projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Tidies to the test-suite infrastructure for compiling auxiliary
[exim.git] / src / src / verify.c
CommitLineData
431b7361 1/* $Cambridge: exim/src/src/verify.c,v 1.46 2007/01/17 11:17:58 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
184e8823 7/* Copyright (c) University of Cambridge 1995 - 2007 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with verifying things. The original code for callout
11caching was contributed by Kevin Fleming (but I hacked it around a bit). */
12
13
14#include "exim.h"
15
16
17/* Structure for caching DNSBL lookups */
18
19typedef struct dnsbl_cache_block {
20 dns_address *rhs;
21 uschar *text;
22 int rc;
23 BOOL text_set;
24} dnsbl_cache_block;
25
26
27/* Anchor for DNSBL cache */
28
29static tree_node *dnsbl_cache = NULL;
30
31
431b7361
PH		 32/* Bits for match_type in one_check_dnsbl() */
33
34#define MT_NOT 1
35#define MT_ALL 2
36
37
059ec3d9
PH		 38
39/*************************************************
40* Retrieve a callout cache record *
41*************************************************/
42
43/* If a record exists, check whether it has expired.
44
45Arguments:
46 dbm_file an open hints file
47 key the record key
48 type "address" or "domain"
49 positive_expire expire time for positive records
50 negative_expire expire time for negative records
51
52Returns: the cache record if a non-expired one exists, else NULL
53*/
54
55static dbdata_callout_cache *
56get_callout_cache_record(open_db *dbm_file, uschar *key, uschar *type,
57 int positive_expire, int negative_expire)
58{
59BOOL negative;
60int length, expire;
61time_t now;
62dbdata_callout_cache *cache_record;
63
64cache_record = dbfn_read_with_length(dbm_file, key, &length);
65
66if (cache_record == NULL)
67 {
68 HDEBUG(D_verify) debug_printf("callout cache: no %s record found\n", type);
69 return NULL;
70 }
71
72/* We treat a record as "negative" if its result field is not positive, or if
73it is a domain record and the postmaster field is negative. */
74
75negative = cache_record->result != ccache_accept ||
76 (type[0] == 'd' && cache_record->postmaster_result == ccache_reject);
77expire = negative? negative_expire : positive_expire;
78now = time(NULL);
79
80if (now - cache_record->time_stamp > expire)
81 {
82 HDEBUG(D_verify) debug_printf("callout cache: %s record expired\n", type);
83 return NULL;
84 }
85
86/* If this is a non-reject domain record, check for the obsolete format version
87that doesn't have the postmaster and random timestamps, by looking at the
88length. If so, copy it to a new-style block, replicating the record's
89timestamp. Then check the additional timestamps. (There's no point wasting
90effort if connections are rejected.) */
91
92if (type[0] == 'd' && cache_record->result != ccache_reject)
93 {
94 if (length == sizeof(dbdata_callout_cache_obs))
95 {
96 dbdata_callout_cache *new = store_get(sizeof(dbdata_callout_cache));
97 memcpy(new, cache_record, length);
98 new->postmaster_stamp = new->random_stamp = new->time_stamp;
99 cache_record = new;
100 }
101
102 if (now - cache_record->postmaster_stamp > expire)
103 cache_record->postmaster_result = ccache_unknown;
104
105 if (now - cache_record->random_stamp > expire)
106 cache_record->random_result = ccache_unknown;
107 }
108
109HDEBUG(D_verify) debug_printf("callout cache: found %s record\n", type);
110return cache_record;
111}
112
113
114
115/*************************************************
116* Do callout verification for an address *
117*************************************************/
118
119/* This function is called from verify_address() when the address has routed to
120a host list, and a callout has been requested. Callouts are expensive; that is
121why a cache is used to improve the efficiency.
122
123Arguments:
124 addr the address that's been routed
125 host_list the list of hosts to try
126 tf the transport feedback block
127
128 ifstring "interface" option from transport, or NULL
129 portstring "port" option from transport, or NULL
130 protocolstring "protocol" option from transport, or NULL
131 callout the per-command callout timeout
4deaf07d
PH		 132 callout_overall the overall callout timeout (if < 0 use 4*callout)
133 callout_connect the callout connection timeout (if < 0 use callout)
059ec3d9
PH		 134 options the verification options - these bits are used:
135 vopt_is_recipient => this is a recipient address
136 vopt_callout_no_cache => don't use callout cache
2a4be8f9 137 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 138 vopt_callout_random => do the "random" thing
139 vopt_callout_recipsender => use real sender for recipient
140 vopt_callout_recippmaster => use postmaster for recipient
141 se_mailfrom MAIL FROM address for sender verify; NULL => ""
142 pm_mailfrom if non-NULL, do the postmaster check with this sender
143
144Returns: OK/FAIL/DEFER
145*/
146
147static int
148do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
8e669ac1 149 int callout, int callout_overall, int callout_connect, int options,
4deaf07d 150 uschar *se_mailfrom, uschar *pm_mailfrom)
059ec3d9
PH		 151{
152BOOL is_recipient = (options & vopt_is_recipient) != 0;
153BOOL callout_no_cache = (options & vopt_callout_no_cache) != 0;
154BOOL callout_random = (options & vopt_callout_random) != 0;
155
156int yield = OK;
2b1c6e3a 157int old_domain_cache_result = ccache_accept;
059ec3d9
PH		 158BOOL done = FALSE;
159uschar *address_key;
160uschar *from_address;
161uschar *random_local_part = NULL;
750af86e 162uschar *save_deliver_domain = deliver_domain;
8e669ac1 163uschar **failure_ptr = is_recipient?
2c7db3f5 164 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 165open_db dbblock;
166open_db *dbm_file = NULL;
167dbdata_callout_cache new_domain_record;
168dbdata_callout_cache_address new_address_record;
169host_item *host;
170time_t callout_start_time;
171
172new_domain_record.result = ccache_unknown;
173new_domain_record.postmaster_result = ccache_unknown;
174new_domain_record.random_result = ccache_unknown;
175
176memset(&new_address_record, 0, sizeof(new_address_record));
177
178/* For a recipient callout, the key used for the address cache record must
179include the sender address if we are using the real sender in the callout,
180because that may influence the result of the callout. */
181
182address_key = addr->address;
183from_address = US"";
184
185if (is_recipient)
186 {
187 if ((options & vopt_callout_recipsender) != 0)
188 {
189 address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
190 from_address = sender_address;
191 }
192 else if ((options & vopt_callout_recippmaster) != 0)
193 {
194 address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
195 qualify_domain_sender);
196 from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
197 }
198 }
199
200/* For a sender callout, we must adjust the key if the mailfrom address is not
201empty. */
202
203else
204 {
205 from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
206 if (from_address[0] != 0)
207 address_key = string_sprintf("%s/<%s>", addr->address, from_address);
208 }
209
210/* Open the callout cache database, it it exists, for reading only at this
211stage, unless caching has been disabled. */
212
213if (callout_no_cache)
214 {
215 HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
216 }
217else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
218 {
219 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
220 }
221
222/* If a cache database is available see if we can avoid the need to do an
223actual callout by making use of previously-obtained data. */
224
225if (dbm_file != NULL)
226 {
227 dbdata_callout_cache_address *cache_address_record;
228 dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
229 addr->domain, US"domain",
230 callout_cache_domain_positive_expire,
231 callout_cache_domain_negative_expire);
232
233 /* If an unexpired cache record was found for this domain, see if the callout
234 process can be short-circuited. */
235
236 if (cache_record != NULL)
237 {
2b1c6e3a
PH		 238 /* In most cases, if an early command (up to and including MAIL FROM:<>)
239 was rejected, there is no point carrying on. The callout fails. However, if
240 we are doing a recipient verification with use_sender or use_postmaster
241 set, a previous failure of MAIL FROM:<> doesn't count, because this time we
242 will be using a non-empty sender. We have to remember this situation so as
243 not to disturb the cached domain value if this whole verification succeeds
244 (we don't want it turning into "accept"). */
245
246 old_domain_cache_result = cache_record->result;
247
248 if (cache_record->result == ccache_reject ||
249 (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
059ec3d9
PH		 250 {
251 setflag(addr, af_verify_nsfail);
252 HDEBUG(D_verify)
253 debug_printf("callout cache: domain gave initial rejection, or "
254 "does not accept HELO or MAIL FROM:<>\n");
255 setflag(addr, af_verify_nsfail);
256 addr->user_message = US"(result of an earlier callout reused).";
257 yield = FAIL;
8e669ac1 258 *failure_ptr = US"mail";
059ec3d9
PH		 259 goto END_CALLOUT;
260 }
261
262 /* If a previous check on a "random" local part was accepted, we assume
263 that the server does not do any checking on local parts. There is therefore
264 no point in doing the callout, because it will always be successful. If a
265 random check previously failed, arrange not to do it again, but preserve
266 the data in the new record. If a random check is required but hasn't been
267 done, skip the remaining cache processing. */
268
269 if (callout_random) switch(cache_record->random_result)
270 {
271 case ccache_accept:
272 HDEBUG(D_verify)
273 debug_printf("callout cache: domain accepts random addresses\n");
274 goto END_CALLOUT; /* Default yield is OK */
275
276 case ccache_reject:
277 HDEBUG(D_verify)
278 debug_printf("callout cache: domain rejects random addresses\n");
279 callout_random = FALSE;
280 new_domain_record.random_result = ccache_reject;
281 new_domain_record.random_stamp = cache_record->random_stamp;
282 break;
283
284 default:
285 HDEBUG(D_verify)
286 debug_printf("callout cache: need to check random address handling "
287 "(not cached or cache expired)\n");
288 goto END_CACHE;
289 }
290
291 /* If a postmaster check is requested, but there was a previous failure,
292 there is again no point in carrying on. If a postmaster check is required,
293 but has not been done before, we are going to have to do a callout, so skip
294 remaining cache processing. */
295
296 if (pm_mailfrom != NULL)
297 {
298 if (cache_record->postmaster_result == ccache_reject)
299 {
300 setflag(addr, af_verify_pmfail);
301 HDEBUG(D_verify)
302 debug_printf("callout cache: domain does not accept "
303 "RCPT TO:<postmaster@domain>\n");
304 yield = FAIL;
8e669ac1 305 *failure_ptr = US"postmaster";
059ec3d9
PH		 306 setflag(addr, af_verify_pmfail);
307 addr->user_message = US"(result of earlier verification reused).";
308 goto END_CALLOUT;
309 }
310 if (cache_record->postmaster_result == ccache_unknown)
311 {
312 HDEBUG(D_verify)
313 debug_printf("callout cache: need to check RCPT "
314 "TO:<postmaster@domain> (not cached or cache expired)\n");
315 goto END_CACHE;
316 }
317
318 /* If cache says OK, set pm_mailfrom NULL to prevent a redundant
319 postmaster check if the address itself has to be checked. Also ensure
320 that the value in the cache record is preserved (with its old timestamp).
321 */
322
323 HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
324 "TO:<postmaster@domain>\n");
325 pm_mailfrom = NULL;
326 new_domain_record.postmaster_result = ccache_accept;
327 new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
328 }
329 }
330
331 /* We can't give a result based on information about the domain. See if there
332 is an unexpired cache record for this specific address (combined with the
333 sender address if we are doing a recipient callout with a non-empty sender).
334 */
335
336 cache_address_record = (dbdata_callout_cache_address *)
337 get_callout_cache_record(dbm_file,
338 address_key, US"address",
339 callout_cache_positive_expire,
340 callout_cache_negative_expire);
341
342 if (cache_address_record != NULL)
343 {
344 if (cache_address_record->result == ccache_accept)
345 {
346 HDEBUG(D_verify)
347 debug_printf("callout cache: address record is positive\n");
348 }
349 else
350 {
351 HDEBUG(D_verify)
352 debug_printf("callout cache: address record is negative\n");
353 addr->user_message = US"Previous (cached) callout verification failure";
8e669ac1 354 *failure_ptr = US"recipient";
059ec3d9
PH		 355 yield = FAIL;
356 }
357 goto END_CALLOUT;
358 }
359
360 /* Close the cache database while we actually do the callout for real. */
361
362 END_CACHE:
363 dbfn_close(dbm_file);
364 dbm_file = NULL;
365 }
366
367/* The information wasn't available in the cache, so we have to do a real
368callout and save the result in the cache for next time, unless no_cache is set,
369or unless we have a previously cached negative random result. If we are to test
370with a random local part, ensure that such a local part is available. If not,
371log the fact, but carry on without randomming. */
372
373if (callout_random && callout_random_local_part != NULL)
374 {
375 random_local_part = expand_string(callout_random_local_part);
376 if (random_local_part == NULL)
377 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
378 "callout_random_local_part: %s", expand_string_message);
379 }
380
4deaf07d
PH		 381/* Default the connect and overall callout timeouts if not set, and record the
382time we are starting so that we can enforce it. */
059ec3d9
PH		 383
384if (callout_overall < 0) callout_overall = 4 * callout;
4deaf07d 385if (callout_connect < 0) callout_connect = callout;
059ec3d9
PH		 386callout_start_time = time(NULL);
387
388/* Now make connections to the hosts and do real callouts. The list of hosts
389is passed in as an argument. */
390
391for (host = host_list; host != NULL && !done; host = host->next)
392 {
393 smtp_inblock inblock;
394 smtp_outblock outblock;
395 int host_af;
396 int port = 25;
8e669ac1 397 BOOL send_quit = TRUE;
26da7e20 398 uschar *active_hostname = smtp_active_hostname;
059ec3d9
PH		 399 uschar *helo = US"HELO";
400 uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
401 uschar inbuffer[4096];
402 uschar outbuffer[1024];
403 uschar responsebuffer[4096];
404
405 clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
406 clearflag(addr, af_verify_nsfail); /* null sender callout flag */
407
408 /* Skip this host if we don't have an IP address for it. */
409
410 if (host->address == NULL)
411 {
412 DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
413 host->name);
414 continue;
415 }
416
417 /* Check the overall callout timeout */
418
419 if (time(NULL) - callout_start_time >= callout_overall)
420 {
421 HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
422 break;
423 }
424
425 /* Set IPv4 or IPv6 */
426
427 host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
428
de3a88fb
PH		 429 /* Expand and interpret the interface and port strings. The latter will not
430 be used if there is a host-specific port (e.g. from a manualroute router).
431 This has to be delayed till now, because they may expand differently for
432 different hosts. If there's a failure, log it, but carry on with the
433 defaults. */
059ec3d9
PH		 434
435 deliver_host = host->name;
436 deliver_host_address = host->address;
750af86e 437 deliver_domain = addr->domain;
de3a88fb 438
059ec3d9
PH		 439 if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
440 US"callout") ||
441 !smtp_get_port(tf->port, addr, &port, US"callout"))
442 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
443 addr->message);
de3a88fb 444
26da7e20
PH		 445 /* Expand the helo_data string to find the host name to use. */
446
447 if (tf->helo_data != NULL)
448 {
449 uschar *s = expand_string(tf->helo_data);
e4fa6968 450 if (s == NULL)
26da7e20 451 log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
e4fa6968
PH		 452 "helo_data value for callout: %s", addr->address,
453 expand_string_message);
26da7e20
PH		 454 else active_hostname = s;
455 }
456
059ec3d9 457 deliver_host = deliver_host_address = NULL;
750af86e 458 deliver_domain = save_deliver_domain;
059ec3d9
PH		 459
460 /* Set HELO string according to the protocol */
461
462 if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
463
464 HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
465
466 /* Set up the buffer for reading SMTP response packets. */
467
468 inblock.buffer = inbuffer;
469 inblock.buffersize = sizeof(inbuffer);
470 inblock.ptr = inbuffer;
471 inblock.ptrend = inbuffer;
472
473 /* Set up the buffer for holding SMTP commands while pipelining */
474
475 outblock.buffer = outbuffer;
476 outblock.buffersize = sizeof(outbuffer);
477 outblock.ptr = outbuffer;
478 outblock.cmd_count = 0;
479 outblock.authenticating = FALSE;
480
481 /* Connect to the host; on failure, just loop for the next one, but we
4deaf07d 482 set the error for the last one. Use the callout_connect timeout. */
059ec3d9
PH		 483
484 inblock.sock = outblock.sock =
4deaf07d 485 smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
059ec3d9
PH		 486 if (inblock.sock < 0)
487 {
488 addr->message = string_sprintf("could not connect to %s [%s]: %s",
489 host->name, host->address, strerror(errno));
490 continue;
491 }
492
2b1c6e3a
PH		 493 /* Wait for initial response, and send HELO. The smtp_write_command()
494 function leaves its command in big_buffer. This is used in error responses.
495 Initialize it in case the connection is rejected. */
059ec3d9
PH		 496
497 Ustrcpy(big_buffer, "initial connection");
498
499 done =
500 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
501 '2', callout) &&
059ec3d9 502 smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
26da7e20 503 active_hostname) >= 0 &&
059ec3d9 504 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
2b1c6e3a 505 '2', callout);
059ec3d9 506
2b1c6e3a
PH		 507 /* Failure to accept HELO is cached; this blocks the whole domain for all
508 senders. I/O errors and defer responses are not cached. */
509
510 if (!done)
511 {
512 *failure_ptr = US"mail"; /* At or before MAIL */
513 if (errno == 0 && responsebuffer[0] == '5')
514 {
515 setflag(addr, af_verify_nsfail);
516 new_domain_record.result = ccache_reject;
517 }
518 }
519
520 /* Send the MAIL command */
521
522 else done =
059ec3d9
PH		 523 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
524 from_address) >= 0 &&
525 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
526 '2', callout);
527
2b1c6e3a
PH		 528 /* If the host does not accept MAIL FROM:<>, arrange to cache this
529 information, but again, don't record anything for an I/O error or a defer. Do
530 not cache rejections of MAIL when a non-empty sender has been used, because
531 that blocks the whole domain for all senders. */
059ec3d9
PH		 532
533 if (!done)
534 {
2b1c6e3a 535 *failure_ptr = US"mail"; /* At or before MAIL */
059ec3d9
PH		 536 if (errno == 0 && responsebuffer[0] == '5')
537 {
538 setflag(addr, af_verify_nsfail);
2b1c6e3a
PH		 539 if (from_address[0] == 0)
540 new_domain_record.result = ccache_reject_mfnull;
059ec3d9
PH		 541 }
542 }
543
544 /* Otherwise, proceed to check a "random" address (if required), then the
545 given address, and the postmaster address (if required). Between each check,
546 issue RSET, because some servers accept only one recipient after MAIL
2b1c6e3a
PH		 547 FROM:<>.
548
549 Before doing this, set the result in the domain cache record to "accept",
550 unless its previous value was ccache_reject_mfnull. In that case, the domain
551 rejects MAIL FROM:<> and we want to continue to remember that. When that is
552 the case, we have got here only in the case of a recipient verification with
553 a non-null sender. */
059ec3d9
PH		 554
555 else
556 {
2b1c6e3a
PH		 557 new_domain_record.result =
558 (old_domain_cache_result == ccache_reject_mfnull)?
559 ccache_reject_mfnull: ccache_accept;
059ec3d9
PH		 560
561 /* Do the random local part check first */
562
563 if (random_local_part != NULL)
564 {
565 uschar randombuffer[1024];
566 BOOL random_ok =
567 smtp_write_command(&outblock, FALSE,
568 "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
569 addr->domain) >= 0 &&
570 smtp_read_response(&inblock, randombuffer,
571 sizeof(randombuffer), '2', callout);
572
573 /* Remember when we last did a random test */
574
575 new_domain_record.random_stamp = time(NULL);
576
577 /* If accepted, we aren't going to do any further tests below. */
578
579 if (random_ok)
580 {
581 new_domain_record.random_result = ccache_accept;
582 }
583
584 /* Otherwise, cache a real negative response, and get back to the right
585 state to send RCPT. Unless there's some problem such as a dropped
586 connection, we expect to succeed, because the commands succeeded above. */
587
588 else if (errno == 0)
589 {
590 if (randombuffer[0] == '5')
591 new_domain_record.random_result = ccache_reject;
592
593 done =
594 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
595 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
596 '2', callout) &&
597
90e9ce59
PH		 598 smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
599 from_address) >= 0 &&
059ec3d9
PH		 600 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
601 '2', callout);
602 }
603 else done = FALSE; /* Some timeout/connection problem */
604 } /* Random check */
605
606 /* If the host is accepting all local parts, as determined by the "random"
607 check, we don't need to waste time doing any further checking. */
608
609 if (new_domain_record.random_result != ccache_accept && done)
610 {
5417f6d1
PH		 611 /* Get the rcpt_include_affixes flag from the transport if there is one,
612 but assume FALSE if there is not. */
613
059ec3d9
PH		 614 done =
615 smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
c688b954 616 transport_rcpt_address(addr,
5417f6d1
PH		 617 (addr->transport == NULL)? FALSE :
618 addr->transport->rcpt_include_affixes)) >= 0 &&
059ec3d9
PH		 619 smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
620 '2', callout);
621
622 if (done)
623 new_address_record.result = ccache_accept;
624 else if (errno == 0 && responsebuffer[0] == '5')
2c7db3f5 625 {
8e669ac1 626 *failure_ptr = US"recipient";
059ec3d9 627 new_address_record.result = ccache_reject;
8e669ac1 628 }
059ec3d9 629
2a4be8f9
PH		 630 /* Do postmaster check if requested; if a full check is required, we
631 check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
059ec3d9
PH		 632
633 if (done && pm_mailfrom != NULL)
634 {
635 done =
636 smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
637 smtp_read_response(&inblock, responsebuffer,
638 sizeof(responsebuffer), '2', callout) &&
639
640 smtp_write_command(&outblock, FALSE,
641 "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
642 smtp_read_response(&inblock, responsebuffer,
643 sizeof(responsebuffer), '2', callout) &&
644
2a4be8f9
PH		 645 /* First try using the current domain */
646
647 ((
059ec3d9
PH		 648 smtp_write_command(&outblock, FALSE,
649 "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
650 smtp_read_response(&inblock, responsebuffer,
2a4be8f9
PH		 651 sizeof(responsebuffer), '2', callout)
652 )
653
654 ||
655
656 /* If that doesn't work, and a full check is requested,
657 try without the domain. */
658
659 (
660 (options & vopt_callout_fullpm) != 0 &&
661 smtp_write_command(&outblock, FALSE,
662 "RCPT TO:<postmaster>\r\n") >= 0 &&
663 smtp_read_response(&inblock, responsebuffer,
664 sizeof(responsebuffer), '2', callout)
665 ));
666
667 /* Sort out the cache record */
059ec3d9
PH		 668
669 new_domain_record.postmaster_stamp = time(NULL);
670
671 if (done)
672 new_domain_record.postmaster_result = ccache_accept;
673 else if (errno == 0 && responsebuffer[0] == '5')
674 {
8e669ac1 675 *failure_ptr = US"postmaster";
059ec3d9
PH		 676 setflag(addr, af_verify_pmfail);
677 new_domain_record.postmaster_result = ccache_reject;
678 }
679 }
680 } /* Random not accepted */
90e9ce59 681 } /* MAIL FROM: accepted */
059ec3d9
PH		 682
683 /* For any failure of the main check, other than a negative response, we just
684 close the connection and carry on. We can identify a negative response by the
685 fact that errno is zero. For I/O errors it will be non-zero
686
687 Set up different error texts for logging and for sending back to the caller
688 as an SMTP response. Log in all cases, using a one-line format. For sender
689 callouts, give a full response to the caller, but for recipient callouts,
690 don't give the IP address because this may be an internal host whose identity
691 is not to be widely broadcast. */
692
693 if (!done)
694 {
695 if (errno == ETIMEDOUT)
696 {
697 HDEBUG(D_verify) debug_printf("SMTP timeout\n");
8e669ac1 698 send_quit = FALSE;
059ec3d9
PH		 699 }
700 else if (errno == 0)
701 {
702 if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
703
704 addr->message =
705 string_sprintf("response to \"%s\" from %s [%s] was: %s",
706 big_buffer, host->name, host->address,
707 string_printing(responsebuffer));
708
709 addr->user_message = is_recipient?
710 string_sprintf("Callout verification failed:\n%s", responsebuffer)
711 :
712 string_sprintf("Called: %s\nSent: %s\nResponse: %s",
713 host->address, big_buffer, responsebuffer);
714
715 /* Hard rejection ends the process */
716
717 if (responsebuffer[0] == '5') /* Address rejected */
718 {
719 yield = FAIL;
720 done = TRUE;
721 }
722 }
723 }
724
725 /* End the SMTP conversation and close the connection. */
726
c9bdd01c 727 if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
f1e894f3 728 (void)close(inblock.sock);
059ec3d9
PH		 729 } /* Loop through all hosts, while !done */
730
731/* If we get here with done == TRUE, a successful callout happened, and yield
732will be set OK or FAIL according to the response to the RCPT command.
733Otherwise, we looped through the hosts but couldn't complete the business.
734However, there may be domain-specific information to cache in both cases.
735
736The value of the result field in the new_domain record is ccache_unknown if
90e9ce59 737there was an error before or with MAIL FROM:, and errno was not zero,
059ec3d9 738implying some kind of I/O error. We don't want to write the cache in that case.
2b1c6e3a 739Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
059ec3d9
PH		 740
741if (!callout_no_cache && new_domain_record.result != ccache_unknown)
742 {
743 if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
744 == NULL)
745 {
746 HDEBUG(D_verify) debug_printf("callout cache: not available\n");
747 }
748 else
749 {
750 (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
751 (int)sizeof(dbdata_callout_cache));
752 HDEBUG(D_verify) debug_printf("wrote callout cache domain record:\n"
753 " result=%d postmaster=%d random=%d\n",
754 new_domain_record.result,
755 new_domain_record.postmaster_result,
756 new_domain_record.random_result);
757 }
758 }
759
760/* If a definite result was obtained for the callout, cache it unless caching
761is disabled. */
762
763if (done)
764 {
765 if (!callout_no_cache && new_address_record.result != ccache_unknown)
766 {
767 if (dbm_file == NULL)
768 dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
769 if (dbm_file == NULL)
770 {
771 HDEBUG(D_verify) debug_printf("no callout cache available\n");
772 }
773 else
774 {
775 (void)dbfn_write(dbm_file, address_key, &new_address_record,
776 (int)sizeof(dbdata_callout_cache_address));
777 HDEBUG(D_verify) debug_printf("wrote %s callout cache address record\n",
778 (new_address_record.result == ccache_accept)? "positive" : "negative");
779 }
780 }
781 } /* done */
782
783/* Failure to connect to any host, or any response other than 2xx or 5xx is a
784temporary error. If there was only one host, and a response was received, leave
785it alone if supplying details. Otherwise, give a generic response. */
786
787else /* !done */
788 {
789 uschar *dullmsg = string_sprintf("Could not complete %s verify callout",
790 is_recipient? "recipient" : "sender");
791 yield = DEFER;
792
793 if (host_list->next != NULL || addr->message == NULL) addr->message = dullmsg;
794
795 addr->user_message = (!smtp_return_error_details)? dullmsg :
796 string_sprintf("%s for <%s>.\n"
797 "The mail server(s) for the domain may be temporarily unreachable, or\n"
798 "they may be permanently unreachable from this server. In the latter case,\n%s",
799 dullmsg, addr->address,
800 is_recipient?
801 "the address will never be accepted."
802 :
803 "you need to change the address or create an MX record for its domain\n"
804 "if it is supposed to be generally accessible from the Internet.\n"
805 "Talk to your mail administrator for details.");
806
807 /* Force a specific error code */
808
809 addr->basic_errno = ERRNO_CALLOUTDEFER;
810 }
811
812/* Come here from within the cache-reading code on fast-track exit. */
813
814END_CALLOUT:
815if (dbm_file != NULL) dbfn_close(dbm_file);
816return yield;
817}
818
819
820
821/*************************************************
822* Copy error to toplevel address *
823*************************************************/
824
825/* This function is used when a verify fails or defers, to ensure that the
826failure or defer information is in the original toplevel address. This applies
827when an address is redirected to a single new address, and the failure or
828deferral happens to the child address.
829
830Arguments:
831 vaddr the verify address item
832 addr the final address item
833 yield FAIL or DEFER
834
835Returns: the value of YIELD
836*/
837
838static int
839copy_error(address_item *vaddr, address_item *addr, int yield)
840{
841if (addr != vaddr)
842 {
843 vaddr->message = addr->message;
844 vaddr->user_message = addr->user_message;
845 vaddr->basic_errno = addr->basic_errno;
846 vaddr->more_errno = addr->more_errno;
b37c4101 847 vaddr->p.address_data = addr->p.address_data;
059ec3d9
PH		 848 }
849return yield;
850}
851
852
853
854
855/*************************************************
856* Verify an email address *
857*************************************************/
858
859/* This function is used both for verification (-bv and at other times) and
860address testing (-bt), which is indicated by address_test_mode being set.
861
862Arguments:
863 vaddr contains the address to verify; the next field in this block
864 must be NULL
865 f if not NULL, write the result to this file
866 options various option bits:
867 vopt_fake_sender => this sender verify is not for the real
868 sender (it was verify=sender=xxxx or an address from a
869 header line) - rewriting must not change sender_address
870 vopt_is_recipient => this is a recipient address, otherwise
871 it's a sender address - this affects qualification and
872 rewriting and messages from callouts
873 vopt_qualify => qualify an unqualified address; else error
874 vopt_expn => called from SMTP EXPN command
eafd343b
TK		 875 vopt_success_on_redirect => when a new address is generated
876 the verification instantly succeeds
059ec3d9
PH		 877
878 These ones are used by do_callout() -- the options variable
879 is passed to it.
880
2a4be8f9 881 vopt_callout_fullpm => if postmaster check, do full one
059ec3d9
PH		 882 vopt_callout_no_cache => don't use callout cache
883 vopt_callout_random => do the "random" thing
884 vopt_callout_recipsender => use real sender for recipient
885 vopt_callout_recippmaster => use postmaster for recipient
886
887 callout if > 0, specifies that callout is required, and gives timeout
4deaf07d 888 for individual commands
059ec3d9
PH		 889 callout_overall if > 0, gives overall timeout for the callout function;
890 if < 0, a default is used (see do_callout())
8e669ac1 891 callout_connect the connection timeout for callouts
059ec3d9
PH		 892 se_mailfrom when callout is requested to verify a sender, use this
893 in MAIL FROM; NULL => ""
894 pm_mailfrom when callout is requested, if non-NULL, do the postmaster
895 thing and use this as the sender address (may be "")
896
897 routed if not NULL, set TRUE if routing succeeded, so we can
898 distinguish between routing failed and callout failed
899
900Returns: OK address verified
901 FAIL address failed to verify
902 DEFER can't tell at present
903*/
904
905int
906verify_address(address_item *vaddr, FILE *f, int options, int callout,
8e669ac1 907 int callout_overall, int callout_connect, uschar *se_mailfrom,
4deaf07d 908 uschar *pm_mailfrom, BOOL *routed)
059ec3d9
PH		 909{
910BOOL allok = TRUE;
911BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
912BOOL is_recipient = (options & vopt_is_recipient) != 0;
913BOOL expn = (options & vopt_expn) != 0;
eafd343b 914BOOL success_on_redirect = (options & vopt_success_on_redirect) != 0;
059ec3d9
PH		 915int i;
916int yield = OK;
917int verify_type = expn? v_expn :
918 address_test_mode? v_none :
919 is_recipient? v_recipient : v_sender;
920address_item *addr_list;
921address_item *addr_new = NULL;
922address_item *addr_remote = NULL;
923address_item *addr_local = NULL;
924address_item *addr_succeed = NULL;
8e669ac1 925uschar **failure_ptr = is_recipient?
2c7db3f5 926 &recipient_verify_failure : &sender_verify_failure;
059ec3d9
PH		 927uschar *ko_prefix, *cr;
928uschar *address = vaddr->address;
929uschar *save_sender;
930uschar null_sender[] = { 0 }; /* Ensure writeable memory */
931
2c7db3f5
PH		 932/* Clear, just in case */
933
934*failure_ptr = NULL;
935
059ec3d9
PH		 936/* Set up a prefix and suffix for error message which allow us to use the same
937output statements both in EXPN mode (where an SMTP response is needed) and when
938debugging with an output file. */
939
940if (expn)
941 {
942 ko_prefix = US"553 ";
943 cr = US"\r";
944 }
945else ko_prefix = cr = US"";
946
947/* Add qualify domain if permitted; otherwise an unqualified address fails. */
948
949if (parse_find_at(address) == NULL)
950 {
951 if ((options & vopt_qualify) == 0)
952 {
953 if (f != NULL)
954 fprintf(f, "%sA domain is required for \"%s\"%s\n", ko_prefix, address,
955 cr);
8e669ac1 956 *failure_ptr = US"qualify";
059ec3d9
PH		 957 return FAIL;
958 }
959 address = rewrite_address_qualify(address, is_recipient);
960 }
961
962DEBUG(D_verify)
963 {
964 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
965 debug_printf("%s %s\n", address_test_mode? "Testing" : "Verifying", address);
966 }
967
968/* Rewrite and report on it. Clear the domain and local part caches - these
969may have been set by domains and local part tests during an ACL. */
970
971if (global_rewrite_rules != NULL)
972 {
973 uschar *old = address;
974 address = rewrite_address(address, is_recipient, FALSE,
975 global_rewrite_rules, rewrite_existflags);
976 if (address != old)
977 {
978 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->localpart_cache[i] = 0;
979 for (i = 0; i < (MAX_NAMED_LIST * 2)/32; i++) vaddr->domain_cache[i] = 0;
980 if (f != NULL && !expn) fprintf(f, "Address rewritten as: %s\n", address);
981 }
982 }
983
984/* If this is the real sender address, we must update sender_address at
985this point, because it may be referred to in the routers. */
986
987if ((options & (vopt_fake_sender|vopt_is_recipient)) == 0)
988 sender_address = address;
989
990/* If the address was rewritten to <> no verification can be done, and we have
991to return OK. This rewriting is permitted only for sender addresses; for other
992addresses, such rewriting fails. */
993
994if (address[0] == 0) return OK;
995
996/* Save a copy of the sender address for re-instating if we change it to <>
997while verifying a sender address (a nice bit of self-reference there). */
998
999save_sender = sender_address;
1000
1001/* Update the address structure with the possibly qualified and rewritten
1002address. Set it up as the starting address on the chain of new addresses. */
1003
1004vaddr->address = address;
1005addr_new = vaddr;
1006
1007/* We need a loop, because an address can generate new addresses. We must also
1008cope with generated pipes and files at the top level. (See also the code and
1009comment in deliver.c.) However, it is usually the case that the router for
1010user's .forward files has its verify flag turned off.
1011
1012If an address generates more than one child, the loop is used only when
1013full_info is set, and this can only be set locally. Remote enquiries just get
1014information about the top level address, not anything that it generated. */
1015
1016while (addr_new != NULL)
1017 {
1018 int rc;
1019 address_item *addr = addr_new;
1020
1021 addr_new = addr->next;
1022 addr->next = NULL;
1023
1024 DEBUG(D_verify)
1025 {
1026 debug_printf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
1027 debug_printf("Considering %s\n", addr->address);
1028 }
1029
1030 /* Handle generated pipe, file or reply addresses. We don't get these
1031 when handling EXPN, as it does only one level of expansion. */
1032
1033 if (testflag(addr, af_pfr))
1034 {
1035 allok = FALSE;
1036 if (f != NULL)
1037 {
1038 BOOL allow;
1039
1040 if (addr->address[0] == '>')
1041 {
1042 allow = testflag(addr, af_allow_reply);
1043 fprintf(f, "%s -> mail %s", addr->parent->address, addr->address + 1);
1044 }
1045 else
1046 {
1047 allow = (addr->address[0] == '|')?
1048 testflag(addr, af_allow_pipe) : testflag(addr, af_allow_file);
1049 fprintf(f, "%s -> %s", addr->parent->address, addr->address);
1050 }
1051
1052 if (addr->basic_errno == ERRNO_BADTRANSPORT)
1053 fprintf(f, "\n*** Error in setting up pipe, file, or autoreply:\n"
1054 "%s\n", addr->message);
1055 else if (allow)
1056 fprintf(f, "\n transport = %s\n", addr->transport->name);
1057 else
1058 fprintf(f, " *** forbidden ***\n");
1059 }
1060 continue;
1061 }
1062
1063 /* Just in case some router parameter refers to it. */
1064
1065 return_path = (addr->p.errors_address != NULL)?
1066 addr->p.errors_address : sender_address;
1067
1068 /* Split the address into domain and local part, handling the %-hack if
1069 necessary, and then route it. While routing a sender address, set
1070 $sender_address to <> because that is what it will be if we were trying to
1071 send a bounce to the sender. */
1072
1073 if (routed != NULL) *routed = FALSE;
1074 if ((rc = deliver_split_address(addr)) == OK)
1075 {
1076 if (!is_recipient) sender_address = null_sender;
1077 rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
1078 &addr_succeed, verify_type);
1079 sender_address = save_sender; /* Put back the real sender */
1080 }
1081
1082 /* If routing an address succeeded, set the flag that remembers, for use when
1083 an ACL cached a sender verify (in case a callout fails). Then if routing set
1084 up a list of hosts or the transport has a host list, and the callout option
1085 is set, and we aren't in a host checking run, do the callout verification,
1086 and set another flag that notes that a callout happened. */
1087
1088 if (rc == OK)
1089 {
1090 if (routed != NULL) *routed = TRUE;
1091 if (callout > 0)
1092 {
1093 host_item *host_list = addr->host_list;
1094
26da7e20
PH		 1095 /* Make up some data for use in the case where there is no remote
1096 transport. */
1097
1098 transport_feedback tf = {
1099 NULL, /* interface (=> any) */
1100 US"smtp", /* port */
1101 US"smtp", /* protocol */
1102 NULL, /* hosts */
1103 US"$smtp_active_hostname", /* helo_data */
1104 FALSE, /* hosts_override */
1105 FALSE, /* hosts_randomize */
1106 FALSE, /* gethostbyname */
1107 TRUE, /* qualify_single */
1108 FALSE /* search_parents */
1109 };
059ec3d9
PH		 1110
1111 /* If verification yielded a remote transport, we want to use that
1112 transport's options, so as to mimic what would happen if we were really
1113 sending a message to this address. */
1114
1115 if (addr->transport != NULL && !addr->transport->info->local)
1116 {
929ba01c 1117 (void)(addr->transport->setup)(addr->transport, addr, &tf, 0, 0, NULL);
059ec3d9
PH		 1118
1119 /* If the transport has hosts and the router does not, or if the
1120 transport is configured to override the router's hosts, we must build a
1121 host list of the transport's hosts, and find the IP addresses */
1122
1123 if (tf.hosts != NULL && (host_list == NULL || tf.hosts_override))
1124 {
1125 uschar *s;
750af86e
PH		 1126 uschar *save_deliver_domain = deliver_domain;
1127 uschar *save_deliver_localpart = deliver_localpart;
059ec3d9
PH		 1128
1129 host_list = NULL; /* Ignore the router's hosts */
1130
1131 deliver_domain = addr->domain;
1132 deliver_localpart = addr->local_part;
1133 s = expand_string(tf.hosts);
750af86e
PH		 1134 deliver_domain = save_deliver_domain;
1135 deliver_localpart = save_deliver_localpart;
059ec3d9
PH		 1136
1137 if (s == NULL)
1138 {
1139 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand list of hosts "
1140 "\"%s\" in %s transport for callout: %s", tf.hosts,
1141 addr->transport->name, expand_string_message);
1142 }
1143 else
1144 {
322050c2 1145 int flags;
059ec3d9 1146 uschar *canonical_name;
d8ef3577 1147 host_item *host, *nexthost;
059ec3d9
PH		 1148 host_build_hostlist(&host_list, s, tf.hosts_randomize);
1149
1150 /* Just ignore failures to find a host address. If we don't manage
8e669ac1
PH		 1151 to find any addresses, the callout will defer. Note that more than
1152 one address may be found for a single host, which will result in
1153 additional host items being inserted into the chain. Hence we must
d8ef3577 1154 save the next host first. */
059ec3d9 1155
322050c2
PH		 1156 flags = HOST_FIND_BY_A;
1157 if (tf.qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
1158 if (tf.search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
1159
d8ef3577 1160 for (host = host_list; host != NULL; host = nexthost)
059ec3d9 1161 {
d8ef3577 1162 nexthost = host->next;
8e669ac1 1163 if (tf.gethostbyname ||
7e66e54d 1164 string_is_ip_address(host->name, NULL) != 0)
322050c2 1165 (void)host_find_byname(host, NULL, flags, &canonical_name, TRUE);
059ec3d9 1166 else
059ec3d9
PH		 1167 (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
1168 &canonical_name, NULL);
059ec3d9
PH		 1169 }
1170 }
1171 }
1172 }
1173
8e669ac1 1174 /* Can only do a callout if we have at least one host! If the callout
2c7db3f5 1175 fails, it will have set ${sender,recipient}_verify_failure. */
059ec3d9
PH		 1176
1177 if (host_list != NULL)
1178 {
1179 HDEBUG(D_verify) debug_printf("Attempting full verification using callout\n");
1180 if (host_checking && !host_checking_callout)
1181 {
1182 HDEBUG(D_verify)
1183 debug_printf("... callout omitted by default when host testing\n"
1184 "(Use -bhc if you want the callouts to happen.)\n");
1185 }
1186 else
1187 {
1188 rc = do_callout(addr, host_list, &tf, callout, callout_overall,
4deaf07d 1189 callout_connect, options, se_mailfrom, pm_mailfrom);
059ec3d9
PH		 1190 }
1191 }
1192 else
1193 {
1194 HDEBUG(D_verify) debug_printf("Cannot do callout: neither router nor "
1195 "transport provided a host list\n");
1196 }
1197 }
1198 }
8e669ac1 1199
2c7db3f5 1200 /* Otherwise, any failure is a routing failure */
8e669ac1
PH		 1201
1202 else *failure_ptr = US"route";
059ec3d9
PH		 1203
1204 /* A router may return REROUTED if it has set up a child address as a result
1205 of a change of domain name (typically from widening). In this case we always
1206 want to continue to verify the new child. */
1207
1208 if (rc == REROUTED) continue;
8e669ac1 1209
059ec3d9
PH		 1210 /* Handle hard failures */
1211
1212 if (rc == FAIL)
1213 {
1214 allok = FALSE;
1215 if (f != NULL)
1216 {
e6f6568e
PH		 1217 address_item *p = addr->parent;
1218
322050c2 1219 fprintf(f, "%s%s %s", ko_prefix, full_info? addr->address : address,
059ec3d9
PH		 1220 address_test_mode? "is undeliverable" : "failed to verify");
1221 if (!expn && admin_user)
1222 {
1223 if (addr->basic_errno > 0)
1224 fprintf(f, ": %s", strerror(addr->basic_errno));
1225 if (addr->message != NULL)
e6f6568e
PH		 1226 fprintf(f, ": %s", addr->message);
1227 }
1228
1229 /* Show parents iff doing full info */
1230
1231 if (full_info) while (p != NULL)
1232 {
1233 fprintf(f, "%s\n <-- %s", cr, p->address);
1234 p = p->parent;
059ec3d9
PH		 1235 }
1236 fprintf(f, "%s\n", cr);
1237 }
1238
1239 if (!full_info) return copy_error(vaddr, addr, FAIL);
1240 else yield = FAIL;
1241 }
1242
1243 /* Soft failure */
1244
1245 else if (rc == DEFER)
1246 {
1247 allok = FALSE;
1248 if (f != NULL)
1249 {
e6f6568e
PH		 1250 address_item *p = addr->parent;
1251 fprintf(f, "%s%s cannot be resolved at this time", ko_prefix,
322050c2 1252 full_info? addr->address : address);
059ec3d9
PH		 1253 if (!expn && admin_user)
1254 {
1255 if (addr->basic_errno > 0)
e6f6568e 1256 fprintf(f, ": %s", strerror(addr->basic_errno));
059ec3d9 1257 if (addr->message != NULL)
e6f6568e 1258 fprintf(f, ": %s", addr->message);
059ec3d9 1259 else if (addr->basic_errno <= 0)
e6f6568e 1260 fprintf(f, ": unknown error");
059ec3d9
PH		 1261 }
1262
e6f6568e
PH		 1263 /* Show parents iff doing full info */
1264
1265 if (full_info) while (p != NULL)
1266 {
1267 fprintf(f, "%s\n <-- %s", cr, p->address);
1268 p = p->parent;
1269 }
059ec3d9
PH		 1270 fprintf(f, "%s\n", cr);
1271 }
e6f6568e 1272
059ec3d9
PH		 1273 if (!full_info) return copy_error(vaddr, addr, DEFER);
1274 else if (yield == OK) yield = DEFER;
1275 }
1276
1277 /* If we are handling EXPN, we do not want to continue to route beyond
e6f6568e 1278 the top level (whose address is in "address"). */
059ec3d9
PH		 1279
1280 else if (expn)
1281 {
1282 uschar *ok_prefix = US"250-";
1283 if (addr_new == NULL)
1284 {
1285 if (addr_local == NULL && addr_remote == NULL)
1286 fprintf(f, "250 mail to <%s> is discarded\r\n", address);
1287 else
1288 fprintf(f, "250 <%s>\r\n", address);
1289 }
1290 else while (addr_new != NULL)
1291 {
1292 address_item *addr2 = addr_new;
1293 addr_new = addr2->next;
1294 if (addr_new == NULL) ok_prefix = US"250 ";
1295 fprintf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
1296 }
1297 return OK;
1298 }
1299
1300 /* Successful routing other than EXPN. */
1301
1302 else
1303 {
1304 /* Handle successful routing when short info wanted. Otherwise continue for
1305 other (generated) addresses. Short info is the operational case. Full info
1306 can be requested only when debug_selector != 0 and a file is supplied.
1307
1308 There is a conflict between the use of aliasing as an alternate email
1309 address, and as a sort of mailing list. If an alias turns the incoming
1310 address into just one address (e.g. J.Caesar->jc44) you may well want to
1311 carry on verifying the generated address to ensure it is valid when
1312 checking incoming mail. If aliasing generates multiple addresses, you
1313 probably don't want to do this. Exim therefore treats the generation of
1314 just a single new address as a special case, and continues on to verify the
1315 generated address. */
1316
1317 if (!full_info && /* Stop if short info wanted AND */
eafd343b
TK		 1318 (((addr_new == NULL || /* No new address OR */
1319 addr_new->next != NULL || /* More than one new address OR */
1320 testflag(addr_new, af_pfr))) /* New address is pfr */
1321 || /* OR */
1322 (addr_new != NULL && /* At least one new address AND */
1323 success_on_redirect))) /* success_on_redirect is set */
059ec3d9 1324 {
322050c2 1325 if (f != NULL) fprintf(f, "%s %s\n", address,
059ec3d9
PH		 1326 address_test_mode? "is deliverable" : "verified");
1327
1328 /* If we have carried on to verify a child address, we want the value
1329 of $address_data to be that of the child */
1330
1331 vaddr->p.address_data = addr->p.address_data;
1332 return OK;
1333 }
1334 }
1335 } /* Loop for generated addresses */
1336
1337/* Display the full results of the successful routing, including any generated
1338addresses. Control gets here only when full_info is set, which requires f not
1339to be NULL, and this occurs only when a top-level verify is called with the
1340debugging switch on.
1341
1342If there are no local and no remote addresses, and there were no pipes, files,
1343or autoreplies, and there were no errors or deferments, the message is to be
1344discarded, usually because of the use of :blackhole: in an alias file. */
1345
1346if (allok && addr_local == NULL && addr_remote == NULL)
dbcef0ea 1347 {
059ec3d9 1348 fprintf(f, "mail to %s is discarded\n", address);
dbcef0ea
PH		 1349 return yield;
1350 }
059ec3d9 1351
dbcef0ea 1352for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
059ec3d9
PH		 1353 {
1354 while (addr_list != NULL)
1355 {
1356 address_item *addr = addr_list;
1357 address_item *p = addr->parent;
1358 addr_list = addr->next;
1359
1360 fprintf(f, "%s", CS addr->address);
384152a6
TK		 1361#ifdef EXPERIMENTAL_SRS
1362 if(addr->p.srs_sender)
1363 fprintf(f, " [srs = %s]", addr->p.srs_sender);
1364#endif
dbcef0ea
PH		 1365
1366 /* If the address is a duplicate, show something about it. */
1367
1368 if (!testflag(addr, af_pfr))
1369 {
1370 tree_node *tnode;
1371 if ((tnode = tree_search(tree_duplicates, addr->unique)) != NULL)
1372 fprintf(f, " [duplicate, would not be delivered]");
1373 else tree_add_duplicate(addr->unique, addr);
1374 }
1375
1376 /* Now show its parents */
1377
059ec3d9
PH		 1378 while (p != NULL)
1379 {
1380 fprintf(f, "\n <-- %s", p->address);
1381 p = p->parent;
1382 }
1383 fprintf(f, "\n ");
1384
1385 /* Show router, and transport */
1386
1387 fprintf(f, "router = %s, ", addr->router->name);
1388 fprintf(f, "transport = %s\n", (addr->transport == NULL)? US"unset" :
1389 addr->transport->name);
1390
1391 /* Show any hosts that are set up by a router unless the transport
1392 is going to override them; fiddle a bit to get a nice format. */
1393
1394 if (addr->host_list != NULL && addr->transport != NULL &&
1395 !addr->transport->overrides_hosts)
1396 {
1397 host_item *h;
1398 int maxlen = 0;
1399 int maxaddlen = 0;
1400 for (h = addr->host_list; h != NULL; h = h->next)
1401 {
1402 int len = Ustrlen(h->name);
1403 if (len > maxlen) maxlen = len;
1404 len = (h->address != NULL)? Ustrlen(h->address) : 7;
1405 if (len > maxaddlen) maxaddlen = len;
1406 }
1407 for (h = addr->host_list; h != NULL; h = h->next)
1408 {
1409 int len = Ustrlen(h->name);
1410 fprintf(f, " host %s ", h->name);
1411 while (len++ < maxlen) fprintf(f, " ");
1412 if (h->address != NULL)
1413 {
1414 fprintf(f, "[%s] ", h->address);
1415 len = Ustrlen(h->address);
1416 }
1417 else if (!addr->transport->info->local) /* Omit [unknown] for local */
1418 {
1419 fprintf(f, "[unknown] ");
1420 len = 7;
1421 }
1422 else len = -3;
1423 while (len++ < maxaddlen) fprintf(f," ");
1424 if (h->mx >= 0) fprintf(f, "MX=%d", h->mx);
1425 if (h->port != PORT_NONE) fprintf(f, " port=%d", h->port);
1426 if (h->status == hstatus_unusable) fprintf(f, " ** unusable **");
1427 fprintf(f, "\n");
1428 }
1429 }
1430 }
1431 }
1432
8e669ac1 1433/* Will be DEFER or FAIL if any one address has, only for full_info (which is
2c7db3f5
PH		 1434the -bv or -bt case). */
1435
8e669ac1 1436return yield;
059ec3d9
PH		 1437}
1438
1439
1440
1441
1442/*************************************************
1443* Check headers for syntax errors *
1444*************************************************/
1445
1446/* This function checks those header lines that contain addresses, and verifies
1447that all the addresses therein are syntactially correct.
1448
1449Arguments:
1450 msgptr where to put an error message
1451
1452Returns: OK
1453 FAIL
1454*/
1455
1456int
1457verify_check_headers(uschar **msgptr)
1458{
1459header_line *h;
1460uschar *colon, *s;
1eccaa59 1461int yield = OK;
059ec3d9 1462
1eccaa59 1463for (h = header_list; h != NULL && yield == OK; h = h->next)
059ec3d9
PH		 1464 {
1465 if (h->type != htype_from &&
1466 h->type != htype_reply_to &&
1467 h->type != htype_sender &&
1468 h->type != htype_to &&
1469 h->type != htype_cc &&
1470 h->type != htype_bcc)
1471 continue;
1472
1473 colon = Ustrchr(h->text, ':');
1474 s = colon + 1;
1475 while (isspace(*s)) s++;
1476
1eccaa59
PH		 1477 /* Loop for multiple addresses in the header, enabling group syntax. Note
1478 that we have to reset this after the header has been scanned. */
059ec3d9 1479
1eccaa59 1480 parse_allow_group = TRUE;
059ec3d9
PH		 1481
1482 while (*s != 0)
1483 {
1484 uschar *ss = parse_find_address_end(s, FALSE);
1485 uschar *recipient, *errmess;
1486 int terminator = *ss;
1487 int start, end, domain;
1488
1489 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1490 operative address within, allowing group syntax. */
059ec3d9
PH		 1491
1492 *ss = 0;
1493 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1494 *ss = terminator;
1495
1496 /* Permit an unqualified address only if the message is local, or if the
1497 sending host is configured to be permitted to send them. */
1498
1499 if (recipient != NULL && domain == 0)
1500 {
1501 if (h->type == htype_from || h->type == htype_sender)
1502 {
1503 if (!allow_unqualified_sender) recipient = NULL;
1504 }
1505 else
1506 {
1507 if (!allow_unqualified_recipient) recipient = NULL;
1508 }
1509 if (recipient == NULL) errmess = US"unqualified address not permitted";
1510 }
1511
1512 /* It's an error if no address could be extracted, except for the special
1513 case of an empty address. */
1514
1515 if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
1516 {
1517 uschar *verb = US"is";
1518 uschar *t = ss;
1ab95fa6 1519 uschar *tt = colon;
059ec3d9
PH		 1520 int len;
1521
1522 /* Arrange not to include any white space at the end in the
1ab95fa6 1523 error message or the header name. */
059ec3d9
PH		 1524
1525 while (t > s && isspace(t[-1])) t--;
1ab95fa6 1526 while (tt > h->text && isspace(tt[-1])) tt--;
059ec3d9 1527
1ab95fa6 1528 /* Add the address that failed to the error message, since in a
059ec3d9
PH		 1529 header with very many addresses it is sometimes hard to spot
1530 which one is at fault. However, limit the amount of address to
1531 quote - cases have been seen where, for example, a missing double
1532 quote in a humungous To: header creates an "address" that is longer
1533 than string_sprintf can handle. */
1534
1535 len = t - s;
1536 if (len > 1024)
1537 {
1538 len = 1024;
1539 verb = US"begins";
1540 }
1541
1542 *msgptr = string_printing(
1ab95fa6
PH		 1543 string_sprintf("%s: failing address in \"%.*s:\" header %s: %.*s",
1544 errmess, tt - h->text, h->text, verb, len, s));
059ec3d9 1545
1eccaa59
PH		 1546 yield = FAIL;
1547 break; /* Out of address loop */
059ec3d9
PH		 1548 }
1549
1550 /* Advance to the next address */
1551
1552 s = ss + (terminator? 1:0);
1553 while (isspace(*s)) s++;
1554 } /* Next address */
059ec3d9 1555
1eccaa59
PH		 1556 parse_allow_group = FALSE;
1557 parse_found_group = FALSE;
1558 } /* Next header unless yield has been set FALSE */
1559
1560return yield;
059ec3d9
PH		 1561}
1562
1563
1564
1c41c9cc
PH		 1565/*************************************************
1566* Check for blind recipients *
1567*************************************************/
1568
1569/* This function checks that every (envelope) recipient is mentioned in either
1570the To: or Cc: header lines, thus detecting blind carbon copies.
1571
1572There are two ways of scanning that could be used: either scan the header lines
1573and tick off the recipients, or scan the recipients and check the header lines.
1574The original proposed patch did the former, but I have chosen to do the latter,
1575because (a) it requires no memory and (b) will use fewer resources when there
1576are many addresses in To: and/or Cc: and only one or two envelope recipients.
1577
1578Arguments: none
1579Returns: OK if there are no blind recipients
1580 FAIL if there is at least one blind recipient
1581*/
1582
1583int
1584verify_check_notblind(void)
1585{
1586int i;
1587for (i = 0; i < recipients_count; i++)
1588 {
1589 header_line *h;
1590 BOOL found = FALSE;
1591 uschar *address = recipients_list[i].address;
1592
1593 for (h = header_list; !found && h != NULL; h = h->next)
1594 {
1595 uschar *colon, *s;
1596
1597 if (h->type != htype_to && h->type != htype_cc) continue;
1598
1599 colon = Ustrchr(h->text, ':');
1600 s = colon + 1;
1601 while (isspace(*s)) s++;
1602
1eccaa59
PH		 1603 /* Loop for multiple addresses in the header, enabling group syntax. Note
1604 that we have to reset this after the header has been scanned. */
1c41c9cc 1605
1eccaa59 1606 parse_allow_group = TRUE;
1c41c9cc
PH		 1607
1608 while (*s != 0)
1609 {
1610 uschar *ss = parse_find_address_end(s, FALSE);
1611 uschar *recipient,*errmess;
1612 int terminator = *ss;
1613 int start, end, domain;
1614
1615 /* Temporarily terminate the string at this point, and extract the
1eccaa59 1616 operative address within, allowing group syntax. */
1c41c9cc
PH		 1617
1618 *ss = 0;
1619 recipient = parse_extract_address(s,&errmess,&start,&end,&domain,FALSE);
1620 *ss = terminator;
1621
1622 /* If we found a valid recipient that has a domain, compare it with the
1623 envelope recipient. Local parts are compared case-sensitively, domains
1624 case-insensitively. By comparing from the start with length "domain", we
1625 include the "@" at the end, which ensures that we are comparing the whole
1626 local part of each address. */
1627
1628 if (recipient != NULL && domain != 0)
1629 {
1630 found = Ustrncmp(recipient, address, domain) == 0 &&
1631 strcmpic(recipient + domain, address + domain) == 0;
1632 if (found) break;
1633 }
1634
1635 /* Advance to the next address */
1636
1637 s = ss + (terminator? 1:0);
1638 while (isspace(*s)) s++;
1639 } /* Next address */
1eccaa59
PH		 1640
1641 parse_allow_group = FALSE;
1642 parse_found_group = FALSE;
1c41c9cc
PH		 1643 } /* Next header (if found is false) */
1644
1645 if (!found) return FAIL;
1646 } /* Next recipient */
1647
1648return OK;
1649}
1650
1651
059ec3d9
PH		 1652
1653/*************************************************
1654* Find if verified sender *
1655*************************************************/
1656
1657/* Usually, just a single address is verified as the sender of the message.
1658However, Exim can be made to verify other addresses as well (often related in
1659some way), and this is useful in some environments. There may therefore be a
1660chain of such addresses that have previously been tested. This function finds
1661whether a given address is on the chain.
1662
1663Arguments: the address to be verified
1664Returns: pointer to an address item, or NULL
1665*/
1666
1667address_item *
1668verify_checked_sender(uschar *sender)
1669{
1670address_item *addr;
1671for (addr = sender_verified_list; addr != NULL; addr = addr->next)
1672 if (Ustrcmp(sender, addr->address) == 0) break;
1673return addr;
1674}
1675
1676
1677
1678
1679
1680/*************************************************
1681* Get valid header address *
1682*************************************************/
1683
1684/* Scan the originator headers of the message, looking for an address that
1685verifies successfully. RFC 822 says:
1686
1687 o The "Sender" field mailbox should be sent notices of
1688 any problems in transport or delivery of the original
1689 messages. If there is no "Sender" field, then the
1690 "From" field mailbox should be used.
1691
1692 o If the "Reply-To" field exists, then the reply should
1693 go to the addresses indicated in that field and not to
1694 the address(es) indicated in the "From" field.
1695
1696So we check a Sender field if there is one, else a Reply_to field, else a From
1697field. As some strange messages may have more than one of these fields,
1698especially if they are resent- fields, check all of them if there is more than
1699one.
1700
1701Arguments:
1702 user_msgptr points to where to put a user error message
1703 log_msgptr points to where to put a log error message
1704 callout timeout for callout check (passed to verify_address())
1705 callout_overall overall callout timeout (ditto)
8e669ac1 1706 callout_connect connect callout timeout (ditto)
059ec3d9
PH		 1707 se_mailfrom mailfrom for verify; NULL => ""
1708 pm_mailfrom sender for pm callout check (passed to verify_address())
1709 options callout options (passed to verify_address())
8e669ac1 1710 verrno where to put the address basic_errno
059ec3d9
PH		 1711
1712If log_msgptr is set to something without setting user_msgptr, the caller
1713normally uses log_msgptr for both things.
1714
1715Returns: result of the verification attempt: OK, FAIL, or DEFER;
1716 FAIL is given if no appropriate headers are found
1717*/
1718
1719int
1720verify_check_header_address(uschar **user_msgptr, uschar **log_msgptr,
8e669ac1 1721 int callout, int callout_overall, int callout_connect, uschar *se_mailfrom,
fe5b5d0b 1722 uschar *pm_mailfrom, int options, int *verrno)
059ec3d9
PH		 1723{
1724static int header_types[] = { htype_sender, htype_reply_to, htype_from };
1eccaa59 1725BOOL done = FALSE;
059ec3d9
PH		 1726int yield = FAIL;
1727int i;
1728
1eccaa59 1729for (i = 0; i < 3 && !done; i++)
059ec3d9
PH		 1730 {
1731 header_line *h;
1eccaa59 1732 for (h = header_list; h != NULL && !done; h = h->next)
059ec3d9
PH		 1733 {
1734 int terminator, new_ok;
1735 uschar *s, *ss, *endname;
1736
1737 if (h->type != header_types[i]) continue;
1738 s = endname = Ustrchr(h->text, ':') + 1;
1739
1eccaa59
PH		 1740 /* Scan the addresses in the header, enabling group syntax. Note that we
1741 have to reset this after the header has been scanned. */
1742
1743 parse_allow_group = TRUE;
1744
059ec3d9
PH		 1745 while (*s != 0)
1746 {
1747 address_item *vaddr;
1748
1749 while (isspace(*s) || *s == ',') s++;
1750 if (*s == 0) break; /* End of header */
1751
1752 ss = parse_find_address_end(s, FALSE);
1753
1754 /* The terminator is a comma or end of header, but there may be white
1755 space preceding it (including newline for the last address). Move back
1756 past any white space so we can check against any cached envelope sender
1757 address verifications. */
1758
1759 while (isspace(ss[-1])) ss--;
1760 terminator = *ss;
1761 *ss = 0;
1762
1763 HDEBUG(D_verify) debug_printf("verifying %.*s header address %s\n",
1764 (int)(endname - h->text), h->text, s);
1765
1766 /* See if we have already verified this address as an envelope sender,
1767 and if so, use the previous answer. */
1768
1769 vaddr = verify_checked_sender(s);
1770
1771 if (vaddr != NULL && /* Previously checked */
1772 (callout <= 0 || /* No callout needed; OR */
1773 vaddr->special_action > 256)) /* Callout was done */
1774 {
1775 new_ok = vaddr->special_action & 255;
1776 HDEBUG(D_verify) debug_printf("previously checked as envelope sender\n");
1777 *ss = terminator; /* Restore shortened string */
1778 }
1779
1780 /* Otherwise we run the verification now. We must restore the shortened
1781 string before running the verification, so the headers are correct, in
1782 case there is any rewriting. */
1783
1784 else
1785 {
1786 int start, end, domain;
1eccaa59
PH		 1787 uschar *address = parse_extract_address(s, log_msgptr, &start, &end,
1788 &domain, FALSE);
059ec3d9
PH		 1789
1790 *ss = terminator;
1791
1eccaa59
PH		 1792 /* If we found an empty address, just carry on with the next one, but
1793 kill the message. */
1794
1795 if (address == NULL && Ustrcmp(*log_msgptr, "empty address") == 0)
1796 {
1797 *log_msgptr = NULL;
1798 s = ss;
1799 continue;
1800 }
1801
059ec3d9
PH		 1802 /* If verification failed because of a syntax error, fail this
1803 function, and ensure that the failing address gets added to the error
1804 message. */
1805
1806 if (address == NULL)
1807 {
1808 new_ok = FAIL;
1eccaa59
PH		 1809 while (ss > s && isspace(ss[-1])) ss--;
1810 *log_msgptr = string_sprintf("syntax error in '%.*s' header when "
1811 "scanning for sender: %s in \"%.*s\"",
1812 endname - h->text, h->text, *log_msgptr, ss - s, s);
1813 yield = FAIL;
1814 done = TRUE;
1815 break;
059ec3d9
PH		 1816 }
1817
2f6603e1 1818 /* Else go ahead with the sender verification. But it isn't *the*
059ec3d9
PH		 1819 sender of the message, so set vopt_fake_sender to stop sender_address
1820 being replaced after rewriting or qualification. */
1821
1822 else
1823 {
1824 vaddr = deliver_make_addr(address, FALSE);
1825 new_ok = verify_address(vaddr, NULL, options | vopt_fake_sender,
8e669ac1 1826 callout, callout_overall, callout_connect, se_mailfrom,
4deaf07d 1827 pm_mailfrom, NULL);
059ec3d9
PH		 1828 }
1829 }
1830
1831 /* We now have the result, either newly found, or cached. If we are
1832 giving out error details, set a specific user error. This means that the
1833 last of these will be returned to the user if all three fail. We do not
1834 set a log message - the generic one below will be used. */
1835
fe5b5d0b 1836 if (new_ok != OK)
059ec3d9 1837 {
8e669ac1 1838 *verrno = vaddr->basic_errno;
fe5b5d0b
PH		 1839 if (smtp_return_error_details)
1840 {
1841 *user_msgptr = string_sprintf("Rejected after DATA: "
1842 "could not verify \"%.*s\" header address\n%s: %s",
1843 endname - h->text, h->text, vaddr->address, vaddr->message);
1844 }
8e669ac1 1845 }
059ec3d9
PH		 1846
1847 /* Success or defer */
1848
1eccaa59
PH		 1849 if (new_ok == OK)
1850 {
1851 yield = OK;
1852 done = TRUE;
1853 break;
1854 }
1855
059ec3d9
PH		 1856 if (new_ok == DEFER) yield = DEFER;
1857
1858 /* Move on to any more addresses in the header */
1859
1860 s = ss;
1eccaa59
PH		 1861 } /* Next address */
1862
1863 parse_allow_group = FALSE;
1864 parse_found_group = FALSE;
1865 } /* Next header, unless done */
1866 } /* Next header type unless done */
059ec3d9
PH		 1867
1868if (yield == FAIL && *log_msgptr == NULL)
1869 *log_msgptr = US"there is no valid sender in any header line";
1870
1871if (yield == DEFER && *log_msgptr == NULL)
1872 *log_msgptr = US"all attempts to verify a sender in a header line deferred";
1873
1874return yield;
1875}
1876
1877
1878
1879
1880/*************************************************
1881* Get RFC 1413 identification *
1882*************************************************/
1883
1884/* Attempt to get an id from the sending machine via the RFC 1413 protocol. If
1885the timeout is set to zero, then the query is not done. There may also be lists
1886of hosts and nets which are exempt. To guard against malefactors sending
1887non-printing characters which could, for example, disrupt a message's headers,
1888make sure the string consists of printing characters only.
1889
1890Argument:
1891 port the port to connect to; usually this is IDENT_PORT (113), but when
1892 running in the test harness with -bh a different value is used.
1893
1894Returns: nothing
1895
1896Side effect: any received ident value is put in sender_ident (NULL otherwise)
1897*/
1898
1899void
1900verify_get_ident(int port)
1901{
1902int sock, host_af, qlen;
1903int received_sender_port, received_interface_port, n;
1904uschar *p;
1905uschar buffer[2048];
1906
1907/* Default is no ident. Check whether we want to do an ident check for this
1908host. */
1909
1910sender_ident = NULL;
1911if (rfc1413_query_timeout <= 0 || verify_check_host(&rfc1413_hosts) != OK)
1912 return;
1913
1914DEBUG(D_ident) debug_printf("doing ident callback\n");
1915
1916/* Set up a connection to the ident port of the remote host. Bind the local end
1917to the incoming interface address. If the sender host address is an IPv6
1918address, the incoming interface address will also be IPv6. */
1919
1920host_af = (Ustrchr(sender_host_address, ':') == NULL)? AF_INET : AF_INET6;
1921sock = ip_socket(SOCK_STREAM, host_af);
1922if (sock < 0) return;
1923
1924if (ip_bind(sock, host_af, interface_address, 0) < 0)
1925 {
1926 DEBUG(D_ident) debug_printf("bind socket for ident failed: %s\n",
1927 strerror(errno));
1928 goto END_OFF;
1929 }
1930
1931if (ip_connect(sock, host_af, sender_host_address, port, rfc1413_query_timeout)
1932 < 0)
1933 {
1934 if (errno == ETIMEDOUT && (log_extra_selector & LX_ident_timeout) != 0)
1935 {
1936 log_write(0, LOG_MAIN, "ident connection to %s timed out",
1937 sender_host_address);
1938 }
1939 else
1940 {
1941 DEBUG(D_ident) debug_printf("ident connection to %s failed: %s\n",
1942 sender_host_address, strerror(errno));
1943 }
1944 goto END_OFF;
1945 }
1946
1947/* Construct and send the query. */
1948
1949sprintf(CS buffer, "%d , %d\r\n", sender_host_port, interface_port);
1950qlen = Ustrlen(buffer);
1951if (send(sock, buffer, qlen, 0) < 0)
1952 {
1953 DEBUG(D_ident) debug_printf("ident send failed: %s\n", strerror(errno));
1954 goto END_OFF;
1955 }
1956
1957/* Read a response line. We put it into the rest of the buffer, using several
1958recv() calls if necessary. */
1959
1960p = buffer + qlen;
1961
1962for (;;)
1963 {
1964 uschar *pp;
1965 int count;
1966 int size = sizeof(buffer) - (p - buffer);
1967
1968 if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
1969 count = ip_recv(sock, p, size, rfc1413_query_timeout);
1970 if (count <= 0) goto END_OFF; /* Read error or EOF */
1971
1972 /* Scan what we just read, to see if we have reached the terminating \r\n. Be
1973 generous, and accept a plain \n terminator as well. The only illegal
1974 character is 0. */
1975
1976 for (pp = p; pp < p + count; pp++)
1977 {
1978 if (*pp == 0) goto END_OFF; /* Zero octet not allowed */
1979 if (*pp == '\n')
1980 {
1981 if (pp[-1] == '\r') pp--;
1982 *pp = 0;
1983 goto GOT_DATA; /* Break out of both loops */
1984 }
1985 }
1986
1987 /* Reached the end of the data without finding \n. Let the loop continue to
1988 read some more, if there is room. */
1989
1990 p = pp;
1991 }
1992
1993GOT_DATA:
1994
1995/* We have received a line of data. Check it carefully. It must start with the
1996same two port numbers that we sent, followed by data as defined by the RFC. For
1997example,
1998
1999 12345 , 25 : USERID : UNIX :root
2000
2001However, the amount of white space may be different to what we sent. In the
2002"osname" field there may be several sub-fields, comma separated. The data we
2003actually want to save follows the third colon. Some systems put leading spaces
2004in it - we discard those. */
2005
2006if (sscanf(CS buffer + qlen, "%d , %d%n", &received_sender_port,
2007 &received_interface_port, &n) != 2 ||
2008 received_sender_port != sender_host_port ||
2009 received_interface_port != interface_port)
2010 goto END_OFF;
2011
2012p = buffer + qlen + n;
2013while(isspace(*p)) p++;
2014if (*p++ != ':') goto END_OFF;
2015while(isspace(*p)) p++;
2016if (Ustrncmp(p, "USERID", 6) != 0) goto END_OFF;
2017p += 6;
2018while(isspace(*p)) p++;
2019if (*p++ != ':') goto END_OFF;
2020while (*p != 0 && *p != ':') p++;
2021if (*p++ == 0) goto END_OFF;
2022while(isspace(*p)) p++;
2023if (*p == 0) goto END_OFF;
2024
2025/* The rest of the line is the data we want. We turn it into printing
2026characters when we save it, so that it cannot mess up the format of any logging
2027or Received: lines into which it gets inserted. We keep a maximum of 127
2028characters. */
2029
2030sender_ident = string_printing(string_copyn(p, 127));
2031DEBUG(D_ident) debug_printf("sender_ident = %s\n", sender_ident);
2032
2033END_OFF:
f1e894f3 2034(void)close(sock);
059ec3d9
PH		 2035return;
2036}
2037
2038
2039
2040
2041/*************************************************
2042* Match host to a single host-list item *
2043*************************************************/
2044
2045/* This function compares a host (name or address) against a single item
2046from a host list. The host name gets looked up if it is needed and is not
2047already known. The function is called from verify_check_this_host() via
2048match_check_list(), which is why most of its arguments are in a single block.
2049
2050Arguments:
2051 arg the argument block (see below)
2052 ss the host-list item
2053 valueptr where to pass back looked up data, or NULL
2054 error for error message when returning ERROR
2055
2056The block contains:
32d668a5
PH		 2057 host_name (a) the host name, or
2058 (b) NULL, implying use sender_host_name and
2059 sender_host_aliases, looking them up if required, or
2060 (c) the empty string, meaning that only IP address matches
2061 are permitted
059ec3d9
PH		 2062 host_address the host address
2063 host_ipv4 the IPv4 address taken from an IPv6 one
2064
2065Returns: OK matched
2066 FAIL did not match
2067 DEFER lookup deferred
32d668a5
PH		 2068 ERROR (a) failed to find the host name or IP address, or
2069 (b) unknown lookup type specified, or
2070 (c) host name encountered when only IP addresses are
2071 being matched
059ec3d9
PH		 2072*/
2073
32d668a5 2074int
059ec3d9
PH		 2075check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
2076{
2077check_host_block *cb = (check_host_block *)arg;
32d668a5 2078int mlen = -1;
059ec3d9 2079int maskoffset;
32d668a5 2080BOOL iplookup = FALSE;
059ec3d9 2081BOOL isquery = FALSE;
32d668a5 2082BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
1688f43b 2083uschar *t;
32d668a5 2084uschar *semicolon;
059ec3d9
PH		 2085uschar **aliases;
2086
2087/* Optimize for the special case when the pattern is "*". */
2088
2089if (*ss == '*' && ss[1] == 0) return OK;
2090
2091/* If the pattern is empty, it matches only in the case when there is no host -
2092this can occur in ACL checking for SMTP input using the -bs option. In this
2093situation, the host address is the empty string. */
2094
2095if (cb->host_address[0] == 0) return (*ss == 0)? OK : FAIL;
2096if (*ss == 0) return FAIL;
2097
32d668a5
PH		 2098/* If the pattern is precisely "@" then match against the primary host name,
2099provided that host name matching is permitted; if it's "@[]" match against the
2100local host's IP addresses. */
059ec3d9
PH		 2101
2102if (*ss == '@')
2103 {
32d668a5
PH		 2104 if (ss[1] == 0)
2105 {
2106 if (isiponly) return ERROR;
2107 ss = primary_hostname;
2108 }
059ec3d9
PH		 2109 else if (Ustrcmp(ss, "@[]") == 0)
2110 {
2111 ip_address_item *ip;
2112 for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
2113 if (Ustrcmp(ip->address, cb->host_address) == 0) return OK;
2114 return FAIL;
2115 }
2116 }
2117
2118/* If the pattern is an IP address, optionally followed by a bitmask count, do
2119a (possibly masked) comparision with the current IP address. */
2120
7e66e54d 2121if (string_is_ip_address(ss, &maskoffset) != 0)
059ec3d9
PH		 2122 return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
2123
1688f43b
PH		 2124/* The pattern is not an IP address. A common error that people make is to omit
2125one component of an IPv4 address, either by accident, or believing that, for
2126example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
2127which it isn't. (Those applications that do accept 1.2.3 as an IP address
2128interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
2129ancient specification.) To aid in debugging these cases, we give a specific
2130error if the pattern contains only digits and dots or contains a slash preceded
2131only by digits and dots (a slash at the start indicates a file name and of
2132course slashes may be present in lookups, but not preceded only by digits and
2133dots). */
2134
2135for (t = ss; isdigit(*t) || *t == '.'; t++);
2136if (*t == 0 || (*t == '/' && t != ss))
2137 {
2138 *error = US"malformed IPv4 address or address mask";
2139 return ERROR;
2140 }
2141
32d668a5 2142/* See if there is a semicolon in the pattern */
059ec3d9 2143
32d668a5
PH		 2144semicolon = Ustrchr(ss, ';');
2145
2146/* If we are doing an IP address only match, then all lookups must be IP
df199fec 2147address lookups, even if there is no "net-". */
32d668a5
PH		 2148
2149if (isiponly)
059ec3d9 2150 {
32d668a5
PH		 2151 iplookup = semicolon != NULL;
2152 }
059ec3d9 2153
32d668a5 2154/* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
df199fec
PH		 2155a lookup on a masked IP network, in textual form. We obey this code even if we
2156have already set iplookup, so as to skip over the "net-" prefix and to set the
2157mask length. The net- stuff really only applies to single-key lookups where the
2158key is implicit. For query-style lookups the key is specified in the query.
2159From release 4.30, the use of net- for query style is no longer needed, but we
2160retain it for backward compatibility. */
2161
2162if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
32d668a5
PH		 2163 {
2164 mlen = 0;
2165 for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
2166 if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
2167 iplookup = (*t++ == '-');
2168 }
1688f43b 2169else t = ss;
059ec3d9 2170
32d668a5 2171/* Do the IP address lookup if that is indeed what we have */
059ec3d9 2172
32d668a5
PH		 2173if (iplookup)
2174 {
2175 int insize;
2176 int search_type;
2177 int incoming[4];
2178 void *handle;
2179 uschar *filename, *key, *result;
2180 uschar buffer[64];
059ec3d9 2181
32d668a5 2182 /* Find the search type */
059ec3d9 2183
32d668a5 2184 search_type = search_findtype(t, semicolon - t);
059ec3d9 2185
32d668a5
PH		 2186 if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2187 search_error_message);
059ec3d9 2188
13b685f9
PH		 2189 /* Adjust parameters for the type of lookup. For a query-style lookup, there
2190 is no file name, and the "key" is just the query. For query-style with a file
2191 name, we have to fish the file off the start of the query. For a single-key
2192 lookup, the key is the current IP address, masked appropriately, and
2193 reconverted to text form, with the mask appended. For IPv6 addresses, specify
2194 dot separators instead of colons. */
059ec3d9 2195
13b685f9
PH		 2196 if (mac_islookup(search_type, lookup_absfilequery))
2197 {
2198 filename = semicolon + 1;
2199 key = filename;
2200 while (*key != 0 && !isspace(*key)) key++;
2201 filename = string_copyn(filename, key - filename);
2202 while (isspace(*key)) key++;
2203 }
2204 else if (mac_islookup(search_type, lookup_querystyle))
32d668a5
PH		 2205 {
2206 filename = NULL;
2207 key = semicolon + 1;
2208 }
2209 else
2210 {
2211 insize = host_aton(cb->host_address, incoming);
2212 host_mask(insize, incoming, mlen);
2213 (void)host_nmtoa(insize, incoming, mlen, buffer, '.');
2214 key = buffer;
2215 filename = semicolon + 1;
059ec3d9 2216 }
32d668a5
PH		 2217
2218 /* Now do the actual lookup; note that there is no search_close() because
2219 of the caching arrangements. */
2220
2221 handle = search_open(filename, search_type, 0, NULL, NULL);
2222 if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
2223 search_error_message);
2224 result = search_find(handle, filename, key, -1, NULL, 0, 0, NULL);
2225 if (valueptr != NULL) *valueptr = result;
2226 return (result != NULL)? OK : search_find_defer? DEFER: FAIL;
059ec3d9
PH		 2227 }
2228
2229/* The pattern is not an IP address or network reference of any kind. That is,
32d668a5
PH		 2230it is a host name pattern. If this is an IP only match, there's an error in the
2231host list. */
2232
2233if (isiponly)
2234 {
2235 *error = US"cannot match host name in match_ip list";
2236 return ERROR;
2237 }
2238
2239/* Check the characters of the pattern to see if they comprise only letters,
2240digits, full stops, and hyphens (the constituents of domain names). Allow
2241underscores, as they are all too commonly found. Sigh. Also, if
2242allow_utf8_domains is set, allow top-bit characters. */
059ec3d9
PH		 2243
2244for (t = ss; *t != 0; t++)
2245 if (!isalnum(*t) && *t != '.' && *t != '-' && *t != '_' &&
2246 (!allow_utf8_domains || *t < 128)) break;
2247
2248/* If the pattern is a complete domain name, with no fancy characters, look up
2249its IP address and match against that. Note that a multi-homed host will add
2250items to the chain. */
2251
2252if (*t == 0)
2253 {
2254 int rc;
2255 host_item h;
2256 h.next = NULL;
2257 h.name = ss;
2258 h.address = NULL;
2259 h.mx = MX_NONE;
9b8fadde 2260
322050c2 2261 rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
059ec3d9
PH		 2262 if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
2263 {
2264 host_item *hh;
2265 for (hh = &h; hh != NULL; hh = hh->next)
2266 {
96776534 2267 if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
059ec3d9
PH		 2268 }
2269 return FAIL;
2270 }
2271 if (rc == HOST_FIND_AGAIN) return DEFER;
2272 *error = string_sprintf("failed to find IP address for %s", ss);
2273 return ERROR;
2274 }
2275
2276/* Almost all subsequent comparisons require the host name, and can be done
2277using the general string matching function. When this function is called for
2278outgoing hosts, the name is always given explicitly. If it is NULL, it means we
2279must use sender_host_name and its aliases, looking them up if necessary. */
2280
2281if (cb->host_name != NULL) /* Explicit host name given */
2282 return match_check_string(cb->host_name, ss, -1, TRUE, TRUE, TRUE,
2283 valueptr);
2284
2285/* Host name not given; in principle we need the sender host name and its
2286aliases. However, for query-style lookups, we do not need the name if the
2287query does not contain $sender_host_name. From release 4.23, a reference to
2288$sender_host_name causes it to be looked up, so we don't need to do the lookup
2289on spec. */
2290
2291if ((semicolon = Ustrchr(ss, ';')) != NULL)
2292 {
2293 uschar *affix;
2294 int partial, affixlen, starflags, id;
2295
2296 *semicolon = 0;
2297 id = search_findtype_partial(ss, &partial, &affix, &affixlen, &starflags);
2298 *semicolon=';';
2299
2300 if (id < 0) /* Unknown lookup type */
2301 {
2302 log_write(0, LOG_MAIN|LOG_PANIC, "%s in host list item \"%s\"",
2303 search_error_message, ss);
2304 return DEFER;
2305 }
13b685f9 2306 isquery = mac_islookup(id, lookup_querystyle|lookup_absfilequery);
059ec3d9
PH		 2307 }
2308
2309if (isquery)
2310 {
2311 switch(match_check_string(US"", ss, -1, TRUE, TRUE, TRUE, valueptr))
2312 {
2313 case OK: return OK;
2314 case DEFER: return DEFER;
2315 default: return FAIL;
2316 }
2317 }
2318
2319/* Not a query-style lookup; must ensure the host name is present, and then we
2320do a check on the name and all its aliases. */
2321
2322if (sender_host_name == NULL)
2323 {
2324 HDEBUG(D_host_lookup)
2325 debug_printf("sender host name required, to match against %s\n", ss);
2326 if (host_lookup_failed || host_name_lookup() != OK)
2327 {
2328 *error = string_sprintf("failed to find host name for %s",
2329 sender_host_address);;
2330 return ERROR;
2331 }
2332 host_build_sender_fullhost();
2333 }
2334
2335/* Match on the sender host name, using the general matching function */
2336
2337switch(match_check_string(sender_host_name, ss, -1, TRUE, TRUE, TRUE,
2338 valueptr))
2339 {
2340 case OK: return OK;
2341 case DEFER: return DEFER;
2342 }
2343
2344/* If there are aliases, try matching on them. */
2345
2346aliases = sender_host_aliases;
2347while (*aliases != NULL)
2348 {
2349 switch(match_check_string(*aliases++, ss, -1, TRUE, TRUE, TRUE, valueptr))
2350 {
2351 case OK: return OK;
2352 case DEFER: return DEFER;
2353 }
2354 }
2355return FAIL;
2356}
2357
2358
2359
2360
2361/*************************************************
2362* Check a specific host matches a host list *
2363*************************************************/
2364
2365/* This function is passed a host list containing items in a number of
2366different formats and the identity of a host. Its job is to determine whether
2367the given host is in the set of hosts defined by the list. The host name is
2368passed as a pointer so that it can be looked up if needed and not already
2369known. This is commonly the case when called from verify_check_host() to check
2370an incoming connection. When called from elsewhere the host name should usually
2371be set.
2372
2373This function is now just a front end to match_check_list(), which runs common
2374code for scanning a list. We pass it the check_host() function to perform a
2375single test.
2376
2377Arguments:
2378 listptr pointer to the host list
2379 cache_bits pointer to cache for named lists, or NULL
2380 host_name the host name or NULL, implying use sender_host_name and
2381 sender_host_aliases, looking them up if required
2382 host_address the IP address
2383 valueptr if not NULL, data from a lookup is passed back here
2384
2385Returns: OK if the host is in the defined set
2386 FAIL if the host is not in the defined set,
2387 DEFER if a data lookup deferred (not a host lookup)
2388
2389If the host name was needed in order to make a comparison, and could not be
2390determined from the IP address, the result is FAIL unless the item
2391"+allow_unknown" was met earlier in the list, in which case OK is returned. */
2392
2393int
2394verify_check_this_host(uschar **listptr, unsigned int *cache_bits,
2395 uschar *host_name, uschar *host_address, uschar **valueptr)
2396{
d4eb88df 2397int rc;
059ec3d9 2398unsigned int *local_cache_bits = cache_bits;
d4eb88df 2399uschar *save_host_address = deliver_host_address;
059ec3d9
PH		 2400check_host_block cb;
2401cb.host_name = host_name;
2402cb.host_address = host_address;
2403
2404if (valueptr != NULL) *valueptr = NULL;
2405
2406/* If the host address starts off ::ffff: it is an IPv6 address in
2407IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2408addresses. */
2409
2410cb.host_ipv4 = (Ustrncmp(host_address, "::ffff:", 7) == 0)?
2411 host_address + 7 : host_address;
2412
8e669ac1
PH		 2413/* During the running of the check, put the IP address into $host_address. In
2414the case of calls from the smtp transport, it will already be there. However,
2415in other calls (e.g. when testing ignore_target_hosts), it won't. Just to be on
d4eb88df
PH		 2416the safe side, any existing setting is preserved, though as I write this
2417(November 2004) I can't see any cases where it is actually needed. */
2418
2419deliver_host_address = host_address;
2420rc = match_check_list(
2421 listptr, /* the list */
2422 0, /* separator character */
2423 &hostlist_anchor, /* anchor pointer */
2424 &local_cache_bits, /* cache pointer */
2425 check_host, /* function for testing */
2426 &cb, /* argument for function */
2427 MCL_HOST, /* type of check */
8e669ac1 2428 (host_address == sender_host_address)?
d4eb88df
PH		 2429 US"host" : host_address, /* text for debugging */
2430 valueptr); /* where to pass back data */
2431deliver_host_address = save_host_address;
8e669ac1 2432return rc;
059ec3d9
PH		 2433}
2434
2435
2436
2437
2438/*************************************************
2439* Check the remote host matches a list *
2440*************************************************/
2441
2442/* This is a front end to verify_check_this_host(), created because checking
2443the remote host is a common occurrence. With luck, a good compiler will spot
2444the tail recursion and optimize it. If there's no host address, this is
2445command-line SMTP input - check against an empty string for the address.
2446
2447Arguments:
2448 listptr pointer to the host list
2449
2450Returns: the yield of verify_check_this_host(),
2451 i.e. OK, FAIL, or DEFER
2452*/
2453
2454int
2455verify_check_host(uschar **listptr)
2456{
2457return verify_check_this_host(listptr, sender_host_cache, NULL,
2458 (sender_host_address == NULL)? US"" : sender_host_address, NULL);
2459}
2460
2461
2462
2463
2464
2465/*************************************************
2466* Invert an IP address for a DNS black list *
2467*************************************************/
2468
2469/*
2470Arguments:
2471 buffer where to put the answer
2472 address the address to invert
2473*/
2474
2475static void
2476invert_address(uschar *buffer, uschar *address)
2477{
2478int bin[4];
2479uschar *bptr = buffer;
2480
2481/* If this is an IPv4 address mapped into IPv6 format, adjust the pointer
2482to the IPv4 part only. */
2483
2484if (Ustrncmp(address, "::ffff:", 7) == 0) address += 7;
2485
2486/* Handle IPv4 address: when HAVE_IPV6 is false, the result of host_aton() is
2487always 1. */
2488
2489if (host_aton(address, bin) == 1)
2490 {
2491 int i;
2492 int x = bin[0];
2493 for (i = 0; i < 4; i++)
2494 {
2495 sprintf(CS bptr, "%d.", x & 255);
2496 while (*bptr) bptr++;
2497 x >>= 8;
2498 }
2499 }
2500
2501/* Handle IPv6 address. Actually, as far as I know, there are no IPv6 addresses
2502in any DNS black lists, and the format in which they will be looked up is
2503unknown. This is just a guess. */
2504
2505#if HAVE_IPV6
2506else
2507 {
2508 int i, j;
2509 for (j = 3; j >= 0; j--)
2510 {
2511 int x = bin[j];
2512 for (i = 0; i < 8; i++)
2513 {
2514 sprintf(CS bptr, "%x.", x & 15);
2515 while (*bptr) bptr++;
2516 x >>= 4;
2517 }
2518 }
2519 }
2520#endif
d6f6e0dc
PH		 2521
2522/* Remove trailing period -- this is needed so that both arbitrary
2523dnsbl keydomains and inverted addresses may be combined with the
2524same format string, "%s.%s" */
2525
2526*(--bptr) = 0;
059ec3d9
PH		 2527}
2528
2529
2530
0bcb2a0e
PH		 2531/*************************************************
2532* Perform a single dnsbl lookup *
2533*************************************************/
2534
d6f6e0dc
PH		 2535/* This function is called from verify_check_dnsbl() below. It is also called
2536recursively from within itself when domain and domain_txt are different
2537pointers, in order to get the TXT record from the alternate domain.
0bcb2a0e
PH		 2538
2539Arguments:
d6f6e0dc
PH		 2540 domain the outer dnsbl domain
2541 domain_txt alternate domain to lookup TXT record on success; when the
2542 same domain is to be used, domain_txt == domain (that is,
2543 the pointers must be identical, not just the text)
8e669ac1 2544 keydomain the current keydomain (for debug message)
d6f6e0dc
PH		 2545 prepend subdomain to lookup (like keydomain, but
2546 reversed if IP address)
2547 iplist the list of matching IP addresses, or NULL for "any"
8e669ac1 2548 bitmask true if bitmask matching is wanted
431b7361
PH		 2549 match_type condition for 'succeed' result
2550 0 => Any RR in iplist (=)
2551 1 => No RR in iplist (!=)
2552 2 => All RRs in iplist (==)
2553 3 => Some RRs not in iplist (!==)
2554 the two bits are defined as MT_NOT and MT_ALL
8e669ac1 2555 defer_return what to return for a defer
0bcb2a0e
PH		 2556
2557Returns: OK if lookup succeeded
2558 FAIL if not
2559*/
2560
2561static int
d6f6e0dc 2562one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
431b7361 2563 uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
d6f6e0dc 2564 int defer_return)
8e669ac1 2565{
0bcb2a0e
PH		 2566dns_answer dnsa;
2567dns_scan dnss;
2568tree_node *t;
2569dnsbl_cache_block *cb;
2570int old_pool = store_pool;
d6f6e0dc
PH		 2571uschar query[256]; /* DNS domain max length */
2572
2573/* Construct the specific query domainname */
2574
2575if (!string_format(query, sizeof(query), "%s.%s", prepend, domain))
2576 {
2577 log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
2578 "(ignored): %s...", query);
2579 return FAIL;
2580 }
0bcb2a0e
PH		 2581
2582/* Look for this query in the cache. */
2583
2584t = tree_search(dnsbl_cache, query);
2585
2586/* If not cached from a previous lookup, we must do a DNS lookup, and
2587cache the result in permanent memory. */
2588
2589if (t == NULL)
2590 {
2591 store_pool = POOL_PERM;
2592
2593 /* Set up a tree entry to cache the lookup */
2594
2595 t = store_get(sizeof(tree_node) + Ustrlen(query));
2596 Ustrcpy(t->name, query);
2597 t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block));
2598 (void)tree_insertnode(&dnsbl_cache, t);
2599
2600 /* Do the DNS loopup . */
2601
2602 HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
2603 cb->rc = dns_basic_lookup(&dnsa, query, T_A);
2604 cb->text_set = FALSE;
2605 cb->text = NULL;
2606 cb->rhs = NULL;
2607
2608 /* If the lookup succeeded, cache the RHS address. The code allows for
2609 more than one address - this was for complete generality and the possible
2610 use of A6 records. However, A6 records have been reduced to experimental
2611 status (August 2001) and may die out. So they may never get used at all,
2612 let alone in dnsbl records. However, leave the code here, just in case.
2613
2614 Quite apart from one A6 RR generating multiple addresses, there are DNS
2615 lists that return more than one A record, so we must handle multiple
2616 addresses generated in that way as well. */
2617
2618 if (cb->rc == DNS_SUCCEED)
2619 {
2620 dns_record *rr;
2621 dns_address **addrp = &(cb->rhs);
2622 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2623 rr != NULL;
2624 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2625 {
2626 if (rr->type == T_A)
2627 {
2628 dns_address *da = dns_address_from_rr(&dnsa, rr);
2629 if (da != NULL)
2630 {
2631 *addrp = da;
2632 while (da->next != NULL) da = da->next;
2633 addrp = &(da->next);
2634 }
2635 }
2636 }
2637
2638 /* If we didn't find any A records, change the return code. This can
2639 happen when there is a CNAME record but there are no A records for what
2640 it points to. */
2641
2642 if (cb->rhs == NULL) cb->rc = DNS_NODATA;
2643 }
2644
2645 store_pool = old_pool;
2646 }
2647
2648/* Previous lookup was cached */
2649
2650else
2651 {
2652 HDEBUG(D_dnsbl) debug_printf("using result of previous DNS lookup\n");
2653 cb = t->data.ptr;
2654 }
2655
2656/* We now have the result of the DNS lookup, either newly done, or cached
2657from a previous call. If the lookup succeeded, check against the address
2658list if there is one. This may be a positive equality list (introduced by
2659"="), a negative equality list (introduced by "!="), a positive bitmask
2660list (introduced by "&"), or a negative bitmask list (introduced by "!&").*/
2661
2662if (cb->rc == DNS_SUCCEED)
2663 {
2664 dns_address *da = NULL;
2665 uschar *addlist = cb->rhs->address;
2666
2667 /* For A and AAAA records, there may be multiple addresses from multiple
2668 records. For A6 records (currently not expected to be used) there may be
2669 multiple addresses from a single record. */
2670
2671 for (da = cb->rhs->next; da != NULL; da = da->next)
2672 addlist = string_sprintf("%s, %s", addlist, da->address);
2673
2674 HDEBUG(D_dnsbl) debug_printf("DNS lookup for %s succeeded (yielding %s)\n",
2675 query, addlist);
2676
2677 /* Address list check; this can be either for equality, or via a bitmask.
2678 In the latter case, all the bits must match. */
2679
2680 if (iplist != NULL)
2681 {
431b7361 2682 for (da = cb->rhs; da != NULL; da = da->next)
0bcb2a0e 2683 {
431b7361
PH		 2684 int ipsep = ',';
2685 uschar ip[46];
2686 uschar *ptr = iplist;
2687 uschar *res;
2688
0bcb2a0e 2689 /* Handle exact matching */
431b7361 2690
0bcb2a0e
PH		 2691 if (!bitmask)
2692 {
431b7361 2693 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e
PH		 2694 {
2695 if (Ustrcmp(CS da->address, ip) == 0) break;
2696 }
2697 }
431b7361 2698
0bcb2a0e 2699 /* Handle bitmask matching */
431b7361 2700
0bcb2a0e
PH		 2701 else
2702 {
2703 int address[4];
2704 int mask = 0;
2705
2706 /* At present, all known DNS blocking lists use A records, with
2707 IPv4 addresses on the RHS encoding the information they return. I
2708 wonder if this will linger on as the last vestige of IPv4 when IPv6
2709 is ubiquitous? Anyway, for now we use paranoia code to completely
2710 ignore IPv6 addresses. The default mask is 0, which always matches.
2711 We change this only for IPv4 addresses in the list. */
2712
431b7361 2713 if (host_aton(da->address, address) == 1) mask = address[0];
0bcb2a0e
PH		 2714
2715 /* Scan the returned addresses, skipping any that are IPv6 */
2716
431b7361 2717 while ((res = string_nextinlist(&ptr, &ipsep, ip, sizeof(ip))) != NULL)
0bcb2a0e 2718 {
431b7361
PH		 2719 if (host_aton(ip, address) != 1) continue;
2720 if ((address[0] & mask) == address[0]) break;
0bcb2a0e
PH		 2721 }
2722 }
2723
431b7361
PH		 2724 /* If either
2725
2726 (a) An IP address in an any ('=') list matched, or
2727 (b) No IP address in an all ('==') list matched
0bcb2a0e 2728
431b7361
PH		 2729 then we're done searching. */
2730
2731 if (((match_type & MT_ALL) != 0) == (res == NULL)) break;
0bcb2a0e
PH		 2732 }
2733
431b7361 2734 /* If da == NULL, either
0bcb2a0e 2735
431b7361
PH		 2736 (a) No IP address in an any ('=') list matched, or
2737 (b) An IP address in an all ('==') list didn't match
0bcb2a0e 2738
431b7361
PH		 2739 so behave as if the DNSBL lookup had not succeeded, i.e. the host is not on
2740 the list. */
0bcb2a0e 2741
431b7361 2742 if ((match_type == MT_NOT || match_type == MT_ALL) != (da == NULL))
0bcb2a0e
PH		 2743 {
2744 HDEBUG(D_dnsbl)
2745 {
431b7361
PH		 2746 uschar *res = NULL;
2747 switch(match_type)
2748 {
2749 case 0:
2750 res = US"was no match";
2751 break;
2752 case MT_NOT:
2753 res = US"was an exclude match";
2754 break;
2755 case MT_ALL:
2756 res = US"was an IP address that did not match";
2757 break;
2758 case MT_NOT|MT_ALL:
2759 res = US"were no IP addresses that did not match";
2760 break;
2761 }
0bcb2a0e 2762 debug_printf("=> but we are not accepting this block class because\n");
431b7361
PH		 2763 debug_printf("=> there %s for %s%c%s\n",
2764 res,
2765 ((match_type & MT_ALL) == 0)? "" : "=",
2766 bitmask? '&' : '=', iplist);
0bcb2a0e 2767 }
8e669ac1 2768 return FAIL;
0bcb2a0e
PH		 2769 }
2770 }
2771
d6f6e0dc
PH		 2772 /* Either there was no IP list, or the record matched, implying that the
2773 domain is on the list. We now want to find a corresponding TXT record. If an
2774 alternate domain is specified for the TXT record, call this function
2775 recursively to look that up; this has the side effect of re-checking that
2776 there is indeed an A record at the alternate domain. */
2777
2778 if (domain_txt != domain)
2779 return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
431b7361 2780 FALSE, match_type, defer_return);
d6f6e0dc
PH		 2781
2782 /* If there is no alternate domain, look up a TXT record in the main domain
2783 if it has not previously been cached. */
0bcb2a0e
PH		 2784
2785 if (!cb->text_set)
2786 {
2787 cb->text_set = TRUE;
2788 if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
2789 {
2790 dns_record *rr;
2791 for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
2792 rr != NULL;
2793 rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
2794 if (rr->type == T_TXT) break;
2795 if (rr != NULL)
2796 {
2797 int len = (rr->data)[0];
2798 if (len > 511) len = 127;
2799 store_pool = POOL_PERM;
2800 cb->text = string_sprintf("%.*s", len, (const uschar *)(rr->data+1));
2801 store_pool = old_pool;
2802 }
2803 }
2804 }
2805
2806 dnslist_value = addlist;
2807 dnslist_text = cb->text;
2808 return OK;
2809 }
2810
2811/* There was a problem with the DNS lookup */
2812
2813if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
2814 {
2815 log_write(L_dnslist_defer, LOG_MAIN,
2816 "DNS list lookup defer (probably timeout) for %s: %s", query,
2817 (defer_return == OK)? US"assumed in list" :
2818 (defer_return == FAIL)? US"assumed not in list" :
2819 US"returned DEFER");
2820 return defer_return;
2821 }
2822
2823/* No entry was found in the DNS; continue for next domain */
2824
2825HDEBUG(D_dnsbl)
2826 {
2827 debug_printf("DNS lookup for %s failed\n", query);
2828 debug_printf("=> that means %s is not listed at %s\n",
2829 keydomain, domain);
2830 }
2831
2832return FAIL;
2833}
2834
2835
2836
2837
059ec3d9
PH		 2838/*************************************************
2839* Check host against DNS black lists *
2840*************************************************/
2841
2842/* This function runs checks against a list of DNS black lists, until one
2843matches. Each item on the list can be of the form
2844
2845 domain=ip-address/key
2846
2847The domain is the right-most domain that is used for the query, for example,
2848blackholes.mail-abuse.org. If the IP address is present, there is a match only
2849if the DNS lookup returns a matching IP address. Several addresses may be
2850given, comma-separated, for example: x.y.z=127.0.0.1,127.0.0.2.
2851
2852If no key is given, what is looked up in the domain is the inverted IP address
2853of the current client host. If a key is given, it is used to construct the
d6f6e0dc 2854domain for the lookup. For example:
059ec3d9
PH		 2855
2856 dsn.rfc-ignorant.org/$sender_address_domain
2857
2858After finding a match in the DNS, the domain is placed in $dnslist_domain, and
2859then we check for a TXT record for an error message, and if found, save its
2860value in $dnslist_text. We also cache everything in a tree, to optimize
2861multiple lookups.
2862
d6f6e0dc
PH		 2863The TXT record is normally looked up in the same domain as the A record, but
2864when many lists are combined in a single DNS domain, this will not be a very
2865specific message. It is possible to specify a different domain for looking up
2866TXT records; this is given before the main domain, comma-separated. For
2867example:
2868
2869 dnslists = http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
2870 socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3
2871
2872The caching ensures that only one lookup in dnsbl.sorbs.net is done.
2873
059ec3d9
PH		 2874Note: an address for testing RBL is 192.203.178.39
2875Note: an address for testing DUL is 192.203.178.4
2876Note: a domain for testing RFCI is example.tld.dsn.rfc-ignorant.org
2877
2878Arguments:
2879 listptr the domain/address/data list
2880
2881Returns: OK successful lookup (i.e. the address is on the list), or
2882 lookup deferred after +include_unknown
2883 FAIL name not found, or no data found for the given type, or
2884 lookup deferred after +exclude_unknown (default)
2885 DEFER lookup failure, if +defer_unknown was set
2886*/
2887
2888int
2889verify_check_dnsbl(uschar **listptr)
2890{
2891int sep = 0;
2892int defer_return = FAIL;
059ec3d9
PH		 2893uschar *list = *listptr;
2894uschar *domain;
2895uschar *s;
2896uschar buffer[1024];
059ec3d9
PH		 2897uschar revadd[128]; /* Long enough for IPv6 address */
2898
2899/* Indicate that the inverted IP address is not yet set up */
2900
2901revadd[0] = 0;
2902
0bcb2a0e
PH		 2903/* In case this is the first time the DNS resolver is being used. */
2904
2905dns_init(FALSE, FALSE);
2906
059ec3d9
PH		 2907/* Loop through all the domains supplied, until something matches */
2908
2909while ((domain = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
2910 {
0bcb2a0e 2911 int rc;
059ec3d9 2912 BOOL bitmask = FALSE;
431b7361 2913 int match_type = 0;
d6f6e0dc
PH		 2914 uschar *domain_txt;
2915 uschar *comma;
059ec3d9
PH		 2916 uschar *iplist;
2917 uschar *key;
059ec3d9
PH		 2918
2919 HDEBUG(D_dnsbl) debug_printf("DNS list check: %s\n", domain);
2920
2921 /* Deal with special values that change the behaviour on defer */
2922
2923 if (domain[0] == '+')
2924 {
2925 if (strcmpic(domain, US"+include_unknown") == 0) defer_return = OK;
2926 else if (strcmpic(domain, US"+exclude_unknown") == 0) defer_return = FAIL;
2927 else if (strcmpic(domain, US"+defer_unknown") == 0) defer_return = DEFER;
2928 else
2929 log_write(0, LOG_MAIN|LOG_PANIC, "unknown item in dnslist (ignored): %s",
2930 domain);
2931 continue;
2932 }
2933
2934 /* See if there's explicit data to be looked up */
2935
2936 key = Ustrchr(domain, '/');
2937 if (key != NULL) *key++ = 0;
2938
2939 /* See if there's a list of addresses supplied after the domain name. This is
431b7361
PH		 2940 introduced by an = or a & character; if preceded by = we require all matches
2941 and if preceded by ! we invert the result. */
059ec3d9
PH		 2942
2943 iplist = Ustrchr(domain, '=');
2944 if (iplist == NULL)
2945 {
2946 bitmask = TRUE;
2947 iplist = Ustrchr(domain, '&');
2948 }
2949
431b7361 2950 if (iplist != NULL) /* Found either = or & */
059ec3d9 2951 {
431b7361 2952 if (iplist > domain && iplist[-1] == '!') /* Handle preceding ! */
059ec3d9 2953 {
431b7361 2954 match_type |= MT_NOT;
059ec3d9
PH		 2955 iplist[-1] = 0;
2956 }
431b7361
PH		 2957
2958 *iplist++ = 0; /* Terminate domain, move on */
2959
2960 /* If we found = (bitmask == FALSE), check for == or =& */
2961
2962 if (!bitmask && (*iplist == '=' || *iplist == '&'))
2963 {
2964 bitmask = *iplist++ == '&';
2965 match_type |= MT_ALL;
2966 }
059ec3d9
PH		 2967 }
2968
d6f6e0dc
PH		 2969 /* If there is a comma in the domain, it indicates that a second domain for
2970 looking up TXT records is provided, before the main domain. Otherwise we must
2971 set domain_txt == domain. */
2972
2973 domain_txt = domain;
2974 comma = Ustrchr(domain, ',');
2975 if (comma != NULL)
2976 {
2977 *comma++ = 0;
2978 domain = comma;
2979 }
2980
059ec3d9
PH		 2981 /* Check that what we have left is a sensible domain name. There is no reason
2982 why these domains should in fact use the same syntax as hosts and email
2983 domains, but in practice they seem to. However, there is little point in
2984 actually causing an error here, because that would no doubt hold up incoming
2985 mail. Instead, I'll just log it. */
2986
2987 for (s = domain; *s != 0; s++)
2988 {
2989 if (!isalnum(*s) && *s != '-' && *s != '.')
2990 {
2991 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
2992 "strange characters - is this right?", domain);
2993 break;
2994 }
2995 }
2996
d6f6e0dc
PH		 2997 /* Check the alternate domain if present */
2998
2999 if (domain_txt != domain) for (s = domain_txt; *s != 0; s++)
3000 {
3001 if (!isalnum(*s) && *s != '-' && *s != '.')
3002 {
3003 log_write(0, LOG_MAIN, "dnslists domain \"%s\" contains "
3004 "strange characters - is this right?", domain_txt);
3005 break;
3006 }
3007 }
3008
8e669ac1 3009 /* If there is no key string, construct the query by adding the domain name
0bcb2a0e 3010 onto the inverted host address, and perform a single DNS lookup. */
8e669ac1 3011
059ec3d9
PH		 3012 if (key == NULL)
3013 {
3014 if (sender_host_address == NULL) return FAIL; /* can never match */
3015 if (revadd[0] == 0) invert_address(revadd, sender_host_address);
d6f6e0dc 3016 rc = one_check_dnsbl(domain, domain_txt, sender_host_address, revadd,
431b7361 3017 iplist, bitmask, match_type, defer_return);
0bcb2a0e
PH		 3018 if (rc == OK)
3019 {
d6f6e0dc 3020 dnslist_domain = string_copy(domain_txt);
8e669ac1 3021 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3022 sender_host_address, dnslist_domain);
0bcb2a0e 3023 }
0bcb2a0e 3024 if (rc != FAIL) return rc; /* OK or DEFER */
059ec3d9 3025 }
8e669ac1
PH		 3026
3027 /* If there is a key string, it can be a list of domains or IP addresses to
0bcb2a0e 3028 be concatenated with the main domain. */
8e669ac1 3029
059ec3d9
PH		 3030 else
3031 {
0bcb2a0e 3032 int keysep = 0;
8e669ac1
PH		 3033 BOOL defer = FALSE;
3034 uschar *keydomain;
0bcb2a0e 3035 uschar keybuffer[256];
d6f6e0dc 3036 uschar keyrevadd[128];
8e669ac1
PH		 3037
3038 while ((keydomain = string_nextinlist(&key, &keysep, keybuffer,
0bcb2a0e 3039 sizeof(keybuffer))) != NULL)
8e669ac1 3040 {
d6f6e0dc
PH		 3041 uschar *prepend = keydomain;
3042
7e66e54d 3043 if (string_is_ip_address(keydomain, NULL) != 0)
059ec3d9 3044 {
0bcb2a0e 3045 invert_address(keyrevadd, keydomain);
d6f6e0dc 3046 prepend = keyrevadd;
059ec3d9 3047 }
8e669ac1 3048
d6f6e0dc 3049 rc = one_check_dnsbl(domain, domain_txt, keydomain, prepend, iplist,
431b7361 3050 bitmask, match_type, defer_return);
8e669ac1 3051
0bcb2a0e 3052 if (rc == OK)
059ec3d9 3053 {
d6f6e0dc 3054 dnslist_domain = string_copy(domain_txt);
8e669ac1 3055 HDEBUG(D_dnsbl) debug_printf("=> that means %s is listed at %s\n",
d6f6e0dc 3056 keydomain, dnslist_domain);
8e669ac1 3057 return OK;
059ec3d9 3058 }
8e669ac1 3059
c38d6da9
PH		 3060 /* If the lookup deferred, remember this fact. We keep trying the rest
3061 of the list to see if we get a useful result, and if we don't, we return
3062 DEFER at the end. */
059ec3d9 3063
c38d6da9 3064 if (rc == DEFER) defer = TRUE;
0bcb2a0e 3065 } /* continue with next keystring domain/address */
c38d6da9
PH		 3066
3067 if (defer) return DEFER;
8e669ac1 3068 }
0bcb2a0e 3069 } /* continue with next dnsdb outer domain */
059ec3d9
PH		 3070
3071return FAIL;
3072}
3073
3074/* End of verify.c */
Unnamed repository; edit this file 'description' to name the repository.