projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Eliminate one foolish way to break the build
[exim.git] / src / src / transports / smtp.c
CommitLineData
0756eb3c
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5a66c31b 5/* Copyright (c) University of Cambridge 1995 - 2014 */
0756eb3c
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8#include "../exim.h"
9#include "smtp.h"
10
11#define PENDING 256
12#define PENDING_DEFER (PENDING + DEFER)
13#define PENDING_OK (PENDING + OK)
14
15
16/* Options specific to the smtp transport. This transport also supports LMTP
17over TCP/IP. The options must be in alphabetic order (note that "_" comes
18before the lower case letters). Some live in the transport_instance block so as
19to be publicly visible; these are flagged with opt_public. */
20
21optionlist smtp_transport_options[] = {
48c7f9e2
PH		 22 { "address_retry_include_sender", opt_bool,
23 (void *)offsetof(smtp_transport_options_block, address_retry_include_sender) },
0756eb3c
PH		 24 { "allow_localhost", opt_bool,
25 (void *)offsetof(smtp_transport_options_block, allow_localhost) },
26 { "authenticated_sender", opt_stringptr,
27 (void *)offsetof(smtp_transport_options_block, authenticated_sender) },
382afc6b
PH		 28 { "authenticated_sender_force", opt_bool,
29 (void *)offsetof(smtp_transport_options_block, authenticated_sender_force) },
0756eb3c
PH		 30 { "command_timeout", opt_time,
31 (void *)offsetof(smtp_transport_options_block, command_timeout) },
32 { "connect_timeout", opt_time,
33 (void *)offsetof(smtp_transport_options_block, connect_timeout) },
34 { "connection_max_messages", opt_int | opt_public,
35 (void *)offsetof(transport_instance, connection_max_messages) },
36 { "data_timeout", opt_time,
37 (void *)offsetof(smtp_transport_options_block, data_timeout) },
38 { "delay_after_cutoff", opt_bool,
39 (void *)offsetof(smtp_transport_options_block, delay_after_cutoff) },
80a47a2c 40#ifndef DISABLE_DKIM
f7572e5a
TK		 41 { "dkim_canon", opt_stringptr,
42 (void *)offsetof(smtp_transport_options_block, dkim_canon) },
43 { "dkim_domain", opt_stringptr,
44 (void *)offsetof(smtp_transport_options_block, dkim_domain) },
45 { "dkim_private_key", opt_stringptr,
46 (void *)offsetof(smtp_transport_options_block, dkim_private_key) },
47 { "dkim_selector", opt_stringptr,
48 (void *)offsetof(smtp_transport_options_block, dkim_selector) },
49 { "dkim_sign_headers", opt_stringptr,
50 (void *)offsetof(smtp_transport_options_block, dkim_sign_headers) },
51 { "dkim_strict", opt_stringptr,
52 (void *)offsetof(smtp_transport_options_block, dkim_strict) },
80a47a2c 53#endif
0756eb3c
PH		 54 { "dns_qualify_single", opt_bool,
55 (void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
56 { "dns_search_parents", opt_bool,
57 (void *)offsetof(smtp_transport_options_block, dns_search_parents) },
578897ea
JH		 58 { "dnssec_request_domains", opt_stringptr,
59 (void *)offsetof(smtp_transport_options_block, dnssec_request_domains) },
60 { "dnssec_require_domains", opt_stringptr,
61 (void *)offsetof(smtp_transport_options_block, dnssec_require_domains) },
9e4f5962
PP		 62 { "dscp", opt_stringptr,
63 (void *)offsetof(smtp_transport_options_block, dscp) },
0756eb3c
PH		 64 { "fallback_hosts", opt_stringptr,
65 (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
66 { "final_timeout", opt_time,
67 (void *)offsetof(smtp_transport_options_block, final_timeout) },
68 { "gethostbyname", opt_bool,
69 (void *)offsetof(smtp_transport_options_block, gethostbyname) },
80a47a2c 70#ifdef SUPPORT_TLS
b1770b6e 71 /* These are no longer honoured, as of Exim 4.80; for now, we silently
17c76198
PP		 72 ignore; a later release will warn, and a later-still release will remove
73 these options, so that using them becomes an error. */
83da1223
PH		 74 { "gnutls_require_kx", opt_stringptr,
75 (void *)offsetof(smtp_transport_options_block, gnutls_require_kx) },
76 { "gnutls_require_mac", opt_stringptr,
77 (void *)offsetof(smtp_transport_options_block, gnutls_require_mac) },
78 { "gnutls_require_protocols", opt_stringptr,
79 (void *)offsetof(smtp_transport_options_block, gnutls_require_proto) },
80a47a2c 80#endif
0756eb3c
PH		 81 { "helo_data", opt_stringptr,
82 (void *)offsetof(smtp_transport_options_block, helo_data) },
83 { "hosts", opt_stringptr,
84 (void *)offsetof(smtp_transport_options_block, hosts) },
85 { "hosts_avoid_esmtp", opt_stringptr,
86 (void *)offsetof(smtp_transport_options_block, hosts_avoid_esmtp) },
c51b8e75
PH		 87 { "hosts_avoid_pipelining", opt_stringptr,
88 (void *)offsetof(smtp_transport_options_block, hosts_avoid_pipelining) },
80a47a2c 89#ifdef SUPPORT_TLS
0756eb3c
PH		 90 { "hosts_avoid_tls", opt_stringptr,
91 (void *)offsetof(smtp_transport_options_block, hosts_avoid_tls) },
80a47a2c 92#endif
0756eb3c
PH		 93 { "hosts_max_try", opt_int,
94 (void *)offsetof(smtp_transport_options_block, hosts_max_try) },
533244af
PH		 95 { "hosts_max_try_hardlimit", opt_int,
96 (void *)offsetof(smtp_transport_options_block, hosts_max_try_hardlimit) },
80a47a2c 97#ifdef SUPPORT_TLS
0756eb3c
PH		 98 { "hosts_nopass_tls", opt_stringptr,
99 (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
80a47a2c 100#endif
0756eb3c
PH		 101 { "hosts_override", opt_bool,
102 (void *)offsetof(smtp_transport_options_block, hosts_override) },
103 { "hosts_randomize", opt_bool,
104 (void *)offsetof(smtp_transport_options_block, hosts_randomize) },
44662487
JH		 105#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_OCSP)
106 { "hosts_request_ocsp", opt_stringptr,
107 (void *)offsetof(smtp_transport_options_block, hosts_request_ocsp) },
108#endif
0756eb3c
PH		 109 { "hosts_require_auth", opt_stringptr,
110 (void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
80a47a2c 111#ifdef SUPPORT_TLS
f5d78688
JH		 112# if defined EXPERIMENTAL_OCSP
113 { "hosts_require_ocsp", opt_stringptr,
114 (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
115# endif
0756eb3c
PH		 116 { "hosts_require_tls", opt_stringptr,
117 (void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
80a47a2c 118#endif
0756eb3c
PH		 119 { "hosts_try_auth", opt_stringptr,
120 (void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
8ccd00b1 121#ifndef DISABLE_PRDR
fd98a5c6
JH		 122 { "hosts_try_prdr", opt_stringptr,
123 (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
124#endif
99400968
JH		 125#ifdef SUPPORT_TLS
126 { "hosts_verify_avoid_tls", opt_stringptr,
127 (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
128#endif
0756eb3c
PH		 129 { "interface", opt_stringptr,
130 (void *)offsetof(smtp_transport_options_block, interface) },
131 { "keepalive", opt_bool,
132 (void *)offsetof(smtp_transport_options_block, keepalive) },
f1513293
PH		 133 { "lmtp_ignore_quota", opt_bool,
134 (void *)offsetof(smtp_transport_options_block, lmtp_ignore_quota) },
0756eb3c
PH		 135 { "max_rcpt", opt_int | opt_public,
136 (void *)offsetof(transport_instance, max_addresses) },
137 { "multi_domain", opt_bool | opt_public,
138 (void *)offsetof(transport_instance, multi_domain) },
139 { "port", opt_stringptr,
140 (void *)offsetof(smtp_transport_options_block, port) },
141 { "protocol", opt_stringptr,
142 (void *)offsetof(smtp_transport_options_block, protocol) },
143 { "retry_include_ip_address", opt_bool,
144 (void *)offsetof(smtp_transport_options_block, retry_include_ip_address) },
145 { "serialize_hosts", opt_stringptr,
146 (void *)offsetof(smtp_transport_options_block, serialize_hosts) },
147 { "size_addition", opt_int,
148 (void *)offsetof(smtp_transport_options_block, size_addition) }
80a47a2c 149#ifdef SUPPORT_TLS
0756eb3c
PH		 150 ,{ "tls_certificate", opt_stringptr,
151 (void *)offsetof(smtp_transport_options_block, tls_certificate) },
152 { "tls_crl", opt_stringptr,
153 (void *)offsetof(smtp_transport_options_block, tls_crl) },
54c90be1
PP		 154 { "tls_dh_min_bits", opt_int,
155 (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
0756eb3c
PH		 156 { "tls_privatekey", opt_stringptr,
157 (void *)offsetof(smtp_transport_options_block, tls_privatekey) },
3f0945ff 158 { "tls_require_ciphers", opt_stringptr,
0756eb3c 159 (void *)offsetof(smtp_transport_options_block, tls_require_ciphers) },
3f0945ff
PP		 160 { "tls_sni", opt_stringptr,
161 (void *)offsetof(smtp_transport_options_block, tls_sni) },
0756eb3c
PH		 162 { "tls_tempfail_tryclear", opt_bool,
163 (void *)offsetof(smtp_transport_options_block, tls_tempfail_tryclear) },
a63be306
WB		 164 { "tls_try_verify_hosts", opt_stringptr,
165 (void *)offsetof(smtp_transport_options_block, tls_try_verify_hosts) },
e51c7be2
JH		 166#ifdef EXPERIMENTAL_CERTNAMES
167 { "tls_verify_cert_hostnames", opt_stringptr,
168 (void *)offsetof(smtp_transport_options_block,tls_verify_cert_hostnames)},
169#endif
0756eb3c 170 { "tls_verify_certificates", opt_stringptr,
a63be306
WB		 171 (void *)offsetof(smtp_transport_options_block, tls_verify_certificates) },
172 { "tls_verify_hosts", opt_stringptr,
173 (void *)offsetof(smtp_transport_options_block, tls_verify_hosts) }
80a47a2c 174#endif
d68218c7
JH		 175#ifdef EXPERIMENTAL_TPDA
176 ,{ "tpda_host_defer_action", opt_stringptr,
177 (void *)offsetof(smtp_transport_options_block, tpda_host_defer_action) },
178#endif
0756eb3c
PH		 179};
180
181/* Size of the options list. An extern variable has to be used so that its
182address can appear in the tables drtables.c. */
183
184int smtp_transport_options_count =
185 sizeof(smtp_transport_options)/sizeof(optionlist);
186
187/* Default private options block for the smtp transport. */
188
189smtp_transport_options_block smtp_transport_option_defaults = {
190 NULL, /* hosts */
191 NULL, /* fallback_hosts */
192 NULL, /* hostlist */
193 NULL, /* fallback_hostlist */
194 NULL, /* authenticated_sender */
195 US"$primary_hostname", /* helo_data */
196 NULL, /* interface */
197 NULL, /* port */
198 US"smtp", /* protocol */
9e4f5962 199 NULL, /* DSCP */
0756eb3c
PH		 200 NULL, /* serialize_hosts */
201 NULL, /* hosts_try_auth */
202 NULL, /* hosts_require_auth */
8ccd00b1 203#ifndef DISABLE_PRDR
fd98a5c6 204 NULL, /* hosts_try_prdr */
f5d78688
JH		 205#endif
206#ifdef EXPERIMENTAL_OCSP
44662487 207 US"*", /* hosts_request_ocsp */
f5d78688 208 NULL, /* hosts_require_ocsp */
fd98a5c6 209#endif
0756eb3c
PH		 210 NULL, /* hosts_require_tls */
211 NULL, /* hosts_avoid_tls */
99400968 212 US"*", /* hosts_verify_avoid_tls */
c51b8e75 213 NULL, /* hosts_avoid_pipelining */
0756eb3c
PH		 214 NULL, /* hosts_avoid_esmtp */
215 NULL, /* hosts_nopass_tls */
216 5*60, /* command_timeout */
217 5*60, /* connect_timeout; shorter system default overrides */
218 5*60, /* data timeout */
219 10*60, /* final timeout */
220 1024, /* size_addition */
221 5, /* hosts_max_try */
8e669ac1 222 50, /* hosts_max_try_hardlimit */
48c7f9e2 223 TRUE, /* address_retry_include_sender */
0756eb3c 224 FALSE, /* allow_localhost */
382afc6b 225 FALSE, /* authenticated_sender_force */
0756eb3c
PH		 226 FALSE, /* gethostbyname */
227 TRUE, /* dns_qualify_single */
228 FALSE, /* dns_search_parents */
578897ea
JH		 229 NULL, /* dnssec_request_domains */
230 NULL, /* dnssec_require_domains */
0756eb3c
PH		 231 TRUE, /* delay_after_cutoff */
232 FALSE, /* hosts_override */
233 FALSE, /* hosts_randomize */
234 TRUE, /* keepalive */
f1513293 235 FALSE, /* lmtp_ignore_quota */
0756eb3c 236 TRUE /* retry_include_ip_address */
80a47a2c 237#ifdef SUPPORT_TLS
0756eb3c
PH		 238 ,NULL, /* tls_certificate */
239 NULL, /* tls_crl */
240 NULL, /* tls_privatekey */
241 NULL, /* tls_require_ciphers */
83da1223
PH		 242 NULL, /* gnutls_require_kx */
243 NULL, /* gnutls_require_mac */
244 NULL, /* gnutls_require_proto */
54c90be1 245 NULL, /* tls_sni */
0756eb3c 246 NULL, /* tls_verify_certificates */
54c90be1
PP		 247 EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
248 /* tls_dh_min_bits */
a63be306
WB		 249 TRUE, /* tls_tempfail_tryclear */
250 NULL, /* tls_verify_hosts */
251 NULL /* tls_try_verify_hosts */
e51c7be2
JH		 252# ifdef EXPERIMENTAL_CERTNAMES
253 ,NULL /* tls_verify_cert_hostnames */
254# endif
80a47a2c
TK		 255#endif
256#ifndef DISABLE_DKIM
f7572e5a
TK		 257 ,NULL, /* dkim_canon */
258 NULL, /* dkim_domain */
259 NULL, /* dkim_private_key */
260 NULL, /* dkim_selector */
261 NULL, /* dkim_sign_headers */
262 NULL /* dkim_strict */
80a47a2c 263#endif
d68218c7
JH		 264#ifdef EXPERIMENTAL_TPDA
265 ,NULL /* tpda_host_defer_action */
266#endif
0756eb3c
PH		 267};
268
269
270/* Local statics */
271
272static uschar *smtp_command; /* Points to last cmd for error messages */
273static uschar *mail_command; /* Points to MAIL cmd for error messages */
f6c332bd 274static BOOL update_waiting; /* TRUE to update the "wait" database */
0756eb3c
PH		 275
276
277/*************************************************
278* Setup entry point *
279*************************************************/
280
281/* This function is called when the transport is about to be used,
282but before running it in a sub-process. It is used for two things:
283
284 (1) To set the fallback host list in addresses, when delivering.
26da7e20
PH		 285 (2) To pass back the interface, port, protocol, and other options, for use
286 during callout verification.
0756eb3c
PH		 287
288Arguments:
289 tblock pointer to the transport instance block
290 addrlist list of addresses about to be transported
291 tf if not NULL, pointer to block in which to return options
929ba01c
PH		 292 uid the uid that will be set (not used)
293 gid the gid that will be set (not used)
0756eb3c
PH		 294 errmsg place for error message (not used)
295
296Returns: OK always (FAIL, DEFER not used)
297*/
298
299static int
300smtp_transport_setup(transport_instance *tblock, address_item *addrlist,
929ba01c 301 transport_feedback *tf, uid_t uid, gid_t gid, uschar **errmsg)
0756eb3c
PH		 302{
303smtp_transport_options_block *ob =
304 (smtp_transport_options_block *)(tblock->options_block);
305
306errmsg = errmsg; /* Keep picky compilers happy */
929ba01c
PH		 307uid = uid;
308gid = gid;
0756eb3c
PH		 309
310/* Pass back options if required. This interface is getting very messy. */
311
312if (tf != NULL)
313 {
314 tf->interface = ob->interface;
315 tf->port = ob->port;
316 tf->protocol = ob->protocol;
317 tf->hosts = ob->hosts;
318 tf->hosts_override = ob->hosts_override;
319 tf->hosts_randomize = ob->hosts_randomize;
320 tf->gethostbyname = ob->gethostbyname;
321 tf->qualify_single = ob->dns_qualify_single;
322 tf->search_parents = ob->dns_search_parents;
26da7e20 323 tf->helo_data = ob->helo_data;
0756eb3c
PH		 324 }
325
326/* Set the fallback host list for all the addresses that don't have fallback
327host lists, provided that the local host wasn't present in the original host
328list. */
329
330if (!testflag(addrlist, af_local_host_removed))
331 {
332 for (; addrlist != NULL; addrlist = addrlist->next)
333 if (addrlist->fallback_hosts == NULL)
334 addrlist->fallback_hosts = ob->fallback_hostlist;
335 }
336
337return OK;
338}
339
340
341
342/*************************************************
343* Initialization entry point *
344*************************************************/
345
346/* Called for each instance, after its options have been read, to
347enable consistency checks to be done, or anything else that needs
348to be set up.
349
350Argument: pointer to the transport instance block
351Returns: nothing
352*/
353
354void
355smtp_transport_init(transport_instance *tblock)
356{
357smtp_transport_options_block *ob =
358 (smtp_transport_options_block *)(tblock->options_block);
359
360/* Retry_use_local_part defaults FALSE if unset */
361
362if (tblock->retry_use_local_part == TRUE_UNSET)
363 tblock->retry_use_local_part = FALSE;
364
365/* Set the default port according to the protocol */
366
367if (ob->port == NULL)
061b7ebd
PP		 368 ob->port = (strcmpic(ob->protocol, US"lmtp") == 0)? US"lmtp" :
369 (strcmpic(ob->protocol, US"smtps") == 0)? US"smtps" : US"smtp";
0756eb3c
PH		 370
371/* Set up the setup entry point, to be called before subprocesses for this
372transport. */
373
374tblock->setup = smtp_transport_setup;
375
376/* Complain if any of the timeouts are zero. */
377
378if (ob->command_timeout <= 0 || ob->data_timeout <= 0 ||
379 ob->final_timeout <= 0)
380 log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
381 "command, data, or final timeout value is zero for %s transport",
382 tblock->name);
383
384/* If hosts_override is set and there are local hosts, set the global
385flag that stops verify from showing router hosts. */
386
387if (ob->hosts_override && ob->hosts != NULL) tblock->overrides_hosts = TRUE;
388
389/* If there are any fallback hosts listed, build a chain of host items
390for them, but do not do any lookups at this time. */
391
392host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
393}
394
395
396
397
398
399/*************************************************
400* Set delivery info into all active addresses *
401*************************************************/
402
403/* Only addresses whose status is >= PENDING are relevant. A lesser
404status means that an address is not currently being processed.
405
406Arguments:
447d236c
PH		 407 addrlist points to a chain of addresses
408 errno_value to put in each address's errno field
409 msg to put in each address's message field
410 rc to put in each address's transport_return field
411 pass_message if TRUE, set the "pass message" flag in the address
0756eb3c
PH		 412
413If errno_value has the special value ERRNO_CONNECTTIMEOUT, ETIMEDOUT is put in
414the errno field, and RTEF_CTOUT is ORed into the more_errno field, to indicate
415this particular type of timeout.
416
417Returns: nothing
418*/
419
7cd1141b
PH		 420static void
421set_errno(address_item *addrlist, int errno_value, uschar *msg, int rc,
447d236c 422 BOOL pass_message)
0756eb3c
PH		 423{
424address_item *addr;
425int orvalue = 0;
426if (errno_value == ERRNO_CONNECTTIMEOUT)
427 {
428 errno_value = ETIMEDOUT;
429 orvalue = RTEF_CTOUT;
430 }
431for (addr = addrlist; addr != NULL; addr = addr->next)
432 {
433 if (addr->transport_return < PENDING) continue;
434 addr->basic_errno = errno_value;
435 addr->more_errno |= orvalue;
447d236c
PH		 436 if (msg != NULL)
437 {
438 addr->message = msg;
439 if (pass_message) setflag(addr, af_pass_message);
440 }
0756eb3c
PH		 441 addr->transport_return = rc;
442 }
443}
444
445
446
447/*************************************************
448* Check an SMTP response *
449*************************************************/
450
451/* This function is given an errno code and the SMTP response buffer
452to analyse, together with the host identification for generating messages. It
453sets an appropriate message and puts the first digit of the response code into
454the yield variable. If no response was actually read, a suitable digit is
455chosen.
456
457Arguments:
447d236c
PH		 458 host the current host, to get its name for messages
459 errno_value pointer to the errno value
460 more_errno from the top address for use with ERRNO_FILTER_FAIL
461 buffer the SMTP response buffer
462 yield where to put a one-digit SMTP response code
463 message where to put an errror message
464 pass_message set TRUE if message is an SMTP response
465
466Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
0756eb3c
PH		 467*/
468
469static BOOL check_response(host_item *host, int *errno_value, int more_errno,
447d236c 470 uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
0756eb3c
PH		 471{
472uschar *pl = US"";
473
474if (smtp_use_pipelining &&
475 (Ustrcmp(smtp_command, "MAIL") == 0 ||
476 Ustrcmp(smtp_command, "RCPT") == 0 ||
477 Ustrcmp(smtp_command, "DATA") == 0))
478 pl = US"pipelined ";
479
480*yield = '4'; /* Default setting is to give a temporary error */
481
482/* Handle response timeout */
483
484if (*errno_value == ETIMEDOUT)
485 {
486 *message = US string_sprintf("SMTP timeout while connected to %s [%s] "
487 "after %s%s", host->name, host->address, pl, smtp_command);
488 if (transport_count > 0)
489 *message = US string_sprintf("%s (%d bytes written)", *message,
490 transport_count);
491 return FALSE;
492 }
493
494/* Handle malformed SMTP response */
495
496if (*errno_value == ERRNO_SMTPFORMAT)
497 {
498 uschar *malfresp = string_printing(buffer);
499 while (isspace(*malfresp)) malfresp++;
500 if (*malfresp == 0)
501 *message = string_sprintf("Malformed SMTP reply (an empty line) from "
502 "%s [%s] in response to %s%s", host->name, host->address, pl,
503 smtp_command);
504 else
505 *message = string_sprintf("Malformed SMTP reply from %s [%s] in response "
506 "to %s%s: %s", host->name, host->address, pl, smtp_command, malfresp);
507 return FALSE;
508 }
509
510/* Handle a failed filter process error; can't send QUIT as we mustn't
511end the DATA. */
512
513if (*errno_value == ERRNO_FILTER_FAIL)
514 {
35af9f61 515 *message = US string_sprintf("transport filter process failed (%d)%s",
8e669ac1 516 more_errno,
35af9f61 517 (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
0756eb3c
PH		 518 return FALSE;
519 }
520
521/* Handle a failed add_headers expansion; can't send QUIT as we mustn't
522end the DATA. */
523
524if (*errno_value == ERRNO_CHHEADER_FAIL)
525 {
526 *message =
527 US string_sprintf("failed to expand headers_add or headers_remove: %s",
528 expand_string_message);
529 return FALSE;
530 }
531
532/* Handle failure to write a complete data block */
533
534if (*errno_value == ERRNO_WRITEINCOMPLETE)
535 {
536 *message = US string_sprintf("failed to write a data block");
537 return FALSE;
538 }
539
540/* Handle error responses from the remote mailer. */
541
542if (buffer[0] != 0)
543 {
544 uschar *s = string_printing(buffer);
447d236c 545 *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
0756eb3c 546 "host %s [%s]: %s", pl, smtp_command, host->name, host->address, s);
447d236c 547 *pass_message = TRUE;
0756eb3c
PH		 548 *yield = buffer[0];
549 return TRUE;
550 }
551
552/* No data was read. If there is no errno, this must be the EOF (i.e.
19b9dc85
PH		 553connection closed) case, which causes deferral. An explicit connection reset
554error has the same effect. Otherwise, put the host's identity in the message,
555leaving the errno value to be interpreted as well. In all cases, we have to
556assume the connection is now dead. */
0756eb3c 557
19b9dc85 558if (*errno_value == 0 || *errno_value == ECONNRESET)
0756eb3c
PH		 559 {
560 *errno_value = ERRNO_SMTPCLOSED;
561 *message = US string_sprintf("Remote host %s [%s] closed connection "
562 "in response to %s%s", host->name, host->address, pl, smtp_command);
563 }
564else *message = US string_sprintf("%s [%s]", host->name, host->address);
565
566return FALSE;
567}
568
569
570
571/*************************************************
572* Write error message to logs *
573*************************************************/
574
575/* This writes to the main log and to the message log.
576
577Arguments:
578 addr the address item containing error information
579 host the current host
580
581Returns: nothing
582*/
583
584static void
585write_logs(address_item *addr, host_item *host)
586{
587if (addr->message != NULL)
588 {
589 uschar *message = addr->message;
590 if (addr->basic_errno > 0)
591 message = string_sprintf("%s: %s", message, strerror(addr->basic_errno));
592 log_write(0, LOG_MAIN, "%s", message);
593 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
594 }
595else
596 {
7cd1141b
PH		 597 uschar *msg =
598 ((log_extra_selector & LX_outgoing_port) != 0)?
599 string_sprintf("%s [%s]:%d", host->name, host->address,
600 (host->port == PORT_NONE)? 25 : host->port)
601 :
602 string_sprintf("%s [%s]", host->name, host->address);
603 log_write(0, LOG_MAIN, "%s %s", msg, strerror(addr->basic_errno));
604 deliver_msglog("%s %s %s\n", tod_stamp(tod_log), msg,
0756eb3c
PH		 605 strerror(addr->basic_errno));
606 }
607}
608
609
610
d68218c7
JH		 611#ifdef EXPERIMENTAL_TPDA
612/*************************************************
613* Post-defer action *
614*************************************************/
615
616/* This expands an arbitrary per-transport string.
617 It might, for example, be used to write to the database log.
618
619Arguments:
620 ob transport options block
621 addr the address item containing error information
622 host the current host
623
624Returns: nothing
625*/
626
627static void
628tpda_deferred(smtp_transport_options_block *ob, address_item *addr, host_item *host)
629{
630uschar *action = ob->tpda_host_defer_action;
631if (!action)
632 return;
633
634tpda_delivery_ip = string_copy(host->address);
635tpda_delivery_port = (host->port == PORT_NONE)? 25 : host->port;
636tpda_delivery_fqdn = string_copy(host->name);
637tpda_delivery_local_part = string_copy(addr->local_part);
638tpda_delivery_domain = string_copy(addr->domain);
639tpda_defer_errno = addr->basic_errno;
640
641tpda_defer_errstr = addr->message
642 ? addr->basic_errno > 0
643 ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno))
644 : string_copy(addr->message)
645 : addr->basic_errno > 0
e3dd1d67 646 ? string_copy(US strerror(addr->basic_errno))
d68218c7
JH		 647 : NULL;
648
649DEBUG(D_transport)
650 debug_printf(" TPDA(host defer): tpda_host_defer_action=|%s| tpda_delivery_IP=%s\n",
651 action, tpda_delivery_ip);
652
653router_name = addr->router->name;
654transport_name = addr->transport->name;
655if (!expand_string(action) && *expand_string_message)
656 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand tpda_defer_action in %s: %s\n",
657 transport_name, expand_string_message);
658router_name = transport_name = NULL;
659}
660#endif
661
662
663
0756eb3c
PH		 664/*************************************************
665* Synchronize SMTP responses *
666*************************************************/
667
668/* This function is called from smtp_deliver() to receive SMTP responses from
669the server, and match them up with the commands to which they relate. When
670PIPELINING is not in use, this function is called after every command, and is
671therefore somewhat over-engineered, but it is simpler to use a single scheme
672that works both with and without PIPELINING instead of having two separate sets
673of code.
674
675The set of commands that are buffered up with pipelining may start with MAIL
676and may end with DATA; in between are RCPT commands that correspond to the
677addresses whose status is PENDING_DEFER. All other commands (STARTTLS, AUTH,
678etc.) are never buffered.
679
680Errors after MAIL or DATA abort the whole process leaving the response in the
681buffer. After MAIL, pending responses are flushed, and the original command is
682re-instated in big_buffer for error messages. For RCPT commands, the remote is
683permitted to reject some recipient addresses while accepting others. However
684certain errors clearly abort the whole process. Set the value in
685transport_return to PENDING_OK if the address is accepted. If there is a
686subsequent general error, it will get reset accordingly. If not, it will get
687converted to OK at the end.
688
689Arguments:
48c7f9e2
PH		 690 addrlist the complete address list
691 include_affixes TRUE if affixes include in RCPT
692 sync_addr ptr to the ptr of the one to start scanning at (updated)
693 host the host we are connected to
694 count the number of responses to read
695 address_retry_
696 include_sender true if 4xx retry is to include the sender it its key
697 pending_MAIL true if the first response is for MAIL
698 pending_DATA 0 if last command sent was not DATA
699 +1 if previously had a good recipient
700 -1 if not previously had a good recipient
701 inblock incoming SMTP block
702 timeout timeout value
703 buffer buffer for reading response
704 buffsize size of buffer
0756eb3c
PH		 705
706Returns: 3 if at least one address had 2xx and one had 5xx
707 2 if at least one address had 5xx but none had 2xx
708 1 if at least one host had a 2xx response, but none had 5xx
709 0 no address had 2xx or 5xx but no errors (all 4xx, or just DATA)
710 -1 timeout while reading RCPT response
711 -2 I/O or other non-response error for RCPT
712 -3 DATA or MAIL failed - errno and buffer set
713*/
714
715static int
716sync_responses(address_item *addrlist, BOOL include_affixes,
48c7f9e2
PH		 717 address_item **sync_addr, host_item *host, int count,
718 BOOL address_retry_include_sender, BOOL pending_MAIL,
0756eb3c
PH		 719 int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
720 int buffsize)
721{
722address_item *addr = *sync_addr;
723int yield = 0;
724
725/* Handle the response for a MAIL command. On error, reinstate the original
726command in big_buffer for error message use, and flush any further pending
727responses before returning, except after I/O errors and timeouts. */
728
729if (pending_MAIL)
730 {
731 count--;
732 if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
733 {
734 Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
735 if (errno == 0 && buffer[0] != 0)
736 {
737 uschar flushbuffer[4096];
e97957bc
PH		 738 int save_errno = 0;
739 if (buffer[0] == '4')
740 {
741 save_errno = ERRNO_MAIL4XX;
742 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
743 }
0756eb3c
PH		 744 while (count-- > 0)
745 {
746 if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
747 '2', timeout)
748 && (errno != 0 || flushbuffer[0] == 0))
749 break;
750 }
e97957bc 751 errno = save_errno;
0756eb3c
PH		 752 }
753 return -3;
754 }
755 }
756
757if (pending_DATA) count--; /* Number of RCPT responses to come */
758
759/* Read and handle the required number of RCPT responses, matching each one up
760with an address by scanning for the next address whose status is PENDING_DEFER.
761*/
762
763while (count-- > 0)
764 {
765 while (addr->transport_return != PENDING_DEFER) addr = addr->next;
766
767 /* The address was accepted */
768
769 if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
770 {
771 yield |= 1;
772 addr->transport_return = PENDING_OK;
773
774 /* If af_dr_retry_exists is set, there was a routing delay on this address;
09945f1e
PH		 775 ensure that any address-specific retry record is expunged. We do this both
776 for the basic key and for the version that also includes the sender. */
0756eb3c
PH		 777
778 if (testflag(addr, af_dr_retry_exists))
09945f1e
PH		 779 {
780 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
781 sender_address);
782 retry_add_item(addr, altkey, rf_delete);
0756eb3c 783 retry_add_item(addr, addr->address_retry_key, rf_delete);
09945f1e 784 }
0756eb3c
PH		 785 }
786
787 /* Timeout while reading the response */
788
789 else if (errno == ETIMEDOUT)
790 {
791 int save_errno = errno;
792 uschar *message = string_sprintf("SMTP timeout while connected to %s [%s] "
793 "after RCPT TO:<%s>", host->name, host->address,
794 transport_rcpt_address(addr, include_affixes));
447d236c 795 set_errno(addrlist, save_errno, message, DEFER, FALSE);
0756eb3c 796 retry_add_item(addr, addr->address_retry_key, 0);
f6c332bd 797 update_waiting = FALSE;
0756eb3c
PH		 798 return -1;
799 }
800
801 /* Handle other errors in obtaining an SMTP response by returning -1. This
802 will cause all the addresses to be deferred. Restore the SMTP command in
803 big_buffer for which we are checking the response, so the error message
804 makes sense. */
805
806 else if (errno != 0 || buffer[0] == 0)
807 {
808 string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
809 transport_rcpt_address(addr, include_affixes));
810 return -2;
811 }
812
813 /* Handle SMTP permanent and temporary response codes. */
814
815 else
816 {
817 addr->message =
447d236c 818 string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
0756eb3c
PH		 819 "host %s [%s]: %s", transport_rcpt_address(addr, include_affixes),
820 host->name, host->address, string_printing(buffer));
447d236c 821 setflag(addr, af_pass_message);
0756eb3c
PH		 822 deliver_msglog("%s %s\n", tod_stamp(tod_log), addr->message);
823
824 /* The response was 5xx */
825
826 if (buffer[0] == '5')
827 {
828 addr->transport_return = FAIL;
829 yield |= 2;
830 }
831
832 /* The response was 4xx */
833
834 else
835 {
0756eb3c
PH		 836 addr->transport_return = DEFER;
837 addr->basic_errno = ERRNO_RCPT4XX;
e97957bc 838 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
0756eb3c
PH		 839
840 /* Log temporary errors if there are more hosts to be tried. */
841
842 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", addr->message);
843
f6c332bd
PH		 844 /* Do not put this message on the list of those waiting for specific
845 hosts, as otherwise it is likely to be tried too often. */
0756eb3c 846
f6c332bd 847 update_waiting = FALSE;
0756eb3c 848
48c7f9e2
PH		 849 /* Add a retry item for the address so that it doesn't get tried again
850 too soon. If address_retry_include_sender is true, add the sender address
851 to the retry key. */
0756eb3c 852
48c7f9e2
PH		 853 if (address_retry_include_sender)
854 {
855 uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
856 sender_address);
857 retry_add_item(addr, altkey, 0);
858 }
859 else retry_add_item(addr, addr->address_retry_key, 0);
0756eb3c
PH		 860 }
861 }
862 } /* Loop for next RCPT response */
863
864/* Update where to start at for the next block of responses, unless we
865have already handled all the addresses. */
866
867if (addr != NULL) *sync_addr = addr->next;
868
869/* Handle a response to DATA. If we have not had any good recipients, either
870previously or in this block, the response is ignored. */
871
872if (pending_DATA != 0 &&
873 !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
874 {
875 int code;
876 uschar *msg;
447d236c 877 BOOL pass_message;
e97957bc
PH		 878 if (pending_DATA > 0 || (yield & 1) != 0)
879 {
880 if (errno == 0 && buffer[0] == '4')
881 {
882 errno = ERRNO_DATA4XX;
883 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
884 }
885 return -3;
886 }
447d236c 887 (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
0756eb3c
PH		 888 DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
889 "is in use and there were no good recipients\n", msg);
890 }
891
892/* All responses read and handled; MAIL (if present) received 2xx and DATA (if
893present) received 3xx. If any RCPTs were handled and yielded anything other
894than 4xx, yield will be set non-zero. */
895
896return yield;
897}
898
899
900
fcc8e047
JH		 901/* Do the client side of smtp-level authentication */
902/*
903Arguments:
904 buffer EHLO response from server (gets overwritten)
905 addrlist chain of potential addresses to deliver
906 host host to deliver to
907 ob transport options
908 ibp, obp comms channel control blocks
909
910Returns:
911 OK Success, or failed (but not required): global "smtp_authenticated" set
912 DEFER Failed authentication (and was required)
913 ERROR Internal problem
914
915 FAIL_SEND Failed communications - transmit
916 FAIL - response
917*/
918
919int
920smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
921 smtp_transport_options_block *ob, BOOL is_esmtp,
922 smtp_inblock *ibp, smtp_outblock *obp)
923{
924 int require_auth;
925 uschar *fail_reason = US"server did not advertise AUTH support";
926
927 smtp_authenticated = FALSE;
928 client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
929 require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
930 host->name, host->address, NULL);
931
932 if (is_esmtp && !regex_AUTH) regex_AUTH =
933 regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
934 FALSE, TRUE);
935
936 if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
937 {
938 uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
939 expand_nmax = -1; /* reset */
940
941 /* Must not do this check until after we have saved the result of the
942 regex match above. */
943
944 if (require_auth == OK ||
945 verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
946 host->address, NULL) == OK)
947 {
948 auth_instance *au;
949 fail_reason = US"no common mechanisms were found";
950
951 DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
952
953 /* Scan the configured authenticators looking for one which is configured
954 for use as a client, which is not suppressed by client_condition, and
955 whose name matches an authentication mechanism supported by the server.
956 If one is found, attempt to authenticate by calling its client function.
957 */
958
959 for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
960 {
961 uschar *p = names;
962 if (!au->client ||
963 (au->client_condition != NULL &&
964 !expand_check_condition(au->client_condition, au->name,
965 US"client authenticator")))
966 {
967 DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
968 au->name,
969 (au->client)? "client_condition is false" :
970 "not configured as a client");
971 continue;
972 }
973
974 /* Loop to scan supported server mechanisms */
975
976 while (*p != 0)
977 {
978 int rc;
979 int len = Ustrlen(au->public_name);
980 while (isspace(*p)) p++;
981
982 if (strncmpic(au->public_name, p, len) != 0 ||
983 (p[len] != 0 && !isspace(p[len])))
984 {
985 while (*p != 0 && !isspace(*p)) p++;
986 continue;
987 }
988
989 /* Found data for a listed mechanism. Call its client entry. Set
990 a flag in the outblock so that data is overwritten after sending so
991 that reflections don't show it. */
992
993 fail_reason = US"authentication attempt(s) failed";
994 obp->authenticating = TRUE;
995 rc = (au->info->clientcode)(au, ibp, obp,
996 ob->command_timeout, buffer, bufsize);
997 obp->authenticating = FALSE;
998 DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
999 au->name, rc);
1000
1001 /* A temporary authentication failure must hold up delivery to
1002 this host. After a permanent authentication failure, we carry on
1003 to try other authentication methods. If all fail hard, try to
1004 deliver the message unauthenticated unless require_auth was set. */
1005
1006 switch(rc)
1007 {
1008 case OK:
1009 smtp_authenticated = TRUE; /* stops the outer loop */
1010 client_authenticator = au->name;
1011 if (au->set_client_id != NULL)
1012 client_authenticated_id = expand_string(au->set_client_id);
1013 break;
1014
1015 /* Failure after writing a command */
1016
1017 case FAIL_SEND:
1018 return FAIL_SEND;
1019
1020 /* Failure after reading a response */
1021
1022 case FAIL:
1023 if (errno != 0 || buffer[0] != '5') return FAIL;
1024 log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
1025 au->name, host->name, host->address, buffer);
1026 break;
1027
1028 /* Failure by some other means. In effect, the authenticator
1029 decided it wasn't prepared to handle this case. Typically this
1030 is the result of "fail" in an expansion string. Do we need to
1031 log anything here? Feb 2006: a message is now put in the buffer
1032 if logging is required. */
1033
1034 case CANCELLED:
1035 if (*buffer != 0)
1036 log_write(0, LOG_MAIN, "%s authenticator cancelled "
1037 "authentication H=%s [%s] %s", au->name, host->name,
1038 host->address, buffer);
1039 break;
1040
1041 /* Internal problem, message in buffer. */
1042
1043 case ERROR:
1044 set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
1045 return ERROR;
1046 }
1047
1048 break; /* If not authenticated, try next authenticator */
1049 } /* Loop for scanning supported server mechanisms */
1050 } /* Loop for further authenticators */
1051 }
1052 }
1053
1054 /* If we haven't authenticated, but are required to, give up. */
1055
1056 if (require_auth == OK && !smtp_authenticated)
1057 {
1058 set_errno(addrlist, ERRNO_AUTHFAIL,
1059 string_sprintf("authentication required but %s", fail_reason), DEFER,
1060 FALSE);
1061 return DEFER;
1062 }
4d8d62b9 1063
fcc8e047
JH		 1064 return OK;
1065}
1066
1067
1068/* Construct AUTH appendix string for MAIL TO */
1069/*
1070Arguments
1071 buffer to build string
1072 addrlist chain of potential addresses to deliver
1073 ob transport options
1074
1075Globals smtp_authenticated
1076 client_authenticated_sender
1077Return True on error, otherwise buffer has (possibly empty) terminated string
1078*/
1079
1080BOOL
1081smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
1082 smtp_transport_options_block *ob)
1083{
1084uschar *local_authenticated_sender = authenticated_sender;
1085
1086#ifdef notdef
1087 debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
1088#endif
1089
1090if (ob->authenticated_sender != NULL)
1091 {
1092 uschar *new = expand_string(ob->authenticated_sender);
1093 if (new == NULL)
1094 {
1095 if (!expand_string_forcedfail)
1096 {
1097 uschar *message = string_sprintf("failed to expand "
1098 "authenticated_sender: %s", expand_string_message);
1099 set_errno(addrlist, 0, message, DEFER, FALSE);
1100 return TRUE;
1101 }
1102 }
1103 else if (new[0] != 0) local_authenticated_sender = new;
1104 }
1105
1106/* Add the authenticated sender address if present */
1107
1108if ((smtp_authenticated || ob->authenticated_sender_force) &&
1109 local_authenticated_sender != NULL)
1110 {
1111 string_format(buffer, bufsize, " AUTH=%s",
1112 auth_xtextencode(local_authenticated_sender,
1113 Ustrlen(local_authenticated_sender)));
1114 client_authenticated_sender = string_copy(local_authenticated_sender);
1115 }
1116else
1117 *buffer= 0;
1118
1119return FALSE;
1120}
1121
1122
1123
0756eb3c
PH		 1124/*************************************************
1125* Deliver address list to given host *
1126*************************************************/
1127
1128/* If continue_hostname is not null, we get here only when continuing to
1129deliver down an existing channel. The channel was passed as the standard
6c512171
PH		 1130input. TLS is never active on a passed channel; the previous process always
1131closes it down before passing the connection on.
0756eb3c
PH		 1132
1133Otherwise, we have to make a connection to the remote host, and do the
1134initial protocol exchange.
1135
1136When running as an MUA wrapper, if the sender or any recipient is rejected,
1137temporarily or permanently, we force failure for all recipients.
1138
1139Arguments:
1140 addrlist chain of potential addresses to deliver; only those whose
1141 transport_return field is set to PENDING_DEFER are currently
1142 being processed; others should be skipped - they have either
1143 been delivered to an earlier host or IP address, or been
1144 failed by one of them.
1145 host host to deliver to
1146 host_af AF_INET or AF_INET6
2d280592 1147 port default TCP/IP port to use, in host byte order
0756eb3c
PH		 1148 interface interface to bind to, or NULL
1149 tblock transport instance block
1150 copy_host TRUE if host set in addr->host_used must be copied, because
1151 it is specific to this call of the transport
1152 message_defer set TRUE if yield is OK, but all addresses were deferred
1153 because of a non-recipient, non-host failure, that is, a
1154 4xx response to MAIL FROM, DATA, or ".". This is a defer
1155 that is specific to the message.
1156 suppress_tls if TRUE, don't attempt a TLS connection - this is set for
1157 a second attempt after TLS initialization fails
1158
1159Returns: OK - the connection was made and the delivery attempted;
1160 the result for each address is in its data block.
1161 DEFER - the connection could not be made, or something failed
1162 while setting up the SMTP session, or there was a
1163 non-message-specific error, such as a timeout.
1164 ERROR - a filter command is specified for this transport,
1165 and there was a problem setting it up; OR helo_data
1166 or add_headers or authenticated_sender is specified
1167 for this transport, and the string failed to expand
1168*/
1169
1170static int
1171smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
1172 uschar *interface, transport_instance *tblock, BOOL copy_host,
1173 BOOL *message_defer, BOOL suppress_tls)
1174{
1175address_item *addr;
1176address_item *sync_addr;
1177address_item *first_addr = addrlist;
1178int yield = OK;
1179int address_count;
1180int save_errno;
1181int rc;
1182time_t start_delivery_time = time(NULL);
1183smtp_transport_options_block *ob =
1184 (smtp_transport_options_block *)(tblock->options_block);
1185BOOL lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
061b7ebd 1186BOOL smtps = strcmpic(ob->protocol, US"smtps") == 0;
0756eb3c
PH		 1187BOOL ok = FALSE;
1188BOOL send_rset = TRUE;
1189BOOL send_quit = TRUE;
1190BOOL setting_up = TRUE;
1191BOOL completed_address = FALSE;
1192BOOL esmtp = TRUE;
1193BOOL pending_MAIL;
447d236c 1194BOOL pass_message = FALSE;
8ccd00b1 1195#ifndef DISABLE_PRDR
fd98a5c6
JH		 1196BOOL prdr_offered = FALSE;
1197BOOL prdr_active;
1198#endif
0756eb3c
PH		 1199smtp_inblock inblock;
1200smtp_outblock outblock;
1201int max_rcpt = tblock->max_addresses;
f1513293 1202uschar *igquotstr = US"";
41c7c167 1203uschar *helo_data = NULL;
0756eb3c
PH		 1204uschar *message = NULL;
1205uschar new_message_id[MESSAGE_ID_LENGTH + 1];
1206uschar *p;
1207uschar buffer[4096];
1208uschar inbuffer[4096];
1209uschar outbuffer[1024];
1210
1211suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
1212
1213*message_defer = FALSE;
1214smtp_command = US"initial connection";
1215if (max_rcpt == 0) max_rcpt = 999999;
1216
1217/* Set up the buffer for reading SMTP response packets. */
1218
1219inblock.buffer = inbuffer;
1220inblock.buffersize = sizeof(inbuffer);
1221inblock.ptr = inbuffer;
1222inblock.ptrend = inbuffer;
1223
1224/* Set up the buffer for holding SMTP commands while pipelining */
1225
1226outblock.buffer = outbuffer;
1227outblock.buffersize = sizeof(outbuffer);
1228outblock.ptr = outbuffer;
1229outblock.cmd_count = 0;
1230outblock.authenticating = FALSE;
1231
6c512171
PH		 1232/* Reset the parameters of a TLS session. */
1233
817d9f57
JH		 1234tls_out.bits = 0;
1235tls_out.cipher = NULL; /* the one we may use for this transport */
9d1c15ef
JH		 1236tls_out.ourcert = NULL;
1237tls_out.peercert = NULL;
817d9f57
JH		 1238tls_out.peerdn = NULL;
1239#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
1240tls_out.sni = NULL;
5b456975 1241#endif
018058b2 1242tls_out.ocsp = OCSP_NOT_REQ;
6c512171 1243
35aba663
JH		 1244/* Flip the legacy TLS-related variables over to the outbound set in case
1245they're used in the context of the transport. Don't bother resetting
1246afterward as we're in a subprocess. */
1247
1248tls_modify_variables(&tls_out);
1249
061b7ebd
PP		 1250#ifndef SUPPORT_TLS
1251if (smtps)
1252 {
018058b2
JH		 1253 set_errno(addrlist, 0, US"TLS support not available", DEFER, FALSE);
1254 return ERROR;
061b7ebd
PP		 1255 }
1256#endif
1257
0756eb3c
PH		 1258/* Make a connection to the host if this isn't a continued delivery, and handle
1259the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
1260specially so they can be identified for retries. */
1261
1262if (continue_hostname == NULL)
1263 {
1264 inblock.sock = outblock.sock =
1265 smtp_connect(host, host_af, port, interface, ob->connect_timeout,
9e4f5962 1266 ob->keepalive, ob->dscp); /* This puts port into host->port */
4311097e 1267
0756eb3c
PH		 1268 if (inblock.sock < 0)
1269 {
1270 set_errno(addrlist, (errno == ETIMEDOUT)? ERRNO_CONNECTTIMEOUT : errno,
447d236c 1271 NULL, DEFER, FALSE);
0756eb3c
PH		 1272 return DEFER;
1273 }
1274
41c7c167
PH		 1275 /* Expand the greeting message while waiting for the initial response. (Makes
1276 sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
1277 delayed till here so that $sending_interface and $sending_port are set. */
1278
1279 helo_data = expand_string(ob->helo_data);
1280
0756eb3c
PH		 1281 /* The first thing is to wait for an initial OK response. The dreaded "goto"
1282 is nevertheless a reasonably clean way of programming this kind of logic,
1283 where you want to escape on any error. */
1284
061b7ebd
PP		 1285 if (!smtps)
1286 {
1287 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1288 ob->command_timeout)) goto RESPONSE_FAILED;
0756eb3c 1289
061b7ebd
PP		 1290 /* Now check if the helo_data expansion went well, and sign off cleanly if
1291 it didn't. */
41c7c167 1292
061b7ebd
PP		 1293 if (helo_data == NULL)
1294 {
1295 uschar *message = string_sprintf("failed to expand helo_data: %s",
1296 expand_string_message);
1297 set_errno(addrlist, 0, message, DEFER, FALSE);
1298 yield = DEFER;
1299 goto SEND_QUIT;
1300 }
41c7c167
PH		 1301 }
1302
0756eb3c
PH		 1303/** Debugging without sending a message
1304addrlist->transport_return = DEFER;
1305goto SEND_QUIT;
1306**/
1307
1308 /* Errors that occur after this point follow an SMTP command, which is
1309 left in big_buffer by smtp_write_command() for use in error messages. */
1310
1311 smtp_command = big_buffer;
1312
1313 /* Tell the remote who we are...
1314
1315 February 1998: A convention has evolved that ESMTP-speaking MTAs include the
1316 string "ESMTP" in their greeting lines, so make Exim send EHLO if the
1317 greeting is of this form. The assumption was that the far end supports it
1318 properly... but experience shows that there are some that give 5xx responses,
1319 even though the banner includes "ESMTP" (there's a bloody-minded one that
1320 says "ESMTP not spoken here"). Cope with that case.
1321
1322 September 2000: Time has passed, and it seems reasonable now to always send
1323 EHLO at the start. It is also convenient to make the change while installing
1324 the TLS stuff.
1325
1326 July 2003: Joachim Wieland met a broken server that advertises "PIPELINING"
1327 but times out after sending MAIL FROM, RCPT TO and DATA all together. There
1328 would be no way to send out the mails, so there is now a host list
1329 "hosts_avoid_esmtp" that disables ESMTP for special hosts and solves the
1330 PIPELINING problem as well. Maybe it can also be useful to cure other
1331 problems with broken servers.
1332
1333 Exim originally sent "Helo" at this point and ran for nearly a year that way.
1334 Then somebody tried it with a Microsoft mailer... It seems that all other
1335 mailers use upper case for some reason (the RFC is quite clear about case
1336 independence) so, for peace of mind, I gave in. */
1337
1338 esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
1339 host->name, host->address, NULL) != OK;
1340
061b7ebd
PP		 1341 /* Alas; be careful, since this goto is not an error-out, so conceivably
1342 we might set data between here and the target which we assume to exist
1343 and be usable. I can see this coming back to bite us. */
1344 #ifdef SUPPORT_TLS
1345 if (smtps)
1346 {
1347 tls_offered = TRUE;
1348 suppress_tls = FALSE;
1349 ob->tls_tempfail_tryclear = FALSE;
1350 smtp_command = US"SSL-on-connect";
1351 goto TLS_NEGOTIATE;
1352 }
1353 #endif
1354
0756eb3c
PH		 1355 if (esmtp)
1356 {
1357 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1358 lmtp? "LHLO" : "EHLO", helo_data) < 0)
1359 goto SEND_FAILED;
1360 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1361 ob->command_timeout))
1362 {
1363 if (errno != 0 || buffer[0] == 0 || lmtp) goto RESPONSE_FAILED;
1364 esmtp = FALSE;
1365 }
1366 }
1367 else
1368 {
1369 DEBUG(D_transport)
1370 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
1371 }
1372
1373 if (!esmtp)
1374 {
1375 if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
1376 goto SEND_FAILED;
1377 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1378 ob->command_timeout)) goto RESPONSE_FAILED;
1379 }
1380
f1513293
PH		 1381 /* Set IGNOREQUOTA if the response to LHLO specifies support and the
1382 lmtp_ignore_quota option was set. */
1383
1384 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1385 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1386 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1387
0756eb3c
PH		 1388 /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
1389
1390 #ifdef SUPPORT_TLS
1391 tls_offered = esmtp &&
1392 pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
1393 PCRE_EOPT, NULL, 0) >= 0;
1394 #endif
fd98a5c6 1395
8ccd00b1 1396 #ifndef DISABLE_PRDR
fd98a5c6
JH		 1397 prdr_offered = esmtp &&
1398 (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
1399 PCRE_EOPT, NULL, 0) >= 0) &&
1400 (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1401 host->address, NULL) == OK);
1402
1403 if (prdr_offered)
1404 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1405 #endif
0756eb3c
PH		 1406 }
1407
1408/* For continuing deliveries down the same channel, the socket is the standard
1409input, and we don't need to redo EHLO here (but may need to do so for TLS - see
1410below). Set up the pointer to where subsequent commands will be left, for
1411error messages. Note that smtp_use_size and smtp_use_pipelining will have been
1412set from the command line if they were set in the process that passed the
1413connection on. */
1414
1415else
1416 {
1417 inblock.sock = outblock.sock = fileno(stdin);
1418 smtp_command = big_buffer;
4311097e 1419 host->port = port; /* Record the port that was used */
0756eb3c
PH		 1420 }
1421
1422/* If TLS is available on this connection, whether continued or not, attempt to
1423start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
1424send another EHLO - the server may give a different answer in secure mode. We
1425use a separate buffer for reading the response to STARTTLS so that if it is
1426negative, the original EHLO data is available for subsequent analysis, should
1427the client not be required to use TLS. If the response is bad, copy the buffer
1428for error analysis. */
1429
1430#ifdef SUPPORT_TLS
1431if (tls_offered && !suppress_tls &&
1432 verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
1433 host->address, NULL) != OK)
1434 {
1435 uschar buffer2[4096];
1436 if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
1437 goto SEND_FAILED;
1438
1439 /* If there is an I/O error, transmission of this message is deferred. If
1440 there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
1441 false, we also defer. However, if there is a temporary rejection of STARTTLS
1442 and tls_tempfail_tryclear is true, or if there is an outright rejection of
1443 STARTTLS, we carry on. This means we will try to send the message in clear,
1444 unless the host is in hosts_require_tls (tested below). */
1445
1446 if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
1447 ob->command_timeout))
1448 {
0756eb3c
PH		 1449 if (errno != 0 || buffer2[0] == 0 ||
1450 (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
0dda4340
TK		 1451 {
1452 Ustrncpy(buffer, buffer2, sizeof(buffer));
0756eb3c 1453 goto RESPONSE_FAILED;
0dda4340 1454 }
0756eb3c
PH		 1455 }
1456
1457 /* STARTTLS accepted: try to negotiate a TLS session. */
1458
1459 else
061b7ebd 1460 TLS_NEGOTIATE:
0756eb3c 1461 {
65867078 1462 int rc = tls_client_start(inblock.sock, host, addrlist, ob);
0756eb3c
PH		 1463
1464 /* TLS negotiation failed; give an error. From outside, this function may
1465 be called again to try in clear on a new connection, if the options permit
1466 it for this host. */
1467
1468 if (rc != OK)
1469 {
1470 save_errno = ERRNO_TLSFAILURE;
1471 message = US"failure while setting up TLS session";
1472 send_quit = FALSE;
1473 goto TLS_FAILED;
1474 }
1475
1476 /* TLS session is set up */
1477
1478 for (addr = addrlist; addr != NULL; addr = addr->next)
1479 {
5ca2a9a1
PH		 1480 if (addr->transport_return == PENDING_DEFER)
1481 {
817d9f57 1482 addr->cipher = tls_out.cipher;
9d1c15ef
JH		 1483 addr->ourcert = tls_out.ourcert;
1484 addr->peercert = tls_out.peercert;
817d9f57 1485 addr->peerdn = tls_out.peerdn;
018058b2 1486 addr->ocsp = tls_out.ocsp;
5ca2a9a1 1487 }
0756eb3c
PH		 1488 }
1489 }
1490 }
1491
061b7ebd
PP		 1492/* if smtps, we'll have smtp_command set to something else; always safe to
1493reset it here. */
1494smtp_command = big_buffer;
1495
41c7c167
PH		 1496/* If we started TLS, redo the EHLO/LHLO exchange over the secure channel. If
1497helo_data is null, we are dealing with a connection that was passed from
1498another process, and so we won't have expanded helo_data above. We have to
1499expand it here. $sending_ip_address and $sending_port are set up right at the
1500start of the Exim process (in exim.c). */
0756eb3c 1501
817d9f57 1502if (tls_out.active >= 0)
0756eb3c 1503 {
061b7ebd 1504 char *greeting_cmd;
41c7c167
PH		 1505 if (helo_data == NULL)
1506 {
1507 helo_data = expand_string(ob->helo_data);
1508 if (helo_data == NULL)
1509 {
1510 uschar *message = string_sprintf("failed to expand helo_data: %s",
1511 expand_string_message);
1512 set_errno(addrlist, 0, message, DEFER, FALSE);
1513 yield = DEFER;
1514 goto SEND_QUIT;
1515 }
1516 }
1517
0d0e4455 1518 /* For SMTPS we need to wait for the initial OK response. */
061b7ebd
PP		 1519 if (smtps)
1520 {
1521 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1522 ob->command_timeout)) goto RESPONSE_FAILED;
0d0e4455
PP		 1523 }
1524
1525 if (esmtp)
1526 greeting_cmd = "EHLO";
1527 else
1528 {
1529 greeting_cmd = "HELO";
1530 DEBUG(D_transport)
1531 debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
061b7ebd
PP		 1532 }
1533
1534 if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
1535 lmtp? "LHLO" : greeting_cmd, helo_data) < 0)
0756eb3c
PH		 1536 goto SEND_FAILED;
1537 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1538 ob->command_timeout))
1539 goto RESPONSE_FAILED;
1540 }
1541
1542/* If the host is required to use a secure channel, ensure that we
1543have one. */
1544
1545else if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
1546 host->address, NULL) == OK)
1547 {
1548 save_errno = ERRNO_TLSREQUIRED;
1549 message = string_sprintf("a TLS session is required for %s [%s], but %s",
1550 host->name, host->address,
1551 tls_offered? "an attempt to start TLS failed" :
1552 "the server did not offer TLS support");
1553 goto TLS_FAILED;
1554 }
1555#endif
1556
1557/* If TLS is active, we have just started it up and re-done the EHLO command,
1558so its response needs to be analyzed. If TLS is not active and this is a
1559continued session down a previously-used socket, we haven't just done EHLO, so
1560we skip this. */
1561
1562if (continue_hostname == NULL
1563 #ifdef SUPPORT_TLS
817d9f57 1564 || tls_out.active >= 0
0756eb3c
PH		 1565 #endif
1566 )
1567 {
f1513293
PH		 1568 /* Set for IGNOREQUOTA if the response to LHLO specifies support and the
1569 lmtp_ignore_quota option was set. */
1570
1571 igquotstr = (lmtp && ob->lmtp_ignore_quota &&
1572 pcre_exec(regex_IGNOREQUOTA, NULL, CS buffer, Ustrlen(CS buffer), 0,
1573 PCRE_EOPT, NULL, 0) >= 0)? US" IGNOREQUOTA" : US"";
1574
0756eb3c
PH		 1575 /* If the response to EHLO specified support for the SIZE parameter, note
1576 this, provided size_addition is non-negative. */
1577
1578 smtp_use_size = esmtp && ob->size_addition >= 0 &&
1579 pcre_exec(regex_SIZE, NULL, CS buffer, Ustrlen(CS buffer), 0,
1580 PCRE_EOPT, NULL, 0) >= 0;
1581
1582 /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
c51b8e75
PH		 1583 the current host, esmtp will be false, so PIPELINING can never be used. If
1584 the current host matches hosts_avoid_pipelining, don't do it. */
0756eb3c
PH		 1585
1586 smtp_use_pipelining = esmtp &&
c51b8e75
PH		 1587 verify_check_this_host(&(ob->hosts_avoid_pipelining), NULL, host->name,
1588 host->address, NULL) != OK &&
0756eb3c
PH		 1589 pcre_exec(regex_PIPELINING, NULL, CS buffer, Ustrlen(CS buffer), 0,
1590 PCRE_EOPT, NULL, 0) >= 0;
1591
1592 DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
1593 smtp_use_pipelining? "" : "not ");
1594
8ccd00b1 1595#ifndef DISABLE_PRDR
fd98a5c6
JH		 1596 prdr_offered = esmtp &&
1597 pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
1598 PCRE_EOPT, NULL, 0) >= 0 &&
1599 verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
1600 host->address, NULL) == OK;
1601
1602 if (prdr_offered)
1603 {DEBUG(D_transport) debug_printf("PRDR usable\n");}
1604#endif
1605
0756eb3c
PH		 1606 /* Note if the response to EHLO specifies support for the AUTH extension.
1607 If it has, check that this host is one we want to authenticate to, and do
1608 the business. The host name and address must be available when the
1609 authenticator's client driver is running. */
1610
fcc8e047
JH		 1611 switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
1612 ob, esmtp, &inblock, &outblock))
0756eb3c 1613 {
fcc8e047
JH		 1614 default: goto SEND_QUIT;
1615 case OK: break;
1616 case FAIL_SEND: goto SEND_FAILED;
1617 case FAIL: goto RESPONSE_FAILED;
0756eb3c
PH		 1618 }
1619 }
1620
1621/* The setting up of the SMTP call is now complete. Any subsequent errors are
1622message-specific. */
1623
1624setting_up = FALSE;
1625
1626/* If there is a filter command specified for this transport, we can now
1627set it up. This cannot be done until the identify of the host is known. */
1628
1629if (tblock->filter_command != NULL)
1630 {
1631 BOOL rc;
1632 uschar buffer[64];
1633 sprintf(CS buffer, "%.50s transport", tblock->name);
1634 rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
1635 TRUE, DEFER, addrlist, buffer, NULL);
9b989985 1636 transport_filter_timeout = tblock->filter_timeout;
0756eb3c
PH		 1637
1638 /* On failure, copy the error to all addresses, abandon the SMTP call, and
1639 yield ERROR. */
1640
1641 if (!rc)
1642 {
447d236c
PH		 1643 set_errno(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
1644 FALSE);
0756eb3c
PH		 1645 yield = ERROR;
1646 goto SEND_QUIT;
1647 }
1648 }
1649
1650
1651/* For messages that have more than the maximum number of envelope recipients,
1652we want to send several transactions down the same SMTP connection. (See
1653comments in deliver.c as to how this reconciles, heuristically, with
1654remote_max_parallel.) This optimization was added to Exim after the following
1655code was already working. The simplest way to put it in without disturbing the
1656code was to use a goto to jump back to this point when there is another
1657transaction to handle. */
1658
1659SEND_MESSAGE:
1660sync_addr = first_addr;
1661address_count = 0;
1662ok = FALSE;
1663send_rset = TRUE;
1664completed_address = FALSE;
1665
1666
1667/* Initiate a message transfer. If we know the receiving MTA supports the SIZE
1668qualification, send it, adding something to the message size to allow for
1669imprecision and things that get added en route. Exim keeps the number of lines
1670in a message, so we can give an accurate value for the original message, but we
1671need some additional to handle added headers. (Double "." characters don't get
1672included in the count.) */
1673
1674p = buffer;
1675*p = 0;
1676
1677if (smtp_use_size)
1678 {
1679 sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
1680 while (*p) p++;
1681 }
1682
8ccd00b1 1683#ifndef DISABLE_PRDR
fd98a5c6
JH		 1684prdr_active = FALSE;
1685if (prdr_offered)
1686 {
1687 for (addr = first_addr; addr; addr = addr->next)
1688 if (addr->transport_return == PENDING_DEFER)
1689 {
1690 for (addr = addr->next; addr; addr = addr->next)
1691 if (addr->transport_return == PENDING_DEFER)
1692 { /* at least two recipients to send */
1693 prdr_active = TRUE;
1694 sprintf(CS p, " PRDR"); p += 5;
1695 goto prdr_is_active;
1696 }
1697 break;
1698 }
1699 }
1700prdr_is_active:
1701#endif
1702
6b62e899
JH		 1703/* If an authenticated_sender override has been specified for this transport
1704instance, expand it. If the expansion is forced to fail, and there was already
1705an authenticated_sender for this message, the original value will be used.
1706Other expansion failures are serious. An empty result is ignored, but there is
1707otherwise no check - this feature is expected to be used with LMTP and other
1708cases where non-standard addresses (e.g. without domains) might be required. */
1709
fcc8e047
JH		 1710if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
1711 return ERROR;
0756eb3c
PH		 1712
1713/* From here until we send the DATA command, we can make use of PIPELINING
1714if the server host supports it. The code has to be able to check the responses
1715at any point, for when the buffer fills up, so we write it totally generally.
1716When PIPELINING is off, each command written reports that it has flushed the
1717buffer. */
1718
1719pending_MAIL = TRUE; /* The block starts with MAIL */
1720
1721rc = smtp_write_command(&outblock, smtp_use_pipelining,
1722 "MAIL FROM:<%s>%s\r\n", return_path, buffer);
1723mail_command = string_copy(big_buffer); /* Save for later error message */
1724
1725switch(rc)
1726 {
1727 case -1: /* Transmission error */
1728 goto SEND_FAILED;
1729
1730 case +1: /* Block was sent */
1731 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
e97957bc
PH		 1732 ob->command_timeout))
1733 {
1734 if (errno == 0 && buffer[0] == '4')
1735 {
1736 errno = ERRNO_MAIL4XX;
1737 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1738 }
1739 goto RESPONSE_FAILED;
1740 }
0756eb3c
PH		 1741 pending_MAIL = FALSE;
1742 break;
1743 }
1744
1745/* Pass over all the relevant recipient addresses for this host, which are the
1746ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
1747several before we have to read the responses for those seen so far. This
1748checking is done by a subroutine because it also needs to be done at the end.
1749Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
1750the next one if not all are sent.
1751
1752In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
1753last address because we want to abort if any recipients have any kind of
1754problem, temporary or permanent. We know that all recipient addresses will have
1755the PENDING_DEFER status, because only one attempt is ever made, and we know
1756that max_rcpt will be large, so all addresses will be done at once. */
1757
1758for (addr = first_addr;
1759 address_count < max_rcpt && addr != NULL;
1760 addr = addr->next)
1761 {
1762 int count;
1763 BOOL no_flush;
1764
1765 if (addr->transport_return != PENDING_DEFER) continue;
1766
1767 address_count++;
1768 no_flush = smtp_use_pipelining && (!mua_wrapper || addr->next != NULL);
1769
1770 /* Now send the RCPT command, and process outstanding responses when
1771 necessary. After a timeout on RCPT, we just end the function, leaving the
1772 yield as OK, because this error can often mean that there is a problem with
1773 just one address, so we don't want to delay the host. */
1774
f1513293
PH		 1775 count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s\r\n",
1776 transport_rcpt_address(addr, tblock->rcpt_include_affixes), igquotstr);
0756eb3c
PH		 1777 if (count < 0) goto SEND_FAILED;
1778 if (count > 0)
1779 {
1780 switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
48c7f9e2
PH		 1781 &sync_addr, host, count, ob->address_retry_include_sender,
1782 pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
1783 sizeof(buffer)))
0756eb3c
PH		 1784 {
1785 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1786 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1787 break;
1788
1789 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1790 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1791 case 0: /* No 2xx or 5xx, but no probs */
1792 break;
1793
1794 case -1: goto END_OFF; /* Timeout on RCPT */
1795 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
1796 }
1797 pending_MAIL = FALSE; /* Dealt with MAIL */
1798 }
1799 } /* Loop for next address */
1800
1801/* If we are an MUA wrapper, abort if any RCPTs were rejected, either
1802permanently or temporarily. We should have flushed and synced after the last
1803RCPT. */
1804
1805if (mua_wrapper)
1806 {
1807 address_item *badaddr;
1808 for (badaddr = first_addr; badaddr != NULL; badaddr = badaddr->next)
1809 {
1810 if (badaddr->transport_return != PENDING_OK) break;
1811 }
1812 if (badaddr != NULL)
1813 {
447d236c
PH		 1814 set_errno(addrlist, 0, badaddr->message, FAIL,
1815 testflag(badaddr, af_pass_message));
0756eb3c
PH		 1816 ok = FALSE;
1817 }
1818 }
1819
1820/* If ok is TRUE, we know we have got at least one good recipient, and must now
1821send DATA, but if it is FALSE (in the normal, non-wrapper case), we may still
1822have a good recipient buffered up if we are pipelining. We don't want to waste
1823time sending DATA needlessly, so we only send it if either ok is TRUE or if we
1824are pipelining. The responses are all handled by sync_responses(). */
1825
1826if (ok || (smtp_use_pipelining && !mua_wrapper))
1827 {
1828 int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
1829 if (count < 0) goto SEND_FAILED;
1830 switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
48c7f9e2
PH		 1831 host, count, ob->address_retry_include_sender, pending_MAIL,
1832 ok? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
0756eb3c
PH		 1833 {
1834 case 3: ok = TRUE; /* 2xx & 5xx => OK & progress made */
1835 case 2: completed_address = TRUE; /* 5xx (only) => progress made */
1836 break;
1837
1838 case 1: ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
1839 if (!lmtp) completed_address = TRUE; /* can't tell about progress yet */
1840 case 0: break; /* No 2xx or 5xx, but no probs */
1841
1842 case -1: goto END_OFF; /* Timeout on RCPT */
1843 default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
1844 }
1845 }
1846
1847/* Save the first address of the next batch. */
1848
1849first_addr = addr;
1850
1851/* If there were no good recipients (but otherwise there have been no
1852problems), just set ok TRUE, since we have handled address-specific errors
1853already. Otherwise, it's OK to send the message. Use the check/escape mechanism
1854for handling the SMTP dot-handling protocol, flagging to apply to headers as
1855well as body. Set the appropriate timeout value to be used for each chunk.
1856(Haven't been able to make it work using select() for writing yet.) */
1857
1858if (!ok) ok = TRUE; else
1859 {
1860 sigalrm_seen = FALSE;
1861 transport_write_timeout = ob->data_timeout;
1862 smtp_command = US"sending data block"; /* For error messages */
1863 DEBUG(D_transport|D_v)
1864 debug_printf(" SMTP>> writing message and terminating \".\"\n");
1865 transport_count = 0;
80a47a2c 1866#ifndef DISABLE_DKIM
4cd12fe9
TK		 1867 ok = dkim_transport_write_message(addrlist, inblock.sock,
1868 topt_use_crlf | topt_end_dot | topt_escape_headers |
1869 (tblock->body_only? topt_no_headers : 0) |
1870 (tblock->headers_only? topt_no_body : 0) |
1871 (tblock->return_path_add? topt_add_return_path : 0) |
1872 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1873 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1874 0, /* No size limit */
1875 tblock->add_headers, tblock->remove_headers,
1876 US".", US"..", /* Escaping strings */
1877 tblock->rewrite_rules, tblock->rewrite_existflags,
1878 ob->dkim_private_key, ob->dkim_domain, ob->dkim_selector,
80a47a2c 1879 ob->dkim_canon, ob->dkim_strict, ob->dkim_sign_headers
4cd12fe9
TK		 1880 );
1881#else
0756eb3c
PH		 1882 ok = transport_write_message(addrlist, inblock.sock,
1883 topt_use_crlf | topt_end_dot | topt_escape_headers |
1884 (tblock->body_only? topt_no_headers : 0) |
1885 (tblock->headers_only? topt_no_body : 0) |
1886 (tblock->return_path_add? topt_add_return_path : 0) |
1887 (tblock->delivery_date_add? topt_add_delivery_date : 0) |
1888 (tblock->envelope_to_add? topt_add_envelope_to : 0),
1889 0, /* No size limit */
1890 tblock->add_headers, tblock->remove_headers,
1891 US".", US"..", /* Escaping strings */
1892 tblock->rewrite_rules, tblock->rewrite_existflags);
4cd12fe9 1893#endif
0756eb3c
PH		 1894
1895 /* transport_write_message() uses write() because it is called from other
1896 places to write to non-sockets. This means that under some OS (e.g. Solaris)
1897 it can exit with "Broken pipe" as its error. This really means that the
1898 socket got closed at the far end. */
1899
1900 transport_write_timeout = 0; /* for subsequent transports */
1901
1902 /* Failure can either be some kind of I/O disaster (including timeout),
1903 or the failure of a transport filter or the expansion of added headers. */
1904
1905 if (!ok)
1906 {
1907 buffer[0] = 0; /* There hasn't been a response */
1908 goto RESPONSE_FAILED;
1909 }
1910
1911 /* We used to send the terminating "." explicitly here, but because of
1912 buffering effects at both ends of TCP/IP connections, you don't gain
1913 anything by keeping it separate, so it might as well go in the final
1914 data buffer for efficiency. This is now done by setting the topt_end_dot
1915 flag above. */
1916
1917 smtp_command = US"end of data";
1918
8ccd00b1 1919#ifndef DISABLE_PRDR
fd98a5c6
JH		 1920 /* For PRDR we optionally get a partial-responses warning
1921 * followed by the individual responses, before going on with
1922 * the overall response. If we don't get the warning then deal
1923 * with per non-PRDR. */
1924 if(prdr_active)
1925 {
1926 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
1927 ob->final_timeout);
1928 if (!ok && errno == 0)
1929 switch(buffer[0])
1930 {
1931 case '2': prdr_active = FALSE;
1932 ok = TRUE;
1933 break;
1934 case '4': errno = ERRNO_DATA4XX;
1935 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1936 break;
1937 }
1938 }
1939 else
1940#endif
1941
1942 /* For non-PRDR SMTP, we now read a single response that applies to the
1943 whole message. If it is OK, then all the addresses have been delivered. */
0756eb3c 1944
e97957bc
PH		 1945 if (!lmtp)
1946 {
1947 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
1948 ob->final_timeout);
1949 if (!ok && errno == 0 && buffer[0] == '4')
1950 {
1951 errno = ERRNO_DATA4XX;
1952 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
1953 }
1954 }
0756eb3c
PH		 1955
1956 /* For LMTP, we get back a response for every RCPT command that we sent;
1957 some may be accepted and some rejected. For those that get a response, their
1958 status is fixed; any that are accepted have been handed over, even if later
1959 responses crash - at least, that's how I read RFC 2033.
1960
1961 If all went well, mark the recipient addresses as completed, record which
1962 host/IPaddress they were delivered to, and cut out RSET when sending another
1963 message down the same channel. Write the completed addresses to the journal
1964 now so that they are recorded in case there is a crash of hardware or
1965 software before the spool gets updated. Also record the final SMTP
1966 confirmation if needed (for SMTP only). */
1967
1968 if (ok)
1969 {
1970 int flag = '=';
1971 int delivery_time = (int)(time(NULL) - start_delivery_time);
1972 int len;
1973 host_item *thost;
1974 uschar *conf = NULL;
1975 send_rset = FALSE;
1976
1977 /* Make a copy of the host if it is local to this invocation
1978 of the transport. */
1979
1980 if (copy_host)
1981 {
1982 thost = store_get(sizeof(host_item));
1983 *thost = *host;
1984 thost->name = string_copy(host->name);
1985 thost->address = string_copy(host->address);
1986 }
1987 else thost = host;
1988
1989 /* Set up confirmation if needed - applies only to SMTP */
1990
d68218c7
JH		 1991 if (
1992 #ifndef EXPERIMENTAL_TPDA
1993 (log_extra_selector & LX_smtp_confirmation) != 0 &&
1994 #endif
1995 !lmtp
1996 )
0756eb3c
PH		 1997 {
1998 uschar *s = string_printing(buffer);
1999 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2000 }
2001
fd98a5c6 2002 /* Process all transported addresses - for LMTP or PRDR, read a status for
0756eb3c
PH		 2003 each one. */
2004
2005 for (addr = addrlist; addr != first_addr; addr = addr->next)
2006 {
2007 if (addr->transport_return != PENDING_OK) continue;
2008
2009 /* LMTP - if the response fails badly (e.g. timeout), use it for all the
2010 remaining addresses. Otherwise, it's a return code for just the one
75def545
PH		 2011 address. For temporary errors, add a retry item for the address so that
2012 it doesn't get tried again too soon. */
0756eb3c 2013
8ccd00b1 2014#ifndef DISABLE_PRDR
fd98a5c6
JH		 2015 if (lmtp || prdr_active)
2016#else
0756eb3c 2017 if (lmtp)
fd98a5c6 2018#endif
0756eb3c
PH		 2019 {
2020 if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2021 ob->final_timeout))
2022 {
2023 if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
fd98a5c6 2024 addr->message = string_sprintf(
8ccd00b1 2025#ifndef DISABLE_PRDR
fd98a5c6
JH		 2026 "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
2027#else
2028 "LMTP error after %s: %s",
2029#endif
0756eb3c 2030 big_buffer, string_printing(buffer));
75def545
PH		 2031 setflag(addr, af_pass_message); /* Allow message to go to user */
2032 if (buffer[0] == '5')
2033 addr->transport_return = FAIL;
2034 else
2035 {
e97957bc
PH		 2036 errno = ERRNO_DATA4XX;
2037 addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
75def545 2038 addr->transport_return = DEFER;
8ccd00b1 2039#ifndef DISABLE_PRDR
fd98a5c6
JH		 2040 if (!prdr_active)
2041#endif
2042 retry_add_item(addr, addr->address_retry_key, 0);
75def545 2043 }
0756eb3c
PH		 2044 continue;
2045 }
2046 completed_address = TRUE; /* NOW we can set this flag */
c0ea85ab
TF		 2047 if ((log_extra_selector & LX_smtp_confirmation) != 0)
2048 {
2049 uschar *s = string_printing(buffer);
2050 conf = (s == buffer)? (uschar *)string_copy(s) : s;
2051 }
0756eb3c
PH		 2052 }
2053
2054 /* SMTP, or success return from LMTP for this address. Pass back the
2d280592 2055 actual host that was used. */
0756eb3c
PH		 2056
2057 addr->transport_return = OK;
2058 addr->more_errno = delivery_time;
0756eb3c
PH		 2059 addr->host_used = thost;
2060 addr->special_action = flag;
2061 addr->message = conf;
8ccd00b1 2062#ifndef DISABLE_PRDR
fd98a5c6
JH		 2063 if (prdr_active) addr->flags |= af_prdr_used;
2064#endif
0756eb3c
PH		 2065 flag = '-';
2066
8ccd00b1 2067#ifndef DISABLE_PRDR
fd98a5c6
JH		 2068 if (!prdr_active)
2069#endif
2070 {
2071 /* Update the journal. For homonymic addresses, use the base address plus
2072 the transport name. See lots of comments in deliver.c about the reasons
2073 for the complications when homonyms are involved. Just carry on after
2074 write error, as it may prove possible to update the spool file later. */
4d8d62b9 2075
fd98a5c6
JH		 2076 if (testflag(addr, af_homonym))
2077 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2078 else
2079 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2080
fd98a5c6
JH		 2081 DEBUG(D_deliver) debug_printf("journalling %s", buffer);
2082 len = Ustrlen(CS buffer);
2083 if (write(journal_fd, buffer, len) != len)
2084 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2085 "%s: %s", buffer, strerror(errno));
2086 }
0756eb3c
PH		 2087 }
2088
8ccd00b1 2089#ifndef DISABLE_PRDR
fd98a5c6
JH		 2090 if (prdr_active)
2091 {
2092 /* PRDR - get the final, overall response. For any non-success
2093 upgrade all the address statuses. */
2094 ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2095 ob->final_timeout);
2096 if (!ok)
2097 {
2098 if(errno == 0 && buffer[0] == '4')
2099 {
2100 errno = ERRNO_DATA4XX;
2101 addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
2102 }
2103 for (addr = addrlist; addr != first_addr; addr = addr->next)
2104 if (buffer[0] == '5' || addr->transport_return == OK)
2105 addr->transport_return = PENDING_OK; /* allow set_errno action */
2106 goto RESPONSE_FAILED;
2107 }
2108
2109 /* Update the journal, or setup retry. */
2110 for (addr = addrlist; addr != first_addr; addr = addr->next)
2111 if (addr->transport_return == OK)
2112 {
2113 if (testflag(addr, af_homonym))
2114 sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
2115 else
2116 sprintf(CS buffer, "%.500s\n", addr->unique);
4d8d62b9 2117
fd98a5c6
JH		 2118 DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
2119 len = Ustrlen(CS buffer);
2120 if (write(journal_fd, buffer, len) != len)
2121 log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
2122 "%s: %s", buffer, strerror(errno));
2123 }
2124 else if (addr->transport_return == DEFER)
2125 retry_add_item(addr, addr->address_retry_key, -2);
2126 }
2127#endif
2128
0756eb3c
PH		 2129 /* Ensure the journal file is pushed out to disk. */
2130
54fc8428 2131 if (EXIMfsync(journal_fd) < 0)
0756eb3c
PH		 2132 log_write(0, LOG_MAIN|LOG_PANIC, "failed to fsync journal: %s",
2133 strerror(errno));
2134 }
2135 }
2136
2137
2138/* Handle general (not specific to one address) failures here. The value of ok
2139is used to skip over this code on the falling through case. A timeout causes a
2140deferral. Other errors may defer or fail according to the response code, and
2141may set up a special errno value, e.g. after connection chopped, which is
2142assumed if errno == 0 and there is no text in the buffer. If control reaches
2143here during the setting up phase (i.e. before MAIL FROM) then always defer, as
2144the problem is not related to this specific message. */
2145
2146if (!ok)
2147 {
2148 int code;
2149
2150 RESPONSE_FAILED:
2151 save_errno = errno;
2152 message = NULL;
2153 send_quit = check_response(host, &save_errno, addrlist->more_errno,
447d236c 2154 buffer, &code, &message, &pass_message);
0756eb3c
PH		 2155 goto FAILED;
2156
2157 SEND_FAILED:
2158 save_errno = errno;
2159 code = '4';
2160 message = US string_sprintf("send() to %s [%s] failed: %s",
2161 host->name, host->address, strerror(save_errno));
2162 send_quit = FALSE;
2163 goto FAILED;
2164
2165 /* This label is jumped to directly when a TLS negotiation has failed,
2166 or was not done for a host for which it is required. Values will be set
2167 in message and save_errno, and setting_up will always be true. Treat as
2168 a temporary error. */
2169
2170 #ifdef SUPPORT_TLS
2171 TLS_FAILED:
2172 code = '4';
2173 #endif
2174
2175 /* If the failure happened while setting up the call, see if the failure was
2176 a 5xx response (this will either be on connection, or following HELO - a 5xx
2177 after EHLO causes it to try HELO). If so, fail all addresses, as this host is
2178 never going to accept them. For other errors during setting up (timeouts or
2179 whatever), defer all addresses, and yield DEFER, so that the host is not
2180 tried again for a while. */
2181
2182 FAILED:
2183 ok = FALSE; /* For when reached by GOTO */
2184
2185 if (setting_up)
2186 {
2187 if (code == '5')
2188 {
447d236c 2189 set_errno(addrlist, save_errno, message, FAIL, pass_message);
0756eb3c
PH		 2190 }
2191 else
2192 {
447d236c 2193 set_errno(addrlist, save_errno, message, DEFER, pass_message);
0756eb3c
PH		 2194 yield = DEFER;
2195 }
2196 }
2197
e97957bc 2198 /* We want to handle timeouts after MAIL or "." and loss of connection after
0756eb3c 2199 "." specially. They can indicate a problem with the sender address or with
e97957bc
PH		 2200 the contents of the message rather than a real error on the connection. These
2201 cases are treated in the same way as a 4xx response. This next bit of code
2202 does the classification. */
0756eb3c 2203
e97957bc 2204 else
0756eb3c 2205 {
e97957bc 2206 BOOL message_error;
0756eb3c 2207
e97957bc
PH		 2208 switch(save_errno)
2209 {
2210 case 0:
2211 case ERRNO_MAIL4XX:
2212 case ERRNO_DATA4XX:
2213 message_error = TRUE;
2214 break;
0756eb3c 2215
e97957bc
PH		 2216 case ETIMEDOUT:
2217 message_error = Ustrncmp(smtp_command,"MAIL",4) == 0 ||
2218 Ustrncmp(smtp_command,"end ",4) == 0;
2219 break;
2220
2221 case ERRNO_SMTPCLOSED:
2222 message_error = Ustrncmp(smtp_command,"end ",4) == 0;
2223 break;
2224
2225 default:
2226 message_error = FALSE;
2227 break;
2228 }
0756eb3c 2229
e97957bc 2230 /* Handle the cases that are treated as message errors. These are:
0756eb3c 2231
e97957bc
PH		 2232 (a) negative response or timeout after MAIL
2233 (b) negative response after DATA
2234 (c) negative response or timeout or dropped connection after "."
0756eb3c 2235
e97957bc
PH		 2236 It won't be a negative response or timeout after RCPT, as that is dealt
2237 with separately above. The action in all cases is to set an appropriate
2238 error code for all the addresses, but to leave yield set to OK because the
2239 host itself has not failed. Of course, it might in practice have failed
2240 when we've had a timeout, but if so, we'll discover that at the next
2241 delivery attempt. For a temporary error, set the message_defer flag, and
2242 write to the logs for information if this is not the last host. The error
2243 for the last host will be logged as part of the address's log line. */
2244
2245 if (message_error)
0756eb3c 2246 {
e97957bc
PH		 2247 if (mua_wrapper) code = '5'; /* Force hard failure in wrapper mode */
2248 set_errno(addrlist, save_errno, message, (code == '5')? FAIL : DEFER,
2249 pass_message);
2250
2251 /* If there's an errno, the message contains just the identity of
2252 the host. */
2253
2254 if (code != '5') /* Anything other than 5 is treated as temporary */
2255 {
2256 if (save_errno > 0)
2257 message = US string_sprintf("%s: %s", message, strerror(save_errno));
2258 if (host->next != NULL) log_write(0, LOG_MAIN, "%s", message);
2259 deliver_msglog("%s %s\n", tod_stamp(tod_log), message);
2260 *message_defer = TRUE;
2261 }
2262 }
2263
2264 /* Otherwise, we have an I/O error or a timeout other than after MAIL or
2265 ".", or some other transportation error. We defer all addresses and yield
2266 DEFER, except for the case of failed add_headers expansion, or a transport
2267 filter failure, when the yield should be ERROR, to stop it trying other
2268 hosts. */
2269
2270 else
2271 {
2272 yield = (save_errno == ERRNO_CHHEADER_FAIL ||
2273 save_errno == ERRNO_FILTER_FAIL)? ERROR : DEFER;
2274 set_errno(addrlist, save_errno, message, DEFER, pass_message);
0756eb3c
PH		 2275 }
2276 }
2277 }
2278
2279
2280/* If all has gone well, send_quit will be set TRUE, implying we can end the
2281SMTP session tidily. However, if there were too many addresses to send in one
2282message (indicated by first_addr being non-NULL) we want to carry on with the
2283rest of them. Also, it is desirable to send more than one message down the SMTP
2284connection if there are several waiting, provided we haven't already sent so
2285many as to hit the configured limit. The function transport_check_waiting looks
2286for a waiting message and returns its id. Then transport_pass_socket tries to
2287set up a continued delivery by passing the socket on to another process. The
2288variable send_rset is FALSE if a message has just been successfully transfered.
2289
2290If we are already sending down a continued channel, there may be further
2291addresses not yet delivered that are aimed at the same host, but which have not
2292been passed in this run of the transport. In this case, continue_more will be
2293true, and all we should do is send RSET if necessary, and return, leaving the
2294channel open.
2295
2296However, if no address was disposed of, i.e. all addresses got 4xx errors, we
2297do not want to continue with other messages down the same channel, because that
2298can lead to looping between two or more messages, all with the same,
2299temporarily failing address(es). [The retry information isn't updated yet, so
2300new processes keep on trying.] We probably also don't want to try more of this
2301message's addresses either.
2302
2303If we have started a TLS session, we have to end it before passing the
2304connection to a new process. However, not all servers can handle this (Exim
2305can), so we do not pass such a connection on if the host matches
2306hosts_nopass_tls. */
2307
2308DEBUG(D_transport)
2309 debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
2310 "yield=%d first_address is %sNULL\n", ok, send_quit, send_rset,
2311 continue_more, yield, (first_addr == NULL)? "":"not ");
2312
2313if (completed_address && ok && send_quit)
2314 {
2315 BOOL more;
2316 if (first_addr != NULL || continue_more ||
2317 (
817d9f57 2318 (tls_out.active < 0 ||
0756eb3c
PH		 2319 verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
2320 host->address, NULL) != OK)
2321 &&
2322 transport_check_waiting(tblock->name, host->name,
2323 tblock->connection_max_messages, new_message_id, &more)
2324 ))
2325 {
2326 uschar *msg;
447d236c 2327 BOOL pass_message;
0756eb3c
PH		 2328
2329 if (send_rset)
2330 {
2331 if (! (ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
2332 {
2333 msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
2334 host->address, strerror(save_errno));
2335 send_quit = FALSE;
2336 }
2337 else if (! (ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2338 ob->command_timeout)))
2339 {
2340 int code;
447d236c
PH		 2341 send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
2342 &pass_message);
0756eb3c
PH		 2343 if (!send_quit)
2344 {
2345 DEBUG(D_transport) debug_printf("%s\n", msg);
2346 }
2347 }
2348 }
2349
2350 /* Either RSET was not needed, or it succeeded */
2351
2352 if (ok)
2353 {
2354 if (first_addr != NULL) /* More addresses still to be sent */
2355 { /* in this run of the transport */
2356 continue_sequence++; /* Causes * in logging */
2357 goto SEND_MESSAGE;
2358 }
2359 if (continue_more) return yield; /* More addresses for another run */
2360
2361 /* Pass the socket to a new Exim process. Before doing so, we must shut
2362 down TLS. Not all MTAs allow for the continuation of the SMTP session
2363 when TLS is shut down. We test for this by sending a new EHLO. If we
2364 don't get a good response, we don't attempt to pass the socket on. */
2365
2366 #ifdef SUPPORT_TLS
817d9f57 2367 if (tls_out.active >= 0)
0756eb3c 2368 {
817d9f57 2369 tls_close(FALSE, TRUE);
061b7ebd
PP		 2370 if (smtps)
2371 ok = FALSE;
2372 else
2373 ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
2374 smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2375 ob->command_timeout);
0756eb3c
PH		 2376 }
2377 #endif
2378
2379 /* If the socket is successfully passed, we musn't send QUIT (or
2380 indeed anything!) from here. */
2381
2382 if (ok && transport_pass_socket(tblock->name, host->name, host->address,
2383 new_message_id, inblock.sock))
2384 {
2385 send_quit = FALSE;
2386 }
2387 }
2388
2389 /* If RSET failed and there are addresses left, they get deferred. */
2390
447d236c 2391 else set_errno(first_addr, errno, msg, DEFER, FALSE);
0756eb3c
PH		 2392 }
2393 }
2394
2395/* End off tidily with QUIT unless the connection has died or the socket has
2396been passed to another process. There has been discussion on the net about what
2397to do after sending QUIT. The wording of the RFC suggests that it is necessary
2398to wait for a response, but on the other hand, there isn't anything one can do
2399with an error response, other than log it. Exim used to do that. However,
2400further discussion suggested that it is positively advantageous not to wait for
2401the response, but to close the session immediately. This is supposed to move
2402the TCP/IP TIME_WAIT state from the server to the client, thereby removing some
2403load from the server. (Hosts that are both servers and clients may not see much
2404difference, of course.) Further discussion indicated that this was safe to do
2405on Unix systems which have decent implementations of TCP/IP that leave the
2406connection around for a while (TIME_WAIT) after the application has gone away.
2407This enables the response sent by the server to be properly ACKed rather than
2408timed out, as can happen on broken TCP/IP implementations on other OS.
2409
2410This change is being made on 31-Jul-98. After over a year of trouble-free
2411operation, the old commented-out code was removed on 17-Sep-99. */
2412
2413SEND_QUIT:
2414if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2415
2416END_OFF:
2417
2418#ifdef SUPPORT_TLS
817d9f57 2419tls_close(FALSE, TRUE);
0756eb3c
PH		 2420#endif
2421
2422/* Close the socket, and return the appropriate value, first setting
0756eb3c
PH		 2423works because the NULL setting is passed back to the calling process, and
2424remote_max_parallel is forced to 1 when delivering over an existing connection,
2425
2426If all went well and continue_more is set, we shouldn't actually get here if
2427there are further addresses, as the return above will be taken. However,
2428writing RSET might have failed, or there may be other addresses whose hosts are
2429specified in the transports, and therefore not visible at top level, in which
2430case continue_more won't get set. */
2431
f1e894f3 2432(void)close(inblock.sock);
0756eb3c
PH		 2433continue_transport = NULL;
2434continue_hostname = NULL;
2435return yield;
2436}
2437
2438
2439
2440
2441/*************************************************
2442* Closedown entry point *
2443*************************************************/
2444
2445/* This function is called when exim is passed an open smtp channel
2446from another incarnation, but the message which it has been asked
2447to deliver no longer exists. The channel is on stdin.
2448
2449We might do fancy things like looking for another message to send down
2450the channel, but if the one we sought has gone, it has probably been
2451delivered by some other process that itself will seek further messages,
2452so just close down our connection.
2453
2454Argument: pointer to the transport instance block
2455Returns: nothing
2456*/
2457
2458void
2459smtp_transport_closedown(transport_instance *tblock)
2460{
2461smtp_transport_options_block *ob =
2462 (smtp_transport_options_block *)(tblock->options_block);
2463smtp_inblock inblock;
2464smtp_outblock outblock;
2465uschar buffer[256];
2466uschar inbuffer[4096];
2467uschar outbuffer[16];
2468
2469inblock.sock = fileno(stdin);
2470inblock.buffer = inbuffer;
2471inblock.buffersize = sizeof(inbuffer);
2472inblock.ptr = inbuffer;
2473inblock.ptrend = inbuffer;
2474
2475outblock.sock = inblock.sock;
2476outblock.buffersize = sizeof(outbuffer);
2477outblock.buffer = outbuffer;
2478outblock.ptr = outbuffer;
2479outblock.cmd_count = 0;
2480outblock.authenticating = FALSE;
2481
2482(void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
2483(void)smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
2484 ob->command_timeout);
f1e894f3 2485(void)close(inblock.sock);
0756eb3c
PH		 2486}
2487
2488
2489
2490/*************************************************
2491* Prepare addresses for delivery *
2492*************************************************/
2493
2494/* This function is called to flush out error settings from previous delivery
2495attempts to other hosts. It also records whether we got here via an MX record
2496or not in the more_errno field of the address. We are interested only in
2497addresses that are still marked DEFER - others may have got delivered to a
2498previously considered IP address. Set their status to PENDING_DEFER to indicate
2499which ones are relevant this time.
2500
2501Arguments:
2502 addrlist the list of addresses
2503 host the host we are delivering to
2504
2505Returns: the first address for this delivery
2506*/
2507
2508static address_item *
2509prepare_addresses(address_item *addrlist, host_item *host)
2510{
2511address_item *first_addr = NULL;
2512address_item *addr;
2513for (addr = addrlist; addr != NULL; addr = addr->next)
2514 {
2515 if (addr->transport_return != DEFER) continue;
2516 if (first_addr == NULL) first_addr = addr;
2517 addr->transport_return = PENDING_DEFER;
2518 addr->basic_errno = 0;
2519 addr->more_errno = (host->mx >= 0)? 'M' : 'A';
2520 addr->message = NULL;
2521 #ifdef SUPPORT_TLS
2522 addr->cipher = NULL;
9d1c15ef
JH		 2523 addr->ourcert = NULL;
2524 addr->peercert = NULL;
0756eb3c 2525 addr->peerdn = NULL;
018058b2 2526 addr->ocsp = OCSP_NOT_REQ;
0756eb3c
PH		 2527 #endif
2528 }
2529return first_addr;
2530}
2531
2532
2533
2534/*************************************************
2535* Main entry point *
2536*************************************************/
2537
2538/* See local README for interface details. As this is a remote transport, it is
2539given a chain of addresses to be delivered in one connection, if possible. It
2540always returns TRUE, indicating that each address has its own independent
2541status set, except if there is a setting up problem, in which case it returns
2542FALSE. */
2543
2544BOOL
2545smtp_transport_entry(
2546 transport_instance *tblock, /* data for this instantiation */
2547 address_item *addrlist) /* addresses we are working on */
2548{
2549int cutoff_retry;
2550int port;
2551int hosts_defer = 0;
2552int hosts_fail = 0;
2553int hosts_looked_up = 0;
2554int hosts_retry = 0;
2555int hosts_serial = 0;
2556int hosts_total = 0;
8e669ac1 2557int total_hosts_tried = 0;
0756eb3c
PH		 2558address_item *addr;
2559BOOL expired = TRUE;
2560BOOL continuing = continue_hostname != NULL;
2561uschar *expanded_hosts = NULL;
2562uschar *pistring;
2563uschar *tid = string_sprintf("%s transport", tblock->name);
2564smtp_transport_options_block *ob =
2565 (smtp_transport_options_block *)(tblock->options_block);
2566host_item *hostlist = addrlist->host_list;
2567host_item *host = NULL;
2568
2569DEBUG(D_transport)
2570 {
2571 debug_printf("%s transport entered\n", tblock->name);
2572 for (addr = addrlist; addr != NULL; addr = addr->next)
2573 debug_printf(" %s\n", addr->address);
2574 if (continuing) debug_printf("already connected to %s [%s]\n",
2575 continue_hostname, continue_host_address);
2576 }
2577
f6c332bd
PH		 2578/* Set the flag requesting that these hosts be added to the waiting
2579database if the delivery fails temporarily or if we are running with
2580queue_smtp or a 2-stage queue run. This gets unset for certain
2581kinds of error, typically those that are specific to the message. */
2582
2583update_waiting = TRUE;
2584
0756eb3c
PH		 2585/* If a host list is not defined for the addresses - they must all have the
2586same one in order to be passed to a single transport - or if the transport has
2587a host list with hosts_override set, use the host list supplied with the
2588transport. It is an error for this not to exist. */
2589
2590if (hostlist == NULL || (ob->hosts_override && ob->hosts != NULL))
2591 {
2592 if (ob->hosts == NULL)
2593 {
2594 addrlist->message = string_sprintf("%s transport called with no hosts set",
2595 tblock->name);
2596 addrlist->transport_return = PANIC;
2597 return FALSE; /* Only top address has status */
2598 }
2599
2600 DEBUG(D_transport) debug_printf("using the transport's hosts: %s\n",
2601 ob->hosts);
2602
2603 /* If the transport's host list contains no '$' characters, and we are not
2604 randomizing, it is fixed and therefore a chain of hosts can be built once
2605 and for all, and remembered for subsequent use by other calls to this
2606 transport. If, on the other hand, the host list does contain '$', or we are
2607 randomizing its order, we have to rebuild it each time. In the fixed case,
2608 as the hosts string will never be used again, it doesn't matter that we
2609 replace all the : characters with zeros. */
2610
2611 if (ob->hostlist == NULL)
2612 {
2613 uschar *s = ob->hosts;
2614
2615 if (Ustrchr(s, '$') != NULL)
2616 {
2617 expanded_hosts = expand_string(s);
2618 if (expanded_hosts == NULL)
2619 {
2620 addrlist->message = string_sprintf("failed to expand list of hosts "
2621 "\"%s\" in %s transport: %s", s, tblock->name, expand_string_message);
2622 addrlist->transport_return = search_find_defer? DEFER : PANIC;
2623 return FALSE; /* Only top address has status */
2624 }
2625 DEBUG(D_transport) debug_printf("expanded list of hosts \"%s\" to "
2626 "\"%s\"\n", s, expanded_hosts);
2627 s = expanded_hosts;
2628 }
2629 else
2630 if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
2631
2632 host_build_hostlist(&hostlist, s, ob->hosts_randomize);
2633
e276e04b
TF		 2634 /* Check that the expansion yielded something useful. */
2635 if (hostlist == NULL)
2636 {
2637 addrlist->message =
2638 string_sprintf("%s transport has empty hosts setting", tblock->name);
2639 addrlist->transport_return = PANIC;
2640 return FALSE; /* Only top address has status */
2641 }
2642
0756eb3c
PH		 2643 /* If there was no expansion of hosts, save the host list for
2644 next time. */
2645
2646 if (expanded_hosts == NULL) ob->hostlist = hostlist;
2647 }
2648
2649 /* This is not the first time this transport has been run in this delivery;
2650 the host list was built previously. */
2651
2652 else hostlist = ob->hostlist;
2653 }
2654
2655/* The host list was supplied with the address. If hosts_randomize is set, we
2656must sort it into a random order if it did not come from MX records and has not
2657already been randomized (but don't bother if continuing down an existing
2658connection). */
2659
2660else if (ob->hosts_randomize && hostlist->mx == MX_NONE && !continuing)
2661 {
2662 host_item *newlist = NULL;
2663 while (hostlist != NULL)
2664 {
2665 host_item *h = hostlist;
2666 hostlist = hostlist->next;
2667
2668 h->sort_key = random_number(100);
2669
2670 if (newlist == NULL)
2671 {
2672 h->next = NULL;
2673 newlist = h;
2674 }
2675 else if (h->sort_key < newlist->sort_key)
2676 {
2677 h->next = newlist;
2678 newlist = h;
2679 }
2680 else
2681 {
2682 host_item *hh = newlist;
2683 while (hh->next != NULL)
2684 {
2685 if (h->sort_key < hh->next->sort_key) break;
2686 hh = hh->next;
2687 }
2688 h->next = hh->next;
2689 hh->next = h;
2690 }
2691 }
2692
2693 hostlist = addrlist->host_list = newlist;
2694 }
2695
2696
2d280592 2697/* Sort out the default port. */
0756eb3c
PH		 2698
2699if (!smtp_get_port(ob->port, addrlist, &port, tid)) return FALSE;
0756eb3c
PH		 2700
2701
2702/* For each host-plus-IP-address on the list:
2703
2704. If this is a continued delivery and the host isn't the one with the
2705 current connection, skip.
2706
2707. If the status is unusable (i.e. previously failed or retry checked), skip.
2708
2709. If no IP address set, get the address, either by turning the name into
2710 an address, calling gethostbyname if gethostbyname is on, or by calling
2711 the DNS. The DNS may yield multiple addresses, in which case insert the
2712 extra ones into the list.
2713
2714. Get the retry data if not previously obtained for this address and set the
2715 field which remembers the state of this address. Skip if the retry time is
2716 not reached. If not, remember whether retry data was found. The retry string
2717 contains both the name and the IP address.
2718
2719. Scan the list of addresses and mark those whose status is DEFER as
2720 PENDING_DEFER. These are the only ones that will be processed in this cycle
2721 of the hosts loop.
2722
2723. Make a delivery attempt - addresses marked PENDING_DEFER will be tried.
2724 Some addresses may be successfully delivered, others may fail, and yet
2725 others may get temporary errors and so get marked DEFER.
2726
2727. The return from the delivery attempt is OK if a connection was made and a
2728 valid SMTP dialogue was completed. Otherwise it is DEFER.
2729
2730. If OK, add a "remove" retry item for this host/IPaddress, if any.
2731
2732. If fail to connect, or other defer state, add a retry item.
2733
2734. If there are any addresses whose status is still DEFER, carry on to the
2735 next host/IPaddress, unless we have tried the number of hosts given
533244af 2736 by hosts_max_try or hosts_max_try_hardlimit; otherwise return. Note that
8e669ac1
PH		 2737 there is some fancy logic for hosts_max_try that means its limit can be
2738 overstepped in some circumstances.
0756eb3c
PH		 2739
2740If we get to the end of the list, all hosts have deferred at least one address,
2741or not reached their retry times. If delay_after_cutoff is unset, it requests a
2742delivery attempt to those hosts whose last try was before the arrival time of
2743the current message. To cope with this, we have to go round the loop a second
2744time. After that, set the status and error data for any addresses that haven't
2745had it set already. */
2746
2747for (cutoff_retry = 0; expired &&
2748 cutoff_retry < ((ob->delay_after_cutoff)? 1 : 2);
2749 cutoff_retry++)
2750 {
2751 host_item *nexthost = NULL;
2752 int unexpired_hosts_tried = 0;
2753
2754 for (host = hostlist;
8e669ac1 2755 host != NULL &&
533244af
PH		 2756 unexpired_hosts_tried < ob->hosts_max_try &&
2757 total_hosts_tried < ob->hosts_max_try_hardlimit;
0756eb3c
PH		 2758 host = nexthost)
2759 {
2760 int rc;
2761 int host_af;
2762 uschar *rs;
2763 BOOL serialized = FALSE;
2764 BOOL host_is_expired = FALSE;
2765 BOOL message_defer = FALSE;
2766 BOOL ifchanges = FALSE;
2767 BOOL some_deferred = FALSE;
2768 address_item *first_addr = NULL;
2769 uschar *interface = NULL;
2770 uschar *retry_host_key = NULL;
2771 uschar *retry_message_key = NULL;
2772 uschar *serialize_key = NULL;
2773
9c4e8f60
PH		 2774 /* Default next host is next host. :-) But this can vary if the
2775 hosts_max_try limit is hit (see below). It may also be reset if a host
2776 address is looked up here (in case the host was multihomed). */
2777
2778 nexthost = host->next;
2779
0756eb3c
PH		 2780 /* If the address hasn't yet been obtained from the host name, look it up
2781 now, unless the host is already marked as unusable. If it is marked as
2782 unusable, it means that the router was unable to find its IP address (in
2783 the DNS or wherever) OR we are in the 2nd time round the cutoff loop, and
2784 the lookup failed last time. We don't get this far if *all* MX records
2785 point to non-existent hosts; that is treated as a hard error.
2786
2787 We can just skip this host entirely. When the hosts came from the router,
2788 the address will timeout based on the other host(s); when the address is
2789 looked up below, there is an explicit retry record added.
2790
2791 Note that we mustn't skip unusable hosts if the address is not unset; they
2792 may be needed as expired hosts on the 2nd time round the cutoff loop. */
2793
2794 if (host->address == NULL)
2795 {
322050c2 2796 int new_port, flags;
7cd1141b 2797 host_item *hh;
0756eb3c
PH		 2798 uschar *canonical_name;
2799
2800 if (host->status >= hstatus_unusable)
2801 {
2802 DEBUG(D_transport) debug_printf("%s has no address and is unusable - skipping\n",
2803 host->name);
2804 continue;
2805 }
2806
2807 DEBUG(D_transport) debug_printf("getting address for %s\n", host->name);
2808
7cd1141b
PH		 2809 /* The host name is permitted to have an attached port. Find it, and
2810 strip it from the name. Just remember it for now. */
2811
2812 new_port = host_item_get_port(host);
2813
2814 /* Count hosts looked up */
2815
0756eb3c
PH		 2816 hosts_looked_up++;
2817
2818 /* Find by name if so configured, or if it's an IP address. We don't
2819 just copy the IP address, because we need the test-for-local to happen. */
2820
322050c2
PH		 2821 flags = HOST_FIND_BY_A;
2822 if (ob->dns_qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
2823 if (ob->dns_search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
2824
7e66e54d 2825 if (ob->gethostbyname || string_is_ip_address(host->name, NULL) != 0)
322050c2 2826 rc = host_find_byname(host, NULL, flags, &canonical_name, TRUE);
0756eb3c 2827 else
0756eb3c 2828 rc = host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
578897ea 2829 ob->dnssec_request_domains, ob->dnssec_require_domains,
0756eb3c 2830 &canonical_name, NULL);
0756eb3c 2831
7cd1141b
PH		 2832 /* Update the host (and any additional blocks, resulting from
2833 multihoming) with a host-specific port, if any. */
2834
2835 for (hh = host; hh != nexthost; hh = hh->next) hh->port = new_port;
2836
0756eb3c
PH		 2837 /* Failure to find the host at this time (usually DNS temporary failure)
2838 is really a kind of routing failure rather than a transport failure.
2839 Therefore we add a retry item of the routing kind, not to stop us trying
2840 to look this name up here again, but to ensure the address gets timed
2841 out if the failures go on long enough. A complete failure at this point
2842 commonly points to a configuration error, but the best action is still
2843 to carry on for the next host. */
2844
2845 if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
2846 {
2847 retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
2848 expired = FALSE;
2849 if (rc == HOST_FIND_AGAIN) hosts_defer++; else hosts_fail++;
2850 DEBUG(D_transport) debug_printf("rc = %s for %s\n", (rc == HOST_FIND_AGAIN)?
2851 "HOST_FIND_AGAIN" : "HOST_FIND_FAILED", host->name);
2852 host->status = hstatus_unusable;
2853
2854 for (addr = addrlist; addr != NULL; addr = addr->next)
2855 {
2856 if (addr->transport_return != DEFER) continue;
2857 addr->basic_errno = ERRNO_UNKNOWNHOST;
2858 addr->message =
2859 string_sprintf("failed to lookup IP address for %s", host->name);
2860 }
2861 continue;
2862 }
2863
2864 /* If the host is actually the local host, we may have a problem, or
2865 there may be some cunning configuration going on. In the problem case,
2866 log things and give up. The default transport status is already DEFER. */
2867
2868 if (rc == HOST_FOUND_LOCAL && !ob->allow_localhost)
2869 {
2870 for (addr = addrlist; addr != NULL; addr = addr->next)
2871 {
2872 addr->basic_errno = 0;
2873 addr->message = string_sprintf("%s transport found host %s to be "
2874 "local", tblock->name, host->name);
2875 }
2876 goto END_TRANSPORT;
2877 }
2878 } /* End of block for IP address lookup */
2879
2880 /* If this is a continued delivery, we are interested only in the host
2881 which matches the name of the existing open channel. The check is put
2882 here after the local host lookup, in case the name gets expanded as a
2883 result of the lookup. Set expired FALSE, to save the outer loop executing
2884 twice. */
2885
2886 if (continuing && (Ustrcmp(continue_hostname, host->name) != 0 ||
2887 Ustrcmp(continue_host_address, host->address) != 0))
2888 {
2889 expired = FALSE;
2890 continue; /* With next host */
2891 }
2892
9c4e8f60
PH		 2893 /* Reset the default next host in case a multihomed host whose addresses
2894 are not looked up till just above added to the host list. */
83364d30
PH		 2895
2896 nexthost = host->next;
2897
0756eb3c
PH		 2898 /* If queue_smtp is set (-odqs or the first part of a 2-stage run), or the
2899 domain is in queue_smtp_domains, we don't actually want to attempt any
2900 deliveries. When doing a queue run, queue_smtp_domains is always unset. If
2901 there is a lookup defer in queue_smtp_domains, proceed as if the domain
2902 were not in it. We don't want to hold up all SMTP deliveries! Except when
2903 doing a two-stage queue run, don't do this if forcing. */
2904
2905 if ((!deliver_force || queue_2stage) && (queue_smtp ||
cf39cf57
PH		 2906 match_isinlist(addrlist->domain, &queue_smtp_domains, 0,
2907 &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL) == OK))
0756eb3c
PH		 2908 {
2909 expired = FALSE;
2910 for (addr = addrlist; addr != NULL; addr = addr->next)
2911 {
2912 if (addr->transport_return != DEFER) continue;
2913 addr->message = US"domain matches queue_smtp_domains, or -odqs set";
2914 }
2915 continue; /* With next host */
2916 }
2917
2918 /* Count hosts being considered - purely for an intelligent comment
2919 if none are usable. */
2920
2921 hosts_total++;
2922
2923 /* Set $host and $host address now in case they are needed for the
2924 interface expansion or the serialize_hosts check; they remain set if an
2925 actual delivery happens. */
2926
2927 deliver_host = host->name;
2928 deliver_host_address = host->address;
783b385f
JH		 2929 lookup_dnssec_authenticated = host->dnssec == DS_YES ? US"yes"
2930 : host->dnssec == DS_NO ? US"no"
2931 : US"";
0756eb3c 2932
7cd1141b
PH		 2933 /* Set up a string for adding to the retry key if the port number is not
2934 the standard SMTP port. A host may have its own port setting that overrides
2935 the default. */
2936
2937 pistring = string_sprintf(":%d", (host->port == PORT_NONE)?
2938 port : host->port);
2939 if (Ustrcmp(pistring, ":25") == 0) pistring = US"";
2940
0756eb3c
PH		 2941 /* Select IPv4 or IPv6, and choose an outgoing interface. If the interface
2942 string changes upon expansion, we must add it to the key that is used for
2943 retries, because connections to the same host from a different interface
2944 should be treated separately. */
2945
2946 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET : AF_INET6;
2947 if (!smtp_get_interface(ob->interface, host_af, addrlist, &ifchanges,
2948 &interface, tid))
2949 return FALSE;
2950 if (ifchanges) pistring = string_sprintf("%s/%s", pistring, interface);
2951
2952 /* The first time round the outer loop, check the status of the host by
2953 inspecting the retry data. The second time round, we are interested only
2954 in expired hosts that haven't been tried since this message arrived. */
2955
2956 if (cutoff_retry == 0)
2957 {
2958 /* Ensure the status of the address is set by checking retry data if
2959 necessary. There maybe host-specific retry data (applicable to all
2960 messages) and also data for retries of a specific message at this host.
2961 If either of these retry records are actually read, the keys used are
2962 returned to save recomputing them later. */
2963
2964 host_is_expired = retry_check_address(addrlist->domain, host, pistring,
2965 ob->retry_include_ip_address, &retry_host_key, &retry_message_key);
2966
2967 DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
2968 (host->address == NULL)? US"" : host->address, pistring,
2969 (host->status == hstatus_usable)? "usable" :
2970 (host->status == hstatus_unusable)? "unusable" :
2971 (host->status == hstatus_unusable_expired)? "unusable (expired)" : "?");
2972
2973 /* Skip this address if not usable at this time, noting if it wasn't
2974 actually expired, both locally and in the address. */
2975
2976 switch (host->status)
2977 {
2978 case hstatus_unusable:
2979 expired = FALSE;
2980 setflag(addrlist, af_retry_skipped);
2981 /* Fall through */
2982
2983 case hstatus_unusable_expired:
2984 switch (host->why)
2985 {
2986 case hwhy_retry: hosts_retry++; break;
2987 case hwhy_failed: hosts_fail++; break;
2988 case hwhy_deferred: hosts_defer++; break;
2989 }
2990
2991 /* If there was a retry message key, implying that previously there
2992 was a message-specific defer, we don't want to update the list of
f6c332bd 2993 messages waiting for these hosts. */
0756eb3c 2994
f6c332bd 2995 if (retry_message_key != NULL) update_waiting = FALSE;
0756eb3c
PH		 2996 continue; /* With the next host or IP address */
2997 }
2998 }
2999
3000 /* Second time round the loop: if the address is set but expired, and
3001 the message is newer than the last try, let it through. */
3002
3003 else
3004 {
3005 if (host->address == NULL ||
3006 host->status != hstatus_unusable_expired ||
3007 host->last_try > received_time)
3008 continue;
3009 DEBUG(D_transport)
3010 debug_printf("trying expired host %s [%s]%s\n",
3011 host->name, host->address, pistring);
3012 host_is_expired = TRUE;
3013 }
3014
3015 /* Setting "expired=FALSE" doesn't actually mean not all hosts are expired;
3016 it remains TRUE only if all hosts are expired and none are actually tried.
3017 */
3018
3019 expired = FALSE;
3020
3021 /* If this host is listed as one to which access must be serialized,
3022 see if another Exim process has a connection to it, and if so, skip
3023 this host. If not, update the database to record our connection to it
3024 and remember this for later deletion. Do not do any of this if we are
3025 sending the message down a pre-existing connection. */
3026
3027 if (!continuing &&
3028 verify_check_this_host(&(ob->serialize_hosts), NULL, host->name,
3029 host->address, NULL) == OK)
3030 {
3031 serialize_key = string_sprintf("host-serialize-%s", host->name);
3032 if (!enq_start(serialize_key))
3033 {
3034 DEBUG(D_transport)
3035 debug_printf("skipping host %s because another Exim process "
3036 "is connected to it\n", host->name);
3037 hosts_serial++;
3038 continue;
3039 }
3040 serialized = TRUE;
3041 }
3042
3043 /* OK, we have an IP address that is not waiting for its retry time to
3044 arrive (it might be expired) OR (second time round the loop) we have an
3045 expired host that hasn't been tried since the message arrived. Have a go
3046 at delivering the message to it. First prepare the addresses by flushing
3047 out the result of previous attempts, and finding the first address that
3048 is still to be delivered. */
3049
3050 first_addr = prepare_addresses(addrlist, host);
3051
3052 DEBUG(D_transport) debug_printf("delivering %s to %s [%s] (%s%s)\n",
3053 message_id, host->name, host->address, addrlist->address,
3054 (addrlist->next == NULL)? "" : ", ...");
3055
3056 set_process_info("delivering %s to %s [%s] (%s%s)",
3057 message_id, host->name, host->address, addrlist->address,
3058 (addrlist->next == NULL)? "" : ", ...");
3059
3060 /* This is not for real; don't do the delivery. If there are
3061 any remaining hosts, list them. */
3062
3063 if (dont_deliver)
3064 {
3065 host_item *host2;
447d236c 3066 set_errno(addrlist, 0, NULL, OK, FALSE);
0756eb3c
PH		 3067 for (addr = addrlist; addr != NULL; addr = addr->next)
3068 {
3069 addr->host_used = host;
3070 addr->special_action = '*';
3071 addr->message = US"delivery bypassed by -N option";
3072 }
3073 DEBUG(D_transport)
3074 {
3075 debug_printf("*** delivery by %s transport bypassed by -N option\n"
3076 "*** host and remaining hosts:\n", tblock->name);
3077 for (host2 = host; host2 != NULL; host2 = host2->next)
3078 debug_printf(" %s [%s]\n", host2->name,
3079 (host2->address == NULL)? US"unset" : host2->address);
3080 }
3081 rc = OK;
3082 }
3083
3084 /* This is for real. If the host is expired, we don't count it for
3085 hosts_max_retry. This ensures that all hosts must expire before an address
8e669ac1 3086 is timed out, unless hosts_max_try_hardlimit (which protects against
533244af 3087 lunatic DNS configurations) is reached.
8e669ac1 3088
533244af
PH		 3089 If the host is not expired and we are about to hit the hosts_max_retry
3090 limit, check to see if there is a subsequent hosts with a different MX
3091 value. If so, make that the next host, and don't count this one. This is a
3092 heuristic to make sure that different MXs do get tried. With a normal kind
3093 of retry rule, they would get tried anyway when the earlier hosts were
3094 delayed, but if the domain has a "retry every time" type of rule - as is
3095 often used for the the very large ISPs, that won't happen. */
0756eb3c
PH		 3096
3097 else
3098 {
3099 if (!host_is_expired && ++unexpired_hosts_tried >= ob->hosts_max_try)
3100 {
3101 host_item *h;
3102 DEBUG(D_transport)
3103 debug_printf("hosts_max_try limit reached with this host\n");
3104 for (h = host; h != NULL; h = h->next)
3105 if (h->mx != host->mx) break;
3106 if (h != NULL)
3107 {
3108 nexthost = h;
3109 unexpired_hosts_tried--;
3110 DEBUG(D_transport) debug_printf("however, a higher MX host exists "
3111 "and will be tried\n");
3112 }
3113 }
3114
3115 /* Attempt the delivery. */
3116
533244af 3117 total_hosts_tried++;
0756eb3c
PH		 3118 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3119 expanded_hosts != NULL, &message_defer, FALSE);
3120
3121 /* Yield is one of:
3122 OK => connection made, each address contains its result;
3123 message_defer is set for message-specific defers (when all
3124 recipients are marked defer)
3125 DEFER => there was a non-message-specific delivery problem;
3126 ERROR => there was a problem setting up the arguments for a filter,
3127 or there was a problem with expanding added headers
3128 */
3129
3130 /* If the result is not OK, there was a non-message-specific problem.
3131 If the result is DEFER, we need to write to the logs saying what happened
3132 for this particular host, except in the case of authentication and TLS
3133 failures, where the log has already been written. If all hosts defer a
3134 general message is written at the end. */
3135
3136 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL &&
3137 first_addr->basic_errno != ERRNO_TLSFAILURE)
3138 write_logs(first_addr, host);
3139
d68218c7
JH		 3140 #ifdef EXPERIMENTAL_TPDA
3141 if (rc == DEFER)
3142 tpda_deferred(ob, first_addr, host);
3143 #endif
3144
0756eb3c
PH		 3145 /* If STARTTLS was accepted, but there was a failure in setting up the
3146 TLS session (usually a certificate screwup), and the host is not in
3147 hosts_require_tls, and tls_tempfail_tryclear is true, try again, with
3148 TLS forcibly turned off. We have to start from scratch with a new SMTP
3149 connection. That's why the retry is done from here, not from within
3150 smtp_deliver(). [Rejections of STARTTLS itself don't screw up the
3151 session, so the in-clear transmission after those errors, if permitted,
3152 happens inside smtp_deliver().] */
3153
3154 #ifdef SUPPORT_TLS
3155 if (rc == DEFER && first_addr->basic_errno == ERRNO_TLSFAILURE &&
3156 ob->tls_tempfail_tryclear &&
3157 verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
3158 host->address, NULL) != OK)
3159 {
3160 log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
3161 "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
3162 first_addr = prepare_addresses(addrlist, host);
3163 rc = smtp_deliver(addrlist, host, host_af, port, interface, tblock,
3164 expanded_hosts != NULL, &message_defer, TRUE);
3165 if (rc == DEFER && first_addr->basic_errno != ERRNO_AUTHFAIL)
3166 write_logs(first_addr, host);
d68218c7
JH		 3167 #ifdef EXPERIMENTAL_TPDA
3168 if (rc == DEFER)
3169 tpda_deferred(ob, first_addr, host);
3170 #endif
0756eb3c
PH		 3171 }
3172 #endif
3173 }
3174
3175 /* Delivery attempt finished */
3176
3177 rs = (rc == OK)? US"OK" : (rc == DEFER)? US"DEFER" : (rc == ERROR)?
3178 US"ERROR" : US"?";
3179
3180 set_process_info("delivering %s: just tried %s [%s] for %s%s: result %s",
3181 message_id, host->name, host->address, addrlist->address,
3182 (addrlist->next == NULL)? "" : " (& others)", rs);
3183
3184 /* Release serialization if set up */
3185
3186 if (serialized) enq_end(serialize_key);
3187
3188 /* If the result is DEFER, or if a host retry record is known to exist, we
3189 need to add an item to the retry chain for updating the retry database
3190 at the end of delivery. We only need to add the item to the top address,
3191 of course. Also, if DEFER, we mark the IP address unusable so as to skip it
3192 for any other delivery attempts using the same address. (It is copied into
3193 the unusable tree at the outer level, so even if different address blocks
3194 contain the same address, it still won't get tried again.) */
3195
3196 if (rc == DEFER || retry_host_key != NULL)
3197 {
3198 int delete_flag = (rc != DEFER)? rf_delete : 0;
3199 if (retry_host_key == NULL)
3200 {
3201 retry_host_key = ob->retry_include_ip_address?
3202 string_sprintf("T:%S:%s%s", host->name, host->address, pistring) :
3203 string_sprintf("T:%S%s", host->name, pistring);
3204 }
3205
3206 /* If a delivery of another message over an existing SMTP connection
3207 yields DEFER, we do NOT set up retry data for the host. This covers the
3208 case when there are delays in routing the addresses in the second message
3209 that are so long that the server times out. This is alleviated by not
3210 routing addresses that previously had routing defers when handling an
3211 existing connection, but even so, this case may occur (e.g. if a
3212 previously happily routed address starts giving routing defers). If the
3213 host is genuinely down, another non-continued message delivery will
3214 notice it soon enough. */
3215
3216 if (delete_flag != 0 || !continuing)
3217 retry_add_item(first_addr, retry_host_key, rf_host | delete_flag);
3218
3219 /* We may have tried an expired host, if its retry time has come; ensure
3220 the status reflects the expiry for the benefit of any other addresses. */
3221
3222 if (rc == DEFER)
3223 {
3224 host->status = (host_is_expired)?
3225 hstatus_unusable_expired : hstatus_unusable;
3226 host->why = hwhy_deferred;
3227 }
3228 }
3229
3230 /* If message_defer is set (host was OK, but every recipient got deferred
3231 because of some message-specific problem), or if that had happened
3232 previously so that a message retry key exists, add an appropriate item
3233 to the retry chain. Note that if there was a message defer but now there is
3234 a host defer, the message defer record gets deleted. That seems perfectly
3235 reasonable. Also, stop the message from being remembered as waiting
f6c332bd 3236 for specific hosts. */
0756eb3c
PH		 3237
3238 if (message_defer || retry_message_key != NULL)
3239 {
3240 int delete_flag = message_defer? 0 : rf_delete;
3241 if (retry_message_key == NULL)
3242 {
3243 retry_message_key = ob->retry_include_ip_address?
3244 string_sprintf("T:%S:%s%s:%s", host->name, host->address, pistring,
3245 message_id) :
3246 string_sprintf("T:%S%s:%s", host->name, pistring, message_id);
3247 }
3248 retry_add_item(addrlist, retry_message_key,
3249 rf_message | rf_host | delete_flag);
f6c332bd 3250 update_waiting = FALSE;
0756eb3c
PH		 3251 }
3252
3253 /* Any return other than DEFER (that is, OK or ERROR) means that the
3254 addresses have got their final statuses filled in for this host. In the OK
3255 case, see if any of them are deferred. */
3256
3257 if (rc == OK)
3258 {
3259 for (addr = addrlist; addr != NULL; addr = addr->next)
3260 {
3261 if (addr->transport_return == DEFER)
3262 {
3263 some_deferred = TRUE;
3264 break;
3265 }
3266 }
3267 }
3268
3269 /* If no addresses deferred or the result was ERROR, return. We do this for
3270 ERROR because a failing filter set-up or add_headers expansion is likely to
3271 fail for any host we try. */
3272
3273 if (rc == ERROR || (rc == OK && !some_deferred))
3274 {
3275 DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3276 return TRUE; /* Each address has its status */
3277 }
3278
3279 /* If the result was DEFER or some individual addresses deferred, let
3280 the loop run to try other hosts with the deferred addresses, except for the
3281 case when we were trying to deliver down an existing channel and failed.
3282 Don't try any other hosts in this case. */
3283
3284 if (continuing) break;
3285
3286 /* If the whole delivery, or some individual addresses, were deferred and
3287 there are more hosts that could be tried, do not count this host towards
3288 the hosts_max_try limit if the age of the message is greater than the
3289 maximum retry time for this host. This means we may try try all hosts,
3290 ignoring the limit, when messages have been around for some time. This is
3291 important because if we don't try all hosts, the address will never time
533244af 3292 out. NOTE: this does not apply to hosts_max_try_hardlimit. */
0756eb3c
PH		 3293
3294 if ((rc == DEFER || some_deferred) && nexthost != NULL)
3295 {
3296 BOOL timedout;
3297 retry_config *retry = retry_find_config(host->name, NULL, 0, 0);
3298
3299 if (retry != NULL && retry->rules != NULL)
3300 {
3301 retry_rule *last_rule;
3302 for (last_rule = retry->rules;
3303 last_rule->next != NULL;
3304 last_rule = last_rule->next);
3305 timedout = time(NULL) - received_time > last_rule->timeout;
3306 }
3307 else timedout = TRUE; /* No rule => timed out */
3308
3309 if (timedout)
3310 {
3311 unexpired_hosts_tried--;
3312 DEBUG(D_transport) debug_printf("temporary delivery error(s) override "
3313 "hosts_max_try (message older than host's retry time)\n");
3314 }
3315 }
3316 } /* End of loop for trying multiple hosts. */
3317
3318 /* This is the end of the loop that repeats iff expired is TRUE and
3319 ob->delay_after_cutoff is FALSE. The second time round we will
3320 try those hosts that haven't been tried since the message arrived. */
3321
3322 DEBUG(D_transport)
3323 {
3324 debug_printf("all IP addresses skipped or deferred at least one address\n");
3325 if (expired && !ob->delay_after_cutoff && cutoff_retry == 0)
3326 debug_printf("retrying IP addresses not tried since message arrived\n");
3327 }
3328 }
3329
3330
3331/* Get here if all IP addresses are skipped or defer at least one address. In
3332MUA wrapper mode, this will happen only for connection or other non-message-
3333specific failures. Force the delivery status for all addresses to FAIL. */
3334
3335if (mua_wrapper)
3336 {
3337 for (addr = addrlist; addr != NULL; addr = addr->next)
3338 addr->transport_return = FAIL;
3339 goto END_TRANSPORT;
3340 }
3341
3342/* In the normal, non-wrapper case, add a standard message to each deferred
3343address if there hasn't been an error, that is, if it hasn't actually been
3344tried this time. The variable "expired" will be FALSE if any deliveries were
3345actually tried, or if there was at least one host that was not expired. That
3346is, it is TRUE only if no deliveries were tried and all hosts were expired. If
3347a delivery has been tried, an error code will be set, and the failing of the
3348message is handled by the retry code later.
3349
3350If queue_smtp is set, or this transport was called to send a subsequent message
3351down an existing TCP/IP connection, and something caused the host not to be
3352found, we end up here, but can detect these cases and handle them specially. */
3353
3354for (addr = addrlist; addr != NULL; addr = addr->next)
3355 {
3356 /* If host is not NULL, it means that we stopped processing the host list
533244af
PH		 3357 because of hosts_max_try or hosts_max_try_hardlimit. In the former case, this
3358 means we need to behave as if some hosts were skipped because their retry
3359 time had not come. Specifically, this prevents the address from timing out.
8e669ac1 3360 However, if we have hit hosts_max_try_hardlimit, we want to behave as if all
533244af 3361 hosts were tried. */
0756eb3c
PH		 3362
3363 if (host != NULL)
3364 {
533244af
PH		 3365 if (total_hosts_tried >= ob->hosts_max_try_hardlimit)
3366 {
3367 DEBUG(D_transport)
3368 debug_printf("hosts_max_try_hardlimit reached: behave as if all "
3369 "hosts were tried\n");
3370 }
3371 else
8e669ac1 3372 {
533244af
PH		 3373 DEBUG(D_transport)
3374 debug_printf("hosts_max_try limit caused some hosts to be skipped\n");
3375 setflag(addr, af_retry_skipped);
8e669ac1 3376 }
0756eb3c
PH		 3377 }
3378
3379 if (queue_smtp) /* no deliveries attempted */
3380 {
3381 addr->transport_return = DEFER;
3382 addr->basic_errno = 0;
3383 addr->message = US"SMTP delivery explicitly queued";
3384 }
3385
3386 else if (addr->transport_return == DEFER &&
3387 (addr->basic_errno == ERRNO_UNKNOWNERROR || addr->basic_errno == 0) &&
3388 addr->message == NULL)
3389 {
3390 addr->basic_errno = ERRNO_HRETRY;
3391 if (continue_hostname != NULL)
3392 {
3393 addr->message = US"no host found for existing SMTP connection";
3394 }
3395 else if (expired)
3396 {
fffffe4c 3397 setflag(addr, af_pass_message); /* This is not a security risk */
0756eb3c
PH		 3398 addr->message = (ob->delay_after_cutoff)?
3399 US"retry time not reached for any host after a long failure period" :
3400 US"all hosts have been failing for a long time and were last tried "
3401 "after this message arrived";
3402
3403 /* If we are already using fallback hosts, or there are no fallback hosts
3404 defined, convert the result to FAIL to cause a bounce. */
3405
3406 if (addr->host_list == addr->fallback_hosts ||
3407 addr->fallback_hosts == NULL)
3408 addr->transport_return = FAIL;
3409 }
3410 else
3411 {
3412 if (hosts_retry == hosts_total)
3413 addr->message = US"retry time not reached for any host";
3414 else if (hosts_fail == hosts_total)
3415 addr->message = US"all host address lookups failed permanently";
3416 else if (hosts_defer == hosts_total)
3417 addr->message = US"all host address lookups failed temporarily";
3418 else if (hosts_serial == hosts_total)
3419 addr->message = US"connection limit reached for all hosts";
3420 else if (hosts_fail+hosts_defer == hosts_total)
3421 addr->message = US"all host address lookups failed";
3422 else addr->message = US"some host address lookups failed and retry time "
3423 "not reached for other hosts or connection limit reached";
3424 }
3425 }
3426 }
3427
3428/* Update the database which keeps information about which messages are waiting
f6c332bd
PH		 3429for which hosts to become available. For some message-specific errors, the
3430update_waiting flag is turned off because we don't want follow-on deliveries in
ea722490 3431those cases. If this transport instance is explicitly limited to one message
8b260705
PP		 3432per connection then follow-on deliveries are not possible and there's no need
3433to create/update the per-transport wait-<transport_name> database. */
0756eb3c 3434
ea722490
JH		 3435if (update_waiting && tblock->connection_max_messages != 1)
3436 transport_update_waiting(hostlist, tblock->name);
0756eb3c
PH		 3437
3438END_TRANSPORT:
3439
3440DEBUG(D_transport) debug_printf("Leaving %s transport\n", tblock->name);
3441
3442return TRUE; /* Each address has its status */
3443}
3444
578897ea
JH		 3445/* vi: aw ai sw=2
3446*/
0756eb3c 3447/* End of transport/smtp.c */
Unnamed repository; edit this file 'description' to name the repository.