
1057 -1 if not previously had a good recipient
0756eb3c
PH		 1058
1059Returns: 3 if at least one address had 2xx and one had 5xx
1060 2 if at least one address had 5xx but none had 2xx
1061 1 if at least one host had a 2xx response, but none had 5xx
1062 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
1063 -1 timeout while reading RCPT response
1064 -2 I/O or other non-response error for RCPT
1065 -3 DATA or MAIL failed - errno and buffer set
ee8b8090 1066 -4 banner or EHLO failed (early-pipelining)
fc243e94 1067 -5 banner or EHLO failed (early-pipelining, TLS)
0756eb3c
PH		 1068*/
1069
1070static int
df5b41e3 1071sync_responses(smtp_context * sx, int count, int pending_DATA)
0756eb3c 1072{
ee8b8090
JH		 1073address_item * addr = sx->sync_addr;
1074smtp_transport_options_block * ob = sx->conn_args.ob;
0756eb3c
PH		 1075int yield = 0;
1076
ee8b8090 1077#ifdef EXPERIMENTAL_PIPE_CONNECT
dca6d121 1078int rc;
fc243e94
JH		 1079if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
1080 return rc == FAIL ? -4 : -5;
ee8b8090
JH		 1081#endif
1082
0756eb3c
PH		 1083/* Handle the response for a MAIL command. On error, reinstate the original
1084command in big_buffer for error message use, and flush any further pending
1085responses before returning, except after I/O errors and timeouts. */
1086
df5b41e3 1087if (sx->pending_MAIL)
0756eb3c 1088 {
7c576fca 1089 DEBUG(D_transport) debug_printf("%s expect mail\n", __FUNCTION__);
0756eb3c 1090 count--;
251b9eb4 1091 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
e9166683 1092 '2', ob->command_timeout))
0756eb3c 1093 {
e027f545 1094 DEBUG(D_transport) debug_printf("bad response for MAIL\n");
0756eb3c 1095 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
fc243e94
JH		 1096 if (errno == ERRNO_TLSFAILURE)
1097 return -5;
df5b41e3 1098 if (errno == 0 && sx->buffer[0] != 0)
0756eb3c 1099 {
e97957bc 1100 int save_errno = 0;
df5b41e3 1101 if (sx->buffer[0] == '4')
e97957bc
PH		 1102 {
1103 save_errno = ERRNO_MAIL4XX;
df5b41e3 1104 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
e97957bc 1105 }
ee8b8090 1106 count = smtp_discard_responses(sx, ob, count);
e97957bc 1107 errno = save_errno;
0756eb3c 1108 }
c562fd30
JH		 1109
1110 if (pending_DATA) count--; /* Number of RCPT responses to come */
1111 while (count-- > 0) /* Mark any pending addrs with the host used */
1112 {
1113 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
ee8b8090 1114 addr->host_used = sx->conn_args.host;
c562fd30
JH		 1115 addr = addr->next;
1116 }
0756eb3c
PH		 1117 return -3;
1118 }
1119 }
1120
1121if (pending_DATA) count--; /* Number of RCPT responses to come */
1122
1123/* Read and handle the required number of RCPT responses, matching each one up
1124with an address by scanning for the next address whose status is PENDING_DEFER.
1125*/
1126
1127while (count-- > 0)
1128 {
4c2471ca
JH		 1129 while (addr->transport_return != PENDING_DEFER)
1130 if (!(addr = addr->next))
1131 return -2;
0756eb3c
PH		 1132
1133 /* The address was accepted */
ee8b8090 1134 addr->host_used = sx->conn_args.host;
0756eb3c 1135
7c576fca 1136 DEBUG(D_transport) debug_printf("%s expect rcpt\n", __FUNCTION__);
251b9eb4 1137 if (smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
e9166683 1138 '2', ob->command_timeout))
0756eb3c
PH		 1139 {
1140 yield |= 1;
1141 addr->transport_return = PENDING_OK;
1142
1143 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH		 1144 ensure that any address-specific retry record is expunged. We do this both
1145 for the basic key and for the version that also includes the sender. */
0756eb3c
PH		 1146
1147 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH		 1148 {
1149 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
1150 sender_address);
1151 retry_add_item(addr, altkey, rf_delete);
0756eb3c 1152 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 1153 }
0756eb3c
PH		 1154 }
1155
fc243e94
JH		 1156 /* Error on first TLS read */
1157
1158 else if (errno == ERRNO_TLSFAILURE)
1159 return -5;
1160
0756eb3c
PH		 1161 /* Timeout while reading the response */
1162
1163 else if (errno == ETIMEDOUT)
1164 {
c562fd30 1165 uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
ee8b8090 1166 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
df5b41e3 1167 set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
0756eb3c 1168 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 1169 update_waiting = FALSE;
0756eb3c
PH		 1170 return -1;
1171 }
1172
1173 /* Handle other errors in obtaining an SMTP response by returning -1. This
1174 will cause all the addresses to be deferred. Restore the SMTP command in
1175 big_buffer for which we are checking the response, so the error message
1176 makes sense. */
1177
df5b41e3 1178 else if (errno != 0 || sx->buffer[0] == 0)
0756eb3c
PH		 1179 {
1180 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
ee8b8090 1181 transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes));
0756eb3c
PH		 1182 return -2;
1183 }
1184
1185 /* Handle SMTP permanent and temporary response codes. */
1186
1187 else
1188 {
1189 addr->message =
447d236c 1190 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
ee8b8090 1191 "%s", transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes),
df5b41e3 1192 string_printing(sx->buffer));
447d236c 1193 setflag(addr, af_pass_message);
e9166683 1194 if (!sx->verify)
ee8b8090 1195 msglog_line(sx->conn_args.host, addr->message);
0756eb3c
PH		 1196
1197 /* The response was 5xx */
1198
df5b41e3 1199 if (sx->buffer[0] == '5')
0756eb3c
PH		 1200 {
1201 addr->transport_return = FAIL;
1202 yield |= 2;
1203 }
1204
1205 /* The response was 4xx */
1206
1207 else
1208 {
0756eb3c
PH		 1209 addr->transport_return = DEFER;
1210 addr->basic_errno = ERRNO_RCPT4XX;
df5b41e3 1211 addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
0756eb3c 1212
e9166683
JH		 1213 if (!sx->verify)
1214 {
0cbf2b82 1215#ifndef DISABLE_EVENT
e9166683
JH		 1216 event_defer_errno = addr->more_errno;
1217 msg_event_raise(US"msg:rcpt:host:defer", addr);
5ef5dd52
JB		 1218#endif
1219
e9166683
JH		 1220 /* Log temporary errors if there are more hosts to be tried.
1221 If not, log this last one in the == line. */
0756eb3c 1222
ee8b8090 1223 if (sx->conn_args.host->next)
67ea939c
JH		 1224 if (LOGGING(outgoing_port))
1225 log_write(0, LOG_MAIN, "H=%s [%s]:%d %s", sx->conn_args.host->name,
1226 sx->conn_args.host->address,
1227 sx->port == PORT_NONE ? 25 : sx->port, addr->message);
1228 else
1229 log_write(0, LOG_MAIN, "H=%s [%s]: %s", sx->conn_args.host->name,
1230 sx->conn_args.host->address, addr->message);
0756eb3c 1231
0cbf2b82 1232#ifndef DISABLE_EVENT
e9166683
JH		 1233 else
1234 msg_event_raise(US"msg:rcpt:defer", addr);
5ef5dd52
JB		 1235#endif
1236
e9166683
JH		 1237 /* Do not put this message on the list of those waiting for specific
1238 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 1239
e9166683 1240 update_waiting = FALSE;
0756eb3c 1241
e9166683
JH		 1242 /* Add a retry item for the address so that it doesn't get tried again
1243 too soon. If address_retry_include_sender is true, add the sender address
1244 to the retry key. */
0756eb3c 1245
e9166683
JH		 1246 retry_add_item(addr,
1247 ob->address_retry_include_sender
1248 ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
1249 : addr->address_retry_key,
1250 0);
1251 }
0756eb3c
PH		 1252 }
1253 }
1254 } /* Loop for next RCPT response */
1255
1256/* Update where to start at for the next block of responses, unless we
1257have already handled all the addresses. */
1258
e9166683 1259if (addr) sx->sync_addr = addr->next;
0756eb3c
PH		 1260
1261/* Handle a response to DATA. If we have not had any good recipients, either
1262previously or in this block, the response is ignored. */
1263
7c576fca 1264if (pending_DATA != 0)
0756eb3c 1265 {
7c576fca 1266 DEBUG(D_transport) debug_printf("%s expect data\n", __FUNCTION__);
251b9eb4 1267 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer),
7c576fca 1268 '3', ob->command_timeout))
e97957bc 1269 {
7c576fca
JH		 1270 int code;
1271 uschar *msg;
1272 BOOL pass_message;
fc243e94
JH		 1273
1274 if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
1275 return -5;
1276
7c576fca 1277 if (pending_DATA > 0 || (yield & 1) != 0)
e97957bc 1278 {
7c576fca
JH		 1279 if (errno == 0 && sx->buffer[0] == '4')
1280 {
1281 errno = ERRNO_DATA4XX;
1282 sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
1283 }
1284 return -3;
e97957bc 1285 }
ee8b8090 1286 (void)check_response(sx->conn_args.host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
7c576fca
JH		 1287 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
1288 "is in use and there were no good recipients\n", msg);
e97957bc 1289 }
0756eb3c
PH		 1290 }
1291
1292/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
1293present) received 3xx. If any RCPTs were handled and yielded anything other
1294than 4xx, yield will be set non-zero. */
1295
1296return yield;
1297}
1298
1299
1300
ee8b8090
JH		 1301
1302
1303/* Try an authenticator's client entry */
1304
1305static int
1306try_authenticator(smtp_context * sx, auth_instance * au)
1307{
1308smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1309host_item * host = sx->conn_args.host; /* host to deliver to */
1310int rc;
1311
1312sx->outblock.authenticating = TRUE;
1313rc = (au->info->clientcode)(au, sx, ob->command_timeout,
1314 sx->buffer, sizeof(sx->buffer));
1315sx->outblock.authenticating = FALSE;
1316DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", au->name, rc);
1317
1318/* A temporary authentication failure must hold up delivery to
1319this host. After a permanent authentication failure, we carry on
1320to try other authentication methods. If all fail hard, try to
1321deliver the message unauthenticated unless require_auth was set. */
1322
1323switch(rc)
1324 {
1325 case OK:
1326 f.smtp_authenticated = TRUE; /* stops the outer loop */
1327 client_authenticator = au->name;
1328 if (au->set_client_id)
1329 client_authenticated_id = expand_string(au->set_client_id);
1330 break;
1331
1332 /* Failure after writing a command */
1333
1334 case FAIL_SEND:
1335 return FAIL_SEND;
1336
1337 /* Failure after reading a response */
1338
1339 case FAIL:
1340 if (errno != 0 || sx->buffer[0] != '5') return FAIL;
1341 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1342 au->name, host->name, host->address, sx->buffer);
1343 break;
1344
1345 /* Failure by some other means. In effect, the authenticator
1346 decided it wasn't prepared to handle this case. Typically this
1347 is the result of "fail" in an expansion string. Do we need to
1348 log anything here? Feb 2006: a message is now put in the buffer
1349 if logging is required. */
1350
1351 case CANCELLED:
1352 if (*sx->buffer != 0)
1353 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1354 "authentication H=%s [%s] %s", au->name, host->name,
1355 host->address, sx->buffer);
1356 break;
1357
1358 /* Internal problem, message in buffer. */
1359
1360 case ERROR:
1361 set_errno_nohost(sx->addrlist, ERRNO_AUTHPROB, string_copy(sx->buffer),
1362 DEFER, FALSE);
1363 return ERROR;
1364 }
1365return OK;
1366}
1367
1368
1369
1370
1371/* Do the client side of smtp-level authentication.
1372
fcc8e047 1373Arguments:
ee8b8090
JH		 1374 sx smtp connection context
1375
1376sx->buffer should have the EHLO response from server (gets overwritten)
fcc8e047
JH		 1377
1378Returns:
1379 OK Success, or failed (but not required): global "smtp_authenticated" set
1380 DEFER Failed authentication (and was required)
1381 ERROR Internal problem
1382
1383 FAIL_SEND Failed communications - transmit
1384 FAIL - response
1385*/
1386
251b9eb4 1387static int
ee8b8090 1388smtp_auth(smtp_context * sx)
fcc8e047 1389{
ee8b8090
JH		 1390host_item * host = sx->conn_args.host; /* host to deliver to */
1391smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */
1392int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host);
1393#ifdef EXPERIMENTAL_PIPE_CONNECT
1394unsigned short authbits = tls_out.active.sock >= 0
1395 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths;
1396#endif
1397uschar * fail_reason = US"server did not advertise AUTH support";
fcc8e047 1398
8768d548 1399f.smtp_authenticated = FALSE;
a7538db1 1400client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
fcc8e047 1401
ee8b8090
JH		 1402if (!regex_AUTH)
1403 regex_AUTH = regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
1404
1405/* Is the server offering AUTH? */
fcc8e047 1406
ee8b8090
JH		 1407if ( sx->esmtp
1408 &&
1409#ifdef EXPERIMENTAL_PIPE_CONNECT
1410 sx->early_pipe_active ? authbits
1411 :
1412#endif
1413 regex_match_and_setup(regex_AUTH, sx->buffer, 0, -1)
1414 )
a7538db1 1415 {
ee8b8090 1416 uschar * names = NULL;
a7538db1 1417 expand_nmax = -1; /* reset */
fcc8e047 1418
ee8b8090
JH		 1419#ifdef EXPERIMENTAL_PIPE_CONNECT
1420 if (!sx->early_pipe_active)
1421#endif
1422 names = string_copyn(expand_nstring[1], expand_nlength[1]);
1423
a7538db1 1424 /* Must not do this check until after we have saved the result of the
ee8b8090 1425 regex match above as the check could be another RE. */
fcc8e047 1426
ee8b8090
JH		 1427 if ( require_auth == OK
1428 || verify_check_given_host(CUSS &ob->hosts_try_auth, host) == OK)
a7538db1 1429 {
a7538db1 1430 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
ee8b8090
JH		 1431 fail_reason = US"no common mechanisms were found";
1432
1433#ifdef EXPERIMENTAL_PIPE_CONNECT
1434 if (sx->early_pipe_active)
1435 {
1436 /* Scan our authenticators (which support use by a client and were offered
1437 by the server (checked at cache-write time)), not suppressed by
1438 client_condition. If one is found, attempt to authenticate by calling its
1439 client function. We are limited to supporting up to 16 authenticator
1440 public-names by the number of bits in a short. */
1441
dca6d121 1442 auth_instance * au;
ee8b8090
JH		 1443 uschar bitnum;
1444 int rc;
1445
1446 for (bitnum = 0, au = auths;
1447 !f.smtp_authenticated && au && bitnum < 16;
1448 bitnum++, au = au->next) if (authbits & BIT(bitnum))
1449 {
1450 if ( au->client_condition
1451 && !expand_check_condition(au->client_condition, au->name,
1452 US"client authenticator"))
1453 {
1454 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1455 au->name, "client_condition is false");
1456 continue;
1457 }
1458
1459 /* Found data for a listed mechanism. Call its client entry. Set
1460 a flag in the outblock so that data is overwritten after sending so
1461 that reflections don't show it. */
1462
1463 fail_reason = US"authentication attempt(s) failed";
1464
1465 if ((rc = try_authenticator(sx, au)) != OK)
1466 return rc;
1467 }
1468 }
1469 else
1470#endif
fcc8e047 1471
a7538db1
JH		 1472 /* Scan the configured authenticators looking for one which is configured
1473 for use as a client, which is not suppressed by client_condition, and
1474 whose name matches an authentication mechanism supported by the server.
1475 If one is found, attempt to authenticate by calling its client function.
1476 */
fcc8e047 1477
d7978c0f 1478 for (auth_instance * au = auths; !f.smtp_authenticated && au; au = au->next)
a7538db1
JH		 1479 {
1480 uschar *p = names;
ee8b8090
JH		 1481
1482 if ( !au->client
1483 || ( au->client_condition
1484 && !expand_check_condition(au->client_condition, au->name,
1485 US"client authenticator")))
a7538db1
JH		 1486 {
1487 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
1488 au->name,
1489 (au->client)? "client_condition is false" :
1490 "not configured as a client");
1491 continue;
1492 }
fcc8e047 1493
a7538db1 1494 /* Loop to scan supported server mechanisms */
fcc8e047 1495
cab0c277 1496 while (*p)
a7538db1 1497 {
a7538db1 1498 int len = Ustrlen(au->public_name);
ee8b8090
JH		 1499 int rc;
1500
a7538db1 1501 while (isspace(*p)) p++;
fcc8e047 1502
a7538db1
JH		 1503 if (strncmpic(au->public_name, p, len) != 0 ||
1504 (p[len] != 0 && !isspace(p[len])))
1505 {
1506 while (*p != 0 && !isspace(*p)) p++;
1507 continue;
1508 }
fcc8e047 1509
a7538db1
JH		 1510 /* Found data for a listed mechanism. Call its client entry. Set
1511 a flag in the outblock so that data is overwritten after sending so
1512 that reflections don't show it. */
fcc8e047 1513
a7538db1 1514 fail_reason = US"authentication attempt(s) failed";
a7538db1 1515
ee8b8090
JH		 1516 if ((rc = try_authenticator(sx, au)) != OK)
1517 return rc;
fcc8e047 1518
a7538db1
JH		 1519 break; /* If not authenticated, try next authenticator */
1520 } /* Loop for scanning supported server mechanisms */
1521 } /* Loop for further authenticators */
fcc8e047 1522 }
a7538db1 1523 }
fcc8e047 1524
a7538db1 1525/* If we haven't authenticated, but are required to, give up. */
fcc8e047 1526
8768d548 1527if (require_auth == OK && !f.smtp_authenticated)
a7538db1 1528 {
251b9eb4 1529 set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL,
a7538db1 1530 string_sprintf("authentication required but %s", fail_reason), DEFER,
895fbaf2 1531 FALSE);
a7538db1
JH		 1532 return DEFER;
1533 }
4d8d62b9 1534
a7538db1 1535return OK;
fcc8e047
JH		 1536}
1537
1538
1539/* Construct AUTH appendix string for MAIL TO */
1540/*
1541Arguments
1542 buffer to build string
1543 addrlist chain of potential addresses to deliver
1544 ob transport options
1545
8768d548 1546Globals f.smtp_authenticated
fcc8e047
JH		 1547 client_authenticated_sender
1548Return True on error, otherwise buffer has (possibly empty) terminated string
1549*/
1550
1551BOOL
1552smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1553 smtp_transport_options_block *ob)
1554{
1555uschar *local_authenticated_sender = authenticated_sender;
1556
1557#ifdef notdef
8768d548 1558 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, f.smtp_authenticated?"Y":"N");
fcc8e047
JH		 1559#endif
1560
1561if (ob->authenticated_sender != NULL)
1562 {
1563 uschar *new = expand_string(ob->authenticated_sender);
1564 if (new == NULL)
1565 {
8768d548 1566 if (!f.expand_string_forcedfail)
fcc8e047
JH		 1567 {
1568 uschar *message = string_sprintf("failed to expand "
1569 "authenticated_sender: %s", expand_string_message);
895fbaf2 1570 set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
fcc8e047
JH		 1571 return TRUE;
1572 }
1573 }
1574 else if (new[0] != 0) local_authenticated_sender = new;
1575 }
1576
1577/* Add the authenticated sender address if present */
1578
8768d548 1579if ((f.smtp_authenticated || ob->authenticated_sender_force) &&
fcc8e047
JH		 1580 local_authenticated_sender != NULL)
1581 {
1582 string_format(buffer, bufsize, " AUTH=%s",
1583 auth_xtextencode(local_authenticated_sender,
1584 Ustrlen(local_authenticated_sender)));
1585 client_authenticated_sender = string_copy(local_authenticated_sender);
1586 }
1587else
1588 *buffer= 0;
1589
1590return FALSE;
1591}
1592
1593
1594
c0635b6d 1595#ifdef SUPPORT_DANE
2d5fdd53
JH		 1596/* Lookup TLSA record for host/port.
1597Return: OK success with dnssec; DANE mode
1598 DEFER Do not use this host now, may retry later
1599 FAIL_FORCED No TLSA record; DANE not usable
1600 FAIL Do not use this connection
1601*/
1602
0e66b3b6 1603int
4b0fe319 1604tlsa_lookup(const host_item * host, dns_answer * dnsa, BOOL dane_required)
0e66b3b6
JH		 1605{
1606/* move this out to host.c given the similarity to dns_lookup() ? */
1607uschar buffer[300];
55414b25 1608const uschar * fullname = buffer;
58c30e47
JH		 1609int rc;
1610BOOL sec;
0e66b3b6
JH		 1611
1612/* TLSA lookup string */
1613(void)sprintf(CS buffer, "_%d._tcp.%.256s", host->port, host->name);
1614
58c30e47
JH		 1615rc = dns_lookup(dnsa, buffer, T_TLSA, &fullname);
1616sec = dns_is_secure(dnsa);
1617DEBUG(D_transport)
1618 debug_printf("TLSA lookup ret %d %sDNSSEC\n", rc, sec ? "" : "not ");
1619
1620switch (rc)
0e66b3b6 1621 {
2d5fdd53
JH		 1622 case DNS_AGAIN:
1623 return DEFER; /* just defer this TLS'd conn */
1624
899b8bbc 1625 case DNS_SUCCEED:
624f33df
JH		 1626 if (sec)
1627 {
1628 DEBUG(D_transport)
1629 {
1630 dns_scan dnss;
d7978c0f 1631 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
1b76ad22
JH		 1632 rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
1633 if (rr->type == T_TLSA && rr->size > 3)
1634 {
1635 uint16_t payload_length = rr->size - 3;
1636 uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data;
1637
1638 sp += sprintf(CS sp, "%d ", *p++); /* usage */
1639 sp += sprintf(CS sp, "%d ", *p++); /* selector */
1640 sp += sprintf(CS sp, "%d ", *p++); /* matchtype */
1641 while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4))
1642 sp += sprintf(CS sp, "%02x", *p++);
1643
1644 debug_printf(" %s\n", s);
1645 }
624f33df
JH		 1646 }
1647 return OK;
1648 }
899b8bbc
JH		 1649 log_write(0, LOG_MAIN,
1650 "DANE error: TLSA lookup for %s not DNSSEC", host->name);
1651 /*FALLTRHOUGH*/
1652
ef3a1a30
JH		 1653 case DNS_NODATA: /* no TLSA RR for this lookup */
1654 case DNS_NOMATCH: /* no records at all for this lookup */
6b524204 1655 return dane_required ? FAIL : FAIL_FORCED;
2d5fdd53
JH		 1656
1657 default:
1658 case DNS_FAIL:
1659 return dane_required ? FAIL : DEFER;
0e66b3b6 1660 }
0e66b3b6
JH		 1661}
1662#endif
1663
1664
a39bd74d
JB		 1665
1666typedef struct smtp_compare_s
1667{
1668 uschar *current_sender_address;
1669 struct transport_instance *tblock;
1670} smtp_compare_t;
1671
d093f8e5
JH		 1672
1673/* Create a unique string that identifies this message, it is based on
1674sender_address, helo_data and tls_certificate if enabled.
1675*/
a39bd74d
JB		 1676
1677static uschar *
1678smtp_local_identity(uschar * sender, struct transport_instance * tblock)
1679{
1680address_item * addr1;
1681uschar * if1 = US"";
1682uschar * helo1 = US"";
1683#ifdef SUPPORT_TLS
1684uschar * tlsc1 = US"";
1685#endif
1686uschar * save_sender_address = sender_address;
1687uschar * local_identity = NULL;
ee8b8090 1688smtp_transport_options_block * ob = SOB tblock->options_block;
a39bd74d
JB		 1689
1690sender_address = sender;
1691
1692addr1 = deliver_make_addr (sender, TRUE);
1693deliver_set_expansions(addr1);
1694
1695if (ob->interface)
1696 if1 = expand_string(ob->interface);
1697
1698if (ob->helo_data)
1699 helo1 = expand_string(ob->helo_data);
1700
1701#ifdef SUPPORT_TLS
1702if (ob->tls_certificate)
1703 tlsc1 = expand_string(ob->tls_certificate);
1704local_identity = string_sprintf ("%s^%s^%s", if1, helo1, tlsc1);
1705#else
1706local_identity = string_sprintf ("%s^%s", if1, helo1);
1707#endif
1708
1709deliver_set_expansions(NULL);
1710sender_address = save_sender_address;
1711
1712return local_identity;
1713}
1714
1715
1716
1717/* This routine is a callback that is called from transport_check_waiting.
1718This function will evaluate the incoming message versus the previous
1719message. If the incoming message is using a different local identity then
1720we will veto this new message. */
1721
1722static BOOL
1723smtp_are_same_identities(uschar * message_id, smtp_compare_t * s_compare)
1724{
dadff1d4
HSHR		 1725uschar * message_local_identity,
1726 * current_local_identity,
1727 * new_sender_address;
1728
1729current_local_identity =
a39bd74d 1730 smtp_local_identity(s_compare->current_sender_address, s_compare->tblock);
a39bd74d 1731
dadff1d4
HSHR		 1732if (!(new_sender_address = deliver_get_sender_address(message_id)))
1733 return 0;
1734
1735message_local_identity =
1736 smtp_local_identity(new_sender_address, s_compare->tblock);
a39bd74d
JB		 1737
1738return Ustrcmp(current_local_identity, message_local_identity) == 0;
1739}
1740
1741
1742
8ac90765
JH		 1743static unsigned
1744ehlo_response(uschar * buf, unsigned checks)
9094b84b 1745{
e9166683
JH		 1746size_t bsize = Ustrlen(buf);
1747
ee8b8090 1748/* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
8ac90765 1749
ee8b8090 1750#ifdef SUPPORT_TLS
ee8b8090
JH		 1751if ( checks & OPTION_TLS
1752 && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
9094b84b 1753#endif
ee8b8090 1754 checks &= ~OPTION_TLS;
9094b84b 1755
14de8063 1756if ( checks & OPTION_IGNQ
ff5aac2b
JH		 1757 && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
1758 PCRE_EOPT, NULL, 0) < 0)
14de8063 1759 checks &= ~OPTION_IGNQ;
9094b84b 1760
14de8063 1761if ( checks & OPTION_CHUNKING
f98442df 1762 && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1763 checks &= ~OPTION_CHUNKING;
f98442df 1764
9094b84b 1765#ifndef DISABLE_PRDR
14de8063 1766if ( checks & OPTION_PRDR
ff5aac2b 1767 && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
9094b84b 1768#endif
ee8b8090 1769 checks &= ~OPTION_PRDR;
9094b84b
JH		 1770
1771#ifdef SUPPORT_I18N
14de8063 1772if ( checks & OPTION_UTF8
ff5aac2b 1773 && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
9094b84b 1774#endif
ee8b8090 1775 checks &= ~OPTION_UTF8;
9094b84b 1776
14de8063 1777if ( checks & OPTION_DSN
ff5aac2b 1778 && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1779 checks &= ~OPTION_DSN;
9094b84b 1780
14de8063 1781if ( checks & OPTION_PIPE
ff5aac2b
JH		 1782 && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
1783 PCRE_EOPT, NULL, 0) < 0)
14de8063 1784 checks &= ~OPTION_PIPE;
9094b84b 1785
14de8063 1786if ( checks & OPTION_SIZE
ff5aac2b 1787 && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
14de8063 1788 checks &= ~OPTION_SIZE;
9094b84b 1789
ee8b8090
JH		 1790#ifdef EXPERIMENTAL_PIPE_CONNECT
1791if ( checks & OPTION_EARLY_PIPE
1792 && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0,
1793 PCRE_EOPT, NULL, 0) < 0)
1794#endif
1795 checks &= ~OPTION_EARLY_PIPE;
1796
1797/* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
9094b84b
JH		 1798return checks;
1799}
1800
1801
6d5c916c
JH		 1802
1803/* Callback for emitting a BDAT data chunk header.
6d5c916c 1804
e027f545
JH		 1805If given a nonzero size, first flush any buffered SMTP commands
1806then emit the command.
1807
d2aa036b
JH		 1808Reap previous SMTP command responses if requested, and always reap
1809the response from a previous BDAT command.
1810
1811Args:
1812 tctx transport context
1813 chunk_size value for SMTP BDAT command
1814 flags
1815 tc_chunk_last add LAST option to SMTP BDAT command
1816 tc_reap_prev reap response to previous SMTP commands
6d5c916c 1817
fc243e94
JH		 1818Returns:
1819 OK or ERROR
1820 DEFER TLS error on first read (EHLO-resp); errno set
6d5c916c
JH		 1821*/
1822
1823static int
d2aa036b
JH		 1824smtp_chunk_cmd_callback(transport_ctx * tctx, unsigned chunk_size,
1825 unsigned flags)
6d5c916c 1826{
ee8b8090 1827smtp_transport_options_block * ob = SOB tctx->tblock->options_block;
e9166683 1828smtp_context * sx = tctx->smtp_context;
e027f545
JH		 1829int cmd_count = 0;
1830int prev_cmd_count;
6d5c916c 1831
4e910c01
JH		 1832/* Write SMTP chunk header command. If not reaping responses, note that
1833there may be more writes (like, the chunk data) done soon. */
6d5c916c 1834
e027f545 1835if (chunk_size > 0)
87cb4a16 1836 {
ee8b8090
JH		 1837#ifdef EXPERIMENTAL_PIPE_CONNECT
1838 BOOL new_conn = !!(sx->outblock.conn_args);
1839#endif
251b9eb4 1840 if((cmd_count = smtp_write_command(sx,
4e910c01
JH		 1841 flags & tc_reap_prev ? SCMD_FLUSH : SCMD_MORE,
1842 "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "")
e027f545 1843 ) < 0) return ERROR;
87cb4a16
JH		 1844 if (flags & tc_chunk_last)
1845 data_command = string_copy(big_buffer); /* Save for later error message */
ee8b8090
JH		 1846#ifdef EXPERIMENTAL_PIPE_CONNECT
1847 /* That command write could have been the one that made the connection.
1848 Copy the fd from the client conn ctx (smtp transport specific) to the
1849 generic transport ctx. */
1850
1851 if (new_conn)
1852 tctx->u.fd = sx->outblock.cctx->sock;
1853#endif
87cb4a16 1854 }
e027f545 1855
e9166683 1856prev_cmd_count = cmd_count += sx->cmd_count;
6d5c916c 1857
e027f545 1858/* Reap responses for any previous, but not one we just emitted */
6d5c916c 1859
e027f545
JH		 1860if (chunk_size > 0)
1861 prev_cmd_count--;
e9166683 1862if (sx->pending_BDAT)
e027f545 1863 prev_cmd_count--;
6d5c916c 1864
e027f545 1865if (flags & tc_reap_prev && prev_cmd_count > 0)
6d5c916c 1866 {
58fc5fb2
JH		 1867 DEBUG(D_transport) debug_printf("look for %d responses"
1868 " for previous pipelined cmds\n", prev_cmd_count);
6d5c916c 1869
e9166683 1870 switch(sync_responses(sx, prev_cmd_count, 0))
e027f545
JH		 1871 {
1872 case 1: /* 2xx (only) => OK */
e9166683
JH		 1873 case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
1874 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
e027f545
JH		 1875 case 0: break; /* No 2xx or 5xx, but no probs */
1876
fc243e94
JH		 1877 case -5: errno = ERRNO_TLSFAILURE;
1878 return DEFER;
ee8b8090
JH		 1879#ifdef EXPERIMENTAL_PIPE_CONNECT
1880 case -4: /* non-2xx for pipelined banner or EHLO */
1881#endif
fc243e94 1882 case -1: /* Timeout on RCPT */
e027f545
JH		 1883 default: return ERROR; /* I/O error, or any MAIL/DATA error */
1884 }
1885 cmd_count = 1;
e9166683 1886 if (!sx->pending_BDAT)
e027f545 1887 pipelining_active = FALSE;
6d5c916c 1888 }
e027f545 1889
58fc5fb2 1890/* Reap response for an outstanding BDAT */
e027f545 1891
e9166683 1892if (sx->pending_BDAT)
e027f545 1893 {
58fc5fb2
JH		 1894 DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
1895
251b9eb4 1896 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
e027f545
JH		 1897 ob->command_timeout))
1898 {
e9166683 1899 if (errno == 0 && sx->buffer[0] == '4')
e027f545
JH		 1900 {
1901 errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
36e55f49 1902 sx->addrlist->more_errno |=
e9166683 1903 ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
e027f545
JH		 1904 }
1905 return ERROR;
1906 }
1907 cmd_count--;
e9166683 1908 sx->pending_BDAT = FALSE;
e027f545
JH		 1909 pipelining_active = FALSE;
1910 }
1911else if (chunk_size > 0)
e9166683 1912 sx->pending_BDAT = TRUE;
e027f545
JH		 1913
1914
e9166683 1915sx->cmd_count = cmd_count;
e027f545 1916return OK;
6d5c916c
JH		 1917}
1918
1919
1920
ee8b8090
JH		 1921
1922
0756eb3c 1923/*************************************************
d093f8e5 1924* Make connection for given message *
0756eb3c
PH		 1925*************************************************/
1926
d093f8e5
JH		 1927/*
1928Arguments:
1929 ctx connection context
d093f8e5
JH		 1930 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1931 a second attempt after TLS initialization fails
d093f8e5
JH		 1932
1933Returns: OK - the connection was made and the delivery attempted;
1934 fd is set in the conn context, tls_out set up.
1935 DEFER - the connection could not be made, or something failed
1936 while setting up the SMTP session, or there was a
1937 non-message-specific error, such as a timeout.
1938 ERROR - helo_data or add_headers or authenticated_sender is
1939 specified for this transport, and the string failed
1940 to expand
1941*/
1942int
e9166683 1943smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
d093f8e5 1944{
ee8b8090 1945smtp_transport_options_block * ob = sx->conn_args.tblock->options_block;
d093f8e5 1946BOOL pass_message = FALSE;
d093f8e5 1947uschar * message = NULL;
d093f8e5
JH		 1948int yield = OK;
1949int rc;
fc243e94
JH		 1950#ifdef SUPPORT_TLS
1951uschar * tls_errstr;
1952#endif
d093f8e5 1953
ee8b8090 1954sx->conn_args.ob = ob;
d093f8e5 1955
ee8b8090
JH		 1956sx->lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
1957sx->smtps = strcmpic(ob->protocol, US"smtps") == 0;
d093f8e5
JH		 1958sx->ok = FALSE;
1959sx->send_rset = TRUE;
1960sx->send_quit = TRUE;
1961sx->setting_up = TRUE;
1962sx->esmtp = TRUE;
1963sx->esmtp_sent = FALSE;
59a286ef 1964#ifdef SUPPORT_I18N
d093f8e5 1965sx->utf8_needed = FALSE;
59a286ef 1966#endif
d093f8e5 1967sx->dsn_all_lasthop = TRUE;
c0635b6d 1968#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
c05bdbd6 1969sx->conn_args.dane = FALSE;
8ac90765 1970sx->dane_required =
ee8b8090
JH		 1971 verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK;
1972#endif
1973#ifdef EXPERIMENTAL_PIPE_CONNECT
1974sx->early_pipe_active = sx->early_pipe_ok = FALSE;
1975sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0;
1976sx->pending_BANNER = sx->pending_EHLO = FALSE;
d093f8e5
JH		 1977#endif
1978
ee8b8090 1979if ((sx->max_rcpt = sx->conn_args.tblock->max_addresses) == 0) sx->max_rcpt = 999999;
d093f8e5 1980sx->peer_offered = 0;
14de8063 1981sx->avoid_option = 0;
d093f8e5 1982sx->igquotstr = US"";
ee8b8090 1983if (!sx->helo_data) sx->helo_data = ob->helo_data;
d093f8e5
JH		 1984#ifdef EXPERIMENTAL_DSN_INFO
1985sx->smtp_greeting = NULL;
1986sx->helo_response = NULL;
59a286ef
JH		 1987#endif
1988
0756eb3c 1989smtp_command = US"initial connection";
d093f8e5 1990sx->buffer[0] = '\0';
0756eb3c
PH		 1991
1992/* Set up the buffer for reading SMTP response packets. */
1993
d093f8e5
JH		 1994sx->inblock.buffer = sx->inbuffer;
1995sx->inblock.buffersize = sizeof(sx->inbuffer);
1996sx->inblock.ptr = sx->inbuffer;
1997sx->inblock.ptrend = sx->inbuffer;
0756eb3c
PH		 1998
1999/* Set up the buffer for holding SMTP commands while pipelining */
2000
d093f8e5
JH		 2001sx->outblock.buffer = sx->outbuffer;
2002sx->outblock.buffersize = sizeof(sx->outbuffer);
2003sx->outblock.ptr = sx->outbuffer;
2004sx->outblock.cmd_count = 0;
2005sx->outblock.authenticating = FALSE;
ee8b8090 2006sx->outblock.conn_args = NULL;
0756eb3c 2007
6c512171
PH		 2008/* Reset the parameters of a TLS session. */
2009
817d9f57
JH		 2010tls_out.bits = 0;
2011tls_out.cipher = NULL; /* the one we may use for this transport */
9d1c15ef
JH		 2012tls_out.ourcert = NULL;
2013tls_out.peercert = NULL;
817d9f57
JH		 2014tls_out.peerdn = NULL;
2015#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
2016tls_out.sni = NULL;
5b456975 2017#endif
018058b2 2018tls_out.ocsp = OCSP_NOT_REQ;
6c512171 2019
35aba663
JH		 2020/* Flip the legacy TLS-related variables over to the outbound set in case
2021they're used in the context of the transport. Don't bother resetting
02b41d71
JH		 2022afterward (when being used by a transport) as we're in a subprocess.
2023For verify, unflipped once the callout is dealt with */
35aba663
JH		 2024
2025tls_modify_variables(&tls_out);
2026
061b7ebd 2027#ifndef SUPPORT_TLS
d093f8e5 2028if (sx->smtps)
061b7ebd 2029 {
d093f8e5 2030 set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
895fbaf2 2031 DEFER, FALSE);
018058b2 2032 return ERROR;
061b7ebd
PP		 2033 }
2034#endif
2035
0756eb3c
PH		 2036/* Make a connection to the host if this isn't a continued delivery, and handle
2037the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
2038specially so they can be identified for retries. */
2039
58c30e47 2040if (!continue_hostname)
0756eb3c 2041 {
e9166683 2042 if (sx->verify)
ee8b8090 2043 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->conn_args.interface, sx->port);
02b41d71 2044
ee8b8090 2045 /* Get the actual port the connection will use, into sx->conn_args.host */
4311097e 2046
ee8b8090 2047 smtp_port_for_connect(sx->conn_args.host, sx->port);
0756eb3c 2048
c0635b6d 2049#if defined(SUPPORT_TLS) && defined(SUPPORT_DANE)
58c30e47 2050 /* Do TLSA lookup for DANE */
0e66b3b6 2051 {
0e66b3b6
JH		 2052 tls_out.dane_verified = FALSE;
2053 tls_out.tlsa_usage = 0;
2054
ee8b8090 2055 if (sx->conn_args.host->dnssec == DS_YES)
0e66b3b6 2056 {
d093f8e5 2057 if( sx->dane_required
ee8b8090 2058 || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
0e66b3b6 2059 )
c05bdbd6 2060 switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
4b0fe319 2061 {
c05bdbd6 2062 case OK: sx->conn_args.dane = TRUE;
ee8b8090 2063 ob->tls_tempfail_tryclear = FALSE;
58c30e47 2064 break;
2d5fdd53 2065 case FAIL_FORCED: break;
d093f8e5 2066 default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
2d5fdd53 2067 string_sprintf("DANE error: tlsa lookup %s",
aeb65e91 2068 rc_to_string(rc)),
2d5fdd53 2069 rc, FALSE);
8d3dc239 2070# ifndef DISABLE_EVENT
ee8b8090 2071 (void) event_raise(sx->conn_args.tblock->event_action,
c4b57fdd
JH		 2072 US"dane:fail", sx->dane_required
2073 ? US"dane-required" : US"dnssec-invalid");
8d3dc239 2074# endif
2d5fdd53 2075 return rc;
4b0fe319 2076 }
0e66b3b6 2077 }
d093f8e5 2078 else if (sx->dane_required)
0e66b3b6 2079 {
d093f8e5 2080 set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
ee8b8090 2081 string_sprintf("DANE error: %s lookup not DNSSEC", sx->conn_args.host->name),
895fbaf2 2082 FAIL, FALSE);
8d3dc239 2083# ifndef DISABLE_EVENT
ee8b8090 2084 (void) event_raise(sx->conn_args.tblock->event_action,
c4b57fdd 2085 US"dane:fail", US"dane-required");
8d3dc239 2086# endif
4b0fe319 2087 return FAIL;
0e66b3b6 2088 }
0e66b3b6
JH		 2089 }
2090#endif /*DANE*/
2091
58c30e47
JH		 2092 /* Make the TCP connection */
2093
74f1a423
JH		 2094 sx->cctx.tls_ctx = NULL;
2095 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
ee8b8090 2096 sx->avoid_option = sx->peer_offered = smtp_peer_options = 0;
58c30e47 2097
ee8b8090
JH		 2098#ifdef EXPERIMENTAL_PIPE_CONNECT
2099 if (verify_check_given_host(CUSS &ob->hosts_pipe_connect, sx->conn_args.host) == OK)
58c30e47 2100 {
ee8b8090
JH		 2101 sx->early_pipe_ok = TRUE;
2102 if ( read_ehlo_cache_entry(sx)
2103 && sx->ehlo_resp.cleartext_features & OPTION_EARLY_PIPE)
58c30e47 2104 {
ee8b8090
JH		 2105 DEBUG(D_transport) debug_printf("Using cached cleartext PIPE_CONNECT\n");
2106 sx->early_pipe_active = TRUE;
2107 sx->peer_offered = sx->ehlo_resp.cleartext_features;
58c30e47 2108 }
58c30e47
JH		 2109 }
2110
ee8b8090
JH		 2111 if (sx->early_pipe_active)
2112 sx->outblock.conn_args = &sx->conn_args;
2113 else
2114#endif
2115 {
2116 if ((sx->cctx.sock = smtp_connect(&sx->conn_args, NULL)) < 0)
2117 {
2118 uschar * msg = NULL;
2119 if (sx->verify)
2120 {
2121 msg = US strerror(errno);
2122 HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
2123 }
2124 set_errno_nohost(sx->addrlist,
2125 errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
2126 sx->verify ? string_sprintf("could not connect: %s", msg)
2127 : NULL,
2128 DEFER, FALSE);
2129 sx->send_quit = FALSE;
2130 return DEFER;
2131 }
2132 }
41c7c167
PH		 2133 /* Expand the greeting message while waiting for the initial response. (Makes
2134 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
2135 delayed till here so that $sending_interface and $sending_port are set. */
ee8b8090
JH		 2136/*XXX early-pipe: they still will not be. Is there any way to find out what they
2137will be? Somehow I doubt it. */
41c7c167 2138
02b41d71
JH		 2139 if (sx->helo_data)
2140 if (!(sx->helo_data = expand_string(sx->helo_data)))
e9166683 2141 if (sx->verify)
02b41d71
JH		 2142 log_write(0, LOG_MAIN|LOG_PANIC,
2143 "<%s>: failed to expand transport's helo_data value for callout: %s",
2144 sx->addrlist->address, expand_string_message);
2145
8c5d388a 2146#ifdef SUPPORT_I18N
d093f8e5 2147 if (sx->helo_data)
810d16ad 2148 {
02b41d71
JH		 2149 expand_string_message = NULL;
2150 if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
2151 &expand_string_message)),
2152 expand_string_message)
e9166683 2153 if (sx->verify)
02b41d71
JH		 2154 log_write(0, LOG_MAIN|LOG_PANIC,
2155 "<%s>: failed to expand transport's helo_data value for callout: %s",
2156 sx->addrlist->address, expand_string_message);
2157 else
2158 sx->helo_data = NULL;
810d16ad
JH		 2159 }
2160#endif
41c7c167 2161
0756eb3c
PH		 2162 /* The first thing is to wait for an initial OK response. The dreaded "goto"
2163 is nevertheless a reasonably clean way of programming this kind of logic,
2164 where you want to escape on any error. */
2165
d093f8e5 2166 if (!sx->smtps)
061b7ebd 2167 {
ee8b8090
JH		 2168#ifdef EXPERIMENTAL_PIPE_CONNECT
2169 if (sx->early_pipe_active)
2170 {
2171 sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */
2172 sx->outblock.cmd_count = 1;
2173 }
2174 else
8d330698 2175#endif
ee8b8090
JH		 2176 {
2177#ifdef TCP_QUICKACK
2178 (void) setsockopt(sx->cctx.sock, IPPROTO_TCP, TCP_QUICKACK, US &off,
2179 sizeof(off));
895fbaf2 2180#endif
ee8b8090
JH		 2181 if (!smtp_reap_banner(sx))
2182 goto RESPONSE_FAILED;
2183 }
0756eb3c 2184
0cbf2b82 2185#ifndef DISABLE_EVENT
b30275b8 2186 {
805c9d53 2187 uschar * s;
ee8b8090
JH		 2188 lookup_dnssec_authenticated = sx->conn_args.host->dnssec==DS_YES ? US"yes"
2189 : sx->conn_args.host->dnssec==DS_NO ? US"no" : NULL;
2190 s = event_raise(sx->conn_args.tblock->event_action, US"smtp:connect", sx->buffer);
b30275b8 2191 if (s)
a7538db1 2192 {
d093f8e5 2193 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
b30275b8 2194 string_sprintf("deferred by smtp:connect event expansion: %s", s),
895fbaf2 2195 DEFER, FALSE);
a7538db1
JH		 2196 yield = DEFER;
2197 goto SEND_QUIT;
2198 }
b30275b8 2199 }
a7538db1
JH		 2200#endif
2201
061b7ebd
PP		 2202 /* Now check if the helo_data expansion went well, and sign off cleanly if
2203 it didn't. */
41c7c167 2204
d093f8e5 2205 if (!sx->helo_data)
061b7ebd 2206 {
d093f8e5 2207 message = string_sprintf("failed to expand helo_data: %s",
061b7ebd 2208 expand_string_message);
d093f8e5 2209 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
061b7ebd
PP		 2210 yield = DEFER;
2211 goto SEND_QUIT;
2212 }
41c7c167
PH		 2213 }
2214
0756eb3c 2215/** Debugging without sending a message
d093f8e5 2216sx->addrlist->transport_return = DEFER;
0756eb3c
PH		 2217goto SEND_QUIT;
2218**/
2219
2220 /* Errors that occur after this point follow an SMTP command, which is
2221 left in big_buffer by smtp_write_command() for use in error messages. */
2222
2223 smtp_command = big_buffer;
2224
2225 /* Tell the remote who we are...
2226
2227 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
2228 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
2229 greeting is of this form. The assumption was that the far end supports it
2230 properly... but experience shows that there are some that give 5xx responses,
2231 even though the banner includes "ESMTP" (there's a bloody-minded one that
2232 says "ESMTP not spoken here"). Cope with that case.
2233
2234 September 2000: Time has passed, and it seems reasonable now to always send
2235 EHLO at the start. It is also convenient to make the change while installing
2236 the TLS stuff.
2237
2238 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
2239 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
2240 would be no way to send out the mails, so there is now a host list
2241 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
2242 PIPELINING problem as well. Maybe it can also be useful to cure other
2243 problems with broken servers.
2244
2245 Exim originally sent "Helo" at this point and ran for nearly a year that way.
2246 Then somebody tried it with a Microsoft mailer... It seems that all other
2247 mailers use upper case for some reason (the RFC is quite clear about case
2248 independence) so, for peace of mind, I gave in. */
2249
ee8b8090 2250 sx->esmtp = verify_check_given_host(CUSS &ob->hosts_avoid_esmtp, sx->conn_args.host) != OK;
0756eb3c 2251
061b7ebd
PP		 2252 /* Alas; be careful, since this goto is not an error-out, so conceivably
2253 we might set data between here and the target which we assume to exist
2254 and be usable. I can see this coming back to bite us. */
a7538db1 2255#ifdef SUPPORT_TLS
d093f8e5 2256 if (sx->smtps)
061b7ebd 2257 {
14de8063 2258 smtp_peer_options |= OPTION_TLS;
061b7ebd 2259 suppress_tls = FALSE;
ee8b8090 2260 ob->tls_tempfail_tryclear = FALSE;
061b7ebd
PP		 2261 smtp_command = US"SSL-on-connect";
2262 goto TLS_NEGOTIATE;
2263 }
a7538db1 2264#endif
061b7ebd 2265
d093f8e5 2266 if (sx->esmtp)
0756eb3c 2267 {
ee8b8090
JH		 2268 if (smtp_write_command(sx,
2269#ifdef EXPERIMENTAL_PIPE_CONNECT
2270 sx->early_pipe_active ? SCMD_BUFFER :
2271#endif
2272 SCMD_FLUSH,
2273 "%s %s\r\n", sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
0756eb3c 2274 goto SEND_FAILED;
d093f8e5 2275 sx->esmtp_sent = TRUE;
ee8b8090
JH		 2276
2277#ifdef EXPERIMENTAL_PIPE_CONNECT
2278 if (sx->early_pipe_active)
0756eb3c 2279 {
ee8b8090
JH		 2280 sx->pending_EHLO = TRUE;
2281
2282 /* If we have too many authenticators to handle and might need to AUTH
2283 for this transport, pipeline no further as we will need the
2284 list of auth methods offered. Reap the banner and EHLO. */
2285
2286 if ( (ob->hosts_require_auth || ob->hosts_try_auth)
2287 && f.smtp_in_early_pipe_no_auth)
895fbaf2 2288 {
ee8b8090
JH		 2289 DEBUG(D_transport) debug_printf("may need to auth, so pipeline no further\n");
2290 if (smtp_write_command(sx, SCMD_FLUSH, NULL) < 0)
2291 goto SEND_FAILED;
2292 if (sync_responses(sx, 2, 0) != 0)
2293 {
2294 HDEBUG(D_transport)
2295 debug_printf("failed reaping pipelined cmd responses\n");
2296 goto RESPONSE_FAILED;
2297 }
2298 sx->early_pipe_active = FALSE;
895fbaf2 2299 }
0756eb3c 2300 }
ee8b8090 2301 else
895fbaf2 2302#endif
ee8b8090
JH		 2303 if (!smtp_reap_ehlo(sx))
2304 goto RESPONSE_FAILED;
0756eb3c
PH		 2305 }
2306 else
0756eb3c
PH		 2307 DEBUG(D_transport)
2308 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
0756eb3c 2309
ee8b8090
JH		 2310#ifdef EXPERIMENTAL_PIPE_CONNECT
2311 if (!sx->early_pipe_active)
2312#endif
2313 if (!sx->esmtp)
2314 {
2315 BOOL good_response;
2316 int n = sizeof(sx->buffer);
2317 uschar * rsp = sx->buffer;
a57ce043 2318
ee8b8090
JH		 2319 if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
2320 { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
895fbaf2 2321
ee8b8090
JH		 2322 if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
2323 goto SEND_FAILED;
2324 good_response = smtp_read_response(sx, rsp, n, '2', ob->command_timeout);
895fbaf2 2325#ifdef EXPERIMENTAL_DSN_INFO
ee8b8090 2326 sx->helo_response = string_copy(rsp);
895fbaf2 2327#endif
ee8b8090 2328 if (!good_response)
a57ce043 2329 {
ee8b8090
JH		 2330 /* Handle special logging for a closed connection after HELO
2331 when had previously sent EHLO */
2332
2333 if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
2334 {
2335 errno = ERRNO_SMTPCLOSED;
2336 goto EHLOHELO_FAILED;
2337 }
2338 memmove(sx->buffer, rsp, Ustrlen(rsp));
2339 goto RESPONSE_FAILED;
a57ce043 2340 }
a57ce043 2341 }
2d14f397 2342
d093f8e5 2343 if (sx->esmtp || sx->lmtp)
2d14f397 2344 {
ee8b8090
JH		 2345#ifdef EXPERIMENTAL_PIPE_CONNECT
2346 if (!sx->early_pipe_active)
2347#endif
2348 {
2349 sx->peer_offered = ehlo_response(sx->buffer,
2350 OPTION_TLS /* others checked later */
2351#ifdef EXPERIMENTAL_PIPE_CONNECT
2352 | (sx->early_pipe_ok
2353 ? OPTION_IGNQ
2354 | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
2355#ifdef SUPPORT_I18N
2356 | OPTION_UTF8
2357#endif
2358 | OPTION_EARLY_PIPE
2359 : 0
2360 )
2361#endif
2362 );
2363#ifdef EXPERIMENTAL_PIPE_CONNECT
2364 if (sx->early_pipe_ok)
2365 {
2366 sx->ehlo_resp.cleartext_features = sx->peer_offered;
2367
2368 if ( (sx->peer_offered & (OPTION_PIPE | OPTION_EARLY_PIPE))
2369 == (OPTION_PIPE | OPTION_EARLY_PIPE))
2370 {
2371 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2372 sx->ehlo_resp.cleartext_auths = study_ehlo_auths(sx);
2373 write_ehlo_cache_entry(sx);
2374 }
2375 }
2376#endif
2377 }
f1513293 2378
0756eb3c
PH		 2379 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
2380
a7538db1 2381#ifdef SUPPORT_TLS
14de8063 2382 smtp_peer_options |= sx->peer_offered & OPTION_TLS;
7ade712c 2383#endif
2d14f397 2384 }
0756eb3c
PH		 2385 }
2386
57cc2785
JH		 2387/* For continuing deliveries down the same channel, having re-exec'd the socket
2388is the standard input; for a socket held open from verify it is recorded
2389in the cutthrough context block. Either way we don't need to redo EHLO here
2390(but may need to do so for TLS - see below).
2391Set up the pointer to where subsequent commands will be left, for
2d14f397 2392error messages. Note that smtp_peer_options will have been
0756eb3c
PH		 2393set from the command line if they were set in the process that passed the
2394connection on. */
2395
895fbaf2 2396/*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
4c04137d 2397as the continue goes via transport_pass_socket() and doublefork and exec.
895fbaf2
JH		 2398It does not wait. Unclear how we keep separate host's responses
2399separate - we could match up by host ip+port as a bodge. */
2400
0756eb3c
PH		 2401else
2402 {
74f1a423 2403 if (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only)
57cc2785 2404 {
74f1a423 2405 sx->cctx = cutthrough.cctx;
ee8b8090 2406 sx->conn_args.host->port = sx->port = cutthrough.host.port;
57cc2785
JH		 2407 }
2408 else
2409 {
74f1a423
JH		 2410 sx->cctx.sock = 0; /* stdin */
2411 sx->cctx.tls_ctx = NULL;
ee8b8090 2412 smtp_port_for_connect(sx->conn_args.host, sx->port); /* Record the port that was used */
57cc2785 2413 }
74f1a423 2414 sx->inblock.cctx = sx->outblock.cctx = &sx->cctx;
0756eb3c 2415 smtp_command = big_buffer;
02b41d71 2416 sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
875512a3 2417
57cc2785
JH		 2418 /* For a continued connection with TLS being proxied for us, or a
2419 held-open verify connection with TLS, nothing more to do. */
875512a3 2420
57cc2785 2421 if ( continue_proxy_cipher
74f1a423
JH		 2422 || (cutthrough.cctx.sock >= 0 && cutthrough.callout_hold_only
2423 && cutthrough.is_tls)
57cc2785 2424 )
875512a3
JH		 2425 {
2426 sx->peer_offered = smtp_peer_options;
7c576fca 2427 sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
57cc2785
JH		 2428 HDEBUG(D_transport) debug_printf("continued connection, %s TLS\n",
2429 continue_proxy_cipher ? "proxied" : "verify conn with");
875512a3
JH		 2430 return OK;
2431 }
2432 HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
0756eb3c
PH		 2433 }
2434
2435/* If TLS is available on this connection, whether continued or not, attempt to
2436start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
2437send another EHLO - the server may give a different answer in secure mode. We
2438use a separate buffer for reading the response to STARTTLS so that if it is
2439negative, the original EHLO data is available for subsequent analysis, should
2440the client not be required to use TLS. If the response is bad, copy the buffer
2441for error analysis. */
2442
2443#ifdef SUPPORT_TLS
14de8063 2444if ( smtp_peer_options & OPTION_TLS
5130845b 2445 && !suppress_tls
ee8b8090 2446 && verify_check_given_host(CUSS &ob->hosts_avoid_tls, sx->conn_args.host) != OK
e9166683 2447 && ( !sx->verify
ee8b8090 2448 || verify_check_given_host(CUSS &ob->hosts_verify_avoid_tls, sx->conn_args.host) != OK
02b41d71 2449 ) )
0756eb3c
PH		 2450 {
2451 uschar buffer2[4096];
ee8b8090 2452
251b9eb4 2453 if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0)
0756eb3c
PH		 2454 goto SEND_FAILED;
2455
ee8b8090
JH		 2456#ifdef EXPERIMENTAL_PIPE_CONNECT
2457 /* If doing early-pipelining reap the banner and EHLO-response but leave
2458 the response for the STARTTLS we just sent alone. */
2459
2460 if (sx->early_pipe_active && sync_responses(sx, 2, 0) != 0)
2461 {
2462 HDEBUG(D_transport)
2463 debug_printf("failed reaping pipelined cmd responses\n");
2464 goto RESPONSE_FAILED;
2465 }
2466#endif
2467
0756eb3c
PH		 2468 /* If there is an I/O error, transmission of this message is deferred. If
2469 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
2470 false, we also defer. However, if there is a temporary rejection of STARTTLS
2471 and tls_tempfail_tryclear is true, or if there is an outright rejection of
2472 STARTTLS, we carry on. This means we will try to send the message in clear,
2473 unless the host is in hosts_require_tls (tested below). */
2474
ee8b8090 2475 if (!smtp_read_response(sx, buffer2, sizeof(buffer2), '2', ob->command_timeout))
0756eb3c 2476 {
4b0fe319
JH		 2477 if ( errno != 0
2478 || buffer2[0] == 0
ee8b8090 2479 || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
4b0fe319 2480 )
0dda4340 2481 {
d093f8e5 2482 Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
9e7e0f6a 2483 sx->buffer[sizeof(sx->buffer)-1] = '\0';
0756eb3c 2484 goto RESPONSE_FAILED;
0dda4340 2485 }
0756eb3c
PH		 2486 }
2487
2488 /* STARTTLS accepted: try to negotiate a TLS session. */
2489
2490 else
061b7ebd 2491 TLS_NEGOTIATE:
0756eb3c 2492 {
c05bdbd6 2493 if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
0756eb3c 2494 {
74f1a423
JH		 2495 /* TLS negotiation failed; give an error. From outside, this function may
2496 be called again to try in clear on a new connection, if the options permit
2497 it for this host. */
dca6d121
JH		 2498#ifdef USE_GNUTLS
2499 GNUTLS_CONN_FAILED:
2500#endif
fc243e94 2501 DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
74f1a423 2502
c0635b6d 2503# ifdef SUPPORT_DANE
c05bdbd6 2504 if (sx->conn_args.dane)
c4b57fdd
JH		 2505 {
2506 log_write(0, LOG_MAIN,
cf0c6164 2507 "DANE attempt failed; TLS connection to %s [%s]: %s",
fc243e94 2508 sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
8d3dc239 2509# ifndef DISABLE_EVENT
ee8b8090 2510 (void) event_raise(sx->conn_args.tblock->event_action,
c4b57fdd 2511 US"dane:fail", US"validation-failure"); /* could do with better detail */
8d3dc239 2512# endif
c4b57fdd 2513 }
6ebd79ec
JH		 2514# endif
2515
de6273b4 2516 errno = ERRNO_TLSFAILURE;
fc243e94 2517 message = string_sprintf("TLS session: %s", tls_errstr);
d093f8e5 2518 sx->send_quit = FALSE;
0756eb3c
PH		 2519 goto TLS_FAILED;
2520 }
2521
2522 /* TLS session is set up */
2523
2d14f397 2524 smtp_peer_options_wrap = smtp_peer_options;
d7978c0f 2525 for (address_item * addr = sx->addrlist; addr; addr = addr->next)
5ca2a9a1
PH		 2526 if (addr->transport_return == PENDING_DEFER)
2527 {
817d9f57 2528 addr->cipher = tls_out.cipher;
9d1c15ef
JH		 2529 addr->ourcert = tls_out.ourcert;
2530 addr->peercert = tls_out.peercert;
817d9f57 2531 addr->peerdn = tls_out.peerdn;
018058b2 2532 addr->ocsp = tls_out.ocsp;
5ca2a9a1 2533 }
0756eb3c
PH		 2534 }
2535 }
2536
061b7ebd
PP		 2537/* if smtps, we'll have smtp_command set to something else; always safe to
2538reset it here. */
2539smtp_command = big_buffer;
2540
41c7c167
PH		 2541/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
2542helo_data is null, we are dealing with a connection that was passed from
2543another process, and so we won't have expanded helo_data above. We have to
2544expand it here. $sending_ip_address and $sending_port are set up right at the
2545start of the Exim process (in exim.c). */
0756eb3c 2546
74f1a423 2547if (tls_out.active.sock >= 0)
0756eb3c 2548 {
ee8b8090 2549 uschar * greeting_cmd;
895fbaf2 2550
ee8b8090 2551 if (!sx->helo_data && !(sx->helo_data = expand_string(ob->helo_data)))
41c7c167 2552 {
d093f8e5
JH		 2553 uschar *message = string_sprintf("failed to expand helo_data: %s",
2554 expand_string_message);
2555 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2556 yield = DEFER;
2557 goto SEND_QUIT;
41c7c167
PH		 2558 }
2559
ee8b8090
JH		 2560#ifdef EXPERIMENTAL_PIPE_CONNECT
2561 /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit.
2562 We're unlikely to get the group sent and delivered before the server sends its
2563 banner, but it's still worth sending as a group.
2564 For STARTTLS allow for cleartext early-pipe but no crypted early-pipe, but not
2565 the reverse. */
2566
2567 if (sx->smtps ? sx->early_pipe_ok : sx->early_pipe_active)
2568 {
2569 sx->peer_offered = sx->ehlo_resp.crypted_features;
2570 if ((sx->early_pipe_active =
2571 !!(sx->ehlo_resp.crypted_features & OPTION_EARLY_PIPE)))
2572 DEBUG(D_transport) debug_printf("Using cached crypted PIPE_CONNECT\n");
2573 }
2574#endif
2575
0d0e4455 2576 /* For SMTPS we need to wait for the initial OK response. */
d093f8e5 2577 if (sx->smtps)
ee8b8090
JH		 2578#ifdef EXPERIMENTAL_PIPE_CONNECT
2579 if (sx->early_pipe_active)
2580 {
2581 sx->pending_BANNER = TRUE;
2582 sx->outblock.cmd_count = 1;
2583 }
2584 else
895fbaf2 2585#endif
ee8b8090
JH		 2586 if (!smtp_reap_banner(sx))
2587 goto RESPONSE_FAILED;
0d0e4455 2588
ee8b8090
JH		 2589 if (sx->lmtp)
2590 greeting_cmd = US"LHLO";
2591 else if (sx->esmtp)
2592 greeting_cmd = US"EHLO";
0d0e4455
PP		 2593 else
2594 {
ee8b8090 2595 greeting_cmd = US"HELO";
0d0e4455
PP		 2596 DEBUG(D_transport)
2597 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP		 2598 }
2599
ee8b8090
JH		 2600 if (smtp_write_command(sx,
2601#ifdef EXPERIMENTAL_PIPE_CONNECT
2602 sx->early_pipe_active ? SCMD_BUFFER :
2603#endif
2604 SCMD_FLUSH,
2605 "%s %s\r\n", greeting_cmd, sx->helo_data) < 0)
0756eb3c 2606 goto SEND_FAILED;
ee8b8090
JH		 2607
2608#ifdef EXPERIMENTAL_PIPE_CONNECT
2609 if (sx->early_pipe_active)
2610 sx->pending_EHLO = TRUE;
2611 else
895fbaf2 2612#endif
ee8b8090
JH		 2613 {
2614 if (!smtp_reap_ehlo(sx))
fc243e94
JH		 2615#ifdef USE_GNUTLS
2616 {
2617 /* The GnuTLS layer in Exim only spots a server-rejection of a client
2618 cert late, under TLS1.3 - which means here; the first time we try to
2619 receive crypted data. Treat it as if it was a connect-time failure.
2620 See also the early-pipe equivalent... which will be hard; every call
2621 to sync_responses will need to check the result.
2622 It would be nicer to have GnuTLS check the cert during the handshake.
2623 Can it do that, with all the flexibility we need? */
2624
2625 tls_errstr = US"error on first read";
2626 goto GNUTLS_CONN_FAILED;
2627 }
2628#else
ee8b8090 2629 goto RESPONSE_FAILED;
fc243e94 2630#endif
ee8b8090
JH		 2631 smtp_peer_options = 0;
2632 }
0756eb3c
PH		 2633 }
2634
2635/* If the host is required to use a secure channel, ensure that we
2636have one. */
2637
d093f8e5 2638else if ( sx->smtps
c0635b6d 2639# ifdef SUPPORT_DANE
c05bdbd6 2640 || sx->conn_args.dane
0e66b3b6 2641# endif
ee8b8090 2642 || verify_check_given_host(CUSS &ob->hosts_require_tls, sx->conn_args.host) == OK
7a31d643 2643 )
0756eb3c 2644 {
9883af72 2645 errno = ERRNO_TLSREQUIRED;
c562fd30 2646 message = string_sprintf("a TLS session is required, but %s",
14de8063 2647 smtp_peer_options & OPTION_TLS
2d14f397 2648 ? "an attempt to start TLS failed" : "the server did not offer TLS support");
8d3dc239 2649# if defined(SUPPORT_DANE) && !defined(DISABLE_EVENT)
c05bdbd6 2650 if (sx->conn_args.dane)
ee8b8090 2651 (void) event_raise(sx->conn_args.tblock->event_action, US"dane:fail",
c4b57fdd
JH		 2652 smtp_peer_options & OPTION_TLS
2653 ? US"validation-failure" /* could do with better detail */
2654 : US"starttls-not-supported");
2655# endif
0756eb3c
PH		 2656 goto TLS_FAILED;
2657 }
0e66b3b6 2658#endif /*SUPPORT_TLS*/
0756eb3c
PH		 2659
2660/* If TLS is active, we have just started it up and re-done the EHLO command,
2661so its response needs to be analyzed. If TLS is not active and this is a
2662continued session down a previously-used socket, we haven't just done EHLO, so
2663we skip this. */
2664
2665if (continue_hostname == NULL
a7538db1 2666#ifdef SUPPORT_TLS
74f1a423 2667 || tls_out.active.sock >= 0
a7538db1 2668#endif
0756eb3c
PH		 2669 )
2670 {
d093f8e5 2671 if (sx->esmtp || sx->lmtp)
2d14f397 2672 {
ee8b8090
JH		 2673#ifdef EXPERIMENTAL_PIPE_CONNECT
2674 if (!sx->early_pipe_active)
2675#endif
2676 {
e9166683 2677 sx->peer_offered = ehlo_response(sx->buffer,
d093f8e5 2678 0 /* no TLS */
ee8b8090
JH		 2679#ifdef EXPERIMENTAL_PIPE_CONNECT
2680 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
2681 | OPTION_DSN | OPTION_PIPE | OPTION_SIZE
9883af72 2682 | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8
ee8b8090
JH		 2683 | (tls_out.active.sock >= 0 ? OPTION_EARLY_PIPE : 0) /* not for lmtp */
2684
2685#else
2686
2687 | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0)
14de8063
JH		 2688 | OPTION_CHUNKING
2689 | OPTION_PRDR
ee8b8090 2690# ifdef SUPPORT_I18N
14de8063 2691 | (sx->addrlist->prop.utf8_msg ? OPTION_UTF8 : 0)
d093f8e5
JH		 2692 /*XXX if we hand peercaps on to continued-conn processes,
2693 must not depend on this addr */
ee8b8090 2694# endif
14de8063
JH		 2695 | OPTION_DSN
2696 | OPTION_PIPE
ee8b8090 2697 | (ob->size_addition >= 0 ? OPTION_SIZE : 0)
8ac90765 2698#endif
9094b84b 2699 );
ee8b8090
JH		 2700#ifdef EXPERIMENTAL_PIPE_CONNECT
2701 if (tls_out.active.sock >= 0)
2702 sx->ehlo_resp.crypted_features = sx->peer_offered;
2703#endif
2704 }
9094b84b 2705
2d14f397
JH		 2706 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
2707 lmtp_ignore_quota option was set. */
f1513293 2708
14de8063 2709 sx->igquotstr = sx->peer_offered & OPTION_IGNQ ? US" IGNOREQUOTA" : US"";
f1513293 2710
2d14f397
JH		 2711 /* If the response to EHLO specified support for the SIZE parameter, note
2712 this, provided size_addition is non-negative. */
f1513293 2713
14de8063 2714 smtp_peer_options |= sx->peer_offered & OPTION_SIZE;
0756eb3c 2715
2d14f397
JH		 2716 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
2717 the current host, esmtp will be false, so PIPELINING can never be used. If
2718 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c 2719
14de8063 2720 if ( sx->peer_offered & OPTION_PIPE
ee8b8090 2721 && verify_check_given_host(CUSS &ob->hosts_avoid_pipelining, sx->conn_args.host) != OK)
14de8063 2722 smtp_peer_options |= OPTION_PIPE;
0756eb3c 2723
2d14f397 2724 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
14de8063 2725 smtp_peer_options & OPTION_PIPE ? "" : "not ");
0756eb3c 2726
14de8063 2727 if ( sx->peer_offered & OPTION_CHUNKING
ee8b8090 2728 && verify_check_given_host(CUSS &ob->hosts_try_chunking, sx->conn_args.host) != OK)
14de8063 2729 sx->peer_offered &= ~OPTION_CHUNKING;
f98442df 2730
14de8063 2731 if (sx->peer_offered & OPTION_CHUNKING)
ee8b8090 2732 DEBUG(D_transport) debug_printf("CHUNKING usable\n");
0756eb3c 2733
8ccd00b1 2734#ifndef DISABLE_PRDR
14de8063 2735 if ( sx->peer_offered & OPTION_PRDR
ee8b8090 2736 && verify_check_given_host(CUSS &ob->hosts_try_prdr, sx->conn_args.host) != OK)
14de8063 2737 sx->peer_offered &= ~OPTION_PRDR;
fd98a5c6 2738
14de8063 2739 if (sx->peer_offered & OPTION_PRDR)
ee8b8090 2740 DEBUG(D_transport) debug_printf("PRDR usable\n");
fd98a5c6
JH		 2741#endif
2742
2d14f397 2743 /* Note if the server supports DSN */
14de8063 2744 smtp_peer_options |= sx->peer_offered & OPTION_DSN;
2d14f397 2745 DEBUG(D_transport) debug_printf("%susing DSN\n",
14de8063 2746 sx->peer_offered & OPTION_DSN ? "" : "not ");
6c1c3d1d 2747
ee8b8090
JH		 2748#ifdef EXPERIMENTAL_PIPE_CONNECT
2749 if ( sx->early_pipe_ok
2750 && !sx->early_pipe_active
2751 && tls_out.active.sock >= 0
2752 && smtp_peer_options & OPTION_PIPE
2753 && ( sx->ehlo_resp.cleartext_features | sx->ehlo_resp.crypted_features)
2754 & OPTION_EARLY_PIPE)
2755 {
2756 DEBUG(D_transport) debug_printf("PIPE_CONNECT usable in future for this IP\n");
2757 sx->ehlo_resp.crypted_auths = study_ehlo_auths(sx);
2758 write_ehlo_cache_entry(sx);
2759 }
2760#endif
2761
2d14f397
JH		 2762 /* Note if the response to EHLO specifies support for the AUTH extension.
2763 If it has, check that this host is one we want to authenticate to, and do
2764 the business. The host name and address must be available when the
2765 authenticator's client driver is running. */
0756eb3c 2766
ee8b8090 2767 switch (yield = smtp_auth(sx))
2d14f397
JH		 2768 {
2769 default: goto SEND_QUIT;
2770 case OK: break;
2771 case FAIL_SEND: goto SEND_FAILED;
2772 case FAIL: goto RESPONSE_FAILED;
2773 }
0756eb3c
PH		 2774 }
2775 }
7c576fca 2776sx->pipelining_used = pipelining_active = !!(smtp_peer_options & OPTION_PIPE);
0756eb3c
PH		 2777
2778/* The setting up of the SMTP call is now complete. Any subsequent errors are
2779message-specific. */
2780
d093f8e5 2781sx->setting_up = FALSE;
0756eb3c 2782
8c5d388a 2783#ifdef SUPPORT_I18N
d093f8e5 2784if (sx->addrlist->prop.utf8_msg)
9094b84b 2785 {
71c15846
JH		 2786 uschar * s;
2787
2788 /* If the transport sets a downconversion mode it overrides any set by ACL
2789 for the message. */
2790
ee8b8090 2791 if ((s = ob->utf8_downconvert))
71c15846
JH		 2792 {
2793 if (!(s = expand_string(s)))
2794 {
2795 message = string_sprintf("failed to expand utf8_downconvert: %s",
2796 expand_string_message);
2797 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
2798 yield = DEFER;
2799 goto SEND_QUIT;
2800 }
2801 switch (*s)
2802 {
2803 case '1': sx->addrlist->prop.utf8_downcvt = TRUE;
2804 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2805 break;
2806 case '0': sx->addrlist->prop.utf8_downcvt = FALSE;
2807 sx->addrlist->prop.utf8_downcvt_maybe = FALSE;
2808 break;
2809 case '-': if (s[1] == '1')
2810 {
2811 sx->addrlist->prop.utf8_downcvt = FALSE;
2812 sx->addrlist->prop.utf8_downcvt_maybe = TRUE;
2813 }
2814 break;
2815 }
2816 }
2817
d093f8e5
JH		 2818 sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
2819 && !sx->addrlist->prop.utf8_downcvt_maybe;
2820 DEBUG(D_transport) if (!sx->utf8_needed)
59a286ef 2821 debug_printf("utf8: %s downconvert\n",
d093f8e5 2822 sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
9094b84b
JH		 2823 }
2824
7ade712c 2825/* If this is an international message we need the host to speak SMTPUTF8 */
14de8063 2826if (sx->utf8_needed && !(sx->peer_offered & OPTION_UTF8))
7ade712c
JH		 2827 {
2828 errno = ERRNO_UTF8_FWD;
2829 goto RESPONSE_FAILED;
2830 }
71c15846 2831#endif /*SUPPORT_I18N*/
7ade712c 2832
d093f8e5
JH		 2833return OK;
2834
2835
2836 {
2837 int code;
d093f8e5
JH		 2838
2839 RESPONSE_FAILED:
d093f8e5 2840 message = NULL;
ee8b8090 2841 sx->send_quit = check_response(sx->conn_args.host, &errno, sx->addrlist->more_errno,
d093f8e5 2842 sx->buffer, &code, &message, &pass_message);
8ac90765 2843 yield = DEFER;
d093f8e5 2844 goto FAILED;
d093f8e5
JH		 2845
2846 SEND_FAILED:
d093f8e5
JH		 2847 code = '4';
2848 message = US string_sprintf("send() to %s [%s] failed: %s",
ee8b8090 2849 sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
d093f8e5 2850 sx->send_quit = FALSE;
8ac90765 2851 yield = DEFER;
d093f8e5 2852 goto FAILED;
d093f8e5 2853
de6273b4
JH		 2854 EHLOHELO_FAILED:
2855 code = '4';
2856 message = string_sprintf("Remote host closed connection in response to %s"
2857 " (EHLO response was: %s)", smtp_command, sx->buffer);
2858 sx->send_quit = FALSE;
8ac90765 2859 yield = DEFER;
de6273b4
JH		 2860 goto FAILED;
2861
e5ab0ba9
JH		 2862 /* This label is jumped to directly when a TLS negotiation has failed,
2863 or was not done for a host for which it is required. Values will be set
2864 in message and errno, and setting_up will always be true. Treat as
2865 a temporary error. */
2866
d093f8e5
JH		 2867#ifdef SUPPORT_TLS
2868 TLS_FAILED:
9883af72 2869 code = '4', yield = DEFER;
de6273b4 2870 goto FAILED;
d093f8e5
JH		 2871#endif
2872
2873 /* The failure happened while setting up the call; see if the failure was
2874 a 5xx response (this will either be on connection, or following HELO - a 5xx
e69636bc
JH		 2875 after EHLO causes it to try HELO). If so, and there are no more hosts to try,
2876 fail all addresses, as this host is never going to accept them. For other
2877 errors during setting up (timeouts or whatever), defer all addresses, and
2878 yield DEFER, so that the host is not tried again for a while.
2879
2880 XXX This peeking for another host feels like a layering violation. We want
2881 to note the host as unusable, but down here we shouldn't know if this was
2882 the last host to try for the addr(list). Perhaps the upper layer should be
2883 the one to do set_errno() ? The problem is that currently the addr is where
2884 errno etc. are stashed, but until we run out of hosts to try the errors are
2885 host-specific. Maybe we should enhance the host_item definition? */
d093f8e5 2886
de6273b4 2887FAILED:
d093f8e5 2888 sx->ok = FALSE; /* For when reached by GOTO */
e69636bc 2889 set_errno(sx->addrlist, errno, message,
ee8b8090 2890 sx->conn_args.host->next
e69636bc
JH		 2891 ? DEFER
2892 : code == '5'
d093f8e5 2893#ifdef SUPPORT_I18N
e69636bc 2894 || errno == ERRNO_UTF8_FWD
d093f8e5 2895#endif
e69636bc 2896 ? FAIL : DEFER,
ee8b8090 2897 pass_message, sx->conn_args.host
d093f8e5
JH		 2898#ifdef EXPERIMENTAL_DSN_INFO
2899 , sx->smtp_greeting, sx->helo_response
2900#endif
2901 );
2902 }
2903
2904
2905SEND_QUIT:
2906
2907if (sx->send_quit)
251b9eb4 2908 (void)smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n");
d093f8e5 2909
d093f8e5 2910#ifdef SUPPORT_TLS
74f1a423
JH		 2911if (sx->cctx.tls_ctx)
2912 {
2913 tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
2914 sx->cctx.tls_ctx = NULL;
2915 }
d093f8e5
JH		 2916#endif
2917
2918/* Close the socket, and return the appropriate value, first setting
2919works because the NULL setting is passed back to the calling process, and
2920remote_max_parallel is forced to 1 when delivering over an existing connection,
b7d3afcf 2921*/
d093f8e5 2922
e1d04f48 2923HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
d093f8e5
JH		 2924if (sx->send_quit)
2925 {
74f1a423
JH		 2926 shutdown(sx->cctx.sock, SHUT_WR);
2927 if (fcntl(sx->cctx.sock, F_SETFL, O_NONBLOCK) == 0)
d7978c0f
JH		 2928 for (int i = 16; read(sx->cctx.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && i > 0;)
2929 i--; /* drain socket */
02b41d71 2930 sx->send_quit = FALSE;
d093f8e5 2931 }
74f1a423
JH		 2932(void)close(sx->cctx.sock);
2933sx->cctx.sock = -1;
d093f8e5
JH		 2934
2935#ifndef DISABLE_EVENT
ee8b8090 2936(void) event_raise(sx->conn_args.tblock->event_action, US"tcp:close", NULL);
d093f8e5
JH		 2937#endif
2938
2939continue_transport = NULL;
2940continue_hostname = NULL;
2941return yield;
2942}
2943
2944
9be4572b
JH		 2945
2946
2947/* Create the string of options that will be appended to the MAIL FROM:
2948in the connection context buffer */
2949
2950static int
2951build_mailcmd_options(smtp_context * sx, address_item * addrlist)
2952{
2953uschar * p = sx->buffer;
2954address_item * addr;
2955int address_count;
2956
2957*p = 0;
2958
14de8063 2959/* If we know the receiving MTA supports the SIZE qualification, and we know it,
9be4572b
JH		 2960send it, adding something to the message size to allow for imprecision
2961and things that get added en route. Exim keeps the number of lines
2962in a message, so we can give an accurate value for the original message, but we
2963need some additional to handle added headers. (Double "." characters don't get
2964included in the count.) */
2965
14de8063
JH		 2966if ( message_size > 0
2967 && sx->peer_offered & OPTION_SIZE && !(sx->avoid_option & OPTION_SIZE))
9be4572b 2968 {
328c5688
JH		 2969/*XXX problem here under spool_files_wireformat?
2970Or just forget about lines? Or inflate by a fixed proportion? */
2971
ee8b8090 2972 sprintf(CS p, " SIZE=%d", message_size+message_linecount+(SOB sx->conn_args.ob)->size_addition);
9be4572b
JH		 2973 while (*p) p++;
2974 }
2975
2976#ifndef DISABLE_PRDR
aded2255 2977/* If it supports Per-Recipient Data Responses, and we have more than one recipient,
9be4572b
JH		 2978request that */
2979
2980sx->prdr_active = FALSE;
14de8063 2981if (sx->peer_offered & OPTION_PRDR)
d7978c0f 2982 for (address_item * addr = addrlist; addr; addr = addr->next)
9be4572b
JH		 2983 if (addr->transport_return == PENDING_DEFER)
2984 {
2985 for (addr = addr->next; addr; addr = addr->next)
2986 if (addr->transport_return == PENDING_DEFER)
2987 { /* at least two recipients to send */
2988 sx->prdr_active = TRUE;
2989 sprintf(CS p, " PRDR"); p += 5;
2990 break;
2991 }
2992 break;
2993 }
2994#endif
2995
2996#ifdef SUPPORT_I18N
2997/* If it supports internationalised messages, and this meesage need that,
2998request it */
2999
14de8063 3000if ( sx->peer_offered & OPTION_UTF8
9be4572b
JH		 3001 && addrlist->prop.utf8_msg
3002 && !addrlist->prop.utf8_downcvt
3003 )
3004 Ustrcpy(p, " SMTPUTF8"), p += 9;
3005#endif
3006
3007/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
3008for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
3009 addr && address_count < sx->max_rcpt;
3010 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3011 {
3012 address_count++;
3013 if (!(addr->dsn_flags & rf_dsnlasthop))
3014 {
3015 sx->dsn_all_lasthop = FALSE;
3016 break;
3017 }
3018 }
3019
3020/* Add any DSN flags to the mail command */
3021
14de8063 3022if (sx->peer_offered & OPTION_DSN && !sx->dsn_all_lasthop)
9be4572b
JH		 3023 {
3024 if (dsn_ret == dsn_ret_hdrs)
3025 { Ustrcpy(p, " RET=HDRS"); p += 9; }
3026 else if (dsn_ret == dsn_ret_full)
3027 { Ustrcpy(p, " RET=FULL"); p += 9; }
3028
3029 if (dsn_envid)
3030 {
3031 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
3032 while (*p) p++;
3033 }
3034 }
3035
3036/* If an authenticated_sender override has been specified for this transport
3037instance, expand it. If the expansion is forced to fail, and there was already
3038an authenticated_sender for this message, the original value will be used.
3039Other expansion failures are serious. An empty result is ignored, but there is
3040otherwise no check - this feature is expected to be used with LMTP and other
3041cases where non-standard addresses (e.g. without domains) might be required. */
3042
ee8b8090 3043if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->conn_args.ob))
9be4572b
JH		 3044 return ERROR;
3045
3046return OK;
3047}
3048
3049
3050static void
3051build_rcptcmd_options(smtp_context * sx, const address_item * addr)
3052{
3053uschar * p = sx->buffer;
3054*p = 0;
3055
3056/* Add any DSN flags to the rcpt command */
3057
14de8063 3058if (sx->peer_offered & OPTION_DSN && !(addr->dsn_flags & rf_dsnlasthop))
9be4572b
JH		 3059 {
3060 if (addr->dsn_flags & rf_dsnflags)
3061 {
9be4572b
JH		 3062 BOOL first = TRUE;
3063
3064 Ustrcpy(p, " NOTIFY=");
3065 while (*p) p++;
d7978c0f 3066 for (int i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
9be4572b
JH		 3067 {
3068 if (!first) *p++ = ',';
3069 first = FALSE;
3070 Ustrcpy(p, rf_names[i]);
3071 while (*p) p++;
3072 }
3073 }
3074
3075 if (addr->dsn_orcpt)
3076 {
3077 string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
3078 addr->dsn_orcpt);
3079 while (*p) p++;
3080 }
3081 }
3082}
3083
3084
d9c3c8ed
JH		 3085
3086/*
3087Return:
e9166683
JH		 3088 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
3089 -1 MAIL response error
3090 -2 any non-MAIL read i/o error
3091 -3 non-MAIL response timeout
3092 -4 internal error; channel still usable
3093 -5 transmit failed
d9c3c8ed
JH		 3094 */
3095
3096int
3097smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
3098{
3099address_item * addr;
3100int address_count;
3101int rc;
3102
3103if (build_mailcmd_options(sx, sx->first_addr) != OK)
3104 {
3105 *yield = ERROR;
e9166683 3106 return -4;
d9c3c8ed
JH		 3107 }
3108
3109/* From here until we send the DATA command, we can make use of PIPELINING
3110if the server host supports it. The code has to be able to check the responses
3111at any point, for when the buffer fills up, so we write it totally generally.
3112When PIPELINING is off, each command written reports that it has flushed the
3113buffer. */
3114
3115sx->pending_MAIL = TRUE; /* The block starts with MAIL */
3116
3117 {
3118 uschar * s = sx->from_addr;
3119#ifdef SUPPORT_I18N
3120 uschar * errstr = NULL;
3121
3122 /* If we must downconvert, do the from-address here. Remember we had to
3123 for the to-addresses (done below), and also (ugly) for re-doing when building
3124 the delivery log line. */
3125
3126 if ( sx->addrlist->prop.utf8_msg
14de8063 3127 && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & OPTION_UTF8))
d9c3c8ed
JH		 3128 )
3129 {
3130 if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
3131 {
3132 set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
3133 *yield = ERROR;
e9166683 3134 return -4;
d9c3c8ed
JH		 3135 }
3136 setflag(sx->addrlist, af_utf8_downcvt);
3137 }
3138#endif
3139
251b9eb4 3140 rc = smtp_write_command(sx, pipelining_active ? SCMD_BUFFER : SCMD_FLUSH,
d9c3c8ed
JH		 3141 "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
3142 }
3143
3144mail_command = string_copy(big_buffer); /* Save for later error message */
3145
3146switch(rc)
3147 {
3148 case -1: /* Transmission error */
e9166683 3149 return -5;
d9c3c8ed 3150
df5b41e3 3151 case +1: /* Cmd was sent */
251b9eb4 3152 if (!smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2',
ee8b8090 3153 (SOB sx->conn_args.ob)->command_timeout))
d9c3c8ed
JH		 3154 {
3155 if (errno == 0 && sx->buffer[0] == '4')
3156 {
3157 errno = ERRNO_MAIL4XX;
3158 sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
3159 }
3160 return -1;
3161 }
3162 sx->pending_MAIL = FALSE;
3163 break;
e9166683
JH		 3164
3165 /* otherwise zero: command queued for pipeline */
d9c3c8ed
JH		 3166 }
3167
3168/* Pass over all the relevant recipient addresses for this host, which are the
3169ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
3170several before we have to read the responses for those seen so far. This
3171checking is done by a subroutine because it also needs to be done at the end.
3172Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
3173the next one if not all are sent.
3174
3175In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
3176last address because we want to abort if any recipients have any kind of
3177problem, temporary or permanent. We know that all recipient addresses will have
3178the PENDING_DEFER status, because only one attempt is ever made, and we know
e9166683
JH		 3179that max_rcpt will be large, so all addresses will be done at once.
3180
3181For verify we flush the pipeline after any (the only) rcpt address. */
d9c3c8ed
JH		 3182
3183for (addr = sx->first_addr, address_count = 0;
3184 addr && address_count < sx->max_rcpt;
3185 addr = addr->next) if (addr->transport_return == PENDING_DEFER)
3186 {
3187 int count;
3188 BOOL no_flush;
3189 uschar * rcpt_addr;
3190
14de8063 3191 addr->dsn_aware = sx->peer_offered & OPTION_DSN
d9c3c8ed
JH		 3192 ? dsn_support_yes : dsn_support_no;
3193
3194 address_count++;
4c2471ca
JH		 3195 no_flush = pipelining_active && !sx->verify
3196 && (!mua_wrapper || addr->next && address_count < sx->max_rcpt);
d9c3c8ed
JH		 3197
3198 build_rcptcmd_options(sx, addr);
3199
3200 /* Now send the RCPT command, and process outstanding responses when
3201 necessary. After a timeout on RCPT, we just end the function, leaving the
3202 yield as OK, because this error can often mean that there is a problem with
3203 just one address, so we don't want to delay the host. */
3204
ee8b8090 3205 rcpt_addr = transport_rcpt_address(addr, sx->conn_args.tblock->rcpt_include_affixes);
d9c3c8ed
JH		 3206
3207#ifdef SUPPORT_I18N
3208 if ( testflag(sx->addrlist, af_utf8_downcvt)
3209 && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
3210 )
3211 {
3212 /*XXX could we use a per-address errstr here? Not fail the whole send? */
3213 errno = ERRNO_EXPANDFAIL;
e9166683 3214 return -5; /*XXX too harsh? */
d9c3c8ed
JH		 3215 }
3216#endif
3217
251b9eb4 3218 count = smtp_write_command(sx, no_flush ? SCMD_BUFFER : SCMD_FLUSH,
4e910c01 3219 "RCPT TO:<%s>%s%s\r\n", rcpt_addr, sx->igquotstr, sx->buffer);
d9c3c8ed 3220
e9166683 3221 if (count < 0) return -5;
d9c3c8ed
JH		 3222 if (count > 0)
3223 {
df5b41e3 3224 switch(sync_responses(sx, count, 0))
d9c3c8ed
JH		 3225 {
3226 case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
3227 case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
e9166683 3228 break;
d9c3c8ed
JH		 3229
3230 case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
3231 if (!sx->lmtp) /* can't tell about progress yet */
3232 sx->completed_addr = TRUE;
3233 case 0: /* No 2xx or 5xx, but no probs */
3234 break;
3235
e9166683
JH		 3236 case -1: return -3; /* Timeout on RCPT */
3237 case -2: return -2; /* non-MAIL read i/o error */
3238 default: return -1; /* any MAIL error */
ee8b8090
JH		 3239
3240#ifdef EXPERIMENTAL_PIPE_CONNECT
3241 case -4: return -1; /* non-2xx for pipelined banner or EHLO */
fc243e94 3242 case -5: return -1; /* TLS first-read error */
ee8b8090 3243#endif
d9c3c8ed
JH		 3244 }
3245 sx->pending_MAIL = FALSE; /* Dealt with MAIL */
3246 }
3247 } /* Loop for next address */
3248
3249sx->next_addr = addr;
3250return 0;
3251}
3252
3253
875512a3
JH		 3254#ifdef SUPPORT_TLS
3255/*****************************************************
3256* Proxy TLS connection for another transport process *
3257******************************************************/
3258/*
d097cc73
JH		 3259Close the unused end of the pipe, fork once more, then use the given buffer
3260as a staging area, and select on both the given fd and the TLS'd client-fd for
3261data to read (per the coding in ip_recv() and fd_ready() this is legitimate).
3262Do blocking full-size writes, and reads under a timeout. Once both input
3263channels are closed, exit the process.
875512a3
JH		 3264
3265Arguments:
74f1a423 3266 ct_ctx tls context
57cc2785
JH		 3267 buf space to use for buffering
3268 bufsiz size of buffer
d097cc73 3269 pfd pipe filedescriptor array; [0] is comms to proxied process
875512a3
JH		 3270 timeout per-read timeout, seconds
3271*/
3272
57cc2785 3273void
74f1a423
JH		 3274smtp_proxy_tls(void * ct_ctx, uschar * buf, size_t bsize, int * pfd,
3275 int timeout)
875512a3 3276{
e47252f5 3277fd_set rfds, efds;
74f1a423 3278int max_fd = MAX(pfd[0], tls_out.active.sock) + 1;
d7978c0f 3279int rc, i;
875512a3 3280
d097cc73
JH		 3281close(pfd[1]);
3282if ((rc = fork()))
3283 {
3284 DEBUG(D_transport) debug_printf("proxy-proc final-pid %d\n", rc);
3285 _exit(rc < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
3286 }
3287
8768d548 3288if (f.running_in_test_harness) millisleep(100); /* let parent debug out */
875512a3 3289set_process_info("proxying TLS connection for continued transport");
e47252f5 3290FD_ZERO(&rfds);
74f1a423 3291FD_SET(tls_out.active.sock, &rfds);
d097cc73 3292FD_SET(pfd[0], &rfds);
875512a3 3293
d7978c0f 3294for (int fd_bits = 3; fd_bits; )
875512a3
JH		 3295 {
3296 time_t time_left = timeout;
3297 time_t time_start = time(NULL);
3298
3299 /* wait for data */
e47252f5 3300 efds = rfds;
875512a3
JH		 3301 do
3302 {
3303 struct timeval tv = { time_left, 0 };
3304
e47252f5
JH		 3305 rc = select(max_fd,
3306 (SELECT_ARG2_TYPE *)&rfds, NULL, (SELECT_ARG2_TYPE *)&efds, &tv);
875512a3
JH		 3307
3308 if (rc < 0 && errno == EINTR)
3309 if ((time_left -= time(NULL) - time_start) > 0) continue;
3310
3311 if (rc <= 0)
3312 {
3313 DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
d097cc73 3314 goto done;
875512a3 3315 }
e47252f5 3316
74f1a423 3317 if (FD_ISSET(tls_out.active.sock, &efds) || FD_ISSET(pfd[0], &efds))
e47252f5
JH		 3318 {
3319 DEBUG(D_transport) debug_printf("select: exceptional cond on %s fd\n",
d097cc73
JH		 3320 FD_ISSET(pfd[0], &efds) ? "proxy" : "tls");
3321 goto done;
e47252f5 3322 }
875512a3 3323 }
74f1a423 3324 while (rc < 0 || !(FD_ISSET(tls_out.active.sock, &rfds) || FD_ISSET(pfd[0], &rfds)));
875512a3
JH		 3325
3326 /* handle inbound data */
74f1a423
JH		 3327 if (FD_ISSET(tls_out.active.sock, &rfds))
3328 if ((rc = tls_read(ct_ctx, buf, bsize)) <= 0)
875512a3
JH		 3329 {
3330 fd_bits &= ~1;
74f1a423 3331 FD_CLR(tls_out.active.sock, &rfds);
d097cc73 3332 shutdown(pfd[0], SHUT_WR);
e47252f5 3333 timeout = 5;
875512a3
JH		 3334 }
3335 else
3336 {
d7978c0f 3337 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
d097cc73 3338 if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
875512a3
JH		 3339 }
3340 else if (fd_bits & 1)
74f1a423 3341 FD_SET(tls_out.active.sock, &rfds);
875512a3
JH		 3342
3343 /* handle outbound data */
d097cc73
JH		 3344 if (FD_ISSET(pfd[0], &rfds))
3345 if ((rc = read(pfd[0], buf, bsize)) <= 0)
875512a3 3346 {
e47252f5 3347 fd_bits = 0;
74f1a423 3348 tls_close(ct_ctx, TLS_SHUTDOWN_NOWAIT);
c645dd29 3349 ct_ctx = NULL;
875512a3
JH		 3350 }
3351 else
3352 {
d7978c0f 3353 for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
74f1a423 3354 if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
d097cc73 3355 goto done;
875512a3
JH		 3356 }
3357 else if (fd_bits & 2)
d097cc73 3358 FD_SET(pfd[0], &rfds);
875512a3 3359 }
d097cc73
JH		 3360
3361done:
8768d548 3362 if (f.running_in_test_harness) millisleep(100); /* let logging complete */
d097cc73 3363 exim_exit(0, US"TLS proxy");
875512a3
JH		 3364}
3365#endif
3366
3367
d093f8e5
JH		 3368/*************************************************
3369* Deliver address list to given host *
3370*************************************************/
3371
3372/* If continue_hostname is not null, we get here only when continuing to
3373deliver down an existing channel. The channel was passed as the standard
3374input. TLS is never active on a passed channel; the previous process always
3375closes it down before passing the connection on.
3376
3377Otherwise, we have to make a connection to the remote host, and do the
3378initial protocol exchange.
3379
3380When running as an MUA wrapper, if the sender or any recipient is rejected,
3381temporarily or permanently, we force failure for all recipients.
3382
3383Arguments:
3384 addrlist chain of potential addresses to deliver; only those whose
3385 transport_return field is set to PENDING_DEFER are currently
3386 being processed; others should be skipped - they have either
3387 been delivered to an earlier host or IP address, or been
3388 failed by one of them.
3389 host host to deliver to
3390 host_af AF_INET or AF_INET6
a843a57e
JH		 3391 defport default TCP/IP port to use if host does not specify, in host
3392 byte order
d093f8e5
JH		 3393 interface interface to bind to, or NULL
3394 tblock transport instance block
3395 message_defer set TRUE if yield is OK, but all addresses were deferred
3396 because of a non-recipient, non-host failure, that is, a
3397 4xx response to MAIL FROM, DATA, or ".". This is a defer
3398 that is specific to the message.
3399 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
3400 a second attempt after TLS initialization fails
3401
3402Returns: OK - the connection was made and the delivery attempted;
3403 the result for each address is in its data block.
3404 DEFER - the connection could not be made, or something failed
3405 while setting up the SMTP session, or there was a
3406 non-message-specific error, such as a timeout.
3407 ERROR - a filter command is specified for this transport,
3408 and there was a problem setting it up; OR helo_data
3409 or add_headers or authenticated_sender is specified
3410 for this transport, and the string failed to expand
3411*/
3412
3413static int
a843a57e 3414smtp_deliver(address_item *addrlist, host_item *host, int host_af, int defport,
d093f8e5
JH		 3415 uschar *interface, transport_instance *tblock,
3416 BOOL *message_defer, BOOL suppress_tls)
3417{
ee8b8090 3418smtp_transport_options_block * ob = SOB tblock->options_block;
d093f8e5 3419int yield = OK;
d093f8e5
JH		 3420int save_errno;
3421int rc;
32dfdf8b 3422struct timeval start_delivery_time;
d093f8e5 3423
d093f8e5
JH		 3424BOOL pass_message = FALSE;
3425uschar *message = NULL;
3426uschar new_message_id[MESSAGE_ID_LENGTH + 1];
d093f8e5
JH		 3427
3428smtp_context sx;
3429
32dfdf8b 3430gettimeofday(&start_delivery_time, NULL);
d093f8e5 3431suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
02b41d71 3432*message_defer = FALSE;
d093f8e5
JH		 3433
3434sx.addrlist = addrlist;
ee8b8090
JH		 3435sx.conn_args.host = host;
3436sx.conn_args.host_af = host_af,
a843a57e 3437sx.port = defport;
ee8b8090 3438sx.conn_args.interface = interface;
02b41d71 3439sx.helo_data = NULL;
ee8b8090 3440sx.conn_args.tblock = tblock;
e9166683 3441sx.verify = FALSE;
ee8b8090 3442sx.sync_addr = sx.first_addr = addrlist;
d093f8e5 3443
9be4572b
JH		 3444/* Get the channel set up ready for a message (MAIL FROM being the next
3445SMTP command to send */
3446
e9166683 3447if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK)
d093f8e5
JH		 3448 return rc;
3449
0756eb3c
PH		 3450/* If there is a filter command specified for this transport, we can now
3451set it up. This cannot be done until the identify of the host is known. */
3452
e9166683 3453if (tblock->filter_command)
0756eb3c 3454 {
9b989985 3455 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH		 3456
3457 /* On failure, copy the error to all addresses, abandon the SMTP call, and
3458 yield ERROR. */
3459
36d295f1
JH		 3460 if (!transport_set_up_command(&transport_filter_argv,
3461 tblock->filter_command, TRUE, DEFER, addrlist,
3462 string_sprintf("%.50s transport", tblock->name), NULL))
0756eb3c 3463 {
895fbaf2
JH		 3464 set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
3465 FALSE);
0756eb3c
PH		 3466 yield = ERROR;
3467 goto SEND_QUIT;
3468 }
48f1c853
JH		 3469
3470 if ( transport_filter_argv
3471 && *transport_filter_argv
3472 && **transport_filter_argv
14de8063 3473 && sx.peer_offered & OPTION_CHUNKING
48f1c853
JH		 3474 )
3475 {
14de8063 3476 sx.peer_offered &= ~OPTION_CHUNKING;
48f1c853
JH		 3477 DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
3478 }
0756eb3c
PH		 3479 }
3480
0756eb3c
PH		 3481/* For messages that have more than the maximum number of envelope recipients,
3482we want to send several transactions down the same SMTP connection. (See
3483comments in deliver.c as to how this reconciles, heuristically, with
3484remote_max_parallel.) This optimization was added to Exim after the following
3485code was already working. The simplest way to put it in without disturbing the
3486code was to use a goto to jump back to this point when there is another
3487transaction to handle. */
3488
3489SEND_MESSAGE:
d9c3c8ed 3490sx.from_addr = return_path;
36d295f1 3491sx.sync_addr = sx.first_addr;
d093f8e5
JH		 3492sx.ok = FALSE;
3493sx.send_rset = TRUE;
d9c3c8ed 3494sx.completed_addr = FALSE;
0756eb3c
PH		 3495
3496
57cc2785
JH		 3497/* If we are a continued-connection-after-verify the MAIL and RCPT
3498commands were already sent; do not re-send but do mark the addrs as
3499having been accepted up to RCPT stage. A traditional cont-conn
3500always has a sequence number greater than one. */
6b62e899 3501
57cc2785 3502if (continue_hostname && continue_sequence == 1)
0756eb3c 3503 {
57cc2785 3504 sx.peer_offered = smtp_peer_options;
d8b8dd15 3505 sx.pending_MAIL = FALSE;
57cc2785
JH		 3506 sx.ok = TRUE;
3507 sx.next_addr = NULL;
0756eb3c 3508
d7978c0f 3509 for (address_item * addr = addrlist; addr; addr = addr->next)
57cc2785
JH		 3510 addr->transport_return = PENDING_OK;
3511 }
3512else
0756eb3c 3513 {
57cc2785
JH		 3514 /* Initiate a message transfer. */
3515
3516 switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
3517 {
3518 case 0: break;
3519 case -1: case -2: goto RESPONSE_FAILED;
3520 case -3: goto END_OFF;
3521 case -4: goto SEND_QUIT;
3522 default: goto SEND_FAILED;
3523 }
3524
3525 /* If we are an MUA wrapper, abort if any RCPTs were rejected, either
3526 permanently or temporarily. We should have flushed and synced after the last
3527 RCPT. */
3528
3529 if (mua_wrapper)
3530 {
4c2471ca
JH		 3531 address_item * a;
3532 unsigned cnt;
3533
3534 for (a = sx.first_addr, cnt = 0; a && cnt < sx.max_rcpt; a = a->next, cnt++)
3535 if (a->transport_return != PENDING_OK)
57cc2785
JH		 3536 {
3537 /*XXX could we find a better errno than 0 here? */
4c2471ca
JH		 3538 set_errno_nohost(addrlist, 0, a->message, FAIL,
3539 testflag(a, af_pass_message));
57cc2785
JH		 3540 sx.ok = FALSE;
3541 break;
3542 }
3543 }
0756eb3c
PH		 3544 }
3545
3546/* If ok is TRUE, we know we have got at least one good recipient, and must now
3547send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
3548have a good recipient buffered up if we are pipelining. We don't want to waste
3549time sending DATA needlessly, so we only send it if either ok is TRUE or if we
6d5c916c
JH		 3550are pipelining. The responses are all handled by sync_responses().
3551If using CHUNKING, do not send a BDAT until we know how big a chunk we want
3552to send is. */
0756eb3c 3553
14de8063 3554if ( !(sx.peer_offered & OPTION_CHUNKING)
d093f8e5 3555 && (sx.ok || (pipelining_active && !mua_wrapper)))
0756eb3c 3556 {
251b9eb4 3557 int count = smtp_write_command(&sx, SCMD_FLUSH, "DATA\r\n");
6d5c916c 3558
0756eb3c 3559 if (count < 0) goto SEND_FAILED;
df5b41e3 3560 switch(sync_responses(&sx, count, sx.ok ? +1 : -1))
0756eb3c 3561 {
d093f8e5 3562 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
d9c3c8ed 3563 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
0756eb3c
PH		 3564 break;
3565
d093f8e5 3566 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
d9c3c8ed 3567 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
fc243e94 3568 case 0: break; /* No 2xx or 5xx, but no probs */
0756eb3c 3569
fc243e94 3570 case -1: goto END_OFF; /* Timeout on RCPT */
ee8b8090
JH		 3571
3572#ifdef EXPERIMENTAL_PIPE_CONNECT
fc243e94 3573 case -5: /* TLS first-read error */
ee8b8090
JH		 3574 case -4: HDEBUG(D_transport)
3575 debug_printf("failed reaping pipelined cmd responses\n");
3576#endif
0756eb3c
PH		 3577 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
3578 }
0d9fa8c0 3579 pipelining_active = FALSE;
87cb4a16 3580 data_command = string_copy(big_buffer); /* Save for later error message */
0756eb3c
PH		 3581 }
3582
0756eb3c
PH		 3583/* If there were no good recipients (but otherwise there have been no
3584problems), just set ok TRUE, since we have handled address-specific errors
3585already. Otherwise, it's OK to send the message. Use the check/escape mechanism
3586for handling the SMTP dot-handling protocol, flagging to apply to headers as
3587well as body. Set the appropriate timeout value to be used for each chunk.
3588(Haven't been able to make it work using select() for writing yet.) */
3589
14de8063 3590if (!(sx.peer_offered & OPTION_CHUNKING) && !sx.ok)
6d5c916c
JH		 3591 {
3592 /* Save the first address of the next batch. */
d9c3c8ed 3593 sx.first_addr = sx.next_addr;
6d5c916c 3594
d093f8e5 3595 sx.ok = TRUE;
6d5c916c 3596 }
ff5aac2b 3597else
0756eb3c 3598 {
6b46ecc6 3599 transport_ctx tctx = {
ee8b8090
JH		 3600 .u = {.fd = sx.cctx.sock}, /*XXX will this need TLS info? */
3601 .tblock = tblock,
3602 .addr = addrlist,
3603 .check_string = US".",
3604 .escape_string = US"..", /* Escaping strings */
3605 .options =
3606 topt_use_crlf | topt_escape_headers
6b46ecc6
JH		 3607 | (tblock->body_only ? topt_no_headers : 0)
3608 | (tblock->headers_only ? topt_no_body : 0)
3609 | (tblock->return_path_add ? topt_add_return_path : 0)
3610 | (tblock->delivery_date_add ? topt_add_delivery_date : 0)
3611 | (tblock->envelope_to_add ? topt_add_envelope_to : 0)
3612 };
3613
6d5c916c
JH		 3614 /* If using CHUNKING we need a callback from the generic transport
3615 support to us, for the sending of BDAT smtp commands and the reaping
3616 of responses. The callback needs a whole bunch of state so set up
3617 a transport-context structure to be passed around. */
3618
14de8063 3619 if (sx.peer_offered & OPTION_CHUNKING)
59932f7d 3620 {
65de12cc 3621 tctx.check_string = tctx.escape_string = NULL;
6d5c916c
JH		 3622 tctx.options |= topt_use_bdat;
3623 tctx.chunk_cb = smtp_chunk_cmd_callback;
e9166683
JH		 3624 sx.pending_BDAT = FALSE;
3625 sx.good_RCPT = sx.ok;
3626 sx.cmd_count = 0;
3627 tctx.smtp_context = &sx;
59932f7d
JH		 3628 }
3629 else
65de12cc 3630 tctx.options |= topt_end_dot;
59932f7d 3631
6d5c916c 3632 /* Save the first address of the next batch. */
d9c3c8ed 3633 sx.first_addr = sx.next_addr;
6d5c916c 3634
e027f545
JH		 3635 /* Responses from CHUNKING commands go in buffer. Otherwise,
3636 there has not been a response. */
3637
d093f8e5 3638 sx.buffer[0] = 0;
e027f545 3639
0756eb3c 3640 sigalrm_seen = FALSE;
ee8b8090 3641 transport_write_timeout = ob->data_timeout;
0756eb3c
PH		 3642 smtp_command = US"sending data block"; /* For error messages */
3643 DEBUG(D_transport|D_v)
14de8063 3644 if (sx.peer_offered & OPTION_CHUNKING)
6d5c916c
JH		 3645 debug_printf(" will write message using CHUNKING\n");
3646 else
3647 debug_printf(" SMTP>> writing message and terminating \".\"\n");
0756eb3c 3648 transport_count = 0;
a7538db1 3649
80a47a2c 3650#ifndef DISABLE_DKIM
617d3932
JH		 3651 dkim_exim_sign_init();
3652# ifdef EXPERIMENTAL_ARC
3653 {
ee8b8090 3654 uschar * s = ob->arc_sign;
617d3932
JH		 3655 if (s)
3656 {
ee8b8090 3657 if (!(ob->dkim.arc_signspec = s = expand_string(s)))
617d3932 3658 {
8768d548 3659 if (!f.expand_string_forcedfail)
587d831d
JH		 3660 {
3661 message = US"failed to expand arc_sign";
3662 sx.ok = FALSE;
3663 goto SEND_FAILED;
3664 }
3665 }
3666 else if (*s)
3667 {
3668 /* Ask dkim code to hash the body for ARC */
3669 (void) arc_ams_setup_sign_bodyhash();
ee8b8090 3670 ob->dkim.force_bodyhash = TRUE;
617d3932 3671 }
617d3932
JH		 3672 }
3673 }
3674# endif
ee8b8090 3675 sx.ok = dkim_transport_write_message(&tctx, &ob->dkim, CUSS &message);
4cd12fe9 3676#else
42055a33 3677 sx.ok = transport_write_message(&tctx, 0);
4cd12fe9 3678#endif
0756eb3c
PH		 3679
3680 /* transport_write_message() uses write() because it is called from other
3681 places to write to non-sockets. This means that under some OS (e.g. Solaris)
3682 it can exit with "Broken pipe" as its error. This really means that the
3683 socket got closed at the far end. */
3684
3685 transport_write_timeout = 0; /* for subsequent transports */
3686
3687 /* Failure can either be some kind of I/O disaster (including timeout),
e027f545
JH		 3688 or the failure of a transport filter or the expansion of added headers.
3689 Or, when CHUNKING, it can be a protocol-detected failure. */
0756eb3c 3690
d093f8e5 3691 if (!sx.ok)
b9df1829
JH		 3692 if (message) goto SEND_FAILED;
3693 else goto RESPONSE_FAILED;
0756eb3c
PH		 3694
3695 /* We used to send the terminating "." explicitly here, but because of
3696 buffering effects at both ends of TCP/IP connections, you don't gain
3697 anything by keeping it separate, so it might as well go in the final
3698 data buffer for efficiency. This is now done by setting the topt_end_dot
3699 flag above. */
3700
3701 smtp_command = US"end of data";
3702
14de8063 3703 if (sx.peer_offered & OPTION_CHUNKING && sx.cmd_count > 1)
6d5c916c
JH		 3704 {
3705 /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
e9166683 3706 switch(sync_responses(&sx, sx.cmd_count-1, 0))
6d5c916c 3707 {
d093f8e5 3708 case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
d9c3c8ed 3709 case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
fc243e94 3710 break;
6d5c916c 3711
fc243e94 3712 case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
d9c3c8ed 3713 if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
fc243e94 3714 case 0: break; /* No 2xx or 5xx, but no probs */
6d5c916c 3715
fc243e94 3716 case -1: goto END_OFF; /* Timeout on RCPT */
ee8b8090
JH		 3717
3718#ifdef EXPERIMENTAL_PIPE_CONNECT
fc243e94 3719 case -5: /* TLS first-read error */
ee8b8090
JH		 3720 case -4: HDEBUG(D_transport)
3721 debug_printf("failed reaping pipelined cmd responses\n");
3722#endif
fc243e94 3723 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
6d5c916c
JH		 3724 }
3725 }
3726
8ccd00b1 3727#ifndef DISABLE_PRDR
ee8b8090
JH		 3728 /* For PRDR we optionally get a partial-responses warning followed by the
3729 individual responses, before going on with the overall response. If we don't
3730 get the warning then deal with per non-PRDR. */
3731
d093f8e5 3732 if(sx.prdr_active)
fd98a5c6 3733 {
ee8b8090 3734 sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '3', ob->final_timeout);
d093f8e5 3735 if (!sx.ok && errno == 0) switch(sx.buffer[0])
e027f545 3736 {
d093f8e5
JH		 3737 case '2': sx.prdr_active = FALSE;
3738 sx.ok = TRUE;
e027f545
JH		 3739 break;
3740 case '4': errno = ERRNO_DATA4XX;
3741 addrlist->more_errno |=
d093f8e5 3742 ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
e027f545
JH		 3743 break;
3744 }
fd98a5c6
JH		 3745 }
3746 else
3747#endif
3748
3749 /* For non-PRDR SMTP, we now read a single response that applies to the
3750 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 3751
d093f8e5 3752 if (!sx.lmtp)
e97957bc 3753 {
251b9eb4 3754 sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2',
ee8b8090 3755 ob->final_timeout);
d093f8e5 3756 if (!sx.ok && errno == 0 && sx.buffer[0] == '4')
e97957bc
PH		 3757 {
3758 errno = ERRNO_DATA4XX;
d093f8e5 3759 addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
e97957bc
PH		 3760 }
3761 }
0756eb3c
PH		 3762
3763 /* For LMTP, we get back a response for every RCPT command that we sent;
3764 some may be accepted and some rejected. For those that get a response, their
3765 status is fixed; any that are accepted have been handed over, even if later
3766 responses crash - at least, that's how I read RFC 2033.
3767
3768 If all went well, mark the recipient addresses as completed, record which
3769 host/IPaddress they were delivered to, and cut out RSET when sending another
3770 message down the same channel. Write the completed addresses to the journal
3771 now so that they are recorded in case there is a crash of hardware or
3772 software before the spool gets updated. Also record the final SMTP
3773 confirmation if needed (for SMTP only). */
3774
d093f8e5 3775 if (sx.ok)
0756eb3c
PH		 3776 {
3777 int flag = '=';
32dfdf8b 3778 struct timeval delivery_time;
0756eb3c 3779 int len;
32dfdf8b 3780 uschar * conf = NULL;
0d9fa8c0 3781
32dfdf8b 3782 timesince(&delivery_time, &start_delivery_time);
d093f8e5 3783 sx.send_rset = FALSE;
0d9fa8c0 3784 pipelining_active = FALSE;
0756eb3c 3785
0756eb3c
PH		 3786 /* Set up confirmation if needed - applies only to SMTP */
3787
d68218c7 3788 if (
0cbf2b82 3789#ifdef DISABLE_EVENT
6c6d6e48 3790 LOGGING(smtp_confirmation) &&
a7538db1 3791#endif
d093f8e5 3792 !sx.lmtp
d68218c7 3793 )
0756eb3c 3794 {
d093f8e5 3795 const uschar *s = string_printing(sx.buffer);
55414b25 3796 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
5903c6ff 3797 conf = (s == sx.buffer)? US string_copy(s) : US s;
0756eb3c
PH		 3798 }
3799
fd98a5c6 3800 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH		 3801 each one. */
3802
d7978c0f 3803 for (address_item * addr = addrlist; addr != sx.first_addr; addr = addr->next)
0756eb3c
PH		 3804 {
3805 if (addr->transport_return != PENDING_OK) continue;
3806
3807 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
3808 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH		 3809 address. For temporary errors, add a retry item for the address so that
3810 it doesn't get tried again too soon. */
0756eb3c 3811
8ccd00b1 3812#ifndef DISABLE_PRDR
d093f8e5 3813 if (sx.lmtp || sx.prdr_active)
fd98a5c6 3814#else
d093f8e5 3815 if (sx.lmtp)
fd98a5c6 3816#endif
0756eb3c 3817 {
251b9eb4 3818 if (!smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2',
ee8b8090 3819 ob->final_timeout))
0756eb3c 3820 {
d093f8e5 3821 if (errno != 0 || sx.buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6 3822 addr->message = string_sprintf(
8ccd00b1 3823#ifndef DISABLE_PRDR
d093f8e5 3824 "%s error after %s: %s", sx.prdr_active ? "PRDR":"LMTP",
fd98a5c6
JH		 3825#else
3826 "LMTP error after %s: %s",
3827#endif
d093f8e5 3828 data_command, string_printing(sx.buffer));
75def545 3829 setflag(addr, af_pass_message); /* Allow message to go to user */
d093f8e5 3830 if (sx.buffer[0] == '5')
75def545
PH		 3831 addr->transport_return = FAIL;
3832 else
3833 {
e97957bc 3834 errno = ERRNO_DATA4XX;
d093f8e5 3835 addr->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
75def545 3836 addr->transport_return = DEFER;
8ccd00b1 3837#ifndef DISABLE_PRDR
d093f8e5 3838 if (!sx.prdr_active)
fd98a5c6
JH		 3839#endif
3840 retry_add_item(addr, addr->address_retry_key, 0);
75def545 3841 }
0756eb3c
PH		 3842 continue;
3843 }
d9c3c8ed 3844 sx.completed_addr = TRUE; /* NOW we can set this flag */
6c6d6e48 3845 if (LOGGING(smtp_confirmation))
c0ea85ab 3846 {
d093f8e5 3847 const uschar *s = string_printing(sx.buffer);
55414b25 3848 /* deconst cast ok here as string_printing was checked to have alloc'n'copied */
d093f8e5 3849 conf = (s == sx.buffer) ? US string_copy(s) : US s;
c0ea85ab 3850 }
0756eb3c
PH		 3851 }
3852
3853 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 3854 actual host that was used. */
0756eb3c
PH		 3855
3856 addr->transport_return = OK;
32dfdf8b
JH		 3857 addr->more_errno = delivery_time.tv_sec;
3858 addr->delivery_usec = delivery_time.tv_usec;
d427a7f9 3859 addr->host_used = host;
0756eb3c
PH		 3860 addr->special_action = flag;
3861 addr->message = conf;
7c576fca 3862
ee8b8090
JH		 3863 if (tcp_out_fastopen)
3864 {
3865 setflag(addr, af_tcp_fastopen_conn);
3866 if (tcp_out_fastopen >= TFO_USED_NODATA) setflag(addr, af_tcp_fastopen);
3867 if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data);
3868 }
7c576fca 3869 if (sx.pipelining_used) setflag(addr, af_pipelining);
ee8b8090
JH		 3870#ifdef EXPERIMENTAL_PIPE_CONNECT
3871 if (sx.early_pipe_active) setflag(addr, af_early_pipe);
3872#endif
8ccd00b1 3873#ifndef DISABLE_PRDR
7eb0e5d2 3874 if (sx.prdr_active) setflag(addr, af_prdr_used);
fd98a5c6 3875#endif
7eb0e5d2 3876 if (sx.peer_offered & OPTION_CHUNKING) setflag(addr, af_chunking_used);
0756eb3c
PH		 3877 flag = '-';
3878
8ccd00b1 3879#ifndef DISABLE_PRDR
d093f8e5 3880 if (!sx.prdr_active)
fd98a5c6
JH		 3881#endif
3882 {
3883 /* Update the journal. For homonymic addresses, use the base address plus
3884 the transport name. See lots of comments in deliver.c about the reasons
3885 for the complications when homonyms are involved. Just carry on after
3886 write error, as it may prove possible to update the spool file later. */
4d8d62b9 3887
fd98a5c6 3888 if (testflag(addr, af_homonym))
d093f8e5 3889 sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
fd98a5c6 3890 else
d093f8e5 3891 sprintf(CS sx.buffer, "%.500s\n", addr->unique);
4d8d62b9 3892
5bfe3b35 3893 DEBUG(D_deliver) debug_printf("S:journalling %s\n", sx.buffer);
d093f8e5
JH		 3894 len = Ustrlen(CS sx.buffer);
3895 if (write(journal_fd, sx.buffer, len) != len)
fd98a5c6 3896 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
d093f8e5 3897 "%s: %s", sx.buffer, strerror(errno));
fd98a5c6 3898 }
0756eb3c
PH		 3899 }
3900
8ccd00b1 3901#ifndef DISABLE_PRDR
d093f8e5 3902 if (sx.prdr_active)
fd98a5c6 3903 {
2556b3c6
SA		 3904 const uschar * overall_message;
3905
fd98a5c6
JH		 3906 /* PRDR - get the final, overall response. For any non-success
3907 upgrade all the address statuses. */
2556b3c6 3908
251b9eb4 3909 sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer), '2',
ee8b8090 3910 ob->final_timeout);
d093f8e5 3911 if (!sx.ok)
fd98a5c6 3912 {
d093f8e5 3913 if(errno == 0 && sx.buffer[0] == '4')
fd98a5c6
JH		 3914 {
3915 errno = ERRNO_DATA4XX;
d093f8e5 3916 addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
fd98a5c6 3917 }
d7978c0f 3918 for (address_item * addr = addrlist; addr != sx.first_addr; addr = addr->next)
d093f8e5 3919 if (sx.buffer[0] == '5' || addr->transport_return == OK)
fd98a5c6
JH		 3920 addr->transport_return = PENDING_OK; /* allow set_errno action */
3921 goto RESPONSE_FAILED;
3922 }
3923
2556b3c6
SA		 3924 /* Append the overall response to the individual PRDR response for logging
3925 and update the journal, or setup retry. */
3926
3927 overall_message = string_printing(sx.buffer);
d7978c0f 3928 for (address_item * addr = addrlist; addr != sx.first_addr; addr = addr->next)
2556b3c6
SA		 3929 if (addr->transport_return == OK)
3930 addr->message = string_sprintf("%s\\n%s", addr->message, overall_message);
3931
d7978c0f 3932 for (address_item * addr = addrlist; addr != sx.first_addr; addr = addr->next)
fd98a5c6 3933 if (addr->transport_return == OK)
9be4572b
JH		 3934 {
3935 if (testflag(addr, af_homonym))
3936 sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
3937 else
3938 sprintf(CS sx.buffer, "%.500s\n", addr->unique);
3939
3940 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx.buffer);
3941 len = Ustrlen(CS sx.buffer);
3942 if (write(journal_fd, sx.buffer, len) != len)
3943 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
3944 "%s: %s", sx.buffer, strerror(errno));
3945 }
3946 else if (addr->transport_return == DEFER)
3947 retry_add_item(addr, addr->address_retry_key, -2);
fd98a5c6
JH		 3948 }
3949#endif
3950
0756eb3c
PH		 3951 /* Ensure the journal file is pushed out to disk. */
3952
54fc8428 3953 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH		 3954 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
3955 strerror(errno));
3956 }
3957 }
3958
3959
3960/* Handle general (not specific to one address) failures here. The value of ok
3961is used to skip over this code on the falling through case. A timeout causes a
3962deferral. Other errors may defer or fail according to the response code, and
3963may set up a special errno value, e.g. after connection chopped, which is
3964assumed if errno == 0 and there is no text in the buffer. If control reaches
3965here during the setting up phase (i.e. before MAIL FROM) then always defer, as
3966the problem is not related to this specific message. */
3967
d093f8e5 3968if (!sx.ok)
0756eb3c 3969 {
895fbaf2
JH		 3970 int code, set_rc;
3971 uschar * set_message;
0756eb3c
PH		 3972
3973 RESPONSE_FAILED:
895fbaf2
JH		 3974 {
3975 save_errno = errno;
3976 message = NULL;
d093f8e5
JH		 3977 sx.send_quit = check_response(host, &save_errno, addrlist->more_errno,
3978 sx.buffer, &code, &message, &pass_message);
895fbaf2
JH		 3979 goto FAILED;
3980 }
0756eb3c
PH		 3981
3982 SEND_FAILED:
895fbaf2
JH		 3983 {
3984 save_errno = errno;
3985 code = '4';
b9df1829 3986 message = string_sprintf("send() to %s [%s] failed: %s",
c0ad8edf 3987 host->name, host->address, message ? message : US strerror(save_errno));
d093f8e5 3988 sx.send_quit = FALSE;
895fbaf2
JH		 3989 goto FAILED;
3990 }
0756eb3c 3991
0756eb3c 3992 FAILED:
9be4572b
JH		 3993 {
3994 BOOL message_error;
0756eb3c 3995
9be4572b
JH		 3996 sx.ok = FALSE; /* For when reached by GOTO */
3997 set_message = message;
0756eb3c 3998
e97957bc 3999 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 4000 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH		 4001 the contents of the message rather than a real error on the connection. These
4002 cases are treated in the same way as a 4xx response. This next bit of code
4003 does the classification. */
0756eb3c 4004
e97957bc
PH		 4005 switch(save_errno)
4006 {
4007 case 0:
4008 case ERRNO_MAIL4XX:
4009 case ERRNO_DATA4XX:
250b6871
JH		 4010 message_error = TRUE;
4011 break;
0756eb3c 4012
e97957bc 4013 case ETIMEDOUT:
250b6871
JH		 4014 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
4015 Ustrncmp(smtp_command,"end ",4) == 0;
4016 break;
e97957bc
PH		 4017
4018 case ERRNO_SMTPCLOSED:
250b6871
JH		 4019 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
4020 break;
e97957bc
PH		 4021
4022 default:
250b6871
JH		 4023 message_error = FALSE;
4024 break;
e97957bc 4025 }
0756eb3c 4026
e97957bc 4027 /* Handle the cases that are treated as message errors. These are:
0756eb3c 4028
e97957bc
PH		 4029 (a) negative response or timeout after MAIL
4030 (b) negative response after DATA
4031 (c) negative response or timeout or dropped connection after "."
250b6871 4032 (d) utf8 support required and not offered
0756eb3c 4033
e97957bc
PH		 4034 It won't be a negative response or timeout after RCPT, as that is dealt
4035 with separately above. The action in all cases is to set an appropriate
4036 error code for all the addresses, but to leave yield set to OK because the
4037 host itself has not failed. Of course, it might in practice have failed
4038 when we've had a timeout, but if so, we'll discover that at the next
4039 delivery attempt. For a temporary error, set the message_defer flag, and
4040 write to the logs for information if this is not the last host. The error
4041 for the last host will be logged as part of the address's log line. */
4042
4043 if (message_error)
0756eb3c 4044 {
e97957bc 4045 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
e97957bc
PH		 4046
4047 /* If there's an errno, the message contains just the identity of
4048 the host. */
4049
895fbaf2
JH		 4050 if (code == '5')
4051 set_rc = FAIL;
4052 else /* Anything other than 5 is treated as temporary */
e97957bc 4053 {
895fbaf2 4054 set_rc = DEFER;
e97957bc
PH		 4055 if (save_errno > 0)
4056 message = US string_sprintf("%s: %s", message, strerror(save_errno));
ec62d0a9
HSHR		 4057
4058 write_logs(host, message, sx.first_addr ? sx.first_addr->basic_errno : 0);
4059
e97957bc
PH		 4060 *message_defer = TRUE;
4061 }
4062 }
4063
4064 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
4065 ".", or some other transportation error. We defer all addresses and yield
4066 DEFER, except for the case of failed add_headers expansion, or a transport
4067 filter failure, when the yield should be ERROR, to stop it trying other
4068 hosts. */
4069
4070 else
4071 {
ee8b8090
JH		 4072#ifdef EXPERIMENTAL_PIPE_CONNECT
4073 /* If we were early-pipelinng and the actual EHLO response did not match
4074 the cached value we assumed, we could have detected it and passed a
4075 custom errno through to here. It would be nice to RSET and retry right
4076 away, but to reliably do that we eould need an extra synch point before
4077 we committed to data and that would discard half the gained roundrips.
4078 Or we could summarily drop the TCP connection. but that is also ugly.
4079 Instead, we ignore the possibility (having freshened the cache) and rely
4080 on the server telling us with a nonmessage error if we have tried to
4081 do something it no longer supports. */
4082#endif
895fbaf2 4083 set_rc = DEFER;
e97957bc 4084 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
ee8b8090 4085 save_errno == ERRNO_FILTER_FAIL) ? ERROR : DEFER;
0756eb3c
PH		 4086 }
4087 }
895fbaf2
JH		 4088
4089 set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host
4090#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 4091 , sx.smtp_greeting, sx.helo_response
895fbaf2
JH		 4092#endif
4093 );
0756eb3c
PH		 4094 }
4095
4096
4097/* If all has gone well, send_quit will be set TRUE, implying we can end the
4098SMTP session tidily. However, if there were too many addresses to send in one
4099message (indicated by first_addr being non-NULL) we want to carry on with the
4100rest of them. Also, it is desirable to send more than one message down the SMTP
4101connection if there are several waiting, provided we haven't already sent so
4102many as to hit the configured limit. The function transport_check_waiting looks
4103for a waiting message and returns its id. Then transport_pass_socket tries to
4104set up a continued delivery by passing the socket on to another process. The
aded2255 4105variable send_rset is FALSE if a message has just been successfully transferred.
0756eb3c
PH		 4106
4107If we are already sending down a continued channel, there may be further
4108addresses not yet delivered that are aimed at the same host, but which have not
4109been passed in this run of the transport. In this case, continue_more will be
4110true, and all we should do is send RSET if necessary, and return, leaving the
4111channel open.
4112
4113However, if no address was disposed of, i.e. all addresses got 4xx errors, we
4114do not want to continue with other messages down the same channel, because that
4115can lead to looping between two or more messages, all with the same,
4116temporarily failing address(es). [The retry information isn't updated yet, so
4117new processes keep on trying.] We probably also don't want to try more of this
4118message's addresses either.
4119
4120If we have started a TLS session, we have to end it before passing the
4121connection to a new process. However, not all servers can handle this (Exim
4122can), so we do not pass such a connection on if the host matches
4123hosts_nopass_tls. */
4124
4125DEBUG(D_transport)
4126 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
d093f8e5 4127 "yield=%d first_address is %sNULL\n", sx.ok, sx.send_quit,
8768d548 4128 sx.send_rset, f.continue_more, yield, sx.first_addr ? "not " : "");
0756eb3c 4129
d9c3c8ed 4130if (sx.completed_addr && sx.ok && sx.send_quit)
0756eb3c
PH		 4131 {
4132 BOOL more;
a39bd74d
JB		 4133 smtp_compare_t t_compare;
4134
4135 t_compare.tblock = tblock;
4136 t_compare.current_sender_address = sender_address;
4137
d9c3c8ed 4138 if ( sx.first_addr != NULL
8768d548 4139 || f.continue_more
875512a3
JH		 4140 || (
4141#ifdef SUPPORT_TLS
74f1a423 4142 ( tls_out.active.sock < 0 && !continue_proxy_cipher
ee8b8090 4143 || verify_check_given_host(CUSS &ob->hosts_nopass_tls, host) != OK
5130845b 4144 )
0756eb3c 4145 &&
875512a3 4146#endif
0756eb3c 4147 transport_check_waiting(tblock->name, host->name,
a39bd74d
JB		 4148 tblock->connection_max_messages, new_message_id, &more,
4149 (oicf)smtp_are_same_identities, (void*)&t_compare)
5130845b 4150 ) )
0756eb3c
PH		 4151 {
4152 uschar *msg;
447d236c 4153 BOOL pass_message;
0756eb3c 4154
d093f8e5 4155 if (sx.send_rset)
251b9eb4 4156 if (! (sx.ok = smtp_write_command(&sx, SCMD_FLUSH, "RSET\r\n") >= 0))
0756eb3c
PH		 4157 {
4158 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
9e7e0f6a 4159 host->address, strerror(errno));
d093f8e5 4160 sx.send_quit = FALSE;
0756eb3c 4161 }
ee8b8090
JH		 4162 else if (! (sx.ok = smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer),
4163 '2', ob->command_timeout)))
0756eb3c
PH		 4164 {
4165 int code;
d093f8e5 4166 sx.send_quit = check_response(host, &errno, 0, sx.buffer, &code, &msg,
447d236c 4167 &pass_message);
d093f8e5 4168 if (!sx.send_quit)
0756eb3c 4169 {
c562fd30
JH		 4170 DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
4171 host->name, host->address, msg);
0756eb3c
PH		 4172 }
4173 }
0756eb3c
PH		 4174
4175 /* Either RSET was not needed, or it succeeded */
4176
d093f8e5 4177 if (sx.ok)
0756eb3c 4178 {
13c7874e 4179#ifdef SUPPORT_TLS
875512a3 4180 int pfd[2];
13c7874e 4181#endif
74f1a423 4182 int socket_fd = sx.cctx.sock;
875512a3
JH		 4183
4184
4185 if (sx.first_addr != NULL) /* More addresses still to be sent */
0756eb3c
PH		 4186 { /* in this run of the transport */
4187 continue_sequence++; /* Causes * in logging */
4188 goto SEND_MESSAGE;
4189 }
0756eb3c 4190
b7d3afcf
JH		 4191 /* Unless caller said it already has more messages listed for this host,
4192 pass the connection on to a new Exim process (below, the call to
4193 transport_pass_socket). If the caller has more ready, just return with
4194 the connection still open. */
4195
a7538db1 4196#ifdef SUPPORT_TLS
74f1a423 4197 if (tls_out.active.sock >= 0)
8768d548 4198 if ( f.continue_more
ee8b8090 4199 || verify_check_given_host(CUSS &ob->hosts_noproxy_tls, host) == OK)
875512a3 4200 {
b7d3afcf
JH		 4201 /* Before passing the socket on, or returning to caller with it still
4202 open, we must shut down TLS. Not all MTAs allow for the continuation
4203 of the SMTP session when TLS is shut down. We test for this by sending
4204 a new EHLO. If we don't get a good response, we don't attempt to pass
4205 the socket on. */
875512a3 4206
74f1a423 4207 tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
c645dd29 4208 sx.cctx.tls_ctx = NULL;
875512a3
JH		 4209 smtp_peer_options = smtp_peer_options_wrap;
4210 sx.ok = !sx.smtps
251b9eb4
JH		 4211 && smtp_write_command(&sx, SCMD_FLUSH, "EHLO %s\r\n", sx.helo_data)
4212 >= 0
4213 && smtp_read_response(&sx, sx.buffer, sizeof(sx.buffer),
ee8b8090 4214 '2', ob->command_timeout);
b7d3afcf 4215
8768d548 4216 if (sx.ok && f.continue_more)
b7d3afcf 4217 return yield; /* More addresses for another run */
875512a3
JH		 4218 }
4219 else
4220 {
4221 /* Set up a pipe for proxying TLS for the new transport process */
4222
14de8063 4223 smtp_peer_options |= OPTION_TLS;
fa18eebc 4224 if (sx.ok = (socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
875512a3
JH		 4225 socket_fd = pfd[1];
4226 else
4227 set_errno(sx.first_addr, errno, US"internal allocation problem",
4228 DEFER, FALSE, host
4229# ifdef EXPERIMENTAL_DSN_INFO
4230 , sx.smtp_greeting, sx.helo_response
4231# endif
4232 );
4233 }
b7d3afcf 4234 else
a7538db1 4235#endif
8768d548 4236 if (f.continue_more)
b7d3afcf 4237 return yield; /* More addresses for another run */
0756eb3c 4238
4c04137d 4239 /* If the socket is successfully passed, we mustn't send QUIT (or
0756eb3c
PH		 4240 indeed anything!) from here. */
4241
895fbaf2
JH		 4242/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
4243propagate it from the initial
4244*/
d093f8e5 4245 if (sx.ok && transport_pass_socket(tblock->name, host->name,
875512a3
JH		 4246 host->address, new_message_id, socket_fd))
4247 {
d093f8e5 4248 sx.send_quit = FALSE;
875512a3 4249
d097cc73
JH		 4250 /* We have passed the client socket to a fresh transport process.
4251 If TLS is still active, we need to proxy it for the transport we
875512a3
JH		 4252 just passed the baton to. Fork a child to to do it, and return to
4253 get logging done asap. Which way to place the work makes assumptions
4254 about post-fork prioritisation which may not hold on all platforms. */
57cc2785 4255#ifdef SUPPORT_TLS
74f1a423 4256 if (tls_out.active.sock >= 0)
875512a3
JH		 4257 {
4258 int pid = fork();
d097cc73 4259 if (pid == 0) /* child; fork again to disconnect totally */
626810b9 4260 {
8768d548 4261 if (f.running_in_test_harness) millisleep(100); /* let parent debug out */
d097cc73 4262 /* does not return */
74f1a423 4263 smtp_proxy_tls(sx.cctx.tls_ctx, sx.buffer, sizeof(sx.buffer), pfd,
ee8b8090 4264 ob->command_timeout);
626810b9 4265 }
d097cc73 4266
875512a3
JH		 4267 if (pid > 0) /* parent */
4268 {
b7d3afcf 4269 DEBUG(D_transport) debug_printf("proxy-proc inter-pid %d\n", pid);
e47252f5 4270 close(pfd[0]);
d097cc73 4271 /* tidy the inter-proc to disconn the proxy proc */
60272099 4272 waitpid(pid, NULL, 0);
74f1a423
JH		 4273 tls_close(sx.cctx.tls_ctx, TLS_NO_SHUTDOWN);
4274 sx.cctx.tls_ctx = NULL;
4275 (void)close(sx.cctx.sock);
4276 sx.cctx.sock = -1;
875512a3
JH		 4277 continue_transport = NULL;
4278 continue_hostname = NULL;
4279 return yield;
4280 }
d097cc73 4281 log_write(0, LOG_PANIC_DIE, "fork failed");
875512a3 4282 }
57cc2785 4283#endif
875512a3 4284 }
0756eb3c
PH		 4285 }
4286
4287 /* If RSET failed and there are addresses left, they get deferred. */
875512a3
JH		 4288 else
4289 set_errno(sx.first_addr, errno, msg, DEFER, FALSE, host
895fbaf2 4290#ifdef EXPERIMENTAL_DSN_INFO
d093f8e5 4291 , sx.smtp_greeting, sx.helo_response
895fbaf2
JH		 4292#endif
4293 );
0756eb3c
PH		 4294 }
4295 }
4296
4297/* End off tidily with QUIT unless the connection has died or the socket has
4298been passed to another process. There has been discussion on the net about what
4299to do after sending QUIT. The wording of the RFC suggests that it is necessary
4300to wait for a response, but on the other hand, there isn't anything one can do
4301with an error response, other than log it. Exim used to do that. However,
4302further discussion suggested that it is positively advantageous not to wait for
4303the response, but to close the session immediately. This is supposed to move
4304the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
4305load from the server. (Hosts that are both servers and clients may not see much
4306difference, of course.) Further discussion indicated that this was safe to do
4307on Unix systems which have decent implementations of TCP/IP that leave the
4308connection around for a while (TIME_WAIT) after the application has gone away.
4309This enables the response sent by the server to be properly ACKed rather than
4310timed out, as can happen on broken TCP/IP implementations on other OS.
4311
4312This change is being made on 31-Jul-98. After over a year of trouble-free
4313operation, the old commented-out code was removed on 17-Sep-99. */
4314
4315SEND_QUIT:
2aaa3cdd
JH		 4316#ifdef TCP_CORK
4317(void) setsockopt(sx.cctx.sock, IPPROTO_TCP, TCP_CORK, US &on, sizeof(on));
4318#endif
251b9eb4 4319if (sx.send_quit) (void)smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
0756eb3c
PH		 4320
4321END_OFF:
4322
4323#ifdef SUPPORT_TLS
74f1a423 4324tls_close(sx.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
c645dd29 4325sx.cctx.tls_ctx = NULL;
0756eb3c
PH		 4326#endif
4327
4328/* Close the socket, and return the appropriate value, first setting
0756eb3c
PH		 4329works because the NULL setting is passed back to the calling process, and
4330remote_max_parallel is forced to 1 when delivering over an existing connection,
4331
4332If all went well and continue_more is set, we shouldn't actually get here if
4333there are further addresses, as the return above will be taken. However,
4334writing RSET might have failed, or there may be other addresses whose hosts are
4335specified in the transports, and therefore not visible at top level, in which
4336case continue_more won't get set. */
4337
e1d04f48 4338HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
d093f8e5 4339if (sx.send_quit)
60d10ce7 4340 {
74f1a423 4341 shutdown(sx.cctx.sock, SHUT_WR);
ee8b8090 4342 millisleep(f.running_in_test_harness ? 200 : 20);
74f1a423 4343 if (fcntl(sx.cctx.sock, F_SETFL, O_NONBLOCK) == 0)
d7978c0f
JH		 4344 for (int i = 16; read(sx.cctx.sock, sx.inbuffer, sizeof(sx.inbuffer)) > 0 && i > 0;)
4345 i--; /* drain socket */
60d10ce7 4346 }
74f1a423 4347(void)close(sx.cctx.sock);
a7538db1 4348
0cbf2b82 4349#ifndef DISABLE_EVENT
774ef2d7 4350(void) event_raise(tblock->event_action, US"tcp:close", NULL);
a7538db1
JH		 4351#endif
4352
0756eb3c
PH		 4353continue_transport = NULL;
4354continue_hostname = NULL;
4355return yield;
4356}
4357
4358
4359
4360
4361/*************************************************
4362* Closedown entry point *
4363*************************************************/
4364
4365/* This function is called when exim is passed an open smtp channel
4366from another incarnation, but the message which it has been asked
4367to deliver no longer exists. The channel is on stdin.
4368
4369We might do fancy things like looking for another message to send down
4370the channel, but if the one we sought has gone, it has probably been
4371delivered by some other process that itself will seek further messages,
4372so just close down our connection.
4373
4374Argument: pointer to the transport instance block
4375Returns: nothing
4376*/
4377
4378void
4379smtp_transport_closedown(transport_instance *tblock)
4380{
ee8b8090 4381smtp_transport_options_block * ob = SOB tblock->options_block;
74f1a423 4382client_conn_ctx cctx;
251b9eb4 4383smtp_context sx;
0756eb3c
PH		 4384uschar buffer[256];
4385uschar inbuffer[4096];
4386uschar outbuffer[16];
4387
74f1a423
JH		 4388/*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
4389cctx.sock = fileno(stdin);
4390cctx.tls_ctx = cctx.sock == tls_out.active.sock ? tls_out.active.tls_ctx : NULL;
4391
251b9eb4
JH		 4392sx.inblock.cctx = &cctx;
4393sx.inblock.buffer = inbuffer;
4394sx.inblock.buffersize = sizeof(inbuffer);
4395sx.inblock.ptr = inbuffer;
4396sx.inblock.ptrend = inbuffer;
4397
4398sx.outblock.cctx = &cctx;
4399sx.outblock.buffersize = sizeof(outbuffer);
4400sx.outblock.buffer = outbuffer;
4401sx.outblock.ptr = outbuffer;
4402sx.outblock.cmd_count = 0;
4403sx.outblock.authenticating = FALSE;
4404
4405(void)smtp_write_command(&sx, SCMD_FLUSH, "QUIT\r\n");
4406(void)smtp_read_response(&sx, buffer, sizeof(buffer), '2', ob->command_timeout);
74f1a423 4407(void)close(cctx.sock);
0756eb3c
PH		 4408}
4409
4410
4411
4412/*************************************************
4413* Prepare addresses for delivery *
4414*************************************************/
4415
4416/* This function is called to flush out error settings from previous delivery
4417attempts to other hosts. It also records whether we got here via an MX record
4418or not in the more_errno field of the address. We are interested only in
4419addresses that are still marked DEFER - others may have got delivered to a
4420previously considered IP address. Set their status to PENDING_DEFER to indicate
4421which ones are relevant this time.
4422
4423Arguments:
4424 addrlist the list of addresses
4425 host the host we are delivering to
4426
4427Returns: the first address for this delivery
4428*/
4429
4430static address_item *
4431prepare_addresses(address_item *addrlist, host_item *host)
4432{
4433address_item *first_addr = NULL;
d7978c0f 4434for (address_item * addr = addrlist; addr; addr = addr->next)
168dec3b
JH		 4435 if (addr->transport_return == DEFER)
4436 {
7b4c8c1f 4437 if (!first_addr) first_addr = addr;
168dec3b
JH		 4438 addr->transport_return = PENDING_DEFER;
4439 addr->basic_errno = 0;
4440 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
4441 addr->message = NULL;
a7538db1 4442#ifdef SUPPORT_TLS
168dec3b
JH		 4443 addr->cipher = NULL;
4444 addr->ourcert = NULL;
4445 addr->peercert = NULL;
4446 addr->peerdn = NULL;
4447 addr->ocsp = OCSP_NOT_REQ;
895fbaf2
JH		 4448#endif
4449#ifdef EXPERIMENTAL_DSN_INFO
4450 addr->smtp_greeting = NULL;
4451 addr->helo_response = NULL;
a7538db1 4452#endif
168dec3b 4453 }
0756eb3c
PH		 4454return first_addr;
4455}
4456
4457
4458
4459/*************************************************
4460* Main entry point *
4461*************************************************/
4462
4463/* See local README for interface details. As this is a remote transport, it is
4464given a chain of addresses to be delivered in one connection, if possible. It
4465always returns TRUE, indicating that each address has its own independent
4466status set, except if there is a setting up problem, in which case it returns
4467FALSE. */
4468
4469BOOL
4470smtp_transport_entry(
4471 transport_instance *tblock, /* data for this instantiation */
4472 address_item *addrlist) /* addresses we are working on */
4473{
a843a57e 4474int defport;
0756eb3c
PH		 4475int hosts_defer = 0;
4476int hosts_fail = 0;
4477int hosts_looked_up = 0;
4478int hosts_retry = 0;
4479int hosts_serial = 0;
4480int hosts_total = 0;
8e669ac1 4481int total_hosts_tried = 0;
0756eb3c 4482BOOL expired = TRUE;
0756eb3c
PH		 4483uschar *expanded_hosts = NULL;
4484uschar *pistring;
4485uschar *tid = string_sprintf("%s transport", tblock->name);
ee8b8090 4486smtp_transport_options_block *ob = SOB tblock->options_block;
0756eb3c 4487host_item *hostlist = addrlist->host_list;
56dbf856 4488host_item *host = NULL;
0756eb3c
PH		 4489
4490DEBUG(D_transport)
4491 {
4492 debug_printf("%s transport entered\n", tblock->name);
d7978c0f 4493 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c 4494 debug_printf(" %s\n", addr->address);
7b4c8c1f
JH		 4495 if (hostlist)
4496 {
4497 debug_printf("hostlist:\n");
d7978c0f 4498 for (host_item * host = hostlist; host; host = host->next)
f8ea1886 4499 debug_printf(" '%s' IP %s port %d\n", host->name, host->address, host->port);
7b4c8c1f 4500 }
57cc2785
JH		 4501 if (continue_hostname)
4502 debug_printf("already connected to %s [%s] (on fd %d)\n",
4503 continue_hostname, continue_host_address,
74f1a423 4504 cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0);
0756eb3c
PH		 4505 }
4506
f6c332bd
PH		 4507/* Set the flag requesting that these hosts be added to the waiting
4508database if the delivery fails temporarily or if we are running with
4509queue_smtp or a 2-stage queue run. This gets unset for certain
4510kinds of error, typically those that are specific to the message. */
4511
4512update_waiting = TRUE;
4513
0756eb3c
PH		 4514/* If a host list is not defined for the addresses - they must all have the
4515same one in order to be passed to a single transport - or if the transport has
4516a host list with hosts_override set, use the host list supplied with the
4517transport. It is an error for this not to exist. */
4518
7b4c8c1f 4519if (!hostlist || (ob->hosts_override && ob->hosts))
0756eb3c 4520 {
7b4c8c1f 4521 if (!ob->hosts)
0756eb3c
PH		 4522 {
4523 addrlist->message = string_sprintf("%s transport called with no hosts set",
4524 tblock->name);
4525 addrlist->transport_return = PANIC;
4526 return FALSE; /* Only top address has status */
4527 }
4528
4529 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
4530 ob->hosts);
4531
4532 /* If the transport's host list contains no '$' characters, and we are not
4533 randomizing, it is fixed and therefore a chain of hosts can be built once
4534 and for all, and remembered for subsequent use by other calls to this
4535 transport. If, on the other hand, the host list does contain '$', or we are
4536 randomizing its order, we have to rebuild it each time. In the fixed case,
4537 as the hosts string will never be used again, it doesn't matter that we
4538 replace all the : characters with zeros. */
4539
7b4c8c1f 4540 if (!ob->hostlist)
0756eb3c
PH		 4541 {
4542 uschar *s = ob->hosts;
4543
4544 if (Ustrchr(s, '$') != NULL)
4545 {
d427a7f9 4546 if (!(expanded_hosts = expand_string(s)))
0756eb3c
PH		 4547 {
4548 addrlist->message = string_sprintf("failed to expand list of hosts "
4549 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
8768d548 4550 addrlist->transport_return = f.search_find_defer ? DEFER : PANIC;
0756eb3c
PH		 4551 return FALSE; /* Only top address has status */
4552 }
4553 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
4554 "\"%s\"\n", s, expanded_hosts);
4555 s = expanded_hosts;
4556 }
4557 else
4558 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
4559
4560 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
4561
e276e04b 4562 /* Check that the expansion yielded something useful. */
7b4c8c1f 4563 if (!hostlist)
e276e04b
TF		 4564 {
4565 addrlist->message =
4566 string_sprintf("%s transport has empty hosts setting", tblock->name);
4567 addrlist->transport_return = PANIC;
4568 return FALSE; /* Only top address has status */
4569 }
4570
0756eb3c
PH		 4571 /* If there was no expansion of hosts, save the host list for
4572 next time. */
4573
d427a7f9 4574 if (!expanded_hosts) ob->hostlist = hostlist;
0756eb3c
PH		 4575 }
4576
4577 /* This is not the first time this transport has been run in this delivery;
4578 the host list was built previously. */
4579
55414b25
JH		 4580 else
4581 hostlist = ob->hostlist;
0756eb3c
PH		 4582 }
4583
4584/* The host list was supplied with the address. If hosts_randomize is set, we
4585must sort it into a random order if it did not come from MX records and has not
4586already been randomized (but don't bother if continuing down an existing
4587connection). */
4588
7b4c8c1f 4589else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continue_hostname)
0756eb3c
PH		 4590 {
4591 host_item *newlist = NULL;
7b4c8c1f 4592 while (hostlist)
0756eb3c
PH		 4593 {
4594 host_item *h = hostlist;
4595 hostlist = hostlist->next;
4596
4597 h->sort_key = random_number(100);
4598
7b4c8c1f 4599 if (!newlist)
0756eb3c
PH		 4600 {
4601 h->next = NULL;
4602 newlist = h;
4603 }
4604 else if (h->sort_key < newlist->sort_key)
4605 {
4606 h->next = newlist;
4607 newlist = h;
4608 }
4609 else
4610 {
4611 host_item *hh = newlist;
7b4c8c1f 4612 while (hh->next)
0756eb3c
PH		 4613 {
4614 if (h->sort_key < hh->next->sort_key) break;
4615 hh = hh->next;
4616 }
4617 h->next = hh->next;
4618 hh->next = h;
4619 }
4620 }
4621
4622 hostlist = addrlist->host_list = newlist;
4623 }
4624
2d280592 4625/* Sort out the default port. */
0756eb3c 4626
a843a57e 4627if (!smtp_get_port(ob->port, addrlist, &defport, tid)) return FALSE;
0756eb3c 4628
0756eb3c
PH		 4629/* For each host-plus-IP-address on the list:
4630
4631. If this is a continued delivery and the host isn't the one with the
4632 current connection, skip.
4633
4634. If the status is unusable (i.e. previously failed or retry checked), skip.
4635
4636. If no IP address set, get the address, either by turning the name into
4637 an address, calling gethostbyname if gethostbyname is on, or by calling
4638 the DNS. The DNS may yield multiple addresses, in which case insert the
4639 extra ones into the list.
4640
4641. Get the retry data if not previously obtained for this address and set the
4642 field which remembers the state of this address. Skip if the retry time is
4643 not reached. If not, remember whether retry data was found. The retry string
4644 contains both the name and the IP address.
4645
4646. Scan the list of addresses and mark those whose status is DEFER as
4647 PENDING_DEFER. These are the only ones that will be processed in this cycle
4648 of the hosts loop.
4649
4650. Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
4651 Some addresses may be successfully delivered, others may fail, and yet
4652 others may get temporary errors and so get marked DEFER.
4653
4654. The return from the delivery attempt is OK if a connection was made and a
4655 valid SMTP dialogue was completed. Otherwise it is DEFER.
4656
4657. If OK, add a "remove" retry item for this host/IPaddress, if any.
4658
4659. If fail to connect, or other defer state, add a retry item.
4660
4661. If there are any addresses whose status is still DEFER, carry on to the
4662 next host/IPaddress, unless we have tried the number of hosts given
533244af 4663 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
8e669ac1
PH		 4664 there is some fancy logic for hosts_max_try that means its limit can be
4665 overstepped in some circumstances.
0756eb3c
PH		 4666
4667If we get to the end of the list, all hosts have deferred at least one address,
4668or not reached their retry times. If delay_after_cutoff is unset, it requests a
4669delivery attempt to those hosts whose last try was before the arrival time of
4670the current message. To cope with this, we have to go round the loop a second
4671time. After that, set the status and error data for any addresses that haven't
4672had it set already. */
4673
d7978c0f 4674for (int cutoff_retry = 0;
7b4c8c1f 4675 expired && cutoff_retry < (ob->delay_after_cutoff ? 1 : 2);
0756eb3c
PH		 4676 cutoff_retry++)
4677 {
4678 host_item *nexthost = NULL;
4679 int unexpired_hosts_tried = 0;
2577f55f 4680 BOOL continue_host_tried = FALSE;
0756eb3c 4681
2577f55f 4682retry_non_continued:
0756eb3c 4683 for (host = hostlist;
7b4c8c1f
JH		 4684 host
4685 && unexpired_hosts_tried < ob->hosts_max_try
4686 && total_hosts_tried < ob->hosts_max_try_hardlimit;
0756eb3c
PH		 4687 host = nexthost)
4688 {
4689 int rc;
4690 int host_af;
0756eb3c
PH		 4691 BOOL host_is_expired = FALSE;
4692 BOOL message_defer = FALSE;
0756eb3c
PH		 4693 BOOL some_deferred = FALSE;
4694 address_item *first_addr = NULL;
4695 uschar *interface = NULL;
4696 uschar *retry_host_key = NULL;
4697 uschar *retry_message_key = NULL;
4698 uschar *serialize_key = NULL;
4699
9c4e8f60
PH		 4700 /* Default next host is next host. :-) But this can vary if the
4701 hosts_max_try limit is hit (see below). It may also be reset if a host
4702 address is looked up here (in case the host was multihomed). */
4703
4704 nexthost = host->next;
4705
0756eb3c
PH		 4706 /* If the address hasn't yet been obtained from the host name, look it up
4707 now, unless the host is already marked as unusable. If it is marked as
4708 unusable, it means that the router was unable to find its IP address (in
4709 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
4710 the lookup failed last time. We don't get this far if *all* MX records
4711 point to non-existent hosts; that is treated as a hard error.
4712
4713 We can just skip this host entirely. When the hosts came from the router,
4714 the address will timeout based on the other host(s); when the address is
4715 looked up below, there is an explicit retry record added.
4716
4717 Note that we mustn't skip unusable hosts if the address is not unset; they
4718 may be needed as expired hosts on the 2nd time round the cutoff loop. */
4719
7b4c8c1f 4720 if (!host->address)
0756eb3c 4721 {
322050c2 4722 int new_port, flags;
0756eb3c
PH		 4723
4724 if (host->status >= hstatus_unusable)
4725 {
4726 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
4727 host->name);
4728 continue;
4729 }
4730
4731 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
4732
7cd1141b
PH		 4733 /* The host name is permitted to have an attached port. Find it, and
4734 strip it from the name. Just remember it for now. */
4735
4736 new_port = host_item_get_port(host);
4737
4738 /* Count hosts looked up */
4739
0756eb3c
PH		 4740 hosts_looked_up++;
4741
4742 /* Find by name if so configured, or if it's an IP address. We don't
4743 just copy the IP address, because we need the test-for-local to happen. */
4744
66387a73 4745 flags = HOST_FIND_BY_A | HOST_FIND_BY_AAAA;
322050c2
PH		 4746 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
4747 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
4748
7e66e54d 4749 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
55414b25 4750 rc = host_find_byname(host, NULL, flags, NULL, TRUE);
0756eb3c 4751 else
0756eb3c 4752 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
7cd171b7 4753 &ob->dnssec, /* domains for request/require */
55414b25 4754 NULL, NULL);
0756eb3c 4755
7cd1141b
PH		 4756 /* Update the host (and any additional blocks, resulting from
4757 multihoming) with a host-specific port, if any. */
4758
d7978c0f 4759 for (host_item * hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
7cd1141b 4760
0756eb3c
PH		 4761 /* Failure to find the host at this time (usually DNS temporary failure)
4762 is really a kind of routing failure rather than a transport failure.
4763 Therefore we add a retry item of the routing kind, not to stop us trying
4764 to look this name up here again, but to ensure the address gets timed
4765 out if the failures go on long enough. A complete failure at this point
4766 commonly points to a configuration error, but the best action is still
4767 to carry on for the next host. */
4768
2546388c 4769 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
0756eb3c
PH		 4770 {
4771 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
4772 expired = FALSE;
4773 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
4774 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
4775 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
4776 host->status = hstatus_unusable;
4777
d7978c0f 4778 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4779 {
4780 if (addr->transport_return != DEFER) continue;
4781 addr->basic_errno = ERRNO_UNKNOWNHOST;
2546388c
JH		 4782 addr->message = string_sprintf(
4783 rc == HOST_FIND_SECURITY
4784 ? "lookup of IP address for %s was insecure"
4785 : "failed to lookup IP address for %s",
4786 host->name);
0756eb3c
PH		 4787 }
4788 continue;
4789 }
4790
4791 /* If the host is actually the local host, we may have a problem, or
4792 there may be some cunning configuration going on. In the problem case,
4793 log things and give up. The default transport status is already DEFER. */
4794
4795 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
4796 {
d7978c0f 4797 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 4798 {
4799 addr->basic_errno = 0;
4800 addr->message = string_sprintf("%s transport found host %s to be "
4801 "local", tblock->name, host->name);
4802 }
4803 goto END_TRANSPORT;
4804 }
4805 } /* End of block for IP address lookup */
4806
4807 /* If this is a continued delivery, we are interested only in the host
4808 which matches the name of the existing open channel. The check is put
4809 here after the local host lookup, in case the name gets expanded as a
4810 result of the lookup. Set expired FALSE, to save the outer loop executing
4811 twice. */
4812
2577f55f
JH		 4813 if (continue_hostname)
4814 if ( Ustrcmp(continue_hostname, host->name) != 0
4815 || Ustrcmp(continue_host_address, host->address) != 0
4816 )
4817 {
4818 expired = FALSE;
4819 continue; /* With next host */
4820 }
4821 else
4822 continue_host_tried = TRUE;
0756eb3c 4823
9c4e8f60
PH		 4824 /* Reset the default next host in case a multihomed host whose addresses
4825 are not looked up till just above added to the host list. */
83364d30
PH		 4826
4827 nexthost = host->next;
4828
0756eb3c
PH		 4829 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
4830 domain is in queue_smtp_domains, we don't actually want to attempt any
4831 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
4832 there is a lookup defer in queue_smtp_domains, proceed as if the domain
4833 were not in it. We don't want to hold up all SMTP deliveries! Except when
4834 doing a two-stage queue run, don't do this if forcing. */
4835
8768d548 4836 if ((!f.deliver_force || f.queue_2stage) && (f.queue_smtp ||
55414b25
JH		 4837 match_isinlist(addrlist->domain,
4838 (const uschar **)&queue_smtp_domains, 0,
cf39cf57 4839 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
0756eb3c
PH		 4840 {
4841 expired = FALSE;
d7978c0f 4842 for (address_item * addr = addrlist; addr; addr = addr->next)
7b4c8c1f
JH		 4843 if (addr->transport_return == DEFER)
4844 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
0756eb3c
PH		 4845 continue; /* With next host */
4846 }
4847
4848 /* Count hosts being considered - purely for an intelligent comment
4849 if none are usable. */
4850
4851 hosts_total++;
4852
4853 /* Set $host and $host address now in case they are needed for the
4854 interface expansion or the serialize_hosts check; they remain set if an
4855 actual delivery happens. */
4856
4857 deliver_host = host->name;
4858 deliver_host_address = host->address;
783b385f
JH		 4859 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
4860 : host->dnssec == DS_NO ? US"no"
4861 : US"";
0756eb3c 4862
7cd1141b
PH		 4863 /* Set up a string for adding to the retry key if the port number is not
4864 the standard SMTP port. A host may have its own port setting that overrides
4865 the default. */
4866
7b4c8c1f 4867 pistring = string_sprintf(":%d", host->port == PORT_NONE
a843a57e 4868 ? defport : host->port);
7cd1141b
PH		 4869 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
4870
0756eb3c 4871 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
6f6dedcc
JH		 4872 string is set, even if constant (as different transports can have different
4873 constant settings), we must add it to the key that is used for retries,
4874 because connections to the same host from a different interface should be
4875 treated separately. */
0756eb3c 4876
7b4c8c1f 4877 host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6;
6f6dedcc 4878 {
aeb65e91
JH		 4879 uschar * s = ob->interface;
4880 if (s && *s)
4881 {
4882 if (!smtp_get_interface(s, host_af, addrlist, &interface, tid))
4883 return FALSE;
4884 pistring = string_sprintf("%s/%s", pistring, interface);
4885 }
6f6dedcc 4886 }
0756eb3c
PH		 4887
4888 /* The first time round the outer loop, check the status of the host by
4889 inspecting the retry data. The second time round, we are interested only
4890 in expired hosts that haven't been tried since this message arrived. */
4891
4892 if (cutoff_retry == 0)
4893 {
9c695f6d 4894 BOOL incl_ip;
0756eb3c 4895 /* Ensure the status of the address is set by checking retry data if
9c695f6d 4896 necessary. There may be host-specific retry data (applicable to all
0756eb3c
PH		 4897 messages) and also data for retries of a specific message at this host.
4898 If either of these retry records are actually read, the keys used are
4899 returned to save recomputing them later. */
4900
9c695f6d
JH		 4901 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
4902 US"retry_include_ip_address", ob->retry_include_ip_address,
4903 ob->expand_retry_include_ip_address, &incl_ip) != OK)
4904 continue; /* with next host */
4905
0756eb3c 4906 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
9c695f6d 4907 incl_ip, &retry_host_key, &retry_message_key);
0756eb3c 4908
875512a3 4909 DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
8b455685
JH		 4910 host->address ? host->address : US"", pistring,
4911 host->status == hstatus_usable ? "usable"
4912 : host->status == hstatus_unusable ? "unusable"
4913 : host->status == hstatus_unusable_expired ? "unusable (expired)" : "?");
0756eb3c
PH		 4914
4915 /* Skip this address if not usable at this time, noting if it wasn't
4916 actually expired, both locally and in the address. */
4917
4918 switch (host->status)
4919 {
4920 case hstatus_unusable:
7b4c8c1f
JH		 4921 expired = FALSE;
4922 setflag(addrlist, af_retry_skipped);
4923 /* Fall through */
0756eb3c
PH		 4924
4925 case hstatus_unusable_expired:
7b4c8c1f
JH		 4926 switch (host->why)
4927 {
4928 case hwhy_retry: hosts_retry++; break;
4929 case hwhy_failed: hosts_fail++; break;
2546388c 4930 case hwhy_insecure:
7b4c8c1f
JH		 4931 case hwhy_deferred: hosts_defer++; break;
4932 }
4933
4934 /* If there was a retry message key, implying that previously there
4935 was a message-specific defer, we don't want to update the list of
4936 messages waiting for these hosts. */
4937
4938 if (retry_message_key) update_waiting = FALSE;
4939 continue; /* With the next host or IP address */
0756eb3c
PH		 4940 }
4941 }
4942
4943 /* Second time round the loop: if the address is set but expired, and
4944 the message is newer than the last try, let it through. */
4945
4946 else
4947 {
7b4c8c1f
JH		 4948 if ( !host->address
4949 || host->status != hstatus_unusable_expired
32dfdf8b 4950 || host->last_try > received_time.tv_sec)
0756eb3c 4951 continue;
7b4c8c1f 4952 DEBUG(D_transport) debug_printf("trying expired host %s [%s]%s\n",
0756eb3c
PH		 4953 host->name, host->address, pistring);
4954 host_is_expired = TRUE;
4955 }
4956
4957 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
4958 it remains TRUE only if all hosts are expired and none are actually tried.
4959 */
4960
4961 expired = FALSE;
4962
4963 /* If this host is listed as one to which access must be serialized,
4964 see if another Exim process has a connection to it, and if so, skip
4965 this host. If not, update the database to record our connection to it
4966 and remember this for later deletion. Do not do any of this if we are
4967 sending the message down a pre-existing connection. */
4968
7b4c8c1f 4969 if ( !continue_hostname
3fb3231c 4970 && verify_check_given_host(CUSS &ob->serialize_hosts, host) == OK)
0756eb3c
PH		 4971 {
4972 serialize_key = string_sprintf("host-serialize-%s", host->name);
e8ae7214 4973 if (!enq_start(serialize_key, 1))
0756eb3c
PH		 4974 {
4975 DEBUG(D_transport)
4976 debug_printf("skipping host %s because another Exim process "
4977 "is connected to it\n", host->name);
4978 hosts_serial++;
4979 continue;
4980 }
0756eb3c
PH		 4981 }
4982
4983 /* OK, we have an IP address that is not waiting for its retry time to
4984 arrive (it might be expired) OR (second time round the loop) we have an
4985 expired host that hasn't been tried since the message arrived. Have a go
4986 at delivering the message to it. First prepare the addresses by flushing
4987 out the result of previous attempts, and finding the first address that
4988 is still to be delivered. */
4989
4990 first_addr = prepare_addresses(addrlist, host);
4991
4992 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
4993 message_id, host->name, host->address, addrlist->address,
7b4c8c1f 4994 addrlist->next ? ", ..." : "");
0756eb3c 4995
67ea939c
JH		 4996 set_process_info("delivering %s to %s [%s]%s (%s%s)",
4997 message_id, host->name, host->address, pistring, addrlist->address,
7b4c8c1f 4998 addrlist->next ? ", ..." : "");
0756eb3c
PH		 4999
5000 /* This is not for real; don't do the delivery. If there are
5001 any remaining hosts, list them. */
5002
8768d548 5003 if (f.dont_deliver)
0756eb3c 5004 {
895fbaf2 5005 set_errno_nohost(addrlist, 0, NULL, OK, FALSE);
d7978c0f 5006 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 5007 {
5008 addr->host_used = host;
5009 addr->special_action = '*';
5010 addr->message = US"delivery bypassed by -N option";
5011 }
5012 DEBUG(D_transport)
5013 {
5014 debug_printf("*** delivery by %s transport bypassed by -N option\n"
5015 "*** host and remaining hosts:\n", tblock->name);
d7978c0f 5016 for (host_item * host2 = host; host2; host2 = host2->next)
0756eb3c 5017 debug_printf(" %s [%s]\n", host2->name,
7b4c8c1f 5018 host2->address ? host2->address : US"unset");
0756eb3c
PH		 5019 }
5020 rc = OK;
5021 }
5022
5023 /* This is for real. If the host is expired, we don't count it for
5024 hosts_max_retry. This ensures that all hosts must expire before an address
8e669ac1 5025 is timed out, unless hosts_max_try_hardlimit (which protects against
533244af 5026 lunatic DNS configurations) is reached.
8e669ac1 5027
533244af
PH		 5028 If the host is not expired and we are about to hit the hosts_max_retry
5029 limit, check to see if there is a subsequent hosts with a different MX
5030 value. If so, make that the next host, and don't count this one. This is a
5031 heuristic to make sure that different MXs do get tried. With a normal kind
5032 of retry rule, they would get tried anyway when the earlier hosts were
5033 delayed, but if the domain has a "retry every time" type of rule - as is
5034 often used for the the very large ISPs, that won't happen. */
0756eb3c
PH		 5035
5036 else
5037 {
d427a7f9
JH		 5038 host_item * thost;
5039 /* Make a copy of the host if it is local to this invocation
5040 of the transport. */
5041
5042 if (expanded_hosts)
5043 {
5044 thost = store_get(sizeof(host_item));
5045 *thost = *host;
5046 thost->name = string_copy(host->name);
5047 thost->address = string_copy(host->address);
5048 }
5049 else
5050 thost = host;
5051
0756eb3c
PH		 5052 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
5053 {
0756eb3c
PH		 5054 DEBUG(D_transport)
5055 debug_printf("hosts_max_try limit reached with this host\n");
d7978c0f 5056 for (host_item * h = host; h; h = h->next) if (h->mx != host->mx)
1a47b633
JH		 5057 {
5058 nexthost = h;
5059 unexpired_hosts_tried--;
5060 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
5061 "and will be tried\n");
5062 break;
5063 }
0756eb3c
PH		 5064 }
5065
5066 /* Attempt the delivery. */
5067
533244af 5068 total_hosts_tried++;
a843a57e 5069 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
d427a7f9 5070 &message_defer, FALSE);
0756eb3c
PH		 5071
5072 /* Yield is one of:
5073 OK => connection made, each address contains its result;
5074 message_defer is set for message-specific defers (when all
5075 recipients are marked defer)
5076 DEFER => there was a non-message-specific delivery problem;
5077 ERROR => there was a problem setting up the arguments for a filter,
5078 or there was a problem with expanding added headers
5079 */
5080
5081 /* If the result is not OK, there was a non-message-specific problem.
5082 If the result is DEFER, we need to write to the logs saying what happened
5083 for this particular host, except in the case of authentication and TLS
5084 failures, where the log has already been written. If all hosts defer a
5085 general message is written at the end. */
5086
7b4c8c1f
JH		 5087 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL
5088 && first_addr->basic_errno != ERRNO_TLSFAILURE)
ec62d0a9 5089 write_logs(host, first_addr->message, first_addr->basic_errno);
0756eb3c 5090
0cbf2b82 5091#ifndef DISABLE_EVENT
d68218c7 5092 if (rc == DEFER)
774ef2d7 5093 deferred_event_raise(first_addr, host);
a7538db1 5094#endif
d68218c7 5095
0756eb3c
PH		 5096 /* If STARTTLS was accepted, but there was a failure in setting up the
5097 TLS session (usually a certificate screwup), and the host is not in
5098 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
5099 TLS forcibly turned off. We have to start from scratch with a new SMTP
5100 connection. That's why the retry is done from here, not from within
5101 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
5102 session, so the in-clear transmission after those errors, if permitted,
5103 happens inside smtp_deliver().] */
5104
a7538db1 5105#ifdef SUPPORT_TLS
7a31d643
JH		 5106 if ( rc == DEFER
5107 && first_addr->basic_errno == ERRNO_TLSFAILURE
5108 && ob->tls_tempfail_tryclear
3fb3231c 5109 && verify_check_given_host(CUSS &ob->hosts_require_tls, host) != OK
7a31d643 5110 )
0756eb3c 5111 {
cf0c6164
JH		 5112 log_write(0, LOG_MAIN,
5113 "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
5114 first_addr->message, host->name, host->address);
0756eb3c 5115 first_addr = prepare_addresses(addrlist, host);
a843a57e 5116 rc = smtp_deliver(addrlist, thost, host_af, defport, interface, tblock,
d427a7f9 5117 &message_defer, TRUE);
0756eb3c 5118 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
ec62d0a9 5119 write_logs(host, first_addr->message, first_addr->basic_errno);
0cbf2b82 5120# ifndef DISABLE_EVENT
d68218c7 5121 if (rc == DEFER)
774ef2d7 5122 deferred_event_raise(first_addr, host);
a7538db1 5123# endif
0756eb3c 5124 }
a1bccd48 5125#endif /*SUPPORT_TLS*/
0756eb3c
PH		 5126 }
5127
5128 /* Delivery attempt finished */
5129
67ea939c
JH		 5130 set_process_info("delivering %s: just tried %s [%s]%s for %s%s: result %s",
5131 message_id, host->name, host->address, pistring, addrlist->address,
aeb65e91 5132 addrlist->next ? " (& others)" : "", rc_to_string(rc));
0756eb3c
PH		 5133
5134 /* Release serialization if set up */
5135
7b4c8c1f 5136 if (serialize_key) enq_end(serialize_key);
0756eb3c
PH		 5137
5138 /* If the result is DEFER, or if a host retry record is known to exist, we
5139 need to add an item to the retry chain for updating the retry database
5140 at the end of delivery. We only need to add the item to the top address,
5141 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
5142 for any other delivery attempts using the same address. (It is copied into
5143 the unusable tree at the outer level, so even if different address blocks
5144 contain the same address, it still won't get tried again.) */
5145
7b4c8c1f 5146 if (rc == DEFER || retry_host_key)
0756eb3c 5147 {
7b4c8c1f
JH		 5148 int delete_flag = rc != DEFER ? rf_delete : 0;
5149 if (!retry_host_key)
0756eb3c 5150 {
9c695f6d
JH		 5151 BOOL incl_ip;
5152 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5153 US"retry_include_ip_address", ob->retry_include_ip_address,
5154 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5155 incl_ip = TRUE; /* error; use most-specific retry record */
5156
7b4c8c1f
JH		 5157 retry_host_key = incl_ip
5158 ? string_sprintf("T:%S:%s%s", host->name, host->address, pistring)
5159 : string_sprintf("T:%S%s", host->name, pistring);
0756eb3c
PH		 5160 }
5161
5162 /* If a delivery of another message over an existing SMTP connection
5163 yields DEFER, we do NOT set up retry data for the host. This covers the
5164 case when there are delays in routing the addresses in the second message
5165 that are so long that the server times out. This is alleviated by not
5166 routing addresses that previously had routing defers when handling an
5167 existing connection, but even so, this case may occur (e.g. if a
5168 previously happily routed address starts giving routing defers). If the
5169 host is genuinely down, another non-continued message delivery will
5170 notice it soon enough. */
5171
7b4c8c1f 5172 if (delete_flag != 0 || !continue_hostname)
0756eb3c
PH		 5173 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
5174
5175 /* We may have tried an expired host, if its retry time has come; ensure
5176 the status reflects the expiry for the benefit of any other addresses. */
5177
5178 if (rc == DEFER)
5179 {
7b4c8c1f
JH		 5180 host->status = host_is_expired
5181 ? hstatus_unusable_expired : hstatus_unusable;
0756eb3c
PH		 5182 host->why = hwhy_deferred;
5183 }
5184 }
5185
5186 /* If message_defer is set (host was OK, but every recipient got deferred
5187 because of some message-specific problem), or if that had happened
5188 previously so that a message retry key exists, add an appropriate item
5189 to the retry chain. Note that if there was a message defer but now there is
5190 a host defer, the message defer record gets deleted. That seems perfectly
5191 reasonable. Also, stop the message from being remembered as waiting
f6c332bd 5192 for specific hosts. */
0756eb3c 5193
7b4c8c1f 5194 if (message_defer || retry_message_key)
0756eb3c 5195 {
7b4c8c1f
JH		 5196 int delete_flag = message_defer ? 0 : rf_delete;
5197 if (!retry_message_key)
0756eb3c 5198 {
9c695f6d
JH		 5199 BOOL incl_ip;
5200 if (exp_bool(addrlist, US"transport", tblock->name, D_transport,
5201 US"retry_include_ip_address", ob->retry_include_ip_address,
5202 ob->expand_retry_include_ip_address, &incl_ip) != OK)
5203 incl_ip = TRUE; /* error; use most-specific retry record */
5204
7b4c8c1f
JH		 5205 retry_message_key = incl_ip
5206 ? string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
5207 message_id)
5208 : string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
0756eb3c
PH		 5209 }
5210 retry_add_item(addrlist, retry_message_key,
5211 rf_message | rf_host | delete_flag);
f6c332bd 5212 update_waiting = FALSE;
0756eb3c
PH		 5213 }
5214
5215 /* Any return other than DEFER (that is, OK or ERROR) means that the
5216 addresses have got their final statuses filled in for this host. In the OK
5217 case, see if any of them are deferred. */
5218
5219 if (rc == OK)
d7978c0f 5220 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 5221 if (addr->transport_return == DEFER)
5222 {
5223 some_deferred = TRUE;
5224 break;
5225 }
0756eb3c
PH		 5226
5227 /* If no addresses deferred or the result was ERROR, return. We do this for
5228 ERROR because a failing filter set-up or add_headers expansion is likely to
5229 fail for any host we try. */
5230
5231 if (rc == ERROR || (rc == OK && !some_deferred))
5232 {
5233 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
5234 return TRUE; /* Each address has its status */
5235 }
5236
5237 /* If the result was DEFER or some individual addresses deferred, let
5238 the loop run to try other hosts with the deferred addresses, except for the
5239 case when we were trying to deliver down an existing channel and failed.
5240 Don't try any other hosts in this case. */
5241
7b4c8c1f 5242 if (continue_hostname) break;
0756eb3c
PH		 5243
5244 /* If the whole delivery, or some individual addresses, were deferred and
5245 there are more hosts that could be tried, do not count this host towards
5246 the hosts_max_try limit if the age of the message is greater than the
5247 maximum retry time for this host. This means we may try try all hosts,
5248 ignoring the limit, when messages have been around for some time. This is
5249 important because if we don't try all hosts, the address will never time
533244af 5250 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
0756eb3c 5251
7b4c8c1f 5252 if ((rc == DEFER || some_deferred) && nexthost)
0756eb3c
PH		 5253 {
5254 BOOL timedout;
5255 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
5256
7b4c8c1f 5257 if (retry && retry->rules)
0756eb3c
PH		 5258 {
5259 retry_rule *last_rule;
5260 for (last_rule = retry->rules;
7b4c8c1f 5261 last_rule->next;
0756eb3c 5262 last_rule = last_rule->next);
32dfdf8b 5263 timedout = time(NULL) - received_time.tv_sec > last_rule->timeout;
0756eb3c
PH		 5264 }
5265 else timedout = TRUE; /* No rule => timed out */
5266
5267 if (timedout)
5268 {
5269 unexpired_hosts_tried--;
5270 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
5271 "hosts_max_try (message older than host's retry time)\n");
5272 }
5273 }
06f37c80
JH		 5274
5275 DEBUG(D_transport)
5276 {
5277 if (unexpired_hosts_tried >= ob->hosts_max_try)
5278 debug_printf("reached transport hosts_max_try limit %d\n",
5279 ob->hosts_max_try);
5280 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5281 debug_printf("reached transport hosts_max_try_hardlimit limit %d\n",
5282 ob->hosts_max_try_hardlimit);
5283 }
5284
8008accd 5285 if (f.running_in_test_harness) millisleep(500); /* let server debug out */
0756eb3c
PH		 5286 } /* End of loop for trying multiple hosts. */
5287
2577f55f
JH		 5288 /* If we failed to find a matching host in the list, for an already-open
5289 connection, just close it and start over with the list. This can happen
5290 for routing that changes from run to run, or big multi-IP sites with
5291 round-robin DNS. */
5292
5293 if (continue_hostname && !continue_host_tried)
5294 {
74f1a423 5295 int fd = cutthrough.cctx.sock >= 0 ? cutthrough.cctx.sock : 0;
2577f55f
JH		 5296
5297 DEBUG(D_transport) debug_printf("no hosts match already-open connection\n");
5298#ifdef SUPPORT_TLS
74f1a423
JH		 5299 /* A TLS conn could be open for a cutthrough, but not for a plain continued-
5300 transport */
5301/*XXX doublecheck that! */
5302
5303 if (cutthrough.cctx.sock >= 0 && cutthrough.is_tls)
2577f55f 5304 {
74f1a423
JH		 5305 (void) tls_write(cutthrough.cctx.tls_ctx, US"QUIT\r\n", 6, FALSE);
5306 tls_close(cutthrough.cctx.tls_ctx, TLS_SHUTDOWN_NOWAIT);
5307 cutthrough.cctx.tls_ctx = NULL;
5308 cutthrough.is_tls = FALSE;
2577f55f
JH		 5309 }
5310 else
5311#else
5312 (void) write(fd, US"QUIT\r\n", 6);
5313#endif
5314 (void) close(fd);
74f1a423 5315 cutthrough.cctx.sock = -1;
2577f55f
JH		 5316 continue_hostname = NULL;
5317 goto retry_non_continued;
5318 }
5319
0756eb3c
PH		 5320 /* This is the end of the loop that repeats iff expired is TRUE and
5321 ob->delay_after_cutoff is FALSE. The second time round we will
5322 try those hosts that haven't been tried since the message arrived. */
5323
5324 DEBUG(D_transport)
5325 {
5326 debug_printf("all IP addresses skipped or deferred at least one address\n");
5327 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
5328 debug_printf("retrying IP addresses not tried since message arrived\n");
5329 }
5330 }
5331
5332
5333/* Get here if all IP addresses are skipped or defer at least one address. In
5334MUA wrapper mode, this will happen only for connection or other non-message-
5335specific failures. Force the delivery status for all addresses to FAIL. */
5336
5337if (mua_wrapper)
5338 {
d7978c0f 5339 for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 5340 addr->transport_return = FAIL;
5341 goto END_TRANSPORT;
5342 }
5343
5344/* In the normal, non-wrapper case, add a standard message to each deferred
5345address if there hasn't been an error, that is, if it hasn't actually been
5346tried this time. The variable "expired" will be FALSE if any deliveries were
5347actually tried, or if there was at least one host that was not expired. That
5348is, it is TRUE only if no deliveries were tried and all hosts were expired. If
5349a delivery has been tried, an error code will be set, and the failing of the
5350message is handled by the retry code later.
5351
5352If queue_smtp is set, or this transport was called to send a subsequent message
5353down an existing TCP/IP connection, and something caused the host not to be
5354found, we end up here, but can detect these cases and handle them specially. */
5355
d7978c0f 5356for (address_item * addr = addrlist; addr; addr = addr->next)
0756eb3c
PH		 5357 {
5358 /* If host is not NULL, it means that we stopped processing the host list
533244af
PH		 5359 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
5360 means we need to behave as if some hosts were skipped because their retry
5361 time had not come. Specifically, this prevents the address from timing out.
8e669ac1 5362 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
533244af 5363 hosts were tried. */
0756eb3c 5364
c3f2eb9a 5365 if (host)
533244af
PH		 5366 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
5367 {
5368 DEBUG(D_transport)
5369 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
5370 "hosts were tried\n");
5371 }
5372 else
8e669ac1 5373 {
533244af
PH		 5374 DEBUG(D_transport)
5375 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
5376 setflag(addr, af_retry_skipped);
8e669ac1 5377 }
0756eb3c 5378
8768d548 5379 if (f.queue_smtp) /* no deliveries attempted */
0756eb3c
PH		 5380 {
5381 addr->transport_return = DEFER;
5382 addr->basic_errno = 0;
5383 addr->message = US"SMTP delivery explicitly queued";
5384 }
5385
c3f2eb9a
JH		 5386 else if ( addr->transport_return == DEFER
5387 && (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0)
5388 && !addr->message
5389 )
0756eb3c
PH		 5390 {
5391 addr->basic_errno = ERRNO_HRETRY;
c3f2eb9a 5392 if (continue_hostname)
0756eb3c 5393 addr->message = US"no host found for existing SMTP connection";
0756eb3c
PH		 5394 else if (expired)
5395 {
fffffe4c 5396 setflag(addr, af_pass_message); /* This is not a security risk */
c3f2eb9a
JH		 5397 addr->message = string_sprintf(
5398 "all hosts%s have been failing for a long time %s",
5399 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"",
5400 ob->delay_after_cutoff
5401 ? US"(and retry time not reached)"
5402 : US"and were last tried after this message arrived");
0756eb3c
PH		 5403
5404 /* If we are already using fallback hosts, or there are no fallback hosts
5405 defined, convert the result to FAIL to cause a bounce. */
5406
c3f2eb9a 5407 if (addr->host_list == addr->fallback_hosts || !addr->fallback_hosts)
0756eb3c
PH		 5408 addr->transport_return = FAIL;
5409 }
5410 else
5411 {
93a680e4 5412 const char * s;
0756eb3c 5413 if (hosts_retry == hosts_total)
93a680e4 5414 s = "retry time not reached for any host%s";
0756eb3c 5415 else if (hosts_fail == hosts_total)
93a680e4 5416 s = "all host address lookups%s failed permanently";
0756eb3c 5417 else if (hosts_defer == hosts_total)
93a680e4 5418 s = "all host address lookups%s failed temporarily";
0756eb3c 5419 else if (hosts_serial == hosts_total)
93a680e4 5420 s = "connection limit reached for all hosts%s";
0756eb3c 5421 else if (hosts_fail+hosts_defer == hosts_total)
93a680e4 5422 s = "all host address lookups%s failed";
3cf01803 5423 else
93a680e4 5424 s = "some host address lookups failed and retry time "
3cf01803
JH		 5425 "not reached for other hosts or connection limit reached%s";
5426
5427 addr->message = string_sprintf(s,
5428 addr->domain ? string_sprintf(" for '%s'", addr->domain) : US"");
0756eb3c
PH		 5429 }
5430 }
5431 }
5432
5433/* Update the database which keeps information about which messages are waiting
f6c332bd
PH		 5434for which hosts to become available. For some message-specific errors, the
5435update_waiting flag is turned off because we don't want follow-on deliveries in
ea722490 5436those cases. If this transport instance is explicitly limited to one message
8b260705
PP		 5437per connection then follow-on deliveries are not possible and there's no need
5438to create/update the per-transport wait-<transport_name> database. */
0756eb3c 5439
ea722490
JH		 5440if (update_waiting && tblock->connection_max_messages != 1)
5441 transport_update_waiting(hostlist, tblock->name);
0756eb3c
PH		 5442
5443END_TRANSPORT:
5444
5445DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
5446
5447return TRUE; /* Each address has its status */
5448}
5449
d185889f 5450#endif /*!MACRO_PREDEF*/
578897ea
JH		 5451/* vi: aw ai sw=2
5452*/
0756eb3c 5453/* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.